U.S. Government Paves the Way to IPv6 with Mandate Compliance

By Sean Michael Kerner | Sep 28, 2012 | Print this Page
http://www.enterprisenetworkingplanet.com/netsp/u.s.-government-paves-the-way-to-ipv6-with-mandate-compliance.html

The U.S. Government has put in place an IPv6 mandate that comes into affect on September 30th. That new mandate requires all government agencies to have their public facing websites and email services available over IPv6.

At this point, it's not likely that every government website will meet the deadline, though a large number of them will. Christine Schweickert, senior engagement manager for public sector at Akamai, told EnterpriseNetworkingPlanet that she expects over 1,800 U.S Government websites will be on IPv6 by the mandate deadline.

From an Akamai perspective, the company has a large number of U.S. Government customers that it is enabling for IPv6 with dual-stack servers. In a dual-stack implementation, a site is available natively over both IPv4 and IPv6. Akamai's Content Delivery Network has a mapping technology that optimizes traffic around the Internet. Getting the government websites to run on IPv6 is just a matter of putting the site configuration on the Akamai dual-stack server maps.

"So if a request comes in to a government website from an IPv6 client, we will go ahead and route them to the best performing Akamai Edge server that can speak IPv6 back to that request," Schweickert explained.

Another approach that some network administrators have tried for IPv6 support has been to tunnel the IPv6 traffic over an IPv4 network, or vice-versa. In Schweickert's view, that's not an ideal solution as it tends to break things.

"When you're tunneling, you're routing through IPv4 packets and that's not in the spirit that we have to operate in globally," Schweickert said.

In contrast, Schweickert noted that with dual-stack, the server will respond to IPv4 requests with IPv4 content and to IPv6 requests with IPv6 content.

"If you're using tunneling, you're really just doing a workaround," Schweickert said.

To make it even easier for the U.S. Government websites, Akamai isn't actually charging more money for the dual-stack service either. Schweickert noted that the dual-stack capability is a feature that is already part of the delivery service that Akamai is providing to its U.S Government customers.

David Helms, Vice President, Cyber Security Center of Excellence at Salient Federal Solutions is among those that are backers of the Akamai approach to meeting the September 30th IPv6 mandate. In his view, it's all about enabling interesting services and locations over IPv6 in order to spur adoption.

IPv6 Mandates of the Past

The 2012 IPv6 mandate is not the first, or the last IPv6 transition mandate from the U.S. Government.

Four years ago, in 2008, the U.S. Government also had an IPv6 mandate in place. That particular mandate, required U.S. Government agencies to have IPv6-ready equipment enabled in their infrastructure.

There are a number of difference between the 2008 mandate and the current 2012 mandate.

In Helms' view, the current IPv6 mandate has been especially well constructed and conceived. He explained that as part of the mandate, every agency had to appoint an IPv6 transition manager, which provides for some accountability. As well, he noted that the technical milestone of delivering web, DNS and email over IPv6 are all accomplish-able goals. That said, the mandate itself doesn't necessarily carry with it any immediate penalties for non-compliance.

"With the last mandate it's not like the hammer of Thor came down and punished agencies for not complying," Helms said.

The other key thing that has changed since 2008 is the simple fact that IPv4 address space exhaustion is no longer just a forecast. In February of 2011, the Internet Assigned Numbers Authority (IANA) allocated the last blockfrom the free pool of available IPv4 addresses.

"Back in 2008, IPv6 was an investment with less of a clear return," Helms said. "Between that time and now, manufacturers have picked up their responsibilities and there is no major router vendor now that doesn't support IPv6, so having to depend on the manufacturer to be an IPv6 partner is not the same obstacle that it was back in 2008."

IPv6 Traffic

While the government is moving forward on IPv6, overall IPv6 traffic numbers remain small. Schweickert noted that traffic on IPv6 is still in the one percent range, though it is growing. She stressed that while IPv6 is small today, it's imperative that the technology is rolled out now.

In Schweickert's view, by rolling out IPv6 now, when traffic is still relatively small, agencies can discover any internal issues or concerns that maybe associated with IPv6. According to a recent study, the U.S already has the largest base of IPv6 usersin the world at just over 3 million.

The current 2012 mandate is also just a stepping stone toward a 2014 mandate from the U.S. Government. The 2014 IPv6 mandate will require that the internal enterprise infrastructures of U.S. Government agencies are running IPv6.

Overall the U.S Government's approach to IPv6 provides some lessons that others can learn from. Helms added that the directive to use IPv6 was structured as a mandate, and it provides an agile iterative approach to deployment.

"You can drive technology change through top down cheer leading," Helms said. "We can set direction and we can influence technology evolution."

Sean Michael Kerner is a senior editor at eSecurity Planet and InternetNews.com, the news service of the IT Business Edge Network, the network for technology professionals Follow him on Twitter @TechJournalist.