June 8, 2021 marks the 9-year anniversary of the World IPv6 Launch, which was first held by Internet Service Providers (ISPs), equipment manufacturers, and networking companies to mark the transition to enabling IPv6 for their products and services. As the federal government expands, so does the need for technology modernization. IPv6 enables these agencies room to grow as cloud, software-defined networks, and hybrid environments become commonplace.
Though nine years seems like a long time, IPv6 adoption only recently saw a notable increase in November 2020. In particular, its adoption by the U.S. federal government agencies has accelerated since the Office of Management and Budget (OMB) published a memo (M-21-07) requiring departments and agencies to speed up deployment. Most importantly, the memo sets specific performance objectives and deadlines for adoption. To comply, federal organizations must understand the memo’s six stipulations, some of which include deadlines that have since passed.
Designate by the end of 2020 an agency-wide IPv6 integrated project team (including acquisition, policy, and technical members), or other governance structure, within 45 days to effectively govern and enforce IPv6 efforts.
Organizations that don’t yet have a designated IPv6 integrated project team must act immediately to meet compliance requirements. Project teams should review readily available IPv6 readiness materials from applicable networking providers, whose offerings enable the transition from IPv4.
Issue and publish online the agency’s policies and plans for ensuring that by 2023, all new networked federal information systems will be IPv6-enabled at the time of deployment, as well as outlining the agency’s intent to phase out the use of IPv4.
IPv6 implementation across the federal government is a daunting challenge, but one that must be completed. Per a May 2021 deadline, agency IPv6 integrated project teams should have developed a plan for new networks to be IPv6 enabled by 2023. This plan should include efforts to identify non-compliant vendor technologies as well as the necessary budgets to support the transition to IPv6 compliant vendors.
Identify opportunities for IPv6 pilot projects, and complete at least one pilot of an IPv6-only operational system by the end of the 2021 fiscal year.
By now, agencies should be en route to completing at least one IPv6-only project. However, the previous requirements mandate agencies to also identify all the assets impacted by these migrations. Using network discovery and analysis capabilities enable agencies to accurately and efficiently profile their networks, centralize policy enforcement, and automate deployments at scale. Starting with the mandated IPv6 pilot, organizations can use baselines and lessons learned from that project to operationalize IPv6 across their entire organization.
By the end of fiscal year 2021, develop an IPv6 implementation plan that describes the agency transition process to fully native IPv6 operation, including how it will meet the milestones and actions.
Federal agencies must migrate 20%, 50% and 80% of their network to fully native IPv6 operations by the end of FY 2023, FY 2024 and FY 2025 respectively, as well as a replacement plan for systems that cannot be migrated to IPv6. While they need to develop the plan by the end of FY21, they are also expected to update the Information Resource Management Strategic Plan as appropriate. Agencies can also use network management solutions such as Infoblox’s NetMRI to determine the most efficient path for meeting the 20% metric.
Work with external partners to identify systems that interface with federal information systems and develop plans to migrate all such connections to IPv6.
While OMB does not give a specific deadline for this step, it does require agencies to conduct an audit of their network environment and develop a plan to migrate any applicable connections to IPv6. Though it is fair to assume the identification of such connections would be accomplished in previous planning activities, agency leadership must account for (assign risk) non-compliant external connections. Considerations include: How will these non-compliant connections affect agency networks in the future? What’s the external partner’s transition plan (if any)? Are there other compliant eligible organizations that could replace the current external partner’s functionality? How can I mitigate any potential future threats by maintaining an IPv4 external connection?
Upgrade all public/external facing servers, services (e.g., web, email, DNS, and ISP services) and any internal applications that communicate externally on IPv6.
While the previous steps put compliant organizations on their way to complying with this step, some agencies have stalled here, making only partial headway. For instance, some have stalled on enabling internal applications to communicate with IPv6. Others haven’t completed upgrades for all external facing services. The National Institute of Standards and Technology (NIST) has noted the patchwork progress towards meeting these IPv6 transition requirements.
This single memo exerts an outsized impact by creating urgency to rapidly adopt IPv6 in the federal space. Federal agencies using Infoblox’s secure DDI solutions can gain important insight into what is already deployed and operating in their environment along with data that is critical in developing an IPv6 adoption plan for agency-wide policy (one of OMB’s requirements). Designing and building an IPv6 address plan is impossible without visibility into the scope of the network, the networked devices that may be running in the future, and how much address space should be allocated. As many sectors have experienced over the last 18 months, the enterprise has expanded to meet the needs of remote work.
If your organization hasn’t complied with all components of the OMB’s M-21-07, World IPv6 Day is a great reminder to meet the mandate. Infoblox stands ready to assist agencies with proven IPv6-ready technologies, personnel, and experience necessary to efficiently and effectively execute these plans.
