The sorry state of federal IPv6 support
U.S. federal government agencies must meet an aggressive deadline of Sept. 30, 2012, to deploy IPv6 on their public-facing websites, under an Obama administration initiative. But with less than five months to go, more than 99% of federal websites aren't supporting the next-gen Internet Protocol on their DNS, email and Web services.
The Obama administration issued a directive in the fall of 2010 that requires agencies to support IPv6 on their public-facing Web services by the end of this federal fiscal year. There is a second step to the Obama administration mandate that requires agencies to support IPv6 on their internal, operational networks by Sept. 30, 2014. It's unclear what the consequences of not meeting the mandates will be.
BACKGROUND: Fed's IPv6 plan called a "game changer"
Experts say federal IPv6 deployment has lagged due to a lack of support for the emerging standard by government contractors, including carriers and content delivery networks as well as their network equipment suppliers.
"Agencies are supposed to have the general Internet-based services that are available to citizens support IPv6," said Dale Geesey, COO at government contractor Auspex Technologies, at last week's North American IPv6 Summit in Denver. "It's a big challenge from a federal perspective."
Geesey said the Federal CIO Council has an IPv6 task force that meets weekly and that agency IPv6 transition managers are meeting monthly to help the government hit this aggressive goal. "We continue to move forward," he said.
A survey conducted weekly by the National Institute of Standards and Technology (NIST) shows that only five organizations have successfully deployed IPv6 on their DNS, email and websites as required by the mandate. These organizations are: the Department of Veterans Affairs, the Environmental Protection Agency, the Defense Research and Engineering Network, Defense High Performance Computing, and the Space and Naval Warfare Systems Command.
In total, only 10 out of 1,565 domains operated by federal agencies were able to pass NIST's tests for IPv6 support on DNS, email and Web this week. That's not even 1% of the total number of domains tested.
Ron Broersma, DREN chief engineer, told the North American IPv6 Summit audience that IPv6 is ready for deployment. "Security and performance of IPv6 is equivalent to IPv4," he said. "IPv6 deployment doesn't have to be costly if you use tech refresh and if you don't procrastinate."
Broersma said one challenge for federal agencies is that some of the carriers that they are required to use through the Networx contract are not providing sufficient IPv6 services. Networx is an umbrella telecommunications contract that federal agencies must use to purchase voice, video and data services.
"There are some carriers on the Networx contract lacking IPv6. One won't have it until the end of the calendar year," Broersma said. "Some federal agencies may need to switch ISPs, which is a pretty big deal."
Broersma said that two federal network security efforts -- the Trusted Internet Connect (TIC) Initiative and Managed Trusted Internet Protocol Services (MTIPS) -- also are behind on deploying IPv6.
Broersma said other challenges for federal agencies trying to deploy IPv6 are the lack of feature parity between IPv4- and IPv6-based network hardware and software, as well as the lack of support for Dynamic Host Configuration Protocol for IPv6 (DHCPv6).
"Existing security products lack IPv6 support. Mainstream intrusion detection systems are not ready," he added. "But we have a much better story for doing network management over IPv6 than two years ago."
One federal agency that's successfully deployed IPv6 is the Department of Veterans Affairs, which has IPv6 deployed on 99% of its websites. Steve Pirzchalski, IPv6 transition manager for the VA, said the agency has IPv6 support for its DNS, SMTP/mail and Web services for all of the websites under its va.gov domain.
"We are very happy about this," Pirzchalski said at the North American IPv6 Summit. "We did get our gateways transitioned, which was not inconsequential. We launched our main website -- www.va.gov -- for World IPv6 Day last June, and we've had continuous IPv6 operation since then."
One development that will aid federal agencies' ability to meet the Obama administration's IPv6 mandate is the availability of production-quality IPv6-to-IPv4 translation services from Akamai Technologies. Akamai, a leading CDN, says it will launch IPv6 services in April. Akamai's federal customers include the Department of Defense, the Food and Drug Administration and the Federal Emergency Management Administration.
Another development expected later this month is the release of Version 2.0 of a document called "The Planning Guide/Roadmap Toward IPv6 Adoption within the U.S. Government." The original version of this document was released in 2009.
IPv6 is an upgrade to the Internet's main communications protocol, which is called IPv4.
IPv6 features an expanded addressing scheme that can support billions of devices connected directly to the Internet. But IPv6 is not backward compatible with IPv4, which is running out of addresses. Network operators can either support both protocols in what's called dual-stack mode or translate between IPv4 and IPv6.
Read more about lan and wan in Network World's LAN & WAN section.