X
    Categories: BlogIPv6

IPv6 Government Mandate: What it means for you…

President Biden’s infrastructure plan in part seeks to ensure safe access to the Internet for all Americans, addressing the digital divide. What that means is bridging the gap between those with access to modern technology and communications infrastructure (such as high-speed Internet), and those lacking that access. That gap holds back prosperity for people around the world, including a large number of Americans.

As horrible as the COVID-19 pandemic has been, it gave us a clear demonstration of the digital divide. The health care crisis forced many to work from home, or to take classes from home, causing many to regularly use online conferencing (Zoom et al) for meetings. That’s fine if you have computers and suitable Internet access, but what about those who lack sufficient computers or Internet access? They’re being left behind.

The infrastructure plan fact sheet pointed at the 35 percent of Americans who live in rural areas that have spotty access to Broadband Internet. Even in areas where it exists, the cost is often beyond the budget of many Americans.  The plan focuses on “future-proof” broadband internet infrastructure that’s expanded to reach every American. This will of course require improvements to telecommunications systems in every corner of the country.

Improving Internet access in underserved areas like rural America is very ambitious. It’s one thing for a politician to present a bold plan, and yet another to implement it.

Some interests, especially the telecommunications industry, argue that this should not be a government effort. They, of course, would prefer to own the resulting expanded Internet infrastructure.  Others point to the many years folks have decried the digital divide, during which time the telecommunications industry has done little to solve that problem.

What’s more important is to talk about what “future proof” means for Internet technology.  A future-proofed Internet does not use older IPv4 technology. Instead, it requires adopting IPv6 in a big way. It also means thinking beyond dual-stack (IPv4/IPv6) and exploring what tools and platforms can help your infrastructure support IPv6-only environments. There are several ideas to consider:

  • IPv4 address space depletion (we’ve run out of IPv4 addresses) is beyond critical, while IPv6 offers essentially limitless IP addresses
  • The increasing cost of obtaining IPv4 addresses
  • Removing restrictions to organization scalability – especially with the shift to remote/WFH
  • IPv6 is considered to be inherently more secure

IPv4 addresses are 32-bit numbers routinely presented as four decimal numbers such as 128.8.128.8. Therefore the IPv4 Internet can contain at most 4 billion or so devices, which must have seemed enormous in the 1970s, but is minuscule today. There may be 3 billion or more smartphones in peoples’ hands today, for example. As a result, there have been numerous strategies employed over the years to extend the life of IPv4 space (NAT, CGN, etc.)

By contrast, IPv6 are 128-bit numbers, allowing for a theoretical maximum of 3.4×1038 devices.  Today that seems enormous, but one supposes that in 50 years it may seem minuscule. Clearly IPv6 will solve that particular problem, even if in 50 years our descendants will see it as a limitation.

At the time being, IPv6 adoption is the key to ensure the continued growth of the Internet.

Cybersecurity is a big issue for which recent events demonstrate the need for more attention.  An attack on the SolarWinds platform disclosed in December 2020 poses a grave risk to government infrastructure at all levels, as well as critical infrastructure systems, and private organizations.  It is a massive and complex security intrusion into thousands of systems, which is still not fully understood. More recently, the company running the Colonial Pipeline, which delivers oil to the Eastern USA, suffered a ransomware attack during which the company shut down oil deliveries, causing havoc.  Another recent ransomware attack, against QNAP NAS devices, left tens of thousands of people and small businesses unable to access their files because their NAS devices had been encrypted by the attack.

IPv6 was designed with a security mindset from the beginning, whereas the IPv4 stack was designed with almost nonexistent security.

Some examples are:

  • End-to-end encryption, IPSec, which was originally a hard requirement for IPv6 networks, but was later downgraded to a strong recommendation.  IPSec also has features for authentication, integrity, replay detection, confidentiality, and access control.
  • The Neighbor Discovery Protocol (NDP) and Secure Neighbor Protocol (SEND) replaces the Address Resolution Protocol (ARP) of IPv4 systems.  ARP is susceptible to man-in-the-middle attacks, while NDP and SEND are not.  Further, SEND uses a degree of encryption to further raise the bar against attackers.

But, adopting IPv6 is not as simple as declaring to the crew Make it So. If it were that simple IPv6 adoption would be further along than it currently is.

For example, in November 2020 the US Federal Government issued a memorandum about completing the transition to IPv6 for federal networks. If the Biden administration Internet Infrastructure proposal ends up being a federally-owned network, this memorandum should affect it. In any case, the memo serves as an example of what’s required for IPv6 adoption.

The Office of Management and Budget (OMB) first mandated that federal agencies enable IPv6 on their backbone networks in August 2005. Several other mandates were made by OMB over the years, but none of the deadlines were ever met.

That tells us something about the difficulty of migrating from IPv4 to IPv6.

Previous OMB policy statements recognized the need for so-called “dual stack” networks supporting both IPv4 and IPv6. The new memorandum says “in recent years it has become clear that this approach is overly complex to maintain and unnecessary.” Further, there are technical, economic, and security benefits to shifting to IPv6-only systems. To address this, Federal Agencies are required to:

  • Designate an agency-wide IPv6 transition team
  • Issue an agency-wide IPv6 policy on its public website
  • Identify potential IPv6-only pilot projects during 2021
  • Develop an IPv6-only transition plan by the end of 2021
  • Target 80% adoption of IPv6-only systems by 2025
  • Work with external partners to identify systems that interface with Federal networks, and shift to IPv6-only network interfaces
  • Shift all externally facing systems to IPv6-only

The Biden administration has set a number of large ambitious goals for America, one of which is improving broadband Internet connectivity for all Americans. Closing the digital divide can give rural Americans access to Internet-based services, giving them more opportunities.  For example, the low cost of living in hundreds of small towns in America could prove attractive to digital nomads.

Another side effect of the COVID pandemic is policies allowing for remote work. Instead of concentrating workers in high-cost-of-living zones, there could be hundreds of benefits from a shift to permanent remote working arrangements enabled by high-speed Internet access. Small town America could see an influx of people who can now work remotely. To make that work requires the sort of Internet infrastructure improvements envisioned by the Biden plan. It would be a shame to address these goals without fully embracing IPv6 on the resulting network.

Pete Sclafani:
Related Post