OMB to Agencies: Time to Finish IPv6 Transition
Before the end of fiscal 2021, agencies will need to have a plan in place to hit 80% IPv6-only systems by 2025.
With the 2021 budget proposal in the rearview, the Office of Management and Budget’s IT policy shop released its first new guidance of the calendar year: a final push on getting agencies transitioned to IPv6, the current standard for identifying systems and devices communicating with and over the internet.
The previous standard, IPv4, created addresses using a 32-bit format, capping the total number of addresses at 2^32, or just shy of 4.3 billion. The IPv6 schema is 128-bit, enabling more than 340 undecillion, or 340,000,000,000,000,000,000,000,000,000,000,000,000 addresses.
The shift to IPv6 adds significantly more addresses to the global pool, as well as a different numbering format. While IPv4 shows addresses as four sets of one to three digits, IPv6 uses eight sets of four digits. For organizations—including federal agencies—the new format requires recoding systems that run network infrastructure to understand and ingest IPv6 addresses.
Introducing the memo in a notice posted Monday on the Federal Register, Federal Chief Information Officer Suzette Kent cited increased adoption in the private sector over the last five years.
“Mobile networks, data centers and leading-edge enterprise networks, for example, have been evolving to IPv6-only networks,” she said. “It is essential for the federal government to expand and enhance its strategic commitment to the transition to IPv6 in order to keep pace with and capitalize on industry trends.”
The new draft guidance issued Monday requires agencies to develop and implement plans to ensure “at least 80% of IP-enabled assets on federal networks are IPv6-only by the end of fiscal 2025,” with lower targets to hit in fiscal 2023 and 2024.
The federal government has been working on this problem since 2005, when then-Administrator of the Office of E-Government and Information Technology Karen Evans issued a memo pushing agencies to begin the transition. At that time, Evans established a deadline of June 2008 for all agencies’ infrastructure to be using IPv6 and able to “interface with this infrastructure.”
A follow-up memo was issued in 2010 requiring any new “public internet servers and internal applications that communicate with public servers” deployed by agencies to use IPv6 by default.
“The intent of the newly proposed policy … is to communicate the requirements for completing the operational deployment of IPv6 across all federal information systems and services, and help agencies overcome barriers that prevent them from migrating to IPv6-only systems,” Kent said in Monday’s notice.
On Feb. 29, almost 31% of internet users that accessed Google—mail, maps, search, etc.—did so using an IPv6 address, according to statistics published by the company. In the U.S. alone, that number jumps to 37%.
The National Institute of Standards and Technology maintains a running estimate of IPv6 usage across web domains, including .gov. Based on its testing methodology, as of the end of January, NIST pegs agency adoption of IPv6 for DNS infrastructure at 80-85%, email services at 45-50% and web traffic at around 25%.
NIST also tracks IPv6 adoption progress for external services at the department level for all CFO Act agencies. As of March 1,412 services were completely transitioned to IPv6, 350 were in progress and 64 had yet to show outward progress.
“It is widely recognized that full transition to IPv6 is the only viable option to ensure future growth and innovation in internet technology and services,” acting OMB Director Russell Vought wrote in the draft guidance released Monday. “It is essential for the federal government to expand and enhance its strategic commitment to the transition to IPv6 in order to keep pace with and capitalize on industry trends. Building on previous initiatives, the federal government remains committed to completing its transition to IPv6.”
The guidance comes with a set of action items, including governmentwide and agency-specific. For the government as a whole, OMB issued several mandates for each federal agency:
- Establish and staff an agencywide IPv6 team within 45 days of the final policy.
- Within 180 days, each agency must post online an IPv6 policy that includes a roadmap to ensure all newly deployed federal systems are IPv6-enabled by fiscal 2023 and to phase out IPv4 “by either converting to IPv6-only or replacing or retiring systems.”
- Complete and report to OMB on at least one IPv6-only pilot by the end of fiscal 2021.
- Develop an IPv6 implementation plan by the end of fiscal 2021 that meets a moving target of at least 20% of IP-enabled assets on federal networks using IPv6-only by the end of fiscal 2023; at least 50% by 2024; and at least 80% by 2025.
The draft policy also includes deliverables from the Homeland Security Department, the General Services Administration, Federal CIO Council and Commerce Department—including increasing use and engagement with the USGv6 Profile and Test Program Guide.
Feedback on the draft guidance is due by April 1.