UNH-IOL USGv6 Profile Update Webinar

The University of New Hampshire
InterOperability Laboratory
(UNH-IOL)
www.iol.unh.edu
USGv6 Webinar

•USGv6 Profile changes
o NISTv6/USGv6
o New Capabilities (Applications/Services)
o Updates to current testing (including IPv6 Ready)
•How the USGv6 Revision affects testing
•INTACT Updates
•USGv6 Plugfest Announcement
2
Agenda

•USGv6 Profile is now two Documents
o NISTv6 contains the technical definitions
o USGv6 contains the recommendations specific to USG.
•Website
o https://www.nist.gov/programs-projects/usgv6-program
3
USGv6 to NISTv6 Profile

•Contains the Labeled Capabilities definitions
o DHCP-Client = RFC3315, RFC3646, RFC7083, RFC7283
•The M Recommendations are based on IETF IPv6 Node
Requirements.
•NISTv6 Capability Table (NCT) contains table mapping
RFCs to Capabilities
4
NISTv6 Profile

•Will cover areas that the USGv6 Profile requirements
defer from NISTv6.
o For Example, the USGv6 Profile will recommend using a
secure channel.
•Capability Summary String (CSS) is a list of Capabilities.
•USGv6 Profile CSS that reflect Agency Requirement
o Agency-Desktop = NISTv6-r1:Host + Core + SLAAC + Addr-
Arch + Multicast + DualStack + DHCP-client + DNS-Client +
TLS + URI + Link=Ethernet.
5
USGv6 Profile

•Extended-ICMP, ND-Ext-NUD, ND-Ext-Loss, ND-Ext-DAD,
and 6Lo.
o More advanced users of Neighbor Discovery.
•DHCP-Relay
•ISIS – Routing Protocol
•CE-Router – Small Office Router
•TLS
•IPsec-VPN
•DS-Lite, LW4over6, MAP-E, MAP-T, XLAT, LISP
•NETCONF
6
New Capabilities

•Added Ability to Test Applications and Services
•Testing is performed in an IPv6 only environment.
•Set of standard testable items
o Install, DNS, Access, Manage, Update
•Allows for applications to define TBD which would
include testing for support of IPv6-only.
o Example: Testing application can connect to a Database or
NAS server.
7
New Applications and Services

•Core
o Includes updates due to RFC 8200 (Atomic Fragments)
o Added Default Router Preference
o Included Link-local DAD
•SLAAC
o Only Global addressing
o Requires support for DNS in RA.
•Address Architecture
o Updated to RFC 6724
•Multicast
o Clarified Mandatory test cases are for supporting ND.
8
Mandatory

•IPSec now includes IKEv2
o Must support IKEv2, no manual keys required!
•Added IPSec-VPN for devices that support IPSec on the
data plane (gateway)
•TLS (1.2)
•Added Algorithms that can be selected.
o IoT
9
Security Updates

•Currently all the documents are open for public
comment.
•DEADLINE: September 14, 2018.
•Instructions for submitting comments are on the website.
o https://www.nist.gov/programs-projects/usgv6-program
10
Public Comment

•Will be updating IPv6 Ready Core Logo to RFC 8200
and 8201 in the October Timeframe.
•IPv6 Ready Logo will be updated in the Spring 2019.
•CE Router Logo is the same testing.
11
IPv6 Ready Logo

• Updated Prices for July 2019
o IPv6 Membership price is being raised due to the increase of available
services (TLS, Multicast).
• IPv6 Membership ($30,000)
o Host/Router Core, DHCP, IPSec, TLS, Addr-Arch, Multicast
o NPP (Network Protection Devices)
• IPv6 Application Membership ($20,000)
o Required for App Testing
• Routing Membership ($20,000)
o Covers ISIS, BGP, OSPF, NETCONF, SNMP
• Home Networking Consortium ($20,000)
o Covers CE-Router, Transition Mechanisms
12
Testing @ IOL

•Current users of INTACT will get updates for new cases
as part of the support.
•As new protocols become available to schedule testing,
INTACT package will become available.
•Each Package of INTACT is $6,000 per seat
o Core/AA, IPSec, DHCP are available packages
•Support is included thru Membership
13
INTACT

•Registration is open!
o https://www.iol.unh.edu/event/2018/09/usgv6-plugfest
•Will Test the following items:
o Core
o Address Architecture
o CE Router
o IPsec Interoperability
o NPP
14
USGv6 Plugfest

UNH-IOL USGv6 Profile Update Webinar

More Related Content

What's hot

Similar to UNH-IOL USGv6 Profile Update Webinar

More from UNH InterOperability Lab

Recently uploaded

UNH-IOL USGv6 Profile Update Webinar