Federal Agencies Must Use IPv6 by 2008

MoiTominator writes "The White House Office of Management and Budget announced on Wednesday that all federal agencies must deploy IPv6 by June 2008. So far, Defense is the only agency which has made any progress toward implementing the new protocol." From the article: "While we know that IPv6 technologies are deployed throughout the government we do not know specifically which ones, how many there are, or precisely where they are located...For cost, the agencies must report on estimates for planning, infrastructure acquisition, training and risk mitigation."

Nice to see that...

[cato+kaze]

Its nice to see that government is implementing IPv6, but I'm more curious as to when it will be implemented by the private sector and widely used. (Is there an FCC ruling or guidelines for transition time somewhere or are we just oozing towards it?)

Re:Nice to see that...

[Mr+Smidge]

NAT will not allow you to do easy VOIP or video-conferencing.

Now think about this: there's an entire class A subnet allocated to MIT. There's quite a few class A subnets allocated for various US governmental institutions. There's a whole one for Apple computer.

But, there's just one for the entire African continent. Some ISPs in countries besides the US cannot give their customers a real IP address! There are not enough to go round. The way they have been allocated is clearly skewed.

So yes, lots of people stand to gain by having more addresses. They just happen to be in some of the poorer nations.

Progress in DoD

[dgb2n]

Although there has been alot of noise around it, actual progress hasn't been so convincing and the 2008 date appears highly unlikely. In many cases its more a matter of "here's how we'd do it if you gave us X dollars" than a funded plan forward.

This has appeared all along like a deliberate attempt to force a "technology refresh" that would be beneficial to major US networking companies than any real response to technical superiority of the IPv6 protocols.

If the technical merit were really there (many of the supposed IPv6 improvements have been backported to v4), my guess is a specific mandate wouldn't be necessary. Business would take care of it.

NAT

[debilo]

Before people jump and say that we don't need IPv6 because NAT is good enough: No, NAT is not good enough. While I am grateful for NAT (and I am sure every other pood sod stuck with a single address only is grateful too), NAT has some serious shortcomings and limitations which increase the need for sometimes ugly, drastic or awkward workarounds for many things. It would be nice to be able to communicate with machines behind routers directly, though the security aspect that NAT provides really is useful.

Re:Not ready for Prime Time

[Uhlek]

Obviously you only read trade mags and know nothing about networking:

1) You're thinking older Cisco equipment. But, the same argument could be made for any number of enterprise/carrier routing vendors. If you have a router/multilayer switch designed for IPv4, you're going to have to either upgrade it with IPv6 ASICs, or replace it completely. That's part of the price of transisition, and there's no way around that.

2) No one with any level of education in the matter says "We're running out of addresses." We're running out of address SPACE. Big difference. The huge class A and B networks issued to large US corporations and the military means those countries who got online later on are losing out. Case in point...I was on the redesign team at a USAF base that had two class B networks -- for 30,000 customers.
And NAT is only a stopgap. You end up with a massive number of interoperability problems when you start NATing. With IPv6, there simply isn't the need for it, and you remove those problems.

3) Memory and CPU performance hasn't been a major issue with most routers in a long time, especially BGP routers. Massive OSPF networks, yeah, the Dykstra algorithm hits hard, but there are other, less CPU-intensive options like IS-IS, or just design your network right from the ground up and summarize properly.

Again, the problem we're going to run into here is the specialized memory used for wire-speed packet switching. But, if you're doing wire-speed, you're going to have to replace the ASICs anyway, so the TCAM gets replaced too.

4) You're right, minimum MTU size in IPv4 networks is 576 bytes. But that's a difference of 3.5% versus 7%. Not a major issue -- especially since most MTUs are in the range of 1250-1500, or even higher in pure GigE networks.

The road to IPv6 will be bumpy, but the only issue you mentioned with any real weight is the first, and that's an easy one. You just throw money at it.

Where the problem is going to lie is in long-haul data transport, IPv4 interoperability, and legacy application support. The network's the easy part.

Re:Not ready for Prime Time

[MathFox]

1. Cisco routers suck at IPv6.

Cisco will have to fix that or go dodo...

2. The world does not need more than the 4 billion addresses available with IPv4.

Think VOIP: it would be nice if my "Mobile communicator", home PC and work PC could be directly accessed from all over the world. With 6 billion people on earth, I estimate a demand for 18 billion IP addresses.

3. IPv6 addresses are too large.

Moore's law: The capacity problems will be solved in a few years. And routers don't need to keep full routing tables (they never did!)

4. The IPv6 header is too large.

Network speeds have boomed... 8 Mbit ADSL is affordable and available nearly everywhere in the Netherlands. When you redo your computation with a MTU of 1500 (ethernet), overhead increases by a bit more than a %.

I see a lot of reasons to go IPv6, especially now China (1.3 billion people) and India (1 billion people) get connected.

Re:Missing improvements

Not trying to be harsh. But the missing improvements are outside the IP scope and functions. Just for your information:

A) Look for MPLS and its future succesor GMPLS.
B) The port concept is a TCP/UDP layer issue, not an IP issue. You can use lots of IPv6 addresses for the same device (IPv6 permits explicitly that) and just one port if that is what you prefer. I personally don't see the improvement. IP addresses are assigned to devices (in the IPv6 paradigm), ports are assigned to application uses. I personally beleive it is much straightforward this arrangement that an IP derived solution. At least now, you now port 80 means (at least should) web access.

You CAN have IPv4 and IPv6 on the same network.

[TERdON]

Both IPv4 and IPv6 were designed to be implementable as software protocols. They were also smart enough to implement a version flag in the protocol. There is nothing at all stopping you from installing dual IP stacks on all of your computers, giving each interface an IPv4 and one IPv6 adress, and use both of them interchangably.

What is stopping the implementation of IPv6 are those pesky legacy devices, legacy operating systems (ie Windows) and legacy hardware accelerated routers, and the fact the Internet being as big as it is - it's basically impossible to do a clean switchover, and there ARE problems when combining the two systems - even though you can have both on the same network, they won't be interoperable (=really bad).

Of course IPv6 has been designed to work around these issues as well as possible, but there will be issues eg getting a IPv4 machine to connect to a IPv6 one. And NAT has been the easier-to-implement short-term-solution for home 'puters etc...