Earning the IPv6 Seal Of Approval
February 20, 2014
Successful IPv6 deployments are contingent on developing realistic requirements and taking advantage of robust testing programs. Outlined below are three programs that have stood the test of industry scrutiny. Not just checkbox exercises, these programs have set the bar for IPv6 technology validation.
Requiring that IPv6 device vendors successfully complete IPv6 Ready Logo or USGv6 testing increases enterprise engineers’ confidence that deployed equipment conforms to the basic IPv6 standards with reduced risk, quicker test cycles, and lower costs to IT departments. The programs come at no additional cost to the users.
As the de facto repository of IPv6 test cases, the world-renowned IPv6 Ready Logo is referenced in both the USGv6 Test Program and RIPE 554, so let’s start there.
IPv6 Ready Logo Program
The IPv6 Forum’s IPv6 Ready Logo Program is an industry-accepted conformance and interoperability test program intended to increase user confidence. Officially launched in 2005, the IPv6 Ready Phase-2 Core Logo (Core) is the most vetted test program to date and has more than 1,000 approved devices listed.
This program is administered by eight labs around the world with unwavering technical focus, ensuring the highest quality procedures and examinations. Here are some key details about the program:
• Provides publically available test specifications and self-test tools.
• Requires vendors to pass 100% for both conformance and interoperability test specifications. Interoperability requires testing with four different interoperable vendor devices with different IPv6 stacks.
• Allows a vendor to submit self-test tool results or utilize test laboratory services. No accreditation is required.
• Once the vendors have applied for the logo through the program's online portal, the IPv6 Ready Logo Committee has an administrative process to review and verify the test results before adding a vendor to the approved list.
• Volunteers perform any future developments, which are typically market driven.
These are the available logos in the program:
• Core (host or router); RFC coverage (2460, 1981, 4291, 4861, 4862, 4443, 5095).
• DHCPv6 Client, Server and Relay Agent; RFC coverage (3315, 3646, 3736, 3633).
• IPsec (End-Node or Gateway); RFC coverage (2404, 2410, 2451, 3602, 3566, 3686, 4301, 4303, 4305, 4312).
• SNMP; RFC coverage (3416, 3418, 2578, 2579, 2580).
• CE Router (scheduled for release in March); RFC coverage (7083, 7084).
USGv6 Test Program
The National Institute of Standards and Technology (NIST) developed the USGv6 Profile in response to OMB Memorandum 05-22. The profile suggests that product testing is needed in order to protect early investments for U.S. government (USG) IPv6 adoption. Consequently, NIST developed the USGv6 Test Program that strategically harmonizes with existing test programs such as the IPv6 Ready Logo Program.
Officially launched in 2009, the program now has three accredited laboratories and more than 200 products publically listed on individual labs’ website lists. Here are some key details about the program:
• Makes use of public test specifications, each validated against the respective protocol standards; IPv6 Ready Logo test specifications are used when available.
• Has three device categories: host, router or network protection device (NPD).
• Requires vendors to perform testing at laboratories ISO 17025 accredited to test host, router and network protection devices for compliance to the USG profile.
• Devices must perform interoperability testing with three or more independent implementations.
• Vendors must make their claims of USGv6 compliance in a systematic and standardized way using the Supplier’s Declaration of Conformity (SDOC).
• Maintenance and future developments are made following an evolution scheme between stakeholders including USG agencies, testing labs, test method developers (test specifications and test tools), accreditors, IPv6 device developers, and NIST.
NIST lists test methods for conformance, interoperability, and network protection testing here.
Test methods that do not have defined test selection tables may claim “self test” on their SDOC.
The RIPE Network Coordination Centre authored a document to provide governments and large enterprises guidance and best practices to ensure a smooth deployment of IPv6 across their networks. The document does not specify any standard or policy itself but may be used as a template for purchasing requirements or tenders. RIPE 554 is helpful in providing standardized text that may be used for a tender while allowing for flexibility. The requirements outline a list of device categories and definitions.
Unlike the USGv6 Test Program, this guidance document outlines devices such as load balancers, mobile devices and small office equipment. They are then divided into functional groups where lists of RFC mandatory and optional support ensue.
Luckily for vendors, many of the RFCs are covered under the IPv6 Ready Logo Program or USGv6 Test Program, allowing them to point to these results for tender requirements.