Internet Protocol version 6 (IPv6) government transition
Government agencies are required to transition to Internet Protocol version 6 (IPv6) so that key public and internal systems and websites meet accessibility and international standards.
What are IPv4 and IPv6
Internet Protocol (IP) allows information to be sent and received correctly to a device’s assigned address (IP address). Internet Protocol version 4 (IPv4) was developed in the late 1970s, and used by most devices and networks.
However, IPv4 ran out of address capacity in 2011 as it was only designed to support up to 4 billion addressable devices.
IPv6, the newer version, offers a long–term solution by providing nearly unlimited addressing.
Action required by government
Publicly accessible government websites must become IPv6-enabled as soon as possible. Agency networks and hosted websites will require more complex configuration, security controls and testing for this transition.
The policy to transition to IPv6 is outlined in the Department of Internal Affairs’ “Transition to IPv6 for Government Agencies GCIO Circular No: GCIO–2012–01, 7th Feb 2012”.
- NZ Government publicly accessible websites shall be IPv6-enabled and IPv4-capable where necessary.
- The transition of agency networks to IPv6 should only occur when all aspects of agencies’ IT environments are fully capable of managing IPv6 traffic and addressing.
- NZ Government operational systems and internal agency networks shall remain IPv4-enabled.
How to transition to IPv6
Public service agencies are expected to upgrade to IPv6 during technology and application refresh cycles, planned system upgrades, or funded new capability projects supported by business cases.
Other government agencies are advised to:
- ensure all publicly accessible and externally delivered Internet services, for example websites, email, DNS, online forms or transaction services, have IPv6 capabilities
- ensure that internal networks, applications and devices are operationally capable of using IPv6
- note internal agency networks that have not implemented IPv6 compliant network/application management and monitoring tools and disable IPv6 functionality to reduce the threat of exposure and risk of compromise
- provide status updates on their progress to the Government Chief Information Officer (GCIO), through annual operational assurance reporting.
Implement IPv6 using dual–stack method
Devices, services and applications using IPv6 cannot communicate with devices using IPv4, however it’s possible to run both IPv4 and IPv6 simultaneously.
‘Dual–stack’ is the industry-recommended method of transitioning to IPv6 for website content. It is the side-by-side implementation of IPv4 and IPv6, or ‘dual IP layer’ device (computer, firewall, router) or application (web browser).
DNS A (IPv4) and AAAA (IPv6) records should be published for digital services.
Resources for implementing IPv6
The New Zealand Information Security Manual (NZISM) must be applied when implementing IPv6 to classified networks, gateways and line of business systems.
Re-accreditation of agency systems once transitioned to IPv6 is also required.
What to consider before the transition
Agencies transitioning to IPv6 are advised to understand what the transition to IPv6 means for their agency, from both business and architecture viewpoints.
Agencies are advised to:
- learn the options and investment intervention opportunities available to transition to IPv6
- find out how IPv6 goals and benefits can be attained with the help of All-of-Government (AoG) ICT Common Capability Services
- understand Internet Service Providers’ and outsourced Service Providers’ IPv6 readiness and management capabilities
- ensure that their external Domain Name System (DNS) and other critical externally-facing components are IPv6 ready
- ensure all privacy and security controls, and security devices in the network are fully IPv6 capable before transition.
Staff will also need to understand the transition. It is important to:
- ensure ICT technical support staff have the required skills and knowledge of IPv6 implementation, management and exploitation
- ensure staff and management understand why migration to IPv6 is required and what it means to their ways of working. This includes any changes required to the ICT Support functions.
IPv6 enabled in government
Many services and sites are already IPv6-enabled, including:
NZ Government provides a range of ICT Common Capability All-of-Government (AoG) cloud computing services that are also IPv6 ready, reducing the requirement and cost of individual agencies needing to implement IPv6 capabilities themselves.
- Telecommunications as a Service (TaaS) network
- Secure email (SEEMail) services
- Infrastructure as a Service (IaaS)
- Common Web Platform
APNIC is the Regional Internet Registry administering IP addresses for the Asia – Pacific.
Google has statistics about IPv6 adoption.