USGv6 2014 Client Tester (beta)

1. Description

The USGv6 2014 Client Tester located at usgv6-2014.antd.nist.gov is a set of online tools to allow you to test and demonstrate IPv6 client functionality from client systems in your agency. The various tools in this test suite are only accessible over IPv6; hence, by connecting to them and exercising them, you can demonstrate the sort of IPv6 client capability required by the 2014 mandate.

The tools are essentially stripped-down versions of common services (web server, DNS server, mail server, etc.) which merely record external accesses. Each access is tied to a key value presented by the client; as your client system proceeds through the various tools, its accesses can thus be correlated, and later queried, by this key.

Since it is client capability that is being tested, all connections have to be initiated from your end. To facilitate this, the tester uses some simple HTML and Javascript to prompt your client to open the appropriate connections. Here is the tester script, if you wish to examine it. A more detailed explanation of the various tests follows.

Run the tester

2. Tester appearance

Here is a screenshot of the tester web frontend, running in a Google Chrome browser. Appearance in other browsers should be very similar. Click on the image for a larger version.

3. Tests performed

Automated tests

Key generation Not a test per se, but the tester Javascript generates a random 9-digit number used as a key to tie the various test results together. You can use this key subsequently to look up the results of your tests. Keys are only good for the day they are generated; if you need to look up old test results, you'll have to know the date they were run. (More or less; the lookup will also check for two days on either side of the date you specify.)
http over IPv6 Merely being able to connect to the tester demonstrates this. Note: because of new security requirements, all http connections are now redirected to https.
https over IPv6 To demonstrate the ability to connect to https (http over SSL/TLS) servers, the tester webpage includes a link to a small image available only via https.
Note: Again, all http connections are now redirected to https, so this test should now always succeed. The certificate is now one that should be accepted by most/all browsers.
DNS lookups The tester records the host name and address presented by your browser, attempts forward and reverse DNS lookups on them, and records the results. Note that these lookups are being performed at the tester (server) end; they may fail if your client system is not listed in publicly-accessible DNS.
DNS over IPv6 Even when looking up IPv6 addresses, many clients use IPv4 connections to speak to DNS servers. The tester webpage includes a link to another copy of the green check image , in this case from a domain (usgv6.antd.nist.gov) for which there is only IPv6-based DNS service.
In this case, if you see only a red "X" , you may need to choose a different local DNS resolver, one capable of running over IPv6.
whois information The tester attempts to look up the publicly-available information about your client address from the ARIN Whois-RESTful web service, parses and presents the results.

Manual tests

The tests above should all run automatically from your browser (assuming you've done any needed setup) as soon as you hit the "Submit Request" button. The other tests to be run require some amount of manual intervention, such as running a mail client or other program on your system.

Hence, the tester cannot run these automatically, but it does attempt to assist you by providing links which may (depending on your browser) allow you to run the appropriate clients simply by clicking on the appropriate links. Here are some screen shots of the links the tester provides; again, click on them for larger versions:

email connectivity The tester prompts your browser to send an email via a mailto link. For this test to work, your browser must be configured to call an appropriate local email program. How to do so depends on the browser; for Firefox, go to Edit/Preferences/Applications and select the desired Action for the mailto Content Type. Note that this has to be a local email program; a web-based mailer like Gmail will not appear to be coming from your client system. If your browser is appropriately configured, it should call up your email program with the destination, subject and mail body already set; you need merely send the email to have the results recorded.
If the mailto method doesn't work, you can manually run the email test as follows:
- With your local email client, send email to testsubmit@usgv6-2014.antd.nist.gov.
- Set the Subject line to
  Key <your key value>
  where of course <your key value> should be replaced by the 9-digit numeric key that was generated for your tests.
- In the body of the email, also include a line
  Key <your key value>
  with exactly the same content.
- No other content in the email is required.
sftp connectivity The tester provides a link to fetch a file via sftp, the ssh-based secure file transfer protocol. For this to work, your browser must be configured to understand sftp URLs.
Again, if your browser does not support this, you can run the test manually as follows:
- With your local sftp client, connect to testsubmit@usgv6-2014.antd.nist.gov:
  sftp testsubmit@usgv6-2014.antd.nist.gov
  Use your 9-digit key as the password.
- You needn't transfer any files to pass the test, but if you wish, there is a single file sftptestfile.txt you can fetch as an additional test.
ftp connectivity There is an analogous test for ftp connectivity. Note that anonymous ftp is not used for this test; instead, you again connect as user testsubmit using your key value as the password.
In more detail (assuming your browser can't use the link provided by the tester):
- With your local ftp client, connect to usgv6-2014.antd.nist.gov:
  ftp usgv6-2014.antd.nist.gov
- At the "Name" or "User" prompt, enter testsubmit
- At the "Password" prompt, enter your 9-digit key.
- Again, you needn't transfer any files to pass, but if you wish, there is a single file ftptestfile.txt you can fetch as an additional test.
IMAP/POP connectivity There is also a test for IMAP/POP connectivity. Unfortunately, this test can't really be automated, as it depends on the details of your email client. Basically, you'll need to do the following:
- Add an account to your email client with username testsubmit and incoming mail server usgv6-2014.antd.nist.gov. Choose either IMAP or POP3 as the protocol. Outgoing server doesn't really matter.
- Again, you'll likely have to persuade your client to accept the self-signed certificate used by the server.
- Try to fetch mail; at the "Password" prompt, enter your 9-digit key.
- There is a single (uninteresting) message you can fetch to complete the test.
After testing is complete, feel free to delete this account.

Run the tester

4. Tester results lookup

The tester collects the results of the various tests and places them in a database. Currently, the only interface provided to this is a raw dump of the database contents. At a later point, we will provide more comprehensive reporting tools.

We support results lookup over both IPv4 and IPv6:

Here is an example of the retrieval screen. Again, click for a larger version:

To return to the ANTD IPv6 software distribution main page:
https://www-x.antd.nist.gov/ipv6/

Point Of Contact:
usgv6-project@nist.gov

Last update: Fri, December 6, 2013