Department of Defense
High Performance Computing Modernization Program

 

Two different types of Internet Protocol version 6 (IPv6) product testing results are provided by this article:

  1. IPv6 standards conformance and interoperability testing, performed by six different categories of organizations:
    (1.a) International,
    (1.b) United States (US) Government,
    (1.c) US Department of Defense (DoD),
    (1.d) Commercial testing service and equipment provider and open source testing software developer,
    (1.e) Original Equipment Manufacturer (OEM), and
    (1.f) Other, and
  2. IPv6 vulnerability and threat mitigation testing, performed by three different categories of organizations: 
    (2.a) International, 
    (2.b) US, and
    (2.c) Commercial testing service and equipment provider and open source testing software developer.

1. IPv6 standards conformance and interoperability testing. A single database or website that consolidates the results produced by the various testing programs described below does not exist.

1.a. International testing. Starting in 2003, information about hardware products and system software that have been tested against IPv6 Forum IPv6 Ready Logo program requirements and placed on that program's Approved Lists may be found here. Starting in 2010, the IPv6 Forum started testing additional categories of software, including Dynamic Host Control Protocol version 6 (DHCPv6), IP Security (IPSec), Session Initiation Protocol (SIP), Simple Network Management Protocol (SNMP), and Customer Edge (CE) Router products. Information about these IPv6 Ready Logo programs and the products that have been tested under them may be found by following the links on this website.

As early as 1991, the European Advanced Networking Test Center (EANTC) began testing network products for IPv4 standards conformance and interoperability. In 2004 they began testing IPv6 products (search for "IPv6" without the quotes). Another long running series of annual tests of IPv6 products concluded in December 2012, whose testing results are still available is the Tahi Project, archived Jan, 2013. The Virtual Private Network Consortium (VPNC), archived June, 2013, tested VPN software for IPv6 interoperability through June 2013, and the testing results are still available. The Home Gateway Initiative (HGI), archived May, 2017, tested IPv6 support in home gateways and home network devices from 2010 through 2016. In 2012 the then Internet Protocol for Smart Objects (IPSO) Alliance updated its Application Framework to include IPv6 interoperability tests. In 2014 the IPSO Alliance announced the release of its Smart Objects Guideline – Starter Pack 1.0. In 2018 the IPSO Alliance and the Open Mobile Alliance (OMA) announced their merger to form OMA Specworks. The OMA Specworks Work Program includes several Working Groups, including the Interoperability Working Group (IOP WG), which is defining, developing and releasing interoperability tests.The European Telecommunications Standards Institute (ETSI) Methods for Testing and Specification-Internet Protocol Testing (MTS-IPT) working group was active from 2003 to 2006, and created several IPv6 test suites and test specifications. These are available on an MTS-IPT IPv6 testing web page. Since 2012, the ETSI has been involved in IPv6 over Low power Wireless Personal Area Networks (6LoWPAN) with the OMA Specworks (originally, with the IPSO Alliance) using the Pursuing ROadmaps and BEnchmarks for the Internet of Things (PROBE-IT) Internet of Things (IoT) Benchmarking Framework. In 2013 The Broadband Forum released TR-296, a comprehensive IPv6 Transition Mechanisms Test Plan.

The Internet Corporation for Assigned Names and Numbers (ICANN) conducted a series of tests of Recursive Name Servers, with these results.

1.b. United States (US) Government testing. Information about the products that have been tested against the National Institute for Standards and Technology (NIST) US Government standards for IPv6 (USGv6) requirements and placed on the USGv6 Accredited Test Labs Registry may be found here. Scroll down to the bottom of that web page, click on the line

Additional Technical Details                                     +

and then scroll down to the list of USGv6 Accredited Test Labs. (Caution: Each accredited test laboratory maintains a separate list of the products they have tested. Limited results from test laboratories that are no longer accredited may still be available.) The USGv6 is also referred to as the USG IPv6 Profile. As of July, 2010, all US Government agencies can only make Internet Protocol technology acquisitions that are known to meet the requirements contained in the National Institute of Standards and Technology (NIST) Special Publication 500-267 USGv6 Profile Node Requirements Table section 8 (i.e., using the USGv6 Capabilities Check List) and whose vendors have documented their product’s support of those IPv6 capabilities, through USGv6 Test programs (i.e., using the USGv6 "Suppliers Declaration of Conformity" or SDOC). (Note: Additional information about the USGv6 Profile and USGv6 Test program can be found here. NIST has prepared a “Buyer's Guide” to USGv6 to help simplify the purchase of IPv6 products for US Government consumption).

Note: NIST is in the midst of revising the USGv6 Program documents. To see the draft documents, go here, and scroll down that web page to:

DRAFT3 of USGv6 Revision 1 Specifications Available for Public Comment

From 2004 to 2007 the Moonv6 project created several IPv6 test suites and test specifications. While this project is no longer active, test suites, test specifications, and test results are still available via links on the Moonv6 website, archived May, 2008.

1.c. US Department of Defense (DoD) testing. DoD testing results for products that have been tested against the DoD Unified Capabilities Requirements (UCR) by the Joint Interoperability Test Command (JITC) and other Testing Centers of Excellence are placed on the DoD Information Network (DoDIN) Approved Product List (APL) and may be found here. (The website does not require a PKI certificate for access, although it may ask for one. Keep clicking on Cancel if one is requested.)

The JITC testing methodology as of 2009 was described in this DoD IPv6 Generic Test Plan. That Generic Test Plan has been superceded. Current UCR Interoperability Test Procedures are available on the JITC UCR Test Document Depot. (Caution: Some versions of Microsoft web browsers will not connect to this website.)

For older testing results that are no longer on the current APL list, the manufacturer may be able to provide a copy, or the testing results may have been on an older APL developed by JITC and archived in Feb 2009, prior to the incorporation of IPv6 conformance testing into the UCR. Under contract to the Navy, Applied Research Associates, Inc. provided a report of their early findings.

Additional information about IPv6 product testing as part of the DoD UCR program may be found here.

1.d. Commercial testing service and equipment provider and open source testing software developer. The InterOperability Laboratory (IOL) at the University of New Hampshire (UNH) has created a series of IPv6 test suites and test specifications and is conducting on-going IPv6 product testing. The suites, specifications, and product registries with testing results are available on the UNH IOL website. The UNH IOL also conducts an on-going IPv6 testing program for Home Networking equipment and maintains a Session Initiation Protocol version 6 (SIPv6) Interoperability Environment and pre-certification test suite. Some of the providers and developers mentioned at the end of the Testing category of the SDN Lessons Learned Collection article in the SDN Knowledge Base perform IPv6-specific testing.

1.e. Original Equipment Manufacturer (OEM) testing. In addition to results from the testing programs mentioned above, a few OEMs are known to provide IPv6 testing results and other regulatory compliance information on their own websites: Cisco hardware, HP (separate web pages for IPv6 Ready and DoD UCR), IBM software, Juniper hardware and Red Hat, Inc. software.

Although ephemeral, OEMs often publicize testing results when individual products are approved by the IPv6 Ready Logo, NIST USGv6, or DoD UCR testing programs.

1.f. Other. In the event that IPv6 conformance testing results for a product of interest cannot be found in any of the above, there may be some level of IPv6 conformance if the product manufacturer's corporate website:

(i) states that the product supports IPv6,
(ii) states that the product supports Software-Defined Networking (SDN) or associated software architectures, or
(iii) is itself IPv6-enabled. This can be determined using one of the IPv6 connectivity testing tools mentioned in the IPv6 Troubleshooting article in the Network Management section.

The level of such IPv6 conformance should be independently verified.

2. IPv6 vulnerability and threat mitigation testing. There are no on-going vulnerability and threat mitigation testing programs. Various commercial, government and academic organizations have performed tests and documented their results. Some of these testing results are identified below. A single database or website that consolidates the testing results does not exist.

2.a. International testing. A comprehensive review of penetration testing scenarios with solutions is described in this Testing of the security of IPv6 implementations. Results for web applications and server testing are given in this Master Thesis: Penetration Testing over IPv6. Also, search the University of Amsterdam System and Network Engineering OS3 Archive of Master's Theses (https://www.os3.nl/archive/research_projects) for testing topics, such as “Security of IPv6 and DNSSEC for penetration testers”. (The Master's Theses are grouped by academic year).

2.b. US testing. Search the System Administration Networking and Security (SANS) Institute reading room by using your preferred search engine [Google is one] to search for 'www.sans.org/reading-room/whitepapers ipv6' for testing topics, such as "A Complete Guide on IPv6 Attack and Defense”.

2. c. Commercial testing service and testing equipment provider and open source testing software developer. Results of testing are typically only made available to their customers.


Top