In 2008, the National Institute of Standards and Technology (NIST) released the initial IPv6 profile that launched the subsequent U.S Government (USGv6) test program. The USGv6 test program was referenced in Federal Acquisition Regulations for purchasing of IT equipment. The first major revision of the profile was recently released that updates the original profile.
In the 10 years between the profile releases, many advances have been made in areas of networking, particularly with IPv6. Presented here are some of these high-level changes and how they might impact network operators and products.
The Profiles
The initial USGv6 Profile was a single document that covered the grouping of IPv6 standards into capabilities, while also including recommendations for USG agencies. A goal for revising the USGv6 Profile was to separate the definition of IPv6 Capability Profile from its use in USG acquisition programs. Therefore, other user groups could reuse the capability profiles to align product testing programs.
To achieve this goal, the original USGv6 profile was divided into two separate documents called USGv6 profile and NISTv6 profile. The NIST IPv6 profile defines IPv6 capabilities documented in Internet Engineering Task Force (IETF) specifications, giving them a named capability set for common network functions. The revised USGv6 profile defines how this generic capability profile should be used by USG agencies when acquiring network products.
The NIST IPv6 profile incorporates the current IETF specifications that have been updated or obsoleted over the past 10 years. Since there are over 200 Request For Comments (RFCs) in the NISTv6 Profile, we can’t address everything here. However, an important specification update to highlight is the base IPv6 specification (RFC 2460).
The 6MAN working group in the IETF updated RFC 2460 to an internet standard showing the highest degree of technical maturity and usefulness to the internet community. The new RFC 8200 features updates to extensions headers and IPv6 fragmentation from the original standard. These updates include the operational experiences and security lessons learned over the last 10 years by network operators and implementers.
New Capabilities
The new NISTv6 profile also adds several new IPv6 capabilities developed by the IETF since the initial profile. Capabilities such as IPv6 over low-power networks was added to support the use case for the Internet of Things. In addition, IPv6 transition technologies that focused on supporting the deployment of IPv6-only networks were added to the profile. There are many options, such as DS-Lite, MAP-E, MAP-T, LW4over6, and XLAT, for these types of transition mechanisms. Using the capabilities strings for the transition mechanisms enables both suppliers and buyers to ensure they’re working together to deploy IPv6.
The updated profile also allows more choices for network operators in key areas such as security, routing, and network management. For security, the choice of using TLS was added to the existing option of IPsec. This permits a choice of options for a secure channel that communicates with network functions.
The original profile had OSPF and BGP for routing protocols; ISIS was added as an option for exchanging routing information. Network management NETCONF was added as another option to SNMP. Protocols such as NETCONF and YANG support software-defined networks. These choices will allow user groups to utilize the NISTv6 profile to fit the needs of their network deployments.