Home / Blogs

Will US Government Directives Spur IPv6 Adoption?

Ram Mohan

Yesterday, the National Telecommunications and Information Administration of the U.S. government hosted a workshop discussing the state of IPv6 in the United States and its impact on industry, government, and the Internet economy. I was asked to be a panelist, along with industry executives from ARIN, ISOC, ICANN, Comcast, Akamai, Verizon, Google, VeriSign, DOE, NIST, and DREN. Moderated by Aneesh Chopra, Chief Technology Officer of the United States and Vivek Kundra, Chief Information Officer of the United States, this was the first event in the past few years to truly shine a spotlight on IPv6 adoption (or lack thereof) and introduce key directives to move this issue forward.

Expecting an IPv6 service that matches IPv4 is asking a lot — the industry overall is still some distance away. John Curran from ARIN and Danny McPherson from VeriSign provided excellent detail on the adoption and usage rates of IPv6 and IPv4, predicting an IPv4 Exhaustion day of May 29, 2011.

A snapshot of IPv4 exhaustion statistics for September 29, 2010. Hurricane Electric has a series of applications, widgets and JavaScript snippets to display the estimated exhaustion time and rate of IPv4, and the growing adoption of IPv6.Afilias' registry and DNS services support over 17 million domains. All our registries support IPv4 and native IPv6, and have done so for years. We have spent significant time and money in migrating our core services to be fully IPv6 compatible. Despite this attention and effort, and similar to other companies on the front lines of IPv6 deployment, neither the systems nor user adoption are quite there yet.

Usage drives demand – current IPv6 usage is limited

While our systems support IPv6, very few customers are actually using it. Here are a few key statistics:

The .ORG registry has over 8.6 million domain names registered in its system. Of these, about 17,000 names have both an IPv4 and IPv6 address in their glue records; and 99 names have an IPv6 only address. The .INFO registry has nearly 7 million domain names registered in its system. Of these, only 58 names have both IPv4 and IPv6 addresses in their glue records and 25 names have IPv6 only. The .MOBI registry has over 910,000 domain names registered in its system. Of these, no names have both IPv4 and IPv6 addresses in their glue records, and only 2 names have IPv6 only addresses. We also manage the technical systems of 10 national sovereign country code registries, with close to 1 million domain names registered. Of these names, only 14 domains have both IPv4 and IPv6 addresses in their glue records, and 6 domains have IPv6 only addresses.

In contrast, .ORG has over 2.3 million domain names that have an IPv4 only address; .INFO has close to 300,000 IPv4 only addresses, MOBI has 3,660 IPv4 only addresses and the 10 countries whose domains we provide technical services for have over 60,000 IPv4 only addresses.

Just to be clear, these numbers measure the number of "glue records" that have an IPv6 address. A more technical way of saying that would be the number of subdomain DNS servers within the Top-Level Domain (TLD) that can be queried over IPv6. That is not necessarily the same as the number of servers/hosts within those TLDs that are IPv6 enabled.

Aneesh Chopra called this adoption rate "lame." It seems an apt description.

When "IPv6 Compatible" Isn't Good Enough

Hardware vendors for critical pieces of load balancing equipment claim to have "Support for IPv6". Recently, we evaluated equipment from various competing vendors. Quickly, it became evident that there is a remarkable difference in the way IPv6 flows are processed by the different security appliances currently in the market. IPv4 packets are processed by dedicated hardware built into the appliance — this allows the device to handle filter lists of several thousand entries with no or very little impact to performance. In contrast, IPv6 flows are processed in software and therefore impact the CPU directly, consequently affecting the forwarding rate of the appliance as the filter list grows in size. This presents a significant risk of performance degradation and there is no guarantee that software performance will match the service level standards we have been able to meet with our current IPv4 configuration. To solve for some of these limitations, Afilias has provisioned a separate set of front end firewalls dedicated to handle IPv6 only traffic in order to minimize risk on the IPv4 infrastructure. We have also beefed up our evaluation criteria because "support for IPv6" does not equate to "equivalent performance with IPv6". My experiences were supported by other panelists, and Doug Montgomery from NIST spoke eloquently about having to reject many pieces of so-called IPv6 compatible equipment because of performance issues.

About the same time as we were looking at load balancers, we also evaluated vendors who could offer equipment for rate limiting traffic inflows into our global networks that would match our current IPv4 policies. As of today, there are are no vendors in the market that offer an IPv6 solution with sufficient performance to match that required by our current IPv4 supported policy. Therefore the likelihood of having a single appliance with a unique and enforceable policy for rate limiting in both IPv4 and IPv6 is very unlikely. This is an increased cost, management and usability burden. Vint Cerf from Google explained that his organization circumvents some of these issues because Google builds much of their own systems, but to the extent that they buy from external vendors, they too face similar issues.

Key Directives for IPv6 Adoption

At yesterday's second panel that focused on Federal efforts on IPv6, US CIO Vivek Kundra unveiled the U.S. Office of Management and Budget's memorandum to all CIOs of Executive Departments and Agencies of the US government that contained key actionable directives for IPv6 deployment and adoption.

These Federal government directives can be summarized as:

  1. All agencies across the US Government must deploy IPv6 on their public facing websites before September 30, 2012.
  2. Agencies must upgrade their entire internal infrastructure to native IPv6 before September 30, 2014
  3. Agencies must designate an IPv6 Transition Manager
  4. The equipment that agencies procure for networked IT must comply with requirements for the completeness and quality of their IPv6 capabilities.

George Conrades from Akamai suggested that for IPv6 adoption to be taken seriously, it needed to become a reported-upon item at Board Risk Management Committees. This suggestion resonated strongly with both the panelists and the audience, and Aneesh Chopra asked George to lead a "coalition of the willing" to deliver a Board Risk template that could be widely adopted in industry in the next 90 days.

My perspective that, prior to training technical departments, organizational procurement departments also require training on IPv6 found broad acceptance in the room. Teaching the procurement department that best fit calculations based on IPv4 defaults do not translate to a v6 environment, and that incompatibility of IPv4 and IPv6 operations will lead to poor and degraded performance for customers will mean that a different kind of procurement and technology checklist for IPv6 purchases is now needed. Chopra took that on, as a second deliverable to find a way to create a technology IPv6 requirements template to mirror the Board Risk template.

IPv6 performance and requirements must conform to a uniform template across the industry — something that does not exist today. Both Jason Livingood from Comcast and Nabil Bitar from Verizon said that Internet consumers first demand high performance, and IPv6 based networks have to deliver such performance above all else. Given the volume of data that flows between the companies whom the panelists represented — there was a gentle nudge to the Federal government to try to gather publicly available data on IPv6 usage, and publish them in an accessible manner — a national IPv6 Usage Dashboard, of sorts.

As Leslie Daigle from ISOC said, staying with the current Internet addressing protocol is not an option. We are rapidly moving to a world where new devices will be IPv6 accessible only. So far, IPv4 depletion has resulted in scarcity economics rather than prompting a massive IPv6 migration. The eventual adoption of IPv6 is likely to be driven not just by scarcity, but by the direct and tangible benefits organizations believe they can obtain — economic self interest will be the critical motivating factor. The US government directives could spur those economic forces further forward towards broader IPv6 adoption.

By Ram Mohan, Executive Vice President & CTO, Afilias

Related topics: IP Addressing, IPv6

WEEKLY WRAP — Get CircleID's Weekly Summary Report by Email:

Comments

Akamai Frank Bulk  –  Sep 29, 2010 11:55 PM PDT

Interesting to see Akamai on the panel because they have punted their IPv6 plans for a long time.  As far as major CDNs are concerned, Limelight is ahead of them.

Re: Akamai Ram Mohan  –  Sep 30, 2010 4:10 AM PDT

Frank,
George Conrades from Akamai was very clear - they have to worry about performance and rapid rollout, which is part of why they have a rollout issue.

Having said that, as the proponent of the Board Risk management template for IPv6, Akamai committed to having this template apply to their own Board…

Thanks for your commentary. So do Frank Bulk  –  Sep 30, 2010 5:52 AM PDT

Thanks for your commentary.  So do you believe Akamai has worked and tested IPv6 behind the scenes, but has been held back from implementation solely because of poor performance concerns?

I have no idea why Akamai does/did Ram Mohan  –  Sep 30, 2010 8:26 AM PDT

I have no idea why Akamai does/did what it does/did.  But certainly performance was mentioned as a key concern - and not just by them.

Interesting. F5 has been doing IPv6 Frank Bulk  –  Sep 30, 2010 8:29 AM PDT

Interesting.  F5 has been doing IPv6 loadbalancing for quite some time.  Too bad they weren't there at the event to address some of the performance concerns.

Yes, I would've loved to have heard Ram Mohan  –  Sep 30, 2010 9:01 AM PDT

Yes, I would've loved to have heard from folks like F5 too — in our own tests, we've seen v6 flows being handled way differently than v4 flows.

To post comments, please login or create an account.

Related Blogs

Related News

Topics

Industry Updates – Sponsored Posts

Afilias Partners With Internet Society to Sponsor Deploy360 ION Conference Series Through 2016

Dyn Adds Chris Griffiths As New VP of Labs

IP Geolocation: Four Reasons It Beats the Alternatives

Nominum Releases New Security Intelligence Application

New Nixu NameSurfer 7.3 Series Powers the Software-Defined Data Centre

New Nixu Solution Slashes Cloud Application Delivery Times from Weeks to Milliseconds

Domain Name Registrations Pass 233 Million in the First Quarter Of 2012

Automate IPAM Set-up with Nixu NEE 1.3 Series

Nominum selected as 2012 AlwaysOn Global 250 Top Private Company

Streamline Application Delivery Processes with Nixu NameSurfer 7.2.2

Nominum Releases New Version of Carrier-Grade DHCP Software for Telecom Providers

Nominum Survey of World's Leading ISPs Shows Nearly 60% of ISPs Plan to Roll-Out IPv6 by End of 2012

Frontline and Nominum Deliver Integrated DNS-Based Platform to Enhance Enterprise Security

Nominum Sets New Record for Network Speed and Efficiency

Implementing a Cyber-Security Code of Conduct: Real-Life Lessons From Australia (Webinar)

Nominum and Nixu Software to Deliver Centralized DNS and DHCP Management Solution

Nixu NameSurfer 7.2 Strikes Rich at Dojo

DotConnectAfrica Participates at ICANN 43 In Costa Rica, the "Rich Coast"

Nominum Launches World's First Purpose-Built Suite of DNSā€Based Solutions for Mobile Operators

Is IPv6 the New Y2K? (Primer)

Sponsored Topics