It’s been almost 15 years since the Office of Management and Budget first put agencies on notice to move to internet protocol version 6 (IPv6). And in in 2010 and again in 2012, OMB tried and failed to get momentum behind this effort.
Who remembers the “threat” that agencies would run out of IPv4 addresses and the internet would break down?
Like the warnings from the 1970s that the world run out of oil if we didn’t do something, experts predictions have fallen short.
So what’s the difference this time with the 2020 version of the “you have to move to IPv6” memo, which OMB released a draft version for public comment on March 2?
Experts say there are several reasons why the time is right for agencies to transition to IPv6, and it’s not based on “what if” scenarios.
“This was miscast previously as an IT problem, when it’s really an enterprisewide problem of people, process and technology,” said Peter Tseronis, founder and CEO of Dots and Bridges and a former IPv6 task force leader for the CIO Council. “This is about how organizations rely on technology to meet their missions. You have to modernize and transform at a fundamental level and that means the stuff behind the walls.”
He said the rise of internet of things (IoT) devices across nearly every federal mission space should help agencies see that the time is right to more full transition.
Tseronis said if this latest memo falls just to the agency chief information officer once again, it will have a limited impact. But if the CIO can get others CXOs to care about it because moving to IPv6 impacts all mission, then it will be more successful.
Tseronis and other experts praised OMB’s approach to this latest draft memo.
They said it’s not so much about adding another unfunded mandate to agency plates, but laying out a straightforward strategy over the next five years mixed with places to find help and additional information.
“We are now at point where we need to finish the job and the memo does a great job of saying, ‘let’s start with low hanging fruit,’ things you can pilot and then do a phased approach to move to IPv6,” said David Belson, the senior director of internet research and analysis at the Internet Society, an organization that supports and promotes the development of the internet as a global technical infrastructure, in an interview with Federal News Network. “OMB also is telling agencies to leverage the NIST program for testing and approving technologies as well as acquisition language. OMB is saying to agencies there is a lot of support and best practices for you to use so there is no reason you shouldn’t be able to get this done.”
In the draft memo, OMB detailed a series of goals and deadlines for agencies, including creating an internal IPv6 team, writing new agencywide policies and identifying at least one pilot that they can complete by the end of fiscal 2021.
“In the last five years, IPv6 momentum in industry has dramatically increased, with large IPv6 commercial deployments in many business sectors now driven by reducing cost, decreasing complexity, improving security and eliminating barriers to innovation in networked information systems. Mobile networks, data centers and leading-edge enterprise networks, for example, have been evolving to IPv6-only networks,” wrote Federal CIO Suzette Kent in a notice in the Federal Register. “It is essential for the federal government to expand and enhance its strategic commitment to the transition to IPv6 in order to keep pace with and capitalize on industry trends.”
OMB sets four goals over the next five years:
Transition at least 20% of IP-enabled assets on federal networks are IPv6-only by the end of fiscal 2023;
Transition at least 50% of IP-enabled assets on Federal networks are IPv6-only by the end of 2024;
Transition at least 80% of IP-enabled assets on Federal networks are IPv6-only by the end of 2025; and
Identify and justify federal information systems that cannot be converted to use IPv6 and provide a schedule for replacing or retiring these systems.
Cricket Liu, the chief domain name system (DNS) architect for Infoblox, said industry, particularly the telecommunications and mobile carriers, have moved to IPv6 because, like many larger agencies, they were running out of IPv4 addresses and the growth of devices all but forced their hands.
As agencies started using sensors, wearables and deployed devices where everything from phones to printers to smart speakers used IP addresses, it now may be enough to get them to invest time, money and people in the IPv6 transition.
Over the last 15 years, agencies have taken small steps. The latest data from the National Institute of Standards and Technology showed out 60% of DNS, 81% of all email and 65% of all web traffic remain on IPv4.
At the same time, NIST says agencies are much further along when it comes to having IPv6 enabled domains and enabling DNS security domains.
Out of 2,900 IPv6 enabled services tested, NIST found 62% are operational and 3% are in progress.
“We effectively are running out of IPv4 addresses. There are small chunks of v4 addresses coming back to the registries, but that just kicks the can down the road because no one is giving enough back to make a difference,” Belson said. “Through IPv4 marketplaces, organizations can purchase addresses, but it’s not cheap and those prices will continue to go up as space becomes more scarce. I think those factors are driving why OMB is now pushing for IPv6, but it’s not just one event or one reason.”
Chris Usserman, a principal security architect for Infoblox Federal, said another of the driving forces behind OMB’s memo likely is along with the increase in IoT devices is the fact agencies are moving to cloud services faster.
“There are some vendors who previously weren’t prepared for IPv6,” he said. “Agencies were also not prepared from a knowledge, budget or otherwise to implement IPv6. And if one agency is going to do it what about everyone else? So communication between agency networks would become more difficult. I think there has been a general lack of understanding about what is required to implement IPv6 architecture.”
As agencies start to implement OMB’s latest memo, Usserman said they should first triage their systems to see what is running already on IPv6 and which ones could run on the protocol, but aren’t yet.
“Once you get a sense of that, you know what you are up against and you can start your planning,” he said. “Then you can start moving apps that are ready to move to IPv6 and sunset others that are not.”
Tseronis added agencies should consider creating an internal IPv6 task force to handle both the technical side as well as the culture side.
“I’d have the internal task force do a road show so everyone understands why it matters to each unique mission area. You have to make it a living, breathing effort,” he said. “If not, people will look for the easiest reason to say why they don’t need IPv6. I’d find one mission where you made IPv6 real and show why it matters versus trying to treat it as an enterprise program.”
The big question that comes from this fourth memo on moving to IPv6 is what are OMB’s plans for accountability? The Internet Society’s Belson said that was the one big glaring whole in the guidance. And like we saw several times over the last 15 years, if there is not accountability, agencies will not complete the move to IPv6.