In 2008, the National Institute of Standards and Technology (NIST) released the initial IPv6 profile that launched the subsequent U.S Government (USGv6) test program. The USGv6 test program was referenced in Federal Acquisition Regulations for purchasing of IT equipment. The first major revision of the profile was recently released that updates the original profile.
In the 10 years between the profile releases, many advances have been made in areas of networking, particularly with IPv6. Presented here are some of these high-level changes and how they might impact network operators and products.
The Profiles
The initial USGv6 Profile was a single document that covered the grouping of IPv6 standards into capabilities, while also including recommendations for USG agencies. A goal for revising the USGv6 Profile was to separate the definition of IPv6 Capability Profile from its use in USG acquisition programs. Therefore, other user groups could reuse the capability profiles to align product testing programs.
To achieve this goal, the original USGv6 profile was divided into two separate documents called USGv6 profile and NISTv6 profile. The NIST IPv6 profile defines IPv6 capabilities documented in Internet Engineering Task Force (IETF) specifications, giving them a named capability set for common network functions. The revised USGv6 profile defines how this generic capability profile should be used by USG agencies when acquiring network products.
The NIST IPv6 profile incorporates the current IETF specifications that have been updated or obsoleted over the past 10 years. Since there are over 200 Request For Comments (RFCs) in the NISTv6 Profile, we can’t address everything here. However, an important specification update to highlight is the base IPv6 specification (RFC 2460).
The 6MAN working group in the IETF updated RFC 2460 to an internet standard showing the highest degree of technical maturity and usefulness to the internet community. The new RFC 8200 features updates to extensions headers and IPv6 fragmentation from the original standard. These updates include the operational experiences and security lessons learned over the last 10 years by network operators and implementers.
New Capabilities
The new NISTv6 profile also adds several new IPv6 capabilities developed by the IETF since the initial profile. Capabilities such as IPv6 over low-power networks was added to support the use case for the Internet of Things. In addition, IPv6 transition technologies that focused on supporting the deployment of IPv6-only networks were added to the profile. There are many options, such as DS-Lite, MAP-E, MAP-T, LW4over6, and XLAT, for these types of transition mechanisms. Using the capabilities strings for the transition mechanisms enables both suppliers and buyers to ensure they’re working together to deploy IPv6.
The updated profile also allows more choices for network operators in key areas such as security, routing, and network management. For security, the choice of using TLS was added to the existing option of IPsec. This permits a choice of options for a secure channel that communicates with network functions.
The original profile had OSPF and BGP for routing protocols; ISIS was added as an option for exchanging routing information. Network management NETCONF was added as another option to SNMP. Protocols such as NETCONF and YANG support software-defined networks. These choices will allow user groups to utilize the NISTv6 profile to fit the needs of their network deployments.
Taking on Test
The first USGv6 profile discussed the possibility of testing applications for IPv6. The revision of the USGv6 profile revisits this topic and updates the test program to support formal testing of applications and services. It creates a set of standard features to be verified on any application, while allowing for testing of specific networked features of an application. The test plans will be listed on the UNH-IOL website so that both suppliers and buyers can review how and what features are tested.
A new requirement in the revision of the USGv6 profile is that the testing is done in an IPv6-only environment. This will ensure that both applications and services don’t have any need for IPv4 to function properly.
The USGv6 test program requires that users don’t accept results from the previous profile two years after the publication of the new revision. Thus, products will have two years to stop testing to the initial profile and move to updated test cases. Test labs such as the UNH-IOL are working to update testing as quickly as possible so that products will be able to adjust to the new profile.
The USGv6 profile has given network operators the ability to select network functions that are IPv6-enabled in a clear and concise manner. Network products have utilized the USGv6 profile to demonstrate support for IPv6 network functions. The updated revision of the profile continues to allow network operators to articulate current and future network needs to products. It includes the latest standard updates, increased capabilities, and lends itself to adoption to support the mission of deploying IPv6. This gives products a clear vision of what network features are necessary for operators to support IPv6-only deployments.
Timothy Winters is a Senior Executive, Software and IP Networking, at the University of New Hampshire InterOperability Laboratory (UNH-IOL).