|
IPv6 Ready Logo Program Phase-2 IPsec
|
last update Aug. 28, 2013
Latest Releases
- Test Specification: 1.11.0
- Self Test Tool: 1.11.1
- Interoperability Test Scenario: 1.11.0
Requirement
- Security Protocol:
NUT has to pass all the tests of ESP
regardless the type of the NUT.
The IPv6 Ready Logo Program does not focus on AH.
- Mode:
The mode requirement depends on the type of NUT.
- Host:
NUT has to pass all the tests of transport mode
and optionally Tunnel mode.
- Security Gateway (SGW):
NUT has to pass all the tests of Tunnel mode.
- Encryption Algorithm:
We defined two categories for Encryption Algorithms.
- BASE ALGORITHM:
To obtain the Logo for IPsec,
all NUT must pass the tests for BASIC ALGORITHM.
- ADVANCED ALGORITHM:
If a NUT supports some algorithms
which are listed in ADVANCED ALGORITHM,
it has to pass the tests for the algorithms.
- AES-CBC
- AES-CTR
- NULL
- CAMELLIA-CBC
- Authentication Algorithm:
We defined two categories for Authentication Algorithms.
- BASE ALGORITHM:
To obtain the Logo for IPsec,
all NUT must pass the tests for BASIC ALGORITHM.
- ADVANCED ALGORITHM:
If a NUT supports some algorithms,
which are listed in ADVANCED ALGORITHM,
it has to pass the tests for the algorithms.
Self-Test Specification
Please visit
IPv6 Ready Logo Program Web Page.
Test Suite
The Test Suite correspendent to above specificaion is available.
If you want to try it,
prepare a FreeBSD/i386 (7.3-RELEASE or higher) installed PC
and install both of TAHI Test platform and Test scripts listed below.
Platform
Please download
the latest version of v6eval.
(requires version 3.3.1 or higher)
Scripts
- For End-Node and Security Gateway
When you extract tarball,
you can find the directory named
${somewhere}/IPsec_Self_Test_P2_X-X-X/ipsec.p2
After the configuration as described in INSTALL.ct,
c3ange working directory to
${somewhere}/IPsec_Self_Test_P2_X-X-X
Configure the ipsec.p2/p2_ipsec_config for your device.
You can specify the Encription and Authentication algorithm
which you support as well as functions and waiting time.
At least you need to specify your device type
(End-Node or SGW)
By default it runs for End-Node.
Then type "make ipv6ready_p2_end_node" (for End-Node)
or "make ipv6ready_p2_sgw" (for Router).
By default, it uses ICMP for test.
If you need to use UDP you can use udp by typing
"make ipv6ready_p2_end_node_udp" (for End-Node)
or "make ipv6ready_p2_sgw_udp" (for Router)".
Test Results
As a Self-test result,
we need whole "IPsec_Self_Test_P2_X-X-X" directory where you run.
Please send this directory without any modification
with interoperability test result in tar.gz format.
e.g.,)
Make directries like this.
${Your_Device_ver}/IPsec_Self_Test_P2_X-X-X/
${Your_Device_ver}/Interoperability/
RUN command like following.
> tar zcvf $Your_Device_ver.tar.gz $Your_Device_ver
Self-Test Sample Result (Self-test Ver. 1.0.7)
Interopearability Test Scenario
Please visit
IPv6 Ready Logo Program Web Page.
IPv6 Forum, IPv6 Ready Logo Comittee