Federal agencies must have at least 80 percent of their IP-enabled internet assets on IPv6 by Sept. 30, 2025. Nearly half of all government domains are now IPv6-enabled, according to a Commerce Department report. That positions them to take advantage of the more stable, more secure protocol, which also offers vastly more addresses than IPv4.
Domains that have not yet started an update must design new network architectures to support IPv6, as well as update devices and endpoints to handle the new standard. Here’s what you should know about the technologies required to complete the job and the assistance available for agencies that get stuck during the update process.
Click the banner below to begin future-proofing your network.
Why Is IPv6 Necessary?
The massive number of devices already connected to the internet continues to grow rapidly thanks to the popularity of mobile devices and Internet of Things technologies (think smart TVs and thermostats). IPv4, the previous protocol, uses 32-bit addresses and supports 4.3 billion devices, a woefully inadequate number given the proliferation of personal computers, smartphones and connected things. The dearth of addresses has caused problems for the past several years, leading to administrative overhead and outages across multiple ISPs. The shortage has also limited innovation and robust service, all while increasing the cost of network operations.
Network address translation (NAT) and similar attempts to mitigate the address shortage have proved unreliable. Over the long term, the answer lies in IPv6, which replaces 32-bit IPv4 addresses with a 128-bit format that supports an exponentially larger number of unique IP addresses: more than 340 trillion trillion trillion. IPv6 was specified in 1995 in RFC 2460 and became an internet standard in 2017. Despite widespread adoption, many federal agencies continue to use creative techniques to extend the life of IPv4; however, federal IT leaders should embrace IPv6 because of its potential for technological advancement, innovation and stronger security.
What Are the Advantages of IPv6?
IPv6 offers significant benefits:
- Larger address space and future-proofed networks
The astronomical increase in unique IP addresses spells the end for address exhaustion, using NAT or paying premium prices to purchase blocks of public IP addresses. That’s one of the main reasons forward-thinking companies such as Microsoft have stood at the vanguard of full IPv6 implementation.
- More efficient addressing and routing
IPv6 simplifies network operations and improves routing efficiency thanks to its hierarchical addressing, enhanced packet handling and autoconfiguration. IPv6 also simplifies application development and enhances performance in an IPv6-only network because NAT no longer hinders traffic flows.
- Enhanced security
Internet Protocol Security (IPSec), which is optional in IPv4, is built into the stack in IPv6, creating a more secure network environment. Encryption is provided by the Encapsulating Security Payload (ESP) and authentication via Authentication Headers (AH); these protect packet contents from modification.
- Improved quality of service
Flow labels and priority fields in the IPv6 header can identify packets requiring special handling, such as default quality of service. For real-time IoT applications, IPv6 ensures more efficient data transmission, reduced latency and enhanced network performance.
RELATED: The AirServer Connect 2 generates a small, local wireless network for presenters.
What Does OMB M-21-07 Mandate?
The Office of Management and Budget Memorandum 21-07 mandates that 80 percent of IP-enabled assets on federal networks operate in IPv6-only environments by the end of fiscal 2025. The directive applies to all existing information systems, including those used, managed or operated by a contractor, another agency or other organizations on behalf of the federal government. The OMB memo spells out requirements for completing operational deployments of IPv6 and identifies potential obstacles.
Key requirements include:
- All newly acquired networked federal information systems must be IPv6-enabled at the time of deployment.
- Any systems that cannot be converted to IPv6 must be identified and justified. Schedules for replacing or retiring those systems must be developed.
- All external partners must identify systems that interface with networked federal information systems and develop plans to migrate them to IPv6.
- Public or external-facing services — and services such as web, email, Domain Name System and internal client apps that communicate with public internet services — must be upgraded as soon as practical.
Agencies may find it useful to make a more gradual transition through dual-stacking — where IPv4 and IPv6 run concurrently on the same network — as the environment moves to full IPv6. Teams will need to update network policies and tools to handle IPv6 effectively.
MORE FROM FEDTECH: Dual-stacking is key to a successful IPv6 transition.
How Can Agencies Prepare Their Networks?
A comprehensive audit of the existing infrastructure will uncover IPv4 dependencies and help teams build a transition plan. Engage with vendors to ensure hardware and software are compatible, and thoroughly train staff on security threats as well as mitigation strategies.
Testing is the key to transition success: Look to the National Institute of Standards and Technology IPv6 Deployment Monitor and IPv6 client tester site for guidance. OMB’s Guidance for Program Management of Agency Transition to an IPv6-only Environment document advises agencies that will award contracts for services required to meet the mandate. Look to General Services Administration resources when developing contracts for IPv6-compliant equipment, governmentwide acquisition contracts and commercial IT products and services. The Internet Assigned Numbers Authority (IANA), the Federal IPv6 Task Force and its list of frequently asked questions, IPv6.com and the North American Network Operators’ Group also offer a wealth of information on navigating the switch. Once the transition is complete, continuous monitoring will be needed to optimize IPv6 network performance.