Lots of IPv6-related things hit the news cycle in the last few weeks.Here are some of those news items:
- 2020 IPv6 OMB Mandate: stating all federal agencies must transition at least 20% of their networks to IPv6-only by end of FY 2023
- the NIST IPv6 Profile updated to their Revision 1 of the US Government IPv6 Profile
This gives us some hope that the US Federal Government (including the DoD) are going to push to finish 15+ year transition starting with the 2003 DoD “Stenbit” directives and the 2005 OMB Memos. Each of these mandates required full transition by 2008. Well, that didn’t happen. It got close with a few of the government agencies like VA, DOT, and the Social Security Administration. However, the DoD got nowhere.
It’s generous to say that DoD failed in this transition. More accurately they gave up. Scared off by security issues and other Fear Uncertainty and Doubt (FUD). The DoD Inspector General (IG) even had a full investigation and published a report to chide the Department on their lack of follow through.
Where is IPv6 in the Industry?
Even with the fits and starts this federal transition has gone through, there have been some progress on the industry side. Hexabuild published an outstanding report on 2020’s IPv6 progress across the industry. Here’s a summary:
- 33.27% of the world (41.21% in the US) accesses Google over IPv6 “with nearly 10x growth happening in just the last 5 years”
- this statistic is normally used as a bellwether of user to service provider penetration on IPv6
- Akamai stated 47.3% access their services over IPv6 – the largest global CDN provider
- the cost of purchasing a public IPv4 address rose from $3 – $5.50 in just a single year
- 59% of US Facebook traffic is over IPv6
So when is DoD Ever Going to Get Going?
As I alluded to earlier, DoD is been kicked into action by the recent OMB directive to go IPv6-only. This is a newer concept as previous mandates have allowed for a transitory period, or coexistence with IPv4 (i.e. dual-stack IPv4 and IPv6). Well, unlike the other government agencies that depend on Verizon, AT&T, L3, etc to provide their backbone or MPLS connectivity, the DoD depends on one lone service provider: the Defense Information Systems Agency (DISA). DISA is the singular transport and backbone service provider for the DoD. Even some leased circuits that are managed by Verizon or AT&T are contracted by DISA. So what does all this mean? It means without DISA migrating the backbone unclassified network (NIPR) and classified network (SIPR) no one in DoD can ever make an IPv6 transition likely.
As of 1 December, DISA has committed to providing IPv6 routing on their NIPR backbone by the end of 2021. More specifically, “The Defense Information Systems Agency must enable core hardware for internet protocol version 6 by the end of 2021, according to Kenneth Garofalo, lead for IPv6 virtual program management office at DISA.” This is huge because there has never been a DISA-level commitment to enable IPv6 on its backbone networks. This statement by Mr. Garafalo probably required a lot of agency buy-in to even be stated, so you can count on this target date becoming a reality. Further, “The timeline, outlined in a policy letter signed in October by agency director Vice Adm. Nancy Norton, requires all other DISA services and external IT systems to be IPv6-only by the end of 2025.” This means a lot of migration work will be brewing to reach this aggressive timeline.
In summary, DoD is finally finishing what they started 17 years ago. The commercial industry has made extraordinary strides in providing the communication paths and internet content. These strides have allowed governments to learn a lot of these hard lessons and take advantage of late-stage adoption. Early adopters had to face product, application, and network limitations; whereas these late adopters can benefit from all of that painful work. So by this time in 2021, there could be a majority of DoD systems finally readying for the future national security threats over the modern internet protocol.
Need help with your IPv6 transition? Reach out and let us know!