In a Sept. 28, 2010 memo, federal CIO Vivek Kundra laid out specific steps for agencies to expedite the operational deployment and use of IPv6 — the so-called Next Generation Net, which is an updated infrastructure of the current system, IPv4.
Designed to provide new services and capabilities, the new protocol would extend the available IP address space to offer a unique IP address to any device, enable stateless IP auto configuration and enhanced “plug and play“ support, as well as boost support for IP mobility, the memo said.
Although IPv6 allows for significantly more numerical addresses–specifically, 340 undecillion new ones — migrating from IPv4 to IPv6 could prove difficult. According to Devcentral’s Lori MacVittie, the dependence on IP addresses of infrastructure to control, secure, route and track everything from simple network housekeeping to complying with complex governmental regulations makes it hard to merely “flick a switch“ and move from IPv4 to IPv6.
This reliance encompasses not only infrastructure but the processes that keep data centers running smoothly, MacVittie writes. Firewall rules, ACLs, scripts that automate mundane tasks, routing from layer 2 to layer 7, and application architecture likely use IPv4 addresses. In addition, clients may not be ready to make the transition, which makes a simple “cut over“ approach insurmountable or, as MacVittie says, “fraught with the potential for technical support and business challenges.”
Despite the hurdles to making the IPv6 switch, it seems as if industry and government are well on their way. As June 8, 2011, marks World IPv6 Day, Facebook, Yahoo and Google are enabling IPv6 for their main services that day. Limelight and Akamai are also joining the party by enabling their customers to participate, according to Ars Technica.
Peter Tseronis, associate CIO of the Energy Department and chairman of the Federal CIO Council’s IPv6 task force, said the time for talking about the transition is over, according to SearchSecurity.com.
“‘[Federal agencies] have a clear mandate to meet by 2012,” he said. “We have to do something technical now. It’s time for execution and deployment. The onus is on the agencies, the carriers and the service providers to make it happen.”
If you have any concerns about June 8 being anything like the Y2K mass hysteria, no need to worry, experts say.
“It's kind of interesting because everyone says, ‘Is it here yet? Is it here yet?’ I basically say yes, the IPv6 is here, but they are not turning off the lights on IPv4, ” Lisa Donnan, executive vice president of Cyber Security Solutions at Command Information, told The New New Internet. “We are moving to IPV6, but there is not impending Y2K-like deadline. With the recent absorption of new available IPV4 addresses, we are well under our way.”
According to Donnan, the U.S .government is now the fastest adopter of IPv6. And in less than a year, IPv6 traffic grew globally by an excess of 1,400 percent. But what remains a challenge is the dearth of skilled professionals, especially IPv6-trained engineers, she said.
“Just from an example of what I've seen in my own business is that our IPv6 training classes are up 100 percent over last year; both commercial and public sector organizations,” Donnan said. “The impetus for that is ESOs and CIOs and CTOs are now having to deal with the fact that they don't have the right talent mix in their organizations to address IPv6.”
But as much as it is “very much a challenge,” the transition offers an opportunity in this economic environment, she added.
“One of the security challenges is we've been living 30 years with IPv4,” Donnan said. “All of the existing security systems–firewalls, intrusion systems–were built for the past 30 years. Now, we are moving to IPv4 and there have been a myriad of avenues to move. We've done encapsulation. There have been efforts these last few years to move to IPv6, but we've got none of the security systems to protect us as we are moving.”
For those interested in checking whether their organization is ready for the migration, the Internet Society offers a way to test IPv6 compatibility on its website.