SSA Far Along On IPv6

From Government Executive.com:

Think IPv6 is so 2008? Think again. All agencies met the Office of Management and Budget's June 2008 deadline to demonstrate their ability to carry IPv6 traffic across their backbone networks, but that doesn't mean the federal government is ready for the next-generation Internet. ...

IPv6 is a long-anticipated upgrade to the Internet's main communications protocol, known as IPv4. Version 6 features vastly more address space to allow computers, cell phones, gaming systems and other devices to connect directly to the Internet. ...

One agency that's far along in its IPv6 deployment is the Social Security Administration. SSA has been planning for its adoption since 2001. The agency has a Multi-Protocol Label Switching network supported by AT&T and Verizon. The network connects 1,800 field office locations and two main data centers in Woodlawn, Md., and Durham, N.C. SSA demonstrated it could support IPv6 in its network core in December 2007. "We are utilizing our architecture planning to ensure we have secure, shared IPv6-enabled network services using our regular tech refresh cycles. That is the key for us," says Rich Terzigni, senior adviser at SSA's Office of Telecommunications and Systems Operations.

Its policy since 2005 has been to acquire only IPv6-capable routers, switches, firewalls and intrusion detection systems. SSA has an in-house lab for testing the IPv6 functionality of the equipment it buys. The agency refreshes technology every five years.

"By 2011 or 2012, depending on our tech refresh cycle, we'll be IPv6-capable from end to end," Terzigni says. SSA integrated IPv6 into its enterprise architecture and capital planning processes in 2005. OMB has rated the agency at maturity level 4 in every enterprise architecture assessment since February 2006.

"We recognized that OMB was not going to give us any additional funding for its IPv6 mandate, so it was necessary for us to build it into our capital planning activities. We had to build it into our standard budget cycle," explains Mark O'Donnell, also a senior adviser at SSA's Office of Telecommunications and Systems Operations.

The agency plans to support IPv6 in dual-stack mode, which means all its servers and desktops will support both IPv4 and IPv6. It also will turn off certain IPv6 features that have security risks.

Now SSA is looking at its current and future applications to determine which ones need to support IPv6. "Future-proofing your network relies on IPv6," Terzigni says. "You're not going to be able to keep current in terms of interagency communications or communicating to the public if you don't embrace it."