• Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
640
On Slideshare
0
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
37
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Rethink IPv6/IPv4 Dual Stack Testing Rethink IPv6/IPv4 Dual Stack Testing A Methodology for measuring the performance, security, and stability of network devices in a dual stack IPv4/ IPv6 environmentwww.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 1All other trademarks are the property of their respective owners.
  • 2. Rethink IPv6/IPv4 Dual Stack Testing Table of Contents Introduction .................................................................................................................................................................................................................... 3 IPv6: Generic Traffic ...................................................................................................................................................................................................... 5 IPv6: Dual Stack.............................................................................................................................................................................................................. 21 IPv6: Security .................................................................................................................................................................................................................. 36 IPv6: Fuzzing ................................................................................................................................................................................................................... 46 IPv6: Security Fuzzing .................................................................................................................................................................................................. 55 About BreakingPoint ................................................................................................................................................................................................... 65www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 2All other trademarks are the property of their respective owners.
  • 3. Rethink IPv6/IPv4 Dual Stack Testing Introduction Internet Protocol version 6 (IPv6) is the next-generation Internet Layer protocol for packet-switched internetworks. IPv6 is the designated successor to IPv4, which is the first implementation used on the Internet. While IPv6 is the successor to IPv4, both protocols are currently being used on the Internet. This arrangement will likely remain in place for years to come, as a wholesale conversion to IPv6 is simply not feasible. Although IPv6 has been a standard for more than a decade, it has not yet gained broad acceptance. With the rapid exhaustion of IPv4 addresses, however, it is generally accepted that IPv6 will eventually become the de facto IP standard. Already, most organizations have hidden IPv6 traffic running across their networks that few are equipped to detect or manage. For those reasons it is becoming more urgent to that ensure IPv6 equipment is properly configured and evaluated for its ability to successfully transmit data. This requires thorough validation of the capabilities of IPv6 alone and as a dual stack, running both IPv4 and IPv6, or any other configuration that could be used. To ensure that IPv6 equipment and today’s network infrastructures are resilient in the face of increasing application traffic or attack, it is important to rethink traditional IPv6 testing. Legacy bit blasting tools, artificial traffic, and an outdated IPv6 stack will inevitably lead to production network problems and missed vulnerabilities. To capture precise, standardized and repeatable measurements of performance, security and stability, your evaluation should emulate the actual deployment environment as closely as possible. And that requires emulating a real mix of application traffic at line rate speeds, peak user load, and current attack traffic. Directly connected devices such as routers, switches and firewalls will also have an effect on packet loss, latency and data integrity. And the number of advertised host IP and MAC addresses, VLAN Tagging, and NAT will affect the performance of IPv6 equipment. If it is not feasible to fully recreate the deployment environment, the BreakingPoint Storm CTM should be connected directly to the device. All devices and builds must be evaluated in a standardized and repeatable manner using the same network conditions to ensure consistent results. IPv6 Network Device Evaluation Methodology Elements The following methodology was designed to enable you to thoroughly validate IPv6 capabilities using the most current and realistic network conditions possible. It is a standardized methodology designed for repeatable evaluations of IPv6 devices and covers the following critical components: IPv6: Generic Traffic Measures the ability of the device to transmit IPv6 traffic. Several metrics are produced, measuring device capabilities, latency, packet loss and throughput. IPv6: Dual Stack Measures the ability of the device to transmit both IPv4 and IPv6 traffic. Dual stack configurations will be common for many years, so it is vital to verify correct configuration. Several metrics are produced to measure device capabilities, latency, packet loss and throughput. IPv6: Security Determine how escalating security threats will affect overall performance. Different attacks are generated, and the latency, packet loss and throughput of the device are measured. IPv6: Fuzzing Measures the impact of malformed packets that are present on today’s networks. Metrics are produced, measuring the impact of malformed packets and legitimate traffic on latency, packet loss and throughput of the device.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 3All other trademarks are the property of their respective owners.
  • 4. Rethink IPv6/IPv4 Dual Stack Testing IPv6: Security Fuzzing Combine malformed packets and security attacks for a real-world view. Now that it has been determined how security threats and malformed packets individually affect traffic, metrics are produced by combining the two and measuring the affect on network performance. Latency, packet loss and throughput of the device are measured.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 4All other trademarks are the property of their respective owners.
  • 5. Rethink IPv6/IPv4 Dual Stack Testing IPv6: Generic Traffic RFC: • RFC 2460 – Internet Protocol, Version 6 Overview: This test is performed to verify that IPv6 has been correctly configured and data is able to transmit through the device. The device will be configured to use IPv6. The BreakingPoint Storm CTM will be configured to transmit data through the device using IPv6. Objective: Determine the latency, packet loss and throughput of the device while using IPv6 traffic. Setup:www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 5All other trademarks are the property of their respective owners.
  • 6. Rethink IPv6/IPv4 Dual Stack Testing 1. Launch your favorite Web browser and connect to the BreakingPoint Storm CTM. Click Start BreakingPoint Systems Control Center once the page loads. 2. In the new window that is displayed, type your Login ID and Password. Click Login.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 6All other trademarks are the property of their respective owners.
  • 7. Rethink IPv6/IPv4 Dual Stack Testing 3. Reserve the required ports. 4. Select Control Center  Network Neighborhood.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 7All other trademarks are the property of their respective owners.
  • 8. Rethink IPv6/IPv4 Dual Stack Testing 5. Under the Network Neighborhoods heading, click the plus symbol located at the bottom right to create a new network neighborhood. 6. In the Give the new network neighborhood a name box enter IPv6 Test as the name and click OK.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 8All other trademarks are the property of their respective owners.
  • 9. Rethink IPv6/IPv4 Dual Stack Testing 7. Notice that multiple Interface tabs are available for configuration, but only two are required for the evaluation. The extra interfaces can be removed if desired by clicking the X to delete this interface. When prompted about removing the interface, click Yes. The remaining interfaces will be renamed. Repeat this process until only two interfaces remain. 8. With Interface tab 1 selected, click the Plus (+) in the Domains section located just below interface tabs. 9. When prompted to enter a new domain name enter “IPv6” and click OK button to create the new domain.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 9All other trademarks are the property of their respective owners.
  • 10. Rethink IPv6/IPv4 Dual Stack Testing 10. With Interface tab 1 selected and IPv6 domain selected, click the ellipsis icon {…} located at the bottom of the window to open and display subnet details. 11. Select the IPv6 radio button. A new window will be displayed stating that changing to IPv6 will clear all of your address fields. Click Yes.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 10All other trademarks are the property of their respective owners.
  • 11. Rethink IPv6/IPv4 Dual Stack Testing 12. Configure the selected interface subnet IP information with the following: Network IP Address: fd00:6477:aaaa:0000:: and Prefix of 64. Use the Type drop-down menu to select Virtual Router. Configure the Virtual Router IP Address as fd00:6477:aaaa:0000::1. Next, configure the Minimum IP Address with fd00:6477:aaaa:0000::2 and the Maximum IP Address as fd00:6477:aaaa:0000::ff and click Accept. 13. Select the Interface 2 tab and repeat step 8 creating a new domain named IPv6. Repeat steps 9 and 10 opening the Network Neighborhood and selecting IPv6 radio button and accept the change for interface 2. Enter the following IP information: Network IP Address: fd00:6477:cccc:0000:: and Prefix of 64. Use the Type drop-down menu to select Virtual Router. Configure the Virtual Router IP Address as fd00:6477:cccc:0000::2. Next, configure the Minimum IP Address with fd00:6477:cccc:0000::1 and the Maximum IP Address as fd00:6477:cccc:0000::ff and click Accept. Notes: Any valid IPv6 Network addressing can be used when configuring your Network Neighborhood. The above IPv6 address space is just one example.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 11All other trademarks are the property of their respective owners.
  • 12. Rethink IPv6/IPv4 Dual Stack Testing 14. Click Save Network. 15. Select Test  New Test. 16. Under Test Quick Steps, choose Select the DUT/Network.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 12All other trademarks are the property of their respective owners.
  • 13. Rethink IPv6/IPv4 Dual Stack Testing 17. In the Choose a device under test and network neighborhood window the Device Under Test section, verify BreakingPoint Default is selected. Under Network Neighborhood(s), right half of window, verify that the newly created IPv6 Test is selected. Click Accept. 18. Under the Test Quick Steps, select Add a Test Component.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 13All other trademarks are the property of their respective owners.
  • 14. Rethink IPv6/IPv4 Dual Stack Testing 19. In the Select a component type window, click Application Simulator (L7). 20. Under the Information tab, enter IPv6 Traffic as the name and click Apply Changes. 21. Select the Interfaces tab. Verify that Interface 1 Client is enabled and select IPv6 from drop down menu to ensure this domain will be used. Verify Interface 2 Server is enabled and select IPv6 domain from drop down menus, click Apply Changes.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 14All other trademarks are the property of their respective owners.
  • 15. Rethink IPv6/IPv4 Dual Stack Testing 22. Select the Presets tab and select, Service Providers Apps. Click Apply Changes once completed. 23. Select the Parameters tab. Several changes will need to be made in this section. The first is located in the Data Rate section. Change the Minimum data rate to 1000 (1Gig). Click Apply Changes once complete. 24. Next, locate the Session Ramp Distribution section. Several changes will be made in this section to the run time of the test. Change the Ramp Up Time Interval to 10 seconds, the Steady-State Time Interval to 5 Minutes and the Ramp Down Time Interval to 10 seconds. Scrolling will be required to change some of those parameters. Click Apply Changes once complete.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 15All other trademarks are the property of their respective owners.
  • 16. Rethink IPv6/IPv4 Dual Stack Testing 25. Next, under the Parameters tab locate the Session Configuration section. Change the Maximum Simultaneous Session to a value of 100000 and Maximum Sessions per Second to 50000. Locate the TCP Configuration section and change the Maximum Segment Size value to 1440. Click Apply Changes once complete. 26. To edit the test description, select Edit Description under the Test Information section.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 16All other trademarks are the property of their respective owners.
  • 17. Rethink IPv6/IPv4 Dual Stack Testing 27. Finally, select Save and Run under the Test Quick Steps. 28. When prompted for a name, enter IPv6 Traffic and click Save. The Summary tab will initially be displayed. This tab shows information such as TCP Connection Rate, Bandwidth and Application Transaction Rate.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 17All other trademarks are the property of their respective owners.
  • 18. Rethink IPv6/IPv4 Dual Stack Testing 29. Select the Application tab. Verify that traffic is being transmitted for each protocol. Use the drop-down menu to select a new protocol to view. 30. When the test is completed, a new window will be displayed. Click the Close button to close the window. 31. When the test is completed, click the View the report button.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 18All other trademarks are the property of their respective owners.
  • 19. Rethink IPv6/IPv4 Dual Stack Testing 32. Expand Test Results for IPv6 Traffic and select IP Summary. Determine if a significant number of frames were dropped during the test. 33. Next, select Frame Latency Summary. Using the table, determine the average, minimum and maximum frame latency.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 19All other trademarks are the property of their respective owners.
  • 20. Rethink IPv6/IPv4 Dual Stack Testing 34. Next, expand the Detail folder and select Frame Data Rate. Determine the rate at which traffic was able to transmit at a steady rate.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 20All other trademarks are the property of their respective owners.
  • 21. Rethink IPv6/IPv4 Dual Stack Testing IPv6: Dual Stack RFC: • RFC 791 – Internet Protocol • RFC 2460 – Internet Protocol, Version 6 Overview: This evaluation is being performed to verify that the device is able to process both IPv4 and IPv6 data traffic at the same time in an efficient manner. The device will be configured to use both IPv4 and IPv6. The BreakingPoint Storm CTM will be configured to transmit data through the device using IPv4 and IPv6. Objective: Determine the latency, packet loss and throughput of the device while using IPv6 traffic. Setup:www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 21All other trademarks are the property of their respective owners.
  • 22. Rethink IPv6/IPv4 Dual Stack Testing 1. Launch your favorite Web browser and connect to the BreakingPoint Storm CTM. Click Start BreakingPoint Systems Control Center once the page loads. 2. In the new window that is displayed, type your Login ID and Password. Click Login.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 22All other trademarks are the property of their respective owners.
  • 23. Rethink IPv6/IPv4 Dual Stack Testing 3. Reserve the required ports to run the test. 4. Select Control Center  Network Neighborhood.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 23All other trademarks are the property of their respective owners.
  • 24. Rethink IPv6/IPv4 Dual Stack Testing 5. Select the Network Neighborhood created in the previous test and click Save As. 6. When prompted, enter Dual Stack as the name and click OK. 7. Click the Create a new domain button.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 24All other trademarks are the property of their respective owners.
  • 25. Rethink IPv6/IPv4 Dual Stack Testing 8. As the default domain is IPv6, enter IPv4 as the name and click OK. 9. With the IPv4 domain selected, click the Show subnet details {…} button located at the bottom of windw..www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 25All other trademarks are the property of their respective owners.
  • 26. Rethink IPv6/IPv4 Dual Stack Testing 10. Make sure that IPv4 is selected. Configure the Network IP Address with 10.1.2.0, Netmask with 24 and the Gateway IP Address with 10.1.2.1. Use the Type drop-down menu to select Virtual Router and configure the IP address with 10.1.2.2. Then configure the Minimum IP Address with 10.1.2.3 and the Maximum IP Address with 10.1.2.254.. Click Accept. 11. Select the tab for Interface 2 and repeat steps 7 & 8 creating a new domain and name it IPv4. Repeat step 9 opening the subnet details using {…} icon at the bottom. Make sure that IPv4 is selected. Configure the Network IP Address with 10.1.3.0, Netmask with 24 and the Gateway IP Address with 10.1.3.1. Use the Type drop-down menu to select Virtual Router and configure the IP address with 10.1.3.2. Then configure the Minimum IP Address with 10.1.3.3 and the Maximum IP Address with 10.1.3.254. Click Accept.. Important Note: The device under test (DUT) must have its Storm connected interfaces configured properly with IPv4 and IPv6 addressing along with static routes for IP networks the Storm generates that are not directly connected to those interfaces. 12. When done, click the Save Network button. 13. Select Test  Open Recent Tests  IPv6 Traffic.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 26All other trademarks are the property of their respective owners.
  • 27. Rethink IPv6/IPv4 Dual Stack Testing 14. Select Save Test As. 15. When prompted, enter Dual Stack as the name and click Save. 16. Under Test Quick Steps click the first option “Select the DUT/Network.”www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 27All other trademarks are the property of their respective owners.
  • 28. Rethink IPv6/IPv4 Dual Stack Testing 17. In the Choose a device under test and network neighborhood window in the Device Under Test section (left side), verify that BreakingPoint Default is selected. Under Network Neighborhos) (right side), verify that the newly created Dual Stack is selected. Click Accept. 18. Select the Parameters tab for the IPv6 Traffic test component. Change the Minimum data rate to 500 and click Apply Changes.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 28All other trademarks are the property of their respective owners.
  • 29. Rethink IPv6/IPv4 Dual Stack Testing 19. Right-click on the IPv6 Traffic test component and select Clone Component. 20. Select the newly cloned component. Under the Information tab, change the name to IPv4 Traffic and click Apply Changes. 21. Select the Interfaces tab. Use the drop-down menus and change Interface 1 Client to IPv4 and Interface 2 Server to IPv4. Click Apply Changes once completed.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 29All other trademarks are the property of their respective owners.
  • 30. Rethink IPv6/IPv4 Dual Stack Testing 22. Select the Parameters tab. Change the TCP Configuration Maximum Segment Size to 1460 for IPv4. Click Apply Changes once completed. 23. To edit the test description, select Edit Description under the Test Information section. 24. Select Save and Run under the Test Quick Steps.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 30All other trademarks are the property of their respective owners.
  • 31. Rethink IPv6/IPv4 Dual Stack Testing The Summary tab will initially be displayed. This tab shows information such as TCP Connection Rate, Bandwidth and Application Transaction Rate. 25. Select the Application tab. Verify that traffic is being transmitted for each protocol. Use the drop-down menu to select a new protocol to view.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 31All other trademarks are the property of their respective owners.
  • 32. Rethink IPv6/IPv4 Dual Stack Testing 26. When the test is completed, a new window will be displayed. Click the Close button to close the window. 27. When the test is completed, click the View the report button.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 32All other trademarks are the property of their respective owners.
  • 33. Rethink IPv6/IPv4 Dual Stack Testing 28. Expand Test Results for IPv6 Traffic and select IP Summary. Determine if a significant number of frames were dropped during the test. 29. Next, select Frame Latency Summary. Using the table, determine the average, minimum and maximum frame latency.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 33All other trademarks are the property of their respective owners.
  • 34. Rethink IPv6/IPv4 Dual Stack Testing 30. Next, expand the Detail folder and select Frame Data Rate. Determine the rate at which traffic was able to transmit at a steady rate. 31. Expand Test Results for IPv4 Traffic and select IP Summary. Determine if a significant number of frames were dropped during the test.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 34All other trademarks are the property of their respective owners.
  • 35. Rethink IPv6/IPv4 Dual Stack Testing 32. Next, select Frame Latency Summary. Using the table, determine the average, minimum and maximum frame latency. 33. Next, expand the Detail folder and select Frame Data Rate. Determine the rate at which traffic was able to transmit at a steady rate.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 35All other trademarks are the property of their respective owners.
  • 36. Rethink IPv6/IPv4 Dual Stack Testing IPv6: Security RFC: • RFC 2460 – Internet Protocol, Version 6 Overview: This evaluation determines how malicious traffic affects legitimate traffic. The device will be configured to use IPv6. The BreakingPoint Storm CTM will be configured to transmit data through the device using IPv6. Objective: Determine the latency, packet loss and throughput of the device when having to deal with malicious traffic and legitimate traffic. Setup:www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 36All other trademarks are the property of their respective owners.
  • 37. Rethink IPv6/IPv4 Dual Stack Testing 1. Launch your favorite Web browser and connect to the BreakingPoint Storm CTM. Click Start BreakingPoint Systems Control Center once the page loads. 2. In the new window that is displayed, type your Login ID and Password. Click Login.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 37All other trademarks are the property of their respective owners.
  • 38. Rethink IPv6/IPv4 Dual Stack Testing 3. Reserve the required ports to run the test. 4. Select Test  Open Recent Tests  IPv6 Traffic. 5. Click the Save Test As link.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 38All other trademarks are the property of their respective owners.
  • 39. Rethink IPv6/IPv4 Dual Stack Testing 6. When prompted, enter IPv6 Security as the name and click Save. 7. Select the Parameters tab. Change the Minimum data rate to 995. Once completed, click the Apply Changes button. 8. Under the Test Quick Steps, select Add a Test Component.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 39All other trademarks are the property of their respective owners.
  • 40. Rethink IPv6/IPv4 Dual Stack Testing 9. In the Select a component type window, select the Security test component. 10. With the Security Component selected open the Interfaces tab. Verify that Interface 1 Client is enabled and select IPv6 from drop down menu to ensure this domain will be used. Verify Interface 2 Server is enabled and select IPv6 domain from drop down menu. Click Apply Changes.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 40All other trademarks are the property of their respective owners.
  • 41. Rethink IPv6/IPv4 Dual Stack Testing 11. With the Security test component selected, select the Presets tab. Choose the Security Level34 presets and click Apply Changes. 12. No other changes are required. Select Save and Run under the Test Quick Steps.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 41All other trademarks are the property of their respective owners.
  • 42. Rethink IPv6/IPv4 Dual Stack Testing The Summary tab will initially be displayed. This tab shows information such as TCP Connection Rate, Bandwidth and Application Transaction Rate. Select the Application tab. Verify that traffic is being transmitted for each protocol. Use the drop-down menu to select a new protocol to view.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 42All other trademarks are the property of their respective owners.
  • 43. Rethink IPv6/IPv4 Dual Stack Testing 13. When the test is completed, a new window will be displayed. As the security threats are not being run through a firewall, it is not expected that they will be blocked. Click the Close button to close the window. 14. When the test is completed, click the View the report button.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 43All other trademarks are the property of their respective owners.
  • 44. Rethink IPv6/IPv4 Dual Stack Testing 15. Expand Test Results for IPv6 Traffic and select IP Summary. Determine if a significant number of frames were dropped during the test. 16. Next, select Frame Latency Summary. Using the table, determine the average, minimum and maximum frame latency.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 44All other trademarks are the property of their respective owners.
  • 45. Rethink IPv6/IPv4 Dual Stack Testing 17. Next, expand the Detail folder and select Frame Data Rate. Determine the rate at which traffic was able to transmit at a steady rate. 18. Compare the results from this test with the initial IPv6 Traffic test. Determine if having malicious traffic also being sent with IPv6 traffic has any effect on the IPv6 traffic.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 45All other trademarks are the property of their respective owners.
  • 46. Rethink IPv6/IPv4 Dual Stack Testing IPv6: Fuzzing RFC: • RFC 2460 – Internet Protocol, Version 6 Overview: This evaluation determines how malformed packets affect legitimate traffic. The device will be configured to use IPv6. The BreakingPoint Storm CTM will be configured to transmit data through the device using IPv6. The BreakingPoint Storm CTM will also be configured to transmit malformed packets. Objective: Determine the latency, packet loss and throughput of the device when having to deal with malicious traffic and legitimate traffic. Setup:www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 46All other trademarks are the property of their respective owners.
  • 47. Rethink IPv6/IPv4 Dual Stack Testing 1. Launch your favorite Web browser and connect to the BreakingPoint Storm CTM. Click Start BreakingPoint Systems Control Center once the page loads. 2. In the new window that is displayed, type your Login ID and Password. Click Login.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 47All other trademarks are the property of their respective owners.
  • 48. Rethink IPv6/IPv4 Dual Stack Testing 3. Reserve the required ports to run the test. 4. Select Test  Open Recent Tests  IPv6 Traffic. 5. Click the Save Test As link.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 48All other trademarks are the property of their respective owners.
  • 49. Rethink IPv6/IPv4 Dual Stack Testing 6. When prompted, enter IPv6 Fuzzing as the name and click Save. 7. Select the Parameters tab. Change the Minimum data rate to 985. Once completed click the Apply Changes button. 8. Under the Test Quick Steps, select Add a Test Component.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 49All other trademarks are the property of their respective owners.
  • 50. Rethink IPv6/IPv4 Dual Stack Testing 9. In the Select a component type window, select the Stack Scrambler test component. 10. With the Stack Scrambler test component selected, select the Presets tab. Make sure All Protocol Stacks is selected and click Apply Changes. With the Stack Scrambler test component selected, selected the Interfaces tab. Verify that Interface 1 Client is enabled and select IPv6 from drop down menu to ensure this domain will be used. Verify Interface 2 Server is enabled and select IPv6 domain from drop down menu. Click Apply Changes.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 50All other trademarks are the property of their respective owners.
  • 51. Rethink IPv6/IPv4 Dual Stack Testing 11. Select the Parameters tab. Change the Test duration measured by a time interval to 5 Minutes and click Apply Changes. 12. No other changes are required. Select Save and Run under the Test Quick Steps. The Summary tab will initially be displayed. This tab shows information such as TCP Connection Rate, Bandwidth and Application Transaction Rate.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 51All other trademarks are the property of their respective owners.
  • 52. Rethink IPv6/IPv4 Dual Stack Testing 13. Select the Application tab. Verify that traffic is being transmitted for each protocol. Use the drop-down menu to select a new protocol to view. 14. When the test is compleed, a new window will be displayed. Similar to the security testing these threats are not being run through a firewall an , it is not expected that they will be blocked. Click the Close button to close the window.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 52All other trademarks are the property of their respective owners.
  • 53. Rethink IPv6/IPv4 Dual Stack Testing 15. When the test is completed, click the View the report button. 16. Expand Test Results for IPv6 Traffic and select IP Summary. Determine if a significant number of frames were dropped during the evaluation. 17. Next, select Frame Latency Summary. Using the table, determine the average, minimum and maximum frame latency.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 53All other trademarks are the property of their respective owners.
  • 54. Rethink IPv6/IPv4 Dual Stack Testing 18. Next, expand the Detail folder and select Frame Data Rate. Determine the rate at which traffic was able to transmit at a steady rate. 19. Compare the results from this evaluation with the initial IPv6 Traffic evaluation. Determine if having flawed traffic also being sent with IPv6 traffic has any effect on the IPv6 traffic.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 54All other trademarks are the property of their respective owners.
  • 55. Rethink IPv6/IPv4 Dual Stack Testing IPv6: Security Fuzzing RFC: • RFC 2460 – Internet Protocol, Version 6 Overview: This evaluation determines how malformed packets and security threats affect legitimate traffic. The device will be configured to use IPv6. The BreakingPoint Storm CTM will be configured to transmit data through the device using IPv6. The BreakingPoint Storm CTM will also be configured to transmit malformed packets and send security threats. Objective: Determine the latency, packet loss and throughput of the device when having to deal with malicious traffic, security threats, and legitimate traffic. Setup:www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 55All other trademarks are the property of their respective owners.
  • 56. Rethink IPv6/IPv4 Dual Stack Testing 1. Launch your favorite Web browser and connect to the BreakingPoint Storm CTM. Click Start BreakingPoint Systems Control Center once the page loads. 2. In the new window that is displayed, type your Login ID and Password. Click Login.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 56All other trademarks are the property of their respective owners.
  • 57. Rethink IPv6/IPv4 Dual Stack Testing 3. Reserve the required ports to run the test. 4. Select Test  Open Recent Tests  IPv6 Fuzzing. 5. Click the Save Test As link.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 57All other trademarks are the property of their respective owners.
  • 58. Rethink IPv6/IPv4 Dual Stack Testing 6. When prompted, enter IPv6 Security Fuzzing as the name and click Save. 7. With the IPv6 Traffic test commenent selected, select the Parameters tab. Change the Minimum data rate to 980. Once completed, click the Apply Changes button. 8. Under the Test Quick Steps, select Add a Test Component.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 58All other trademarks are the property of their respective owners.
  • 59. Rethink IPv6/IPv4 Dual Stack Testing 9. In the Select a component type window, select the Security test component. 10. With the Security test component selected, select the Presets tab. Select the Security Level34 presets and click Apply Changes.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 59All other trademarks are the property of their respective owners.
  • 60. Rethink IPv6/IPv4 Dual Stack Testing 11. With the Security test component selected, selected the Interfaces tab. Verify that Interface 1 Client is enabled and select IPv6 from drop down menu to ensure this domain will be used. Verify Interface 2 Server is enabled and select IPv6 domain from drop down menu. Click Apply Changes. No other changes are required. Select Save and Run under the Test Quick Steps. The Summary tab will initially be displayed. This tab shows information such as TCP Connection Rate, Bandwidth and Application Transaction Rate.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 60All other trademarks are the property of their respective owners.
  • 61. Rethink IPv6/IPv4 Dual Stack Testing 12. Select the Application tab. Verify that traffic is being transmitted for each protocol. Use the drop-down menu to select a new protocol to view. 13. When the test is completed, a new window is displayed. As the security threats are not run through a firewall, it is not expected that they will be blocked. Click the Close button to close the window.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 61All other trademarks are the property of their respective owners.
  • 62. Rethink IPv6/IPv4 Dual Stack Testing 14. When the test is completed, click the View the report button. 15. Expand Test Results for IPv6 Traffic and select IP Summary. Determine if a significant number of frames were dropped during the test. 16. Next, select Frame Latency Summary. Using the table, determine the average, minimum and maximum frame latency.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 62All other trademarks are the property of their respective owners.
  • 63. Rethink IPv6/IPv4 Dual Stack Testing 17. Next, expand the Detail folder and select Frame Data Rate. Determine the rate at which traffic was able to transmit at a steady rate. 18. Compare the results from this evaluation with the initial IPv6 Traffic evaluation. Determine if injecting flawed and malicious traffic with IPv6 traffic has any effect on the IPv6 traffic.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 63All other trademarks are the property of their respective owners.
  • 64. Rethink IPv6/IPv4 Dual Stack Testing Evaluating IPv6 Equipment Using the BreakingPoint Storm CTM™ The BreakingPoint Storm CTM™ is the industry’s first and only Cyber Tomography Machine and the standard by which the world optimizes the resiliency of its cyber infrastructures. The BreakingPoint Storm CTM accelerates a blend of real-world applications, live security attacks and the stress of millions of users in order to detect stress fractures within network devices and infrastructures. Powered by high- speed network processors and specialized hardware, the BreakingPoint Storm CTM emits high-speed traffic waves, returning a deep analysis of the effects of the traffic on network devices, networks and data centers. The BreakingPoint Storm CTM simulates the most current dual stack IPv4/IPv6 traffic blended with live security attacks at line-rate speeds with millions of concurrent TCP sessions delivered from the same address space. BreakingPoint provides the industry’s most comprehensive and up-to-date IPv6 traffic, allowing enterprises, service providers and government agencies to validate that the equipment and systems they are relying on are capable of performing in the face of IPv6 traffic. Request an evaluation of a BreakingPoint Storm CTM today at http://www.breakingpointsystems.com/demo/.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 64All other trademarks are the property of their respective owners.
  • 65. Rethink IPv6/IPv4 Dual Stack Testing About BreakingPoint BreakingPoint pioneered the first and only Cyber Tomography Machine Contact BreakingPoint (CTM) to expose previously impossible-to-detect stress fractures within Learn more about BreakingPoint cyber infrastructure components before they are exploited to compromise products and services by contacting a customer data, corporate assets, brand reputation and even national security. representative in your area. BreakingPoint products are the standard by which the world’s governments, 1.866.352.6691 U.S. Toll Free enterprises, and service providers optimize the resiliency of their cyber www.breakingpoint.com infrastructures. For more information, visit www.breakingpoint.com. BreakingPoint Global Headquarters BreakingPoint Storm CTM 3900 North Capital of Texas Highway BreakingPoint has pioneered Cyber Tomography with the introduction of Austin, TX 78746 the BreakingPoint Storm CTM, enabling users to see for the first time the email: salesinfo@breakingpoint.com virtual stress fractures lurking within their cyber infrastructure through the tel: 512.821.6000 simulation of crippling attacks, high-stress traffic load and millions of users. toll-free: 866.352.6691 BreakingPoint Storm CTM is a three-slot chassis that provides the equivalent BreakingPoint EMEA Sales Office performance and simulation of racks and racks of servers, including: Paris, France email: emea_sales@breakingpoint.com • 40 Gigabits per second of blended stateful application traffic tel: + 33 6 08 40 43 93 • 30 million concurrent TCP sessions BreakingPoint APAC Sales Office • 1.5 million TCP sessions per second Suite 2901, Building #5, Wanda Plaza • 600,000+ complete TCP sessions per second No. 93 Jianguo Road • 80,000+ SSL sessions per second Chaoyang District, Beijing, 100022, China • 100+ stateful applications email: apac_sales@breakingpoint.com • 4,500+ live security strikes tel: + 86 10 5960 3162 BreakingPoint Resources Hardening cyber infrastructure is not easy work, but nothing that is this important has ever been easy. Enterprises, service providers, government agencies and equipment vendors are under pressure to establish a cyber infrastructure that can not only repel attack but is resilient to application sprawl and maximum load. BreakingPoint’s Cyber Tomography Machine (CTM) provides the technology and solutions that allow these organizations to create a hardened and resilient cyber infrastructure. BreakingPoint also provides the very latest industry resources to make this process that much easier, including Resiliency Methodologies, How-to Guides, white papers, webcasts, and a newsletter. To learn more, visit www.breakingpoint.com/resources. BreakingPoint Labs Community Join discussions on the latest developments in hardening cyber infrastructure. BreakingPoint Labs brings together a diverse community of people leveraging the most current insight to harden cyber infrastructure to withstand crippling attack and high-stress application load. Visit www.breakingpointlabs.com.www.breakingpoint.com© 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc. 65All other trademarks are the property of their respective owners.