How feds are dropping the ball on IPv6

Six months shy of an IPv6 deadline, few agencies are running the new protocol

U.S. federal agencies have six months to meet a deadline to support IPv6, an upgrade to the Internet’s main communications protocol known as IPv4. But most agencies are not grabbing hold of the new technology and running with it, industry observers say.

U.S. federal agencies have six months to meet a deadline to support IPv6, an upgrade to the Internet's main communications protocol known as IPv4. But most agencies are not grabbing hold of the new technology and running with it, industry observers say.

Instead, most federal CIOs are doing the bare minimum required by law to meet the IPv6 mandate, and they aren't planning to use the new network protocol for the foreseeable future.

Throw in your opinion on one of our 50 biggest networking arguments - IPv4 vs. IPv6: A Classic Battle 

"The huge majority of federal networking is still going to be IPv4-based in June," predicts Doug Junkins, vice president of IP development for NTT America's Global IP Network business unit. NTT has offered commercial IPv6 services in the United States for five years.

Read related story: IPv6 vs. Y2K and GOSIP

"The vast majority of agencies will meet the mandate, but I don't think it's going to change how they operate their networks on a day-to-day basis," Junkins says. "They'll find the easiest way to meet the mandate. I don't think the mandate will be the driver for them to start using IPv6 on a regular basis."

Only 10% of federal agencies are buying services to run IPv6 traffic on their backbone networks, carriers estimate. The other 90% of federal agencies will likely meet the IPv6 mandate by upgrading their core routers to be IPv6 capable without running IPv6 traffic over them, carriers predict.

For the Office of Management and Budget (OMB) IPv6 mandate, agencies "didn't really have to deploy it. They only have to be capable of it," says Dave Siegel, director of data services product management at Global Crossing, which has one federal customer of its IPv6 service.

"To meet the OMB mandate, all they have to do is enable IPv6 on their backbone routers and then they get the check mark. And that’s nothing," agrees Diana Gowen, senior vice president and general manager of Qwest Government Services, which also has one federal IPv6 customer.

The main driver for the upgrade to IPv6 is the lack of address space in IPv4 (See a counter showing how much time is left before IPv4 addresses run out). IPv4 uses 32-bit addresses and supports 4 billion IP addresses. Because it uses 128-bit addresses, IPv6 can support a virtually limitless number of IP addresses. With IPv6, more devices can be connected directly to the Internet. IPv6 also promises to support new network management, mobility and security features.

Find out about ARIN's warning of IP address depletion 

The problem with OMB's IPv6 mandate, Siegel says, is not with federal CIOs but with IPv6 itself. He says IPv6 fails to offer enough benefits besides larger IP address space, which most U.S. federal agencies don't need.

Pie chart of dwindling IPv4 addresses

"There's nothing that you can get with IPv6 that you can't get with IPv4 in terms of access to information or sites. It's not like you get a huge improvement in performance," Siegel says. "Who in their right mind would want to implement it? The answer is people on the cutting edge, like research institutions or ISPs that sell to research institutions."

Read related story on one less reason to adopt IPv6 

This means the OMB's much-hyped June 30, 2008 deadline for federal agencies to adopt IPv6 could pass without a major increase in IPv6 traffic on federal networks.

"By this time next year, we’ll see a 10% increase in IPv6 traffic in North American carriers within the federal sector," predicts Jim Bound, chairman of the North American IPv6 Task Force and a Senior Hewlett-Packard Fellow. (Read our Q&A with IPv6 guru Jim Bound.)

"The IPv6 mandate is going to come and go, and people will operate their networks the same way until there is more of a motivating factor to move to IPv6, either because the rest of the world is moving to IPv6 or if there's some sort of technological change in IPv6 that offers some significant benefit," Junkins says.

It also means the federal IPv6 mandate will likely fail to spark a nationwide upgrade to IPv6 as the protocol's proponents once predicted.

"The OMB wanted the government to be the engine for the rest of the U.S. to adopt IPv6, particularly because of the benefits it offers in the security area," Gowen says. "But it's like so many things, people will find a way around it. They will satisfy the letter of the law but not its intent. This is another occasion where agencies will be compliant with the mandate, but has the OMB achieved its goal of pushing the new security features of IPv6? That’s the crying need."

Gowen adds that "the nation's networks are under attack from abroad, and that is the important thing. Maybe the mandate should have said that you had to implement IPv6 and its security features by some date."

OMB's IPv6 mandate

The current situation in the federal telecom market is a far cry from what IPv6 proponents had hoped would be the case at the dawn of 2008.

On Aug. 2, 2005, the OMB issued a memorandum directing all federal agencies to transition their network backbones to IPv6 by June 30, 2008. The mandate requires federal backbone networks to be capable of transmitting IPv4 and IPv6 traffic and supporting IPv4 and IPv6 addresses.

However, the OMB mandate doesn’t require agencies to turn IPv6 on or to use it by the end of June 2008. Agencies have to support IPv6 on their backbone networks only, not on their desktops or peripherals. Nor do their applications need to be IPv6-enabled by the target date.

Experts say the OMB mandate is easy to meet. Agencies must upgrade the software on their core routers to support IPv6 and then show they can carry IPv6 traffic through their service providers.

IPv6 is "almost a nonstory with our customers," says Susan Zeleniak, vice president of Verizon Federal. "We have a network that’s IPv6 capable so they can meet the requirement. They’ll worry about it when they worry about it."

"IPv6 isn’t where federal CIOs lose sleep. It’s security," adds Charles Lee, CTO for Verizon Federal.

Paul Girardi, engineering team lead for AT&T Government Solutions, says agencies have made progress on the IPv6 mandate.

"Between when the mandate came out until now, what agencies have been doing is defining the core, taking inventory, identifying what needs to be modernized, and then beginning to execute on that," Girardi says. "They are all moving forward…So when June 2008 comes, they'll be able to run the IPv6 testing in the core and to demonstrate that their networks are IPv6 capable."

Whether agencies will start using IPv6 after the mandate is another story.

"My job is to provide them a core infrastructure that can pass IPv6 packets," Girardi says. "In terms of the extent to which they use that, I can’t comment…The mandate means: Get the core ready. After the core is ready, then they can start looking at applications that take advantage of IPv6."

"Agencies know they have to be IPv6 compliant by June of next year. They're saying that they are on a network that's compliant, so they're compliant," Zeleniak says. "Migration to IPv6 seems to be lagging behind meeting that requirement." 

IPv6 sales lag

The federal IPv6 mandate is not driving significant sales of IPv6 services from the carriers.

Qwest's one federal IPv6 customer, the Federal Maritime Commission, has installed IPv6 circuits across its backbone network to comply with the OMB mandate. Qwest also offers an IPv6 test bed.

"I don't have any federal customers wanting to test applications on the IPv6 test bed. None," Gowen says.

Qwest in January will offer its federal customers an independent certification of compliance with OMB's IPv6 mandate.

Learn more about this topic

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2007 IDG Communications, Inc.