Slashdot Mirror

← Back to Stories (view on slashdot.org)

Federal Agencies Must Use IPv6 by 2008

Posted by Zonk on from the quick-turn-over dept.

MoiTominator writes "The White House Office of Management and Budget announced on Wednesday that all federal agencies must deploy IPv6 by June 2008. So far, Defense is the only agency which has made any progress toward implementing the new protocol." From the article: "While we know that IPv6 technologies are deployed throughout the government we do not know specifically which ones, how many there are, or precisely where they are located...For cost, the agencies must report on estimates for planning, infrastructure acquisition, training and risk mitigation."

6 of 295 comments (clear)

  1. Benefits of IPv6 by lw54 · · Score: 5, Informative
    IPv6 is a powerful enhancement to IPv4. Its primary features are as follows:
    • The larger address space provides new global reachability, flexibility, aggregation, multihoming, autoconfiguration, plug and play, and renumbering. IPv6 increases the IP address size from 32 bits to 128 bits, allowing more support for addressing hierarchical levels, a much greater number of addressable nodes, and simpler autoconfiguration of addresses.
    • The simpler, fixed-size header enables better routing efficiency, performance, and forwarding rate scalability.
    • The numerous possibilities to transition from IPv4 to IPv6 allow existing capabilities to exist with the added features of IPv6. Various mechanisms are defined for transitioning to IPv6, including dual stack, tunneling, and translation.
    • Mobility and security ensures compliance with Mobile IP and IP Security (IPSec) standards.

    Page 46, CCNP Self-Study, Paquet Teare

    1. Re:Benefits of IPv6 by Florian+Weimer · · Score: 4, Informative

      Reality is quite different and does not live up to the short-sighted analysis you quoted.

      The larger address space is meaningless as long as it's harder to get independently routeable IPv6 prefixes than it is for IPv4. IPv6 headers are not fixed-size, especially in enterprise environments, the extension headers make the IPv6 header variable-length, causing endless headaches with hardware-assisted forwarding. Quality of implementation of the transition mechanism often suck, and they introduce new security issues. IPsec for IPv6 is not widely available, in contrast to IPsec for IPv4 -- even though it is mandated by the RFCs.

      Right now, IPv6 cannot deliver any of the new features it promises. It makes a lot of sense not to deploy it at this stage.

  2. Mac OSX has had great IPv6 for a while (10.2)! by Anonymous Coward · · Score: 5, Informative

    Mac OSX has had great IPv6 for a while (10.2)

    http://evanjones.ca/macosx-ipv6.html

    And the feds moved back their deadline so many times that even 2008 will be pushed back.

    Apple even had a demo of ipv6 in OS9 once, and a long while back was big on it.

    Most people, who enjoy semi-anon IP addresses from defacto forced reissue taht I know are against IPv6 and see it for all its regretful faults, despite its wonderful goals and alleged benefits.

    In an IPv6 world... there will be no more anononymity except at a WiFi cafe lacking video cameras.

  3. Re:NAT by FrostedWheat · · Score: 4, Informative

    though the security aspect that NAT provides really is useful

    Nothing a simple firewall can't handle.

  4. Re:I beg to differ: NAT can do it, and well too by TummyX · · Score: 4, Informative


    Intelligent use of NAT can get a lot of users into one IP. 9 out of ten surfers only need outgoing-initialed connections (web surfing, email, instant messaging, IP-based broadcasting and legal music download software).

    But if you want to do video conferencing or VOIP then you're screwed unless you go via proxy servers and give up speed and security.


    In an ideal world yes, every device could be addressed by its own IP address, but in this world I don't want some cracker port-scanning my fridge and getting a backdoor through a butter overflow exploit.

    It doesn't matter whether you use NAT or IPV6 . There's no reason why your fridge ith an IPV6 address should not sit behind your home firewall. At least, when you need to be able to open certain ports (at which point you're vunerable to buffer overflows regardless of the protovcol), you'll be able to do so using router rules rather than port mapping (which can only go so far). In both situations you'll have to buy an additional device -- an IPV6 router/firewall or a NAT based IPV4 router/firewall. There is no reason why an IPV6 router/firewall needs to be configured by default to permit all incoming connections.

  5. Re:You CAN have IPv4 and IPv6 on the same network. by freakmn · · Score: 4, Informative

    Actually, you can get the IPv6 stack directly from Microsoft, so it isn't 3rd party software. For Windows XP, it shows up in the list of available protocols to install for your network. It's not the default, but not any harder to install than IPX/SPX. With Windows 2000, they don't make it easy, you have to search for it on their site, but it's there.

    IPv6 Preview for Windows 2000
    Advanced Networking Pack for Windows XP
    FAQ About the IPv6 Protocol for Windows XP

    --
    warning: This post is likely to contain gobs of dripping sarcasm. Consume at your own risk.