Technical Requirements for Internet Protocol Version 6 (IPv6) Network Equipment Procurement Guideline
Overview
This document is the technical companion document to the Internet Protocol Version 6 Network Equipment Procurement Guideline. It sets out the relevant Internet Protocol Version 6 (IPv6) technical requirements that should be used in procuring network equipment to be deployed in the Government of Canada.
Document governance
The evolution of IPv6 technology continues at a rapid pace, as do the relevant IPv6 technical documents (RFCs) that specify how IPv6 capabilities should function. As a result, the functions and related RFCs listed in the tables that follow are expected to be updated periodically within the first two years of this document’s publication. This document should be checked periodically for updates. Refer to “Version History” to determine whether there have been changes since your last viewing.
| Version # | Release Date | Notes |
|---|---|---|
Table 1 Notes
|
||
| v1.0 | 2012 11 30 | The initial release of this documenttable note1 |
| V2.0 | 2013 06 28 | The current release, containing updates and clarifications. Moves two functions from the base set to link-specific functions. |
Rationale
This document was produced to:
- Identify IPv6 needs that are specific to the Government of Canada, as well as its future direction for IPv6;
- Maintain alignment with industry standards and practices; and
- Avoid the time delays and costs associated with certification programs.
The following key guidance documents (IPv6 requirements) were reviewed when developing this guideline to the Government of Canada's adoption of IPv6:
- The IPv6 Ready Logo Program:
- an industry-led program, begun in 2002, that certifies equipment to functional groupings or sets of Requests for Comment (RFCs);Footnote 2 and
- the Phase 2 Logo was started in 2005, and Phase 1 was terminated in 2011
- The US Government's IPv6 profile (USGv6):
- developed by the U.S. National Institute of Standards and Technology (NIST), starting in 2005, along with a certification program (the latter commenced in 2009)
- there are plans for a version 2 of the profile in late 2012
- The Réseaux IP Européens (RIPE) Requirements for IPv6 in ICT Equipment (RIPE-554):
- The initial profile (RIPE-501) was replaced with RIPE-554 in 2012
- The Internet Engineering Task Force (IETF) RFC 6434 -IPv6 Node Requirements:
- this is a December, 2011 informational RFC that provides profile-like coverage of RFCs that address IPv6 node requirements
Guidance for interpreting the tables
Users of this technical requirements document are directed to section 8 of the Internet Protocol Version 6 Network Equipment Procurement Guideline for interpretive guidance.
The lists of functions provided in the tables that follow are divided into a "base" set and sets of functions that apply to the equipment when used in specific situations. The base functions are deemed to be required for all network equipment, while the situation-specific sets are additional functions req uired only for those situations. Accompanying most IPv6 functions is an RFC (or list of RFCs) that should be included in the procurement's requirements.
1 IPv6 functions for network equipment
1.1 Base functionsFootnote 3
This document's base functions include the IPv6 base standard (RFC 2460 – IPv6 Specification and its periodic RFC updates) and its related specifications to provide path discovery, neighbour discovery, auto-configuration and addressing.
The inclusion of RFC 4213 – Basic Transition Mechanisms for IPv6 Hosts and Routers in the following functions is intended to ensure that network equipment is capable of basic IPv6 and Internet Protocol Version 4 (IPv4) transition functionality such as dual-stack. There are many layer 2 technologies; the minimum considered necessary to the Government of Canada (i.e., "IPv6 over Ethernet" and "IPv6 over PPP") are listed in the table that follows.
Stateless address auto-configuration is essential because this functionality is required to provide the initial address configuration for network equipment. Additional address and host configuration functions, using either using Stateless Address Auto-Configuration (SLAAC) or Dynamic Host Configuration Protocol version 6 (DHCPv6), are described in section 5.3.
| Function | Previous Versions |
|---|---|
Table 2 Notes
|
|
| RFC 2460 – IPv6 Specification | RFC 1883 |
| RFC 1981 – Path MTU Discovery for IPv6 | N/A |
| RFC 4861 – Neighbor Discovery for IPv6 | RFC 2461 |
| RFC 4862 – IPv6 Stateless Address Autoconfiguration | RFC 2462 |
| RFC 4443 – ICMPv6 for the IPv6 Specification | RFC 2463 |
| RFC 3484 – Default Address Selection for Internet Protocol version 6table note4 | N/A |
| RFC 4291 – IP Version 6 Addressing Architecturetable note5 | RFC 3513 |
| RFC 4213 – Basic Transition Mechanisms for IPv6 Hosts and Routers | RFC 2893 |
1.2 Link-specific functions
There are many layer 2 technologies used in the Government of Canada. The following table lists those consistent with the evolving network architecture. They should be listed as procurement requirements in situations where they are applicable, and can be considered independently from one another. The Technical Authority may need to add functions to support specific situations.
| Function | Previous Versions |
|---|---|
| RFC 2464 – IPv6 over Ethernet | RFC 1972 |
| RFC 5072 – IPv6 over PPP | RFC 2472 |
1.3 Functions for the Domain Name System
Host configuration can be achieved with DHCPv6 and/or Stateless Address Auto-Configuration (SLAAC). The following RFCs are independent from one another, so should be included as equipment requirements based on the addressing method being employed.
| Function | Previous Versions |
|---|---|
Table 3 Notes
|
|
| RFC 2671 – Extension Mechanisms for DNS (EDNS0)table note6 | N/A |
| RFC 3596 – DNS Extensions to Support IP Version 6 | RFC 3152, RFC 1886 |
1.4 Functions for host configuration
Host configuration can be achieved with DHCPv6 and/or Stateless Address Auto-Configuration (SLAAC). The following RFCs are independent from one another and so should be included as equipment requirements based on the addressing method being employed.
The following functions for host configuration should also be included in the procurement of network equipment.
| Function |
|---|
| Ability to manually configure global addresses |
| Ability to disable automatic generation of global addresses |
| Ability to operate in IPv4- or IPv6-only mode (as described in RFC 4213 – Basic Transition Mechanisms for IPv6 Hosts and Routers) |
1.5 Functions for network management
Network management functions are available through the Simple Network Management Protocol (SNMP). The following RFCs specify the essential functionality.
| Function | Previous Versions |
|---|---|
| RFC 4292 – IP Forwarding Table MIB | RFC 2096 |
| RFC 4293 – Management Information Base for the Internet Protocol (IP) | RFC 2011, RFC 2465, RFC 2466 |
1.6 Functions for security
Although optional within the IPv6 protocol, IP Security (IPsec) is one of the tools that implementers have available for their networks. If IPsec support is necessary, the following RFCs specify the essential functionality. Note that Communications Security Establishment Canada provides Government of Canada guidance for approved cryptographic algorithms.
| Function | Previous Versions |
|---|---|
Table 4 Notes
|
|
| RFC 4301 – Security Architecture for the Internet Protocoltable note7 | RFC 2401 |
| RFC 4302 – IP Authentication Header | RFC 2402 |
| RFC 4303 – IP Encapsulating Security Payload (ESP) | RFC 2406 |
| RFC 4307 – Cryptographic Algorithms for Use in the Internet Key Exchange Version 2 (IKEv2) | N/A |
| RFC 5996 – Internet Key Exchange (IKEv2) Protocoltable note8 | RFC 4306, RFC 4718 |
1.7 Functions for multicast
If IPv6 source-specific (inter-domain) multicast is necessary, the following RFCs specify the essential functionality.
| Function | Previous Versions |
|---|---|
| RFC 3810 – Multicast Listener Discovery Version 2 (MLDv2) for IPv6 | RFC 2710 |
| RFC 3956 – Embedding the Rendezvous Points (RP) Address in an IPv6 Multicast Address | RFC 3152, RFC 1886 |
| RFC 4607 – Source-Specific Multicast for IP | N/A |
1.8 Functions for routing
The following RFCs specify the functions specific for routing, which include router alerts, translation mechanisms and routing protocol support for IPv6.
| Function | Previous Versions |
|---|---|
| RFC 2711 – IPv6 Router Alert Option | N/A |
| RFC 4891 – Using IPsec to Secure IPv6-in-IPv4 Tunnels | N/A |
| RFC 2473 – Generic Packet Tunneling in IPv6 Specification | N/A |
If one or more of the Routing Information Protocol next generation (RIPng), Open Shortest Path First (OSPF) or Intermediate System to Intermediate System (IS-IS) interior routing protocols are necessary, the following RFCs specify the essential IPv6 functionality.
| Function | Previous Versions |
|---|---|
| RFC 2080 – RIPng for IPv6 | N/A |
| RFC 4552 – Authentication/Confidentiality for OSPFv3 | N/A |
| RFC 5340 – OSPF for IPv6 | RFC 2740 |
| RFC 5308 – Routing IPv6 with IS-IS | N/A |
If the Border Gateway Protocol version 4(BGP- 4) is necessary, the following RFCs specify the essential functionality.
| Function | Previous Versions |
|---|---|
| RFC 2545 – Use of BGP-4 Multiprotocol Extensions for IPv6 Inter-Domain Routing | N/A |
| RFC 4271 – Border Gateway Protocol 4 (BGP-4) | RFC 1771 |
| RFC 4760 – Multiprotocol Extensions for BGP-4 | RFC 2858 |
| RFC 5492 – Capabilities Advertisement with BGP-4 | RFC 3392 |
If multi-protocol label switching (MPLS) is necessary, the following RFCs specify the essential functionality. These RFCs can be considered independently from one another.
| Function | Previous Versions |
|---|---|
| RFC 4659 – BGP-MPLS IP Virtual Private Network (VPN) Extension for IPv6 VPN | N/A |
| RFC 4798 – Connecting IPv6 Islands over IPv4 MPLS Using IPv6 Provider Edge Routers (6PE) | N/A |
2. Future guidance for network equipment
The following functions are new and are not yet widely available yet in network equipment. This is advance notice that such functions are being considered as important additional capabilities.
Additional types of network equipment such as layer 2 devices, load balancers and network optimization devices may be considered in future versions of this document. The functions specified in the base functions section can be used as the basis for: multi-function devices, and network optimization devices such as load balancers.
2.1 Functions for coexistence
Note that the coexistence RFCs listed in the following are being considered for use in the Government of Canada.
2.2 Functions for security
If enhanced security is necessary, the following RFCs specify additional functions. Note that Communications Security Establishment Canada provides Government of Canada guidance for approved cryptographic devices.
| Function | Previous Versions |
|---|---|
| RFC 5095 – Deprecation of Type 0 Routing Headers in IPv6 | RFC 2460, RFC 4294 |
| RFC 3972 – Cryptographically Generated Addresses (CGA) | N/A |
| RFC 4581 – CGA Extension Field Format | RFC 3972 |
| RFC 4982 – CGA Support for Multiple Hash Algorithms | RFC 3972 |
| RFC 3971 – SEcure Neighbor Discovery (SEND) | N/A |
| RFC 5722 – Handling of Overlapping IPv6 Fragments | RFC 2460 |
2.3 Functions for mobility
Additional mobility functions are available with IPv6. If mobility support is necessary, the following RFCs specify the essential functionality.
| Function | Previous Versions |
|---|---|
| RFC 4877 – Mobile IPv6 Operation with IKEv2 and the Revised IPsec Architecture | RFC 3776 |
| RFC 6275 – Mobility Support in IPv6 | RFC 3775 |
2.4 Functions for QoS
If IP Quality of Service (QoS) is necessary, the following RFC specifies the essential functionality.
| Function | Previous Versions |
|---|---|
| RFC 2474 – Definition of the Differentiated Services Field (DS Field) in the IPv4 and IPv6 Headers | RFC 1455, RFC 1349 |
Appendix – Definitions and Abbreviations
Definitions
- Host
- Any node that is not a router
- Node
- A device that implements IPv6
- Router
- A node that forwards IPv6 packets not explicitly addressed to itself
Abbreviations
- BGP
- Border Gateway Protocol
- CGA
- Cryptographically generated addresses
- CSEC
- Communications Security Establishment Canada
- DHCP
- Dynamic Host Configuration Protocol
- DNS
- Domain Name System
- EDNS
- Extension (mechanisms for) DNS
- ESP
- Encapsulating security payload
- ICMP
- Internet Control Message Protocol
- ICT
- Information and communications technology
- IEC
- International Electrotechnical Commission
- IETF
- Internet Engineering Task Force
- IKE
- Internet key exchange
- IP
- Internet Protocol
- IPsec
- IP security
- IPv4
- Internet Protocol version 4
- IPv6
- Internet Protocol version 6
- IS-IS
- Intermediate System to Intermediate System (routing protocol)
- ISO
- International Organization for Standardization
- MIB
- Management information base
- MLD
- Multicast listener discovery
- MPLS
- Multi-protocol label switching
- MTU
- Maximum transmission unit
- NAT
- Network address translator/translation
- NIST
- (U.S.) National Institute of Standards and Technology
- OEM
- Original equipment manufacturer
- OSPF
- Open Shortest Path First
- PE
- Provider edge
- PPP
- Point-to-Point Protocol
- QoS
- Quality of service
- RFC
- Request for comments
- RIPng
- Routing Information Protocol next generation
- RIPE
- Réseaux IP Européens
- RP
- Rendezvous point
- SEND
- Secure neighbour discovery
- SLAAC
- Stateless address auto-configuration
- SNMP
- Simple Network Management Protocol
- USGv6
- United States Government IPv6 Profile
- VPN
- Virtual private network
- W3C
- World Wide Web Consortium
Page details
- Date modified: