Agencies likely to miss network upgrade deadline

Friday - 9/21/2012, 5:31pm EDT

Agencies have about a week to meet the Office of Management and Budget's deadline to upgrade public facing external servers to Internet Protocol version 6 (IPv6). But it looks as though few will meet the mandate.

The National Institute of Standards and Technology released statistics on Sept. 16 showing 58 percent of agencies have made little or no progress toward moving to IPv6 from IPv4. NIST takes weekly snapshots of federal government, private-sector and university progress toward IPv6 and implementing domain name security (DNSSec) technology.

Government, industry and academia have to move to IPv6 because the number of Web addresses under IPv4 are running out. NIST estimates there are about 1.6 million addresses left for the entire world. IPv6 has almost an unlimited number of addresses and provides better security and flexibility in connecting devices to the Internet.

Agencies have had a mandate to enable DNS security on their top-level domains since September 2008. OMB gave departments until December 2009 to improve the security of all .gov domains. Few agencies met that mandate, but are making better progress now with 51 percent of all domains DNSSec enabled and 21 percent in progress.

IPv6 transition stalls

But the move to IPv6 has stagnated. This is the second time agencies, for the most part, have not met OMB's requirements.

In 2005, the administration issued a memo establishing a June 2008 deadline for agency backbones to meet IPv6 compliance. Many agencies showed how IPv6 could run on their networks, but most still are running either IPv4 or a dual stack, which means running both v6 and v4 traffic.

The Treasury Department has the most domains still needing to be moved to IPv6, with the General Services Administration and the departments of Commerce and Health and Human Services closely behind them.

The departments of Transportation and Justice seemed to be making the most progress among the largest agencies, while the Office of Personnel Management and the Social Security Administration have made significant progress among the smaller CFO Act agencies.

In December 2011, DoT stated on the Chief Information Officer's Council website that it became the first agency to transition to a dual stack — IPv4 and IPv6 network — delivery through a cloud computing contract.

Updated guidance issued in July

OMB and the CIO Council updated their planning guidance and roadmap to IPv6 in July.

"The 2012 'To Be' state is focused on ensuring agencies can continue communicating with outside entities utilizing IPv6," the guide stated. "With the exhaustion of IPv4 addresses that has occurred and the continuing rapid deployment of broadband services, including those being spurred by the national broadband initiative and the accelerated deployment of mobile 4G and WiFi services, it is clear that IPv6 only users will soon be a reality within the United States. Federal agencies will need to ensure their ability to continually communicate with these users to maintain proper continuity of services and their overall mission. Essentially, all IP-based communications that occur with entities outside of the agency's enterprise network should be available operationally over IPv6."

Agencies also are preparing for the 2014 deadline of upgrading internal client applications and communications infrastructure to IPv6

"These goals provide agencies with the operational infrastructure to build truly robust IPv6-enabled end-to-end services in the future that would take advantage of advanced IPv6 capabilities and features," the guide stated. "Agencies should initially focus on rolling out IPv6 operational capabilities that are overlaid on the existing IPv4 infrastructure and provide comparable features and functionality. This is the most expedient approach and will be the easiest for agencies to adopt to create an operational IPv6 capability in order to successfully reach the 2012 milestone and 2014 milestone targets. However, this approach alone will not provide agencies with the robust IPv6 deployments that will allow them to take advantage of many of the new features and functionality of IPv6."

Government Computer News first reported the NIST statistics.

A request for comment to OMB about the status of agency progress in meeting the IPv6 mandates was not immediately returned.

RELATED STORIES:

OMB sets new security policy

OMB, CIO Council issues new IPv6 guidance