| IPv6 based networks are prevailing all over world. Countries that are falling behind America in IPv4, enthusiastically rush to IPv6, and take it as an opportunity to rise after re-shuffle of Internet. China has built the largest IPv6 network named as CERNET2, making him one of the leading countries in IPv6 related fields.Marketing of NGI(Next Generation Internet) relies on his coverage area, maturity of management and comprehensive application supports, as well as users' confidences to network security. Without qualified security insurance, people will hesitate as to whether or not replacing IPv4 with IPv6. Research of IPv6 network security technology, and development of relevant products, has become a urgent task before further deployment of IPv6.Scientific test qualifies excellent products. The paper analyzed the needs of IPv6 network security and possible solution for corresponding IPv6 firewall development. The design and implementation of a IPv6 firewall test tool is discussed, according to author's experience in IPv6 firewall development and prediction to future direction firewall technology makes for. The kernel functions of the test tool includes: assistance to the development and test of IPv6 security products without relevant network environment support; avoiding the usage of commercial test systems which are lagging behind in IPv6 protocol support, absent in content construction of packet and expensive in cost; making it easy to validate the processing aiming at solutions to IPv6 security problems.The test tool works on Linux kernel, using its own pseudo IPv6 stack, and taking the encapsulation of the single frame as the basic unit to be optimized, making it possible to support 100M IPv6 packets flow. And it also supports IPsec which is hard to be find in commercial products due to the encryption algorithm export ban.At last, the paper gives several test cases working on the test tool platform, and analyzes the result of tests to IPv6 firewall that already done. |
PDF Full Text Request