First round of test specs for formal IPv6 compliance being readied

The first test specifications for IPv6 compliance, which will be required for government networking procurements beginning in July 2010, were reviewed by vendors and testing labs at a hands-on event this month at the University of New Hampshire InterOperability Laboratory.

UNH-IOL is working with the National Institute of Standards and Technology to develop testing requirements for U.S. Government IPv6 (USGv6) certification. Independent laboratories accredited by NIST to perform USGv6 compliance testing will use the test specifications to certify networking products that agencies purchase.

“This is not the final set of test specifications,” said UNH-IOL director Erica Johnson.

The first round of specifications is expected to be released by NIST for public comment in November and available to accredited testing labs in 2010. Vendors working with their own and competitors’ products July 13 through 17 validated the level of support needed to demonstrate compliance of the products with most IPv6 requirements.

But work remains to be done, officials said. “The more complex protocols need some more work,” said UNH-IOL senior manager Timothy Winters.

The review determined that testing for additional representative deployments is needed in IPv6 security — specifically in IKEv2, the Internet Key Exchange protocol used to set up security assertions in the IPSec protocol suite.

Because of the depletion of the current generation of IPv4 addresses and the growth of mobile computing and peer-to-peer applications, the government is leading a move in this country to the next generation of IP, IPv6. Government backbones have been readied for IPv6 traffic, and by July 2010, all network devices containing an IP stack will have to meet NIST’s IPv6 requirements.

NIST is developing the USGv6 profile as well as requirements for accrediting independent labs that will certify products to these requirements. NIST is working with UNH-IOL to develop the test specifications that the labs will use. UNH-IOL is an industry-funded, independent testing lab focused on interoperability.

“We’ve always written test specifications her at the IOL,” Winters said. “We’ve been working with NIST for the last two years” on the USGv6 requirements.

There are two areas of USGv6 compliance: conformance with the specifications in the NIST profile and interoperability with other vendors’ products. Vendors can perform conformance testing in-house if they have the proper accreditation. Interoperability testing will have to be done by a third-party lab. This month’s review included only interoperability requirements.

Areas covered in the testing included basic IPv6 requirements, IKEv2, IPsec, Dynamic Host Configuration Protocol, address architecture requirements, Open Shortest Path First, Border Gateway Protocol 4 with multiprotocol extensions, and Multicast Listener Discovery.

Companies and labs taking part in this month’s review included Cisco Systems, Dell EqualLogic, Hewlett-Packard, Juniper Networks, Microsoft, Nominum, Sun, V6 Security, ICSA Labs and the Taiwanese lab CHT-TL.

One of the goals of the compliance program is to harmonize the USGv6 profile with other test programs, including the IPv6 Forum’s IPv6 Ready Logo. The IPv6 Ready Logo is also a conformance and interoperability testing program that has become the industry standard. More than 260 products have been approved under phase 2 of the logo program, but the specifications are not as comprehensive as those in USGv6. IPv6 Ready requirements will essentially be a subset of requirements for USGv6.

Cita Furlani, director of the NIST Information Technology Laboratory, called the UNH-IOL event “an important step toward building stakeholder consensus on USGv6 test specifications.”

About the Author

William Jackson is freelance writer and the author of the CyberEye blog.

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above