IPv6 vs. IPv4
IPv6 is a “new, reasonably ground-up design of a replacement for IPv4,” Montgomery says. Back in the early 1990s, those watching the nascent internet grow were quick to discern that IPv4 would exhaust the available IP addresses, he says.
As Juniper Networks notes on its website, there are numerous technical differences between IPv4 and IPv6, including “more efficient routing without fragmenting packets,” built-in quality of service to distinguish “delay-sensitive packets,” elimination of network address translation to extend address space from 32 bits to 128 bits, built-in network-layer security, “stateless address auto-configuration for easier network administration” and “improved header structure with less processing overhead.”
In 2005, OMB set June 2008 as the date by which all agencies’ network backbones would need to use IPv6 and mandated that agency networks must interface with the new infrastructure. In 2010, OMB directed agencies to “upgrade public/external facing servers and services (e.g. web, email, DNS, ISP services, etc.) to operationally use native IPv6” by the end of fiscal year 2012 and “upgrade internal client applications that communicate with public Internet servers and supporting enterprise networks to operationally use native IPv6 by the end of FY 2014.”
In 2010, Montgomery says, the government was an early adopter of the IPv6 transition. “We really pushed the envelope back in 2010 to have the government be the catalyst in the IPv6 deployments initiative,” he says.
IPv6 has numerous advantages over IPv4, making it something of a no-brainer for agencies and other organizations to transition to the newer technology. As Nextgov notes, IPv6 enables more than 340 undecillion IP addresses, an exponentially larger amount than the roughly 4.3 billion supported on IPv4.
IPv6 is where innovation is happening in the IP space, since IPv4 is a legacy protocol that no one is investing in anymore. “If you’ve wanted to enable innovation and do things with the Internet of Things, for example, in sensors and mobile devices and really have a modern networking component as part of your agency’s mission, you really need to get to IPv6,” says Vijay D’Souza, a director in the Government Accountability Office’s IT and cybersecurity team.
Running two IP stacks is also complex and can introduce security risks, Montgomery says, because it increases the attack surface for malicious actors to target. D’Souza notes that transitioning to IPv6 is not a panacea in terms of cybersecurity.
“There are some characteristics of IPv6 where certain aspects of security can be built in, but I wouldn’t say as a blanket statement that moving to IPv6 increases security, because you still have to know how to configure all those things,” he says. “They don’t arrive preconfigured in the most secure manner.”
Another reason to move to IPv6, D’Souza says, is interoperability. The rest of the world is moving to IPv6, and federal agencies need to communicate with agencies and organizations across the rest of the world.
EXPLORE: What security controls are needed for 5G networks?
What Is the Government Mandate on an IPv6 Transition?
The November OMB memo on IPv6 called for agencies to designate an agencywide IPv6 integrated project team, including personnel from acquisition, policy and technical areas, or some other governance structure, “to effectively govern and enforce IPv6 efforts.”