Most people agree that an important component of any IPv6 rollout program is the assessment of current systems IPv6 capabilities. This will determine the readiness of an enterprises infrastructure to support an IPv6 rollout. Within the scope of an overall IPv6 program, the assessment phase should take place between the Education and Building Awareness phase and the start of any Pilot Projects. A prerequisite for the assessment, however, is the installation of a lab environment, since the assessment cannot only cover the vendor’s stated readiness but also live, automated tests against devices to verify that the vendor’s statements are indeed true. Since automated tests require IPv6 to be installed on a system, and the impact of the tests cannot be known in advance (for example crashing the system under test), using a lab would be a pragmatic approach.
Of course there are a number of organizations who perform these tests already and who publish the results, so not all systems within a certain environment need to be directly tested, just those which may be unique to a certain IT environment or those which have not been previously tested. The most well known list of results is the one found under the IPv6 Forum’s Ready Logo Program. NIST has also developed test profiles specifically to support the US Government’s OMB mandate. The following two labs provide lists of equipment tested against these profiles.
Loosely based on the NIST profiles, RIPE has also developed a list of requirements (specified in RIPE-554) for ICT equipment which may not be taking part in the IPv6 Logo Program but may also need to be considered for IPv6 support. The RIPE requirements are meant to be more general than the NIST requirements and can be used by all enterprises for determining the level of compliance of any ICT equipment. RIPE-554 tests devices against the MUST and SHOULD requirements in the following set of IPv6 RFCs.
- RFC 1981 – Path MTU Discovery for IPv6
- RFC 2460 – IPv6 Basic Specification
- RFC 2473 – Generic Packet Tunnelling and IPv6
- RFC 2711 – IPv6 Router Alert Option
- RFC 3315 – DHCPv6
- RFC 3484 – Default Address Selection
- RFC 3633 – DHCPv6 Prefix Delegation
- RFC 3736 – Stateless DHCPv6
- RFC 3971 – SEcure Neighbor Discovery (SEND)
- RFC 3972 – Cryptographically Generated Addresses (CGA)
- RFC 4213 – Basic Transition Mechanisms for IPv6 Hosts and Routers
- RFC 4443 – ICMPv6
- RFC 4861 – Neighbor Discovery
- RFC 4862 – StateLess Address Auto-Configuration (SLACC)
- RFC 5095 – Deprecation of Type 0 Routing Headers in IPv6
For more information, visit the RIPE-554 website.
With this in mind, I set out to see what tools are available to automate this testing process. The first tool I came across was veripy. veripy directly tests devices based on RIPE-554 requirements so I thought it would be a good tool to start with. As usual, I learned more in performing these tests than information about IPv6 testing. In the posts that follow, I will walk through the lab setup, configuring and installing veripy, and finally running some tests and their results.