US Government IPv6 Enablement – 4-month Status Check

Well, it is now roughly four months until the U.S. Federal Government is supposed to have its publicly-facing network services enabled for IPv6 by 30 September 2012 according to the White House directive in 2010.  More specifically:

Upgrade public/external facing servers and services (e.g. web, email, DNS, ISP services, etc) to operationally use native IPv6 by the end of FY 2012;

OK, we heard about this in 2010, what is the real story here?  Well, we are now 4 months out from that date, and it would be interesting to see where they all stand.  Looking at the figures below (courtesy of NIST’s IPv6 Tracker) you can see that being IPv6 enabled is running at a snails pace, and is seriously quite alarming.  Here’s the breakdown:

  •  6% of the 1,554 domains measured have enabled DNS for IPv6
  • 0.6% have mail services enabled for IPv6
  • 4% have their web sites enabled for IPv6

The Heavy Hitters

As far as drive and desire for getting to IPv6 by their deadline goes, there are really only a few that are making significant progress.  Those agencies are:

  • Veterans Affairs (VA).  The VA has always been focused on deploying IPv6, and they have done something few have: link IPv6 to mission and future IT success.  Without that, you will never get management and executive buy-in.  Therefore you end up never having a focus.  As you can see, they are virtually already there – 80% complete (as of 19 May 2012)  for everything (mail, DNS and web).  See figure below:

  • The next closest of the Agencies was the Department of Transportation (DoT).  They are about 46% IPv6-enabled.  This is a bit surprising because only VA, DoT and the Social Security Administration (SSA) were above 12%.  The average was well under 10%.   Here is DoT’s stats:

  • Lastly, of the “heavy hitters,” the Social Security Administration (SSA) rounded out the list with 44%.  They have been historically more involved than others in the past.  However, as is the case with VA and DoT, they linked IPv6 for mission success.  Here’s their stats:

The Disappointments

Call it either flaming out, or peaking too soon but rounding out the bottom of the IPv6 enabled agencies out there is the Department of Defense (DoD) and the Office of Personnel Management (OPM).  Both of these agencies were involved in getting the word out and funding very early in the deployment of IPv6.  The DoD specifically has funded billions in testing, evaluation, and development in advancing IPv6.  The only silver lining in DoD deployments thus far is the Defense Research and Engineering Network (DREN).  DREN has been the greatest and most stalwart and pure network in DoD when it came to deploying and utilizing IPv6 since 2001.

Here are some of the bad stats:

  • OPM got a whopping goose-egg on any IPv6 enablement:

  • The DoD has 8% in .gov deployment and % in .mil deployment:

.mil –>

 

What is the hold up?

We could get angry and lash out at each of the agencies, but what is the real issue?  Some are related to priorities and technical will; however, the preponderance is because of the following reasons:

  1. Lack of Internet Service Provider (ISP) capability.  For years, ISPs like Century Link, Verizon, AT&T and other have been moving their monstrous networks to enable IPv6.  However, that’s really just part of the story.  All of them are already routing IPv6 on their core backbones.  They just haven’t figured out very important thing: provisioning.  I spoke with the provisioning group at Century Link at this year’s North American IPv6 Forum, and this was their main question.  They basically told me they just haven’t been able to figure out how to provision IPv6 circuits to customer edges.  This isn’t a technical problem it is a business one.  That is the long pole in their tents right now, and it makes sense because it has always been the long pole.  The processes to support the protocol (unlike the technical implementation) is the confusing part.  So how are Agencies even getting some kind of connectivity if this is broader problem?
  2. Content Delivery Networks (CDN) support.  This is how the majority of domains are even getting some kind of IPv6 support.  The largest of the CDN in the federal marketplace right now is Akamai.  They are providing IPv6 to IPv6 (or IPv6 to IPv4) web redirection and security services.  They are also providing DNS redirection and caching.  However, that connectivity is only over IPv4 right now.  They have already publicly stated at the Inter-Agency IPv6 Meeting in Charleston this year that they probably won’t make the government 2012 deadline for DNS.  That is very unfortunate.

So what is next?

Well, with just 4 months left, there is either a lot of work happening behind the scenes, or there is nothing happening and hardly anyone will meet the mandate.  We will all see come the morning of 1 October 2012.

 

3 thoughts on “US Government IPv6 Enablement – 4-month Status Check”

  1. Comparing unique IPv4 services interfaces to those of IPv6 is not the best metric of IPv6 progress. Not required that each service have the same, or same number, of unique IPv4 and IPv6 interfaces.

    Looking at IPv6 enabled services vs total domains is probably a better measure.

    dougm

    1. Thanks Doug, however, I am not sure I know what you mean. I was basing my evaluation on if a website is being shown on the tracker as an IPv4 website, is it IPv6-enabled? So it is a true measure. If 1,554 domains are shown on your tracker, then only 4% are IPv6-enabled. Unless, I’m missing something here…

      Also, breaking it out by service areas shows an intertesting issue; one that could likely be more apparent later on: email. Most application loadbalancers haven’t progressed yet to adding email proxying/load balancing to the list of IPv6 supported features.

  2. Pingback: 2012 US Government IPv6 Mandate: The Day of Reconing

Comments are closed.