No one can have failed to notice that the last IPv4 address will soon be allocated. We have lived with a shortage of addresses for 15 years, but when the last address is allocated, the shortage will become acute, instead of just a pain, as it is today. There is much to read on http://www.ipv6forum.se and http://www.ipv6actnow.org/.
In The Hitchhiker's Guide to the Galaxy, Douglas Adams describes the least expensive and most effective method for making something invisible. You simply decide that it is Someone Else's Problem or SEP, if you abbreviate. This is an approach that is frighteningly similar to the Swedish public sector's view of the address shortage on the Internet. "It is not our problem — if we ignore it, it will probably go away."
The only reasonable solution for the long term is currently called IPv6, a technology that has been available for many years but which few have begun to use. We wondered a bit about how well the Swedish public sector is prepared for IPv6. We talked to a person who works with IT procurement, who said that he was not aware of a single procurement in recent years that required support for IPv6. One can wonder why this is so. One explanation is that the Legal, Financial and Administrative Services Agency, which currently handles procurement for the public sector, has not completed its procurement requirements, since the E-Delegation's study "Strategy for the authorities' work with e-administration" (SOU 2009:86) is still being circulated for comment. Hopefully, but far from certainly, this study will clearly indicate the need for IPv6 and other technologies as a basic requirement to ensure a stable and accessible Internet also in the future!
We have several proposals for the Swedish public sector that we hope they will adopt - not to be caught unprepared the day the Internet as we know it changes drastically.
Demand IPv6 from your Internet supplier
According to a study in October 2009, only 15 percent of Sweden's Internet suppliers are able to provide IPv6 (source). Those who cannot do so should be disqualified in an automated procurement, and as customers, you must put pressure on them by demanding that they activate IPv6 directly at installation. Do not let them get away with vague promises of "in the autumn!" If they cannot support IPv6 now, they have no place in the market.
There are also suppliers that state that they are able to support IPv6, but a critical examination reveals that it is not as easy as they promise! So demand references for the same connection type and geographic area before signing any contracts. A good example is Telia, which needed about four months from order to delivery of IPv6. And they are not even able to deliver native IPv6, but only tunnels.
Make sure that all equipment and system software supports IPv6.
Examples of external systems that must support IPv6:
Only short training is required to start IPv6, in our opinion. If you know IPv4, it is easy to get started with IPv6! And getting started will build experience — that is something you can not get from classes! A good idea is to gather personnel from several municipalities or the public authorities with which you work and bring in an experienced technician to hold practical workshops to warm you up before investing major sums in training. Training always works best if you have some prior knowledge!
Other infrastructure that needs attention
DNSSEC – We naturally focus on IPv6, since that is one of our main interests. However, there are several extremely important areas where the public sector could take the lead. One of them is a more secure infrastructure for DNS, which is commonly known as DNSSEC. A few years ago, a researcher showed how easy it is to redirect a user wishing to access a given website or e-mail server to another malicious one. Today, upgrades have made this a little more difficult, but it is still possible. DNSSEC with DNS operators, companies and ISPs, this loophole would be closed. Once again, the standard has been in place for some time, but introduction has been slow.
E-identification – Important decisions also remain to be taken regarding e-identification. The model that has been in use in Sweden for a number of years suffers from several deficiencies. It is important to place requirements on the system so that it,
The roles of registrars and issuers of identification should also be made clear and separated. Today's system also suffers from the fact that only private persons can identify themselves. Companies, authorities and associations should naturally also be able to identify themselves! In this context, it is important that the government opens its databases in a manner that not only creates opportunities, but also protects integrity.
Am I already running IPv6?
Modern operating systems have IPv6 activated by default. This means that you may already be running IPv6 via an automatic tunnel service without knowing it! Test towards http://test.ipv6.tk and you will see if you are running IPv6 or not! The results may vary with the same computer if you are at work or at home, depending on firewalls and other equipment.
The pages http://www.kommunermedipv6.se and http://www.myndighetermedipv6.se show that very little is happening, unfortunately. There must be a demand from above for the public sector to prioritize this in its IT operations. At the same time, this is not a monumental task! It is a matter of working days per agency, not several man years.
By Torbjörn Eklöv, CTO, Senior Network Architect, DNSSEC/IPv6
|Cybersquatting||Policy & Regulation|
|DNS Security||Registry Services|
|IP Addressing||White Space|
Minds + Machines
Neustar DNS Services
Neustar DDoS Protection