IPv6
close search bar

Sorry, not available in this language yet

close language selection
IPv6 Data Sheet
Test Suite:
IPv6
Direction:
Server

Internet Protocol version 6 is the successor protocol for IP version 4. IPv6 Test Suite can be used for evaluating IPv6 implementations for security flaws and robustness problems.

Used specifications

Specification
Title
Notes
RFC768
User Datagram Protocol
RFC793
Transmission Control Protocol
RFC894
A Standard for the Transmission of IP Datagrams over Ethernet Networks
RFC1035
Domain Implementation and Specification
RFC1887
An Architecture for IPv6 Unicast Address Allocation
RFC2104
HMAC: Keyed-Hashing for Message Authentication
RFC2375
IPv6 Multicast Address Assignments
RFC2393
IP Payload Compression Protocol (IPComp)
RFC2403
The Use of HMAC-MD5-96 within ESP and AH
RFC2404
The Use of HMAC-SHA1-96 within ESP and AH
RFC2405
The ESP DES-CBC Cipher Algorithm With Explicit IV
RFC2407
The Internet IP Security Domain of Interpretation for ISAKMP
RFC2408
Internet Security Association and Key Management Protocol (ISAKMP)
RFC2409
The Internet Key Exchange (IKE)
RFC2410
The NULL Encryption Algorithm and Its Use With IPsec
RFC2451
The ESP CBC-Mode Cipher Algorithms
RFC2460
Internet Protocol, Version 6 (IPv6) Specification
Obsoletes RFC1883
RFC2462
IPv6 Stateless Address Autoconfiguration
Obsoletes RFC1971
RFC2464
Transmission of IPv6 Packets over Ethernet Networks
Obsoletes RFC1972
RFC2471
IPv6 Testing Address Allocation
Obsoletes RFC1897
RFC2473
Generic Packet Tunneling in IPv6 Specification
RFC2474
Definition of the Differentiated Services Field (DS Field) in the IPv4 and IPv6 Headers
RFC2526
Reserved IPv6 Subnet Anycast Addresses
RFC2675
IPv6 Jumbogram
Obsoletes RFC2147
RFC2711
IPv6 Router Alert Option
RFC2928
Initial IPv6 Sub-TLA ID Assignments
RFC3041
Privacy Extensions for Stateless Address Autoconfiguration in IPv6
RFC3168
The Addition of Explicit Congestion Notification (ECN) to IP
RFC3178
IPv6 Multihoming Support at Site Exit Routers
RFC3306
Unicast-Prefix-based IPv6 Multicast Addresses
RFC3484
Default Address Selection for Internet Protocol version 6 (IPv6)
RFC3531
A Flexible Method for Managing the Assignment of Bits of an IPv6 Address Block
RFC3587
IPv6 Global Unicast Address Format
Obsoletes RFC2374, RFC2073
RFC3602
The AES-CBC Cipher Algorithm and Its Use with IPsec
RFC3697
IPv6 Flow Label Specification
RFC3769
Requirements for IPv6 prefix delegation
RFC3828
The Lightweight User Datagram Protocol (UDP-Lite)
RFC3879
Deprecating Site Local Addresses
RFC3948
UDP Encapsulation of IPsec Packets
RFC3956
Embedding the Rendezvous Point (RP) Address in an IPv6 Multicast Address
RFC4007
IPv6 Scoped Address Architecture
RFC4106
The use of Galois/Counter Mode (GCM) in IPsec Encapsulating Security Payload (ESP)
RFC4193
Unique Local IPv6 Unicast Addresses
RFC4213
Basic Transition Mechanisms for IPv6 Hosts and Routers
RFC4294
IPv6 Node Requirements
RFC4291
IPv6 Addressing Architecture
Obsoletes RFC3513, RFC2373, RFC1884
RFC4301
Security Architecture for the Internet Protocol
Obsoletes RFC2401, RFC1825
RFC4302
IP Authentication Header
Obsoletes RFC2402, RFC1826
RFC4303
IP Encapsulating Security Payload
Obsoletes RFC2406, RFC1827
RFC4306
Internet Key Exchange (IKEv2) Protocol
RFC4308
Cryptographic Suites for IPsec
RFC4309
Using Advanced Encryption Standard (AES) CCM Mode with IPsec Encapsulating Security Payload (ESP)
RFC4311
IPv6 Host-to-Router Load Sharing
RFC4380
Teredo: Tunneling IPv6 over UDP through Network Address Translations (NATs)
RFC4443
Internet Control Message Protocol (ICMPv6) for the Internet Protocol Version 6 (IPv6) Specification
Obsoletes RFC2463, RFC1885
RFC4489
A Method for Generating Link Scoped IPv6 Multicast Addresses
RFC4727
Experimental Values in IPv4, IPv6, ICMPv6, UDP and TCP Headers
RFC4782
Quick-Start for TCP and IP
RFC4835
Cryptographic Algorithm Implementation Requirements for Encapsulating Security Payload (ESP) and Authentication Header (AH)
Obsoletes RFC4305, RFC2402, RFC2406
RFC4861
Neighbor Discovery for IP Version 6 (IPv6)
Obsoletes RFC1970, RFC2461
RFC5570
Common Architecture Label IPv6 Security Option (CALIPSO)
RFC5991
TEREDO Security Updates
RFC6081
TEREDO Extensions
RFC6553
The Routing Protocol for Low-Power and Lossy Networks (RPL) Option for Carrying RPL Information in Data-Plane Datagrams
IPv6 option support
RFC6621
Simplified Multicast Forwarding
IPv6 option support
RFC6744
IPv6 Nonce Destination Option for the Identifier-Locator Network Protocol for IPv6 (ILNPv6)
RFC6788
The Line-Identification Option
RFC6971
Depth-First Forwarding (DFF) in Unreliable Networks
IPv6 option support
RFC7045
Transmission and Processing of IPv6 Extension Headers
RFC8754
IPv6 Segment Routing Header (SRH)
draft-ietf-6man-segment-routing-header-11
IPv6 Segment Routing Header (SRH) draft-ietf-6man-segment-routing-header-11
Obsoleted by RFC8754 (SRH legacy TLV support)
draft-ietf-roll-trickle-mcast
Multicast Protocol for Low power and Lossy Networks (MPL) draft-ietf-roll-trickle-mcast-09
IPv6 option support

Tool-specific information

Tested message elements
Specifications
Notes
IPv6 header
RFC2460
Hop-by-hop Options header
RFC2460
Routing header
RFC2460
Type 0, Type 2. Nimrod and Experimental types 1 and 2 tested as unexpected options
Segment routing header
RFC8754
Segment Routing Header (SRH) with tunneled IPv6 packet and inline SRH.
Fragment header
RFC2460
Authentication header
RFC4302
Tunnel header
RFC2473
Encapsulated Security Payload
RFC4303
UDP encapsulation of IPsec packets
RFC3948

Tested options
Specifications
Notes
Pad1
RFC2460
PadN
RFC2460
Tunnel Encapsulation Limit
RFC2473
Jumbogram
RFC2675
Router Alert
RFC2711
Binding Refresh Advice
RFC3775
Mobility option
Alternate Care-of Address
RFC3775
Mobility option
Nonce Indices
RFC3775
Mobility option
Binding Authorization Data
RFC3775
Mobility option
Home Address
RFC3775
Mobile Node Identifier
RFC4283
Mobility Message Authentication
RFC4285
Replay Protection
RFC4285
Quick Start Approval
RFC4782
Quick Start Request
RFC4782
Experimental options
RFC4727
Tested as unexpected option
CALIPSO
RFC5570
RPL
RFC6553
SMF_DPD
RFC6621
ILNP Nonce
RFC6744
Line-Identification
RFC6788
IP_DFF
RFC6971
Endpoint Identification

Other features

IPv6 tested with and without AH, ESP and AH+ESP both in transport and tunnel modes

Supported AH authentication algorithms and ESP integrity algorithms: NULL, HMAC_SHA1-96, HMAC_MD5-96, HMAC_SHA2-256, HMAC_SHA2-384, HMAC_SHA2-512

Supported ESP crypto algorithms: ESP-NULL, ESP-DES-CBC, ESP-DES3-CBC, ESP-AES-CBC128, ESP-AES-CBC192, ESP-AES-CBC256, AES-GCM-16-128, AES-GCM-16-192, AES-GCM-16-256

Configurable destination Ethernet MAC address solicitation mode: Neighbor solicitation for nodes in same subnet, Router solicitation and User-specified target MAC address.

IPsec SA can be negotiated with ISAKMP Server Test Suite 3.2.0 or later and IKEv2 Server Test Suite 3.1.1 or later.

Configurable IP payload: ICMPv6, UDP and UDPlite. Both default payloads for the protocols and user-specified payload are available.

Supported SafeGuard Checks

Authentication Bypass

Insufficient Randomness

Weak Cryptography

Test tool general features
  • Fully automated black-box negative testing
  • Ready-made test cases
  • Written in Java(tm)
  • GUI command line remote interface modes
  • Instrumentation (health-check) capability
  • Support and maintenance
  • Comprehensive user documentation
  • Results reporting and analysis