IPv6 Compliance with USGv6 Standards
This document tells you how to set up your LoadMaster for strict conformance with IPv6 interoperability standards as defined within the IPv6 RFC documents and as tested by the University of New Hampshire InterOperability Laboratory (UNH) for conformance with the US Government's USGv6 Testing Program.
LoadMaster Operating System (LMOS) 220.127.116.11 was tested by UNH for USGv6 compliance and the resulting certification:
Applies to 18.104.22.168 and all subsequent releases that use the same IPv6 stack. This includes all LMOS versions between 22.214.171.124 and the current release (which, as of the publication of this document, was 126.96.36.199).
Applies to all LoadMaster platforms: LM-X hardware, Virtual LoadMaster, Cloud-Native LoadMaster, ECS Connection Manager, and BareMetal LoadMaster.
You can view Kemp's certification listing on the UNH website and the complete testing report at the following link: USGv6 Tested Registry.
LMOS has been certified as USGv6 compliant for both StateLess Address AutoConfiguration (SLAAC) interoperability and Dynamic Host Configuration Protocol Version 6 (DHCPv6) client interoperability. SLAAC is the native IPv6 facility for automatic IP address configuration for network devices. In the earlier IPv4 addressing scheme, this facility was provided by DHCPv4. DHCPv6 is just the IPv6 version of the earlier DHCPv4 capability.
So, why provide DHCPv6 client interoperability on the LoadMaster? Why not just use SLAAC?
In practice, IPv4 and IPv6 addressing are currently widely used together within the same infrastructures, and there is a significant part of the IPv6 market that continues to leverage both DHCPv4 and DHCPv6, rather than using SLAAC. This is done so that both IPv4 and IPv6 IP address auto-configuration can be managed from within the current administrative infrastructure. This preserves the value of that infrastructure, which may have been costly to develop, until such time as IPv4 is no longer needed, and provides a single management interface for both addressing architectures.
You must have a LoadMaster running LMOS 188.8.131.52 or above, that has been provisioned, licensed, and installed onto the target network.
Unless you configured a specific IP addresses when the LoadMaster was installed, the LoadMaster will be assigned both an IPv4 and an IPv6 address on the eth0 interface. Navigate to System Configuration > Network Setup to configure the network interfaces as needed.
When an IPv6 address has been assigned to an interface using DHCPv6, it appears in the Additional addresses list. If both an IPv4 and IPv6 address has been assigned and the IPv4 address is not desired, you can remove it leaving only the IPv6 address on the interface.
To run in compliance with the USGv6 standards, the following options must be modified from their default values:
Refer to the procedure at the bottom of this section for step-by-step instructions on how to modify each of these options.
Disable Layer 4 IPv6 Forwarding: This option is on by default; it enables legacy IPv6 forwarding behavior on which some Kemp customers depend. This behavior conflicts with the relevant RFC and so must be disabled.
Enable DHCPv6 Client: Under normal operation, the LoadMaster runs both the IPv4 and IPv6 DHCP clients on first-time boot only to obtain an IP address for the system; after that the clients no longer run (even after a reboot). To run the DHCPv6 client during normal system operation so that it can interoperate with other DHCPv6-capable devices on the network as required by the USGv6 standards, this option must be enabled.
Disable GEO GSLB and the Packet Filter: If your system is licensed for GEO GSLB (Global Server Load Balancing), then GEO GSLB and the Packet Filter are turned on by default. Both must be disabled in order to run in compliance with the IPv6 standards.
The following procedure leads you through making the above changes:
1. In the main menu of the LoadMaster User Interface (UI), click System Configuration > System Administration > Logging Options > System Log Files.
2. Click Debug Options.
3. Turn off the Enable Layer 4 IPv6 Forwarding option.
4. Turn on the Enable DHCPv6 Client option.
5. In the main menu, click Global Balancing > Disable GSLB, and then click OK to confirm. After this, the sub-menu should only contain one link: Enable GSLB. This indicates that GEO is disabled.
6. In the main menu, click System Configuration > Network Setup > Packet Routing Filter and click Disable next to the Packet Routing Filter label.
For further information, refer to the following documents:
This document was last updated on 11 January 2022.