Another hurdle to full-fledged IPv6 deployment is budget constraints. Agencies have paid for the upgrades required to meet the OMB IPv6 mandate through their tech-refresh budgets.
"IPv6 will be phased into the agencies' infrastructure and applications through their life-cycle management,'' Evans says. "Over the next few years, the majority of network operating systems, hardware, and network-enabled software packages will include IPv6 capabilities. As many federal agencies continue to refresh their network architecture components, the new and improved hardware and software components are expected to support IPv6 capabilities.''
The Defense Department, which is furthest along in IPv6 deployment, says tech-refresh funding isn't enough to cover the upgrade.
"What we've learned is that there are additional resources that are required to do engineering, integration, testing and evaluation activities to prepare for IPv6, and frankly we hadn't planned for that initially,'' Strance says.
Some of that additional funding needs to go to training.
"Training is an important part of the integration process, and agencies should invest in recruiting and training their staff in how to architect, manage and secure IPv6 networks,'' Evans says.
Tseronis says federal agencies need to have the right technical people to manage IPv6 deployments.
"IPv6 is all about end-to-end security and not doing network address translation,'' Tseronis explains. "It's about having the right people, recruiting the right people and developing the skill sets you need.''
The Defense Department, however, says that the training component was less expensive than the integration and testing required for IPv6 deployment.
"Our experience with the Defense Research and Engineering Network (DREN) is that training is not a huge issue,'' Strance says. DREN has been running IPv6 for three years.
Overall, Strance says the challenges agencies face in deploying IPv6 in production mode are numerous.
"Nothing has been easy about this,'' Strance says. "Maintaining interoperability is a significant challenge, and that's something we're very mindful of. Security has been the biggest challenge, I would say. Understanding the vulnerabilities that IPv6 brings when you implement it.... Lastly, we have to accommodate a huge legacy in DOD. Being able to do that isn't easy.''