Standard No.:	GB/T 46240.1-2025
English Name:	Security requirements and testing methods of IPv6 network equipment—Part 1：Router
Chinese Name:	IPv6网络设备安全技术要求和测试方法 第1部分：路由器
Chinese Classification:	M32    Data communication equipment
Professional Classification:	GB    National Standard
ICS Classification:	33.040.40 33.040.40    Data communication networks 33.040.40
Source Content Issued by:	SAMR; SAC
Issued on:	2025-8-29
Implemented on:	2025-12-1
Status:	valid
Target Language:	English
File Format:	PDF
Word Count:	21500 words
Translation Price(USD):	645.0
Delivery:	via email in 1~8 business day

GB/T 46240.1-2025 Security requirements and testing methods of IPv6 network equipment—Part 1：Router English, Anglais, Englisch, Inglés, えいご This is a draft translation for reference among interesting stakeholders. The finalized translation (passing thorugh draft translation, self-check, revision and varification) will be delivered upon being ordered. ICS 33.040.40 CCS M 32 People's Republic of China National Standard GB/T 46240.1-2025 Security requirements and testing methods of IPv6 network equipment—Part 1: Router Issued on 2025-08-29 Implemented on 2025-12-01 Issued by State Administration for Market Regulation, Standardization Administration of China Contents Foreword Introduction 1 Scope 2 Normative References 3 Terms and Definitions 4 Abbreviations 5 General Rules 6 Security Technical Requirements 7 Test Methods References 1 Scope This document specifies the security architecture of IPv6-capable routers, as well as security technical requirements and testing methods for data plane, control plane and management plane. This document applies to the design, development and testing of IPv6-capable router equipment. 2 Normative References GB/T 25069 Information security technology - Terminology GB/T 41269-2022 Security technical requirements for critical network equipment - Router equipment 3 Terms and Definitions 3.1 Router Network equipment used to establish and control data flows between different networks. NOTE: Routers select paths or routes based on routing protocol mechanisms and algorithms to establish and control inter-network data flows, where networks may operate with different network protocols. [SOURCE: GB/T 41269-2022, 3.1, modified] 4 Abbreviations ACL: Access Control List AH: Authentication Header AS: Autonomous System BGP: Border Gateway Protocol BGP4+: Border Gateway Protocol for IPv6 CGA:Cryptographically Generated Address CLI: Command-Line Interface CPU : CentralProcessing Unit DAD:Duplicate Address Detection DDoS:Distributed Denialof Service DoS:Denialof Service DUT:Device Under Test ESP:Encapsulation Secure Payload EVPN: EthernetVirtualPrivate Network FlowSpec:Flow Specification HMAC:Hashed Message Authentication Code ICMPv6: InternetControlManagementProtocolversion6 IKE:InternetKey Exchange IPsec:InternetProtocol security IPv6: InternetProtocolversion6 IS-IS: Intermediate System to Intermediate System LAND:LocalArea Network Denial MAC:Media Access Control MD5: Message Digestversion5 MPLS:Multi-Protocol LabelSwitching NA:Neighbor Advertisement ND:NeighborDiscovery NS:Neighbor Solicitation NUD:Neighbor UnreachabilityDetection OSPFv3:Open ShortestPath Firstversion3 PIMv6:ProtocolIndependentMulticastversion6 RA:Router Advertisement RIPng:Routing Information Protocolnextgeneration ROA:Route Origination Authorization RPKI:Resource Public Key Infrastructure RS:Router Solicitation RSA:RSARivest,Shamir and Adleman algorithm SHA:Secure Hash Algorithm SID: IDSegmentID SLLA:Source Link-Layer Address SNMP:Simple Network ManagementProtocol SRH :SegmentRouting Header SRv6:SegmentRouting IPv6 SSH :Secure Shell TCP:Transmission ControlProtocol TLLA: TargetLink-Layer Address TLS:TransportLayer Security URPF:Unicase Reverse Path Forwarding VLAN:Virtual LocalArea Network