Is the U.S. government making significant progress on moving to IPv6, the next generation Internet addressing standard?
On the surface, it doesn’t look like it, as a recent unofficial analysis discovered only nine of 1,761 federal Web domains examined were meeting the standard. But at least one expert believes it’s too early to hit the panic button.
The number of websites using the protocol may seem low, but what the analysis doesn’t show are the steps being taken to ready federal websites to make the transition to IPv6 next year, according to John Curran, president and CEO of the American Registry for Internet Numbers (ARIN), a nonprofit organization that registers and administers IP numbers.
“I don’t think the particular informal assessment is an assessment of the work that is going on as much as the [websites] that have happened to cross the finish line a year early,” Curran explained. “You’re only seeing the ones that have broken the surface.”
A Necessary Move
IP addresses are identifying numbers that are assigned to each device that goes online. IPv4, a protocol with those numbers, was launched in 1981 and has about four billion addresses. With the rising number of devices that connect to the Internet, however, that well of numbers is running dry.
To meet the demand, IPv6 was created, which features essentially an inexhaustible amount of IP addresses.
The challenge for IT staffs worldwide is that IPv4 and IPv6 can’t be merged. Both versions need to run parallel. Although there are current short term answers, such as having an IPv6 address being assigned a temporary IPv4 number, as more devices connect to the Web, inevitably, the final IPv4 numbers will be used up and those devices will be wholly dependent on IPv6 numbers.
At some point, domains that aren’t running the IPv6 protocol will not be able accessible to those devices operating with only an IPv6 IP address. A 2010 memo from former U.S. CIO Vivek Kundra gave federal government websites until Sept. 2012 to make the transition to IPv6 operability.
“This is not about whether the U.S. government wants its websites to be reachable via IPv6 or not,” Curran said. “It’s whether the U.S. government wants its websites to be fully reachable or not. And if it wants it to be fully reachable, one could argue that we’re already too late for that, given IPv6 is already being used to connect new customers in some parts of the globe.”
If an agency doesn’t run an IPv6 protocol on its domain, Curran said that in addition to limiting access to the site, monitoring who is visiting a website and the ability to restrict content on the basis of user location will be virtually impossible.
As the popularity of smartphones and tablets skyrockets, mobile connectivity will also be impacted.
“We have millions of mobile devices coming online and the mobile operators are heavily leaning toward IPv6 because it has a number of addresses they need to get their jobs done,” Curran said. “Eventually your reporting and security systems or whatever is relying on v4 addresses is going to be effective in a smaller and smaller part of the network.”
Making the Transition
As important as enabling IPv6 is, doing so — on paper at least — is relatively simple. All it requires is doubling the steps routinely done when establishing domains and making websites live in the first place.
Curran explained that when creating a project plan to roll out a new website or application, steps such as building the backend database, creating user authentication and working on application and web servers don’t really change for IPv6. The infrastructure is predominately the same that is used for IPv4.
Where the work comes is in the time spent repeating the configuration work. At the front of an application, every step done to enable IPv4 addresses needs to be done for IPv6, including configuring firewalls and load balancing.
“The real important aspect is making IPv6 connectivity an inherent part of the process of putting an application on the Internet,” Curran said. “So as the federal government rolls out new applications and upgrades its websites, it doesn’t consider the job done if it’s only rolling them out on v4.
“They have to realize that if it is important enough to have a website, it has to be a v4 and v6 reachable Internet website,” Curran added. “It should be part of the deployment practices of existing projects that are going live right now. That’s the way to ensure it happens across an agency.”
Carron said the differences between federal, state and local government domains transitioning to IPv6 are negligible at best. He explained that most technical systems have v6 capability, so all that’s really needed is a plan to configure them.
Primarily, Curran felt that the difference on the federal level is that often there is a clear architecture or set of requirements and guidance, whereas that may not always be the case on a smaller state or local level, so the changeover to IPv6 could more easily be overlooked.
When pressed on potential hurdles concerning v6 capability of hardware that agencies are using, Curran was skeptical of any government system that couldn’t support it.
“Their security system may not support v6, or their load balancer, which means they have to bring it up to speed,” Curran said. “But I’d be a little nervous about an agency that was running a system that didn’t speak IPv6, given it has been standard protocol since 1999. But there are some out there.”
Brian Heaton was a writer for Government Technology magazine from 2011 to mid-2015.