Introduction
In the last installment of this blog, we looked at a number of websites providing an assortment of useful statistics demonstrating overall levels of IPv6 adoption (up and to the right!).
This time around, we’ll examine IPv6 websites providing an assortment of useful information — including both equipment certification and host support validation.
Certifiably IPv6: Will it Blend?
One of the biggest challenges facing organizations when they first move to adopt IPv6 is the analysis of which (and to what extent) devices support IPv6. It’s true that enterprises that have delayed IPv6 adoption face various technical debts. One example of this is not having an IPv6 practice to ensure that the IPv6 protocol that’s already running on the network is properly secured. But delaying IPv6 adoption has given hardware and software vendors a chance to introduce and mature IPv6 in their products. This means the likelihood that a single piece of gear or application supports IPv6 (and supports it well) is greater than ever. But of course more formally validating and testing mission critical hardware and software is de rigueur for IT personnel that want to remain gainfully employed. Fortunately, there are some great websites for helping determine existing levels of IPv6 support (and helping refine the depth of testing that might be required for your particular environment and deployment). Further, some of these resources offer more formal certification of IPv6 support that might be useful for establishing internal IPv6 compliance standards (or just plain covering your arse!). Let’s take a look at a few of these websites.
https://www.iol.unh.edu/testing/ip/ipv6
According to its website, the University of New Hampshire (UNH) Interoperability Lab (IOL) “tests networking and data communications products” and fosters “multi-vendor interoperability.” It’s been around since 1988 and has “grown steadily into one of the industry’s premier independent proving grounds for new technologies.” Where IPv6 is concerned, UNH-IOL arguably offers the most rigorous independent testing of hardware and software currently available. Their IPv6 test services include:
- IPv6 Core, Address Architecture
- DHCPv6 Client, Server and Relay Agent
- MLDv2 Listener
- IPsec/IKEv2 End-Node and Security Gateway
- Firewalls, Intrusion Prevention (IPS) and Intrusion Detection Systems (IDS)
- Custom application testing in dual stack or IPv6 only environments
Further, UNH-IOL testing offers validation of conformance with two independent testing programs:
The IPv6 Ready Logo program is described in more detail below.
The USGv6 certification program designated by the National Institute of Standards and Technology (NIST) provides “proof of compliance to IPv6 specifications outlined in current industry standards for common network products” and “is meant as a strategic planning guide for USG (United States Government) IT acquisitions to help ensure the completeness, correctness, interoperability and security so as to protect USG investments in the technology.” This is important because most U.S. government agencies have procurement guidelines that prohibit them from buying products that only support IPv4 and limit IPv6 adoption.
What this means for private companies, both enterprises and service providers, is that they can leverage the IPv6 readiness certification program for hardware and software that’s good enough for Uncle Sam (i.e., the U.S. government). While this doesn’t guarantee that a given complement of networking gear will work and perform optimally in all use-cases, it should greatly reduce the total amount of hardware and software that must be validated for IPv6 support in most environments.
You can check here to see whether a particular product is USGv6-certified
To get an idea of the actual configurations and level of IPv6 protocol support being tested, you can browse the testing suites here. Incidentally, reviewing the testing suites offers an effective way to study how components of the IPv6 protocol are supposed to behave (e.g., Neighbor Discovery Protocol (NDP), DHCPv6, ICMPv6, etc.).
The IPv6 Ready Logo testing program is similar in purpose to USGv6 and is described on the website as “a conformance and interoperability testing program intended to increase user confidence by demonstrating that IPv6 is available now and is ready to be used.”
The program and accompanying product certification (in the form of an “IPv6 Ready Logo”) seek to:
- Verify protocol implementation and validate interoperability of IPv6 products.
- Provide access to free self-testing tools.
- Provide IPv6 Ready Logo testing laboratories across the globe dedicated to provide testing assistance or services.
UNH-IOL is just one of the labs that IPv6 Ready Logo leverages in accomplishing the conformance testing. According to the website, other labs include:
Each of these labs appear to offer varying degrees of visibility into the testing suites that provide IPv6 validation in the manner, and to the extent, that UNH-IOL does (YMMV, depending on your ability to read Japanese, Chinese, and Korean!). But validating the actual testing methodology a given interoperability lab uses is not likely to be necessary for the vast majority of organizations.
In any case, verifying key network components have either USGv6 or IPv6 Ready Logo validation is both a convenient and important part of the due diligence your IPv6 adoption initiative requires.
https://www.ripe.net/publications/docs/ripe-554
Even with the relative abundance of equipment validated for IPv6 by the UNH-IOL and IPv6 Ready Logo programs, some of your gear will still “fall through the cracks.” Fortunately, the good folks at the European address registry RIPE offer a document that helps you identify IPv6 RFC compliance requirements for critical product functionality categories such as routing, load-balancing, and security.
For instance, the document defines a functional category of security which includes firewalls, Intrusion protection service, and application firewalls. A list of mandatory RFCs follows indicating the level of IPv6 compliance a security vendor should be expected to provide. Using the document, you can work with your vendors in each of the functional categories to validate the level of IPv6 support via RFC conformance they offer. Needless to say, vendors that shrug their proverbial shoulders at acknowledging and conforming to these RFCs should be avoided or replaced.
Finally, of course you have IPv6 connectivity on your laptop and mobile device. But what about your coworkers, friends, family, pets, not to mention the crusty old Internet station in the lobby of the hotel you’re staying at?
The Test IPv6 website will instantly validate the degree of IPv6 support offered by the node you’re testing from. Tests include basic IPv6 connectivity as well as DNS server IPv6 reachability and performance to websites over IPv6.
There are also a variety of other ways to confirm your device’s IPv6 Internet connectivity and determine if IPv6 is performing as well as IPv4.
That’s it for now! In the upcoming final installment of this series we’ll look at a few websites to help you manage your IPv6 address space as well as other general IPv6 adoption resources.
