Become a fan of Slashdot on Facebook


Forgot your password?
Government Network Networking The Internet United States IT

IPv6 Must Be Enabled On All US Government Sites By Sunday 179

darthcamaro writes "Agencies of the U.S. Federal Government are racing to comply with a September 30th deadline to offer web, email and DNS for all public facing websites over IPv6. While not all government websites will hit the deadline, according to Akamai at least 2,000 of them will. According to at least one expert, the IPv6 mandate is proof that top-down cheerleading for tech innovation works. 'The 2012 IPv6 mandate is not the first (or the last) IPv6 transition mandate from the U.S. government. Four years ago, in 2008, the U.S. government also had an IPv6 mandate in place. That particular mandate, required U.S. Government agencies to have IPv6-ready equipment enabled in their infrastructure.'"
This discussion has been archived. No new comments can be posted.

IPv6 Must Be Enabled On All US Government Sites By Sunday

Comments Filter:
  • I blame the ISPs (Score:5, Interesting)

    by GeneralTurgidson ( 2464452 ) on Friday September 28, 2012 @03:52PM (#41492755)
    A lot of the government offices will face challenges with IPv6 connectivity to the internet because a very large number of US ISPs are not IPv6 ready. Especially up here in midwest, you mention "are you IPv6 ready?" and your ISP sales rep gives you a blank look and asks what you're talking about. Maybe if the governments push for this at the ISP level we might see it filter down.
    • Re: (Score:3, Interesting)

      by geddo ( 1412061 )
      As a consumer you do not need IPv6 unless your provider does not have IPv4 addresses to assign to you, as a service provider or Internet based company (or in this case a government agency) you do need IPv6 so that customers who only have IPv6 connections can reach you. Most business class ISP's I have dealt with are IPv6 dual-stack capable, so this is not an ISP issue. The government is doing what other companies are doing and trying to get this working now before it becomes an issue for the future. Ther
      • by kasperd ( 592156 )

        As a consumer you do not need IPv6 unless your provider does not have IPv4 addresses to assign to you

        You do if you need to communicate with somebody else who does not have an IPv4 address. And since ISPs have been handing out fever IPv4 addresses than the number of devices to be connected for the last 15 years or so, there is actually already a lot of devices, which do not have IPv4 addresses. Unfortunately, most of those don't have IPv6 addresses either.

        • by jhoegl ( 638955 )
          Routers convert the protocols... like they have been doing since inception.
          How do you think IPX/SPX talked with TCP/IP?
        • Since all IPv4 addresses have a unique IPv6 representation, an IPv6-only subscriber using a device with a hybrid dual-stack can access an IPv4 address by specifying the applicable IPv6 address. See rfc3493, "Compatibility with IPv4 Nodes".

          • by gmack ( 197796 )

            That is for application level compatibility and only works if both hosts have valid ipv4 addresses. If only one side has ipv4 the ipv4 only machine will be unable to reply to the ipv6 only machine thanks to it's much larger address format.

          • That feature requires IPv4-mapped addresses, which is something whose support varies based on implementation. It's been more or less abandoned, while organizations have instead been exploring other transition technologies, be it dual stack, dual stack lite, tunnelling, or even LSNAT translations. Other problem here is that IPv4 mapped addresses wouldn't work in cases where that IPv4 address is a local address behind a NAT, which will often be the case,.
          • by kasperd ( 592156 )

            an IPv6-only subscriber using a device with a hybrid dual-stack can access an IPv4 address by specifying the applicable IPv6 address.

            That will not work. The IPv4 only node will need to communicate with some IPv4 address, and there is none to be used for that purpose. If you read the other replies to your post, you will see that they seem to disagree with each other. That is because there are actually two different formats. There is the deprecated ::/96 prefix, and there is the currently used ::ffff:0:0/96 p

            • Also, if one is using a private IPv4 address behind a NAT, how would either an IPv4 compatible address or an IPv4 mapped address represent it? It can't! I mean, if you have ::ffff:, IPv6 can't suddently make that IPv4 address routable.
        • How many Americans are gonna be needing or even wanting to hook up with some address in the middle of China or Africa? All the major websites have IPV4, all the ISPs here in the states have IPV4 and if they had any brains at all they got extra IPV4 addresses so they have room to grow, its just a non issue for the average American. Then there are the security issues, how many of the software firewalls and antivirus packages have been testing to work with IPV6? How well do they perform? i don't know, i can't

          • Where exactly do these extra addresses come from? The reason it's becoming critical now is that even w/ NAT, they're running out. And once one introduces 2 or more levels of NAT, a major overhaul would be required of NATing software, since your mapping - currently based on mapping a single layer 3 address to a layer 2 address - will have changed, since one would now have to map a combination of a layer 3 routable address and a layer 3 non-routable address to a layer 2 address. Once that level of work wil

            • How about the bazillion addresses being used as parking pages? How about the bazillion addresses being sat on by companies like HP that by buying out other old guard companies that were around when the net first went up are sitting on more class A addresses than they could possibly ever use?

              And again you can't find a single page testing the popular free and pay security suites and firewalls with IPV6 and then of course there is the elephant in the room which is the corps paying IT like shit for a decade so

              • It's not a 'bazillion' - it's a mere 4 billion. As a reference, the world's population is 7 billion. But even putting that aside, in terms of just real numbers, the public IP addresses multiplied by private IP addresses - assuming that every single one is NATed, has hit its limits. As for the ones being sat on by companies like HP or IBM, recovering them by ARIN or IANA would be a pain, and only add some 16 million or so addresses, even if HP gave up DEC's entire 16.x.x.x. Also note that those 16 millio

    • What kind of challenges will they face? It's not like they're turning off IPv4. Sites will be dual-stack, and many of them have been for quite some time already.

      Google/Youtube, Facebook and many other mainstream sites have already enabled IPv6 on June 6th 2012.

      PS: Comcast has been enabling IPv6 by default to some of their customers (5% ?). I was in a small US country-side hotel in March 2012, they had really broken NAT, but their IPv6 was working fine. I also have dual-stack native IPv6 at home (Canada, Tek

      • 6to4 works on most ISPs too.

        I actually prefer 6to4. It's less efficient, but reverse DNS is guaranteed to work - you don't have to rely on your ISP setting it up - and you can talk to pretty much any IPv6 address with it,

        • by kasperd ( 592156 )

          I actually prefer 6to4. It's less efficient, but reverse DNS is guaranteed to work

          What good is reverse DNS if you cannot communicate. 6to4 works great when communicating with another 6to4 address. But as soon as you communicate with a native IPv6 address you are relying on two third party relays to handle traffic in both directions. You won't even know whose third party relay you were using at the point where it stops working.

      • Is Comcast still handing out single /128s to each customer? Or are they now at least giving out links of /64?

        Also, anyone knows whether Comcast does full dual stack, or did they go w/ dual stack lite instead? The former wouldn't solve the issue they had w/ an IPv4 address shortage, but the latter would.

    • The public facing resources of the government agencies need to be IPv6 enabled, not the internal and external workings of the networks within the various organizations. This simply means in most cases, inbound email servers and web servers need to be hosted on machines somewhere in the world that have full IPv6 access, then the respective DNS records need to be in place for said services, which translates to add "AAAA" records. I bet Akamai is loving this mandate because they are a popular choice for govern

  • I've been following the federal government on this. It is wonderful to see the government taking the lead and helping to drive a technology. We often talk about complaints with government but they deserve kudos for doing some hard and doing it right.

    • Given a choice, I'd rather see them stop forcing private citizens to use proprietary formats (like Microsoft Word) instead of organizing large payouts of taxpayer dollars to favored tech companies.

      • by jbolden ( 176878 )

        Given that Microsoft is an American company I'd say it is doubtful there is going to be a huge USA led shift away from Microsoft. Probably better looking at Europe to lead the way for desktop, there and things didn't go so well with the European initiatives. OTOH Apple and Google are both American companies so you might see iOS/Android being the ticket.

    • It's kind of pointless though if they aren't mandating ISP's to at least provide dual-stack support for both protocols. What's the point of government websites being IPv6 if the country is still stuck on IPv4?
      • Re: (Score:2, Insightful)

        by Anonymous Coward

        It's kind of pointless though if they aren't mandating ISP's to at least provide dual-stack support for both protocols. What's the point of government websites being IPv6 if the country is still stuck on IPv4?

        To enable a smooth transition. By making sure that all government websites are IPv6 compatible it will be safe for consumers to make the transition without having to worry that they will be locked out from vital services.
        The problem is that unless there are IPv6 only hosts there is no point for consumers to make the transition and without a lot of IPv6 only consumers it makes no sense for hosts to invest in IPv6 servers.
        This is pretty much the government taking a step to move society out of a hen-egg deadlo

      • by jbolden ( 176878 )

        ARIN which is quasi governmental is handling that part of switching over ISPs. But there is a chicken and egg problem some people have to go first.

  • Recently worked in a govt facility on a project, they are just as far as most everyone else from being ipv6 ready internally, perhaps a lot farther away than many. Additionally, as you might expect, no one is budgeting for the replacement of infrastructure (like 20 year old printers for instance) that need to go to make it happen. Even though they have a mandate to be ready internally in two years. That mandate ain't gonna fly.
    • There's a difference between IPv6-ready and IPv6-only. Those 20-year-old printers that only work on v4 will continue to work on the v4 part of the dual-stacked internal network; replacing them isn't a requirement for deploying v6. (It is a requirement for removing v4, but that's the long-term goal, not the immediate one.)
  • by kevmeister ( 979231 ) on Friday September 28, 2012 @04:59PM (#41493741) Homepage

    I work for the NSP for a large number of government research facilities. Our network has had full IPv6 support for several years, but no IPv6 customers (other than ourselves). The prior IPv6 mandate was primarily satisfied by bring up an IPv6 connection with the customer and their pinging our router, then deconfiguring the IPv6. That was really all the mandate required.

    This time we are bringing up full IPv6 connectivity with them. It really is happening this time and it mostly seems to be working.

    The mandate is also pressing other providers to get IPv6 up and running. Under the mandate, if you have a provider that can't support IPv6 on Oct. 1, you need to change providers. In simple terms, the general public must be able to access your web services and all publicly linked pages as well as DNS via IPv6 if they have IPv6 connectivity to the Internet. (Admittedly, this is a fairly small subset of Internet users.) The federal governments is a rather large customer of several major providers, so this has probably been the biggest cause of several of them getting IPv6 running, though some still don't offer IPv6 to non-governmental customers.

    Between the U.S. Government and Comcast, IPv6 seems to really be happening. Traffic is clearly increasing rapidly, though still very tiny compared to IPv4.

  • That's the question which a lot of overworked federal agency heads might be asking.

    I.e., "What's in it for me?"

    And, "If we miss the deadline, what will happen." It would be nice if every federal agency just did whatever they were told to do, as if they were merely the organs of one single body. But actually, they are multiple bodies. And if the answer to the question is "nothing", then some wily agency heads will choose to simply ignore the directive.

    • by kevmeister ( 979231 ) on Friday September 28, 2012 @05:07PM (#41493837) Homepage
      This is an Office of Management and Budget (OMB) mandate. They can reduce or completely halt funding. It has been made very clear that, while there will be failures and missed dates, they better not be because you were not trying. Oddly, management tends to take the possibility of losing funding very, very seriously.
      • by Azghoul ( 25786 )

        Yeah right. As if any program in this Federal government was seriously in danger of being defunded. They'd just go whine to a Congressional staffer who will get that nonsense squashed.

  • I don't know if id call forced deadlines as 'cheerleading'.

  • NIST statistics [] show that over half the agencies have made "no progress" in their IPv6 deployment. It is good that the government is doing this, but too many agencies are asleep at the wheel []. It does no good when the agencies will not do what they are required to do.

No amount of genius can overcome a preoccupation with detail.