Learn more about the recent USGv6 Profile Update in this informational webinar. The revised profile aims to achieve several goals that include updating to the latest IPv6 standards, testing of products in “IPv6-only” environments, expanding to test IPv6 applications and services.
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
UNH-IOL USGv6 Profile Update Webinar
1. The University of New Hampshire
InterOperability Laboratory
(UNH-IOL)
www.iol.unh.edu
USGv6 Webinar
2. •USGv6 Profile changes
o NISTv6/USGv6
o New Capabilities (Applications/Services)
o Updates to current testing (including IPv6 Ready)
•How the USGv6 Revision affects testing
•INTACT Updates
•USGv6 Plugfest Announcement
2
Agenda
3. •USGv6 Profile is now two Documents
o NISTv6 contains the technical definitions
o USGv6 contains the recommendations specific to USG.
•Website
o https://www.nist.gov/programs-projects/usgv6-program
3
USGv6 to NISTv6 Profile
4. •Contains the Labeled Capabilities definitions
o DHCP-Client = RFC3315, RFC3646, RFC7083, RFC7283
•The M Recommendations are based on IETF IPv6 Node
Requirements.
•NISTv6 Capability Table (NCT) contains table mapping
RFCs to Capabilities
4
NISTv6 Profile
5. •Will cover areas that the USGv6 Profile requirements
defer from NISTv6.
o For Example, the USGv6 Profile will recommend using a
secure channel.
•Capability Summary String (CSS) is a list of Capabilities.
•USGv6 Profile CSS that reflect Agency Requirement
o Agency-Desktop = NISTv6-r1:Host + Core + SLAAC + Addr-
Arch + Multicast + DualStack + DHCP-client + DNS-Client +
TLS + URI + Link=Ethernet.
5
USGv6 Profile
6. •Extended-ICMP, ND-Ext-NUD, ND-Ext-Loss, ND-Ext-DAD,
and 6Lo.
o More advanced users of Neighbor Discovery.
•DHCP-Relay
•ISIS – Routing Protocol
•CE-Router – Small Office Router
•TLS
•IPsec-VPN
•DS-Lite, LW4over6, MAP-E, MAP-T, XLAT, LISP
•NETCONF
6
New Capabilities
7. •Added Ability to Test Applications and Services
•Testing is performed in an IPv6 only environment.
•Set of standard testable items
o Install, DNS, Access, Manage, Update
•Allows for applications to define TBD which would
include testing for support of IPv6-only.
o Example: Testing application can connect to a Database or
NAS server.
7
New Applications and Services
8. •Core
o Includes updates due to RFC 8200 (Atomic Fragments)
o Added Default Router Preference
o Included Link-local DAD
•SLAAC
o Only Global addressing
o Requires support for DNS in RA.
•Address Architecture
o Updated to RFC 6724
•Multicast
o Clarified Mandatory test cases are for supporting ND.
8
Mandatory
9. •IPSec now includes IKEv2
o Must support IKEv2, no manual keys required!
•Added IPSec-VPN for devices that support IPSec on the
data plane (gateway)
•TLS (1.2)
•Added Algorithms that can be selected.
o IoT
9
Security Updates
10. •Currently all the documents are open for public
comment.
•DEADLINE: September 14, 2018.
•Instructions for submitting comments are on the website.
o https://www.nist.gov/programs-projects/usgv6-program
10
Public Comment
11. •Will be updating IPv6 Ready Core Logo to RFC 8200
and 8201 in the October Timeframe.
•IPv6 Ready Logo will be updated in the Spring 2019.
•CE Router Logo is the same testing.
11
IPv6 Ready Logo
12. • Updated Prices for July 2019
o IPv6 Membership price is being raised due to the increase of available
services (TLS, Multicast).
• IPv6 Membership ($30,000)
o Host/Router Core, DHCP, IPSec, TLS, Addr-Arch, Multicast
o NPP (Network Protection Devices)
• IPv6 Application Membership ($20,000)
o Required for App Testing
• Routing Membership ($20,000)
o Covers ISIS, BGP, OSPF, NETCONF, SNMP
• Home Networking Consortium ($20,000)
o Covers CE-Router, Transition Mechanisms
12
Testing @ IOL
13. •Current users of INTACT will get updates for new cases
as part of the support.
•As new protocols become available to schedule testing,
INTACT package will become available.
•Each Package of INTACT is $6,000 per seat
o Core/AA, IPSec, DHCP are available packages
•Support is included thru Membership
13
INTACT
14. •Registration is open!
o https://www.iol.unh.edu/event/2018/09/usgv6-plugfest
•Will Test the following items:
o Core
o Address Architecture
o CE Router
o IPsec Interoperability
o NPP
14
USGv6 Plugfest