Five IPv6 tips from an early adopter

* Social Security Administration IT exec offers up tips for IPv6 deployment

If you're wondering what to do about IPv6 - a long anticipated upgrade to the Internet's main communications protocol - consider the case of the Social Security Administration.

If you're wondering what to do about IPv6 - a long anticipated upgrade to the Internet's main communications protocol - consider the case of the Social Security Administration.

SSA has been working with IPv6 since 2001, when the agency first recognized that IPv6 was an emerging technology that would likely end up on its network. Since then, SSA has participated in IPv6 testbeds, analyzed the technology in its labs and started training 150 network engineers. With an IPv6 deployment plan in hand (see last week's newsletter), SSA is way ahead of the curve when it comes to IPv6 adoption.

IPv6 uses 128-bit addresses that can support a virtually unlimited number of computers and devices connected directly to the Internet. IPv4, on the other hand, uses 32-bit addresses and can support approximately 4 billion systems. IPv6 also offers built-in features such as security via IPsec, easier administration and improved quality of service that were added to IPv4 over the years.

I interviewed Rich Terzigni, senior advisor in SSA's Office of Telecommunications and Systems Operations. Here is his advice to other IT executives about getting ready for IPv6:

1. Clean up your IPv4 network.

SSA manages and controls its network infrastructure including IP addressing from a single, central location. SSA also uses many new features that were added to IPv4 over the years, including IPsec encryption, quality of service and bandwidth management. SSA officials say this approach is making migration to IPv6 easier.

"By tuning and flattening and adding features and functions to your current IPv4 network and getting it to the state-of-the-art, you're doing a lot of the work required for IPv6 ahead of the time," Terzigni says.

2. Modernize your IPv4 network.

SSA regularly upgrades its network infrastructure to stay current with the latest technology. SSA has an all-IP network that supports Multi Protocol Label Switching (MPLS). SSA has a converged infrastructure, with voice, video and data moving over a single network. SSA is currently upgrading its 1,500 locations to support VoIP. Having up-to-date network hardware and software makes it easier for SSA to handle any kind of upgrade, whether it's VoIP or IPv6.

"We have been refreshing our hardware to take advantage of the new features and functions of IPv6," Terzigni says. "To us, it's just another evolution. We're not embracing this as a revolution."

3. Support IPv6 in dual stack mode.

SSA has chosen a dual stack approach to IPv6 deployment, which allows the agency to support both IPv4 and IPv6 applications for the foreseeable future. This approach requires the agency to have routers with a powerful enough engine and sufficient memory to support running IPv4 and IPv6 concurrently. SSA officials say dual stacking is the best way to deal with the fact that many commercial and homegrown software applications don't support IPv6 yet.

"We're not deploying any tunneling except for Moonv6," Terzigni says. "We're not doing [network address translation] at all. We're having dual stack everywhere, and then it will be up to the application or the workstation whether it uses IPv4 or IPv6."

4. Migrate to IPv6 as part of your regular tech refresh process.

SSA does not have a special IPv6 budget. Instead, the agency is paying for new hardware and software required by IPv6 at the same time as other needed upgrades. SSA bought IPv6-capable core routers when it migrated to MPLS two years ago. Over the next few years, SSA will buy new switches and routers for its field offices that will support both IPv6 and VoIP.

"We're moving to IPv6 with our normal refresh cycles and training budget," Terzigni says, pointing out that the agency can meet its IPv6 deployment deadlines as long as its overall IT budgets aren't cut. "We are interjecting IPv6 into our current budgets."

5. Go slow.

SSA has been working with IPv6 for five years and will have seven years of experience before it is required to support the protocol on its core network. SSA has taken the time to fully test IPv4 and IPv6 dual stack mode in its laboratory before adding the service to its production network. SSA already has started training its network engineers about IPv6. SSA has a three-phased IPv6 deployment planned that will take place during a four-year period.

"By migrating to IPv6 slowly and by doing it via dual stack, you don't have to build a second infrastructure and do a cold cut," Terzigni says. "This allows you do to the transition gradually. You get your current IPv4 infrastructure shored up so then it will work logically when IPv6 is turned on."

Read next week's issue of the Service Provider Newsletter to learn about the dirty little secret of IPv6 deployment: Early adopters see few measurable benefits.

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2006 IDG Communications, Inc.

IT Salary Survey: The results are in