Guest

Enterprise IPv6 Solution

Cisco Position on the RIPE-501 Document

  • Viewing Options

  • PDF (135.6 KB)
  • Feedback

Executive Summary

The Internet industry has fully embraced the idea that the transition to IPv6 must be started now in a reaction to the advent of the Internet Assigned Numbers Authority (IANA) IPv4 pool exhaustion.
As the IP layer is updated, the transition from IPv4 to IPv6 affects the entire range of protocols and services. As a result, the scope of the transition is so broad that guidance from key players of the Internet community is welcome.
A number of IPv6 profiles have already been published to help a specific community or the entire IPv6 user base: the IPv6 Ready Logo Program, the Joint Interoperability Testing Command (JITC), and the United States government profile (USGv6). They are widely adopted.
In an effort to serve the entire IPv6 community and to offer a deployment oriented, wide-scope profile, the Réseaux IP Européens (RIPE) IPv6 working group has now issued its own profile, RIPE-501.
After careful analysis of the RIPE-501 profile, Cisco is expressing its support for the following reasons:

• The set of features listed is deployment oriented and takes into account architectures that have been validated by experience.

• The profile does not restrict itself to a small set of core IPv6 features.

• The document lists a coherent set of IPv6 features that are likely to help the industry deploy IPv6 at a faster pace.

What Is RIPE-501?

RIPE-501 is a document issued by the RIPE IPv6 working group that proposes to facilitate the establishment of a baseline for IPv6 requests for proposal (RFPs). With this baseline in hand, IT managers are equipped with a corpus of the most needed IPv6 features. When asking for compliant products, they won't have to dedicate time and effort to pick themselves in the body of IPv6 IETF standards.
The RIPE document proposes three approaches based on other preexisting certification programs:

• The first approach is based on the National Institute of Standards and Technology (NIST)/USGv6 profile and is indeed the most comprehensive in terms of scope. It includes a number of IPv6 protocols on top of the base IPv6 requests for comment (RFCs). It is the most pragmatic as it creates its own mix of IPv6 RFCs based on the authors' practical experience. In an effort to avoid reducing the list of fully compliant vendors to a small number (if any), the set of requirements is more targeted than the USGv6 list.

• The second approach references the IPv6 Logo program. Above and beyond the most popular IPv6 core specifications, the Logo Committee proposes a number of other tests (Dynamic Host Configuration Protocol [DHCP], Session Initiation Protocol [SIP], Internet Key Exchange Version 2 [IKEv2], and so on). To date only the core specifications test is widely adopted by the industry, and a large number of vendors have been certified. The other specifications are less popular, and very few vendors support them.

• The third approach proposes to mix the above two approaches and allows the IT manager to decide which IPv6 features are critical. This is the most flexible option, as a lot of decisions are left to the IT manager.

RIPE-501 defines multiple categories of products with associated IPv6 requirements that are similar to the USGv6 specification:

• Hosts

• Consumer-grade Layer 2 switches

• Enterprise/service provider Layer 2 switches

• Firewalls, intrusion detection systems

Cisco being a provider of all the above-mentioned types of IPv6 products, the RIPE-501 document has a major relevance to Cisco and is taken seriously.

Cisco Position Regarding the RIPE-501 Document

Given Cisco's commitment to standards and its pioneer involvement in IPv6, Cisco supports the RIPE-501 document as a good way to foster IPv6 adoption. It should be noted that a number of Cisco engineers have been involved in the initial RIPE-501 version review process.
Cisco products that are affected by RIPE-501 requirements are generally compliant to a very large extent. When a specific capability is not available, Cisco is putting a plan in place to close the gap.
Cisco has however a number of minor reservations concerning the RIPE-501 document in its current form.

• RIPE-501 does not express a preference for any one of the three options proposed, and as a result, the selection process remains vague. We would prefer that option one be the preferred direction, with options two and three listed as fallback positions. That would provide industry with a clear direction.

• In option 1, RIPE-501 cherry-picks requirements from USGv6 and then adds its own without enough justification. We think that weakens the credibility of the document.

• A number of factual errors relating to RFC choices and descriptions need to be fixed or clarification must be provided.

In an effort to address the above-mentioned points, we (Cisco engineers) will be happy to volunteer to contribute toward an updated version of this document. While we believe that what is there now is a good start, there are some important clarifications that we'd like to suggest for an upcoming revision.

Cisco Involvement in Certifications

Cisco is a pioneer and leader in support of the certification effort. Since 2002, Cisco has continually submitted its products to certification bodies: the IPv6 Ready Logo Program, U.S. Department of Defense (DoD) JITC, and recently USGv6.
JITC certified Cisco products are listed here: http://jitc.fhu.disa.mil/apl/ipv6.html
USGv6 certified Cisco products are listed here: https://www.iol.unh.edu/services/testing/ipv6/usgv6tested.php