IPv4 and IPv6 Tests

Internet Protocol version 4 and version 6

The Maxwell IP Test Environment is used by design engineers, quality assurance engineers and testers to find and fix bugs in their IP stack or engine.  The tests help ensure that the IP stack is sufficiently robust so that it is not vulnerable to the wide range of attacks in today's Internet.  The tests make use of the Maxwell network emulation environment, so that each test sequence can intelligently impair all aspects of the IP protocol.

The IP Test Environment contains unique test cases that take on parameters for greater coverage.  The tests ensure IP compliance through vulnerability and robustness testing, with tests for both IPv4 and IPv6.

Are you under time pressure to test and verify that your IPv6 implementation is correct?
Do you need a lot more thorough testing than simple interoperability and simple conformance testing with logo programs?
Would you like to see pass/fail results and not have to analyze complicated outputs?
Do you need to replicate a customer reported bug, but don't have a way to customize the environment to properly test and replicate the problem?

The Maxwell IP Test Environment provides the customization and flexibility required to accurately test your implementation and meet your schedules.

The tests for IPv4 and IPv6 are grouped into categories:

IP Fragmentation tests:

  • Illegal fragments
  • Out of order fragments
  • Duplicated fragments
  • Overlapping fragments
  • Tiny fragments
  • Fragments with improperly copied options
  • Fragments with extra options
  • Fragments with overlapping options

IP Options Processing tests

  • Unknown options
  • Illegal options
  • Zero length options
  • Known options with wrong lengths
  • Malformed options

IP Framing Tests

  • Change frame size to larger than IP datagram
  • Substitute jumbo frames for normal frames

Additional Areas of Test Coverage

  • The user may control several aspects of IPv4 fragmentation, such as the MTU (fragment size), fragment overlap, and fragment order. This permits most of the tests to be expanded for more test coverage.
  • Reaction to changes in network characteristics (e.g. congestion)
  • Sequence Number Arithmetic
  • Changing of IP addresses, MAC addresses, and routes underneath the TCP connection
      IPv4 Tests   IPv6 Tests
           
      IPv4 UDP Datagram   IPv6 UDP Datagram
           
      IPv4 ICMP   IPv6 ICMP
           
     

    IPv4 DHCP Client (packets from DHCP Client to DHCP Server)

    		   IPv6 DHCP Client (packets from DHCP Client to DHCP Server)
           
      IPv4 DHCP Server (packets from DHCP Server to DHCP Client)   IPv6 DHCP Server (packets from DHCP Server to DHCP Client)

    Establishing a source of authority

    The Maxwell IP Test Environment references the RFCs that correlate to each test area.  These official IETF documents detail the Internet standards and best current practices that can point the user toward a better understanding of the problem.

    IP RFCs Covered

    • RFC 791, Internet Protocol (IP)
    • RFC 792 Internet Control Message Protocol (ICMP)
    • RFC 894 A Standard for the Transmission of IP Datagrams over Ethernet Networks
    • RFC 1042 Standard for the transmission of IP datagrams over IEEE 802 networks
    • RFC 1108 U.S. Department of Defense Security Options for the Internet Protocol
    • RFC 1122 Requirements for Internet Hosts -- Communication Layers
    • RFC 2113 IP Router Alert Option
    • RFC 2460 Internet Protocol, Version 6 (IPv6) Specification
    • RFC 2473 Generic Packet Tunneling in IPv6 Specification
    • RFC 2675 IPv6 Jumbograms
    • RFC 2711 IPv6 Router Alert Option
    • RFC 4291 IP Version 6 Addressing Architecture
    • RFC 4301 Security Architecture for the Internet Protocol
    • RFC 4302 IP Authentication Header
    • RFC 4443 Internet Control Message Protocol (ICMPv6) for the Internet Protocol Version 6 (IPv6) Specification

    Sample Test Documentation ...

    Purpose of the Test:
    Set Auth Extension Length Past Original Length by 8

    What the Test Does:
    This test sets the auth extension length field to appear as if it extends at least 8 bytes past the original length.  It does not actually add any bytes to the header.

    Expected Outcome:
    The receiving node should either notice the bad length or fail on the computation of the Integrity Check Value (ICV).  If the length is determined to be bad, the receiving node should respond with an ICMP parameter problem message.  If the ICV is invalid, the receiving node must silently discard the packet and may make an audit log entry.

    Notes:
    ICMP rate limiting may prevent a response for every stimulus packet.

    References:
    RFC 4301  Security Architecture for the Internet Protocol
    RFC 4302  IP Authentication Header
    RFC 4443  Internet Control Message Protocol (ICMPv6)for the Internet Protocol version 6 (IPv6)

     

    Maxwell IPv6 Tests Compared to IPv6 Ready Logo Tests

    The IPv6 Ready certification programs focus on RFC Conformance and Interoperability.   "RFC Conformance" mean the tests verify that the DUT (device under test) does what it is supposed to do based on the RFC specifications.   "Interoperability" means the tests verify that the DUT can send and receive IPv6 datagrams to and from other devices.  The "RFC Conformance" and "Interoperability" testing is based on the TAHI conformance and interoperability tests.  The tests are freely available.

    The IPv6 tests from InterWorking Labs are complimentary to the TAHI tests.   Instead of sending well behaved IPv6 datagrams to the DUT, Maxwell sits in the middle of the protocol conversation between two DUTs and intercepts and changes the datagrams in unique ways while the protocol conversation continues.  Maxwell will modify the datagrams by changing the IPv6 protocol, the timing, the sequence, and so on to verify that the DUTs not only handle well behaved IPv6 traffic, but also malformed, incorrect, and unusual IPv6 traffic.   In this sense, Maxwell is a much deeper test of the quality of the IPv6 implementation, in that it goes beyond RFC Conformance and Interoperability testing to focus on:

     

    • Negative Testing
    • Inopportune Testing
    • Deep-path Testing
    • Robustness (Security) Testing

     

    A discussion of these types of testing can be found in the Network Protocol Testing Overview.

    Maxwell is there to measure how your stack handles deviations from the RFCs. The TAHI Conformance tests are there to verify that you are in compliance with the applicable RFCs. The TAHI interoperability tests measure how well compliant stacks play with other compliant stacks and routers.

    It is possible for products to pass the TAHI tests, receive the IPv6 Ready certification, and then fail in an installation because they were not tested to properly respond to malicious or malformed or simply unusual IPv6 datagrams.

    The IPv4 and IPv6 Test Environment is used by design and quality assurance engineers to find and fix bugs in IPv6 stacks.  Test your IPv6 stack for conformance/compliance, interoperability, robustness, and vulnerabilities. The tests make use of the Maxwell network emulation environment, so that each test sequence can intelligently impair all aspects of the IPv4 and IPv6 protocol.

    Want to Learn More about Testing IPv4 and IPv6?



    See a Web Demo Buy The Tests Contact an Expert

    TCP/IP Tests:
    Make Vs. Buy

    Read our white paper to discover the

    • Pros and Cons
    • Cost Estimates
    • Time Estimates
    • Other Risks
    in creating your own tests.
    Would it be better to purchase a ready made solution?