(NOTE: For tools to help troubleshoot Internet Protocol version 6 (IPv6) network behavior or network services (such as web, mail, DNS, DNSSEC, NTP, or XMPP), see the IPv6 Troubleshooting article in the Network Management section.)
The IPv6 Test Techniques article is organized in 6 topics:
1. Introduction
2. IPv6 test lab set up
3. Interaction between item under test and test environment
4. Test plans, specifications, scenarios, and data packets
5. Test Network Setup
5.1 Dual-stack test network setup
5.2 IPv6-only test network setup
6. IPv6 application testing
1. Introduction
Whenever a change will be made to an existing product or application, testing that change in isolation before deploying it in the real world is a recommended practice. Guidance documents and how-to articles usually recommend setting up an IPv6 test lab or test network as one of the early steps in the process of deploying IPv6. For example:
Setting up a testing capability is important for the safe, controlled introduction of new features, technology, and versions of control software into your network and prototyping with an emphasis on validation of targeted behavior and performance outcomes (e.g., experimenting with secure IPv6-enabled teleworking). Testing in a controlled environment enables the agency IT group to perform tests that could potentially be disruptive or introduce a security risk if deployed on the production network. The test environment should be set up as close as possible to resemble the production environments, including required network services such as DNS and DHCP. At first, the test sites should not be connected to the production network but be limited to a controlled environment until preliminary testing is complete. During the testing phase, the IT team will gain valuable experience with integrating IPv6, allowing them to determine whether the technology plan or schedule needs to be modified. Once preliminary limited testing is complete, the test environment can be interconnected to other IPv6 test networks.
Note: The above guidance is recommended by the Planning Guide/Roadmap Toward IPv6 Adoption within the US Government, July, 2012. (While the policies contained in that memorandum are no longer in effect [the memorandum was rescinded Aug, 2018 by Office of Management and Budget (OMB) Memorandum M-18-23 Shifting From Low-Value to High-Value Work], the guidance recommended by that memorandum remains valid.) A policy is a statement of specific actions that must be taken or goals that must be achieved while guidance is a statement of non-mandatory actions that could be taken or methods that could be used to achieve recommended goals.
2. IPv6 test lab set up
For Microsoft Windows environments, this Microsoft website, published in 2012 and updated several times since then, shows how to configure an IPv6 test lab using five (5) computers, along with extensions to that basic IPv6 test lab for DHCPv6, DNS Zone Transfers, IPv6-only networking and numerous others. It even suggests how a virtual IPv6 test lab can be set up using only one physical computer. The resulting IPv6 test lab has no external Internet access. An earlier document is also available: Step-by-Step Guide for Setting Up IPv6 in a Test Lab published in 2006.
Part6: Configuring IPv6 Routing through IPv4 in a Microsoft Windows Environment in the article Enabling IPv6 in Microsoft Windows Application Servers in the Infrastructure section provides additional information, including how to add IPv6 network access.
This article offers various alternative approaches that can be used to set up an IPv6 test lab, either at home or at work, including some without computers. This older WindowsITPro article describes how to set up an IPv6 test lab using a computer, a router, and a tunnel broker to provide Internet access.
This paper (OPNET Modeler referenced by the paper has since been renamed Riverbed Modeler) and this more recent paper (VMWare licensing required) describe how to create an entirely virtual test environment.
For Linux environments, this American Registry for Internet Numbers (ARIN) web page includes a Home Labs subsection that describes several ways to set up an IPv6 test lab. This article combines IPv6 theory with practical guidance for setting up an IPv6 test lab, as does this article, which includes more detailed explanations. Yet another article describes using Kernel-based Virtual Machine (KVM) to set up a virtual IPv6 test lab in part1 and part2.
More elaborate IPv6 test lab setups are described here (in a business environment) and here (in a military environment).
3. Interaction between item under test and test environment
Guidance documents and how-to articles often skip over this aspect. In the course of modifying an item to make it IPv6-capable (whether hardware or software), the way IPv4 packets are processed may be changed. The following table shows eight ways that any item which has been modified to become IPv6-capable should be tested to verify that no new vulnerabilities or undesired behaviors have been introduced as a result. As Internet Engineering Task Force (IETF) Request for Comments (RFC) 6586 Experiences from an IPv6-Only Network makes clear, inadequate testing for test case 9 is presently the norm.
Configuration of Item under Test |
Network Test Environment | ||
---|---|---|---|
IPv4 packets on native IPv4 Network |
IPv4 and IPv6 packets on dual-stack network |
IPv6 packets on native IPv6 network |
|
Unmodified IPv4-only Item |
1. This test case has already been tested |
2. Does Item process IPv4 and ignore IPv6? |
3. Does Item ignore IPv6? |
IPv6-capable Item with IPv6 disabled |
4. Is IPv4 behavior unchanged? |
5. Does Item process IPv4 and ignore IPv6? |
6. Does Item ignore IPv6? |
IPv6-capable Item with IPv6 enabled |
7. Is IPv4 behavior unchanged? |
8. Are both protocols processed correctly? |
9. Are IPv6 packets processed correctly? |
Most commercial and open source operating system and web browser clients are now IPv6-enabled by default, so they need to be reconfigured to disable IPv6 before being tested.
Too often, only test cases 7 and 8 are used. To give just two examples of the importance of the other test cases, sometimes the modified networking hardware can crash in test case 6 or a large packet (containing IPv6 records that are larger because of their larger addresses) can cause a buffer overflow in a modified DNS resolver in test case 5.
4. Test plans, specifications, scenarios, and data packets
Sample test plans and procedures, specifications, and the scenarios they are part of may be found on the websites of six different categories of organizations:
(1) International,
(2) United States (US) Government,
(3) US Department of Defense (DoD),
(4) Commercial and open source testing service providers,
(5) Original Equipment Manufacturer (OEM), and
(6) Other
that conduct IPv6 standards conformance and interoperability testing are referenced in the IPv6 Product Testing Results article in the Testing section.
The standard IPv6 profiles approved for use by the US Government departments and agencies, US DoD, and European countries are discussed in the IPv6 Boiler Plate Acquisitions Language article in the Deployment section.
A network test plan used by the Malaysian Communications and Multimedia Commission is available in Appendix B of this document.
It is desirable to use real streams of IPv4 and IPv6 packets in test cases 2, 5, and 8 in the table above. One way to create such packet streams is with the Simple Packet Translator tool discussed by an article of the same name in the Testing section. Packet streams can also be generated by tools referenced in that article.
5. Test Network Setup
Guidelines, techniques, and recommendations for setting up test networks may be found in the following:
a. IPv6 test lab setup (see part 2 above),
b. The project management factors mentioned in the Before You Begin article in the IPv6 Deployment section,
c. IETF RFC 5180 IPv6 Benchmarking Methodology for Network Interconnect Devices, May 2008 (IPv6-specific guidelines for benchmarking),
d. IETF RFC 2544 Benchmarking Methodology for Network Interconnect Devices, Mar 1999, along with associated updates in RFCs 6201, 6815 and 9004,
e. Tips on configuring your network to use Google Public DNS, and
f. Lessons learned in transitioning from IPv4 to IPv6 at the United States Naval Academy.
Note: This article describes ways to "Avoid the Top 5 IPv6 Network Testing Troubles" when setting up or reconfiguring an IPv6 network. Additional tips and techniques for troubleshooting IPv6 networks is available in the IPv6 Troubleshooting article in the Network Management section.
5.1. Dual-stack test network setup
It is no longer the case that an organization needs to set up its own test network. See Available Internet Service Providers (ISPs) and Networks in the FAQ section for a list of Internet Service Providers (ISPs) offering dual-stack network services.
During the early stages of IPv6 deployment, a few organizations chose to set up dual-stack test networks to gain experience with IPv6 deployment. In Europe, the 6bone was established as an informal collaborative test bed through the efforts of the IETF in 1996. It ceased operation in 2006. In the United States, the Defense Research and Engineering Network (DREN) IPv6 pilot was established in July 2003 by the DoD High Performance Computing Modernization Program (HPCMP). It became a production network in 2007. In Australia, the VIC6 network was established in 2008 by the AI Group and IPv6Now. It became a production network in 2010.
This report from 2004 describes the setup of a network to test IPv6 Quality-of-Service performance for Aviation applications.
5.2. IPv6-only test network setup
IPv6-only networks are not yet currently commercially available in the United States although they might be closer than you think. However, any organization may set up a test network that supports only the IPv6 protocol, in order to gain experience with IPv6-only networking, for reasons described in RFC 6586 Experiences from an IPv6-only network.
Facebook, LinkedIn (Part1, Part2, and Part3), Cisco, Microsoft and other organizations have deployed IPv6-only test networks on their premises. References to their experiences are available in the Overview of Lessons Learned Deploying IPv6 article in the General Information section. The Trans-European Research and Education Networking Association (TERENA) extensively documented their experience while deploying an IPv6-only test network in their office.
6. IPv6 application testing
Whether developing a new dual-stack or IPv6-only application or updating an existing IPv4-only application to enable support for IPv6, testing for correct behavior is required. Testing techniques that can be used during the development of new and conversion of existing applications to support IPv6 are discussed in the Application Conversion Introduction and Application Conversion Tools articles in the Applications section.
To be certain that the IPv6 protocol is being used to access a website, substitute an IPv6 literal address surrounded by square brackets in the address bar in place of a domain name. For example:
http://ipv6.test-ipv6.com
becomes
http://[2001:470:1:18::115].
For additional information, refer to Request For Comments (RFC) 3986 “Uniform Resource Identifier (URI): Generic Syntax".
(Caution: This substitution can sometimes fail. Explanation of possible reasons for this are available. If you encounter problems, review the Broken User FAQ article found on that website for several possible explanations. For even more possible explanations, review this article on the ARIN IPv6 wiki.)
Most non-Apple browsers and IPv6 enabled applications attempt to use IPv6 before IPv4 if the local system and the remote server have v6 addresses. Here’s why debugging IPv6 web connectivity with Safari was historically difficult. It was only with the release of Safari 2.0 with MacOS 10.4 Tiger circa 2005 that Safari gained full IPv6 support; until that release it tried IPv6 first and then fell back to IPv4 if IPv6 didn’t work.
Prior to 0.8, Firefox did not support IPv6. Since then, IPv6 has been supported by default and is preferred over IPv4. Firefox also requests AAAA DNS records even when there is no IPv6 connectivity.
To be certain that the IPv6 protocol is being used to access a website, substitute an IPv6 literal address surrounded by square brackets in place of a domain name. For example.
http://ipv6.test-ipv6.com
becomes
http://[2001:470:1:18::115].
For additional information, refer to Request For Comments (RFC) 3986 “Uniform Resource Identifier (URI): Generic Syntax".
(Caution: This substitution can sometimes fail. Explanation of possible reasons for this are available. If you encounter problems, review the Broken User FAQ article found on that website for several possible explanations. For even more possible explanations, review this article on the ARIN IPv6 wiki.)
To disable IPv6 support in Firefox:
1. In the Location bar, enter about:config. Then press the Enter or Return key
2. If the "This might void your warranty!" warning page appears, click I'll be careful, I promise!
3. In the Search preference name field, type network.dns.disableIPv6
4. network.dns.disableIPv6 should now appear in the list of preferences. Click on the Toggle button to set its value to true
5. Close the preferences
To re-enable IPv6 support in Firefox after it has been disabled, repeat steps 1 through 3 above. Then:
4. Set the value of network.dns.disableIPv6 to false
5. Check the value of network.dns.ipv4OnlyDomains. If it contains any domain names, delete them.
6. Close the preferences
Extensions: IPvFoo is one of several extensions that are now available for FireFox. After you install iPvFoo, some combination of 4, 6 and/or "?" will appear at the top of the screen near the menu button (). Clicking on it will cause the IP address(es) of the web page you are viewing to appear. To install iPvFoo, open the Extensions manager, enter "IPvFoo" (without the quotes) in the Find more add-ons box, and click on IPvFoo. FireFox has many other extensions that are specific to IPv6.
The Java development environment and language originally developed by Sun Microsystems, Inc. is inherently Internet Protocol (IP) agnostic, beginning with good support for Solaris and limited support for Linux in version 1.4.2, and limited support for Windows XP SP1 (or later versions of Microsoft operating systems) in version 1.5. Documentation for the Java Development Kit (JDK) 19 is available here. See Oracle's earlier Networking IPv6 User Guide for JDK 8 and their Networking Properties for JDK 19 for additional details.
Improved support for IPv6, including multicast, was added in JDK 7.
Packages supplied as part of Java, such as java.io and java.net, support both IP version 4 (IPv4) and IPv6 natively.
Because of the limited support provided by early versions of Java, a few developers “turned off” IPv6 support in their Java apps. To re-enable IPv6 support in such an older app, some java system properties need to be changed. First, make sure that the following properties are set to these values:
-Djava.net.preferIPv4Addresses=false
and
-Djava.net.preferIPv6Addresses=false
If this does not enable the desired IPv6 access, then set
-Djava.net.preferIPv6Stack=true
although this will “turn off” IPv4 support altogether!
To enable IPv4 (only) access, set
-Djava.net.preferIPv4Stack=true
Kerberos Version 5 (V5) (also known as Kerberos 5) documentation is available here from the Massachusetts Institute of Technology (MIT).
Kerberos 5 software since version 1.3.5 has had extensive (but not complete) support for Internet Protocol version 6 (IPv6). A summary of the status of IPv6 support in versions of Kerberos released prior to 2010 is available here.
Additional work has been done by various groups within the Department of Defense (DoD) High Performance Computing Modernization Program (HPCMP) to incorporate Public Key Infrastructure (PKI) support for DoD Common Access Cards (CAC). For additional information, please contact ipv6-team [at] dren.mil.
Major Kerberos 5 applications support IPv6 natively (kinit, kftp, kpasswd, ktelnet, pkinit, pkpasswd, et cetera). kadmin will only support IPv6 in Kerberos 5 version 1.9 or newer.
The following are additional notes on Kerberos 5 and IPv6:
- Each realm Key Distribution Center (KDC) server must have IPv6 addresses added to its keytab file to be accessible via IPv6 (just as IPv4 addresses are required to be accessible via IPv4).
- The application clients and servers as distributed by MIT all support IPv6. They all will try the IPv6 address for a server first; if they cannot connect, they will fall back to the IPv4 address.