Too Little, Too Late: The Feds call for IPv6

Too Little, Too Late: The Feds call for IPv6

Summary: Yes, we certainly should be switching over to IPv6, but the Federal government calling for it now is a case of too little, too late.


I had an interesting conversation with my Web-hosting company the other day. They told me that American Registry of Internet Numbers (ARIN) has told them that they need to start restricting IPv4, ala Internet, addresses. The long-predicted IPv4 number drought effects are finally being felt.

Lucky us. That's why I look with more than a little bit of cynicism at people declaring that Federal CIO Vivek Kundra issuing a memo (PDF Link) requiring all federal agencies to upgrade their public-facing Web services to native IPv6 by September 30, 2012 is a "Game Changer." The game has already changed, and the Feds are two-steps behind.

Kundra's memo also establishes a second deadline of September 30, 2014 for federal agencies to upgrade internal client applications that communicate with public Internet servers to use native IPv6. All Federal agencies will also be required to designate an IPv6 transition manager to direct IPv6-related activities, and, of course, they must also have network hardware and software that complies with IPv6.

Sounds great. Where's the money going to come from to make all that happen? It's one thing to say we need to address a problem. Talk is cheap. It's another thing entirely to actually do something about the problem.

We're already behind in addressing the coming Internet address shortage, and I don't see issuing a memo with deadlines changing that problem one bit for the Federal government. After all, just now when I checked the IPv4 Address Report, we’ll run out of all IPv4 Internet addresses on January 22, 2012—seven months ahead of the Federal government's first deadline.

When we 'run out' of IPv4 addresses, it's not going to be like we just run into a wall. This will be a slow-motion crash as heretofore 'free' static Internet Protocol (IP) addresses become valuable commodities. But, since your enterprise or your government agency can still get just as hurt in this kind of smash-up as a fast one, I'd advise you to start putting spending money now to switch over to a hybrid Internet IPv4/IPv6 interface with the Internet.

If you do wait until the problem becomes critical, and that seems to be what the Federal government is planning, you'll only end up spending even more in the long run.

Topics: Browser, Networking, Telcos

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • RE: Too Little, Too Late: The Feds call for IPv6

    Feds are only part of the problem...ISP's are the real culprit here. They should be issuing IPv6 statics now for orgs that want static IP's. This would force the adaptation to actually happen.
    • RE: Too Little, Too Late: The Feds call for IPv6

      As the NetAdmin for an ISP, I'm going to correct your misconception. If any client of mine asked for an IPv6 static address, I'd find a way to give it to them. However, not one has asked for one. They all specifically want IPv4 addresses.
      • RE: Too Little, Too Late: The Feds call for IPv6

        To be fair, the VAST majority of your customers probably don't know or care what kind of address you give them, as long as it works. They pay you for "internet service", not "internet addresses" and don't care (and perhaps shouldn't need to care) about the relationship between the two.

        As an ISP, your focus IMHO (beyond immediate quarterly reporting) should be to insure you are capable of fulfilling that mission into the foreseeable future, and at the very least that you can do so for the current 2-5 year planning cycle. ISPs who don't do / haven't done so will be "punished" by the market, forced to pay more to catch up or to be restricted to an ever-shrinking (albeit, slowly shrinking for the first year or three) pool of IPv4-only networks.
  • IPv4 exhaust: very slow train wreck

    We studied this at Stratecast and modeled the impact. It is likley that IPv4 has quite a bit of life left in it since the only thing tht will happen once the /8 blocks are exhausted is that router table fragmentation will occur. Most large enterprises and all of the ISPs have lots of IPv4 addresses left. Additionally, the creative use of NAT will likley extend the life time of IPv4 for most user communities. We see IPv6 being applied initially to things like content networks that want some separation from the common herd anyway.
  • RE: Too Little, Too Late: The Feds call for IPv6

    Too complicated. Start with:
    addresses turning every IPV4 address potentially into millions. Or use it to directly address clients currently NAT-ed.

    Then go the full monty when that shoe pinches.
  • RE: Too Little, Too Late: The Feds call for IPv6

    Am I missing something here? Why do we need to switch to IPv6 for internal networks? I mean, aren't most internal networks NATTed through a set of primary IPs anyway? Most of the the SMBs that I know of use the non-route-able IPs (generally in the 10.X.X.X or the 192.168.X.X range) and NAT their internal IPs through an IP block that they purchase from their ISP.
    So say that a small company purchases an IP from their ISP, (I don't know who owns this IP, just using it for illustration purposes) and all their internal IPs are in the 10.X.X.X range. If their ISP suddenly says that they need to switch to an IPv6 IP, all the small company needs to do is purchase a router that can handle IPv6 IP, right? None of the internal IPs need to be changed...they will all go through the new router that now has a WAN IP as an IPv6 IP.
    • RE: Too Little, Too Late: The Feds call for IPv6

      @tech_ed@... No, there is a lot more to it than that. An IPv4 client won't be able to reach IPv6 pages and applications on the internet, because it doesn't have v6 DNS and can't cope with all the other v6 protocols.

      But it's actually a lot easier to do v6 INSIDE the corporation first, if you give it a bit of thought. Your clients run dual stack (Windows 7 does this by default and Linux isn't hard), and can reach the whole world.

      BTW, Europe and the Far East will run out long before the US. Some European phone companies are planning how to roll out v6 address to their broadband consumers within the next year.

      Perhaps the Feds are worried that all the IPv6 expertise and good practice will emerge elsewhere in the world, and the US will be left behind?
    • RE: Too Little, Too Late: The Feds call for IPv6

      In theory, we could just do NAT-PT (Network Address Translation - Protocol Translation) the same as we did for IPv4. However, we keep being told that many IPv6 applications, such as VoIP, will break if we use NAT-PT. If this is so, a lot of stuff is going to end up broken no matter which way you go.
      • RE: Too Little, Too Late: The Feds call for IPv6

        Broken is a relative term ... we can make most things work through NAT/NAPT (PT or no). It is a question of trying to make IPv6 _more capable_ than IPv4, not simply solving the address problem but also enabling novel uses of our networks in the future - things that NAT-PT may prevent, and it may be costly to undo that damage.

        Furthermore, in short - NAT-PT has all the problem of NAT _plus_ related problems _plus_ entirely new problems. It is, IMHO, far easier to deploy IPv6 natively than to deploy widespread NAT-PT ... especially if you give yourself a year or three to do this in phases, normal tech refresh, etc.
  • RE: Too Little, Too Late: The Feds Call for IPv6

    The feds have been working this issue for long time. They have had guidance to the field mandating any new networking equipment must be IPV6 compatible. Don't get me wrong, there are issues. Just don't want people to think that the government has not been doing anything.
    • RE: Too Little, Too Late: The Feds call for IPv6

      Agreed. I do wish they had done this a year or two sooner, but they have been making progress. At the very least, this mandate means they will need to support "real" IPv6 traffic / capabilities - vs the "less than real" tunneled pings of OMB522.
  • It's the fringe benefits we miss out on most!

    I don't understand how a country like China has IPV6 already fully implemented. While America sits on it's laurels twiddling it's thumbs. Apparently it really does come back down to the ISP's not wanting to spend the bucks and government unwilling to make them. I guess that'll be our next bailout plan to take taxpayers for another ride!

    But if the ISP's would have been actively seeking better faster services for it's customers we'd actually be competitive with these 3rd world nations and progressive countries like Japan, S. Korea, Europe, etc!!! .....oh well, the ISP's would rather spend it on lobbying Washington to not make them come up to the 21st Century. That the rest of the World is living in, besides us. Instead they'll wait to make it even more expensive and difficult for America to advance in favor of their own pocketbooks instead. Lots of CEO's and Government Officials retiring you know and they need it to maintain their high flying lifestyles!
    • RE: Too Little, Too Late: The Feds call for IPv6


      Judging by the Chinese way of living? They are NOT in the 21st century, unless you call serfdom 21st century way of living.
    • RE: Too Little, Too Late: The Feds call for IPv6


      Lemme break it down for you: China implemented it faster for three reasons...

      1.) It's a whole lot easier to implement newer technology when you start later. Sure, China has had computer systems for nearly as long as the USA, but PCs and mobile phones weren't as plentiful in the general populous until more recently. They had less inertia to deal with.

      2.) It's much easier to do when you don't have a legislature and huge political barriers. China may be less communist/dictatorial than they used to be, but there's still a guy on top who can make stuff happen quicker than President Obama can.

      3.) China had fewer IP blocks to begin with, thus they hit the ceiling faster than we did.

      Make more sense now?

      • RE: Too Little, Too Late: The Feds call for IPv6


        Also, let's keep some fairness here. Many if not most ISPs have reserved IPv6. They just aren't foisting it on people. Facebook and Google for instance, that I know of, have gone ahead and are residing on both already. So, we need not beat up on the ISPs too much.

        As for China, well, yes, they supposedly have IPv6 in place, but they also only really wired up Shanghai and Beijing. Also, they control most of the hosted content, and accordingly, there isn't so much of it. So, fail as the US has been on this, China is still not the model to emulate.
  • RE: Too Little, Too Late: The Feds call for IPv6

    Steve - I'd have to disagree with the characterization of "Too Little, Too Late". First and foremost, it's important to recognize that this is not about setting up a new project in each agency, it's about including IPv6 in the normal system planning and development process that already occurs. Agencies are continuing work on their systems; the OMB guidance tells them to plan on IPv6 in addition to IPv4 traffic. This is sage advice, since ISPs have no choice but to make use of IPv6 to connect new customers once we run out of available IPv4 addresses in 2011. The Federal government isn't telling agencies to "wait and see"; the dates of 2012 and 2014 are very realistic given timeframes that system deployment and refresh can take in the federal government.<br><br>Secondly, suggesting "game has already changed, and the Feds are two-steps behind" would imply that they already should have their public servers reachable via IPv6. Now, I agree that those who have known about this for years should already have their web sites on both IPv4 and IPv6 (e.g. ARIN or IETF, both of which are IPv6 reachable). Major content sites also should be reachable via IPv6 or working on it (for example, Google, YouTube, and Facebook are all reachable via IPv6). Before suggesting that the Feds are two steps behind here, perhaps you could outline ZDNET's plans for IPv6 support for its content? One of the major items discussed at yesterday's workshop was the importance of having clear public announcement of IPv6 plans, and from my perspective that places the Feds a step ahead of your blog.<br><br>/John<br><br>John Curran<br>President and CEO<br>ARIN
    • RE: Too Little, Too Late: The Feds call for IPv6

      @jcurranarin "First and foremost, it's important to recognize that this is not about setting up a new project in each agency, it's about including IPv6 in the normal system planning and development process that already occurs. " Here's my problem with your statement. They've been including IPv6 in their normal system planning for ages. The problem continues to be not 'planning;' not issuing memos saying that it must be done; but actually making it happen and that's where I see the government, along with everyone else, still failing to make the grade.

      • RE: Too Little, Too Late: The Feds call for IPv6

        @sjvn@... "They've been including IPv6 in their normal system planning for ages." Time to get precise. In 2005, OMB issued guidance regarding networks being IPv6 capable. Agencies had to meet this goal in mid-2008. There's been no additional specific dates or functionality from OMB until the memo released earlier this week. Also, note that some agencies have made remarkable progress even prior to this guidance: DoD's DREN network and NASA's research network are both "making it happen" by being reachable via IPv6 today.
  • RE: Too Little, Too Late: The Feds call for IPv6

    I've been contracting to DoD for 4 yrs now and asked the first day on the job what their plan was for IPV6 implementation. Four years later it's still being "planned." I predict the Feds will delay this until Chicken Little turns it into another Y2K spending spree; contractors will be called in at the 11th hour and get paid premium prices to meet the Feds' self-induced "crisis" deadlines.
    • RE: Too Little, Too Late: The Feds call for IPv6

      @JohnBoyNC One of the most important items out of the workshop was the very practical example given by DoD's DREN of upgrading not just their external servers but entire infrastructure to IPv6 without additional budget or staff. (Read <a href="," target="_blank" rel="nofollow">,</a> page 3 for coverage of this point). The point is that IPv6 needs to be considered in existing programs going forward, including specific functionality by specific date. Agencies/contractors waiting a for a windfall are going to be quite disappointed.