Feds back go slow approach on IPv6

IPv6 advocates looking for the U.S. federal government to make a major financial commitment to the next-generation of the Internet's main communications protocol will be disappointed with the findings of a new report from the Department of Commerce.

IPv6 advocates looking for the U.S. federal government to make a major financial commitment to the next-generation of the Internet’s main communications protocol will be disappointed with the findings of a new report from the Department of Commerce.

"Aggressive government action to accelerate the deployment of IPv6 by the private sector is not warranted at this time," according to the Commerce Department’s IPv6 Task Force, which consists of officials from the National Telecommunications and Information Administration (NTIA) and the National Institute of Standards and Technology (NIST).

The Commerce Department report found that "no substantial market barriers appear to exist that would prevent industry from investing in IPv6 products and services as its needs require or as consumers demand."

However, the report did hint at additional federal funding for IPv6-related research and development.

"The federal government will need to consider allocation of new resources and to work cooperatively with non-federal authorities and the private sector to address outstanding IPv6 research and development issues and to expedite the development of suitable deployment, coexistence and transition plans," the report says.

Developed by the IETF, IPv6 promises easier administration, tighter security and an enhanced addressing scheme when compared to IPv4, the Internet’s current protocol. IPv6, which uses a 128-bit addressing scheme, supports a virtually limitless number of uniquely identified systems on the 'Net, while IPv4 uses a 32-bit addressing scheme and supports only a few billion systems.

The Commerce Department’s IPv6 Task Force was created in response to a 2003 White House report on cyberspace security. The task force was charged with conducting a cost/benefit analysis on whether the transition to IPv6 should be accelerated to provide enhanced cyberspace security.

The task force’s report, entitled a "Technical and Economic Assessment of Internet Protocol Version 6," outlines the benefits of IPv6 including more address space, end-to-end security and easier network administration. Nonetheless, the report recommends a go-slow approach to federal agencies and enterprises looking to migrate to IPv6.

"Although IPv6 has the potential to produce significant benefits for U.S. businesses and consumers over time, the near-term benefits are less clear," the report states. "In the initial years of IPv6 deployment, network security will likely be no greater under the protocol than is currently available in IPv4 networks. Additional evidence suggests that premature adoption of IPv6…could result in unnecessary costs and reduced information technology security."

The Commerce Department report has many positive things to say about IPv6. Indeed, the report suggests the inevitability of IPv6 being deployed in most network hardware, operating systems and software within the next five years.

The report says that enterprises and government agencies will likely purchase IPv6-enabled gear during standard tech refresh cycles and move to the technology gradually rather than all at once. The report identifies many of the obstacles to IPv6 deployment including the huge installed base of IPv4 systems and the labor-intensive process of upgrading to IPv6.

"Large and midsized user organizations, such as corporations and government agencies, will likely incur greater costs," the report says. "The magnitude of those costs will depend on each user’s existing network infrastructure and operational policies, the extent to which their customer applications must be modified to adopt IPv6 and whether the user intends to connect to other organizations using IPv6."

The report includes a hypothetical case study designed to estimate the cost associated with an enterprise adopting IPv6. The report estimates it will cost the company nearly $1.8 million to transition to IPv6. This estimate is based on the company having eight core routers, 150 switches and four firewalls.

Existing Infrastructure Components and Annual Labor Expenses for Hypothetical Company A

Network ComponentNo. of UnitsAvg. Cost/UnitTotal Cost
Router8$15,000$120,000
Distribution Switches150$10,000$1,500,000
Firewall4$1,500$6,000
Network Specialist3$55,000$165,000/year
Training3$2,500$7,500/year
Total  $1,798,500

Source: RTI

The report concedes that most Internet experts believe IPv6-based networks will be technically superior to today’s IPv4 networks, with tighter security and support for new services that take advantages of the additional address space that IPv6 offers.

However, the report emphasizes the security risks of deploying mixed IPv4 and IPv6 environments during the transition to IPv6.

"Experts generally agree that implementing any new protocol, such as IPv6, will entail an initial period of increased security vulnerability," the report says. "Additional resources will be necessary to deal with new threats posed by a dual standard environment."

The report recommends that all organizations be prepared for IPv6 to appear on their networks and to create security plans and policies for dealing with IPv6 traffic during the years-long migration process.

For the first three to five years of IPv6 deployment, the user community "will likely see no better security than what can be realized in IPv4-only networks today," the report says. "More security holes will probably be found in IPv6 and its transition mechanisms than in IPv4. In the longer term, security may improve as a result of increased use of end-to-end security mechanisms."

The report concludes with a four-part strategy for the federal government to take towards IPv6. That strategy involves:

* Monitoring and analyzing trends in the global roll-out of IPv6.

* Conducting research on IPv6 and facilitating standardization.

* Supporting industry with test methodologies and test beds.

* Deploying IPv6 to meet internal government IT needs after adequate planning.

Editors' Picks
Join the discussion
Be the first to comment on this article. Our Commenting Policies