Nibbles & Bits

IPv6 Government Mandate: What it means for you…

by | June 16, 2021

IPv6 Government Mandate Header

President Biden’s infrastructure plan in part seeks to ensure safe access to the Internet for all Americans, addressing the digital divide. What that means is bridging the gap between those with access to modern technology and communications infrastructure (such as high-speed Internet), and those lacking that access. That gap holds back prosperity for people around the world, including a large number of Americans.

As horrible as the COVID-19 pandemic has been, it gave us a clear demonstration of the digital divide. The health care crisis forced many to work from home, or to take classes from home, causing many to regularly use online conferencing (Zoom et al) for meetings. That’s fine if you have computers and suitable Internet access, but what about those who lack sufficient computers or Internet access? They’re being left behind.

The infrastructure plan fact sheet pointed at the 35 percent of Americans who live in rural areas that have spotty access to Broadband Internet. Even in areas where it exists, the cost is often beyond the budget of many Americans.  The plan focuses on “future-proof” broadband internet infrastructure that’s expanded to reach every American. This will of course require improvements to telecommunications systems in every corner of the country.

Improving Internet access in underserved areas like rural America is very ambitious. It’s one thing for a politician to present a bold plan, and yet another to implement it.

Some interests, especially the telecommunications industry, argue that this should not be a government effort. They, of course, would prefer to own the resulting expanded Internet infrastructure.  Others point to the many years folks have decried the digital divide, during which time the telecommunications industry has done little to solve that problem.

What’s more important is to talk about what “future proof” means for Internet technology.  A future-proofed Internet does not use older IPv4 technology. Instead, it requires adopting IPv6 in a big way. It also means thinking beyond dual-stack (IPv4/IPv6) and exploring what tools and platforms can help your infrastructure support IPv6-only environments. There are several ideas to consider:

  • IPv4 address space depletion (we’ve run out of IPv4 addresses) is beyond critical, while IPv6 offers essentially limitless IP addresses
  • The increasing cost of obtaining IPv4 addresses
  • Removing restrictions to organization scalability – especially with the shift to remote/WFH
  • IPv6 is considered to be inherently more secure

IPv4 addresses are 32-bit numbers routinely presented as four decimal numbers such as 128.8.128.8. Therefore the IPv4 Internet can contain at most 4 billion or so devices, which must have seemed enormous in the 1970s, but is minuscule today. There may be 3 billion or more smartphones in peoples’ hands today, for example. As a result, there have been numerous strategies employed over the years to extend the life of IPv4 space (NAT, CGN, etc.)

By contrast, IPv6 are 128-bit numbers, allowing for a theoretical maximum of 3.4×1038 devices.  Today that seems enormous, but one supposes that in 50 years it may seem minuscule. Clearly IPv6 will solve that particular problem, even if in 50 years our descendants will see it as a limitation.

At the time being, IPv6 adoption is the key to ensure the continued growth of the Internet.

Cybersecurity is a big issue for which recent events demonstrate the need for more attention.  An attack on the SolarWinds platform disclosed in December 2020 poses a grave risk to government infrastructure at all levels, as well as critical infrastructure systems, and private organizations.  It is a massive and complex security intrusion into thousands of systems, which is still not fully understood. More recently, the company running the Colonial Pipeline, which delivers oil to the Eastern USA, suffered a ransomware attack during which the company shut down oil deliveries, causing havoc.  Another recent ransomware attack, against QNAP NAS devices, left tens of thousands of people and small businesses unable to access their files because their NAS devices had been encrypted by the attack.

IPv6 was designed with a security mindset from the beginning, whereas the IPv4 stack was designed with almost nonexistent security.

Some examples are:

  • End-to-end encryption, IPSec, which was originally a hard requirement for IPv6 networks, but was later downgraded to a strong recommendation.  IPSec also has features for authentication, integrity, replay detection, confidentiality, and access control.
  • The Neighbor Discovery Protocol (NDP) and Secure Neighbor Protocol (SEND) replaces the Address Resolution Protocol (ARP) of IPv4 systems.  ARP is susceptible to man-in-the-middle attacks, while NDP and SEND are not.  Further, SEND uses a degree of encryption to further raise the bar against attackers.

But, adopting IPv6 is not as simple as declaring to the crew Make it So. If it were that simple IPv6 adoption would be further along than it currently is.

For example, in November 2020 the US Federal Government issued a memorandum about completing the transition to IPv6 for federal networks. If the Biden administration Internet Infrastructure proposal ends up being a federally-owned network, this memorandum should affect it. In any case, the memo serves as an example of what’s required for IPv6 adoption.

The Office of Management and Budget (OMB) first mandated that federal agencies enable IPv6 on their backbone networks in August 2005. Several other mandates were made by OMB over the years, but none of the deadlines were ever met.

That tells us something about the difficulty of migrating from IPv4 to IPv6.

Previous OMB policy statements recognized the need for so-called “dual stack” networks supporting both IPv4 and IPv6. The new memorandum says “in recent years it has become clear that this approach is overly complex to maintain and unnecessary.” Further, there are technical, economic, and security benefits to shifting to IPv6-only systems. To address this, Federal Agencies are required to:

  • Designate an agency-wide IPv6 transition team
  • Issue an agency-wide IPv6 policy on its public website
  • Identify potential IPv6-only pilot projects during 2021
  • Develop an IPv6-only transition plan by the end of 2021
  • Target 80% adoption of IPv6-only systems by 2025
  • Work with external partners to identify systems that interface with Federal networks, and shift to IPv6-only network interfaces
  • Shift all externally facing systems to IPv6-only

The Biden administration has set a number of large ambitious goals for America, one of which is improving broadband Internet connectivity for all Americans. Closing the digital divide can give rural Americans access to Internet-based services, giving them more opportunities.  For example, the low cost of living in hundreds of small towns in America could prove attractive to digital nomads.

Another side effect of the COVID pandemic is policies allowing for remote work. Instead of concentrating workers in high-cost-of-living zones, there could be hundreds of benefits from a shift to permanent remote working arrangements enabled by high-speed Internet access. Small town America could see an influx of people who can now work remotely. To make that work requires the sort of Internet infrastructure improvements envisioned by the Biden plan. It would be a shame to address these goals without fully embracing IPv6 on the resulting network.

“We decided to move our rather complex IP address and DHCP management process to ProVision and it has worked out great for us!! The team at 6connect were very flexible and went above and beyond to accommodate our requirements and helped to make the migration as smooth and hitch free as possible. Kudos to the team @ 6connect!”

Premkumar Subramaniam
Head of R&D
viewquest

“We are excited to be partnering with 6connect to leverage their technology and talent. We particularly admire their long-standing IPv6 contributions and their ability to service and support customers in this area, some who are the largest service provider in the world. The 6connect executive leadership team and technical team are great to work with and we look forward to many partnered projects to help customers address their Cloud, IoT and Security needs with IPv6. Automation, workflow and orchestration are critical to the success of most of these projects and 6connect is well positioned to help our mutual customers in those areas.”

Ed Horley
Co-Founder & CEO
HexaBulid

“Enterprises can struggle managing purposefully segmented DDI architectures with any agility. Our partnership with 6connect empowers customers with complex infrastructures to move faster to service the business while consolidating visibility and control over their estate.”

Andrew Wertkin
Chief Strategy Officer,
BlueCat

“6connect’s approach to automation addresses quite a few challenges with physical and virtual networks – how to improve the agility of your current network infrastructure without sacrificing reliability and adoption of future network technologies.”

Pär Lange
Investment Director
SwissCom

“A customer is looking for an integrated solution from a single vendor for both IPAM and DNS. Through the 6connect reseller program, Secure64 is able to offer the most secure DNS solutions married to a unique combination of IPAM and resource provisioning that customers want. It’s a marriage made in heaven.”

Mark Beckett
VP of Marketing
Secure64

“A huge benefit of working with the 6connect team is that they devoted a lot of resources to get our products integrated so we had the turnkey solution that we could take to market. It was very easy to work with their team to get product integrated and successfully launched.”

Mark Beckett
VP of Marketing
Secure64

You have IPv6!

You’re on IPv4.

Explore ProVision Suite

Resource Controller

DNS/DNSSEC

IPAM

DHCP Controller

Peering Controller

REST API

Talk to one of our Engineers

6connect