1 / 18

TAHI IPsec test suites

TAHI IPsec test suites. Mar 30,2000 at IETF47-ipsecwg Hiroshi HOSHINO TAHI Project http://www.tahi.org/. Introduction. TAHI Project: Objectives, Activities IPsec IPv6 ( and IPv4) conformance test. TAHI Project: Objectives. Developing verification technology for IPv6 and IPsec

sakura
Download Presentation

TAHI IPsec test suites

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. TAHI IPsec test suites Mar 30,2000 at IETF47-ipsecwg Hiroshi HOSHINO TAHI Project http://www.tahi.org/

  2. Introduction • TAHI Project: Objectives, Activities • IPsec IPv6 (and IPv4) conformance test

  3. TAHI Project: Objectives • Developing verification technology for IPv6 and IPsec • conformance test suites • interoperability test suites • Cooperating with KAME andcontributing quality improvement of IPv6 and IPsec implementation • Making our test suites freely available

  4. TAHI Project: Activities • IPv6 conformance test (about 400 tests) • IPv6 interoperability test (30 scenarios) • Test report • KAME (stable), Microsoft IPv6 (1.4b) • IPv6 interoperability test event in Japan (Sep,1999)

  5. IPsec IPv6 (and IPv4) conformance test

  6. IPsec IPv6 test spec. • Test coverage • AH or ESP, Transport-mode for a host orTunnel-mode for a router • Test examples • AH with mutable/immutable bit processing • ESP padding, ESP with ICV • fragmented packet with AH or ESP • About 50 tests for AH, 60 tests for ESP

  7. Experience with IPsec IPv6 test • Test for KAME (fbsd228+kame stable 20000214) • 97/100 tests result “PASS” • http://www.tahi.org/report/ • IPsec IPv6 conformance test in connectathon2000 (Mar,2000) • IBM-AIX 4.3.3 • Sun-Solaris

  8. IPsec IPv4 test spec. • Under development • Test coverage • AH or ESP, Transport-mode for a host orTunnel-mode for a router • Test examples • AH basic • ESP padding, ESP with ICV • About 15 tests for AH, 60 tests for ESP

  9. You are welcome • You are welcome to ask me for testing your implementation in IETF47 • Demonstration is also available • About the IPsec test • http://www.tahi.org/ipsec-demo/

  10. Contact points • Contact point • contact@tahi.org • http://www.tahi.org/ • Any feedback is welcome • Future plan being discussed

  11. The End

  12. Activities of TAHI • Conformance test • Interoperability test • Other activities of TAHI

  13. Conformance test suites spec. • Test coverage • IPv6 basic spec / Neighbor Discovery /Address autoconf / PathMTU / ICMPv6 /IPv6 over IPv4 tunnel / IPsec IPv6 • over 200 (6hours) tests for host and for router • Automated verification • Generating HTML based test results and log

  14. Interoperability test suites • Test scenarios • for host: IPv6 basic spec • for router: RIPng, BGP4+ • IPsec IPv6 • Test tools • packet analyzer, traffic generator • http://www.tahi.org/inop/

  15. Other activities of TAHI • Test report • KAME (by monthly) • Microsoft Research IPv6 (1.4 beta) • http://www.tahi.org/report/ • Interoperability test event in Japan (Sep,99) • 3com, Cisco, Ericsson, ETRI, GAYDYADE, IMAG, Microsoft, Toshiba, Hitachi, NEC, Fujitsu, Matsushita, Yamaha, NTT Software, PFU,TITECH, Linuxv6 • Provided the overview of the test results to IESG

  16. IPsec test spec. • Requirements to a target implementation • IPsec ICMP echo request and reply (no test with UDP, TCP) • off-link IPsec communication with Global address (no test with link-local address) • manual key management (no test with IKE) • IPv6 (and IPv4) (under developing for IPv4)

  17. Conformance Test System Architecture

  18. Element of the conformance test suites • Hardware:IBM PC • CPU: AMD-K6 200MHz Memory: 128MB • Network I/F:Ethernet, 10/100BaseT • OS: FreeBSD2.2.8, 3.2, 3.3, 3.4 • Conformance Test Tool • C++ and Perl5 (25,000 + 5,000 step) • OpenSSL0.9.2b • Conformance Test • Perl5 and original packet definition language (40,000 + 30,000 step)

More Related