No Looking Back

Agencies must upgrade Internet services by 2012.

Think IPv6 is so 2008? Think again. All agencies met the Office of Management and Budget's June 2008 deadline to demonstrate their ability to carry IPv6 traffic across their backbone networks, but that doesn't mean the federal government is ready for the next-generation Internet.

For the past year, agencies have been worrying about other network-centric issues, such as securing their Internet connections and domain name services against hackers, selecting new carriers through the Networx program, and doling out smart cards to employees and contractors. But thanks to new guidance from the federal Chief Information Officers Council, IPv6 is back in the spotlight.

"I think you're going to see a resurgence of interest in IPv6," says Peter Tseronis, chairman of the federal IPv6 Working Group and deputy associate chief information officer at the Energy Department. "Because of the Obama administration's cloud computing agenda and the push toward a service-oriented architecture approach to acquiring IT services, the focus will be on infrastructure, and IPv6 is all about infrastructure."

IPv6 is a long-anticipated upgrade to the Internet's main communications protocol, known as IPv4. Version 6 features vastly more address space to allow computers, cell phones, gaming systems and other devices to connect directly to the Internet. The newer version also provides built-in security, simplified network management, and enhanced support for streaming video and other peer-to-peer applications.

The Internet engineering community is urging organizations like government agencies to migrate to IPv6 so they are prepared when IPv4 address space runs out, which is expected in 2012. By then, agencies will need to support version 6 across their Internet-facing servers to communicate with citizens, and they will need IPv6-enabled devices to access IPv6 content on the Internet. "Agencies made progress by simply doing what needed to be done by June 30, 2008. . . . But the issue is what are they doing now," Tseronis says. "Any agency that needs an infrastructure that is scalable, secure and stable needs to be migrating to IPv6."

In May, the CIO Council issued its "Planning Guide/Roadmap Toward IPv6 Adoption Within the U.S. Government."

The plan says agencies must integrate IPv6 into their enterprise architecture and capital planning processes and report regularly to OMB on their progress. "There are specific things related to IPv6 that agencies are being held accountable to in their quarterly assessments to OMB," Tseronis says. "Every quarter and annually, OMB is reviewing the self assessments that agencies are providing and what they've done with regard to IPv6." To get top marks from OMB, agencies must make specific plans for deploying secure IPv6-enabled network services and applications.

"For federal agencies that may think that IPv6 is is on ice, it's anything but," Tseronis says. "In order for agencies to achieve level 4 or level 5 in their enterprise architecture framework, they need to make progress on IPv6."

The fact that OMB is requiring agencies to integrate version 6 into their enterprise architecture and capital investment planning is significant because it raises the priority of IPv6 to the CIO level, experts say. "IPv6 has been really dealt with at a low level until now," says Dave West, director of systems engineering with Cisco's public sector group. "When we move IPv6 into enterprise architecture, we're looking at people, processes and procedures. It moves [agencies] to look at the business value of IPv6 as they look at their overall business processes and business applications."

One agency that's far along in its IPv6 deployment is the Social Security Administration. SSA has been planning for its adoption since 2001. The agency has a Multi-Protocol Label Switching network supported by AT&T and Verizon. The network connects 1,800 field office locations and two main data centers in Woodlawn, Md., and Durham, N.C. SSA demonstrated it could support IPv6 in its network core in December 2007. "We are utilizing our architecture planning to ensure we have secure, shared IPv6-enabled network services using our regular tech refresh cycles. That is the key for us," says Rich Terzigni, senior adviser at SSA's Office of Telecommunications and Systems Operations.

Its policy since 2005 has been to acquire only IPv6-capable routers, switches, firewalls and intrusion detection systems. SSA has an in-house lab for testing the IPv6 functionality of the equipment it buys. The agency refreshes technology every five years.

"By 2011 or 2012, depending on our tech refresh cycle, we'll be IPv6-capable from end to end," Terzigni says. SSA integrated IPv6 into its enterprise architecture and capital planning processes in 2005. OMB has rated the agency at maturity level 4 in every enterprise architecture assessment since February 2006.

"We recognized that OMB was not going to give us any additional funding for its IPv6 mandate, so it was necessary for us to build it into our capital planning activities. We had to build it into our standard budget cycle," explains Mark O'Donnell, also a senior adviser at SSA's Office of Telecommunications and Systems Operations.

The agency plans to support IPv6 in dual-stack mode, which means all its servers and desktops will support both IPv4 and IPv6. It also will turn off certain IPv6 features that have security risks.

Now SSA is looking at its current and future applications to determine which ones need to support IPv6. "Future-proofing your network relies on IPv6," Terzigni says. "You're not going to be able to keep current in terms of interagency communications or communicating to the public if you don't embrace it."

On the horizon for federal agencies is an IPv6 product testing program that the National Institute of Standards and Technology plans to launch in 2010. By next summer, the Federal Acquisition Regulation will be modified so agencies must purchase certified IPv6-compliant routers, hosts and network security systems.

With their IPv6 progress to date, federal agencies are ahead of most U.S. corporations. If they follow the CIO Council's roadmap and incorporate IPv6 in their enterprise architecture and capital investment plans, agencies will remain in the lead.

"The government is setting an excellent example not only for the state and municipal governments to follow, but the enterprise CIO as well," says David Siegel, vice president of IP product development at Global Crossing, a telecommunications firm. "The sooner IPv6 becomes part of the regular planning process, the less of a shock it will be when IPv4 addresses become unavailable."

Carolyn Duffy Marsan is a high-tech business reporter based in Indianapolis who has covered the federal IT market since 1987.