NIST seeks comments on IPv6 testing guidelines
- By Dan Campbell, Special to GCN
- Mar 31, 2009
The National Institute of Standards and Technology has issued a request for comments on Special Publication 500-273, "IPv6 Test Methods: General Description and Validation,” which was recently released to the public.
SP 500-273 is a follow-up document to SP 500-267, “A Profile for IPv6 in the U.S. Government, Version 1.0," and part of the USGv6 Testing Program. Office of Management and Budget memorandum M-05-22 authorized the USGv6 Profile. That memo also directed federal agencies to upgrade their networks to be IPv6-compliant by June 2008.
The new NIST document is intended to “provide guidance to any and all accreditors and test laboratories on units of accreditation, standard reference tests, test method validation criteria and, crucially, feedback mechanisms to maintain quality improvement in test suites, in addition to maintaining consistency of test interpretations.”
The document defines frameworks for testing conformance, performance, and network protection validation for network nodes categorized as hosts, routers and network protection devices. The three test frameworks are necessary because they have different traceability chains.
Conformance testing validates that a device adheres to protocol specifications. “The objective of a conformance test is to determine whether a device under [testing] can realize the isolated behaviors specified in a set of standards,” the document states.
Interoperability tests validate the ability of a device to operate in “multi-vendor groups, over single or connected subnetworks.” Interoperability is more important than conformance, particularly in a routed IP environment in which many devices must communicate with one another for the network to function. In order for a device to be compliant, it must “demonstrate evidence of interoperability with three or more commercial implementations of IPv6,” the document states.
“Interoperability testing tests the aggregate behavior by providing a realistic test of a device’s behavior in a networked system,” the document states.
To comply with the test guidelines, network protection features must demonstrate configurability, logging, environmental security and packet filtering, among other features.
The document also defines the framework for test traceability and a mechanism by which improvements may be made to the testing standards through feedback from the user community.
The test methods described in SP 500-273 cover basic IP functionality such as Dynamic Host Configuration Protocol and IPv6 addressing, security, quality of service, multicast, network management and link-specific technologies.
Those implementing IPv6 must examine and test any changes or upgrades to existing standards. It is “necessary to define the new Internet Protocol as well as its implications for other protocol layers and the interfaces between them,” the NIST document states.
“There are ways to test this nexus of protocols by isolating particular protocols in particular devices or by assessing the aggregate behavior of the aggregate devices/network,” the document states.
Comments are due to NIST by May 1 and may be e-mailed to [email protected].
Dan Campbell is a freelance writer with Government Computer News and the president of Millennia Systems Inc.