The IPv6 Flag Day Conundrum
Early in the development of IPv6, it was determined that there wasn’t going to be a “flag day” when everyone on the entire Internet would switch from IPv4 directly to IPv6. That was one of the characteristics that made the dual-stack strategy of running IPv4 and IPv6 simultaneously on hosts and networks appealing. The advantage of running both protocols in parallel is that end nodes and applications could have a very smooth and gradual deployment of IPv6. Once IPv6 deployment was ubiquitous, then IPv4 could start to be decommissioned.
Fast forward to today and there are parts of the Internet that are starting to reach the tipping point where IPv6 is surpassing IPv4 usage. The downside of not having a flag day is that it allows many organizations around the world to conveniently delay their IPv6 implementation—although some have (somewhat jokingly) proposed an IPv4 Flag Day on February 1st, 2030, for everyone to stop using IPv4.
Just like with any large-scale organizational initiative, IPv6 requires management buy-in, and having executive support is a critical first step. IT leadership should take IPv6 deployment seriously, prioritize it accordingly, provide adequate funding and make IPv6 deployment a legitimate IT program. Even IETF RFC 7381 Enterprise IPv6 Deployment Guidelines mentions that “an executive sponsor should be involved in determining the goals of enabling IPv6.” If your organization’s leadership is not yet onboard with IPv6, you could pass along the “IT Exec’s Guide to IPv6 Adoption.” In the meantime, it’s important to understand the consequences and responsibilities that IPv6 adoption mandates bring to global IT organizations.
The Current Status of IPv6 Mandates
Fortunately, IT leaders in many organizations and governments recognize the importance of IPv6 as a near-term (and long-term) goal and have issued mandates for IPv6 deployment. Once executive leadership declares the Big Hairy Audacious Goal (BHAG), the teams become motivated to strive to meet the mandate.
Some of the most often discussed IPv6 mandates have been those published by the U.S. government. Initially, on August 2, 2005, there was a mandate issued by the Office of Management and Budget (OMB M-05-22) for federal organizations to begin their planning to move to IPv6. The OMB then issued another IPv6 mandate in 2010 aiming to have federal enterprises IPv6-enable their public/external facing services by the end of FY 2012 and appoint an IPv6 Transition Manager to lead the effort. The next step of this mandate aimed to have these federal enterprises start to deploy IPv6 internally within their network topologies.
As a result of this mandate, in 2012 there was a significant increase in the number of U.S. government DNS domains that had IPv6-reachable DNS and web services, as well as some e-mail services. These statistics were gathered by the National Institute of Standards and Technology (NIST) Advanced Network Technologies Division (ANTD).
For the past few years, U.S. Federal enterprises have been working to abide by the IPv6 mandates published on November 19, 2020 by the OMB in the document M-21-07, “Completing the Transition to Internet Protocol Version 6 (IPv6).” The first milestone to be reached at the end of FY 2023 (September 30, 2023) is for Federal departments to have 20 percent of their IP-enabled assets operating in IPv6-only mode with IPv4 disabled. The goal is also to have 50 percent IPv6-only devices by the end of FY 2024 and 80 percent IPv6-only devices by end of FY 2025.
Other mandates have also been published by other governments. For example, the U.S. state of Washington published its “Policy 300 – Statewide Migration to IPv6” at the end of 2017. The goal of that mandate is to have Washington’s state networks decommission IPv4 by December 31, 2025.
The People’s Republic of China (PRC) has also issued its own IPv6 mandates. The Chinese government issued an action plan to have 100 percent of its network infrastructure, all active users, all commercial and government websites using IPv6 by the end of 2025. The Central Cyberspace Administration of China documented in its “2023 Work Arrangement for Further Promoting Large-scale IPv6 Deployment and Application” to have 750 million IPv6-enabled devices by the end of 2023. As a result of China’s IPv6 mandate, the country has made substantial progress toward its goals and it has been published that China now has 763 million active IPv6 users.
Additionally, in Germany, the Federal Office for Information Technology (under the Federal Ministry of the Interior) published its “IPv6-Masterplan für die Bundesverwaltung” (IPv6 Master Plan for the Federal Administration) in November 2019, documenting a roadmap for mandated IPv6 deployment.
Along this same timeframe, the country of Vietnam also has a goal to have 100 percent of its end users using IPv6 by the end of 2025. Statistics that show that the country is more than halfway toward that goal with over 53 million IPv6-enabled Internet users, or about 57 percent of its population.
Some may see these as “yet more unfunded IPv6 mandates,” while others are actively doing their best to strive to meet the goals. Regardless, these mandates continue to raise the importance of IPv6 and declare a timetable for its deployment to give people a goal to aim for.
The Log Jam Effect
Decades ago, the slow rollout of IPv6 was attributed to what some called the “log jam” effect. There was a lack of IPv6 support in products, applications, services and connectivity, with each of these market segments blaming each other for the low IPv6 utilization. Service providers would use the excuse that none of their customers were asking for IPv6, therefore, they weren’t going to implement it. Content providers would point at the service providers’ lack of IPv6 connectivity as the reason they were not implementing it. IT product vendors would simply claim that none of their customers were asking for IPv6 features to explain why their products and services lacked IPv6 support. ISP customers and subscribers didn’t even know what IPv6 was or why they needed it.
The early U.S. Federal government IPv6 mandates helped to make IPv6 an impending requirement that vendors couldn’t continue to ignore. By around 2010, the IT industry was able to break this log jam. Host operating systems began to enable IPv6 by default. Service providers recognized the importance of IPv6 to their long-term viability and implemented it even though they couldn’t charge any more for dual-protocol connectivity than they did for IPv4-only connectivity. Content providers started to IPv6-enable their services to make their applications accessible to the whole Internet. Mobile and broadband subscribers slowly started to get IPv6 connectivity, which meant more IPv6 visitors to content providers.
This log jam breakup happened during the timeframe of the earliest IPv6 government mandates and occurred naturally as vendors, service providers and content providers recognized IPv6’s importance to their government customer businesses.
Vendor Support for IPv6
As a result of their IPv6 mandates, these government organizations started assessing their current products’ IPv6 capabilities and noting the types of products that would require IPv6 support. These organizations looked at their host operating systems and desktop/server support systems, their security products and services, their IT operations systems and their cloud services to determine their IPv6 capabilities, or lack thereof. If they realized their current vendor’s products and services didn’t have the required IPv6 features, their options were to:
- Upgrade to a newer version of that product’s software to access the new IPv6 features
- Wait for the vendor to develop those features (delaying their IPv6 deployment schedule)
- Or switch vendors and buy a new product to replace the one lacking IPv6 features for one with more robust IPv6 support.
Organizations mandating IPv6 usage started to re-emphasize the need for IPv6 in the vendor selection process, and RFPs (request for proposals) began to have firmer language about IPv6 capabilities. Procurement officers now use standardized language in all IT procurement contracts requiring IPv6 features. Vendors are being asked more specifically about their IPv6 product capabilities compared with the IPv4 features the customer is currently utilizing. This helps the vendors recognize the importance of IPv6 to their customers and helps them prioritize IPv6 earlier in their product development schedules than would have otherwise occurred. Also, once vendors start to list IPv6 as a feature on their product data sheet, then other vendors want to compete and achieve parity.
Another consequence of IPv6 mandates is that its adoption often requires deeper organizational understanding of the protocol prior to being able to create an effective deployment and operations plan. Organizations must invest in IPv6 training and make IPv6 training part of their IPv6 adoption plan. Organizations realize that they don’t just need to train their network teams: They also must train security teams, system administrators, helpdesk personnel, DevOps application teams and others. Organizations with IPv6 mandates quickly recognize the importance of having a proof-of-concept (PoC) lab to assist their learning and prepare for implementation.
Vendors who teach IPv6 classes must also update their course content and make sure it is relevant to these organizations. This high-quality IPv6 training then becomes available to other companies who are not yet operating toward a mandate.
Downstream Connectivity Requirements—Flow-Downs
If a Federal organization has a mandate to transition to IPv6, then it may mandate that other commercial organizations that communicate with them use IPv6 to access those applications. For example, if a government’s banking system starts to use IPv6 and then starts to require local and international banks to also use IPv6, that can have far-reaching effects on the whole financial sector.
Organizations with IPv6 mandates may have contractual terms that flow down to their vendors, suppliers, partners, customers and even citizens. Evidence of this can be seen in the cloud computing industry as more organizations with IPv6 mandates require IPv6-capable cloud services. IPv6 capabilities of cloud service providers, like AWS, have increased in recent years. Even though not all public cloud IaaS services are IPv6-enabled right from the start, IPv6 is still a feature that can be activated manually (or using software automation).
The renewed interest in IPv6 means that there are more conversations occurring around its adoption and how best to achieve it. IPv6 mandates can trigger a snowball effect where wider adoption builds momentum as more vendor products get IPv6 capabilities, IPv6 connectivity becomes standard, more people are trained on IPv6 and IPv6-connected users increase.
IPv6 mandates mean more IPv6 investigations and more testing in proof-of-concept labs. For example, it may be difficult to transition brownfield network deployments from current IPv4-only configurations to an IPv6-only state. As a result, many greenfield deployments now have IPv6 as a requirement. IPv6 mandates also initiate flow-down requirements to other industries that wouldn’t have considered IPv6 deployment otherwise.
Additionally, IPv6 mandates make other organizations more curious about IPv6 and begin to realize IPv6’s importance to their businesses. These mandates have brought IPv6 to the fore again and renewed enterprise interest in pursuing the inevitable global transition to IPv6.