Considerations From an IPv6 Product Developer Thomas Narten May 4, 2007, NIST.

Slides:

Advertisements

Similar presentations

 Acceptance testing is a user-run test that demonstrates the application’s ability to meet the original business objectives and system requirements and.

Advertisements

ProCognis SOX 404 & COSO Implementation Presentation

The FIspace Foundation Heritiana Ranaivoson Dissemination and Exploitation Manager iMinds.

Requirements Structure 2.0 Clark Elliott Instructor With debt to Chris Thomopolous and Ali Merchant Original Authors.

Reliability Week 11 - Lecture 2. What do we mean by reliability? Correctness – system/application does what it has to do correctly. Availability – Be.

Costs of Security in a COTS-Based Software System True Program Success TM Costs of Security in a COTS-Based Software System Arlene Minkiewicz, Chief Scientist.

Usability Inspection n Usability inspection is a generic name for a set of methods based on having evaluators inspect or examine usability-related issues.

Health Informatics Series

What You Should Know About Open Source Software Iris K Stovall Director, Illinois Virtual Campus 2005 Faculty Summer Institute.

The Software Product Life Cycle. Views of the Software Product Life Cycle  Management  Software engineering  Engineering design  Architectural design.

Trigger and online software Simon George & Reiner Hauser T/DAQ Phase 1 IDR.

1 Customer Network Operations Center. 2 Agenda Overview Benefits Value Additional Services Questions Monitoring Options.

Celia Delgado Biztant, LLC Founder Hiring and Engaging a Virtual Assistant.

THOMAS ROBB KYOTO SANGYO UNIVERSITY Teacher Training in Technology: Overcoming Limitations.

OAuth option for mHealth Brief Profile Proposal for 2013/14 presented to the IT Infrastructure Planning Committee R Horn (Agfa Healthcare)

Effective Methods for Software and Systems Integration

Open Source for Government Alexander C. Pitzner Sr. Network Engineer Harrisburg University of Science and Technology

S/W Project Management

MGS Testing A High Level Overview of Testing in Microsoft Games Studio Joe Djorgee – Test Lead.

Server Virtualization: Navy Network Operations Centers

Introduction to RUP Spring Sharif Univ. of Tech.2 Outlines What is RUP? RUP Phases –Inception –Elaboration –Construction –Transition.

University of Palestine software engineering department Testing of Software Systems Fundamentals of testing instructor: Tasneem Darwish.

Test Organization and Management

Software Engineering Chapter 15 Construction Leads to Initial Operational Capability Fall 2001.

Software Development *Life-Cycle Phases* Compiled by: Dharya Dharya Daisy Daisy

Information Systems Security Computer System Life Cycle Security.

Software Engineering Modern Approaches

SNIA/SSIF KMIP Interoperability Proposal. What is the proposal? Host a KMIP interoperability program which includes: – Publishing a set of interoperability.

Software Systems Verification and Validation Laboratory Assignment 3 Integration, System, Regression, Acceptance Testing Assignment date: Lab 3 Delivery.

Required Terms Regarding Accessibility for Information Technology Contracts February 17, 2009.

Effective User Services for High Performance Computing A White Paper by the TeraGrid Science Advisory Board May 2009.

Software Estimation and Function Point Analysis Presented by Craig Myers MBA 731 November 12, 2007.

How to Sell Franchises Speaker: Tony Fitzpatrick Managing Partner

Getting Started Conservation Coaches Network New Coach Training.

OpenSG Conformity IPRM Overview July 20, ITCA goals under the IPRM at a high level and in outline form these include: Organize the Test and Certification.

Category #2 Bundling and Unbundling Workgroup September 24, 2007.

The System and Software Development Process Instructor: Dr. Hany H. Ammar Dept. of Computer Science and Electrical Engineering, WVU.

Enterprise Resource Planning

Chapter Sixteen Managing Network Design and Implementation.

Larry Watkins Vice President & COO, Claredi Corporation Co-Chair, ASC X12N Health Care Task Group Co-Chair, WEDI Strategic National Impl. Process (SNIP)

1 WIPO-KIPO-KIPA IP Panorama Business School, October 6 to 10, 2008 IP Strategies in Standards Setting Tomoko Miyamoto Senior Counsellor, Patent Law Section.

Testing, Testing & Testing - By M.D.ACHARYA QA doesn't make software but makes it better.

Adoption and Use of Electronic Medical Records (in Federally Qualified Health Centers) and Supporting an ASP Community Care Network of Virginia, Inc.

This material was developed by Oregon Health & Science University, funded by the Department of Health and Human Services, Office of the National Coordinator.

Copyright 2009 John Wiley & Sons, Inc. Chapter 12 Project Auditing.

Software Quality Assurance SOFTWARE DEFECT. Defect Repair Defect Repair is a process of repairing the defective part or replacing it, as needed. For example,

Cis339 Chapter 2 The Origins of Software 2.1 Modern Systems Analysis and Design Fifth Edition.

ERP Implementation Lifecycle

Copyright 2012 John Wiley & Sons, Inc. Chapter 12 Project Auditing.

Software Requirements Specification Document (SRS)

Thursday August 20, 2009 John Anderson Page 1 Accelerator Interlock System Issues Flow Down of Requirements from the Safety Order to Engineered Safety.

High Assurance Products in IT Security Rayford B. Vaughn, Mississippi State University Presented by: Nithin Premachandran.

1/13 draft-carpenter-nvo3-addressing-00 Brian Carpenter Sheng Jiang IETF 84 Jul/Aug 2012 Layer 3 Addressing Considerations for Network Virtualization Overlays.

Animal Raising Claims in the Labeling of Meat and Poultry Products October 14, 2008 United States Department of Agriculture Food Safety and Inspection.

15 th October 2007SRMCwww.orhltd.com How are you solving the puzzle? Integrated Risk Management Plans.

HPHC - PERFORMANCE TESTING Dec 15, 2015 Natarajan Mahalingam.

This has been created by QA InfoTech. Choose QA InfoTech as your Automated testing partner. Visit for more information.

Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall 2.1.

Security Development Lifecycle (SDL) Overview

Planning the Digital Transformation Readiness Check for SAP S/4HANA

Software Engineering (CSI 321)

BANKING INFORMATION SYSTEMS

2 Selecting a Healthcare Information System.

Fix it or Forget it? Dealing with Troubled Projects

Software System Integration

Chapter 13 Quality Management

Welcome to Corporate Training -1

Software Testing Software Testing is a process of evaluating a system by manual or automatic means and verify that it satisfies specified requirements.

Presentation transcript:

Considerations From an IPv6 Product Developer Thomas Narten May 4, 2007, NIST

2 Thomas Narten Background  IBM has long history of supporting IPv6  Active contributors to IETF IPv6 effort  AIX shipped IPv6 product in 1997  Currently ship IPv6 in i5/OS, AIX, z/OS (all have IPv6 Ready Logo Phase I certification)  Significant developer of IPv6 functionality in Linux  Number of our products support IPv6 –  IBM is a strong supporter of IPv6!

3 Thomas Narten Overview  Three flavors of testing  Cost issues for vendors  Product & logistical issues  Harmonization of USG testing efforts  Leverage existing testing programs  Self-certification  Publication of Test Criteria  Ensure adequate accountability

4 Thomas Narten Three Flavors of Testing  USG operated  3 rd Party operated  Self-certification  Questions for each: –How quickly can it ramp up service? –At what rate can it evaluate products? (e.g., number per month?) –Can testing be timely? –What are scaling properties (impacts almost every product)? –Where does product expertise come from? –Who bears cost? –In practice, what will actual cost be?

5 Thomas Narten Significant Money May Be At Stake  Testing not free; someone bears cost (both direct and indirect) –Assumption: cost will fall on product vendors  If cost too high, some vendors will simply opt out –Consequence: reduced product choice for USG  Business built on providing testing service can be self-serving –Predictable revenue stream needed for business plan –“required” testing potentially attractive –Avoid creating a “business” in IPv6 testing

6 Thomas Narten Offsite & Third Party Testing Costs  Requires hardware to be shipped to test site –Not practical for large servers, high-end configurations –Not always trivial to acquire actual hardware –Shipping fees  Direct fee costs to third party –Membership fee –Per-product fee –Facilities space –Third party training (to setup/use/test product)  Travel for testing engineer –Travel cost –Time away from office

7 Thomas Narten Product Considerations  Vendor may have 100s of products  Need to avoid/minimize redundant testing –Many releases of (essentially) same product –Different configurations of same products –Many applications share code –Products may contain OEM components that have already been tested –Not desirable to test/certify each one separately; need way to leverage results of prior testing  Some products are operating system agnostic –Run on top of OS provided by another vendor –Product may be sold independent of underlying hardware/OS

8 Thomas Narten Harmonize USG Testing Requirements  Cannot afford to go through same testing process multiple times for different USG agencies  Ideally, harmonize USG testing requirements...  Even if final profiles differ, 80% of the RFCs overlap  Thus, 80% of testing should also overlap

9 Thomas Narten Leverage/Reuse Existing Testing Programs  IPv6 Ready Logo (Phase I) already covers core IPv6 protocols –RFCs: 2460 (IPv6), 2461 (ND), 2462 (addrconf), 4443 (ICMPv6) (PMTU-D) –Additional Phases as well (e.g., DHCPv6, IPsec, etc.) –For those already certified, what is benefit of additional testing?  Interoperability testing of IPsec has already been done by ICSA or VPN Consortium

10 Thomas Narten Make Test Criteria & Test Suites Publicly Available  Provides transparency w.r.t. details of actual functionality tested  Vendors can test in own labs, as part of product development and test cycle –Facilitates pre-release testing (can be problematical to have outside party test pre-release software) –Significantly reduced cost to vendor  Allows vendor to prepare in advance of an external test (where efficiency is important)  Must be free of IPR concerns  Wide availability of TAHI suites has benefited community

11 Thomas Narten Self-Certification Highly Desirable  Has worked well in practice (e.g., IPv6 Ready Logo, Y2K preparation, all of TCP/IP, etc.)  Increasingly necessary as one moves higher up the stack (e.g., into applications) –Significant application-specific expertise needed to test the product –Infeasible for outside party test the number and range of products  Self-certification to a publicly available criteria –Most efficient –Scales well –Good balance between cost and benefit  Neutral third party can verify claims if needed

12 Thomas Narten Accountability of Testing Program  Any testing/certification suite must provide accountability  IETF defines SHOULD as follows: –“SHOULD This word, or the adjective "RECOMMENDED", mean that there may exist valid reasons in particular circumstances to ignore a particular item, but the full implications must be understood and carefully weighed before choosing a different course.”  Cannot simply require implementation of all SHOULDs  Need a workable process to resolve disagreements between IPv6 tester and product developer  Need an open process to review test criteria  Need an open process to fix “bugs” in test criteria

13 Thomas Narten Questions?