US government gets an "F" for IPv6 Internet make-over

US government gets an "F" for IPv6 Internet make-over

Summary: The U.S. federal government had until September 30th, 2012 to start supporting IPv6 on the Internet with their Web sites. They didn't come close.

The U.S.' government agencies didn't even come close to getting a passing grade for Internet IPv6 support.

Two years ago, then U.S. federal CIO Vivek Kundra ordered all federal agencies to upgrade their public-facing Web services to native IPv6 by September 30, 2012. So, how did they do? Well, to cut to the chase: Not very well.

According to the National Institute of Standards and Technology (NIST), out of 1,494 government agencies, only 287 had IPv6 up and running on their Web sites. That' comes to a percentage of about 20%. Can we say "Fail?” I knew you could.

Fewer agencies still, 166, had IPv6 Domain Name System (DNS) services up and running and only a handful, 54, supported e-mail with IPv6. Other NIST estimates show as many as 387 federal Web domains working properly with IPv6, but the percentage is still very low.

Whether or not these IPv6-enabled sites are actually working remains a good question. Several prominent sites, including the White House and the federal government's own CIO office started supporting IPv6 just in the nick of time over the weekend. Other sites, which claim to support IPv6, are having trouble with dual-stack IPv6/IPv4 network clients. This suggests that some federal agencies have mis-configured their IPv6 addresses.

Still, since U.S. sites just went over the 1% mark for IPv6 support in August, the feds are doing better than the private sector. So, why is IPv6 adoption still going so slowly? It's not like there will be any more IPv4 addresses falling off trees.

Eric York, senior product manager for Arbor Networks suggested that "One of the many issues that still remains with IPv6 adoption is lack of visibility. Equipment vendors have been working hard to roll out support for IPv6 traffic, but in many cases other features such as traffic policy, traffic reporting and alert mechanisms are still not fully supported with IPv6. According to a survey of operational security personnel last year, 70% of respondents indicated that getting visibility of IPv6 traffic on their networks was critical – but only 36% had the network infrastructure capable of generating the necessary telemetry, with a further 27% having partial support.”

Tom Coffeen IPv6 Evangelist at Infoblox, a network automation company, added, "There is a general sense of the importance and necessity of IPv6 adoption even as some agencies struggle with aligning resources to meet the mandate. Among some agencies there is still a sense that the IPv6 deadlines represent an 'unfunded mandate' of sorts with a requirement to support IPv6 externally and internally, but without budgets and resources to maximize the success and timeliness of IPv6 adoption."

In short, without funding, many federal IT departments have put IPv6 adoption on the back burner. They're not the only ones. Even as the last IPv4 addresses vanish, many businesses continue to refuse to adopt IPv6 until the day they're forced to make the change.

Still, as Coffeen pointed out, "Even as this mandate deadline passes, IPv6 adoption among federal agencies will continue to be a mixed bag with some agencies leading and some lagging. As ever more private sector enterprises and service providers adopt IPv6, the business cases establishing the benefits of IPv6 adoption (such as business agility, business continuity, and competitive advantage) will help encourage federal agencies to adopt IPv6 sooner rather than later. Conversely, in at least a few instances, early-adopting federal agencies themselves are helping to establish best practices for effectively running IPv6-enabled networks.”

Related Stories:

Topics: Networking, Browser, Emerging Tech, Government, Government US, IT Priorities, Servers, Tech Industry

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Seven words

    The usual useless but well-connected government contractors.
  • How can anyone get an F for v6?

    What came first, the chicken or the egg? Notice that most v6 presentations don't include an X or Y axis, but do include claims of traffic increases in the double digits e.g. 40% increase YoY!.

    40% of 10 kb/s is 4 kb/s.

    Anyhow, I think the better story would be on exhaustion and helping to convince the non believers (its not just the USG mind you) that there is a brick wall.
  • Actually, remarkable progress on behalf of the USG with respect to IPv6

    Here's some more insightful analysis:

    Given the size and complexity of the USG, this is amazing progress in IPv6 enablement, and shows that the USG is definitely on the path to providing its content via both IPv4 and IPv6. The importance of that change cannot be understated, since large networks are already turning on IPv6 given the dramatic increase in connected devices:

    Commercial sites (particularly publications and content providers) are actually the ones behind here, and will suffer to their competition as more users end up with IPv6-based connectivity and faster performance to their competitors websites.


    John Curran
    President and CEO
  • Innovative IPv6 implementation strategy with least cost funding

    I have to agree with John as the process has taken over nine years and several hundred thousand people in a number of industries across the globe. (Disclaimer at the end of the entry) Several milestones include:
    • August 24, 2006 published a proposed rule in the Federal Register amending the Federal Acquisition Regulations (FAR) to require all IT acquisitions using Internet Protocol (IP) to be IPv6 complaint. Since the USG did not have enough funds to replace every IP device in there vast network this strategy would allow a gradual refresh of the equipment, applications and services over the next four to five budget cycles, using replenishment dollars. (This was not an unfunded mandate but funded in a more efficient manner for the new United States Government (USG) budget realities.)
    • OMB 2008 guidance had agencies inventory and pass traffic over their networks to validate basic v6 capabilities on routers, switches and servers.
    • December 10, 2009 the FAR rule takes effect and all equipment, software and services vendors have to certify IPv6 FAR compliance on all orders and contracts.
    • As the pool of available IPv4 address spirals down, the CIO issues new guidance for 2012 and 2014 and sets up Transition Managers (TM) for all Departments and Agencies of the USG. This includes an agreement to work with ACT-IAC ( to provide industry and networking best practices to the Agencies on IPv6 technology.
    • NIST sets up the USGv6 Test program to support FAR requirements certifies commercial and NGO’s test facilities. They also setup a Monitor as a USG wide tool that extracts domains from and reports their IPv6 capability.
    • The IPv6 Working Group holds monthly TM and technical subgroup meetings/webinars, quarterly interagency meetings and twice a year IPv6 protocol and security training days. The 2009 and 2012 Planning and Roadmap documents (2009 find out about v6 protocols and 2012 deploy them securely across the networks) are published.
    The status of IPv6 protocols and vendor implementations are:
    • 2003-2005 IPv6 protocols are still in a state of flux. Early implementations will have to be updated as the protocols change. Several IPv4/IPv6 DNS implementations and a IPAM/IPALM with v6 support are released to support early testing and deployment.
    • 2005-2007 Reference IPv6 protocol implementations are completed, tested and deployed for operational but limited performance use on routers, switches and servers. Several carriers support IPv6 traffic on their networks.
    • 2007-2009 IPv6 protocol stacks, routers and switches code is implemented in firmware and custom silicon supporting higher performance line speed IPv4/IPv6 routing and switching.
    • 2009-2011 Network management, network services (DNS, DHCP, AAA, IPAM, etc..) and network security vendors lag further behind as the 2010 OMB guidance is released. Some carriers have begun to upgrade routers and some are not reading the road signs correctly. World v6 day is a global lab and test to see what works and breaks on a global scale.
    • 2012 World IPv6 launch with top web site fully dual stacked. September 30, 2012 passes.
    Some unofficial USG stats:
    (Understand that the USG IPv6 monitor can only test actual deployment and there is a detailed behind the scenes process for deployment. If you have planned, procured, contracted, tested etc.. an IPv6 service, but just not turned it on operationally yet, your color is Red which means no progress in the monitor display. All of those steps are not visible to the monitor.)
    1. The official repository of USG domains, has ~1,500 domain and sub-domains.
    2. ~800 domains made some progress in operational deployment. Those domains span dozens of distinct enterprises, CIO shops, vendor/contractors and deployment environments.
    3. ~1,200 unique public .gov services are IPv6 enabled as of 30-Sept. 2012.
    4. ~30% of public web .gov sites monitored are IPv6 enabled.
    5. Scores of commercial products have been conformance and interoperability tested through the USGv6 Program.
    6. If you look at the historical graphs, you will see significant progress over the last 6 months … and September in particular.
    (Disclaimer: These opinions are my own and do not reflect an official position of the USG, ACT-IAC, Internet Associates or any other entity.)

    John L Lee
    ACT-IAC Liaison to the Federal IPv6 Task Force
    Co-chair of the IPv6 Address Planning subgroup ACT-IAC
    Contributor to the 2009 IPv6 Roadmap document under David Green
    Co-editor/co-author 2012 IPv6 Planning Guide/Roadmap Toward IPv6 Adoption within the USG
  • Government leading US Commercial

    Steven J. Vaughan-Nichols,

    It seems that you are missing the real story here. The migration of the US government to IPv6 was based on a simple fact, IPv4 address are a limited resource and there will be a day when it's "customers" will be unable to contact them via IPv4. They also realized this should be part of the tech refresh plan because they understand it take a large network anywhere from 6 months to 3 years to move a large network to support dual stack environment. Professionally, I am impressed so many agencies have implemented IPv6!

    In contrast, lets review the "For Profit Companies" score. When reviewing look for the number of top ISP's, cable providers, technology product providers, router providers, security product providers and multi-national companies do not support IPv6. Some even attempt to sell products and service into this space without eating their own dog food. The the hard question, should you sell these companies short, if they are unable to "answer the mail' via IPv6?