The Department of Defense is working under a similar deadline to migrate to IPv6. The department issued a memorandum in 2003 outlining a five-year transition to IPv6. By September 2008, the department has vowed to have all of its core networks able to process IPv6 traffic.
The Defense Department first will transition its unclassified IP backbone network -- dubbed NIPRNET -- to IPv6, followed by its classified IP network, which is called SIPRNET.
"We will meet the OMB mandate,'' says Kris Strance, who leads IPv6 transition for the Defense Department and works in the Office of the Secretary of Defense CIO. "The OMB mandate only requires that you pass IPv6 packets across the network. It does not require the infrastructure, for example the DNS servers, the security devices and such, to be IPv6 capable.''
Strance says the Defense Department could have met the OMB mandate several years ago when it upgraded all of its routers to IPv6-capable devices.
"Frankly, the OMB's bar is much lower than we have been working toward in DOD,'' Strance says. "We are working toward a true IPv6 capability.''
Strance says NIPRNET will not be an operational IPv6-capable network by June 30, despite the agency having worked on IPv6 transition for five years. The big holdup is the lack of IPv6-capable security devices, including firewalls and intrusion-detection systems that meet the National Security Agency's requirements.
"We're going to see certain vendors come in this spring to test security devices. These are beta versions, so I suspect there will be some time before we have production of security devices that meet our requirements,'' Strance says.
Federal CIOs have been focused on getting their network infrastructures ready for IPv6. But one challenge for full-fledged IPv6 deployments is the lack of IPv6-enabled applications. (Take a sneak peek at IPv6 services in the works from carriers.)
"The honest truth is that applications have not been our focus,'' Strance admits. "Our focus has been the networks. Without the networks, the applications don't have any transport. So that's next. We recognize right up front that the applications are where you achieve the advantages of IPv6. The core doesn't do anything for you, but the core has to come first.''
"Applications need to be developed ... but you have to put the cart before the horse,'' Tseronis says, explaining why federal agencies have been focused on enabling core networks with IPv6. "Most agencies have the attitude -- right or wrong -- that when it comes to their networks, if it ain't broke, don't fix it. . . . The IPv6 applications that are going to wow you, first and foremost, require you to upgrade your infrastructure.''
Strance says the first IPv6-enabled application that the Defense Department will roll out is VoIP.
"We've been working with the vendors now for several years to get IPv6-capable VoIP products, and starting this January we began evaluating these products,'' Strance says, adding that the Defense Department will run an IPv6-enabled VoIP pilot on its voice network in 2009. "We have a fairly large amount of VoIP on SIPRNET. We started that as a pilot, and it's been very successful in places like Iraq and Afghanistan.... It's IPv4, but there's a potential there to move it to IPv6.''