IPv6...umm..anyone got a manual?

NIST sends IPv6 profile out for comment By Jason Miller, GCN Staff The IP Version 6 standards for testing and profiling that exist in the Defense Department and in industry fall short of the needs of the civilian federal agencies, the National Institute of Standards and Technology found in a draft special publication sent to the CIO Council yesterday for comment. (GCN)

The Federal government's rush to force the upgrade to IPv6 may becoming back to haunt them in ways that even the most well intentioned geeks never foresaw. In case you have been busy with less esoteric issues, like working for a living, let me bring you up to speed. Back in 2006, someone at the GAO decreed that all federal agencies would upgrade their IP networks to IPv6 by the middle of 2007. Thanks, and tip your wait staff. IP version 6 is, from a lot of fronts, a much needed improvement on the current version (IPv4, IPv5 was a fork and died in the mid-90s). It improves the address space, making enough IP addresses available so that every person on the planet would have some astronomical number available to them (enough so that every book in the Library of Congress could have an address and still have enough left over for all the patrons coming through the door, I believe. You can look up the actual number, but it is a staggering one). It is, when properly deployed, supposed to improve security between connected devices and make a lot of the forced complexity that networks are dealing with now go away.

And herein lies parts of the problem. IPv6 was formalized as protocol in late 1990 and has literally been sitting on a shelf. IPv6 apparently has a solid hold in Asia, where the available number of IPv4 style addresses was already slim to begin with and some folks have put up demonstration networks, but in the United States it has gotten very little traction. IPv6 is not complicated so much as it is alien. The addresses are strange, 128-bit numbers that would bend the brain of any geek who has to work with them on anything less than a full time basis, and many of the tools that we use today functionally go away, which disturbs a number of people.

So along comes the government to jump start the process. Forget that most of the hardware in the federal sector is old and generally does not support the IPv6 stack, which includes but is not limited to the PCs, servers, routers, switches, printers and other IP-based systems lying in the basement. But, when the GAO puts out a mandate, everyone jumps. NIST, in this report is basically saying...umm...we have no clue how this is going to work and there is no model to point to.

What is sad is that this is not a surprise. There have been so many patches and band-aids put in place to get around the lack of IPv4 addresses that moving to IPv6 has not been even something that corporations are thinking about. Cisco has supported it almost since the beginning. Microsoft supports it in the stack, but not in most of its templates. Some of the key programs that the Internet relies on are ready to support it, but the core issues of address allocation and just how do we build it have yet to really be developed on a scale large enough to guarantee that it will not break. And part of the problem is the fact that they are taking a huge bite of the problem.

The Internet as we know it was slow baked for the better part of 10 years before they let any Tom, Dick or Henrietta on it. Ideas and systems were chucked on a daily basis. It grew organically from a small smattering of networks. To even contemplate trying to re-engineer it at this scale is almost absurd. But the Federal Government has always tried to accomplish the absurd and this is one case where I wish them luck, but suggest they carry a pencil and some paper. Some of the systems will not survive the conversion.