US Government and DoD IPv6 Mandate
The U.S. Office of Management and Budget (OMB) has identified IPv6 as a critical technology necessary to achieve many of the Administration’s aggressive IT modernization goals such as Cloud Computing, National Broadband Deployment, and SmartGrid. In addition, with the depletion of the remaining IPv4 address spaces in under a year; the transition to IPv6 has also become a continuity of operations issues that must be met to ensure continued use and expansion of the Internet for commercial and government services.
On September 28, 2010, the CIO for the Federal government released a memorandum on IPv6 requiring agencies to:
- Designate an agency IPv6 Transition Manager
- Comply with new Federal Acquisition Requirements (FAR) to utilize the USGv6 Profile & Test program for IT products
- Operationally utilize native IPv6 on all external facing servers & services by end of FY2012
- Operationally utilize native IPv6 on all internal applications and networks by end of FY2014
IPv6 Capable Products and Networks
The DoD and US Government have mandated, through Federal Acquisition Requirements (FAR) that all new products purchased must be IPv6 Capable.
IPv6 Capable Products are defined as products that can create or receive, process, and send or forward IPv6 packets in mixed IPv4/IPv6 environments. IPv6 Capable Products shall be able to inter-operate with other IPv6 Capable Products on networks supporting only IPv4, only IPv6, or both IPv4 and IPv6, and shall also:
- Conform to the requirements of the USGv6 and DoD IPv6 Standard Profiles for IPv6 Capable Products
- Posses a migration path and/or commitment to upgrade from the developer (company Vice President, or equivalent, letter) as the IPv6 standard evolves
- Ensure product developer IPv6 technical support is available
- Conform to National Security Agency (NSA) and /or Unified Cross Domain Management Office requirements for Information Assurance Products
For purposes of assessing whether or not a product is IPv6 capable, the National Institute of Standards and Technology (NIST) has developed a USGv6 Profile and Test Program, which details the IPv6 requirements products must meet. These requirements were developed in conjunction with industry and try to reflect best practices. The DoD has also developed their own IPv6 profile, which is very similar to the USGv6 Program.
While the definition of IPv6 Capable is associated with respect to individual products, The DoD IPv6 Definitions memorandum also defines an IPv6 Capable Network as one that can receive, process, and forward IPv6 packets from/to devices within the same network and from/to other networks and systems, where those networks and systems may be operating with only IPv4, only IPv6 or both IPv4 and IPv6. An IPv6 Capable Network shall be ready to have IPv6 enabled for operational use, when mission need or business case dictates. Specifically, an IPv6 Capable Network must:
- Use IPv6 Capable Products
- Accommodate IPv6 in network infrastructures, services, and management tools and applications
- Conform to DoD and NSA- developed IPv6 network security implementation guidance
- Manage, administrate, and resolve IPv6 addresses in compliance with the DoD IPv6 Address Plan, when enabled
In addition, the DoD IPv6 Definitions memorandum defines an IPv6 Enabled Network as a network that is supporting operational IPv6 traffic, through the network, end-to-end. The network may carry a mix of IPv4 and IPv6 traffic.
Background
In 2007-2008, the National Institute of Standards and Technology (NIST) circulated a draft for public comment entitled “A Profile for IPv6 in the U.S. Government” (USGv6). The final USGv6 Profile for IPv6 Version 1.0 was published in July 2008. That document is intended for U.S. Government environments exclusive of the DoD. A USGv6 Profile 2.0 is in the works for publication in late 2011 or early 2012. The DoD and NIST have worked closely over the intervening years to develop parallel documents and requirements that are closely aligned. DoD acquisition of products for IPv6 deployment follows their document and all DoD testing and certification is coordinated by the DISA Joint Interoperability Testing Command (JITC). Discussions between NIST and DoD on compatible testing programs continue. However, there are no significant differences in functional requirements such that products approved under one program are highly likely to be interoperable with products approved under the other. There are minor differences in the effective dates of some requirements that will converge over time.
The DoD maintains a Unified Capabilities Requirements (UCR) document that provides requirements for all classes of networking and telecommunications products, including those supporting IPv6. Specific DoD IPv6 requirements are detailed in the document titled "IPv6 Standard Profiles for IPv6 Capable Products". The latest release of that document, Version 5, was published in July 2010.
The revised UCR2008_Change1 (C1) document, published in 2010, defines the overarching DoD architecture and requirements for all vertical services (voice, video and data) over IP networks with the IPv6 Profiles section providing specific detailed definition of IPv6-Capable product requirements for network interoperability. This publication will provide vendors and acquisition efforts with a single reference for both the UCR application requirements and the IPv6 interoperability requirements.
