breakingpoint how to test ipv4ipv6 dual-stack methodology

www.breakingpoint.com 2005 - 2010. BreakingPoint Systems, Inc. All rights reserved. The BreakingPoint logo is a trademark of BreakingPoint Systems, Inc.All other trademarks are the property of their respective owners.

1

Rethink IPv6/IPv4 Dual Stack Testing

Rethink IPv6/IPv4 Dual Stack TestingA Methodology for measuring the performance, security, and stability of network devices in a dual stack IPv4/IPv6 environment


2


Table of ContentsIntroduction .................................................................................................................................................................................................................... 3

IPv6: Generic Traffic ...................................................................................................................................................................................................... 5

IPv6: Dual Stack.............................................................................................................................................................................................................. 21

IPv6: Security .................................................................................................................................................................................................................. 36

IPv6: Fuzzing ................................................................................................................................................................................................................... 46

IPv6: Security Fuzzing .................................................................................................................................................................................................. 55

About BreakingPoint ................................................................................................................................................................................................... 65


3


IntroductionInternet Protocol version 6 (IPv6) is the next-generation Internet Layer protocol for packet-switched internetworks. IPv6 is the designated

successor to IPv4, which is the first implementation used on the Internet. While IPv6 is the successor to IPv4, both protocols are currently

being used on the Internet. This arrangement will likely remain in place for years to come, as a wholesale conversion to IPv6 is simply not

feasible.

Although IPv6 has been a standard for more than a decade, it has not yet gained broad acceptance. With the rapid exhaustion of IPv4

addresses, however, it is generally accepted that IPv6 will eventually become the de facto IP standard. Already, most organizations have

hidden IPv6 traffic running across their networks that few are equipped to detect or manage.

For those reasons it is becoming more urgent to that ensure IPv6 equipment is properly configured and evaluated for its ability to

successfully transmit data. This requires thorough validation of the capabilities of IPv6 alone and as a dual stack, running both IPv4 and IPv6,

or any other configuration that could be used.

To ensure that IPv6 equipment and todays network infrastructures are resilient in the face of increasing application traffic or attack, it is

important to rethink traditional IPv6 testing. Legacy bit blasting tools, artificial traffic, and an outdated IPv6 stack will inevitably lead to

production network problems and missed vulnerabilities. To capture precise, standardized and repeatable measurements of performance,

security and stability, your evaluation should emulate the actual deployment environment as closely as possible. And that requires

emulating a real mix of application traffic at line rate speeds, peak user load, and current attack traffic.

Directly connected devices such as routers, switches and firewalls will also have an effect on packet loss, latency and data integrity. And the

number of advertised host IP and MAC addresses, VLAN Tagging, and NAT will affect the performance of IPv6 equipment. If it is not feasible

to fully recreate the deployment environment, the BreakingPoint Storm CTM should be connected directly to the device. All devices and

builds must be evaluated in a standardized and repeatable manner using the same network conditions to ensure consistent results.

IPv6 Network Device Evaluation Methodology Elements

The following methodology was designed to enable you to thoroughly validate IPv6 capabilities using the most current and realistic

network conditions possible. It is a standardized methodology designed for repeatable evaluations of IPv6 devices and covers the following

critical components:

IPv6: Generic Traffic

Measures the ability of the device to transmit IPv6 traffic. Several metrics are produced, measuring device capabilities, latency, packet

loss and throughput.

IPv6: Dual Stack

Measures the ability of the device to transmit both IPv4 and IPv6 traffic. Dual stack configurations will be common for many years, so it

is vital to verify correct configuration. Several metrics are produced to measure device capabilities, latency, packet loss and throughput.

IPv6: Security

Determine how escalating security threats will affect overall performance. Different attacks are generated, and the latency, packet loss

and throughput of the device are measured.

IPv6: Fuzzing

Measures the impact of malformed packets that are present on todays networks. Metrics are produced, measuring the impact of

malformed packets and legitimate traffic on latency, packet loss and throughput of the device.


4


IPv6: Security Fuzzing

Combine malformed packets and security attacks for a real-world view. Now that it has been determined how security threats

and malformed packets individually affect traffic, metrics are produced by combining the two and measuring the affect on network

performance. Latency, packet loss and throughput of the device are measured.


5


IPv6: Generic Traffic

RFC:

RFC 2460 Internet Protocol, Version 6

Overview:

This test is performed to verify that IPv6 has been correctly configured and data is able to transmit through the device. The device will be

configured to use IPv6. The BreakingPoint Storm CTM will be configured to transmit data through the device using IPv6.

Objective:

Determine the latency, packet loss and throughput of the device while using IPv6 traffic.

Setup:


6


1. Launch your favorite Web browser and connect to the BreakingPoint Storm CTM. Click Start BreakingPoint Systems

Control Center once the page loads.

2. In the new window that is displayed, type your Login ID and Password. Click Login.


7


3. Reserve the required ports.

4. Select Control Center Network Neighborhood.


8


5. Under the Network Neighborhoods heading, click the plus symbol located at the bottom right to create a new network

neighborhood.

6. In the Give the new network neighborhood a name box enter IPv6 Test as the name and click OK.


9


7. Notice that multiple Interface tabs are available for configuration, but only two are required for the evaluation. The extra

interfaces can be removed if desired by clicking the X to delete this interface. When prompted about removing the

interface, click Yes. The remaining interfaces will be renamed. Repeat this process until only two interfaces remain.

8. With Interface tab 1 selected, click the Plus (+) in the Domains section located just below interface tabs.

9. When prompted to enter a new domain name enter IPv6 and click OK button to create the new domain.


10


10. With Interface tab 1 selected and IPv6 domain selected, click the ellipsis icon {} located at the bottom of the window

to open and display subnet details.

11. Select the IPv6 radio button. A new window will be displayed stating that changing to IPv6 will clear all of your address

fields. Click Yes.


11


12. Configure the selected interface subnet IP information with the following: Network IP Address: fd00:6477:aaaa:0000::

and Prefix of 64. Use the Type drop-down menu to select Virtual Router. Configure the Virtual Router IP Address as

fd00:6477:aaaa:0000::1. Next, configure the Minimum IP Address with fd00:6477:aaaa:0000::2 and the Maximum IP

Address as fd00:6477:aaaa:0000::ff and click Accept.

13. Select the Interface 2 tab and repeat step 8 creating a new domain named IPv6. Repeat steps 9 and 10 opening the

Network Neighborhood and selecting IPv6 radio button and accept the change for interface 2. Enter the following IP

information: Network IP Address: fd00:6477:cccc:0000:: and Prefix of 64. Use the Type drop-down menu to select Virtual

Router. Configure the Virtual Router IP Address as fd00:6477:cccc:0000::2. Next, configure the Minimum IP Address with

fd00:6477:cccc:0000::1 and the Maximum IP Address as fd00:6477:cccc:0000::ff and click Accept.

Notes:

Any valid IPv6 Network addressing can be used when configuring your Network Neighborhood. The above IPv6 address

space is just one example.


12


14. Click Save Network.

15. Select Test New Test.

16. Under Test Quick Steps, choose Select the DUT/Network.


13


17. In the Choose a device under test and network neighborhood window the Device Under Test section, verify

BreakingPoint Default is selected. Under Network Neighborhood(s), right half of window, verify that the newly created

IPv6 Test is selected. Click Accept.

18. Under the Test Quick Steps, select Add a Test Component.


14


19. In the Select a component type window, click Application Simulator (L7).

20. Under the Information tab, enter IPv6 Traffic as the name and click Apply Changes.

21. Select the Interfaces tab. Verify that Interface 1 Client is enabled and select IPv6 from drop down menu to ensure this

domain will be used. Verify Interface 2 Server is enabled and select IPv6 domain from drop down menus, click Apply

Changes.


15


22. Select the Presets tab and select, Service Providers Apps. Click Apply Changes once completed.

23. Select the Parameters tab. Several changes will need to be made in this section. The first is located in the Data Rate

section. Change the Minimum data rate to 1000 (1Gig). Click Apply Changes once complete.

24. Next, locate the Session Ramp Distribution section. Several changes will be made in this section to the run time of

the test. Change the Ramp Up Time Interval to 10 seconds, the Steady-State Time Interval to 5 Minutes and the

Ramp Down Time Interval to 10 seconds. Scrolling will be required to change some of those parameters. Click Apply

Changes once complete.


16


25. Next, under the Parameters tab locate the Session Configuration section. Change the Maximum Simultaneous

Session to a value of 100000 and Maximum Sessions per Second to 50000. Locate the TCP Configuration section

and change the Maximum Segment Size value to 1440. Click Apply Changes once complete.

26. To edit the test description, select Edit Description under the Test Information section.


17


27. Finally, select Save and Run under the Test Quick Steps.

28. When prompted for a name, enter IPv6 Traffic and click Save.

The Summary tab will initially be displayed. This tab shows information such as TCP Connection Rate, Bandwidth and

Application Transaction Rate.


18


29. Select the Application tab. Verify that traffic is being transmitted for each protocol. Use the drop-down menu to select a

new protocol to view.

30. When the test is completed, a new window will be displayed. Click the Close button to close the window.

31. When the test is completed, click the View the report button.


19


32. Expand Test Results for IPv6 Traffic and select IP Summary. Determine if a significant number of frames were dropped

during the test.

33. Next, select Frame Latency Summary. Using the table, determine the average, minimum and maximum frame latency.


20


34. Next, expand the Detail folder and select Frame Data Rate. Determine the rate at which traffic was able to transmit at a

steady rate.


21


IPv6: Dual Stack

RFC:

RFC 791 Internet Protocol


Overview:

This evaluation is being performed to verify that the device is able to process both IPv4 and IPv6 data traffic at the same time in an efficient

manner. The device will be configured to use both IPv4 and IPv6. The BreakingPoint Storm CTM will be configured to transmit data through

the device using IPv4 and IPv6.

Objective:

Determine the latency, packet loss and throughput of the device while using IPv6 traffic.

Setup:


22






23


3. Reserve the required ports to run the test.

4. Select Control Center Network Neighborhood.


24


5. Select the Network Neighborhood created in the previous test and click Save As.

6. When prompted, enter Dual Stack as the name and click OK.

7. Click the Create a new domain button.


25


8. As the default domain is IPv6, enter IPv4 as the name and click OK.

9. With the IPv4 domain selected, click the Show subnet details {} button located at the bottom of windw..


26


10. Make sure that IPv4 is selected. Configure the Network IP Address with 10.1.2.0, Netmask with 24 and the Gateway

IP Address with 10.1.2.1. Use the Type drop-down menu to select Virtual Router and configure the IP address with

10.1.2.2. Then configure the Minimum IP Address with 10.1.2.3 and the Maximum IP Address with 10.1.2.254.. Click

Accept.

11. Select the tab for Interface 2 and repeat steps 7 & 8 creating a new domain and name it IPv4. Repeat step 9 opening

the subnet details using {} icon at the bottom. Make sure that IPv4 is selected. Configure the Network IP Address

with 10.1.3.0, Netmask with 24 and the Gateway IP Address with 10.1.3.1. Use the Type drop-down menu to select

Virtual Router and configure the IP address with 10.1.3.2. Then configure the Minimum IP Address with 10.1.3.3 and the

Maximum IP Address with 10.1.3.254. Click Accept..

Important Note: The device under test (DUT) must have its Storm connected interfaces configured properly with IPv4

and IPv6 addressing along with static routes for IP networks the Storm generates that are not directly connected to

those interfaces.

12. When done, click the Save Network button.

13. Select Test Open Recent Tests IPv6 Traffic.


27


14. Select Save Test As.

15. When prompted, enter Dual Stack as the name and click Save.

16. Under Test Quick Steps click the first option Select the DUT/Network.


28


17. In the Choose a device under test and network neighborhood window in the Device Under Test section (left side), verify

that BreakingPoint Default is selected. Under Network Neighborhos) (right side), verify that the newly created Dual

Stack is selected. Click Accept.

18. Select the Parameters tab for the IPv6 Traffic test component. Change the Minimum data rate to 500 and click Apply

Changes.


29


19. Right-click on the IPv6 Traffic test component and select Clone Component.

20. Select the newly cloned component. Under the Information tab, change the name to IPv4 Traffic and click Apply

Changes.

21. Select the Interfaces tab. Use the drop-down menus and change Interface 1 Client to IPv4 and Interface 2 Server to

IPv4. Click Apply Changes once completed.


30


22. Select the Parameters tab. Change the TCP Configuration Maximum Segment Size to 1460 for IPv4. Click Apply Changes

once completed.

23. To edit the test description, select Edit Description under the Test Information section.

24. Select Save and Run under the Test Quick Steps.


31







32


26. When the test is completed, a new window will be displayed. Click the Close button to close the window.



33



during the test.



34



steady rate.


during the test.


35




steady rate.


36


IPv6: Security

RFC:


Overview:

This evaluation determines how malicious traffic affects legitimate traffic. The device will be configured to use IPv6. The BreakingPoint

Storm CTM will be configured to transmit data through the device using IPv6.

Objective:

Determine the latency, packet loss and throughput of the device when having to deal with malicious traffic and legitimate traffic.

Setup:


37






38




5. Click the Save Test As link.


39


6. When prompted, enter IPv6 Security as the name and click Save.

7. Select the Parameters tab. Change the Minimum data rate to 995. Once completed, click the Apply Changes button.



40


9. In the Select a component type window, select the Security test component.

10. With the Security Component selected open the Interfaces tab. Verify that Interface 1 Client is enabled and select IPv6

from drop down menu to ensure this domain will be used. Verify Interface 2 Server is enabled and select IPv6 domain

from drop down menu. Click Apply Changes.


41


11. With the Security test component selected, select the Presets tab. Choose the Security Level34 presets and click

Apply Changes.

12. No other changes are required. Select Save and Run under the Test Quick Steps.


42




Select the Application tab. Verify that traffic is being transmitted for each protocol. Use the drop-down menu to select a



43


13. When the test is completed, a new window will be displayed. As the security threats are not being run through a firewall,

it is not expected that they will be blocked. Click the Close button to close the window.



44



during the test.



45



steady rate.

18. Compare the results from this test with the initial IPv6 Traffic test. Determine if having malicious traffic also being sent

with IPv6 traffic has any effect on the IPv6 traffic.


46


IPv6: Fuzzing

RFC:


Overview:

This evaluation determines how malformed packets affect legitimate traffic. The device will be configured to use IPv6. The BreakingPoint

Storm CTM will be configured to transmit data through the device using IPv6. The BreakingPoint Storm CTM will also be configured to

transmit malformed packets.

Objective:

Determine the latency, packet loss and throughput of the device when having to deal with malicious traffic and legitimate traffic.

Setup:


47






48






49


6. When prompted, enter IPv6 Fuzzing as the name and click Save.

7. Select the Parameters tab. Change the Minimum data rate to 985. Once completed click the Apply Changes button.



50


9. In the Select a component type window, select the Stack Scrambler test component.

10. With the Stack Scrambler test component selected, select the Presets tab. Make sure All Protocol Stacks is selected

and click Apply Changes.

With the Stack Scrambler test component selected, selected the Interfaces tab. Verify that Interface 1 Client is enabled

and select IPv6 from drop down menu to ensure this domain will be used. Verify Interface 2 Server is enabled and

select IPv6 domain from drop down menu. Click Apply Changes.


51


11. Select the Parameters tab. Change the Test duration measured by a time interval to 5 Minutes and click Apply

Changes.

12. No other changes are required. Select Save and Run under the Test Quick Steps.




52




14. When the test is compleed, a new window will be displayed. Similar to the security testing these threats are not being

run through a firewall an , it is not expected that they will be blocked. Click the Close button to close the window.


53




during the evaluation.



54



steady rate.

19. Compare the results from this evaluation with the initial IPv6 Traffic evaluation. Determine if having flawed traffic also

being sent with IPv6 traffic has any effect on the IPv6 traffic.


55


IPv6: Security Fuzzing

RFC:


Overview:

This evaluation determines how malformed packets and security threats affect legitimate traffic. The device will be configured to use IPv6.

The BreakingPoint Storm CTM will be configured to transmit data through the device using IPv6. The BreakingPoint Storm CTM will also be

configured to transmit malformed packets and send security threats.

Objective:

Determine the latency, packet loss and throughput of the device when having to deal with malicious traffic, security threats, and legitimate

traffic.

Setup:


56






57



4. Select Test Open Recent Tests IPv6 Fuzzing.



58


6. When prompted, enter IPv6 Security Fuzzing as the name and click Save.

7. With the IPv6 Traffic test commenent selected, select the Parameters tab. Change the Minimum data rate to 980.

Once completed, click the Apply Changes button.



59


9. In the Select a component type window, select the Security test component.

10. With the Security test component selected, select the Presets tab. Select the Security Level34 presets and click Apply

Changes.


60


11. With the Security test component selected, selected the Interfaces tab. Verify that Interface 1 Client is enabled and

select IPv6 from drop down menu to ensure this domain will be used. Verify Interface 2 Server is enabled and select

IPv6 domain from drop down menu. Click Apply Changes.

No other changes are required. Select Save and Run under the Test Quick Steps.




61




13. When the test is completed, a new window is displayed. As the security threats are not run through a firewall, it is not

expected that they will be blocked. Click the Close button to close the window.


62




during the test.



63



steady rate.

18. Compare the results from this evaluation with the initial IPv6 Traffic evaluation. Determine if injecting flawed and

malicious traffic with IPv6 traffic has any effect on the IPv6 traffic.


64


Evaluating IPv6 Equipment Using the BreakingPoint Storm CTM

The BreakingPoint Storm CTM is the industrys first and only Cyber Tomography Machine and the standard by which the world optimizes

the resiliency of its cyber infrastructures. The BreakingPoint Storm CTMaccelerates a blend ofreal-world applications,live security

attacksand the stress of millions of users in order to detect stress fractures within network devices and infrastructures. Powered by high-

speed network processors and specialized hardware, the BreakingPoint Storm CTM emits high-speed traffic waves, returning a deep

analysis of the effects of the traffic on network devices, networks and data centers.

TheBreakingPoint Storm CTMsimulates the most current dual stack IPv4/IPv6 traffic blended with live security attacks at line-rate speeds

with millions of concurrent TCP sessions delivered from the same address space. BreakingPoint provides the industrys most comprehensive

and up-to-date IPv6 traffic, allowing enterprises, service providers and government agencies to validate that the equipment and systems

they are relying on are capable of performing in the face of IPv6 traffic.

Request an evaluation of a BreakingPoint Storm CTM today at http://www.breakingpointsystems.com/demo/.


65


About BreakingPointBreakingPoint pioneered the first and only Cyber Tomography Machine

(CTM) to expose previously impossible-to-detect stress fractures within

cyber infrastructure components before they are exploited to compromise

customer data, corporate assets, brand reputation and even national security.

BreakingPoint products are the standard by which the worlds governments,

enterprises, and service providers optimize the resiliency of their cyber

infrastructures. For more information, visit www.breakingpoint.com.

BreakingPoint Storm CTM

BreakingPoint has pioneered Cyber Tomography with the introduction of

the BreakingPoint Storm CTM, enabling users to see for the first time the

virtual stress fractures lurking within their cyber infrastructure through the

simulation of crippling attacks, high-stress traffic load and millions of users.

BreakingPoint Storm CTM is a three-slot chassis that provides the equivalent

performance and simulation of racks and racks of servers, including:

40 Gigabits per second of blended stateful application traffic

30 million concurrent TCP sessions

1.5 million TCP sessions per second

600,000+ complete TCP sessions per second

80,000+ SSL sessions per second

100+ stateful applications

4,500+ live security strikes

BreakingPoint Resources

Hardening cyber infrastructure is not easy work, but nothing that is this

important has ever been easy. Enterprises, service providers, government

agencies and equipment vendors are under pressure to establish a cyber

infrastructure that can not only repel attack but is resilient to application

sprawl and maximum load. BreakingPoints Cyber Tomography Machine

(CTM) provides the technology and solutions that allow these organizations

to create a hardened and resilient cyber infrastructure. BreakingPoint also

provides the very latest industry resources to make this process that much

easier, including Resiliency Methodologies, How-to Guides, white papers,

webcasts, and a newsletter. To learn more, visit

www.breakingpoint.com/resources.

BreakingPoint Labs Community

Join discussions on the latest developments in hardening cyber

infrastructure. BreakingPoint Labs brings together a diverse community of

people leveraging the most current insight to harden cyber infrastructure to

withstand crippling attack and high-stress application load.

Visit www.breakingpointlabs.com.

Contact BreakingPoint

Learn more about BreakingPoint

products and services by contacting a

representative in your area.

1.866.352.6691 U.S. Toll Free

www.breakingpoint.com

BreakingPoint Global Headquarters

3900 North Capital of Texas Highway

Austin, TX 78746

email: [email protected]

tel: 512.821.6000

toll-free: 866.352.6691

BreakingPoint EMEA Sales Office

Paris, France


tel: + 33 6 08 40 43 93

BreakingPoint APAC Sales Office

Suite 2901, Building #5, Wanda Plaza

No. 93 Jianguo Road

Chaoyang District, Beijing, 100022, China


tel: + 86 10 5960 3162

breakingpoint how to test ipv4ipv6 dual-stack methodology

Documents

breakingpoint logo

dual stack ipv4ipv6

respective owners

security fuzzing

designated successor

ip standard

stability of network

wholesale conversion