IPv6 Forum Education Certification Logo Program
(Course / Engineer / Trainer / Certified Certification /
Security / Administrator / Train-The Trainer )
V6.6.7
(2013-05-22)
IPv6 FORUM
1
IPv6 Education Certification Logo Program
MODIFICATION RECORD















14 March 2010: Document Created by Latif Ladid
31 May 2010: Modified by Selvakumar Manickam on Section 5.
15 June 2010: Edited by Latif Ladid
29 June 2010: Edited by Latif Ladid
14 August 2010: Edited by Latif Ladid
20 August 2010: Edited by Latif Ladid
13 June 2011: Edited by Salman Asadullah
07 February 2012: Edited by Latif Ladid
14 May 2012: Edited by Latif Ladid
25 May 2012: Edited by Latif Ladid
06 October 2012: Edited by Mukom Akong Tamon
08 October 2012: Edited by Latif Ladid
30 November 2012: Edited by Latif Ladid
18 February 2013: Edited by Yurie Rich
18.05.2013 Edited by Latif Ladid
IPv6 FORUM
2
IPv6 Education Certification Logo Program
ACKNOWLEDGMENTS
The IPv6 Forum would like to acknowledge the efforts of the following individuals and
organizations in the development of this specification.
Principle Authors:
Latif Ladid, IPv6 Forum
Selvakumar Manickam, Nav6 Penang Malaysia
Salman Asadullah, Cisco Systems
Commentators:
Prof Dr.Sureswaran Ramadass, Nav6 Penang Malaysia
Yanick Pouffary, General Chair, IPv6 Programs
IPv6 Forum Certified Certification Development Team:
Chip Nielsen, Cisco Systems
Srinivasa Neppalli, Cisco Systems
Jim Bailey, Cisco Systems
Harold Ritter, Cisco Systems
Salman Asadullah, Cisco Systems
Security Program Contributors
Fred Bovy, fredbovy.com
Chip Popoviciu, Nephos6
Selvakumar Manickam, Nav6
Chip Nielsen, Cisco Systems
Salman Asadullah, Cisco Systems
Systems Administrators Program
Mukom Akong Tamon – African Network Information Center (AFRINIC Ltd)
Nishal Goburdhan (AFRINIC)
Owen Delong (Huricane Electric)
Daniel Shaw (AFRINIC)
Train-The-Trainer Program
Yurie Rich, COO, Nephos6, USA
Victor Tang, CEO, Progreso, Singapore
Web site & Database
Aurel Machalek, web site and art work, University of Luxembourg
Christoph Ooi, Database, Nav6 Penang Malaysia
IPv6 FORUM
3
IPv6 Education Certification Logo Program
INTRODUCTION
The IPv6 Forum IPv6 Education Logo Program prime objective is to encourage and accelerate
the education and training on IPv6 and promote thereby swifter adoption of IPv6 in the
education curriculum and programs of the universities, research institutes, vendors and training
specialists.
A recent survey on IPv6 training and studies at universities have demonstrated that IPv6
training and courses are way too embryonic to have any critical impact:
http://www.training4ipv6.eu/index.php/blog
Patching IPv6 with IPv4 thinking would be just extending the IPv6 address space to the Internet
and not fully exploiting the rich set of new features still invisible to the normal engineer.
Deploying IPv6 without upfront integration of the many built-in features such the IPv6 security
and privacy protocols would be re-doing the same mistake done in the deployment of IPv4. This
is even defeating the prime purpose of fixing things like security in the Internet.
It is estimated that some 20 million engineers are working on the current Internet worldwide at
ISPs, corporate and all other public and private organisations and they will need training on IPv6.
This is a gigantic task since it’s the first upgrade of the Internet and most probably the last one
for decades to come.
The IPv6 Education Logo Program is a program intended to increase practical engineering
expertise and hands-on knowledge to tackle this large undertaking ahead of us extending
thereby user confidence by demonstrating that IPv6 will be deployed by qualified engineers.
The IPv6 Education Logo Program currently consists of following programs:
1. 1 - Program
•
Phase I: Phase I will target mainly 5-10 days courses
Basic Curriculum Profile (Silver)
- Advanced Curriculum Profile (Gold)
•
Phase II: Phase II will be a detailed course program for universities (BA, MsC, PhD).
•
Phase III: Future Curriculum Programs (Diamond)
2. 2 - Target Audiences (TA):
•
TA 1 - Universities - Institutes - Research Centres
•
TA 2 - Vendors
•
TA 3 - Training Institutes & Specialists
•
TA 4 - Train the Trainer Program (IPv6 Experts)
•
TA 5 - Students & Engineers Certification - Examination Profiles of TA 1-2-3-4
3. 3 - Course Profile Definition:
•
TA 1: Universities: (Definition of curriculum profiles)
IPv6 FORUM
4
IPv6 Education Certification Logo Program
•
•
•
Basic
Advanced
TA 2: Vendors
Basic
Advanced
TA 3: Training Specialists
Similar to TA 2
TA 4: Train the Trainer
Advanced
IPv6 FORUM
5
IPv6 Education Certification Logo Program
Contents
MODIFICATION RECORD..............................................................................................................2
ACKNOWLEDGMENTS .................................................................................................................3
INTRODUCTION ...........................................................................................................................4
1.
Foreword .............................................................................................................................8
2.
IPv6 Education Certification Logo Program ..........................................................................9
2.1.

General .........................................................................................................................9
Certified Course & Systems Administrator (Gold) ............................................................9
.................................................................................9
..............................................................................................................................................11
3.
Curriculum Outline ............................................................................................................11
3.1.
IPv6 Forum Certified Course & Network Engineer (Silver) ...........................................11
3.1.1.
Prerequisites ........................................................................................................12
3.1.2.
Course Outline .....................................................................................................12
3.2.
IPv6 Forum Certified Course & Network Engineer (Gold) ............................................13
3.2.1.
Prerequisites ........................................................................................................13
3.2.2.
Course Outline .....................................................................................................14
3.3.
IPv6 Forum Certified Trainer Network Engineer (Gold) ................................................15
3.3.1.
IPv6 Forum Certified Trainer (Gold) ......................................................................15
3.3.2 IPv6 Forum Train-the-Trainer Trainer (Gold)
3.4.
............................................17
IPv6 Forum Certified Certification ...............................................................................18
3.4.1.
Prerequisites ........................................................................................................18
3.4.2.
Application Process ..............................................................................................18
3.4.3.
Exam Topics .........................................................................................................19
3.4.4. IPv6 Forum Certified Certification (Silver) ................................................................19
3.4.5. IPv6 Forum Certified Certification (Gold) .................................................................21
3.5 IPv6 Forum Certified Security Course, Engineer, Trainer & Certification (GOLD) ..............22
3.5.1 Requirements for the Gold IPv6 Security Course Content .........................................23
IPv6 FORUM
6
IPv6 Education Certification Logo Program
3.5.2. Requirements for the Gold IPv6 Security Course Trainer Certification ......................26
3.5.3. Requirements for the Gold IPv6 Security Engineer Certification ...............................26
3.5.4. Requirements for the Gold IPv6 Security Certified Certification ...............................26
3.5.5. Application Process ..................................................................................................26
3.6.
IPv6 Forum Certified Course & Systems Administrator (Gold) .....................................27
...............................................................................27
3.6.1.
Prerequisites ........................................................................................................27
3.6.2.
Course Outline .....................................................................................................28
3.7 IPv6 Forum Certified Systems Administrator Trainer (Gold) .............................................29
3.8 IPv6 Forum Certified Systems Administrator Certification ...............................................30
4.
5.
Procedure to obtain the v6 Education Logo .......................................................................30
4.1.
General ......................................................................................................................30
4.2.
Procedure to obtain the v6 Education Logo ................................................................30
Terminology ......................................................................................................................31
6. Future Programs....................................................................................................................31
6.1 IPv6 Forum Certified Programmer ...................................................................................31
6.1.1 Prerequisites .............................................................................................................31
6.1.2 Course outline ..........................................................................................................32
IPv6 FORUM
7
IPv6 Education Certification Logo Program
1.
Foreword
Changes to this specification are subject to public review and approval by the IPv6 Forum IPv6
Education Logo Steering Group (v6ELSG).
Version x.y.z
Where:
x
the first digit:
1
presented to v6ELSG for information;
2
presented to v6ELSG for approval;
3
or greater indicates v6ELSG approved document under change control.
y
the second digit is incremented for all changes of substance, i.e. technical
enhancements, corrections, updates, etc.
z
the third digit is incremented when editorial only changes have been
incorporated in the document.
The present document describes the IPv6 Education Logo Program. This document is the result
of consensus between the IPv6 Education Steering Group (v6ELSG) members and industry
review
IPv6 FORUM
8
IPv6 Education Certification Logo Program
2.
IPv6 Education Certification Logo Program
2.1.
General
The IPv6 Forum Education Logo Program objective is to encourage and accelerate uptake of
expertise to guarantee a solid deployment and adoption of IPv6 by web site owners, ISPs and
content providers as well as design of new IPv6 apps.
The IPv6 Education Logo (v6ELogo) Program goal is to increase engineering quality by certifying
solid curricula and recognize educated engineers.
The IPv6 Education Logo Program consists, of the following sub-programs:
IPv6 Education Logo Program
•
Certified Certification
•
•
IPv6 Trainer Logo Program
Certified Security Course, Engineer, Trainer & Certification (GOLD)

•
Certified Course & Systems Administrator (Gold)
IPv6 Train The Trainer Program
IPv6 FORUM
9
IPv6 Education Certification Logo Program
The IPv6 Forum has created the IPv6 Education Steering Committee (v6eSG), to manage the
IPv6 Education Logo Program.
The IPv6 Education Steering Group mission is to help support IPv6 Education and Training.
The IPv6 Education Logo Steering Group (v6eSG) is structured as follows:
•
IPv6 Forum President, Latif Ladid
•
IPv6 Forum (Ready/Enabled/Education) Logo Programs Chairperson, Yanick Pouffary,
IPv6 Forum Fellow
•
IPv6 Enable Logo Steering Group Chairperson, Liu Dong, Chair China IPv6 Council /
BII Group
•
IPv6 Education Logo Steering Group Chairperson, Dr. Sures Ramdass / Selvakumar
Manickam, IPv6 Forum Malaysia – Nav6, Co-chair Salman Asadulah, IPv6 Forum
Fellow, Cisco Distinguished Engineer
•
IPv6 Ready Logo Committee Chairperson, Hiroshi Esaki, Executive Director Japan
IPv6 Promotion Council (v6PC) / WIDE Project
•
IPv6 Ready Logo Legal/Operational, Cesar Viho, IPv6 Ready Logo Operational / IPv6
Forum Fellow / IRISA
•
IPv6 Enable Logo Technical Lead IPv6 Enable ISP logo, Hiroshi Miyata, IPv6 Ready
Logo Technical Lead / IPv6 Forum Fellow / TAHI Project
•
IPv6 Enable Logo Advisor, Erica Johnson, IPv6 Ready Logo Regional Officer / IPv6
Forum Fellow / UNH IOL
The v6eSG is responsible for:
•
Defining procedures, regulations and steps for the v6eLogo program.
IPv6 FORUM
10
IPv6 Education Certification Logo Program
•
•
Defining the strategy for deploying the IPv6 Education Logo Program
Administering the right to use the IPv6 Education Logo.
Final approval of the IPv6 Education procedures and scripts is done by the IPv6 Education
Certification Logo Chairperson, the IPv6 Ready Logo Chairperson and IPv6 Forum President.
The IPv6 Education Logo ID data base and the IPv6 Education Web pages are administered
mainly by the IPv6 Forum.
In order to maintain credibility and neutral services among vendors and users, the member
that support IPv6 Education Logo Steering Group operates according to the IPv6 Ready
Logo Program Code of Conduct
http://www.ipv6ready.org/docs/v6LC_Code_of_Conduct.pdf and are tied by a signed Non
Disclosure Commitment.
3.
Curriculum Outline
All the training courses are delivered via instructor-led approach with hands-on lab.
•
Instructor-Led Training:
Set in an interactive classroom environment, the instructor will introduce concepts
and guide students with detailed explanations and interesting examples to meet the
student expectations and requirements and at the same time keep the students
engaged.
•
Hands-on Lab:
Step-by-step hands-on labs with detail instructions and guide are provided to
reinforce all key concepts. It allows the student to reinforce concepts by performing
the tasks they have just learned.
As these are certification programs, candidates are required to pass both the written and
hands-on evaluation to qualify for the certificate.
3.1.
IPv6 Forum Certified Course & Network Engineer (Silver)
Plan and Implement IPv6 in a Multi-Vendor, Commercial Environment.
You will learn to:
•
Implementing new networking software and devices to support IPv6.
•
Implementing auto-configuration to manage IPv6 addresses.
IPv6 FORUM
11
IPv6 Education Certification Logo Program
•
•
Configure the different IPv6 migration tools as tunnelling in order to facilitate the
transition.
Obtain and configure upgrades for common operating systems.
3.1.1. Prerequisites
A good knowledge of general networking concepts is assumed. IPv4 is reviewed as it is
compared and contrasted with IPv6, but experience on IPv6 is not critical.
Note: Certified Network Associate (CCNA) level of expertise or similar would be an added
advantage.
3.1.2. Course Outline
The Internet Protocol
•
Introduction to IP
•
Internet as a Datagram Network
•
Internet as a Connectionless Network
•
IPv6 Technical Features
•
Differences between IPv4 and IPv6
•
Address Space
•
Quality of Service and Routing Efficiency
•
Plug and Play
•
Mobility
•
Security
IPv6 Address Architecture and Scheme
•
Notation of IPv6 addresses
•
Types of addresses
•
IPv6 Addressing Schemes
•
A case study of IPv6 addressing scheme
OS IPv6 Configuration
•
Windows
•
Linux
•
BSD Configuration Information
IPv6 Device Configuration
•
Autoconfiguration
- Stateless autoconfiguration
- Stateful autoconfiguration
- Duplicate address detection
IPv6 FORUM
12
IPv6 Education Certification Logo Program
-
Address Resolution
Neighbour discovery procedures
Neighbour solicitation messages
Neighbour advertisement messages
Introduction to Routing
•
Introduction Static Routing
•
Introduction Dynamic Routing
•
Hands on (Static Routing
Translation Mechanisms
•
CGN
•
NAT44
•
NAT444
•
AFT
Introduction to Tunneling
•
6-to-4
•
6-in-4
•
6-r-d
•
Isatap
•
Teredo
3.2.
IPv6 Forum Certified Course & Network Engineer (Gold)
Plan and Implement Advanced IPv6 in a Multi-Vendor, Commercial Environment.
You will learn to:
•
Generate and test IPv6 packets in a network.
•
Plan and manage the migration of your network to IPv6.
•
Implementing new networking software and devices to support IPv6.
•
Install and configure associated network services such as DNS and routing protocols.
•
Update and configure common networking applications such as email and Web
servers.
•
Configure routers and dual stack.
3.2.1. Prerequisites
A good knowledge of general networking concepts is assumed. Certified IPv6 Network Engineer
IPv6 FORUM
13
IPv6 Education Certification Logo Program
(CNE6) Level 1 or similar level is necessary to pursue this training program.
3.2.2. Course Outline
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
IPv6 Packet Generation
Understanding scapy6
Crafting packets
Testing with various configurations
IPv6 Packet Detection
Understading SNORT IPv6 Capabilities
Native IPv6
IPv6 over Tunnels
IPsec
IPv6 IPsec overview
Security policies and security associations
IPsec tunneling
IPsec Framework
Authentication header
Encapsulating security payload
ESP transport mode
ISAKMP/IKE
- Internet key exchange IPv6 IPSec in a Windows environment
- Microsoft symmetric key authentication
- Setting up the IPSec tunnel
•
•
•
•
•
•
•
•
IPv6 Integration
Header translation
Tunnel Brokers
Teredo Tunneling
6-in-4 Tunneling
6rd
ds-lite
Steps to migrate to IPv6
Hardware
Software
 Operating System (OS)
 Windows Vista/7/2008 Server
 Linux
 Mac OS
 Legacy OS
DNS
Web
E-mail
IPv6 FORUM
14
IPv6 Education Certification Logo Program
•
•
3.3.
Name Service in IPv6
IPv6 and DNS
AAAA and A6 records
Reverse lookup in IP.ARPA
DNS Setup
Routing protocols
Dynamic routing and its advantages over the static routing
RIPng
OSPFv3
ISIS for IPv6
BGP4+
DHCPv6
Stateful address management
Stateless address management
Manual address management
IPv6 Forum Certified Trainer Network Engineer (Gold)
IPv6 Forum will certify and qualify trainers to teach IPv6 Forums’ instructor-led courses. The
train-the-trainer (TTT) program (see TTT Program below) covers the standard syllabus with an
addition of 1-day trainer’s training that will cover the following:
1. Know-how on setting up IPv6 network.
2. Configuring servers to support and enable IPv6 connectivity.
3. Advanced knowledge required for the trainer.
4. Additional evaluation catered specifically for trainer candidates.
3.3.1. IPv6 Forum Certified Trainer (Gold)
Successful completion of the IPv6 Forum Train-the-Trainer (TTT) program will provide
candidates with credentials as an IPv6 Forum Trainer, with rights to teach the IPv6 Forum
Certified Course (Silver) and IPv6 Forum Certified Course (Gold). The process for obtaining
Trainer certification is similar to the process for most other major IT certifications:




Demonstrated knowledge of the IPv6 subject matter covered in Silver and Gold courses
Demonstrated knowledge of the IPv6 Forum Certification program
Demonstrated ability to deliver IPv6 instructional materials from the Silver and Gold
courses
Demonstrated capability to configure and integrate IPv6 capabilities on legacy IT
infrastructure
Pre-requisites
IPv6 FORUM
15
IPv6 Education Certification Logo Program
Certified TTT programs should ensure each trainer candidate meets the following requirements:
1. Current IPv6 Forum Certified Network Engineer (Gold) – must be verified in the IPv6
Forum database
2. At least one current certification in network or systems engineering
a. Examples of acceptable certifications are MCTS, CCNA, MASE, RHCE, CompTIA
Network+, JNCIA-Junos, or comparable certification
b. The purpose of this requirement is to demonstrate foundational knowledge of IP
networking concepts and related technologies
3. Completed IPv6 Forum trainer application – Applications are provided by the IPv6
Forum and collect basic candidate data. This information will be used for registration
upon successful completion of the TTT course, as well as statistical evaluation of the
IPv6 Forum’s program.
Preferences
The IPv6 Forum TTT is not designed to develop skills as a public presenter and technical trainer.
Organizations certified to offer TTT should strive to have candidates with previous experience
teaching technical courses, and certification as an instructor (such as a CCSI) or experience
teaching in a vocational or collegiate environment are highly encouraged.
Candidates are also encouraged to have practical experience working in an IT environment,
regardless of whether that experience is in a service provider, ISP, or enterprise. The IPv6
Forum program is most effective when taught in the context of integration into, and transition
from, legacy (IPv4-only) environments.
Evaluation Criteria
Certified TTT programs will instruct candidates on the IPv6 Forum Engineering certification
requirement, provide opportunities to demonstrate their knowledge of IPv6 through
presentation and practicum exercises, and affirm the depth of their IPv6 understanding by
completing standard IPv6 certification exams at higher "cut score" than those of normal
certification exam takers.
Evaluation Criteria
1. Demonstrable knowledge of IPv6
a. Candidates must take and pass the IPv6 Silver and Gold Exams with a score of 90%
or better
b. Deliver two (2) 20 - 30 minute presentation on IPv6 subject from the certification
materials. One topic will be from the Silver certification topics (see section 3.1.2).
The second from the Gold certification topics (see section 3.2.2). Candidates
IPv6 FORUM
16
IPv6 Education Certification Logo Program
may choose one of the topics. The other will be randomly selected by the TTT
instructor.
i. Candidate presentations will be evaluated based upon the following
criteria:
1. Accuracy of information provided
2. Completeness of topic coverage compared to IPv6 Forum
requirements
3. Ability to handle student questions
4. Presentation skills
2. Lab Program Review
a. Although there are not lab platforms specified in the IPv6 Forum requirements,
candidates should be familiar with the course lab environments from which they
will provide instruction.
b. Candidates should be able to demonstrate proficiency in provisioning IPv6 in
standard IT infrastructure, which at minimum should include:
i. Enabling IPv6 on host, server, and routing platforms
ii. Configuring IPv6 addresses on IT device interfaces (dual stack)
iii. Enabling SLAAC
iv. Enabling DHCPv6
v. Supporting IPv6 in DNS
vi. Enabling a manual tunnel
vii. Enabling another transition mechanism
viii. Enabling a IPv6 in a routing protocol
3. IPv6 Forum Certification Requirements
a. Candidates must be familiar the IPv6 Forum certification program and
requirements. This knowledge should not be limited to the Certified Engineer
(Silver) and Certified Engineer (Gold) programs, but also include the
requirements for Security (Gold), IPv6 Administrator, and any other programs
that may be developed.
b. Review should include content required for each certification level,
Upon successful completion of TTT course, certifying organization/individual will register the
candidate with the IPv6 Forum.
3.3.2 IPv6 Forum Train-the-Trainer Trainer (Gold)
Organizations or individuals wishing to be certified as a trainer for IPv6 Forum TTT courses must
meet the following requirements:
1. Be a Certified Engineer (Gold)
IPv6 FORUM
17
IPv6 Education Certification Logo Program
2. Be a Certified Trainer
3. Have IPv6 Forum Silver and Gold certified courseware, or access to courseware from a
certified organization or individual
4. Have conducted at least five (5) IPv6 Forum Certified Network Engineer Silver and/or
Gold courses
5. Have, or have access to, Certified Certification (IPv6 Forum exam for certification)
6. Submit an application which outlines qualifications and experience developing
vocational or educational training staff
Applications will be evaluated by a team comprised of members of the IPv6 Forum Education
Logo Program.
3.4.
IPv6 Forum Certified Certification
The IPv6 Forum Certified Certification program will certify vendor certifications that assess IPv6
expertise per IPv6 Forum’s specification.
Two levels of certification are provided by the IPv6 Forum Certified Certification program. Silver
certifications will include beginner and intermediate IPv6 topics. Gold certification will include
topics of all skill levels including advanced IPv6 topics.
This specification provides mandatory topics and optional subtopics required to obtain IPv6
Forum Certified Certification status.
3.4.1. Prerequisites
Prior to receiving IPv6 Forum Certified Certification status, the vendor education web site must
be reachable via IPv6. Please refer to Section 5 for details on the IPv6 Education WWW Logo
program.
3.4.2. Application Process
The following information is required to apply for IPv6 Forum Certified Certification:
1.
Primary contact information
2.
Certification program name
3.
Certification program objective
4.
Publicly available exam blueprint URL
5.
If applying for IPv6 Forum Certified Certification (Silver)
IPv6 FORUM
18
IPv6 Education Certification Logo Program
a.
b.
6.
Please list the topics covered in the written exam from section 3.4.4.
Please list the topics covered in the lab exam (if applicable) from section
3.4.4.
If applying for IPv6 Forum Certified Certification (Gold)
a.
Please list the topics covered in the written exam from section 3.4.4 and
3.4.5.
b.
Please list the topics covered in the lab exam (if applicable) from section
3.4.4 and 3.4.5.
3.4.3. Exam Topics
In order to be certified as an IPv6 Forum Certified Certification (Silver), the required exams
must cover all mandatory exam topics in section 3.4.4. The sub topics are “Optional” but are
included for reference. These sub topics can be used as guidelines, but are not mandatory to
meet the specification.
In order to be certified as an IPv6 Forum Certified Certification (Gold), the required exams must
cover all mandatory exam topics in section 3.4.4 and section 3.4.5. As with the Silver program,
the sub topics in the Gold section are optional and included for reference.
Mandatory exam topics (highlighted in bold) must be covered in both written and lab exam (if
applicable).
3.4.4. IPv6 Forum Certified Certification (Silver)
•
IPv6 Introduction
IPv6 packet format
 Header fields
 IPv6 extension headers
ICMPv6
 Message types
Differences between IPv4 and IPv6
Address space
•
IPv6 Address Architecture and Scheme
Notation of IPv6 addresses
Types of addresses
IPv6 FORUM
19
IPv6 Education Certification Logo Program
-
•
•
•
•
•
IPv6 addressing schemes
 EUI-64
 Random addressing (RFC 4941)
 Manual addressing
 Address lifetimes
IPv6 Device Configuration
Autoconfiguration
 Stateless autoconfiguration
 Stateful autoconfiguration
 Privacy extensions (RFC 4941)
Duplicate address detection
Address resolution
 Differences between IPv4 ARP and IPv6 ND
Neighbor discovery procedures
 Default router selection
Neighbor solicitation messages
 Router solicitation
 Neighbor solicitation
 Inverse neighbor solicitation
Neighbor advertisement messages
 Router advertisement
 Neighbor advertisement
 Inverse neighbor advertisement
Operating system details/specifics
DHCPv6
Stateful address management
Stateless address management
Manual address management
Introduction to Tunneling
6-in-4 Tunneling
Tunnel Broker
6RD
Name Service in IPv6
IPv6 and DNS
AAAA records
DNSSEC
Reverse lookup in IP6.ARPA
DNS Setup
 Dual stack MX records
Introduction to IPv6 Security
Perimeter security
Packet filtering
Unmonitored IPv6 risks and mitigation
First hop security
IPv6 FORUM
20
IPv6 Education Certification Logo Program
•
•
 Rogue Router Advertisement Guard
Introduction to IPv6 Network Management
SNMPv3
IPv6 Impact to Applications
Application best practices
Dual stack hosts
3.4.5. IPv6 Forum Certified Certification (Gold)
•
•
•
•
IPv6 Tunneling and Translation Mechanisms
NAT44
NAT64
AFT
DS-Lite
6PE/6VPE
NAT-PT Deprecation (RFC 4966)
ALG / Proxy
ISATAP
Teredo
6to4 Tunneling/6rd
Operating system details/specifics on how tunneling is handled
Routing Protocols & MPLS
Static routing
RIPng
ISIS for IPv6
BGP4+
OSPFv3
6VPE
Operating system details/specifics on how routing is handled
Network Management
IPv6 information retrieval
Fault management
Performance management
Configuration management
Availability management
Operating system details/specifics on how network management is handled
IPv6 Multicast
IPv6 FORUM
21
IPv6 Education Certification Logo Program
•
•
•
IPv6 multicast address format
Protocol Independent Multicast (PIM)
Multicast Listener Discovery (MLD)
Embedded Rendezvous Point (RP)
Operating system details/specifics on how multicast is handled
IPv6 Mobility
Basic operations
Operating system details/specifics on how mobility is handled
IPv6 Security
IPsec over IPv6
IKEv2
IPsec digital certificates
Operating system details/specifics on how security is handled
IPv6 Troubleshooting
Basic troubleshooting methodology/plan
Packet sniffing and analysis
Use of ipconfig/ifconfig, ping/ping6, traceroute/traceroute6
Troubleshooting routing/tunneling/vpn/translation
Troubleshooting LAN/WAN environments
Troubleshooting dual-stack host issues
Troubleshooting application issues
3.5 IPv6 Forum Certified Security Course, Engineer, Trainer & Certification
(GOLD)
The IPv6 Forum Certified Security Program (Security Course, Security Engineer and Security
Trainer, Security Certification) expands the IPv6 Forum Gold certification programs in an area of
very high importance to the IPv6 deployment and IPv6 operation teams as security is one of the
most often cited concerns with the IPv6 enablement. IPv6 transition also presents a unique
opportunity for IT organisations to implement comprehensive security architecture from day
one.
The program defines and enforces a high standard for education and skills accreditation in the
IPv6 Security specialty.
The program standardises:
IPv6 FORUM
22
IPv6 Education Certification Logo Program
•
•
•
•
The requirements for an IPv6 Security course to be deemed complete and
competitive in providing the requisite information
The requirements for a Trainer to be deemed ready to deliver an IPv6 Security class
effectively and with the necessary practical competency
The requirements for an Engineer to demonstrate the level of expertise and
competency necessary to be an effective IPv6 Security specialist.
The requirements for an expert level industry certification to obtain IPv6 Security
certified certification status.
The standards defined by this program are enforced through the process of certification of IPv6
Security course content, of IPv6 Security trainers, IPv6 Security certification and of IPv6 Security
engineers.
3.5.1 Requirements for the Gold IPv6 Security Course Content
To be eligible for the IPv6 Forum Gold “Security Course” certification, the content of the IPv6
security course must be reviewed against the requirements listed in this section. The review is
conducted by IPv6 subject matter experts identified by the IPv6 Forum.
3.5.1.1 Course objectives
The IPv6 Security Course provides the students with the knowledge needed to understand the
IPv6-specific aspects of IT security, the security implications of enabling IPv6 in the environment
and the operational aspects of managing, from a security perspective, an IT environment during
the transition to IPv6. It is important for the course to not limit the content to network security
but cover multiple aspects of securing an IPv6 enabled IT environment. The course will provide
the current best practices in implementing and operating a complete IPv6 security lifecycle.
3.5.1.2 Course audience and recommended prerequisites
This course is targeted to IT security architects, design and operations engineers, IT
infrastructure architects, design and operations engineers, IT professional services engineers,
application developers and security compliance and governance professionals who want to get
an in-depth understanding of IPv6 security.
For an effective learning experience it is recommended that participants are familiar with IPv6
technology at least the level of IPv6 Forum Silver Engineer certification (or better). It is
recommended that participants are familiar with the fundamental concepts of IT security.
IPv6 FORUM
23
IPv6 Education Certification Logo Program
3.5.1.3 Knowledge acquired by the student when completing the course
IT security in general and IPv6 security in particular are vast topics. To meet the IPv6 Forum
Gold certification requirements the IPv6 Security course must at a minimum ensure that the
following knowledge is acquired by the students:
•
•
•
•
•
•
•
•
Scope of IPv6 Security in IT environment (from network to applications and from
processes to policies and governance)
IPv6 protocol architecture specific elements that impact or benefit IT security
Vulnerabilities that are IP version independent and their mitigation
Vulnerabilities that are IPv6 specific and their mitigation
Methods for performing IPv6 security assessment of an IT environment
Current IPv6 security best practices
Development and implementation of security policies
Key IPv6 considerations for IT security products (security control, security data
collection, security information and event management, vulnerability and patch
management) and requirements with respect to industry standards such as IPv6
Ready Logo, USG/NIST and RIPE501.
The key concepts are covered in a vendor independent context to avoid vendor specific
implementation or support constraints.
Hands on skills acquired by the student when completing the course: Along with the knowledge
provided through coursework, the Gold level IPv6 Security Course must help the student
develop the following minimum set of practical skills:
•
•
•
•
•
•
•
•
•
•
Capturing malformed IPv6 packets and identifying various threat vectors
Observe IPv6 based reconnaissance techniques and mitigate against them
Defining and implementing best practice policies for ICMPv6
Observe and mitigate ICMPv6 DDOS attacks
Updating security control (ACLs, policies, etc) for IPv6 on various infrastructure
equipment (switches, routers, appliances)
Observe and mitigate first hop security threats (RA protection, ND protection, etc.)
Implement control plane (routing protocol) protection mechanisms
Observe and mitigate security threats introduced by transition mechanisms (6to4,
Teredo, 6PE, 6VPE, DS-Lite, 6rd, etc.)
IPv6 securing hosts
Configure IPsec for IPv6
The key concepts are covered in a vendor independent context to avoid vendor specific
implementation or support constraints. The student should get hands on experience with
commonly used security/hacker IPv6 tools. Labs should cover both transition and steady state
scenarios.
IPv6 FORUM
24
IPv6 Education Certification Logo Program
3.5.1.4 Checklist of topics that must be covered by the course to qualify for Gold
certification
The following topics must be covered in the Gold IPv6 Security course. For each topic, the
material must cover the risk analysis, risk mitigation and best practices:
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
Myths and realities regarding IPv6 security
Security implications of IPv6 addressing architecture
Address and prefix size allocations
Address scoping
Privacy and Temporary Addresses
Cryptographically Generated Addresses
Special and Reserved addresses
Security implications of IPv6 packet format
Main header format
Extension headers
IPv6 and lower layer security mechanisms
802.1x
Layer 2 controls
First Hop security for IPv6
Neighbor Discovery (Protect ND State machine, SeND)
Router Discovery (Protect ND State machine, RA-Guard)
MLD Snooping
Securing IPv6 provisioning mechanisms
Stateless Address Autoconfiguration
DHCPv6 (Stateless, Statefull, PD)
Securing DNS
Securing IPv6 Routing Protocols
Securing IPv6 transport over MPLS networks
Securing multicast for IPv6
Securing IPv6 Transition Mechanisms
Security considerations for dual-sacked hosts
Security considerations for a virtualized compute infrastructure supporting IPv6
IPv6 security considerations for applications
Overview of IPv6 support in security products (FW, IPS, etc)
IPv6 security assessment considerations
Defining IPv6 security policies
Implementing and managing IPv6 security policies
IPv6 security hardening of infrastructure
IPv6 forensics
It is expected but not required that the Gold IPv6 Security courses will start with an IPv6
essentials refresher.
IPv6 FORUM
25
IPv6 Education Certification Logo Program
3.5.2. Requirements for the Gold IPv6 Security Course Trainer Certification
A candidate qualifies for the Gold IPv6 Security Course Trainer certification if he or she meets
the following requirements:
•
•
•
•
•
Holds the Gold IPv6 Engineer certification
Holds the Gold IPv6 Trainer certification
Holds the Gold IPv6 Security Engineer certification
Has been trained and evaluated by an IPv6 Forum approved Gold Certified IPv6
Security Trainer
Successfully delivered at least one Gold Certified IPv6 Security Course under the
observation of a Gold Certified IPv6 Security Trainer
No other industry certification is equivalent to the Gold IPv6 Security Trainer certification and
can be used to lieu of the IPv6 Security Trainer Certification Process.
3.5.3. Requirements for the Gold IPv6 Security Engineer Certification
A candidate qualifies for the IPv6 Forum Gold IPv6 Security certification if he or she holds an
active Gold IPv6 Engineer certification and one of the following requirements:
•
Successfully completes the IPv6 Forum Security certification exam administered by
an IPv6 Forum authorised testing organisation. The passing score is 75% or higher.
•
Obtains a certification, which has been approved by the IPv6 Forum as Gold IPv6
Security Certified Certification.
3.5.4. Requirements for the Gold IPv6 Security Certified Certification
In order to be certified as a Gold IPv6 Security Certified Certification, the required exams must
cover all topics listed in section 3.5.1.3 and section 3.5.1.4. The exam topics must be covered in
both written and lab exam (if applicable).
3.5.5. Application Process
The following information is required to apply for IPv6 Forum Certified Security Program:
7.
Primary contact information
8.
Certification program name
9.
Certification program objective
10.
If applying for IPv6 Forum Certified Security Course (Gold) list the topics covered in
section 3.5.1.4.
11.
If applying for IPv6 Forum Certified Security Engineer (Gold) see the requirements
section 3.5.3 and provide supporting details.
12.
If applying for IPv6 Forum Certified Security Trainer (Gold) see the requirements
section 3.5.2 and provide supporting details.
IPv6 FORUM
26
IPv6 Education Certification Logo Program
13.
If applying for IPv6 Forum IPv6 Security Certified Certification (Gold) see the
requirements in section 3.5.4 and provide supporting details.
3.6. IPv6 Forum Certified Course & Systems Administrator (Gold)
In most IT operations, the “Network Engineer and Architects” are typically different from the
“Systems Administrators or Engineers”, the former focusing on design, implementation and
maintenance of the network infrastructure while the Systems people implement the services
that run on that network.
To adhere to this dichotomy in real life as well as start emphasizing the need to build not just
IPv6 network infrastructure but also services that run on the network, we are proposing a
separate IPv6 certification for Systems Administrators.
Plan and securely implement Scalable IPv6 Services. After going through this course you will
learn to:
After finishing this course, participants should be able to:
 Analyse the impact of IPv6 on various core network services like DNS, Web Services,
Email, Network Management Systems and Automatic IP configuration provisioning.
 Install and configure core network services (DNS, Config Provisioning, Web, Email and
Network Management) in a secure and scalable way.
 Provision operating systems (both client and server based)
 Describe the security concepts to pay attention to and cover while deploying and
managing operating systems and network services.
3.6.1. Prerequisites
Participants to this course are assumed to have the following knowledge and skills:
 Competence as an Systems Administrator of IPv4 network services
IPv6 FORUM
27
IPv6 Education Certification Logo Program
 Basic knowledge of IPv6 – consisting of the Certified (Silver) Engineer
It is possible that most participants for this course would not have attended and IPv6 Certified
Engineer (Silver) course, this training would necessarily start with an “IPv6 Foundations”
module.
3.6.2. Course Outline


IPv6 Foundations (possible pre-course preparation module)
o IPv4 address exhaustion - review, implications and consequences
o Why NAT is not a Sustainable Solution to IPv4 Exhaustion
o IPv6 address basics - notation and representation
o IPv6 addressing types
o IPv6 subnetting
o Understanding ND and key IPv6 mechanisms (NA,NS,RS,RA, RA Guard etc)
o IPv6 address provisioning
Planning and deploying IPv6 client operating systems
 IPv6 status of popular client operating systems
o Windows
o Mac OS X
o Linux
o Android
o IOS
 Provisioning IPv6 on client operating systems
o Analysing requirements and selecting an provisioning method
o Manual configuration
o Auto-configuration with SLAAC
o Auto-configuration with DHCPv6
 Understanding and configuring IPv6 Desktop Security
 Verifying the IPv6 Status of Popular Enterprise Applications
 Planning and deploying IPv6 DNS Servers
o Brief review of the DNS protocol
o Infrastructural elements of DNS and how DNS works
o What it takes to get a DNS Server IPv6-Ready
o IPv6 status of popular DNS server implementations
o Configuring BIND, PowerDNS for dual stack operation
 Planning and deploying IPv6 Web Servers
o Brief review of the HTTP protocol
o Infrastructural elements of HTTP and how it works
o IPv6 status of popular web server implementations
o Configuring Apache, IIS & NGINX for dual stack operation
 Planning and deploying IPv6 Mail Servers
o Brief overview of the IMAP, SMTP and POP protocols
IPv6 FORUM
28
IPv6 Education Certification Logo Program



o Infrastructural elements of Internet mail and how it works
o IPv6 status of popular mail server implementations
o Configuring Postfix for dual stack operation
o Analyse the Impact of IPv6 on mail server add-ons (spam filtering for exmple).
Planning and deploying an IPv6 Network Management Server
o Why you should be measuring IPv6 traffic
o How to measure IPv6 traffic
o Configuring netflow/sflow for IPv6 traffic
o Evaluating the status of IPv6 MIBS
o Challenges in IPv6 network monitoring
o Configuring and testing Nagios & net-snmp for IPv6
Planning and Deploying IPv6 Enterprise Security
o Understanding the threats inherent with IP & IPv6
o Best practices for ICPMv6 Filtering
o Understanding and configuring host-based firewalls
o Understanding and configuring network firewalls
o Implementing Stateful Packet Inspection with ipv6tables
o Securing the Network Management System
Transition Techniques for Systems Administrators
o Why we need transition techniques
o Overview of Dual Stack and its implications on OS’es & services
o Overview of Tunneling Techniques and their implications on services
o IPv6-IPv4 Translation with NAT64 & DNS64
o Using Load Balancers to IPv6-enable Applications
o
3.7 IPv6 Forum Certified Systems Administrator Trainer (Gold)
To qualify as a Certified Systems Administrator Trainer, a candidate must have met the
following conditions:
a) Be an IPv6 Forum Certified (Silver) Network Engineer
b) Be an IPv6 Forum Certified (Gold) Systems Administrator.
c) Have delivered at least five training sessions in which the participants evaluated his
training skills. In at least three of the training sessions, at least 60% of the participants
must have rated him “Good” or “Excellent” on each of the following skills:
 Ability to explain complex topics concepts clearly.
 Displays deep understanding of the subject matter.
 Preparedness for the course.
 Ability to stimulate interaction amongst the participants.
An example of a section of such a survey is show in below.
IPv6 FORUM
29
IPv6 Education Certification Logo Program
3.8 IPv6 Forum Certified Systems Administrator Certification
To qualify to give out this certification, an organisation must meet the following requirements:
 Have at least two trainers who are both IPv6 Forum Certified Systems Administrator
Trainers.
 Have a website where their program content is published.
 Have in place an evaluation system for course participants.
 Have a lab-based infrastructure for hands-on exercises.
 Have a platform for testing the skills in the course.
Evaluation will be done by a team of IPv6 Forum personnel on a case-by-case basis.
4.
Procedure to obtain the v6 Education Logo
4.1.
General
The IPv6 Forum will verify the applications in terms of source, credibility and usefulness and will
monitor the certification process over time making sure the quality is maintained and possible
re-certification is requested when needed.
4.2.
Procedure to obtain the v6 Education Logo
The process for obtaining the IPv6 Education Logo is as following:
1.
Download the IPv6 Education validation specifications from the IPv6 Education Logo
web site. http://www.ipv6forum.com/ipv6_Education/. Fill out the Application form
online and complete the IPv6 Education Logo Usage Agreement. Press the "apply
button" to show your intention of agreement
2.
The applicant should also pass the WWW Logo as defined at
http://www.ipv6forum.com/ipv6_enabled/ outlined in chapter 5.
IPv6 FORUM
30
IPv6 Education Certification Logo Program
5.
Terminology
IPv6 Forum: The IPv6 Forum a world-wide consortium, with a key focus to provide technical
guidance for the deployment of IPv6, launched a single world-wide IPv6 Ready Logo Program
(conformance and interoperability testing).
IPv6 Education Logo Program: The IPv6 Forum IPv6 Education Logo Program objective is to
encourage and accelerate deployment and adoption of IPv6 by web site owners and service
providers.
IPv6 Education WWW Logo (v6eLogo_WWW) Program: Sub-program of IPv6 Education Logo
program and is applicable to web sites
IPv6 Education Steering Committee (v6eSG): To manage the IPv6 Education Logo Program.
IPv6 Education websites: web sites that are accessible via IPv6
6. Future Programs
6.1 IPv6 Forum Certified Programmer
Write and Implement IPv6-capable Applications in a Mixed Network Environment and port
existing network applications to support IPv6.
You will learn to:
•
Understand the benefits of making applications IPv6-capable.
•
Perform IPv6 socket programming.
•
Rewriting client and server applications to be IPv6 compatible.
•
Use IPv6 porting tools.
•
Parsing and mapping IPv6 address.
* Note: The programming language used in this course will be C/C++ as it is the most widely
used language. Nevertheless, the approach and concepts can easily be adapted to other
languages.
6.1.1 Prerequisites
A good knowledge of general networking concepts is imperative. Certified IPv6 Network
Engineer (CNE6) Level 1 or similar is necessary. In addition, network programming background
is an added advantage. Nevertheless, some programming experience is compulsory.
IPv6 FORUM
31
IPv6 Education Certification Logo Program
6.1.2 Course outline
•
•
•
•
•
•
IPv6 Refresher (I have removed Module 1,2 and 3 and replaced with this. Rationale:
The participants should already have background knowledge on IP and IPv6. If they
don’t, then we will be spending too much on the intro itself )
Application Transition Scenarios and Programming Aspects
Programming Areas that Need to be Addressed
Data Structure
Function Calls
Use of Hardcoded IPv4 Address
User Interface Issues
Underlying Protocols
IPv6 Porting Tools
Tools and Resources for Porting
Using Checkv4 tool for C/C++
 Application Modification Process
Basic Socket Programming
Basic Socket Interface Extension for IPv6
Socket Interface
IPv6 Address Family and Protocol Family
IPv6 Address Structure
Interface Identification
Name to Address
Address to Name
Socket Options
IP version-independent Applications
Functions to Create IP Version-independent
Applications
API Modifications
Winsock API
Changes to API
Advanced Socket Interface Extensions for IPv6
The ip6_hdr Structure
The ICMPv6 Header Structure
IPv6 Raw Socket
Access to IPv6 and Extension Headers
IPv6 Based Applications
Examples of IPv6 Applications Used Worldwide
Network Security & IPV6
IPv6 FORUM
32
IPv6 Education Certification Logo Program
All Rights Reserved. Copyright (©) 2010-2013
IPv6 Forum & IPv6 Ready & Enabled (©) The IPv6 Forum, 1999-2013.
The IPv6 Forum
No part of the documentation may be reproduced for any purpose without prior permission.
IPv6 FORUM
33
IPv6 Education Certification Logo Program