Sponsored By

Sizing up IPv6 transition costs

The Office of Management and Budget contends that agencies don't need extra money to transition their networks to Internet Protocol version 6, saying agencies can buy upgraded equipment through their technology refresh budgets. While government and industry officials acknowledge that agency refresh budgets should be sufficient to cover most or all new IPv6 equipment purchases, they say agencies will have other expenses as well, such as testing networks and new devices and training their personnel on IPv6.

A study prepared by RTI International for the National Institute of Standards and Technology (NIST) supports this claim. Released in October 2005, RTI's report estimated that government agencies will spend nearly $4.6 billion over the next 20 years transitioning to IPv6, including $1.5 billion during the next five years.

The largest portion of these costs will come from labor expenses associated with training, research and development, testing and maintenance necessary to deploy IPv6. For the most part, the additional hardware and software costs would be negligible, the RTI report said, because equipment upgrades to IPv6 would likely occur during routine acquisition or refresh cycles.

Although the study was completed nearly 18 months ago, the cost estimates are still valid, says Brent Rowe, a research economists at RTI and one of the authors of the study. "It's possible that the projected costs could even be a little higher because those estimates were collected and calculated before the administration issued the mandate requiring agencies to transition to IPv6.Because the government is taking a lead in the transition effort, more costs could potentially fall on the agencies," he said.

But with no funding allocated specifically for the IPv6 transition, agencies will have to find the additional resources internally. Shawn McCarthy, director of research for government vendor programs for IDC's Government Insights, estimates that federal agencies will spend an additional $56.5 million in 2007 for consultants and other private-sector assistance to help them with security, configuration management, and other issues related to the IPv6 transition. The figure includes only a slight increase in equipment costs related to IPv6, he said.

 

 

 

 

Agencies push toward IPv6 deadline

Federal agencies are poised to begin another round of activities aimed at installing IPv6-capable network backbones by the June 30, 2008, deadline. Many agencies already have started the next steps, which include acquiring IPv6 address space and testing their equipment to run over the new Internet protocol. The ultimate goal, however, is not simply meeting the deadline but rather developing and implementing a host of advanced applications and solutions once the IPv6 networks are in place.

"The big message is that this is the beginning of a long evolution of the network," said John McManus, Deputy CIO and Chief Technology Officer at the Department of Commerce. "Getting the core networks ready to route IPv6 traffic successfully will be an important milestone, but that's not the end of the road. We also need to start thinking about how we will take advantage of these new capabilities."

McManus serves as co-chair of the CIO Council's IPv6 Working Group, which is tasked with helping federal agencies make the transition from the current Internet protocol, IPv4, to IPv6. Among its advantages, IPv6 provides dramatically increased address space, improved routing capabilities, enhanced mobility features for wireless use, and strengthened security. Ultimately, IPv6 will enable the military to carry out its vision of network-centric warfare and provide civilian agencies with capabilities that can significantly improve operations and citizen services.

The IPv6 networks will not immediately replace IPv4 networks. Agencies will use both IPv4 and IPv6 networks to route data while new applications and solutions are developed specifically for IPv6. The transition to IPv6 could take a decade or longer to complete. "This is no overnight event. It is going to be a long, well-planned transformation in how we do business," said David West, director of field operations for Cisco Systems' Federal Center of Excellence.

Establishing the mandate

IPv6 was developed in the mid-1990s under the direction of the Internet Engineering Task Force (IETF), an international body that develops and promotes Internet standards. The IETF designed the new protocol based on how the Internet had evolved in the hands of its users, incorporating both lessons learned and emerging technological trends. For example, by using 128-bit addresses rather than the current 32-bit addresses, IPv6 can provide virtually unlimited address space, thus paving the way for the peer-to-peer networking that can make nearly any piece of equipment or components a potential computer or sensor.

After IPv6 was developed, the U.S. military quickly recognized its value to network-centric operations, and so began mandating the purchase of IPv6 network products in October 2003. Karen Evans, the administrator of the Office of E-Government and Information Technology, subsequently set a governmentwide transition in motion in an August 2005 memo declaring that all agency infrastructures or network backbones must be using IPv6 by June 30, 2008, and that agency networks must interface with this infrastructure. She also directed agencies to begin purchasing products that were IPv6 compliant.

"An IPv6 compliant product or system must be able to receive, process, and transmit or forward (as appropriate) IPv6 packets and should interoperate with other systems and protocols in both IPv4 and IPv6 modes of operation," Evans said.

Since that time, agencies have been taking steps to meet the deadline, though some with more alacrity than others. "I think that for awhile, people were waiting to see if this would go away," McManus said.

Agencies last year conducted inventories of their network infrastructures – such as their routers and switches – to determine which devices are IPv6 capable and which need to be upgraded or replaced to meet the June 2008 deadline. Each agency also submitted an "Impact Analysis" to the Office of Management and Budget with cost estimates, risk assessments and a report on their progress toward meeting the unfunded mandate. For the most part, agencies are expected to use their "technology refresh" budgets to purchase the new IPv6 equipment.

Three major events will occur early this year to start the last phase in the agencies' march toward the June 2008 deadline. First, OMB will provide agencies with an evaluation of their transition plans, pointing out gaps or shortfalls and next steps for staying on schedule. Second, the administration is expected to issue a final Federal Acquisition Regulation (FAR) rule requiring agencies to buy IPv6 products in IT procurements "to the maximum extent practicable." And finally, the National Institute of Standards and Technology (NIST) on Jan. 31 released a draft "standards profile" for IPv6 capabilities.

Peter Tseronis, who along with McManus serves as cochair of the IPv6 Working Group, says the government encourages industry to comment on the government profile. "We're hoping industry will help provide feedback, which will ultimately refine the to-be U.S. government profile for IPv6," he says.

Getting the standards profile finalized will be extremely important, McManus and Tseronis say. By detailing the technical specifications and standards the government requires, the profile will give agencies and vendors needed guidance for determining whether products and services are IPv6 capable.

"Throughout the marketplace, service providers are touting product lines as being IPv6-compliant. The question is, however, 'Based on what criteria?'" Tseronis said. "The hope is that a U.S. government IPv6 profile can assist in defining such criteria so that vendors can test their product lines against the profile."

What happens next?

Agencies can adopt a variety of solutions that allow IPv4 and IPv6 networks to co-exist during the transition. In a "dual stack" network, for example, hosts and routers would implement both IPv4 and IPv6. Another solution would allow IPv6 networks to communicate by "tunneling" through an IPv4 network. A "translation" solution would allow separate IPv4 and IPv6 networks to communicate with each other by translating IPv6 packets to IPv4 packets.

Whatever solution agencies adopt, they will need to test their networks to ensure that their software and systems continue to operate smoothly. They also will need to ensure that their networks and computers remain secure, and that they have not created any new vulnerabilities.

"Just turning on IPv6 won't increase or decrease your security, but it does make things more complicated," says Sean Siler, Microsoft program manager for IPv6 deployment and field readiness. "That's why you have to do your testing now, so you can learn as much as you can about IPv6, and about the security issues that might arise with your systems using both v4 and v6 networks."

In addition to testing their equipment and systems, agencies should also begin acquiring their IPv6 address space, if they haven't done so already, so they can tackle the engineering challenge of incorporating the addresses into the infrastructure.

Finally, agencies must train their security and network architects, as well as network administrators, to work in the new IPv6 environment. The IPv6 Working Group is gathering information about training curriculum and opportunities, and will be making recommendations to the agencies.

"IPv6 isn't something you can learn in a week," Siler said. "No matter how well you understand IPv4, you have to start over from scratch to learn IPv6. It's going to take some time."