From nobody Thu Sep 13 14:36:17 2018
Return-Path: <marc@sniff.de>
X-Original-To: rtg-bfd@ietfa.amsl.com
Delivered-To: rtg-bfd@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7D69A130E88 for <rtg-bfd@ietfa.amsl.com>; Thu, 13 Sep 2018 14:36:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.889
X-Spam-Level: 
X-Spam-Status: No, score=-1.889 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, T_SPF_PERMERROR=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sBakDo4FvYU5 for <rtg-bfd@ietfa.amsl.com>; Thu, 13 Sep 2018 14:36:14 -0700 (PDT)
Received: from door.sniff.de (door.sniff.de [82.212.219.2]) by ietfa.amsl.com (Postfix) with ESMTP id B723F130E7C for <rtg-bfd@ietf.org>; Thu, 13 Sep 2018 14:36:13 -0700 (PDT)
Received: from [IPv6:::1] (localhost.sniff.de [127.0.0.1]) by door.sniff.de (Postfix) with ESMTP id 43A534BD0EA; Thu, 13 Sep 2018 21:36:10 +0000 (UTC)
Date: Thu, 13 Sep 2018 14:36:11 -0700
From: Marc Binderberger <marc@sniff.de>
To: Greg Mirsky <gregimirsky@gmail.com>, rtg-bfd WG <rtg-bfd@ietf.org>
Message-ID: <20180913143611411852.0ca9e40a@sniff.de>
In-Reply-To: <CA+RyBmW9x9Y-Ve=1JnFatqisqOkpN6YZuOFimNbUS+Keo1KUnw@mail.gmail.com>
References: <153462297684.27533.6391249246080806217@ietfa.amsl.com> <CA+RyBmW9x9Y-Ve=1JnFatqisqOkpN6YZuOFimNbUS+Keo1KUnw@mail.gmail.com>
Subject: Re: Fwd: I-D Action: draft-ietf-bfd-vxlan-02.txt
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Mailer: GyazMail version 1.5.19
Archived-At: <https://mailarchive.ietf.org/arch/msg/rtg-bfd/nifl8rpXU4QVe2jxKqfMjTIiWUQ>
X-BeenThere: rtg-bfd@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "RTG Area: Bidirectional Forwarding Detection DT" <rtg-bfd.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtg-bfd>, <mailto:rtg-bfd-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rtg-bfd/>
List-Post: <mailto:rtg-bfd@ietf.org>
List-Help: <mailto:rtg-bfd-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtg-bfd>, <mailto:rtg-bfd-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 13 Sep 2018 21:36:17 -0000

Hello Greg & Authors,

great to see this draft progressing!


As usual I'm a bit late :-/ but I do have some questions/comments:


Q1: the TTL = 1 requirement for the inner IP packet. The explanation for the 
MUST is

         TTL: MUST be set to 1 to ensure that the BFD packet is not
         routed within the L3 underlay network.


I find this a very implementation-specific reason that may not apply to many 
other implementations. But the demand for TTL = 1 may limit what can be done 
with today's silicon, which is why I question this demand here :-)

You will find off-the-shelf silicon that offers you BFD RFC5881 "in 
hardware". For the ASIC user the usage is typically fixed by the API/SDK and 
RFC5881 uses TTL = 255 for send and check on receive. Using a loopback port 
it would be simple to use this RFC5881 BFD engine to send packets over the 
VxLAN tunnel.  But the TTL=1 requirements defeats this.  Could we drop it?


Q2: in this context of TTL you write

   10.  Security Considerations

      The document recommends setting the inner IP TTL to 1 which could
      lead to a DDoS attack.


First, you don't recommend - you say MUST. But as a non-native speaker maybe 
this is a misinterpretation on my side ;-)
More interesting: how does TTL = 1 raises the DDoS risk? By someone directly, 
i.e. without any VxLAN encapsulation, sending a BFD packet to the VTEP IP ?


Q3: for the demultiplexing of incoming BFD packets (section 6.1) you write

   [...] For such packets, the BFD session MUST be identified
   using the inner headers, i.e., the source IP and the destination IP
   present in the IP header carried by the payload of the VXLAN
   encapsulated packet.  The VNI of the packet SHOULD be used to derive
   interface-related information for demultiplexing the packet.


I understand the "MUST" for the source IP, to differentiate a session with 
VTEP A from the session with VTEP B. Why is the destination IP, i.e. my local 
IP, of relevance?  Support for multiple VTEP?
But my main question is, why the VNI (or related information like the local 
VLAN or VFI) is only a "SHOULD" ?  In section 4 you say

   [...] Separate BFD
   sessions can be established between the VTEPs (IP1 and IP2) for
   monitoring each of the VXLAN tunnels (VNI 100 and 200).


How would I separate these BFD sessions when src/dst IP are the same?


Finally a nitpick, you write in section 6:

   The UDP destination port and the TTL of the inner Ethernet frame MUST
   be validated

We all understand what you mean but I first stumbled: Ethernet frames have no 
TTL. You mean (of course) the inner IP packet - why not writing it? ;-)



Anyway, overall very useful standard (as you see from my comments, there are 
feature roadmaps coming ;-)


Thanks & Regards,
Marc





On Sat, 18 Aug 2018 13:54:22 -0700, Greg Mirsky wrote:
> Dear All,
> the new version addresses comments and editorial suggestions we've received 
> from Donald.
> 
> Your reviews are most welcome, comments, questions, and suggestions much 
> appreciated.
> 
> As discussed at the meeting in Montreal, the authors believe that this 
> document is ready for WGLC.
> 
> Regards,
> Greg
> 
> ---------- Forwarded message ----------
> From: <internet-drafts@ietf.org>
> Date: Sat, Aug 18, 2018 at 1:09 PM
> Subject: I-D Action: draft-ietf-bfd-vxlan-02.txt
> To: i-d-announce@ietf.org
> Cc: rtg-bfd@ietf.org
> 
> 
> 
> A New Internet-Draft is available from the on-line Internet-Drafts 
> directories.
> This draft is a work item of the Bidirectional Forwarding Detection WG of 
> the IETF.
> 
>         Title           : BFD for VXLAN
>         Authors         : Santosh Pallagatti
>                           Sudarsan Paragiri
>                           Vengada Prasad Govindan
>                           Mallik Mudigonda
>                           Greg Mirsky
>         Filename        : draft-ietf-bfd-vxlan-02.txt
>         Pages           : 10
>         Date            : 2018-08-18
> 
> Abstract:
>    This document describes the use of the Bidirectional Forwarding
>    Detection (BFD) protocol in Virtual eXtensible Local Area Network
>    (VXLAN) overlay networks.
> 
> 
> The IETF datatracker status page for this draft is:
> https://datatracker.ietf.org/doc/draft-ietf-bfd-vxlan/
> 
> There are also htmlized versions available at:
> https://tools.ietf.org/html/draft-ietf-bfd-vxlan-02
> https://datatracker.ietf.org/doc/html/draft-ietf-bfd-vxlan-02
> 
> A diff from the previous version is available at:
> https://www.ietf.org/rfcdiff?url2=draft-ietf-bfd-vxlan-02
> 
> 
> Please note that it may take a couple of minutes from the time of submission
> until the htmlized version and diff are available at tools.ietf.org.
> 
> Internet-Drafts are also available by anonymous FTP at:
> ftp://ftp.ietf.org/internet-drafts/
> 
> 


From nobody Mon Sep 17 15:47:51 2018
Return-Path: <gregimirsky@gmail.com>
X-Original-To: rtg-bfd@ietfa.amsl.com
Delivered-To: rtg-bfd@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DBFD7130DC4 for <rtg-bfd@ietfa.amsl.com>; Mon, 17 Sep 2018 15:47:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level: 
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XYNf-4rpESfp for <rtg-bfd@ietfa.amsl.com>; Mon, 17 Sep 2018 15:47:47 -0700 (PDT)
Received: from mail-lf1-x12e.google.com (mail-lf1-x12e.google.com [IPv6:2a00:1450:4864:20::12e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 99C59130EC9 for <rtg-bfd@ietf.org>; Mon, 17 Sep 2018 15:47:46 -0700 (PDT)
Received: by mail-lf1-x12e.google.com with SMTP id z186-v6so123371lfa.5 for <rtg-bfd@ietf.org>; Mon, 17 Sep 2018 15:47:46 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;  h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=TNT0Uh8JJ3/By9zC1xNi/vP7tNTzn1FIrzgUQxAcRDI=; b=j5X+YpXHv1rpAKOaK8wr+hXroXe37X65KfErp7q3OIGj8uxhpPtJigGE5pGt48MxDU TjozNjHJmDlKeERkMkznNkmoHXuGbFqbPmXR+BdwVWINBbOi6irqS3D4YY1ixTFVDJ/r NlEYuMTOdiQE7wwEzEsd9FxIkZVH/3szfS3CGXDgdUzfTBUxHiqA1zhUmLU/6kFVxnQI m+aj3XdHnvXfvHUsmnX1Y3IYBQ7vWNf+eRsZQTE9xvKFABlCC1j8o4oEB7BSwGg9eGnk W6+FySnNw0t/eBoYggWR8w7OY1UziBxLCSyd011XI+fnlgmoVMNe32q7fWjrHYFTtjmf tqbw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=TNT0Uh8JJ3/By9zC1xNi/vP7tNTzn1FIrzgUQxAcRDI=; b=B2OcHnel479qn8vl+GrrtA/LEGOMzIQY/hu0RhXp6zyvDzYV/ctWTBcMRkL7BhOwSE sWAYbV4kQsjQ5szXI8xdCffGaw9jMMUpxBKohX8f9Bhdm585+6hY8PUk36tKFruDN2bq auKaC1jZUARwSQEIW9csZoN5stP22oWLND+yRiRLKT3sjYOxl9BTPMWH9lVb39KPNj8g aX2kH1yfV1jysJabEOgy/KZjPqeuFuNgKGv00M+OeTCDkleChzsNCvwfN0Uy0NQgZNQJ iyb/WboCA2ej2c/VUiL/2GY/9v/62X0yh8vVGhxjtU40IYmzl5JUbS0eYHn3EfG/CPwN CTcg==
X-Gm-Message-State: APzg51D1X0BzhTQimmoMeG/YecRBvAZ4g3tdF1LJQpyjG8kDYgazMFa9 wIruoWUfbpGU1/9IU+JxpP1BG8DjEtNTnm2y+KY=
X-Google-Smtp-Source: ANB0VdZ1GyFSmO0X4HcBJqAOwDLgUBmgG8PZ+xK+0nFxvo1yJEvlVxe2TAbnSMN6ptjbcTh8/CAleaeDb+dJW1m7A8w=
X-Received: by 2002:a19:cc97:: with SMTP id c145-v6mr7933308lfg.145.1537224464570;  Mon, 17 Sep 2018 15:47:44 -0700 (PDT)
MIME-Version: 1.0
References: <153462297684.27533.6391249246080806217@ietfa.amsl.com> <CA+RyBmW9x9Y-Ve=1JnFatqisqOkpN6YZuOFimNbUS+Keo1KUnw@mail.gmail.com> <20180913143611411852.0ca9e40a@sniff.de>
In-Reply-To: <20180913143611411852.0ca9e40a@sniff.de>
From: Greg Mirsky <gregimirsky@gmail.com>
Date: Mon, 17 Sep 2018 15:47:34 -0700
Message-ID: <CA+RyBmXywULG1+yLzsce15EQVNHUjTdWQO2+N7=o=j7DbMa6RA@mail.gmail.com>
Subject: Re: Fwd: I-D Action: draft-ietf-bfd-vxlan-02.txt
To: Marc Binderberger <marc@sniff.de>
Cc: rtg-bfd WG <rtg-bfd@ietf.org>, Donald Eastlake <d3e3e3@gmail.com>
Content-Type: multipart/alternative; boundary="000000000000269dd4057618f6cb"
Archived-At: <https://mailarchive.ietf.org/arch/msg/rtg-bfd/Zl7hura5dc5uyZ96axvsQ-vvy1g>
X-BeenThere: rtg-bfd@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "RTG Area: Bidirectional Forwarding Detection DT" <rtg-bfd.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtg-bfd>, <mailto:rtg-bfd-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rtg-bfd/>
List-Post: <mailto:rtg-bfd@ietf.org>
List-Help: <mailto:rtg-bfd-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtg-bfd>, <mailto:rtg-bfd-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 17 Sep 2018 22:47:50 -0000

--000000000000269dd4057618f6cb
Content-Type: text/plain; charset="UTF-8"

Hi Marc,
many thanks for your excellent comments and the most detailed questions -
all much appreciated and the most helpful.
Please find my answers, notes in-line and tagged GIM>>,

Regards,
Greg

On Thu, Sep 13, 2018 at 5:36 PM, Marc Binderberger <marc@sniff.de> wrote:

> Hello Greg & Authors,
>
> great to see this draft progressing!
>
>
> As usual I'm a bit late :-/ but I do have some questions/comments:
>
>
> Q1: the TTL = 1 requirement for the inner IP packet. The explanation for
> the
> MUST is
>
>          TTL: MUST be set to 1 to ensure that the BFD packet is not
>          routed within the L3 underlay network.
>
>
> I find this a very implementation-specific reason that may not apply to
> many
> other implementations. But the demand for TTL = 1 may limit what can be
> done
> with today's silicon, which is why I question this demand here :-)
>
> You will find off-the-shelf silicon that offers you BFD RFC5881 "in
> hardware". For the ASIC user the usage is typically fixed by the API/SDK
> and
> RFC5881 uses TTL = 255 for send and check on receive. Using a loopback
> port
> it would be simple to use this RFC5881 BFD engine to send packets over the
> VxLAN tunnel.  But the TTL=1 requirements defeats this.  Could we drop it?



> GIM>> I think that this specification is closer to RFC 5884 case where TTL
> for the encapsulated BFD control packet mandated to be set to 1:
>
The IP TTL or hop limit MUST be set to 1 [RFC4379].


> Q2: in this context of TTL you write
>
>    10.  Security Considerations
>
>       The document recommends setting the inner IP TTL to 1 which could
>       lead to a DDoS attack.
>
GIM>> Would s/recommends/requires/ work?

>
>
> First, you don't recommend - you say MUST. But as a non-native speaker
> maybe
> this is a misinterpretation on my side ;-)
> More interesting: how does TTL = 1 raises the DDoS risk? By someone
> directly,
> i.e. without any VxLAN encapsulation, sending a BFD packet to the VTEP IP ?
>
GIM>> Agree, the wording is rather confusing. Would the following text make
it clearer:
OLD TEXT:
   The document recommends setting the inner IP TTL to 1 which could
   lead to a DDoS attack.  Thus the implementation MUST have throttling
   in place.  Throttling MAY be relaxed for BFD packets based on port
   number.

NEW TEXT:
   The document requires setting the inner IP TTL to 1 which could
   be used as DDoS attack vector.  Thus the implementation MUST have
throttling
   in place to control the rate of BFD control packets sent to the control
plane.


>
> Q3: for the demultiplexing of incoming BFD packets (section 6.1) you write
>
>    [...] For such packets, the BFD session MUST be identified
>    using the inner headers, i.e., the source IP and the destination IP
>    present in the IP header carried by the payload of the VXLAN
>    encapsulated packet.  The VNI of the packet SHOULD be used to derive
>    interface-related information for demultiplexing the packet.
>
>
> I understand the "MUST" for the source IP, to differentiate a session with
> VTEP A from the session with VTEP B. Why is the destination IP, i.e. my
> local
> IP, of relevance?  Support for multiple VTEP?
>
GIM>> Yes, it is the case.

> But my main question is, why the VNI (or related information like the
> local
> VLAN or VFI) is only a "SHOULD" ?

GIM>> An implementation may support only use of VNI 0 and not to use VNI
value of the received packet.


> In section 4 you say
>
>    [...] Separate BFD
>    sessions can be established between the VTEPs (IP1 and IP2) for
>    monitoring each of the VXLAN tunnels (VNI 100 and 200).
>
>
> How would I separate these BFD sessions when src/dst IP are the same?
>
GIM>> By using different VNI in the VXLAN encapsulation of a BFD Control
packets.

>
>
> Finally a nitpick, you write in section 6:
>
>    The UDP destination port and the TTL of the inner Ethernet frame MUST
>    be validated
>
> We all understand what you mean but I first stumbled: Ethernet frames have
> no
> TTL. You mean (of course) the inner IP packet - why not writing it? ;-)
>
GIM>> Agreed. Would s/inner Ethernet/inner IP packet/ address it?

>
>
>
> Anyway, overall very useful standard (as you see from my comments, there
> are
> feature roadmaps coming ;-)
>
GIM>> Thank you for your kind words and help to improve the specification,
Marc.

>
>
> Thanks & Regards,
> Marc
>
>
>
>
>
> On Sat, 18 Aug 2018 13:54:22 -0700, Greg Mirsky wrote:
> > Dear All,
> > the new version addresses comments and editorial suggestions we've
> received
> > from Donald.
> >
> > Your reviews are most welcome, comments, questions, and suggestions much
> > appreciated.
> >
> > As discussed at the meeting in Montreal, the authors believe that this
> > document is ready for WGLC.
> >
> > Regards,
> > Greg
> >
> > ---------- Forwarded message ----------
> > From: <internet-drafts@ietf.org>
> > Date: Sat, Aug 18, 2018 at 1:09 PM
> > Subject: I-D Action: draft-ietf-bfd-vxlan-02.txt
> > To: i-d-announce@ietf.org
> > Cc: rtg-bfd@ietf.org
> >
> >
> >
> > A New Internet-Draft is available from the on-line Internet-Drafts
> > directories.
> > This draft is a work item of the Bidirectional Forwarding Detection WG
> of
> > the IETF.
> >
> >         Title           : BFD for VXLAN
> >         Authors         : Santosh Pallagatti
> >                           Sudarsan Paragiri
> >                           Vengada Prasad Govindan
> >                           Mallik Mudigonda
> >                           Greg Mirsky
> >         Filename        : draft-ietf-bfd-vxlan-02.txt
> >         Pages           : 10
> >         Date            : 2018-08-18
> >
> > Abstract:
> >    This document describes the use of the Bidirectional Forwarding
> >    Detection (BFD) protocol in Virtual eXtensible Local Area Network
> >    (VXLAN) overlay networks.
> >
> >
> > The IETF datatracker status page for this draft is:
> > https://datatracker.ietf.org/doc/draft-ietf-bfd-vxlan/
> >
> > There are also htmlized versions available at:
> > https://tools.ietf.org/html/draft-ietf-bfd-vxlan-02
> > https://datatracker.ietf.org/doc/html/draft-ietf-bfd-vxlan-02
> >
> > A diff from the previous version is available at:
> > https://www.ietf.org/rfcdiff?url2=draft-ietf-bfd-vxlan-02
> >
> >
> > Please note that it may take a couple of minutes from the time of
> submission
> > until the htmlized version and diff are available at tools.ietf.org.
> >
> > Internet-Drafts are also available by anonymous FTP at:
> > ftp://ftp.ietf.org/internet-drafts/
> >
> >
>

--000000000000269dd4057618f6cb
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div dir=3D"ltr"><div dir=3D"ltr"><div dir=3D"ltr">Hi Marc=
,<div>many thanks for your excellent comments and the most detailed questio=
ns - all much appreciated and the most helpful.</div><div>Please find my=C2=
=A0answers, notes in-line and tagged GIM&gt;&gt;,</div><div><br></div><div>=
Regards,</div><div>Greg</div><div class=3D"gmail_extra"><br><div class=3D"g=
mail_quote">On Thu, Sep 13, 2018 at 5:36 PM, Marc Binderberger <span dir=3D=
"ltr">&lt;<a href=3D"mailto:marc@sniff.de" target=3D"_blank">marc@sniff.de<=
/a>&gt;</span> wrote:<br><blockquote class=3D"gmail_quote" style=3D"margin:=
0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">=
Hello Greg &amp; Authors,<br>
<br>
great to see this draft progressing!<br>
<br>
<br>
As usual I&#39;m a bit late :-/ but I do have some questions/comments:<br>
<br>
<br>
Q1: the TTL =3D 1 requirement for the inner IP packet. The explanation for =
the <br>
MUST is<br>
<br>
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0TTL: MUST be set to 1 to ensure that the =
BFD packet is not<br>
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0routed within the L3 underlay network.<br=
>
<br>
<br>
I find this a very implementation-specific reason that may not apply to man=
y <br>
other implementations. But the demand for TTL =3D 1 may limit what can be d=
one <br>
with today&#39;s silicon, which is why I question this demand here :-)<br>
<br>
You will find off-the-shelf silicon that offers you BFD RFC5881 &quot;in <b=
r>
hardware&quot;. For the ASIC user the usage is typically fixed by the API/S=
DK and <br>
RFC5881 uses TTL =3D 255 for send and check on receive. Using a loopback po=
rt <br>
it would be simple to use this RFC5881 BFD engine to send packets over the =
<br>
VxLAN tunnel.=C2=A0 But the TTL=3D1 requirements defeats this.=C2=A0 Could =
we drop it?</blockquote><div>=C2=A0</div><blockquote class=3D"gmail_quote" =
style=3D"margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);pa=
dding-left:1ex">GIM&gt;&gt; I think that this specification is closer to RF=
C 5884 case where TTL for the encapsulated BFD control packet mandated to b=
e set to 1:<br></blockquote></div></div></div><blockquote style=3D"margin:0=
px 0px 0px 40px;border:none;padding:0px"><div dir=3D"ltr"><div class=3D"gma=
il_extra"><div class=3D"gmail_quote"><div>The IP TTL or hop limit MUST be s=
et to 1 [RFC4379].=C2=A0</div></div></div></div></blockquote><div dir=3D"lt=
r"><div class=3D"gmail_extra"><div class=3D"gmail_quote"><blockquote class=
=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-left:1px solid rg=
b(204,204,204);padding-left:1ex">
<br>
Q2: in this context of TTL you write<br>
<br>
=C2=A0 =C2=A010.=C2=A0 Security Considerations<br>
<br>
=C2=A0 =C2=A0 =C2=A0 The document recommends setting the inner IP TTL to 1 =
which could<br>
=C2=A0 =C2=A0 =C2=A0 lead to a DDoS attack.<br></blockquote><div>GIM&gt;&gt=
; Would s/recommends/requires/ work?=C2=A0</div><blockquote class=3D"gmail_=
quote" style=3D"margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,=
204);padding-left:1ex">
<br>
<br>
First, you don&#39;t recommend - you say MUST. But as a non-native speaker =
maybe <br>
this is a misinterpretation on my side ;-)<br>
More interesting: how does TTL =3D 1 raises the DDoS risk? By someone direc=
tly, <br>
i.e. without any VxLAN encapsulation, sending a BFD packet to the VTEP IP ?=
<br></blockquote><div>GIM&gt;&gt; Agree, the wording is rather confusing. W=
ould the following text make it clearer:</div><div>OLD TEXT:</div><div>=C2=
=A0 =C2=A0The document recommends setting the inner IP TTL to 1 which could=
</div><div>=C2=A0 =C2=A0lead to a DDoS attack.=C2=A0 Thus the implementatio=
n MUST have throttling</div><div>=C2=A0 =C2=A0in place.=C2=A0 Throttling MA=
Y be relaxed for BFD packets based on port</div><div>=C2=A0 =C2=A0number.</=
div><div><br></div><div>NEW TEXT:</div><div>=C2=A0 =C2=A0The document requi=
res setting the inner IP TTL to 1 which could</div><div>=C2=A0 =C2=A0be use=
d as DDoS attack vector.=C2=A0 Thus the implementation MUST have throttling=
</div><div>=C2=A0 =C2=A0in place to control the rate of BFD control packets=
 sent to the control plane.</div><div><br></div><blockquote class=3D"gmail_=
quote" style=3D"margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,=
204);padding-left:1ex">
<br>
<br>
Q3: for the demultiplexing of incoming BFD packets (section 6.1) you write<=
br>
<br>
=C2=A0 =C2=A0[...] For such packets, the BFD session MUST be identified<br>
=C2=A0 =C2=A0using the inner headers, i.e., the source IP and the destinati=
on IP<br>
=C2=A0 =C2=A0present in the IP header carried by the payload of the VXLAN<b=
r>
=C2=A0 =C2=A0encapsulated packet.=C2=A0 The VNI of the packet SHOULD be use=
d to derive<br>
=C2=A0 =C2=A0interface-related information for demultiplexing the packet.<b=
r>
<br>
<br>
I understand the &quot;MUST&quot; for the source IP, to differentiate a ses=
sion with <br>
VTEP A from the session with VTEP B. Why is the destination IP, i.e. my loc=
al <br>
IP, of relevance?=C2=A0 Support for multiple VTEP?<br></blockquote><div>GIM=
&gt;&gt; Yes, it is the case.=C2=A0</div><blockquote class=3D"gmail_quote" =
style=3D"margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);pa=
dding-left:1ex">
But my main question is, why the VNI (or related information like the local=
 <br>
VLAN or VFI) is only a &quot;SHOULD&quot; ?=C2=A0</blockquote><div>GIM&gt;&=
gt; An implementation may support only use of VNI 0 and not to use VNI valu=
e of the received packet.</div><div>=C2=A0</div><blockquote class=3D"gmail_=
quote" style=3D"margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,=
204);padding-left:1ex"> In section 4 you say<br>
<br>
=C2=A0 =C2=A0[...] Separate BFD<br>
=C2=A0 =C2=A0sessions can be established between the VTEPs (IP1 and IP2) fo=
r<br>
=C2=A0 =C2=A0monitoring each of the VXLAN tunnels (VNI 100 and 200).<br>
<br>
<br>
How would I separate these BFD sessions when src/dst IP are the same?<br></=
blockquote><div>GIM&gt;&gt; By using different VNI in the VXLAN encapsulati=
on of a BFD Control packets.=C2=A0</div><blockquote class=3D"gmail_quote" s=
tyle=3D"margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);pad=
ding-left:1ex">
<br>
<br>
Finally a nitpick, you write in section 6:<br>
<br>
=C2=A0 =C2=A0The UDP destination port and the TTL of the inner Ethernet fra=
me MUST<br>
=C2=A0 =C2=A0be validated<br>
<br>
We all understand what you mean but I first stumbled: Ethernet frames have =
no <br>
TTL. You mean (of course) the inner IP packet - why not writing it? ;-)<br>=
</blockquote><div>GIM&gt;&gt; Agreed. Would s/inner Ethernet/inner IP packe=
t/ address it?=C2=A0</div><blockquote class=3D"gmail_quote" style=3D"margin=
:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"=
>
<br>
<br>
<br>
Anyway, overall very useful standard (as you see from my comments, there ar=
e <br>
feature roadmaps coming ;-)<br></blockquote><div>GIM&gt;&gt; Thank you for =
your kind words and help to improve the specification, Marc.=C2=A0</div><bl=
ockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-lef=
t:1px solid rgb(204,204,204);padding-left:1ex">
<br>
<br>
Thanks &amp; Regards,<br>
Marc<br>
<div class=3D"m_1667032434324514421gmail-HOEnZb"><div class=3D"m_1667032434=
324514421gmail-h5"><br>
<br>
<br>
<br>
<br>
On Sat, 18 Aug 2018 13:54:22 -0700, Greg Mirsky wrote:<br>
&gt; Dear All,<br>
&gt; the new version addresses comments and editorial suggestions we&#39;ve=
 received <br>
&gt; from Donald.<br>
&gt; <br>
&gt; Your reviews are most welcome, comments, questions, and suggestions mu=
ch <br>
&gt; appreciated.<br>
&gt; <br>
&gt; As discussed at the meeting in Montreal, the authors believe that this=
 <br>
&gt; document is ready for WGLC.<br>
&gt; <br>
&gt; Regards,<br>
&gt; Greg<br>
&gt; <br>
&gt; ---------- Forwarded message ----------<br>
&gt; From: &lt;<a href=3D"mailto:internet-drafts@ietf.org" target=3D"_blank=
">internet-drafts@ietf.org</a>&gt;<br>
&gt; Date: Sat, Aug 18, 2018 at 1:09 PM<br>
&gt; Subject: I-D Action: draft-ietf-bfd-vxlan-02.txt<br>
&gt; To: <a href=3D"mailto:i-d-announce@ietf.org" target=3D"_blank">i-d-ann=
ounce@ietf.org</a><br>
&gt; Cc: <a href=3D"mailto:rtg-bfd@ietf.org" target=3D"_blank">rtg-bfd@ietf=
.org</a><br>
&gt; <br>
&gt; <br>
&gt; <br>
&gt; A New Internet-Draft is available from the on-line Internet-Drafts <br=
>
&gt; directories.<br>
&gt; This draft is a work item of the Bidirectional Forwarding Detection WG=
 of <br>
&gt; the IETF.<br>
&gt; <br>
&gt;=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0Title=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0: BFD for VXLAN<br>
&gt;=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0Authors=C2=A0 =C2=A0 =C2=A0 =C2=A0 =
=C2=A0: Santosh Pallagatti<br>
&gt;=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =
=C2=A0 =C2=A0 =C2=A0 =C2=A0Sudarsan Paragiri<br>
&gt;=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =
=C2=A0 =C2=A0 =C2=A0 =C2=A0Vengada Prasad Govindan<br>
&gt;=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =
=C2=A0 =C2=A0 =C2=A0 =C2=A0Mallik Mudigonda<br>
&gt;=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =
=C2=A0 =C2=A0 =C2=A0 =C2=A0Greg Mirsky<br>
&gt;=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0Filename=C2=A0 =C2=A0 =C2=A0 =C2=A0 :=
 draft-ietf-bfd-vxlan-02.txt<br>
&gt;=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0Pages=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0: 10<br>
&gt;=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0Date=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0 : 2018-08-18<br>
&gt; <br>
&gt; Abstract:<br>
&gt;=C2=A0 =C2=A0 This document describes the use of the Bidirectional Forw=
arding<br>
&gt;=C2=A0 =C2=A0 Detection (BFD) protocol in Virtual eXtensible Local Area=
 Network<br>
&gt;=C2=A0 =C2=A0 (VXLAN) overlay networks.<br>
&gt; <br>
&gt; <br>
&gt; The IETF datatracker status page for this draft is:<br>
&gt; <a href=3D"https://datatracker.ietf.org/doc/draft-ietf-bfd-vxlan/" rel=
=3D"noreferrer" target=3D"_blank">https://datatracker.ietf.org/doc/draft-ie=
tf-bfd-vxlan/</a><br>
&gt; <br>
&gt; There are also htmlized versions available at:<br>
&gt; <a href=3D"https://tools.ietf.org/html/draft-ietf-bfd-vxlan-02" rel=3D=
"noreferrer" target=3D"_blank">https://tools.ietf.org/html/draft-ietf-bfd-v=
xlan-02</a><br>
&gt; <a href=3D"https://datatracker.ietf.org/doc/html/draft-ietf-bfd-vxlan-=
02" rel=3D"noreferrer" target=3D"_blank">https://datatracker.ietf.org/doc/h=
tml/draft-ietf-bfd-vxlan-02</a><br>
&gt; <br>
&gt; A diff from the previous version is available at:<br>
&gt; <a href=3D"https://www.ietf.org/rfcdiff?url2=3Ddraft-ietf-bfd-vxlan-02=
" rel=3D"noreferrer" target=3D"_blank">https://www.ietf.org/rfcdiff?url2=3D=
draft-ietf-bfd-vxlan-02</a><br>
&gt; <br>
&gt; <br>
&gt; Please note that it may take a couple of minutes from the time of subm=
ission<br>
&gt; until the htmlized version and diff are available at <a href=3D"http:/=
/tools.ietf.org" rel=3D"noreferrer" target=3D"_blank">tools.ietf.org</a>.<b=
r>
&gt; <br>
&gt; Internet-Drafts are also available by anonymous FTP at:<br>
&gt; <a href=3D"ftp://ftp.ietf.org/internet-drafts/" rel=3D"noreferrer" tar=
get=3D"_blank">ftp://ftp.ietf.org/internet-drafts/</a><br>
&gt; <br>
&gt; <br>
</div></div></blockquote></div><br></div></div></div></div></div>

--000000000000269dd4057618f6cb--


From nobody Tue Sep 25 10:46:18 2018
Return-Path: <gregimirsky@gmail.com>
X-Original-To: rtg-bfd@ietfa.amsl.com
Delivered-To: rtg-bfd@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7D141130E26 for <rtg-bfd@ietfa.amsl.com>; Tue, 25 Sep 2018 10:04:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.597
X-Spam-Level: 
X-Spam-Status: No, score=-0.597 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_COMMENT_SAVED_URL=1.391, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_HTML_ATTACH=0.01, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pkrh3Q-pcEhM for <rtg-bfd@ietfa.amsl.com>; Tue, 25 Sep 2018 10:04:48 -0700 (PDT)
Received: from mail-lj1-x229.google.com (mail-lj1-x229.google.com [IPv6:2a00:1450:4864:20::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BFBAE12F1AC for <rtg-bfd@ietf.org>; Tue, 25 Sep 2018 10:04:47 -0700 (PDT)
Received: by mail-lj1-x229.google.com with SMTP id l19-v6so7990407ljb.0 for <rtg-bfd@ietf.org>; Tue, 25 Sep 2018 10:04:47 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;  h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=4T0/ipttMSkK5A4NJSe8H8fn9WSncW18o8eoazVeFOY=; b=E0u8W4YpQyf39NTCo/nRNwYYZT99jXlKvVrd/9bTW7MZL6w2n77n0agGsfK19rCnXl cN6UKTk9TWcdjv1HQEkSDTF/AfqXtW9HnQcarA7rWH//caa3YHDwwaClYr1K+jhMSfe7 sVNq41YcU31DMrkbT5bDoGe4b7C5L5JNQ6OK655OL4cNXW6wxEGvJSyD1PxNIVS3XLC1 DEVlpiQeGfQgsIIdNkIyUKUv+QDqcfaop9sQs0ur5cOJJjEkU2uicJzHqwx6fS+jps3t 4wjiUGTobUUazpU+u8QU0U7yt5DkmEt31Eg+5HlyKKjcqfqyAzjxRs+31q9Evu+GPvZV Pkxg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=4T0/ipttMSkK5A4NJSe8H8fn9WSncW18o8eoazVeFOY=; b=oWkU/l4q+X+36rwvIxo4Xm0JD1uyNqw/PGw2orQEJP0Snnlh3ZNQ08dnOvJwAC6kNo yIXUtYNawycowZYg0LYAxCpoZj7EOQw0kWBwTnyDfz9f161+cxIXBcMwPiSMpvdeQZcc /Ul/l0VcoBX2MQPMi1G4irjVrK8gKbcyzcnItaVi9WiP4K78lVlXelfCtSdJTDgkkOVK TuzxV3Js9Stjxnk/ReIJYFDuaHTo79SMBAT4GjQTXEetc4puKdJ8oYBMDqALFGVrp/y4 4V/BeLrGCCGSiTMdqcH/1uZAOcJ7EP6n+K9JtU5BTh2tYiOoeqJ0WbGrkc5LnyhaNnlw m8Ng==
X-Gm-Message-State: ABuFfoirP+tc89sysMOuzSGstGDT5GF6jUxJ/VhvAeHjk7cCgz9oBnhR p0DaNb/BZxKCgamfkTnSITmP/TiZDFQGh3AgEbY=
X-Google-Smtp-Source: ACcGV62//J2TxRhZBR7RLeIZS+qXZ4ujAR2yR/xDuWILASoP3GGd7RDw/f6/H0fQsXlyi1I/ESIBNaZoSvx4JT5c8j8=
X-Received: by 2002:a2e:9c4d:: with SMTP id t13-v6mr1513176ljj.153.1537895085779;  Tue, 25 Sep 2018 10:04:45 -0700 (PDT)
MIME-Version: 1.0
References: <153462297684.27533.6391249246080806217@ietfa.amsl.com> <CA+RyBmW9x9Y-Ve=1JnFatqisqOkpN6YZuOFimNbUS+Keo1KUnw@mail.gmail.com> <20180913143611411852.0ca9e40a@sniff.de> <CA+RyBmXywULG1+yLzsce15EQVNHUjTdWQO2+N7=o=j7DbMa6RA@mail.gmail.com>
In-Reply-To: <CA+RyBmXywULG1+yLzsce15EQVNHUjTdWQO2+N7=o=j7DbMa6RA@mail.gmail.com>
From: Greg Mirsky <gregimirsky@gmail.com>
Date: Tue, 25 Sep 2018 10:04:34 -0700
Message-ID: <CA+RyBmWRwFxqAExqbmxiTHzQMRerw2t4SoF6qQVZykhMES=32g@mail.gmail.com>
Subject: Re: Fwd: I-D Action: draft-ietf-bfd-vxlan-02.txt
To: Marc Binderberger <marc@sniff.de>
Cc: rtg-bfd WG <rtg-bfd@ietf.org>, Donald Eastlake <d3e3e3@gmail.com>
Content-Type: multipart/mixed; boundary="0000000000004a5d850576b51a7f"
Archived-At: <https://mailarchive.ietf.org/arch/msg/rtg-bfd/nFiF5n1wBkTjom8eNfjhlNz9M5k>
X-Mailman-Approved-At: Tue, 25 Sep 2018 10:46:16 -0700
X-BeenThere: rtg-bfd@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "RTG Area: Bidirectional Forwarding Detection DT" <rtg-bfd.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtg-bfd>, <mailto:rtg-bfd-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rtg-bfd/>
List-Post: <mailto:rtg-bfd@ietf.org>
List-Help: <mailto:rtg-bfd-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtg-bfd>, <mailto:rtg-bfd-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 25 Sep 2018 17:04:52 -0000

--0000000000004a5d850576b51a7f
Content-Type: multipart/alternative; boundary="0000000000004a5d820576b51a7d"

--0000000000004a5d820576b51a7d
Content-Type: text/plain; charset="UTF-8"

Hi Marc,
hope this note finds you well. Attached you'll find diff between the latest
and working versions of the document. The latter includes the update
suggested by Donald and proposed changes I hope will address your comments.
Your consideration and feedback on the proposed updates much appreciated.

Best regards,
Greg

On Mon, Sep 17, 2018 at 3:47 PM Greg Mirsky <gregimirsky@gmail.com> wrote:

> Hi Marc,
> many thanks for your excellent comments and the most detailed questions -
> all much appreciated and the most helpful.
> Please find my answers, notes in-line and tagged GIM>>,
>
> Regards,
> Greg
>
> On Thu, Sep 13, 2018 at 5:36 PM, Marc Binderberger <marc@sniff.de> wrote:
>
>> Hello Greg & Authors,
>>
>> great to see this draft progressing!
>>
>>
>> As usual I'm a bit late :-/ but I do have some questions/comments:
>>
>>
>> Q1: the TTL = 1 requirement for the inner IP packet. The explanation for
>> the
>> MUST is
>>
>>          TTL: MUST be set to 1 to ensure that the BFD packet is not
>>          routed within the L3 underlay network.
>>
>>
>> I find this a very implementation-specific reason that may not apply to
>> many
>> other implementations. But the demand for TTL = 1 may limit what can be
>> done
>> with today's silicon, which is why I question this demand here :-)
>>
>> You will find off-the-shelf silicon that offers you BFD RFC5881 "in
>> hardware". For the ASIC user the usage is typically fixed by the API/SDK
>> and
>> RFC5881 uses TTL = 255 for send and check on receive. Using a loopback
>> port
>> it would be simple to use this RFC5881 BFD engine to send packets over
>> the
>> VxLAN tunnel.  But the TTL=1 requirements defeats this.  Could we drop it?
>
>
>
>> GIM>> I think that this specification is closer to RFC 5884 case where
>> TTL for the encapsulated BFD control packet mandated to be set to 1:
>>
> The IP TTL or hop limit MUST be set to 1 [RFC4379].
>
>
>> Q2: in this context of TTL you write
>>
>>    10.  Security Considerations
>>
>>       The document recommends setting the inner IP TTL to 1 which could
>>       lead to a DDoS attack.
>>
> GIM>> Would s/recommends/requires/ work?
>
>>
>>
>> First, you don't recommend - you say MUST. But as a non-native speaker
>> maybe
>> this is a misinterpretation on my side ;-)
>> More interesting: how does TTL = 1 raises the DDoS risk? By someone
>> directly,
>> i.e. without any VxLAN encapsulation, sending a BFD packet to the VTEP IP
>> ?
>>
> GIM>> Agree, the wording is rather confusing. Would the following text
> make it clearer:
> OLD TEXT:
>    The document recommends setting the inner IP TTL to 1 which could
>    lead to a DDoS attack.  Thus the implementation MUST have throttling
>    in place.  Throttling MAY be relaxed for BFD packets based on port
>    number.
>
> NEW TEXT:
>    The document requires setting the inner IP TTL to 1 which could
>    be used as DDoS attack vector.  Thus the implementation MUST have
> throttling
>    in place to control the rate of BFD control packets sent to the control
> plane.
>
>
>>
>> Q3: for the demultiplexing of incoming BFD packets (section 6.1) you write
>>
>>    [...] For such packets, the BFD session MUST be identified
>>    using the inner headers, i.e., the source IP and the destination IP
>>    present in the IP header carried by the payload of the VXLAN
>>    encapsulated packet.  The VNI of the packet SHOULD be used to derive
>>    interface-related information for demultiplexing the packet.
>>
>>
>> I understand the "MUST" for the source IP, to differentiate a session
>> with
>> VTEP A from the session with VTEP B. Why is the destination IP, i.e. my
>> local
>> IP, of relevance?  Support for multiple VTEP?
>>
> GIM>> Yes, it is the case.
>
>> But my main question is, why the VNI (or related information like the
>> local
>> VLAN or VFI) is only a "SHOULD" ?
>
> GIM>> An implementation may support only use of VNI 0 and not to use VNI
> value of the received packet.
>
>
>> In section 4 you say
>>
>>    [...] Separate BFD
>>    sessions can be established between the VTEPs (IP1 and IP2) for
>>    monitoring each of the VXLAN tunnels (VNI 100 and 200).
>>
>>
>> How would I separate these BFD sessions when src/dst IP are the same?
>>
> GIM>> By using different VNI in the VXLAN encapsulation of a BFD Control
> packets.
>
>>
>>
>> Finally a nitpick, you write in section 6:
>>
>>    The UDP destination port and the TTL of the inner Ethernet frame MUST
>>    be validated
>>
>> We all understand what you mean but I first stumbled: Ethernet frames
>> have no
>> TTL. You mean (of course) the inner IP packet - why not writing it? ;-)
>>
> GIM>> Agreed. Would s/inner Ethernet/inner IP packet/ address it?
>
>>
>>
>>
>> Anyway, overall very useful standard (as you see from my comments, there
>> are
>> feature roadmaps coming ;-)
>>
> GIM>> Thank you for your kind words and help to improve the specification,
> Marc.
>
>>
>>
>> Thanks & Regards,
>> Marc
>>
>>
>>
>>
>>
>> On Sat, 18 Aug 2018 13:54:22 -0700, Greg Mirsky wrote:
>> > Dear All,
>> > the new version addresses comments and editorial suggestions we've
>> received
>> > from Donald.
>> >
>> > Your reviews are most welcome, comments, questions, and suggestions
>> much
>> > appreciated.
>> >
>> > As discussed at the meeting in Montreal, the authors believe that this
>> > document is ready for WGLC.
>> >
>> > Regards,
>> > Greg
>> >
>> > ---------- Forwarded message ----------
>> > From: <internet-drafts@ietf.org>
>> > Date: Sat, Aug 18, 2018 at 1:09 PM
>> > Subject: I-D Action: draft-ietf-bfd-vxlan-02.txt
>> > To: i-d-announce@ietf.org
>> > Cc: rtg-bfd@ietf.org
>> >
>> >
>> >
>> > A New Internet-Draft is available from the on-line Internet-Drafts
>> > directories.
>> > This draft is a work item of the Bidirectional Forwarding Detection WG
>> of
>> > the IETF.
>> >
>> >         Title           : BFD for VXLAN
>> >         Authors         : Santosh Pallagatti
>> >                           Sudarsan Paragiri
>> >                           Vengada Prasad Govindan
>> >                           Mallik Mudigonda
>> >                           Greg Mirsky
>> >         Filename        : draft-ietf-bfd-vxlan-02.txt
>> >         Pages           : 10
>> >         Date            : 2018-08-18
>> >
>> > Abstract:
>> >    This document describes the use of the Bidirectional Forwarding
>> >    Detection (BFD) protocol in Virtual eXtensible Local Area Network
>> >    (VXLAN) overlay networks.
>> >
>> >
>> > The IETF datatracker status page for this draft is:
>> > https://datatracker.ietf.org/doc/draft-ietf-bfd-vxlan/
>> >
>> > There are also htmlized versions available at:
>> > https://tools.ietf.org/html/draft-ietf-bfd-vxlan-02
>> > https://datatracker.ietf.org/doc/html/draft-ietf-bfd-vxlan-02
>> >
>> > A diff from the previous version is available at:
>> > https://www.ietf.org/rfcdiff?url2=draft-ietf-bfd-vxlan-02
>> >
>> >
>> > Please note that it may take a couple of minutes from the time of
>> submission
>> > until the htmlized version and diff are available at tools.ietf.org.
>> >
>> > Internet-Drafts are also available by anonymous FTP at:
>> > ftp://ftp.ietf.org/internet-drafts/
>> >
>> >
>>
>
>

--0000000000004a5d820576b51a7d
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr">Hi Marc,<div>hope this note finds you well. Attached you&#=
39;ll find diff between the latest and working versions of the document. Th=
e latter includes the update suggested by Donald and proposed changes I hop=
e will address your comments. Your consideration=C2=A0and feedback on the p=
roposed updates much appreciated.</div><div><br></div><div>Best regards,</d=
iv><div>Greg</div></div><br><div class=3D"gmail_quote"><div dir=3D"ltr">On =
Mon, Sep 17, 2018 at 3:47 PM Greg Mirsky &lt;<a href=3D"mailto:gregimirsky@=
gmail.com" target=3D"_blank">gregimirsky@gmail.com</a>&gt; wrote:<br></div>=
<blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p=
x #ccc solid;padding-left:1ex"><div dir=3D"ltr"><div dir=3D"ltr"><div dir=
=3D"ltr"><div dir=3D"ltr">Hi Marc,<div>many thanks for your excellent comme=
nts and the most detailed questions - all much appreciated and the most hel=
pful.</div><div>Please find my=C2=A0answers, notes in-line and tagged GIM&g=
t;&gt;,</div><div><br></div><div>Regards,</div><div>Greg</div><div class=3D=
"gmail_extra"><br><div class=3D"gmail_quote">On Thu, Sep 13, 2018 at 5:36 P=
M, Marc Binderberger <span dir=3D"ltr">&lt;<a href=3D"mailto:marc@sniff.de"=
 target=3D"_blank">marc@sniff.de</a>&gt;</span> wrote:<br><blockquote class=
=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-left:1px solid rg=
b(204,204,204);padding-left:1ex">Hello Greg &amp; Authors,<br>
<br>
great to see this draft progressing!<br>
<br>
<br>
As usual I&#39;m a bit late :-/ but I do have some questions/comments:<br>
<br>
<br>
Q1: the TTL =3D 1 requirement for the inner IP packet. The explanation for =
the <br>
MUST is<br>
<br>
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0TTL: MUST be set to 1 to ensure that the =
BFD packet is not<br>
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0routed within the L3 underlay network.<br=
>
<br>
<br>
I find this a very implementation-specific reason that may not apply to man=
y <br>
other implementations. But the demand for TTL =3D 1 may limit what can be d=
one <br>
with today&#39;s silicon, which is why I question this demand here :-)<br>
<br>
You will find off-the-shelf silicon that offers you BFD RFC5881 &quot;in <b=
r>
hardware&quot;. For the ASIC user the usage is typically fixed by the API/S=
DK and <br>
RFC5881 uses TTL =3D 255 for send and check on receive. Using a loopback po=
rt <br>
it would be simple to use this RFC5881 BFD engine to send packets over the =
<br>
VxLAN tunnel.=C2=A0 But the TTL=3D1 requirements defeats this.=C2=A0 Could =
we drop it?</blockquote><div>=C2=A0</div><blockquote class=3D"gmail_quote" =
style=3D"margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);pa=
dding-left:1ex">GIM&gt;&gt; I think that this specification is closer to RF=
C 5884 case where TTL for the encapsulated BFD control packet mandated to b=
e set to 1:<br></blockquote></div></div></div><blockquote style=3D"margin:0=
px 0px 0px 40px;border:none;padding:0px"><div dir=3D"ltr"><div class=3D"gma=
il_extra"><div class=3D"gmail_quote"><div>The IP TTL or hop limit MUST be s=
et to 1 [RFC4379].=C2=A0</div></div></div></div></blockquote><div dir=3D"lt=
r"><div class=3D"gmail_extra"><div class=3D"gmail_quote"><blockquote class=
=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-left:1px solid rg=
b(204,204,204);padding-left:1ex">
<br>
Q2: in this context of TTL you write<br>
<br>
=C2=A0 =C2=A010.=C2=A0 Security Considerations<br>
<br>
=C2=A0 =C2=A0 =C2=A0 The document recommends setting the inner IP TTL to 1 =
which could<br>
=C2=A0 =C2=A0 =C2=A0 lead to a DDoS attack.<br></blockquote><div>GIM&gt;&gt=
; Would s/recommends/requires/ work?=C2=A0</div><blockquote class=3D"gmail_=
quote" style=3D"margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,=
204);padding-left:1ex">
<br>
<br>
First, you don&#39;t recommend - you say MUST. But as a non-native speaker =
maybe <br>
this is a misinterpretation on my side ;-)<br>
More interesting: how does TTL =3D 1 raises the DDoS risk? By someone direc=
tly, <br>
i.e. without any VxLAN encapsulation, sending a BFD packet to the VTEP IP ?=
<br></blockquote><div>GIM&gt;&gt; Agree, the wording is rather confusing. W=
ould the following text make it clearer:</div><div>OLD TEXT:</div><div>=C2=
=A0 =C2=A0The document recommends setting the inner IP TTL to 1 which could=
</div><div>=C2=A0 =C2=A0lead to a DDoS attack.=C2=A0 Thus the implementatio=
n MUST have throttling</div><div>=C2=A0 =C2=A0in place.=C2=A0 Throttling MA=
Y be relaxed for BFD packets based on port</div><div>=C2=A0 =C2=A0number.</=
div><div><br></div><div>NEW TEXT:</div><div>=C2=A0 =C2=A0The document requi=
res setting the inner IP TTL to 1 which could</div><div>=C2=A0 =C2=A0be use=
d as DDoS attack vector.=C2=A0 Thus the implementation MUST have throttling=
</div><div>=C2=A0 =C2=A0in place to control the rate of BFD control packets=
 sent to the control plane.</div><div><br></div><blockquote class=3D"gmail_=
quote" style=3D"margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,=
204);padding-left:1ex">
<br>
<br>
Q3: for the demultiplexing of incoming BFD packets (section 6.1) you write<=
br>
<br>
=C2=A0 =C2=A0[...] For such packets, the BFD session MUST be identified<br>
=C2=A0 =C2=A0using the inner headers, i.e., the source IP and the destinati=
on IP<br>
=C2=A0 =C2=A0present in the IP header carried by the payload of the VXLAN<b=
r>
=C2=A0 =C2=A0encapsulated packet.=C2=A0 The VNI of the packet SHOULD be use=
d to derive<br>
=C2=A0 =C2=A0interface-related information for demultiplexing the packet.<b=
r>
<br>
<br>
I understand the &quot;MUST&quot; for the source IP, to differentiate a ses=
sion with <br>
VTEP A from the session with VTEP B. Why is the destination IP, i.e. my loc=
al <br>
IP, of relevance?=C2=A0 Support for multiple VTEP?<br></blockquote><div>GIM=
&gt;&gt; Yes, it is the case.=C2=A0</div><blockquote class=3D"gmail_quote" =
style=3D"margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);pa=
dding-left:1ex">
But my main question is, why the VNI (or related information like the local=
 <br>
VLAN or VFI) is only a &quot;SHOULD&quot; ?=C2=A0</blockquote><div>GIM&gt;&=
gt; An implementation may support only use of VNI 0 and not to use VNI valu=
e of the received packet.</div><div>=C2=A0</div><blockquote class=3D"gmail_=
quote" style=3D"margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,=
204);padding-left:1ex"> In section 4 you say<br>
<br>
=C2=A0 =C2=A0[...] Separate BFD<br>
=C2=A0 =C2=A0sessions can be established between the VTEPs (IP1 and IP2) fo=
r<br>
=C2=A0 =C2=A0monitoring each of the VXLAN tunnels (VNI 100 and 200).<br>
<br>
<br>
How would I separate these BFD sessions when src/dst IP are the same?<br></=
blockquote><div>GIM&gt;&gt; By using different VNI in the VXLAN encapsulati=
on of a BFD Control packets.=C2=A0</div><blockquote class=3D"gmail_quote" s=
tyle=3D"margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);pad=
ding-left:1ex">
<br>
<br>
Finally a nitpick, you write in section 6:<br>
<br>
=C2=A0 =C2=A0The UDP destination port and the TTL of the inner Ethernet fra=
me MUST<br>
=C2=A0 =C2=A0be validated<br>
<br>
We all understand what you mean but I first stumbled: Ethernet frames have =
no <br>
TTL. You mean (of course) the inner IP packet - why not writing it? ;-)<br>=
</blockquote><div>GIM&gt;&gt; Agreed. Would s/inner Ethernet/inner IP packe=
t/ address it?=C2=A0</div><blockquote class=3D"gmail_quote" style=3D"margin=
:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"=
>
<br>
<br>
<br>
Anyway, overall very useful standard (as you see from my comments, there ar=
e <br>
feature roadmaps coming ;-)<br></blockquote><div>GIM&gt;&gt; Thank you for =
your kind words and help to improve the specification, Marc.=C2=A0</div><bl=
ockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-lef=
t:1px solid rgb(204,204,204);padding-left:1ex">
<br>
<br>
Thanks &amp; Regards,<br>
Marc<br>
<div class=3D"m_-4092018846704048881m_7039498216864148970m_1667032434324514=
421gmail-HOEnZb"><div class=3D"m_-4092018846704048881m_7039498216864148970m=
_1667032434324514421gmail-h5"><br>
<br>
<br>
<br>
<br>
On Sat, 18 Aug 2018 13:54:22 -0700, Greg Mirsky wrote:<br>
&gt; Dear All,<br>
&gt; the new version addresses comments and editorial suggestions we&#39;ve=
 received <br>
&gt; from Donald.<br>
&gt; <br>
&gt; Your reviews are most welcome, comments, questions, and suggestions mu=
ch <br>
&gt; appreciated.<br>
&gt; <br>
&gt; As discussed at the meeting in Montreal, the authors believe that this=
 <br>
&gt; document is ready for WGLC.<br>
&gt; <br>
&gt; Regards,<br>
&gt; Greg<br>
&gt; <br>
&gt; ---------- Forwarded message ----------<br>
&gt; From: &lt;<a href=3D"mailto:internet-drafts@ietf.org" target=3D"_blank=
">internet-drafts@ietf.org</a>&gt;<br>
&gt; Date: Sat, Aug 18, 2018 at 1:09 PM<br>
&gt; Subject: I-D Action: draft-ietf-bfd-vxlan-02.txt<br>
&gt; To: <a href=3D"mailto:i-d-announce@ietf.org" target=3D"_blank">i-d-ann=
ounce@ietf.org</a><br>
&gt; Cc: <a href=3D"mailto:rtg-bfd@ietf.org" target=3D"_blank">rtg-bfd@ietf=
.org</a><br>
&gt; <br>
&gt; <br>
&gt; <br>
&gt; A New Internet-Draft is available from the on-line Internet-Drafts <br=
>
&gt; directories.<br>
&gt; This draft is a work item of the Bidirectional Forwarding Detection WG=
 of <br>
&gt; the IETF.<br>
&gt; <br>
&gt;=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0Title=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0: BFD for VXLAN<br>
&gt;=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0Authors=C2=A0 =C2=A0 =C2=A0 =C2=A0 =
=C2=A0: Santosh Pallagatti<br>
&gt;=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =
=C2=A0 =C2=A0 =C2=A0 =C2=A0Sudarsan Paragiri<br>
&gt;=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =
=C2=A0 =C2=A0 =C2=A0 =C2=A0Vengada Prasad Govindan<br>
&gt;=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =
=C2=A0 =C2=A0 =C2=A0 =C2=A0Mallik Mudigonda<br>
&gt;=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =
=C2=A0 =C2=A0 =C2=A0 =C2=A0Greg Mirsky<br>
&gt;=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0Filename=C2=A0 =C2=A0 =C2=A0 =C2=A0 :=
 draft-ietf-bfd-vxlan-02.txt<br>
&gt;=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0Pages=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0: 10<br>
&gt;=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0Date=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0 : 2018-08-18<br>
&gt; <br>
&gt; Abstract:<br>
&gt;=C2=A0 =C2=A0 This document describes the use of the Bidirectional Forw=
arding<br>
&gt;=C2=A0 =C2=A0 Detection (BFD) protocol in Virtual eXtensible Local Area=
 Network<br>
&gt;=C2=A0 =C2=A0 (VXLAN) overlay networks.<br>
&gt; <br>
&gt; <br>
&gt; The IETF datatracker status page for this draft is:<br>
&gt; <a href=3D"https://datatracker.ietf.org/doc/draft-ietf-bfd-vxlan/" rel=
=3D"noreferrer" target=3D"_blank">https://datatracker.ietf.org/doc/draft-ie=
tf-bfd-vxlan/</a><br>
&gt; <br>
&gt; There are also htmlized versions available at:<br>
&gt; <a href=3D"https://tools.ietf.org/html/draft-ietf-bfd-vxlan-02" rel=3D=
"noreferrer" target=3D"_blank">https://tools.ietf.org/html/draft-ietf-bfd-v=
xlan-02</a><br>
&gt; <a href=3D"https://datatracker.ietf.org/doc/html/draft-ietf-bfd-vxlan-=
02" rel=3D"noreferrer" target=3D"_blank">https://datatracker.ietf.org/doc/h=
tml/draft-ietf-bfd-vxlan-02</a><br>
&gt; <br>
&gt; A diff from the previous version is available at:<br>
&gt; <a href=3D"https://www.ietf.org/rfcdiff?url2=3Ddraft-ietf-bfd-vxlan-02=
" rel=3D"noreferrer" target=3D"_blank">https://www.ietf.org/rfcdiff?url2=3D=
draft-ietf-bfd-vxlan-02</a><br>
&gt; <br>
&gt; <br>
&gt; Please note that it may take a couple of minutes from the time of subm=
ission<br>
&gt; until the htmlized version and diff are available at <a href=3D"http:/=
/tools.ietf.org" rel=3D"noreferrer" target=3D"_blank">tools.ietf.org</a>.<b=
r>
&gt; <br>
&gt; Internet-Drafts are also available by anonymous FTP at:<br>
&gt; <a href=3D"ftp://ftp.ietf.org/internet-drafts/" rel=3D"noreferrer" tar=
get=3D"_blank">ftp://ftp.ietf.org/internet-drafts/</a><br>
&gt; <br>
&gt; <br>
</div></div></blockquote></div><br></div></div></div></div></div>
</blockquote></div>

--0000000000004a5d820576b51a7d--

--0000000000004a5d850576b51a7f
Content-Type: text/html; charset="UTF-8"; 
 name="Diff_ draft-ietf-bfd-vxlan-02.txt - draft-ietf-bfd-vxlan-03.txt.html"
Content-Disposition: attachment; filename="Diff_ draft-ietf-bfd-vxlan-02.txt -
 draft-ietf-bfd-vxlan-03.txt.html"
Content-Transfer-Encoding: base64
Content-ID: <f_jmhz0js50>
X-Attachment-Id: f_jmhz0js50

PCFET0NUWVBFIGh0bWwgUFVCTElDICItLy9XM0MvL0RURCBYSFRNTCAxLjAgVHJhbnNpdGlvbmFs
Ly9FTiIgImh0dHA6Ly93d3cudzMub3JnL1RSL3hodG1sMS9EVEQveGh0bWwxLXRyYW5zaXRpb25h
bC5kdGQiPgo8IS0tIHNhdmVkIGZyb20gdXJsPSgwMDQxKWh0dHBzOi8vd3d3LmlldGYub3JnL3Jm
Y2RpZmYvcmZjZGlmZi5weWh0IC0tPgo8aHRtbCB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMTk5
OS94aHRtbCIgY2xhc3M9ImdyX19pZXRmX29yZyI+PGhlYWQ+PG1ldGEgaHR0cC1lcXVpdj0iQ29u
dGVudC1UeXBlIiBjb250ZW50PSJ0ZXh0L2h0bWw7IGNoYXJzZXQ9VVRGLTgiPiAKICAgCiAgPG1l
dGEgaHR0cC1lcXVpdj0iQ29udGVudC1TdHlsZS1UeXBlIiBjb250ZW50PSJ0ZXh0L2NzcyI+IAog
IDx0aXRsZT5EaWZmOiBkcmFmdC1pZXRmLWJmZC12eGxhbi0wMi50eHQgLSBkcmFmdC1pZXRmLWJm
ZC12eGxhbi0wMy50eHQ8L3RpdGxlPiAKICA8c3R5bGUgdHlwZT0idGV4dC9jc3MiPiAKICAgIGJv
ZHkgICAgeyBtYXJnaW46IDAuNGV4OyBtYXJnaW4tcmlnaHQ6IGF1dG87IH0gCiAgICB0ciAgICAg
IHsgfSAKICAgIHRkICAgICAgeyB3aGl0ZS1zcGFjZTogcHJlOyBmb250LWZhbWlseTogbW9ub3Nw
YWNlOyB2ZXJ0aWNhbC1hbGlnbjogdG9wOyBmb250LXNpemU6IDAuODZlbTt9IAogICAgdGggICAg
ICB7IGZvbnQtc2l6ZTogMC44NmVtOyB9IAogICAgLnNtYWxsICB7IGZvbnQtc2l6ZTogMC42ZW07
IGZvbnQtc3R5bGU6IGl0YWxpYzsgZm9udC1mYW1pbHk6IFZlcmRhbmEsIEhlbHZldGljYSwgc2Fu
cy1zZXJpZjsgfSAKICAgIC5sZWZ0ICAgeyBiYWNrZ3JvdW5kLWNvbG9yOiAjRUVFOyB9IAogICAg
LnJpZ2h0ICB7IGJhY2tncm91bmQtY29sb3I6ICNGRkY7IH0gCiAgICAuZGlmZiAgIHsgYmFja2dy
b3VuZC1jb2xvcjogI0NDRjsgfSAKICAgIC5sYmxvY2sgeyBiYWNrZ3JvdW5kLWNvbG9yOiAjQkZC
OyB9IAogICAgLnJibG9jayB7IGJhY2tncm91bmQtY29sb3I6ICNGRjg7IH0gCiAgICAuaW5zZXJ0
IHsgYmFja2dyb3VuZC1jb2xvcjogIzhGRjsgfSAKICAgIC5kZWxldGUgeyBiYWNrZ3JvdW5kLWNv
bG9yOiAjQUNGOyB9IAogICAgLnZvaWQgICB7IGJhY2tncm91bmQtY29sb3I6ICNGRkI7IH0gCiAg
ICAuY29udCAgIHsgYmFja2dyb3VuZC1jb2xvcjogI0VFRTsgfSAKICAgIC5saW5lYnIgeyBiYWNr
Z3JvdW5kLWNvbG9yOiAjQUFBOyB9IAogICAgLmxpbmVubyB7IGNvbG9yOiByZWQ7IGJhY2tncm91
bmQtY29sb3I6ICNGRkY7IGZvbnQtc2l6ZTogMC43ZW07IHRleHQtYWxpZ246IHJpZ2h0OyBwYWRk
aW5nOiAwIDJweDsgfSAKICAgIC5lbGlwc2lzeyBiYWNrZ3JvdW5kLWNvbG9yOiAjQUFBOyB9IAog
ICAgLmxlZnQgLmNvbnQgeyBiYWNrZ3JvdW5kLWNvbG9yOiAjREREOyB9IAogICAgLnJpZ2h0IC5j
b250IHsgYmFja2dyb3VuZC1jb2xvcjogI0VFRTsgfSAKICAgIC5sYmxvY2sgLmNvbnQgeyBiYWNr
Z3JvdW5kLWNvbG9yOiAjOUQ5OyB9IAogICAgLnJibG9jayAuY29udCB7IGJhY2tncm91bmQtY29s
b3I6ICNERDY7IH0gCiAgICAuaW5zZXJ0IC5jb250IHsgYmFja2dyb3VuZC1jb2xvcjogIzBERDsg
fSAKICAgIC5kZWxldGUgLmNvbnQgeyBiYWNrZ3JvdW5kLWNvbG9yOiAjOEFEOyB9IAogICAgLnN0
YXRzLCAuc3RhdHMgdGQsIC5zdGF0cyB0aCB7IGJhY2tncm91bmQtY29sb3I6ICNFRUU7IHBhZGRp
bmc6IDJweCAwOyB9IAogICAgc3Bhbi5oaWRlIHsgZGlzcGxheTogbm9uZTsgY29sb3I6ICNhYWE7
fSAgICBhOmhvdmVyIHNwYW4geyBkaXNwbGF5OiBpbmxpbmU7IH0gICAgdHIuY2hhbmdlIHsgYmFj
a2dyb3VuZC1jb2xvcjogZ3JheTsgfSAKICAgIHRyLmNoYW5nZSBhIHsgdGV4dC1kZWNvcmF0aW9u
OiBub25lOyBjb2xvcjogYmxhY2sgfSAKICA8L3N0eWxlPiAKICAgICA8c2NyaXB0Pgp2YXIgY2h1
bmtfaW5kZXggPSAwOwp2YXIgb2xkX2NodW5rID0gbnVsbDsKCmZ1bmN0aW9uIGZvcm1hdF9jaHVu
ayhpbmRleCkgewogICAgdmFyIHByZWZpeCA9ICJkaWZmIjsKICAgIHZhciBzdHIgPSBpbmRleC50
b1N0cmluZygpOwogICAgZm9yICh4PTA7IHg8KDQtc3RyLmxlbmd0aCk7ICsreCkgewogICAgICAg
IHByZWZpeCs9JzAnOwogICAgfQogICAgcmV0dXJuIHByZWZpeCArIHN0cjsKfQoKZnVuY3Rpb24g
ZmluZF9jaHVuayhuKXsKICAgIHJldHVybiBkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCd0cltpZCQ9
IicgKyBuICsgJyJdJyk7Cn0KCmZ1bmN0aW9uIGNoYW5nZV9jaHVuayhvZmZzZXQpIHsKICAgIHZh
ciBpbmRleCA9IGNodW5rX2luZGV4ICsgb2Zmc2V0OwogICAgdmFyIG5ld19zdHI7CiAgICB2YXIg
bmV3X2NodW5rOwoKICAgIG5ld19zdHIgPSBmb3JtYXRfY2h1bmsoaW5kZXgpOwogICAgbmV3X2No
dW5rID0gZmluZF9jaHVuayhuZXdfc3RyKTsKICAgIGlmICghbmV3X2NodW5rKSB7CiAgICAgICAg
cmV0dXJuOwogICAgfQogICAgaWYgKG9sZF9jaHVuaykgewogICAgICAgIG9sZF9jaHVuay5zdHls
ZS5vdXRsaW5lID0gIiI7CiAgICB9CiAgICBvbGRfY2h1bmsgPSBuZXdfY2h1bms7CiAgICBvbGRf
Y2h1bmsuc3R5bGUub3V0bGluZSA9ICIxcHggc29saWQgcmVkIjsKICAgIHdpbmRvdy5sb2NhdGlv
bi5yZXBsYWNlKCIjIiArIG5ld19zdHIpCiAgICB3aW5kb3cuc2Nyb2xsQnkoMCwtMTAwKTsKICAg
IGNodW5rX2luZGV4ID0gaW5kZXg7Cn0KCmRvY3VtZW50Lm9ua2V5ZG93biA9IGZ1bmN0aW9uKGUp
IHsKICAgIHN3aXRjaCAoZS5rZXlDb2RlKSB7CiAgICBjYXNlIDc4OgogICAgICAgIGNoYW5nZV9j
aHVuaygxKTsKICAgICAgICBicmVhazsKICAgIGNhc2UgODA6CiAgICAgICAgY2hhbmdlX2NodW5r
KC0xKTsKICAgICAgICBicmVhazsKICAgIH0KfTsKICAgPC9zY3JpcHQ+IAo8L2hlYWQ+IAo8Ym9k
eSBkYXRhLWdyLWMtcy1sb2FkZWQ9InRydWUiPiAKICA8dGFibGUgYm9yZGVyPSIwIiBjZWxscGFk
ZGluZz0iMCIgY2VsbHNwYWNpbmc9IjAiPiAKICA8dGJvZHk+PHRyIGlkPSJwYXJ0LTEiIGJnY29s
b3I9Im9yYW5nZSI+PHRoPjwvdGg+PHRoPjxhIGhyZWY9Imh0dHBzOi8vd3d3LmlldGYub3JnL3Jm
Y2RpZmY/dXJsMj1kcmFmdC1pZXRmLWJmZC12eGxhbi0wMi50eHQiIHN0eWxlPSJjb2xvcjojMDA4
OyB0ZXh0LWRlY29yYXRpb246bm9uZTsiPiZsdDs8L2E+Jm5ic3A7PGEgaHJlZj0iaHR0cHM6Ly90
b29scy5pZXRmLm9yZy9odG1sL2RyYWZ0LWlldGYtYmZkLXZ4bGFuLTAyLnR4dCIgc3R5bGU9ImNv
bG9yOiMwMDgiPmRyYWZ0LWlldGYtYmZkLXZ4bGFuLTAyLnR4dDwvYT4mbmJzcDs8L3RoPjx0aD4g
PC90aD48dGg+Jm5ic3A7PGEgaHJlZj0iaHR0cHM6Ly90b29scy5pZXRmLm9yZy9odG1sL2RyYWZ0
LWlldGYtYmZkLXZ4bGFuLTAzLnR4dCIgc3R5bGU9ImNvbG9yOiMwMDgiPmRyYWZ0LWlldGYtYmZk
LXZ4bGFuLTAzLnR4dDwvYT4mbmJzcDs8YSBocmVmPSJodHRwczovL3d3dy5pZXRmLm9yZy9yZmNk
aWZmP3VybDE9ZHJhZnQtaWV0Zi1iZmQtdnhsYW4tMDMudHh0IiBzdHlsZT0iY29sb3I6IzAwODsg
dGV4dC1kZWNvcmF0aW9uOm5vbmU7Ij4mZ3Q7PC9hPjwvdGg+PHRoPjwvdGg+PC90cj4gCiAgICAg
IDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPjwvdGQ+PHRkPiA8
L3RkPjx0ZCBjbGFzcz0icmlnaHQiPjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4K
ICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+SW50ZXJu
ZXQgRW5naW5lZXJpbmcgVGFzayBGb3JjZSAgICAgICAgICAgICAgICAgICAgICAgUy4gUGFsbGFn
YXR0aSwgRWQuPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+SW50ZXJuZXQgRW5naW5l
ZXJpbmcgVGFzayBGb3JjZSAgICAgICAgICAgICAgICAgICAgICAgUy4gUGFsbGFnYXR0aSwgRWQu
PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJs
aW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij5JbnRlcm5ldC1EcmFmdCAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFJ0YnJpY2s8L3RkPjx0ZD4gPC90
ZD48dGQgY2xhc3M9InJpZ2h0Ij5JbnRlcm5ldC1EcmFmdCAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgIFJ0YnJpY2s8L3RkPjx0ZCBjbGFzcz0ibGluZW5v
Ij48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9
ImxlZnQiPkludGVuZGVkIHN0YXR1czogU3RhbmRhcmRzIFRyYWNrICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICBTLiBQYXJhZ2lyaTwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPklu
dGVuZGVkIHN0YXR1czogU3RhbmRhcmRzIFRyYWNrICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICBTLiBQYXJhZ2lyaTwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRy
IGlkPSJkaWZmMDAwMSI+PHRkPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5v
Ij48L3RkPjx0ZCBjbGFzcz0ibGJsb2NrIj5FeHBpcmVzOiA8c3BhbiBjbGFzcz0iZGVsZXRlIj5G
ZWJydWFyeSAxOCwgMjAxOTwvc3Bhbj4gICAgICAgICAgICAgICAgICAgICAgICAgICAgICBKdW5p
cGVyIE5ldHdvcmtzPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyYmxvY2siPkV4cGlyZXM6IDxz
cGFuIGNsYXNzPSJpbnNlcnQiPk1hcmNoIDI5LCAyMDE5ICAgPC9zcGFuPiAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgIEp1bmlwZXIgTmV0d29ya3M8L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48
L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9Imxl
ZnQiPiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICBWLiBHb3ZpbmRhbjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBW
LiBHb3ZpbmRhbjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0
ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgTS4gTXVkaWdvbmRhPC90
ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgTS4gTXVkaWdvbmRhPC90ZD48dGQgY2xh
c3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+
PHRkIGNsYXNzPSJsZWZ0Ij4gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgQ2lzY288L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9
InJpZ2h0Ij4gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgQ2lzY288L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+
CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
IEcuIE1pcnNreTwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEcuIE1pcnNr
eTwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0i
bGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgWlRFIENvcnAuPC90ZD48dGQ+IDwv
dGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgWlRFIENvcnAuPC90ZD48dGQgY2xhc3M9ImxpbmVu
byI+PC90ZD48L3RyPgogICAgICA8dHIgaWQ9ImRpZmYwMDAyIj48dGQ+PC90ZD48L3RyPgogICAg
ICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsYmxvY2siPiAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDxzcGFuIGNsYXNz
PSJkZWxldGUiPiAgIEF1Z3VzdCAxNzwvc3Bhbj4sIDIwMTg8L3RkPjx0ZD4gPC90ZD48dGQgY2xh
c3M9InJibG9jayI+ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgPHNwYW4gY2xhc3M9Imluc2VydCI+U2VwdGVtYmVyIDI1PC9zcGFuPiwgMjAxODwv
dGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGlu
ZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdo
dCI+PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNz
PSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICAgICAgICAgICAgICAgICAgICAgICAg
ICAgIEJGRCBmb3IgVlhMQU48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICAgICAg
ICAgICAgICAgICAgICAgICAgICAgIEJGRCBmb3IgVlhMQU48L3RkPjx0ZCBjbGFzcz0ibGluZW5v
Ij48L3RkPjwvdHI+CiAgICAgIDx0ciBpZD0iZGlmZjAwMDMiPjx0ZD48L3RkPjwvdHI+CiAgICAg
IDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxibG9jayI+ICAgICAgICAg
ICAgICAgICAgICAgICAgZHJhZnQtaWV0Zi1iZmQtdnhsYW4tMDxzcGFuIGNsYXNzPSJkZWxldGUi
PjI8L3NwYW4+PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyYmxvY2siPiAgICAgICAgICAgICAg
ICAgICAgICAgIGRyYWZ0LWlldGYtYmZkLXZ4bGFuLTA8c3BhbiBjbGFzcz0iaW5zZXJ0Ij4zPC9z
cGFuPjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFz
cz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNz
PSJyaWdodCI+PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRk
IGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij5BYnN0cmFjdDwvdGQ+PHRkPiA8
L3RkPjx0ZCBjbGFzcz0icmlnaHQiPkFic3RyYWN0PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90
ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0
Ij48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij48L3RkPjx0ZCBjbGFzcz0ibGluZW5v
Ij48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9
ImxlZnQiPiAgIFRoaXMgZG9jdW1lbnQgZGVzY3JpYmVzIHRoZSB1c2Ugb2YgdGhlIEJpZGlyZWN0
aW9uYWwgRm9yd2FyZGluZzwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgIFRoaXMg
ZG9jdW1lbnQgZGVzY3JpYmVzIHRoZSB1c2Ugb2YgdGhlIEJpZGlyZWN0aW9uYWwgRm9yd2FyZGlu
ZzwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0i
bGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgRGV0ZWN0aW9uIChCRkQpIHByb3RvY29s
IGluIFZpcnR1YWwgZVh0ZW5zaWJsZSBMb2NhbCBBcmVhIE5ldHdvcms8L3RkPjx0ZD4gPC90ZD48
dGQgY2xhc3M9InJpZ2h0Ij4gICBEZXRlY3Rpb24gKEJGRCkgcHJvdG9jb2wgaW4gVmlydHVhbCBl
WHRlbnNpYmxlIExvY2FsIEFyZWEgTmV0d29yazwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+
PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+
ICAgKFZYTEFOKSBvdmVybGF5IG5ldHdvcmtzLjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmln
aHQiPiAgIChWWExBTikgb3ZlcmxheSBuZXR3b3Jrcy48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48
L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9Imxl
ZnQiPjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPjwvdGQ+PHRkIGNsYXNzPSJsaW5l
bm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFz
cz0ibGVmdCI+U3RhdHVzIG9mIFRoaXMgTWVtbzwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmln
aHQiPlN0YXR1cyBvZiBUaGlzIE1lbW88L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+
CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPjwvdGQ+
PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+
PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+
ICAgVGhpcyBJbnRlcm5ldC1EcmFmdCBpcyBzdWJtaXR0ZWQgaW4gZnVsbCBjb25mb3JtYW5jZSB3
aXRoIHRoZTwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgIFRoaXMgSW50ZXJuZXQt
RHJhZnQgaXMgc3VibWl0dGVkIGluIGZ1bGwgY29uZm9ybWFuY2Ugd2l0aCB0aGU8L3RkPjx0ZCBj
bGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90
ZD48dGQgY2xhc3M9ImxlZnQiPjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPjwvdGQ+
PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyIGlkPSJwYXJ0LTIiIGNsYXNz
PSJjaGFuZ2UiPjx0ZD48L3RkPjx0aD48c21hbGw+c2tpcHBpbmcgdG8gY2hhbmdlIGF0PC9zbWFs
bD48YSBocmVmPSJodHRwczovL3d3dy5pZXRmLm9yZy9yZmNkaWZmL3JmY2RpZmYucHlodCNwYXJ0
LTIiPjxlbT4gcGFnZSAxLCBsaW5lIDM4PHNwYW4gY2xhc3M9ImhpZGUiPiDCtjwvc3Bhbj48L2Vt
PjwvYT48L3RoPjx0aD4gPC90aD48dGg+PHNtYWxsPnNraXBwaW5nIHRvIGNoYW5nZSBhdDwvc21h
bGw+PGEgaHJlZj0iaHR0cHM6Ly93d3cuaWV0Zi5vcmcvcmZjZGlmZi9yZmNkaWZmLnB5aHQjcGFy
dC0yIj48ZW0+IHBhZ2UgMSwgbGluZSAzODxzcGFuIGNsYXNzPSJoaWRlIj4gwrY8L3NwYW4+PC9l
bT48L2E+PC90aD48dGQ+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwv
dGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICBJbnRlcm5ldC1EcmFmdHMgYXJlIHdvcmtpbmcgZG9jdW1l
bnRzIG9mIHRoZSBJbnRlcm5ldCBFbmdpbmVlcmluZzwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0i
cmlnaHQiPiAgIEludGVybmV0LURyYWZ0cyBhcmUgd29ya2luZyBkb2N1bWVudHMgb2YgdGhlIElu
dGVybmV0IEVuZ2luZWVyaW5nPC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAg
ICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICBUYXNrIEZv
cmNlIChJRVRGKS4gIE5vdGUgdGhhdCBvdGhlciBncm91cHMgbWF5IGFsc28gZGlzdHJpYnV0ZTwv
dGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgIFRhc2sgRm9yY2UgKElFVEYpLiAgTm90
ZSB0aGF0IG90aGVyIGdyb3VwcyBtYXkgYWxzbyBkaXN0cmlidXRlPC90ZD48dGQgY2xhc3M9Imxp
bmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNs
YXNzPSJsZWZ0Ij4gICB3b3JraW5nIGRvY3VtZW50cyBhcyBJbnRlcm5ldC1EcmFmdHMuICBUaGUg
bGlzdCBvZiBjdXJyZW50IEludGVybmV0LTwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQi
PiAgIHdvcmtpbmcgZG9jdW1lbnRzIGFzIEludGVybmV0LURyYWZ0cy4gIFRoZSBsaXN0IG9mIGN1
cnJlbnQgSW50ZXJuZXQtPC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8
dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICBEcmFmdHMgaXMg
YXQgaHR0cHM6Ly9kYXRhdHJhY2tlci5pZXRmLm9yZy9kcmFmdHMvY3VycmVudC8uPC90ZD48dGQ+
IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgRHJhZnRzIGlzIGF0IGh0dHBzOi8vZGF0YXRyYWNr
ZXIuaWV0Zi5vcmcvZHJhZnRzL2N1cnJlbnQvLjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+
PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+
PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+
PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJs
ZWZ0Ij4gICBJbnRlcm5ldC1EcmFmdHMgYXJlIGRyYWZ0IGRvY3VtZW50cyB2YWxpZCBmb3IgYSBt
YXhpbXVtIG9mIHNpeCBtb250aHM8L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICBJ
bnRlcm5ldC1EcmFmdHMgYXJlIGRyYWZ0IGRvY3VtZW50cyB2YWxpZCBmb3IgYSBtYXhpbXVtIG9m
IHNpeCBtb250aHM8L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48
dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgIGFuZCBtYXkgYmUgdXBk
YXRlZCwgcmVwbGFjZWQsIG9yIG9ic29sZXRlZCBieSBvdGhlciBkb2N1bWVudHMgYXQgYW55PC90
ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgYW5kIG1heSBiZSB1cGRhdGVkLCByZXBs
YWNlZCwgb3Igb2Jzb2xldGVkIGJ5IG90aGVyIGRvY3VtZW50cyBhdCBhbnk8L3RkPjx0ZCBjbGFz
cz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48
dGQgY2xhc3M9ImxlZnQiPiAgIHRpbWUuICBJdCBpcyBpbmFwcHJvcHJpYXRlIHRvIHVzZSBJbnRl
cm5ldC1EcmFmdHMgYXMgcmVmZXJlbmNlPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+
ICAgdGltZS4gIEl0IGlzIGluYXBwcm9wcmlhdGUgdG8gdXNlIEludGVybmV0LURyYWZ0cyBhcyBy
ZWZlcmVuY2U8L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQg
Y2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgIG1hdGVyaWFsIG9yIHRvIGNp
dGUgdGhlbSBvdGhlciB0aGFuIGFzICJ3b3JrIGluIHByb2dyZXNzLiI8L3RkPjx0ZD4gPC90ZD48
dGQgY2xhc3M9InJpZ2h0Ij4gICBtYXRlcmlhbCBvciB0byBjaXRlIHRoZW0gb3RoZXIgdGhhbiBh
cyAid29yayBpbiBwcm9ncmVzcy4iPC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgog
ICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij48L3RkPjx0
ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwv
dHI+CiAgICAgIDx0ciBpZD0iZGlmZjAwMDQiPjx0ZD48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQg
Y2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxibG9jayI+ICAgVGhpcyBJbnRlcm5ldC1E
cmFmdCB3aWxsIGV4cGlyZSBvbiA8c3BhbiBjbGFzcz0iZGVsZXRlIj5GZWJydWFyeSAxODwvc3Bh
bj4sIDIwMTkuPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyYmxvY2siPiAgIFRoaXMgSW50ZXJu
ZXQtRHJhZnQgd2lsbCBleHBpcmUgb24gPHNwYW4gY2xhc3M9Imluc2VydCI+TWFyY2ggMjk8L3Nw
YW4+LCAyMDE5LjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0
ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+PC90ZD48dGQ+IDwvdGQ+PHRk
IGNsYXNzPSJyaWdodCI+PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8
dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij5Db3B5cmlnaHQgTm90
aWNlPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+Q29weXJpZ2h0IE5vdGljZTwvdGQ+
PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5v
Ij48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+
PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJs
aW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICBDb3B5cmlnaHQgKGMpIDIwMTggSUVURiBU
cnVzdCBhbmQgdGhlIHBlcnNvbnMgaWRlbnRpZmllZCBhcyB0aGU8L3RkPjx0ZD4gPC90ZD48dGQg
Y2xhc3M9InJpZ2h0Ij4gICBDb3B5cmlnaHQgKGMpIDIwMTggSUVURiBUcnVzdCBhbmQgdGhlIHBl
cnNvbnMgaWRlbnRpZmllZCBhcyB0aGU8L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+
CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgIGRv
Y3VtZW50IGF1dGhvcnMuICBBbGwgcmlnaHRzIHJlc2VydmVkLjwvdGQ+PHRkPiA8L3RkPjx0ZCBj
bGFzcz0icmlnaHQiPiAgIGRvY3VtZW50IGF1dGhvcnMuICBBbGwgcmlnaHRzIHJlc2VydmVkLjwv
dGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGlu
ZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdo
dCI+PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNz
PSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICBUaGlzIGRvY3VtZW50IGlzIHN1Ympl
Y3QgdG8gQkNQIDc4IGFuZCB0aGUgSUVURiBUcnVzdCdzIExlZ2FsPC90ZD48dGQ+IDwvdGQ+PHRk
IGNsYXNzPSJyaWdodCI+ICAgVGhpcyBkb2N1bWVudCBpcyBzdWJqZWN0IHRvIEJDUCA3OCBhbmQg
dGhlIElFVEYgVHJ1c3QncyBMZWdhbDwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4K
ICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgUHJv
dmlzaW9ucyBSZWxhdGluZyB0byBJRVRGIERvY3VtZW50czwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFz
cz0icmlnaHQiPiAgIFByb3Zpc2lvbnMgUmVsYXRpbmcgdG8gSUVURiBEb2N1bWVudHM8L3RkPjx0
ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+
PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgIChodHRwczovL3RydXN0ZWUuaWV0Zi5vcmcvbGljZW5z
ZS1pbmZvKSBpbiBlZmZlY3Qgb24gdGhlIGRhdGUgb2Y8L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9
InJpZ2h0Ij4gICAoaHR0cHM6Ly90cnVzdGVlLmlldGYub3JnL2xpY2Vuc2UtaW5mbykgaW4gZWZm
ZWN0IG9uIHRoZSBkYXRlIG9mPC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAg
ICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICBwdWJsaWNh
dGlvbiBvZiB0aGlzIGRvY3VtZW50LiAgUGxlYXNlIHJldmlldyB0aGVzZSBkb2N1bWVudHM8L3Rk
Pjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICBwdWJsaWNhdGlvbiBvZiB0aGlzIGRvY3Vt
ZW50LiAgUGxlYXNlIHJldmlldyB0aGVzZSBkb2N1bWVudHM8L3RkPjx0ZCBjbGFzcz0ibGluZW5v
Ij48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9
ImxlZnQiPjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPjwvdGQ+PHRkIGNsYXNzPSJs
aW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyIGlkPSJwYXJ0LTMiIGNsYXNzPSJjaGFuZ2UiPjx0
ZD48L3RkPjx0aD48c21hbGw+c2tpcHBpbmcgdG8gY2hhbmdlIGF0PC9zbWFsbD48YSBocmVmPSJo
dHRwczovL3d3dy5pZXRmLm9yZy9yZmNkaWZmL3JmY2RpZmYucHlodCNwYXJ0LTMiPjxlbT4gcGFn
ZSA3LCBsaW5lIDM3PHNwYW4gY2xhc3M9ImhpZGUiPiDCtjwvc3Bhbj48L2VtPjwvYT48L3RoPjx0
aD4gPC90aD48dGg+PHNtYWxsPnNraXBwaW5nIHRvIGNoYW5nZSBhdDwvc21hbGw+PGEgaHJlZj0i
aHR0cHM6Ly93d3cuaWV0Zi5vcmcvcmZjZGlmZi9yZmNkaWZmLnB5aHQjcGFydC0zIj48ZW0+IHBh
Z2UgNywgbGluZSAzNzxzcGFuIGNsYXNzPSJoaWRlIj4gwrY8L3NwYW4+PC9lbT48L2E+PC90aD48
dGQ+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNz
PSJsZWZ0Ij4gICAgICBUaGUgZmllbGRzIG9mIHRoZSBVRFAgaGVhZGVyIGFuZCB0aGUgQkZEIGNv
bnRyb2wgcGFja2V0IGFyZTwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgICAgIFRo
ZSBmaWVsZHMgb2YgdGhlIFVEUCBoZWFkZXIgYW5kIHRoZSBCRkQgY29udHJvbCBwYWNrZXQgYXJl
PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJs
aW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICAgICBlbmNvZGVkIGFzIHNwZWNpZmllZCBp
biBbUkZDNTg4MV0gZm9yIHAycCBWWExBTiB0dW5uZWxzLjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFz
cz0icmlnaHQiPiAgICAgIGVuY29kZWQgYXMgc3BlY2lmaWVkIGluIFtSRkM1ODgxXSBmb3IgcDJw
IFZYTEFOIHR1bm5lbHMuPC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8
dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij48L3RkPjx0ZD4gPC90
ZD48dGQgY2xhc3M9InJpZ2h0Ij48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAg
ICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPjYuICBSZWNl
cHRpb24gb2YgQkZEIHBhY2tldCBmcm9tIFZYTEFOIFR1bm5lbDwvdGQ+PHRkPiA8L3RkPjx0ZCBj
bGFzcz0icmlnaHQiPjYuICBSZWNlcHRpb24gb2YgQkZEIHBhY2tldCBmcm9tIFZYTEFOIFR1bm5l
bDwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0i
bGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJy
aWdodCI+PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNs
YXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICBPbmNlIGEgcGFja2V0IGlzIHJl
Y2VpdmVkLCBWVEVQIE1VU1QgdmFsaWRhdGUgdGhlIHBhY2tldCBhcyBkZXNjcmliZWQ8L3RkPjx0
ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICBPbmNlIGEgcGFja2V0IGlzIHJlY2VpdmVkLCBW
VEVQIE1VU1QgdmFsaWRhdGUgdGhlIHBhY2tldCBhcyBkZXNjcmliZWQ8L3RkPjx0ZCBjbGFzcz0i
bGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQg
Y2xhc3M9ImxlZnQiPiAgIGluIFNlY3Rpb24gNC4xIG9mIFtSRkM3MzQ4XS4gIElmIHRoZSBEZXN0
aW5hdGlvbiBNQUMgb2YgdGhlIGlubmVyIE1BQzwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmln
aHQiPiAgIGluIFNlY3Rpb24gNC4xIG9mIFtSRkM3MzQ4XS4gIElmIHRoZSBEZXN0aW5hdGlvbiBN
QUMgb2YgdGhlIGlubmVyIE1BQzwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAg
ICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgZnJhbWUg
bWF0Y2hlcyB0aGUgZGVkaWNhdGVkIE1BQyBvciB0aGUgTUFDIGFkZHJlc3Mgb2YgdGhlIFZURVAg
dGhlPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgZnJhbWUgbWF0Y2hlcyB0aGUg
ZGVkaWNhdGVkIE1BQyBvciB0aGUgTUFDIGFkZHJlc3Mgb2YgdGhlIFZURVAgdGhlPC90ZD48dGQg
Y2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwv
dGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICBwYWNrZXQgTVVTVCBiZSBwcm9jZXNzZWQgZnVydGhlci48
L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICBwYWNrZXQgTVVTVCBiZSBwcm9jZXNz
ZWQgZnVydGhlci48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48
dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPjwvdGQ+PHRkPiA8L3RkPjx0
ZCBjbGFzcz0icmlnaHQiPjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAg
PHRyIGlkPSJkaWZmMDAwNSI+PHRkPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGlu
ZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGJsb2NrIj4gICBUaGUgVURQIGRlc3RpbmF0aW9uIHBvcnQg
YW5kIHRoZSBUVEwgb2YgdGhlIGlubmVyIDxzcGFuIGNsYXNzPSJkZWxldGUiPkV0aGVybmV0IGZy
YW1lPC9zcGFuPiBNVVNUPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyYmxvY2siPiAgIFRoZSBV
RFAgZGVzdGluYXRpb24gcG9ydCBhbmQgdGhlIFRUTCBvZiB0aGUgaW5uZXIgPHNwYW4gY2xhc3M9
Imluc2VydCI+SVAgcGFja2V0PC9zcGFuPiBNVVNUIGJlPC90ZD48dGQgY2xhc3M9ImxpbmVubyI+
PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJs
YmxvY2siPiAgIGJlIHZhbGlkYXRlZCB0byBkZXRlcm1pbmUgaWYgdGhlIHJlY2VpdmVkIHBhY2tl
dCBjYW4gYmUgcHJvY2Vzc2VkIGJ5PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyYmxvY2siPiAg
IHZhbGlkYXRlZCB0byBkZXRlcm1pbmUgaWYgdGhlIHJlY2VpdmVkIHBhY2tldCBjYW4gYmUgcHJv
Y2Vzc2VkIGJ5PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRk
IGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICBCRkQuICBCRkQgcGFja2V0
IHdpdGggaW5uZXIgTUFDIHNldCB0byBWVEVQIG9yIGRlZGljYXRlZCBNQUMgYWRkcmVzczwvdGQ+
PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgIEJGRC4gIEJGRCBwYWNrZXQgd2l0aCBpbm5l
ciBNQUMgc2V0IHRvIFZURVAgb3IgZGVkaWNhdGVkIE1BQyBhZGRyZXNzPC90ZD48dGQgY2xhc3M9
ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRk
IGNsYXNzPSJsZWZ0Ij4gICBNVVNUIE5PVCBiZSBmb3J3YXJkZWQgdG8gVk1zLjwvdGQ+PHRkPiA8
L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgIE1VU1QgTk9UIGJlIGZvcndhcmRlZCB0byBWTXMuPC90
ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5l
bm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0
Ij48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9
ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgIFRvIGVuc3VyZSBCRkQgZGV0ZWN0cyB0
aGUgcHJvcGVyIGNvbmZpZ3VyYXRpb24gb2YgVlhMQU4gTmV0d29yazwvdGQ+PHRkPiA8L3RkPjx0
ZCBjbGFzcz0icmlnaHQiPiAgIFRvIGVuc3VyZSBCRkQgZGV0ZWN0cyB0aGUgcHJvcGVyIGNvbmZp
Z3VyYXRpb24gb2YgVlhMQU4gTmV0d29yazwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90
cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAg
SWRlbnRpZmllciAoVk5JKSBpbiBhIHJlbW90ZSBWVEVQLCBhIGxvb2t1cCBTSE9VTEQgYmUgcGVy
Zm9ybWVkIHdpdGg8L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICBJZGVudGlmaWVy
IChWTkkpIGluIGEgcmVtb3RlIFZURVAsIGEgbG9va3VwIFNIT1VMRCBiZSBwZXJmb3JtZWQgd2l0
aDwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0i
bGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgdGhlIE1BQy1EQSBhbmQgVk5JIGFzIGtl
eSBpbiB0aGUgVmlydHVhbCBGb3J3YXJkaW5nIEluc3RhbmNlIChWRkkpPC90ZD48dGQ+IDwvdGQ+
PHRkIGNsYXNzPSJyaWdodCI+ICAgdGhlIE1BQy1EQSBhbmQgVk5JIGFzIGtleSBpbiB0aGUgVmly
dHVhbCBGb3J3YXJkaW5nIEluc3RhbmNlIChWRkkpPC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90
ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0
Ij4gICB0YWJsZSBvZiB0aGUgb3JpZ2luYXRpbmcvdGVybWluYXRpbmcgVlRFUCB0byBleGVyY2lz
ZSB0aGUgVkZJPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgdGFibGUgb2YgdGhl
IG9yaWdpbmF0aW5nL3Rlcm1pbmF0aW5nIFZURVAgdG8gZXhlcmNpc2UgdGhlIFZGSTwvdGQ+PHRk
IGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48
L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgYXNzb2NpYXRlZCB3aXRoIHRoZSBWTkkuPC90ZD48dGQ+
IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgYXNzb2NpYXRlZCB3aXRoIHRoZSBWTkkuPC90ZD48
dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8i
PjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij48
L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9Imxp
bmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPjYuMS4gIERlbXVsdGlwbGV4aW5nIG9mIHRoZSBC
RkQgcGFja2V0PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+Ni4xLiAgRGVtdWx0aXBs
ZXhpbmcgb2YgdGhlIEJGRCBwYWNrZXQ8L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+
CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPjwvdGQ+
PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+
PC90cj4KICAgICAgPHRyIGlkPSJwYXJ0LTQiIGNsYXNzPSJjaGFuZ2UiPjx0ZD48L3RkPjx0aD48
c21hbGw+c2tpcHBpbmcgdG8gY2hhbmdlIGF0PC9zbWFsbD48YSBocmVmPSJodHRwczovL3d3dy5p
ZXRmLm9yZy9yZmNkaWZmL3JmY2RpZmYucHlodCNwYXJ0LTQiPjxlbT4gcGFnZSA4LCBsaW5lIDI3
PHNwYW4gY2xhc3M9ImhpZGUiPiDCtjwvc3Bhbj48L2VtPjwvYT48L3RoPjx0aD4gPC90aD48dGg+
PHNtYWxsPnNraXBwaW5nIHRvIGNoYW5nZSBhdDwvc21hbGw+PGEgaHJlZj0iaHR0cHM6Ly93d3cu
aWV0Zi5vcmcvcmZjZGlmZi9yZmNkaWZmLnB5aHQjcGFydC00Ij48ZW0+IHBhZ2UgOCwgbGluZSAy
NzxzcGFuIGNsYXNzPSJoaWRlIj4gwrY8L3NwYW4+PC9lbT48L2E+PC90aD48dGQ+PC90ZD48L3Ry
PgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICBh
Z2dyZWdhdGUgQkZEIHNlc3Npb25zIGJldHdlZW4gVlRFUCdzIGlzIHRvIGVzdGFibGlzaCBhIEJG
RCBzZXNzaW9uPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgYWdncmVnYXRlIEJG
RCBzZXNzaW9ucyBiZXR3ZWVuIFZURVAncyBpcyB0byBlc3RhYmxpc2ggYSBCRkQgc2Vzc2lvbjwv
dGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGlu
ZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgd2l0aCBWTkkgMC4gIEEgVlRFUCBNQVkgYWxz
byB1c2UgVk5JIDAgdG8gZXN0YWJsaXNoIGEgQkZEIHNlc3Npb248L3RkPjx0ZD4gPC90ZD48dGQg
Y2xhc3M9InJpZ2h0Ij4gICB3aXRoIFZOSSAwLiAgQSBWVEVQIE1BWSBhbHNvIHVzZSBWTkkgMCB0
byBlc3RhYmxpc2ggYSBCRkQgc2Vzc2lvbjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90
cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAg
d2l0aCBhIHNlcnZpY2Ugbm9kZS48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICB3
aXRoIGEgc2VydmljZSBub2RlLjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAg
ICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+PC90ZD48dGQ+
IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3Ry
PgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij44LiAg
RWNobyBCRkQ8L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij44LiAgRWNobyBCRkQ8L3Rk
Pjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVu
byI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQi
PjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0i
bGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgU3VwcG9ydCBmb3IgZWNobyBCRkQgaXMg
b3V0c2lkZSB0aGUgc2NvcGUgb2YgdGhpcyBkb2N1bWVudC48L3RkPjx0ZD4gPC90ZD48dGQgY2xh
c3M9InJpZ2h0Ij4gICBTdXBwb3J0IGZvciBlY2hvIEJGRCBpcyBvdXRzaWRlIHRoZSBzY29wZSBv
ZiB0aGlzIGRvY3VtZW50LjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAg
PHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+PC90ZD48dGQ+IDwv
dGQ+PHRkIGNsYXNzPSJyaWdodCI+PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgog
ICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij45LiAgSUFO
QSBDb25zaWRlcmF0aW9uczwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPjkuICBJQU5B
IENvbnNpZGVyYXRpb25zPC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8
dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij48L3RkPjx0ZD4gPC90
ZD48dGQgY2xhc3M9InJpZ2h0Ij48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAg
ICAgIDx0ciBpZD0iZGlmZjAwMDYiPjx0ZD48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9
ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxibG9jayI+ICAgSUFOQSBoYXMgYXNzaWduZWQgVEJB
IGFzIGEgZGVkaWNhdGVkIE1BQyBhZGRyZXNzIHRvIGJlIHVzZWQgYXMgdGhlPC90ZD48dGQ+IDwv
dGQ+PHRkIGNsYXNzPSJyYmxvY2siPiAgIElBTkEgaGFzIGFzc2lnbmVkIFRCQSBhcyBhIGRlZGlj
YXRlZCBNQUMgYWRkcmVzcyA8c3BhbiBjbGFzcz0iaW5zZXJ0Ij5mcm9tIHRoZSBJQU5BIDgtYml0
PC9zcGFuPjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBj
bGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGJsb2NrIj4gICBEZXN0aW5hdGlvbiBNQUMg
YWRkcmVzcyBvZiB0aGUgaW5uZXIgRXRoZXJuZXQgb2YgVlhMQU4gd2hlbiBjYXJyeWluZzwvdGQ+
PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmJsb2NrIj48c3BhbiBjbGFzcz0iaW5zZXJ0Ij4gICB1bmlj
YXN0IE1BQyBhZGRyZXNzIHJlZ2lzdHJ5PC9zcGFuPiB0byBiZSB1c2VkIGFzIHRoZSBEZXN0aW5h
dGlvbiBNQUM8L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQg
Y2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxibG9jayI+ICAgQkZEIGNvbnRyb2wgcGFj
a2V0cy48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJibG9jayI+ICAgYWRkcmVzcyBvZiB0aGUg
aW5uZXIgRXRoZXJuZXQgb2YgVlhMQU4gd2hlbiBjYXJyeWluZyBCRkQgY29udHJvbDwvdGQ+PHRk
IGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48
L3RkPjx0ZCBjbGFzcz0ibGJsb2NrIj48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJibG9jayI+
ICAgcGFja2V0cy48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48
dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPjwvdGQ+PHRkPiA8L3RkPjx0
ZCBjbGFzcz0icmlnaHQiPjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAg
PHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+MTAuICBTZWN1cml0
eSBDb25zaWRlcmF0aW9uczwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPjEwLiAgU2Vj
dXJpdHkgQ29uc2lkZXJhdGlvbnM8L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAg
ICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPjwvdGQ+PHRk
PiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90
cj4KICAgICAgPHRyIGlkPSJkaWZmMDAwNyI+PHRkPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBj
bGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGJsb2NrIj4gICBUaGUgZG9jdW1lbnQgPHNw
YW4gY2xhc3M9ImRlbGV0ZSI+cmVjb21tZW5kczwvc3Bhbj4gc2V0dGluZyB0aGUgaW5uZXIgSVAg
VFRMIHRvIDEgd2hpY2ggY291bGQ8L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJibG9jayI+ICAg
VGhlIGRvY3VtZW50IDxzcGFuIGNsYXNzPSJpbnNlcnQiPnJlcXVpcmVzPC9zcGFuPiBzZXR0aW5n
IHRoZSBpbm5lciBJUCBUVEwgdG8gMSB3aGljaCBjb3VsZCA8c3BhbiBjbGFzcz0iaW5zZXJ0Ij5i
ZTwvc3Bhbj48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQg
Y2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxibG9jayI+ICAgPHNwYW4gY2xhc3M9ImRl
bGV0ZSI+bGVhZCB0bzwvc3Bhbj4gYSBERG9TIDxzcGFuIGNsYXNzPSJkZWxldGUiPmF0dGFjay48
L3NwYW4+ICBUaHVzIHRoZSBpbXBsZW1lbnRhdGlvbiBNVVNUIGhhdmUgdGhyb3R0bGluZzwvdGQ+
PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmJsb2NrIj48c3BhbiBjbGFzcz0iaW5zZXJ0Ij4gICB1c2Vk
IGFzPC9zcGFuPiBhIEREb1MgPHNwYW4gY2xhc3M9Imluc2VydCI+YXR0YWNrIHZlY3Rvci48L3Nw
YW4+ICBUaHVzIHRoZSBpbXBsZW1lbnRhdGlvbiBNVVNUIGhhdmU8L3RkPjx0ZCBjbGFzcz0ibGlu
ZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xh
c3M9ImxibG9jayI+ICAgaW4gPHNwYW4gY2xhc3M9ImRlbGV0ZSI+cGxhY2UuPC9zcGFuPiAgVGhy
b3R0bGluZyBNQVkgYmUgcmVsYXhlZCBmb3IgQkZEIHBhY2tldHMgYmFzZWQgb24gcG9ydDwvdGQ+
PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmJsb2NrIj4gICB0aHJvdHRsaW5nIGluIDxzcGFuIGNsYXNz
PSJpbnNlcnQiPnBsYWNlIHRvIGNvbnRyb2wgdGhlIHJhdGUgb2YgQkZEIGNvbnRyb2wgcGFja2V0
cyBzZW50PC9zcGFuPjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRy
Pjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGJsb2NrIj4gICBudW1iZXIuPC90
ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyYmxvY2siPjxzcGFuIGNsYXNzPSJpbnNlcnQiPiAgIHRv
IHRoZSBjb250cm9sIHBsYW5lLjwvc3Bhbj4gIFRocm90dGxpbmcgTUFZIGJlIHJlbGF4ZWQgZm9y
IEJGRCBwYWNrZXRzPC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+
PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsYmxvY2siPjwvdGQ+PHRkPiA8L3Rk
Pjx0ZCBjbGFzcz0icmJsb2NrIj4gICBiYXNlZCBvbiBwb3J0IG51bWJlci48L3RkPjx0ZCBjbGFz
cz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48
dGQgY2xhc3M9ImxlZnQiPjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPjwvdGQ+PHRk
IGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48
L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgT3RoZXIgdGhhbiBpbm5lciBJUCBUVEwgc2V0IHRvIDEg
dGhpcyBzcGVjaWZpY2F0aW9uIGRvZXMgbm90IHJhaXNlPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNz
PSJyaWdodCI+ICAgT3RoZXIgdGhhbiBpbm5lciBJUCBUVEwgc2V0IHRvIDEgdGhpcyBzcGVjaWZp
Y2F0aW9uIGRvZXMgbm90IHJhaXNlPC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgog
ICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICBhbnkg
YWRkaXRpb25hbCBzZWN1cml0eSBpc3N1ZXMgYmV5b25kIHRob3NlIG9mIHRoZSBzcGVjaWZpY2F0
aW9uczwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgIGFueSBhZGRpdGlvbmFsIHNl
Y3VyaXR5IGlzc3VlcyBiZXlvbmQgdGhvc2Ugb2YgdGhlIHNwZWNpZmljYXRpb25zPC90ZD48dGQg
Y2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwv
dGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICByZWZlcnJlZCB0byBpbiB0aGUgbGlzdCBvZiBub3JtYXRp
dmUgcmVmZXJlbmNlcy48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICByZWZlcnJl
ZCB0byBpbiB0aGUgbGlzdCBvZiBub3JtYXRpdmUgcmVmZXJlbmNlcy48L3RkPjx0ZCBjbGFzcz0i
bGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQg
Y2xhc3M9ImxlZnQiPjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPjwvdGQ+PHRkIGNs
YXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3Rk
Pjx0ZCBjbGFzcz0ibGVmdCI+MTEuICBDb250cmlidXRvcnM8L3RkPjx0ZD4gPC90ZD48dGQgY2xh
c3M9InJpZ2h0Ij4xMS4gIENvbnRyaWJ1dG9yczwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+
PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+
PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+
PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJs
ZWZ0Ij4gICBSZXNoYWQgUmFobWFuPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAg
UmVzaGFkIFJhaG1hbjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRy
Pjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgcnJhaG1hbkBjaXNj
by5jb208L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICBycmFobWFuQGNpc2NvLmNv
bTwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0i
bGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgQ2lzY288L3RkPjx0ZD4gPC90ZD48dGQg
Y2xhc3M9InJpZ2h0Ij4gICBDaXNjbzwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4K
CiAgICAgPHRyPjx0ZD48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+PC90ZD48dGQ+IDwvdGQ+PHRkIGNs
YXNzPSJyaWdodCI+PC90ZD48dGQ+PC90ZD48L3RyPgogICAgIDx0ciBpZD0iZW5kIiBiZ2NvbG9y
PSJncmF5Ij48dGggY29sc3Bhbj0iNSIgYWxpZ249ImNlbnRlciI+Jm5ic3A7RW5kIG9mIGNoYW5n
ZXMuIDcgY2hhbmdlIGJsb2Nrcy4mbmJzcDs8L3RoPjwvdHI+CiAgICAgPHRyIGNsYXNzPSJzdGF0
cyI+PHRkPjwvdGQ+PHRoPjxpPjEzIGxpbmVzIGNoYW5nZWQgb3IgZGVsZXRlZDwvaT48L3RoPjx0
aD48aT4gPC9pPjwvdGg+PHRoPjxpPjE1IGxpbmVzIGNoYW5nZWQgb3IgYWRkZWQ8L2k+PC90aD48
dGQ+PC90ZD48L3RyPgogICAgIDx0cj48dGQgY29sc3Bhbj0iNSIgYWxpZ249ImNlbnRlciIgY2xh
c3M9InNtYWxsIj48YnI+VGhpcyBodG1sIGRpZmYgd2FzIHByb2R1Y2VkIGJ5IHJmY2RpZmYgMS40
Ny4gVGhlIGxhdGVzdCB2ZXJzaW9uIGlzIGF2YWlsYWJsZSBmcm9tIDxhIGhyZWY9Imh0dHBzOi8v
d3d3LnRvb2xzLmlldGYub3JnL3Rvb2xzL3JmY2RpZmYvIj5odHRwOi8vdG9vbHMuaWV0Zi5vcmcv
dG9vbHMvcmZjZGlmZi88L2E+IDwvdGQ+PC90cj4KICAgPC90Ym9keT48L3RhYmxlPgogICAKICAg
CjwvYm9keT48L2h0bWw+
--0000000000004a5d850576b51a7f--