IPv6 advocates looking for the US Federal Government to make a major financial commitment to the next generation of the internet’s main communications protocol will be disappointed with the findings of a new report from the commerce department.
“Aggressive government action to accelerate the deployment of IPv6 by the private sector is not warranted at this time,’’ states a report from the commerce department’s IPv6 Task Force, which consists of officials from the National Telecommunications and Information Administration (NTIA) and the National Institute of Standards and Technology (NIST).
“Although IPv6 has the potential to produce significant benefits for US businesses and consumers over time, the near-term benefits are less clear,’’ the report states. “In the initial years of IPv6 deployment, network security will likely be no greater under the protocol than is currently available in IPv4 networks. Additional evidence suggests that premature adoption of IPv6 ... could result in unnecessary costs and reduced information technology security.’’
Despite this assessment, the report hints at additional federal funding for IPv6-related research and development.
“The federal government will need to consider allocation of new resources and to work cooperatively with non-federal authorities and the private sector to address outstanding IPv6 research and development issues, and to expedite the development of suitable deployment, coexistence and transition plans,’’ the report says.
Developed by the IETF, IPv6 promises easier administration, tighter security and an enhanced addressing scheme when compared with IPv4, the internet’s current protocol. IPv6, which uses a 128-bit addressing scheme, supports a virtually limitless number of uniquely identified systems on the internet, while IPv4 uses a 32-bit addressing scheme and supports only a few billion systems.
The commerce department’s IPv6 task force was created in response to a 2003 White House report on cyberspace security. The task force was charged with conducting a cost/benefit analysis on whether the transition to IPv6 should be accelerated to provide enhanced cyberspace security.
The task force’s report, entitled Technical and Economic Assessment of Internet Protocol Version 6, outlines the benefits of IPv6, including more address space, end-to-end security and easier network administration. Nonetheless, the report recommends a go-slow approach to federal agencies and enterprises looking to migrate to IPv6.
The commerce department’s cautious approach to IPv6 seems at odds with a mandate by the Office of Management and Budget (OMB) that all federal agencies must run IPv6 on their network backbones by June 2008. The OMB mandate, issued in August, follows a similar requirement that the Department of Defence issued in 2003 to have all military networks moved over to IPv6 by the fiscal year 2008.
“Despite this report from the commerce department, the OMB is providing leadership to assist agencies to adhere to the mandate to move to IPv6,’’ says Jim Bound, chair of the North American IPv6 task force and a senior fellow with HP. “OMB in the last seven months has done more than anyone else to proliferate IPv6 in the government and help with the mandate.’’
Bound disagrees with the commerce department’s recommendation against aggressive government action regarding IPv6 deployment.
“The North American IPv6 task force does not agree that IPv6 is not warranted as a significant investment for the US government,’’ Bound says. “It absolutely is required for the Defence Department and for the Department of Homeland Security. It’s also required for any future hope of getting to next-generation networks and getting to benefits like mobility and widespread use of personal devices.’’
The commerce department report has many positive things to say about IPv6. It suggests the inevitability of IPv6 being deployed in most network hardware, operating systems and software within the next five years.
The report says that corporations and government agencies will likely purchase IPv6-enabled gear during standard technology-refresh cycles and move to the technology gradually rather than all at once. The report identifies many of the obstacles to IPv6 deployment, including the huge installed base of IPv4 systems and the labour-intensive process of upgrading to IPv6.
“Large and mid-sized user organisations, such as corporations and government agencies, will likely incur greater costs,’’ the report says. “The magnitude of those costs will depend on each user’s existing network infrastructure and operational policies, the extent to which their customer applications must be modified to adopt IPv6 and whether the user intends to connect to other organisations using IPv6.’’
The report includes a hypothetical case study designed to estimate the cost associated with an enterprise adopting IPv6. The report estimates it will cost a company nearly US$1.8 million to transition to IPv6. This estimate is based on the company having eight core routers, 150 switches and four firewalls.
Bound says $1.8 million is too high.
“It will cost around US$300,000 for an enterprise to start using IPv6,’’ he says. “We’re not talking about a lot of money here because enterprises will get IPv6 as part of their regular tech refresh. Tech refresh costs should not be included in the cost of IPv6.’’
The commerce department report is accompanied by an analysis from RTI International that states the overall cost of converting the internet to IPv6 will be US$25 billion over 25 years. IPv6 advocates also questioned the US$25 billion figure.
“The North American IPv6 task force believes that cost is too high,’’ Bound says. “If a customer puts in a new MPLS network and runs IPv6 over it, is that network an IPv6 cost or the cost of technology evolution? We cannot for the life of us figure out how a technology trend is going to cost US$1 billion a year. That just doesn’t make sense.’’
The commerce department report concedes that most internet experts predict IPv6-based networks will be technically superior to today’s IPv4 networks, with tighter security and support for new services that take advantage of the additional address space that IPv6 offers. However, the report emphasises the security risks of deploying mixed IPv4 and IPv6 environments during transition.
“Experts generally agree that implementing any new protocol, such as IPv6, will entail an initial period of increased security vulnerability,’’ the report says. “Additional resources will be necessary to deal with new threats posed by a dual standard environment.’’
The report recommends that all organisations be prepared for IPv6 to appear on their networks, and to create security plans and policies for dealing with IPv6 traffic during the years-long migration process.
For the first three to five years of IPv6 deployment, the user community “will likely see no better security than what can be realised in IPv4-only networks today,’’ the report says. “More security holes will probably be found in IPv6 and its transition mechanisms than in IPv4. In the longer term, security may improve as a result of increased use of end-to-end security mechanisms.’’
The commerce department’s conservative recommendations regarding IPv6 don’t come as a surprise to Stan Barber, vice president of engineering operations at NTT America, which was the first ISP to offer IPv6 services in the United States.
“I didn’t expect them to come out and say that IPv6 was motherhood and apple pie,’’ Barber says. “This report is not from research they did using the protocol. It comes from interviews of experts that they conducted or had RTI International conduct on their behalf. In their reports, NIST doesn’t like to say that a technology will definitively do this or that unless they have empirical evidence.’’
Barber says he’s glad the report is not more negative about the risks and costs associated with moving to IPv6. “This report is not going to cause anybody to accelerate their plans to move to IPv6 ... but I don’t think it will stop anybody from moving forward,’’ he says. “We didn’t want this report to come out and retard [the migration to IPv6].”
IPv6 advocates agree with the commerce department’s emphasis on proper planning, testing and security analysis before conducting an IPv6 migration.
“No one should put IPv6 on a network without testing. No one should put IPv6 on a network without additional security,’’ Bound says. “But all US industry — whether you’re Wal-Mart or General Motors — should be moving to IPv6.”