From nobody Fri Sep 1 11:43:11 2017 Return-Path: X-Original-To: sfc@ietf.org Delivered-To: sfc@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id F21F01320D8; Fri, 1 Sep 2017 11:43:02 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: internet-drafts@ietf.org To: Cc: sfc@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 6.59.0 Auto-Submitted: auto-generated Precedence: bulk Message-ID: <150429138285.6460.16518350105865527980@ietfa.amsl.com> Date: Fri, 01 Sep 2017 11:43:02 -0700 Archived-At: Subject: [sfc] I-D Action: draft-ietf-sfc-nsh-20.txt X-BeenThere: sfc@ietf.org X-Mailman-Version: 2.1.22 List-Id: Network Service Chaining List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 01 Sep 2017 18:43:03 -0000 A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Service Function Chaining WG of the IETF. Title : Network Service Header (NSH) Authors : Paul Quinn Uri Elzur Carlos Pignataro Filename : draft-ietf-sfc-nsh-20.txt Pages : 34 Date : 2017-09-01 Abstract: This document describes a Network Service Header (NSH) imposed on packets or frames to realize service function paths. The NSH also provides a mechanism for metadata exchange along the instantiated service paths. The NSH is the SFC encapsulation required to support the Service Function Chaining (SFC) architecture (defined in RFC7665). The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-sfc-nsh/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-sfc-nsh-20 https://datatracker.ietf.org/doc/html/draft-ietf-sfc-nsh-20 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-sfc-nsh-20 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ From nobody Fri Sep 1 12:11:00 2017 Return-Path: X-Original-To: sfc@ietfa.amsl.com Delivered-To: sfc@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9C5461345D9 for ; Fri, 1 Sep 2017 12:10:59 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -12.62 X-Spam-Level: X-Spam-Status: No, score=-12.62 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id i2dcBrRiQ0KU for ; Fri, 1 Sep 2017 12:10:58 -0700 (PDT) Received: from rcdn-iport-4.cisco.com (rcdn-iport-4.cisco.com [173.37.86.75]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C9BBB132E66 for ; Fri, 1 Sep 2017 12:10:57 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=10052; q=dns/txt; s=iport; t=1504293057; x=1505502657; h=from:to:subject:date:message-id:references:in-reply-to: mime-version; bh=QcmH0vywlSDcSY9GhlmUCws0IIeUN0McdsO6Kb17Bdo=; b=emN0fzoMs8gtV3+HCG0jDRExHfeeEUW4VC1U7/fFNieKcGWCS3NbfELX iumHqNRJnGgdXg+c0GLdmPmx2S9ZVwgww7s25ahQ8RQI8a1awTHA8i9QQ SAwf2yOqIYaXdqMuZfrPPuZ3F/YFvha7QJMZldHoyje/gHQkiH0kfzTa+ U=; X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0CTAQBtsKlZ/4ENJK1cGQEBAQEBAQEBA?= =?us-ascii?q?QEBBwEBAQEBg1pkgRUHg3CKIJAggU+RC4U/ghIhAQqFGwIag3s/GAECAQEBAQE?= =?us-ascii?q?BAWsohRkCAQMBASFLGwIBCBItAwICAiULFAMOAgQTiU1kEK8BgieLVQEBAQEBA?= =?us-ascii?q?QEBAQEBAQEBAQEBAQEBAR2DKoICgU6CDguCcoMmhGIwgjEFmDSIPwKHWYx2ghN?= =?us-ascii?q?ahQ2JLYFJlkYBHziBDXcVHyoSAYcIdolwgQ8BAQE?= X-IronPort-AV: E=Sophos;i="5.41,459,1498521600"; d="scan'208,217";a="290294169" Received: from alln-core-9.cisco.com ([173.36.13.129]) by rcdn-iport-4.cisco.com with ESMTP/TLS/DHE-RSA-AES256-SHA; 01 Sep 2017 19:10:38 +0000 Received: from XCH-RTP-018.cisco.com (xch-rtp-018.cisco.com [64.101.220.158]) by alln-core-9.cisco.com (8.14.5/8.14.5) with ESMTP id v81JAbgI008338 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL) for ; Fri, 1 Sep 2017 19:10:38 GMT Received: from xch-rtp-020.cisco.com (64.101.220.160) by XCH-RTP-018.cisco.com (64.101.220.158) with Microsoft SMTP Server (TLS) id 15.0.1263.5; Fri, 1 Sep 2017 15:10:37 -0400 Received: from xch-rtp-020.cisco.com ([64.101.220.160]) by XCH-RTP-020.cisco.com ([64.101.220.160]) with mapi id 15.00.1263.000; Fri, 1 Sep 2017 15:10:37 -0400 From: "Carlos Pignataro (cpignata)" To: Service Function Chaining IETF list Thread-Topic: [sfc] I-D Action: draft-ietf-sfc-nsh-20.txt Thread-Index: AQHTI1I3cvhPptxPkEakdpxnY0JGoKKgqGOA Date: Fri, 1 Sep 2017 19:10:36 +0000 Message-ID: <5C775D6C-E875-49A3-9701-69D73BE15F18@cisco.com> References: <150429138285.6460.16518350105865527980@ietfa.amsl.com> In-Reply-To: <150429138285.6460.16518350105865527980@ietfa.amsl.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-exchange-messagesentrepresentingtype: 1 x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [10.118.116.133] Content-Type: multipart/alternative; boundary="_000_5C775D6CE87549A3970169D73BE15F18ciscocom_" MIME-Version: 1.0 Archived-At: Subject: Re: [sfc] I-D Action: draft-ietf-sfc-nsh-20.txt X-BeenThere: sfc@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Network Service Chaining List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 01 Sep 2017 19:10:59 -0000 --_000_5C775D6CE87549A3970169D73BE15F18ciscocom_ Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 SGksIFNGQyENCg0KV2UganVzdCBwdWJsaXNoZWQgYSBuZXcgcmV2aXNpb24gb2YgdGhlIE5TSCBk b2N1bWVudCwgYWRkcmVzc2luZyBhIG51bWJlciBvZiByZXZpZXcgY29tbWVudHMgcGFydCBvZiBJ RVRGIExDIGFuZCBpbmNvcnBvcmF0aW5nIGNsYXJpZmljYXRpb25zIGJyb3VnaHQgdXAgZHVyaW5n IERpcmVjdG9yYXRlIHJldmlld3MuDQoNClBsZWFzZSBjaGVjayB0aGVzZSBkaWZmcyBhbmQgcmV2 aWV3IHRoZSBjaGFuZ2VzIGhlcmU6DQpodHRwczovL3d3dy5pZXRmLm9yZy9yZmNkaWZmP3VybDI9 ZHJhZnQtaWV0Zi1zZmMtbnNoLTIwDQoNClRoYW5rcyENCg0K4oCUDQpDYXJsb3MgUGlnbmF0YXJv LCBjYXJsb3NAY2lzY28uY29tPG1haWx0bzpjYXJsb3NAY2lzY28uY29tPg0KDQrigJxTb21ldGlt ZXMgSSB1c2UgYmlnIHdvcmRzIHRoYXQgSSBkbyBub3QgZnVsbHkgdW5kZXJzdGFuZCwgdG8gbWFr ZSBteXNlbGYgc291bmQgbW9yZSBwaG90b3N5bnRoZXNpcy4iDQoNCk9uIFNlcCAxLCAyMDE3LCBh dCAyOjQzIFBNLCBpbnRlcm5ldC1kcmFmdHNAaWV0Zi5vcmc8bWFpbHRvOmludGVybmV0LWRyYWZ0 c0BpZXRmLm9yZz4gd3JvdGU6DQoNCg0KQSBOZXcgSW50ZXJuZXQtRHJhZnQgaXMgYXZhaWxhYmxl IGZyb20gdGhlIG9uLWxpbmUgSW50ZXJuZXQtRHJhZnRzIGRpcmVjdG9yaWVzLg0KVGhpcyBkcmFm dCBpcyBhIHdvcmsgaXRlbSBvZiB0aGUgU2VydmljZSBGdW5jdGlvbiBDaGFpbmluZyBXRyBvZiB0 aGUgSUVURi4NCg0KICAgICAgIFRpdGxlICAgICAgICAgICA6IE5ldHdvcmsgU2VydmljZSBIZWFk ZXIgKE5TSCkNCiAgICAgICBBdXRob3JzICAgICAgICAgOiBQYXVsIFF1aW5uDQogICAgICAgICAg ICAgICAgICAgICAgICAgVXJpIEVsenVyDQogICAgICAgICAgICAgICAgICAgICAgICAgQ2FybG9z IFBpZ25hdGFybw0KRmlsZW5hbWUgICAgICAgIDogZHJhZnQtaWV0Zi1zZmMtbnNoLTIwLnR4dA0K UGFnZXMgICAgICAgICAgIDogMzQNCkRhdGUgICAgICAgICAgICA6IDIwMTctMDktMDENCg0KQWJz dHJhY3Q6DQogIFRoaXMgZG9jdW1lbnQgZGVzY3JpYmVzIGEgTmV0d29yayBTZXJ2aWNlIEhlYWRl ciAoTlNIKSBpbXBvc2VkIG9uDQogIHBhY2tldHMgb3IgZnJhbWVzIHRvIHJlYWxpemUgc2Vydmlj ZSBmdW5jdGlvbiBwYXRocy4gIFRoZSBOU0ggYWxzbw0KICBwcm92aWRlcyBhIG1lY2hhbmlzbSBm b3IgbWV0YWRhdGEgZXhjaGFuZ2UgYWxvbmcgdGhlIGluc3RhbnRpYXRlZA0KICBzZXJ2aWNlIHBh dGhzLiAgVGhlIE5TSCBpcyB0aGUgU0ZDIGVuY2Fwc3VsYXRpb24gcmVxdWlyZWQgdG8gc3VwcG9y dA0KICB0aGUgU2VydmljZSBGdW5jdGlvbiBDaGFpbmluZyAoU0ZDKSBhcmNoaXRlY3R1cmUgKGRl ZmluZWQgaW4NCiAgUkZDNzY2NSkuDQoNCg0KVGhlIElFVEYgZGF0YXRyYWNrZXIgc3RhdHVzIHBh Z2UgZm9yIHRoaXMgZHJhZnQgaXM6DQpodHRwczovL2RhdGF0cmFja2VyLmlldGYub3JnL2RvYy9k cmFmdC1pZXRmLXNmYy1uc2gvDQoNClRoZXJlIGFyZSBhbHNvIGh0bWxpemVkIHZlcnNpb25zIGF2 YWlsYWJsZSBhdDoNCmh0dHBzOi8vdG9vbHMuaWV0Zi5vcmcvaHRtbC9kcmFmdC1pZXRmLXNmYy1u c2gtMjANCmh0dHBzOi8vZGF0YXRyYWNrZXIuaWV0Zi5vcmcvZG9jL2h0bWwvZHJhZnQtaWV0Zi1z ZmMtbnNoLTIwDQoNCkEgZGlmZiBmcm9tIHRoZSBwcmV2aW91cyB2ZXJzaW9uIGlzIGF2YWlsYWJs ZSBhdDoNCmh0dHBzOi8vd3d3LmlldGYub3JnL3JmY2RpZmY/dXJsMj1kcmFmdC1pZXRmLXNmYy1u c2gtMjANCg0KDQpQbGVhc2Ugbm90ZSB0aGF0IGl0IG1heSB0YWtlIGEgY291cGxlIG9mIG1pbnV0 ZXMgZnJvbSB0aGUgdGltZSBvZiBzdWJtaXNzaW9uDQp1bnRpbCB0aGUgaHRtbGl6ZWQgdmVyc2lv biBhbmQgZGlmZiBhcmUgYXZhaWxhYmxlIGF0IHRvb2xzLmlldGYub3JnLg0KDQpJbnRlcm5ldC1E cmFmdHMgYXJlIGFsc28gYXZhaWxhYmxlIGJ5IGFub255bW91cyBGVFAgYXQ6DQpmdHA6Ly9mdHAu aWV0Zi5vcmcvaW50ZXJuZXQtZHJhZnRzLw0KDQpfX19fX19fX19fX19fX19fX19fX19fX19fX19f X19fX19fX19fX19fX19fX19fXw0Kc2ZjIG1haWxpbmcgbGlzdA0Kc2ZjQGlldGYub3JnDQpodHRw czovL3d3dy5pZXRmLm9yZy9tYWlsbWFuL2xpc3RpbmZvL3NmYw0KDQo= --_000_5C775D6CE87549A3970169D73BE15F18ciscocom_ Content-Type: text/html; charset="utf-8" Content-ID: <9221C9A5A1112249920935DFA5285F98@emea.cisco.com> Content-Transfer-Encoding: base64 PGh0bWw+DQo8aGVhZD4NCjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIgY29udGVudD0i dGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Ij4NCjwvaGVhZD4NCjxib2R5IHN0eWxlPSJ3b3JkLXdy YXA6IGJyZWFrLXdvcmQ7IC13ZWJraXQtbmJzcC1tb2RlOiBzcGFjZTsgLXdlYmtpdC1saW5lLWJy ZWFrOiBhZnRlci13aGl0ZS1zcGFjZTsiIGNsYXNzPSIiPg0KSGksIFNGQyENCjxkaXYgY2xhc3M9 IiI+PGJyIGNsYXNzPSIiPg0KPC9kaXY+DQo8ZGl2IGNsYXNzPSIiPldlIGp1c3QgcHVibGlzaGVk IGEgbmV3IHJldmlzaW9uIG9mIHRoZSBOU0ggZG9jdW1lbnQsIGFkZHJlc3NpbmcgYSBudW1iZXIg b2YgcmV2aWV3IGNvbW1lbnRzIHBhcnQgb2YgSUVURiBMQyBhbmQgaW5jb3Jwb3JhdGluZyBjbGFy aWZpY2F0aW9ucyBicm91Z2h0IHVwIGR1cmluZyBEaXJlY3RvcmF0ZSByZXZpZXdzLjwvZGl2Pg0K PGRpdiBjbGFzcz0iIj48YnIgY2xhc3M9IiI+DQo8L2Rpdj4NCjxkaXYgY2xhc3M9IiI+UGxlYXNl IGNoZWNrIHRoZXNlIGRpZmZzIGFuZCByZXZpZXcgdGhlIGNoYW5nZXMgaGVyZTo8L2Rpdj4NCjxk aXYgY2xhc3M9IiI+PGZvbnQgY29sb3I9IiMwMDY5ZDkiIGNsYXNzPSIiPjx1IGNsYXNzPSIiPjxh IGhyZWY9Imh0dHBzOi8vd3d3LmlldGYub3JnL3JmY2RpZmY/dXJsMj1kcmFmdC1pZXRmLXNmYy1u c2gtMjAiIGNsYXNzPSIiPmh0dHBzOi8vd3d3LmlldGYub3JnL3JmY2RpZmY/dXJsMj1kcmFmdC1p ZXRmLXNmYy1uc2gtMjA8L2E+PC91PjwvZm9udD48YnIgY2xhc3M9IiI+DQo8L2Rpdj4NCjxkaXYg Y2xhc3M9IiI+PGZvbnQgY29sb3I9IiMwMDY5ZDkiIGNsYXNzPSIiPjx1IGNsYXNzPSIiPjxiciBj bGFzcz0iIj4NCjwvdT48L2ZvbnQ+PC9kaXY+DQo8ZGl2IGNsYXNzPSIiPlRoYW5rcyE8L2Rpdj4N CjxkaXYgY2xhc3M9IiI+PGJyIGNsYXNzPSIiPg0KPGRpdiBjbGFzcz0iIj4NCjxkaXYgc3R5bGU9 ImNvbG9yOiByZ2IoMCwgMCwgMCk7IGxldHRlci1zcGFjaW5nOiBub3JtYWw7IHRleHQtYWxpZ246 IHN0YXJ0OyB0ZXh0LWluZGVudDogMHB4OyB0ZXh0LXRyYW5zZm9ybTogbm9uZTsgd2hpdGUtc3Bh Y2U6IG5vcm1hbDsgd29yZC1zcGFjaW5nOiAwcHg7IC13ZWJraXQtdGV4dC1zdHJva2Utd2lkdGg6 IDBweDsgd29yZC13cmFwOiBicmVhay13b3JkOyAtd2Via2l0LW5ic3AtbW9kZTogc3BhY2U7IC13 ZWJraXQtbGluZS1icmVhazogYWZ0ZXItd2hpdGUtc3BhY2U7IiBjbGFzcz0iIj4NCuKAlDxiciBj bGFzcz0iIj4NCkNhcmxvcyBQaWduYXRhcm8sJm5ic3A7PGEgaHJlZj0ibWFpbHRvOmNhcmxvc0Bj aXNjby5jb20iIGNsYXNzPSIiPmNhcmxvc0BjaXNjby5jb208L2E+PGJyIGNsYXNzPSIiPg0KPGJy IGNsYXNzPSIiPg0KPGkgY2xhc3M9IiI+4oCcU29tZXRpbWVzIEkgdXNlIGJpZyB3b3JkcyB0aGF0 IEkgZG8gbm90IGZ1bGx5IHVuZGVyc3RhbmQsIHRvIG1ha2UgbXlzZWxmIHNvdW5kIG1vcmUgcGhv dG9zeW50aGVzaXMuJnF1b3Q7PC9pPjwvZGl2Pg0KPC9kaXY+DQo8YnIgY2xhc3M9IiI+DQo8ZGl2 Pg0KPGJsb2NrcXVvdGUgdHlwZT0iY2l0ZSIgY2xhc3M9IiI+DQo8ZGl2IGNsYXNzPSIiPk9uIFNl cCAxLCAyMDE3LCBhdCAyOjQzIFBNLCA8YSBocmVmPSJtYWlsdG86aW50ZXJuZXQtZHJhZnRzQGll dGYub3JnIiBjbGFzcz0iIj4NCmludGVybmV0LWRyYWZ0c0BpZXRmLm9yZzwvYT4gd3JvdGU6PC9k aXY+DQo8YnIgY2xhc3M9IkFwcGxlLWludGVyY2hhbmdlLW5ld2xpbmUiPg0KPGRpdiBjbGFzcz0i Ij4NCjxkaXYgY2xhc3M9IiI+PGJyIGNsYXNzPSIiPg0KQSBOZXcgSW50ZXJuZXQtRHJhZnQgaXMg YXZhaWxhYmxlIGZyb20gdGhlIG9uLWxpbmUgSW50ZXJuZXQtRHJhZnRzIGRpcmVjdG9yaWVzLjxi ciBjbGFzcz0iIj4NClRoaXMgZHJhZnQgaXMgYSB3b3JrIGl0ZW0gb2YgdGhlIFNlcnZpY2UgRnVu Y3Rpb24gQ2hhaW5pbmcgV0cgb2YgdGhlIElFVEYuPGJyIGNsYXNzPSIiPg0KPGJyIGNsYXNzPSIi Pg0KJm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7VGl0bGUgJm5ic3A7 Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7OiBO ZXR3b3JrIFNlcnZpY2UgSGVhZGVyIChOU0gpPGJyIGNsYXNzPSIiPg0KJm5ic3A7Jm5ic3A7Jm5i c3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7QXV0aG9ycyAmbmJzcDsmbmJzcDsmbmJzcDsmbmJz cDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDs6IFBhdWwgUXVpbm48YnIgY2xhc3M9IiI+DQombmJz cDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsm bmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJz cDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDtVcmkgRWx6dXI8YnIgY2xhc3M9IiI+DQom bmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJz cDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsm bmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDtDYXJsb3MgUGlnbmF0YXJvPGJyIGNs YXNzPSIiPg0KPHNwYW4gY2xhc3M9IkFwcGxlLXRhYi1zcGFuIiBzdHlsZT0id2hpdGUtc3BhY2U6 cHJlIj48L3NwYW4+RmlsZW5hbWUgJm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7 Jm5ic3A7OiBkcmFmdC1pZXRmLXNmYy1uc2gtMjAudHh0PGJyIGNsYXNzPSIiPg0KPHNwYW4gY2xh c3M9IkFwcGxlLXRhYi1zcGFuIiBzdHlsZT0id2hpdGUtc3BhY2U6cHJlIj48L3NwYW4+UGFnZXMg Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5i c3A7OiAzNDxiciBjbGFzcz0iIj4NCjxzcGFuIGNsYXNzPSJBcHBsZS10YWItc3BhbiIgc3R5bGU9 IndoaXRlLXNwYWNlOnByZSI+PC9zcGFuPkRhdGUgJm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5i c3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7OiAyMDE3LTA5LTAxPGJyIGNs YXNzPSIiPg0KPGJyIGNsYXNzPSIiPg0KQWJzdHJhY3Q6PGJyIGNsYXNzPSIiPg0KJm5ic3A7Jm5i c3A7VGhpcyBkb2N1bWVudCBkZXNjcmliZXMgYSBOZXR3b3JrIFNlcnZpY2UgSGVhZGVyIChOU0gp IGltcG9zZWQgb248YnIgY2xhc3M9IiI+DQombmJzcDsmbmJzcDtwYWNrZXRzIG9yIGZyYW1lcyB0 byByZWFsaXplIHNlcnZpY2UgZnVuY3Rpb24gcGF0aHMuICZuYnNwO1RoZSBOU0ggYWxzbzxiciBj bGFzcz0iIj4NCiZuYnNwOyZuYnNwO3Byb3ZpZGVzIGEgbWVjaGFuaXNtIGZvciBtZXRhZGF0YSBl eGNoYW5nZSBhbG9uZyB0aGUgaW5zdGFudGlhdGVkPGJyIGNsYXNzPSIiPg0KJm5ic3A7Jm5ic3A7 c2VydmljZSBwYXRocy4gJm5ic3A7VGhlIE5TSCBpcyB0aGUgU0ZDIGVuY2Fwc3VsYXRpb24gcmVx dWlyZWQgdG8gc3VwcG9ydDxiciBjbGFzcz0iIj4NCiZuYnNwOyZuYnNwO3RoZSBTZXJ2aWNlIEZ1 bmN0aW9uIENoYWluaW5nIChTRkMpIGFyY2hpdGVjdHVyZSAoZGVmaW5lZCBpbjxiciBjbGFzcz0i Ij4NCiZuYnNwOyZuYnNwO1JGQzc2NjUpLjxiciBjbGFzcz0iIj4NCjxiciBjbGFzcz0iIj4NCjxi ciBjbGFzcz0iIj4NClRoZSBJRVRGIGRhdGF0cmFja2VyIHN0YXR1cyBwYWdlIGZvciB0aGlzIGRy YWZ0IGlzOjxiciBjbGFzcz0iIj4NCjxhIGhyZWY9Imh0dHBzOi8vZGF0YXRyYWNrZXIuaWV0Zi5v cmcvZG9jL2RyYWZ0LWlldGYtc2ZjLW5zaC8iIGNsYXNzPSIiPmh0dHBzOi8vZGF0YXRyYWNrZXIu aWV0Zi5vcmcvZG9jL2RyYWZ0LWlldGYtc2ZjLW5zaC88L2E+PGJyIGNsYXNzPSIiPg0KPGJyIGNs YXNzPSIiPg0KVGhlcmUgYXJlIGFsc28gaHRtbGl6ZWQgdmVyc2lvbnMgYXZhaWxhYmxlIGF0Ojxi ciBjbGFzcz0iIj4NCjxhIGhyZWY9Imh0dHBzOi8vdG9vbHMuaWV0Zi5vcmcvaHRtbC9kcmFmdC1p ZXRmLXNmYy1uc2gtMjAiIGNsYXNzPSIiPmh0dHBzOi8vdG9vbHMuaWV0Zi5vcmcvaHRtbC9kcmFm dC1pZXRmLXNmYy1uc2gtMjA8L2E+PGJyIGNsYXNzPSIiPg0KaHR0cHM6Ly9kYXRhdHJhY2tlci5p ZXRmLm9yZy9kb2MvaHRtbC9kcmFmdC1pZXRmLXNmYy1uc2gtMjA8YnIgY2xhc3M9IiI+DQo8YnIg Y2xhc3M9IiI+DQpBIGRpZmYgZnJvbSB0aGUgcHJldmlvdXMgdmVyc2lvbiBpcyBhdmFpbGFibGUg YXQ6PGJyIGNsYXNzPSIiPg0KaHR0cHM6Ly93d3cuaWV0Zi5vcmcvcmZjZGlmZj91cmwyPWRyYWZ0 LWlldGYtc2ZjLW5zaC0yMDxiciBjbGFzcz0iIj4NCjxiciBjbGFzcz0iIj4NCjxiciBjbGFzcz0i Ij4NClBsZWFzZSBub3RlIHRoYXQgaXQgbWF5IHRha2UgYSBjb3VwbGUgb2YgbWludXRlcyBmcm9t IHRoZSB0aW1lIG9mIHN1Ym1pc3Npb248YnIgY2xhc3M9IiI+DQp1bnRpbCB0aGUgaHRtbGl6ZWQg dmVyc2lvbiBhbmQgZGlmZiBhcmUgYXZhaWxhYmxlIGF0IHRvb2xzLmlldGYub3JnLjxiciBjbGFz cz0iIj4NCjxiciBjbGFzcz0iIj4NCkludGVybmV0LURyYWZ0cyBhcmUgYWxzbyBhdmFpbGFibGUg YnkgYW5vbnltb3VzIEZUUCBhdDo8YnIgY2xhc3M9IiI+DQpmdHA6Ly9mdHAuaWV0Zi5vcmcvaW50 ZXJuZXQtZHJhZnRzLzxiciBjbGFzcz0iIj4NCjxiciBjbGFzcz0iIj4NCl9fX19fX19fX19fX19f X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fPGJyIGNsYXNzPSIiPg0Kc2ZjIG1haWxp bmcgbGlzdDxiciBjbGFzcz0iIj4NCnNmY0BpZXRmLm9yZzxiciBjbGFzcz0iIj4NCmh0dHBzOi8v d3d3LmlldGYub3JnL21haWxtYW4vbGlzdGluZm8vc2ZjPGJyIGNsYXNzPSIiPg0KPC9kaXY+DQo8 L2Rpdj4NCjwvYmxvY2txdW90ZT4NCjwvZGl2Pg0KPGJyIGNsYXNzPSIiPg0KPC9kaXY+DQo8L2Jv ZHk+DQo8L2h0bWw+DQo= --_000_5C775D6CE87549A3970169D73BE15F18ciscocom_-- From nobody Fri Sep 1 13:16:14 2017 Return-Path: X-Original-To: sfc@ietfa.amsl.com Delivered-To: sfc@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 46EEC1345D0; Fri, 1 Sep 2017 13:16:06 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.72 X-Spam-Level: X-Spam-Status: No, score=-0.72 tagged_above=-999 required=5 tests=[RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hB_qTsJUrm1s; Fri, 1 Sep 2017 13:16:04 -0700 (PDT) Received: from asmtp4.iomartmail.com (asmtp4.iomartmail.com [62.128.201.175]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D7E9713462A; Fri, 1 Sep 2017 13:16:03 -0700 (PDT) Received: from asmtp4.iomartmail.com (localhost.localdomain [127.0.0.1]) by asmtp4.iomartmail.com (8.13.8/8.13.8) with ESMTP id v81KG1s3012361; Fri, 1 Sep 2017 21:16:01 +0100 Received: from 950129200 (196.252.114.87.dyn.plus.net [87.114.252.196]) (authenticated bits=0) by asmtp4.iomartmail.com (8.13.8/8.13.8) with ESMTP id v81KFxMM012308 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 1 Sep 2017 21:16:00 +0100 Reply-To: From: "Adrian Farrel" To: Cc: "'Service Function Chaining IETF list'" Date: Fri, 1 Sep 2017 21:15:55 +0100 Message-ID: <034601d3235f$1f4ef590$5dece0b0$@olddog.co.uk> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Outlook 14.0 Thread-Index: AdMjXxXVPkarGltYRZ25UDV5w+jgOg== Content-Language: en-gb X-TM-AS-MML: disable X-TM-AS-Product-Ver: IMSS-7.1.0.1679-8.1.0.1062-23298.002 X-TM-AS-Result: No--16.848-10.0-31-10 X-imss-scan-details: No--16.848-10.0-31-10 X-TMASE-MatchedRID: s5lflZVXy+ZdFN0T1voizwRH1Nr7oERdcWZEfrt7JgVF+YXPIqAdvtF9 Hu8OfKbWQx95p3GYmc/AC7+rw+mMJbmolwcqE3SPW7gz/Gbgpl636GGfwjLoZdp1biJhIyNRXa2 +zE1cP+XqgbAe9UXHYTtCUTQMBxXLSqSDOjH8JBoIs18ZTh19+PZpw431D6uejNnoU1fopouvlw fovn4a7yqg0Odi2Lp/iiEcPaOOWNzQo7lIbG5ppK3SxRSke3bpu2rcU2ygxCANmPMcsvd5Fs3ME 4JSKf6jrDjAIIFu3L08yni6U6vewrgSigd+50bagOqr/r0d+CwPaWzG/2S2hszvOkSymob/82+Z JoKeNOWwFvdDQcRRfAWfBtlFpK+pDPIzF4wRfrA5f9Xw/xqKXcidYBYDjITptrNGq+WQEvSrusV Ry4an8axZXRt2R/g5SBqPG8a7OaHWfgjv2uk3CcCRpca5b8H1SYMTiex1I1HWXIi/kfJ6sTZkpf QZUdh4 Archived-At: Subject: [sfc] An MPLS Forwarding plane for SFC X-BeenThere: sfc@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Network Service Chaining List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 01 Sep 2017 20:16:06 -0000 Hi, We've been working up some ideas for using an MPLS forwarding plane (switching or SR) for SFC. We have constrained ourselves to the architecture developed by the SFC working group, and have used the NSH as a functional model. MPLS is somewhat limited compared to the NSH encapsulation, so there is a trade-off between using a new encapsulation with full function and a good set of function using an existing forwarding plane. At the moment this is an early version of our work, but we thought you'd like to see our thought processes. (FWIW draft-ietf-bess-nsh-bgp-control-plane is applicable to NSH or MPLS encapsulations and includes mechanisms to select between the two.) Cheers, Adrian > -----Original Message----- > From: I-D-Announce [mailto:i-d-announce-bounces@ietf.org] On Behalf Of > internet-drafts@ietf.org > Sent: 01 September 2017 21:00 > To: i-d-announce@ietf.org > Subject: I-D Action: draft-farrel-mpls-sfc-00.txt > > > A New Internet-Draft is available from the on-line Internet-Drafts directories. > > > Title : An MPLS-Based Forwarding Plane for Service Function Chaining > Authors : Adrian Farrel > Stewart Bryant > John Drake > Filename : draft-farrel-mpls-sfc-00.txt > Pages : 23 > Date : 2017-09-01 > > Abstract: > Service Function Chaining (SFC) is the process of directing packets > through a network so that they can be acted on by an ordered set of > abstract service functions before being delivered to the intended > destination. An architecture for SFC is defined in RFC7665. > > The Network Service Header (NSH) can be inserted into packets to > steer them along a specific path to realize a Service Function Chain. > > Multiprotocol Label Switching (MPLS) is a widely deployed forwarding > technology that uses labels to identify the forwarding actions to be > taken at each hop through a network. Segment Routing is a mechanism > that provides a source routing paradigm for steering packets in an > MPLS network. > > This document describes how Service Function Chaining can be achieved > in an MPLS network by means of a logical representation of the NSH in > an MPLS label stack. > > > > The IETF datatracker status page for this draft is: > https://datatracker.ietf.org/doc/draft-farrel-mpls-sfc/ > > There are also htmlized versions available at: > https://tools.ietf.org/html/draft-farrel-mpls-sfc-00 > https://datatracker.ietf.org/doc/html/draft-farrel-mpls-sfc-00 > > > Please note that it may take a couple of minutes from the time of submission > until the htmlized version and diff are available at tools.ietf.org. > > Internet-Drafts are also available by anonymous FTP at: > ftp://ftp.ietf.org/internet-drafts/ > > _______________________________________________ > I-D-Announce mailing list > I-D-Announce@ietf.org > https://www.ietf.org/mailman/listinfo/i-d-announce > Internet-Draft directories: http://www.ietf.org/shadow.html > or ftp://ftp.ietf.org/ietf/1shadow-sites.txt From nobody Fri Sep 1 13:25:39 2017 Return-Path: X-Original-To: sfc@ietfa.amsl.com Delivered-To: sfc@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8AB16134589; Fri, 1 Sep 2017 13:25:37 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.801 X-Spam-Level: X-Spam-Status: No, score=-0.801 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=joelhalpern.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3AKn6Nx9gv_M; Fri, 1 Sep 2017 13:25:35 -0700 (PDT) Received: from maila2.tigertech.net (maila2.tigertech.net [208.80.4.152]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AE90E1344B1; Fri, 1 Sep 2017 13:25:35 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by maila2.tigertech.net (Postfix) with ESMTP id 92A8532032D; Fri, 1 Sep 2017 13:25:35 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=joelhalpern.com; s=1.tigertech; t=1504297535; bh=iq0/iEteqprv5aLHa1LK/nRRfziqJy53vFMuFqxFieY=; h=Subject:To:Cc:References:From:Date:In-Reply-To:From; b=qp5A66oCn1/X5KXQkE9rCK0ZYgbIQhQEwzamGaQ5DOo1lmtZ1P3NwjPJZeEpN7g2E Q0Oq7aKIgaPrdmkQT8iGfR+YfVjAk8yCIxx25NQXsOTBylUzk0CFBES5ryr/JR92om KBySpXfX55MKOsFgThHxaxkqLH4FVvut+EdtjpX4= X-Virus-Scanned: Debian amavisd-new at maila2.tigertech.net Received: from Joels-MacBook-Pro.local (unknown [50.225.209.67]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by maila2.tigertech.net (Postfix) with ESMTPSA id B65B8320327; Fri, 1 Sep 2017 13:25:34 -0700 (PDT) To: adrian@olddog.co.uk, mpls@ietf.org Cc: 'Service Function Chaining IETF list' References: <034601d3235f$1f4ef590$5dece0b0$@olddog.co.uk> From: "Joel M. Halpern" Message-ID: Date: Fri, 1 Sep 2017 16:25:33 -0400 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:52.0) Gecko/20100101 Thunderbird/52.3.0 MIME-Version: 1.0 In-Reply-To: <034601d3235f$1f4ef590$5dece0b0$@olddog.co.uk> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit Archived-At: Subject: Re: [sfc] An MPLS Forwarding plane for SFC X-BeenThere: sfc@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Network Service Chaining List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 01 Sep 2017 20:25:37 -0000 Reading this draft, what you have proposed is a specific transport mechanism, using MPLS. By removing the NSH header, you remove the transport agnostic properties that the Working Group was specifically chartered to achieve. By recasting the metadata into a label sequence, you make any metaata processing significantly harder, and make applications dependent upon the MPLS transport, rather than being able to rely on the NSH format. If this pattern were followed for other transports, we would require SFF and SF which understood how to parse and process all of the different transport encodings of the path, and SF would have to understand all the different transport encodings of the metadata. Why is this beneficial? If what you want to do is carry NSH, with an MPLS label stack that represents the whole sequence of places to visit, we would still have to assume that SF preserved the MPLS stack, but their processing, assuming they could find the carried NSH header under the MPLS stack, would at least be independent of the transport. Yours, Joel On 9/1/17 4:15 PM, Adrian Farrel wrote: > Hi, > > We've been working up some ideas for using an MPLS forwarding plane (switching > or SR) for SFC. > > We have constrained ourselves to the architecture developed by the SFC working > group, and have used the NSH as a functional model. > > MPLS is somewhat limited compared to the NSH encapsulation, so there is a > trade-off between using a new encapsulation with full function and a good set of > function using an existing forwarding plane. > > At the moment this is an early version of our work, but we thought you'd like to > see our thought processes. > > (FWIW draft-ietf-bess-nsh-bgp-control-plane is applicable to NSH or MPLS > encapsulations and includes mechanisms to select between the two.) > > Cheers, > Adrian > >> -----Original Message----- >> From: I-D-Announce [mailto:i-d-announce-bounces@ietf.org] On Behalf Of >> internet-drafts@ietf.org >> Sent: 01 September 2017 21:00 >> To: i-d-announce@ietf.org >> Subject: I-D Action: draft-farrel-mpls-sfc-00.txt >> >> >> A New Internet-Draft is available from the on-line Internet-Drafts > directories. >> >> >> Title : An MPLS-Based Forwarding Plane for Service Function > Chaining >> Authors : Adrian Farrel >> Stewart Bryant >> John Drake >> Filename : draft-farrel-mpls-sfc-00.txt >> Pages : 23 >> Date : 2017-09-01 >> >> Abstract: >> Service Function Chaining (SFC) is the process of directing packets >> through a network so that they can be acted on by an ordered set of >> abstract service functions before being delivered to the intended >> destination. An architecture for SFC is defined in RFC7665. >> >> The Network Service Header (NSH) can be inserted into packets to >> steer them along a specific path to realize a Service Function Chain. >> >> Multiprotocol Label Switching (MPLS) is a widely deployed forwarding >> technology that uses labels to identify the forwarding actions to be >> taken at each hop through a network. Segment Routing is a mechanism >> that provides a source routing paradigm for steering packets in an >> MPLS network. >> >> This document describes how Service Function Chaining can be achieved >> in an MPLS network by means of a logical representation of the NSH in >> an MPLS label stack. >> >> >> >> The IETF datatracker status page for this draft is: >> https://datatracker.ietf.org/doc/draft-farrel-mpls-sfc/ >> >> There are also htmlized versions available at: >> https://tools.ietf.org/html/draft-farrel-mpls-sfc-00 >> https://datatracker.ietf.org/doc/html/draft-farrel-mpls-sfc-00 >> >> >> Please note that it may take a couple of minutes from the time of submission >> until the htmlized version and diff are available at tools.ietf.org. >> >> Internet-Drafts are also available by anonymous FTP at: >> ftp://ftp.ietf.org/internet-drafts/ >> >> _______________________________________________ >> I-D-Announce mailing list >> I-D-Announce@ietf.org >> https://www.ietf.org/mailman/listinfo/i-d-announce >> Internet-Draft directories: http://www.ietf.org/shadow.html >> or ftp://ftp.ietf.org/ietf/1shadow-sites.txt > > _______________________________________________ > sfc mailing list > sfc@ietf.org > https://www.ietf.org/mailman/listinfo/sfc > From nobody Mon Sep 4 00:29:38 2017 Return-Path: X-Original-To: sfc@ietfa.amsl.com Delivered-To: sfc@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C8F981321AA; Mon, 4 Sep 2017 00:29:29 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.911 X-Spam-Level: X-Spam-Status: No, score=-2.911 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H5=-1, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nokia.onmicrosoft.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id J-zgI-WjxsTJ; Mon, 4 Sep 2017 00:29:27 -0700 (PDT) Received: from EUR02-AM5-obe.outbound.protection.outlook.com (mail-eopbgr00113.outbound.protection.outlook.com [40.107.0.113]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A5621132199; Mon, 4 Sep 2017 00:29:26 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nokia.onmicrosoft.com; s=selector1-nokia-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=lZA1SQPkirGEKo9A5469Egt8OzddN39Od6t0Zyc4SNU=; b=e+GuGd5F52GB87SxOmmgKvyopv3Gi0H5zP0DvOVRrdyOnFkuHk16QU6/XwbXVCgKAEGbwpSled+dR4bkiPCUJAILqR2KHdl8LIhmrpckkG0hQyNwbS5yMShe8XiA7KlfWOQMLyJfKYHbQnhl9GJ6TH5bn941GgDAAiuR/k7GJ2Q= Received: from AM4PR07MB1715.eurprd07.prod.outlook.com (10.166.133.23) by AM4PR07MB1297.eurprd07.prod.outlook.com (10.164.81.155) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.35.3; Mon, 4 Sep 2017 07:29:23 +0000 Received: from AM4PR07MB1715.eurprd07.prod.outlook.com ([fe80::dfc:8ef3:9884:fe07]) by AM4PR07MB1715.eurprd07.prod.outlook.com ([fe80::dfc:8ef3:9884:fe07%14]) with mapi id 15.20.0035.009; Mon, 4 Sep 2017 07:29:23 +0000 From: "Van De Velde, Gunter (Nokia - BE/Antwerp)" To: "Joel M. Halpern" , "adrian@olddog.co.uk" , "mpls@ietf.org" CC: 'Service Function Chaining IETF list' Thread-Topic: [sfc] An MPLS Forwarding plane for SFC Thread-Index: AdMjXxXVPkarGltYRZ25UDV5w+jgOgAAWBSAAH/07YA= Date: Mon, 4 Sep 2017 07:29:23 +0000 Message-ID: References: <034601d3235f$1f4ef590$5dece0b0$@olddog.co.uk> In-Reply-To: Accept-Language: en-US Content-Language: en-GB X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [135.245.212.22] x-ms-publictraffictype: Email x-microsoft-exchange-diagnostics: 1; AM4PR07MB1297; 6:zoOWD6oeS9LX4bbm1hiSoq+Jy9sEjj/7hbt1R09s3f6b03swew8/yzXX6Pbhxq1TR8jkZFONIWim8f6q+1ogNJNV5FFnGJts3JQHdDttDgv2UrPcy3NeqsybCOLEz8MLqKKi4qfFKMU3tO/xk/wzuo49py2anSUFmK56quYrXUyi6Uxk+C4AjJqL/PUV+hT38QULfEYhGUx+ij5ZtIj7+yEkL2c+LMTUZluRIBsThB94mB2Hj2Jzi0DbhJONeHKsytJeoHRzCiDIhkbBskyt0EnUzQiOBIkOL2jIuRK7dPXcYYsO9LedidszH8yx8tr1kudUltov8LcTVUTkHh9Mug==; 5:XPvq7376WyR8GqccBPuNo0cQjMZBHj4/KWr13Odc+7p1t981BE2QiwRkQ7JbcTjsx7BChRugDXlgR8iq1ZMVa2im53fdQetxnbYAuhLzKbD+W8i0vJXSfa7/e21++zFLY14ODnqv84XNfFAmGs1AUg==; 24:VBezXNN4OBR9E06gTUlickv+o2XZU74tPac8TGnxXGeSdeSIcgMDKfte1BY1CjjijxLljcnJ17eUVIsqWoixhfI04P+L4/qSgz0mREedMrE=; 7:knBztaZu23IpprhwJvoS24qfJ6DZmK4wwuaFw6SJ5Iyzur/oBa+Hkla2dE5xwhld9zYL4GYt150K6UN9S2nw6fnjl6BNeK2MpXcWsg3CjfvLKz73qOHqok3z6zGE/GDwq6hBvKjOM+0EdTygXWpOKUcHto9XCe54pEirSRO+UCmkPKLN9CH+skcHWPLClaJuEiNeDVt+th2xdUO74nmYLjFHyt/tOYK9tggkYIQIgMM= x-ms-exchange-antispam-srfa-diagnostics: SSOS; x-ms-office365-filtering-correlation-id: b071ad8d-10a0-44d6-9161-08d4f366aa24 x-ms-office365-filtering-ht: Tenant x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(300000500095)(300135000095)(300000501095)(300135300095)(22001)(300000502095)(300135100095)(2017030254152)(48565401081)(300000503095)(300135400095)(2017052603199)(201703131423075)(201703031133081)(201702281549075)(300000504095)(300135200095)(300000505095)(300135600095)(300000506095)(300135500095); SRVR:AM4PR07MB1297; x-ms-traffictypediagnostic: AM4PR07MB1297: x-exchange-antispam-report-test: UriScan:(278428928389397)(120809045254105); x-microsoft-antispam-prvs: x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(2401047)(8121501046)(5005006)(3002001)(100000703101)(100105400095)(10201501046)(93006095)(93001095)(6055026)(6041248)(20161123560025)(20161123555025)(20161123558100)(20161123562025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123564025)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:AM4PR07MB1297; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:AM4PR07MB1297; x-forefront-prvs: 0420213CCD x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(6009001)(39860400002)(24454002)(189002)(377424004)(377454003)(13464003)(199003)(81166006)(8676002)(6486002)(53936002)(966005)(53546010)(2950100002)(106356001)(105586002)(2906002)(6306002)(6512007)(3280700002)(3660700001)(99286003)(14454004)(54356999)(50986999)(5250100002)(76176999)(2501003)(101416001)(6436002)(81156014)(7736002)(6506006)(229853002)(305945005)(8936002)(66066001)(68736007)(33656002)(6116002)(4326008)(189998001)(102836003)(2900100001)(82746002)(36756003)(2201001)(97736004)(83716003)(5660300001)(478600001)(25786009)(86362001)(3846002)(6246003); DIR:OUT; SFP:1102; SCL:1; SRVR:AM4PR07MB1297; H:AM4PR07MB1715.eurprd07.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en; received-spf: None (protection.outlook.com: nokia.com does not designate permitted sender hosts) authentication-results: spf=none (sender IP is ) smtp.mailfrom=gunter.van_de_velde@nokia.com; spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM Content-Type: text/plain; charset="utf-8" Content-ID: <7380B39DAE762D4295C958764F720F0D@eurprd07.prod.outlook.com> Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-OriginatorOrg: nokia.com X-MS-Exchange-CrossTenant-originalarrivaltime: 04 Sep 2017 07:29:23.1725 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 5d471751-9675-428d-917b-70f44f9630b0 X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM4PR07MB1297 Archived-At: Subject: Re: [sfc] An MPLS Forwarding plane for SFC X-BeenThere: sfc@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Network Service Chaining List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 04 Sep 2017 07:29:30 -0000 SSBiZWxpZXZlIHRoYXQgdGhlIGFwcHJvYWNoIGFzIEFkcmlhbiBvdXRsaW5lcyBpcyB2ZXJ5IHBy YWdtYXRpYy4NCg0KSm9lbCwgbm90IHN1cmUgSSBhZ3JlZSBhYm91dCBiZWluZyBib3VuZCBieSB0 cmFuc3BvcnQgbWVjaGFuaXNtIHdoZW4gdXNpbmcgTVBMUywgYXMgdGhlIA0KTVBMUyBzZXF1ZW5j ZWQgbGFiZWxzIGNhbiBiZSB0cmFuc3BvcnRlZCBvdmVyIGFueSB0eXBlIG9mIHRyYW5zcG9ydCBq dXN0IGxpa2UgTlNIIGNvdWxkIGJlIHRyYW5zcG9ydGVkLg0KRm9yIHN1cmUgdGhlcmUgaXMgYXMg QWRyaWFuIG1lbnRpb25zIGEgdHJhZGUtb2ZmIHJlZ2FyZGluZyBmbGV4aWJpbGl0eSwgc28gZWFj aCB3aWxsIGZpbmQgaXRzIGFwcGxpY2F0aW9uIHJlYWxtLiANCkZvciBtYW55IHRoZSBmbGV4aWJp bGl0eSBpbiB0aGUgc2VxdWVuY2VkIE1QTFMgbGFiZWwgYXBwcm9hY2ggd2lsbCBiZSBzdWZmaWNp ZW50IGZvciBidXNpbmVzcyBwdXJwb3NlLg0KDQpHLw0KDQoNCk9uIDAxLzA5LzIwMTcsIDIyOjI1 LCAic2ZjIG9uIGJlaGFsZiBvZiBKb2VsIE0uIEhhbHBlcm4iIDxzZmMtYm91bmNlc0BpZXRmLm9y ZyBvbiBiZWhhbGYgb2Ygam1oQGpvZWxoYWxwZXJuLmNvbT4gd3JvdGU6DQoNCiAgICBSZWFkaW5n IHRoaXMgZHJhZnQsIHdoYXQgeW91IGhhdmUgcHJvcG9zZWQgaXMgYSBzcGVjaWZpYyB0cmFuc3Bv cnQgDQogICAgbWVjaGFuaXNtLCB1c2luZyBNUExTLiAgQnkgcmVtb3ZpbmcgdGhlIE5TSCBoZWFk ZXIsIHlvdSByZW1vdmUgdGhlIA0KICAgIHRyYW5zcG9ydCBhZ25vc3RpYyBwcm9wZXJ0aWVzIHRo YXQgdGhlIFdvcmtpbmcgR3JvdXAgd2FzIHNwZWNpZmljYWxseSANCiAgICBjaGFydGVyZWQgdG8g YWNoaWV2ZS4NCiAgICBCeSByZWNhc3RpbmcgdGhlIG1ldGFkYXRhIGludG8gYSBsYWJlbCBzZXF1 ZW5jZSwgeW91IG1ha2UgYW55IG1ldGFhdGEgDQogICAgcHJvY2Vzc2luZyBzaWduaWZpY2FudGx5 IGhhcmRlciwgYW5kIG1ha2UgYXBwbGljYXRpb25zIGRlcGVuZGVudCB1cG9uIA0KICAgIHRoZSBN UExTIHRyYW5zcG9ydCwgcmF0aGVyIHRoYW4gYmVpbmcgYWJsZSB0byByZWx5IG9uIHRoZSBOU0gg Zm9ybWF0LiANCiAgICBJZiB0aGlzIHBhdHRlcm4gd2VyZSBmb2xsb3dlZCBmb3Igb3RoZXIgdHJh bnNwb3J0cywgd2Ugd291bGQgcmVxdWlyZSBTRkYgDQogICAgYW5kIFNGIHdoaWNoIHVuZGVyc3Rv b2QgaG93IHRvIHBhcnNlIGFuZCBwcm9jZXNzIGFsbCBvZiB0aGUgZGlmZmVyZW50IA0KICAgIHRy YW5zcG9ydCBlbmNvZGluZ3Mgb2YgdGhlIHBhdGgsIGFuZCBTRiB3b3VsZCBoYXZlIHRvIHVuZGVy c3RhbmQgYWxsIHRoZSANCiAgICBkaWZmZXJlbnQgdHJhbnNwb3J0IGVuY29kaW5ncyBvZiB0aGUg bWV0YWRhdGEuDQogICAgDQogICAgV2h5IGlzIHRoaXMgYmVuZWZpY2lhbD8NCiAgICANCiAgICBJ ZiB3aGF0IHlvdSB3YW50IHRvIGRvIGlzIGNhcnJ5IE5TSCwgd2l0aCBhbiBNUExTIGxhYmVsIHN0 YWNrIHRoYXQgDQogICAgcmVwcmVzZW50cyB0aGUgd2hvbGUgc2VxdWVuY2Ugb2YgcGxhY2VzIHRv IHZpc2l0LCB3ZSB3b3VsZCBzdGlsbCBoYXZlIHRvIA0KICAgIGFzc3VtZSB0aGF0IFNGIHByZXNl cnZlZCB0aGUgTVBMUyBzdGFjaywgYnV0IHRoZWlyIHByb2Nlc3NpbmcsIGFzc3VtaW5nIA0KICAg IHRoZXkgY291bGQgZmluZCB0aGUgY2FycmllZCBOU0ggaGVhZGVyIHVuZGVyIHRoZSBNUExTIHN0 YWNrLCB3b3VsZCBhdCANCiAgICBsZWFzdCBiZSBpbmRlcGVuZGVudCBvZiB0aGUgdHJhbnNwb3J0 Lg0KICAgIA0KICAgIFlvdXJzLA0KICAgIEpvZWwNCiAgICANCiAgICBPbiA5LzEvMTcgNDoxNSBQ TSwgQWRyaWFuIEZhcnJlbCB3cm90ZToNCiAgICA+IEhpLA0KICAgID4gDQogICAgPiBXZSd2ZSBi ZWVuIHdvcmtpbmcgdXAgc29tZSBpZGVhcyBmb3IgdXNpbmcgYW4gTVBMUyBmb3J3YXJkaW5nIHBs YW5lIChzd2l0Y2hpbmcNCiAgICA+IG9yIFNSKSBmb3IgU0ZDLg0KICAgID4gDQogICAgPiBXZSBo YXZlIGNvbnN0cmFpbmVkIG91cnNlbHZlcyB0byB0aGUgYXJjaGl0ZWN0dXJlIGRldmVsb3BlZCBi eSB0aGUgU0ZDIHdvcmtpbmcNCiAgICA+IGdyb3VwLCBhbmQgaGF2ZSB1c2VkIHRoZSBOU0ggYXMg YSBmdW5jdGlvbmFsIG1vZGVsLg0KICAgID4gDQogICAgPiBNUExTIGlzIHNvbWV3aGF0IGxpbWl0 ZWQgY29tcGFyZWQgdG8gdGhlIE5TSCBlbmNhcHN1bGF0aW9uLCBzbyB0aGVyZSBpcyBhDQogICAg PiB0cmFkZS1vZmYgYmV0d2VlbiB1c2luZyBhIG5ldyBlbmNhcHN1bGF0aW9uIHdpdGggZnVsbCBm dW5jdGlvbiBhbmQgYSBnb29kIHNldCBvZg0KICAgID4gZnVuY3Rpb24gdXNpbmcgYW4gZXhpc3Rp bmcgZm9yd2FyZGluZyBwbGFuZS4NCiAgICA+IA0KICAgID4gQXQgdGhlIG1vbWVudCB0aGlzIGlz IGFuIGVhcmx5IHZlcnNpb24gb2Ygb3VyIHdvcmssIGJ1dCB3ZSB0aG91Z2h0IHlvdSdkIGxpa2Ug dG8NCiAgICA+IHNlZSBvdXIgdGhvdWdodCBwcm9jZXNzZXMuDQogICAgPiANCiAgICA+IChGV0lX IGRyYWZ0LWlldGYtYmVzcy1uc2gtYmdwLWNvbnRyb2wtcGxhbmUgaXMgYXBwbGljYWJsZSB0byBO U0ggb3IgTVBMUw0KICAgID4gZW5jYXBzdWxhdGlvbnMgYW5kIGluY2x1ZGVzIG1lY2hhbmlzbXMg dG8gc2VsZWN0IGJldHdlZW4gdGhlIHR3by4pDQogICAgPiANCiAgICA+IENoZWVycywNCiAgICA+ IEFkcmlhbg0KICAgID4gDQogICAgPj4gLS0tLS1PcmlnaW5hbCBNZXNzYWdlLS0tLS0NCiAgICA+ PiBGcm9tOiBJLUQtQW5ub3VuY2UgW21haWx0bzppLWQtYW5ub3VuY2UtYm91bmNlc0BpZXRmLm9y Z10gT24gQmVoYWxmIE9mDQogICAgPj4gaW50ZXJuZXQtZHJhZnRzQGlldGYub3JnDQogICAgPj4g U2VudDogMDEgU2VwdGVtYmVyIDIwMTcgMjE6MDANCiAgICA+PiBUbzogaS1kLWFubm91bmNlQGll dGYub3JnDQogICAgPj4gU3ViamVjdDogSS1EIEFjdGlvbjogZHJhZnQtZmFycmVsLW1wbHMtc2Zj LTAwLnR4dA0KICAgID4+DQogICAgPj4NCiAgICA+PiBBIE5ldyBJbnRlcm5ldC1EcmFmdCBpcyBh dmFpbGFibGUgZnJvbSB0aGUgb24tbGluZSBJbnRlcm5ldC1EcmFmdHMNCiAgICA+IGRpcmVjdG9y aWVzLg0KICAgID4+DQogICAgPj4NCiAgICA+PiAgICAgICAgICBUaXRsZSAgICAgICAgICAgOiBB biBNUExTLUJhc2VkIEZvcndhcmRpbmcgUGxhbmUgZm9yIFNlcnZpY2UgRnVuY3Rpb24NCiAgICA+ IENoYWluaW5nDQogICAgPj4gICAgICAgICAgQXV0aG9ycyAgICAgICAgIDogQWRyaWFuIEZhcnJl bA0KICAgID4+ICAgICAgICAgICAgICAgICAgICAgICAgICAgIFN0ZXdhcnQgQnJ5YW50DQogICAg Pj4gICAgICAgICAgICAgICAgICAgICAgICAgICAgSm9obiBEcmFrZQ0KICAgID4+IAlGaWxlbmFt ZSAgICAgICAgOiBkcmFmdC1mYXJyZWwtbXBscy1zZmMtMDAudHh0DQogICAgPj4gCVBhZ2VzICAg ICAgICAgICA6IDIzDQogICAgPj4gCURhdGUgICAgICAgICAgICA6IDIwMTctMDktMDENCiAgICA+ Pg0KICAgID4+IEFic3RyYWN0Og0KICAgID4+ICAgICBTZXJ2aWNlIEZ1bmN0aW9uIENoYWluaW5n IChTRkMpIGlzIHRoZSBwcm9jZXNzIG9mIGRpcmVjdGluZyBwYWNrZXRzDQogICAgPj4gICAgIHRo cm91Z2ggYSBuZXR3b3JrIHNvIHRoYXQgdGhleSBjYW4gYmUgYWN0ZWQgb24gYnkgYW4gb3JkZXJl ZCBzZXQgb2YNCiAgICA+PiAgICAgYWJzdHJhY3Qgc2VydmljZSBmdW5jdGlvbnMgYmVmb3JlIGJl aW5nIGRlbGl2ZXJlZCB0byB0aGUgaW50ZW5kZWQNCiAgICA+PiAgICAgZGVzdGluYXRpb24uICBB biBhcmNoaXRlY3R1cmUgZm9yIFNGQyBpcyBkZWZpbmVkIGluIFJGQzc2NjUuDQogICAgPj4NCiAg ICA+PiAgICAgVGhlIE5ldHdvcmsgU2VydmljZSBIZWFkZXIgKE5TSCkgY2FuIGJlIGluc2VydGVk IGludG8gcGFja2V0cyB0bw0KICAgID4+ICAgICBzdGVlciB0aGVtIGFsb25nIGEgc3BlY2lmaWMg cGF0aCB0byByZWFsaXplIGEgU2VydmljZSBGdW5jdGlvbiBDaGFpbi4NCiAgICA+Pg0KICAgID4+ ICAgICBNdWx0aXByb3RvY29sIExhYmVsIFN3aXRjaGluZyAoTVBMUykgaXMgYSB3aWRlbHkgZGVw bG95ZWQgZm9yd2FyZGluZw0KICAgID4+ICAgICB0ZWNobm9sb2d5IHRoYXQgdXNlcyBsYWJlbHMg dG8gaWRlbnRpZnkgdGhlIGZvcndhcmRpbmcgYWN0aW9ucyB0byBiZQ0KICAgID4+ICAgICB0YWtl biBhdCBlYWNoIGhvcCB0aHJvdWdoIGEgbmV0d29yay4gIFNlZ21lbnQgUm91dGluZyBpcyBhIG1l Y2hhbmlzbQ0KICAgID4+ICAgICB0aGF0IHByb3ZpZGVzIGEgc291cmNlIHJvdXRpbmcgcGFyYWRp Z20gZm9yIHN0ZWVyaW5nIHBhY2tldHMgaW4gYW4NCiAgICA+PiAgICAgTVBMUyBuZXR3b3JrLg0K ICAgID4+DQogICAgPj4gICAgIFRoaXMgZG9jdW1lbnQgZGVzY3JpYmVzIGhvdyBTZXJ2aWNlIEZ1 bmN0aW9uIENoYWluaW5nIGNhbiBiZSBhY2hpZXZlZA0KICAgID4+ICAgICBpbiBhbiBNUExTIG5l dHdvcmsgYnkgbWVhbnMgb2YgYSBsb2dpY2FsIHJlcHJlc2VudGF0aW9uIG9mIHRoZSBOU0ggaW4N CiAgICA+PiAgICAgYW4gTVBMUyBsYWJlbCBzdGFjay4NCiAgICA+Pg0KICAgID4+DQogICAgPj4N CiAgICA+PiBUaGUgSUVURiBkYXRhdHJhY2tlciBzdGF0dXMgcGFnZSBmb3IgdGhpcyBkcmFmdCBp czoNCiAgICA+PiBodHRwczovL2RhdGF0cmFja2VyLmlldGYub3JnL2RvYy9kcmFmdC1mYXJyZWwt bXBscy1zZmMvDQogICAgPj4NCiAgICA+PiBUaGVyZSBhcmUgYWxzbyBodG1saXplZCB2ZXJzaW9u cyBhdmFpbGFibGUgYXQ6DQogICAgPj4gaHR0cHM6Ly90b29scy5pZXRmLm9yZy9odG1sL2RyYWZ0 LWZhcnJlbC1tcGxzLXNmYy0wMA0KICAgID4+IGh0dHBzOi8vZGF0YXRyYWNrZXIuaWV0Zi5vcmcv ZG9jL2h0bWwvZHJhZnQtZmFycmVsLW1wbHMtc2ZjLTAwDQogICAgPj4NCiAgICA+Pg0KICAgID4+ IFBsZWFzZSBub3RlIHRoYXQgaXQgbWF5IHRha2UgYSBjb3VwbGUgb2YgbWludXRlcyBmcm9tIHRo ZSB0aW1lIG9mIHN1Ym1pc3Npb24NCiAgICA+PiB1bnRpbCB0aGUgaHRtbGl6ZWQgdmVyc2lvbiBh bmQgZGlmZiBhcmUgYXZhaWxhYmxlIGF0IHRvb2xzLmlldGYub3JnLg0KICAgID4+DQogICAgPj4g SW50ZXJuZXQtRHJhZnRzIGFyZSBhbHNvIGF2YWlsYWJsZSBieSBhbm9ueW1vdXMgRlRQIGF0Og0K ICAgID4+IGZ0cDovL2Z0cC5pZXRmLm9yZy9pbnRlcm5ldC1kcmFmdHMvDQogICAgPj4NCiAgICA+ PiBfX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fXw0KICAgID4+ IEktRC1Bbm5vdW5jZSBtYWlsaW5nIGxpc3QNCiAgICA+PiBJLUQtQW5ub3VuY2VAaWV0Zi5vcmcN CiAgICA+PiBodHRwczovL3d3dy5pZXRmLm9yZy9tYWlsbWFuL2xpc3RpbmZvL2ktZC1hbm5vdW5j ZQ0KICAgID4+IEludGVybmV0LURyYWZ0IGRpcmVjdG9yaWVzOiBodHRwOi8vd3d3LmlldGYub3Jn L3NoYWRvdy5odG1sDQogICAgPj4gb3IgZnRwOi8vZnRwLmlldGYub3JnL2lldGYvMXNoYWRvdy1z aXRlcy50eHQNCiAgICA+IA0KICAgID4gX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f X19fX19fX19fX19fX18NCiAgICA+IHNmYyBtYWlsaW5nIGxpc3QNCiAgICA+IHNmY0BpZXRmLm9y Zw0KICAgID4gaHR0cHM6Ly93d3cuaWV0Zi5vcmcvbWFpbG1hbi9saXN0aW5mby9zZmMNCiAgICA+ IA0KICAgIA0KICAgIF9fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f X19fDQogICAgc2ZjIG1haWxpbmcgbGlzdA0KICAgIHNmY0BpZXRmLm9yZw0KICAgIGh0dHBzOi8v d3d3LmlldGYub3JnL21haWxtYW4vbGlzdGluZm8vc2ZjDQogICAgDQoNCg== From nobody Mon Sep 4 02:27:08 2017 Return-Path: X-Original-To: sfc@ietfa.amsl.com Delivered-To: sfc@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E9938132705; Mon, 4 Sep 2017 02:27:06 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.6 X-Spam-Level: X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1A_GlhST0_Mq; Mon, 4 Sep 2017 02:27:03 -0700 (PDT) Received: from asmtp4.iomartmail.com (asmtp4.iomartmail.com [62.128.201.175]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3709D126DFE; Mon, 4 Sep 2017 02:27:03 -0700 (PDT) Received: from asmtp4.iomartmail.com (localhost.localdomain [127.0.0.1]) by asmtp4.iomartmail.com (8.13.8/8.13.8) with ESMTP id v849R0a5028883; Mon, 4 Sep 2017 10:27:00 +0100 Received: from 950129200 (196.252.114.87.dyn.plus.net [87.114.252.196]) (authenticated bits=0) by asmtp4.iomartmail.com (8.13.8/8.13.8) with ESMTP id v849Qxow028875 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 4 Sep 2017 10:27:00 +0100 Reply-To: From: "Adrian Farrel" To: "'Van De Velde, Gunter \(Nokia - BE/Antwerp\)'" , "'Joel M. Halpern'" , Cc: "'Service Function Chaining IETF list'" References: <034601d3235f$1f4ef590$5dece0b0$@olddog.co.uk> In-Reply-To: Date: Mon, 4 Sep 2017 10:26:57 +0100 Message-ID: <04bb01d3255f$f53a5d00$dfaf1700$@olddog.co.uk> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-Mailer: Microsoft Outlook 14.0 Thread-Index: AQJzPM2/P7REhoIu7jpCLKOmydqqngFAGxSgApKH7guhRa4vYA== Content-Language: en-gb X-TM-AS-MML: disable X-TM-AS-Product-Ver: IMSS-7.1.0.1679-8.1.0.1062-23302.006 X-TM-AS-Result: No--22.217-10.0-31-10 X-imss-scan-details: No--22.217-10.0-31-10 X-TMASE-MatchedRID: gTucSmrmRMM4HKI/yaqRm+YAh37ZsBDCTJDl9FKHbrnYWrp179pohu/J p4NV6pXfIQeEHNhqN2MPrVNv1qdfVUKX0MSwedJtCFaAixm5eU8NGLSN9jqAveIh67JIUPir8G7 V1v8bvlFsqhnv2KJ0FhNnPDERj3Lzk3lCx30bxUpT46Ow+EhYOOimxgRHwEwmXduRejGQ44FNAl UAf+JAszXu8p3GIVw8dFShK//Yj0XxzjaI4TpcCVWeeIqHthMLu2rcU2ygxCA3XlVVGX0OkT+ro IwmQ1LVL1NpBYi6UhmToLtZBpu2t51c04K0r+7JEhGH3CRdKUUTcFr9nQa5pBI+jlzyGLPnW11a 6+DDG/XY0jno/xmKIZb/+wegswSlDiYCfoTF/Y6QTsyupo9izZXcm+hpqurIIE7vV05wapsG5pY kwMRqtiXITKQXmKCOn8L97fw6R7h7qToVEfwBPMzWN98iBBeGDZlTFg+eXztm60OoujMOyGHwut 3qZqvb48CHU6S1ISEBqME6aDvAgqLsmXHFeGwaxZQoGMRGhhNT54svNkOnO+VWrwawFeMFq8M1t dFZKo8k7FhZLnoFU8KjqJxyhMunNgyelB4Yx0LEWFPsMEt58AYAPqHoVmYRDO+DX+rUwfZncpGQ s7S9GTRzIRIo4G/05KVkFd6ahn9Kl5uDD6k69uqq/TX+iM8TUVruDsLy3YSbKItl61J/ybLn+0V m71Lcq7rFUcuGp/G8QIu4z6HhEH7cGd19dSFd Archived-At: Subject: Re: [sfc] An MPLS Forwarding plane for SFC X-BeenThere: sfc@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Network Service Chaining List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 04 Sep 2017 09:27:07 -0000 Hi, > I believe that the approach as Adrian outlines is very pragmatic. Thanks, Gunter. A few points... - As I said in my email and as we note in the draft, this approach is = somewhat limited when compared to the full function that can be achieved with = the NSH.=20 - I quite understand that this is not the approach that the SFC working = group adopted, and that the reasons for the development of the NSH were = driven both by technical concerns and by constraints of the WG charter. - This proposal is not intended as antagonistic competition to the work = of=20 the SFC working group. Indeed, we have been sitting on this draft = waiting for the NSH draft to progress. - But we are offering a pragmatic alternative that can deliver a subset = of NSH function in a well-known environment. Our hope is that the SFF can be achieved with off-the-shelf MPLS hardware. - I copied my email to the SFC list because that seemed the polite and = right thing to do, not because I think that working group should be = developing this solution. IMHO, this wok belongs in the MPLS working group. Cheers, Adrian > Joel, not sure I agree about being bound by transport mechanism when = using > MPLS, as the MPLS sequenced labels can be transported over any type of = > transport just like NSH could be transported. > For sure there is as Adrian mentions a trade-off regarding = flexibility, so each will > find its application realm. > For many the flexibility in the sequenced MPLS label approach will be = sufficient > for business purpose. >=20 > G/ >=20 >=20 > On 01/09/2017, 22:25, "sfc on behalf of Joel M. Halpern" = on behalf of jmh@joelhalpern.com> wrote: >=20 > Reading this draft, what you have proposed is a specific transport > mechanism, using MPLS. By removing the NSH header, you remove the > transport agnostic properties that the Working Group was = specifically > chartered to achieve. > By recasting the metadata into a label sequence, you make any = metaata > processing significantly harder, and make applications dependent = upon > the MPLS transport, rather than being able to rely on the NSH = format. > If this pattern were followed for other transports, we would = require SFF > and SF which understood how to parse and process all of the = different > transport encodings of the path, and SF would have to understand = all the > different transport encodings of the metadata. >=20 > Why is this beneficial? >=20 > If what you want to do is carry NSH, with an MPLS label stack that > represents the whole sequence of places to visit, we would still = have to > assume that SF preserved the MPLS stack, but their processing, = assuming > they could find the carried NSH header under the MPLS stack, would = at > least be independent of the transport. >=20 > Yours, > Joel >=20 > On 9/1/17 4:15 PM, Adrian Farrel wrote: > > Hi, > > > > We've been working up some ideas for using an MPLS forwarding = plane > (switching > > or SR) for SFC. > > > > We have constrained ourselves to the architecture developed by = the SFC > working > > group, and have used the NSH as a functional model. > > > > MPLS is somewhat limited compared to the NSH encapsulation, so = there is a > > trade-off between using a new encapsulation with full function = and a good > set of > > function using an existing forwarding plane. > > > > At the moment this is an early version of our work, but we = thought you'd like > to > > see our thought processes. > > > > (FWIW draft-ietf-bess-nsh-bgp-control-plane is applicable to NSH = or MPLS > > encapsulations and includes mechanisms to select between the = two.) > > > > Cheers, > > Adrian > > > >> -----Original Message----- > >> From: I-D-Announce [mailto:i-d-announce-bounces@ietf.org] On = Behalf Of > >> internet-drafts@ietf.org > >> Sent: 01 September 2017 21:00 > >> To: i-d-announce@ietf.org > >> Subject: I-D Action: draft-farrel-mpls-sfc-00.txt > >> > >> > >> A New Internet-Draft is available from the on-line = Internet-Drafts > > directories. > >> > >> > >> Title : An MPLS-Based Forwarding Plane for = Service Function > > Chaining > >> Authors : Adrian Farrel > >> Stewart Bryant > >> John Drake > >> Filename : draft-farrel-mpls-sfc-00.txt > >> Pages : 23 > >> Date : 2017-09-01 > >> > >> Abstract: > >> Service Function Chaining (SFC) is the process of directing = packets > >> through a network so that they can be acted on by an = ordered set of > >> abstract service functions before being delivered to the = intended > >> destination. An architecture for SFC is defined in = RFC7665. > >> > >> The Network Service Header (NSH) can be inserted into = packets to > >> steer them along a specific path to realize a Service = Function Chain. > >> > >> Multiprotocol Label Switching (MPLS) is a widely deployed = forwarding > >> technology that uses labels to identify the forwarding = actions to be > >> taken at each hop through a network. Segment Routing is a = mechanism > >> that provides a source routing paradigm for steering = packets in an > >> MPLS network. > >> > >> This document describes how Service Function Chaining can = be achieved > >> in an MPLS network by means of a logical representation of = the NSH in > >> an MPLS label stack. > >> > >> > >> > >> The IETF datatracker status page for this draft is: > >> https://datatracker.ietf.org/doc/draft-farrel-mpls-sfc/ > >> > >> There are also htmlized versions available at: > >> https://tools.ietf.org/html/draft-farrel-mpls-sfc-00 > >> https://datatracker.ietf.org/doc/html/draft-farrel-mpls-sfc-00 > >> > >> > >> Please note that it may take a couple of minutes from the time = of > submission > >> until the htmlized version and diff are available at = tools.ietf.org. > >> > >> Internet-Drafts are also available by anonymous FTP at: > >> ftp://ftp.ietf.org/internet-drafts/ > >> > >> _______________________________________________ > >> I-D-Announce mailing list > >> I-D-Announce@ietf.org > >> https://www.ietf.org/mailman/listinfo/i-d-announce > >> Internet-Draft directories: http://www.ietf.org/shadow.html > >> or ftp://ftp.ietf.org/ietf/1shadow-sites.txt > > > > _______________________________________________ > > sfc mailing list > > sfc@ietf.org > > https://www.ietf.org/mailman/listinfo/sfc > > >=20 > _______________________________________________ > sfc mailing list > sfc@ietf.org > https://www.ietf.org/mailman/listinfo/sfc >=20 From nobody Mon Sep 4 15:31:21 2017 Return-Path: X-Original-To: sfc@ietfa.amsl.com Delivered-To: sfc@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D44DA132192 for ; Mon, 4 Sep 2017 15:31:13 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.6 X-Spam-Level: X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_LOW=-0.7] autolearn=unavailable autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=kumari-net.20150623.gappssmtp.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IISUH-kdR549 for ; Mon, 4 Sep 2017 15:31:11 -0700 (PDT) Received: from mail-wm0-x234.google.com (mail-wm0-x234.google.com [IPv6:2a00:1450:400c:c09::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C515A13219C for ; Mon, 4 Sep 2017 15:31:06 -0700 (PDT) Received: by mail-wm0-x234.google.com with SMTP id 187so9873924wmn.1 for ; Mon, 04 Sep 2017 15:31:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kumari-net.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=yaC77MGdz4ddRDOxF3tD4bfUT8yskKKHy5J1HM37EtQ=; b=wajqYBUSeO2YtVi+bQEcIrK7uhuNL+a1izB/hTkLBZs5Nn7wcjRH+90XKL84DafUjQ hUIkkc7nRSIFNcBklXPtGpfiqeoah1gfnwGdP57BWKNXyoE0TFxGjEKN0yDFbfmL03WS Q8fX0jDBxq+K205mhMbvsOxCt7CevCpNVptuEJ3VybTmzdidVZ6J/Nwt4S+aALBq4jxX QrGsOptOk4at5LQCqCVTU1T56t/ZLQ2/OCXbIvyAid5+doB2rIWhEDuByKJytEGy+Xlh rungVfvYyK1B21gNQZy7mFcz2TSiqUSTHK/ynySxbc1FHXzAJoMwOV/ldQY6HEPIEwpb SeFQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=yaC77MGdz4ddRDOxF3tD4bfUT8yskKKHy5J1HM37EtQ=; b=t0YGpgg8xE4e/5XYpBClLjM1UiV9Wamy+qyFon3VJi7b0erVGMI/UUFDzkCGUkXF0A Y+kzfStCI1paHsejMUV18iMKbIP8G3P9DrZe5yOm4vCQNFl4NoeLdNDMLnckko51J8wd 7miGiyVOmr3kUtT2t14j+6BvO6wTN9iBiaxoHFG6MFV0wGBwWG7z2yOz8eMtC/ZaqCW+ NYHAHcyKEk2BiPxN5omeJNIp1Q/471GKtd7mjFxzC2B1slDnKzifYwXtph2tQ5KRV/1f WQk1Qgj2rFJIFMYaRmjDcK/bGezlK5hkxxokVGUrxTpdqv2hk38H4f38MMevoTLR/gJr jWeA== X-Gm-Message-State: AHPjjUglOS5Js4gTd9pql0TVdUhBjY78bmsUcoFjwAXQ3Yc9TecqpZUr whFBnOzS43ZJeMy4+z3ek/FglvZrt4hB X-Google-Smtp-Source: ADKCNb62crr9yRg7ex1EYwLIj+heOTr0jhID7/sqY9H6GVPwvNQw7g8lb+TcEfQdvmm9lRW+WNg6HYLReVZMoQRHzXs= X-Received: by 10.28.93.146 with SMTP id r140mr996716wmb.133.1504564264625; Mon, 04 Sep 2017 15:31:04 -0700 (PDT) MIME-Version: 1.0 Received: by 10.223.164.135 with HTTP; Mon, 4 Sep 2017 15:30:23 -0700 (PDT) In-Reply-To: <2F5DB4AD-3672-43DE-B420-510B85440106@cisco.com> References: <150249274009.24438.5552125434164888108.idtracker@ietfa.amsl.com> <2F5DB4AD-3672-43DE-B420-510B85440106@cisco.com> From: Warren Kumari Date: Mon, 4 Sep 2017 18:30:23 -0400 Message-ID: To: "Carlos Pignataro (cpignata)" Cc: IETF Discuss , IETF-Announce , "draft-ietf-sfc-nsh@ietf.org" , "Joel M. Halpern" , "sfc-chairs@ietf.org" , Service Function Chaining IETF list , Alia Atlas , Jim Guichard Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Archived-At: Subject: Re: [sfc] Last Call: (Network Service Header (NSH)) to Proposed Standard X-BeenThere: sfc@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Network Service Chaining List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 04 Sep 2017 22:31:14 -0000 " On Thu, Aug 31, 2017 at 11:31 PM, Carlos Pignataro (cpignata) wrote: > Warren, > > Many thanks for taking the time to review this document! And apologies fo= r the delayed-ack. No worries -- -20 looks good. > > If reading parts of this document, and =E2=80=9Conly skimming sections 6.= 1 - Section 8=E2=80=9D left you so confused, bewildered and dizzy, there is= nothing we can start with other than acknowledging that there is an issue = that we will correct. It is an inadequate outcome, and we will rectify it. = Much of it seems to either be tracked to localized sources, or has proposed= resolutions in this response. I think it is largely rectified. The additional text in S1, and Figure 1 goes a long way to fixing it. > > Before diving into inlined issue-by-issue comments, there=E2=80=99s a few= high-level observations I=E2=80=99d like to make in response to your revie= w: > > 1. Several other reviewers, including Ops Dir, RTG Dir, and GenART, manag= ed to read and understand the document, provide constructive comments, and = survive the experience unharmed :-) Just to be clear, that does not mean th= at the document is as clear as it ought to be, or otherwise negates your co= nfusion. We will improve it and fix it. > > 2. Your suggestion of "a clear model at the beginning of the document=E2= =80=9D is spot on. We will add both a model and some prose early on. In fac= t, Jim Guichard suggested an outline and volunteered to craft a bit of that= text. Win - as said above, this made a huge difference (at least, for me :-)) > > Earlier version of this document included a number of examples that, in o= ur view, would have clarified much confusion. See https://tools.ietf.org/ht= ml/draft-ietf-sfc-nsh-05#section-9. Several folks, including the responsibl= e AD, objected to that section (on grounds of the inability of an example s= ection to include everyone=E2=80=99s favorite encapsulation). There is some= truth to that. > > That said, do you believe that such example section might have helped you= ? (This is, in addition to some early-on clarifications). Yes, I think that it would have made it much clearer, at least to me. It seems that there could be a bunch of "this is just one encapsulation, you can use whatever one suits you" or similar to help mitigate the "but I like $foo, why didn't you use that one?!". > > 3. It is outside the scope of this document to partake into religious deb= ates of the meaning of encapsulation versus tunneling versus shimming. > > In fact, this document does not include the word =E2=80=9Cshim=E2=80=9D, = whatsoever. You seem to have taken intellectual offense to the combination = =E2=80=9Cinserted onto=E2=80=9D. And subsequently you say: '*inserted onto*= sounds like a shim=E2=80=99, and then build a rebuttal of the use of the w= ord =E2=80=98shim=E2=80=99 :-) I believe part of the problem is that you ar= e reviewing =E2=80=9Cshim=E2=80=9D... > Ok, fair. I still think that "inserted into" and the title "Network Service Header" leads the reader (or, perhaps just me!) to think shim -- but the "inserted into" is now gone, and the new text in section 1 and figure 1 fixes all that. Thank you! > So, moving forward, we will do a couple of things: > > First, add a model and some text, early on at the beginning of the docume= nt. This is needed for issue #1. > > Second, wait for your thoughts and other folks=E2=80=99 guidance on wheth= er to re-include the now removed =E2=80=9CExamples=E2=80=9D section. It see= ms to us that the looseness in some text is greatly aggravated by the lack = of packet formats. This is also relevant to issue #1. > > Would you agree? Yup. > > Third, we will sharpen the text throughout in the use of encap. > > Issue #4 remains unresolved, as I would like to check and not break the b= alance of text. I will punt this to the Shepherd. > > In summary, we will clarify issues #1 and #3 for NSH, and would like to r= e-add pak formats. All other issues have proposed resolutions inline. > > Thanks again for pointing all of these out. Thank you, and thank you for taking them in a constructive manner. > > Please find responses and follow-ups inline. > > We will come back with proposed diffs for the two pending issues labeled = =E2=80=9Cmajor=E2=80=9D (#1 and #4). > > Additionally, all Nits are addressed in our working copy. Many thanks for= taking the time to identify all those and propose suggestions. Some of the= m are fixed differently though (when you wrote =E2=80=9CAs SF or SFC Proxy = -> A SF or SFC Proxy=E2=80=9D, that is actually =E2=80=9CAn SF=E2=80=9D (gr= ammar). Sure. > > As an aside, and as a review of your review, two quick suggestions: > > 1. The stream-of-counciousness narrative very poorly suits a technical re= view of a spec. While I am sure a plurality of thoughts interconnect, someh= ow, it is very hard to follow. > Fair enough. Sorry. > 2. While I am sure you know the legend for =E2=80=9C[O] [P] and [R]=E2=80= =9D, the first thing that came to mind to me was =E2=80=9Cwell, [Q] is miss= ing!=E2=80=9D :-) I can guess Original, Proposed, Reason/Rational after a w= hile, but really, it does not universally translate... Yup, was Original / Proposed / Reason - but, I'll try remember to include a lookup key in the future :-) Thank again, W > > >> On Aug 18, 2017, at 8:51 PM, Warren Kumari wrote: >> >> On Fri, Aug 11, 2017 at 7:05 PM, The IESG wrot= e: >>> >>> The IESG has received a request from the Service Function Chaining WG (= sfc) >>> to consider the following document: - 'Network Service Header (NSH)' >>> as Proposed Standard >>> >>> The IESG plans to make a decision in the next few weeks, and solicits f= inal >>> comments on this action. Please send substantive comments to the >>> ietf@ietf.org mailing lists by 2017-08-25. Exceptionally, comments may = be >>> sent to iesg@ietf.org instead. In either case, please retain the beginn= ing of >>> the Subject line to allow automated sorting. >>> >>> Abstract >>> >>> >>> This document describes a Network Service Header (NSH) inserted onto >>> packets or frames to realize service function paths. NSH also >>> provides a mechanism for metadata exchange along the instantiated >>> service paths. NSH is the SFC encapsulation required to support the >>> Service Function Chaining (SFC) architecture (defined in RFC7665). >>> >> >> >> >> In my opinion this document still needs significant work. Christian's >> great SecDir review lists many issues which need to be addressed; >> since he has already raised concerns, I am not focusing on the >> security and privacy stuff in my but review. Instead, I'll discuss >> some of the other issues. >> >> I only skimmed sections 6.1 - Section 8. >> >> As this is output of the SFC WG, which is chartered to, amongst other >> thing, create a "Generic SFC Encapsulation" (with some more details) >> I'll take it as given that this is desired / needed. >> >> Issues: >> >> Issue 1: I find the entire document to be confusing about what an NSH >> actually is, and after spending much time reading, am still fairly >> confused. >> A clear model at the beginning of the document which explains how >> these bits fit together would be very helpful. I am familiar with >> RFC7665 (the architecture document); my confusion stems from this >> draft. >> >> For example the Abstract says: >> "This document describes a Network Service Header (NSH) inserted onto >> packets or frames to realize service function paths. NSH also provides >> a mechanism for metadata exchange along the instantiated service >> paths. NSH is the SFC encapsulation required to support the Service >> Function Chaining (SFC) architecture ". >> >> Oh, ok, so it is something inserted onto packets or frames... >> *inserted onto* sounds like a shim, however, "NSH is the SFC >> encapsulation...". indicates that I had the wrong mental model and >> this is actually an encapsulation, kinda like GRE. (This is reinforced >> with (end of Section 1) "NSH is the SFC encapsulation referenced in >> [RFC7665].") Ok, so this encapsulates the packet, got it... >> I read some more, and then find (in section 2) that "An outer >> transport header is imposed, on NSH and the original packet/frame, for >> network forwarding.". Oh, so this is *actually* a shim / header which >> goes before the packet, and then the whole thing gets encapsulated? It >> shouldn't have been this hard to figure out, but Ok, now I get it...Or >> do I? Oh, hang on, what transport header do I use?! >> It is only much much later, in Section 4 (page 15) that I find "Once >> NSH is added to a packet, an outer encapsulation is used to forward >> the original packet and the associated metadata to the start of a >> service chain. ... The service header is independent of the >> encapsulation used and is encapsulated in existing transports. The >> presence of NSH is indicated via protocol type or other indicator in >> the outer encapsulation." - I'm now really confused - first I thought >> it was a shim / header, then I thought it was an encapsulation, now I >> (finally) see that it is a header which goes before the packet >> (encapsulating it) before it gets encapsulated again into something >> else. It would be much better if the document was clearer at the >> beginning about how all this fits together / what the NSH actually >> *is* -- an analogy to layering, or as a shim which goes between a >> tunneling header and the original packet would make this much clearer >> (and the reader much less annoyed!). > > =E2=80=9Cinserted onto=E2=80=9D substituted with =E2=80=9Cimposed on=E2= =80=9D :-) > > As mentioned, we will also add clarifying text to the intro. > >> >> Issue 2: Section 1.2. Definition of Terms >> "Metadata: Defined in [RFC7665]." - The definition of metadata in >> RFC7665 says: "Metadata: Provides the ability to exchange context >> information between classifiers and SFs, and among SFs.". This is not >> an adequate definition for use in this document - the document defines >> a context header which carries metadata, and it need to be better >> defined than something which provides an ability. >> Apart from RFC7665 actually *defining* metadata, it doesn't really >> describe what you do with it. As this document discusses metadata much >> more (and how to carry it), I think that it needs to much better >> define what it is, what its purpose is, and how to use it. >> > > OK, new definition, comments welcome: > > > Defined in . > The metadata, or context information shared between classifiers and SFs, = and among SFs, > is carried on the NSH's Context Headers. It allows summarizing a classifi= cation result > in the packet itself, avoiding subsequent re-classifications. > > Examples of metadata include classification information used for > policy enforcement and network context for forwarding post > service delivery. > > > > > >> Issue 3: Section 2. Network Service Header >> "An outer transport header is imposed, on NSH and the original >> packet/frame, for network forwarding." - this is very poorly worded, >> and I don't really know what I'm supposed to do here. I'm assuming >> that I'm supposed to concatenate the NSH and the packet, and then >> encapsulate this in some transport of my choosing, but this needs more >> precision. >> > > Agreed. Reworded. Here=E2=80=99s a suggestion, explicit text welcome: > > > An NSH is imposed on the original packet/frame. > This NSH contains service path information and > optionally metadata that are added to a packet or frame and used to > create a service plane. Subsequently, an outer encapsulation is impose= d on > the NSH, whic is used for network forwarding. > > > >> Issue 4: The document talks about using the TTL to avoid loops, and >> also the Service Index (SI). "The Service Index MUST be decremented by >> a value of 1 by Service Functions or by SFC Proxy nodes after >> performing required services and the new decremented SI value MUST be >> used in the egress packet=E2=80=99s NSH. ... Additionally, while the TTL= field >> is the main mechanism for service plane loop detection, the SI can >> also be used for detecting service plane loops.". Much better text is >> needed here to discuss how these interact. Lets say the TTL is 14, and >> the SI is 1. The packet is now handed to the next SF, which decrements >> it to 0. Now what? It this the same as the TTL hitting 0? If it an >> error? Do I wrap and go back to 255? What are there 2 mechanisms for >> this? Much further down, in Section 6.1, we have: "SI serves as a >> mechanism for detecting invalid service function paths. In >> particular, an SI value of zero indicates that forwarding is incorrect >> and the packet must be discarded." This answers many of the above, but >> having the text better organized would simplify the document. >> > > I am hesitant to touch that text right now as it summarizes a delicate ba= lance reached by the WG. > > Let me go back to the WG and propose text for this. > >> Issue 5: Section 6. Service Path Forwarding with NSH Subsection 6.1. >> SFFs and Overlay Selection >> I'm assuming that there is much more detail in other documents which >> cover how to use the SPI / SI to do the forwarding -- can you please >> insert a reference? I'm somewhat confused by the level of detail >> between this document and . This doesn't >> contain enough to implement, but seem to include more than I'd expect >> to clarify how to interface with some other doc. > > The detail here seems adequate. > >> >> >> >> >> >> Questions / concerns: >> Section 2.2. NSH Base Header >> "TTL: Indicates the maximum SFF hops for an SFP. This field is used >> for service plane loop detection. ... Each SFF involved in forwarding >> an NSH packet MUST decrement the TTL value by 1 prior to NSH >> forwarding lookup. Decrementing by 1 from an incoming value of 0 >> shall result in a TTL value of 63. The packet MUST NOT be forwarded >> if TTL is, after decrement, 0." >> Why does decrementing by 1 from 0 result in 63? Under what (valid) >> conditions will I receive a packet with an incoming value of 0? (why >> is this not an error?) >> > > Wrap? > >> Section 2.4. NSH MD Type 1 >> "When the Base Header specifies MD Type =3D 0x1, a Fixed Length Context >> Header (16-bytes) MUST be present immediately following the Service >> Path Header, as per Figure 4. The value of a Fixed Length Context >> Header that carries no metadata MUST be set to zero.". "This >> specification does not make any assumptions about the content of the >> 16 byte Context Header that must be present when the MD Type field is >> set to 1, and does not describe the structure or meaning of the >> included metadata.". So, the specification doesn't make any >> assumptions about the Fixed Length Context Header (I guess it is an >> opaque blob), but if it has no metadata is must be 0? And if there is >> no metadata, why would I need to waste 16 bytes? And this document >> defines 2 MD types -- why would I use this one instead of a Type 2? >> (which seems cleaner, and shorter). > > There are two MD Types to use. Fixed is HW friendly, TLV is SW friendly. > > As usual, there is a tradeoff, and you choose MD Type based on what you w= ant to optimize for. > > >> Kind of related to Issue 2, I >> think that there needs to be more discussions (perhaps in some other >> document, which needs a reference) what the purpose of the metadata >> is, why it is sometimes metadata and sometimes Context Header, what a >> receiver is supposed to do with this, etc. >> > > Context header carries metadata. > >> Section 2.4: >> "An SFC-aware SF MUST receive the data semantics first in order to >> process the data placed in the mandatory context field. The data >> semantics include both the allocation schema and the meaning of the >> included data. How an SFC-aware SF gets the data semantics is outside >> the scope of this specification." -- related to the above, I still >> don't get this. Is "the data placed in the mandatory context field" =3D= =3D >> "metadata"? And there is no type information associated, so receiver >> cannot look at it and know what it is, other than "I expected a blob, >> this is a blob, blobs I receive should be of type X, let me try >> decoded it as one?" -- shouldn't there be some sort of hint in the NSH >> as to what the context field is carrying (like Type 2 has)? I've >> looked at I-D.guichard-sfc-nsh-dc-allocation and >> I-D.napper-sfc-nsh-broadband-allocation which discuss how bits in the >> context header can be allocated, but would a receiver differentiate >> which type is in use (other than being configured to know that blobs >> are always of type X). Again, I'm hoping that there is an SFC document >> which explains the architecture in more detail then RFC7665. > > MD Type 1 is not self-describing. > >> >> Section 2.5.1. Optional Variable Length Metadata >> Optional variable length Context Headers have a Class (scope of the >> Type), a Type (explicit type of metadata, defined by the Class owner), >> and a Length. >> A length of 0 means that the context header has no data. It would be >> useful to explain what this actually means -- it sounds like a message >> with no content, but perhaps receivers are supposed to use the Type in >> this case to do something? > > Yes :-) Precisely. > >> >> Section 3. NSH Actions >> "NSH-aware nodes are the only nodes that may alter the content of NSH >> headers." -- this sentence is nonsensical. If a node doesn't know >> something is an NSH (is it not NSH-aware), telling it not to touch NSH >> headers is basically "Devices on the Internet shouldn't poke at things >> that they don't understand=E2=80=9D. > > It might be obvious or redundant, but it is not nonsensical. > > We will reword it though. :-) > >> >> Section 3: >> "At the end of a service function path, an SFF, MUST be the last node >> operating on the service header and MUST remove NSH before forwarding >> or delivering the un-encapsulated packet." - I'm somewhat confused >> what this is trying to say, and assume that it is simply superfluous >> commas. But, with those removed the sentence is still confusing to me >> -- a SFF is the thing that does the forwarding, and so, by definition >> it has to be the last thing operating on the service header (unless >> the packet is dropped) -- so, what does the first MUST mean? > > Yes, there is a superfluous comma. But the meaning of the sentence is =E2= =80=9Cdo not leak NSH outside the SFC domain=E2=80=9D. > > I=E2=80=99ll reword it. > >> >> Section 4. NSH Transport Encapsulation >> "The presence of NSH is indicated via protocol type or other indicator >> in the outer encapsulation." -- just for my interest, what all >> encapsulations already have this defined / allocated? > > Ethernet, GRE, VXLAN-GPE, others. > >> >> Section 5. Fragmentation Considerations >> "As discussed in [I-D.ietf-rtgwg-dt-encap], within an administrative >> domain, an operator can ensure that the underlay MTU is sufficient to >> carry SFC traffic without requiring fragmentation." -- I think that >> that is stretching what I-D.ietf-rtgwg-dt-encap says a bit far. NSH >> Type 1 adds 24 octets (4 octet Base Header, 4 octet Service Path >> Header, 16 octet Context Header), plus the gets wrapped in a new >> transport, so let's say 24 octets for GRE. This means that, for a >> 1500byte packet I need an MTU of 1548 (I'm not sure all operators can >> support that everywhere). The Type 2 header is of variable length (and >> I don't think I saw a limit). > > This text is reworded based on GenART. > >> " For example, when NSH is encapsulated in IP, IP-level fragmentation >> coupled with Path MTU Discovery (PMTUD) is used. When, on the other >> hand, the underlay does not support fragmentation procedures, an error >> message SHOULD be logged when dropping a packet too big." -- I think >> that more guidance / text is needed here, e.g for v6. Just dropping >> the packet and logging an error doesn't solve the base issue causing >> the problem. If this protocol wasn't an "encapsulation" I wouldn't >> feel so strongly, but if the protocol says that it providing an >> encapsulation it needs to handle things that encapsulation protocols >> do. > > This text came from OpsDir review. > >> >> >> >> >> Nits: > > > All fixed. > > Best, > > =E2=80=94 > Carlos Pignataro, carlos@cisco.com > > =E2=80=9CSometimes I use big words that I do not fully understand, to mak= e myself sound more photosynthesis." > > > >> Section 1. Introduction >> ... current service function deployment models have been relatively >> static, and bound to topology >> [O] static, and bound >> [P] static and bound >> [R] grammar >> >> ... >> Specifically, the following functions are necessary: >> >> The movement of service functions and application workloads in the >> network. >> >> The ability to easily bind service policy to granular information, >> such as per-subscriber state. >> >> [R]: Numbers or bullets would make the much easier to read. >> >> >> Section 1.2 - Definition of Terms >> "Byte: All references to "bytes" in this document refer to 8-bit >> bytes, or octets." -- this is a circular definition (the section is >> Definition of Terms, not Terminology) - suggest dropping the 8-bit >> bytes, octets covers it. >> >> Throughout the document: >> The document says "A Service Classifier adds NSH. NSH is removed by >> ...", and "NSH offers a common and standards-based header" -- is NSH a >> technology (as implied by the second phrase), or a thing added to a >> packet (like the first implies). Whatever the case, for the first, "A >> Service Classifier adds *the* NSH. *The* NSH is removed by ..." (or, >> "an"). >> >> >> Section 1.4. NSH-based Service Chaining >> NSH creates a dedicated service plane, more specifically, NSH >> [O] plane, more >> [P] plane; more >> [R] grammar >> >> 1. Topological Independence: Service forwarding occurs within the >> service plane, the underlying network topology does not require >> >> [O] plane, the >> [P] plane; the (or "plane, so the") >> [R] grammar >> >> >> Section 2.2. NSH Base Header >> "MD Type: Indicates the format of NSH beyond the mandatory Base Header >> and the Service Path Header. MD Type defines the format of the >> metadata being carried." -- please expand MD here. I wasted much time >> before guessing that this was MetaData Type. >> >> >> Given the >> widespread implementation of existing hardware that uses the first >> nibble after an MPLS label stack for ECMP decision processing, this >> document reserves version 01b and this value MUST NOT be used in >> [O] 01b and this value >> [P] 01b. This value >> [R] grammar -- run on sentence, and it reads awkwardly with a >> semicolon before the "and" (but that would be grammatically correct, >> if preferred.) >> >> >> Forwarding OAM >> packets unmodified by SFC elements that do not support SFC OAM >> procedures may be acceptable for a subset of OAM functions, but can >> result in unexpected outcomes for others, thus it is recommended to >> [ >> O] others, thus >> [P] others; thus >> [R] grammar >> >> This specification does not disallow the MD Type value from changing >> along an SFP; however, the specification of the necessary mechanism >> to allow the MD Type to change along an SFP are outside the scope of >> this document, and would need to be defined for that functionality to >> [ >> O] document, and >> [P] document and >> [R] grammar >> >> >> >> Section 2.4: >> As SF or SFC Proxy -> A SF or SFC Proxy >> >> Section 2.5.1: >> "the SFC-aware SF MUST NOT process the packet and MUST log at least >> once per the SPI for which the mandatory metadata is missing." -- >> feels like you are missing some words after "log" -- presumably "must >> log an error", or "this event", or something. >> >> >> Section 6.1. SFFs and Overlay Selection >> This indirection -- SPI to overlay -- creates a true service plane. >> That is, the SFF/SF topology is constructed without impacting the >> network topology but more importantly, service plane only >> >> [O] topology but more importantly, >> [P] topology; but more importantly, >> [R] grammar >> >> This can be via the overlay or >> underlay and in some case require additional configuration on the SF. >> >> [O] some case >> [P] some cases >> [R] I think this is what was intended >> >> Section 6.4. Service Graphs >> These classifiers may also of course >> >> [O] may also of course >> [P] may, of course, also >> [R] readability >> >> modify the metadata associated with the packet. >> >> Section 7.1. NSH Metadata and Policy Enforcement >> >> As described in Section 2, NSH provides the ability to carry metadata >> along a service path. This metadata may be derived from several >> sources, common examples include: >> >> [O] sources, common >> [P] sources. Common >> [R] grammar >> >> Network nodes/devices: Information provided by network nodes can >> indicate network-centric information (such as VRF or tenant) that >> may be used by service functions, or conveyed to another network >> >> [O] functions, or conveyed >> [P] functions or conveyed >> [R] grammar >> >> The granularity of classification may vary. For >> example, a network switch, acting as a classifier, might only be able >> to classify based on a 5-tuple, whereas, a service function may be >> >> [O] whereas, a service >> [P] while a service >> [R] readability >> >> In both of the examples above, the service functions perform policy >> decisions based on the result of the initial classification: the SFs >> did not need to perform re-classification, rather they rely on a >> >> [O] re-classification, rather >> [P] re-classification; instead, >> [R] grammar/readability >> >> antecedent classification for local policy enforcement. >> >> Depending on the information carried in the metadata, data privacy >> considerations may need to be considered. For example, if the >> >> This feels like its punting on the problem more than it should, but >> I'm avoiding privacy and security in this particular review. >> >> metadata conveys tenant information, that information may need to be >> authenticated and/or encrypted between the originator and the >> intended recipients (which may include intended SFs only) . NSH >> >> [O] ) . >> [P] ). >> [R] punctuation >> >> itself does not provide privacy functions, rather it relies on the >> transport/overlay layer. An operator can select the appropriate >> transport to ensure confidentially (and other security) >> >> [O] confidentially >> [P] confidentiality >> [R] word choice >> >> >> Section 8. Security Considerations >> >> NSH is always encapsulated in a transport protocol (as detailed in >> Section 4 of this specification) and therefore, when required, >> >> [O] ) and therefore, >> [P] ); and, therefore, >> [R] grammar >> >> >> >> >> W >> >> >> >> >> -- >> I don't think the execution is relevant when it was obviously a bad >> idea in the first place. >> This is like putting rabid weasels in your pants, and later expressing >> regret at having chosen those particular rabid weasels and that pair >> of pants. >> ---maf > --=20 I don't think the execution is relevant when it was obviously a bad idea in the first place. This is like putting rabid weasels in your pants, and later expressing regret at having chosen those particular rabid weasels and that pair of pants. ---maf From nobody Mon Sep 4 15:45:37 2017 Return-Path: X-Original-To: sfc@ietfa.amsl.com Delivered-To: sfc@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EF2F81321A0; Mon, 4 Sep 2017 15:45:35 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -14.521 X-Spam-Level: X-Spam-Status: No, score=-14.521 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iPPcEYlhsYLQ; Mon, 4 Sep 2017 15:45:31 -0700 (PDT) Received: from rcdn-iport-6.cisco.com (rcdn-iport-6.cisco.com [173.37.86.77]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F0C24132192; Mon, 4 Sep 2017 15:45:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=40418; q=dns/txt; s=iport; t=1504565130; x=1505774730; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=phDkuN7ScO5fRywypEwmmfH78ODCoXoOP4/DRjPJtWA=; b=SOAaNJkCBIhQpetREWvKHvrqq1piaWBZmZsKanGP2njB6h3r5p/eBjj8 Z82mOQ+W1SurwlsIEdafhLFBE+QbYaGxsEsTGf2NKhQ9AoLKB70YxgOY3 elulK8DaCooOB38u98xihAR0dNwEhvO3JR2aNrrHbtIMxDqQ216LR/zhm 8=; X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0BIAQBe1q1Z/4YNJK1TChkBAQEBAQEBA?= =?us-ascii?q?QEBAQcBAQEBAYNaZIEVB4NwiiCQIYFPIneVMQ6CBAojhRsCGoQDPxgBAgEBAQE?= =?us-ascii?q?BAQFrKIUYAQEBAQIBDgwJBA0xAgcLBQsCAQgSBgICJgICAjAVAg4CBA4FHooLC?= =?us-ascii?q?BCwdYFtOotTAQEBAQEBAQEBAQEBAQEBAQEBAQEBGAWBDYIdgWIggU6BYysLgWV?= =?us-ascii?q?YNYRKBQ4YgxMwgjEFiXiOPIhAAodZg1qJHIIThWeDfoZ5iiCKXgIDCwIYAYE4A?= =?us-ascii?q?R84gQ13FR88AYUCAxwZgU52iHaBMYEPAQEB?= X-IronPort-AV: E=Sophos;i="5.41,476,1498521600"; d="scan'208";a="291279397" Received: from alln-core-12.cisco.com ([173.36.13.134]) by rcdn-iport-6.cisco.com with ESMTP/TLS/DHE-RSA-AES256-SHA; 04 Sep 2017 22:45:28 +0000 Received: from XCH-RTP-017.cisco.com (xch-rtp-017.cisco.com [64.101.220.157]) by alln-core-12.cisco.com (8.14.5/8.14.5) with ESMTP id v84MjSEB014577 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Mon, 4 Sep 2017 22:45:28 GMT Received: from xch-rtp-020.cisco.com (64.101.220.160) by XCH-RTP-017.cisco.com (64.101.220.157) with Microsoft SMTP Server (TLS) id 15.0.1263.5; Mon, 4 Sep 2017 18:45:27 -0400 Received: from xch-rtp-020.cisco.com ([64.101.220.160]) by XCH-RTP-020.cisco.com ([64.101.220.160]) with mapi id 15.00.1263.000; Mon, 4 Sep 2017 18:45:27 -0400 From: "Carlos Pignataro (cpignata)" To: Warren Kumari CC: IETF Discuss , IETF-Announce , "draft-ietf-sfc-nsh@ietf.org" , "Joel M. Halpern" , "sfc-chairs@ietf.org" , Service Function Chaining IETF list , Alia Atlas , James N Guichard Thread-Topic: Last Call: (Network Service Header (NSH)) to Proposed Standard Thread-Index: AQHTEvZcFCn6REBjS0aBK4QSCafTu6KLJ8CAgBSa4wCABfVJgIAABDUA Date: Mon, 4 Sep 2017 22:45:27 +0000 Message-ID: <9338757B-7BB7-4CEB-8442-129743A94C7B@cisco.com> References: <150249274009.24438.5552125434164888108.idtracker@ietfa.amsl.com> <2F5DB4AD-3672-43DE-B420-510B85440106@cisco.com> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-exchange-messagesentrepresentingtype: 1 x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [10.118.116.133] Content-Type: text/plain; charset="utf-8" Content-ID: <4E72CF69D9D5CB48BE43AC52CB700E99@emea.cisco.com> Content-Transfer-Encoding: base64 MIME-Version: 1.0 Archived-At: Subject: Re: [sfc] Last Call: (Network Service Header (NSH)) to Proposed Standard X-BeenThere: sfc@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Network Service Chaining List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 04 Sep 2017 22:45:36 -0000 V2FycmVuLA0KDQo+IE9uIFNlcCA0LCAyMDE3LCBhdCA2OjMwIFBNLCBXYXJyZW4gS3VtYXJpIDx3 YXJyZW5Aa3VtYXJpLm5ldD4gd3JvdGU6DQo+IA0KPiAiDQo+IA0KPiBPbiBUaHUsIEF1ZyAzMSwg MjAxNyBhdCAxMTozMSBQTSwgQ2FybG9zIFBpZ25hdGFybyAoY3BpZ25hdGEpDQo+IDxjcGlnbmF0 YUBjaXNjby5jb20+IHdyb3RlOg0KPj4gV2FycmVuLA0KPj4gDQo+PiBNYW55IHRoYW5rcyBmb3Ig dGFraW5nIHRoZSB0aW1lIHRvIHJldmlldyB0aGlzIGRvY3VtZW50ISBBbmQgYXBvbG9naWVzIGZv ciB0aGUgZGVsYXllZC1hY2suDQo+IA0KPiBObyB3b3JyaWVzIC0tIC0yMCBsb29rcyBnb29kLg0K DQpHb29kIHRvIGhlYXIgdGhhdCByZXYgLTIwIGFkZHJlc3NlcyBhbGwgeW91ciBjb25jZXJucy4N Cg0KVGhhdCB5b3UgZm9yIHRoZSBjb21tZW50cyB0aGF0IHJlc3VsdGVkIGluIGFuIGltcHJvdmVk LCBtb3JlIGNsZWFyLCBhbmQgbGVzcyBhbWJpZ3VvdXMgZG9jdW1lbnQuDQoNCj4gDQo+PiANCj4+ IElmIHJlYWRpbmcgcGFydHMgb2YgdGhpcyBkb2N1bWVudCwgYW5kIOKAnG9ubHkgc2tpbW1pbmcg c2VjdGlvbnMgNi4xIC0gU2VjdGlvbiA44oCdIGxlZnQgeW91IHNvIGNvbmZ1c2VkLCBiZXdpbGRl cmVkIGFuZCBkaXp6eSwgdGhlcmUgaXMgbm90aGluZyB3ZSBjYW4gc3RhcnQgd2l0aCBvdGhlciB0 aGFuIGFja25vd2xlZGdpbmcgdGhhdCB0aGVyZSBpcyBhbiBpc3N1ZSB0aGF0IHdlIHdpbGwgY29y cmVjdC4gSXQgaXMgYW4gaW5hZGVxdWF0ZSBvdXRjb21lLCBhbmQgd2Ugd2lsbCByZWN0aWZ5IGl0 LiBNdWNoIG9mIGl0IHNlZW1zIHRvIGVpdGhlciBiZSB0cmFja2VkIHRvIGxvY2FsaXplZCBzb3Vy Y2VzLCBvciBoYXMgcHJvcG9zZWQgcmVzb2x1dGlvbnMgaW4gdGhpcyByZXNwb25zZS4NCj4gDQo+ IEkgdGhpbmsgaXQgaXMgbGFyZ2VseSByZWN0aWZpZWQuDQo+IFRoZSBhZGRpdGlvbmFsIHRleHQg aW4gUzEsIGFuZCBGaWd1cmUgMSBnb2VzIGEgbG9uZyB3YXkgdG8gZml4aW5nIGl0Lg0KPiANCj4+ IA0KPj4gQmVmb3JlIGRpdmluZyBpbnRvIGlubGluZWQgaXNzdWUtYnktaXNzdWUgY29tbWVudHMs IHRoZXJl4oCZcyBhIGZldyBoaWdoLWxldmVsIG9ic2VydmF0aW9ucyBJ4oCZZCBsaWtlIHRvIG1h a2UgaW4gcmVzcG9uc2UgdG8geW91ciByZXZpZXc6DQo+PiANCj4+IDEuIFNldmVyYWwgb3RoZXIg cmV2aWV3ZXJzLCBpbmNsdWRpbmcgT3BzIERpciwgUlRHIERpciwgYW5kIEdlbkFSVCwgbWFuYWdl ZCB0byByZWFkIGFuZCB1bmRlcnN0YW5kIHRoZSBkb2N1bWVudCwgcHJvdmlkZSBjb25zdHJ1Y3Rp dmUgY29tbWVudHMsIGFuZCBzdXJ2aXZlIHRoZSBleHBlcmllbmNlIHVuaGFybWVkIDotKSBKdXN0 IHRvIGJlIGNsZWFyLCB0aGF0IGRvZXMgbm90IG1lYW4gdGhhdCB0aGUgZG9jdW1lbnQgaXMgYXMg Y2xlYXIgYXMgaXQgb3VnaHQgdG8gYmUsIG9yIG90aGVyd2lzZSBuZWdhdGVzIHlvdXIgY29uZnVz aW9uLiBXZSB3aWxsIGltcHJvdmUgaXQgYW5kIGZpeCBpdC4NCj4+IA0KPj4gMi4gWW91ciBzdWdn ZXN0aW9uIG9mICJhIGNsZWFyIG1vZGVsIGF0IHRoZSBiZWdpbm5pbmcgb2YgdGhlIGRvY3VtZW50 4oCdIGlzIHNwb3Qgb24uIFdlIHdpbGwgYWRkIGJvdGggYSBtb2RlbCBhbmQgc29tZSBwcm9zZSBl YXJseSBvbi4gSW4gZmFjdCwgSmltIEd1aWNoYXJkIHN1Z2dlc3RlZCBhbiBvdXRsaW5lIGFuZCB2 b2x1bnRlZXJlZCB0byBjcmFmdCBhIGJpdCBvZiB0aGF0IHRleHQuDQo+IA0KPiANCj4gV2luIC0g YXMgc2FpZCBhYm92ZSwgdGhpcyBtYWRlIGEgaHVnZSBkaWZmZXJlbmNlIChhdCBsZWFzdCwgZm9y IG1lIDotKSkNCg0KV2luLXdpbiwgdGhlIGRvYyBsb29rcyBiZXR0ZXIgbm93Lg0KDQo+IA0KPj4g DQo+PiBFYXJsaWVyIHZlcnNpb24gb2YgdGhpcyBkb2N1bWVudCBpbmNsdWRlZCBhIG51bWJlciBv ZiBleGFtcGxlcyB0aGF0LCBpbiBvdXIgdmlldywgd291bGQgaGF2ZSBjbGFyaWZpZWQgbXVjaCBj b25mdXNpb24uIFNlZSBodHRwczovL3Rvb2xzLmlldGYub3JnL2h0bWwvZHJhZnQtaWV0Zi1zZmMt bnNoLTA1I3NlY3Rpb24tOS4gU2V2ZXJhbCBmb2xrcywgaW5jbHVkaW5nIHRoZSByZXNwb25zaWJs ZSBBRCwgb2JqZWN0ZWQgdG8gdGhhdCBzZWN0aW9uIChvbiBncm91bmRzIG9mIHRoZSBpbmFiaWxp dHkgb2YgYW4gZXhhbXBsZSBzZWN0aW9uIHRvIGluY2x1ZGUgZXZlcnlvbmXigJlzIGZhdm9yaXRl IGVuY2Fwc3VsYXRpb24pLiBUaGVyZSBpcyBzb21lIHRydXRoIHRvIHRoYXQuDQo+PiANCj4+IFRo YXQgc2FpZCwgZG8geW91IGJlbGlldmUgdGhhdCBzdWNoIGV4YW1wbGUgc2VjdGlvbiBtaWdodCBo YXZlIGhlbHBlZCB5b3U/IChUaGlzIGlzLCBpbiBhZGRpdGlvbiB0byBzb21lIGVhcmx5LW9uIGNs YXJpZmljYXRpb25zKS4NCj4gDQo+IFllcywgSSB0aGluayB0aGF0IGl0IHdvdWxkIGhhdmUgbWFk ZSBpdCBtdWNoIGNsZWFyZXIsIGF0IGxlYXN0IHRvIG1lLg0KPiBJdCBzZWVtcyB0aGF0IHRoZXJl IGNvdWxkIGJlIGEgYnVuY2ggb2YgInRoaXMgaXMganVzdCBvbmUNCj4gZW5jYXBzdWxhdGlvbiwg eW91IGNhbiB1c2Ugd2hhdGV2ZXIgb25lIHN1aXRzIHlvdSIgb3Igc2ltaWxhciB0byBoZWxwDQo+ IG1pdGlnYXRlIHRoZSAiYnV0IEkgbGlrZSAkZm9vLCB3aHkgZGlkbid0IHlvdSB1c2UgdGhhdCBv bmU/IeKAnS4NCg0KT0ssIHdlIHdpbGwgdGhpbmsgb2YgYSB3YXkgdG8gbWl0aWdhdGUgdGhlIOKA nG15IGZhdm9yaXRlIGVuY2Fwc3VsYXRpb24gaXMgbm90IHRoZXJl4oCdLCBhbmQgd2VpZ2h0IHBy b3MvY29ucy4NCg0KPiANCj4+IA0KPj4gMy4gSXQgaXMgb3V0c2lkZSB0aGUgc2NvcGUgb2YgdGhp cyBkb2N1bWVudCB0byBwYXJ0YWtlIGludG8gcmVsaWdpb3VzIGRlYmF0ZXMgb2YgdGhlIG1lYW5p bmcgb2YgZW5jYXBzdWxhdGlvbiB2ZXJzdXMgdHVubmVsaW5nIHZlcnN1cyBzaGltbWluZy4NCj4+ IA0KPj4gSW4gZmFjdCwgdGhpcyBkb2N1bWVudCBkb2VzIG5vdCBpbmNsdWRlIHRoZSB3b3JkIOKA nHNoaW3igJ0sIHdoYXRzb2V2ZXIuIFlvdSBzZWVtIHRvIGhhdmUgdGFrZW4gaW50ZWxsZWN0dWFs IG9mZmVuc2UgdG8gdGhlIGNvbWJpbmF0aW9uIOKAnGluc2VydGVkIG9udG/igJ0uIEFuZCBzdWJz ZXF1ZW50bHkgeW91IHNheTogJyppbnNlcnRlZCBvbnRvKiBzb3VuZHMgbGlrZSBhIHNoaW3igJks IGFuZCB0aGVuIGJ1aWxkIGEgcmVidXR0YWwgb2YgdGhlIHVzZSBvZiB0aGUgd29yZCDigJhzaGlt 4oCZIDotKSBJIGJlbGlldmUgcGFydCBvZiB0aGUgcHJvYmxlbSBpcyB0aGF0IHlvdSBhcmUgcmV2 aWV3aW5nIOKAnHNoaW3igJ0uLi4NCj4+IA0KPiANCj4gT2ssIGZhaXIuIEkgc3RpbGwgdGhpbmsg dGhhdCAiaW5zZXJ0ZWQgaW50byIgYW5kIHRoZSB0aXRsZSAiTmV0d29yaw0KPiBTZXJ2aWNlIEhl YWRlciIgbGVhZHMgdGhlIHJlYWRlciAob3IsIHBlcmhhcHMganVzdCBtZSEpIHRvIHRoaW5rIHNo aW0NCj4gLS0gYnV0IHRoZSAiaW5zZXJ0ZWQgaW50byIgaXMgbm93IGdvbmUsIGFuZCB0aGUgbmV3 IHRleHQgaW4gc2VjdGlvbiAxDQo+IGFuZCBmaWd1cmUgMSBmaXhlcyBhbGwgdGhhdC4gVGhhbmsg eW91IQ0KPiANCg0KWW91IGFyZSB3ZWxjb21lLg0KDQo+IA0KPiANCj4+IFNvLCBtb3ZpbmcgZm9y d2FyZCwgd2Ugd2lsbCBkbyBhIGNvdXBsZSBvZiB0aGluZ3M6DQo+PiANCj4+IEZpcnN0LCBhZGQg YSBtb2RlbCBhbmQgc29tZSB0ZXh0LCBlYXJseSBvbiBhdCB0aGUgYmVnaW5uaW5nIG9mIHRoZSBk b2N1bWVudC4gVGhpcyBpcyBuZWVkZWQgZm9yIGlzc3VlICMxLg0KPj4gDQo+PiBTZWNvbmQsIHdh aXQgZm9yIHlvdXIgdGhvdWdodHMgYW5kIG90aGVyIGZvbGtz4oCZIGd1aWRhbmNlIG9uIHdoZXRo ZXIgdG8gcmUtaW5jbHVkZSB0aGUgbm93IHJlbW92ZWQg4oCcRXhhbXBsZXPigJ0gc2VjdGlvbi4g SXQgc2VlbXMgdG8gdXMgdGhhdCB0aGUgbG9vc2VuZXNzIGluIHNvbWUgdGV4dCBpcyBncmVhdGx5 IGFnZ3JhdmF0ZWQgYnkgdGhlIGxhY2sgb2YgcGFja2V0IGZvcm1hdHMuIFRoaXMgaXMgYWxzbyBy ZWxldmFudCB0byBpc3N1ZSAjMS4NCj4+IA0KPj4gV291bGQgeW91IGFncmVlPw0KPiANCj4gWXVw Lg0KPiANCj4+IA0KPj4gVGhpcmQsIHdlIHdpbGwgc2hhcnBlbiB0aGUgdGV4dCB0aHJvdWdob3V0 IGluIHRoZSB1c2Ugb2YgZW5jYXAuDQo+PiANCj4+IElzc3VlICM0IHJlbWFpbnMgdW5yZXNvbHZl ZCwgYXMgSSB3b3VsZCBsaWtlIHRvIGNoZWNrIGFuZCBub3QgYnJlYWsgdGhlIGJhbGFuY2Ugb2Yg dGV4dC4gSSB3aWxsIHB1bnQgdGhpcyB0byB0aGUgU2hlcGhlcmQuDQo+PiANCj4+IEluIHN1bW1h cnksIHdlIHdpbGwgY2xhcmlmeSBpc3N1ZXMgIzEgYW5kICMzIGZvciBOU0gsIGFuZCB3b3VsZCBs aWtlIHRvIHJlLWFkZCBwYWsgZm9ybWF0cy4gQWxsIG90aGVyIGlzc3VlcyBoYXZlIHByb3Bvc2Vk IHJlc29sdXRpb25zIGlubGluZS4NCj4+IA0KPj4gVGhhbmtzIGFnYWluIGZvciBwb2ludGluZyBh bGwgb2YgdGhlc2Ugb3V0Lg0KPiANCj4gVGhhbmsgeW91LCBhbmQgdGhhbmsgeW91IGZvciB0YWtp bmcgdGhlbSBpbiBhIGNvbnN0cnVjdGl2ZSBtYW5uZXIuDQoNCk9mIGNvdXJzZSEgDQoNCkFzIEkg c2FpZCwgdGhlIG5ldyByZXZpc2lvbiBhZGRyZXNzaW5nICJ0aGUgc3Bpcml0IG9mIiB5b3VyIGNv bW1lbnRzIGlzIGltcHJvdmVkLg0KDQo+IA0KPj4gDQo+PiBQbGVhc2UgZmluZCByZXNwb25zZXMg YW5kIGZvbGxvdy11cHMgaW5saW5lLg0KPj4gDQo+PiBXZSB3aWxsIGNvbWUgYmFjayB3aXRoIHBy b3Bvc2VkIGRpZmZzIGZvciB0aGUgdHdvIHBlbmRpbmcgaXNzdWVzIGxhYmVsZWQg4oCcbWFqb3Li gJ0gKCMxIGFuZCAjNCkuDQo+PiANCj4+IEFkZGl0aW9uYWxseSwgYWxsIE5pdHMgYXJlIGFkZHJl c3NlZCBpbiBvdXIgd29ya2luZyBjb3B5LiBNYW55IHRoYW5rcyBmb3IgdGFraW5nIHRoZSB0aW1l IHRvIGlkZW50aWZ5IGFsbCB0aG9zZSBhbmQgcHJvcG9zZSBzdWdnZXN0aW9ucy4gU29tZSBvZiB0 aGVtIGFyZSBmaXhlZCBkaWZmZXJlbnRseSB0aG91Z2ggKHdoZW4geW91IHdyb3RlIOKAnEFzIFNG IG9yIFNGQyBQcm94eSAtPiBBIFNGIG9yIFNGQyBQcm94eeKAnSwgdGhhdCBpcyBhY3R1YWxseSDi gJxBbiBTRuKAnSAoZ3JhbW1hcikuDQo+IA0KPiBTdXJlLg0KPiANCj4+IA0KPj4gQXMgYW4gYXNp ZGUsIGFuZCBhcyBhIHJldmlldyBvZiB5b3VyIHJldmlldywgdHdvIHF1aWNrIHN1Z2dlc3Rpb25z Og0KPj4gDQo+PiAxLiBUaGUgc3RyZWFtLW9mLWNvdW5jaW91c25lc3MgbmFycmF0aXZlIHZlcnkg cG9vcmx5IHN1aXRzIGEgdGVjaG5pY2FsIHJldmlldyBvZiBhIHNwZWMuIFdoaWxlIEkgYW0gc3Vy ZSBhIHBsdXJhbGl0eSBvZiB0aG91Z2h0cyBpbnRlcmNvbm5lY3QsIHNvbWVob3csIGl0IGlzIHZl cnkgaGFyZCB0byBmb2xsb3cuDQo+PiANCj4gDQo+IEZhaXIgZW5vdWdoLiBTb3JyeS4NCj4gDQo+ PiAyLiBXaGlsZSBJIGFtIHN1cmUgeW91IGtub3cgdGhlIGxlZ2VuZCBmb3Ig4oCcW09dIFtQXSBh bmQgW1Jd4oCdLCB0aGUgZmlyc3QgdGhpbmcgdGhhdCBjYW1lIHRvIG1pbmQgdG8gbWUgd2FzIOKA nHdlbGwsIFtRXSBpcyBtaXNzaW5nIeKAnSA6LSkgSSBjYW4gZ3Vlc3MgT3JpZ2luYWwsIFByb3Bv c2VkLCBSZWFzb24vUmF0aW9uYWwgYWZ0ZXIgYSB3aGlsZSwgYnV0IHJlYWxseSwgaXQgZG9lcyBu b3QgdW5pdmVyc2FsbHkgdHJhbnNsYXRlLi4uDQo+IA0KPiBZdXAsIHdhcyBPcmlnaW5hbCAvIFBy b3Bvc2VkIC8gUmVhc29uIC0gYnV0LCBJJ2xsIHRyeSByZW1lbWJlciB0bw0KPiBpbmNsdWRlIGEg bG9va3VwIGtleSBpbiB0aGUgZnV0dXJlIDotKQ0KDQpPOiDigJxidXQsIEnigJlsbCB0cnkgcmVt ZW1iZXLigJ0NClA6IOKAnGNvbnNlcXVlbnRseSwgSSB3aWxsIHRyeSB0byByZW1lbWJlcuKAnQ0K UjogR3JhbW1hciEgOi0pDQoNCuKAlCBDYXJsb3MuDQoNCj4gDQo+IFRoYW5rIGFnYWluLA0KPiBX DQo+IA0KPj4gDQo+PiANCj4+PiBPbiBBdWcgMTgsIDIwMTcsIGF0IDg6NTEgUE0sIFdhcnJlbiBL dW1hcmkgPHdhcnJlbkBrdW1hcmkubmV0PiB3cm90ZToNCj4+PiANCj4+PiBPbiBGcmksIEF1ZyAx MSwgMjAxNyBhdCA3OjA1IFBNLCBUaGUgSUVTRyA8aWVzZy1zZWNyZXRhcnlAaWV0Zi5vcmc+IHdy b3RlOg0KPj4+PiANCj4+Pj4gVGhlIElFU0cgaGFzIHJlY2VpdmVkIGEgcmVxdWVzdCBmcm9tIHRo ZSBTZXJ2aWNlIEZ1bmN0aW9uIENoYWluaW5nIFdHIChzZmMpDQo+Pj4+IHRvIGNvbnNpZGVyIHRo ZSBmb2xsb3dpbmcgZG9jdW1lbnQ6IC0gJ05ldHdvcmsgU2VydmljZSBIZWFkZXIgKE5TSCknDQo+ Pj4+IDxkcmFmdC1pZXRmLXNmYy1uc2gtMTgudHh0PiBhcyBQcm9wb3NlZCBTdGFuZGFyZA0KPj4+ PiANCj4+Pj4gVGhlIElFU0cgcGxhbnMgdG8gbWFrZSBhIGRlY2lzaW9uIGluIHRoZSBuZXh0IGZl dyB3ZWVrcywgYW5kIHNvbGljaXRzIGZpbmFsDQo+Pj4+IGNvbW1lbnRzIG9uIHRoaXMgYWN0aW9u LiBQbGVhc2Ugc2VuZCBzdWJzdGFudGl2ZSBjb21tZW50cyB0byB0aGUNCj4+Pj4gaWV0ZkBpZXRm Lm9yZyBtYWlsaW5nIGxpc3RzIGJ5IDIwMTctMDgtMjUuIEV4Y2VwdGlvbmFsbHksIGNvbW1lbnRz IG1heSBiZQ0KPj4+PiBzZW50IHRvIGllc2dAaWV0Zi5vcmcgaW5zdGVhZC4gSW4gZWl0aGVyIGNh c2UsIHBsZWFzZSByZXRhaW4gdGhlIGJlZ2lubmluZyBvZg0KPj4+PiB0aGUgU3ViamVjdCBsaW5l IHRvIGFsbG93IGF1dG9tYXRlZCBzb3J0aW5nLg0KPj4+PiANCj4+Pj4gQWJzdHJhY3QNCj4+Pj4g DQo+Pj4+IA0KPj4+PiAgVGhpcyBkb2N1bWVudCBkZXNjcmliZXMgYSBOZXR3b3JrIFNlcnZpY2Ug SGVhZGVyIChOU0gpIGluc2VydGVkIG9udG8NCj4+Pj4gIHBhY2tldHMgb3IgZnJhbWVzIHRvIHJl YWxpemUgc2VydmljZSBmdW5jdGlvbiBwYXRocy4gIE5TSCBhbHNvDQo+Pj4+ICBwcm92aWRlcyBh IG1lY2hhbmlzbSBmb3IgbWV0YWRhdGEgZXhjaGFuZ2UgYWxvbmcgdGhlIGluc3RhbnRpYXRlZA0K Pj4+PiAgc2VydmljZSBwYXRocy4gIE5TSCBpcyB0aGUgU0ZDIGVuY2Fwc3VsYXRpb24gcmVxdWly ZWQgdG8gc3VwcG9ydCB0aGUNCj4+Pj4gIFNlcnZpY2UgRnVuY3Rpb24gQ2hhaW5pbmcgKFNGQykg YXJjaGl0ZWN0dXJlIChkZWZpbmVkIGluIFJGQzc2NjUpLg0KPj4+PiANCj4+PiANCj4+PiA8bm8g aGF0cz4NCj4+PiANCj4+PiBJbiBteSBvcGluaW9uIHRoaXMgZG9jdW1lbnQgc3RpbGwgbmVlZHMg c2lnbmlmaWNhbnQgd29yay4gQ2hyaXN0aWFuJ3MNCj4+PiBncmVhdCBTZWNEaXIgcmV2aWV3IGxp c3RzIG1hbnkgaXNzdWVzIHdoaWNoIG5lZWQgdG8gYmUgYWRkcmVzc2VkOw0KPj4+IHNpbmNlIGhl IGhhcyBhbHJlYWR5IHJhaXNlZCBjb25jZXJucywgSSBhbSBub3QgZm9jdXNpbmcgb24gdGhlDQo+ Pj4gc2VjdXJpdHkgYW5kIHByaXZhY3kgc3R1ZmYgaW4gbXkgYnV0IHJldmlldy4gSW5zdGVhZCwg SSdsbCBkaXNjdXNzDQo+Pj4gc29tZSBvZiB0aGUgb3RoZXIgaXNzdWVzLg0KPj4+IA0KPj4+IEkg b25seSBza2ltbWVkIHNlY3Rpb25zIDYuMSAtIFNlY3Rpb24gOC4NCj4+PiANCj4+PiBBcyB0aGlz IGlzIG91dHB1dCBvZiB0aGUgU0ZDIFdHLCB3aGljaCBpcyBjaGFydGVyZWQgdG8sIGFtb25nc3Qg b3RoZXINCj4+PiB0aGluZywgY3JlYXRlIGEgIkdlbmVyaWMgU0ZDIEVuY2Fwc3VsYXRpb24iICh3 aXRoIHNvbWUgbW9yZSBkZXRhaWxzKQ0KPj4+IEknbGwgdGFrZSBpdCBhcyBnaXZlbiB0aGF0IHRo aXMgaXMgZGVzaXJlZCAvIG5lZWRlZC4NCj4+PiANCj4+PiBJc3N1ZXM6DQo+Pj4gDQo+Pj4gSXNz dWUgMTogSSBmaW5kIHRoZSBlbnRpcmUgZG9jdW1lbnQgdG8gYmUgY29uZnVzaW5nIGFib3V0IHdo YXQgYW4gTlNIDQo+Pj4gYWN0dWFsbHkgaXMsIGFuZCBhZnRlciBzcGVuZGluZyBtdWNoIHRpbWUg cmVhZGluZywgYW0gc3RpbGwgZmFpcmx5DQo+Pj4gY29uZnVzZWQuDQo+Pj4gQSBjbGVhciBtb2Rl bCBhdCB0aGUgYmVnaW5uaW5nIG9mIHRoZSBkb2N1bWVudCB3aGljaCBleHBsYWlucyBob3cNCj4+ PiB0aGVzZSBiaXRzIGZpdCB0b2dldGhlciB3b3VsZCBiZSB2ZXJ5IGhlbHBmdWwuIEkgYW0gZmFt aWxpYXIgd2l0aA0KPj4+IFJGQzc2NjUgKHRoZSBhcmNoaXRlY3R1cmUgZG9jdW1lbnQpOyBteSBj b25mdXNpb24gc3RlbXMgZnJvbSB0aGlzDQo+Pj4gZHJhZnQuDQo+Pj4gDQo+Pj4gRm9yIGV4YW1w bGUgdGhlIEFic3RyYWN0IHNheXM6DQo+Pj4gIlRoaXMgZG9jdW1lbnQgZGVzY3JpYmVzIGEgTmV0 d29yayBTZXJ2aWNlIEhlYWRlciAoTlNIKSBpbnNlcnRlZCBvbnRvDQo+Pj4gcGFja2V0cyBvciBm cmFtZXMgdG8gcmVhbGl6ZSBzZXJ2aWNlIGZ1bmN0aW9uIHBhdGhzLiBOU0ggYWxzbyBwcm92aWRl cw0KPj4+IGEgbWVjaGFuaXNtIGZvciBtZXRhZGF0YSBleGNoYW5nZSBhbG9uZyB0aGUgaW5zdGFu dGlhdGVkIHNlcnZpY2UNCj4+PiBwYXRocy4gIE5TSCBpcyB0aGUgU0ZDIGVuY2Fwc3VsYXRpb24g cmVxdWlyZWQgdG8gc3VwcG9ydCB0aGUgU2VydmljZQ0KPj4+IEZ1bmN0aW9uIENoYWluaW5nIChT RkMpIGFyY2hpdGVjdHVyZSAiLg0KPj4+IA0KPj4+IE9oLCBvaywgc28gaXQgaXMgc29tZXRoaW5n IGluc2VydGVkIG9udG8gcGFja2V0cyBvciBmcmFtZXMuLi4NCj4+PiAqaW5zZXJ0ZWQgb250byog c291bmRzIGxpa2UgYSBzaGltLCBob3dldmVyLCAgIk5TSCBpcyB0aGUgU0ZDDQo+Pj4gZW5jYXBz dWxhdGlvbi4uLiIuICBpbmRpY2F0ZXMgdGhhdCBJIGhhZCB0aGUgd3JvbmcgbWVudGFsIG1vZGVs IGFuZA0KPj4+IHRoaXMgaXMgYWN0dWFsbHkgYW4gZW5jYXBzdWxhdGlvbiwga2luZGEgbGlrZSBH UkUuIChUaGlzIGlzIHJlaW5mb3JjZWQNCj4+PiB3aXRoIChlbmQgb2YgU2VjdGlvbiAxKSAiTlNI IGlzIHRoZSBTRkMgZW5jYXBzdWxhdGlvbiByZWZlcmVuY2VkIGluDQo+Pj4gW1JGQzc2NjVdLiIp IE9rLCBzbyB0aGlzIGVuY2Fwc3VsYXRlcyB0aGUgcGFja2V0LCBnb3QgaXQuLi4NCj4+PiBJIHJl YWQgc29tZSBtb3JlLCBhbmQgdGhlbiBmaW5kIChpbiBzZWN0aW9uIDIpIHRoYXQgIkFuIG91dGVy DQo+Pj4gdHJhbnNwb3J0IGhlYWRlciBpcyBpbXBvc2VkLCBvbiBOU0ggYW5kIHRoZSBvcmlnaW5h bCBwYWNrZXQvZnJhbWUsIGZvcg0KPj4+IG5ldHdvcmsgZm9yd2FyZGluZy4iLiBPaCwgc28gdGhp cyBpcyAqYWN0dWFsbHkqIGEgc2hpbSAvIGhlYWRlciB3aGljaA0KPj4+IGdvZXMgYmVmb3JlIHRo ZSBwYWNrZXQsIGFuZCB0aGVuIHRoZSB3aG9sZSB0aGluZyBnZXRzIGVuY2Fwc3VsYXRlZD8gSXQN Cj4+PiBzaG91bGRuJ3QgaGF2ZSBiZWVuIHRoaXMgaGFyZCB0byBmaWd1cmUgb3V0LCBidXQgT2ss IG5vdyBJIGdldCBpdC4uLk9yDQo+Pj4gZG8gST8gT2gsIGhhbmcgb24sIHdoYXQgdHJhbnNwb3J0 IGhlYWRlciBkbyBJIHVzZT8hDQo+Pj4gSXQgaXMgb25seSBtdWNoIG11Y2ggbGF0ZXIsIGluIFNl Y3Rpb24gNCAocGFnZSAxNSkgdGhhdCBJIGZpbmQgIk9uY2UNCj4+PiBOU0ggaXMgYWRkZWQgdG8g YSBwYWNrZXQsIGFuIG91dGVyIGVuY2Fwc3VsYXRpb24gaXMgdXNlZCB0byBmb3J3YXJkDQo+Pj4g dGhlIG9yaWdpbmFsIHBhY2tldCBhbmQgdGhlIGFzc29jaWF0ZWQgbWV0YWRhdGEgdG8gdGhlIHN0 YXJ0IG9mIGENCj4+PiBzZXJ2aWNlIGNoYWluLiAuLi4gVGhlIHNlcnZpY2UgaGVhZGVyIGlzIGlu ZGVwZW5kZW50IG9mIHRoZQ0KPj4+IGVuY2Fwc3VsYXRpb24gdXNlZCBhbmQgaXMgZW5jYXBzdWxh dGVkIGluIGV4aXN0aW5nIHRyYW5zcG9ydHMuICBUaGUNCj4+PiBwcmVzZW5jZSBvZiBOU0ggaXMg aW5kaWNhdGVkIHZpYSBwcm90b2NvbCB0eXBlIG9yIG90aGVyIGluZGljYXRvciBpbg0KPj4+IHRo ZSBvdXRlciBlbmNhcHN1bGF0aW9uLiIgLSBJJ20gbm93IHJlYWxseSBjb25mdXNlZCAtIGZpcnN0 IEkgdGhvdWdodA0KPj4+IGl0IHdhcyBhIHNoaW0gLyBoZWFkZXIsIHRoZW4gSSB0aG91Z2h0IGl0 IHdhcyBhbiBlbmNhcHN1bGF0aW9uLCBub3cgSQ0KPj4+IChmaW5hbGx5KSBzZWUgdGhhdCBpdCBp cyBhIGhlYWRlciB3aGljaCBnb2VzIGJlZm9yZSB0aGUgcGFja2V0DQo+Pj4gKGVuY2Fwc3VsYXRp bmcgaXQpIGJlZm9yZSBpdCBnZXRzIGVuY2Fwc3VsYXRlZCBhZ2FpbiBpbnRvIHNvbWV0aGluZw0K Pj4+IGVsc2UuIEl0IHdvdWxkIGJlIG11Y2ggYmV0dGVyIGlmIHRoZSBkb2N1bWVudCB3YXMgY2xl YXJlciBhdCB0aGUNCj4+PiBiZWdpbm5pbmcgYWJvdXQgaG93IGFsbCB0aGlzIGZpdHMgdG9nZXRo ZXIgLyB3aGF0IHRoZSBOU0ggYWN0dWFsbHkNCj4+PiAqaXMqIC0tIGFuIGFuYWxvZ3kgdG8gbGF5 ZXJpbmcsIG9yIGFzIGEgc2hpbSB3aGljaCBnb2VzIGJldHdlZW4gYQ0KPj4+IHR1bm5lbGluZyBo ZWFkZXIgYW5kIHRoZSBvcmlnaW5hbCBwYWNrZXQgd291bGQgbWFrZSB0aGlzIG11Y2ggY2xlYXJl cg0KPj4+IChhbmQgdGhlIHJlYWRlciBtdWNoIGxlc3MgYW5ub3llZCEpLg0KPj4gDQo+PiDigJxp bnNlcnRlZCBvbnRv4oCdIHN1YnN0aXR1dGVkIHdpdGgg4oCcaW1wb3NlZCBvbuKAnSA6LSkNCj4+ IA0KPj4gQXMgbWVudGlvbmVkLCB3ZSB3aWxsIGFsc28gYWRkIGNsYXJpZnlpbmcgdGV4dCB0byB0 aGUgaW50cm8uDQo+PiANCj4+PiANCj4+PiBJc3N1ZSAyOiBTZWN0aW9uIDEuMi4gIERlZmluaXRp b24gb2YgVGVybXMNCj4+PiAiTWV0YWRhdGE6ICBEZWZpbmVkIGluIFtSRkM3NjY1XS4iIC0gVGhl IGRlZmluaXRpb24gb2YgbWV0YWRhdGEgaW4NCj4+PiBSRkM3NjY1IHNheXM6ICJNZXRhZGF0YTog UHJvdmlkZXMgdGhlIGFiaWxpdHkgdG8gZXhjaGFuZ2UgY29udGV4dA0KPj4+IGluZm9ybWF0aW9u IGJldHdlZW4gY2xhc3NpZmllcnMgYW5kIFNGcywgYW5kIGFtb25nIFNGcy4iLiBUaGlzIGlzIG5v dA0KPj4+IGFuIGFkZXF1YXRlIGRlZmluaXRpb24gZm9yIHVzZSBpbiB0aGlzIGRvY3VtZW50IC0g dGhlIGRvY3VtZW50IGRlZmluZXMNCj4+PiBhIGNvbnRleHQgaGVhZGVyIHdoaWNoIGNhcnJpZXMg bWV0YWRhdGEsIGFuZCBpdCBuZWVkIHRvIGJlIGJldHRlcg0KPj4+IGRlZmluZWQgdGhhbiBzb21l dGhpbmcgd2hpY2ggcHJvdmlkZXMgYW4gYWJpbGl0eS4NCj4+PiBBcGFydCBmcm9tIFJGQzc2NjUg YWN0dWFsbHkgKmRlZmluaW5nKiBtZXRhZGF0YSwgaXQgZG9lc24ndCByZWFsbHkNCj4+PiBkZXNj cmliZSB3aGF0IHlvdSBkbyB3aXRoIGl0LiBBcyB0aGlzIGRvY3VtZW50IGRpc2N1c3NlcyBtZXRh ZGF0YSBtdWNoDQo+Pj4gbW9yZSAoYW5kIGhvdyB0byBjYXJyeSBpdCksIEkgdGhpbmsgdGhhdCBp dCBuZWVkcyB0byBtdWNoIGJldHRlcg0KPj4+IGRlZmluZSB3aGF0IGl0IGlzLCB3aGF0IGl0cyBw dXJwb3NlIGlzLCBhbmQgaG93IHRvIHVzZSBpdC4NCj4+PiANCj4+IA0KPj4gT0ssIG5ldyBkZWZp bml0aW9uLCBjb21tZW50cyB3ZWxjb21lOg0KPj4gDQo+PiAgICA8dCBoYW5nVGV4dD0iTWV0YWRh dGE6Ij4NCj4+ICAgICAgICAgICAgRGVmaW5lZCBpbiA8eHJlZiB0YXJnZXQ9IlJGQzc2NjUiPjwv eHJlZj4uDQo+PiBUaGUgbWV0YWRhdGEsIG9yIGNvbnRleHQgaW5mb3JtYXRpb24gc2hhcmVkIGJl dHdlZW4gY2xhc3NpZmllcnMgYW5kIFNGcywgYW5kIGFtb25nIFNGcywNCj4+IGlzIGNhcnJpZWQg b24gdGhlIE5TSCdzIENvbnRleHQgSGVhZGVycy4gSXQgYWxsb3dzIHN1bW1hcml6aW5nIGEgY2xh c3NpZmljYXRpb24gcmVzdWx0DQo+PiBpbiB0aGUgcGFja2V0IGl0c2VsZiwgYXZvaWRpbmcgc3Vi c2VxdWVudCByZS1jbGFzc2lmaWNhdGlvbnMuDQo+PiANCj4+ICAgICAgIEV4YW1wbGVzIG9mIG1l dGFkYXRhIGluY2x1ZGUgY2xhc3NpZmljYXRpb24gaW5mb3JtYXRpb24gdXNlZCBmb3INCj4+ICAg ICAgIHBvbGljeSBlbmZvcmNlbWVudCBhbmQgbmV0d29yayBjb250ZXh0IGZvciBmb3J3YXJkaW5n IHBvc3QNCj4+ICAgICAgIHNlcnZpY2UgZGVsaXZlcnkuDQo+PiANCj4+IA0KPj4gICAgICAgICAg ICA8L3Q+DQo+PiANCj4+IA0KPj4+IElzc3VlIDM6IFNlY3Rpb24gMi4gIE5ldHdvcmsgU2Vydmlj ZSBIZWFkZXINCj4+PiAiQW4gb3V0ZXIgdHJhbnNwb3J0IGhlYWRlciBpcyBpbXBvc2VkLCBvbiBO U0ggYW5kIHRoZSBvcmlnaW5hbA0KPj4+IHBhY2tldC9mcmFtZSwgZm9yIG5ldHdvcmsgZm9yd2Fy ZGluZy4iIC0gdGhpcyBpcyB2ZXJ5IHBvb3JseSB3b3JkZWQsDQo+Pj4gYW5kIEkgZG9uJ3QgcmVh bGx5IGtub3cgd2hhdCBJJ20gc3VwcG9zZWQgdG8gZG8gaGVyZS4gSSdtIGFzc3VtaW5nDQo+Pj4g dGhhdCBJJ20gc3VwcG9zZWQgdG8gY29uY2F0ZW5hdGUgdGhlIE5TSCBhbmQgdGhlIHBhY2tldCwg YW5kIHRoZW4NCj4+PiBlbmNhcHN1bGF0ZSB0aGlzIGluIHNvbWUgdHJhbnNwb3J0IG9mIG15IGNo b29zaW5nLCBidXQgdGhpcyBuZWVkcyBtb3JlDQo+Pj4gcHJlY2lzaW9uLg0KPj4+IA0KPj4gDQo+ PiBBZ3JlZWQuIFJld29yZGVkLiBIZXJl4oCZcyBhIHN1Z2dlc3Rpb24sIGV4cGxpY2l0IHRleHQg d2VsY29tZToNCj4+IA0KPj4gICAgICA8dD4NCj4+IEFuIE5TSCBpcyBpbXBvc2VkIG9uIHRoZSBv cmlnaW5hbCBwYWNrZXQvZnJhbWUuDQo+PiAgIFRoaXMgTlNIIGNvbnRhaW5zIHNlcnZpY2UgcGF0 aCBpbmZvcm1hdGlvbiBhbmQNCj4+ICAgb3B0aW9uYWxseSBtZXRhZGF0YSB0aGF0IGFyZSBhZGRl ZCB0byBhIHBhY2tldCBvciBmcmFtZSBhbmQgdXNlZCB0bw0KPj4gICBjcmVhdGUgYSBzZXJ2aWNl IHBsYW5lLiBTdWJzZXF1ZW50bHksIGFuIG91dGVyIGVuY2Fwc3VsYXRpb24gaXMgaW1wb3NlZCBv bg0KPj4gdGhlIE5TSCwgd2hpYyBpcyB1c2VkIGZvciBuZXR3b3JrIGZvcndhcmRpbmcuDQo+PiAg ICAgPC90Pg0KPj4gDQo+PiANCj4+PiBJc3N1ZSA0OiBUaGUgZG9jdW1lbnQgdGFsa3MgYWJvdXQg dXNpbmcgdGhlIFRUTCB0byBhdm9pZCBsb29wcywgYW5kDQo+Pj4gYWxzbyB0aGUgU2VydmljZSBJ bmRleCAoU0kpLiAiVGhlIFNlcnZpY2UgSW5kZXggTVVTVCBiZSBkZWNyZW1lbnRlZCBieQ0KPj4+ IGEgdmFsdWUgb2YgMSBieSBTZXJ2aWNlIEZ1bmN0aW9ucyBvciBieSBTRkMgUHJveHkgbm9kZXMg YWZ0ZXINCj4+PiBwZXJmb3JtaW5nIHJlcXVpcmVkIHNlcnZpY2VzICBhbmQgdGhlIG5ldyBkZWNy ZW1lbnRlZCBTSSB2YWx1ZSBNVVNUIGJlDQo+Pj4gdXNlZCBpbiB0aGUgZWdyZXNzIHBhY2tldOKA mXMgTlNILiAuLi4gQWRkaXRpb25hbGx5LCB3aGlsZSB0aGUgVFRMIGZpZWxkDQo+Pj4gaXMgdGhl IG1haW4gbWVjaGFuaXNtIGZvciBzZXJ2aWNlIHBsYW5lIGxvb3AgZGV0ZWN0aW9uLCB0aGUgU0kg Y2FuDQo+Pj4gYWxzbyBiZSB1c2VkIGZvciBkZXRlY3Rpbmcgc2VydmljZSBwbGFuZSBsb29wcy4i LiBNdWNoIGJldHRlciB0ZXh0IGlzDQo+Pj4gbmVlZGVkIGhlcmUgdG8gZGlzY3VzcyBob3cgdGhl c2UgaW50ZXJhY3QuIExldHMgc2F5IHRoZSBUVEwgaXMgMTQsIGFuZA0KPj4+IHRoZSBTSSBpcyAx LiBUaGUgcGFja2V0IGlzIG5vdyBoYW5kZWQgdG8gdGhlIG5leHQgU0YsIHdoaWNoIGRlY3JlbWVu dHMNCj4+PiBpdCB0byAwLiBOb3cgd2hhdD8gSXQgdGhpcyB0aGUgc2FtZSBhcyB0aGUgVFRMIGhp dHRpbmcgMD8gSWYgaXQgYW4NCj4+PiBlcnJvcj8gRG8gSSB3cmFwIGFuZCBnbyBiYWNrIHRvIDI1 NT8gV2hhdCBhcmUgdGhlcmUgMiBtZWNoYW5pc21zIGZvcg0KPj4+IHRoaXM/IE11Y2ggZnVydGhl ciBkb3duLCBpbiBTZWN0aW9uIDYuMSwgd2UgaGF2ZTogIlNJIHNlcnZlcyBhcyBhDQo+Pj4gbWVj aGFuaXNtIGZvciBkZXRlY3RpbmcgaW52YWxpZCBzZXJ2aWNlIGZ1bmN0aW9uIHBhdGhzLiAgSW4N Cj4+PiBwYXJ0aWN1bGFyLCBhbiBTSSB2YWx1ZSBvZiB6ZXJvIGluZGljYXRlcyB0aGF0IGZvcndh cmRpbmcgaXMgaW5jb3JyZWN0DQo+Pj4gYW5kIHRoZSBwYWNrZXQgbXVzdCBiZSBkaXNjYXJkZWQu IiBUaGlzIGFuc3dlcnMgbWFueSBvZiB0aGUgYWJvdmUsIGJ1dA0KPj4+IGhhdmluZyB0aGUgdGV4 dCBiZXR0ZXIgb3JnYW5pemVkIHdvdWxkIHNpbXBsaWZ5IHRoZSBkb2N1bWVudC4NCj4+PiANCj4+ IA0KPj4gSSBhbSBoZXNpdGFudCB0byB0b3VjaCB0aGF0IHRleHQgcmlnaHQgbm93IGFzIGl0IHN1 bW1hcml6ZXMgYSBkZWxpY2F0ZSBiYWxhbmNlIHJlYWNoZWQgYnkgdGhlIFdHLg0KPj4gDQo+PiBM ZXQgbWUgZ28gYmFjayB0byB0aGUgV0cgYW5kIHByb3Bvc2UgdGV4dCBmb3IgdGhpcy4NCj4+IA0K Pj4+IElzc3VlIDU6IFNlY3Rpb24gNi4gU2VydmljZSBQYXRoIEZvcndhcmRpbmcgd2l0aCBOU0gg U3Vic2VjdGlvbiA2LjEuDQo+Pj4gU0ZGcyBhbmQgT3ZlcmxheSBTZWxlY3Rpb24NCj4+PiBJJ20g YXNzdW1pbmcgdGhhdCB0aGVyZSBpcyBtdWNoIG1vcmUgZGV0YWlsIGluIG90aGVyIGRvY3VtZW50 cyB3aGljaA0KPj4+IGNvdmVyIGhvdyB0byB1c2UgdGhlIFNQSSAvIFNJIHRvIGRvIHRoZSBmb3J3 YXJkaW5nIC0tIGNhbiB5b3UgcGxlYXNlDQo+Pj4gaW5zZXJ0IGEgcmVmZXJlbmNlPyBJJ20gc29t ZXdoYXQgY29uZnVzZWQgYnkgdGhlIGxldmVsIG9mIGRldGFpbA0KPj4+IGJldHdlZW4gdGhpcyBk b2N1bWVudCBhbmQgPHdoYXRldmVyIHRoZSBvdGhlciBvbmUgaXM+LiBUaGlzIGRvZXNuJ3QNCj4+ PiBjb250YWluIGVub3VnaCB0byBpbXBsZW1lbnQsIGJ1dCBzZWVtIHRvIGluY2x1ZGUgbW9yZSB0 aGFuIEknZCBleHBlY3QNCj4+PiB0byBjbGFyaWZ5IGhvdyB0byBpbnRlcmZhY2Ugd2l0aCBzb21l IG90aGVyIGRvYy4NCj4+IA0KPj4gVGhlIGRldGFpbCBoZXJlIHNlZW1zIGFkZXF1YXRlLg0KPj4g DQo+Pj4gDQo+Pj4gDQo+Pj4gDQo+Pj4gDQo+Pj4gDQo+Pj4gUXVlc3Rpb25zIC8gY29uY2VybnM6 DQo+Pj4gU2VjdGlvbiAyLjIuICBOU0ggQmFzZSBIZWFkZXINCj4+PiAiVFRMOiBJbmRpY2F0ZXMg dGhlIG1heGltdW0gU0ZGIGhvcHMgZm9yIGFuIFNGUC4gIFRoaXMgZmllbGQgaXMgdXNlZA0KPj4+ IGZvciBzZXJ2aWNlIHBsYW5lIGxvb3AgZGV0ZWN0aW9uLiAuLi4gIEVhY2ggU0ZGIGludm9sdmVk IGluIGZvcndhcmRpbmcNCj4+PiBhbiBOU0ggcGFja2V0IE1VU1QgZGVjcmVtZW50IHRoZSBUVEwg dmFsdWUgYnkgMSBwcmlvciB0byBOU0gNCj4+PiBmb3J3YXJkaW5nIGxvb2t1cC4gIERlY3JlbWVu dGluZyBieSAxIGZyb20gYW4gaW5jb21pbmcgdmFsdWUgb2YgMA0KPj4+IHNoYWxsIHJlc3VsdCBp biBhIFRUTCB2YWx1ZSBvZiA2My4gIFRoZSBwYWNrZXQgTVVTVCBOT1QgYmUgZm9yd2FyZGVkDQo+ Pj4gaWYgVFRMIGlzLCBhZnRlciBkZWNyZW1lbnQsIDAuIg0KPj4+IFdoeSBkb2VzIGRlY3JlbWVu dGluZyBieSAxIGZyb20gMCByZXN1bHQgaW4gNjM/IFVuZGVyIHdoYXQgKHZhbGlkKQ0KPj4+IGNv bmRpdGlvbnMgd2lsbCBJIHJlY2VpdmUgYSBwYWNrZXQgd2l0aCBhbiBpbmNvbWluZyB2YWx1ZSBv ZiAwPyAod2h5DQo+Pj4gaXMgdGhpcyBub3QgYW4gZXJyb3I/KQ0KPj4+IA0KPj4gDQo+PiBXcmFw Pw0KPj4gDQo+Pj4gU2VjdGlvbiAyLjQuICBOU0ggTUQgVHlwZSAxDQo+Pj4gIldoZW4gdGhlIEJh c2UgSGVhZGVyIHNwZWNpZmllcyBNRCBUeXBlID0gMHgxLCBhIEZpeGVkIExlbmd0aCBDb250ZXh0 DQo+Pj4gSGVhZGVyICgxNi1ieXRlcykgTVVTVCBiZSBwcmVzZW50IGltbWVkaWF0ZWx5IGZvbGxv d2luZyB0aGUgU2VydmljZQ0KPj4+IFBhdGggSGVhZGVyLCBhcyBwZXIgRmlndXJlIDQuICBUaGUg dmFsdWUgb2YgYSBGaXhlZCBMZW5ndGggQ29udGV4dA0KPj4+IEhlYWRlciB0aGF0IGNhcnJpZXMg bm8gbWV0YWRhdGEgTVVTVCBiZSBzZXQgdG8gemVyby4iLiAiVGhpcw0KPj4+IHNwZWNpZmljYXRp b24gZG9lcyBub3QgbWFrZSBhbnkgYXNzdW1wdGlvbnMgYWJvdXQgdGhlIGNvbnRlbnQgb2YgdGhl DQo+Pj4gMTYgYnl0ZSBDb250ZXh0IEhlYWRlciB0aGF0IG11c3QgYmUgcHJlc2VudCB3aGVuIHRo ZSBNRCBUeXBlIGZpZWxkIGlzDQo+Pj4gc2V0IHRvIDEsIGFuZCBkb2VzIG5vdCBkZXNjcmliZSB0 aGUgc3RydWN0dXJlIG9yIG1lYW5pbmcgb2YgdGhlDQo+Pj4gaW5jbHVkZWQgbWV0YWRhdGEuIi4g U28sIHRoZSBzcGVjaWZpY2F0aW9uIGRvZXNuJ3QgbWFrZSBhbnkNCj4+PiBhc3N1bXB0aW9ucyBh Ym91dCB0aGUgRml4ZWQgTGVuZ3RoIENvbnRleHQgSGVhZGVyIChJIGd1ZXNzIGl0IGlzIGFuDQo+ Pj4gb3BhcXVlIGJsb2IpLCBidXQgaWYgaXQgaGFzIG5vIG1ldGFkYXRhIGlzIG11c3QgYmUgMD8g QW5kIGlmIHRoZXJlIGlzDQo+Pj4gbm8gbWV0YWRhdGEsIHdoeSAgd291bGQgSSBuZWVkIHRvIHdh c3RlIDE2IGJ5dGVzPyBBbmQgdGhpcyBkb2N1bWVudA0KPj4+IGRlZmluZXMgMiBNRCB0eXBlcyAt LSB3aHkgd291bGQgSSB1c2UgdGhpcyBvbmUgaW5zdGVhZCBvZiBhIFR5cGUgMj8NCj4+PiAod2hp Y2ggc2VlbXMgY2xlYW5lciwgYW5kIHNob3J0ZXIpLg0KPj4gDQo+PiBUaGVyZSBhcmUgdHdvIE1E IFR5cGVzIHRvIHVzZS4gRml4ZWQgaXMgSFcgZnJpZW5kbHksIFRMViBpcyBTVyBmcmllbmRseS4N Cj4+IA0KPj4gQXMgdXN1YWwsIHRoZXJlIGlzIGEgdHJhZGVvZmYsIGFuZCB5b3UgY2hvb3NlIE1E IFR5cGUgYmFzZWQgb24gd2hhdCB5b3Ugd2FudCB0byBvcHRpbWl6ZSBmb3IuDQo+PiANCj4+IA0K Pj4+IEtpbmQgb2YgcmVsYXRlZCB0byBJc3N1ZSAyLCBJDQo+Pj4gdGhpbmsgdGhhdCB0aGVyZSBu ZWVkcyB0byBiZSBtb3JlIGRpc2N1c3Npb25zIChwZXJoYXBzIGluIHNvbWUgb3RoZXINCj4+PiBk b2N1bWVudCwgd2hpY2ggbmVlZHMgYSByZWZlcmVuY2UpIHdoYXQgdGhlIHB1cnBvc2Ugb2YgdGhl IG1ldGFkYXRhDQo+Pj4gaXMsIHdoeSBpdCBpcyBzb21ldGltZXMgbWV0YWRhdGEgYW5kIHNvbWV0 aW1lcyBDb250ZXh0IEhlYWRlciwgd2hhdCBhDQo+Pj4gcmVjZWl2ZXIgaXMgc3VwcG9zZWQgdG8g ZG8gd2l0aCB0aGlzLCBldGMuDQo+Pj4gDQo+PiANCj4+IENvbnRleHQgaGVhZGVyIGNhcnJpZXMg bWV0YWRhdGEuDQo+PiANCj4+PiBTZWN0aW9uIDIuNDoNCj4+PiAiQW4gU0ZDLWF3YXJlIFNGIE1V U1QgcmVjZWl2ZSB0aGUgZGF0YSBzZW1hbnRpY3MgZmlyc3QgaW4gb3JkZXIgdG8NCj4+PiBwcm9j ZXNzIHRoZSBkYXRhIHBsYWNlZCBpbiB0aGUgbWFuZGF0b3J5IGNvbnRleHQgZmllbGQuICBUaGUg ZGF0YQ0KPj4+IHNlbWFudGljcyBpbmNsdWRlIGJvdGggdGhlIGFsbG9jYXRpb24gc2NoZW1hIGFu ZCB0aGUgbWVhbmluZyBvZiB0aGUNCj4+PiBpbmNsdWRlZCBkYXRhLiAgSG93IGFuIFNGQy1hd2Fy ZSBTRiBnZXRzIHRoZSBkYXRhIHNlbWFudGljcyBpcyBvdXRzaWRlDQo+Pj4gdGhlIHNjb3BlIG9m IHRoaXMgc3BlY2lmaWNhdGlvbi4iICAtLSByZWxhdGVkIHRvIHRoZSBhYm92ZSwgSSBzdGlsbA0K Pj4+IGRvbid0IGdldCB0aGlzLiBJcyAidGhlIGRhdGEgcGxhY2VkIGluIHRoZSBtYW5kYXRvcnkg Y29udGV4dCBmaWVsZCIgPT0NCj4+PiAibWV0YWRhdGEiPyAgQW5kIHRoZXJlIGlzIG5vIHR5cGUg aW5mb3JtYXRpb24gYXNzb2NpYXRlZCwgc28gcmVjZWl2ZXINCj4+PiBjYW5ub3QgbG9vayBhdCBp dCBhbmQga25vdyB3aGF0IGl0IGlzLCBvdGhlciB0aGFuICJJIGV4cGVjdGVkIGEgYmxvYiwNCj4+ PiB0aGlzIGlzIGEgYmxvYiwgYmxvYnMgSSByZWNlaXZlIHNob3VsZCBiZSBvZiB0eXBlIFgsIGxl dCBtZSB0cnkNCj4+PiBkZWNvZGVkIGl0IGFzIG9uZT8iIC0tIHNob3VsZG4ndCB0aGVyZSBiZSBz b21lIHNvcnQgb2YgaGludCBpbiB0aGUgTlNIDQo+Pj4gYXMgdG8gd2hhdCB0aGUgY29udGV4dCBm aWVsZCBpcyBjYXJyeWluZyAobGlrZSBUeXBlIDIgaGFzKT8gSSd2ZQ0KPj4+IGxvb2tlZCBhdCAg SS1ELmd1aWNoYXJkLXNmYy1uc2gtZGMtYWxsb2NhdGlvbiBhbmQNCj4+PiBJLUQubmFwcGVyLXNm Yy1uc2gtYnJvYWRiYW5kLWFsbG9jYXRpb24gd2hpY2ggZGlzY3VzcyBob3cgYml0cyBpbiB0aGUN Cj4+PiBjb250ZXh0IGhlYWRlciBjYW4gYmUgYWxsb2NhdGVkLCBidXQgd291bGQgYSByZWNlaXZl ciBkaWZmZXJlbnRpYXRlDQo+Pj4gd2hpY2ggdHlwZSBpcyBpbiB1c2UgKG90aGVyIHRoYW4gYmVp bmcgY29uZmlndXJlZCB0byBrbm93IHRoYXQgYmxvYnMNCj4+PiBhcmUgYWx3YXlzIG9mIHR5cGUg WCkuIEFnYWluLCBJJ20gaG9waW5nIHRoYXQgdGhlcmUgaXMgYW4gU0ZDIGRvY3VtZW50DQo+Pj4g d2hpY2ggZXhwbGFpbnMgdGhlIGFyY2hpdGVjdHVyZSBpbiBtb3JlIGRldGFpbCB0aGVuIFJGQzc2 NjUuDQo+PiANCj4+IE1EIFR5cGUgMSBpcyBub3Qgc2VsZi1kZXNjcmliaW5nLg0KPj4gDQo+Pj4g DQo+Pj4gU2VjdGlvbiAgMi41LjEuICBPcHRpb25hbCBWYXJpYWJsZSBMZW5ndGggTWV0YWRhdGEN Cj4+PiBPcHRpb25hbCB2YXJpYWJsZSBsZW5ndGggQ29udGV4dCBIZWFkZXJzIGhhdmUgYSBDbGFz cyAoc2NvcGUgb2YgdGhlDQo+Pj4gVHlwZSksIGEgVHlwZSAoZXhwbGljaXQgdHlwZSBvZiBtZXRh ZGF0YSwgZGVmaW5lZCBieSB0aGUgQ2xhc3Mgb3duZXIpLA0KPj4+IGFuZCBhIExlbmd0aC4NCj4+ PiBBIGxlbmd0aCBvZiAwIG1lYW5zIHRoYXQgdGhlIGNvbnRleHQgaGVhZGVyIGhhcyBubyBkYXRh LiBJdCB3b3VsZCBiZQ0KPj4+IHVzZWZ1bCB0byBleHBsYWluIHdoYXQgdGhpcyBhY3R1YWxseSBt ZWFucyAtLSBpdCBzb3VuZHMgbGlrZSBhIG1lc3NhZ2UNCj4+PiB3aXRoIG5vIGNvbnRlbnQsIGJ1 dCBwZXJoYXBzIHJlY2VpdmVycyBhcmUgc3VwcG9zZWQgdG8gdXNlIHRoZSBUeXBlIGluDQo+Pj4g dGhpcyBjYXNlIHRvIGRvIHNvbWV0aGluZz8NCj4+IA0KPj4gWWVzIDotKSBQcmVjaXNlbHkuDQo+ PiANCj4+PiANCj4+PiBTZWN0aW9uIDMuICBOU0ggQWN0aW9ucw0KPj4+ICJOU0gtYXdhcmUgbm9k ZXMgYXJlIHRoZSBvbmx5IG5vZGVzIHRoYXQgbWF5IGFsdGVyIHRoZSBjb250ZW50IG9mIE5TSA0K Pj4+IGhlYWRlcnMuIiAtLSB0aGlzIHNlbnRlbmNlIGlzIG5vbnNlbnNpY2FsLiBJZiBhIG5vZGUg ZG9lc24ndCBrbm93DQo+Pj4gc29tZXRoaW5nIGlzIGFuIE5TSCAoaXMgaXQgbm90IE5TSC1hd2Fy ZSksIHRlbGxpbmcgaXQgbm90IHRvIHRvdWNoIE5TSA0KPj4+IGhlYWRlcnMgaXMgYmFzaWNhbGx5 ICJEZXZpY2VzIG9uIHRoZSBJbnRlcm5ldCBzaG91bGRuJ3QgcG9rZSBhdCB0aGluZ3MNCj4+PiB0 aGF0IHRoZXkgZG9uJ3QgdW5kZXJzdGFuZOKAnS4NCj4+IA0KPj4gSXQgbWlnaHQgYmUgb2J2aW91 cyBvciByZWR1bmRhbnQsIGJ1dCBpdCBpcyBub3Qgbm9uc2Vuc2ljYWwuDQo+PiANCj4+IFdlIHdp bGwgcmV3b3JkIGl0IHRob3VnaC4gOi0pDQo+PiANCj4+PiANCj4+PiBTZWN0aW9uIDM6DQo+Pj4g IkF0IHRoZSBlbmQgb2YgYSBzZXJ2aWNlIGZ1bmN0aW9uIHBhdGgsIGFuIFNGRiwgTVVTVCBiZSB0 aGUgbGFzdCBub2RlDQo+Pj4gb3BlcmF0aW5nIG9uIHRoZSBzZXJ2aWNlIGhlYWRlciBhbmQgTVVT VCByZW1vdmUgTlNIIGJlZm9yZSBmb3J3YXJkaW5nDQo+Pj4gb3IgZGVsaXZlcmluZyB0aGUgdW4t ZW5jYXBzdWxhdGVkIHBhY2tldC4iIC0gSSdtIHNvbWV3aGF0IGNvbmZ1c2VkDQo+Pj4gd2hhdCB0 aGlzIGlzIHRyeWluZyB0byBzYXksIGFuZCBhc3N1bWUgdGhhdCBpdCBpcyBzaW1wbHkgc3VwZXJm bHVvdXMNCj4+PiBjb21tYXMuIEJ1dCwgd2l0aCB0aG9zZSByZW1vdmVkIHRoZSBzZW50ZW5jZSBp cyBzdGlsbCBjb25mdXNpbmcgdG8gbWUNCj4+PiAtLSBhIFNGRiBpcyB0aGUgdGhpbmcgdGhhdCBk b2VzIHRoZSBmb3J3YXJkaW5nLCBhbmQgc28sIGJ5IGRlZmluaXRpb24NCj4+PiBpdCBoYXMgdG8g YmUgdGhlIGxhc3QgdGhpbmcgb3BlcmF0aW5nIG9uIHRoZSBzZXJ2aWNlIGhlYWRlciAodW5sZXNz DQo+Pj4gdGhlIHBhY2tldCBpcyBkcm9wcGVkKSAtLSBzbywgd2hhdCBkb2VzIHRoZSBmaXJzdCBN VVNUIG1lYW4/DQo+PiANCj4+IFllcywgdGhlcmUgaXMgYSBzdXBlcmZsdW91cyBjb21tYS4gQnV0 IHRoZSBtZWFuaW5nIG9mIHRoZSBzZW50ZW5jZSBpcyDigJxkbyBub3QgbGVhayBOU0ggb3V0c2lk ZSB0aGUgU0ZDIGRvbWFpbuKAnS4NCj4+IA0KPj4gSeKAmWxsIHJld29yZCBpdC4NCj4+IA0KPj4+ IA0KPj4+IFNlY3Rpb24gNC4gIE5TSCBUcmFuc3BvcnQgRW5jYXBzdWxhdGlvbg0KPj4+ICJUaGUg cHJlc2VuY2Ugb2YgTlNIIGlzIGluZGljYXRlZCB2aWEgcHJvdG9jb2wgdHlwZSBvciBvdGhlciBp bmRpY2F0b3INCj4+PiBpbiB0aGUgb3V0ZXIgZW5jYXBzdWxhdGlvbi4iIC0tIGp1c3QgZm9yIG15 IGludGVyZXN0LCB3aGF0IGFsbA0KPj4+IGVuY2Fwc3VsYXRpb25zIGFscmVhZHkgaGF2ZSB0aGlz IGRlZmluZWQgLyBhbGxvY2F0ZWQ/DQo+PiANCj4+IEV0aGVybmV0LCBHUkUsIFZYTEFOLUdQRSwg b3RoZXJzLg0KPj4gDQo+Pj4gDQo+Pj4gU2VjdGlvbiA1LiAgRnJhZ21lbnRhdGlvbiBDb25zaWRl cmF0aW9ucw0KPj4+ICJBcyBkaXNjdXNzZWQgaW4gW0ktRC5pZXRmLXJ0Z3dnLWR0LWVuY2FwXSwg d2l0aGluIGFuIGFkbWluaXN0cmF0aXZlDQo+Pj4gZG9tYWluLCBhbiBvcGVyYXRvciBjYW4gZW5z dXJlIHRoYXQgdGhlIHVuZGVybGF5IE1UVSBpcyBzdWZmaWNpZW50IHRvDQo+Pj4gY2FycnkgU0ZD IHRyYWZmaWMgd2l0aG91dCByZXF1aXJpbmcgZnJhZ21lbnRhdGlvbi4iIC0tIEkgdGhpbmsgdGhh dA0KPj4+IHRoYXQgaXMgc3RyZXRjaGluZyB3aGF0IEktRC5pZXRmLXJ0Z3dnLWR0LWVuY2FwIHNh eXMgYSBiaXQgZmFyLiBOU0gNCj4+PiBUeXBlIDEgYWRkcyAyNCBvY3RldHMgKDQgb2N0ZXQgQmFz ZSBIZWFkZXIsIDQgb2N0ZXQgU2VydmljZSBQYXRoDQo+Pj4gSGVhZGVyLCAxNiBvY3RldCBDb250 ZXh0IEhlYWRlciksIHBsdXMgdGhlIGdldHMgd3JhcHBlZCBpbiBhIG5ldw0KPj4+IHRyYW5zcG9y dCwgc28gbGV0J3Mgc2F5IDI0IG9jdGV0cyBmb3IgR1JFLiBUaGlzIG1lYW5zIHRoYXQsIGZvciBh DQo+Pj4gMTUwMGJ5dGUgcGFja2V0IEkgbmVlZCBhbiBNVFUgb2YgMTU0OCAoSSdtIG5vdCBzdXJl IGFsbCBvcGVyYXRvcnMgY2FuDQo+Pj4gc3VwcG9ydCB0aGF0IGV2ZXJ5d2hlcmUpLiBUaGUgVHlw ZSAyIGhlYWRlciBpcyBvZiB2YXJpYWJsZSBsZW5ndGggKGFuZA0KPj4+IEkgZG9uJ3QgdGhpbmsg SSBzYXcgYSBsaW1pdCkuDQo+PiANCj4+IFRoaXMgdGV4dCBpcyByZXdvcmRlZCBiYXNlZCBvbiBH ZW5BUlQuDQo+PiANCj4+PiAiIEZvciBleGFtcGxlLCB3aGVuIE5TSCBpcyBlbmNhcHN1bGF0ZWQg aW4gSVAsIElQLWxldmVsIGZyYWdtZW50YXRpb24NCj4+PiBjb3VwbGVkIHdpdGggUGF0aCBNVFUg RGlzY292ZXJ5IChQTVRVRCkgaXMgdXNlZC4gV2hlbiwgb24gdGhlIG90aGVyDQo+Pj4gaGFuZCwg dGhlIHVuZGVybGF5IGRvZXMgbm90IHN1cHBvcnQgZnJhZ21lbnRhdGlvbiBwcm9jZWR1cmVzLCBh biBlcnJvcg0KPj4+IG1lc3NhZ2UgU0hPVUxEIGJlIGxvZ2dlZCB3aGVuIGRyb3BwaW5nIGEgcGFj a2V0IHRvbyBiaWcuIiAtLSBJIHRoaW5rDQo+Pj4gdGhhdCBtb3JlIGd1aWRhbmNlIC8gdGV4dCBp cyBuZWVkZWQgaGVyZSwgZS5nIGZvciB2Ni4gSnVzdCBkcm9wcGluZw0KPj4+IHRoZSBwYWNrZXQg YW5kIGxvZ2dpbmcgYW4gZXJyb3IgZG9lc24ndCBzb2x2ZSB0aGUgYmFzZSBpc3N1ZSBjYXVzaW5n DQo+Pj4gdGhlIHByb2JsZW0uIElmIHRoaXMgcHJvdG9jb2wgd2Fzbid0IGFuICJlbmNhcHN1bGF0 aW9uIiBJIHdvdWxkbid0DQo+Pj4gZmVlbCBzbyBzdHJvbmdseSwgYnV0IGlmIHRoZSBwcm90b2Nv bCBzYXlzIHRoYXQgaXQgcHJvdmlkaW5nIGFuDQo+Pj4gZW5jYXBzdWxhdGlvbiBpdCBuZWVkcyB0 byBoYW5kbGUgdGhpbmdzIHRoYXQgZW5jYXBzdWxhdGlvbiBwcm90b2NvbHMNCj4+PiBkby4NCj4+ IA0KPj4gVGhpcyB0ZXh0IGNhbWUgZnJvbSBPcHNEaXIgcmV2aWV3Lg0KPj4gDQo+Pj4gDQo+Pj4g DQo+Pj4gDQo+Pj4gDQo+Pj4gTml0czoNCj4+IA0KPj4gDQo+PiBBbGwgZml4ZWQuDQo+PiANCj4+ IEJlc3QsDQo+PiANCj4+IOKAlA0KPj4gQ2FybG9zIFBpZ25hdGFybywgY2FybG9zQGNpc2NvLmNv bQ0KPj4gDQo+PiDigJxTb21ldGltZXMgSSB1c2UgYmlnIHdvcmRzIHRoYXQgSSBkbyBub3QgZnVs bHkgdW5kZXJzdGFuZCwgdG8gbWFrZSBteXNlbGYgc291bmQgbW9yZSBwaG90b3N5bnRoZXNpcy4i DQo+PiANCj4+IA0KPj4gDQo+Pj4gU2VjdGlvbiAxLiBJbnRyb2R1Y3Rpb24NCj4+PiAuLi4gY3Vy cmVudCBzZXJ2aWNlIGZ1bmN0aW9uIGRlcGxveW1lbnQgbW9kZWxzIGhhdmUgYmVlbiByZWxhdGl2 ZWx5DQo+Pj4gc3RhdGljLCBhbmQgYm91bmQgdG8gdG9wb2xvZ3kNCj4+PiBbT10gc3RhdGljLCBh bmQgYm91bmQNCj4+PiBbUF0gc3RhdGljIGFuZCBib3VuZA0KPj4+IFtSXSBncmFtbWFyDQo+Pj4g DQo+Pj4gLi4uDQo+Pj4gU3BlY2lmaWNhbGx5LCB0aGUgZm9sbG93aW5nIGZ1bmN0aW9ucyBhcmUg bmVjZXNzYXJ5Og0KPj4+IA0KPj4+ICAgICBUaGUgbW92ZW1lbnQgb2Ygc2VydmljZSBmdW5jdGlv bnMgYW5kIGFwcGxpY2F0aW9uIHdvcmtsb2FkcyBpbiB0aGUNCj4+PiAgICAgbmV0d29yay4NCj4+ PiANCj4+PiAgICAgVGhlIGFiaWxpdHkgdG8gZWFzaWx5IGJpbmQgc2VydmljZSBwb2xpY3kgdG8g Z3JhbnVsYXIgaW5mb3JtYXRpb24sDQo+Pj4gICAgIHN1Y2ggYXMgcGVyLXN1YnNjcmliZXIgc3Rh dGUuDQo+Pj4gDQo+Pj4gW1JdOiBOdW1iZXJzIG9yIGJ1bGxldHMgd291bGQgbWFrZSB0aGUgbXVj aCBlYXNpZXIgdG8gcmVhZC4NCj4+PiANCj4+PiANCj4+PiBTZWN0aW9uIDEuMiAtIERlZmluaXRp b24gb2YgVGVybXMNCj4+PiAiQnl0ZTogIEFsbCByZWZlcmVuY2VzIHRvICJieXRlcyIgaW4gdGhp cyBkb2N1bWVudCByZWZlciB0byA4LWJpdA0KPj4+IGJ5dGVzLCBvciBvY3RldHMuIiAtLSB0aGlz IGlzIGEgY2lyY3VsYXIgZGVmaW5pdGlvbiAodGhlIHNlY3Rpb24gaXMNCj4+PiBEZWZpbml0aW9u IG9mIFRlcm1zLCBub3QgVGVybWlub2xvZ3kpIC0gc3VnZ2VzdCBkcm9wcGluZyB0aGUgOC1iaXQN Cj4+PiBieXRlcywgb2N0ZXRzIGNvdmVycyBpdC4NCj4+PiANCj4+PiBUaHJvdWdob3V0IHRoZSBk b2N1bWVudDoNCj4+PiBUaGUgZG9jdW1lbnQgc2F5cyAiQSBTZXJ2aWNlIENsYXNzaWZpZXIgYWRk cyBOU0guICBOU0ggaXMgcmVtb3ZlZCBieQ0KPj4+IC4uLiIsIGFuZCAiTlNIIG9mZmVycyBhIGNv bW1vbiBhbmQgc3RhbmRhcmRzLWJhc2VkIGhlYWRlciIgLS0gaXMgTlNIIGENCj4+PiB0ZWNobm9s b2d5IChhcyBpbXBsaWVkIGJ5IHRoZSBzZWNvbmQgcGhyYXNlKSwgb3IgYSB0aGluZyBhZGRlZCB0 byBhDQo+Pj4gcGFja2V0IChsaWtlIHRoZSBmaXJzdCBpbXBsaWVzKS4gV2hhdGV2ZXIgdGhlIGNh c2UsIGZvciB0aGUgZmlyc3QsICJBDQo+Pj4gU2VydmljZSBDbGFzc2lmaWVyIGFkZHMgKnRoZSog TlNILiAgKlRoZSogTlNIIGlzIHJlbW92ZWQgYnkgLi4uIiAob3IsDQo+Pj4gImFuIikuDQo+Pj4g DQo+Pj4gDQo+Pj4gU2VjdGlvbiAxLjQuIE5TSC1iYXNlZCBTZXJ2aWNlIENoYWluaW5nDQo+Pj4g IE5TSCBjcmVhdGVzIGEgZGVkaWNhdGVkIHNlcnZpY2UgcGxhbmUsIG1vcmUgc3BlY2lmaWNhbGx5 LCBOU0gNCj4+PiBbT10gcGxhbmUsIG1vcmUNCj4+PiBbUF0gcGxhbmU7IG1vcmUNCj4+PiBbUl0g Z3JhbW1hcg0KPj4+IA0KPj4+IDEuICBUb3BvbG9naWNhbCBJbmRlcGVuZGVuY2U6IFNlcnZpY2Ug Zm9yd2FyZGluZyBvY2N1cnMgd2l0aGluIHRoZQ0KPj4+ICAgICAgc2VydmljZSBwbGFuZSwgdGhl IHVuZGVybHlpbmcgbmV0d29yayB0b3BvbG9neSBkb2VzIG5vdCByZXF1aXJlDQo+Pj4gDQo+Pj4g W09dIHBsYW5lLCB0aGUNCj4+PiBbUF0gcGxhbmU7IHRoZSAgICAob3IgInBsYW5lLCBzbyB0aGUi KQ0KPj4+IFtSXSBncmFtbWFyDQo+Pj4gDQo+Pj4gDQo+Pj4gU2VjdGlvbiAgMi4yLiAgTlNIIEJh c2UgSGVhZGVyDQo+Pj4gIk1EIFR5cGU6IEluZGljYXRlcyB0aGUgZm9ybWF0IG9mIE5TSCBiZXlv bmQgdGhlIG1hbmRhdG9yeSBCYXNlIEhlYWRlcg0KPj4+IGFuZCB0aGUgU2VydmljZSBQYXRoIEhl YWRlci4gIE1EIFR5cGUgZGVmaW5lcyB0aGUgZm9ybWF0IG9mIHRoZQ0KPj4+IG1ldGFkYXRhIGJl aW5nIGNhcnJpZWQuIiAtLSBwbGVhc2UgZXhwYW5kIE1EIGhlcmUuIEkgd2FzdGVkIG11Y2ggdGlt ZQ0KPj4+IGJlZm9yZSBndWVzc2luZyB0aGF0IHRoaXMgd2FzIE1ldGFEYXRhIFR5cGUuDQo+Pj4g DQo+Pj4gDQo+Pj4gR2l2ZW4gdGhlDQo+Pj4gIHdpZGVzcHJlYWQgaW1wbGVtZW50YXRpb24gb2Yg ZXhpc3RpbmcgaGFyZHdhcmUgdGhhdCB1c2VzIHRoZSBmaXJzdA0KPj4+ICBuaWJibGUgYWZ0ZXIg YW4gTVBMUyBsYWJlbCBzdGFjayBmb3IgRUNNUCBkZWNpc2lvbiBwcm9jZXNzaW5nLCB0aGlzDQo+ Pj4gIGRvY3VtZW50IHJlc2VydmVzIHZlcnNpb24gMDFiIGFuZCB0aGlzIHZhbHVlIE1VU1QgTk9U IGJlIHVzZWQgaW4NCj4+PiBbT10gMDFiIGFuZCB0aGlzIHZhbHVlDQo+Pj4gW1BdIDAxYi4gVGhp cyB2YWx1ZQ0KPj4+IFtSXSBncmFtbWFyIC0tIHJ1biBvbiBzZW50ZW5jZSwgYW5kIGl0IHJlYWRz IGF3a3dhcmRseSB3aXRoIGENCj4+PiBzZW1pY29sb24gYmVmb3JlIHRoZSAiYW5kIiAoYnV0IHRo YXQgd291bGQgYmUgZ3JhbW1hdGljYWxseSBjb3JyZWN0LA0KPj4+IGlmIHByZWZlcnJlZC4pDQo+ Pj4gDQo+Pj4gDQo+Pj4gRm9yd2FyZGluZyBPQU0NCj4+PiAgcGFja2V0cyB1bm1vZGlmaWVkIGJ5 IFNGQyBlbGVtZW50cyB0aGF0IGRvIG5vdCBzdXBwb3J0IFNGQyBPQU0NCj4+PiAgcHJvY2VkdXJl cyBtYXkgYmUgYWNjZXB0YWJsZSBmb3IgYSBzdWJzZXQgb2YgT0FNIGZ1bmN0aW9ucywgYnV0IGNh bg0KPj4+ICByZXN1bHQgaW4gdW5leHBlY3RlZCBvdXRjb21lcyBmb3Igb3RoZXJzLCB0aHVzIGl0 IGlzIHJlY29tbWVuZGVkIHRvDQo+Pj4gWw0KPj4+IE9dIG90aGVycywgdGh1cw0KPj4+IFtQXSBv dGhlcnM7IHRodXMNCj4+PiBbUl0gZ3JhbW1hcg0KPj4+IA0KPj4+IFRoaXMgc3BlY2lmaWNhdGlv biBkb2VzIG5vdCBkaXNhbGxvdyB0aGUgTUQgVHlwZSB2YWx1ZSBmcm9tIGNoYW5naW5nDQo+Pj4g IGFsb25nIGFuIFNGUDsgaG93ZXZlciwgdGhlIHNwZWNpZmljYXRpb24gb2YgdGhlIG5lY2Vzc2Fy eSBtZWNoYW5pc20NCj4+PiAgdG8gYWxsb3cgdGhlIE1EIFR5cGUgdG8gY2hhbmdlIGFsb25nIGFu IFNGUCBhcmUgb3V0c2lkZSB0aGUgc2NvcGUgb2YNCj4+PiAgdGhpcyBkb2N1bWVudCwgYW5kIHdv dWxkIG5lZWQgdG8gYmUgZGVmaW5lZCBmb3IgdGhhdCBmdW5jdGlvbmFsaXR5IHRvDQo+Pj4gWw0K Pj4+IE9dIGRvY3VtZW50LCBhbmQNCj4+PiBbUF0gZG9jdW1lbnQgYW5kDQo+Pj4gW1JdIGdyYW1t YXINCj4+PiANCj4+PiANCj4+PiANCj4+PiBTZWN0aW9uIDIuNDoNCj4+PiBBcyBTRiBvciBTRkMg UHJveHkgLT4gQSBTRiBvciBTRkMgUHJveHkNCj4+PiANCj4+PiBTZWN0aW9uIDIuNS4xOg0KPj4+ ICJ0aGUgU0ZDLWF3YXJlIFNGIE1VU1QgTk9UIHByb2Nlc3MgdGhlIHBhY2tldCBhbmQgTVVTVCBs b2cgYXQgbGVhc3QNCj4+PiBvbmNlIHBlciB0aGUgU1BJIGZvciB3aGljaCB0aGUgbWFuZGF0b3J5 IG1ldGFkYXRhIGlzIG1pc3NpbmcuIiAtLQ0KPj4+IGZlZWxzIGxpa2UgeW91IGFyZSBtaXNzaW5n IHNvbWUgd29yZHMgYWZ0ZXIgImxvZyIgLS0gcHJlc3VtYWJseSAibXVzdA0KPj4+IGxvZyBhbiBl cnJvciIsIG9yICJ0aGlzIGV2ZW50Iiwgb3Igc29tZXRoaW5nLg0KPj4+IA0KPj4+IA0KPj4+IFNl Y3Rpb24gNi4xLiBTRkZzIGFuZCBPdmVybGF5IFNlbGVjdGlvbg0KPj4+IFRoaXMgaW5kaXJlY3Rp b24gLS0gU1BJIHRvIG92ZXJsYXkgLS0gY3JlYXRlcyBhIHRydWUgc2VydmljZSBwbGFuZS4NCj4+ PiAgVGhhdCBpcywgdGhlIFNGRi9TRiB0b3BvbG9neSBpcyBjb25zdHJ1Y3RlZCB3aXRob3V0IGlt cGFjdGluZyB0aGUNCj4+PiAgbmV0d29yayB0b3BvbG9neSBidXQgbW9yZSBpbXBvcnRhbnRseSwg c2VydmljZSBwbGFuZSBvbmx5DQo+Pj4gDQo+Pj4gW09dIHRvcG9sb2d5IGJ1dCBtb3JlIGltcG9y dGFudGx5LA0KPj4+IFtQXSB0b3BvbG9neTsgYnV0IG1vcmUgaW1wb3J0YW50bHksDQo+Pj4gW1Jd IGdyYW1tYXINCj4+PiANCj4+PiBUaGlzIGNhbiBiZSB2aWEgdGhlIG92ZXJsYXkgb3INCj4+PiAg dW5kZXJsYXkgYW5kIGluIHNvbWUgY2FzZSByZXF1aXJlIGFkZGl0aW9uYWwgY29uZmlndXJhdGlv biBvbiB0aGUgU0YuDQo+Pj4gDQo+Pj4gW09dIHNvbWUgY2FzZQ0KPj4+IFtQXSBzb21lIGNhc2Vz DQo+Pj4gW1JdIEkgdGhpbmsgdGhpcyBpcyB3aGF0IHdhcyBpbnRlbmRlZA0KPj4+IA0KPj4+IFNl Y3Rpb24gNi40LiBTZXJ2aWNlIEdyYXBocw0KPj4+IFRoZXNlIGNsYXNzaWZpZXJzIG1heSBhbHNv IG9mIGNvdXJzZQ0KPj4+IA0KPj4+IFtPXSBtYXkgYWxzbyBvZiBjb3Vyc2UNCj4+PiBbUF0gbWF5 LCBvZiBjb3Vyc2UsIGFsc28NCj4+PiBbUl0gcmVhZGFiaWxpdHkNCj4+PiANCj4+PiAgbW9kaWZ5 IHRoZSBtZXRhZGF0YSBhc3NvY2lhdGVkIHdpdGggdGhlIHBhY2tldC4NCj4+PiANCj4+PiBTZWN0 aW9uIDcuMS4gTlNIIE1ldGFkYXRhIGFuZCBQb2xpY3kgRW5mb3JjZW1lbnQNCj4+PiANCj4+PiAg QXMgZGVzY3JpYmVkIGluIFNlY3Rpb24gMiwgTlNIIHByb3ZpZGVzIHRoZSBhYmlsaXR5IHRvIGNh cnJ5IG1ldGFkYXRhDQo+Pj4gIGFsb25nIGEgc2VydmljZSBwYXRoLiAgVGhpcyBtZXRhZGF0YSBt YXkgYmUgZGVyaXZlZCBmcm9tIHNldmVyYWwNCj4+PiAgc291cmNlcywgY29tbW9uIGV4YW1wbGVz IGluY2x1ZGU6DQo+Pj4gDQo+Pj4gW09dIHNvdXJjZXMsIGNvbW1vbg0KPj4+IFtQXSBzb3VyY2Vz LiBDb21tb24NCj4+PiBbUl0gZ3JhbW1hcg0KPj4+IA0KPj4+ICAgICBOZXR3b3JrIG5vZGVzL2Rl dmljZXM6IEluZm9ybWF0aW9uIHByb3ZpZGVkIGJ5IG5ldHdvcmsgbm9kZXMgY2FuDQo+Pj4gICAg IGluZGljYXRlIG5ldHdvcmstY2VudHJpYyBpbmZvcm1hdGlvbiAoc3VjaCBhcyBWUkYgb3IgdGVu YW50KSB0aGF0DQo+Pj4gICAgIG1heSBiZSB1c2VkIGJ5IHNlcnZpY2UgZnVuY3Rpb25zLCBvciBj b252ZXllZCB0byBhbm90aGVyIG5ldHdvcmsNCj4+PiANCj4+PiBbT10gZnVuY3Rpb25zLCBvciBj b252ZXllZA0KPj4+IFtQXSBmdW5jdGlvbnMgb3IgY29udmV5ZWQNCj4+PiBbUl0gZ3JhbW1hcg0K Pj4+IA0KPj4+IFRoZSBncmFudWxhcml0eSBvZiBjbGFzc2lmaWNhdGlvbiBtYXkgdmFyeS4gIEZv cg0KPj4+ICBleGFtcGxlLCBhIG5ldHdvcmsgc3dpdGNoLCBhY3RpbmcgYXMgYSBjbGFzc2lmaWVy LCBtaWdodCBvbmx5IGJlIGFibGUNCj4+PiAgdG8gY2xhc3NpZnkgYmFzZWQgb24gYSA1LXR1cGxl LCB3aGVyZWFzLCBhIHNlcnZpY2UgZnVuY3Rpb24gbWF5IGJlDQo+Pj4gDQo+Pj4gW09dIHdoZXJl YXMsIGEgc2VydmljZQ0KPj4+IFtQXSB3aGlsZSBhIHNlcnZpY2UNCj4+PiBbUl0gcmVhZGFiaWxp dHkNCj4+PiANCj4+PiBJbiBib3RoIG9mIHRoZSBleGFtcGxlcyBhYm92ZSwgdGhlIHNlcnZpY2Ug ZnVuY3Rpb25zIHBlcmZvcm0gcG9saWN5DQo+Pj4gIGRlY2lzaW9ucyBiYXNlZCBvbiB0aGUgcmVz dWx0IG9mIHRoZSBpbml0aWFsIGNsYXNzaWZpY2F0aW9uOiB0aGUgU0ZzDQo+Pj4gIGRpZCBub3Qg bmVlZCB0byBwZXJmb3JtIHJlLWNsYXNzaWZpY2F0aW9uLCByYXRoZXIgdGhleSByZWx5IG9uIGEN Cj4+PiANCj4+PiBbT10gcmUtY2xhc3NpZmljYXRpb24sIHJhdGhlcg0KPj4+IFtQXSByZS1jbGFz c2lmaWNhdGlvbjsgaW5zdGVhZCwNCj4+PiBbUl0gZ3JhbW1hci9yZWFkYWJpbGl0eQ0KPj4+IA0K Pj4+ICBhbnRlY2VkZW50IGNsYXNzaWZpY2F0aW9uIGZvciBsb2NhbCBwb2xpY3kgZW5mb3JjZW1l bnQuDQo+Pj4gDQo+Pj4gIERlcGVuZGluZyBvbiB0aGUgaW5mb3JtYXRpb24gY2FycmllZCBpbiB0 aGUgbWV0YWRhdGEsIGRhdGEgcHJpdmFjeQ0KPj4+ICBjb25zaWRlcmF0aW9ucyBtYXkgbmVlZCB0 byBiZSBjb25zaWRlcmVkLiAgRm9yIGV4YW1wbGUsIGlmIHRoZQ0KPj4+IA0KPj4+IFRoaXMgZmVl bHMgbGlrZSBpdHMgcHVudGluZyBvbiB0aGUgcHJvYmxlbSBtb3JlIHRoYW4gaXQgc2hvdWxkLCBi dXQNCj4+PiBJJ20gYXZvaWRpbmcgcHJpdmFjeSBhbmQgc2VjdXJpdHkgaW4gdGhpcyBwYXJ0aWN1 bGFyIHJldmlldy4NCj4+PiANCj4+PiAgbWV0YWRhdGEgY29udmV5cyB0ZW5hbnQgaW5mb3JtYXRp b24sIHRoYXQgaW5mb3JtYXRpb24gbWF5IG5lZWQgdG8gYmUNCj4+PiAgYXV0aGVudGljYXRlZCBh bmQvb3IgZW5jcnlwdGVkIGJldHdlZW4gdGhlIG9yaWdpbmF0b3IgYW5kIHRoZQ0KPj4+ICBpbnRl bmRlZCByZWNpcGllbnRzICh3aGljaCBtYXkgaW5jbHVkZSBpbnRlbmRlZCBTRnMgb25seSkgLiAg TlNIDQo+Pj4gDQo+Pj4gW09dICkgLg0KPj4+IFtQXSApLg0KPj4+IFtSXSBwdW5jdHVhdGlvbg0K Pj4+IA0KPj4+ICBpdHNlbGYgZG9lcyBub3QgcHJvdmlkZSBwcml2YWN5IGZ1bmN0aW9ucywgcmF0 aGVyIGl0IHJlbGllcyBvbiB0aGUNCj4+PiAgdHJhbnNwb3J0L292ZXJsYXkgbGF5ZXIuICBBbiBv cGVyYXRvciBjYW4gc2VsZWN0IHRoZSBhcHByb3ByaWF0ZQ0KPj4+ICB0cmFuc3BvcnQgdG8gZW5z dXJlIGNvbmZpZGVudGlhbGx5IChhbmQgb3RoZXIgc2VjdXJpdHkpDQo+Pj4gDQo+Pj4gW09dIGNv bmZpZGVudGlhbGx5DQo+Pj4gW1BdIGNvbmZpZGVudGlhbGl0eQ0KPj4+IFtSXSB3b3JkIGNob2lj ZQ0KPj4+IA0KPj4+IA0KPj4+IFNlY3Rpb24gOC4gU2VjdXJpdHkgQ29uc2lkZXJhdGlvbnMNCj4+ PiANCj4+PiBOU0ggaXMgYWx3YXlzIGVuY2Fwc3VsYXRlZCBpbiBhIHRyYW5zcG9ydCBwcm90b2Nv bCAoYXMgZGV0YWlsZWQgaW4NCj4+PiAgU2VjdGlvbiA0IG9mIHRoaXMgc3BlY2lmaWNhdGlvbikg YW5kIHRoZXJlZm9yZSwgd2hlbiByZXF1aXJlZCwNCj4+PiANCj4+PiBbT10gKSBhbmQgdGhlcmVm b3JlLA0KPj4+IFtQXSApOyBhbmQsIHRoZXJlZm9yZSwNCj4+PiBbUl0gZ3JhbW1hcg0KPj4+IA0K Pj4+IA0KPj4+IA0KPj4+IA0KPj4+IFcNCj4+PiANCj4+PiANCj4+PiANCj4+PiANCj4+PiAtLQ0K Pj4+IEkgZG9uJ3QgdGhpbmsgdGhlIGV4ZWN1dGlvbiBpcyByZWxldmFudCB3aGVuIGl0IHdhcyBv YnZpb3VzbHkgYSBiYWQNCj4+PiBpZGVhIGluIHRoZSBmaXJzdCBwbGFjZS4NCj4+PiBUaGlzIGlz IGxpa2UgcHV0dGluZyByYWJpZCB3ZWFzZWxzIGluIHlvdXIgcGFudHMsIGFuZCBsYXRlciBleHBy ZXNzaW5nDQo+Pj4gcmVncmV0IGF0IGhhdmluZyBjaG9zZW4gdGhvc2UgcGFydGljdWxhciByYWJp ZCB3ZWFzZWxzIGFuZCB0aGF0IHBhaXINCj4+PiBvZiBwYW50cy4NCj4+PiAgLS0tbWFmDQo+PiAN Cj4gDQo+IA0KPiANCj4gLS0gDQo+IEkgZG9uJ3QgdGhpbmsgdGhlIGV4ZWN1dGlvbiBpcyByZWxl dmFudCB3aGVuIGl0IHdhcyBvYnZpb3VzbHkgYSBiYWQNCj4gaWRlYSBpbiB0aGUgZmlyc3QgcGxh Y2UuDQo+IFRoaXMgaXMgbGlrZSBwdXR0aW5nIHJhYmlkIHdlYXNlbHMgaW4geW91ciBwYW50cywg YW5kIGxhdGVyIGV4cHJlc3NpbmcNCj4gcmVncmV0IGF0IGhhdmluZyBjaG9zZW4gdGhvc2UgcGFy dGljdWxhciByYWJpZCB3ZWFzZWxzIGFuZCB0aGF0IHBhaXINCj4gb2YgcGFudHMuDQo+ICAgLS0t bWFmDQoNCg== From nobody Thu Sep 7 12:39:34 2017 Return-Path: X-Original-To: sfc@ietfa.amsl.com Delivered-To: sfc@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A4285132FAF; Thu, 7 Sep 2017 12:39:32 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.999 X-Spam-Level: X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qO_dlqcmh3M1; Thu, 7 Sep 2017 12:39:31 -0700 (PDT) Received: from mail-wr0-x22a.google.com (mail-wr0-x22a.google.com [IPv6:2a00:1450:400c:c0c::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 84F05132FB1; Thu, 7 Sep 2017 12:39:30 -0700 (PDT) Received: by mail-wr0-x22a.google.com with SMTP id m18so1210461wrm.2; Thu, 07 Sep 2017 12:39:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=futKPCeQk/cQOIpWmKFHL00CMIJtiL86QADiV5j9IGI=; b=d1STxM82C5Jw9vLCP947pBRPSSSfjsJpgyY7KIhICy95a4oiXv1aahtjcwwtPkKDbn xE4WZn+sfXQkLrSFszVVdqb9C1i2e7H89WbFBJiK5b2H4mCcZkBsO/iMR6U28VgCChFi WhlamX9HsSR8CQQhRmln8bf2Q52ZrUB58KJA0/+5zE6s0YlZs9n0li9ekTbPScVeT/IU zbZLUiYpmayFX5t7NhWJs99JdxnZ5Po43XAcDTbS59VMDqYWW4TFnqcQJcwqTdquLvhE SQnIsDp82Eu+cDtZC5lGEKf7zG0ztYr9aipUkBzb3Fei0u5KtEUL3zxzxvNVk2MCDPuL Fktg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=futKPCeQk/cQOIpWmKFHL00CMIJtiL86QADiV5j9IGI=; b=Alcyw5/zOJ7XqUEEo0VtnKlKcKT5G4bLbrO11CB7BbQ+UDTNpn9/SkvgN2yMAtJ9Xq 9FlOaEijdXA5rJuje0TbEdLJLe9cuCZ1FMzja4aQYe+o5qHal9udyZe2/7QDXpUUZKbx jVmOxv+JQpxKN68MMVbLYsKdXADFmNgY+Z64sxjfYcOgBA/jf5KGXjDpJY2EQsJpW6lk ijz9i/0Xr0xgqoZ2CpJYvYidfM9I9w9kdxWi3dCR3RGw9sOIY+cW1n6WlEHNPXCdX/sQ O53NgN0vJV820SVAsb/WkjCgacGb3nqXiwmXLOQF3SjQTkvLzrYz41HGCcHuc8+S2nux nDKw== X-Gm-Message-State: AHPjjUhuwkRBdFZNeFTs7d5gdxS8n4yb7sDe21INV2L4ETKFzRqbqj46 IlJk9VHAO7jk748jt946UUcUl2CqUVFqPys= X-Google-Smtp-Source: ADKCNb6ybK0Kj+8YK7e+wzLOpzk34MmOlgUVV2PgL4ogSx64kQkJHbSvZLIY97BTgiUIb82Mt7KvooFlJcYUycP8Km4= X-Received: by 10.223.135.155 with SMTP id b27mr286741wrb.10.1504813168639; Thu, 07 Sep 2017 12:39:28 -0700 (PDT) MIME-Version: 1.0 Received: by 10.223.170.145 with HTTP; Thu, 7 Sep 2017 12:39:27 -0700 (PDT) From: Alia Atlas Date: Thu, 7 Sep 2017 15:39:27 -0400 Message-ID: To: "sfc@ietf.org" , draft-ietf-sfc-nsh@ietf.org Content-Type: multipart/alternative; boundary="001a11461a065ec4f705589e9e37" Archived-At: Subject: [sfc] Additional AD review comments on draft-ietf-sfc-nsh-20 X-BeenThere: sfc@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Network Service Chaining List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 07 Sep 2017 19:39:33 -0000 --001a11461a065ec4f705589e9e37 Content-Type: text/plain; charset="UTF-8" Carlos, The draft is much improved. Thank you for your hard work. I still see the following three issues. 1) Sec 2.2: "The O bit MUST be set for OAM packets and MUST NOT be set for non-OAM packets. The O bit MUST NOT be modified along the SFP." What happens if the packet is reclassified - potentially to a different SFP? Sec 3 doesn't clarify this."When the logical classifier performs re- classification that results in a change of service path, it MUST replace the existing NSH with a new NSH with the Base Header and Service Path Header reflecting the new service path information and MUST set the initial SI. Metadata MAY be preserved in the new NSH." It would be good to specify the behavior for the unassigned flags as well; that way there will be consistent assumptions for future extensions, if needed. 2) Sec 7.1: "For example, if the metadata conveys tenant information, that information may need to be authenticated and/or encrypted between the originator and the intended recipients (which may include intended SFs only)." A reference to draft-reddy-sfc-nsh-encrypt, which defines how to encrypt the meta-data would be most helpful in making this sound less aspirational; so would having that draft not be 2 years expired and ignored by the WG. 3) Sec 11.2.5: Guidance for the expert review is needed. Regards, Alia --001a11461a065ec4f705589e9e37 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Carlos,

The draft is much im= proved.=C2=A0 Thank you for your hard work.=C2=A0 I still see the following= three issues.


1) Sec 2.2:=C2=A0"The O bi= t MUST be set for OAM packets and MUST NOT be set for non-OAM
=C2=A0 =C2= =A0packets.=C2=A0 The O bit MUST NOT be modified along the SFP."
What happens if the packet is reclassified - potentially to a diff= erent SFP? =C2=A0

Sec 3 doesn't clarify this.&= quot;When the logical classifier performs re-
=C2=A0 =C2=A0 =C2=A0 =C2= =A0classification that results in a change of service path, it MUST
=C2= =A0 =C2=A0 =C2=A0 =C2=A0replace the existing NSH with a new NSH with the Ba= se Header and
=C2=A0 =C2=A0 =C2=A0 =C2=A0Service Path Header reflecting = the new service path information
=C2=A0 =C2=A0 =C2=A0 =C2=A0and MUST set= the initial SI.=C2=A0 Metadata MAY be preserved in the
=C2=A0 =C2=A0 = =C2=A0 =C2=A0new NSH."

It would be good to sp= ecify the behavior for the unassigned flags as well; that way there will be= consistent assumptions for future extensions, if needed.

2) Sec 7.1:=C2=A0"For example, if the=C2=A0metadata conveys te= nant information, that information may need to be=C2=A0authenticated and/or= encrypted between the originator and the
=C2=A0 =C2=A0intended recipien= ts (which may include intended SFs only)."
A reference to dr= aft-reddy-sfc-nsh-encrypt, which defines how to encrypt the meta-data would= be most helpful in making this sound less aspirational; so would having th= at draft not be 2 years expired and ignored by the WG.=C2=A0

=
3) Sec 11.2.5: Guidance for the expert review is needed.

Regards,
Alia
--001a11461a065ec4f705589e9e37-- From nobody Thu Sep 7 18:58:39 2017 Return-Path: X-Original-To: sfc@ietf.org Delivered-To: sfc@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 310C8133089; Thu, 7 Sep 2017 18:58:31 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: internet-drafts@ietf.org To: Cc: sfc@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 6.60.0 Auto-Submitted: auto-generated Precedence: bulk Message-ID: <150483591112.7958.42665579381192025@ietfa.amsl.com> Date: Thu, 07 Sep 2017 18:58:31 -0700 Archived-At: Subject: [sfc] I-D Action: draft-ietf-sfc-oam-framework-03.txt X-BeenThere: sfc@ietf.org X-Mailman-Version: 2.1.22 List-Id: Network Service Chaining List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 08 Sep 2017 01:58:31 -0000 A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Service Function Chaining WG of the IETF. Title : Service Function Chaining (SFC) Operation, Administration and Maintenance (OAM) Framework Authors : Sam K. Aldrin Carlos Pignataro Nagendra Kumar Nobo Akiya Ram Krishnan Anoop Ghanwani Filename : draft-ietf-sfc-oam-framework-03.txt Pages : 18 Date : 2017-09-07 Abstract: This document provides a reference framework for Operations, Administration and Maintenance (OAM) for Service Function Chaining (SFC). The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-sfc-oam-framework/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-sfc-oam-framework-03 https://datatracker.ietf.org/doc/html/draft-ietf-sfc-oam-framework-03 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-sfc-oam-framework-03 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ From nobody Thu Sep 7 19:15:08 2017 Return-Path: X-Original-To: sfc@ietfa.amsl.com Delivered-To: sfc@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4B9D1133097 for ; Thu, 7 Sep 2017 19:15:07 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -14.521 X-Spam-Level: X-Spam-Status: No, score=-14.521 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2WsvKvYgKMNo for ; Thu, 7 Sep 2017 19:15:05 -0700 (PDT) Received: from alln-iport-1.cisco.com (alln-iport-1.cisco.com [173.37.142.88]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A94CA132D62 for ; Thu, 7 Sep 2017 19:15:05 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=3158; q=dns/txt; s=iport; t=1504836905; x=1506046505; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=s8h7zqYfWE/iaoIAk9+/1QXiBUXhS6HNE+DHkcmEfH0=; b=bkb7Ji74kxo/HKqbn4jWqcdZPZYUcTvSIxAJGcGFSd2of4ITAh0vquEM 9lHAOmGOTNUboXvy/UXZcyFgWGZLV5wnpQZPqB8FOOL7hH0jemX0dvAXg AIQ45l475atF32jFavBhSFXU/5HQue3QnGvmoCpD4Zyisxd1w5KXkby89 8=; X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0CaAwBx/LFZ/5FdJa1cGQEBAQEBAQEBA?= =?us-ascii?q?QEBBwEBAQEBg1pkbicHg3CaQZorChgLhRsCGoNpVwECAQEBAQECax0LhRkCBAE?= =?us-ascii?q?BIRE6CxACAQgaAiYCAgIlCxUQAgQOBQmKKBCrDoInizoBAQEBAQEBAQEBAQEBA?= =?us-ascii?q?QEBAQEBAQEdgQ2CHYICg1yCfYMmhGIwgjEFoHQCh1mMdoITWoUNineNCYd1AhE?= =?us-ascii?q?ZAYE4AVdBTHcVHyoSAYcIdgGJDoEPAQEB?= X-IronPort-AV: E=Sophos;i="5.42,360,1500940800"; d="scan'208";a="510184" Received: from rcdn-core-9.cisco.com ([173.37.93.145]) by alln-iport-1.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 08 Sep 2017 02:15:04 +0000 Received: from XCH-ALN-019.cisco.com (xch-aln-019.cisco.com [173.36.7.29]) by rcdn-core-9.cisco.com (8.14.5/8.14.5) with ESMTP id v882F3uN022324 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Fri, 8 Sep 2017 02:15:03 GMT Received: from xch-rcd-015.cisco.com (173.37.102.25) by XCH-ALN-019.cisco.com (173.36.7.29) with Microsoft SMTP Server (TLS) id 15.0.1263.5; Thu, 7 Sep 2017 21:15:02 -0500 Received: from xch-rcd-015.cisco.com ([173.37.102.25]) by XCH-RCD-015.cisco.com ([173.37.102.25]) with mapi id 15.00.1263.000; Thu, 7 Sep 2017 21:15:02 -0500 From: "Nagendra Kumar Nainar (naikumar)" To: "sfc@ietf.org" CC: "james.n.guichard@huawei.com" , "jmh@joelhalpern.com" , "Carlos Pignataro (cpignata)" Thread-Topic: I-D Action: draft-ietf-sfc-oam-framework-03.txt Thread-Index: AQHTKEX+lQCq9CDJSECRpmOUt+UpJKKqUMmA Date: Fri, 8 Sep 2017 02:15:02 +0000 Message-ID: <448E4C05-7A4C-4F82-84F1-5DC06CDD7C2E@cisco.com> References: <150483591112.7958.42665579381192025@ietfa.amsl.com> In-Reply-To: <150483591112.7958.42665579381192025@ietfa.amsl.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: user-agent: Microsoft-MacOutlook/f.22.0.170515 x-ms-exchange-messagesentrepresentingtype: 1 x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [10.118.20.12] Content-Type: text/plain; charset="utf-8" Content-ID: <2B0CAE7D1CBBA94F8A59E5C3121C3659@emea.cisco.com> Content-Transfer-Encoding: base64 MIME-Version: 1.0 Archived-At: Subject: Re: [sfc] I-D Action: draft-ietf-sfc-oam-framework-03.txt X-BeenThere: sfc@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Network Service Chaining List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 08 Sep 2017 02:15:07 -0000 SGksDQoNCkJlbG93IGlzIHRoZSB1cGRhdGVkIHZlcnNpb24gb2YgU0ZDIE9BTSBmcmFtZXdvcmsg ZG9jdW1lbnQsIGFkZHJlc3NpbmcgbW9zdCBvZiB0aGUgY29tbWVudHMgZnJvbSBNZWQuIA0KDQpQ bGVhc2UgZmluZCB0aGUgZGlmZiBoZXJlIC0gaHR0cHM6Ly90b29scy5pZXRmLm9yZy9yZmNkaWZm P3VybDI9ZHJhZnQtaWV0Zi1zZmMtb2FtLWZyYW1ld29yay0wMy50eHQgDQoNClRoYW5rcywNCk5h Z2VuZHJhDQoNCk9uIDkvNy8xNywgOTo1OCBQTSwgIkktRC1Bbm5vdW5jZSBvbiBiZWhhbGYgb2Yg aW50ZXJuZXQtZHJhZnRzQGlldGYub3JnIiA8aS1kLWFubm91bmNlLWJvdW5jZXNAaWV0Zi5vcmcg b24gYmVoYWxmIG9mIGludGVybmV0LWRyYWZ0c0BpZXRmLm9yZz4gd3JvdGU6DQoNCiAgICANCiAg ICBBIE5ldyBJbnRlcm5ldC1EcmFmdCBpcyBhdmFpbGFibGUgZnJvbSB0aGUgb24tbGluZSBJbnRl cm5ldC1EcmFmdHMgZGlyZWN0b3JpZXMuDQogICAgVGhpcyBkcmFmdCBpcyBhIHdvcmsgaXRlbSBv ZiB0aGUgU2VydmljZSBGdW5jdGlvbiBDaGFpbmluZyBXRyBvZiB0aGUgSUVURi4NCiAgICANCiAg ICAgICAgICAgIFRpdGxlICAgICAgICAgICA6IFNlcnZpY2UgRnVuY3Rpb24gQ2hhaW5pbmcgKFNG QykgT3BlcmF0aW9uLCBBZG1pbmlzdHJhdGlvbiBhbmQgTWFpbnRlbmFuY2UgKE9BTSkgRnJhbWV3 b3JrDQogICAgICAgICAgICBBdXRob3JzICAgICAgICAgOiBTYW0gSy4gQWxkcmluDQogICAgICAg ICAgICAgICAgICAgICAgICAgICAgICBDYXJsb3MgUGlnbmF0YXJvDQogICAgICAgICAgICAgICAg ICAgICAgICAgICAgICBOYWdlbmRyYSBLdW1hcg0KICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgTm9ibyBBa2l5YQ0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgUmFtIEtyaXNobmFu DQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICBBbm9vcCBHaGFud2FuaQ0KICAgIAlGaWxl bmFtZSAgICAgICAgOiBkcmFmdC1pZXRmLXNmYy1vYW0tZnJhbWV3b3JrLTAzLnR4dA0KICAgIAlQ YWdlcyAgICAgICAgICAgOiAxOA0KICAgIAlEYXRlICAgICAgICAgICAgOiAyMDE3LTA5LTA3DQog ICAgDQogICAgQWJzdHJhY3Q6DQogICAgICAgVGhpcyBkb2N1bWVudCBwcm92aWRlcyBhIHJlZmVy ZW5jZSBmcmFtZXdvcmsgZm9yIE9wZXJhdGlvbnMsDQogICAgICAgQWRtaW5pc3RyYXRpb24gYW5k IE1haW50ZW5hbmNlIChPQU0pIGZvciBTZXJ2aWNlIEZ1bmN0aW9uIENoYWluaW5nDQogICAgICAg KFNGQykuDQogICAgDQogICAgDQogICAgDQogICAgVGhlIElFVEYgZGF0YXRyYWNrZXIgc3RhdHVz IHBhZ2UgZm9yIHRoaXMgZHJhZnQgaXM6DQogICAgaHR0cHM6Ly9kYXRhdHJhY2tlci5pZXRmLm9y Zy9kb2MvZHJhZnQtaWV0Zi1zZmMtb2FtLWZyYW1ld29yay8NCiAgICANCiAgICBUaGVyZSBhcmUg YWxzbyBodG1saXplZCB2ZXJzaW9ucyBhdmFpbGFibGUgYXQ6DQogICAgaHR0cHM6Ly90b29scy5p ZXRmLm9yZy9odG1sL2RyYWZ0LWlldGYtc2ZjLW9hbS1mcmFtZXdvcmstMDMNCiAgICBodHRwczov L2RhdGF0cmFja2VyLmlldGYub3JnL2RvYy9odG1sL2RyYWZ0LWlldGYtc2ZjLW9hbS1mcmFtZXdv cmstMDMNCiAgICANCiAgICBBIGRpZmYgZnJvbSB0aGUgcHJldmlvdXMgdmVyc2lvbiBpcyBhdmFp bGFibGUgYXQ6DQogICAgaHR0cHM6Ly93d3cuaWV0Zi5vcmcvcmZjZGlmZj91cmwyPWRyYWZ0LWll dGYtc2ZjLW9hbS1mcmFtZXdvcmstMDMNCiAgICANCiAgICANCiAgICBQbGVhc2Ugbm90ZSB0aGF0 IGl0IG1heSB0YWtlIGEgY291cGxlIG9mIG1pbnV0ZXMgZnJvbSB0aGUgdGltZSBvZiBzdWJtaXNz aW9uDQogICAgdW50aWwgdGhlIGh0bWxpemVkIHZlcnNpb24gYW5kIGRpZmYgYXJlIGF2YWlsYWJs ZSBhdCB0b29scy5pZXRmLm9yZy4NCiAgICANCiAgICBJbnRlcm5ldC1EcmFmdHMgYXJlIGFsc28g YXZhaWxhYmxlIGJ5IGFub255bW91cyBGVFAgYXQ6DQogICAgZnRwOi8vZnRwLmlldGYub3JnL2lu dGVybmV0LWRyYWZ0cy8NCiAgICANCiAgICBfX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f X19fX19fX19fX19fX19fXw0KICAgIEktRC1Bbm5vdW5jZSBtYWlsaW5nIGxpc3QNCiAgICBJLUQt QW5ub3VuY2VAaWV0Zi5vcmcNCiAgICBodHRwczovL3d3dy5pZXRmLm9yZy9tYWlsbWFuL2xpc3Rp bmZvL2ktZC1hbm5vdW5jZQ0KICAgIEludGVybmV0LURyYWZ0IGRpcmVjdG9yaWVzOiBodHRwOi8v d3d3LmlldGYub3JnL3NoYWRvdy5odG1sDQogICAgb3IgZnRwOi8vZnRwLmlldGYub3JnL2lldGYv MXNoYWRvdy1zaXRlcy50eHQNCiAgICANCg0K From nobody Mon Sep 11 08:06:54 2017 Return-Path: X-Original-To: sfc@ietfa.amsl.com Delivered-To: sfc@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 712C9132F49 for ; Mon, 11 Sep 2017 08:06:52 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.999 X-Spam-Level: X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lWHX-k3qa0oZ for ; Mon, 11 Sep 2017 08:06:45 -0700 (PDT) Received: from mail-wr0-x231.google.com (mail-wr0-x231.google.com [IPv6:2a00:1450:400c:c0c::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B17611330B7 for ; Mon, 11 Sep 2017 08:06:44 -0700 (PDT) Received: by mail-wr0-x231.google.com with SMTP id m18so15316284wrm.2 for ; Mon, 11 Sep 2017 08:06:44 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=7aloWGxxFVe2138tlePbPZxgEbC7ZCZfiXTsrF4mR+w=; b=dQgBC34g4/Ptlr0eGrHDKusiP8MRbS5OLkZnG5dbSgOUYLsvvOv3cqUpFe2XHNH6+O N1wb6PA0kuoQy+0dX5gpgky+dCK5z2+Z6zmlGDkCOdGqKPYVhi9OLcMvanG6nNpaOewM 6sUxR3uq2WMwiQW7wKkRgWVDL+IrZUJM+ZTMlk7Fg+65mc7hr+ykIQ8pZU9HHxSE4lB6 FJ5zK89p31YjfrYoggXygSgkUlfemvrjMOqr74c9UIvw5vbt0l5F1LaYjYAkAZ5SFUCb 7lKnwaanaNoTDWRAJ+hDOJXtN+5HVAfG+fekfnCSMgoNc1LFp1sRY5CMmOaE2zvyxixP XaYg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=7aloWGxxFVe2138tlePbPZxgEbC7ZCZfiXTsrF4mR+w=; b=de7DCFVg67qSPCN3qPkMVPpEAypPdglx53Ju0dqXWtkwvUtpVm2igjl8L2Erqh0M6g H5+1sb2qq78fo6JxEWiw6r+MpH7Sy7WlcQfnqcSQTZJ/Iqe41I279wAimqUTOfxEAUia DatCHo6jpm+rAUutRdWZja+zrZCSuu8sSx9UaCxWVMoo1bv6kWnPM+jXH28Zkh8X5sgF 3BMf+ak0QRBsiack0CLXAxqddJyq4HC0CMKxOdS6d7fdJrMmBQYjvbx6cbfbi5a7JLIm 4oXSeOoBTICXYTHn0Nroydnr7Tk/QvFT6ukGHjskvO/i7L6Rq91aF/6pzYdLzDxsUZfl iTUg== X-Gm-Message-State: AHPjjUjlxP0/OYIiVS7PSon89FcU58Bh1guWEvadi+4B6dRxdyVp1iH/ BqOgI2/Vp4xpObZK2ElxsQZTH3r21nUAQlQ= X-Google-Smtp-Source: ADKCNb70IP8eoeqw5pSsYUK8WPk97E0EwFd8VXSl9BD1eRmSNoHM44Fq8MLsf5nQadUgyYP0PnfCwijEgtD6K8rDDUI= X-Received: by 10.223.178.203 with SMTP id g69mr9290969wrd.258.1505142402801; Mon, 11 Sep 2017 08:06:42 -0700 (PDT) MIME-Version: 1.0 Received: by 10.223.136.153 with HTTP; Mon, 11 Sep 2017 08:06:42 -0700 (PDT) From: Alia Atlas Date: Mon, 11 Sep 2017 11:06:42 -0400 Message-ID: To: "sfc@ietf.org" Content-Type: multipart/alternative; boundary="f403045cf0724163860558eb4651" Archived-At: Subject: [sfc] concerns about progressing draft-ietf-sfc-nsh X-BeenThere: sfc@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Network Service Chaining List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 11 Sep 2017 15:06:52 -0000 --f403045cf0724163860558eb4651 Content-Type: text/plain; charset="UTF-8" I am still quite concerned about the security implications for NSH. I do think that the security considerations section is much improved - but the issues aren't just describing better what could be done. Here are my concerns: a) There is no integrity protection for the NSH. It is, of course, possible to do transport-layer security for some transports - but that doesn't prevent a single compromised SF, SFF, etc. from modifying the NSH. This is primarily a concern for the SFP & SI fields where such a modification could move the packet to a different chain or no chain at all. Without transport-layer security, any MITM attack could easily do so. While the intent is for this to be in a single administrative domain, that includes multi-tenancy data-centers. That includes cables that could be compromised. Consider the case where a VM comes up and claims an address that is expected to be an SFF. Traffic could be directed to it. I don't see a way of solving this problem that doesn't consider control plane aspects or that doesn't have more than 1 transport-hop security. Fundamentally, if a MITM can strip off the NSH without being detected, I am concerned. It feels like the single administrative domain is being used to assume that there is no possibility of MITM. This all may be similar to the case where a VLAN is used with static wiring to indicate the next-hop and the VLAN could be changed or stripped off, but I am concerned that the attack surface is greater. I hope that this concern can be resolved by having a clear threat analysis in the Security Considerations - with an indication of which threats are handled by transport/overlay layer security. I know this is a hard problem; solving it is out of my area of expertise - but documenting the threats is the minimum. b) The meta-data provides a method for sending along any information with the packet. This allows any MITM to eavesdrop on that information - as well as modify it. For cases where the meta-data represents subscriber information, this presents not merely a privacy threat but also a financial threat - where a different subscriber could be substituted. There is no mechanism currently adopted or even not expired for encrypting the meta-data. There is nothing that would require meta-data to be so encrypted when allocated by other organizations. I could see an approach where IETF standardized & allocated meta-data could be plain text, assuming that the IETF process would be sufficiently sensitive to privacy concerns. Integrity protection is still a concern (unless the assumption really is no MITM). I could see an approach where meta-data from other ranges MUST be encrypted. Perhaps there are middle grounds. Let me discuss briefly about MITM attacks. In a multi-tenancy environment, it is quite possible for there to be malicious VMs that try to attack. Even in a single administrative domain, a VM image could be infected with malware or there can be malicious (ex-)employees. Inside attacks at corporations are a persistent concern. I have had and expected serious concerns about security and privacy aspects for years. I strongly steered towards a security DT to serious probe into a threat analysis & solutions, because I & Stephen Farrel were trying to get security issues resolved before the NSH draft and other work progressed. The DT tried but did not get traction in the WG. At the interim meeting in Jan 2017, there was agreement to handle the security issues as part of each document. That is what this means! I am also still concerned about the lack of OAM work around NSH. It was 2 years ago when the compromise of at least defining the minimum behavior for the OAM bit was put in. There has been no meaningful progress on OAM since then - and we have a desire to push strongly forward with NSH despite that. For every encapsulation, we say that we must build in good troubleshooting and OAM from the beginning - and, yet again, the WG has failed to do so. It has failed to convincingly engage in this area at all. The lack of thought as to whether the OAM flag is pitched by re-classification is just another indication that the WG is not seriously thinking about or trying to solve OAM. I know that the OAM framework just had a new version published; a framework is nice but it is NOT a technical solution. The WG doesn't even have connectivity or trace functionality defined for SFC - which seems the bare minimum. (I do understand that the charter suggests that more understanding is needed - but that was written almost 4 years ago!). I hope that there are no more lurking issues around OAM in the minimum that is defined for interoperability in NSH. When I find an issue this late (after many many readings of this draft), it does make me concerned about what has still been missed. I would greatly appreciate others reviewing this document from the OAM perspective - thinking about how a traceroute & connectivity functionality would work through reclassifiers & other more complex scenarios. I am concerned by the transport directorate reviews that note it is challenging to consider transport considerations without any companion drafts on what transport/overlays are expected to be used. I don't see that being solved as part of the NSH draft - but I really wish that the WG had made work on the needed companion drafts. I am not sure how interoperability could work without some agreement on transport/overlays. draft-ietf-sfc-nsh-20 has improved greatly in terms of readability and in terms of suggesting some of what might be possible while strongly trying to push all concerns into someone else's problem. The drafts to support that push aren't there yet. I do not consider that these issues are the responsibility of the draft-ietf-sfc-nsh editors and authors, who have been doing an excellent job recently of improving the readability and documenting what is there. These are WG issues. I have asked Kathleen & Benoit to review draft-ietf-sfc-nsh-20 and provide their feedback. I am still considering what to do. Regards, Alia --f403045cf0724163860558eb4651 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
I am still quite concerne= d about the security implications for NSH.
I do think that the security consider= ations section is much improved - but
= the issues aren't just describing bett= er what could be done.

Here are my concerns:
=C2=A0=C2= =A0 =C2=A0a) There is no integrity protection for the NSH. It is, of course= , possible to
=C2=A0=C2=A0 =C2=A0 =C2=A0 =C2=A0 do transport-layer security for = some transports - but that doesn't prevent
=C2=A0=C2=A0 =C2=A0 =C2=A0 =C2=A0= a single compromised SF, SFF, etc. from modifying the NSH. This is primari= ly
= =C2=A0=C2=A0 =C2=A0 =C2=A0 =C2=A0 a concern for the SFP & SI fields whe= re such a modification could move the
= =C2=A0=C2=A0 =C2=A0 =C2=A0 =C2=A0 packet t= o a different chain or no chain at all. Without transport-layer security,
=C2=A0= =C2=A0 =C2=A0 =C2=A0 =C2=A0 any MITM attack could easily do so.=C2=A0 While= the intent is for this to be in a single
=C2=A0=C2=A0 =C2=A0 =C2=A0 =C2=A0 admi= nistrative domain, that includes multi-tenancy data-centers. That includes<= /span>
=C2= =A0=C2=A0 =C2=A0 =C2=A0 =C2=A0 cables that could be compromised.

=C2=A0=C2=A0 =C2=A0 =C2=A0 =C2=A0 Consider the case where a= VM comes up and claims an address that is
=C2=A0=C2=A0 =C2=A0 =C2=A0 =C2=A0 exp= ected to be an SFF. Traffic could be directed to it. I don't see a way = of
= =C2=A0=C2=A0 =C2=A0 =C2=A0 =C2=A0 solving this problem that doesn't con= sider control plane aspects or that
=C2=A0=C2=A0 =C2=A0 =C2=A0 =C2=A0 doesn'= t have more than 1 transport-hop security. Fundamentally, if a MITM<= br style=3D"font-size:12.8px">=C2=A0=C2=A0= =C2=A0 =C2=A0 =C2=A0 can strip off the NSH without being detected, I am co= ncerned.
=C2=A0=C2=A0 =C2=A0 =C2=A0 =C2=A0 It feels like the single administrati= ve domain is being used to assume that there
=C2=A0=C2=A0 =C2=A0 =C2=A0 =C2=A0 i= s no possibility of MITM.

=C2=A0=C2=A0 =C2=A0 =C2= =A0 =C2=A0 This all may be similar to the case where a VLAN is used with st= atic wiring to
=C2=A0=C2=A0 =C2=A0 =C2=A0 =C2=A0 indicate the next-hop and the V= LAN could be changed or stripped off, but I am
=C2=A0=C2=A0 =C2=A0 =C2=A0 =C2=A0= concerned that the attack surface is greater.

= =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0I hope that this concern can be resolved = by having a clear threat analysis in the
=C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0Security Considerations - with an indication of which threats are= handled by
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0transport/overlay l= ayer security. I know this is a hard problem; solving it is out
= =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0of my area of expertise - but documenting= the threats is the minimum.

=C2=A0=C2=A0 =C2=A0b) The meta-data provides a = method for sending along any information=C2=A0with the packet.=C2=A0
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0This allows any MITM to eavesdro= p on that information - as well as modify it. For
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0cases where the = meta-data represents subscriber information, this presents not
=
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0mer= ely a privacy threat but also a financial threat - where a different subscr= iber could
=C2=A0 =C2=A0 = =C2=A0 =C2=A0 =C2=A0be substituted.

=C2=A0 = =C2=A0 =C2=A0 =C2=A0 =C2=A0There is no mechanism currently adopted or even = not expired for
=C2= =A0=C2=A0 =C2=A0 =C2=A0 =C2=A0 encrypting the meta-data. There is nothing t= hat would require meta-data to be so
<= span style=3D"font-size:12.8px">=C2=A0=C2=A0 =C2=A0 =C2=A0 =C2=A0 encrypted= when allocated by other organizations.

=C2=A0=C2= =A0 =C2=A0 =C2=A0 =C2=A0 I could see an approach where IETF standardized &a= mp; allocated meta-data could be
=C2=A0=C2=A0 =C2=A0 =C2=A0 =C2=A0 plain text, a= ssuming that the IETF process would be sufficiently sensitive to privacy
=C2=A0= =C2=A0 =C2=A0 =C2=A0 =C2=A0 concerns. Integrity protection is still a conce= rn (unless the assumption really is no
=C2=A0=C2=A0 =C2=A0 =C2=A0 =C2=A0 MITM). = I could see an approach where meta-data from other ranges MUST be=C2=A0=C2=A0 = =C2=A0 =C2=A0 =C2=A0 encrypted. Perhaps there are middle grounds.
Let me discuss briefly about MITM attacks. In a multi-tena= ncy environment, it is quite
possible for there to be malicious VMs that try to = attack. Even in a single administrative
domain, a VM image could be infected wit= h malware or there can be malicious (ex-)employees. Inside attacks at corpo= rations are a persistent concern.

I have had and = expected serious concerns about security and privacy aspects for years. I s= trongly steered towards a security DT to serious probe into a threat analys= is & solutions, because I & Stephen Farrel were trying to get secur= ity issues resolved before the NSH draft and other work progressed. The DT = tried but did not get traction in the WG. At the interim meeting in Jan 201= 7, there was agreement to handle the security issues as part of each docume= nt. That is what this means!

I am also still conc= erned about the lack of OAM work around NSH. It was 2 years ago when the co= mpromise of at least defining the minimum behavior for the OAM bit was put = in. There has been no meaningful progress on OAM since then - and we have a= desire to push strongly forward with NSH despite that. For every encapsula= tion, we say that we must build in good troubleshooting and OAM from the be= ginning - and, yet again, the WG has failed to do so. It has failed to conv= incingly engage in this area at all.=C2=A0The lack of thought as to whether the OAM flag is pitched by re-clas= sification is just another indication that the WG is not seriously thinking= about or trying to solve OAM.=C2=A0I know that the OAM framework just had a new version published; a framewor= k is nice but it is NOT a technical solution. The WG doesn't even have = connectivity or trace functionality defined for SFC - which seems the bare = minimum. =C2=A0(I do understand that the charter suggests that more underst= anding is needed - but that was written almost 4 years ago!). =C2=A0= I hope that there are no more lurking issu= es around OAM in the minimum that is defined for interoperability in NSH. W= hen I find an issue this late (after many many readings of this draft), it = does make me concerned about what has still been missed. I would greatly ap= preciate others reviewing this document from the OAM perspective - thinking= about how a traceroute & connectivity functionality would work through= reclassifiers & other more complex scenarios.

I a= m concerned by the transport directorate reviews that note it is challengin= g to consider transport considerations without any companion drafts on what= transport/overlays are expected to be used. I don't see that being sol= ved as part of the NSH draft - but I really wish that the WG had made work = on the needed companion drafts. I am not sure how interoperability could wo= rk without some agreement on transport/overlays.

draft-ietf-sfc-nsh-20 has improved= greatly in terms of readability and in terms of suggesting some of what mi= ght be possible while strongly trying to push all concerns into someone els= e's problem. The drafts to support that push aren't there yet.

I do not consider that these issues are the responsib= ility of the draft-ietf-sfc-nsh editors and authors, who have been doing an= excellent job recently of improving the readability and documenting what i= s there. These are WG issues.

I have asked Kathle= en & Benoit to review draft-ietf-sfc-nsh-20 and provide their feedback.=

I am still considering what to do.

Regards,
Alia
--f403045cf0724163860558eb4651-- From nobody Tue Sep 12 01:22:37 2017 Return-Path: X-Original-To: sfc@ietfa.amsl.com Delivered-To: sfc@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4099313235C; Tue, 12 Sep 2017 01:22:31 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.699 X-Spam-Level: X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6iNPkkw5Qlyy; Tue, 12 Sep 2017 01:22:29 -0700 (PDT) Received: from mail-lf0-x234.google.com (mail-lf0-x234.google.com [IPv6:2a00:1450:4010:c07::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 29DAA124B18; Tue, 12 Sep 2017 01:22:29 -0700 (PDT) Received: by mail-lf0-x234.google.com with SMTP id l196so24367834lfl.1; Tue, 12 Sep 2017 01:22:29 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=OgppNPadQ0PgKxiQmAdtPsTM0Q9pguun4OY+94QU1wY=; b=kneNhDhytolQKAHtsPcarB6nhr5M2OeM3zja05WAlWP92z3SokNvuGxsjiF1Ezx9vc on89L1Rzfk4faI20a6N2jAqeut6+jkG7xe8VXdwdnq5edbaSFoQ9id4RtoW29mfdnv6g 1sHr9vn9d3g8nyQyGlzND270NpX9onuDkeDlHkdj2uHGhK0gNoHZA/lD335H6RVgw4EZ 845c5JA2QN7dPnnefpNT3p7VWwLWDC6tnNEhmmETSvf9sveaJSxBwJ1Eh1HMAjseRT5h MftaTyRo+nQdEPvFhIQyFdn23nNvAB2eGpabnPmnjQG01mGNvBDxuHSueLDB7xGMJg7Z uQow== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=OgppNPadQ0PgKxiQmAdtPsTM0Q9pguun4OY+94QU1wY=; b=WBshnbhrlyKNsp2Nzdjjd7c+HE2ffymFJ2YSwMd38+UWj8j0hXEYjPP1dOpsqgnqr7 xqqTa0aw1GBAX7RbH4RFVrEC+WsijpPDBf/g3ldrokhvZ8fLvSvn22Sg6JrD0Fvwu+Gr dthX4B90K1O6l0SujnmSScx41PkOHJOr8JfYtjw4iiHbhshkiMN/H+1lkIdGkJv/6XQB 0ZAHoFc79T7HSrz1nnpF+9MAbkIxGv5TmY53oGxM7PfaPWEC4uuyJtSkMQzGIdPKXbYu eDdiAZLRKFTzOhnbm/44g9+l04eGmxnupCeBK2PK6e9+FIWeZdkglePVEyh0ri2HVE7g kn9A== X-Gm-Message-State: AHPjjUgrX05l3wJhqgTYk6dR6htniXTZPRb2fGZ8mmcuz8Y+Iw+vwjU4 K1oEzEToPqp1KQeV5gvdFF1at9EcsFPw X-Google-Smtp-Source: AOwi7QCmzzbNh0r16eDBen24WYjA9aVVsGmotKZWnU1i/gPqBy5alYByE3Wt1mNKWE1cTtAyJlvMjMJx0nqHWQb3nuM= X-Received: by 10.25.145.66 with SMTP id y2mr3883188lfj.102.1505204547001; Tue, 12 Sep 2017 01:22:27 -0700 (PDT) MIME-Version: 1.0 Received: by 10.46.32.201 with HTTP; Tue, 12 Sep 2017 01:22:26 -0700 (PDT) In-Reply-To: <150520423416.4597.11034144420561105867.idtracker@ietfa.amsl.com> References: <150520423416.4597.11034144420561105867.idtracker@ietfa.amsl.com> From: Greg Mirsky Date: Tue, 12 Sep 2017 01:22:26 -0700 Message-ID: To: sfc@ietf.org Cc: "ippm@ietf.org" Content-Type: multipart/alternative; boundary="94eb2c1cd53a56a3b20558f9be42" Archived-At: Subject: [sfc] Fwd: New Version Notification for draft-mirsky-sfc-pmamm-02.txt X-BeenThere: sfc@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Network Service Chaining List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 12 Sep 2017 08:22:31 -0000 --94eb2c1cd53a56a3b20558f9be42 Content-Type: text/plain; charset="UTF-8" Dear All, we've updated the Performance Measurement (PM) with Alternate Marking Method in Service Function Chaining (SFC) Domain document with: - align flag naming in the Mark field with PM functionality rather than AMM mode; - added case of Residence Time Measurement using AMM at SFF with nodal and sub-nodal scopes. Your reviews, comments, suggestions always greatly appreciated. Authors believe that the document is ready and would like to ask the WG consider adoption of this work. Regards, Greg ---------- Forwarded message ---------- From: Date: Tue, Sep 12, 2017 at 1:17 AM Subject: New Version Notification for draft-mirsky-sfc-pmamm-02.txt To: Gregory Mirsky , Giuseppe Fioccola < giuseppe.fioccola@telecomitalia.it>, Tal Mizrahi A new version of I-D, draft-mirsky-sfc-pmamm-02.txt has been successfully submitted by Greg Mirsky and posted to the IETF repository. Name: draft-mirsky-sfc-pmamm Revision: 02 Title: Performance Measurement (PM) with Alternate Marking Method in Service Function Chaining (SFC) Domain Document date: 2017-09-12 Group: Individual Submission Pages: 8 URL: https://www.ietf.org/internet-drafts/draft-mirsky-sfc-pmamm- 02.txt Status: https://datatracker.ietf.org/doc/draft-mirsky-sfc-pmamm/ Htmlized: https://tools.ietf.org/html/draft-mirsky-sfc-pmamm-02 Htmlized: https://datatracker.ietf.org/doc/html/draft-mirsky-sfc- pmamm-02 Diff: https://www.ietf.org/rfcdiff?url2=draft-mirsky-sfc-pmamm-02 Abstract: This document describes how the alternate marking method be used as the passive performance measurement method in a Service Function Chaining (SFC) domain. Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. The IETF Secretariat --94eb2c1cd53a56a3b20558f9be42 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Dear All,
we've updated the=C2=A0Performance Measurement (PM) with Alternate Marking Method in Ser= vice Function Chaining (SFC) Domain document with:
    align flag naming in the Mark field with PM functionality rather = than AMM mode;
  • added case of Residence Time = Measurement using AMM at SFF with nodal and sub-nodal scopes.=
Your reviews, comments, suggestions always greatly = appreciated.
Authors believe that the docu= ment is ready and would like to ask the WG consider adoption of this work.<= /span>

Rega= rds,
Greg

---------- Forwarded me= ssage ----------
From: <internet-drafts@ietf.or= g>
Date: Tue, Sep 12, 2017 at 1:17 AM
Subject: New Vers= ion Notification for draft-mirsky-sfc-pmamm-02.txt
To: Gregory Mirsky &l= t;gregimirsky@gmail.com>, G= iuseppe Fioccola <= giuseppe.fioccola@telecomitalia.it>, Tal Mizrahi <talmi@marvell.com>



A new version of I-D, draft-mirsky-sfc-pmamm-02.txt
has been successfully submitted by Greg Mirsky and posted to the
IETF repository.

Name:=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0draft-mirsky-sfc-pmamm
Revision:=C2=A0 =C2=A0 =C2=A0 =C2=A002
Title:=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 Performance Measurement (PM) with = Alternate Marking Method in Service Function Chaining (SFC) Domain
Document date:=C2=A0 2017-09-12
Group:=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 Individual Submission
Pages:=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 8
URL:=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 https://www.ietf.org/internet-drafts/draft-mirsky-sfc-pmam= m-02.txt
Status:=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0htt= ps://datatracker.ietf.org/doc/draft-mirsky-sfc-pmamm/
Htmlized:=C2=A0 =C2=A0 =C2=A0 =C2=A0https://too= ls.ietf.org/html/draft-mirsky-sfc-pmamm-02
Htmlized:=C2=A0 =C2=A0 =C2=A0 =C2=A0h= ttps://datatracker.ietf.org/doc/html/draft-mirsky-sfc-pmamm-02
Diff:=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0https://www.ietf.org/rfcdiff?url2=3Ddraft-mirsky-sfc-pmamm-02

Abstract:
=C2=A0 =C2=A0This document describes how the alternate marking method be us= ed as
=C2=A0 =C2=A0the passive performance measurement method in a Service Functi= on
=C2=A0 =C2=A0Chaining (SFC) domain.




Please note that it may take a couple of minutes from the time of submissio= n
until the htmlized version and diff are available at tools.ietf.org.

The IETF Secretariat


--94eb2c1cd53a56a3b20558f9be42-- From nobody Fri Sep 15 13:07:04 2017 Return-Path: X-Original-To: sfc@ietf.org Delivered-To: sfc@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 53F5F1333B5; Fri, 15 Sep 2017 13:07:03 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: IETF Meeting Session Request Tool To: Cc: sfc-chairs@ietf.org, james.n.guichard@huawei.com, sfc@ietf.org, akatlas@gmail.com X-Test-IDTracker: no X-IETF-IDTracker: 6.61.0 Auto-Submitted: auto-generated Precedence: bulk Message-ID: <150550602333.4854.11659157422093207086.idtracker@ietfa.amsl.com> Date: Fri, 15 Sep 2017 13:07:03 -0700 Archived-At: Subject: [sfc] sfc - New Meeting Session Request for IETF 100 X-BeenThere: sfc@ietf.org X-Mailman-Version: 2.1.22 List-Id: Network Service Chaining List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 15 Sep 2017 20:07:03 -0000 A new meeting session request has just been submitted by Jim Guichard, a Chair of the sfc working group. --------------------------------------------------------- Working Group Name: Service Function Chaining Area Name: Routing Area Session Requester: Jim Guichard Number of Sessions: 1 Length of Session(s): 2 Hours Number of Attendees: 150 Conflicts to Avoid: First Priority: bess idr i2nsf ippm mpls nvo3 rtgwg spring People who must be present: Joel M. Halpern Jim Guichard Alia Atlas Resources Requested: Special Requests: --------------------------------------------------------- From nobody Sun Sep 17 14:14:34 2017 Return-Path: X-Original-To: sfc@ietf.org Delivered-To: sfc@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 419A4132941; Sun, 17 Sep 2017 14:14:26 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: internet-drafts@ietf.org To: Cc: sfc@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 6.61.0 Auto-Submitted: auto-generated Precedence: bulk Message-ID: <150568286622.668.11233138068334135259@ietfa.amsl.com> Date: Sun, 17 Sep 2017 14:14:26 -0700 Archived-At: Subject: [sfc] I-D Action: draft-ietf-sfc-nsh-21.txt X-BeenThere: sfc@ietf.org X-Mailman-Version: 2.1.22 List-Id: Network Service Chaining List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 17 Sep 2017 21:14:26 -0000 A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Service Function Chaining WG of the IETF. Title : Network Service Header (NSH) Authors : Paul Quinn Uri Elzur Carlos Pignataro Filename : draft-ietf-sfc-nsh-21.txt Pages : 34 Date : 2017-09-17 Abstract: This document describes a Network Service Header (NSH) imposed on packets or frames to realize service function paths. The NSH also provides a mechanism for metadata exchange along the instantiated service paths. The NSH is the SFC encapsulation required to support the Service Function Chaining (SFC) architecture (defined in RFC7665). The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-sfc-nsh/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-sfc-nsh-21 https://datatracker.ietf.org/doc/html/draft-ietf-sfc-nsh-21 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-sfc-nsh-21 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ From nobody Mon Sep 18 11:14:24 2017 Return-Path: X-Original-To: sfc@ietfa.amsl.com Delivered-To: sfc@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0B0711321DE; Mon, 18 Sep 2017 11:14:23 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -14.521 X-Spam-Level: X-Spam-Status: No, score=-14.521 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id U_sUuhGO_nea; Mon, 18 Sep 2017 11:14:21 -0700 (PDT) Received: from rcdn-iport-6.cisco.com (rcdn-iport-6.cisco.com [173.37.86.77]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 21100133055; Mon, 18 Sep 2017 11:14:14 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=4456; q=dns/txt; s=iport; t=1505758454; x=1506968054; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=v/eqz9Ta2L0Hp3HsAY6KoGo3b5RRbwIdB5/evHrXieA=; b=EvrEDQwFGjh8TJI1fIdoWdG6PGVp59eJHcqtsC7a5bb+ucYU6dyXy6If Usn2C/KRW4mkpQEWMOesqqMSVfinz2Rk7r/e/KITQdQvLWzOJBCFeIM68 Hgrd1uh7JH4HzOlNrxNXIJl8WAb/TAw9r4bk3PGHCuCf6WLna9CouvRuy w=; X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0CjAACVDMBZ/4YNJK1dGQEBAQEBAQEBA?= =?us-ascii?q?QEBBwEBAQEBg1qBUicHg26KII92gXSIO41rDoIECoU7AhqELT8YAQIBAQEBAQE?= =?us-ascii?q?BayiFGAEBAQECASMRNw4FCwIBCA4KAgImAgICHxEVEAIEDgWKGwMNCKowgieHO?= =?us-ascii?q?A2DagEBAQEBAQEBAQEBAQEBAQEBAQEBAR2BDoIdgWEBIIFQgWMrgn2CWIFtARI?= =?us-ascii?q?BgzIvgjEFigQBiRSNMzwCj1yEd4IThWqKe4xaiC4CERkBgTgBHziBAgt3FUkSA?= =?us-ascii?q?YcJdoVtgSOBDwEBAQ?= X-IronPort-AV: E=Sophos;i="5.42,414,1500940800"; d="scan'208";a="296959127" Received: from alln-core-12.cisco.com ([173.36.13.134]) by rcdn-iport-6.cisco.com with ESMTP/TLS/DHE-RSA-AES256-SHA; 18 Sep 2017 18:14:13 +0000 Received: from XCH-RTP-018.cisco.com (xch-rtp-018.cisco.com [64.101.220.158]) by alln-core-12.cisco.com (8.14.5/8.14.5) with ESMTP id v8IIEC7f021620 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Mon, 18 Sep 2017 18:14:13 GMT Received: from xch-rtp-020.cisco.com (64.101.220.160) by XCH-RTP-018.cisco.com (64.101.220.158) with Microsoft SMTP Server (TLS) id 15.0.1263.5; Mon, 18 Sep 2017 14:14:12 -0400 Received: from xch-rtp-020.cisco.com ([64.101.220.160]) by XCH-RTP-020.cisco.com ([64.101.220.160]) with mapi id 15.00.1263.000; Mon, 18 Sep 2017 14:14:12 -0400 From: "Carlos Pignataro (cpignata)" To: Alia Atlas CC: "sfc@ietf.org" , "draft-ietf-sfc-nsh@ietf.org" Thread-Topic: Additional AD review comments on draft-ietf-sfc-nsh-20 Thread-Index: AQHTKBEJ6j37PwZL1EeImcQxKOWXRaK7RsUA Date: Mon, 18 Sep 2017 18:14:12 +0000 Message-ID: <29A6B17C-F815-4A03-A63C-CB265F0175A2@cisco.com> References: In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-exchange-messagesentrepresentingtype: 1 x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [10.118.116.133] Content-Type: text/plain; charset="utf-8" Content-ID: <02C153FAAD9453479B3D38B2ED5E7647@emea.cisco.com> Content-Transfer-Encoding: base64 MIME-Version: 1.0 Archived-At: Subject: Re: [sfc] Additional AD review comments on draft-ietf-sfc-nsh-20 X-BeenThere: sfc@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Network Service Chaining List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 18 Sep 2017 18:14:23 -0000 SGksIEFsaWEsDQoNCllvdSBhZGRyZXNzZWQgdGhpcyBlbWFpbCB0byBtZSwgYnV0IEkganVzdCBu b3RpY2VkIEkgZmFpbGVkIHRvIHJlc3BvbmQg4oCUIGFwb2xvZ2llcyENCg0KPiBPbiBTZXAgNywg MjAxNywgYXQgMzozOSBQTSwgQWxpYSBBdGxhcyA8YWthdGxhc0BnbWFpbC5jb20+IHdyb3RlOg0K PiANCj4gQ2FybG9zLA0KPiANCj4gVGhlIGRyYWZ0IGlzIG11Y2ggaW1wcm92ZWQuICBUaGFuayB5 b3UgZm9yIHlvdXIgaGFyZCB3b3JrLiAgSSBzdGlsbCBzZWUgdGhlIGZvbGxvd2luZyB0aHJlZSBp c3N1ZXMuDQo+IA0KDQpUaGFua3MsIGxldOKAmXMgc2VlIHRob3NlIHRocmVlLCBpbmxpbmUuDQoN Cj4gDQo+IDEpIFNlYyAyLjI6ICJUaGUgTyBiaXQgTVVTVCBiZSBzZXQgZm9yIE9BTSBwYWNrZXRz IGFuZCBNVVNUIE5PVCBiZSBzZXQgZm9yIG5vbi1PQU0NCj4gICAgcGFja2V0cy4gIFRoZSBPIGJp dCBNVVNUIE5PVCBiZSBtb2RpZmllZCBhbG9uZyB0aGUgU0ZQLiINCj4gV2hhdCBoYXBwZW5zIGlm IHRoZSBwYWNrZXQgaXMgcmVjbGFzc2lmaWVkIC0gcG90ZW50aWFsbHkgdG8gYSBkaWZmZXJlbnQg U0ZQPyAgDQo+IA0KPiBTZWMgMyBkb2Vzbid0IGNsYXJpZnkgdGhpcy4iV2hlbiB0aGUgbG9naWNh bCBjbGFzc2lmaWVyIHBlcmZvcm1zIHJlLQ0KPiAgICAgICAgY2xhc3NpZmljYXRpb24gdGhhdCBy ZXN1bHRzIGluIGEgY2hhbmdlIG9mIHNlcnZpY2UgcGF0aCwgaXQgTVVTVA0KPiAgICAgICAgcmVw bGFjZSB0aGUgZXhpc3RpbmcgTlNIIHdpdGggYSBuZXcgTlNIIHdpdGggdGhlIEJhc2UgSGVhZGVy IGFuZA0KPiAgICAgICAgU2VydmljZSBQYXRoIEhlYWRlciByZWZsZWN0aW5nIHRoZSBuZXcgc2Vy dmljZSBwYXRoIGluZm9ybWF0aW9uDQo+ICAgICAgICBhbmQgTVVTVCBzZXQgdGhlIGluaXRpYWwg U0kuICBNZXRhZGF0YSBNQVkgYmUgcHJlc2VydmVkIGluIHRoZQ0KPiAgICAgICAgbmV3IE5TSC4i DQo+IA0KDQpJIGRvIG5vdCB0aGluayBTZWMgMyBuZWVkcyB0byBjbGFyaWZ5IGl0LiBTZWN0aW9u IDIuMiBhbHJlYWR5IHNheXM6DQoNCuKAnE8gYml0OiBb4oCmXSBUaGUgYWN0dWFsIGZvcm1hdCBh bmQgcHJvY2Vzc2luZyBvZiBTRkMNCiAgIE9BTSBwYWNrZXRzIGlzIG91dHNpZGUgdGhlIHNjb3Bl IG9mIHRoaXMgc3BlY2lmaWNhdGlvbuKAnQ0KDQpTbyB3ZSBzaG91bGQgbm90IGF0dGVtcHQgdG8g c3BlY2lmeSB0aGUgcHJvY2Vzc2luZyBoZXJlLiANCg0KSWYgeW91IGJlbGlldmUgaXQgaGVscHMs IHdlIGNhbiBhZGQg4oCcVGhlIHZhbHVlIG9mIHRoZSBPIGJpdCBNVVNUIGJlIHByZXNlcnZlZCBp biB0aGUgbmV3IE5TSOKAnSwgYnV0IHRoYXQgd291bGQgZ28gYWdhaW5zdCBTMi4y4oCZcyBzY29w ZS4NCg0KPiBJdCB3b3VsZCBiZSBnb29kIHRvIHNwZWNpZnkgdGhlIGJlaGF2aW9yIGZvciB0aGUg dW5hc3NpZ25lZCBmbGFncyBhcyB3ZWxsOyB0aGF0IHdheSB0aGVyZSB3aWxsIGJlIGNvbnNpc3Rl bnQgYXNzdW1wdGlvbnMgZm9yIGZ1dHVyZSBleHRlbnNpb25zLCBpZiBuZWVkZWQuDQo+IA0KDQpT aW5jZSB0aGV5IGFyZSBVbmFzc2lnbmVkLCB0aGUgaGF2ZSBubyBiZWhhdmlvciBzcGVjaWZpZWQs IG90aGVyIHRoYW4gd2hhdOKAmXMgYWxyZWFkeSB0aGVyZToNCg0K4oCcVW5hc3NpZ25lZCBiaXRz IE1VU1QNCiAgIGJlIHNldCB0byB6ZXJvIHVwb24gb3JpZ2luYXRpb24sIGFuZCBNVVNUIGJlIGln bm9yZWQgYW5kIHByZXNlcnZlZA0KICAgdW5tb2RpZmllZCBieSBvdGhlciBOU0ggc3VwcG9ydGlu ZyBlbGVtZW50cy4gIEF0IHJlY2VwdGlvbiwgYWxsDQogICBlbGVtZW50cyBNVVNUIE5PVCBtb2Rp ZnkgdGhlaXIgYWN0aW9ucyBiYXNlZCBvbiB0aGVzZSB1bmtub3duIGJpdHMu4oCdDQoNCldoYXQg ZWxzZSBpcyBtaXNzaW5nPw0KDQo+IDIpIFNlYyA3LjE6ICJGb3IgZXhhbXBsZSwgaWYgdGhlIG1l dGFkYXRhIGNvbnZleXMgdGVuYW50IGluZm9ybWF0aW9uLCB0aGF0IGluZm9ybWF0aW9uIG1heSBu ZWVkIHRvIGJlIGF1dGhlbnRpY2F0ZWQgYW5kL29yIGVuY3J5cHRlZCBiZXR3ZWVuIHRoZSBvcmln aW5hdG9yIGFuZCB0aGUNCj4gICAgaW50ZW5kZWQgcmVjaXBpZW50cyAod2hpY2ggbWF5IGluY2x1 ZGUgaW50ZW5kZWQgU0ZzIG9ubHkpLiINCj4gQSByZWZlcmVuY2UgdG8gZHJhZnQtcmVkZHktc2Zj LW5zaC1lbmNyeXB0LCB3aGljaCBkZWZpbmVzIGhvdyB0byBlbmNyeXB0IHRoZSBtZXRhLWRhdGEg d291bGQgYmUgbW9zdCBoZWxwZnVsIGluIG1ha2luZyB0aGlzIHNvdW5kIGxlc3MgYXNwaXJhdGlv bmFsOw0KDQpTdXJlLiBJdOKAmXMgYWxyZWFkeSBjaXRlZCBpbiB0aGUgU2VjdXJpdHkgQ29uc2lk ZXJhdGlvbnMgc2VjdGlvbiwgYnV0IHdlIGNhbiBhZGQgYW5vdGhlciBjaXRhdGlvbi4gRG9uZSBp biB0aGUgd29ya2luZyBjb3B5Lg0KDQo+IHNvIHdvdWxkIGhhdmluZyB0aGF0IGRyYWZ0IG5vdCBi ZSAyIHllYXJzIGV4cGlyZWQgYW5kIGlnbm9yZWQgYnkgdGhlIFdHLiANCj4gDQo+IDMpIFNlYyAx MS4yLjU6IEd1aWRhbmNlIGZvciB0aGUgZXhwZXJ0IHJldmlldyBpcyBuZWVkZWQuDQoNCkdvb2Qg cG9pbnQuIFRoYW5rcy4NCg0KSGVyZeKAmXMgYW4gYXR0ZW1wdCwgcGxlYXNlIGNvbXBsZXRlLiBJ IGFtIGhlc2l0YW50IHRvIHJlcXVlc3QgZGlzY3Vzc2lvbiBvbiB0aGUgU0ZDIGxpc3QsIGRvIHlv dSB0aGluayB3ZSBzaG91bGQgKGFuZCByZXF1ZXN0IGluIHRoYXQgZG9jdW1lbnQgdGhhdCB0aGUg bGlzdCBpcyBrZXB0IG9wZW4pPw0KDQo8dD4NCkV4cGVydCBSZXZpZXcgcmVxdWVzdHMgTVVTVCBp bmNsdWRlIGEgc2luZ2xlIGNvZGUgcG9pbnQgcGVyIHJlcXVlc3QuDQogICBEZXNpZ25hdGVkIEV4 cGVydHMgZXZhbHVhdGluZyBuZXcgYWxsb2NhdGlvbiByZXF1ZXN0cyBmcm9tIHRoaXMgcmVnaXN0 cnkNCiAgIHNob3VsZCBjb25zaWRlciB0aGUgcG90ZW50aWFsIHNjYXJjaXR5IG9mIGNvZGUgcG9p bnRzIGZvciBhbiA4LWJpdCB2YWx1ZSwNCiAgIGFuZCBjaGVjayBib3RoIGZvciBkdXBsaWNhdGlv bnMgYXMgd2VsbCBhcyBhdmFpbGFiaWxpdHkgb2YgZG9jdW1lbnRhdGlvbi4NCjwvdD4NCg0KDQoN Cj4gDQo+IFJlZ2FyZHMsDQo+IEFsaWENCg0K4oCUDQpDYXJsb3MgUGlnbmF0YXJvLCBjYXJsb3NA Y2lzY28uY29tDQoNCuKAnFNvbWV0aW1lcyBJIHVzZSBiaWcgd29yZHMgdGhhdCBJIGRvIG5vdCBm dWxseSB1bmRlcnN0YW5kLCB0byBtYWtlIG15c2VsZiBzb3VuZCBtb3JlIHBob3Rvc3ludGhlc2lz LiINCg0K From nobody Mon Sep 18 13:16:43 2017 Return-Path: X-Original-To: sfc@ietfa.amsl.com Delivered-To: sfc@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 18FE1132F65 for ; Mon, 18 Sep 2017 13:16:42 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2 X-Spam-Level: X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yk5PR7g7Uim8 for ; Mon, 18 Sep 2017 13:16:40 -0700 (PDT) Received: from mail-pf0-x230.google.com (mail-pf0-x230.google.com [IPv6:2607:f8b0:400e:c00::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 95FFF12421A for ; Mon, 18 Sep 2017 13:16:40 -0700 (PDT) Received: by mail-pf0-x230.google.com with SMTP id q76so801696pfq.2 for ; Mon, 18 Sep 2017 13:16:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to :content-transfer-encoding; bh=WGdCsoAdcLhnXW9rLXbWdHjsPSaBMmDqz6WOmpTg03Q=; b=F3qLhIpqjVTBVDnlDIKdHIntgiIfEFC3H2aJMXdJoKrKqAZGto+tBNQa4IXdZ0USd+ 4JoV2M/k4R+9ZZkJAWbbLFDxeXTFn7L837z0inO/6/kcerm0udgnlkFDytE80kqt7mUP iQGTdgU5EC6+jywTjng9hLF1zh9YQiHL/pva2ab9Lwbhk7k92aqwlyDELndM1WACRhiE LFYPh3FPcRTyKVy3X2GYHQwN8hUIpBVZb76BzJjoXabvA0759VYvSl0hIBvga1OMK+kx ggfIJ4tpYbbRJdbzelN6hiSbBzjZTqveSjVLEcOYk2G+pUYrix8/BTzYzpjY9s7RGX1n sfSw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to :content-transfer-encoding; bh=WGdCsoAdcLhnXW9rLXbWdHjsPSaBMmDqz6WOmpTg03Q=; b=AHdnYCtEd6xtUeiPNXVEUFI3xCDNxqY39qFrQ6ehJv4niGl3/mOLUXk7EDz8dwL1x2 VpwzkdA0jP/yAo0e0M0ZF7UHLvu4bpFAQS45czZ7XdJSavIbzSuX7yIA62mPaB4gquB7 Lm6TzTZg6RR7tsXRmAzMYtYXFDWhNv9mMbcpWdX5a1jzoAnSLbeLykz1ilyx0vOHKzyy 7IWi4o3lpM8KUzIor5GrS1PNfBuuvetbNRyPyB+3ZmyqdzHUW8ptuXtRAGeQs9WGPcRq D7WrnqOgk8bB2nD9XDw3n0TXe4b6UleUIaoetGZ4M4+MppmnGLPhM78CPQmiBW6MvnKF 7L0g== X-Gm-Message-State: AHPjjUhdHa8JnSgLpIIVGMspaaVd+I+11qVQAT7ptWimeUDD5D4htuk2 ztqFyskCEtPV7CC3QdwClxafzZN+wDMwewprpc1ePw== X-Google-Smtp-Source: ADKCNb7aY1nhILrta1Zkrf9XuDz+cRbuUg/jExFkZ6XlgwhJDZs11fnqcdDmGFRXtNi7ED4oIaHMLlI1133u3MLusWw= X-Received: by 10.101.82.9 with SMTP id o9mr34211015pgp.42.1505765800001; Mon, 18 Sep 2017 13:16:40 -0700 (PDT) MIME-Version: 1.0 Received: by 10.100.144.1 with HTTP; Mon, 18 Sep 2017 13:15:59 -0700 (PDT) From: Kathleen Moriarty Date: Mon, 18 Sep 2017 16:15:59 -0400 Message-ID: To: "sfc@ietf.org" Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Archived-At: Subject: [sfc] Early review draft-ietf-sfc-nsh X-BeenThere: sfc@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Network Service Chaining List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 18 Sep 2017 20:16:42 -0000 Hello, At Alia's request, I did an early review of draft-ietf-sfc-nsh. Here are some initial comments and I may have more when the draft is revised and is in for IESG review. I appreciate your efforts addressing the comments received to date. I hope you find these suggestions as helpful improvements to the document and clarity of NSH security concerns. Section 1 - The intended scope in the introduction should also include mention of multi-tenancy. This changes the security requirements and is very important to note. Section 1.4 - 5. Transport Agnostic: The NSH is encapsulation-independent, meaning it can be transported by a variety of protocols. An appropriate (for a given deployment) encapsulation protocol can be used to carry NSH-encapsulated traffic. This transport may form an overlay network and if an existing overlay topology provides the required service path connectivity, that existing overlay may be used. Is there a preferred transport so you could specify a recommended transport security protocol? Section 2, 3rd sentence: Subsequently, an outer encapsulation is imposed on the NSH, which is used for network forwarding. Knowing more about this would help to understand options or if there is another draft that addresses this outer encapsulation that is imposed and the transport security requirements that go along with it. Transport may be hop to hop, and there might not be encryption of this header if the application uses an encrypted transport encapsulated in this layer. In any case, it seems integrity protection is a requirement for a multi-tenant environment. Could the COSE MAC function fit the bill since it is intended for concise formats? https://datatracker.ietf.org/doc/rfc8152 JOSE produced a similar function with JSON, but it would be slightly larger= . Section 7.1: The following paragraph implies that anything less than a 5-tuple isn=E2=80=99t useful and that you intend to use traffic content when available. This is concerning. Can=E2=80=99t you use a 2-tuple? What if IPsec transport mode were in use, is this solution dead in the water? Regardless of the source, metadata reflects the "result" of classification. The granularity of classification may vary. For example, a network switch, acting as a classifier, might only be able to classify based on a 5-tuple, while a service function may be able to inspect application information. Regardless of granularity, the classification information can be represented in the NSH. If a 2-tuple is possible, could you add that in as an example instead of or in addition to the 5-tuple? Section 7.1 This text comes too late in the draft and I recommend making a clear statement in the introduction that session encryption to protect the data in transit relies on the application/service sending/receiving the data and not the SFC. I made this point previously and am glad to see some text, but think it would be much better to state this early in the draft. Touching upon protections for data streams versus meta data would both be important (layers for traffic and associated protections). If it=E2=80=99s meta data, do they need to rely on IPsec and having a 2-tuple be the minimum? When is that applied? Is there meta data that could be sensitive if TLS was in place and a 5-tuple is visible (perhaps the existence of communication is sensitive). Are there other considerations for metadata and data that need to be stated up front and put out-of-scope for SFC? I=E2=80=99m asking these questions as providing these answers could show that the risk is constrained. Depending on the information carried in the metadata, data privacy considerations may need to be considered. For example, if the metadata conveys tenant information, that information may need to be authenticated and/or encrypted between the originator and the intended recipients (which may include intended SFs only). The NSH itself does not provide privacy functions, rather it relies on the transport/overlay layer. An operator can select the appropriate transport to ensure confidentiality (and other security) considerations are met. Metadata privacy and security considerations are a matter for the documents that define metadata format. Other comments: I=E2=80=99d like to see; https://tools.ietf.org/html/draft-mglt-sfc-security-environment-req-02 Published before this document and then have that as a reference. One of the comments I made previously was to list out the layering and protections expected on data and NSH. This has been done in the security environment draft, section 4 should be referenced: Section 4 provides an overall description of the SFC environment with the introduction of the different planes (SFC Control Plane, the SFC Management Plane, the Tenant's user Plane and the SFC Data Plane). This is a very important point for anyone reviewing for security as are the environment security requirements. The security environment requirements draft still needs a little more work from a quick read, but helps a lot. I need to finish reading the security environment draft. --=20 Best regards, Kathleen From nobody Mon Sep 18 15:53:56 2017 Return-Path: X-Original-To: sfc@ietfa.amsl.com Delivered-To: sfc@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7043B133011 for ; Mon, 18 Sep 2017 15:53:55 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.701 X-Spam-Level: X-Spam-Status: No, score=-2.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=joelhalpern.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id b7NysryI3gXn for ; Mon, 18 Sep 2017 15:53:54 -0700 (PDT) Received: from mailb2.tigertech.net (mailb2.tigertech.net [208.80.4.154]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 44D3B132F69 for ; Mon, 18 Sep 2017 15:53:54 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by mailb2.tigertech.net (Postfix) with ESMTP id 2904E6E0048 for ; Mon, 18 Sep 2017 15:53:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=joelhalpern.com; s=1.tigertech; t=1505775234; bh=hTiTFiy0b/8TuENgInFAKqeKrPzZmJbFU2saqK+U954=; h=To:From:Subject:Date:From; b=jSu/EZD+fku2ujK81/3KB0pcesYhP3N73vUQxnIeA5s4ohFPnoZMiHmMFrQCNtgJq vFNOKNWHdWc1a4AKLgWjul5zJBeQyVVs3UQBdWrePMHQAzsc2Z5HxElbD3sfwhBlJo BadU0iUQLxKrtzKH6ZI0PoNdkwpEswUAxOykePDA= X-Virus-Scanned: Debian amavisd-new at b2.tigertech.net Received: from Joels-MacBook-Pro.local (unknown [50.225.209.67]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mailb2.tigertech.net (Postfix) with ESMTPSA id C3A4E6E0023 for ; Mon, 18 Sep 2017 15:53:53 -0700 (PDT) To: "sfc@ietf.org" From: "Joel M. Halpern" Message-ID: <4e3137c3-357c-fdd9-5173-3c488d4f3ae1@joelhalpern.com> Date: Mon, 18 Sep 2017 18:53:52 -0400 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:52.0) Gecko/20100101 Thunderbird/52.3.0 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit Archived-At: Subject: [sfc] NSH Security X-BeenThere: sfc@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Network Service Chaining List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 18 Sep 2017 22:53:55 -0000 One of the Area Directors has suggested that https://tools.ietf.org/html/draft-mglt-sfc-security-environment-req-02 may be necessary for completion of the NSH work. While this is not a formal call for adoption, I would like to hear from working group members whether they consider that document ready for WG adoption. Thank you, Joel From nobody Mon Sep 18 16:03:32 2017 Return-Path: X-Original-To: sfc@ietfa.amsl.com Delivered-To: sfc@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 35D2B13320C for ; Mon, 18 Sep 2017 16:03:30 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.701 X-Spam-Level: X-Spam-Status: No, score=-2.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=joelhalpern.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id I-RoItNT4DIg for ; Mon, 18 Sep 2017 16:03:28 -0700 (PDT) Received: from mailb2.tigertech.net (mailb2.tigertech.net [208.80.4.154]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1EBBA133055 for ; Mon, 18 Sep 2017 16:03:28 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by mailb2.tigertech.net (Postfix) with ESMTP id 0B48E6E001D; Mon, 18 Sep 2017 16:03:28 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=joelhalpern.com; s=1.tigertech; t=1505775808; bh=VevFEFKc8Ro6oKYuuD8hTX7wMEIf4vYCuWJOOx6k8zE=; h=Subject:To:References:From:Date:In-Reply-To:From; b=NBpgQ/l1qgJUf7K/owhd3S5rwYg82V4OLLAIUZkUqBndl2bXQYYLQUw56EG8n8mEZ gHtBTkQ33i/x1Ckgw6dNIoZQtHxj0/fnjnEaFerC7GfRMVB6geWlkvBQB/1RM0tP+w IXu+Z42JptStFdFrf+bGh5xYBFa4zoPiAUXVsw/M= X-Virus-Scanned: Debian amavisd-new at b2.tigertech.net Received: from Joels-MacBook-Pro.local (unknown [50.225.209.67]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mailb2.tigertech.net (Postfix) with ESMTPSA id 727BE6E006A; Mon, 18 Sep 2017 16:03:27 -0700 (PDT) To: Kathleen Moriarty , "sfc@ietf.org" References: From: "Joel M. Halpern" Message-ID: Date: Mon, 18 Sep 2017 19:03:26 -0400 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:52.0) Gecko/20100101 Thunderbird/52.3.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 8bit Archived-At: Subject: Re: [sfc] Early review draft-ietf-sfc-nsh X-BeenThere: sfc@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Network Service Chaining List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 18 Sep 2017 23:03:30 -0000 Let me answer a couple fo the easy questions, and ask one somewhat more complex one: The easy one is that this work is, per charter, completely agnostic on transports. It does not have a preferred transport. In order to reduce contention about appearing to prefer some transports, examples of specific transport approaches were removed from the draft. As I result, I am not sure what we can say about your comment on Section 2, 3rd sentence. We are not placing any security requirements on the transports. (There have been drafts on transport proposals. The Ethernet proposals did not call for 802.1x. The MPLS proposals did not add any security to MPLS.) You refer to multi-tenancy. There seem to be at least two different meanings for multi-tenancy in this context. The most common usage of the term is when the service function chaining is used by an operator to provide services to a number of tenants (many subscribers, residential, corporate, whatever.) That does not seem to lead to any security requirements. Another meaning is where a tenant is using a data center for hosting their own service function chaining either for their own traffic or for traffic for their customers. The tenant presumably needs to use appropriate mechanisms to provide appropriate confidentiality and integrity protection for tehir traffic, as they judge relevant to isolate themselves from the seller of the service. That does not seem to require any additional NSH text, as it is a general data center tenancy issue. So can you please elaborate on what multi-tenancy case you are interested in, and what issues you feel NSH needs to address? Yours, Joel On 9/18/17 4:15 PM, Kathleen Moriarty wrote: > Hello, > > At Alia's request, I did an early review of draft-ietf-sfc-nsh. Here > are some initial comments and I may have more when the draft is > revised and is in for IESG review. I appreciate your efforts > addressing the comments received to date. I hope you find these > suggestions as helpful improvements to the document and clarity of NSH > security concerns. > > > Section 1 - > > The intended scope in the introduction should also include mention of > multi-tenancy. This changes the security requirements and is very > important to note. > > Section 1.4 - > > 5. Transport Agnostic: The NSH is encapsulation-independent, meaning > it can be transported by a variety of protocols. An appropriate > (for a given deployment) encapsulation protocol can be used to > carry NSH-encapsulated traffic. This transport may form an > overlay network and if an existing overlay topology provides the > required service path connectivity, that existing overlay may be > used. > > Is there a preferred transport so you could specify a recommended > transport security protocol? > > Section 2, 3rd sentence: > Subsequently, an > outer encapsulation is imposed on the NSH, which is used for network > forwarding. > > Knowing more about this would help to understand options or if there > is another draft that addresses this outer encapsulation that is > imposed and the transport security requirements that go along with it. > > Transport may be hop to hop, and there might not be encryption of this > header if the application uses an encrypted transport encapsulated in > this layer. In any case, it seems integrity protection is a > requirement for a multi-tenant environment. Could the COSE MAC > function fit the bill since it is intended for concise formats? > https://datatracker.ietf.org/doc/rfc8152 > JOSE produced a similar function with JSON, but it would be slightly larger. > > Section 7.1: > > The following paragraph implies that anything less than a 5-tuple > isn’t useful and that you intend to use traffic content when > available. This is concerning. Can’t you use a 2-tuple? What if > IPsec transport mode were in use, is this solution dead in the water? > > Regardless of the source, metadata reflects the "result" of > classification. The granularity of classification may vary. For > example, a network switch, acting as a classifier, might only be able > to classify based on a 5-tuple, while a service function may be able > to inspect application information. Regardless of granularity, the > classification information can be represented in the NSH. > > If a 2-tuple is possible, could you add that in as an example instead > of or in addition to the 5-tuple? > > Section 7.1 > > This text comes too late in the draft and I recommend making a clear > statement in the introduction that session encryption to protect the > data in transit relies on the application/service sending/receiving > the data and not the SFC. I made this point previously and am glad to > see some text, but think it would be much better to state this early > in the draft. Touching upon protections for data streams versus meta > data would both be important (layers for traffic and associated > protections). If it’s meta data, do they need to rely on IPsec and > having a 2-tuple be the minimum? When is that applied? Is there meta > data that could be sensitive if TLS was in place and a 5-tuple is > visible (perhaps the existence of communication is sensitive). Are > there other considerations for metadata and data that need to be > stated up front and put out-of-scope for SFC? I’m asking these > questions as providing these answers could show that the risk is > constrained. > > Depending on the information carried in the metadata, data privacy > considerations may need to be considered. For example, if the > metadata conveys tenant information, that information may need to be > authenticated and/or encrypted between the originator and the > intended recipients (which may include intended SFs only). The NSH > itself does not provide privacy functions, rather it relies on the > transport/overlay layer. An operator can select the appropriate > transport to ensure confidentiality (and other security) > considerations are met. Metadata privacy and security considerations > are a matter for the documents that define metadata format. > > > Other comments: > > I’d like to see; > https://tools.ietf.org/html/draft-mglt-sfc-security-environment-req-02 > Published before this document and then have that as a reference. One > of the comments I made previously was to list out the layering and > protections expected on data and NSH. This has been done in the > security environment draft, section 4 should be referenced: > > Section 4 provides an overall description of the SFC environment with > the introduction of the different planes (SFC Control Plane, the SFC > Management Plane, the Tenant's user Plane and the SFC Data Plane). > > This is a very important point for anyone reviewing for security as > are the environment security requirements. The security environment > requirements draft still needs a little more work from a quick read, > but helps a lot. I need to finish reading the security environment > draft. > From nobody Mon Sep 18 17:24:55 2017 Return-Path: X-Original-To: sfc@ietfa.amsl.com Delivered-To: sfc@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8E123134285 for ; Mon, 18 Sep 2017 17:24:53 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -14.521 X-Spam-Level: X-Spam-Status: No, score=-14.521 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SYHjUvoW-Fdx for ; Mon, 18 Sep 2017 17:24:51 -0700 (PDT) Received: from alln-iport-1.cisco.com (alln-iport-1.cisco.com [173.37.142.88]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 86C2B134237 for ; Mon, 18 Sep 2017 17:24:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=10260; q=dns/txt; s=iport; t=1505780691; x=1506990291; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=RKe2OSN3X/Gl+xgk1wL9O3AzLyZoz42tfgUDeTAAlkM=; b=dYM9syYjWL1Bm1+d9Om1RT21FXfnkMIW8lGUlBgRgapo3BgEfJOIqgi4 OxWhunaG/lvVWHyf3EkxwcPVJPzZR1OVGtC/XXo5seXHNa41/2SASeMIb mtasQC7+o4UnVH9t0lRRFEQGTxcYPGzsoTPqG86kMcZ1jDZIcDhIQKL9X 8=; X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0DmAQDMYsBZ/40NJK1cGQEBAQEBAQEBA?= =?us-ascii?q?QEBBwEBAQEBg1pkbicHg26aF4F0iDuNeYIEChgLhRgCGoQwVwECAQEBAQECayi?= =?us-ascii?q?FGAEBAQECAQEBIREzBwsFCwIBCBgCAiYCAgIfBgsVEAIEDgUbigADDQgQqReCJ?= =?us-ascii?q?4c7DYNfAQEBAQEBAQEBAQEBAQEBAQEBAQEBGAWBDoIdgWIggVCBYysLgWWBDYJ?= =?us-ascii?q?YgWQ8OAKCWS+CMQWgTDwCh1mIA4R3ghOJaIZ9jFqILgIRGQGBOAFXgQ13FUkSA?= =?us-ascii?q?YUGHIFndgGHB4EPAQEB?= X-IronPort-AV: E=Sophos;i="5.42,415,1500940800"; d="scan'208";a="5360944" Received: from alln-core-8.cisco.com ([173.36.13.141]) by alln-iport-1.cisco.com with ESMTP/TLS/DHE-RSA-AES256-SHA; 19 Sep 2017 00:24:50 +0000 Received: from XCH-RTP-019.cisco.com (xch-rtp-019.cisco.com [64.101.220.159]) by alln-core-8.cisco.com (8.14.5/8.14.5) with ESMTP id v8J0OojT022990 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Tue, 19 Sep 2017 00:24:50 GMT Received: from xch-rtp-020.cisco.com (64.101.220.160) by XCH-RTP-019.cisco.com (64.101.220.159) with Microsoft SMTP Server (TLS) id 15.0.1263.5; Mon, 18 Sep 2017 20:24:49 -0400 Received: from xch-rtp-020.cisco.com ([64.101.220.160]) by XCH-RTP-020.cisco.com ([64.101.220.160]) with mapi id 15.00.1263.000; Mon, 18 Sep 2017 20:24:49 -0400 From: "Carlos Pignataro (cpignata)" To: Kathleen Moriarty CC: "sfc@ietf.org" Thread-Topic: [sfc] Early review draft-ietf-sfc-nsh Thread-Index: AQHTMLsSqoZIGRErdkS+KbebYim9zKK7nP2A Date: Tue, 19 Sep 2017 00:24:49 +0000 Message-ID: References: In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-exchange-messagesentrepresentingtype: 1 x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [10.118.116.133] Content-Type: text/plain; charset="utf-8" Content-ID: Content-Transfer-Encoding: base64 MIME-Version: 1.0 Archived-At: Subject: Re: [sfc] Early review draft-ietf-sfc-nsh X-BeenThere: sfc@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Network Service Chaining List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 19 Sep 2017 00:24:53 -0000 VGhhbmsgeW91IEthdGhsZWVuIGZvciB5b3VyIGVhcmx5IHJldmlldyBvZiBkcmFmdC1pZXRmLXNm Yy1uc2ghDQoNClJlYWxseSBhcHByZWNpYXRlIHlvdSB0YWtpbmcgdGhlIHRpbWUsIHNpbmNlIHlv dSB1bmRlcnN0YW5kIHNvbWUgaGlzdG9yaWNhbCBjb250ZXh0Lg0KDQo+IE9uIFNlcCAxOCwgMjAx NywgYXQgNDoxNSBQTSwgS2F0aGxlZW4gTW9yaWFydHkgPEthdGhsZWVuLk1vcmlhcnR5LmlldGZA Z21haWwuY29tPiB3cm90ZToNCj4gDQo+IEhlbGxvLA0KPiANCj4gQXQgQWxpYSdzIHJlcXVlc3Qs IEkgZGlkIGFuIGVhcmx5IHJldmlldyBvZiBkcmFmdC1pZXRmLXNmYy1uc2guDQoNCldlIGFyZSBh bG1vc3QgYXQgb25lIGZvdXJ0aCBvZiB0aGUgSUVTRyBlYXJseS1yZXZpZXdpbmcgdGhpcyBkcmFm dCA6LSkNCg0KPiAgSGVyZQ0KPiBhcmUgc29tZSBpbml0aWFsIGNvbW1lbnRzIGFuZCBJIG1heSBo YXZlIG1vcmUgd2hlbiB0aGUgZHJhZnQgaXMNCj4gcmV2aXNlZCBhbmQgaXMgaW4gZm9yIElFU0cg cmV2aWV3LiAgSSBhcHByZWNpYXRlIHlvdXIgZWZmb3J0cw0KPiBhZGRyZXNzaW5nIHRoZSBjb21t ZW50cyByZWNlaXZlZCB0byBkYXRlLiAgSSBob3BlIHlvdSBmaW5kIHRoZXNlDQo+IHN1Z2dlc3Rp b25zIGFzIGhlbHBmdWwgaW1wcm92ZW1lbnRzIHRvIHRoZSBkb2N1bWVudCBhbmQgY2xhcml0eSBv ZiBOU0gNCj4gc2VjdXJpdHkgY29uY2VybnMuDQo+IA0KPiANCj4gU2VjdGlvbiAxIC0NCj4gDQo+ IFRoZSBpbnRlbmRlZCBzY29wZSBpbiB0aGUgaW50cm9kdWN0aW9uIHNob3VsZCBhbHNvIGluY2x1 ZGUgbWVudGlvbiBvZg0KPiBtdWx0aS10ZW5hbmN5LiAgVGhpcyBjaGFuZ2VzIHRoZSBzZWN1cml0 eSByZXF1aXJlbWVudHMgYW5kIGlzIHZlcnkNCj4gaW1wb3J0YW50IHRvIG5vdGUuDQoNCkpvZWwg YWxyZWFkeSBjb21tZW50ZWQgb24gdGhpcy4gSSBhbSBoYXBweSB0byBhZGQgSW50cm9kdWN0b3J5 IGNvbnRleHQgYnV0IEkgYW0gYWxzbyBub3Qgc3VyZSBvZiB0aGUgcmVsZXZhbmNlLiANCg0KUGVy aGFwcyB0aGUgZWFzaWVzdCBwbGFjZSBpczoNCg0KT0xEOg0KRm9yIGV4YW1wbGUsIGENCiAgIG5l dHdvcmsgYWRtaW5pc3RyYXRpdmUgZG9tYWluIGNhbiBpbmNsdWRlIGEgc2luZ2xlIGRhdGEgY2Vu dGVyLCBvciBhbg0KICAgb3ZlcmxheSBkb21haW4gdXNpbmcgdmlydHVhbCBjb25uZWN0aW9ucyBh bmQgdHVubmVscy4NCg0KTkVXOg0KRm9yIGV4YW1wbGUsIGENCiAgIG5ldHdvcmsgYWRtaW5pc3Ry YXRpdmUgZG9tYWluIGNhbiBpbmNsdWRlIGEgc2luZ2xlIGRhdGEgY2VudGVyLCBhIA0KICAgbXVs dGktdGVuYW5jeSBlbmFibGVkIHZpcnR1YWxpemVkIG5ldHdvcmssIG9yIGFuDQogICBvdmVybGF5 IGRvbWFpbiB1c2luZyB2aXJ0dWFsIGNvbm5lY3Rpb25zIGFuZCB0dW5uZWxzLg0KDQpXaGF0IGRv IHlvdSB0aGluaz8gQ2FuIHlvdSBwcm9wb3NlIHNvbWUgdGV4dHVhbCBzcGVjaWZpY3Mgb3RoZXJ3 aXNlPw0KDQo+IA0KPiBTZWN0aW9uIDEuNCAtDQo+IA0KPiAgIDUuICBUcmFuc3BvcnQgQWdub3N0 aWM6IFRoZSBOU0ggaXMgZW5jYXBzdWxhdGlvbi1pbmRlcGVuZGVudCwgbWVhbmluZw0KPiAgICAg ICBpdCBjYW4gYmUgdHJhbnNwb3J0ZWQgYnkgYSB2YXJpZXR5IG9mIHByb3RvY29scy4gIEFuIGFw cHJvcHJpYXRlDQo+ICAgICAgIChmb3IgYSBnaXZlbiBkZXBsb3ltZW50KSBlbmNhcHN1bGF0aW9u IHByb3RvY29sIGNhbiBiZSB1c2VkIHRvDQo+ICAgICAgIGNhcnJ5IE5TSC1lbmNhcHN1bGF0ZWQg dHJhZmZpYy4gIFRoaXMgdHJhbnNwb3J0IG1heSBmb3JtIGFuDQo+ICAgICAgIG92ZXJsYXkgbmV0 d29yayBhbmQgaWYgYW4gZXhpc3Rpbmcgb3ZlcmxheSB0b3BvbG9neSBwcm92aWRlcyB0aGUNCj4g ICAgICAgcmVxdWlyZWQgc2VydmljZSBwYXRoIGNvbm5lY3Rpdml0eSwgdGhhdCBleGlzdGluZyBv dmVybGF5IG1heSBiZQ0KPiAgICAgICB1c2VkLg0KPiANCj4gSXMgdGhlcmUgYSBwcmVmZXJyZWQg dHJhbnNwb3J0IHNvIHlvdSBjb3VsZCBzcGVjaWZ5IGEgcmVjb21tZW5kZWQNCj4gdHJhbnNwb3J0 IHNlY3VyaXR5IHByb3RvY29sPw0KDQpJZiB0aGVyZSB3ZXJlLCBpdCB3b3VsZCBub3QgcmVhbGx5 IGJlIHRyYW5zcG9ydCBhZ25vc3RpYyA6LSkNCg0KQ29uc2VxdWVudGx5Li4uDQoNCj4gDQo+IFNl Y3Rpb24gMiwgM3JkIHNlbnRlbmNlOg0KPiAgIFN1YnNlcXVlbnRseSwgYW4NCj4gICBvdXRlciBl bmNhcHN1bGF0aW9uIGlzIGltcG9zZWQgb24gdGhlIE5TSCwgd2hpY2ggaXMgdXNlZCBmb3IgbmV0 d29yaw0KPiAgIGZvcndhcmRpbmcuDQo+IA0KPiBLbm93aW5nIG1vcmUgYWJvdXQgdGhpcyB3b3Vs ZCBoZWxwIHRvIHVuZGVyc3RhbmQgb3B0aW9ucyBvciBpZiB0aGVyZQ0KPiBpcyBhbm90aGVyIGRy YWZ0IHRoYXQgYWRkcmVzc2VzIHRoaXMgb3V0ZXIgZW5jYXBzdWxhdGlvbiB0aGF0IGlzDQo+IGlt cG9zZWQgYW5kIHRoZSB0cmFuc3BvcnQgc2VjdXJpdHkgcmVxdWlyZW1lbnRzIHRoYXQgZ28gYWxv bmcgd2l0aCBpdC4NCj4gDQo+IFRyYW5zcG9ydCBtYXkgYmUgaG9wIHRvIGhvcCwgYW5kIHRoZXJl IG1pZ2h0IG5vdCBiZSBlbmNyeXB0aW9uIG9mIHRoaXMNCj4gaGVhZGVyIGlmIHRoZSBhcHBsaWNh dGlvbiB1c2VzIGFuIGVuY3J5cHRlZCB0cmFuc3BvcnQgZW5jYXBzdWxhdGVkIGluDQo+IHRoaXMg bGF5ZXIuICBJbiBhbnkgY2FzZSwgaXQgc2VlbXMgaW50ZWdyaXR5IHByb3RlY3Rpb24gaXMgYQ0K PiByZXF1aXJlbWVudCBmb3IgYSBtdWx0aS10ZW5hbnQgZW52aXJvbm1lbnQuICBDb3VsZCB0aGUg Q09TRSBNQUMNCj4gZnVuY3Rpb24gZml0IHRoZSBiaWxsIHNpbmNlIGl0IGlzIGludGVuZGVkIGZv ciBjb25jaXNlIGZvcm1hdHM/DQo+IGh0dHBzOi8vZGF0YXRyYWNrZXIuaWV0Zi5vcmcvZG9jL3Jm YzgxNTINCj4gSk9TRSBwcm9kdWNlZCBhIHNpbWlsYXIgZnVuY3Rpb24gd2l0aCBKU09OLCBidXQg aXQgd291bGQgYmUgc2xpZ2h0bHkgbGFyZ2VyLg0KPiANCg0K4oCmIEkgYW0gdmVyeSBoZXNpdGFu dCB0byBhZGRpbmcgYW55dGhpbmcgdGhhdCBpcyB0cmFuc3BvcnQgZGVwZW5kZW50IGhlcmUuDQoN Cj4gU2VjdGlvbiA3LjE6DQo+IA0KPiBUaGUgZm9sbG93aW5nIHBhcmFncmFwaCBpbXBsaWVzIHRo YXQgYW55dGhpbmcgbGVzcyB0aGFuIGEgNS10dXBsZQ0KPiBpc27igJl0IHVzZWZ1bCBhbmQgdGhh dCB5b3UgaW50ZW5kIHRvIHVzZSB0cmFmZmljIGNvbnRlbnQgd2hlbg0KPiBhdmFpbGFibGUuICBU aGlzIGlzIGNvbmNlcm5pbmcuICBDYW7igJl0IHlvdSB1c2UgYSAyLXR1cGxlPyAgV2hhdCBpZg0K PiBJUHNlYyB0cmFuc3BvcnQgbW9kZSB3ZXJlIGluIHVzZSwgaXMgdGhpcyBzb2x1dGlvbiBkZWFk IGluIHRoZSB3YXRlcj8NCj4gDQo+ICAgUmVnYXJkbGVzcyBvZiB0aGUgc291cmNlLCBtZXRhZGF0 YSByZWZsZWN0cyB0aGUgInJlc3VsdCIgb2YNCj4gICBjbGFzc2lmaWNhdGlvbi4gIFRoZSBncmFu dWxhcml0eSBvZiBjbGFzc2lmaWNhdGlvbiBtYXkgdmFyeS4gIEZvcg0KPiAgIGV4YW1wbGUsIGEg bmV0d29yayBzd2l0Y2gsIGFjdGluZyBhcyBhIGNsYXNzaWZpZXIsIG1pZ2h0IG9ubHkgYmUgYWJs ZQ0KPiAgIHRvIGNsYXNzaWZ5IGJhc2VkIG9uIGEgNS10dXBsZSwgd2hpbGUgYSBzZXJ2aWNlIGZ1 bmN0aW9uIG1heSBiZSBhYmxlDQo+ICAgdG8gaW5zcGVjdCBhcHBsaWNhdGlvbiBpbmZvcm1hdGlv bi4gIFJlZ2FyZGxlc3Mgb2YgZ3JhbnVsYXJpdHksIHRoZQ0KPiAgIGNsYXNzaWZpY2F0aW9uIGlu Zm9ybWF0aW9uIGNhbiBiZSByZXByZXNlbnRlZCBpbiB0aGUgTlNILg0KPiANCj4gSWYgYSAyLXR1 cGxlIGlzIHBvc3NpYmxlLCBjb3VsZCB5b3UgYWRkIHRoYXQgaW4gYXMgYW4gZXhhbXBsZSBpbnN0 ZWFkDQo+IG9mIG9yIGluIGFkZGl0aW9uIHRvIHRoZSA1LXR1cGxlPw0KPiANCg0KR29vZCBwb2lu dCEgQWRkZWQgKGluIGFkZGl0aW9uIHRvKS4NCg0KPiBTZWN0aW9uIDcuMQ0KPiANCj4gVGhpcyB0 ZXh0IGNvbWVzIHRvbyBsYXRlIGluIHRoZSBkcmFmdCBhbmQgSSByZWNvbW1lbmQgbWFraW5nIGEg Y2xlYXINCj4gc3RhdGVtZW50IGluIHRoZSBpbnRyb2R1Y3Rpb24gdGhhdCBzZXNzaW9uIGVuY3J5 cHRpb24gdG8gcHJvdGVjdCB0aGUNCj4gZGF0YSBpbiB0cmFuc2l0IHJlbGllcyBvbiB0aGUgYXBw bGljYXRpb24vc2VydmljZSBzZW5kaW5nL3JlY2VpdmluZw0KPiB0aGUgZGF0YSBhbmQgbm90IHRo ZSBTRkMuICBJIG1hZGUgdGhpcyBwb2ludCBwcmV2aW91c2x5IGFuZCBhbSBnbGFkIHRvDQo+IHNl ZSBzb21lIHRleHQsIGJ1dCB0aGluayBpdCB3b3VsZCBiZSBtdWNoIGJldHRlciB0byBzdGF0ZSB0 aGlzIGVhcmx5DQo+IGluIHRoZSBkcmFmdC4gIFRvdWNoaW5nIHVwb24gcHJvdGVjdGlvbnMgZm9y IGRhdGEgc3RyZWFtcyB2ZXJzdXMgbWV0YQ0KPiBkYXRhIHdvdWxkIGJvdGggYmUgaW1wb3J0YW50 IChsYXllcnMgZm9yIHRyYWZmaWMgYW5kIGFzc29jaWF0ZWQNCj4gcHJvdGVjdGlvbnMpLiAgSWYg aXTigJlzIG1ldGEgZGF0YSwgZG8gdGhleSBuZWVkIHRvIHJlbHkgb24gSVBzZWMgYW5kDQo+IGhh dmluZyBhIDItdHVwbGUgYmUgdGhlIG1pbmltdW0/ICBXaGVuIGlzIHRoYXQgYXBwbGllZD8gIElz IHRoZXJlIG1ldGENCj4gZGF0YSB0aGF0IGNvdWxkIGJlIHNlbnNpdGl2ZSBpZiBUTFMgd2FzIGlu IHBsYWNlIGFuZCBhIDUtdHVwbGUgaXMNCj4gdmlzaWJsZSAocGVyaGFwcyB0aGUgZXhpc3RlbmNl IG9mIGNvbW11bmljYXRpb24gaXMgc2Vuc2l0aXZlKS4gIEFyZQ0KPiB0aGVyZSBvdGhlciBjb25z aWRlcmF0aW9ucyBmb3IgbWV0YWRhdGEgYW5kIGRhdGEgdGhhdCBuZWVkIHRvIGJlDQo+IHN0YXRl ZCB1cCBmcm9udCBhbmQgcHV0IG91dC1vZi1zY29wZSBmb3IgU0ZDPyAgSeKAmW0gYXNraW5nIHRo ZXNlDQo+IHF1ZXN0aW9ucyBhcyBwcm92aWRpbmcgdGhlc2UgYW5zd2VycyBjb3VsZCBzaG93IHRo YXQgdGhlIHJpc2sgaXMNCj4gY29uc3RyYWluZWQuDQo+IA0KPiAgIERlcGVuZGluZyBvbiB0aGUg aW5mb3JtYXRpb24gY2FycmllZCBpbiB0aGUgbWV0YWRhdGEsIGRhdGEgcHJpdmFjeQ0KPiAgIGNv bnNpZGVyYXRpb25zIG1heSBuZWVkIHRvIGJlIGNvbnNpZGVyZWQuICBGb3IgZXhhbXBsZSwgaWYg dGhlDQo+ICAgbWV0YWRhdGEgY29udmV5cyB0ZW5hbnQgaW5mb3JtYXRpb24sIHRoYXQgaW5mb3Jt YXRpb24gbWF5IG5lZWQgdG8gYmUNCj4gICBhdXRoZW50aWNhdGVkIGFuZC9vciBlbmNyeXB0ZWQg YmV0d2VlbiB0aGUgb3JpZ2luYXRvciBhbmQgdGhlDQo+ICAgaW50ZW5kZWQgcmVjaXBpZW50cyAo d2hpY2ggbWF5IGluY2x1ZGUgaW50ZW5kZWQgU0ZzIG9ubHkpLiAgVGhlIE5TSA0KPiAgIGl0c2Vs ZiBkb2VzIG5vdCBwcm92aWRlIHByaXZhY3kgZnVuY3Rpb25zLCByYXRoZXIgaXQgcmVsaWVzIG9u IHRoZQ0KPiAgIHRyYW5zcG9ydC9vdmVybGF5IGxheWVyLiAgQW4gb3BlcmF0b3IgY2FuIHNlbGVj dCB0aGUgYXBwcm9wcmlhdGUNCj4gICB0cmFuc3BvcnQgdG8gZW5zdXJlIGNvbmZpZGVudGlhbGl0 eSAoYW5kIG90aGVyIHNlY3VyaXR5KQ0KPiAgIGNvbnNpZGVyYXRpb25zIGFyZSBtZXQuICBNZXRh ZGF0YSBwcml2YWN5IGFuZCBzZWN1cml0eSBjb25zaWRlcmF0aW9ucw0KPiAgIGFyZSBhIG1hdHRl ciBmb3IgdGhlIGRvY3VtZW50cyB0aGF0IGRlZmluZSBtZXRhZGF0YSBmb3JtYXQuDQo+IA0KDQpJ dCBzZWVtcyBxdWl0ZSBoYXJkIHRvIG1vdmUgb3IgcmVwbGljYXRlIHNvbWUgb2YgdGhlc2UgY29u c2lkZXJhdGlvbnMgZWFybGllciBpbiB0aGUgZG9jdW1lbnQsIHNpbmNlIHRoZXJl4oCZcyBzaWdu aWZpY2FudCBjb250ZXh0IHRoYXQgbmVlZHMgdG8gYmUgdW5kZXJzdG9vZCBvZiB0aGUgTlNIIGJl Zm9yZSBkZXNjcmliaW5nIHRoZW0uIA0KDQpUaGF0IHBhcmFncmFwaCBpcyBub3QgcmVmZXJyaW5n IHRvIHNlc3Npb24vYXBwbGljYXRpb24tbGV2ZWwgZW5jcnlwdGlvbi4NCg0KSSBtYXkgYmUgbWlz dW5kZXJzdGFuZGluZyB0aGUgY29tbWVudCB0aG91Z2guLi4NCg0KPiANCj4gT3RoZXIgY29tbWVu dHM6DQo+IA0KPiBJ4oCZZCBsaWtlIHRvIHNlZTsNCj4gaHR0cHM6Ly90b29scy5pZXRmLm9yZy9o dG1sL2RyYWZ0LW1nbHQtc2ZjLXNlY3VyaXR5LWVudmlyb25tZW50LXJlcS0wMg0KPiBQdWJsaXNo ZWQgYmVmb3JlIHRoaXMgZG9jdW1lbnQgYW5kIHRoZW4gaGF2ZSB0aGF0IGFzIGEgcmVmZXJlbmNl LiAgT25lDQo+IG9mIHRoZSBjb21tZW50cyBJIG1hZGUgcHJldmlvdXNseSB3YXMgdG8gbGlzdCBv dXQgdGhlIGxheWVyaW5nIGFuZA0KPiBwcm90ZWN0aW9ucyBleHBlY3RlZCBvbiBkYXRhIGFuZCBO U0guICBUaGlzIGhhcyBiZWVuIGRvbmUgaW4gdGhlDQo+IHNlY3VyaXR5IGVudmlyb25tZW50IGRy YWZ0LCBzZWN0aW9uIDQgc2hvdWxkIGJlIHJlZmVyZW5jZWQ6DQoNClRoYXQgaW5kaXZpZHVhbCBk cmFmdCBjb25jZXJucyBpdHNlbGYgd2l0aCBjb250cm9sLCBkYXRhLCBhbmQgbWFuYWdlbWVudCBw bGFuZXMgY29uc2lkZXJhdGlvbnMuIEl0IGlzIG11Y2ggYmV5b25kIHRoZSBzY29wZSBvZiB0aGUg TlNILiBJdCBjYW5ub3QgYmUgdW5kZXJzdG9vZCB3aXRob3V0IGNvbnRyb2wtcGxhbmUgYW5kIG1h bmFnZW1lbnQtcGxhbmUsIGFuZCBjb25zZXF1ZW50bHkgc2hvdWxkIGZvbGxvdyAoYW5kIG5vdCBw cmVjZWRlKSB0aG9zZSBkb2N1bWVudHMgYXMgYSB3aG9sZSBjb21wbGV0ZSBTRkMtc2NvcGVkIGRv Y3VtZW50IChhbmQgbm90IE5TSC1zY29wZWQpLg0KDQo+IA0KPiAgIFNlY3Rpb24gNCBwcm92aWRl cyBhbiBvdmVyYWxsIGRlc2NyaXB0aW9uIG9mIHRoZSBTRkMgZW52aXJvbm1lbnQgd2l0aA0KPiAg IHRoZSBpbnRyb2R1Y3Rpb24gb2YgdGhlIGRpZmZlcmVudCBwbGFuZXMgKFNGQyBDb250cm9sIFBs YW5lLCB0aGUgU0ZDDQo+ICAgTWFuYWdlbWVudCBQbGFuZSwgdGhlIFRlbmFudCdzIHVzZXIgUGxh bmUgYW5kIHRoZSBTRkMgRGF0YSBQbGFuZSkuDQo+IA0KPiBUaGlzIGlzIGEgdmVyeSBpbXBvcnRh bnQgcG9pbnQgZm9yIGFueW9uZSByZXZpZXdpbmcgZm9yIHNlY3VyaXR5IGFzDQo+IGFyZSB0aGUg ZW52aXJvbm1lbnQgc2VjdXJpdHkgcmVxdWlyZW1lbnRzLiAgVGhlIHNlY3VyaXR5IGVudmlyb25t ZW50DQo+IHJlcXVpcmVtZW50cyBkcmFmdCBzdGlsbCBuZWVkcyBhIGxpdHRsZSBtb3JlIHdvcmsg ZnJvbSBhIHF1aWNrIHJlYWQsDQo+IGJ1dCBoZWxwcyBhIGxvdC4gIEkgbmVlZCB0byBmaW5pc2gg cmVhZGluZyB0aGUgc2VjdXJpdHkgZW52aXJvbm1lbnQNCj4gZHJhZnQuDQo+IA0KPiAtLSANCj4g DQo+IEJlc3QgcmVnYXJkcywNCj4gS2F0aGxlZW4NCj4gDQoNClRoYW5rcywNCg0K4oCUIENhcmxv cy4NCg0KDQo+IF9fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f DQo+IHNmYyBtYWlsaW5nIGxpc3QNCj4gc2ZjQGlldGYub3JnDQo+IGh0dHBzOi8vd3d3LmlldGYu b3JnL21haWxtYW4vbGlzdGluZm8vc2ZjDQoNCg== From nobody Mon Sep 18 18:38:37 2017 Return-Path: X-Original-To: sfc@ietfa.amsl.com Delivered-To: sfc@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6240513243A for ; Mon, 18 Sep 2017 18:38:36 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -14.52 X-Spam-Level: X-Spam-Status: No, score=-14.52 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OZFVLIKwxI8E for ; Mon, 18 Sep 2017 18:38:34 -0700 (PDT) Received: from rcdn-iport-6.cisco.com (rcdn-iport-6.cisco.com [173.37.86.77]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B79EF132331 for ; Mon, 18 Sep 2017 18:38:34 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=2250; q=dns/txt; s=iport; t=1505785114; x=1506994714; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=Tx/SqKTqyKx8YqaRtidVkuxHwgFeUwZEUTtgCAE+ZlE=; b=ACyp0dxRsBRXaHTkN/673rMaehKoRLVFCrAY1DTBwNiv2uCrEdo1Xgj1 AF0ywxD/UA+4QrKMtjufgHElehr44ijo7u2a3zdCA0NvGTi6c5kh335i4 V2BEYK+daBbFJTNE738gZ/v99KKkfuvZ3P9tD9zhaR3EgRzA0K2+9Ub5b 8=; X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0DaAAC2c8BZ/5xdJa1cGQEBAQEBAQEBA?= =?us-ascii?q?QEBBwEBAQEBg1pkbicHgytDiiCPd4F0liaCEgoYC4UYAhqEMD8YAQIBAQEBAQE?= =?us-ascii?q?BayiFGAEBAQECAQEBChEGEToLBQsCAQYCEgYCAiYCAgIlCxUCDgIEDgWKKwgQi?= =?us-ascii?q?y+dZoIniycBAQEBAQEBAQEBAQEBAQEBAQEBAQEYBYEOgh2CAoFQgWMrC4JyhHi?= =?us-ascii?q?DEy+CMQWYQIhIAodZjHqCE4lohn2VCAIRGQGBOAEfOIENdxVJEgGFBhyBZ3aHC?= =?us-ascii?q?IEPAQEB?= X-IronPort-AV: E=Sophos;i="5.42,415,1500940800"; d="scan'208";a="297091140" Received: from rcdn-core-5.cisco.com ([173.37.93.156]) by rcdn-iport-6.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 19 Sep 2017 01:38:33 +0000 Received: from XCH-RTP-017.cisco.com (xch-rtp-017.cisco.com [64.101.220.157]) by rcdn-core-5.cisco.com (8.14.5/8.14.5) with ESMTP id v8J1cXIM001548 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Tue, 19 Sep 2017 01:38:33 GMT Received: from xch-rtp-020.cisco.com (64.101.220.160) by XCH-RTP-017.cisco.com (64.101.220.157) with Microsoft SMTP Server (TLS) id 15.0.1263.5; Mon, 18 Sep 2017 21:38:32 -0400 Received: from xch-rtp-020.cisco.com ([64.101.220.160]) by XCH-RTP-020.cisco.com ([64.101.220.160]) with mapi id 15.00.1263.000; Mon, 18 Sep 2017 21:38:32 -0400 From: "Carlos Pignataro (cpignata)" To: "Joel M. Halpern" CC: "sfc@ietf.org" Thread-Topic: [sfc] NSH Security Thread-Index: AQHTMNETb7gzxMZm/UGeg4XysbqIhaK7sWoA Date: Tue, 19 Sep 2017 01:38:32 +0000 Message-ID: <48E7F217-5915-40A6-A78B-0ADB5403FAEF@cisco.com> References: <4e3137c3-357c-fdd9-5173-3c488d4f3ae1@joelhalpern.com> In-Reply-To: <4e3137c3-357c-fdd9-5173-3c488d4f3ae1@joelhalpern.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-exchange-messagesentrepresentingtype: 1 x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [10.118.116.133] Content-Type: text/plain; charset="utf-8" Content-ID: <8C9F15858E950645907C99ED0CB32BCD@emea.cisco.com> Content-Transfer-Encoding: base64 MIME-Version: 1.0 Archived-At: Subject: Re: [sfc] NSH Security X-BeenThere: sfc@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Network Service Chaining List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 19 Sep 2017 01:38:36 -0000 SGksIEpvZWwsDQoNCj4gT24gU2VwIDE4LCAyMDE3LCBhdCA2OjUzIFBNLCBKb2VsIE0uIEhhbHBl cm4gPGptaEBqb2VsaGFscGVybi5jb20+IHdyb3RlOg0KPiANCj4gT25lIG9mIHRoZSBBcmVhIERp cmVjdG9ycyBoYXMgc3VnZ2VzdGVkIHRoYXQNCj4gaHR0cHM6Ly90b29scy5pZXRmLm9yZy9odG1s L2RyYWZ0LW1nbHQtc2ZjLXNlY3VyaXR5LWVudmlyb25tZW50LXJlcS0wMg0KPiBtYXkgYmUgbmVj ZXNzYXJ5IGZvciBjb21wbGV0aW9uIG9mIHRoZSBOU0ggd29yay4NCg0KQSBzbWFsbCBjbGFyaWZp Y2F0aW9uLCBhIGJpdCBvZiBhbiBpbXBvcnRhbnQgbnVhbmNlOiBJIHJlYWQgdGhhdCBhIFNlY3Vy aXR5IEFEIHdyb3RlIOKAnEnigJlkIGxpa2UgdG8gc2Vl4oCdIChhIFNlY3VyaXR5IGRvY3VtZW50 IHB1Ymxpc2hlZCBiZWZvcmUpLiBJIGRpZCBub3QgbmVjZXNzYXJ5IHJlYWQgdGhhdCDigJxtYXkg YmUgbmVjZXNzYXJ5IGZvciBjb21wbGV0aW9uIG9mIHRoZSBOU0ggd29ya+KAnS4NCg0KSW4gYW55 IGNhc2UsIG15ICQwLjAyIHNheSB0aGF0IHNmYy1zZWN1cml0eS1lbnZpcm9ubWVudCBkb2N1bWVu dCBpcyBpbXBvcnRhbnQgKmFmdGVyKiBOU0gsIGJlY2F1c2UgaXQgYWxzbyBuZWVkcyBDb250cm9s IFBsYW5lIGFuZCBNYW5hZ2VtZW50IFBsYW5lIGZvciBpdCB0byBtYWtlIHNlbnNlIGFzIGEgbWV0 YS1kb2N1bWVudCwgbm90IGEgbWljcm8tZG9jdW1lbnQuDQoNCj4gV2hpbGUgdGhpcyBpcyBub3Qg YSBmb3JtYWwgY2FsbCBmb3IgYWRvcHRpb24sIEkgd291bGQgbGlrZSB0byBoZWFyIGZyb20gd29y a2luZyBncm91cCBtZW1iZXJzIHdoZXRoZXIgdGhleSBjb25zaWRlciB0aGF0IGRvY3VtZW50IHJl YWR5IGZvciBXRyBhZG9wdGlvbi4NCg0KSSBzdGlsbCBiZWxpZXZlIHRoaXMgaXMgaW1wb3J0YW50 IHdvcmsgYW5kIGluIHJlYWwgZ29vZCBzdGFydGluZyBzaGFwZS4NCg0KVGhpcyBpcyBldmVuIHdo ZW4gdGhlcmUgaXMgbm8gZXhwbGljaXQgZGVsaXZlcmFibGUgaW4gdGhlIFNGQyBjb250cmFjdCAv IGNoYXJ0ZXIuDQoNCkkgc3Ryb25nbHkgYmVsaWV2ZSBpdCBzaG91bGQgbm90IGJlIGEgcHJlLXJl cSAvIE5vcm1hdGl2ZSByZWZlcmVuY2UgdG8gTlNILiBJdCBpcyBhbiBTRkMtc2NvcGVkIGRvYy4N Cg0KVGhlIHNlcXVlbnRpYWxpdHkgb2YgdGhlIGRlbGl2ZXJhYmxlcyBhcHByb3ZlZCBieSB0aGUg SUVTRyBpcyB2ZXJ5IGNsZWFyIG9uIHRoZSBjaGFydGVyOg0KDQoxLiBQcm9ibGVtIFN0YXRlbWVu dDogVGhpcyBkb2N1bWVudCB3aWxsIHByb3ZpZGUgYSBzdW1tYXJ5IG9mIHRoZQ0K4oCmDQoyLiBB cmNoaXRlY3R1cmU6IFRoaXMgZG9jdW1lbnQgd2lsbCBwcm92aWRlIGEgZGVzY3JpcHRpb24gb2Yg dGhlIFNGQw0K4oCmDQozLiBHZW5lcmljIFNGQyBFbmNhcHN1bGF0aW9uOiBUaGlzIGRvY3VtZW50 IHdpbGwgZGVzY3JpYmUgYSBzaW5nbGUNCuKApg0KDQpUaGFua3MsDQoNCkNhcmxvcy4NCg0KPiAN Cj4gVGhhbmsgeW91LA0KPiBKb2VsDQo+IA0KPiBfX19fX19fX19fX19fX19fX19fX19fX19fX19f X19fX19fX19fX19fX19fX19fXw0KPiBzZmMgbWFpbGluZyBsaXN0DQo+IHNmY0BpZXRmLm9yZw0K PiBodHRwczovL3d3dy5pZXRmLm9yZy9tYWlsbWFuL2xpc3RpbmZvL3NmYw0KDQo= From nobody Tue Sep 19 05:57:22 2017 Return-Path: X-Original-To: sfc@ietfa.amsl.com Delivered-To: sfc@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 383DD133074 for ; Tue, 19 Sep 2017 05:57:20 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.138 X-Spam-Level: X-Spam-Status: No, score=-2.138 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.199, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, HTML_OBFUSCATE_05_10=0.26, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Pvuv-OcjMKQt for ; Tue, 19 Sep 2017 05:57:18 -0700 (PDT) Received: from mail-lf0-x22d.google.com (mail-lf0-x22d.google.com [IPv6:2a00:1450:4010:c07::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1C43D132193 for ; Tue, 19 Sep 2017 05:57:18 -0700 (PDT) Received: by mail-lf0-x22d.google.com with SMTP id a18so3572537lfl.13 for ; Tue, 19 Sep 2017 05:57:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=VQBQkshPqFgto7B1e8AqWNOKbWoUgipQfFYq5TfRQQg=; b=NShAx9a0ZrDUO9NVM69myruH2gT6kv78EBH7YroALZjyrqmqUBxEDX7x+x9Mx4T4Fy qRDcOD1/Vl/wGBulXOX+ZxmrxrO6pVtStd+dX6OmTU2cBJxStcQuxZp+GAtXKklFlRbI bH8TijPSKM1jf6bp1r1AQ49B/l8KqbDp7i56GtmICZ+GII9SFA3/hs+yB6YXdH/0tODG Hxvztp/XPFXDz+sE17DQMKtKLa+cJuqzhfF52iIR4dMnvvvnEC29ULovyvhPBobPJ4p0 hGopdnQCdp0sQ0Hs+892Y4K1fOGuBmCrCB8KJ8OCMNpaKA3iGEzScSHviXUhJOw2geHQ 6ZjQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=VQBQkshPqFgto7B1e8AqWNOKbWoUgipQfFYq5TfRQQg=; b=KpgNj/pDKmpK1DPRX+X5S428zI/o8iyft8rk7AuVYk7vK+bEUrkmIIbslkxTb9ngJH 0jqNaEJQqZRoh7nQOMK6UChp4Wjk09ljSfobHpi85hnp1svBBUP5+Pojtj46Yff7zKtq OF1nZaW383KfV8yfqPN7J8DEHM/vPBeL3Od69IsT4odU9M33V/IZodpzvm39LcEVT6u7 KRds5GoEtDkGpnCCJzL02V21HUdAQJ2ILA+ilk2ifuTD3D1SZx/txNg+0uz8ldphpz26 WNklrQIXUplC5iMW4JcXAZi0924MLdJQ60TSwSHz7vii2dUDe61AlT0+59YuTsylRG5p fKkw== X-Gm-Message-State: AHPjjUgen+pud3KJqSJoi0sqHz6A9x543irtEEDCjGJB0c0V1c5AxhrD vDLVPKzRKKIDGlmnibvsHOhwATrLvQJVJzTaPPM= X-Google-Smtp-Source: AOwi7QCm9mHlESfBQjGjTEBNRci7PJp4iKBoHqt/WQaRMzouL+C9s8z+QkIpwnLEY+CiChl8Z9mitgUJ+y77LK1azy8= X-Received: by 10.25.92.201 with SMTP id u70mr570321lfi.215.1505825836247; Tue, 19 Sep 2017 05:57:16 -0700 (PDT) MIME-Version: 1.0 Sender: mglt.ietf@gmail.com Received: by 10.46.97.18 with HTTP; Tue, 19 Sep 2017 05:57:15 -0700 (PDT) In-Reply-To: <4e3137c3-357c-fdd9-5173-3c488d4f3ae1@joelhalpern.com> References: <4e3137c3-357c-fdd9-5173-3c488d4f3ae1@joelhalpern.com> From: Daniel Migault Date: Tue, 19 Sep 2017 08:57:15 -0400 X-Google-Sender-Auth: 9cmQ832lol83d2NbklWH9_d2V9g Message-ID: To: "Joel M. Halpern" Cc: "sfc@ietf.org" Content-Type: multipart/alternative; boundary="94eb2c0e79ea102ec705598a66c1" Archived-At: Subject: Re: [sfc] NSH Security X-BeenThere: sfc@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Network Service Chaining List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 19 Sep 2017 12:57:20 -0000 --94eb2c0e79ea102ec705598a66c1 Content-Type: text/plain; charset="UTF-8" Hi, I believe this document is important and I am volunteering to move it forward with the WG. Yours, Daniel On Mon, Sep 18, 2017 at 6:53 PM, Joel M. Halpern wrote: > One of the Area Directors has suggested that > https://tools.ietf.org/html/draft-mglt-sfc-security-environment-req-02 > may be necessary for completion of the NSH work. > While this is not a formal call for adoption, I would like to hear from > working group members whether they consider that document ready for WG > adoption. > > Thank you, > Joel > > _______________________________________________ > sfc mailing list > sfc@ietf.org > https://www.ietf.org/mailman/listinfo/sfc > --94eb2c0e79ea102ec705598a66c1 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Hi,

I believe this document i= s important and I am volunteering to move it forward with the WG.

<= /div>Yours,
Daniel

On Mon, Sep 18, 2017 at 6:53 PM, Joel M. Halpern <j= mh@joelhalpern.com> wrote:
= One of the Area Directors has suggested that
https://tools.ietf.org/html/dr= aft-mglt-sfc-security-environment-req-02
may be necessary for completion of the NSH work.
While this is not a formal call for adoption, I would like to hear from wor= king group members whether they consider that document ready for WG adoptio= n.

Thank you,
Joel

_______________________________________________
sfc mailing list
sfc@ietf.org
https://www.ietf.org/mailman/listinfo/sfc

--94eb2c0e79ea102ec705598a66c1-- From nobody Tue Sep 19 10:55:13 2017 Return-Path: X-Original-To: sfc@ietfa.amsl.com Delivered-To: sfc@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 89788134296 for ; Tue, 19 Sep 2017 10:55:11 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -14.52 X-Spam-Level: X-Spam-Status: No, score=-14.52 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WCjDQSVdAPNm for ; Tue, 19 Sep 2017 10:55:10 -0700 (PDT) Received: from alln-iport-5.cisco.com (alln-iport-5.cisco.com [173.37.142.92]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E8B4F120720 for ; Tue, 19 Sep 2017 10:55:09 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=1746; q=dns/txt; s=iport; t=1505843709; x=1507053309; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=6b/LmVrai7p6Sta/UoVnwQmSya9G6dxh3GM7+wPOC3Q=; b=ayjj3Q8XEpNosvr0tsTrrwB8qT3uqNFNtZ6hBNjZ0iWIJUamxB5J8w4g 2CiAtKl4AeKFSArlT6XaXAxPDCAAo8m9H6Jz/nJ33Y98x2VP/0O/4MjZP snE8m/8zwFkmMqMgvUeLRv4muiTBHBhQep5+e7admBxiGuUscTzn5TyHF 4=; X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0DWAQCxWcFZ/49dJa1bGQEBAQEBAQEBA?= =?us-ascii?q?QEBBwEBAQEBg1pkbhQTB4MrQ5oXgXSYNgojhRgCGoRBVwECAQEBAQECayiFGAE?= =?us-ascii?q?BAQECAQwXEUUFCwIBBgIYAgImAgICMBUQAgQOBYorCBCMAJ1mgieLIQEBAQEBA?= =?us-ascii?q?QEBAQEBAQEBAQEBAQEBARgFgQ6CHYICgVCCDoJ9hHiDEy+CMQWhDAKHWox6ghO?= =?us-ascii?q?JaIZ/lQoCERkBgTgBV4ENdxVbAYUGHIFndodegQ8BAQE?= X-IronPort-AV: E=Sophos;i="5.42,418,1500940800"; d="scan'208";a="5225294" Received: from rcdn-core-7.cisco.com ([173.37.93.143]) by alln-iport-5.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 19 Sep 2017 17:55:09 +0000 Received: from XCH-RCD-016.cisco.com (xch-rcd-016.cisco.com [173.37.102.26]) by rcdn-core-7.cisco.com (8.14.5/8.14.5) with ESMTP id v8JHt9mW022819 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Tue, 19 Sep 2017 17:55:09 GMT Received: from xch-rcd-008.cisco.com (173.37.102.18) by XCH-RCD-016.cisco.com (173.37.102.26) with Microsoft SMTP Server (TLS) id 15.0.1263.5; Tue, 19 Sep 2017 12:55:08 -0500 Received: from xch-rcd-008.cisco.com ([173.37.102.18]) by XCH-RCD-008.cisco.com ([173.37.102.18]) with mapi id 15.00.1263.000; Tue, 19 Sep 2017 12:55:08 -0500 From: "Paul Quinn (paulq)" To: "Carlos Pignataro (cpignata)" CC: "Joel M. Halpern" , "sfc@ietf.org" Thread-Topic: [sfc] NSH Security Thread-Index: AQHTMNEUeymaeIOG5kC4Ob6UWa5v26K7wjAAgAEQ2IA= Date: Tue, 19 Sep 2017 17:55:08 +0000 Message-ID: <7EC82867-E058-4A06-9F80-BDD17D3E67FE@cisco.com> References: <4e3137c3-357c-fdd9-5173-3c488d4f3ae1@joelhalpern.com> <48E7F217-5915-40A6-A78B-0ADB5403FAEF@cisco.com> In-Reply-To: <48E7F217-5915-40A6-A78B-0ADB5403FAEF@cisco.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-exchange-messagesentrepresentingtype: 1 x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [10.131.118.75] Content-Type: text/plain; charset="utf-8" Content-ID: Content-Transfer-Encoding: base64 MIME-Version: 1.0 Archived-At: Subject: Re: [sfc] NSH Security X-BeenThere: sfc@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Network Service Chaining List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 19 Sep 2017 17:55:11 -0000 Q2FybG9zLCBKb2VsLA0KDQoNCg0KPiBPbiBTZXAgMTgsIDIwMTcsIGF0IDk6MzggUE0sIENhcmxv cyBQaWduYXRhcm8gKGNwaWduYXRhKSA8Y3BpZ25hdGFAY2lzY28uY29tPiB3cm90ZToNCj4gDQo+ IEhpLCBKb2VsLA0KPiANCj4+IE9uIFNlcCAxOCwgMjAxNywgYXQgNjo1MyBQTSwgSm9lbCBNLiBI YWxwZXJuIDxqbWhAam9lbGhhbHBlcm4uY29tPiB3cm90ZToNCj4+IA0KPj4gT25lIG9mIHRoZSBB cmVhIERpcmVjdG9ycyBoYXMgc3VnZ2VzdGVkIHRoYXQNCj4+IGh0dHBzOi8vdG9vbHMuaWV0Zi5v cmcvaHRtbC9kcmFmdC1tZ2x0LXNmYy1zZWN1cml0eS1lbnZpcm9ubWVudC1yZXEtMDINCj4+IG1h eSBiZSBuZWNlc3NhcnkgZm9yIGNvbXBsZXRpb24gb2YgdGhlIE5TSCB3b3JrLg0KPiANCj4gQSBz bWFsbCBjbGFyaWZpY2F0aW9uLCBhIGJpdCBvZiBhbiBpbXBvcnRhbnQgbnVhbmNlOiBJIHJlYWQg dGhhdCBhIFNlY3VyaXR5IEFEIHdyb3RlIOKAnEnigJlkIGxpa2UgdG8gc2Vl4oCdIChhIFNlY3Vy aXR5IGRvY3VtZW50IHB1Ymxpc2hlZCBiZWZvcmUpLiBJIGRpZCBub3QgbmVjZXNzYXJ5IHJlYWQg dGhhdCDigJxtYXkgYmUgbmVjZXNzYXJ5IGZvciBjb21wbGV0aW9uIG9mIHRoZSBOU0ggd29ya+KA nS4NCj4gDQoNClBRPiBJIGFncmVlLCBhIHNlY3VyaXR5IGVudmlyb25tZW50IGRyYWZ0IGlzIG9y dGhvZ29uYWwgdG8gdGhlIHByb3RvY29sIGRyYWZ0IOKAlCBhcyBpcyBoYXMgYmVlbiB0aGUgY2Fz ZSB3aXRoIG1vc3QgKGFsbD8pIGV4aXN0aW5nIHByb3RvY29sIHN0YW5kYXJkcy4gIEFzIGxvbmcg YXMgdGhlIHByb3RvY29sIGNhbiBiZSDigJxzZWN1cmVk4oCdIHRoZW4gdGhlIGRyYWZ0IGlzIGNv bXBsZXRlLg0KDQoNCj4gSW4gYW55IGNhc2UsIG15ICQwLjAyIHNheSB0aGF0IHNmYy1zZWN1cml0 eS1lbnZpcm9ubWVudCBkb2N1bWVudCBpcyBpbXBvcnRhbnQgKmFmdGVyKiBOU0gsIGJlY2F1c2Ug aXQgYWxzbyBuZWVkcyBDb250cm9sIFBsYW5lIGFuZCBNYW5hZ2VtZW50IFBsYW5lIGZvciBpdCB0 byBtYWtlIHNlbnNlIGFzIGEgbWV0YS1kb2N1bWVudCwgbm90IGEgbWljcm8tZG9jdW1lbnQuDQo+ IA0KDQpQUT4gQ29ycmVjdCwgdGhlIHNlY3VyaXR5IGVudmlyb25tZW50IGRyYWZ0IHdvdWxkIGJl IG1vcmUgb2YgYW4gaW5mb3JtYXRpb25hbCBkcmFmdCwgb2ZmZXJpbmcgX3Bvc3NpYmxlXyBndWlk YW5jZSwgYW5kIG11c3QgYWRkcmVzcyB0b3BpY3MgdGhhdCBhcmVu4oCZdCBpbiBOU0ggKGFuZHMg c2hvdWxkIG5vdCBiZSkNCg0KDQo= From nobody Tue Sep 19 11:08:17 2017 Return-Path: X-Original-To: sfc@ietfa.amsl.com Delivered-To: sfc@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9B9411342D6 for ; Tue, 19 Sep 2017 11:08:15 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.7 X-Spam-Level: X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=joelhalpern.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wJlhjRBZ-y7T for ; Tue, 19 Sep 2017 11:08:14 -0700 (PDT) Received: from mailb2.tigertech.net (mailb2.tigertech.net [208.80.4.154]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 51E431342CF for ; Tue, 19 Sep 2017 11:08:14 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by mailb2.tigertech.net (Postfix) with ESMTP id 31988429324; Tue, 19 Sep 2017 11:08:14 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=joelhalpern.com; s=1.tigertech; t=1505844494; bh=NlKXWcRmppAq+QkrTK4a1xnjxqhTmqR63D+R86+JwTI=; h=Subject:To:Cc:References:From:Date:In-Reply-To:From; b=p9oAoxHHWZmbWkQX+RaMAW0Dt8DLz1bP6DW3QlzTFHXj+tmmyciX2/QNX+UYhGKwM E37YlIFwVGiZqz3/pxelTqT7I21PHTM7EbYDijuDhQdByhymDdsnvGtC519RC69y/r BDlnSKPycF/2w5YmfEqzrbzb70VkFWNQB1tqZl1w= X-Virus-Scanned: Debian amavisd-new at b2.tigertech.net Received: from Joels-MacBook-Pro.local (unknown [50.225.209.67]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mailb2.tigertech.net (Postfix) with ESMTPSA id 9117A4292D9; Tue, 19 Sep 2017 11:08:13 -0700 (PDT) To: "Paul Quinn (paulq)" , "Carlos Pignataro (cpignata)" Cc: "sfc@ietf.org" References: <4e3137c3-357c-fdd9-5173-3c488d4f3ae1@joelhalpern.com> <48E7F217-5915-40A6-A78B-0ADB5403FAEF@cisco.com> <7EC82867-E058-4A06-9F80-BDD17D3E67FE@cisco.com> From: "Joel M. Halpern" Message-ID: Date: Tue, 19 Sep 2017 14:08:12 -0400 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:52.0) Gecko/20100101 Thunderbird/52.3.0 MIME-Version: 1.0 In-Reply-To: <7EC82867-E058-4A06-9F80-BDD17D3E67FE@cisco.com> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 8bit Archived-At: Subject: Re: [sfc] NSH Security X-BeenThere: sfc@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Network Service Chaining List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 19 Sep 2017 18:08:15 -0000 That is my preference. I am trying to find out how Alia reads Kathleen's note in this regard. Yours, Joel On 9/19/17 1:55 PM, Paul Quinn (paulq) wrote: > Carlos, Joel, > > > >> On Sep 18, 2017, at 9:38 PM, Carlos Pignataro (cpignata) wrote: >> >> Hi, Joel, >> >>> On Sep 18, 2017, at 6:53 PM, Joel M. Halpern wrote: >>> >>> One of the Area Directors has suggested that >>> https://tools.ietf.org/html/draft-mglt-sfc-security-environment-req-02 >>> may be necessary for completion of the NSH work. >> >> A small clarification, a bit of an important nuance: I read that a Security AD wrote “I’d like to see” (a Security document published before). I did not necessary read that “may be necessary for completion of the NSH work”. >> > > PQ> I agree, a security environment draft is orthogonal to the protocol draft — as is has been the case with most (all?) existing protocol standards. As long as the protocol can be “secured” then the draft is complete. > > >> In any case, my $0.02 say that sfc-security-environment document is important *after* NSH, because it also needs Control Plane and Management Plane for it to make sense as a meta-document, not a micro-document. >> > > PQ> Correct, the security environment draft would be more of an informational draft, offering _possible_ guidance, and must address topics that aren’t in NSH (ands should not be) > > From nobody Tue Sep 19 11:14:10 2017 Return-Path: X-Original-To: sfc@ietfa.amsl.com Delivered-To: sfc@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1D7CB134296 for ; Tue, 19 Sep 2017 11:14:08 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2 X-Spam-Level: X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=lucidvision.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 00NMUHFWgz78 for ; Tue, 19 Sep 2017 11:14:05 -0700 (PDT) Received: from lucidvision.com (lucidab1.miniserver.com [78.31.106.147]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 712FE1342B9 for ; Tue, 19 Sep 2017 11:14:05 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lucidvision.com; s=default; t=1505844804; bh=yS5eUHWKtNdvCNRVIDMiTKdFtBDicIIzQzem+4UrTiw=; h=Subject:From:In-Reply-To:Date:Cc:References:To; b=q2eVrXIAkZKD02xpdufC3F7ydOe70fyUA/LFDd4oy40vFCoBncRw7Sr1bR/FaYTc6 TIZD+oJsZEmlWzIIS5l/N3BYGdNqioJqOPGJ/q9Ji0Ux0XlGw9bJ244cxCgupGw/lP 4qF6q4np5kuJMQAffCwE4iHvgBagzlvPgGK/j9nM= X-Default-Received-SPF: pass (skip=loggedin (res=PASS)) x-ip-name=50.255.148.181; Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\)) From: Thomas Nadeau In-Reply-To: Date: Tue, 19 Sep 2017 14:13:59 -0400 Cc: Kathleen Moriarty , "sfc@ietf.org" Content-Transfer-Encoding: quoted-printable Message-Id: References: To: "Joel M. Halpern" X-Mailer: Apple Mail (2.3273) X-Authenticated-User: tnadeau@lucidvision.com X-Info: aspam skipped due to (g_smite_skip_relay) X-Encryption: SSL encrypted X-MyRbl: Color=White (rbl) Age=0 Spam=0 Notspam=0 Stars=0 Good=0 Friend=0 Surbl=0 Catch=0 r=0 ip=50.255.148.181 X-IP-stats: Notspam Incoming Last 0, First 858, in=6757, out=0, spam=0 Known=true ip=50.255.148.181 Archived-At: Subject: Re: [sfc] Early review draft-ietf-sfc-nsh X-BeenThere: sfc@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Network Service Chaining List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 19 Sep 2017 18:14:08 -0000 Joel: > On Sep 18, 2017, at 7:03 PM, Joel M. Halpern = wrote: >=20 > Let me answer a couple fo the easy questions, and ask one somewhat = more complex one: >=20 > The easy one is that this work is, per charter, completely agnostic on = transports. It does not have a preferred transport. In order to reduce = contention about appearing to prefer some transports, examples of = specific transport approaches were removed from the draft. >=20 > As I result, I am not sure what we can say about your comment on = Section 2, 3rd sentence. We are not placing any security requirements = on the transports. (There have been drafts on transport proposals. The = Ethernet proposals did not call for 802.1x. The MPLS proposals did not = add any security to MPLS.) TOM: I was thinking precisely the same thing when I scanned over the = initial request. The MPLS protocol documents are structured exactly that way, so I see no need to require them here as NSH is very = much analogous to the way MPLS functions. With that said, I am not saying security is unimportant or useful for NSH, just = that its orthogonal to this context. > You refer to multi-tenancy. There seem to be at least two different = meanings for multi-tenancy in this context. > The most common usage of the term is when the service function = chaining is used by an operator to provide services to a number of = tenants (many subscribers, residential, corporate, whatever.) That does = not seem to lead to any security requirements. > Another meaning is where a tenant is using a data center for hosting = their own service function chaining either for their own traffic or for = traffic for their customers. The tenant presumably needs to use = appropriate mechanisms to provide appropriate confidentiality and = integrity protection for tehir traffic, as they judge relevant to = isolate themselves from the seller of the service. That does not seem = to require any additional NSH text, as it is a general data center = tenancy issue. >=20 > So can you please elaborate on what multi-tenancy case you are = interested in, and what issues you feel NSH needs to address? TOM: I agree with you again; I do not see how this applies to NSH any = more than it did to MPLS. =E2=80=94Tom >=20 > Yours, > Joel >=20 > On 9/18/17 4:15 PM, Kathleen Moriarty wrote: >> Hello, >> At Alia's request, I did an early review of draft-ietf-sfc-nsh. Here >> are some initial comments and I may have more when the draft is >> revised and is in for IESG review. I appreciate your efforts >> addressing the comments received to date. I hope you find these >> suggestions as helpful improvements to the document and clarity of = NSH >> security concerns. >> Section 1 - >> The intended scope in the introduction should also include mention of >> multi-tenancy. This changes the security requirements and is very >> important to note. >> Section 1.4 - >> 5. Transport Agnostic: The NSH is encapsulation-independent, = meaning >> it can be transported by a variety of protocols. An = appropriate >> (for a given deployment) encapsulation protocol can be used to >> carry NSH-encapsulated traffic. This transport may form an >> overlay network and if an existing overlay topology provides = the >> required service path connectivity, that existing overlay may = be >> used. >> Is there a preferred transport so you could specify a recommended >> transport security protocol? >> Section 2, 3rd sentence: >> Subsequently, an >> outer encapsulation is imposed on the NSH, which is used for = network >> forwarding. >> Knowing more about this would help to understand options or if there >> is another draft that addresses this outer encapsulation that is >> imposed and the transport security requirements that go along with = it. >> Transport may be hop to hop, and there might not be encryption of = this >> header if the application uses an encrypted transport encapsulated in >> this layer. In any case, it seems integrity protection is a >> requirement for a multi-tenant environment. Could the COSE MAC >> function fit the bill since it is intended for concise formats? >> https://datatracker.ietf.org/doc/rfc8152 >> JOSE produced a similar function with JSON, but it would be slightly = larger. >> Section 7.1: >> The following paragraph implies that anything less than a 5-tuple >> isn=E2=80=99t useful and that you intend to use traffic content when >> available. This is concerning. Can=E2=80=99t you use a 2-tuple? = What if >> IPsec transport mode were in use, is this solution dead in the water? >> Regardless of the source, metadata reflects the "result" of >> classification. The granularity of classification may vary. For >> example, a network switch, acting as a classifier, might only be = able >> to classify based on a 5-tuple, while a service function may be = able >> to inspect application information. Regardless of granularity, = the >> classification information can be represented in the NSH. >> If a 2-tuple is possible, could you add that in as an example instead >> of or in addition to the 5-tuple? >> Section 7.1 >> This text comes too late in the draft and I recommend making a clear >> statement in the introduction that session encryption to protect the >> data in transit relies on the application/service sending/receiving >> the data and not the SFC. I made this point previously and am glad = to >> see some text, but think it would be much better to state this early >> in the draft. Touching upon protections for data streams versus meta >> data would both be important (layers for traffic and associated >> protections). If it=E2=80=99s meta data, do they need to rely on = IPsec and >> having a 2-tuple be the minimum? When is that applied? Is there = meta >> data that could be sensitive if TLS was in place and a 5-tuple is >> visible (perhaps the existence of communication is sensitive). Are >> there other considerations for metadata and data that need to be >> stated up front and put out-of-scope for SFC? I=E2=80=99m asking = these >> questions as providing these answers could show that the risk is >> constrained. >> Depending on the information carried in the metadata, data privacy >> considerations may need to be considered. For example, if the >> metadata conveys tenant information, that information may need to = be >> authenticated and/or encrypted between the originator and the >> intended recipients (which may include intended SFs only). The = NSH >> itself does not provide privacy functions, rather it relies on the >> transport/overlay layer. An operator can select the appropriate >> transport to ensure confidentiality (and other security) >> considerations are met. Metadata privacy and security = considerations >> are a matter for the documents that define metadata format. >> Other comments: >> I=E2=80=99d like to see; >> = https://tools.ietf.org/html/draft-mglt-sfc-security-environment-req-02 >> Published before this document and then have that as a reference. = One >> of the comments I made previously was to list out the layering and >> protections expected on data and NSH. This has been done in the >> security environment draft, section 4 should be referenced: >> Section 4 provides an overall description of the SFC environment = with >> the introduction of the different planes (SFC Control Plane, the = SFC >> Management Plane, the Tenant's user Plane and the SFC Data Plane). >> This is a very important point for anyone reviewing for security as >> are the environment security requirements. The security environment >> requirements draft still needs a little more work from a quick read, >> but helps a lot. I need to finish reading the security environment >> draft. >=20 > _______________________________________________ > sfc mailing list > sfc@ietf.org > https://www.ietf.org/mailman/listinfo/sfc From nobody Tue Sep 19 12:22:37 2017 Return-Path: X-Original-To: sfc@ietfa.amsl.com Delivered-To: sfc@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 980C1134372 for ; Tue, 19 Sep 2017 12:22:35 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -14.52 X-Spam-Level: X-Spam-Status: No, score=-14.52 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tRMfioOmWmzu for ; Tue, 19 Sep 2017 12:22:33 -0700 (PDT) Received: from alln-iport-1.cisco.com (alln-iport-1.cisco.com [173.37.142.88]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 37633134373 for ; Tue, 19 Sep 2017 12:22:33 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=9878; q=dns/txt; s=iport; t=1505848953; x=1507058553; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=RS1IxvQDLCjxyQJPBwHu+V4fefN+jOrW3YUynZlfeq8=; b=CnibNKG9waazkNhXgdFyhYQaSJUrLT4SPbwsDlZrkglLXYUPAwrWgcKP 7TjYcrhmzc99068pGSPSUL75SpWmGBsIVnVinRbznSFPxwdWVRu8Pp2sO /zXROY3PH/GH1aGajq0mT4CzqFPll8MWxZ8KGmWxDzrQMgCALnzkhXgRN E=; X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0CeAQAJbcFZ/4wNJK1bGQEBAQEBAQEBA?= =?us-ascii?q?QEBBwEBAQEBg1pkbicHg26aF4F0iDyNd4IEChgLhRgCGoRBVwECAQEBAQECayi?= =?us-ascii?q?FGAEBAQECAQEBIREzBwsFCwIBCBgCAiYCAgIfBgsVEAIEDgUbigADDQgQqRqCJ?= =?us-ascii?q?4czDYNfAQEBAQEBAQEBAQEBAQEBAQEBAQEBGAWBDoIdgWIggVGBZCuBcIENglm?= =?us-ascii?q?BZiSDKy+CMQWgUDwCh1qIA4R3ghOFaoN+hn+MXIguAhEZAYE4AVdBTHcVSRIBh?= =?us-ascii?q?QYcgWd2AYdqgQ8BAQE?= X-IronPort-AV: E=Sophos;i="5.42,418,1500940800"; d="scan'208";a="5802299" Received: from alln-core-7.cisco.com ([173.36.13.140]) by alln-iport-1.cisco.com with ESMTP/TLS/DHE-RSA-AES256-SHA; 19 Sep 2017 19:22:32 +0000 Received: from XCH-RCD-009.cisco.com (xch-rcd-009.cisco.com [173.37.102.19]) by alln-core-7.cisco.com (8.14.5/8.14.5) with ESMTP id v8JJMW2O001617 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Tue, 19 Sep 2017 19:22:32 GMT Received: from xch-rcd-008.cisco.com (173.37.102.18) by XCH-RCD-009.cisco.com (173.37.102.19) with Microsoft SMTP Server (TLS) id 15.0.1263.5; Tue, 19 Sep 2017 14:22:31 -0500 Received: from xch-rcd-008.cisco.com ([173.37.102.18]) by XCH-RCD-008.cisco.com ([173.37.102.18]) with mapi id 15.00.1263.000; Tue, 19 Sep 2017 14:22:31 -0500 From: "Paul Quinn (paulq)" To: Kathleen Moriarty CC: "sfc@ietf.org" Thread-Topic: [sfc] Early review draft-ietf-sfc-nsh Thread-Index: AQHTMLsRWOQON9LPHUyXQ7hYLiGdGqK8652A Date: Tue, 19 Sep 2017 19:22:31 +0000 Message-ID: References: In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-exchange-messagesentrepresentingtype: 1 x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [10.131.118.75] Content-Type: text/plain; charset="utf-8" Content-ID: <97A877DCA80D9E4DB175596DD5A2FFBD@emea.cisco.com> Content-Transfer-Encoding: base64 MIME-Version: 1.0 Archived-At: Subject: Re: [sfc] Early review draft-ietf-sfc-nsh X-BeenThere: sfc@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Network Service Chaining List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 19 Sep 2017 19:22:36 -0000 SGksDQoNClRoYW5rIHlvdSBmb3IgdGhlIHJldmlldy4gIFBsZWFzZSBzZWUgc29tZSBjb21tZW50 cyBpbmxpbmUgYmVsb3cuDQoNClBhdWwNCg0KPiBPbiBTZXAgMTgsIDIwMTcsIGF0IDQ6MTUgUE0s IEthdGhsZWVuIE1vcmlhcnR5IDxrYXRobGVlbi5tb3JpYXJ0eS5pZXRmQGdtYWlsLmNvbT4gd3Jv dGU6DQo+IA0KPiBIZWxsbywNCj4gDQo+IEF0IEFsaWEncyByZXF1ZXN0LCBJIGRpZCBhbiBlYXJs eSByZXZpZXcgb2YgZHJhZnQtaWV0Zi1zZmMtbnNoLiAgSGVyZQ0KPiBhcmUgc29tZSBpbml0aWFs IGNvbW1lbnRzIGFuZCBJIG1heSBoYXZlIG1vcmUgd2hlbiB0aGUgZHJhZnQgaXMNCj4gcmV2aXNl ZCBhbmQgaXMgaW4gZm9yIElFU0cgcmV2aWV3LiAgSSBhcHByZWNpYXRlIHlvdXIgZWZmb3J0cw0K PiBhZGRyZXNzaW5nIHRoZSBjb21tZW50cyByZWNlaXZlZCB0byBkYXRlLiAgSSBob3BlIHlvdSBm aW5kIHRoZXNlDQo+IHN1Z2dlc3Rpb25zIGFzIGhlbHBmdWwgaW1wcm92ZW1lbnRzIHRvIHRoZSBk b2N1bWVudCBhbmQgY2xhcml0eSBvZiBOU0gNCj4gc2VjdXJpdHkgY29uY2VybnMuDQo+IA0KPiAN Cj4gU2VjdGlvbiAxIC0NCj4gDQo+IFRoZSBpbnRlbmRlZCBzY29wZSBpbiB0aGUgaW50cm9kdWN0 aW9uIHNob3VsZCBhbHNvIGluY2x1ZGUgbWVudGlvbiBvZg0KPiBtdWx0aS10ZW5hbmN5LiAgVGhp cyBjaGFuZ2VzIHRoZSBzZWN1cml0eSByZXF1aXJlbWVudHMgYW5kIGlzIHZlcnkNCj4gaW1wb3J0 YW50IHRvIG5vdGUuDQo+IA0KPiBTZWN0aW9uIDEuNCAtDQo+IA0KPiAgIDUuICBUcmFuc3BvcnQg QWdub3N0aWM6IFRoZSBOU0ggaXMgZW5jYXBzdWxhdGlvbi1pbmRlcGVuZGVudCwgbWVhbmluZw0K PiAgICAgICBpdCBjYW4gYmUgdHJhbnNwb3J0ZWQgYnkgYSB2YXJpZXR5IG9mIHByb3RvY29scy4g IEFuIGFwcHJvcHJpYXRlDQo+ICAgICAgIChmb3IgYSBnaXZlbiBkZXBsb3ltZW50KSBlbmNhcHN1 bGF0aW9uIHByb3RvY29sIGNhbiBiZSB1c2VkIHRvDQo+ICAgICAgIGNhcnJ5IE5TSC1lbmNhcHN1 bGF0ZWQgdHJhZmZpYy4gIFRoaXMgdHJhbnNwb3J0IG1heSBmb3JtIGFuDQo+ICAgICAgIG92ZXJs YXkgbmV0d29yayBhbmQgaWYgYW4gZXhpc3Rpbmcgb3ZlcmxheSB0b3BvbG9neSBwcm92aWRlcyB0 aGUNCj4gICAgICAgcmVxdWlyZWQgc2VydmljZSBwYXRoIGNvbm5lY3Rpdml0eSwgdGhhdCBleGlz dGluZyBvdmVybGF5IG1heSBiZQ0KPiAgICAgICB1c2VkLg0KPiANCj4gSXMgdGhlcmUgYSBwcmVm ZXJyZWQgdHJhbnNwb3J0IHNvIHlvdSBjb3VsZCBzcGVjaWZ5IGEgcmVjb21tZW5kZWQNCj4gdHJh bnNwb3J0IHNlY3VyaXR5IHByb3RvY29sPw0KDQpQUT4gVGhlcmUgaXMgbm90LiAgSW4gZmFjdCBh dCB0aGUgQUTigJlzIHJlcXVlc3Qgc2FtcGxlIHRyYW5zcG9ydHMgd2VyZSByZW1vdmVkIHRvIGVu c3VyZSB0aGF0IHRoZXJlIHdhcyBubyBpbXBsaWVkIHByZWZlcmVuY2UuICBUaGVyZWZvcmUsIGFu IG9wZXJhdG9yIGNhbiBzZWxlY3QgdGhlaXIgcHJlZmVycmVkIHRyYW5zcG9ydHMsIGluY2x1ZGlu ZyDigJQgYXMgcGVyIHRoZSBzZWN1cml0eSBjb25zaWRlcmF0aW9ucyBzZWN0aW9uIOKAlCBvbmVz IHRoYXQgcHJvdmlkZSBlbmNyeXB0aW9uLg0KDQo+IA0KPiBTZWN0aW9uIDIsIDNyZCBzZW50ZW5j ZToNCj4gICBTdWJzZXF1ZW50bHksIGFuDQo+ICAgb3V0ZXIgZW5jYXBzdWxhdGlvbiBpcyBpbXBv c2VkIG9uIHRoZSBOU0gsIHdoaWNoIGlzIHVzZWQgZm9yIG5ldHdvcmsNCj4gICBmb3J3YXJkaW5n Lg0KPiANCj4gS25vd2luZyBtb3JlIGFib3V0IHRoaXMgd291bGQgaGVscCB0byB1bmRlcnN0YW5k IG9wdGlvbnMgb3IgaWYgdGhlcmUNCj4gaXMgYW5vdGhlciBkcmFmdCB0aGF0IGFkZHJlc3NlcyB0 aGlzIG91dGVyIGVuY2Fwc3VsYXRpb24gdGhhdCBpcw0KPiBpbXBvc2VkIGFuZCB0aGUgdHJhbnNw b3J0IHNlY3VyaXR5IHJlcXVpcmVtZW50cyB0aGF0IGdvIGFsb25nIHdpdGggaXQuDQo+IA0KDQpQ UT4gU2luY2UgTlNIIGRlZmluZXMgbm8gcHJlZmVycmVkIHRyYW5zcG9ydChzKSwgdGhlIHNlY3Vy aXR5IG9mIHRoZSBzZWxlY3RlZCB0cmFuc3BvcnQgaXMgbGVmdCB0byB0aGUgdHJhbnNwb3J0IHN0 YW5kYXJkLiAgIFNvLCBmb3IgZXhhbXBsZSwgaWYgYW4gb3BlcmF0b3IgZWxlY3RzIHRvIHVzZSB0 aGUgTlZPMyBkZWZpbmVkIHByb3RvY29sLCB0aGVuIHRoZSBvcGVyYXRvciBoYXMgZXhwbGljaXRs eSBzZWxlY3RlZCB0aGF0IG92ZXJsYXkuICANCg0KDQo+IFRyYW5zcG9ydCBtYXkgYmUgaG9wIHRv IGhvcCwgYW5kIHRoZXJlIG1pZ2h0IG5vdCBiZSBlbmNyeXB0aW9uIG9mIHRoaXMNCj4gaGVhZGVy IGlmIHRoZSBhcHBsaWNhdGlvbiB1c2VzIGFuIGVuY3J5cHRlZCB0cmFuc3BvcnQgZW5jYXBzdWxh dGVkIGluDQo+IHRoaXMgbGF5ZXIuICBJbiBhbnkgY2FzZSwgaXQgc2VlbXMgaW50ZWdyaXR5IHBy b3RlY3Rpb24gaXMgYQ0KPiByZXF1aXJlbWVudCBmb3IgYSBtdWx0aS10ZW5hbnQgZW52aXJvbm1l bnQuICBDb3VsZCB0aGUgQ09TRSBNQUMNCj4gZnVuY3Rpb24gZml0IHRoZSBiaWxsIHNpbmNlIGl0 IGlzIGludGVuZGVkIGZvciBjb25jaXNlIGZvcm1hdHM/DQo+IGh0dHBzOi8vZGF0YXRyYWNrZXIu aWV0Zi5vcmcvZG9jL3JmYzgxNTINCj4gSk9TRSBwcm9kdWNlZCBhIHNpbWlsYXIgZnVuY3Rpb24g d2l0aCBKU09OLCBidXQgaXQgd291bGQgYmUgc2xpZ2h0bHkgbGFyZ2VyLg0KPiANCj4gU2VjdGlv biA3LjE6DQo+IA0KPiBUaGUgZm9sbG93aW5nIHBhcmFncmFwaCBpbXBsaWVzIHRoYXQgYW55dGhp bmcgbGVzcyB0aGFuIGEgNS10dXBsZQ0KPiBpc27igJl0IHVzZWZ1bCBhbmQgdGhhdCB5b3UgaW50 ZW5kIHRvIHVzZSB0cmFmZmljIGNvbnRlbnQgd2hlbg0KPiBhdmFpbGFibGUuICBUaGlzIGlzIGNv bmNlcm5pbmcuICBDYW7igJl0IHlvdSB1c2UgYSAyLXR1cGxlPyAgV2hhdCBpZg0KPiBJUHNlYyB0 cmFuc3BvcnQgbW9kZSB3ZXJlIGluIHVzZSwgaXMgdGhpcyBzb2x1dGlvbiBkZWFkIGluIHRoZSB3 YXRlcj8NCj4gDQo+ICAgUmVnYXJkbGVzcyBvZiB0aGUgc291cmNlLCBtZXRhZGF0YSByZWZsZWN0 cyB0aGUgInJlc3VsdCIgb2YNCj4gICBjbGFzc2lmaWNhdGlvbi4gIFRoZSBncmFudWxhcml0eSBv ZiBjbGFzc2lmaWNhdGlvbiBtYXkgdmFyeS4gIEZvcg0KPiAgIGV4YW1wbGUsIGEgbmV0d29yayBz d2l0Y2gsIGFjdGluZyBhcyBhIGNsYXNzaWZpZXIsIG1pZ2h0IG9ubHkgYmUgYWJsZQ0KPiAgIHRv IGNsYXNzaWZ5IGJhc2VkIG9uIGEgNS10dXBsZSwgd2hpbGUgYSBzZXJ2aWNlIGZ1bmN0aW9uIG1h eSBiZSBhYmxlDQo+ICAgdG8gaW5zcGVjdCBhcHBsaWNhdGlvbiBpbmZvcm1hdGlvbi4gIFJlZ2Fy ZGxlc3Mgb2YgZ3JhbnVsYXJpdHksIHRoZQ0KPiAgIGNsYXNzaWZpY2F0aW9uIGluZm9ybWF0aW9u IGNhbiBiZSByZXByZXNlbnRlZCBpbiB0aGUgTlNILg0KPiANCj4gSWYgYSAyLXR1cGxlIGlzIHBv c3NpYmxlLCBjb3VsZCB5b3UgYWRkIHRoYXQgaW4gYXMgYW4gZXhhbXBsZSBpbnN0ZWFkDQo+IG9m IG9yIGluIGFkZGl0aW9uIHRvIHRoZSA1LXR1cGxlPw0KDQpQUT4gIFRoZSA1LXR1cGxlIHdhcyB1 c2VkIG9ubHkgYXMgYW4gZXhhbXBsZSB0aGF0IGlzIGNvbW1vbmx5IHVuZGVyc3Rvb2QgaW4gdGhl IGNvbnRleHQgb2YgbmV0d29yayBkZXZpY2UgY2xhc3NpZmljYXRpb24uICBUaGUgc2VudGVuY2U6 ICJUaGUgZ3JhbnVsYXJpdHkgb2YgY2xhc3NpZmljYXRpb24gbWF5IHZhcnku4oCdIGFkZHJlc3Nl cyAyLCAzLCA0LCBuLXR1cGxlIGNsYXNzaWZpY2F0aW9uLiAgRnVydGhlciwgdGhhdCBwb2ludCBp cyByZWluZm9yY2VkOiDigJxSZWdhcmRsZXNzIG9mIGdyYW51bGFyaXR5LCB0aGUgY2xhc3NpZmlj YXRpb24gaW5mb3JtYXRpb24gY2FuIGJlIHJlcHJlc2VudGVkIGluIHRoZSBOU0guIg0KDQoNCg0K PiANCj4gU2VjdGlvbiA3LjENCj4gDQo+IFRoaXMgdGV4dCBjb21lcyB0b28gbGF0ZSBpbiB0aGUg ZHJhZnQgYW5kIEkgcmVjb21tZW5kIG1ha2luZyBhIGNsZWFyDQo+IHN0YXRlbWVudCBpbiB0aGUg aW50cm9kdWN0aW9uIHRoYXQgc2Vzc2lvbiBlbmNyeXB0aW9uIHRvIHByb3RlY3QgdGhlDQo+IGRh dGEgaW4gdHJhbnNpdCByZWxpZXMgb24gdGhlIGFwcGxpY2F0aW9uL3NlcnZpY2Ugc2VuZGluZy9y ZWNlaXZpbmcNCj4gdGhlIGRhdGEgYW5kIG5vdCB0aGUgU0ZDLiAgSSBtYWRlIHRoaXMgcG9pbnQg cHJldmlvdXNseSBhbmQgYW0gZ2xhZCB0bw0KPiBzZWUgc29tZSB0ZXh0LCBidXQgdGhpbmsgaXQg d291bGQgYmUgbXVjaCBiZXR0ZXIgdG8gc3RhdGUgdGhpcyBlYXJseQ0KPiBpbiB0aGUgZHJhZnQu ICBUb3VjaGluZyB1cG9uIHByb3RlY3Rpb25zIGZvciBkYXRhIHN0cmVhbXMgdmVyc3VzIG1ldGEN Cj4gZGF0YSB3b3VsZCBib3RoIGJlIGltcG9ydGFudCAobGF5ZXJzIGZvciB0cmFmZmljIGFuZCBh c3NvY2lhdGVkDQo+IHByb3RlY3Rpb25zKS4gIElmIGl04oCZcyBtZXRhIGRhdGEsIGRvIHRoZXkg bmVlZCB0byByZWx5IG9uIElQc2VjIGFuZA0KPiBoYXZpbmcgYSAyLXR1cGxlIGJlIHRoZSBtaW5p bXVtPyAgV2hlbiBpcyB0aGF0IGFwcGxpZWQ/ICBJcyB0aGVyZSBtZXRhDQo+IGRhdGEgdGhhdCBj b3VsZCBiZSBzZW5zaXRpdmUgaWYgVExTIHdhcyBpbiBwbGFjZSBhbmQgYSA1LXR1cGxlIGlzDQo+ IHZpc2libGUgKHBlcmhhcHMgdGhlIGV4aXN0ZW5jZSBvZiBjb21tdW5pY2F0aW9uIGlzIHNlbnNp dGl2ZSkuICBBcmUNCj4gdGhlcmUgb3RoZXIgY29uc2lkZXJhdGlvbnMgZm9yIG1ldGFkYXRhIGFu ZCBkYXRhIHRoYXQgbmVlZCB0byBiZQ0KPiBzdGF0ZWQgdXAgZnJvbnQgYW5kIHB1dCBvdXQtb2Yt c2NvcGUgZm9yIFNGQz8gIEnigJltIGFza2luZyB0aGVzZQ0KPiBxdWVzdGlvbnMgYXMgcHJvdmlk aW5nIHRoZXNlIGFuc3dlcnMgY291bGQgc2hvdyB0aGF0IHRoZSByaXNrIGlzDQo+IGNvbnN0cmFp bmVkLg0KPiANCj4gICBEZXBlbmRpbmcgb24gdGhlIGluZm9ybWF0aW9uIGNhcnJpZWQgaW4gdGhl IG1ldGFkYXRhLCBkYXRhIHByaXZhY3kNCj4gICBjb25zaWRlcmF0aW9ucyBtYXkgbmVlZCB0byBi ZSBjb25zaWRlcmVkLiAgRm9yIGV4YW1wbGUsIGlmIHRoZQ0KPiAgIG1ldGFkYXRhIGNvbnZleXMg dGVuYW50IGluZm9ybWF0aW9uLCB0aGF0IGluZm9ybWF0aW9uIG1heSBuZWVkIHRvIGJlDQo+ICAg YXV0aGVudGljYXRlZCBhbmQvb3IgZW5jcnlwdGVkIGJldHdlZW4gdGhlIG9yaWdpbmF0b3IgYW5k IHRoZQ0KPiAgIGludGVuZGVkIHJlY2lwaWVudHMgKHdoaWNoIG1heSBpbmNsdWRlIGludGVuZGVk IFNGcyBvbmx5KS4gIFRoZSBOU0gNCj4gICBpdHNlbGYgZG9lcyBub3QgcHJvdmlkZSBwcml2YWN5 IGZ1bmN0aW9ucywgcmF0aGVyIGl0IHJlbGllcyBvbiB0aGUNCj4gICB0cmFuc3BvcnQvb3Zlcmxh eSBsYXllci4gIEFuIG9wZXJhdG9yIGNhbiBzZWxlY3QgdGhlIGFwcHJvcHJpYXRlDQo+ICAgdHJh bnNwb3J0IHRvIGVuc3VyZSBjb25maWRlbnRpYWxpdHkgKGFuZCBvdGhlciBzZWN1cml0eSkNCj4g ICBjb25zaWRlcmF0aW9ucyBhcmUgbWV0LiAgTWV0YWRhdGEgcHJpdmFjeSBhbmQgc2VjdXJpdHkg Y29uc2lkZXJhdGlvbnMNCj4gICBhcmUgYSBtYXR0ZXIgZm9yIHRoZSBkb2N1bWVudHMgdGhhdCBk ZWZpbmUgbWV0YWRhdGEgZm9ybWF0Lg0KPiANCj4gDQoNClBRPiAgQXJlIHlvdSBzdWdnZXN0aW5n IHRoYXQgYXBwbGljYXRpb24gbGF5ZXIgY29uZmlkZW50aWFsbHkgYmUgYWRkcmVzc2VkIGluIHRo aXMgZHJhZnQ/ICAgTlNIIOKAnHBsYXlzIG5pY2VseeKAnSB3aXRoIHN0YW5kYXJkIGVuY3J5cHRp b24gdHJhbnNwb3J0cywgdGhlcmVmb3JlIGFsbG93aW5nIG9wZXJhdG9ycyB0byDigJxzZWN1cmXi gJ0gdGhlIHBhdGguICBHb2luZyB1cCB0aGUgc3RhY2sgZnJvbSB0aGF0IHNlZW1zIHRvIGJlIG91 dHNpZGUgdGhlIHNjb3BlIG9mIE5TSCBhbmQgaW5jb25zaXN0ZW50IHdpdGggb3RoZXIgcHJvdG9j b2wgcmVxdWlyZW1lbnRzLiANCg0KDQo+IE90aGVyIGNvbW1lbnRzOg0KPiANCj4gSeKAmWQgbGlr ZSB0byBzZWU7DQo+IGh0dHBzOi8vdG9vbHMuaWV0Zi5vcmcvaHRtbC9kcmFmdC1tZ2x0LXNmYy1z ZWN1cml0eS1lbnZpcm9ubWVudC1yZXEtMDINCj4gUHVibGlzaGVkIGJlZm9yZSB0aGlzIGRvY3Vt ZW50IGFuZCB0aGVuIGhhdmUgdGhhdCBhcyBhIHJlZmVyZW5jZS4gIE9uZQ0KPiBvZiB0aGUgY29t bWVudHMgSSBtYWRlIHByZXZpb3VzbHkgd2FzIHRvIGxpc3Qgb3V0IHRoZSBsYXllcmluZyBhbmQN Cj4gcHJvdGVjdGlvbnMgZXhwZWN0ZWQgb24gZGF0YSBhbmQgTlNILiAgVGhpcyBoYXMgYmVlbiBk b25lIGluIHRoZQ0KPiBzZWN1cml0eSBlbnZpcm9ubWVudCBkcmFmdCwgc2VjdGlvbiA0IHNob3Vs ZCBiZSByZWZlcmVuY2VkOg0KPiANCj4gICBTZWN0aW9uIDQgcHJvdmlkZXMgYW4gb3ZlcmFsbCBk ZXNjcmlwdGlvbiBvZiB0aGUgU0ZDIGVudmlyb25tZW50IHdpdGgNCj4gICB0aGUgaW50cm9kdWN0 aW9uIG9mIHRoZSBkaWZmZXJlbnQgcGxhbmVzIChTRkMgQ29udHJvbCBQbGFuZSwgdGhlIFNGQw0K PiAgIE1hbmFnZW1lbnQgUGxhbmUsIHRoZSBUZW5hbnQncyB1c2VyIFBsYW5lIGFuZCB0aGUgU0ZD IERhdGEgUGxhbmUpLg0KPiANCg0KDQpQUT4gIEFzIEkgbWVudGlvbmVkIG9uIGFub3RoZXIgdGhy ZWFkOiBhIHNlY3VyZSBlbnZpcm9ubWVudCBkcmFmdCBpcyBub3QgcmVsYXRlZCB0byBOU0ggcGVy IHNlLg0KDQoNCg0KDQo+IFRoaXMgaXMgYSB2ZXJ5IGltcG9ydGFudCBwb2ludCBmb3IgYW55b25l IHJldmlld2luZyBmb3Igc2VjdXJpdHkgYXMNCj4gYXJlIHRoZSBlbnZpcm9ubWVudCBzZWN1cml0 eSByZXF1aXJlbWVudHMuICBUaGUgc2VjdXJpdHkgZW52aXJvbm1lbnQNCj4gcmVxdWlyZW1lbnRz IGRyYWZ0IHN0aWxsIG5lZWRzIGEgbGl0dGxlIG1vcmUgd29yayBmcm9tIGEgcXVpY2sgcmVhZCwN Cj4gYnV0IGhlbHBzIGEgbG90LiAgSSBuZWVkIHRvIGZpbmlzaCByZWFkaW5nIHRoZSBzZWN1cml0 eSBlbnZpcm9ubWVudA0KPiBkcmFmdC4NCj4gDQo+IC0tIA0KPiANCj4gQmVzdCByZWdhcmRzLA0K PiBLYXRobGVlbg0KPiANCj4gX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f X19fX19fX18NCj4gc2ZjIG1haWxpbmcgbGlzdA0KPiBzZmNAaWV0Zi5vcmcNCj4gaHR0cHM6Ly93 d3cuaWV0Zi5vcmcvbWFpbG1hbi9saXN0aW5mby9zZmMNCg0K From nobody Tue Sep 19 12:39:16 2017 Return-Path: X-Original-To: sfc@ietfa.amsl.com Delivered-To: sfc@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 027DF134390 for ; Tue, 19 Sep 2017 12:39:15 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.999 X-Spam-Level: X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kh09Iujk4oI8 for ; Tue, 19 Sep 2017 12:39:12 -0700 (PDT) Received: from mail-pg0-x22d.google.com (mail-pg0-x22d.google.com [IPv6:2607:f8b0:400e:c05::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 89801134395 for ; Tue, 19 Sep 2017 12:39:12 -0700 (PDT) Received: by mail-pg0-x22d.google.com with SMTP id d8so380448pgt.4 for ; Tue, 19 Sep 2017 12:39:12 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=ymp8H87nGG+MImwbRCTRTegTIeV+4Ke/mE95ufjFtE4=; b=lV9FQ0ZlcPFYpxSFtAdxZxi1xH/TkAFm3Tg95gmrDjQedcNgg95BzygAMwBhyM+zwo 2yBUBbkMGInTEPNjqi8H2xOViyTuN/gTURYN1TYQ/HTcM/i39oucayqgqQHcybfLvkih q1aDMrH0fyQ6YUkQZzJA/6hhhFqVdPYDtfUoTaYT3SIKBiDk1GLUAYod29KsSeALQDNy r9i/TlXiDbRJlMwBNI/JECD5HlNSIcQZemHanUvcNc5hrGM6QEZrOI6W3IMkI/fNfaed kOxGQ8Klp6xiyHKteP2fBPufAQarA9MCKCJJNVuVi4REh/WlgAsZ7OlfJh49BXczX3Kw kY4A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=ymp8H87nGG+MImwbRCTRTegTIeV+4Ke/mE95ufjFtE4=; b=ji+pKZORcKmNvsg8n4Uq4BpjMAQwtWUciUQio31a59wAyfq3Gq3BvT2ik6OxJSVX3y HK9HE6+lbDihdJzgM4qhbfuQ7kozvpJZRHjcfAxBltuP250HKKVW6RjVFzN6Ocn8qVBX vhEuKzQGXEKCMarF2F6IT9SbCUb9Qo5/Ca4OHtXyEtD7QLtUm5Zq7tVtw1k15Q+QVVcV 0wV+/mGsYiLV16u2wSjuFOdURXQ1APypxWrdcxMZ8imT2IAtq5RBY/SIdOpT6/KAEzFB 5+Kd0ZaaOyhgDYKmXtAhNfN/mP2F/tk5d+XYm0HFlxG4J/kM7mi/pK1maDFIdDwXUr9B CRhg== X-Gm-Message-State: AHPjjUhQmxBn1VhkqGfUc4K/Dwf8zl61T05atgKCTrgzmxgbQXdAGnzW 20FvIspws8ZhPxA+2l6IxYruIHJoI/JtQAHQAEQ= X-Google-Smtp-Source: AOwi7QAx9qOkU7QFGl+BCWfdg4mA5Auhrpswltxvo2SLJor+HZk7Au3aKihirRT8kQI04MQ12copwopNQ28/+gnULe0= X-Received: by 10.98.68.206 with SMTP id m75mr2312630pfi.163.1505849951987; Tue, 19 Sep 2017 12:39:11 -0700 (PDT) MIME-Version: 1.0 Received: by 10.100.144.1 with HTTP; Tue, 19 Sep 2017 12:38:31 -0700 (PDT) In-Reply-To: References: From: Kathleen Moriarty Date: Tue, 19 Sep 2017 15:38:31 -0400 Message-ID: To: "Paul Quinn (paulq)" Cc: "sfc@ietf.org" Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Archived-At: Subject: Re: [sfc] Early review draft-ietf-sfc-nsh X-BeenThere: sfc@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Network Service Chaining List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 19 Sep 2017 19:39:15 -0000 Thanks for the responses. I'm going to top post as I thin the main point of my review is that the layering needs to be specifically stated to clearly scope the problem space for NSH security considerations. The draft as-written is not clear and as a result, security reviews are very difficult. I think if you laid this out nicely and clearly showed where transport security is addressed at another layer (out-of-scope), it would go a long way. Although the draft improved a bit from the previous version, I think a careful review and edit pass would do a lot of good, specifically around clarity of the problem space and solution. The questions I asked were a result of lack of clarity in the draft. Thanks, Kathleen On Tue, Sep 19, 2017 at 3:22 PM, Paul Quinn (paulq) wrote= : > Hi, > > Thank you for the review. Please see some comments inline below. > > Paul > >> On Sep 18, 2017, at 4:15 PM, Kathleen Moriarty wrote: >> >> Hello, >> >> At Alia's request, I did an early review of draft-ietf-sfc-nsh. Here >> are some initial comments and I may have more when the draft is >> revised and is in for IESG review. I appreciate your efforts >> addressing the comments received to date. I hope you find these >> suggestions as helpful improvements to the document and clarity of NSH >> security concerns. >> >> >> Section 1 - >> >> The intended scope in the introduction should also include mention of >> multi-tenancy. This changes the security requirements and is very >> important to note. >> >> Section 1.4 - >> >> 5. Transport Agnostic: The NSH is encapsulation-independent, meaning >> it can be transported by a variety of protocols. An appropriate >> (for a given deployment) encapsulation protocol can be used to >> carry NSH-encapsulated traffic. This transport may form an >> overlay network and if an existing overlay topology provides the >> required service path connectivity, that existing overlay may be >> used. >> >> Is there a preferred transport so you could specify a recommended >> transport security protocol? > > PQ> There is not. In fact at the AD=E2=80=99s request sample transports = were removed to ensure that there was no implied preference. Therefore, an= operator can select their preferred transports, including =E2=80=94 as per= the security considerations section =E2=80=94 ones that provide encryption= . > >> >> Section 2, 3rd sentence: >> Subsequently, an >> outer encapsulation is imposed on the NSH, which is used for network >> forwarding. >> >> Knowing more about this would help to understand options or if there >> is another draft that addresses this outer encapsulation that is >> imposed and the transport security requirements that go along with it. >> > > PQ> Since NSH defines no preferred transport(s), the security of the sele= cted transport is left to the transport standard. So, for example, if an = operator elects to use the NVO3 defined protocol, then the operator has exp= licitly selected that overlay. > > >> Transport may be hop to hop, and there might not be encryption of this >> header if the application uses an encrypted transport encapsulated in >> this layer. In any case, it seems integrity protection is a >> requirement for a multi-tenant environment. Could the COSE MAC >> function fit the bill since it is intended for concise formats? >> https://datatracker.ietf.org/doc/rfc8152 >> JOSE produced a similar function with JSON, but it would be slightly lar= ger. >> >> Section 7.1: >> >> The following paragraph implies that anything less than a 5-tuple >> isn=E2=80=99t useful and that you intend to use traffic content when >> available. This is concerning. Can=E2=80=99t you use a 2-tuple? What = if >> IPsec transport mode were in use, is this solution dead in the water? >> >> Regardless of the source, metadata reflects the "result" of >> classification. The granularity of classification may vary. For >> example, a network switch, acting as a classifier, might only be able >> to classify based on a 5-tuple, while a service function may be able >> to inspect application information. Regardless of granularity, the >> classification information can be represented in the NSH. >> >> If a 2-tuple is possible, could you add that in as an example instead >> of or in addition to the 5-tuple? > > PQ> The 5-tuple was used only as an example that is commonly understood = in the context of network device classification. The sentence: "The granul= arity of classification may vary.=E2=80=9D addresses 2, 3, 4, n-tuple class= ification. Further, that point is reinforced: =E2=80=9CRegardless of granu= larity, the classification information can be represented in the NSH." > > > >> >> Section 7.1 >> >> This text comes too late in the draft and I recommend making a clear >> statement in the introduction that session encryption to protect the >> data in transit relies on the application/service sending/receiving >> the data and not the SFC. I made this point previously and am glad to >> see some text, but think it would be much better to state this early >> in the draft. Touching upon protections for data streams versus meta >> data would both be important (layers for traffic and associated >> protections). If it=E2=80=99s meta data, do they need to rely on IPsec = and >> having a 2-tuple be the minimum? When is that applied? Is there meta >> data that could be sensitive if TLS was in place and a 5-tuple is >> visible (perhaps the existence of communication is sensitive). Are >> there other considerations for metadata and data that need to be >> stated up front and put out-of-scope for SFC? I=E2=80=99m asking these >> questions as providing these answers could show that the risk is >> constrained. >> >> Depending on the information carried in the metadata, data privacy >> considerations may need to be considered. For example, if the >> metadata conveys tenant information, that information may need to be >> authenticated and/or encrypted between the originator and the >> intended recipients (which may include intended SFs only). The NSH >> itself does not provide privacy functions, rather it relies on the >> transport/overlay layer. An operator can select the appropriate >> transport to ensure confidentiality (and other security) >> considerations are met. Metadata privacy and security considerations >> are a matter for the documents that define metadata format. >> >> > > PQ> Are you suggesting that application layer confidentially be addresse= d in this draft? NSH =E2=80=9Cplays nicely=E2=80=9D with standard encrypt= ion transports, therefore allowing operators to =E2=80=9Csecure=E2=80=9D th= e path. Going up the stack from that seems to be outside the scope of NSH = and inconsistent with other protocol requirements. > > >> Other comments: >> >> I=E2=80=99d like to see; >> https://tools.ietf.org/html/draft-mglt-sfc-security-environment-req-02 >> Published before this document and then have that as a reference. One >> of the comments I made previously was to list out the layering and >> protections expected on data and NSH. This has been done in the >> security environment draft, section 4 should be referenced: >> >> Section 4 provides an overall description of the SFC environment with >> the introduction of the different planes (SFC Control Plane, the SFC >> Management Plane, the Tenant's user Plane and the SFC Data Plane). >> > > > PQ> As I mentioned on another thread: a secure environment draft is not = related to NSH per se. > > > > >> This is a very important point for anyone reviewing for security as >> are the environment security requirements. The security environment >> requirements draft still needs a little more work from a quick read, >> but helps a lot. I need to finish reading the security environment >> draft. >> >> -- >> >> Best regards, >> Kathleen >> >> _______________________________________________ >> sfc mailing list >> sfc@ietf.org >> https://www.ietf.org/mailman/listinfo/sfc > --=20 Best regards, Kathleen From nobody Tue Sep 19 13:53:32 2017 Return-Path: X-Original-To: sfc@ietfa.amsl.com Delivered-To: sfc@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3AAD0132403 for ; Tue, 19 Sep 2017 13:53:31 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -14.519 X-Spam-Level: X-Spam-Status: No, score=-14.519 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id icvVcWQJWAcm for ; Tue, 19 Sep 2017 13:53:28 -0700 (PDT) Received: from alln-iport-2.cisco.com (alln-iport-2.cisco.com [173.37.142.89]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D46B81321A4 for ; Tue, 19 Sep 2017 13:53:27 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=33892; q=dns/txt; s=iport; t=1505854407; x=1507064007; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=L1IovFK5hbKAfiFPf9ec0TzFmDMXlLMGKahZvsn7p1I=; b=iM7gmpyBs4kfSdDt1PWS6aOvhFWf0tNbozB4VdA4+iLzYlv2BjfTvfHR vxmqFJZtVXuNPHvijb30N74atYqnEKDVRsXKu7SeBdnDkhgtVkvf3a0Qi 103llBnSgeqOR0OVwkaXO+PLOcL8awK+8p3MF9pLj2fHB1KBBPXyy1DuV Q=; X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0CeAQD0gsFZ/5hdJa1bGQEBAQEBAQEBA?= =?us-ascii?q?QEBBwEBAQEBgy0tZG4nB4NumhaKMI13ggQKGAEKhRgCGoRBVwECAQEBAQECayi?= =?us-ascii?q?FGQIBAwEBIUQHBAcQAgEIOAcDAgICHwYLFBECBA4FG4k0TAMVEKhqgieHMw2DX?= =?us-ascii?q?wEBAQEBAQEBAQEBAQEBAQEBAQEBARgFgyuBYiCBUYFkK4FwgQ2CWYFmJFCCWy+?= =?us-ascii?q?CMQWKDAaOMIgOPAKHWogDhHeCE4Fvg3uDfoZ/jFyILgIRGQGBOAFXQUx3FUkSA?= =?us-ascii?q?YUGHIFndgGHaoEPAQEB?= X-IronPort-AV: E=Sophos;i="5.42,418,1500940800"; d="scan'208,217";a="5843049" Received: from rcdn-core-1.cisco.com ([173.37.93.152]) by alln-iport-2.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 19 Sep 2017 20:53:26 +0000 Received: from XCH-RTP-007.cisco.com (xch-rtp-007.cisco.com [64.101.220.147]) by rcdn-core-1.cisco.com (8.14.5/8.14.5) with ESMTP id v8JKrQXV000614 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Tue, 19 Sep 2017 20:53:26 GMT Received: from xch-rtp-020.cisco.com (64.101.220.160) by XCH-RTP-007.cisco.com (64.101.220.147) with Microsoft SMTP Server (TLS) id 15.0.1263.5; Tue, 19 Sep 2017 16:53:25 -0400 Received: from xch-rtp-020.cisco.com ([64.101.220.160]) by XCH-RTP-020.cisco.com ([64.101.220.160]) with mapi id 15.00.1263.000; Tue, 19 Sep 2017 16:53:25 -0400 From: "Carlos Pignataro (cpignata)" To: Kathleen Moriarty CC: "Paul Quinn (paulq)" , "sfc@ietf.org" Thread-Topic: [sfc] Early review draft-ietf-sfc-nsh Thread-Index: AQHTMLsSqoZIGRErdkS+KbebYim9zKK82t6AgAAEeYCAABTqgA== Date: Tue, 19 Sep 2017 20:53:25 +0000 Message-ID: <6971D34B-DC0E-4C3E-B412-3C2F8FAE5704@cisco.com> References: In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-exchange-messagesentrepresentingtype: 1 x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [10.118.116.133] Content-Type: multipart/alternative; boundary="_000_6971D34BDC0E4C3EB4123C2F8FAE5704ciscocom_" MIME-Version: 1.0 Archived-At: Subject: Re: [sfc] Early review draft-ietf-sfc-nsh X-BeenThere: sfc@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Network Service Chaining List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 19 Sep 2017 20:53:31 -0000 --_000_6971D34BDC0E4C3EB4123C2F8FAE5704ciscocom_ Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 SGksIEthdGhsZWVuLA0KDQpUaGFua3MgZm9yIHRoZSBjbGFyaWZpY2F0aW9uLg0KDQpSZWdhcmRp bmc6DQoNCmlzIHRoYXQgdGhlIGxheWVyaW5nIG5lZWRzIHRvIGJlIHNwZWNpZmljYWxseQ0Kc3Rh dGVkIHRvIGNsZWFybHkNCg0KTGlrZSB0aGlzPw0KaHR0cHM6Ly90b29scy5pZXRmLm9yZy9odG1s L2RyYWZ0LWlldGYtc2ZjLW5zaC0yMSNzZWN0aW9uLTENCg0KICAgICAgICAgICAgICAgICAgICAg Ky0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLSsNCiAgICAgICAgICAgICAgICAgICAgIHwg ICAgVHJhbnNwb3J0IEVuY2Fwc3VsYXRpb24gICB8DQogICAgICAgICAgICAgICAgICAgICArLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tKw0KICAgICAgICAgICAgICAgICAgICAgfCBOZXR3 b3JrIFNlcnZpY2UgSGVhZGVyIChOU0gpIHwNCiAgICAgICAgICAgICAgICAgICAgICstLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0rDQogICAgICAgICAgICAgICAgICAgICB8ICAgIE9yaWdp bmFsIFBhY2tldCAvIEZyYW1lICAgfA0KICAgICAgICAgICAgICAgICAgICAgKy0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLSsNCg0KICAgICAgICAgICAgICBGaWd1cmUgMTogTmV0d29yayBT ZXJ2aWNlIEhlYWRlciBFbmNhcHN1bGF0aW9uDQoNCkkgdGhpbmsgaWYgeW91IGxhaWQgdGhpcyBv dXQNCm5pY2VseSBhbmQgY2xlYXJseSBzaG93ZWQgd2hlcmUgdHJhbnNwb3J0IHNlY3VyaXR5IGlz IGFkZHJlc3NlZCBhdA0KYW5vdGhlciBsYXllciAob3V0LW9mLXNjb3BlKSwgaXQgd291bGQgZ28g YSBsb25nIHdheS4NCg0KSG9wZWZ1bGx5IHRoZSBhYm92ZSAoZXhpc3RpbmcpIGZpZ3VyZSBhbmQg dGV4dCBpcyBjbGVhci4gSW4gdGhhdCBjYXNlOg0KDQpPbmUgaWRlYSBpcyB0byBjYXRlZ29yaXpl IHRoZSBwYXJhZ3JhcGhzIGluIHRoZSBTZWN1cml0eSBDb25zaWRlcmF0aW9ucyB0byBtYWtlIHRo b3NlIHJlbGF0aW9ucyBtb3JlIGNsZWFyLg0KDQrigJQNCkNhcmxvcyBQaWduYXRhcm8uDQoNCg0K T24gU2VwIDE5LCAyMDE3LCBhdCAzOjM4IFBNLCBLYXRobGVlbiBNb3JpYXJ0eSA8S2F0aGxlZW4u TW9yaWFydHkuaWV0ZkBnbWFpbC5jb208bWFpbHRvOkthdGhsZWVuLk1vcmlhcnR5LmlldGZAZ21h aWwuY29tPj4gd3JvdGU6DQoNClRoYW5rcyBmb3IgdGhlIHJlc3BvbnNlcy4gIEknbSBnb2luZyB0 byB0b3AgcG9zdCBhcyBJIHRoaW4gdGhlIG1haW4NCnBvaW50IG9mIG15IHJldmlldyBpcyB0aGF0 IHRoZSBsYXllcmluZyBuZWVkcyB0byBiZSBzcGVjaWZpY2FsbHkNCnN0YXRlZCB0byBjbGVhcmx5 IHNjb3BlIHRoZSBwcm9ibGVtIHNwYWNlIGZvciBOU0ggc2VjdXJpdHkNCmNvbnNpZGVyYXRpb25z LiAgVGhlIGRyYWZ0IGFzLXdyaXR0ZW4gaXMgbm90IGNsZWFyIGFuZCBhcyBhIHJlc3VsdCwNCnNl Y3VyaXR5IHJldmlld3MgYXJlIHZlcnkgZGlmZmljdWx0LiAgSSB0aGluayBpZiB5b3UgbGFpZCB0 aGlzIG91dA0KbmljZWx5IGFuZCBjbGVhcmx5IHNob3dlZCB3aGVyZSB0cmFuc3BvcnQgc2VjdXJp dHkgaXMgYWRkcmVzc2VkIGF0DQphbm90aGVyIGxheWVyIChvdXQtb2Ytc2NvcGUpLCBpdCB3b3Vs ZCBnbyBhIGxvbmcgd2F5LiAgQWx0aG91Z2ggdGhlDQpkcmFmdCBpbXByb3ZlZCBhIGJpdCBmcm9t IHRoZSBwcmV2aW91cyB2ZXJzaW9uLCBJIHRoaW5rIGEgY2FyZWZ1bA0KcmV2aWV3IGFuZCBlZGl0 IHBhc3Mgd291bGQgZG8gYSBsb3Qgb2YgZ29vZCwgc3BlY2lmaWNhbGx5IGFyb3VuZA0KY2xhcml0 eSBvZiB0aGUgcHJvYmxlbSBzcGFjZSBhbmQgc29sdXRpb24uICBUaGUgcXVlc3Rpb25zIEkgYXNr ZWQgd2VyZQ0KYSByZXN1bHQgb2YgbGFjayBvZiBjbGFyaXR5IGluIHRoZSBkcmFmdC4NCg0KVGhh bmtzLA0KS2F0aGxlZW4NCg0KT24gVHVlLCBTZXAgMTksIDIwMTcgYXQgMzoyMiBQTSwgUGF1bCBR dWlubiAocGF1bHEpIDxwYXVscUBjaXNjby5jb208bWFpbHRvOnBhdWxxQGNpc2NvLmNvbT4+IHdy b3RlOg0KSGksDQoNClRoYW5rIHlvdSBmb3IgdGhlIHJldmlldy4gIFBsZWFzZSBzZWUgc29tZSBj b21tZW50cyBpbmxpbmUgYmVsb3cuDQoNClBhdWwNCg0KT24gU2VwIDE4LCAyMDE3LCBhdCA0OjE1 IFBNLCBLYXRobGVlbiBNb3JpYXJ0eSA8a2F0aGxlZW4ubW9yaWFydHkuaWV0ZkBnbWFpbC5jb208 bWFpbHRvOmthdGhsZWVuLm1vcmlhcnR5LmlldGZAZ21haWwuY29tPj4gd3JvdGU6DQoNCkhlbGxv LA0KDQpBdCBBbGlhJ3MgcmVxdWVzdCwgSSBkaWQgYW4gZWFybHkgcmV2aWV3IG9mIGRyYWZ0LWll dGYtc2ZjLW5zaC4gIEhlcmUNCmFyZSBzb21lIGluaXRpYWwgY29tbWVudHMgYW5kIEkgbWF5IGhh dmUgbW9yZSB3aGVuIHRoZSBkcmFmdCBpcw0KcmV2aXNlZCBhbmQgaXMgaW4gZm9yIElFU0cgcmV2 aWV3LiAgSSBhcHByZWNpYXRlIHlvdXIgZWZmb3J0cw0KYWRkcmVzc2luZyB0aGUgY29tbWVudHMg cmVjZWl2ZWQgdG8gZGF0ZS4gIEkgaG9wZSB5b3UgZmluZCB0aGVzZQ0Kc3VnZ2VzdGlvbnMgYXMg aGVscGZ1bCBpbXByb3ZlbWVudHMgdG8gdGhlIGRvY3VtZW50IGFuZCBjbGFyaXR5IG9mIE5TSA0K c2VjdXJpdHkgY29uY2VybnMuDQoNCg0KU2VjdGlvbiAxIC0NCg0KVGhlIGludGVuZGVkIHNjb3Bl IGluIHRoZSBpbnRyb2R1Y3Rpb24gc2hvdWxkIGFsc28gaW5jbHVkZSBtZW50aW9uIG9mDQptdWx0 aS10ZW5hbmN5LiAgVGhpcyBjaGFuZ2VzIHRoZSBzZWN1cml0eSByZXF1aXJlbWVudHMgYW5kIGlz IHZlcnkNCmltcG9ydGFudCB0byBub3RlLg0KDQpTZWN0aW9uIDEuNCAtDQoNCiA1LiAgVHJhbnNw b3J0IEFnbm9zdGljOiBUaGUgTlNIIGlzIGVuY2Fwc3VsYXRpb24taW5kZXBlbmRlbnQsIG1lYW5p bmcNCiAgICAgaXQgY2FuIGJlIHRyYW5zcG9ydGVkIGJ5IGEgdmFyaWV0eSBvZiBwcm90b2NvbHMu ICBBbiBhcHByb3ByaWF0ZQ0KICAgICAoZm9yIGEgZ2l2ZW4gZGVwbG95bWVudCkgZW5jYXBzdWxh dGlvbiBwcm90b2NvbCBjYW4gYmUgdXNlZCB0bw0KICAgICBjYXJyeSBOU0gtZW5jYXBzdWxhdGVk IHRyYWZmaWMuICBUaGlzIHRyYW5zcG9ydCBtYXkgZm9ybSBhbg0KICAgICBvdmVybGF5IG5ldHdv cmsgYW5kIGlmIGFuIGV4aXN0aW5nIG92ZXJsYXkgdG9wb2xvZ3kgcHJvdmlkZXMgdGhlDQogICAg IHJlcXVpcmVkIHNlcnZpY2UgcGF0aCBjb25uZWN0aXZpdHksIHRoYXQgZXhpc3Rpbmcgb3Zlcmxh eSBtYXkgYmUNCiAgICAgdXNlZC4NCg0KSXMgdGhlcmUgYSBwcmVmZXJyZWQgdHJhbnNwb3J0IHNv IHlvdSBjb3VsZCBzcGVjaWZ5IGEgcmVjb21tZW5kZWQNCnRyYW5zcG9ydCBzZWN1cml0eSBwcm90 b2NvbD8NCg0KUFE+IFRoZXJlIGlzIG5vdC4gIEluIGZhY3QgYXQgdGhlIEFE4oCZcyByZXF1ZXN0 IHNhbXBsZSB0cmFuc3BvcnRzIHdlcmUgcmVtb3ZlZCB0byBlbnN1cmUgdGhhdCB0aGVyZSB3YXMg bm8gaW1wbGllZCBwcmVmZXJlbmNlLiAgVGhlcmVmb3JlLCBhbiBvcGVyYXRvciBjYW4gc2VsZWN0 IHRoZWlyIHByZWZlcnJlZCB0cmFuc3BvcnRzLCBpbmNsdWRpbmcg4oCUIGFzIHBlciB0aGUgc2Vj dXJpdHkgY29uc2lkZXJhdGlvbnMgc2VjdGlvbiDigJQgb25lcyB0aGF0IHByb3ZpZGUgZW5jcnlw dGlvbi4NCg0KDQpTZWN0aW9uIDIsIDNyZCBzZW50ZW5jZToNCiBTdWJzZXF1ZW50bHksIGFuDQog b3V0ZXIgZW5jYXBzdWxhdGlvbiBpcyBpbXBvc2VkIG9uIHRoZSBOU0gsIHdoaWNoIGlzIHVzZWQg Zm9yIG5ldHdvcmsNCiBmb3J3YXJkaW5nLg0KDQpLbm93aW5nIG1vcmUgYWJvdXQgdGhpcyB3b3Vs ZCBoZWxwIHRvIHVuZGVyc3RhbmQgb3B0aW9ucyBvciBpZiB0aGVyZQ0KaXMgYW5vdGhlciBkcmFm dCB0aGF0IGFkZHJlc3NlcyB0aGlzIG91dGVyIGVuY2Fwc3VsYXRpb24gdGhhdCBpcw0KaW1wb3Nl ZCBhbmQgdGhlIHRyYW5zcG9ydCBzZWN1cml0eSByZXF1aXJlbWVudHMgdGhhdCBnbyBhbG9uZyB3 aXRoIGl0Lg0KDQoNClBRPiBTaW5jZSBOU0ggZGVmaW5lcyBubyBwcmVmZXJyZWQgdHJhbnNwb3J0 KHMpLCB0aGUgc2VjdXJpdHkgb2YgdGhlIHNlbGVjdGVkIHRyYW5zcG9ydCBpcyBsZWZ0IHRvIHRo ZSB0cmFuc3BvcnQgc3RhbmRhcmQuICAgU28sIGZvciBleGFtcGxlLCBpZiBhbiBvcGVyYXRvciBl bGVjdHMgdG8gdXNlIHRoZSBOVk8zIGRlZmluZWQgcHJvdG9jb2wsIHRoZW4gdGhlIG9wZXJhdG9y IGhhcyBleHBsaWNpdGx5IHNlbGVjdGVkIHRoYXQgb3ZlcmxheS4NCg0KDQpUcmFuc3BvcnQgbWF5 IGJlIGhvcCB0byBob3AsIGFuZCB0aGVyZSBtaWdodCBub3QgYmUgZW5jcnlwdGlvbiBvZiB0aGlz DQpoZWFkZXIgaWYgdGhlIGFwcGxpY2F0aW9uIHVzZXMgYW4gZW5jcnlwdGVkIHRyYW5zcG9ydCBl bmNhcHN1bGF0ZWQgaW4NCnRoaXMgbGF5ZXIuICBJbiBhbnkgY2FzZSwgaXQgc2VlbXMgaW50ZWdy aXR5IHByb3RlY3Rpb24gaXMgYQ0KcmVxdWlyZW1lbnQgZm9yIGEgbXVsdGktdGVuYW50IGVudmly b25tZW50LiAgQ291bGQgdGhlIENPU0UgTUFDDQpmdW5jdGlvbiBmaXQgdGhlIGJpbGwgc2luY2Ug aXQgaXMgaW50ZW5kZWQgZm9yIGNvbmNpc2UgZm9ybWF0cz8NCmh0dHBzOi8vZGF0YXRyYWNrZXIu aWV0Zi5vcmcvZG9jL3JmYzgxNTINCkpPU0UgcHJvZHVjZWQgYSBzaW1pbGFyIGZ1bmN0aW9uIHdp dGggSlNPTiwgYnV0IGl0IHdvdWxkIGJlIHNsaWdodGx5IGxhcmdlci4NCg0KU2VjdGlvbiA3LjE6 DQoNClRoZSBmb2xsb3dpbmcgcGFyYWdyYXBoIGltcGxpZXMgdGhhdCBhbnl0aGluZyBsZXNzIHRo YW4gYSA1LXR1cGxlDQppc27igJl0IHVzZWZ1bCBhbmQgdGhhdCB5b3UgaW50ZW5kIHRvIHVzZSB0 cmFmZmljIGNvbnRlbnQgd2hlbg0KYXZhaWxhYmxlLiAgVGhpcyBpcyBjb25jZXJuaW5nLiAgQ2Fu 4oCZdCB5b3UgdXNlIGEgMi10dXBsZT8gIFdoYXQgaWYNCklQc2VjIHRyYW5zcG9ydCBtb2RlIHdl cmUgaW4gdXNlLCBpcyB0aGlzIHNvbHV0aW9uIGRlYWQgaW4gdGhlIHdhdGVyPw0KDQogUmVnYXJk bGVzcyBvZiB0aGUgc291cmNlLCBtZXRhZGF0YSByZWZsZWN0cyB0aGUgInJlc3VsdCIgb2YNCiBj bGFzc2lmaWNhdGlvbi4gIFRoZSBncmFudWxhcml0eSBvZiBjbGFzc2lmaWNhdGlvbiBtYXkgdmFy eS4gIEZvcg0KIGV4YW1wbGUsIGEgbmV0d29yayBzd2l0Y2gsIGFjdGluZyBhcyBhIGNsYXNzaWZp ZXIsIG1pZ2h0IG9ubHkgYmUgYWJsZQ0KIHRvIGNsYXNzaWZ5IGJhc2VkIG9uIGEgNS10dXBsZSwg d2hpbGUgYSBzZXJ2aWNlIGZ1bmN0aW9uIG1heSBiZSBhYmxlDQogdG8gaW5zcGVjdCBhcHBsaWNh dGlvbiBpbmZvcm1hdGlvbi4gIFJlZ2FyZGxlc3Mgb2YgZ3JhbnVsYXJpdHksIHRoZQ0KIGNsYXNz aWZpY2F0aW9uIGluZm9ybWF0aW9uIGNhbiBiZSByZXByZXNlbnRlZCBpbiB0aGUgTlNILg0KDQpJ ZiBhIDItdHVwbGUgaXMgcG9zc2libGUsIGNvdWxkIHlvdSBhZGQgdGhhdCBpbiBhcyBhbiBleGFt cGxlIGluc3RlYWQNCm9mIG9yIGluIGFkZGl0aW9uIHRvIHRoZSA1LXR1cGxlPw0KDQpQUT4gIFRo ZSA1LXR1cGxlIHdhcyB1c2VkIG9ubHkgYXMgYW4gZXhhbXBsZSB0aGF0IGlzIGNvbW1vbmx5IHVu ZGVyc3Rvb2QgaW4gdGhlIGNvbnRleHQgb2YgbmV0d29yayBkZXZpY2UgY2xhc3NpZmljYXRpb24u ICBUaGUgc2VudGVuY2U6ICJUaGUgZ3JhbnVsYXJpdHkgb2YgY2xhc3NpZmljYXRpb24gbWF5IHZh cnku4oCdIGFkZHJlc3NlcyAyLCAzLCA0LCBuLXR1cGxlIGNsYXNzaWZpY2F0aW9uLiAgRnVydGhl ciwgdGhhdCBwb2ludCBpcyByZWluZm9yY2VkOiDigJxSZWdhcmRsZXNzIG9mIGdyYW51bGFyaXR5 LCB0aGUgY2xhc3NpZmljYXRpb24gaW5mb3JtYXRpb24gY2FuIGJlIHJlcHJlc2VudGVkIGluIHRo ZSBOU0guIg0KDQoNCg0KDQpTZWN0aW9uIDcuMQ0KDQpUaGlzIHRleHQgY29tZXMgdG9vIGxhdGUg aW4gdGhlIGRyYWZ0IGFuZCBJIHJlY29tbWVuZCBtYWtpbmcgYSBjbGVhcg0Kc3RhdGVtZW50IGlu IHRoZSBpbnRyb2R1Y3Rpb24gdGhhdCBzZXNzaW9uIGVuY3J5cHRpb24gdG8gcHJvdGVjdCB0aGUN CmRhdGEgaW4gdHJhbnNpdCByZWxpZXMgb24gdGhlIGFwcGxpY2F0aW9uL3NlcnZpY2Ugc2VuZGlu Zy9yZWNlaXZpbmcNCnRoZSBkYXRhIGFuZCBub3QgdGhlIFNGQy4gIEkgbWFkZSB0aGlzIHBvaW50 IHByZXZpb3VzbHkgYW5kIGFtIGdsYWQgdG8NCnNlZSBzb21lIHRleHQsIGJ1dCB0aGluayBpdCB3 b3VsZCBiZSBtdWNoIGJldHRlciB0byBzdGF0ZSB0aGlzIGVhcmx5DQppbiB0aGUgZHJhZnQuICBU b3VjaGluZyB1cG9uIHByb3RlY3Rpb25zIGZvciBkYXRhIHN0cmVhbXMgdmVyc3VzIG1ldGENCmRh dGEgd291bGQgYm90aCBiZSBpbXBvcnRhbnQgKGxheWVycyBmb3IgdHJhZmZpYyBhbmQgYXNzb2Np YXRlZA0KcHJvdGVjdGlvbnMpLiAgSWYgaXTigJlzIG1ldGEgZGF0YSwgZG8gdGhleSBuZWVkIHRv IHJlbHkgb24gSVBzZWMgYW5kDQpoYXZpbmcgYSAyLXR1cGxlIGJlIHRoZSBtaW5pbXVtPyAgV2hl biBpcyB0aGF0IGFwcGxpZWQ/ICBJcyB0aGVyZSBtZXRhDQpkYXRhIHRoYXQgY291bGQgYmUgc2Vu c2l0aXZlIGlmIFRMUyB3YXMgaW4gcGxhY2UgYW5kIGEgNS10dXBsZSBpcw0KdmlzaWJsZSAocGVy aGFwcyB0aGUgZXhpc3RlbmNlIG9mIGNvbW11bmljYXRpb24gaXMgc2Vuc2l0aXZlKS4gIEFyZQ0K dGhlcmUgb3RoZXIgY29uc2lkZXJhdGlvbnMgZm9yIG1ldGFkYXRhIGFuZCBkYXRhIHRoYXQgbmVl ZCB0byBiZQ0Kc3RhdGVkIHVwIGZyb250IGFuZCBwdXQgb3V0LW9mLXNjb3BlIGZvciBTRkM/ICBJ 4oCZbSBhc2tpbmcgdGhlc2UNCnF1ZXN0aW9ucyBhcyBwcm92aWRpbmcgdGhlc2UgYW5zd2VycyBj b3VsZCBzaG93IHRoYXQgdGhlIHJpc2sgaXMNCmNvbnN0cmFpbmVkLg0KDQogRGVwZW5kaW5nIG9u IHRoZSBpbmZvcm1hdGlvbiBjYXJyaWVkIGluIHRoZSBtZXRhZGF0YSwgZGF0YSBwcml2YWN5DQog Y29uc2lkZXJhdGlvbnMgbWF5IG5lZWQgdG8gYmUgY29uc2lkZXJlZC4gIEZvciBleGFtcGxlLCBp ZiB0aGUNCiBtZXRhZGF0YSBjb252ZXlzIHRlbmFudCBpbmZvcm1hdGlvbiwgdGhhdCBpbmZvcm1h dGlvbiBtYXkgbmVlZCB0byBiZQ0KIGF1dGhlbnRpY2F0ZWQgYW5kL29yIGVuY3J5cHRlZCBiZXR3 ZWVuIHRoZSBvcmlnaW5hdG9yIGFuZCB0aGUNCiBpbnRlbmRlZCByZWNpcGllbnRzICh3aGljaCBt YXkgaW5jbHVkZSBpbnRlbmRlZCBTRnMgb25seSkuICBUaGUgTlNIDQogaXRzZWxmIGRvZXMgbm90 IHByb3ZpZGUgcHJpdmFjeSBmdW5jdGlvbnMsIHJhdGhlciBpdCByZWxpZXMgb24gdGhlDQogdHJh bnNwb3J0L292ZXJsYXkgbGF5ZXIuICBBbiBvcGVyYXRvciBjYW4gc2VsZWN0IHRoZSBhcHByb3By aWF0ZQ0KIHRyYW5zcG9ydCB0byBlbnN1cmUgY29uZmlkZW50aWFsaXR5IChhbmQgb3RoZXIgc2Vj dXJpdHkpDQogY29uc2lkZXJhdGlvbnMgYXJlIG1ldC4gIE1ldGFkYXRhIHByaXZhY3kgYW5kIHNl Y3VyaXR5IGNvbnNpZGVyYXRpb25zDQogYXJlIGEgbWF0dGVyIGZvciB0aGUgZG9jdW1lbnRzIHRo YXQgZGVmaW5lIG1ldGFkYXRhIGZvcm1hdC4NCg0KDQoNClBRPiAgQXJlIHlvdSBzdWdnZXN0aW5n IHRoYXQgYXBwbGljYXRpb24gbGF5ZXIgY29uZmlkZW50aWFsbHkgYmUgYWRkcmVzc2VkIGluIHRo aXMgZHJhZnQ/ICAgTlNIIOKAnHBsYXlzIG5pY2VseeKAnSB3aXRoIHN0YW5kYXJkIGVuY3J5cHRp b24gdHJhbnNwb3J0cywgdGhlcmVmb3JlIGFsbG93aW5nIG9wZXJhdG9ycyB0byDigJxzZWN1cmXi gJ0gdGhlIHBhdGguICBHb2luZyB1cCB0aGUgc3RhY2sgZnJvbSB0aGF0IHNlZW1zIHRvIGJlIG91 dHNpZGUgdGhlIHNjb3BlIG9mIE5TSCBhbmQgaW5jb25zaXN0ZW50IHdpdGggb3RoZXIgcHJvdG9j b2wgcmVxdWlyZW1lbnRzLg0KDQoNCk90aGVyIGNvbW1lbnRzOg0KDQpJ4oCZZCBsaWtlIHRvIHNl ZTsNCmh0dHBzOi8vdG9vbHMuaWV0Zi5vcmcvaHRtbC9kcmFmdC1tZ2x0LXNmYy1zZWN1cml0eS1l bnZpcm9ubWVudC1yZXEtMDINClB1Ymxpc2hlZCBiZWZvcmUgdGhpcyBkb2N1bWVudCBhbmQgdGhl biBoYXZlIHRoYXQgYXMgYSByZWZlcmVuY2UuICBPbmUNCm9mIHRoZSBjb21tZW50cyBJIG1hZGUg cHJldmlvdXNseSB3YXMgdG8gbGlzdCBvdXQgdGhlIGxheWVyaW5nIGFuZA0KcHJvdGVjdGlvbnMg ZXhwZWN0ZWQgb24gZGF0YSBhbmQgTlNILiAgVGhpcyBoYXMgYmVlbiBkb25lIGluIHRoZQ0Kc2Vj dXJpdHkgZW52aXJvbm1lbnQgZHJhZnQsIHNlY3Rpb24gNCBzaG91bGQgYmUgcmVmZXJlbmNlZDoN Cg0KIFNlY3Rpb24gNCBwcm92aWRlcyBhbiBvdmVyYWxsIGRlc2NyaXB0aW9uIG9mIHRoZSBTRkMg ZW52aXJvbm1lbnQgd2l0aA0KIHRoZSBpbnRyb2R1Y3Rpb24gb2YgdGhlIGRpZmZlcmVudCBwbGFu ZXMgKFNGQyBDb250cm9sIFBsYW5lLCB0aGUgU0ZDDQogTWFuYWdlbWVudCBQbGFuZSwgdGhlIFRl bmFudCdzIHVzZXIgUGxhbmUgYW5kIHRoZSBTRkMgRGF0YSBQbGFuZSkuDQoNCg0KDQpQUT4gIEFz IEkgbWVudGlvbmVkIG9uIGFub3RoZXIgdGhyZWFkOiBhIHNlY3VyZSBlbnZpcm9ubWVudCBkcmFm dCBpcyBub3QgcmVsYXRlZCB0byBOU0ggcGVyIHNlLg0KDQoNCg0KDQpUaGlzIGlzIGEgdmVyeSBp bXBvcnRhbnQgcG9pbnQgZm9yIGFueW9uZSByZXZpZXdpbmcgZm9yIHNlY3VyaXR5IGFzDQphcmUg dGhlIGVudmlyb25tZW50IHNlY3VyaXR5IHJlcXVpcmVtZW50cy4gIFRoZSBzZWN1cml0eSBlbnZp cm9ubWVudA0KcmVxdWlyZW1lbnRzIGRyYWZ0IHN0aWxsIG5lZWRzIGEgbGl0dGxlIG1vcmUgd29y ayBmcm9tIGEgcXVpY2sgcmVhZCwNCmJ1dCBoZWxwcyBhIGxvdC4gIEkgbmVlZCB0byBmaW5pc2gg cmVhZGluZyB0aGUgc2VjdXJpdHkgZW52aXJvbm1lbnQNCmRyYWZ0Lg0KDQotLQ0KDQpCZXN0IHJl Z2FyZHMsDQpLYXRobGVlbg0KDQpfX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f X19fX19fX19fXw0Kc2ZjIG1haWxpbmcgbGlzdA0Kc2ZjQGlldGYub3JnPG1haWx0bzpzZmNAaWV0 Zi5vcmc+DQpodHRwczovL3d3dy5pZXRmLm9yZy9tYWlsbWFuL2xpc3RpbmZvL3NmYw0KDQoNCg0K DQotLQ0KDQpCZXN0IHJlZ2FyZHMsDQpLYXRobGVlbg0KDQpfX19fX19fX19fX19fX19fX19fX19f X19fX19fX19fX19fX19fX19fX19fX19fXw0Kc2ZjIG1haWxpbmcgbGlzdA0Kc2ZjQGlldGYub3Jn PG1haWx0bzpzZmNAaWV0Zi5vcmc+DQpodHRwczovL3d3dy5pZXRmLm9yZy9tYWlsbWFuL2xpc3Rp bmZvL3NmYw0KDQo= --_000_6971D34BDC0E4C3EB4123C2F8FAE5704ciscocom_ Content-Type: text/html; charset="utf-8" Content-ID: <38F391893DB3804B91E6087EE7270D79@emea.cisco.com> Content-Transfer-Encoding: base64 PGh0bWw+DQo8aGVhZD4NCjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIgY29udGVudD0i dGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Ij4NCjwvaGVhZD4NCjxib2R5IHN0eWxlPSJ3b3JkLXdy YXA6IGJyZWFrLXdvcmQ7IC13ZWJraXQtbmJzcC1tb2RlOiBzcGFjZTsgLXdlYmtpdC1saW5lLWJy ZWFrOiBhZnRlci13aGl0ZS1zcGFjZTsiIGNsYXNzPSIiPg0KPGRpdiBjbGFzcz0iIj5IaSwgS2F0 aGxlZW4sPC9kaXY+DQo8ZGl2IGNsYXNzPSIiPjxiciBjbGFzcz0iIj4NCjwvZGl2Pg0KPGRpdiBj bGFzcz0iIj5UaGFua3MgZm9yIHRoZSBjbGFyaWZpY2F0aW9uLjwvZGl2Pg0KPGRpdiBjbGFzcz0i Ij48YnIgY2xhc3M9IiI+DQo8L2Rpdj4NCjxkaXYgY2xhc3M9IiI+UmVnYXJkaW5nOjwvZGl2Pg0K PGRpdiBjbGFzcz0iIj48YnIgY2xhc3M9IiI+DQo8L2Rpdj4NCjxkaXYgY2xhc3M9IiI+DQo8Ymxv Y2txdW90ZSB0eXBlPSJjaXRlIiBjbGFzcz0iIj5pcyB0aGF0IHRoZSBsYXllcmluZyBuZWVkcyB0 byBiZSBzcGVjaWZpY2FsbHk8YnIgY2xhc3M9IiI+DQpzdGF0ZWQgdG8gY2xlYXJseTwvYmxvY2tx dW90ZT4NCjwvZGl2Pg0KPGRpdiBjbGFzcz0iIj48YnIgY2xhc3M9IiI+DQo8L2Rpdj4NCjxkaXYg Y2xhc3M9IiI+TGlrZSB0aGlzPzwvZGl2Pg0KPGEgaHJlZj0iaHR0cHM6Ly90b29scy5pZXRmLm9y Zy9odG1sL2RyYWZ0LWlldGYtc2ZjLW5zaC0yMSNzZWN0aW9uLTEiIGNsYXNzPSIiPmh0dHBzOi8v dG9vbHMuaWV0Zi5vcmcvaHRtbC9kcmFmdC1pZXRmLXNmYy1uc2gtMjEjc2VjdGlvbi0xPC9hPg0K PGRpdiBjbGFzcz0iIj48YnIgY2xhc3M9IiI+DQo8L2Rpdj4NCjxkaXYgY2xhc3M9IiI+DQo8ZGl2 IGNsYXNzPSIiPiZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNw OyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsmIzQzOy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLSYjNDM7PC9kaXY+DQo8ZGl2IGNsYXNzPSIiPiZuYnNwOyAmbmJzcDsgJm5ic3A7ICZu YnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDt8ICZu YnNwOyAmbmJzcDtUcmFuc3BvcnQgRW5jYXBzdWxhdGlvbiAmbmJzcDsgfDwvZGl2Pg0KPGRpdiBj bGFzcz0iIj4mbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsg Jm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7JiM0MzstLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0mIzQzOzwvZGl2Pg0KPGRpdiBjbGFzcz0iIj4mbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJz cDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7fCBOZXR3 b3JrIFNlcnZpY2UgSGVhZGVyIChOU0gpIHw8L2Rpdj4NCjxkaXYgY2xhc3M9IiI+Jm5ic3A7ICZu YnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5i c3A7ICZuYnNwOyYjNDM7LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tJiM0Mzs8L2Rpdj4N CjxkaXYgY2xhc3M9IiI+Jm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsg Jm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwO3wgJm5ic3A7ICZuYnNwO09yaWdpbmFs IFBhY2tldCAvIEZyYW1lICZuYnNwOyB8PC9kaXY+DQo8ZGl2IGNsYXNzPSIiPiZuYnNwOyAmbmJz cDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNw OyAmbmJzcDsmIzQzOy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLSYjNDM7PC9kaXY+DQo8 ZGl2IGNsYXNzPSIiPjxiciBjbGFzcz0iIj4NCjwvZGl2Pg0KPGRpdiBjbGFzcz0iIj4mbmJzcDsg Jm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgRmlndXJlIDE6IE5ldHdv cmsgU2VydmljZSBIZWFkZXIgRW5jYXBzdWxhdGlvbjwvZGl2Pg0KPC9kaXY+DQo8ZGl2IGNsYXNz PSIiPjxiciBjbGFzcz0iIj4NCjwvZGl2Pg0KPGRpdiBjbGFzcz0iIj4NCjxibG9ja3F1b3RlIHR5 cGU9ImNpdGUiIGNsYXNzPSIiPkkgdGhpbmsgaWYgeW91IGxhaWQgdGhpcyBvdXQ8YnIgY2xhc3M9 IiI+DQpuaWNlbHkgYW5kIGNsZWFybHkgc2hvd2VkIHdoZXJlIHRyYW5zcG9ydCBzZWN1cml0eSBp cyBhZGRyZXNzZWQgYXQ8YnIgY2xhc3M9IiI+DQphbm90aGVyIGxheWVyIChvdXQtb2Ytc2NvcGUp LCBpdCB3b3VsZCBnbyBhIGxvbmcgd2F5LjwvYmxvY2txdW90ZT4NCjwvZGl2Pg0KPGRpdiBjbGFz cz0iIj48YnIgY2xhc3M9IiI+DQo8L2Rpdj4NCjxkaXYgY2xhc3M9IiI+SG9wZWZ1bGx5IHRoZSBh Ym92ZSAoZXhpc3RpbmcpIGZpZ3VyZSBhbmQgdGV4dCBpcyBjbGVhci4gSW4gdGhhdCBjYXNlOjwv ZGl2Pg0KPGRpdiBjbGFzcz0iIj48YnIgY2xhc3M9IiI+DQo8L2Rpdj4NCjxkaXYgY2xhc3M9IiI+ T25lIGlkZWEgaXMgdG8gY2F0ZWdvcml6ZSB0aGUgcGFyYWdyYXBocyBpbiB0aGUgU2VjdXJpdHkg Q29uc2lkZXJhdGlvbnMgdG8gbWFrZSB0aG9zZSByZWxhdGlvbnMgbW9yZSBjbGVhci48L2Rpdj4N CjxkaXYgY2xhc3M9IiI+PGJyIGNsYXNzPSIiPg0KPGRpdiBjbGFzcz0iIj4NCjxkaXYgc3R5bGU9 ImNvbG9yOiByZ2IoMCwgMCwgMCk7IGxldHRlci1zcGFjaW5nOiBub3JtYWw7IHRleHQtYWxpZ246 IHN0YXJ0OyB0ZXh0LWluZGVudDogMHB4OyB0ZXh0LXRyYW5zZm9ybTogbm9uZTsgd2hpdGUtc3Bh Y2U6IG5vcm1hbDsgd29yZC1zcGFjaW5nOiAwcHg7IC13ZWJraXQtdGV4dC1zdHJva2Utd2lkdGg6 IDBweDsgd29yZC13cmFwOiBicmVhay13b3JkOyAtd2Via2l0LW5ic3AtbW9kZTogc3BhY2U7IC13 ZWJraXQtbGluZS1icmVhazogYWZ0ZXItd2hpdGUtc3BhY2U7IiBjbGFzcz0iIj4NCuKAlDxiciBj bGFzcz0iIj4NCkNhcmxvcyBQaWduYXRhcm8uPC9kaXY+DQo8ZGl2IHN0eWxlPSJjb2xvcjogcmdi KDAsIDAsIDApOyBsZXR0ZXItc3BhY2luZzogbm9ybWFsOyB0ZXh0LWFsaWduOiBzdGFydDsgdGV4 dC1pbmRlbnQ6IDBweDsgdGV4dC10cmFuc2Zvcm06IG5vbmU7IHdoaXRlLXNwYWNlOiBub3JtYWw7 IHdvcmQtc3BhY2luZzogMHB4OyAtd2Via2l0LXRleHQtc3Ryb2tlLXdpZHRoOiAwcHg7IHdvcmQt d3JhcDogYnJlYWstd29yZDsgLXdlYmtpdC1uYnNwLW1vZGU6IHNwYWNlOyAtd2Via2l0LWxpbmUt YnJlYWs6IGFmdGVyLXdoaXRlLXNwYWNlOyIgY2xhc3M9IiI+DQo8YnIgY2xhc3M9IiI+DQo8YnIg Y2xhc3M9IiI+DQo8L2Rpdj4NCjwvZGl2Pg0KPGRpdj4NCjxibG9ja3F1b3RlIHR5cGU9ImNpdGUi IGNsYXNzPSIiPg0KPGRpdiBjbGFzcz0iIj5PbiBTZXAgMTksIDIwMTcsIGF0IDM6MzggUE0sIEth dGhsZWVuIE1vcmlhcnR5ICZsdDs8YSBocmVmPSJtYWlsdG86S2F0aGxlZW4uTW9yaWFydHkuaWV0 ZkBnbWFpbC5jb20iIGNsYXNzPSIiPkthdGhsZWVuLk1vcmlhcnR5LmlldGZAZ21haWwuY29tPC9h PiZndDsgd3JvdGU6PC9kaXY+DQo8YnIgY2xhc3M9IkFwcGxlLWludGVyY2hhbmdlLW5ld2xpbmUi Pg0KPGRpdiBjbGFzcz0iIj4NCjxkaXYgY2xhc3M9IiI+VGhhbmtzIGZvciB0aGUgcmVzcG9uc2Vz LiAmbmJzcDtJJ20gZ29pbmcgdG8gdG9wIHBvc3QgYXMgSSB0aGluIHRoZSBtYWluPGJyIGNsYXNz PSIiPg0KcG9pbnQgb2YgbXkgcmV2aWV3IGlzIHRoYXQgdGhlIGxheWVyaW5nIG5lZWRzIHRvIGJl IHNwZWNpZmljYWxseTxiciBjbGFzcz0iIj4NCnN0YXRlZCB0byBjbGVhcmx5IHNjb3BlIHRoZSBw cm9ibGVtIHNwYWNlIGZvciBOU0ggc2VjdXJpdHk8YnIgY2xhc3M9IiI+DQpjb25zaWRlcmF0aW9u cy4gJm5ic3A7VGhlIGRyYWZ0IGFzLXdyaXR0ZW4gaXMgbm90IGNsZWFyIGFuZCBhcyBhIHJlc3Vs dCw8YnIgY2xhc3M9IiI+DQpzZWN1cml0eSByZXZpZXdzIGFyZSB2ZXJ5IGRpZmZpY3VsdC4gJm5i c3A7SSB0aGluayBpZiB5b3UgbGFpZCB0aGlzIG91dDxiciBjbGFzcz0iIj4NCm5pY2VseSBhbmQg Y2xlYXJseSBzaG93ZWQgd2hlcmUgdHJhbnNwb3J0IHNlY3VyaXR5IGlzIGFkZHJlc3NlZCBhdDxi ciBjbGFzcz0iIj4NCmFub3RoZXIgbGF5ZXIgKG91dC1vZi1zY29wZSksIGl0IHdvdWxkIGdvIGEg bG9uZyB3YXkuICZuYnNwO0FsdGhvdWdoIHRoZTxiciBjbGFzcz0iIj4NCmRyYWZ0IGltcHJvdmVk IGEgYml0IGZyb20gdGhlIHByZXZpb3VzIHZlcnNpb24sIEkgdGhpbmsgYSBjYXJlZnVsPGJyIGNs YXNzPSIiPg0KcmV2aWV3IGFuZCBlZGl0IHBhc3Mgd291bGQgZG8gYSBsb3Qgb2YgZ29vZCwgc3Bl Y2lmaWNhbGx5IGFyb3VuZDxiciBjbGFzcz0iIj4NCmNsYXJpdHkgb2YgdGhlIHByb2JsZW0gc3Bh Y2UgYW5kIHNvbHV0aW9uLiAmbmJzcDtUaGUgcXVlc3Rpb25zIEkgYXNrZWQgd2VyZTxiciBjbGFz cz0iIj4NCmEgcmVzdWx0IG9mIGxhY2sgb2YgY2xhcml0eSBpbiB0aGUgZHJhZnQuPGJyIGNsYXNz PSIiPg0KPGJyIGNsYXNzPSIiPg0KVGhhbmtzLDxiciBjbGFzcz0iIj4NCkthdGhsZWVuPGJyIGNs YXNzPSIiPg0KPGJyIGNsYXNzPSIiPg0KT24gVHVlLCBTZXAgMTksIDIwMTcgYXQgMzoyMiBQTSwg UGF1bCBRdWlubiAocGF1bHEpICZsdDs8YSBocmVmPSJtYWlsdG86cGF1bHFAY2lzY28uY29tIiBj bGFzcz0iIj5wYXVscUBjaXNjby5jb208L2E+Jmd0OyB3cm90ZTo8YnIgY2xhc3M9IiI+DQo8Ymxv Y2txdW90ZSB0eXBlPSJjaXRlIiBjbGFzcz0iIj5IaSw8YnIgY2xhc3M9IiI+DQo8YnIgY2xhc3M9 IiI+DQpUaGFuayB5b3UgZm9yIHRoZSByZXZpZXcuICZuYnNwO1BsZWFzZSBzZWUgc29tZSBjb21t ZW50cyBpbmxpbmUgYmVsb3cuPGJyIGNsYXNzPSIiPg0KPGJyIGNsYXNzPSIiPg0KUGF1bDxiciBj bGFzcz0iIj4NCjxiciBjbGFzcz0iIj4NCjxibG9ja3F1b3RlIHR5cGU9ImNpdGUiIGNsYXNzPSIi Pk9uIFNlcCAxOCwgMjAxNywgYXQgNDoxNSBQTSwgS2F0aGxlZW4gTW9yaWFydHkgJmx0OzxhIGhy ZWY9Im1haWx0bzprYXRobGVlbi5tb3JpYXJ0eS5pZXRmQGdtYWlsLmNvbSIgY2xhc3M9IiI+a2F0 aGxlZW4ubW9yaWFydHkuaWV0ZkBnbWFpbC5jb208L2E+Jmd0OyB3cm90ZTo8YnIgY2xhc3M9IiI+ DQo8YnIgY2xhc3M9IiI+DQpIZWxsbyw8YnIgY2xhc3M9IiI+DQo8YnIgY2xhc3M9IiI+DQpBdCBB bGlhJ3MgcmVxdWVzdCwgSSBkaWQgYW4gZWFybHkgcmV2aWV3IG9mIGRyYWZ0LWlldGYtc2ZjLW5z aC4gJm5ic3A7SGVyZTxiciBjbGFzcz0iIj4NCmFyZSBzb21lIGluaXRpYWwgY29tbWVudHMgYW5k IEkgbWF5IGhhdmUgbW9yZSB3aGVuIHRoZSBkcmFmdCBpczxiciBjbGFzcz0iIj4NCnJldmlzZWQg YW5kIGlzIGluIGZvciBJRVNHIHJldmlldy4gJm5ic3A7SSBhcHByZWNpYXRlIHlvdXIgZWZmb3J0 czxiciBjbGFzcz0iIj4NCmFkZHJlc3NpbmcgdGhlIGNvbW1lbnRzIHJlY2VpdmVkIHRvIGRhdGUu ICZuYnNwO0kgaG9wZSB5b3UgZmluZCB0aGVzZTxiciBjbGFzcz0iIj4NCnN1Z2dlc3Rpb25zIGFz IGhlbHBmdWwgaW1wcm92ZW1lbnRzIHRvIHRoZSBkb2N1bWVudCBhbmQgY2xhcml0eSBvZiBOU0g8 YnIgY2xhc3M9IiI+DQpzZWN1cml0eSBjb25jZXJucy48YnIgY2xhc3M9IiI+DQo8YnIgY2xhc3M9 IiI+DQo8YnIgY2xhc3M9IiI+DQpTZWN0aW9uIDEgLTxiciBjbGFzcz0iIj4NCjxiciBjbGFzcz0i Ij4NClRoZSBpbnRlbmRlZCBzY29wZSBpbiB0aGUgaW50cm9kdWN0aW9uIHNob3VsZCBhbHNvIGlu Y2x1ZGUgbWVudGlvbiBvZjxiciBjbGFzcz0iIj4NCm11bHRpLXRlbmFuY3kuICZuYnNwO1RoaXMg Y2hhbmdlcyB0aGUgc2VjdXJpdHkgcmVxdWlyZW1lbnRzIGFuZCBpcyB2ZXJ5PGJyIGNsYXNzPSIi Pg0KaW1wb3J0YW50IHRvIG5vdGUuPGJyIGNsYXNzPSIiPg0KPGJyIGNsYXNzPSIiPg0KU2VjdGlv biAxLjQgLTxiciBjbGFzcz0iIj4NCjxiciBjbGFzcz0iIj4NCiZuYnNwOzUuICZuYnNwO1RyYW5z cG9ydCBBZ25vc3RpYzogVGhlIE5TSCBpcyBlbmNhcHN1bGF0aW9uLWluZGVwZW5kZW50LCBtZWFu aW5nPGJyIGNsYXNzPSIiPg0KJm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7aXQgY2FuIGJl IHRyYW5zcG9ydGVkIGJ5IGEgdmFyaWV0eSBvZiBwcm90b2NvbHMuICZuYnNwO0FuIGFwcHJvcHJp YXRlPGJyIGNsYXNzPSIiPg0KJm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7KGZvciBhIGdp dmVuIGRlcGxveW1lbnQpIGVuY2Fwc3VsYXRpb24gcHJvdG9jb2wgY2FuIGJlIHVzZWQgdG88YnIg Y2xhc3M9IiI+DQombmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDtjYXJyeSBOU0gtZW5jYXBz dWxhdGVkIHRyYWZmaWMuICZuYnNwO1RoaXMgdHJhbnNwb3J0IG1heSBmb3JtIGFuPGJyIGNsYXNz PSIiPg0KJm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7b3ZlcmxheSBuZXR3b3JrIGFuZCBp ZiBhbiBleGlzdGluZyBvdmVybGF5IHRvcG9sb2d5IHByb3ZpZGVzIHRoZTxiciBjbGFzcz0iIj4N CiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwO3JlcXVpcmVkIHNlcnZpY2UgcGF0aCBjb25u ZWN0aXZpdHksIHRoYXQgZXhpc3Rpbmcgb3ZlcmxheSBtYXkgYmU8YnIgY2xhc3M9IiI+DQombmJz cDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDt1c2VkLjxiciBjbGFzcz0iIj4NCjxiciBjbGFzcz0i Ij4NCklzIHRoZXJlIGEgcHJlZmVycmVkIHRyYW5zcG9ydCBzbyB5b3UgY291bGQgc3BlY2lmeSBh IHJlY29tbWVuZGVkPGJyIGNsYXNzPSIiPg0KdHJhbnNwb3J0IHNlY3VyaXR5IHByb3RvY29sPzxi ciBjbGFzcz0iIj4NCjwvYmxvY2txdW90ZT4NCjxiciBjbGFzcz0iIj4NClBRJmd0OyBUaGVyZSBp cyBub3QuICZuYnNwO0luIGZhY3QgYXQgdGhlIEFE4oCZcyByZXF1ZXN0IHNhbXBsZSB0cmFuc3Bv cnRzIHdlcmUgcmVtb3ZlZCB0byBlbnN1cmUgdGhhdCB0aGVyZSB3YXMgbm8gaW1wbGllZCBwcmVm ZXJlbmNlLiAmbmJzcDtUaGVyZWZvcmUsIGFuIG9wZXJhdG9yIGNhbiBzZWxlY3QgdGhlaXIgcHJl ZmVycmVkIHRyYW5zcG9ydHMsIGluY2x1ZGluZyDigJQgYXMgcGVyIHRoZSBzZWN1cml0eSBjb25z aWRlcmF0aW9ucyBzZWN0aW9uIOKAlCBvbmVzIHRoYXQgcHJvdmlkZQ0KIGVuY3J5cHRpb24uPGJy IGNsYXNzPSIiPg0KPGJyIGNsYXNzPSIiPg0KPGJsb2NrcXVvdGUgdHlwZT0iY2l0ZSIgY2xhc3M9 IiI+PGJyIGNsYXNzPSIiPg0KU2VjdGlvbiAyLCAzcmQgc2VudGVuY2U6PGJyIGNsYXNzPSIiPg0K Jm5ic3A7U3Vic2VxdWVudGx5LCBhbjxiciBjbGFzcz0iIj4NCiZuYnNwO291dGVyIGVuY2Fwc3Vs YXRpb24gaXMgaW1wb3NlZCBvbiB0aGUgTlNILCB3aGljaCBpcyB1c2VkIGZvciBuZXR3b3JrPGJy IGNsYXNzPSIiPg0KJm5ic3A7Zm9yd2FyZGluZy48YnIgY2xhc3M9IiI+DQo8YnIgY2xhc3M9IiI+ DQpLbm93aW5nIG1vcmUgYWJvdXQgdGhpcyB3b3VsZCBoZWxwIHRvIHVuZGVyc3RhbmQgb3B0aW9u cyBvciBpZiB0aGVyZTxiciBjbGFzcz0iIj4NCmlzIGFub3RoZXIgZHJhZnQgdGhhdCBhZGRyZXNz ZXMgdGhpcyBvdXRlciBlbmNhcHN1bGF0aW9uIHRoYXQgaXM8YnIgY2xhc3M9IiI+DQppbXBvc2Vk IGFuZCB0aGUgdHJhbnNwb3J0IHNlY3VyaXR5IHJlcXVpcmVtZW50cyB0aGF0IGdvIGFsb25nIHdp dGggaXQuPGJyIGNsYXNzPSIiPg0KPGJyIGNsYXNzPSIiPg0KPC9ibG9ja3F1b3RlPg0KPGJyIGNs YXNzPSIiPg0KUFEmZ3Q7IFNpbmNlIE5TSCBkZWZpbmVzIG5vIHByZWZlcnJlZCB0cmFuc3BvcnQo cyksIHRoZSBzZWN1cml0eSBvZiB0aGUgc2VsZWN0ZWQgdHJhbnNwb3J0IGlzIGxlZnQgdG8gdGhl IHRyYW5zcG9ydCBzdGFuZGFyZC4gJm5ic3A7Jm5ic3A7U28sIGZvciBleGFtcGxlLCBpZiBhbiBv cGVyYXRvciBlbGVjdHMgdG8gdXNlIHRoZSBOVk8zIGRlZmluZWQgcHJvdG9jb2wsIHRoZW4gdGhl IG9wZXJhdG9yIGhhcyBleHBsaWNpdGx5IHNlbGVjdGVkIHRoYXQgb3ZlcmxheS48YnIgY2xhc3M9 IiI+DQo8YnIgY2xhc3M9IiI+DQo8YnIgY2xhc3M9IiI+DQo8YmxvY2txdW90ZSB0eXBlPSJjaXRl IiBjbGFzcz0iIj5UcmFuc3BvcnQgbWF5IGJlIGhvcCB0byBob3AsIGFuZCB0aGVyZSBtaWdodCBu b3QgYmUgZW5jcnlwdGlvbiBvZiB0aGlzPGJyIGNsYXNzPSIiPg0KaGVhZGVyIGlmIHRoZSBhcHBs aWNhdGlvbiB1c2VzIGFuIGVuY3J5cHRlZCB0cmFuc3BvcnQgZW5jYXBzdWxhdGVkIGluPGJyIGNs YXNzPSIiPg0KdGhpcyBsYXllci4gJm5ic3A7SW4gYW55IGNhc2UsIGl0IHNlZW1zIGludGVncml0 eSBwcm90ZWN0aW9uIGlzIGE8YnIgY2xhc3M9IiI+DQpyZXF1aXJlbWVudCBmb3IgYSBtdWx0aS10 ZW5hbnQgZW52aXJvbm1lbnQuICZuYnNwO0NvdWxkIHRoZSBDT1NFIE1BQzxiciBjbGFzcz0iIj4N CmZ1bmN0aW9uIGZpdCB0aGUgYmlsbCBzaW5jZSBpdCBpcyBpbnRlbmRlZCBmb3IgY29uY2lzZSBm b3JtYXRzPzxiciBjbGFzcz0iIj4NCjxhIGhyZWY9Imh0dHBzOi8vZGF0YXRyYWNrZXIuaWV0Zi5v cmcvZG9jL3JmYzgxNTIiIGNsYXNzPSIiPmh0dHBzOi8vZGF0YXRyYWNrZXIuaWV0Zi5vcmcvZG9j L3JmYzgxNTI8L2E+PGJyIGNsYXNzPSIiPg0KSk9TRSBwcm9kdWNlZCBhIHNpbWlsYXIgZnVuY3Rp b24gd2l0aCBKU09OLCBidXQgaXQgd291bGQgYmUgc2xpZ2h0bHkgbGFyZ2VyLjxiciBjbGFzcz0i Ij4NCjxiciBjbGFzcz0iIj4NClNlY3Rpb24gNy4xOjxiciBjbGFzcz0iIj4NCjxiciBjbGFzcz0i Ij4NClRoZSBmb2xsb3dpbmcgcGFyYWdyYXBoIGltcGxpZXMgdGhhdCBhbnl0aGluZyBsZXNzIHRo YW4gYSA1LXR1cGxlPGJyIGNsYXNzPSIiPg0KaXNu4oCZdCB1c2VmdWwgYW5kIHRoYXQgeW91IGlu dGVuZCB0byB1c2UgdHJhZmZpYyBjb250ZW50IHdoZW48YnIgY2xhc3M9IiI+DQphdmFpbGFibGUu ICZuYnNwO1RoaXMgaXMgY29uY2VybmluZy4gJm5ic3A7Q2Fu4oCZdCB5b3UgdXNlIGEgMi10dXBs ZT8gJm5ic3A7V2hhdCBpZjxiciBjbGFzcz0iIj4NCklQc2VjIHRyYW5zcG9ydCBtb2RlIHdlcmUg aW4gdXNlLCBpcyB0aGlzIHNvbHV0aW9uIGRlYWQgaW4gdGhlIHdhdGVyPzxiciBjbGFzcz0iIj4N CjxiciBjbGFzcz0iIj4NCiZuYnNwO1JlZ2FyZGxlc3Mgb2YgdGhlIHNvdXJjZSwgbWV0YWRhdGEg cmVmbGVjdHMgdGhlICZxdW90O3Jlc3VsdCZxdW90OyBvZjxiciBjbGFzcz0iIj4NCiZuYnNwO2Ns YXNzaWZpY2F0aW9uLiAmbmJzcDtUaGUgZ3JhbnVsYXJpdHkgb2YgY2xhc3NpZmljYXRpb24gbWF5 IHZhcnkuICZuYnNwO0ZvcjxiciBjbGFzcz0iIj4NCiZuYnNwO2V4YW1wbGUsIGEgbmV0d29yayBz d2l0Y2gsIGFjdGluZyBhcyBhIGNsYXNzaWZpZXIsIG1pZ2h0IG9ubHkgYmUgYWJsZTxiciBjbGFz cz0iIj4NCiZuYnNwO3RvIGNsYXNzaWZ5IGJhc2VkIG9uIGEgNS10dXBsZSwgd2hpbGUgYSBzZXJ2 aWNlIGZ1bmN0aW9uIG1heSBiZSBhYmxlPGJyIGNsYXNzPSIiPg0KJm5ic3A7dG8gaW5zcGVjdCBh cHBsaWNhdGlvbiBpbmZvcm1hdGlvbi4gJm5ic3A7UmVnYXJkbGVzcyBvZiBncmFudWxhcml0eSwg dGhlPGJyIGNsYXNzPSIiPg0KJm5ic3A7Y2xhc3NpZmljYXRpb24gaW5mb3JtYXRpb24gY2FuIGJl IHJlcHJlc2VudGVkIGluIHRoZSBOU0guPGJyIGNsYXNzPSIiPg0KPGJyIGNsYXNzPSIiPg0KSWYg YSAyLXR1cGxlIGlzIHBvc3NpYmxlLCBjb3VsZCB5b3UgYWRkIHRoYXQgaW4gYXMgYW4gZXhhbXBs ZSBpbnN0ZWFkPGJyIGNsYXNzPSIiPg0Kb2Ygb3IgaW4gYWRkaXRpb24gdG8gdGhlIDUtdHVwbGU/ PGJyIGNsYXNzPSIiPg0KPC9ibG9ja3F1b3RlPg0KPGJyIGNsYXNzPSIiPg0KUFEmZ3Q7ICZuYnNw O1RoZSA1LXR1cGxlIHdhcyB1c2VkIG9ubHkgYXMgYW4gZXhhbXBsZSB0aGF0IGlzIGNvbW1vbmx5 IHVuZGVyc3Rvb2QgaW4gdGhlIGNvbnRleHQgb2YgbmV0d29yayBkZXZpY2UgY2xhc3NpZmljYXRp b24uICZuYnNwO1RoZSBzZW50ZW5jZTogJnF1b3Q7VGhlIGdyYW51bGFyaXR5IG9mIGNsYXNzaWZp Y2F0aW9uIG1heSB2YXJ5LuKAnSBhZGRyZXNzZXMgMiwgMywgNCwgbi10dXBsZSBjbGFzc2lmaWNh dGlvbi4gJm5ic3A7RnVydGhlciwgdGhhdCBwb2ludCBpcyByZWluZm9yY2VkOg0KIOKAnFJlZ2Fy ZGxlc3Mgb2YgZ3JhbnVsYXJpdHksIHRoZSBjbGFzc2lmaWNhdGlvbiBpbmZvcm1hdGlvbiBjYW4g YmUgcmVwcmVzZW50ZWQgaW4gdGhlIE5TSC4mcXVvdDs8YnIgY2xhc3M9IiI+DQo8YnIgY2xhc3M9 IiI+DQo8YnIgY2xhc3M9IiI+DQo8YnIgY2xhc3M9IiI+DQo8YmxvY2txdW90ZSB0eXBlPSJjaXRl IiBjbGFzcz0iIj48YnIgY2xhc3M9IiI+DQpTZWN0aW9uIDcuMTxiciBjbGFzcz0iIj4NCjxiciBj bGFzcz0iIj4NClRoaXMgdGV4dCBjb21lcyB0b28gbGF0ZSBpbiB0aGUgZHJhZnQgYW5kIEkgcmVj b21tZW5kIG1ha2luZyBhIGNsZWFyPGJyIGNsYXNzPSIiPg0Kc3RhdGVtZW50IGluIHRoZSBpbnRy b2R1Y3Rpb24gdGhhdCBzZXNzaW9uIGVuY3J5cHRpb24gdG8gcHJvdGVjdCB0aGU8YnIgY2xhc3M9 IiI+DQpkYXRhIGluIHRyYW5zaXQgcmVsaWVzIG9uIHRoZSBhcHBsaWNhdGlvbi9zZXJ2aWNlIHNl bmRpbmcvcmVjZWl2aW5nPGJyIGNsYXNzPSIiPg0KdGhlIGRhdGEgYW5kIG5vdCB0aGUgU0ZDLiAm bmJzcDtJIG1hZGUgdGhpcyBwb2ludCBwcmV2aW91c2x5IGFuZCBhbSBnbGFkIHRvPGJyIGNsYXNz PSIiPg0Kc2VlIHNvbWUgdGV4dCwgYnV0IHRoaW5rIGl0IHdvdWxkIGJlIG11Y2ggYmV0dGVyIHRv IHN0YXRlIHRoaXMgZWFybHk8YnIgY2xhc3M9IiI+DQppbiB0aGUgZHJhZnQuICZuYnNwO1RvdWNo aW5nIHVwb24gcHJvdGVjdGlvbnMgZm9yIGRhdGEgc3RyZWFtcyB2ZXJzdXMgbWV0YTxiciBjbGFz cz0iIj4NCmRhdGEgd291bGQgYm90aCBiZSBpbXBvcnRhbnQgKGxheWVycyBmb3IgdHJhZmZpYyBh bmQgYXNzb2NpYXRlZDxiciBjbGFzcz0iIj4NCnByb3RlY3Rpb25zKS4gJm5ic3A7SWYgaXTigJlz IG1ldGEgZGF0YSwgZG8gdGhleSBuZWVkIHRvIHJlbHkgb24gSVBzZWMgYW5kPGJyIGNsYXNzPSIi Pg0KaGF2aW5nIGEgMi10dXBsZSBiZSB0aGUgbWluaW11bT8gJm5ic3A7V2hlbiBpcyB0aGF0IGFw cGxpZWQ/ICZuYnNwO0lzIHRoZXJlIG1ldGE8YnIgY2xhc3M9IiI+DQpkYXRhIHRoYXQgY291bGQg YmUgc2Vuc2l0aXZlIGlmIFRMUyB3YXMgaW4gcGxhY2UgYW5kIGEgNS10dXBsZSBpczxiciBjbGFz cz0iIj4NCnZpc2libGUgKHBlcmhhcHMgdGhlIGV4aXN0ZW5jZSBvZiBjb21tdW5pY2F0aW9uIGlz IHNlbnNpdGl2ZSkuICZuYnNwO0FyZTxiciBjbGFzcz0iIj4NCnRoZXJlIG90aGVyIGNvbnNpZGVy YXRpb25zIGZvciBtZXRhZGF0YSBhbmQgZGF0YSB0aGF0IG5lZWQgdG8gYmU8YnIgY2xhc3M9IiI+ DQpzdGF0ZWQgdXAgZnJvbnQgYW5kIHB1dCBvdXQtb2Ytc2NvcGUgZm9yIFNGQz8gJm5ic3A7SeKA mW0gYXNraW5nIHRoZXNlPGJyIGNsYXNzPSIiPg0KcXVlc3Rpb25zIGFzIHByb3ZpZGluZyB0aGVz ZSBhbnN3ZXJzIGNvdWxkIHNob3cgdGhhdCB0aGUgcmlzayBpczxiciBjbGFzcz0iIj4NCmNvbnN0 cmFpbmVkLjxiciBjbGFzcz0iIj4NCjxiciBjbGFzcz0iIj4NCiZuYnNwO0RlcGVuZGluZyBvbiB0 aGUgaW5mb3JtYXRpb24gY2FycmllZCBpbiB0aGUgbWV0YWRhdGEsIGRhdGEgcHJpdmFjeTxiciBj bGFzcz0iIj4NCiZuYnNwO2NvbnNpZGVyYXRpb25zIG1heSBuZWVkIHRvIGJlIGNvbnNpZGVyZWQu ICZuYnNwO0ZvciBleGFtcGxlLCBpZiB0aGU8YnIgY2xhc3M9IiI+DQombmJzcDttZXRhZGF0YSBj b252ZXlzIHRlbmFudCBpbmZvcm1hdGlvbiwgdGhhdCBpbmZvcm1hdGlvbiBtYXkgbmVlZCB0byBi ZTxiciBjbGFzcz0iIj4NCiZuYnNwO2F1dGhlbnRpY2F0ZWQgYW5kL29yIGVuY3J5cHRlZCBiZXR3 ZWVuIHRoZSBvcmlnaW5hdG9yIGFuZCB0aGU8YnIgY2xhc3M9IiI+DQombmJzcDtpbnRlbmRlZCBy ZWNpcGllbnRzICh3aGljaCBtYXkgaW5jbHVkZSBpbnRlbmRlZCBTRnMgb25seSkuICZuYnNwO1Ro ZSBOU0g8YnIgY2xhc3M9IiI+DQombmJzcDtpdHNlbGYgZG9lcyBub3QgcHJvdmlkZSBwcml2YWN5 IGZ1bmN0aW9ucywgcmF0aGVyIGl0IHJlbGllcyBvbiB0aGU8YnIgY2xhc3M9IiI+DQombmJzcDt0 cmFuc3BvcnQvb3ZlcmxheSBsYXllci4gJm5ic3A7QW4gb3BlcmF0b3IgY2FuIHNlbGVjdCB0aGUg YXBwcm9wcmlhdGU8YnIgY2xhc3M9IiI+DQombmJzcDt0cmFuc3BvcnQgdG8gZW5zdXJlIGNvbmZp ZGVudGlhbGl0eSAoYW5kIG90aGVyIHNlY3VyaXR5KTxiciBjbGFzcz0iIj4NCiZuYnNwO2NvbnNp ZGVyYXRpb25zIGFyZSBtZXQuICZuYnNwO01ldGFkYXRhIHByaXZhY3kgYW5kIHNlY3VyaXR5IGNv bnNpZGVyYXRpb25zPGJyIGNsYXNzPSIiPg0KJm5ic3A7YXJlIGEgbWF0dGVyIGZvciB0aGUgZG9j dW1lbnRzIHRoYXQgZGVmaW5lIG1ldGFkYXRhIGZvcm1hdC48YnIgY2xhc3M9IiI+DQo8YnIgY2xh c3M9IiI+DQo8YnIgY2xhc3M9IiI+DQo8L2Jsb2NrcXVvdGU+DQo8YnIgY2xhc3M9IiI+DQpQUSZn dDsgJm5ic3A7QXJlIHlvdSBzdWdnZXN0aW5nIHRoYXQgYXBwbGljYXRpb24gbGF5ZXIgY29uZmlk ZW50aWFsbHkgYmUgYWRkcmVzc2VkIGluIHRoaXMgZHJhZnQ/ICZuYnNwOyZuYnNwO05TSCDigJxw bGF5cyBuaWNlbHnigJ0gd2l0aCBzdGFuZGFyZCBlbmNyeXB0aW9uIHRyYW5zcG9ydHMsIHRoZXJl Zm9yZSBhbGxvd2luZyBvcGVyYXRvcnMgdG8g4oCcc2VjdXJl4oCdIHRoZSBwYXRoLiAmbmJzcDtH b2luZyB1cCB0aGUgc3RhY2sgZnJvbSB0aGF0IHNlZW1zIHRvIGJlIG91dHNpZGUgdGhlIHNjb3Bl DQogb2YgTlNIIGFuZCBpbmNvbnNpc3RlbnQgd2l0aCBvdGhlciBwcm90b2NvbCByZXF1aXJlbWVu dHMuPGJyIGNsYXNzPSIiPg0KPGJyIGNsYXNzPSIiPg0KPGJyIGNsYXNzPSIiPg0KPGJsb2NrcXVv dGUgdHlwZT0iY2l0ZSIgY2xhc3M9IiI+T3RoZXIgY29tbWVudHM6PGJyIGNsYXNzPSIiPg0KPGJy IGNsYXNzPSIiPg0KSeKAmWQgbGlrZSB0byBzZWU7PGJyIGNsYXNzPSIiPg0KPGEgaHJlZj0iaHR0 cHM6Ly90b29scy5pZXRmLm9yZy9odG1sL2RyYWZ0LW1nbHQtc2ZjLXNlY3VyaXR5LWVudmlyb25t ZW50LXJlcS0wMiIgY2xhc3M9IiI+aHR0cHM6Ly90b29scy5pZXRmLm9yZy9odG1sL2RyYWZ0LW1n bHQtc2ZjLXNlY3VyaXR5LWVudmlyb25tZW50LXJlcS0wMjwvYT48YnIgY2xhc3M9IiI+DQpQdWJs aXNoZWQgYmVmb3JlIHRoaXMgZG9jdW1lbnQgYW5kIHRoZW4gaGF2ZSB0aGF0IGFzIGEgcmVmZXJl bmNlLiAmbmJzcDtPbmU8YnIgY2xhc3M9IiI+DQpvZiB0aGUgY29tbWVudHMgSSBtYWRlIHByZXZp b3VzbHkgd2FzIHRvIGxpc3Qgb3V0IHRoZSBsYXllcmluZyBhbmQ8YnIgY2xhc3M9IiI+DQpwcm90 ZWN0aW9ucyBleHBlY3RlZCBvbiBkYXRhIGFuZCBOU0guICZuYnNwO1RoaXMgaGFzIGJlZW4gZG9u ZSBpbiB0aGU8YnIgY2xhc3M9IiI+DQpzZWN1cml0eSBlbnZpcm9ubWVudCBkcmFmdCwgc2VjdGlv biA0IHNob3VsZCBiZSByZWZlcmVuY2VkOjxiciBjbGFzcz0iIj4NCjxiciBjbGFzcz0iIj4NCiZu YnNwO1NlY3Rpb24gNCBwcm92aWRlcyBhbiBvdmVyYWxsIGRlc2NyaXB0aW9uIG9mIHRoZSBTRkMg ZW52aXJvbm1lbnQgd2l0aDxiciBjbGFzcz0iIj4NCiZuYnNwO3RoZSBpbnRyb2R1Y3Rpb24gb2Yg dGhlIGRpZmZlcmVudCBwbGFuZXMgKFNGQyBDb250cm9sIFBsYW5lLCB0aGUgU0ZDPGJyIGNsYXNz PSIiPg0KJm5ic3A7TWFuYWdlbWVudCBQbGFuZSwgdGhlIFRlbmFudCdzIHVzZXIgUGxhbmUgYW5k IHRoZSBTRkMgRGF0YSBQbGFuZSkuPGJyIGNsYXNzPSIiPg0KPGJyIGNsYXNzPSIiPg0KPC9ibG9j a3F1b3RlPg0KPGJyIGNsYXNzPSIiPg0KPGJyIGNsYXNzPSIiPg0KUFEmZ3Q7ICZuYnNwO0FzIEkg bWVudGlvbmVkIG9uIGFub3RoZXIgdGhyZWFkOiBhIHNlY3VyZSBlbnZpcm9ubWVudCBkcmFmdCBp cyBub3QgcmVsYXRlZCB0byBOU0ggcGVyIHNlLjxiciBjbGFzcz0iIj4NCjxiciBjbGFzcz0iIj4N CjxiciBjbGFzcz0iIj4NCjxiciBjbGFzcz0iIj4NCjxiciBjbGFzcz0iIj4NCjxibG9ja3F1b3Rl IHR5cGU9ImNpdGUiIGNsYXNzPSIiPlRoaXMgaXMgYSB2ZXJ5IGltcG9ydGFudCBwb2ludCBmb3Ig YW55b25lIHJldmlld2luZyBmb3Igc2VjdXJpdHkgYXM8YnIgY2xhc3M9IiI+DQphcmUgdGhlIGVu dmlyb25tZW50IHNlY3VyaXR5IHJlcXVpcmVtZW50cy4gJm5ic3A7VGhlIHNlY3VyaXR5IGVudmly b25tZW50PGJyIGNsYXNzPSIiPg0KcmVxdWlyZW1lbnRzIGRyYWZ0IHN0aWxsIG5lZWRzIGEgbGl0 dGxlIG1vcmUgd29yayBmcm9tIGEgcXVpY2sgcmVhZCw8YnIgY2xhc3M9IiI+DQpidXQgaGVscHMg YSBsb3QuICZuYnNwO0kgbmVlZCB0byBmaW5pc2ggcmVhZGluZyB0aGUgc2VjdXJpdHkgZW52aXJv bm1lbnQ8YnIgY2xhc3M9IiI+DQpkcmFmdC48YnIgY2xhc3M9IiI+DQo8YnIgY2xhc3M9IiI+DQot LTxiciBjbGFzcz0iIj4NCjxiciBjbGFzcz0iIj4NCkJlc3QgcmVnYXJkcyw8YnIgY2xhc3M9IiI+ DQpLYXRobGVlbjxiciBjbGFzcz0iIj4NCjxiciBjbGFzcz0iIj4NCl9fX19fX19fX19fX19fX19f X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fPGJyIGNsYXNzPSIiPg0Kc2ZjIG1haWxpbmcg bGlzdDxiciBjbGFzcz0iIj4NCjxhIGhyZWY9Im1haWx0bzpzZmNAaWV0Zi5vcmciIGNsYXNzPSIi PnNmY0BpZXRmLm9yZzwvYT48YnIgY2xhc3M9IiI+DQo8YSBocmVmPSJodHRwczovL3d3dy5pZXRm Lm9yZy9tYWlsbWFuL2xpc3RpbmZvL3NmYyIgY2xhc3M9IiI+aHR0cHM6Ly93d3cuaWV0Zi5vcmcv bWFpbG1hbi9saXN0aW5mby9zZmM8L2E+PGJyIGNsYXNzPSIiPg0KPC9ibG9ja3F1b3RlPg0KPGJy IGNsYXNzPSIiPg0KPC9ibG9ja3F1b3RlPg0KPGJyIGNsYXNzPSIiPg0KPGJyIGNsYXNzPSIiPg0K PGJyIGNsYXNzPSIiPg0KLS0gPGJyIGNsYXNzPSIiPg0KPGJyIGNsYXNzPSIiPg0KQmVzdCByZWdh cmRzLDxiciBjbGFzcz0iIj4NCkthdGhsZWVuPGJyIGNsYXNzPSIiPg0KPGJyIGNsYXNzPSIiPg0K X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX188YnIgY2xhc3M9 IiI+DQpzZmMgbWFpbGluZyBsaXN0PGJyIGNsYXNzPSIiPg0KPGEgaHJlZj0ibWFpbHRvOnNmY0Bp ZXRmLm9yZyIgY2xhc3M9IiI+c2ZjQGlldGYub3JnPC9hPjxiciBjbGFzcz0iIj4NCjxhIGhyZWY9 Imh0dHBzOi8vd3d3LmlldGYub3JnL21haWxtYW4vbGlzdGluZm8vc2ZjIiBjbGFzcz0iIj5odHRw czovL3d3dy5pZXRmLm9yZy9tYWlsbWFuL2xpc3RpbmZvL3NmYzwvYT48YnIgY2xhc3M9IiI+DQo8 L2Rpdj4NCjwvZGl2Pg0KPC9ibG9ja3F1b3RlPg0KPC9kaXY+DQo8YnIgY2xhc3M9IiI+DQo8L2Rp dj4NCjwvYm9keT4NCjwvaHRtbD4NCg== --_000_6971D34BDC0E4C3EB4123C2F8FAE5704ciscocom_-- From nobody Wed Sep 20 06:22:45 2017 Return-Path: X-Original-To: sfc@ietfa.amsl.com Delivered-To: sfc@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7BDDF13421F for ; Wed, 20 Sep 2017 06:22:44 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.699 X-Spam-Level: X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cEdGrdQuXWaF for ; Wed, 20 Sep 2017 06:22:42 -0700 (PDT) Received: from mail-oi0-x22c.google.com (mail-oi0-x22c.google.com [IPv6:2607:f8b0:4003:c06::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D1D0D133053 for ; Wed, 20 Sep 2017 06:22:36 -0700 (PDT) Received: by mail-oi0-x22c.google.com with SMTP id w65so2546495oia.7 for ; Wed, 20 Sep 2017 06:22:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=Olik5mlut4GNIAu7bXAtbpBebprsUBvZlyZRlJgAUMw=; b=n9t+ZRXJbPndF+4/98LoU4ed4jpnNcSuS30m26hqTQL2ruzKKiz1+zCXK8zBFuD+GS UHgMCunMG03sN1teUVvJLHPvj7ELuFjZgnMLSRP7VhpGs4g6z8s5VHqs/ADVBp+y55Uj qD1Ku9fMNRj9knZpK+ciYtxCc8Got6uuNPE0rjeg1PuzBxb7o8Kic7TH5ZP8Z7c5Fvqk kalpKPCWRVNmjmPbz4j2tiJL6s/6Gs89jUaQ9CtTSRtjOr+LTV1hFh0oEfLGvOSKLBTo vRSbj5g5EQLrqoUvdEilZsKcTawP+Oxd+TLEgIkYNkt6cOYnlPUG8JAGj5Q1NDe1ZnZt HiLA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=Olik5mlut4GNIAu7bXAtbpBebprsUBvZlyZRlJgAUMw=; b=rdphps9FgnreiN2ns3s0qRDKPahmPKOpwiuH8EkZNWPanVGQdsu2u20aNAeBLBjebs j+ruP4k/3HjYBpWfYAU+Q0BeBDUKU0IH/PNCwB8X/LD9MQSqvZ/v4EjOxeAQHvNGlb/4 iX2KuBCkCXGKIayOvPzAZYFeTd488RNvgcXEp69SeGI1NnBhvcTDncKPCdCom/d/ubcZ 1zDEgragl6kxZbj4p9JTPfdshSLSyzMBHUvNq8/kDFN/owvGHqH4WGKvQaUV5alimM5M lJiUEpuNiBG68gGI4GgUQoR0ahiE0kzlLpHzLr3IXcC4F06Qnc/tkJ6FiAIgVm8SmD3y +P2w== X-Gm-Message-State: AHPjjUhubpJeL5XuwedSO8Jb9jMMasoqxf+emo6+RWC40vucA0GX/0or vGEftvJ1qoxXnJj3co1mBbQRfHAz7B6RPiGMzLQ= X-Google-Smtp-Source: AOwi7QDRWJgh+Nmsn8uT916w0RUP5GqAY1hFqn8T0e2uJh42yd428yNdnTHbfArpcta12w1K/WOPQlIA3pAlZzoUHr4= X-Received: by 10.202.72.201 with SMTP id v192mr6025512oia.128.1505913756091; Wed, 20 Sep 2017 06:22:36 -0700 (PDT) MIME-Version: 1.0 Received: by 10.202.84.21 with HTTP; Wed, 20 Sep 2017 06:22:15 -0700 (PDT) In-Reply-To: References: <4e3137c3-357c-fdd9-5173-3c488d4f3ae1@joelhalpern.com> <48E7F217-5915-40A6-A78B-0ADB5403FAEF@cisco.com> <7EC82867-E058-4A06-9F80-BDD17D3E67FE@cisco.com> From: "Andrew G. Malis" Date: Wed, 20 Sep 2017 09:22:15 -0400 Message-ID: To: "Joel M. Halpern" Cc: "Paul Quinn (paulq)" , "Carlos Pignataro (cpignata)" , "sfc@ietf.org" Content-Type: multipart/alternative; boundary="001a1134eedc7e8eac05599ede73" Archived-At: Subject: Re: [sfc] NSH Security X-BeenThere: sfc@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Network Service Chaining List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 Sep 2017 13:22:44 -0000 --001a1134eedc7e8eac05599ede73 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Joel et al, There are some inconsistencies between draft-mglt-sfc-security-environment-req-02 and draft-ietf-sfc-nsh-21, probably because the former hasn=E2=80=99t been = tracking the updates to the latter. In particular, the former refers to revision -01 of the latter, and there are references to things that no longer exist, such as the SFP ID. Which means that the NSH encapsulation no longer satisfies REQ24. As another point, the NSH spec explicitly relies on its external transport for authentication and integrity (see the last paragraph of section 7.1), and we should discuss whether this satisfies the various authentication and integrity requirements in the security draft (and whether totally relying on the transport layer is sufficient for the NSH encapsulation). There are probably other inconsistencies as well that I missed on a first reading. So if we do wish to adopt the security draft, we should ask whether it first needs a general update to better match the current NSH draft. Of course, this would need to happen in any case. Cheers, Andy On Tue, Sep 19, 2017 at 2:08 PM, Joel M. Halpern wrote: > That is my preference. I am trying to find out how Alia reads Kathleen's > note in this regard. > > Yours, > Joel > > > On 9/19/17 1:55 PM, Paul Quinn (paulq) wrote: > >> Carlos, Joel, >> >> >> >> On Sep 18, 2017, at 9:38 PM, Carlos Pignataro (cpignata) < >>> cpignata@cisco.com> wrote: >>> >>> Hi, Joel, >>> >>> On Sep 18, 2017, at 6:53 PM, Joel M. Halpern >>>> wrote: >>>> >>>> One of the Area Directors has suggested that >>>> https://tools.ietf.org/html/draft-mglt-sfc-security-environment-req-02 >>>> may be necessary for completion of the NSH work. >>>> >>> >>> A small clarification, a bit of an important nuance: I read that a >>> Security AD wrote =E2=80=9CI=E2=80=99d like to see=E2=80=9D (a Security= document published before). >>> I did not necessary read that =E2=80=9Cmay be necessary for completion = of the NSH >>> work=E2=80=9D. >>> >>> >> PQ> I agree, a security environment draft is orthogonal to the protocol >> draft =E2=80=94 as is has been the case with most (all?) existing protoc= ol >> standards. As long as the protocol can be =E2=80=9Csecured=E2=80=9D the= n the draft is >> complete. >> >> >> In any case, my $0.02 say that sfc-security-environment document is >>> important *after* NSH, because it also needs Control Plane and Manageme= nt >>> Plane for it to make sense as a meta-document, not a micro-document. >>> >>> >> PQ> Correct, the security environment draft would be more of an >> informational draft, offering _possible_ guidance, and must address topi= cs >> that aren=E2=80=99t in NSH (ands should not be) >> >> >> > _______________________________________________ > sfc mailing list > sfc@ietf.org > https://www.ietf.org/mailman/listinfo/sfc > --001a1134eedc7e8eac05599ede73 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Joel et al,

There are some inconsistenc= ies between=C2=A0draft-mglt-sfc-security-environment-req-02 and=C2=A0draft-= ietf-sfc-nsh-21, probably because the former hasn=E2=80=99t been tracking t= he updates to the latter. In particular, the former refers to revision -01 = of the latter, and there are references to things that no longer exist, suc= h as the SFP ID. Which means that the NSH encapsulation no longer satisfies= REQ24. As another point, the NSH spec explicitly relies on its external tr= ansport for authentication and integrity (see the last paragraph of section= 7.1), and we should discuss whether this satisfies the various authenticat= ion and integrity requirements in the security draft (and whether totally r= elying on the transport layer is sufficient for the NSH encapsulation). The= re are probably other inconsistencies as well that I missed on a first read= ing. So if we do wish to adopt =C2=A0the security draft, we should ask whet= her it first needs a general update to better match the current NSH draft. = Of course, this would need to happen in any case.

Cheers= ,
Andy


On Tue, Sep 19, 2017 at 2:08 PM, Joel M. Ha= lpern <jmh@joelhalpern.com> wrote:
That is my preference.=C2=A0 I am trying to find out how Alia= reads Kathleen's note in this regard.

Yours,
Joel


On 9/19/17 1:55 PM, Paul Quinn (paulq) wrote:
Carlos, Joel,



On Sep 18, 2017, at 9:38 PM, Carlos Pignataro (cpignata) <cpignata@cisco.com> wrote:=

Hi, Joel,

On Sep 18, 2017, at 6:53 PM, Joel M. Halpern <jmh@joelhalpern.com> wrote:

One of the Area Directors has suggested that
https://tools.ietf.org/html/dr= aft-mglt-sfc-security-environment-req-02
may be necessary for completion of the NSH work.

A small clarification, a bit of an important nuance: I read that a Security= AD wrote =E2=80=9CI=E2=80=99d like to see=E2=80=9D (a Security document pu= blished before). I did not necessary read that =E2=80=9Cmay be necessary fo= r completion of the NSH work=E2=80=9D.


PQ> I agree, a security environment draft is orthogonal to the protocol = draft =E2=80=94 as is has been the case with most (all?) existing protocol = standards.=C2=A0 As long as the protocol can be =E2=80=9Csecured=E2=80=9D t= hen the draft is complete.


In any case, my $0.02 say that sfc-security-environment document is importa= nt *after* NSH, because it also needs Control Plane and Management Plane fo= r it to make sense as a meta-document, not a micro-document.


PQ> Correct, the security environment draft would be more of an informat= ional draft, offering _possible_ guidance, and must address topics that are= n=E2=80=99t in NSH (ands should not be)



_______________________________________________
sfc mailing list
sfc@ietf.org
https://www.ietf.org/mailman/listinfo/sfc

--001a1134eedc7e8eac05599ede73-- From nobody Wed Sep 20 08:08:41 2017 Return-Path: X-Original-To: sfc@ietfa.amsl.com Delivered-To: sfc@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5679F1331C2 for ; Wed, 20 Sep 2017 08:08:40 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -14.52 X-Spam-Level: X-Spam-Status: No, score=-14.52 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IuM2UwfepJXB for ; Wed, 20 Sep 2017 08:08:38 -0700 (PDT) Received: from alln-iport-4.cisco.com (alln-iport-4.cisco.com [173.37.142.91]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A61B813319E for ; Wed, 20 Sep 2017 08:08:38 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=17280; q=dns/txt; s=iport; t=1505920118; x=1507129718; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=JD33sebPFQC/N0ZhBgi65snLfuY+TbrmXpKulAemrk0=; b=SxFzpB+puWql0+q/E+97sKc7M1vIcWaRUkzfnderZiX0UgKLbnx5PHKE 59yLPYxh3csTiyMTOlniHREA+6EU2wKxY/U1jElf3UYhDgnCWfOagX99h YlOH90WZFP36moJtUn5CqTtTZnNq3AtG3U7VyIMDOolI3vN4U8OCAAYJN M=; X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0ADAgCig8JZ/5JdJa1cGQEBAQEBAQEBA?= =?us-ascii?q?QEBBwEBAQEBg1pkbicHgytDmhWBUohgiCuHUAoYAQqFGAIahEtXAQIBAQEBAQJ?= =?us-ascii?q?rKIUZAgEDAQEKF0sLEAIBBgISLQMCAgIfBgsUAw4CBA4FiU9MAxUQih6dZoInh?= =?us-ascii?q?zANg18BAQEBAQEBAQEBAQEBAQEBAQEBAQEYBYMrggKBUYIPC4JyglmFNS+CMQW?= =?us-ascii?q?gVzwCh1uDE4RwhHeCE4lohwCKA4JciC4CERkBgTgBV4ENdxVJEgGETTkcgWd2i?= =?us-ascii?q?BKBEAEBAQ?= X-IronPort-AV: E=Sophos;i="5.42,421,1500940800"; d="scan'208,217";a="6224189" Received: from rcdn-core-10.cisco.com ([173.37.93.146]) by alln-iport-4.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 20 Sep 2017 15:08:37 +0000 Received: from XCH-RTP-007.cisco.com (xch-rtp-007.cisco.com [64.101.220.147]) by rcdn-core-10.cisco.com (8.14.5/8.14.5) with ESMTP id v8KF8boB009507 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Wed, 20 Sep 2017 15:08:37 GMT Received: from xch-rtp-020.cisco.com (64.101.220.160) by XCH-RTP-007.cisco.com (64.101.220.147) with Microsoft SMTP Server (TLS) id 15.0.1263.5; Wed, 20 Sep 2017 11:08:36 -0400 Received: from xch-rtp-020.cisco.com ([64.101.220.160]) by XCH-RTP-020.cisco.com ([64.101.220.160]) with mapi id 15.00.1263.000; Wed, 20 Sep 2017 11:08:36 -0400 From: "Carlos Pignataro (cpignata)" To: "Andrew G. Malis" CC: "Joel M. Halpern" , "Paul Quinn (paulq)" , "sfc@ietf.org" Thread-Topic: [sfc] NSH Security Thread-Index: AQHTMNETb7gzxMZm/UGeg4XysbqIhaK7sWoAgAEQ3gCAAAOnAIABQnCAgAAdsgA= Date: Wed, 20 Sep 2017 15:08:36 +0000 Message-ID: <6873A962-1272-4F1F-9167-A315743125EE@cisco.com> References: <4e3137c3-357c-fdd9-5173-3c488d4f3ae1@joelhalpern.com> <48E7F217-5915-40A6-A78B-0ADB5403FAEF@cisco.com> <7EC82867-E058-4A06-9F80-BDD17D3E67FE@cisco.com> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-exchange-messagesentrepresentingtype: 1 x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [10.118.116.133] Content-Type: multipart/alternative; boundary="_000_6873A96212724F1F9167A315743125EEciscocom_" MIME-Version: 1.0 Archived-At: Subject: Re: [sfc] NSH Security X-BeenThere: sfc@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Network Service Chaining List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 Sep 2017 15:08:40 -0000 --_000_6873A96212724F1F9167A315743125EEciscocom_ Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 QW5keSwNCg0KWW91IHJhaXNlIChhdCBsZWFzdCkgYSBjb3VwbGUgb2YgZ29vZCBwb2ludHMuDQoN CmRyYWZ0LW1nbHQtc2ZjLXNlY3VyaXR5LWVudmlyb25tZW50LXJlcSB3b3VsZCBoYXZlIHRvIGZp cnN0IGJlIHVwZGF0ZWQgdG8gY2F0Y2ggdXAgdG8gdHdlbnR5IHJldmlzaW9ucyBvZiBOU0guDQoN Ckhvd2V2ZXIsIGl0IGlzIGltcG9ydGFudCB0byBoaWdobGlnaHQgdGhhdCBkcmFmdC1tZ2x0LXNm Yy1zZWN1cml0eS1lbnZpcm9ubWVudC1yZXEgcHJvZ3Jlc3MgaXMgb3J0aG9nb25hbCB0byB0aGF0 IG9mIGRyYWZ0LWlldGYtc2ZjLW5zaC4NCg0KaHR0cHM6Ly90b29scy5pZXRmLm9yZy9odG1sL2Ry YWZ0LW1nbHQtc2ZjLXNlY3VyaXR5LWVudmlyb25tZW50LXJlcS0wMg0KDQpBYnN0cmFjdA0KDQog ICBUaGlzIGRvY3VtZW50IHByb3ZpZGVzIGVudmlyb25tZW50IHNlY3VyaXR5IHJlcXVpcmVtZW50 cyBmb3IgdGhlIFNGQw0KICAgYXJjaGl0ZWN0dXJlLiAgRW52aXJvbm1lbnQgc2VjdXJpdHkgcmVx dWlyZW1lbnRzIGFyZSBpbmRlcGVuZGVudCBvZg0KICAgdGhlIHByb3RvY29scyB1c2VkIGZvciBT RkMgLSBzdWNoIGFzIE5TSCBmb3IgZXhhbXBsZS4NCg0KLyogVGhpcyBzYXlzIHRoYXQ6DQogMS4g VGhpcyBpcyBhbiBTRkMtbGV2ZWwgYnJvYWRseS1zY29wZWQgZG9jdW1lbnQsIGFuZA0KIDIuIGRy YWZ0LW1nbHQtc2ZjLXNlY3VyaXR5LWVudmlyb25tZW50LXJlcSBpcyBpbmRlcGVuZGVudCBvZiBO U0gNCiAqLw0KDQogICBBcyBhIHJlc3VsdCwNCiAgIHRoZSByZXF1aXJlbWVudHMgcHJvdmlkZWQg aW4gdGhpcyBkb2N1bWVudCBhcmUgaW50ZW5kZWQgdG8gcHJvdmlkZQ0KICAgZ29vZCBzZWN1cml0 eSBwcmFjdGljZXMgc28gU0ZDIGNhbiBiZSBzZWN1cmVseSBkZXBsb3llZCBhbmQgb3BlcmF0ZWQu DQogICBUaGVzZSBzZWN1cml0eSByZXF1aXJlbWVudHMgYXJlIGRlc2lnbmF0ZWQgYXMgZW52aXJv bm1lbnQgc2VjdXJpdHkNCiAgIHJlcXVpcmVtZW50cyBhcyBvcHBvc2VkIHRvIHRoZSBwcm90b2Nv bCBzZWN1cml0eSByZXF1aXJlbWVudHMuDQoNCi8qIFRoaXMgcG9pbnRzIHRvIE5TSCBoYXZpbmcg cHJvdG9jb2wgc2VjdXJpdHkgZGVmaW5pdGlvbnMsIGFuZA0KVGhpcyBkb2N1bWVudCBiZWluZyBk YXRhICsgY29udHJvbCArIG1hbmFnZW1lbnQgKyBvcGVyYXRpb24gZm9jdXNlZCAqLw0KDQpUaGFu a3MsDQoNCuKAlA0KQ2FybG9zIFBpZ25hdGFybywgY2FybG9zQGNpc2NvLmNvbTxtYWlsdG86Y2Fy bG9zQGNpc2NvLmNvbT4NCg0K4oCcU29tZXRpbWVzIEkgdXNlIGJpZyB3b3JkcyB0aGF0IEkgZG8g bm90IGZ1bGx5IHVuZGVyc3RhbmQsIHRvIG1ha2UgbXlzZWxmIHNvdW5kIG1vcmUgcGhvdG9zeW50 aGVzaXMuIg0KDQpPbiBTZXAgMjAsIDIwMTcsIGF0IDk6MjIgQU0sIEFuZHJldyBHLiBNYWxpcyA8 YWdtYWxpc0BnbWFpbC5jb208bWFpbHRvOmFnbWFsaXNAZ21haWwuY29tPj4gd3JvdGU6DQoNCkpv ZWwgZXQgYWwsDQoNClRoZXJlIGFyZSBzb21lIGluY29uc2lzdGVuY2llcyBiZXR3ZWVuIGRyYWZ0 LW1nbHQtc2ZjLXNlY3VyaXR5LWVudmlyb25tZW50LXJlcS0wMiBhbmQgZHJhZnQtaWV0Zi1zZmMt bnNoLTIxLCBwcm9iYWJseSBiZWNhdXNlIHRoZSBmb3JtZXIgaGFzbuKAmXQgYmVlbiB0cmFja2lu ZyB0aGUgdXBkYXRlcyB0byB0aGUgbGF0dGVyLiBJbiBwYXJ0aWN1bGFyLCB0aGUgZm9ybWVyIHJl ZmVycyB0byByZXZpc2lvbiAtMDEgb2YgdGhlIGxhdHRlciwgYW5kIHRoZXJlIGFyZSByZWZlcmVu Y2VzIHRvIHRoaW5ncyB0aGF0IG5vIGxvbmdlciBleGlzdCwgc3VjaCBhcyB0aGUgU0ZQIElELiBX aGljaCBtZWFucyB0aGF0IHRoZSBOU0ggZW5jYXBzdWxhdGlvbiBubyBsb25nZXIgc2F0aXNmaWVz IFJFUTI0LiBBcyBhbm90aGVyIHBvaW50LCB0aGUgTlNIIHNwZWMgZXhwbGljaXRseSByZWxpZXMg b24gaXRzIGV4dGVybmFsIHRyYW5zcG9ydCBmb3IgYXV0aGVudGljYXRpb24gYW5kIGludGVncml0 eSAoc2VlIHRoZSBsYXN0IHBhcmFncmFwaCBvZiBzZWN0aW9uIDcuMSksIGFuZCB3ZSBzaG91bGQg ZGlzY3VzcyB3aGV0aGVyIHRoaXMgc2F0aXNmaWVzIHRoZSB2YXJpb3VzIGF1dGhlbnRpY2F0aW9u IGFuZCBpbnRlZ3JpdHkgcmVxdWlyZW1lbnRzIGluIHRoZSBzZWN1cml0eSBkcmFmdCAoYW5kIHdo ZXRoZXIgdG90YWxseSByZWx5aW5nIG9uIHRoZSB0cmFuc3BvcnQgbGF5ZXIgaXMgc3VmZmljaWVu dCBmb3IgdGhlIE5TSCBlbmNhcHN1bGF0aW9uKS4gVGhlcmUgYXJlIHByb2JhYmx5IG90aGVyIGlu Y29uc2lzdGVuY2llcyBhcyB3ZWxsIHRoYXQgSSBtaXNzZWQgb24gYSBmaXJzdCByZWFkaW5nLiBT byBpZiB3ZSBkbyB3aXNoIHRvIGFkb3B0ICB0aGUgc2VjdXJpdHkgZHJhZnQsIHdlIHNob3VsZCBh c2sgd2hldGhlciBpdCBmaXJzdCBuZWVkcyBhIGdlbmVyYWwgdXBkYXRlIHRvIGJldHRlciBtYXRj aCB0aGUgY3VycmVudCBOU0ggZHJhZnQuIE9mIGNvdXJzZSwgdGhpcyB3b3VsZCBuZWVkIHRvIGhh cHBlbiBpbiBhbnkgY2FzZS4NCg0KQ2hlZXJzLA0KQW5keQ0KDQoNCk9uIFR1ZSwgU2VwIDE5LCAy MDE3IGF0IDI6MDggUE0sIEpvZWwgTS4gSGFscGVybiA8am1oQGpvZWxoYWxwZXJuLmNvbTxtYWls dG86am1oQGpvZWxoYWxwZXJuLmNvbT4+IHdyb3RlOg0KVGhhdCBpcyBteSBwcmVmZXJlbmNlLiAg SSBhbSB0cnlpbmcgdG8gZmluZCBvdXQgaG93IEFsaWEgcmVhZHMgS2F0aGxlZW4ncyBub3RlIGlu IHRoaXMgcmVnYXJkLg0KDQpZb3VycywNCkpvZWwNCg0KDQpPbiA5LzE5LzE3IDE6NTUgUE0sIFBh dWwgUXVpbm4gKHBhdWxxKSB3cm90ZToNCkNhcmxvcywgSm9lbCwNCg0KDQoNCk9uIFNlcCAxOCwg MjAxNywgYXQgOTozOCBQTSwgQ2FybG9zIFBpZ25hdGFybyAoY3BpZ25hdGEpIDxjcGlnbmF0YUBj aXNjby5jb208bWFpbHRvOmNwaWduYXRhQGNpc2NvLmNvbT4+IHdyb3RlOg0KDQpIaSwgSm9lbCwN Cg0KT24gU2VwIDE4LCAyMDE3LCBhdCA2OjUzIFBNLCBKb2VsIE0uIEhhbHBlcm4gPGptaEBqb2Vs aGFscGVybi5jb208bWFpbHRvOmptaEBqb2VsaGFscGVybi5jb20+PiB3cm90ZToNCg0KT25lIG9m IHRoZSBBcmVhIERpcmVjdG9ycyBoYXMgc3VnZ2VzdGVkIHRoYXQNCmh0dHBzOi8vdG9vbHMuaWV0 Zi5vcmcvaHRtbC9kcmFmdC1tZ2x0LXNmYy1zZWN1cml0eS1lbnZpcm9ubWVudC1yZXEtMDINCm1h eSBiZSBuZWNlc3NhcnkgZm9yIGNvbXBsZXRpb24gb2YgdGhlIE5TSCB3b3JrLg0KDQpBIHNtYWxs IGNsYXJpZmljYXRpb24sIGEgYml0IG9mIGFuIGltcG9ydGFudCBudWFuY2U6IEkgcmVhZCB0aGF0 IGEgU2VjdXJpdHkgQUQgd3JvdGUg4oCcSeKAmWQgbGlrZSB0byBzZWXigJ0gKGEgU2VjdXJpdHkg ZG9jdW1lbnQgcHVibGlzaGVkIGJlZm9yZSkuIEkgZGlkIG5vdCBuZWNlc3NhcnkgcmVhZCB0aGF0 IOKAnG1heSBiZSBuZWNlc3NhcnkgZm9yIGNvbXBsZXRpb24gb2YgdGhlIE5TSCB3b3Jr4oCdLg0K DQoNClBRPiBJIGFncmVlLCBhIHNlY3VyaXR5IGVudmlyb25tZW50IGRyYWZ0IGlzIG9ydGhvZ29u YWwgdG8gdGhlIHByb3RvY29sIGRyYWZ0IOKAlCBhcyBpcyBoYXMgYmVlbiB0aGUgY2FzZSB3aXRo IG1vc3QgKGFsbD8pIGV4aXN0aW5nIHByb3RvY29sIHN0YW5kYXJkcy4gIEFzIGxvbmcgYXMgdGhl IHByb3RvY29sIGNhbiBiZSDigJxzZWN1cmVk4oCdIHRoZW4gdGhlIGRyYWZ0IGlzIGNvbXBsZXRl Lg0KDQoNCkluIGFueSBjYXNlLCBteSAkMC4wMiBzYXkgdGhhdCBzZmMtc2VjdXJpdHktZW52aXJv bm1lbnQgZG9jdW1lbnQgaXMgaW1wb3J0YW50ICphZnRlciogTlNILCBiZWNhdXNlIGl0IGFsc28g bmVlZHMgQ29udHJvbCBQbGFuZSBhbmQgTWFuYWdlbWVudCBQbGFuZSBmb3IgaXQgdG8gbWFrZSBz ZW5zZSBhcyBhIG1ldGEtZG9jdW1lbnQsIG5vdCBhIG1pY3JvLWRvY3VtZW50Lg0KDQoNClBRPiBD b3JyZWN0LCB0aGUgc2VjdXJpdHkgZW52aXJvbm1lbnQgZHJhZnQgd291bGQgYmUgbW9yZSBvZiBh biBpbmZvcm1hdGlvbmFsIGRyYWZ0LCBvZmZlcmluZyBfcG9zc2libGVfIGd1aWRhbmNlLCBhbmQg bXVzdCBhZGRyZXNzIHRvcGljcyB0aGF0IGFyZW7igJl0IGluIE5TSCAoYW5kcyBzaG91bGQgbm90 IGJlKQ0KDQoNCg0KX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f X18NCnNmYyBtYWlsaW5nIGxpc3QNCnNmY0BpZXRmLm9yZzxtYWlsdG86c2ZjQGlldGYub3JnPg0K aHR0cHM6Ly93d3cuaWV0Zi5vcmcvbWFpbG1hbi9saXN0aW5mby9zZmMNCg0KDQo= --_000_6873A96212724F1F9167A315743125EEciscocom_ Content-Type: text/html; charset="utf-8" Content-ID: <974B6C4A0385E840B5589D1A93E71F6B@emea.cisco.com> Content-Transfer-Encoding: base64 PGh0bWw+DQo8aGVhZD4NCjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIgY29udGVudD0i dGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Ij4NCjwvaGVhZD4NCjxib2R5IHN0eWxlPSJ3b3JkLXdy YXA6IGJyZWFrLXdvcmQ7IC13ZWJraXQtbmJzcC1tb2RlOiBzcGFjZTsgLXdlYmtpdC1saW5lLWJy ZWFrOiBhZnRlci13aGl0ZS1zcGFjZTsiIGNsYXNzPSIiPg0KQW5keSwNCjxkaXYgY2xhc3M9IiI+ PGJyIGNsYXNzPSIiPg0KPC9kaXY+DQo8ZGl2IGNsYXNzPSIiPllvdSByYWlzZSAoYXQgbGVhc3Qp IGEgY291cGxlIG9mIGdvb2QgcG9pbnRzLjwvZGl2Pg0KPGRpdiBjbGFzcz0iIj48YnIgY2xhc3M9 IiI+DQo8L2Rpdj4NCjxkaXYgY2xhc3M9IiI+ZHJhZnQtbWdsdC1zZmMtc2VjdXJpdHktZW52aXJv bm1lbnQtcmVxIHdvdWxkIGhhdmUgdG8gZmlyc3QgYmUgdXBkYXRlZCB0byBjYXRjaCB1cCB0byB0 d2VudHkgcmV2aXNpb25zIG9mIE5TSC48L2Rpdj4NCjxkaXYgY2xhc3M9IiI+PGJyIGNsYXNzPSIi Pg0KPC9kaXY+DQo8ZGl2IGNsYXNzPSIiPkhvd2V2ZXIsIGl0IGlzIGltcG9ydGFudCB0byBoaWdo bGlnaHQgdGhhdCZuYnNwO2RyYWZ0LW1nbHQtc2ZjLXNlY3VyaXR5LWVudmlyb25tZW50LXJlcSBw cm9ncmVzcyBpcyBvcnRob2dvbmFsIHRvIHRoYXQgb2YmbmJzcDtkcmFmdC1pZXRmLXNmYy1uc2gu PC9kaXY+DQo8ZGl2IGNsYXNzPSIiPjxiciBjbGFzcz0iIj4NCjwvZGl2Pg0KPGRpdiBjbGFzcz0i Ij48YSBocmVmPSJodHRwczovL3Rvb2xzLmlldGYub3JnL2h0bWwvZHJhZnQtbWdsdC1zZmMtc2Vj dXJpdHktZW52aXJvbm1lbnQtcmVxLTAyIiBjbGFzcz0iIj5odHRwczovL3Rvb2xzLmlldGYub3Jn L2h0bWwvZHJhZnQtbWdsdC1zZmMtc2VjdXJpdHktZW52aXJvbm1lbnQtcmVxLTAyPC9hPjwvZGl2 Pg0KPGRpdiBjbGFzcz0iIj48YnIgY2xhc3M9IiI+DQo8L2Rpdj4NCjxkaXYgY2xhc3M9IiI+QWJz dHJhY3Q8L2Rpdj4NCjxkaXYgY2xhc3M9IiI+PGJyIGNsYXNzPSIiPg0KPC9kaXY+DQo8ZGl2IGNs YXNzPSIiPg0KPGRpdiBjbGFzcz0iIj4mbmJzcDsgJm5ic3A7VGhpcyBkb2N1bWVudCBwcm92aWRl cyBlbnZpcm9ubWVudCBzZWN1cml0eSByZXF1aXJlbWVudHMgZm9yIHRoZSBTRkM8L2Rpdj4NCjxk aXYgY2xhc3M9IiI+Jm5ic3A7ICZuYnNwO2FyY2hpdGVjdHVyZS4gJm5ic3A7RW52aXJvbm1lbnQg c2VjdXJpdHkgcmVxdWlyZW1lbnRzIGFyZSBpbmRlcGVuZGVudCBvZjwvZGl2Pg0KPGRpdiBjbGFz cz0iIj4mbmJzcDsgJm5ic3A7dGhlIHByb3RvY29scyB1c2VkIGZvciBTRkMgLSBzdWNoIGFzIE5T SCBmb3IgZXhhbXBsZS48L2Rpdj4NCjxkaXYgY2xhc3M9IiI+PGJyIGNsYXNzPSIiPg0KPC9kaXY+ DQo8ZGl2IGNsYXNzPSIiPi8qIFRoaXMgc2F5cyB0aGF0OjwvZGl2Pg0KPGRpdiBjbGFzcz0iIj4m bmJzcDsxLiBUaGlzIGlzIGFuIFNGQy1sZXZlbCBicm9hZGx5LXNjb3BlZCBkb2N1bWVudCwgYW5k PC9kaXY+DQo8ZGl2IGNsYXNzPSIiPiZuYnNwOzIuIGRyYWZ0LW1nbHQtc2ZjLXNlY3VyaXR5LWVu dmlyb25tZW50LXJlcSBpcyBpbmRlcGVuZGVudCBvZiBOU0g8L2Rpdj4NCjxkaXYgY2xhc3M9IiI+ Jm5ic3A7Ki88L2Rpdj4NCjxkaXYgY2xhc3M9IiI+PGJyIGNsYXNzPSIiPg0KPC9kaXY+DQo8ZGl2 IGNsYXNzPSIiPiZuYnNwOyAmbmJzcDtBcyBhIHJlc3VsdCw8L2Rpdj4NCjxkaXYgY2xhc3M9IiI+ Jm5ic3A7ICZuYnNwO3RoZSByZXF1aXJlbWVudHMgcHJvdmlkZWQgaW4gdGhpcyBkb2N1bWVudCBh cmUgaW50ZW5kZWQgdG8gcHJvdmlkZTwvZGl2Pg0KPGRpdiBjbGFzcz0iIj4mbmJzcDsgJm5ic3A7 Z29vZCBzZWN1cml0eSBwcmFjdGljZXMgc28gU0ZDIGNhbiBiZSBzZWN1cmVseSBkZXBsb3llZCBh bmQgb3BlcmF0ZWQuPC9kaXY+DQo8ZGl2IGNsYXNzPSIiPiZuYnNwOyAmbmJzcDtUaGVzZSBzZWN1 cml0eSByZXF1aXJlbWVudHMgYXJlIGRlc2lnbmF0ZWQgYXMgZW52aXJvbm1lbnQgc2VjdXJpdHk8 L2Rpdj4NCjxkaXYgY2xhc3M9IiI+Jm5ic3A7ICZuYnNwO3JlcXVpcmVtZW50cyBhcyBvcHBvc2Vk IHRvIHRoZSBwcm90b2NvbCBzZWN1cml0eSByZXF1aXJlbWVudHMuPC9kaXY+DQo8L2Rpdj4NCjxk aXYgY2xhc3M9IiI+PGJyIGNsYXNzPSIiPg0KPC9kaXY+DQo8ZGl2IGNsYXNzPSIiPi8qIFRoaXMg cG9pbnRzIHRvIE5TSCBoYXZpbmcgcHJvdG9jb2wgc2VjdXJpdHkgZGVmaW5pdGlvbnMsIGFuZCZu YnNwOzwvZGl2Pg0KPGRpdiBjbGFzcz0iIj5UaGlzIGRvY3VtZW50IGJlaW5nIGRhdGEgJiM0Mzsg Y29udHJvbCAmIzQzOyBtYW5hZ2VtZW50ICYjNDM7IG9wZXJhdGlvbiBmb2N1c2VkICovPC9kaXY+ DQo8ZGl2IGNsYXNzPSIiPjxiciBjbGFzcz0iIj4NCjwvZGl2Pg0KPGRpdiBjbGFzcz0iIj5UaGFu a3MsPC9kaXY+DQo8ZGl2IGNsYXNzPSIiPjxiciBjbGFzcz0iIj4NCjxkaXYgY2xhc3M9IiI+DQo8 ZGl2IHN0eWxlPSJjb2xvcjogcmdiKDAsIDAsIDApOyBsZXR0ZXItc3BhY2luZzogbm9ybWFsOyB0 ZXh0LWFsaWduOiBzdGFydDsgdGV4dC1pbmRlbnQ6IDBweDsgdGV4dC10cmFuc2Zvcm06IG5vbmU7 IHdoaXRlLXNwYWNlOiBub3JtYWw7IHdvcmQtc3BhY2luZzogMHB4OyAtd2Via2l0LXRleHQtc3Ry b2tlLXdpZHRoOiAwcHg7IHdvcmQtd3JhcDogYnJlYWstd29yZDsgLXdlYmtpdC1uYnNwLW1vZGU6 IHNwYWNlOyAtd2Via2l0LWxpbmUtYnJlYWs6IGFmdGVyLXdoaXRlLXNwYWNlOyIgY2xhc3M9IiI+ DQrigJQ8YnIgY2xhc3M9IiI+DQpDYXJsb3MgUGlnbmF0YXJvLCZuYnNwOzxhIGhyZWY9Im1haWx0 bzpjYXJsb3NAY2lzY28uY29tIiBjbGFzcz0iIj5jYXJsb3NAY2lzY28uY29tPC9hPjxiciBjbGFz cz0iIj4NCjxiciBjbGFzcz0iIj4NCjxpIGNsYXNzPSIiPuKAnFNvbWV0aW1lcyBJIHVzZSBiaWcg d29yZHMgdGhhdCBJIGRvIG5vdCBmdWxseSB1bmRlcnN0YW5kLCB0byBtYWtlIG15c2VsZiBzb3Vu ZCBtb3JlIHBob3Rvc3ludGhlc2lzLiZxdW90OzwvaT48L2Rpdj4NCjwvZGl2Pg0KPGJyIGNsYXNz PSIiPg0KPGRpdj4NCjxibG9ja3F1b3RlIHR5cGU9ImNpdGUiIGNsYXNzPSIiPg0KPGRpdiBjbGFz cz0iIj5PbiBTZXAgMjAsIDIwMTcsIGF0IDk6MjIgQU0sIEFuZHJldyBHLiBNYWxpcyAmbHQ7PGEg aHJlZj0ibWFpbHRvOmFnbWFsaXNAZ21haWwuY29tIiBjbGFzcz0iIj5hZ21hbGlzQGdtYWlsLmNv bTwvYT4mZ3Q7IHdyb3RlOjwvZGl2Pg0KPGJyIGNsYXNzPSJBcHBsZS1pbnRlcmNoYW5nZS1uZXds aW5lIj4NCjxkaXYgY2xhc3M9IiI+DQo8ZGl2IGRpcj0ibHRyIiBjbGFzcz0iIj5Kb2VsIGV0IGFs LA0KPGRpdiBjbGFzcz0iIj48YnIgY2xhc3M9IiI+DQo8L2Rpdj4NCjxkaXYgY2xhc3M9IiI+VGhl cmUgYXJlIHNvbWUgaW5jb25zaXN0ZW5jaWVzIGJldHdlZW4mbmJzcDtkcmFmdC1tZ2x0LXNmYy1z ZWN1cml0eS1lbnZpcm9ubWVudC1yZXEtMDIgYW5kJm5ic3A7ZHJhZnQtaWV0Zi1zZmMtbnNoLTIx LCBwcm9iYWJseSBiZWNhdXNlIHRoZSBmb3JtZXIgaGFzbuKAmXQgYmVlbiB0cmFja2luZyB0aGUg dXBkYXRlcyB0byB0aGUgbGF0dGVyLiBJbiBwYXJ0aWN1bGFyLCB0aGUgZm9ybWVyIHJlZmVycyB0 byByZXZpc2lvbiAtMDEgb2YgdGhlIGxhdHRlciwNCiBhbmQgdGhlcmUgYXJlIHJlZmVyZW5jZXMg dG8gdGhpbmdzIHRoYXQgbm8gbG9uZ2VyIGV4aXN0LCBzdWNoIGFzIHRoZSBTRlAgSUQuIFdoaWNo IG1lYW5zIHRoYXQgdGhlIE5TSCBlbmNhcHN1bGF0aW9uIG5vIGxvbmdlciBzYXRpc2ZpZXMgUkVR MjQuIEFzIGFub3RoZXIgcG9pbnQsIHRoZSBOU0ggc3BlYyBleHBsaWNpdGx5IHJlbGllcyBvbiBp dHMgZXh0ZXJuYWwgdHJhbnNwb3J0IGZvciBhdXRoZW50aWNhdGlvbiBhbmQgaW50ZWdyaXR5IChz ZWUNCiB0aGUgbGFzdCBwYXJhZ3JhcGggb2Ygc2VjdGlvbiA3LjEpLCBhbmQgd2Ugc2hvdWxkIGRp c2N1c3Mgd2hldGhlciB0aGlzIHNhdGlzZmllcyB0aGUgdmFyaW91cyBhdXRoZW50aWNhdGlvbiBh bmQgaW50ZWdyaXR5IHJlcXVpcmVtZW50cyBpbiB0aGUgc2VjdXJpdHkgZHJhZnQgKGFuZCB3aGV0 aGVyIHRvdGFsbHkgcmVseWluZyBvbiB0aGUgdHJhbnNwb3J0IGxheWVyIGlzIHN1ZmZpY2llbnQg Zm9yIHRoZSBOU0ggZW5jYXBzdWxhdGlvbikuIFRoZXJlDQogYXJlIHByb2JhYmx5IG90aGVyIGlu Y29uc2lzdGVuY2llcyBhcyB3ZWxsIHRoYXQgSSBtaXNzZWQgb24gYSBmaXJzdCByZWFkaW5nLiBT byBpZiB3ZSBkbyB3aXNoIHRvIGFkb3B0ICZuYnNwO3RoZSBzZWN1cml0eSBkcmFmdCwgd2Ugc2hv dWxkIGFzayB3aGV0aGVyIGl0IGZpcnN0IG5lZWRzIGEgZ2VuZXJhbCB1cGRhdGUgdG8gYmV0dGVy IG1hdGNoIHRoZSBjdXJyZW50IE5TSCBkcmFmdC4gT2YgY291cnNlLCB0aGlzIHdvdWxkIG5lZWQg dG8gaGFwcGVuIGluDQogYW55IGNhc2UuDQo8ZGl2IGNsYXNzPSIiPjxiciBjbGFzcz0iIj4NCjwv ZGl2Pg0KPGRpdiBjbGFzcz0iIj5DaGVlcnMsPC9kaXY+DQo8ZGl2IGNsYXNzPSIiPkFuZHk8L2Rp dj4NCjxkaXYgY2xhc3M9IiI+PGJyIGNsYXNzPSIiPg0KPC9kaXY+DQo8L2Rpdj4NCjwvZGl2Pg0K PGRpdiBjbGFzcz0iZ21haWxfZXh0cmEiPjxiciBjbGFzcz0iIj4NCjxkaXYgY2xhc3M9ImdtYWls X3F1b3RlIj5PbiBUdWUsIFNlcCAxOSwgMjAxNyBhdCAyOjA4IFBNLCBKb2VsIE0uIEhhbHBlcm4g PHNwYW4gZGlyPSJsdHIiIGNsYXNzPSIiPg0KJmx0OzxhIGhyZWY9Im1haWx0bzpqbWhAam9lbGhh bHBlcm4uY29tIiB0YXJnZXQ9Il9ibGFuayIgY2xhc3M9IiI+am1oQGpvZWxoYWxwZXJuLmNvbTwv YT4mZ3Q7PC9zcGFuPiB3cm90ZTo8YnIgY2xhc3M9IiI+DQo8YmxvY2txdW90ZSBjbGFzcz0iZ21h aWxfcXVvdGUiIHN0eWxlPSJtYXJnaW46MCAwIDAgLjhleDtib3JkZXItbGVmdDoxcHggI2NjYyBz b2xpZDtwYWRkaW5nLWxlZnQ6MWV4Ij4NClRoYXQgaXMgbXkgcHJlZmVyZW5jZS4mbmJzcDsgSSBh bSB0cnlpbmcgdG8gZmluZCBvdXQgaG93IEFsaWEgcmVhZHMgS2F0aGxlZW4ncyBub3RlIGluIHRo aXMgcmVnYXJkLjxiciBjbGFzcz0iIj4NCjxiciBjbGFzcz0iIj4NCllvdXJzLDxiciBjbGFzcz0i Ij4NCkpvZWwNCjxkaXYgY2xhc3M9IkhPRW5aYiI+DQo8ZGl2IGNsYXNzPSJoNSI+PGJyIGNsYXNz PSIiPg0KPGJyIGNsYXNzPSIiPg0KT24gOS8xOS8xNyAxOjU1IFBNLCBQYXVsIFF1aW5uIChwYXVs cSkgd3JvdGU6PGJyIGNsYXNzPSIiPg0KPGJsb2NrcXVvdGUgY2xhc3M9ImdtYWlsX3F1b3RlIiBz dHlsZT0ibWFyZ2luOjAgMCAwIC44ZXg7Ym9yZGVyLWxlZnQ6MXB4ICNjY2Mgc29saWQ7cGFkZGlu Zy1sZWZ0OjFleCI+DQpDYXJsb3MsIEpvZWwsPGJyIGNsYXNzPSIiPg0KPGJyIGNsYXNzPSIiPg0K PGJyIGNsYXNzPSIiPg0KPGJyIGNsYXNzPSIiPg0KPGJsb2NrcXVvdGUgY2xhc3M9ImdtYWlsX3F1 b3RlIiBzdHlsZT0ibWFyZ2luOjAgMCAwIC44ZXg7Ym9yZGVyLWxlZnQ6MXB4ICNjY2Mgc29saWQ7 cGFkZGluZy1sZWZ0OjFleCI+DQpPbiBTZXAgMTgsIDIwMTcsIGF0IDk6MzggUE0sIENhcmxvcyBQ aWduYXRhcm8gKGNwaWduYXRhKSAmbHQ7PGEgaHJlZj0ibWFpbHRvOmNwaWduYXRhQGNpc2NvLmNv bSIgdGFyZ2V0PSJfYmxhbmsiIGNsYXNzPSIiPmNwaWduYXRhQGNpc2NvLmNvbTwvYT4mZ3Q7IHdy b3RlOjxiciBjbGFzcz0iIj4NCjxiciBjbGFzcz0iIj4NCkhpLCBKb2VsLDxiciBjbGFzcz0iIj4N CjxiciBjbGFzcz0iIj4NCjxibG9ja3F1b3RlIGNsYXNzPSJnbWFpbF9xdW90ZSIgc3R5bGU9Im1h cmdpbjowIDAgMCAuOGV4O2JvcmRlci1sZWZ0OjFweCAjY2NjIHNvbGlkO3BhZGRpbmctbGVmdDox ZXgiPg0KT24gU2VwIDE4LCAyMDE3LCBhdCA2OjUzIFBNLCBKb2VsIE0uIEhhbHBlcm4gJmx0Ozxh IGhyZWY9Im1haWx0bzpqbWhAam9lbGhhbHBlcm4uY29tIiB0YXJnZXQ9Il9ibGFuayIgY2xhc3M9 IiI+am1oQGpvZWxoYWxwZXJuLmNvbTwvYT4mZ3Q7IHdyb3RlOjxiciBjbGFzcz0iIj4NCjxiciBj bGFzcz0iIj4NCk9uZSBvZiB0aGUgQXJlYSBEaXJlY3RvcnMgaGFzIHN1Z2dlc3RlZCB0aGF0PGJy IGNsYXNzPSIiPg0KPGEgaHJlZj0iaHR0cHM6Ly90b29scy5pZXRmLm9yZy9odG1sL2RyYWZ0LW1n bHQtc2ZjLXNlY3VyaXR5LWVudmlyb25tZW50LXJlcS0wMiIgcmVsPSJub3JlZmVycmVyIiB0YXJn ZXQ9Il9ibGFuayIgY2xhc3M9IiI+aHR0cHM6Ly90b29scy5pZXRmLm9yZy9odG1sL2RyPHdiciBj bGFzcz0iIj5hZnQtbWdsdC1zZmMtc2VjdXJpdHktZW52aXJvbm08d2JyIGNsYXNzPSIiPmVudC1y ZXEtMDI8L2E+PGJyIGNsYXNzPSIiPg0KbWF5IGJlIG5lY2Vzc2FyeSBmb3IgY29tcGxldGlvbiBv ZiB0aGUgTlNIIHdvcmsuPGJyIGNsYXNzPSIiPg0KPC9ibG9ja3F1b3RlPg0KPGJyIGNsYXNzPSIi Pg0KQSBzbWFsbCBjbGFyaWZpY2F0aW9uLCBhIGJpdCBvZiBhbiBpbXBvcnRhbnQgbnVhbmNlOiBJ IHJlYWQgdGhhdCBhIFNlY3VyaXR5IEFEIHdyb3RlIOKAnEnigJlkIGxpa2UgdG8gc2Vl4oCdIChh IFNlY3VyaXR5IGRvY3VtZW50IHB1Ymxpc2hlZCBiZWZvcmUpLiBJIGRpZCBub3QgbmVjZXNzYXJ5 IHJlYWQgdGhhdCDigJxtYXkgYmUgbmVjZXNzYXJ5IGZvciBjb21wbGV0aW9uIG9mIHRoZSBOU0gg d29ya+KAnS48YnIgY2xhc3M9IiI+DQo8YnIgY2xhc3M9IiI+DQo8L2Jsb2NrcXVvdGU+DQo8YnIg Y2xhc3M9IiI+DQpQUSZndDsgSSBhZ3JlZSwgYSBzZWN1cml0eSBlbnZpcm9ubWVudCBkcmFmdCBp cyBvcnRob2dvbmFsIHRvIHRoZSBwcm90b2NvbCBkcmFmdCDigJQgYXMgaXMgaGFzIGJlZW4gdGhl IGNhc2Ugd2l0aCBtb3N0IChhbGw/KSBleGlzdGluZyBwcm90b2NvbCBzdGFuZGFyZHMuJm5ic3A7 IEFzIGxvbmcgYXMgdGhlIHByb3RvY29sIGNhbiBiZSDigJxzZWN1cmVk4oCdIHRoZW4gdGhlIGRy YWZ0IGlzIGNvbXBsZXRlLjxiciBjbGFzcz0iIj4NCjxiciBjbGFzcz0iIj4NCjxiciBjbGFzcz0i Ij4NCjxibG9ja3F1b3RlIGNsYXNzPSJnbWFpbF9xdW90ZSIgc3R5bGU9Im1hcmdpbjowIDAgMCAu OGV4O2JvcmRlci1sZWZ0OjFweCAjY2NjIHNvbGlkO3BhZGRpbmctbGVmdDoxZXgiPg0KSW4gYW55 IGNhc2UsIG15ICQwLjAyIHNheSB0aGF0IHNmYy1zZWN1cml0eS1lbnZpcm9ubWVudCBkb2N1bWVu dCBpcyBpbXBvcnRhbnQgKmFmdGVyKiBOU0gsIGJlY2F1c2UgaXQgYWxzbyBuZWVkcyBDb250cm9s IFBsYW5lIGFuZCBNYW5hZ2VtZW50IFBsYW5lIGZvciBpdCB0byBtYWtlIHNlbnNlIGFzIGEgbWV0 YS1kb2N1bWVudCwgbm90IGEgbWljcm8tZG9jdW1lbnQuPGJyIGNsYXNzPSIiPg0KPGJyIGNsYXNz PSIiPg0KPC9ibG9ja3F1b3RlPg0KPGJyIGNsYXNzPSIiPg0KUFEmZ3Q7IENvcnJlY3QsIHRoZSBz ZWN1cml0eSBlbnZpcm9ubWVudCBkcmFmdCB3b3VsZCBiZSBtb3JlIG9mIGFuIGluZm9ybWF0aW9u YWwgZHJhZnQsIG9mZmVyaW5nIF9wb3NzaWJsZV8gZ3VpZGFuY2UsIGFuZCBtdXN0IGFkZHJlc3Mg dG9waWNzIHRoYXQgYXJlbuKAmXQgaW4gTlNIIChhbmRzIHNob3VsZCBub3QgYmUpPGJyIGNsYXNz PSIiPg0KPGJyIGNsYXNzPSIiPg0KPGJyIGNsYXNzPSIiPg0KPC9ibG9ja3F1b3RlPg0KPGJyIGNs YXNzPSIiPg0KX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fPHdiciBjbGFzcz0iIj5fX19f X19fX19fX19fX19fXzxiciBjbGFzcz0iIj4NCnNmYyBtYWlsaW5nIGxpc3Q8YnIgY2xhc3M9IiI+ DQo8YSBocmVmPSJtYWlsdG86c2ZjQGlldGYub3JnIiB0YXJnZXQ9Il9ibGFuayIgY2xhc3M9IiI+ c2ZjQGlldGYub3JnPC9hPjxiciBjbGFzcz0iIj4NCjxhIGhyZWY9Imh0dHBzOi8vd3d3LmlldGYu b3JnL21haWxtYW4vbGlzdGluZm8vc2ZjIiByZWw9Im5vcmVmZXJyZXIiIHRhcmdldD0iX2JsYW5r IiBjbGFzcz0iIj5odHRwczovL3d3dy5pZXRmLm9yZy9tYWlsbWFuL2w8d2JyIGNsYXNzPSIiPmlz dGluZm8vc2ZjPC9hPjxiciBjbGFzcz0iIj4NCjwvZGl2Pg0KPC9kaXY+DQo8L2Jsb2NrcXVvdGU+ DQo8L2Rpdj4NCjxiciBjbGFzcz0iIj4NCjwvZGl2Pg0KPC9kaXY+DQo8L2Jsb2NrcXVvdGU+DQo8 L2Rpdj4NCjxiciBjbGFzcz0iIj4NCjwvZGl2Pg0KPC9ib2R5Pg0KPC9odG1sPg0K --_000_6873A96212724F1F9167A315743125EEciscocom_-- From nobody Wed Sep 20 08:22:19 2017 Return-Path: X-Original-To: sfc@ietfa.amsl.com Delivered-To: sfc@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AF5F5132D51 for ; Wed, 20 Sep 2017 08:22:14 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2 X-Spam-Level: X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WRHxdAQFen1y for ; Wed, 20 Sep 2017 08:22:12 -0700 (PDT) Received: from mail-pf0-x22a.google.com (mail-pf0-x22a.google.com [IPv6:2607:f8b0:400e:c00::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DFDE3132125 for ; Wed, 20 Sep 2017 08:22:11 -0700 (PDT) Received: by mail-pf0-x22a.google.com with SMTP id y29so1694178pff.0 for ; Wed, 20 Sep 2017 08:22:11 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=2hEkBipiqWKk0/rX9deQct/opYLZ8p78LcHEjD/R0OU=; b=h75VB+sPx0kvb0HvU2BCNVLFYM7z+oAMLBuosmUGkZcozSkGXOugSFhfHOpr9pDSgM /WaNt9+Sq5uBjOlZWBwi/T4/qhrTf5Gle4ng393OCxM/dBs54TT5hZvP9DNSzNScg4a7 BC3QuvsP2+E1AUgMiTPR5AU/MGlEylaEne0dMNRwQ+N0wfQcFP4R/w3IRS2E8nwxT6fG 2zO5SNJ/ap3OCIeJKzpbPTKRMhsR5oFlswzggQvm8g7lMtA/LRR58fN8PfBUqANo6fdg +ALm3ms/iQU8cv2VYfr0e64VdEYMSulKt3Xx9E/FHJVJJh1J2Crpf9No9Zbziuca7YRG UH8g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=2hEkBipiqWKk0/rX9deQct/opYLZ8p78LcHEjD/R0OU=; b=kaKM2BcBZfPnPv6JdrSDynjQ//8HFyqJY4I+ThTS5QZxdrzSLv16DUmwdtAIAVw63E 8R750SNrtOx4DCQFUf9zTgrP38vRI53BEFQZ2tpKxpovsVPBo6nof7oj51+5YDPdZUfc IfPW8qRTZIUb/mT9MviCs0zkKXIy/sJMTSDh7N1Zf1WvAuoTjy/4IQ3W7rfUnJIGmboK Yohik4iIsBiP8+5vuf42W8DXTmtY9MnVJ7UNhZXqFXXinkQPQK2zBk6NdAHxbGKtv0bg 51JI1IjexjS8YMCtz4zUst7r9xgf6JvD4EsgEaCaB1RoYwdeNcEGPvrBGVJqsj9OUR66 2WZg== X-Gm-Message-State: AHPjjUjIg/qvQNALwTNma6qNvhDHnta9ZWGRgWkQT7BTyn4Pjwnl+Tr5 9ykEJzLlqwkWYXcj4gTdqxSnX0qCk+lOEVgnFFk= X-Google-Smtp-Source: AOwi7QCITcQtIJab5jy4qgyEB0TcP8eYofMlR2wqd0Vlo61V7eaa7e5LI6xy7MwJyKROF9vDa+lb4/3C1u3PGs1HSF0= X-Received: by 10.98.102.82 with SMTP id a79mr2578743pfc.109.1505920931352; Wed, 20 Sep 2017 08:22:11 -0700 (PDT) MIME-Version: 1.0 Received: by 10.100.144.1 with HTTP; Wed, 20 Sep 2017 08:21:30 -0700 (PDT) In-Reply-To: <6971D34B-DC0E-4C3E-B412-3C2F8FAE5704@cisco.com> References: <6971D34B-DC0E-4C3E-B412-3C2F8FAE5704@cisco.com> From: Kathleen Moriarty Date: Wed, 20 Sep 2017 11:21:30 -0400 Message-ID: To: "Carlos Pignataro (cpignata)" Cc: "Paul Quinn (paulq)" , "sfc@ietf.org" Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Archived-At: Subject: Re: [sfc] Early review draft-ietf-sfc-nsh X-BeenThere: sfc@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Network Service Chaining List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 Sep 2017 15:22:15 -0000 Hi Carlos, It's a start, but should be more specific. What are the original packets/frame - is this link layer or network or both? It seems like both from the diagram, but is that really the case? Then for the transport encapsulation, is this layer 3 or 4? The wording that precedes this is a bit confusing (here for reference): The Network Service Header (NSH) specification defines a new protocol and associated encapsulation for the creation of dynamic service chains, operating at the service plane. The NSH is designed to encapsulate an original packet or frame, and in turn be encapsulated by an outer transport (which is used to deliver the NSH to NSH-aware network elements), as shown in Figure 1: Normally, the higher layers are encapsulated, but this wording describes just the opposite. It says the packet/frame at layer 2/3 (just going from the normal uses of packet and frame to assume layer 3/2). NHS encapsulates that, and then is encapsulated by a transport layer 3/4? If you can clarify this text or make it clear that you really intended to do this odd encapsulation, that would help a lot. Understanding the layers this all happens at is very important. If NSH is the trigger for the layer 3/4 transport, how can security be applied? Or is it addressed by a prior 3/4 encapsulation by the original packet/frame? Thanks, Kathleen On Tue, Sep 19, 2017 at 4:53 PM, Carlos Pignataro (cpignata) wrote: > Hi, Kathleen, > > Thanks for the clarification. > > Regarding: > > is that the layering needs to be specifically > stated to clearly > > > Like this? > https://tools.ietf.org/html/draft-ietf-sfc-nsh-21#section-1 > > +------------------------------+ > | Transport Encapsulation | > +------------------------------+ > | Network Service Header (NSH) | > +------------------------------+ > | Original Packet / Frame | > +------------------------------+ > > Figure 1: Network Service Header Encapsulation > > I think if you laid this out > nicely and clearly showed where transport security is addressed at > another layer (out-of-scope), it would go a long way. > > > Hopefully the above (existing) figure and text is clear. In that case: > > One idea is to categorize the paragraphs in the Security Considerations t= o > make those relations more clear. > > =E2=80=94 > Carlos Pignataro. > > > On Sep 19, 2017, at 3:38 PM, Kathleen Moriarty > wrote: > > Thanks for the responses. I'm going to top post as I thin the main > point of my review is that the layering needs to be specifically > stated to clearly scope the problem space for NSH security > considerations. The draft as-written is not clear and as a result, > security reviews are very difficult. I think if you laid this out > nicely and clearly showed where transport security is addressed at > another layer (out-of-scope), it would go a long way. Although the > draft improved a bit from the previous version, I think a careful > review and edit pass would do a lot of good, specifically around > clarity of the problem space and solution. The questions I asked were > a result of lack of clarity in the draft. > > Thanks, > Kathleen > > On Tue, Sep 19, 2017 at 3:22 PM, Paul Quinn (paulq) wro= te: > > Hi, > > Thank you for the review. Please see some comments inline below. > > Paul > > On Sep 18, 2017, at 4:15 PM, Kathleen Moriarty > wrote: > > Hello, > > At Alia's request, I did an early review of draft-ietf-sfc-nsh. Here > are some initial comments and I may have more when the draft is > revised and is in for IESG review. I appreciate your efforts > addressing the comments received to date. I hope you find these > suggestions as helpful improvements to the document and clarity of NSH > security concerns. > > > Section 1 - > > The intended scope in the introduction should also include mention of > multi-tenancy. This changes the security requirements and is very > important to note. > > Section 1.4 - > > 5. Transport Agnostic: The NSH is encapsulation-independent, meaning > it can be transported by a variety of protocols. An appropriate > (for a given deployment) encapsulation protocol can be used to > carry NSH-encapsulated traffic. This transport may form an > overlay network and if an existing overlay topology provides the > required service path connectivity, that existing overlay may be > used. > > Is there a preferred transport so you could specify a recommended > transport security protocol? > > > PQ> There is not. In fact at the AD=E2=80=99s request sample transports = were > removed to ensure that there was no implied preference. Therefore, an > operator can select their preferred transports, including =E2=80=94 as pe= r the > security considerations section =E2=80=94 ones that provide encryption. > > > Section 2, 3rd sentence: > Subsequently, an > outer encapsulation is imposed on the NSH, which is used for network > forwarding. > > Knowing more about this would help to understand options or if there > is another draft that addresses this outer encapsulation that is > imposed and the transport security requirements that go along with it. > > > PQ> Since NSH defines no preferred transport(s), the security of the > selected transport is left to the transport standard. So, for example, = if > an operator elects to use the NVO3 defined protocol, then the operator ha= s > explicitly selected that overlay. > > > Transport may be hop to hop, and there might not be encryption of this > header if the application uses an encrypted transport encapsulated in > this layer. In any case, it seems integrity protection is a > requirement for a multi-tenant environment. Could the COSE MAC > function fit the bill since it is intended for concise formats? > https://datatracker.ietf.org/doc/rfc8152 > JOSE produced a similar function with JSON, but it would be slightly larg= er. > > Section 7.1: > > The following paragraph implies that anything less than a 5-tuple > isn=E2=80=99t useful and that you intend to use traffic content when > available. This is concerning. Can=E2=80=99t you use a 2-tuple? What i= f > IPsec transport mode were in use, is this solution dead in the water? > > Regardless of the source, metadata reflects the "result" of > classification. The granularity of classification may vary. For > example, a network switch, acting as a classifier, might only be able > to classify based on a 5-tuple, while a service function may be able > to inspect application information. Regardless of granularity, the > classification information can be represented in the NSH. > > If a 2-tuple is possible, could you add that in as an example instead > of or in addition to the 5-tuple? > > > PQ> The 5-tuple was used only as an example that is commonly understood = in > the context of network device classification. The sentence: "The > granularity of classification may vary.=E2=80=9D addresses 2, 3, 4, n-tup= le > classification. Further, that point is reinforced: =E2=80=9CRegardless o= f > granularity, the classification information can be represented in the NSH= ." > > > > > Section 7.1 > > This text comes too late in the draft and I recommend making a clear > statement in the introduction that session encryption to protect the > data in transit relies on the application/service sending/receiving > the data and not the SFC. I made this point previously and am glad to > see some text, but think it would be much better to state this early > in the draft. Touching upon protections for data streams versus meta > data would both be important (layers for traffic and associated > protections). If it=E2=80=99s meta data, do they need to rely on IPsec a= nd > having a 2-tuple be the minimum? When is that applied? Is there meta > data that could be sensitive if TLS was in place and a 5-tuple is > visible (perhaps the existence of communication is sensitive). Are > there other considerations for metadata and data that need to be > stated up front and put out-of-scope for SFC? I=E2=80=99m asking these > questions as providing these answers could show that the risk is > constrained. > > Depending on the information carried in the metadata, data privacy > considerations may need to be considered. For example, if the > metadata conveys tenant information, that information may need to be > authenticated and/or encrypted between the originator and the > intended recipients (which may include intended SFs only). The NSH > itself does not provide privacy functions, rather it relies on the > transport/overlay layer. An operator can select the appropriate > transport to ensure confidentiality (and other security) > considerations are met. Metadata privacy and security considerations > are a matter for the documents that define metadata format. > > > > PQ> Are you suggesting that application layer confidentially be addresse= d > in this draft? NSH =E2=80=9Cplays nicely=E2=80=9D with standard encrypt= ion transports, > therefore allowing operators to =E2=80=9Csecure=E2=80=9D the path. Going= up the stack from > that seems to be outside the scope of NSH and inconsistent with other > protocol requirements. > > > Other comments: > > I=E2=80=99d like to see; > https://tools.ietf.org/html/draft-mglt-sfc-security-environment-req-02 > Published before this document and then have that as a reference. One > of the comments I made previously was to list out the layering and > protections expected on data and NSH. This has been done in the > security environment draft, section 4 should be referenced: > > Section 4 provides an overall description of the SFC environment with > the introduction of the different planes (SFC Control Plane, the SFC > Management Plane, the Tenant's user Plane and the SFC Data Plane). > > > > PQ> As I mentioned on another thread: a secure environment draft is not > related to NSH per se. > > > > > This is a very important point for anyone reviewing for security as > are the environment security requirements. The security environment > requirements draft still needs a little more work from a quick read, > but helps a lot. I need to finish reading the security environment > draft. > > -- > > Best regards, > Kathleen > > _______________________________________________ > sfc mailing list > sfc@ietf.org > https://www.ietf.org/mailman/listinfo/sfc > > > > > > -- > > Best regards, > Kathleen > > _______________________________________________ > sfc mailing list > sfc@ietf.org > https://www.ietf.org/mailman/listinfo/sfc > > --=20 Best regards, Kathleen From nobody Wed Sep 20 08:59:18 2017 Return-Path: X-Original-To: sfc@ietfa.amsl.com Delivered-To: sfc@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 37C52134226 for ; Wed, 20 Sep 2017 08:59:16 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -14.521 X-Spam-Level: X-Spam-Status: No, score=-14.521 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VPG6McuRwqEu for ; Wed, 20 Sep 2017 08:59:13 -0700 (PDT) Received: from alln-iport-2.cisco.com (alln-iport-2.cisco.com [173.37.142.89]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5274E13422F for ; Wed, 20 Sep 2017 08:59:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=19484; q=dns/txt; s=iport; t=1505923153; x=1507132753; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=3SWdxnA5P1t2XM5qo0rvBZglY8Ck6cDvkB7sTFJwAw0=; b=LcU/jCrpohnamn+Ifl9yBwScqvKOXUZXQZJG7KnoXicSz0pUL3EkF4Bh 2QyyZma8ml3hLDI9STwx+A+EQKBuhJ8ov1NJYYHMivU6VrM08CE2Kvh4G 2s6AbfzSuZfG++nWhhRiQDqsoLaNAWy2rGyDLXfrRQcjA2R6izoqwxDsz c=; X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0CuAQBuj8JZ/5tdJa1cGQEBAQEBAQEBA?= =?us-ascii?q?QEBBwEBAQEBg1pkbicHg26aFoFSIog+jXeCBAoYC4UYAhqES1cBAgEBAQEBAms?= =?us-ascii?q?ohRgBAQEBAgEBASEEDTMHBAcFCwIBCBgCAiYCAgIfBgsVEAIEDgUbigADDQgQq?= =?us-ascii?q?AiBbTqHMQ2DXwEBAQEBAQEBAQEBAQEBAQEBAQEBARgFgQ6CHYFiIIFRgWQrC4F?= =?us-ascii?q?lgQ2CWYFmJFACglkvgjEFig+OOIgQPAKHW4gDhHeCE4Vqg36HAIxfiC4CERkBg?= =?us-ascii?q?TgBV4ENdxVJEgGFBhyBZ3YBiBGBEAEBAQ?= X-IronPort-AV: E=Sophos;i="5.42,421,1500940800"; d="scan'208";a="6261221" Received: from rcdn-core-4.cisco.com ([173.37.93.155]) by alln-iport-2.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 20 Sep 2017 15:59:12 +0000 Received: from XCH-RTP-009.cisco.com (xch-rtp-009.cisco.com [64.101.220.149]) by rcdn-core-4.cisco.com (8.14.5/8.14.5) with ESMTP id v8KFxBjJ019274 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Wed, 20 Sep 2017 15:59:12 GMT Received: from xch-rtp-020.cisco.com (64.101.220.160) by XCH-RTP-009.cisco.com (64.101.220.149) with Microsoft SMTP Server (TLS) id 15.0.1263.5; Wed, 20 Sep 2017 11:59:11 -0400 Received: from xch-rtp-020.cisco.com ([64.101.220.160]) by XCH-RTP-020.cisco.com ([64.101.220.160]) with mapi id 15.00.1263.000; Wed, 20 Sep 2017 11:59:10 -0400 From: "Carlos Pignataro (cpignata)" To: Kathleen Moriarty CC: "Paul Quinn (paulq)" , "sfc@ietf.org" Thread-Topic: [sfc] Early review draft-ietf-sfc-nsh Thread-Index: AQHTMLsSqoZIGRErdkS+KbebYim9zKK82t6AgAAEeYCAABTqgIABNZsAgAAKggA= Date: Wed, 20 Sep 2017 15:59:10 +0000 Message-ID: <43ED911F-2174-4930-A9BE-1B2A81CD03E9@cisco.com> References: <6971D34B-DC0E-4C3E-B412-3C2F8FAE5704@cisco.com> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-exchange-messagesentrepresentingtype: 1 x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [10.118.116.133] Content-Type: text/plain; charset="utf-8" Content-ID: <6C61E88AA689744B9AE936758E240DC8@emea.cisco.com> Content-Transfer-Encoding: base64 MIME-Version: 1.0 Archived-At: Subject: Re: [sfc] Early review draft-ietf-sfc-nsh X-BeenThere: sfc@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Network Service Chaining List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 Sep 2017 15:59:16 -0000 SGksIEthdGhsZWVuLA0KDQpUaGFuayB5b3UgZm9yIGFza2luZyBleHBsaWNpdGx5LiBUaGlzIGRv Y3VtZW50IHVzZWQgdG8gaGF2ZSBleHBsaWNpdCDigJxOU0ggRW5jYXBzdWxhdGlvbiBFeGFtcGxl c+KAnSwgYnV0IHdlcmUgdGFrZW4gb3V0IChhdCB0aGUgQUTigJlzIHJlcXVlc3QpIGJhc2VkIG9u IHRoZSBhcmd1bWVudCB0aGF0IOKAnGV2ZXJ5b25lIHdvdWxkIGxpa2UgdG8gaGF2ZSB0aGVpciBl bmNhcHN1bGF0aW9u4oCdLiBXZSBjYW4gYWx3YXlzIGJyaW5nIHRoZW0gYmFjayBpZiBkZXNpcmVk LCBldmVuIHdpdGhpbiBhIG5vbi1ub3JtYXRpdmUgYXBwZW5kaXguDQoNCkFzIEkgZm9sbG93IHlv dXIgcXVlc3Rpb25zLCBJIHdpbGwgdHJ5IG15IGJlc3QgdG8gYW5zd2VyIGFuZCBjbGFyaWZ5Lg0K DQpJIGFtIG5vdCBzdXJlIHdoaWNoIOKAnGJ1bm55IHRyYWls4oCdIHRvb2sgdGhlIGNvbnZlcnNh dGlvbiBoZXJlLCBidXQgcGVyaGFwcyBhIGNvdXBsZSBvZiB0b3AtcG9zdCBjbGFyaWZpY2F0aW9u cyBtaWdodCBoZWxwOg0KDQoxLiDigJxPcmlnaW5hbCBQYWNrZXQvRnJhbWXigJ0gLT4gdGhlIHRl cm1pbm9sb2d5IFBhY2tldC9GcmFtZSwgYXMgY29tbW9ubHkgdXNlZCwgZGVub3RlcyBhbiBJUCBw YWNrZXQgb3IgYW4gRXRoZXJuZXQgZnJhbWUuDQoyLiBUaGUgb3V0ZXIgIlRyYW5zcG9ydCBFbmNh cHN1bGF0aW9u4oCdIGRvZXMgKm5vdCogbWVhbiBUQ1AuIEl0IHVzZXMgdGhlIHdvcmQg4oCcVHJh bnNwb3J04oCdIGFzIHRyYW5zcG9ydCBwcm9maWxlLCBhbiBlbmNhcHN1bGF0aW9uIHRoYXQgdHJh bnNwb3J0cywgbm90IGFzIFRDUC4gR1JFIGlzIG9uZSBleGFtcGxlIG9mIGEgdHJhbnNwb3J0IGVu Y2Fwc3VsYXRpb24sIG5vdCBUQ1AgYXMgYSDigJxMNCBUcmFuc3BvcnQgTGF5ZXIgcHJvdG9jb2zi gJ0uDQoNCkluIHBvaW50ICMyLCBHUkUgaXMgdGhlIFRyYW5zcG9ydCB0aGF0IE5TSCB1c2VzIGJl dHdlZW4gU0ZGcy9TRnMuIEFuZCBmdXJ0aGVyLCBzaW5jZSBOU0ggaXMgVHJhbnNwb3J0IEVuY2Fw c3VsYXRpb24gYWdub3N0aWMsIHdlIGFyZSB0YWxraW5nIGFib3V0IHBvdGVudGlhbGx5IGEgYnJv YWQgc2V0IG9mIHByb3RvY29sc+KApiBJ4oCZZCBlbmNvdXJhZ2UgdXMgdG8gbm90IGF0dGVtcHQg dG8gY2xhc3NpZnkgdGhlbSBpbiBPU0kgTGF5ZXJzLg0KDQpJIGNhbiBzZWUgdGhhdCBzb21lIG9m IHRoaXMgbWlnaHQgbm90IGJlIHRvdGFsbHkgY2xlYXIgaWYgc2Nhbm5pbmcgdGhyb3VnaCB0aGUg ZG9jdW1lbnQsIGJ1dCBpdCBpcyBjbGVhciBmb3IgYW4gaW1wbGVtZW50b3IuDQoNClNlZSBUYWJs ZSAxIGFuZCBUYWJsZSAzIGZvciBleGFtcGxlcyAoVHJhbnNwb3J0IGNvbHVtbikNCg0KSSBob3Bl IHRoaXMgaGVscHMgc2V0IGNsYXJpZnlpbmcgY29udGV4dCwgc2VlIGlubGluZSBmb3IgbW9yZSBz cGVjaWZpYyBkZXRhaWxzLi4uDQoNCj4gT24gU2VwIDIwLCAyMDE3LCBhdCAxMToyMSBBTSwgS2F0 aGxlZW4gTW9yaWFydHkgPEthdGhsZWVuLk1vcmlhcnR5LmlldGZAZ21haWwuY29tPiB3cm90ZToN Cj4gDQo+IEhpIENhcmxvcywNCj4gDQo+IEl0J3MgYSBzdGFydCwgYnV0IHNob3VsZCBiZSBtb3Jl IHNwZWNpZmljLiAgDQoNClRoZSBzcGVjaWZpY3MgYXJlIGluIHRoZSBkb2N1bWVudCwgZXZlbiBl eGFtcGxlcyBhcyBwZXIgVGFibGVzIDEgYW5kIDMuDQoNCj4gV2hhdCBhcmUgdGhlIG9yaWdpbmFs DQo+IHBhY2tldHMvZnJhbWUgLSBpcyB0aGlzIGxpbmsgbGF5ZXIgb3IgbmV0d29yayBvciBib3Ro Pw0KDQpUaGVzZSBhcmUgdGhlIHBhY2tldHMgb3IgZnJhbWVzIGluY29taW5nIGludG8gYSBjbGFz c2lmaWVyLCBvcmlnaW5hbCwgdGhlbiBOU0ggaXMgaW1wb3NlZCwgdGhlbiBhIHRyYW5zcG9ydCBl bmNhcHN1bGF0aW9uIGlzIGltcG9zZWQuDQoNCj4gIEl0IHNlZW1zIGxpa2UNCj4gYm90aCBmcm9t IHRoZSBkaWFncmFtLCBidXQgaXMgdGhhdCByZWFsbHkgdGhlIGNhc2U/DQoNClllcywgaXQgaXMg Ym90aC4gUmVhbGx5IHRoZSBjYXNlLg0KDQo+IA0KPiBUaGVuIGZvciB0aGUgdHJhbnNwb3J0IGVu Y2Fwc3VsYXRpb24sIGlzIHRoaXMgbGF5ZXIgMyBvciA0Pw0KDQpJIGJlbGlldmUgaXQgaXMgYSBz b3VyY2Ugb2YgaGVhZGFjaGUgYW5kIGNvbmZ1c2lvbiB0byB0aGluayBhYm91dCBPU0kgbGF5ZXJz 4oCmIHdoYXQgbGF5ZXIgaXMgSVAtaW4tSVA/IEFuZCBhbiBNUExTIFBzZXVkb3dpcmUgdHJhbnNw b3J0aW5nIEV0aGVybmV0PyBPciBhbiBJUHY2L0wyVFB2MyBwc2V1ZG93aXJlIHRyYW5zcG9ydGlu ZyBURE0/DQoNCj4gDQo+IFRoZSB3b3JkaW5nIHRoYXQgcHJlY2VkZXMgdGhpcyBpcyBhIGJpdCBj b25mdXNpbmcgKGhlcmUgZm9yIHJlZmVyZW5jZSk6DQo+IA0KPiAgIFRoZSBOZXR3b3JrIFNlcnZp Y2UgSGVhZGVyIChOU0gpIHNwZWNpZmljYXRpb24gZGVmaW5lcyBhIG5ldyBwcm90b2NvbA0KPiAg IGFuZCBhc3NvY2lhdGVkIGVuY2Fwc3VsYXRpb24gZm9yIHRoZSBjcmVhdGlvbiBvZiBkeW5hbWlj IHNlcnZpY2UNCj4gICBjaGFpbnMsIG9wZXJhdGluZyBhdCB0aGUgc2VydmljZSBwbGFuZS4gIFRo ZSBOU0ggaXMgZGVzaWduZWQgdG8NCj4gICBlbmNhcHN1bGF0ZSBhbiBvcmlnaW5hbCBwYWNrZXQg b3IgZnJhbWUsIGFuZCBpbiB0dXJuIGJlIGVuY2Fwc3VsYXRlZA0KPiAgIGJ5IGFuIG91dGVyIHRy YW5zcG9ydCAod2hpY2ggaXMgdXNlZCB0byBkZWxpdmVyIHRoZSBOU0ggdG8gTlNILWF3YXJlDQo+ ICAgbmV0d29yayBlbGVtZW50cyksIGFzIHNob3duIGluIEZpZ3VyZSAxOg0KDQpEb2VzIHRoZSBl eHBsYW5hdGlvbiBhYm92ZSBoZWxwPyBJIGFtIG5vdCBzdXJlIGhvdyB0byBiZXN0IGFuc3dlcuKA piBiZWNhdXNlIEkgZG8gbm90IGZpbmQgaXQgY29uZnVzaW5nLiBUaGlzIHRleHQgaXMgdGhlIHJl c3VsdCBvZiByZXZpZXdlcnMgYXNraW5nIGZvciBjbGFyaXR5LCBhbmQgdGhlbiBhY2tub3dsZWRn aW5nIHRoYXQgdGhlIHBhcmFncmFwaCBhYm92ZSBicm91Z2h0IHRoYXQgY2xhcml0eS4NCg0KPiAN Cj4gTm9ybWFsbHksIHRoZSBoaWdoZXIgbGF5ZXJzIGFyZSBlbmNhcHN1bGF0ZWQsDQoNCldoYXQg aXMgaGlnaGVyIGFuZCBsb3dlcj8gQW5kIGZvciB3aGF0IGRlZmluaXRpb24gb2Yg4oCcTm9ybWFs bHnigJ0/IFdoYXTigJlzIGEgVHVubmVsPw0KDQo+IGJ1dCB0aGlzIHdvcmRpbmcNCj4gZGVzY3Jp YmVzIGp1c3QgdGhlIG9wcG9zaXRlLiAgSXQgc2F5cyB0aGUgcGFja2V0L2ZyYW1lIGF0IGxheWVy IDIvMw0KPiAoanVzdCBnb2luZyBmcm9tIHRoZSBub3JtYWwgdXNlcyBvZiBwYWNrZXQgYW5kIGZy YW1lIHRvIGFzc3VtZSBsYXllcg0KPiAzLzIpLg0KDQpDb3JyZWN0LiBJUCBwYWNrZXQsIEV0aGVy bmV0IEZyYW1lLg0KDQo+ICBOSFMgZW5jYXBzdWxhdGVzIHRoYXQsIGFuZCB0aGVuIGlzIGVuY2Fw c3VsYXRlZCBieSBhIHRyYW5zcG9ydA0KPiBsYXllciAzLzQ/DQoNCk5vLg0KDQpXaGVyZSBkb2Vz IGl0IHNheSDigJxUcmFuc3BvcnQgTGF5ZXLigJ0/DQoNCk5vdGUgdGhhdCDigJxOZXR3b3JrIFRy YW5zcG9ydOKAnSwgYW5kIOKAnFRyYW5zcG9ydCBFbmNhcHN1bGF0aW9u4oCdIGFyZSB0ZXJtcyBj b21pbmcgZnJvbSBSRkMgNzY2NS4NCg0KQW5kIHRvIGJlIGNsZWFyOiBtYW55IFJGQ3MgdXNlIOKA nFRyYW5zcG9ydCBFbmNhcHN1bGF0aW9u4oCdIG9yIGEgdmFyaWF0aW9uIG9mIHRoYXQgKEVuY2Fw c3VsYXRpb24gZm9yIFRyYW5zcG9ydCwgVHJhbnNwb3J0LWluZGVwZW5kZW50IEVuY2Fwc3VsYXRp b24sIGV0Yy4pDQoNClNlZSBUYWJsZSAxIGFuZCBUYWJsZSAzLCBUcmFuc3BvcnQgY29sdW1uLCBm b3IgZXhhbXBsZXMuDQoNCg0KPiAgSWYgeW91IGNhbiBjbGFyaWZ5IHRoaXMgdGV4dCBvciBtYWtl IGl0IGNsZWFyIHRoYXQgeW91DQo+IHJlYWxseSBpbnRlbmRlZCB0byBkbyB0aGlzIG9kZCBlbmNh cHN1bGF0aW9uLCB0aGF0IHdvdWxkIGhlbHAgYSBsb3QuDQoNCkhvcGVmdWxseSBteSBleHBsYW5h dGlvbiBoZWxwcy4NCg0KPiBVbmRlcnN0YW5kaW5nIHRoZSBsYXllcnMgdGhpcyBhbGwgaGFwcGVu cyBhdCBpcyB2ZXJ5IGltcG9ydGFudC4gIElmDQo+IE5TSCBpcyB0aGUgdHJpZ2dlciBmb3IgdGhl IGxheWVyIDMvNCB0cmFuc3BvcnQsIGhvdyBjYW4gc2VjdXJpdHkgYmUNCj4gYXBwbGllZD8gIE9y IGlzIGl0IGFkZHJlc3NlZCBieSBhIHByaW9yIDMvNCBlbmNhcHN1bGF0aW9uIGJ5IHRoZQ0KPiBv cmlnaW5hbCBwYWNrZXQvZnJhbWU/DQo+IA0KPiBUaGFua3MsDQo+IEthdGhsZWVuDQo+IA0KDQoN CuKAlA0KQ2FybG9zIFBpZ25hdGFybywgY2FybG9zQGNpc2NvLmNvbQ0KDQoNCj4gDQo+IE9uIFR1 ZSwgU2VwIDE5LCAyMDE3IGF0IDQ6NTMgUE0sIENhcmxvcyBQaWduYXRhcm8gKGNwaWduYXRhKQ0K PiA8Y3BpZ25hdGFAY2lzY28uY29tPiB3cm90ZToNCj4+IEhpLCBLYXRobGVlbiwNCj4+IA0KPj4g VGhhbmtzIGZvciB0aGUgY2xhcmlmaWNhdGlvbi4NCj4+IA0KPj4gUmVnYXJkaW5nOg0KPj4gDQo+ PiBpcyB0aGF0IHRoZSBsYXllcmluZyBuZWVkcyB0byBiZSBzcGVjaWZpY2FsbHkNCj4+IHN0YXRl ZCB0byBjbGVhcmx5DQo+PiANCj4+IA0KPj4gTGlrZSB0aGlzPw0KPj4gaHR0cHM6Ly90b29scy5p ZXRmLm9yZy9odG1sL2RyYWZ0LWlldGYtc2ZjLW5zaC0yMSNzZWN0aW9uLTENCj4+IA0KPj4gICAg ICAgICAgICAgICAgICAgICArLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tKw0KPj4gICAg ICAgICAgICAgICAgICAgICB8ICAgIFRyYW5zcG9ydCBFbmNhcHN1bGF0aW9uICAgfA0KPj4gICAg ICAgICAgICAgICAgICAgICArLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tKw0KPj4gICAg ICAgICAgICAgICAgICAgICB8IE5ldHdvcmsgU2VydmljZSBIZWFkZXIgKE5TSCkgfA0KPj4gICAg ICAgICAgICAgICAgICAgICArLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tKw0KPj4gICAg ICAgICAgICAgICAgICAgICB8ICAgIE9yaWdpbmFsIFBhY2tldCAvIEZyYW1lICAgfA0KPj4gICAg ICAgICAgICAgICAgICAgICArLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tKw0KPj4gDQo+ PiAgICAgICAgICAgICAgRmlndXJlIDE6IE5ldHdvcmsgU2VydmljZSBIZWFkZXIgRW5jYXBzdWxh dGlvbg0KPj4gDQo+PiBJIHRoaW5rIGlmIHlvdSBsYWlkIHRoaXMgb3V0DQo+PiBuaWNlbHkgYW5k IGNsZWFybHkgc2hvd2VkIHdoZXJlIHRyYW5zcG9ydCBzZWN1cml0eSBpcyBhZGRyZXNzZWQgYXQN Cj4+IGFub3RoZXIgbGF5ZXIgKG91dC1vZi1zY29wZSksIGl0IHdvdWxkIGdvIGEgbG9uZyB3YXku DQo+PiANCj4+IA0KPj4gSG9wZWZ1bGx5IHRoZSBhYm92ZSAoZXhpc3RpbmcpIGZpZ3VyZSBhbmQg dGV4dCBpcyBjbGVhci4gSW4gdGhhdCBjYXNlOg0KPj4gDQo+PiBPbmUgaWRlYSBpcyB0byBjYXRl Z29yaXplIHRoZSBwYXJhZ3JhcGhzIGluIHRoZSBTZWN1cml0eSBDb25zaWRlcmF0aW9ucyB0bw0K Pj4gbWFrZSB0aG9zZSByZWxhdGlvbnMgbW9yZSBjbGVhci4NCj4+IA0KPj4g4oCUDQo+PiBDYXJs b3MgUGlnbmF0YXJvLg0KPj4gDQo+PiANCj4+IE9uIFNlcCAxOSwgMjAxNywgYXQgMzozOCBQTSwg S2F0aGxlZW4gTW9yaWFydHkNCj4+IDxLYXRobGVlbi5Nb3JpYXJ0eS5pZXRmQGdtYWlsLmNvbT4g d3JvdGU6DQo+PiANCj4+IFRoYW5rcyBmb3IgdGhlIHJlc3BvbnNlcy4gIEknbSBnb2luZyB0byB0 b3AgcG9zdCBhcyBJIHRoaW4gdGhlIG1haW4NCj4+IHBvaW50IG9mIG15IHJldmlldyBpcyB0aGF0 IHRoZSBsYXllcmluZyBuZWVkcyB0byBiZSBzcGVjaWZpY2FsbHkNCj4+IHN0YXRlZCB0byBjbGVh cmx5IHNjb3BlIHRoZSBwcm9ibGVtIHNwYWNlIGZvciBOU0ggc2VjdXJpdHkNCj4+IGNvbnNpZGVy YXRpb25zLiAgVGhlIGRyYWZ0IGFzLXdyaXR0ZW4gaXMgbm90IGNsZWFyIGFuZCBhcyBhIHJlc3Vs dCwNCj4+IHNlY3VyaXR5IHJldmlld3MgYXJlIHZlcnkgZGlmZmljdWx0LiAgSSB0aGluayBpZiB5 b3UgbGFpZCB0aGlzIG91dA0KPj4gbmljZWx5IGFuZCBjbGVhcmx5IHNob3dlZCB3aGVyZSB0cmFu c3BvcnQgc2VjdXJpdHkgaXMgYWRkcmVzc2VkIGF0DQo+PiBhbm90aGVyIGxheWVyIChvdXQtb2Yt c2NvcGUpLCBpdCB3b3VsZCBnbyBhIGxvbmcgd2F5LiAgQWx0aG91Z2ggdGhlDQo+PiBkcmFmdCBp bXByb3ZlZCBhIGJpdCBmcm9tIHRoZSBwcmV2aW91cyB2ZXJzaW9uLCBJIHRoaW5rIGEgY2FyZWZ1 bA0KPj4gcmV2aWV3IGFuZCBlZGl0IHBhc3Mgd291bGQgZG8gYSBsb3Qgb2YgZ29vZCwgc3BlY2lm aWNhbGx5IGFyb3VuZA0KPj4gY2xhcml0eSBvZiB0aGUgcHJvYmxlbSBzcGFjZSBhbmQgc29sdXRp b24uICBUaGUgcXVlc3Rpb25zIEkgYXNrZWQgd2VyZQ0KPj4gYSByZXN1bHQgb2YgbGFjayBvZiBj bGFyaXR5IGluIHRoZSBkcmFmdC4NCj4+IA0KPj4gVGhhbmtzLA0KPj4gS2F0aGxlZW4NCj4+IA0K Pj4gT24gVHVlLCBTZXAgMTksIDIwMTcgYXQgMzoyMiBQTSwgUGF1bCBRdWlubiAocGF1bHEpIDxw YXVscUBjaXNjby5jb20+IHdyb3RlOg0KPj4gDQo+PiBIaSwNCj4+IA0KPj4gVGhhbmsgeW91IGZv ciB0aGUgcmV2aWV3LiAgUGxlYXNlIHNlZSBzb21lIGNvbW1lbnRzIGlubGluZSBiZWxvdy4NCj4+ IA0KPj4gUGF1bA0KPj4gDQo+PiBPbiBTZXAgMTgsIDIwMTcsIGF0IDQ6MTUgUE0sIEthdGhsZWVu IE1vcmlhcnR5DQo+PiA8a2F0aGxlZW4ubW9yaWFydHkuaWV0ZkBnbWFpbC5jb20+IHdyb3RlOg0K Pj4gDQo+PiBIZWxsbywNCj4+IA0KPj4gQXQgQWxpYSdzIHJlcXVlc3QsIEkgZGlkIGFuIGVhcmx5 IHJldmlldyBvZiBkcmFmdC1pZXRmLXNmYy1uc2guICBIZXJlDQo+PiBhcmUgc29tZSBpbml0aWFs IGNvbW1lbnRzIGFuZCBJIG1heSBoYXZlIG1vcmUgd2hlbiB0aGUgZHJhZnQgaXMNCj4+IHJldmlz ZWQgYW5kIGlzIGluIGZvciBJRVNHIHJldmlldy4gIEkgYXBwcmVjaWF0ZSB5b3VyIGVmZm9ydHMN Cj4+IGFkZHJlc3NpbmcgdGhlIGNvbW1lbnRzIHJlY2VpdmVkIHRvIGRhdGUuICBJIGhvcGUgeW91 IGZpbmQgdGhlc2UNCj4+IHN1Z2dlc3Rpb25zIGFzIGhlbHBmdWwgaW1wcm92ZW1lbnRzIHRvIHRo ZSBkb2N1bWVudCBhbmQgY2xhcml0eSBvZiBOU0gNCj4+IHNlY3VyaXR5IGNvbmNlcm5zLg0KPj4g DQo+PiANCj4+IFNlY3Rpb24gMSAtDQo+PiANCj4+IFRoZSBpbnRlbmRlZCBzY29wZSBpbiB0aGUg aW50cm9kdWN0aW9uIHNob3VsZCBhbHNvIGluY2x1ZGUgbWVudGlvbiBvZg0KPj4gbXVsdGktdGVu YW5jeS4gIFRoaXMgY2hhbmdlcyB0aGUgc2VjdXJpdHkgcmVxdWlyZW1lbnRzIGFuZCBpcyB2ZXJ5 DQo+PiBpbXBvcnRhbnQgdG8gbm90ZS4NCj4+IA0KPj4gU2VjdGlvbiAxLjQgLQ0KPj4gDQo+PiA1 LiAgVHJhbnNwb3J0IEFnbm9zdGljOiBUaGUgTlNIIGlzIGVuY2Fwc3VsYXRpb24taW5kZXBlbmRl bnQsIG1lYW5pbmcNCj4+ICAgICBpdCBjYW4gYmUgdHJhbnNwb3J0ZWQgYnkgYSB2YXJpZXR5IG9m IHByb3RvY29scy4gIEFuIGFwcHJvcHJpYXRlDQo+PiAgICAgKGZvciBhIGdpdmVuIGRlcGxveW1l bnQpIGVuY2Fwc3VsYXRpb24gcHJvdG9jb2wgY2FuIGJlIHVzZWQgdG8NCj4+ICAgICBjYXJyeSBO U0gtZW5jYXBzdWxhdGVkIHRyYWZmaWMuICBUaGlzIHRyYW5zcG9ydCBtYXkgZm9ybSBhbg0KPj4g ICAgIG92ZXJsYXkgbmV0d29yayBhbmQgaWYgYW4gZXhpc3Rpbmcgb3ZlcmxheSB0b3BvbG9neSBw cm92aWRlcyB0aGUNCj4+ICAgICByZXF1aXJlZCBzZXJ2aWNlIHBhdGggY29ubmVjdGl2aXR5LCB0 aGF0IGV4aXN0aW5nIG92ZXJsYXkgbWF5IGJlDQo+PiAgICAgdXNlZC4NCj4+IA0KPj4gSXMgdGhl cmUgYSBwcmVmZXJyZWQgdHJhbnNwb3J0IHNvIHlvdSBjb3VsZCBzcGVjaWZ5IGEgcmVjb21tZW5k ZWQNCj4+IHRyYW5zcG9ydCBzZWN1cml0eSBwcm90b2NvbD8NCj4+IA0KPj4gDQo+PiBQUT4gVGhl cmUgaXMgbm90LiAgSW4gZmFjdCBhdCB0aGUgQUTigJlzIHJlcXVlc3Qgc2FtcGxlIHRyYW5zcG9y dHMgd2VyZQ0KPj4gcmVtb3ZlZCB0byBlbnN1cmUgdGhhdCB0aGVyZSB3YXMgbm8gaW1wbGllZCBw cmVmZXJlbmNlLiAgVGhlcmVmb3JlLCBhbg0KPj4gb3BlcmF0b3IgY2FuIHNlbGVjdCB0aGVpciBw cmVmZXJyZWQgdHJhbnNwb3J0cywgaW5jbHVkaW5nIOKAlCBhcyBwZXIgdGhlDQo+PiBzZWN1cml0 eSBjb25zaWRlcmF0aW9ucyBzZWN0aW9uIOKAlCBvbmVzIHRoYXQgcHJvdmlkZSBlbmNyeXB0aW9u Lg0KPj4gDQo+PiANCj4+IFNlY3Rpb24gMiwgM3JkIHNlbnRlbmNlOg0KPj4gU3Vic2VxdWVudGx5 LCBhbg0KPj4gb3V0ZXIgZW5jYXBzdWxhdGlvbiBpcyBpbXBvc2VkIG9uIHRoZSBOU0gsIHdoaWNo IGlzIHVzZWQgZm9yIG5ldHdvcmsNCj4+IGZvcndhcmRpbmcuDQo+PiANCj4+IEtub3dpbmcgbW9y ZSBhYm91dCB0aGlzIHdvdWxkIGhlbHAgdG8gdW5kZXJzdGFuZCBvcHRpb25zIG9yIGlmIHRoZXJl DQo+PiBpcyBhbm90aGVyIGRyYWZ0IHRoYXQgYWRkcmVzc2VzIHRoaXMgb3V0ZXIgZW5jYXBzdWxh dGlvbiB0aGF0IGlzDQo+PiBpbXBvc2VkIGFuZCB0aGUgdHJhbnNwb3J0IHNlY3VyaXR5IHJlcXVp cmVtZW50cyB0aGF0IGdvIGFsb25nIHdpdGggaXQuDQo+PiANCj4+IA0KPj4gUFE+IFNpbmNlIE5T SCBkZWZpbmVzIG5vIHByZWZlcnJlZCB0cmFuc3BvcnQocyksIHRoZSBzZWN1cml0eSBvZiB0aGUN Cj4+IHNlbGVjdGVkIHRyYW5zcG9ydCBpcyBsZWZ0IHRvIHRoZSB0cmFuc3BvcnQgc3RhbmRhcmQu ICAgU28sIGZvciBleGFtcGxlLCBpZg0KPj4gYW4gb3BlcmF0b3IgZWxlY3RzIHRvIHVzZSB0aGUg TlZPMyBkZWZpbmVkIHByb3RvY29sLCB0aGVuIHRoZSBvcGVyYXRvciBoYXMNCj4+IGV4cGxpY2l0 bHkgc2VsZWN0ZWQgdGhhdCBvdmVybGF5Lg0KPj4gDQo+PiANCj4+IFRyYW5zcG9ydCBtYXkgYmUg aG9wIHRvIGhvcCwgYW5kIHRoZXJlIG1pZ2h0IG5vdCBiZSBlbmNyeXB0aW9uIG9mIHRoaXMNCj4+ IGhlYWRlciBpZiB0aGUgYXBwbGljYXRpb24gdXNlcyBhbiBlbmNyeXB0ZWQgdHJhbnNwb3J0IGVu Y2Fwc3VsYXRlZCBpbg0KPj4gdGhpcyBsYXllci4gIEluIGFueSBjYXNlLCBpdCBzZWVtcyBpbnRl Z3JpdHkgcHJvdGVjdGlvbiBpcyBhDQo+PiByZXF1aXJlbWVudCBmb3IgYSBtdWx0aS10ZW5hbnQg ZW52aXJvbm1lbnQuICBDb3VsZCB0aGUgQ09TRSBNQUMNCj4+IGZ1bmN0aW9uIGZpdCB0aGUgYmls bCBzaW5jZSBpdCBpcyBpbnRlbmRlZCBmb3IgY29uY2lzZSBmb3JtYXRzPw0KPj4gaHR0cHM6Ly9k YXRhdHJhY2tlci5pZXRmLm9yZy9kb2MvcmZjODE1Mg0KPj4gSk9TRSBwcm9kdWNlZCBhIHNpbWls YXIgZnVuY3Rpb24gd2l0aCBKU09OLCBidXQgaXQgd291bGQgYmUgc2xpZ2h0bHkgbGFyZ2VyLg0K Pj4gDQo+PiBTZWN0aW9uIDcuMToNCj4+IA0KPj4gVGhlIGZvbGxvd2luZyBwYXJhZ3JhcGggaW1w bGllcyB0aGF0IGFueXRoaW5nIGxlc3MgdGhhbiBhIDUtdHVwbGUNCj4+IGlzbuKAmXQgdXNlZnVs IGFuZCB0aGF0IHlvdSBpbnRlbmQgdG8gdXNlIHRyYWZmaWMgY29udGVudCB3aGVuDQo+PiBhdmFp bGFibGUuICBUaGlzIGlzIGNvbmNlcm5pbmcuICBDYW7igJl0IHlvdSB1c2UgYSAyLXR1cGxlPyAg V2hhdCBpZg0KPj4gSVBzZWMgdHJhbnNwb3J0IG1vZGUgd2VyZSBpbiB1c2UsIGlzIHRoaXMgc29s dXRpb24gZGVhZCBpbiB0aGUgd2F0ZXI/DQo+PiANCj4+IFJlZ2FyZGxlc3Mgb2YgdGhlIHNvdXJj ZSwgbWV0YWRhdGEgcmVmbGVjdHMgdGhlICJyZXN1bHQiIG9mDQo+PiBjbGFzc2lmaWNhdGlvbi4g IFRoZSBncmFudWxhcml0eSBvZiBjbGFzc2lmaWNhdGlvbiBtYXkgdmFyeS4gIEZvcg0KPj4gZXhh bXBsZSwgYSBuZXR3b3JrIHN3aXRjaCwgYWN0aW5nIGFzIGEgY2xhc3NpZmllciwgbWlnaHQgb25s eSBiZSBhYmxlDQo+PiB0byBjbGFzc2lmeSBiYXNlZCBvbiBhIDUtdHVwbGUsIHdoaWxlIGEgc2Vy dmljZSBmdW5jdGlvbiBtYXkgYmUgYWJsZQ0KPj4gdG8gaW5zcGVjdCBhcHBsaWNhdGlvbiBpbmZv cm1hdGlvbi4gIFJlZ2FyZGxlc3Mgb2YgZ3JhbnVsYXJpdHksIHRoZQ0KPj4gY2xhc3NpZmljYXRp b24gaW5mb3JtYXRpb24gY2FuIGJlIHJlcHJlc2VudGVkIGluIHRoZSBOU0guDQo+PiANCj4+IElm IGEgMi10dXBsZSBpcyBwb3NzaWJsZSwgY291bGQgeW91IGFkZCB0aGF0IGluIGFzIGFuIGV4YW1w bGUgaW5zdGVhZA0KPj4gb2Ygb3IgaW4gYWRkaXRpb24gdG8gdGhlIDUtdHVwbGU/DQo+PiANCj4+ IA0KPj4gUFE+ICBUaGUgNS10dXBsZSB3YXMgdXNlZCBvbmx5IGFzIGFuIGV4YW1wbGUgdGhhdCBp cyBjb21tb25seSB1bmRlcnN0b29kIGluDQo+PiB0aGUgY29udGV4dCBvZiBuZXR3b3JrIGRldmlj ZSBjbGFzc2lmaWNhdGlvbi4gIFRoZSBzZW50ZW5jZTogIlRoZQ0KPj4gZ3JhbnVsYXJpdHkgb2Yg Y2xhc3NpZmljYXRpb24gbWF5IHZhcnku4oCdIGFkZHJlc3NlcyAyLCAzLCA0LCBuLXR1cGxlDQo+ PiBjbGFzc2lmaWNhdGlvbi4gIEZ1cnRoZXIsIHRoYXQgcG9pbnQgaXMgcmVpbmZvcmNlZDog4oCc UmVnYXJkbGVzcyBvZg0KPj4gZ3JhbnVsYXJpdHksIHRoZSBjbGFzc2lmaWNhdGlvbiBpbmZvcm1h dGlvbiBjYW4gYmUgcmVwcmVzZW50ZWQgaW4gdGhlIE5TSC4iDQo+PiANCj4+IA0KPj4gDQo+PiAN Cj4+IFNlY3Rpb24gNy4xDQo+PiANCj4+IFRoaXMgdGV4dCBjb21lcyB0b28gbGF0ZSBpbiB0aGUg ZHJhZnQgYW5kIEkgcmVjb21tZW5kIG1ha2luZyBhIGNsZWFyDQo+PiBzdGF0ZW1lbnQgaW4gdGhl IGludHJvZHVjdGlvbiB0aGF0IHNlc3Npb24gZW5jcnlwdGlvbiB0byBwcm90ZWN0IHRoZQ0KPj4g ZGF0YSBpbiB0cmFuc2l0IHJlbGllcyBvbiB0aGUgYXBwbGljYXRpb24vc2VydmljZSBzZW5kaW5n L3JlY2VpdmluZw0KPj4gdGhlIGRhdGEgYW5kIG5vdCB0aGUgU0ZDLiAgSSBtYWRlIHRoaXMgcG9p bnQgcHJldmlvdXNseSBhbmQgYW0gZ2xhZCB0bw0KPj4gc2VlIHNvbWUgdGV4dCwgYnV0IHRoaW5r IGl0IHdvdWxkIGJlIG11Y2ggYmV0dGVyIHRvIHN0YXRlIHRoaXMgZWFybHkNCj4+IGluIHRoZSBk cmFmdC4gIFRvdWNoaW5nIHVwb24gcHJvdGVjdGlvbnMgZm9yIGRhdGEgc3RyZWFtcyB2ZXJzdXMg bWV0YQ0KPj4gZGF0YSB3b3VsZCBib3RoIGJlIGltcG9ydGFudCAobGF5ZXJzIGZvciB0cmFmZmlj IGFuZCBhc3NvY2lhdGVkDQo+PiBwcm90ZWN0aW9ucykuICBJZiBpdOKAmXMgbWV0YSBkYXRhLCBk byB0aGV5IG5lZWQgdG8gcmVseSBvbiBJUHNlYyBhbmQNCj4+IGhhdmluZyBhIDItdHVwbGUgYmUg dGhlIG1pbmltdW0/ICBXaGVuIGlzIHRoYXQgYXBwbGllZD8gIElzIHRoZXJlIG1ldGENCj4+IGRh dGEgdGhhdCBjb3VsZCBiZSBzZW5zaXRpdmUgaWYgVExTIHdhcyBpbiBwbGFjZSBhbmQgYSA1LXR1 cGxlIGlzDQo+PiB2aXNpYmxlIChwZXJoYXBzIHRoZSBleGlzdGVuY2Ugb2YgY29tbXVuaWNhdGlv biBpcyBzZW5zaXRpdmUpLiAgQXJlDQo+PiB0aGVyZSBvdGhlciBjb25zaWRlcmF0aW9ucyBmb3Ig bWV0YWRhdGEgYW5kIGRhdGEgdGhhdCBuZWVkIHRvIGJlDQo+PiBzdGF0ZWQgdXAgZnJvbnQgYW5k IHB1dCBvdXQtb2Ytc2NvcGUgZm9yIFNGQz8gIEnigJltIGFza2luZyB0aGVzZQ0KPj4gcXVlc3Rp b25zIGFzIHByb3ZpZGluZyB0aGVzZSBhbnN3ZXJzIGNvdWxkIHNob3cgdGhhdCB0aGUgcmlzayBp cw0KPj4gY29uc3RyYWluZWQuDQo+PiANCj4+IERlcGVuZGluZyBvbiB0aGUgaW5mb3JtYXRpb24g Y2FycmllZCBpbiB0aGUgbWV0YWRhdGEsIGRhdGEgcHJpdmFjeQ0KPj4gY29uc2lkZXJhdGlvbnMg bWF5IG5lZWQgdG8gYmUgY29uc2lkZXJlZC4gIEZvciBleGFtcGxlLCBpZiB0aGUNCj4+IG1ldGFk YXRhIGNvbnZleXMgdGVuYW50IGluZm9ybWF0aW9uLCB0aGF0IGluZm9ybWF0aW9uIG1heSBuZWVk IHRvIGJlDQo+PiBhdXRoZW50aWNhdGVkIGFuZC9vciBlbmNyeXB0ZWQgYmV0d2VlbiB0aGUgb3Jp Z2luYXRvciBhbmQgdGhlDQo+PiBpbnRlbmRlZCByZWNpcGllbnRzICh3aGljaCBtYXkgaW5jbHVk ZSBpbnRlbmRlZCBTRnMgb25seSkuICBUaGUgTlNIDQo+PiBpdHNlbGYgZG9lcyBub3QgcHJvdmlk ZSBwcml2YWN5IGZ1bmN0aW9ucywgcmF0aGVyIGl0IHJlbGllcyBvbiB0aGUNCj4+IHRyYW5zcG9y dC9vdmVybGF5IGxheWVyLiAgQW4gb3BlcmF0b3IgY2FuIHNlbGVjdCB0aGUgYXBwcm9wcmlhdGUN Cj4+IHRyYW5zcG9ydCB0byBlbnN1cmUgY29uZmlkZW50aWFsaXR5IChhbmQgb3RoZXIgc2VjdXJp dHkpDQo+PiBjb25zaWRlcmF0aW9ucyBhcmUgbWV0LiAgTWV0YWRhdGEgcHJpdmFjeSBhbmQgc2Vj dXJpdHkgY29uc2lkZXJhdGlvbnMNCj4+IGFyZSBhIG1hdHRlciBmb3IgdGhlIGRvY3VtZW50cyB0 aGF0IGRlZmluZSBtZXRhZGF0YSBmb3JtYXQuDQo+PiANCj4+IA0KPj4gDQo+PiBQUT4gIEFyZSB5 b3Ugc3VnZ2VzdGluZyB0aGF0IGFwcGxpY2F0aW9uIGxheWVyIGNvbmZpZGVudGlhbGx5IGJlIGFk ZHJlc3NlZA0KPj4gaW4gdGhpcyBkcmFmdD8gICBOU0gg4oCccGxheXMgbmljZWx54oCdIHdpdGgg c3RhbmRhcmQgZW5jcnlwdGlvbiB0cmFuc3BvcnRzLA0KPj4gdGhlcmVmb3JlIGFsbG93aW5nIG9w ZXJhdG9ycyB0byDigJxzZWN1cmXigJ0gdGhlIHBhdGguICBHb2luZyB1cCB0aGUgc3RhY2sgZnJv bQ0KPj4gdGhhdCBzZWVtcyB0byBiZSBvdXRzaWRlIHRoZSBzY29wZSBvZiBOU0ggYW5kIGluY29u c2lzdGVudCB3aXRoIG90aGVyDQo+PiBwcm90b2NvbCByZXF1aXJlbWVudHMuDQo+PiANCj4+IA0K Pj4gT3RoZXIgY29tbWVudHM6DQo+PiANCj4+IEnigJlkIGxpa2UgdG8gc2VlOw0KPj4gaHR0cHM6 Ly90b29scy5pZXRmLm9yZy9odG1sL2RyYWZ0LW1nbHQtc2ZjLXNlY3VyaXR5LWVudmlyb25tZW50 LXJlcS0wMg0KPj4gUHVibGlzaGVkIGJlZm9yZSB0aGlzIGRvY3VtZW50IGFuZCB0aGVuIGhhdmUg dGhhdCBhcyBhIHJlZmVyZW5jZS4gIE9uZQ0KPj4gb2YgdGhlIGNvbW1lbnRzIEkgbWFkZSBwcmV2 aW91c2x5IHdhcyB0byBsaXN0IG91dCB0aGUgbGF5ZXJpbmcgYW5kDQo+PiBwcm90ZWN0aW9ucyBl eHBlY3RlZCBvbiBkYXRhIGFuZCBOU0guICBUaGlzIGhhcyBiZWVuIGRvbmUgaW4gdGhlDQo+PiBz ZWN1cml0eSBlbnZpcm9ubWVudCBkcmFmdCwgc2VjdGlvbiA0IHNob3VsZCBiZSByZWZlcmVuY2Vk Og0KPj4gDQo+PiBTZWN0aW9uIDQgcHJvdmlkZXMgYW4gb3ZlcmFsbCBkZXNjcmlwdGlvbiBvZiB0 aGUgU0ZDIGVudmlyb25tZW50IHdpdGgNCj4+IHRoZSBpbnRyb2R1Y3Rpb24gb2YgdGhlIGRpZmZl cmVudCBwbGFuZXMgKFNGQyBDb250cm9sIFBsYW5lLCB0aGUgU0ZDDQo+PiBNYW5hZ2VtZW50IFBs YW5lLCB0aGUgVGVuYW50J3MgdXNlciBQbGFuZSBhbmQgdGhlIFNGQyBEYXRhIFBsYW5lKS4NCj4+ IA0KPj4gDQo+PiANCj4+IFBRPiAgQXMgSSBtZW50aW9uZWQgb24gYW5vdGhlciB0aHJlYWQ6IGEg c2VjdXJlIGVudmlyb25tZW50IGRyYWZ0IGlzIG5vdA0KPj4gcmVsYXRlZCB0byBOU0ggcGVyIHNl Lg0KPj4gDQo+PiANCj4+IA0KPj4gDQo+PiBUaGlzIGlzIGEgdmVyeSBpbXBvcnRhbnQgcG9pbnQg Zm9yIGFueW9uZSByZXZpZXdpbmcgZm9yIHNlY3VyaXR5IGFzDQo+PiBhcmUgdGhlIGVudmlyb25t ZW50IHNlY3VyaXR5IHJlcXVpcmVtZW50cy4gIFRoZSBzZWN1cml0eSBlbnZpcm9ubWVudA0KPj4g cmVxdWlyZW1lbnRzIGRyYWZ0IHN0aWxsIG5lZWRzIGEgbGl0dGxlIG1vcmUgd29yayBmcm9tIGEg cXVpY2sgcmVhZCwNCj4+IGJ1dCBoZWxwcyBhIGxvdC4gIEkgbmVlZCB0byBmaW5pc2ggcmVhZGlu ZyB0aGUgc2VjdXJpdHkgZW52aXJvbm1lbnQNCj4+IGRyYWZ0Lg0KPj4gDQo+PiAtLQ0KPj4gDQo+ PiBCZXN0IHJlZ2FyZHMsDQo+PiBLYXRobGVlbg0KPj4gDQo+PiBfX19fX19fX19fX19fX19fX19f X19fX19fX19fX19fX19fX19fX19fX19fX19fXw0KPj4gc2ZjIG1haWxpbmcgbGlzdA0KPj4gc2Zj QGlldGYub3JnDQo+PiBodHRwczovL3d3dy5pZXRmLm9yZy9tYWlsbWFuL2xpc3RpbmZvL3NmYw0K Pj4gDQo+PiANCj4+IA0KPj4gDQo+PiANCj4+IC0tDQo+PiANCj4+IEJlc3QgcmVnYXJkcywNCj4+ IEthdGhsZWVuDQo+PiANCj4+IF9fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f X19fX19fX19fDQo+PiBzZmMgbWFpbGluZyBsaXN0DQo+PiBzZmNAaWV0Zi5vcmcNCj4+IGh0dHBz Oi8vd3d3LmlldGYub3JnL21haWxtYW4vbGlzdGluZm8vc2ZjDQo+PiANCj4+IA0KPiANCj4gDQo+ IA0KPiAtLSANCj4gDQo+IEJlc3QgcmVnYXJkcywNCj4gS2F0aGxlZW4NCg0K From nobody Wed Sep 20 09:23:06 2017 Return-Path: X-Original-To: sfc@ietfa.amsl.com Delivered-To: sfc@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0BD791330B3 for ; Wed, 20 Sep 2017 09:23:05 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2 X-Spam-Level: X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zsS2j1H4pzqB for ; Wed, 20 Sep 2017 09:23:02 -0700 (PDT) Received: from mail-pg0-x232.google.com (mail-pg0-x232.google.com [IPv6:2607:f8b0:400e:c05::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 287031320D9 for ; Wed, 20 Sep 2017 09:23:02 -0700 (PDT) Received: by mail-pg0-x232.google.com with SMTP id v23so1952257pgc.5 for ; Wed, 20 Sep 2017 09:23:02 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=D17iIxZvU8paCq+NcupehWB26ouL7SG1jEGzUyA4qRw=; b=gNY7KJdjcKqiaVulkFKso5xL9aogmutOPl7fYzoOBHmXStLTz8Gym32tuJIfWsUJ4J qpnZ4ZVu3B2E+s7VbXrNSXcpS4jQidRrwhpNfbHTSs23soqvLemgJXAvOwTv+r6zVy63 R74YMU+ItiKKMiFU9hOe8RlljFFfU2fMRKNY17UQHMR/QLT6NIt56hhvdUP14rJhze0C UgJvGNkVwB0EnlYCP628Lu+xn9WHAs6PROB2UCN5cc9XxS4wTkE6C6M0SbxnssHnOEhj adlDhtthlxHYIhuIVui/6SJa0mDvRsm0jlc1557JZxsuROnnkYdJLJRKYU6nOIBomIn3 4gnw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=D17iIxZvU8paCq+NcupehWB26ouL7SG1jEGzUyA4qRw=; b=ed0CMlnTuKJ+yx03qY5JEqWHetzgCqIrm0QWDc64m6GB0lTgOFgkaL7ZhXeHhzLkHZ G8823qfWA1OZYjnIIIAOrHEMSbwzMrfCalH/QtNx3BDAF9NKWX+TVaYx5AqTZyxeaSlP P1wIfmXlGH14FOtBstNU23X+OwUpGNo4LGRYmShi3W5smfNfonfeTREYwtmh6RELg0Gu bPRJFQODtB4WDxLqR14A68g+e1z/KiBzu4ebXea6C9o9m9S3r9z/OT3lMU/MM7DEs20U k93XervygAlRHJT146bAi0OiBfuwFzMoFkCFX+tT2GLAnmim/t3isXgff7yarcB8eSr7 /Hig== X-Gm-Message-State: AHPjjUje7+RpXYyPWK9dXT1GKmdUhutCiWIgOQl1zcH3lX/bRTCi/za9 NaiAgpJdLC8PBYu0pir9rpE2B1xJLVFCpnxs4ns= X-Google-Smtp-Source: AOwi7QDOK/QZRjBp4eIErKzOyPIxt2Bqaj9vpzFatH+lRd/CsgBLLGHWfUPbMzj1pMsaddypbLCbvW1lX8vCOZSvtcs= X-Received: by 10.98.103.89 with SMTP id b86mr2624830pfc.319.1505924580729; Wed, 20 Sep 2017 09:23:00 -0700 (PDT) MIME-Version: 1.0 Received: by 10.100.144.1 with HTTP; Wed, 20 Sep 2017 09:22:20 -0700 (PDT) In-Reply-To: <43ED911F-2174-4930-A9BE-1B2A81CD03E9@cisco.com> References: <6971D34B-DC0E-4C3E-B412-3C2F8FAE5704@cisco.com> <43ED911F-2174-4930-A9BE-1B2A81CD03E9@cisco.com> From: Kathleen Moriarty Date: Wed, 20 Sep 2017 12:22:20 -0400 Message-ID: To: "Carlos Pignataro (cpignata)" Cc: "Paul Quinn (paulq)" , "sfc@ietf.org" Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Archived-At: Subject: Re: [sfc] Early review draft-ietf-sfc-nsh X-BeenThere: sfc@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Network Service Chaining List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 Sep 2017 16:23:05 -0000 Hi Carlos, Please look at the text in the current document. It only says transport in the text I quoted. The diagram also only says transport. Drafts need to be clearly written to be broadly understood and the way the text is now, it is not. I think cleaning it up a bit will lift some of the security concerns as some are addressed prior to NSH seeing the IP packet or frame. Your response helps, but please take the time to look through the document to see how it can be clarified so one does not have the questions I and others have raised. Thank you, Kathleen On Wed, Sep 20, 2017 at 11:59 AM, Carlos Pignataro (cpignata) wrote: > Hi, Kathleen, > > Thank you for asking explicitly. This document used to have explicit =E2= =80=9CNSH Encapsulation Examples=E2=80=9D, but were taken out (at the AD=E2= =80=99s request) based on the argument that =E2=80=9Ceveryone would like to= have their encapsulation=E2=80=9D. We can always bring them back if desire= d, even within a non-normative appendix. > > As I follow your questions, I will try my best to answer and clarify. > > I am not sure which =E2=80=9Cbunny trail=E2=80=9D took the conversation h= ere, but perhaps a couple of top-post clarifications might help: > > 1. =E2=80=9COriginal Packet/Frame=E2=80=9D -> the terminology Packet/Fram= e, as commonly used, denotes an IP packet or an Ethernet frame. > 2. The outer "Transport Encapsulation=E2=80=9D does *not* mean TCP. It us= es the word =E2=80=9CTransport=E2=80=9D as transport profile, an encapsulat= ion that transports, not as TCP. GRE is one example of a transport encapsul= ation, not TCP as a =E2=80=9CL4 Transport Layer protocol=E2=80=9D. > > In point #2, GRE is the Transport that NSH uses between SFFs/SFs. And fur= ther, since NSH is Transport Encapsulation agnostic, we are talking about p= otentially a broad set of protocols=E2=80=A6 I=E2=80=99d encourage us to no= t attempt to classify them in OSI Layers. > > I can see that some of this might not be totally clear if scanning throug= h the document, but it is clear for an implementor. > > See Table 1 and Table 3 for examples (Transport column) > > I hope this helps set clarifying context, see inline for more specific de= tails... > >> On Sep 20, 2017, at 11:21 AM, Kathleen Moriarty wrote: >> >> Hi Carlos, >> >> It's a start, but should be more specific. > > The specifics are in the document, even examples as per Tables 1 and 3. > >> What are the original >> packets/frame - is this link layer or network or both? > > These are the packets or frames incoming into a classifier, original, the= n NSH is imposed, then a transport encapsulation is imposed. > >> It seems like >> both from the diagram, but is that really the case? > > Yes, it is both. Really the case. > >> >> Then for the transport encapsulation, is this layer 3 or 4? > > I believe it is a source of headache and confusion to think about OSI lay= ers=E2=80=A6 what layer is IP-in-IP? And an MPLS Pseudowire transporting Et= hernet? Or an IPv6/L2TPv3 pseudowire transporting TDM? > >> >> The wording that precedes this is a bit confusing (here for reference): >> >> The Network Service Header (NSH) specification defines a new protocol >> and associated encapsulation for the creation of dynamic service >> chains, operating at the service plane. The NSH is designed to >> encapsulate an original packet or frame, and in turn be encapsulated >> by an outer transport (which is used to deliver the NSH to NSH-aware >> network elements), as shown in Figure 1: > > Does the explanation above help? I am not sure how to best answer=E2=80= =A6 because I do not find it confusing. This text is the result of reviewer= s asking for clarity, and then acknowledging that the paragraph above broug= ht that clarity. > >> >> Normally, the higher layers are encapsulated, > > What is higher and lower? And for what definition of =E2=80=9CNormally=E2= =80=9D? What=E2=80=99s a Tunnel? > >> but this wording >> describes just the opposite. It says the packet/frame at layer 2/3 >> (just going from the normal uses of packet and frame to assume layer >> 3/2). > > Correct. IP packet, Ethernet Frame. > >> NHS encapsulates that, and then is encapsulated by a transport >> layer 3/4? > > No. > > Where does it say =E2=80=9CTransport Layer=E2=80=9D? > > Note that =E2=80=9CNetwork Transport=E2=80=9D, and =E2=80=9CTransport Enc= apsulation=E2=80=9D are terms coming from RFC 7665. > > And to be clear: many RFCs use =E2=80=9CTransport Encapsulation=E2=80=9D = or a variation of that (Encapsulation for Transport, Transport-independent = Encapsulation, etc.) > > See Table 1 and Table 3, Transport column, for examples. > > >> If you can clarify this text or make it clear that you >> really intended to do this odd encapsulation, that would help a lot. > > Hopefully my explanation helps. > >> Understanding the layers this all happens at is very important. If >> NSH is the trigger for the layer 3/4 transport, how can security be >> applied? Or is it addressed by a prior 3/4 encapsulation by the >> original packet/frame? >> >> Thanks, >> Kathleen >> > > > =E2=80=94 > Carlos Pignataro, carlos@cisco.com > > >> >> On Tue, Sep 19, 2017 at 4:53 PM, Carlos Pignataro (cpignata) >> wrote: >>> Hi, Kathleen, >>> >>> Thanks for the clarification. >>> >>> Regarding: >>> >>> is that the layering needs to be specifically >>> stated to clearly >>> >>> >>> Like this? >>> https://tools.ietf.org/html/draft-ietf-sfc-nsh-21#section-1 >>> >>> +------------------------------+ >>> | Transport Encapsulation | >>> +------------------------------+ >>> | Network Service Header (NSH) | >>> +------------------------------+ >>> | Original Packet / Frame | >>> +------------------------------+ >>> >>> Figure 1: Network Service Header Encapsulation >>> >>> I think if you laid this out >>> nicely and clearly showed where transport security is addressed at >>> another layer (out-of-scope), it would go a long way. >>> >>> >>> Hopefully the above (existing) figure and text is clear. In that case: >>> >>> One idea is to categorize the paragraphs in the Security Considerations= to >>> make those relations more clear. >>> >>> =E2=80=94 >>> Carlos Pignataro. >>> >>> >>> On Sep 19, 2017, at 3:38 PM, Kathleen Moriarty >>> wrote: >>> >>> Thanks for the responses. I'm going to top post as I thin the main >>> point of my review is that the layering needs to be specifically >>> stated to clearly scope the problem space for NSH security >>> considerations. The draft as-written is not clear and as a result, >>> security reviews are very difficult. I think if you laid this out >>> nicely and clearly showed where transport security is addressed at >>> another layer (out-of-scope), it would go a long way. Although the >>> draft improved a bit from the previous version, I think a careful >>> review and edit pass would do a lot of good, specifically around >>> clarity of the problem space and solution. The questions I asked were >>> a result of lack of clarity in the draft. >>> >>> Thanks, >>> Kathleen >>> >>> On Tue, Sep 19, 2017 at 3:22 PM, Paul Quinn (paulq) w= rote: >>> >>> Hi, >>> >>> Thank you for the review. Please see some comments inline below. >>> >>> Paul >>> >>> On Sep 18, 2017, at 4:15 PM, Kathleen Moriarty >>> wrote: >>> >>> Hello, >>> >>> At Alia's request, I did an early review of draft-ietf-sfc-nsh. Here >>> are some initial comments and I may have more when the draft is >>> revised and is in for IESG review. I appreciate your efforts >>> addressing the comments received to date. I hope you find these >>> suggestions as helpful improvements to the document and clarity of NSH >>> security concerns. >>> >>> >>> Section 1 - >>> >>> The intended scope in the introduction should also include mention of >>> multi-tenancy. This changes the security requirements and is very >>> important to note. >>> >>> Section 1.4 - >>> >>> 5. Transport Agnostic: The NSH is encapsulation-independent, meaning >>> it can be transported by a variety of protocols. An appropriate >>> (for a given deployment) encapsulation protocol can be used to >>> carry NSH-encapsulated traffic. This transport may form an >>> overlay network and if an existing overlay topology provides the >>> required service path connectivity, that existing overlay may be >>> used. >>> >>> Is there a preferred transport so you could specify a recommended >>> transport security protocol? >>> >>> >>> PQ> There is not. In fact at the AD=E2=80=99s request sample transport= s were >>> removed to ensure that there was no implied preference. Therefore, an >>> operator can select their preferred transports, including =E2=80=94 as = per the >>> security considerations section =E2=80=94 ones that provide encryption. >>> >>> >>> Section 2, 3rd sentence: >>> Subsequently, an >>> outer encapsulation is imposed on the NSH, which is used for network >>> forwarding. >>> >>> Knowing more about this would help to understand options or if there >>> is another draft that addresses this outer encapsulation that is >>> imposed and the transport security requirements that go along with it. >>> >>> >>> PQ> Since NSH defines no preferred transport(s), the security of the >>> selected transport is left to the transport standard. So, for example= , if >>> an operator elects to use the NVO3 defined protocol, then the operator = has >>> explicitly selected that overlay. >>> >>> >>> Transport may be hop to hop, and there might not be encryption of this >>> header if the application uses an encrypted transport encapsulated in >>> this layer. In any case, it seems integrity protection is a >>> requirement for a multi-tenant environment. Could the COSE MAC >>> function fit the bill since it is intended for concise formats? >>> https://datatracker.ietf.org/doc/rfc8152 >>> JOSE produced a similar function with JSON, but it would be slightly la= rger. >>> >>> Section 7.1: >>> >>> The following paragraph implies that anything less than a 5-tuple >>> isn=E2=80=99t useful and that you intend to use traffic content when >>> available. This is concerning. Can=E2=80=99t you use a 2-tuple? What= if >>> IPsec transport mode were in use, is this solution dead in the water? >>> >>> Regardless of the source, metadata reflects the "result" of >>> classification. The granularity of classification may vary. For >>> example, a network switch, acting as a classifier, might only be able >>> to classify based on a 5-tuple, while a service function may be able >>> to inspect application information. Regardless of granularity, the >>> classification information can be represented in the NSH. >>> >>> If a 2-tuple is possible, could you add that in as an example instead >>> of or in addition to the 5-tuple? >>> >>> >>> PQ> The 5-tuple was used only as an example that is commonly understoo= d in >>> the context of network device classification. The sentence: "The >>> granularity of classification may vary.=E2=80=9D addresses 2, 3, 4, n-t= uple >>> classification. Further, that point is reinforced: =E2=80=9CRegardless= of >>> granularity, the classification information can be represented in the N= SH." >>> >>> >>> >>> >>> Section 7.1 >>> >>> This text comes too late in the draft and I recommend making a clear >>> statement in the introduction that session encryption to protect the >>> data in transit relies on the application/service sending/receiving >>> the data and not the SFC. I made this point previously and am glad to >>> see some text, but think it would be much better to state this early >>> in the draft. Touching upon protections for data streams versus meta >>> data would both be important (layers for traffic and associated >>> protections). If it=E2=80=99s meta data, do they need to rely on IPsec= and >>> having a 2-tuple be the minimum? When is that applied? Is there meta >>> data that could be sensitive if TLS was in place and a 5-tuple is >>> visible (perhaps the existence of communication is sensitive). Are >>> there other considerations for metadata and data that need to be >>> stated up front and put out-of-scope for SFC? I=E2=80=99m asking these >>> questions as providing these answers could show that the risk is >>> constrained. >>> >>> Depending on the information carried in the metadata, data privacy >>> considerations may need to be considered. For example, if the >>> metadata conveys tenant information, that information may need to be >>> authenticated and/or encrypted between the originator and the >>> intended recipients (which may include intended SFs only). The NSH >>> itself does not provide privacy functions, rather it relies on the >>> transport/overlay layer. An operator can select the appropriate >>> transport to ensure confidentiality (and other security) >>> considerations are met. Metadata privacy and security considerations >>> are a matter for the documents that define metadata format. >>> >>> >>> >>> PQ> Are you suggesting that application layer confidentially be addres= sed >>> in this draft? NSH =E2=80=9Cplays nicely=E2=80=9D with standard encry= ption transports, >>> therefore allowing operators to =E2=80=9Csecure=E2=80=9D the path. Goi= ng up the stack from >>> that seems to be outside the scope of NSH and inconsistent with other >>> protocol requirements. >>> >>> >>> Other comments: >>> >>> I=E2=80=99d like to see; >>> https://tools.ietf.org/html/draft-mglt-sfc-security-environment-req-02 >>> Published before this document and then have that as a reference. One >>> of the comments I made previously was to list out the layering and >>> protections expected on data and NSH. This has been done in the >>> security environment draft, section 4 should be referenced: >>> >>> Section 4 provides an overall description of the SFC environment with >>> the introduction of the different planes (SFC Control Plane, the SFC >>> Management Plane, the Tenant's user Plane and the SFC Data Plane). >>> >>> >>> >>> PQ> As I mentioned on another thread: a secure environment draft is no= t >>> related to NSH per se. >>> >>> >>> >>> >>> This is a very important point for anyone reviewing for security as >>> are the environment security requirements. The security environment >>> requirements draft still needs a little more work from a quick read, >>> but helps a lot. I need to finish reading the security environment >>> draft. >>> >>> -- >>> >>> Best regards, >>> Kathleen >>> >>> _______________________________________________ >>> sfc mailing list >>> sfc@ietf.org >>> https://www.ietf.org/mailman/listinfo/sfc >>> >>> >>> >>> >>> >>> -- >>> >>> Best regards, >>> Kathleen >>> >>> _______________________________________________ >>> sfc mailing list >>> sfc@ietf.org >>> https://www.ietf.org/mailman/listinfo/sfc >>> >>> >> >> >> >> -- >> >> Best regards, >> Kathleen > --=20 Best regards, Kathleen From nobody Wed Sep 20 09:35:33 2017 Return-Path: X-Original-To: sfc@ietfa.amsl.com Delivered-To: sfc@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B58BA1330B3 for ; Wed, 20 Sep 2017 09:35:31 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -14.52 X-Spam-Level: X-Spam-Status: No, score=-14.52 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0bbL8mT4i2GS for ; Wed, 20 Sep 2017 09:35:27 -0700 (PDT) Received: from alln-iport-6.cisco.com (alln-iport-6.cisco.com [173.37.142.93]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E8E6513202D for ; Wed, 20 Sep 2017 09:35:26 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=53624; q=dns/txt; s=iport; t=1505925327; x=1507134927; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=jIRwTmC/XOMCze1JAiRGbdr+AtP6RegmXReuJCSSzRA=; b=elGT+/JnE+KoHOTe4cVejJp5UtEqcpFQrKC/iIKgp5/0i+Ay/1WFJXdh UllqaVgXoF3o9fmkGJjPqKacrz85CsnJMmNGUhimsa5miXTIodizKzPTz iwA1OSwmvM0dbH2ywqEch7/bF4MJx9+QJQF7h7zJXVJptxIuX07szRsbp Q=; X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0CsAQBkmMJZ/49dJa1cGQEBAQEBAQEBA?= =?us-ascii?q?QEBBwEBAQEBgy0tZG4nB4NumhWKMo13ggEDChgBCoUYAhqES1cBAgEBAQEBAms?= =?us-ascii?q?ohRkCAQMBARgJBEAHBAcQAgEIOAEGAwICAh8GCxQRAgQOBRuJNEwDFRCnc4FtO?= =?us-ascii?q?ocxDYNfAQEBAQEBAQEBAQEBAQEBAQEBAQEBGAWDK4FiIIFRgWQrgXCBDYJZgWY?= =?us-ascii?q?kUIJbL4IxBYoPBo4yiBA8AodbiAOEd4ITgW+De4N+hwCMX4guAhEZAYE4AVdBT?= =?us-ascii?q?HcVSRIBhQYcgWd2AYgRgRABAQE?= X-IronPort-AV: E=Sophos;i="5.42,421,1500940800"; d="scan'208,217";a="5741513" Received: from rcdn-core-7.cisco.com ([173.37.93.143]) by alln-iport-6.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 20 Sep 2017 16:35:25 +0000 Received: from XCH-RTP-008.cisco.com (xch-rtp-008.cisco.com [64.101.220.148]) by rcdn-core-7.cisco.com (8.14.5/8.14.5) with ESMTP id v8KGZPJx003176 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Wed, 20 Sep 2017 16:35:25 GMT Received: from xch-rtp-020.cisco.com (64.101.220.160) by XCH-RTP-008.cisco.com (64.101.220.148) with Microsoft SMTP Server (TLS) id 15.0.1263.5; Wed, 20 Sep 2017 12:35:24 -0400 Received: from xch-rtp-020.cisco.com ([64.101.220.160]) by XCH-RTP-020.cisco.com ([64.101.220.160]) with mapi id 15.00.1263.000; Wed, 20 Sep 2017 12:35:24 -0400 From: "Carlos Pignataro (cpignata)" To: Kathleen Moriarty CC: "Paul Quinn (paulq)" , "sfc@ietf.org" Thread-Topic: [sfc] Early review draft-ietf-sfc-nsh Thread-Index: AQHTMLsSqoZIGRErdkS+KbebYim9zKK82t6AgAAEeYCAABTqgIABNZsAgAAKggCAAAZ9AIAAA6IA Date: Wed, 20 Sep 2017 16:35:24 +0000 Message-ID: References: <6971D34B-DC0E-4C3E-B412-3C2F8FAE5704@cisco.com> <43ED911F-2174-4930-A9BE-1B2A81CD03E9@cisco.com> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-exchange-messagesentrepresentingtype: 1 x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [10.118.116.133] Content-Type: multipart/alternative; boundary="_000_CD89AF2629BC412F891A7828BFED1C70ciscocom_" MIME-Version: 1.0 Archived-At: Subject: Re: [sfc] Early review draft-ietf-sfc-nsh X-BeenThere: sfc@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Network Service Chaining List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 Sep 2017 16:35:32 -0000 --_000_CD89AF2629BC412F891A7828BFED1C70ciscocom_ Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 S2F0aGxlZW4sDQoNClN1cmUsIHdlIHdpbGwgdGFrZSBhbiBFZGl0b3JpYWwgcGFzcyBhbmQgbG9v ayBvdmVyIGl0IGFuZCBhbGwgdGhlIG1lbnRpb25zIG9mIHNwZWNpZmljIGtleXdvcmRzLiBBcyBJ IG1lbnRpb25lZCwgd2Ugd2lsbCBhbHNvIGdvIG92ZXIgdGhlIHNlY3VyaXR5IGNvbnNpZGVyYXRp b25zIHRleHQgdG8gbWFrZSB0aGUgdGV4dCBmbG93IGFuZCBjYXRlZ29yaXphdGlvbiBtb3JlIGNs ZWFyLg0KDQpBbGwgdGhvc2UgRWRpdG9yaWFscyB3aWxsIGNsYXJpZnkgZnVydGhlci4NCg0Kc28g b25lIGRvZXMgbm90IGhhdmUgdGhlDQpxdWVzdGlvbnMgSSBhbmQgb3RoZXJzIGhhdmUgcmFpc2Vk Lg0KDQpIb3dldmVyOiBvdGhlcnMgaGF2ZSByYWlzZWQgc2ltaWxhciBxdWVzdGlvbiBpbiByZXYg LTE4LiBUaGUgY2hhbmdlcyBiZXR3ZWVuIC0xOCBhbmQgLTIxIHJlc29sdmVkIGFsbCB0aG9zZSBx dWVzdGlvbnMuIEV2ZXJ5b25lIChleGNlcHQgeW91KSB3aG8gaGFkIHJhaXNlZCBldmVuIGEgc21h bGwgY29uY2VybiBhYm91dCB0aGF0IHNwZWNpZmljIGNvbmZ1c2lvbiwgYWxyZWFkeSBhY2tub3ds ZWRnZSB0aGF0IHRoZSBjdXJyZW50IHZlcnNpb24gYWRkcmVzc2VzIHRob3NlLg0KDQpUaGFua3Ms DQoNCuKAlA0KQ2FybG9zIFBpZ25hdGFybywgY2FybG9zQGNpc2NvLmNvbTxtYWlsdG86Y2FybG9z QGNpc2NvLmNvbT4NCg0K4oCcU29tZXRpbWVzIEkgdXNlIGJpZyB3b3JkcyB0aGF0IEkgZG8gbm90 IGZ1bGx5IHVuZGVyc3RhbmQsIHRvIG1ha2UgbXlzZWxmIHNvdW5kIG1vcmUgcGhvdG9zeW50aGVz aXMuIg0KDQpPbiBTZXAgMjAsIDIwMTcsIGF0IDEyOjIyIFBNLCBLYXRobGVlbiBNb3JpYXJ0eSA8 S2F0aGxlZW4uTW9yaWFydHkuaWV0ZkBnbWFpbC5jb208bWFpbHRvOkthdGhsZWVuLk1vcmlhcnR5 LmlldGZAZ21haWwuY29tPj4gd3JvdGU6DQoNCkhpIENhcmxvcywNCg0KUGxlYXNlIGxvb2sgYXQg dGhlIHRleHQgaW4gdGhlIGN1cnJlbnQgZG9jdW1lbnQuICBJdCBvbmx5IHNheXMNCnRyYW5zcG9y dCBpbiB0aGUgdGV4dCBJIHF1b3RlZC4gIFRoZSBkaWFncmFtIGFsc28gb25seSBzYXlzIHRyYW5z cG9ydC4NCkRyYWZ0cyBuZWVkIHRvIGJlIGNsZWFybHkgd3JpdHRlbiB0byBiZSBicm9hZGx5IHVu ZGVyc3Rvb2QgYW5kIHRoZSB3YXkNCnRoZSB0ZXh0IGlzIG5vdywgaXQgaXMgbm90LiAgSSB0aGlu ayBjbGVhbmluZyBpdCB1cCBhIGJpdCB3aWxsIGxpZnQNCnNvbWUgb2YgdGhlIHNlY3VyaXR5IGNv bmNlcm5zIGFzIHNvbWUgYXJlIGFkZHJlc3NlZCBwcmlvciB0byBOU0gNCnNlZWluZyB0aGUgSVAg cGFja2V0IG9yIGZyYW1lLg0KDQpZb3VyIHJlc3BvbnNlIGhlbHBzLCBidXQgcGxlYXNlIHRha2Ug dGhlIHRpbWUgdG8gbG9vayB0aHJvdWdoIHRoZQ0KZG9jdW1lbnQgdG8gc2VlIGhvdyBpdCBjYW4g YmUgY2xhcmlmaWVkIHNvIG9uZSBkb2VzIG5vdCBoYXZlIHRoZQ0KcXVlc3Rpb25zIEkgYW5kIG90 aGVycyBoYXZlIHJhaXNlZC4NCg0KVGhhbmsgeW91LA0KS2F0aGxlZW4NCg0KT24gV2VkLCBTZXAg MjAsIDIwMTcgYXQgMTE6NTkgQU0sIENhcmxvcyBQaWduYXRhcm8gKGNwaWduYXRhKQ0KPGNwaWdu YXRhQGNpc2NvLmNvbTxtYWlsdG86Y3BpZ25hdGFAY2lzY28uY29tPj4gd3JvdGU6DQpIaSwgS2F0 aGxlZW4sDQoNClRoYW5rIHlvdSBmb3IgYXNraW5nIGV4cGxpY2l0bHkuIFRoaXMgZG9jdW1lbnQg dXNlZCB0byBoYXZlIGV4cGxpY2l0IOKAnE5TSCBFbmNhcHN1bGF0aW9uIEV4YW1wbGVz4oCdLCBi dXQgd2VyZSB0YWtlbiBvdXQgKGF0IHRoZSBBROKAmXMgcmVxdWVzdCkgYmFzZWQgb24gdGhlIGFy Z3VtZW50IHRoYXQg4oCcZXZlcnlvbmUgd291bGQgbGlrZSB0byBoYXZlIHRoZWlyIGVuY2Fwc3Vs YXRpb27igJ0uIFdlIGNhbiBhbHdheXMgYnJpbmcgdGhlbSBiYWNrIGlmIGRlc2lyZWQsIGV2ZW4g d2l0aGluIGEgbm9uLW5vcm1hdGl2ZSBhcHBlbmRpeC4NCg0KQXMgSSBmb2xsb3cgeW91ciBxdWVz dGlvbnMsIEkgd2lsbCB0cnkgbXkgYmVzdCB0byBhbnN3ZXIgYW5kIGNsYXJpZnkuDQoNCkkgYW0g bm90IHN1cmUgd2hpY2gg4oCcYnVubnkgdHJhaWzigJ0gdG9vayB0aGUgY29udmVyc2F0aW9uIGhl cmUsIGJ1dCBwZXJoYXBzIGEgY291cGxlIG9mIHRvcC1wb3N0IGNsYXJpZmljYXRpb25zIG1pZ2h0 IGhlbHA6DQoNCjEuIOKAnE9yaWdpbmFsIFBhY2tldC9GcmFtZeKAnSAtPiB0aGUgdGVybWlub2xv Z3kgUGFja2V0L0ZyYW1lLCBhcyBjb21tb25seSB1c2VkLCBkZW5vdGVzIGFuIElQIHBhY2tldCBv ciBhbiBFdGhlcm5ldCBmcmFtZS4NCjIuIFRoZSBvdXRlciAiVHJhbnNwb3J0IEVuY2Fwc3VsYXRp b27igJ0gZG9lcyAqbm90KiBtZWFuIFRDUC4gSXQgdXNlcyB0aGUgd29yZCDigJxUcmFuc3BvcnTi gJ0gYXMgdHJhbnNwb3J0IHByb2ZpbGUsIGFuIGVuY2Fwc3VsYXRpb24gdGhhdCB0cmFuc3BvcnRz LCBub3QgYXMgVENQLiBHUkUgaXMgb25lIGV4YW1wbGUgb2YgYSB0cmFuc3BvcnQgZW5jYXBzdWxh dGlvbiwgbm90IFRDUCBhcyBhIOKAnEw0IFRyYW5zcG9ydCBMYXllciBwcm90b2NvbOKAnS4NCg0K SW4gcG9pbnQgIzIsIEdSRSBpcyB0aGUgVHJhbnNwb3J0IHRoYXQgTlNIIHVzZXMgYmV0d2VlbiBT RkZzL1NGcy4gQW5kIGZ1cnRoZXIsIHNpbmNlIE5TSCBpcyBUcmFuc3BvcnQgRW5jYXBzdWxhdGlv biBhZ25vc3RpYywgd2UgYXJlIHRhbGtpbmcgYWJvdXQgcG90ZW50aWFsbHkgYSBicm9hZCBzZXQg b2YgcHJvdG9jb2xz4oCmIEnigJlkIGVuY291cmFnZSB1cyB0byBub3QgYXR0ZW1wdCB0byBjbGFz c2lmeSB0aGVtIGluIE9TSSBMYXllcnMuDQoNCkkgY2FuIHNlZSB0aGF0IHNvbWUgb2YgdGhpcyBt aWdodCBub3QgYmUgdG90YWxseSBjbGVhciBpZiBzY2FubmluZyB0aHJvdWdoIHRoZSBkb2N1bWVu dCwgYnV0IGl0IGlzIGNsZWFyIGZvciBhbiBpbXBsZW1lbnRvci4NCg0KU2VlIFRhYmxlIDEgYW5k IFRhYmxlIDMgZm9yIGV4YW1wbGVzIChUcmFuc3BvcnQgY29sdW1uKQ0KDQpJIGhvcGUgdGhpcyBo ZWxwcyBzZXQgY2xhcmlmeWluZyBjb250ZXh0LCBzZWUgaW5saW5lIGZvciBtb3JlIHNwZWNpZmlj IGRldGFpbHMuLi4NCg0KT24gU2VwIDIwLCAyMDE3LCBhdCAxMToyMSBBTSwgS2F0aGxlZW4gTW9y aWFydHkgPEthdGhsZWVuLk1vcmlhcnR5LmlldGZAZ21haWwuY29tPG1haWx0bzpLYXRobGVlbi5N b3JpYXJ0eS5pZXRmQGdtYWlsLmNvbT4+IHdyb3RlOg0KDQpIaSBDYXJsb3MsDQoNCkl0J3MgYSBz dGFydCwgYnV0IHNob3VsZCBiZSBtb3JlIHNwZWNpZmljLg0KDQpUaGUgc3BlY2lmaWNzIGFyZSBp biB0aGUgZG9jdW1lbnQsIGV2ZW4gZXhhbXBsZXMgYXMgcGVyIFRhYmxlcyAxIGFuZCAzLg0KDQpX aGF0IGFyZSB0aGUgb3JpZ2luYWwNCnBhY2tldHMvZnJhbWUgLSBpcyB0aGlzIGxpbmsgbGF5ZXIg b3IgbmV0d29yayBvciBib3RoPw0KDQpUaGVzZSBhcmUgdGhlIHBhY2tldHMgb3IgZnJhbWVzIGlu Y29taW5nIGludG8gYSBjbGFzc2lmaWVyLCBvcmlnaW5hbCwgdGhlbiBOU0ggaXMgaW1wb3NlZCwg dGhlbiBhIHRyYW5zcG9ydCBlbmNhcHN1bGF0aW9uIGlzIGltcG9zZWQuDQoNCkl0IHNlZW1zIGxp a2UNCmJvdGggZnJvbSB0aGUgZGlhZ3JhbSwgYnV0IGlzIHRoYXQgcmVhbGx5IHRoZSBjYXNlPw0K DQpZZXMsIGl0IGlzIGJvdGguIFJlYWxseSB0aGUgY2FzZS4NCg0KDQpUaGVuIGZvciB0aGUgdHJh bnNwb3J0IGVuY2Fwc3VsYXRpb24sIGlzIHRoaXMgbGF5ZXIgMyBvciA0Pw0KDQpJIGJlbGlldmUg aXQgaXMgYSBzb3VyY2Ugb2YgaGVhZGFjaGUgYW5kIGNvbmZ1c2lvbiB0byB0aGluayBhYm91dCBP U0kgbGF5ZXJz4oCmIHdoYXQgbGF5ZXIgaXMgSVAtaW4tSVA/IEFuZCBhbiBNUExTIFBzZXVkb3dp cmUgdHJhbnNwb3J0aW5nIEV0aGVybmV0PyBPciBhbiBJUHY2L0wyVFB2MyBwc2V1ZG93aXJlIHRy YW5zcG9ydGluZyBURE0/DQoNCg0KVGhlIHdvcmRpbmcgdGhhdCBwcmVjZWRlcyB0aGlzIGlzIGEg Yml0IGNvbmZ1c2luZyAoaGVyZSBmb3IgcmVmZXJlbmNlKToNCg0KIFRoZSBOZXR3b3JrIFNlcnZp Y2UgSGVhZGVyIChOU0gpIHNwZWNpZmljYXRpb24gZGVmaW5lcyBhIG5ldyBwcm90b2NvbA0KIGFu ZCBhc3NvY2lhdGVkIGVuY2Fwc3VsYXRpb24gZm9yIHRoZSBjcmVhdGlvbiBvZiBkeW5hbWljIHNl cnZpY2UNCiBjaGFpbnMsIG9wZXJhdGluZyBhdCB0aGUgc2VydmljZSBwbGFuZS4gIFRoZSBOU0gg aXMgZGVzaWduZWQgdG8NCiBlbmNhcHN1bGF0ZSBhbiBvcmlnaW5hbCBwYWNrZXQgb3IgZnJhbWUs IGFuZCBpbiB0dXJuIGJlIGVuY2Fwc3VsYXRlZA0KIGJ5IGFuIG91dGVyIHRyYW5zcG9ydCAod2hp Y2ggaXMgdXNlZCB0byBkZWxpdmVyIHRoZSBOU0ggdG8gTlNILWF3YXJlDQogbmV0d29yayBlbGVt ZW50cyksIGFzIHNob3duIGluIEZpZ3VyZSAxOg0KDQpEb2VzIHRoZSBleHBsYW5hdGlvbiBhYm92 ZSBoZWxwPyBJIGFtIG5vdCBzdXJlIGhvdyB0byBiZXN0IGFuc3dlcuKApiBiZWNhdXNlIEkgZG8g bm90IGZpbmQgaXQgY29uZnVzaW5nLiBUaGlzIHRleHQgaXMgdGhlIHJlc3VsdCBvZiByZXZpZXdl cnMgYXNraW5nIGZvciBjbGFyaXR5LCBhbmQgdGhlbiBhY2tub3dsZWRnaW5nIHRoYXQgdGhlIHBh cmFncmFwaCBhYm92ZSBicm91Z2h0IHRoYXQgY2xhcml0eS4NCg0KDQpOb3JtYWxseSwgdGhlIGhp Z2hlciBsYXllcnMgYXJlIGVuY2Fwc3VsYXRlZCwNCg0KV2hhdCBpcyBoaWdoZXIgYW5kIGxvd2Vy PyBBbmQgZm9yIHdoYXQgZGVmaW5pdGlvbiBvZiDigJxOb3JtYWxseeKAnT8gV2hhdOKAmXMgYSBU dW5uZWw/DQoNCmJ1dCB0aGlzIHdvcmRpbmcNCmRlc2NyaWJlcyBqdXN0IHRoZSBvcHBvc2l0ZS4g IEl0IHNheXMgdGhlIHBhY2tldC9mcmFtZSBhdCBsYXllciAyLzMNCihqdXN0IGdvaW5nIGZyb20g dGhlIG5vcm1hbCB1c2VzIG9mIHBhY2tldCBhbmQgZnJhbWUgdG8gYXNzdW1lIGxheWVyDQozLzIp Lg0KDQpDb3JyZWN0LiBJUCBwYWNrZXQsIEV0aGVybmV0IEZyYW1lLg0KDQpOSFMgZW5jYXBzdWxh dGVzIHRoYXQsIGFuZCB0aGVuIGlzIGVuY2Fwc3VsYXRlZCBieSBhIHRyYW5zcG9ydA0KbGF5ZXIg My80Pw0KDQpOby4NCg0KV2hlcmUgZG9lcyBpdCBzYXkg4oCcVHJhbnNwb3J0IExheWVy4oCdPw0K DQpOb3RlIHRoYXQg4oCcTmV0d29yayBUcmFuc3BvcnTigJ0sIGFuZCDigJxUcmFuc3BvcnQgRW5j YXBzdWxhdGlvbuKAnSBhcmUgdGVybXMgY29taW5nIGZyb20gUkZDIDc2NjUuDQoNCkFuZCB0byBi ZSBjbGVhcjogbWFueSBSRkNzIHVzZSDigJxUcmFuc3BvcnQgRW5jYXBzdWxhdGlvbuKAnSBvciBh IHZhcmlhdGlvbiBvZiB0aGF0IChFbmNhcHN1bGF0aW9uIGZvciBUcmFuc3BvcnQsIFRyYW5zcG9y dC1pbmRlcGVuZGVudCBFbmNhcHN1bGF0aW9uLCBldGMuKQ0KDQpTZWUgVGFibGUgMSBhbmQgVGFi bGUgMywgVHJhbnNwb3J0IGNvbHVtbiwgZm9yIGV4YW1wbGVzLg0KDQoNCklmIHlvdSBjYW4gY2xh cmlmeSB0aGlzIHRleHQgb3IgbWFrZSBpdCBjbGVhciB0aGF0IHlvdQ0KcmVhbGx5IGludGVuZGVk IHRvIGRvIHRoaXMgb2RkIGVuY2Fwc3VsYXRpb24sIHRoYXQgd291bGQgaGVscCBhIGxvdC4NCg0K SG9wZWZ1bGx5IG15IGV4cGxhbmF0aW9uIGhlbHBzLg0KDQpVbmRlcnN0YW5kaW5nIHRoZSBsYXll cnMgdGhpcyBhbGwgaGFwcGVucyBhdCBpcyB2ZXJ5IGltcG9ydGFudC4gIElmDQpOU0ggaXMgdGhl IHRyaWdnZXIgZm9yIHRoZSBsYXllciAzLzQgdHJhbnNwb3J0LCBob3cgY2FuIHNlY3VyaXR5IGJl DQphcHBsaWVkPyAgT3IgaXMgaXQgYWRkcmVzc2VkIGJ5IGEgcHJpb3IgMy80IGVuY2Fwc3VsYXRp b24gYnkgdGhlDQpvcmlnaW5hbCBwYWNrZXQvZnJhbWU/DQoNClRoYW5rcywNCkthdGhsZWVuDQoN Cg0KDQrigJQNCkNhcmxvcyBQaWduYXRhcm8sIGNhcmxvc0BjaXNjby5jb208bWFpbHRvOmNhcmxv c0BjaXNjby5jb20+DQoNCg0KDQpPbiBUdWUsIFNlcCAxOSwgMjAxNyBhdCA0OjUzIFBNLCBDYXJs b3MgUGlnbmF0YXJvIChjcGlnbmF0YSkNCjxjcGlnbmF0YUBjaXNjby5jb208bWFpbHRvOmNwaWdu YXRhQGNpc2NvLmNvbT4+IHdyb3RlOg0KSGksIEthdGhsZWVuLA0KDQpUaGFua3MgZm9yIHRoZSBj bGFyaWZpY2F0aW9uLg0KDQpSZWdhcmRpbmc6DQoNCmlzIHRoYXQgdGhlIGxheWVyaW5nIG5lZWRz IHRvIGJlIHNwZWNpZmljYWxseQ0Kc3RhdGVkIHRvIGNsZWFybHkNCg0KDQpMaWtlIHRoaXM/DQpo dHRwczovL3Rvb2xzLmlldGYub3JnL2h0bWwvZHJhZnQtaWV0Zi1zZmMtbnNoLTIxI3NlY3Rpb24t MQ0KDQogICAgICAgICAgICAgICAgICAgKy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLSsN CiAgICAgICAgICAgICAgICAgICB8ICAgIFRyYW5zcG9ydCBFbmNhcHN1bGF0aW9uICAgfA0KICAg ICAgICAgICAgICAgICAgICstLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0rDQogICAgICAg ICAgICAgICAgICAgfCBOZXR3b3JrIFNlcnZpY2UgSGVhZGVyIChOU0gpIHwNCiAgICAgICAgICAg ICAgICAgICArLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tKw0KICAgICAgICAgICAgICAg ICAgIHwgICAgT3JpZ2luYWwgUGFja2V0IC8gRnJhbWUgICB8DQogICAgICAgICAgICAgICAgICAg Ky0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLSsNCg0KICAgICAgICAgICAgRmlndXJlIDE6 IE5ldHdvcmsgU2VydmljZSBIZWFkZXIgRW5jYXBzdWxhdGlvbg0KDQpJIHRoaW5rIGlmIHlvdSBs YWlkIHRoaXMgb3V0DQpuaWNlbHkgYW5kIGNsZWFybHkgc2hvd2VkIHdoZXJlIHRyYW5zcG9ydCBz ZWN1cml0eSBpcyBhZGRyZXNzZWQgYXQNCmFub3RoZXIgbGF5ZXIgKG91dC1vZi1zY29wZSksIGl0 IHdvdWxkIGdvIGEgbG9uZyB3YXkuDQoNCg0KSG9wZWZ1bGx5IHRoZSBhYm92ZSAoZXhpc3Rpbmcp IGZpZ3VyZSBhbmQgdGV4dCBpcyBjbGVhci4gSW4gdGhhdCBjYXNlOg0KDQpPbmUgaWRlYSBpcyB0 byBjYXRlZ29yaXplIHRoZSBwYXJhZ3JhcGhzIGluIHRoZSBTZWN1cml0eSBDb25zaWRlcmF0aW9u cyB0bw0KbWFrZSB0aG9zZSByZWxhdGlvbnMgbW9yZSBjbGVhci4NCg0K4oCUDQpDYXJsb3MgUGln bmF0YXJvLg0KDQoNCk9uIFNlcCAxOSwgMjAxNywgYXQgMzozOCBQTSwgS2F0aGxlZW4gTW9yaWFy dHkNCjxLYXRobGVlbi5Nb3JpYXJ0eS5pZXRmQGdtYWlsLmNvbTxtYWlsdG86S2F0aGxlZW4uTW9y aWFydHkuaWV0ZkBnbWFpbC5jb20+PiB3cm90ZToNCg0KVGhhbmtzIGZvciB0aGUgcmVzcG9uc2Vz LiAgSSdtIGdvaW5nIHRvIHRvcCBwb3N0IGFzIEkgdGhpbiB0aGUgbWFpbg0KcG9pbnQgb2YgbXkg cmV2aWV3IGlzIHRoYXQgdGhlIGxheWVyaW5nIG5lZWRzIHRvIGJlIHNwZWNpZmljYWxseQ0Kc3Rh dGVkIHRvIGNsZWFybHkgc2NvcGUgdGhlIHByb2JsZW0gc3BhY2UgZm9yIE5TSCBzZWN1cml0eQ0K Y29uc2lkZXJhdGlvbnMuICBUaGUgZHJhZnQgYXMtd3JpdHRlbiBpcyBub3QgY2xlYXIgYW5kIGFz IGEgcmVzdWx0LA0Kc2VjdXJpdHkgcmV2aWV3cyBhcmUgdmVyeSBkaWZmaWN1bHQuICBJIHRoaW5r IGlmIHlvdSBsYWlkIHRoaXMgb3V0DQpuaWNlbHkgYW5kIGNsZWFybHkgc2hvd2VkIHdoZXJlIHRy YW5zcG9ydCBzZWN1cml0eSBpcyBhZGRyZXNzZWQgYXQNCmFub3RoZXIgbGF5ZXIgKG91dC1vZi1z Y29wZSksIGl0IHdvdWxkIGdvIGEgbG9uZyB3YXkuICBBbHRob3VnaCB0aGUNCmRyYWZ0IGltcHJv dmVkIGEgYml0IGZyb20gdGhlIHByZXZpb3VzIHZlcnNpb24sIEkgdGhpbmsgYSBjYXJlZnVsDQpy ZXZpZXcgYW5kIGVkaXQgcGFzcyB3b3VsZCBkbyBhIGxvdCBvZiBnb29kLCBzcGVjaWZpY2FsbHkg YXJvdW5kDQpjbGFyaXR5IG9mIHRoZSBwcm9ibGVtIHNwYWNlIGFuZCBzb2x1dGlvbi4gIFRoZSBx dWVzdGlvbnMgSSBhc2tlZCB3ZXJlDQphIHJlc3VsdCBvZiBsYWNrIG9mIGNsYXJpdHkgaW4gdGhl IGRyYWZ0Lg0KDQpUaGFua3MsDQpLYXRobGVlbg0KDQpPbiBUdWUsIFNlcCAxOSwgMjAxNyBhdCAz OjIyIFBNLCBQYXVsIFF1aW5uIChwYXVscSkgPHBhdWxxQGNpc2NvLmNvbTxtYWlsdG86cGF1bHFA Y2lzY28uY29tPj4gd3JvdGU6DQoNCkhpLA0KDQpUaGFuayB5b3UgZm9yIHRoZSByZXZpZXcuICBQ bGVhc2Ugc2VlIHNvbWUgY29tbWVudHMgaW5saW5lIGJlbG93Lg0KDQpQYXVsDQoNCk9uIFNlcCAx OCwgMjAxNywgYXQgNDoxNSBQTSwgS2F0aGxlZW4gTW9yaWFydHkNCjxrYXRobGVlbi5tb3JpYXJ0 eS5pZXRmQGdtYWlsLmNvbTxtYWlsdG86a2F0aGxlZW4ubW9yaWFydHkuaWV0ZkBnbWFpbC5jb20+ PiB3cm90ZToNCg0KSGVsbG8sDQoNCkF0IEFsaWEncyByZXF1ZXN0LCBJIGRpZCBhbiBlYXJseSBy ZXZpZXcgb2YgZHJhZnQtaWV0Zi1zZmMtbnNoLiAgSGVyZQ0KYXJlIHNvbWUgaW5pdGlhbCBjb21t ZW50cyBhbmQgSSBtYXkgaGF2ZSBtb3JlIHdoZW4gdGhlIGRyYWZ0IGlzDQpyZXZpc2VkIGFuZCBp cyBpbiBmb3IgSUVTRyByZXZpZXcuICBJIGFwcHJlY2lhdGUgeW91ciBlZmZvcnRzDQphZGRyZXNz aW5nIHRoZSBjb21tZW50cyByZWNlaXZlZCB0byBkYXRlLiAgSSBob3BlIHlvdSBmaW5kIHRoZXNl DQpzdWdnZXN0aW9ucyBhcyBoZWxwZnVsIGltcHJvdmVtZW50cyB0byB0aGUgZG9jdW1lbnQgYW5k IGNsYXJpdHkgb2YgTlNIDQpzZWN1cml0eSBjb25jZXJucy4NCg0KDQpTZWN0aW9uIDEgLQ0KDQpU aGUgaW50ZW5kZWQgc2NvcGUgaW4gdGhlIGludHJvZHVjdGlvbiBzaG91bGQgYWxzbyBpbmNsdWRl IG1lbnRpb24gb2YNCm11bHRpLXRlbmFuY3kuICBUaGlzIGNoYW5nZXMgdGhlIHNlY3VyaXR5IHJl cXVpcmVtZW50cyBhbmQgaXMgdmVyeQ0KaW1wb3J0YW50IHRvIG5vdGUuDQoNClNlY3Rpb24gMS40 IC0NCg0KNS4gIFRyYW5zcG9ydCBBZ25vc3RpYzogVGhlIE5TSCBpcyBlbmNhcHN1bGF0aW9uLWlu ZGVwZW5kZW50LCBtZWFuaW5nDQogICBpdCBjYW4gYmUgdHJhbnNwb3J0ZWQgYnkgYSB2YXJpZXR5 IG9mIHByb3RvY29scy4gIEFuIGFwcHJvcHJpYXRlDQogICAoZm9yIGEgZ2l2ZW4gZGVwbG95bWVu dCkgZW5jYXBzdWxhdGlvbiBwcm90b2NvbCBjYW4gYmUgdXNlZCB0bw0KICAgY2FycnkgTlNILWVu Y2Fwc3VsYXRlZCB0cmFmZmljLiAgVGhpcyB0cmFuc3BvcnQgbWF5IGZvcm0gYW4NCiAgIG92ZXJs YXkgbmV0d29yayBhbmQgaWYgYW4gZXhpc3Rpbmcgb3ZlcmxheSB0b3BvbG9neSBwcm92aWRlcyB0 aGUNCiAgIHJlcXVpcmVkIHNlcnZpY2UgcGF0aCBjb25uZWN0aXZpdHksIHRoYXQgZXhpc3Rpbmcg b3ZlcmxheSBtYXkgYmUNCiAgIHVzZWQuDQoNCklzIHRoZXJlIGEgcHJlZmVycmVkIHRyYW5zcG9y dCBzbyB5b3UgY291bGQgc3BlY2lmeSBhIHJlY29tbWVuZGVkDQp0cmFuc3BvcnQgc2VjdXJpdHkg cHJvdG9jb2w/DQoNCg0KUFE+IFRoZXJlIGlzIG5vdC4gIEluIGZhY3QgYXQgdGhlIEFE4oCZcyBy ZXF1ZXN0IHNhbXBsZSB0cmFuc3BvcnRzIHdlcmUNCnJlbW92ZWQgdG8gZW5zdXJlIHRoYXQgdGhl cmUgd2FzIG5vIGltcGxpZWQgcHJlZmVyZW5jZS4gIFRoZXJlZm9yZSwgYW4NCm9wZXJhdG9yIGNh biBzZWxlY3QgdGhlaXIgcHJlZmVycmVkIHRyYW5zcG9ydHMsIGluY2x1ZGluZyDigJQgYXMgcGVy IHRoZQ0Kc2VjdXJpdHkgY29uc2lkZXJhdGlvbnMgc2VjdGlvbiDigJQgb25lcyB0aGF0IHByb3Zp ZGUgZW5jcnlwdGlvbi4NCg0KDQpTZWN0aW9uIDIsIDNyZCBzZW50ZW5jZToNClN1YnNlcXVlbnRs eSwgYW4NCm91dGVyIGVuY2Fwc3VsYXRpb24gaXMgaW1wb3NlZCBvbiB0aGUgTlNILCB3aGljaCBp cyB1c2VkIGZvciBuZXR3b3JrDQpmb3J3YXJkaW5nLg0KDQpLbm93aW5nIG1vcmUgYWJvdXQgdGhp cyB3b3VsZCBoZWxwIHRvIHVuZGVyc3RhbmQgb3B0aW9ucyBvciBpZiB0aGVyZQ0KaXMgYW5vdGhl ciBkcmFmdCB0aGF0IGFkZHJlc3NlcyB0aGlzIG91dGVyIGVuY2Fwc3VsYXRpb24gdGhhdCBpcw0K aW1wb3NlZCBhbmQgdGhlIHRyYW5zcG9ydCBzZWN1cml0eSByZXF1aXJlbWVudHMgdGhhdCBnbyBh bG9uZyB3aXRoIGl0Lg0KDQoNClBRPiBTaW5jZSBOU0ggZGVmaW5lcyBubyBwcmVmZXJyZWQgdHJh bnNwb3J0KHMpLCB0aGUgc2VjdXJpdHkgb2YgdGhlDQpzZWxlY3RlZCB0cmFuc3BvcnQgaXMgbGVm dCB0byB0aGUgdHJhbnNwb3J0IHN0YW5kYXJkLiAgIFNvLCBmb3IgZXhhbXBsZSwgaWYNCmFuIG9w ZXJhdG9yIGVsZWN0cyB0byB1c2UgdGhlIE5WTzMgZGVmaW5lZCBwcm90b2NvbCwgdGhlbiB0aGUg b3BlcmF0b3IgaGFzDQpleHBsaWNpdGx5IHNlbGVjdGVkIHRoYXQgb3ZlcmxheS4NCg0KDQpUcmFu c3BvcnQgbWF5IGJlIGhvcCB0byBob3AsIGFuZCB0aGVyZSBtaWdodCBub3QgYmUgZW5jcnlwdGlv biBvZiB0aGlzDQpoZWFkZXIgaWYgdGhlIGFwcGxpY2F0aW9uIHVzZXMgYW4gZW5jcnlwdGVkIHRy YW5zcG9ydCBlbmNhcHN1bGF0ZWQgaW4NCnRoaXMgbGF5ZXIuICBJbiBhbnkgY2FzZSwgaXQgc2Vl bXMgaW50ZWdyaXR5IHByb3RlY3Rpb24gaXMgYQ0KcmVxdWlyZW1lbnQgZm9yIGEgbXVsdGktdGVu YW50IGVudmlyb25tZW50LiAgQ291bGQgdGhlIENPU0UgTUFDDQpmdW5jdGlvbiBmaXQgdGhlIGJp bGwgc2luY2UgaXQgaXMgaW50ZW5kZWQgZm9yIGNvbmNpc2UgZm9ybWF0cz8NCmh0dHBzOi8vZGF0 YXRyYWNrZXIuaWV0Zi5vcmcvZG9jL3JmYzgxNTINCkpPU0UgcHJvZHVjZWQgYSBzaW1pbGFyIGZ1 bmN0aW9uIHdpdGggSlNPTiwgYnV0IGl0IHdvdWxkIGJlIHNsaWdodGx5IGxhcmdlci4NCg0KU2Vj dGlvbiA3LjE6DQoNClRoZSBmb2xsb3dpbmcgcGFyYWdyYXBoIGltcGxpZXMgdGhhdCBhbnl0aGlu ZyBsZXNzIHRoYW4gYSA1LXR1cGxlDQppc27igJl0IHVzZWZ1bCBhbmQgdGhhdCB5b3UgaW50ZW5k IHRvIHVzZSB0cmFmZmljIGNvbnRlbnQgd2hlbg0KYXZhaWxhYmxlLiAgVGhpcyBpcyBjb25jZXJu aW5nLiAgQ2Fu4oCZdCB5b3UgdXNlIGEgMi10dXBsZT8gIFdoYXQgaWYNCklQc2VjIHRyYW5zcG9y dCBtb2RlIHdlcmUgaW4gdXNlLCBpcyB0aGlzIHNvbHV0aW9uIGRlYWQgaW4gdGhlIHdhdGVyPw0K DQpSZWdhcmRsZXNzIG9mIHRoZSBzb3VyY2UsIG1ldGFkYXRhIHJlZmxlY3RzIHRoZSAicmVzdWx0 IiBvZg0KY2xhc3NpZmljYXRpb24uICBUaGUgZ3JhbnVsYXJpdHkgb2YgY2xhc3NpZmljYXRpb24g bWF5IHZhcnkuICBGb3INCmV4YW1wbGUsIGEgbmV0d29yayBzd2l0Y2gsIGFjdGluZyBhcyBhIGNs YXNzaWZpZXIsIG1pZ2h0IG9ubHkgYmUgYWJsZQ0KdG8gY2xhc3NpZnkgYmFzZWQgb24gYSA1LXR1 cGxlLCB3aGlsZSBhIHNlcnZpY2UgZnVuY3Rpb24gbWF5IGJlIGFibGUNCnRvIGluc3BlY3QgYXBw bGljYXRpb24gaW5mb3JtYXRpb24uICBSZWdhcmRsZXNzIG9mIGdyYW51bGFyaXR5LCB0aGUNCmNs YXNzaWZpY2F0aW9uIGluZm9ybWF0aW9uIGNhbiBiZSByZXByZXNlbnRlZCBpbiB0aGUgTlNILg0K DQpJZiBhIDItdHVwbGUgaXMgcG9zc2libGUsIGNvdWxkIHlvdSBhZGQgdGhhdCBpbiBhcyBhbiBl eGFtcGxlIGluc3RlYWQNCm9mIG9yIGluIGFkZGl0aW9uIHRvIHRoZSA1LXR1cGxlPw0KDQoNClBR PiAgVGhlIDUtdHVwbGUgd2FzIHVzZWQgb25seSBhcyBhbiBleGFtcGxlIHRoYXQgaXMgY29tbW9u bHkgdW5kZXJzdG9vZCBpbg0KdGhlIGNvbnRleHQgb2YgbmV0d29yayBkZXZpY2UgY2xhc3NpZmlj YXRpb24uICBUaGUgc2VudGVuY2U6ICJUaGUNCmdyYW51bGFyaXR5IG9mIGNsYXNzaWZpY2F0aW9u IG1heSB2YXJ5LuKAnSBhZGRyZXNzZXMgMiwgMywgNCwgbi10dXBsZQ0KY2xhc3NpZmljYXRpb24u ICBGdXJ0aGVyLCB0aGF0IHBvaW50IGlzIHJlaW5mb3JjZWQ6IOKAnFJlZ2FyZGxlc3Mgb2YNCmdy YW51bGFyaXR5LCB0aGUgY2xhc3NpZmljYXRpb24gaW5mb3JtYXRpb24gY2FuIGJlIHJlcHJlc2Vu dGVkIGluIHRoZSBOU0guIg0KDQoNCg0KDQpTZWN0aW9uIDcuMQ0KDQpUaGlzIHRleHQgY29tZXMg dG9vIGxhdGUgaW4gdGhlIGRyYWZ0IGFuZCBJIHJlY29tbWVuZCBtYWtpbmcgYSBjbGVhcg0Kc3Rh dGVtZW50IGluIHRoZSBpbnRyb2R1Y3Rpb24gdGhhdCBzZXNzaW9uIGVuY3J5cHRpb24gdG8gcHJv dGVjdCB0aGUNCmRhdGEgaW4gdHJhbnNpdCByZWxpZXMgb24gdGhlIGFwcGxpY2F0aW9uL3NlcnZp Y2Ugc2VuZGluZy9yZWNlaXZpbmcNCnRoZSBkYXRhIGFuZCBub3QgdGhlIFNGQy4gIEkgbWFkZSB0 aGlzIHBvaW50IHByZXZpb3VzbHkgYW5kIGFtIGdsYWQgdG8NCnNlZSBzb21lIHRleHQsIGJ1dCB0 aGluayBpdCB3b3VsZCBiZSBtdWNoIGJldHRlciB0byBzdGF0ZSB0aGlzIGVhcmx5DQppbiB0aGUg ZHJhZnQuICBUb3VjaGluZyB1cG9uIHByb3RlY3Rpb25zIGZvciBkYXRhIHN0cmVhbXMgdmVyc3Vz IG1ldGENCmRhdGEgd291bGQgYm90aCBiZSBpbXBvcnRhbnQgKGxheWVycyBmb3IgdHJhZmZpYyBh bmQgYXNzb2NpYXRlZA0KcHJvdGVjdGlvbnMpLiAgSWYgaXTigJlzIG1ldGEgZGF0YSwgZG8gdGhl eSBuZWVkIHRvIHJlbHkgb24gSVBzZWMgYW5kDQpoYXZpbmcgYSAyLXR1cGxlIGJlIHRoZSBtaW5p bXVtPyAgV2hlbiBpcyB0aGF0IGFwcGxpZWQ/ICBJcyB0aGVyZSBtZXRhDQpkYXRhIHRoYXQgY291 bGQgYmUgc2Vuc2l0aXZlIGlmIFRMUyB3YXMgaW4gcGxhY2UgYW5kIGEgNS10dXBsZSBpcw0Kdmlz aWJsZSAocGVyaGFwcyB0aGUgZXhpc3RlbmNlIG9mIGNvbW11bmljYXRpb24gaXMgc2Vuc2l0aXZl KS4gIEFyZQ0KdGhlcmUgb3RoZXIgY29uc2lkZXJhdGlvbnMgZm9yIG1ldGFkYXRhIGFuZCBkYXRh IHRoYXQgbmVlZCB0byBiZQ0Kc3RhdGVkIHVwIGZyb250IGFuZCBwdXQgb3V0LW9mLXNjb3BlIGZv ciBTRkM/ICBJ4oCZbSBhc2tpbmcgdGhlc2UNCnF1ZXN0aW9ucyBhcyBwcm92aWRpbmcgdGhlc2Ug YW5zd2VycyBjb3VsZCBzaG93IHRoYXQgdGhlIHJpc2sgaXMNCmNvbnN0cmFpbmVkLg0KDQpEZXBl bmRpbmcgb24gdGhlIGluZm9ybWF0aW9uIGNhcnJpZWQgaW4gdGhlIG1ldGFkYXRhLCBkYXRhIHBy aXZhY3kNCmNvbnNpZGVyYXRpb25zIG1heSBuZWVkIHRvIGJlIGNvbnNpZGVyZWQuICBGb3IgZXhh bXBsZSwgaWYgdGhlDQptZXRhZGF0YSBjb252ZXlzIHRlbmFudCBpbmZvcm1hdGlvbiwgdGhhdCBp bmZvcm1hdGlvbiBtYXkgbmVlZCB0byBiZQ0KYXV0aGVudGljYXRlZCBhbmQvb3IgZW5jcnlwdGVk IGJldHdlZW4gdGhlIG9yaWdpbmF0b3IgYW5kIHRoZQ0KaW50ZW5kZWQgcmVjaXBpZW50cyAod2hp Y2ggbWF5IGluY2x1ZGUgaW50ZW5kZWQgU0ZzIG9ubHkpLiAgVGhlIE5TSA0KaXRzZWxmIGRvZXMg bm90IHByb3ZpZGUgcHJpdmFjeSBmdW5jdGlvbnMsIHJhdGhlciBpdCByZWxpZXMgb24gdGhlDQp0 cmFuc3BvcnQvb3ZlcmxheSBsYXllci4gIEFuIG9wZXJhdG9yIGNhbiBzZWxlY3QgdGhlIGFwcHJv cHJpYXRlDQp0cmFuc3BvcnQgdG8gZW5zdXJlIGNvbmZpZGVudGlhbGl0eSAoYW5kIG90aGVyIHNl Y3VyaXR5KQ0KY29uc2lkZXJhdGlvbnMgYXJlIG1ldC4gIE1ldGFkYXRhIHByaXZhY3kgYW5kIHNl Y3VyaXR5IGNvbnNpZGVyYXRpb25zDQphcmUgYSBtYXR0ZXIgZm9yIHRoZSBkb2N1bWVudHMgdGhh dCBkZWZpbmUgbWV0YWRhdGEgZm9ybWF0Lg0KDQoNCg0KUFE+ICBBcmUgeW91IHN1Z2dlc3Rpbmcg dGhhdCBhcHBsaWNhdGlvbiBsYXllciBjb25maWRlbnRpYWxseSBiZSBhZGRyZXNzZWQNCmluIHRo aXMgZHJhZnQ/ICAgTlNIIOKAnHBsYXlzIG5pY2VseeKAnSB3aXRoIHN0YW5kYXJkIGVuY3J5cHRp b24gdHJhbnNwb3J0cywNCnRoZXJlZm9yZSBhbGxvd2luZyBvcGVyYXRvcnMgdG8g4oCcc2VjdXJl 4oCdIHRoZSBwYXRoLiAgR29pbmcgdXAgdGhlIHN0YWNrIGZyb20NCnRoYXQgc2VlbXMgdG8gYmUg b3V0c2lkZSB0aGUgc2NvcGUgb2YgTlNIIGFuZCBpbmNvbnNpc3RlbnQgd2l0aCBvdGhlcg0KcHJv dG9jb2wgcmVxdWlyZW1lbnRzLg0KDQoNCk90aGVyIGNvbW1lbnRzOg0KDQpJ4oCZZCBsaWtlIHRv IHNlZTsNCmh0dHBzOi8vdG9vbHMuaWV0Zi5vcmcvaHRtbC9kcmFmdC1tZ2x0LXNmYy1zZWN1cml0 eS1lbnZpcm9ubWVudC1yZXEtMDINClB1Ymxpc2hlZCBiZWZvcmUgdGhpcyBkb2N1bWVudCBhbmQg dGhlbiBoYXZlIHRoYXQgYXMgYSByZWZlcmVuY2UuICBPbmUNCm9mIHRoZSBjb21tZW50cyBJIG1h ZGUgcHJldmlvdXNseSB3YXMgdG8gbGlzdCBvdXQgdGhlIGxheWVyaW5nIGFuZA0KcHJvdGVjdGlv bnMgZXhwZWN0ZWQgb24gZGF0YSBhbmQgTlNILiAgVGhpcyBoYXMgYmVlbiBkb25lIGluIHRoZQ0K c2VjdXJpdHkgZW52aXJvbm1lbnQgZHJhZnQsIHNlY3Rpb24gNCBzaG91bGQgYmUgcmVmZXJlbmNl ZDoNCg0KU2VjdGlvbiA0IHByb3ZpZGVzIGFuIG92ZXJhbGwgZGVzY3JpcHRpb24gb2YgdGhlIFNG QyBlbnZpcm9ubWVudCB3aXRoDQp0aGUgaW50cm9kdWN0aW9uIG9mIHRoZSBkaWZmZXJlbnQgcGxh bmVzIChTRkMgQ29udHJvbCBQbGFuZSwgdGhlIFNGQw0KTWFuYWdlbWVudCBQbGFuZSwgdGhlIFRl bmFudCdzIHVzZXIgUGxhbmUgYW5kIHRoZSBTRkMgRGF0YSBQbGFuZSkuDQoNCg0KDQpQUT4gIEFz IEkgbWVudGlvbmVkIG9uIGFub3RoZXIgdGhyZWFkOiBhIHNlY3VyZSBlbnZpcm9ubWVudCBkcmFm dCBpcyBub3QNCnJlbGF0ZWQgdG8gTlNIIHBlciBzZS4NCg0KDQoNCg0KVGhpcyBpcyBhIHZlcnkg aW1wb3J0YW50IHBvaW50IGZvciBhbnlvbmUgcmV2aWV3aW5nIGZvciBzZWN1cml0eSBhcw0KYXJl IHRoZSBlbnZpcm9ubWVudCBzZWN1cml0eSByZXF1aXJlbWVudHMuICBUaGUgc2VjdXJpdHkgZW52 aXJvbm1lbnQNCnJlcXVpcmVtZW50cyBkcmFmdCBzdGlsbCBuZWVkcyBhIGxpdHRsZSBtb3JlIHdv cmsgZnJvbSBhIHF1aWNrIHJlYWQsDQpidXQgaGVscHMgYSBsb3QuICBJIG5lZWQgdG8gZmluaXNo IHJlYWRpbmcgdGhlIHNlY3VyaXR5IGVudmlyb25tZW50DQpkcmFmdC4NCg0KLS0NCg0KQmVzdCBy ZWdhcmRzLA0KS2F0aGxlZW4NCg0KX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f X19fX19fX19fX18NCnNmYyBtYWlsaW5nIGxpc3QNCnNmY0BpZXRmLm9yZw0KaHR0cHM6Ly93d3cu aWV0Zi5vcmcvbWFpbG1hbi9saXN0aW5mby9zZmMNCg0KDQoNCg0KDQotLQ0KDQpCZXN0IHJlZ2Fy ZHMsDQpLYXRobGVlbg0KDQpfX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f X19fX19fXw0Kc2ZjIG1haWxpbmcgbGlzdA0Kc2ZjQGlldGYub3JnDQpodHRwczovL3d3dy5pZXRm Lm9yZy9tYWlsbWFuL2xpc3RpbmZvL3NmYw0KDQoNCg0KDQoNCi0tDQoNCkJlc3QgcmVnYXJkcywN CkthdGhsZWVuDQoNCg0KDQoNCi0tDQoNCkJlc3QgcmVnYXJkcywNCkthdGhsZWVuDQoNCg== --_000_CD89AF2629BC412F891A7828BFED1C70ciscocom_ Content-Type: text/html; charset="utf-8" Content-ID: Content-Transfer-Encoding: base64 PGh0bWw+DQo8aGVhZD4NCjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIgY29udGVudD0i dGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Ij4NCjwvaGVhZD4NCjxib2R5IHN0eWxlPSJ3b3JkLXdy YXA6IGJyZWFrLXdvcmQ7IC13ZWJraXQtbmJzcC1tb2RlOiBzcGFjZTsgLXdlYmtpdC1saW5lLWJy ZWFrOiBhZnRlci13aGl0ZS1zcGFjZTsiIGNsYXNzPSIiPg0KPGRpdiBjbGFzcz0iIj5LYXRobGVl biwNCjxkaXYgY2xhc3M9IiI+PGJyIGNsYXNzPSIiPg0KPC9kaXY+DQo8ZGl2IGNsYXNzPSIiPlN1 cmUsIHdlIHdpbGwgdGFrZSBhbiBFZGl0b3JpYWwgcGFzcyBhbmQgbG9vayBvdmVyIGl0IGFuZCBh bGwgdGhlIG1lbnRpb25zIG9mIHNwZWNpZmljIGtleXdvcmRzLiBBcyBJIG1lbnRpb25lZCwgd2Ug d2lsbCBhbHNvIGdvIG92ZXIgdGhlIHNlY3VyaXR5IGNvbnNpZGVyYXRpb25zIHRleHQgdG8gbWFr ZSB0aGUgdGV4dCBmbG93IGFuZCBjYXRlZ29yaXphdGlvbiBtb3JlIGNsZWFyLjwvZGl2Pg0KPGRp diBjbGFzcz0iIj48YnIgY2xhc3M9IiI+DQo8L2Rpdj4NCjxkaXYgY2xhc3M9IiI+QWxsIHRob3Nl IEVkaXRvcmlhbHMgd2lsbCBjbGFyaWZ5IGZ1cnRoZXIuPC9kaXY+DQo8ZGl2IGNsYXNzPSIiPjxi ciBjbGFzcz0iIj4NCjwvZGl2Pg0KPGRpdiBjbGFzcz0iIj4NCjxibG9ja3F1b3RlIHR5cGU9ImNp dGUiIGNsYXNzPSIiPnNvIG9uZSBkb2VzIG5vdCBoYXZlIHRoZTxiciBjbGFzcz0iIj4NCnF1ZXN0 aW9ucyBJIGFuZCBvdGhlcnMgaGF2ZSByYWlzZWQuPGJyIGNsYXNzPSIiPg0KPC9ibG9ja3F1b3Rl Pg0KPGJyIGNsYXNzPSIiPg0KPC9kaXY+DQo8ZGl2IGNsYXNzPSIiPkhvd2V2ZXI6IG90aGVycyBo YXZlIHJhaXNlZCBzaW1pbGFyIHF1ZXN0aW9uIGluIHJldiAtMTguIFRoZSBjaGFuZ2VzIGJldHdl ZW4gLTE4IGFuZCAtMjEgcmVzb2x2ZWQgYWxsIHRob3NlIHF1ZXN0aW9ucy4gRXZlcnlvbmUgKGV4 Y2VwdCB5b3UpIHdobyBoYWQgcmFpc2VkIGV2ZW4gYSBzbWFsbCBjb25jZXJuIGFib3V0IHRoYXQg c3BlY2lmaWMgY29uZnVzaW9uLCBhbHJlYWR5IGFja25vd2xlZGdlIHRoYXQgdGhlIGN1cnJlbnQN CiB2ZXJzaW9uIGFkZHJlc3NlcyB0aG9zZS48L2Rpdj4NCjxkaXYgY2xhc3M9IiI+PGJyIGNsYXNz PSIiPg0KPC9kaXY+DQo8ZGl2IGNsYXNzPSIiPlRoYW5rcyw8L2Rpdj4NCjxkaXYgY2xhc3M9IiI+ PGJyIGNsYXNzPSIiPg0KPGRpdiBjbGFzcz0iIj4NCjxkaXYgc3R5bGU9ImNvbG9yOiByZ2IoMCwg MCwgMCk7IGxldHRlci1zcGFjaW5nOiBub3JtYWw7IHRleHQtYWxpZ246IHN0YXJ0OyB0ZXh0LWlu ZGVudDogMHB4OyB0ZXh0LXRyYW5zZm9ybTogbm9uZTsgd2hpdGUtc3BhY2U6IG5vcm1hbDsgd29y ZC1zcGFjaW5nOiAwcHg7IC13ZWJraXQtdGV4dC1zdHJva2Utd2lkdGg6IDBweDsgd29yZC13cmFw OiBicmVhay13b3JkOyAtd2Via2l0LW5ic3AtbW9kZTogc3BhY2U7IC13ZWJraXQtbGluZS1icmVh azogYWZ0ZXItd2hpdGUtc3BhY2U7IiBjbGFzcz0iIj4NCuKAlDxiciBjbGFzcz0iIj4NCkNhcmxv cyBQaWduYXRhcm8sJm5ic3A7PGEgaHJlZj0ibWFpbHRvOmNhcmxvc0BjaXNjby5jb20iIGNsYXNz PSIiPmNhcmxvc0BjaXNjby5jb208L2E+PGJyIGNsYXNzPSIiPg0KPGJyIGNsYXNzPSIiPg0KPGkg Y2xhc3M9IiI+4oCcU29tZXRpbWVzIEkgdXNlIGJpZyB3b3JkcyB0aGF0IEkgZG8gbm90IGZ1bGx5 IHVuZGVyc3RhbmQsIHRvIG1ha2UgbXlzZWxmIHNvdW5kIG1vcmUgcGhvdG9zeW50aGVzaXMuJnF1 b3Q7PC9pPjwvZGl2Pg0KPC9kaXY+DQo8YnIgY2xhc3M9IiI+DQo8ZGl2Pg0KPGJsb2NrcXVvdGUg dHlwZT0iY2l0ZSIgY2xhc3M9IiI+DQo8ZGl2IGNsYXNzPSIiPk9uIFNlcCAyMCwgMjAxNywgYXQg MTI6MjIgUE0sIEthdGhsZWVuIE1vcmlhcnR5ICZsdDs8YSBocmVmPSJtYWlsdG86S2F0aGxlZW4u TW9yaWFydHkuaWV0ZkBnbWFpbC5jb20iIGNsYXNzPSIiPkthdGhsZWVuLk1vcmlhcnR5LmlldGZA Z21haWwuY29tPC9hPiZndDsgd3JvdGU6PC9kaXY+DQo8YnIgY2xhc3M9IkFwcGxlLWludGVyY2hh bmdlLW5ld2xpbmUiPg0KPGRpdiBjbGFzcz0iIj4NCjxkaXYgY2xhc3M9IiI+SGkgQ2FybG9zLDxi ciBjbGFzcz0iIj4NCjxiciBjbGFzcz0iIj4NClBsZWFzZSBsb29rIGF0IHRoZSB0ZXh0IGluIHRo ZSBjdXJyZW50IGRvY3VtZW50LiAmbmJzcDtJdCBvbmx5IHNheXM8YnIgY2xhc3M9IiI+DQp0cmFu c3BvcnQgaW4gdGhlIHRleHQgSSBxdW90ZWQuICZuYnNwO1RoZSBkaWFncmFtIGFsc28gb25seSBz YXlzIHRyYW5zcG9ydC48YnIgY2xhc3M9IiI+DQpEcmFmdHMgbmVlZCB0byBiZSBjbGVhcmx5IHdy aXR0ZW4gdG8gYmUgYnJvYWRseSB1bmRlcnN0b29kIGFuZCB0aGUgd2F5PGJyIGNsYXNzPSIiPg0K dGhlIHRleHQgaXMgbm93LCBpdCBpcyBub3QuICZuYnNwO0kgdGhpbmsgY2xlYW5pbmcgaXQgdXAg YSBiaXQgd2lsbCBsaWZ0PGJyIGNsYXNzPSIiPg0Kc29tZSBvZiB0aGUgc2VjdXJpdHkgY29uY2Vy bnMgYXMgc29tZSBhcmUgYWRkcmVzc2VkIHByaW9yIHRvIE5TSDxiciBjbGFzcz0iIj4NCnNlZWlu ZyB0aGUgSVAgcGFja2V0IG9yIGZyYW1lLjxiciBjbGFzcz0iIj4NCjxiciBjbGFzcz0iIj4NCllv dXIgcmVzcG9uc2UgaGVscHMsIGJ1dCBwbGVhc2UgdGFrZSB0aGUgdGltZSB0byBsb29rIHRocm91 Z2ggdGhlPGJyIGNsYXNzPSIiPg0KZG9jdW1lbnQgdG8gc2VlIGhvdyBpdCBjYW4gYmUgY2xhcmlm aWVkIHNvIG9uZSBkb2VzIG5vdCBoYXZlIHRoZTxiciBjbGFzcz0iIj4NCnF1ZXN0aW9ucyBJIGFu ZCBvdGhlcnMgaGF2ZSByYWlzZWQuPGJyIGNsYXNzPSIiPg0KPGJyIGNsYXNzPSIiPg0KVGhhbmsg eW91LDxiciBjbGFzcz0iIj4NCkthdGhsZWVuPGJyIGNsYXNzPSIiPg0KPGJyIGNsYXNzPSIiPg0K T24gV2VkLCBTZXAgMjAsIDIwMTcgYXQgMTE6NTkgQU0sIENhcmxvcyBQaWduYXRhcm8gKGNwaWdu YXRhKTxiciBjbGFzcz0iIj4NCiZsdDs8YSBocmVmPSJtYWlsdG86Y3BpZ25hdGFAY2lzY28uY29t IiBjbGFzcz0iIj5jcGlnbmF0YUBjaXNjby5jb208L2E+Jmd0OyB3cm90ZTo8YnIgY2xhc3M9IiI+ DQo8YmxvY2txdW90ZSB0eXBlPSJjaXRlIiBjbGFzcz0iIj5IaSwgS2F0aGxlZW4sPGJyIGNsYXNz PSIiPg0KPGJyIGNsYXNzPSIiPg0KVGhhbmsgeW91IGZvciBhc2tpbmcgZXhwbGljaXRseS4gVGhp cyBkb2N1bWVudCB1c2VkIHRvIGhhdmUgZXhwbGljaXQg4oCcTlNIIEVuY2Fwc3VsYXRpb24gRXhh bXBsZXPigJ0sIGJ1dCB3ZXJlIHRha2VuIG91dCAoYXQgdGhlIEFE4oCZcyByZXF1ZXN0KSBiYXNl ZCBvbiB0aGUgYXJndW1lbnQgdGhhdCDigJxldmVyeW9uZSB3b3VsZCBsaWtlIHRvIGhhdmUgdGhl aXIgZW5jYXBzdWxhdGlvbuKAnS4gV2UgY2FuIGFsd2F5cyBicmluZyB0aGVtIGJhY2sgaWYgZGVz aXJlZCwNCiBldmVuIHdpdGhpbiBhIG5vbi1ub3JtYXRpdmUgYXBwZW5kaXguPGJyIGNsYXNzPSIi Pg0KPGJyIGNsYXNzPSIiPg0KQXMgSSBmb2xsb3cgeW91ciBxdWVzdGlvbnMsIEkgd2lsbCB0cnkg bXkgYmVzdCB0byBhbnN3ZXIgYW5kIGNsYXJpZnkuPGJyIGNsYXNzPSIiPg0KPGJyIGNsYXNzPSIi Pg0KSSBhbSBub3Qgc3VyZSB3aGljaCDigJxidW5ueSB0cmFpbOKAnSB0b29rIHRoZSBjb252ZXJz YXRpb24gaGVyZSwgYnV0IHBlcmhhcHMgYSBjb3VwbGUgb2YgdG9wLXBvc3QgY2xhcmlmaWNhdGlv bnMgbWlnaHQgaGVscDo8YnIgY2xhc3M9IiI+DQo8YnIgY2xhc3M9IiI+DQoxLiDigJxPcmlnaW5h bCBQYWNrZXQvRnJhbWXigJ0gLSZndDsgdGhlIHRlcm1pbm9sb2d5IFBhY2tldC9GcmFtZSwgYXMg Y29tbW9ubHkgdXNlZCwgZGVub3RlcyBhbiBJUCBwYWNrZXQgb3IgYW4gRXRoZXJuZXQgZnJhbWUu PGJyIGNsYXNzPSIiPg0KMi4gVGhlIG91dGVyICZxdW90O1RyYW5zcG9ydCBFbmNhcHN1bGF0aW9u 4oCdIGRvZXMgKm5vdCogbWVhbiBUQ1AuIEl0IHVzZXMgdGhlIHdvcmQg4oCcVHJhbnNwb3J04oCd IGFzIHRyYW5zcG9ydCBwcm9maWxlLCBhbiBlbmNhcHN1bGF0aW9uIHRoYXQgdHJhbnNwb3J0cywg bm90IGFzIFRDUC4gR1JFIGlzIG9uZSBleGFtcGxlIG9mIGEgdHJhbnNwb3J0IGVuY2Fwc3VsYXRp b24sIG5vdCBUQ1AgYXMgYSDigJxMNCBUcmFuc3BvcnQgTGF5ZXIgcHJvdG9jb2zigJ0uPGJyIGNs YXNzPSIiPg0KPGJyIGNsYXNzPSIiPg0KSW4gcG9pbnQgIzIsIEdSRSBpcyB0aGUgVHJhbnNwb3J0 IHRoYXQgTlNIIHVzZXMgYmV0d2VlbiBTRkZzL1NGcy4gQW5kIGZ1cnRoZXIsIHNpbmNlIE5TSCBp cyBUcmFuc3BvcnQgRW5jYXBzdWxhdGlvbiBhZ25vc3RpYywgd2UgYXJlIHRhbGtpbmcgYWJvdXQg cG90ZW50aWFsbHkgYSBicm9hZCBzZXQgb2YgcHJvdG9jb2xz4oCmIEnigJlkIGVuY291cmFnZSB1 cyB0byBub3QgYXR0ZW1wdCB0byBjbGFzc2lmeSB0aGVtIGluIE9TSSBMYXllcnMuPGJyIGNsYXNz PSIiPg0KPGJyIGNsYXNzPSIiPg0KSSBjYW4gc2VlIHRoYXQgc29tZSBvZiB0aGlzIG1pZ2h0IG5v dCBiZSB0b3RhbGx5IGNsZWFyIGlmIHNjYW5uaW5nIHRocm91Z2ggdGhlIGRvY3VtZW50LCBidXQg aXQgaXMgY2xlYXIgZm9yIGFuIGltcGxlbWVudG9yLjxiciBjbGFzcz0iIj4NCjxiciBjbGFzcz0i Ij4NClNlZSBUYWJsZSAxIGFuZCBUYWJsZSAzIGZvciBleGFtcGxlcyAoVHJhbnNwb3J0IGNvbHVt bik8YnIgY2xhc3M9IiI+DQo8YnIgY2xhc3M9IiI+DQpJIGhvcGUgdGhpcyBoZWxwcyBzZXQgY2xh cmlmeWluZyBjb250ZXh0LCBzZWUgaW5saW5lIGZvciBtb3JlIHNwZWNpZmljIGRldGFpbHMuLi48 YnIgY2xhc3M9IiI+DQo8YnIgY2xhc3M9IiI+DQo8YmxvY2txdW90ZSB0eXBlPSJjaXRlIiBjbGFz cz0iIj5PbiBTZXAgMjAsIDIwMTcsIGF0IDExOjIxIEFNLCBLYXRobGVlbiBNb3JpYXJ0eSAmbHQ7 PGEgaHJlZj0ibWFpbHRvOkthdGhsZWVuLk1vcmlhcnR5LmlldGZAZ21haWwuY29tIiBjbGFzcz0i Ij5LYXRobGVlbi5Nb3JpYXJ0eS5pZXRmQGdtYWlsLmNvbTwvYT4mZ3Q7IHdyb3RlOjxiciBjbGFz cz0iIj4NCjxiciBjbGFzcz0iIj4NCkhpIENhcmxvcyw8YnIgY2xhc3M9IiI+DQo8YnIgY2xhc3M9 IiI+DQpJdCdzIGEgc3RhcnQsIGJ1dCBzaG91bGQgYmUgbW9yZSBzcGVjaWZpYy48YnIgY2xhc3M9 IiI+DQo8L2Jsb2NrcXVvdGU+DQo8YnIgY2xhc3M9IiI+DQpUaGUgc3BlY2lmaWNzIGFyZSBpbiB0 aGUgZG9jdW1lbnQsIGV2ZW4gZXhhbXBsZXMgYXMgcGVyIFRhYmxlcyAxIGFuZCAzLjxiciBjbGFz cz0iIj4NCjxiciBjbGFzcz0iIj4NCjxibG9ja3F1b3RlIHR5cGU9ImNpdGUiIGNsYXNzPSIiPldo YXQgYXJlIHRoZSBvcmlnaW5hbDxiciBjbGFzcz0iIj4NCnBhY2tldHMvZnJhbWUgLSBpcyB0aGlz IGxpbmsgbGF5ZXIgb3IgbmV0d29yayBvciBib3RoPzxiciBjbGFzcz0iIj4NCjwvYmxvY2txdW90 ZT4NCjxiciBjbGFzcz0iIj4NClRoZXNlIGFyZSB0aGUgcGFja2V0cyBvciBmcmFtZXMgaW5jb21p bmcgaW50byBhIGNsYXNzaWZpZXIsIG9yaWdpbmFsLCB0aGVuIE5TSCBpcyBpbXBvc2VkLCB0aGVu IGEgdHJhbnNwb3J0IGVuY2Fwc3VsYXRpb24gaXMgaW1wb3NlZC48YnIgY2xhc3M9IiI+DQo8YnIg Y2xhc3M9IiI+DQo8YmxvY2txdW90ZSB0eXBlPSJjaXRlIiBjbGFzcz0iIj5JdCBzZWVtcyBsaWtl PGJyIGNsYXNzPSIiPg0KYm90aCBmcm9tIHRoZSBkaWFncmFtLCBidXQgaXMgdGhhdCByZWFsbHkg dGhlIGNhc2U/PGJyIGNsYXNzPSIiPg0KPC9ibG9ja3F1b3RlPg0KPGJyIGNsYXNzPSIiPg0KWWVz LCBpdCBpcyBib3RoLiBSZWFsbHkgdGhlIGNhc2UuPGJyIGNsYXNzPSIiPg0KPGJyIGNsYXNzPSIi Pg0KPGJsb2NrcXVvdGUgdHlwZT0iY2l0ZSIgY2xhc3M9IiI+PGJyIGNsYXNzPSIiPg0KVGhlbiBm b3IgdGhlIHRyYW5zcG9ydCBlbmNhcHN1bGF0aW9uLCBpcyB0aGlzIGxheWVyIDMgb3IgND88YnIg Y2xhc3M9IiI+DQo8L2Jsb2NrcXVvdGU+DQo8YnIgY2xhc3M9IiI+DQpJIGJlbGlldmUgaXQgaXMg YSBzb3VyY2Ugb2YgaGVhZGFjaGUgYW5kIGNvbmZ1c2lvbiB0byB0aGluayBhYm91dCBPU0kgbGF5 ZXJz4oCmIHdoYXQgbGF5ZXIgaXMgSVAtaW4tSVA/IEFuZCBhbiBNUExTIFBzZXVkb3dpcmUgdHJh bnNwb3J0aW5nIEV0aGVybmV0PyBPciBhbiBJUHY2L0wyVFB2MyBwc2V1ZG93aXJlIHRyYW5zcG9y dGluZyBURE0/PGJyIGNsYXNzPSIiPg0KPGJyIGNsYXNzPSIiPg0KPGJsb2NrcXVvdGUgdHlwZT0i Y2l0ZSIgY2xhc3M9IiI+PGJyIGNsYXNzPSIiPg0KVGhlIHdvcmRpbmcgdGhhdCBwcmVjZWRlcyB0 aGlzIGlzIGEgYml0IGNvbmZ1c2luZyAoaGVyZSBmb3IgcmVmZXJlbmNlKTo8YnIgY2xhc3M9IiI+ DQo8YnIgY2xhc3M9IiI+DQombmJzcDtUaGUgTmV0d29yayBTZXJ2aWNlIEhlYWRlciAoTlNIKSBz cGVjaWZpY2F0aW9uIGRlZmluZXMgYSBuZXcgcHJvdG9jb2w8YnIgY2xhc3M9IiI+DQombmJzcDth bmQgYXNzb2NpYXRlZCBlbmNhcHN1bGF0aW9uIGZvciB0aGUgY3JlYXRpb24gb2YgZHluYW1pYyBz ZXJ2aWNlPGJyIGNsYXNzPSIiPg0KJm5ic3A7Y2hhaW5zLCBvcGVyYXRpbmcgYXQgdGhlIHNlcnZp Y2UgcGxhbmUuICZuYnNwO1RoZSBOU0ggaXMgZGVzaWduZWQgdG88YnIgY2xhc3M9IiI+DQombmJz cDtlbmNhcHN1bGF0ZSBhbiBvcmlnaW5hbCBwYWNrZXQgb3IgZnJhbWUsIGFuZCBpbiB0dXJuIGJl IGVuY2Fwc3VsYXRlZDxiciBjbGFzcz0iIj4NCiZuYnNwO2J5IGFuIG91dGVyIHRyYW5zcG9ydCAo d2hpY2ggaXMgdXNlZCB0byBkZWxpdmVyIHRoZSBOU0ggdG8gTlNILWF3YXJlPGJyIGNsYXNzPSIi Pg0KJm5ic3A7bmV0d29yayBlbGVtZW50cyksIGFzIHNob3duIGluIEZpZ3VyZSAxOjxiciBjbGFz cz0iIj4NCjwvYmxvY2txdW90ZT4NCjxiciBjbGFzcz0iIj4NCkRvZXMgdGhlIGV4cGxhbmF0aW9u IGFib3ZlIGhlbHA/IEkgYW0gbm90IHN1cmUgaG93IHRvIGJlc3QgYW5zd2Vy4oCmIGJlY2F1c2Ug SSBkbyBub3QgZmluZCBpdCBjb25mdXNpbmcuIFRoaXMgdGV4dCBpcyB0aGUgcmVzdWx0IG9mIHJl dmlld2VycyBhc2tpbmcgZm9yIGNsYXJpdHksIGFuZCB0aGVuIGFja25vd2xlZGdpbmcgdGhhdCB0 aGUgcGFyYWdyYXBoIGFib3ZlIGJyb3VnaHQgdGhhdCBjbGFyaXR5LjxiciBjbGFzcz0iIj4NCjxi ciBjbGFzcz0iIj4NCjxibG9ja3F1b3RlIHR5cGU9ImNpdGUiIGNsYXNzPSIiPjxiciBjbGFzcz0i Ij4NCk5vcm1hbGx5LCB0aGUgaGlnaGVyIGxheWVycyBhcmUgZW5jYXBzdWxhdGVkLDxiciBjbGFz cz0iIj4NCjwvYmxvY2txdW90ZT4NCjxiciBjbGFzcz0iIj4NCldoYXQgaXMgaGlnaGVyIGFuZCBs b3dlcj8gQW5kIGZvciB3aGF0IGRlZmluaXRpb24gb2Yg4oCcTm9ybWFsbHnigJ0/IFdoYXTigJlz IGEgVHVubmVsPzxiciBjbGFzcz0iIj4NCjxiciBjbGFzcz0iIj4NCjxibG9ja3F1b3RlIHR5cGU9 ImNpdGUiIGNsYXNzPSIiPmJ1dCB0aGlzIHdvcmRpbmc8YnIgY2xhc3M9IiI+DQpkZXNjcmliZXMg anVzdCB0aGUgb3Bwb3NpdGUuICZuYnNwO0l0IHNheXMgdGhlIHBhY2tldC9mcmFtZSBhdCBsYXll ciAyLzM8YnIgY2xhc3M9IiI+DQooanVzdCBnb2luZyBmcm9tIHRoZSBub3JtYWwgdXNlcyBvZiBw YWNrZXQgYW5kIGZyYW1lIHRvIGFzc3VtZSBsYXllcjxiciBjbGFzcz0iIj4NCjMvMikuPGJyIGNs YXNzPSIiPg0KPC9ibG9ja3F1b3RlPg0KPGJyIGNsYXNzPSIiPg0KQ29ycmVjdC4gSVAgcGFja2V0 LCBFdGhlcm5ldCBGcmFtZS48YnIgY2xhc3M9IiI+DQo8YnIgY2xhc3M9IiI+DQo8YmxvY2txdW90 ZSB0eXBlPSJjaXRlIiBjbGFzcz0iIj5OSFMgZW5jYXBzdWxhdGVzIHRoYXQsIGFuZCB0aGVuIGlz IGVuY2Fwc3VsYXRlZCBieSBhIHRyYW5zcG9ydDxiciBjbGFzcz0iIj4NCmxheWVyIDMvND88YnIg Y2xhc3M9IiI+DQo8L2Jsb2NrcXVvdGU+DQo8YnIgY2xhc3M9IiI+DQpOby48YnIgY2xhc3M9IiI+ DQo8YnIgY2xhc3M9IiI+DQpXaGVyZSBkb2VzIGl0IHNheSDigJxUcmFuc3BvcnQgTGF5ZXLigJ0/ PGJyIGNsYXNzPSIiPg0KPGJyIGNsYXNzPSIiPg0KTm90ZSB0aGF0IOKAnE5ldHdvcmsgVHJhbnNw b3J04oCdLCBhbmQg4oCcVHJhbnNwb3J0IEVuY2Fwc3VsYXRpb27igJ0gYXJlIHRlcm1zIGNvbWlu ZyBmcm9tIFJGQyA3NjY1LjxiciBjbGFzcz0iIj4NCjxiciBjbGFzcz0iIj4NCkFuZCB0byBiZSBj bGVhcjogbWFueSBSRkNzIHVzZSDigJxUcmFuc3BvcnQgRW5jYXBzdWxhdGlvbuKAnSBvciBhIHZh cmlhdGlvbiBvZiB0aGF0IChFbmNhcHN1bGF0aW9uIGZvciBUcmFuc3BvcnQsIFRyYW5zcG9ydC1p bmRlcGVuZGVudCBFbmNhcHN1bGF0aW9uLCBldGMuKTxiciBjbGFzcz0iIj4NCjxiciBjbGFzcz0i Ij4NClNlZSBUYWJsZSAxIGFuZCBUYWJsZSAzLCBUcmFuc3BvcnQgY29sdW1uLCBmb3IgZXhhbXBs ZXMuPGJyIGNsYXNzPSIiPg0KPGJyIGNsYXNzPSIiPg0KPGJyIGNsYXNzPSIiPg0KPGJsb2NrcXVv dGUgdHlwZT0iY2l0ZSIgY2xhc3M9IiI+SWYgeW91IGNhbiBjbGFyaWZ5IHRoaXMgdGV4dCBvciBt YWtlIGl0IGNsZWFyIHRoYXQgeW91PGJyIGNsYXNzPSIiPg0KcmVhbGx5IGludGVuZGVkIHRvIGRv IHRoaXMgb2RkIGVuY2Fwc3VsYXRpb24sIHRoYXQgd291bGQgaGVscCBhIGxvdC48YnIgY2xhc3M9 IiI+DQo8L2Jsb2NrcXVvdGU+DQo8YnIgY2xhc3M9IiI+DQpIb3BlZnVsbHkgbXkgZXhwbGFuYXRp b24gaGVscHMuPGJyIGNsYXNzPSIiPg0KPGJyIGNsYXNzPSIiPg0KPGJsb2NrcXVvdGUgdHlwZT0i Y2l0ZSIgY2xhc3M9IiI+VW5kZXJzdGFuZGluZyB0aGUgbGF5ZXJzIHRoaXMgYWxsIGhhcHBlbnMg YXQgaXMgdmVyeSBpbXBvcnRhbnQuICZuYnNwO0lmPGJyIGNsYXNzPSIiPg0KTlNIIGlzIHRoZSB0 cmlnZ2VyIGZvciB0aGUgbGF5ZXIgMy80IHRyYW5zcG9ydCwgaG93IGNhbiBzZWN1cml0eSBiZTxi ciBjbGFzcz0iIj4NCmFwcGxpZWQ/ICZuYnNwO09yIGlzIGl0IGFkZHJlc3NlZCBieSBhIHByaW9y IDMvNCBlbmNhcHN1bGF0aW9uIGJ5IHRoZTxiciBjbGFzcz0iIj4NCm9yaWdpbmFsIHBhY2tldC9m cmFtZT88YnIgY2xhc3M9IiI+DQo8YnIgY2xhc3M9IiI+DQpUaGFua3MsPGJyIGNsYXNzPSIiPg0K S2F0aGxlZW48YnIgY2xhc3M9IiI+DQo8YnIgY2xhc3M9IiI+DQo8L2Jsb2NrcXVvdGU+DQo8YnIg Y2xhc3M9IiI+DQo8YnIgY2xhc3M9IiI+DQrigJQ8YnIgY2xhc3M9IiI+DQpDYXJsb3MgUGlnbmF0 YXJvLCA8YSBocmVmPSJtYWlsdG86Y2FybG9zQGNpc2NvLmNvbSIgY2xhc3M9IiI+Y2FybG9zQGNp c2NvLmNvbTwvYT48YnIgY2xhc3M9IiI+DQo8YnIgY2xhc3M9IiI+DQo8YnIgY2xhc3M9IiI+DQo8 YmxvY2txdW90ZSB0eXBlPSJjaXRlIiBjbGFzcz0iIj48YnIgY2xhc3M9IiI+DQpPbiBUdWUsIFNl cCAxOSwgMjAxNyBhdCA0OjUzIFBNLCBDYXJsb3MgUGlnbmF0YXJvIChjcGlnbmF0YSk8YnIgY2xh c3M9IiI+DQombHQ7PGEgaHJlZj0ibWFpbHRvOmNwaWduYXRhQGNpc2NvLmNvbSIgY2xhc3M9IiI+ Y3BpZ25hdGFAY2lzY28uY29tPC9hPiZndDsgd3JvdGU6PGJyIGNsYXNzPSIiPg0KPGJsb2NrcXVv dGUgdHlwZT0iY2l0ZSIgY2xhc3M9IiI+SGksIEthdGhsZWVuLDxiciBjbGFzcz0iIj4NCjxiciBj bGFzcz0iIj4NClRoYW5rcyBmb3IgdGhlIGNsYXJpZmljYXRpb24uPGJyIGNsYXNzPSIiPg0KPGJy IGNsYXNzPSIiPg0KUmVnYXJkaW5nOjxiciBjbGFzcz0iIj4NCjxiciBjbGFzcz0iIj4NCmlzIHRo YXQgdGhlIGxheWVyaW5nIG5lZWRzIHRvIGJlIHNwZWNpZmljYWxseTxiciBjbGFzcz0iIj4NCnN0 YXRlZCB0byBjbGVhcmx5PGJyIGNsYXNzPSIiPg0KPGJyIGNsYXNzPSIiPg0KPGJyIGNsYXNzPSIi Pg0KTGlrZSB0aGlzPzxiciBjbGFzcz0iIj4NCjxhIGhyZWY9Imh0dHBzOi8vdG9vbHMuaWV0Zi5v cmcvaHRtbC9kcmFmdC1pZXRmLXNmYy1uc2gtMjEjc2VjdGlvbi0xIiBjbGFzcz0iIj5odHRwczov L3Rvb2xzLmlldGYub3JnL2h0bWwvZHJhZnQtaWV0Zi1zZmMtbnNoLTIxI3NlY3Rpb24tMTwvYT48 YnIgY2xhc3M9IiI+DQo8YnIgY2xhc3M9IiI+DQombmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJz cDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsm bmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmIzQzOy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLSYjNDM7PGJyIGNsYXNzPSIiPg0KJm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7 Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5i c3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7fCAmbmJzcDsmbmJzcDsmbmJzcDtUcmFuc3BvcnQg RW5jYXBzdWxhdGlvbiAmbmJzcDsmbmJzcDt8PGJyIGNsYXNzPSIiPg0KJm5ic3A7Jm5ic3A7Jm5i c3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7 Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7JiM0MzstLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0mIzQzOzxiciBjbGFzcz0iIj4NCiZuYnNwOyZuYnNwOyZuYnNw OyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZu YnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwO3wgTmV0d29yayBTZXJ2aWNl IEhlYWRlciAoTlNIKSB8PGJyIGNsYXNzPSIiPg0KJm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5i c3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7 Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7JiM0MzstLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0mIzQzOzxiciBjbGFzcz0iIj4NCiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNw OyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZu YnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwO3wgJm5ic3A7Jm5ic3A7Jm5ic3A7T3JpZ2luYWwg UGFja2V0IC8gRnJhbWUgJm5ic3A7Jm5ic3A7fDxiciBjbGFzcz0iIj4NCiZuYnNwOyZuYnNwOyZu YnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNw OyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyYjNDM7LS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tJiM0Mzs8YnIgY2xhc3M9IiI+DQo8YnIgY2xhc3M9IiI+DQom bmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJz cDsmbmJzcDsmbmJzcDtGaWd1cmUgMTogTmV0d29yayBTZXJ2aWNlIEhlYWRlciBFbmNhcHN1bGF0 aW9uPGJyIGNsYXNzPSIiPg0KPGJyIGNsYXNzPSIiPg0KSSB0aGluayBpZiB5b3UgbGFpZCB0aGlz IG91dDxiciBjbGFzcz0iIj4NCm5pY2VseSBhbmQgY2xlYXJseSBzaG93ZWQgd2hlcmUgdHJhbnNw b3J0IHNlY3VyaXR5IGlzIGFkZHJlc3NlZCBhdDxiciBjbGFzcz0iIj4NCmFub3RoZXIgbGF5ZXIg KG91dC1vZi1zY29wZSksIGl0IHdvdWxkIGdvIGEgbG9uZyB3YXkuPGJyIGNsYXNzPSIiPg0KPGJy IGNsYXNzPSIiPg0KPGJyIGNsYXNzPSIiPg0KSG9wZWZ1bGx5IHRoZSBhYm92ZSAoZXhpc3Rpbmcp IGZpZ3VyZSBhbmQgdGV4dCBpcyBjbGVhci4gSW4gdGhhdCBjYXNlOjxiciBjbGFzcz0iIj4NCjxi ciBjbGFzcz0iIj4NCk9uZSBpZGVhIGlzIHRvIGNhdGVnb3JpemUgdGhlIHBhcmFncmFwaHMgaW4g dGhlIFNlY3VyaXR5IENvbnNpZGVyYXRpb25zIHRvPGJyIGNsYXNzPSIiPg0KbWFrZSB0aG9zZSBy ZWxhdGlvbnMgbW9yZSBjbGVhci48YnIgY2xhc3M9IiI+DQo8YnIgY2xhc3M9IiI+DQrigJQ8YnIg Y2xhc3M9IiI+DQpDYXJsb3MgUGlnbmF0YXJvLjxiciBjbGFzcz0iIj4NCjxiciBjbGFzcz0iIj4N CjxiciBjbGFzcz0iIj4NCk9uIFNlcCAxOSwgMjAxNywgYXQgMzozOCBQTSwgS2F0aGxlZW4gTW9y aWFydHk8YnIgY2xhc3M9IiI+DQombHQ7PGEgaHJlZj0ibWFpbHRvOkthdGhsZWVuLk1vcmlhcnR5 LmlldGZAZ21haWwuY29tIiBjbGFzcz0iIj5LYXRobGVlbi5Nb3JpYXJ0eS5pZXRmQGdtYWlsLmNv bTwvYT4mZ3Q7IHdyb3RlOjxiciBjbGFzcz0iIj4NCjxiciBjbGFzcz0iIj4NClRoYW5rcyBmb3Ig dGhlIHJlc3BvbnNlcy4gJm5ic3A7SSdtIGdvaW5nIHRvIHRvcCBwb3N0IGFzIEkgdGhpbiB0aGUg bWFpbjxiciBjbGFzcz0iIj4NCnBvaW50IG9mIG15IHJldmlldyBpcyB0aGF0IHRoZSBsYXllcmlu ZyBuZWVkcyB0byBiZSBzcGVjaWZpY2FsbHk8YnIgY2xhc3M9IiI+DQpzdGF0ZWQgdG8gY2xlYXJs eSBzY29wZSB0aGUgcHJvYmxlbSBzcGFjZSBmb3IgTlNIIHNlY3VyaXR5PGJyIGNsYXNzPSIiPg0K Y29uc2lkZXJhdGlvbnMuICZuYnNwO1RoZSBkcmFmdCBhcy13cml0dGVuIGlzIG5vdCBjbGVhciBh bmQgYXMgYSByZXN1bHQsPGJyIGNsYXNzPSIiPg0Kc2VjdXJpdHkgcmV2aWV3cyBhcmUgdmVyeSBk aWZmaWN1bHQuICZuYnNwO0kgdGhpbmsgaWYgeW91IGxhaWQgdGhpcyBvdXQ8YnIgY2xhc3M9IiI+ DQpuaWNlbHkgYW5kIGNsZWFybHkgc2hvd2VkIHdoZXJlIHRyYW5zcG9ydCBzZWN1cml0eSBpcyBh ZGRyZXNzZWQgYXQ8YnIgY2xhc3M9IiI+DQphbm90aGVyIGxheWVyIChvdXQtb2Ytc2NvcGUpLCBp dCB3b3VsZCBnbyBhIGxvbmcgd2F5LiAmbmJzcDtBbHRob3VnaCB0aGU8YnIgY2xhc3M9IiI+DQpk cmFmdCBpbXByb3ZlZCBhIGJpdCBmcm9tIHRoZSBwcmV2aW91cyB2ZXJzaW9uLCBJIHRoaW5rIGEg Y2FyZWZ1bDxiciBjbGFzcz0iIj4NCnJldmlldyBhbmQgZWRpdCBwYXNzIHdvdWxkIGRvIGEgbG90 IG9mIGdvb2QsIHNwZWNpZmljYWxseSBhcm91bmQ8YnIgY2xhc3M9IiI+DQpjbGFyaXR5IG9mIHRo ZSBwcm9ibGVtIHNwYWNlIGFuZCBzb2x1dGlvbi4gJm5ic3A7VGhlIHF1ZXN0aW9ucyBJIGFza2Vk IHdlcmU8YnIgY2xhc3M9IiI+DQphIHJlc3VsdCBvZiBsYWNrIG9mIGNsYXJpdHkgaW4gdGhlIGRy YWZ0LjxiciBjbGFzcz0iIj4NCjxiciBjbGFzcz0iIj4NClRoYW5rcyw8YnIgY2xhc3M9IiI+DQpL YXRobGVlbjxiciBjbGFzcz0iIj4NCjxiciBjbGFzcz0iIj4NCk9uIFR1ZSwgU2VwIDE5LCAyMDE3 IGF0IDM6MjIgUE0sIFBhdWwgUXVpbm4gKHBhdWxxKSAmbHQ7PGEgaHJlZj0ibWFpbHRvOnBhdWxx QGNpc2NvLmNvbSIgY2xhc3M9IiI+cGF1bHFAY2lzY28uY29tPC9hPiZndDsgd3JvdGU6PGJyIGNs YXNzPSIiPg0KPGJyIGNsYXNzPSIiPg0KSGksPGJyIGNsYXNzPSIiPg0KPGJyIGNsYXNzPSIiPg0K VGhhbmsgeW91IGZvciB0aGUgcmV2aWV3LiAmbmJzcDtQbGVhc2Ugc2VlIHNvbWUgY29tbWVudHMg aW5saW5lIGJlbG93LjxiciBjbGFzcz0iIj4NCjxiciBjbGFzcz0iIj4NClBhdWw8YnIgY2xhc3M9 IiI+DQo8YnIgY2xhc3M9IiI+DQpPbiBTZXAgMTgsIDIwMTcsIGF0IDQ6MTUgUE0sIEthdGhsZWVu IE1vcmlhcnR5PGJyIGNsYXNzPSIiPg0KJmx0OzxhIGhyZWY9Im1haWx0bzprYXRobGVlbi5tb3Jp YXJ0eS5pZXRmQGdtYWlsLmNvbSIgY2xhc3M9IiI+a2F0aGxlZW4ubW9yaWFydHkuaWV0ZkBnbWFp bC5jb208L2E+Jmd0OyB3cm90ZTo8YnIgY2xhc3M9IiI+DQo8YnIgY2xhc3M9IiI+DQpIZWxsbyw8 YnIgY2xhc3M9IiI+DQo8YnIgY2xhc3M9IiI+DQpBdCBBbGlhJ3MgcmVxdWVzdCwgSSBkaWQgYW4g ZWFybHkgcmV2aWV3IG9mIGRyYWZ0LWlldGYtc2ZjLW5zaC4gJm5ic3A7SGVyZTxiciBjbGFzcz0i Ij4NCmFyZSBzb21lIGluaXRpYWwgY29tbWVudHMgYW5kIEkgbWF5IGhhdmUgbW9yZSB3aGVuIHRo ZSBkcmFmdCBpczxiciBjbGFzcz0iIj4NCnJldmlzZWQgYW5kIGlzIGluIGZvciBJRVNHIHJldmll dy4gJm5ic3A7SSBhcHByZWNpYXRlIHlvdXIgZWZmb3J0czxiciBjbGFzcz0iIj4NCmFkZHJlc3Np bmcgdGhlIGNvbW1lbnRzIHJlY2VpdmVkIHRvIGRhdGUuICZuYnNwO0kgaG9wZSB5b3UgZmluZCB0 aGVzZTxiciBjbGFzcz0iIj4NCnN1Z2dlc3Rpb25zIGFzIGhlbHBmdWwgaW1wcm92ZW1lbnRzIHRv IHRoZSBkb2N1bWVudCBhbmQgY2xhcml0eSBvZiBOU0g8YnIgY2xhc3M9IiI+DQpzZWN1cml0eSBj b25jZXJucy48YnIgY2xhc3M9IiI+DQo8YnIgY2xhc3M9IiI+DQo8YnIgY2xhc3M9IiI+DQpTZWN0 aW9uIDEgLTxiciBjbGFzcz0iIj4NCjxiciBjbGFzcz0iIj4NClRoZSBpbnRlbmRlZCBzY29wZSBp biB0aGUgaW50cm9kdWN0aW9uIHNob3VsZCBhbHNvIGluY2x1ZGUgbWVudGlvbiBvZjxiciBjbGFz cz0iIj4NCm11bHRpLXRlbmFuY3kuICZuYnNwO1RoaXMgY2hhbmdlcyB0aGUgc2VjdXJpdHkgcmVx dWlyZW1lbnRzIGFuZCBpcyB2ZXJ5PGJyIGNsYXNzPSIiPg0KaW1wb3J0YW50IHRvIG5vdGUuPGJy IGNsYXNzPSIiPg0KPGJyIGNsYXNzPSIiPg0KU2VjdGlvbiAxLjQgLTxiciBjbGFzcz0iIj4NCjxi ciBjbGFzcz0iIj4NCjUuICZuYnNwO1RyYW5zcG9ydCBBZ25vc3RpYzogVGhlIE5TSCBpcyBlbmNh cHN1bGF0aW9uLWluZGVwZW5kZW50LCBtZWFuaW5nPGJyIGNsYXNzPSIiPg0KJm5ic3A7Jm5ic3A7 Jm5ic3A7aXQgY2FuIGJlIHRyYW5zcG9ydGVkIGJ5IGEgdmFyaWV0eSBvZiBwcm90b2NvbHMuICZu YnNwO0FuIGFwcHJvcHJpYXRlPGJyIGNsYXNzPSIiPg0KJm5ic3A7Jm5ic3A7Jm5ic3A7KGZvciBh IGdpdmVuIGRlcGxveW1lbnQpIGVuY2Fwc3VsYXRpb24gcHJvdG9jb2wgY2FuIGJlIHVzZWQgdG88 YnIgY2xhc3M9IiI+DQombmJzcDsmbmJzcDsmbmJzcDtjYXJyeSBOU0gtZW5jYXBzdWxhdGVkIHRy YWZmaWMuICZuYnNwO1RoaXMgdHJhbnNwb3J0IG1heSBmb3JtIGFuPGJyIGNsYXNzPSIiPg0KJm5i c3A7Jm5ic3A7Jm5ic3A7b3ZlcmxheSBuZXR3b3JrIGFuZCBpZiBhbiBleGlzdGluZyBvdmVybGF5 IHRvcG9sb2d5IHByb3ZpZGVzIHRoZTxiciBjbGFzcz0iIj4NCiZuYnNwOyZuYnNwOyZuYnNwO3Jl cXVpcmVkIHNlcnZpY2UgcGF0aCBjb25uZWN0aXZpdHksIHRoYXQgZXhpc3Rpbmcgb3ZlcmxheSBt YXkgYmU8YnIgY2xhc3M9IiI+DQombmJzcDsmbmJzcDsmbmJzcDt1c2VkLjxiciBjbGFzcz0iIj4N CjxiciBjbGFzcz0iIj4NCklzIHRoZXJlIGEgcHJlZmVycmVkIHRyYW5zcG9ydCBzbyB5b3UgY291 bGQgc3BlY2lmeSBhIHJlY29tbWVuZGVkPGJyIGNsYXNzPSIiPg0KdHJhbnNwb3J0IHNlY3VyaXR5 IHByb3RvY29sPzxiciBjbGFzcz0iIj4NCjxiciBjbGFzcz0iIj4NCjxiciBjbGFzcz0iIj4NClBR Jmd0OyBUaGVyZSBpcyBub3QuICZuYnNwO0luIGZhY3QgYXQgdGhlIEFE4oCZcyByZXF1ZXN0IHNh bXBsZSB0cmFuc3BvcnRzIHdlcmU8YnIgY2xhc3M9IiI+DQpyZW1vdmVkIHRvIGVuc3VyZSB0aGF0 IHRoZXJlIHdhcyBubyBpbXBsaWVkIHByZWZlcmVuY2UuICZuYnNwO1RoZXJlZm9yZSwgYW48YnIg Y2xhc3M9IiI+DQpvcGVyYXRvciBjYW4gc2VsZWN0IHRoZWlyIHByZWZlcnJlZCB0cmFuc3BvcnRz LCBpbmNsdWRpbmcg4oCUIGFzIHBlciB0aGU8YnIgY2xhc3M9IiI+DQpzZWN1cml0eSBjb25zaWRl cmF0aW9ucyBzZWN0aW9uIOKAlCBvbmVzIHRoYXQgcHJvdmlkZSBlbmNyeXB0aW9uLjxiciBjbGFz cz0iIj4NCjxiciBjbGFzcz0iIj4NCjxiciBjbGFzcz0iIj4NClNlY3Rpb24gMiwgM3JkIHNlbnRl bmNlOjxiciBjbGFzcz0iIj4NClN1YnNlcXVlbnRseSwgYW48YnIgY2xhc3M9IiI+DQpvdXRlciBl bmNhcHN1bGF0aW9uIGlzIGltcG9zZWQgb24gdGhlIE5TSCwgd2hpY2ggaXMgdXNlZCBmb3IgbmV0 d29yazxiciBjbGFzcz0iIj4NCmZvcndhcmRpbmcuPGJyIGNsYXNzPSIiPg0KPGJyIGNsYXNzPSIi Pg0KS25vd2luZyBtb3JlIGFib3V0IHRoaXMgd291bGQgaGVscCB0byB1bmRlcnN0YW5kIG9wdGlv bnMgb3IgaWYgdGhlcmU8YnIgY2xhc3M9IiI+DQppcyBhbm90aGVyIGRyYWZ0IHRoYXQgYWRkcmVz c2VzIHRoaXMgb3V0ZXIgZW5jYXBzdWxhdGlvbiB0aGF0IGlzPGJyIGNsYXNzPSIiPg0KaW1wb3Nl ZCBhbmQgdGhlIHRyYW5zcG9ydCBzZWN1cml0eSByZXF1aXJlbWVudHMgdGhhdCBnbyBhbG9uZyB3 aXRoIGl0LjxiciBjbGFzcz0iIj4NCjxiciBjbGFzcz0iIj4NCjxiciBjbGFzcz0iIj4NClBRJmd0 OyBTaW5jZSBOU0ggZGVmaW5lcyBubyBwcmVmZXJyZWQgdHJhbnNwb3J0KHMpLCB0aGUgc2VjdXJp dHkgb2YgdGhlPGJyIGNsYXNzPSIiPg0Kc2VsZWN0ZWQgdHJhbnNwb3J0IGlzIGxlZnQgdG8gdGhl IHRyYW5zcG9ydCBzdGFuZGFyZC4gJm5ic3A7Jm5ic3A7U28sIGZvciBleGFtcGxlLCBpZjxiciBj bGFzcz0iIj4NCmFuIG9wZXJhdG9yIGVsZWN0cyB0byB1c2UgdGhlIE5WTzMgZGVmaW5lZCBwcm90 b2NvbCwgdGhlbiB0aGUgb3BlcmF0b3IgaGFzPGJyIGNsYXNzPSIiPg0KZXhwbGljaXRseSBzZWxl Y3RlZCB0aGF0IG92ZXJsYXkuPGJyIGNsYXNzPSIiPg0KPGJyIGNsYXNzPSIiPg0KPGJyIGNsYXNz PSIiPg0KVHJhbnNwb3J0IG1heSBiZSBob3AgdG8gaG9wLCBhbmQgdGhlcmUgbWlnaHQgbm90IGJl IGVuY3J5cHRpb24gb2YgdGhpczxiciBjbGFzcz0iIj4NCmhlYWRlciBpZiB0aGUgYXBwbGljYXRp b24gdXNlcyBhbiBlbmNyeXB0ZWQgdHJhbnNwb3J0IGVuY2Fwc3VsYXRlZCBpbjxiciBjbGFzcz0i Ij4NCnRoaXMgbGF5ZXIuICZuYnNwO0luIGFueSBjYXNlLCBpdCBzZWVtcyBpbnRlZ3JpdHkgcHJv dGVjdGlvbiBpcyBhPGJyIGNsYXNzPSIiPg0KcmVxdWlyZW1lbnQgZm9yIGEgbXVsdGktdGVuYW50 IGVudmlyb25tZW50LiAmbmJzcDtDb3VsZCB0aGUgQ09TRSBNQUM8YnIgY2xhc3M9IiI+DQpmdW5j dGlvbiBmaXQgdGhlIGJpbGwgc2luY2UgaXQgaXMgaW50ZW5kZWQgZm9yIGNvbmNpc2UgZm9ybWF0 cz88YnIgY2xhc3M9IiI+DQo8YSBocmVmPSJodHRwczovL2RhdGF0cmFja2VyLmlldGYub3JnL2Rv Yy9yZmM4MTUyIiBjbGFzcz0iIj5odHRwczovL2RhdGF0cmFja2VyLmlldGYub3JnL2RvYy9yZmM4 MTUyPC9hPjxiciBjbGFzcz0iIj4NCkpPU0UgcHJvZHVjZWQgYSBzaW1pbGFyIGZ1bmN0aW9uIHdp dGggSlNPTiwgYnV0IGl0IHdvdWxkIGJlIHNsaWdodGx5IGxhcmdlci48YnIgY2xhc3M9IiI+DQo8 YnIgY2xhc3M9IiI+DQpTZWN0aW9uIDcuMTo8YnIgY2xhc3M9IiI+DQo8YnIgY2xhc3M9IiI+DQpU aGUgZm9sbG93aW5nIHBhcmFncmFwaCBpbXBsaWVzIHRoYXQgYW55dGhpbmcgbGVzcyB0aGFuIGEg NS10dXBsZTxiciBjbGFzcz0iIj4NCmlzbuKAmXQgdXNlZnVsIGFuZCB0aGF0IHlvdSBpbnRlbmQg dG8gdXNlIHRyYWZmaWMgY29udGVudCB3aGVuPGJyIGNsYXNzPSIiPg0KYXZhaWxhYmxlLiAmbmJz cDtUaGlzIGlzIGNvbmNlcm5pbmcuICZuYnNwO0NhbuKAmXQgeW91IHVzZSBhIDItdHVwbGU/ICZu YnNwO1doYXQgaWY8YnIgY2xhc3M9IiI+DQpJUHNlYyB0cmFuc3BvcnQgbW9kZSB3ZXJlIGluIHVz ZSwgaXMgdGhpcyBzb2x1dGlvbiBkZWFkIGluIHRoZSB3YXRlcj88YnIgY2xhc3M9IiI+DQo8YnIg Y2xhc3M9IiI+DQpSZWdhcmRsZXNzIG9mIHRoZSBzb3VyY2UsIG1ldGFkYXRhIHJlZmxlY3RzIHRo ZSAmcXVvdDtyZXN1bHQmcXVvdDsgb2Y8YnIgY2xhc3M9IiI+DQpjbGFzc2lmaWNhdGlvbi4gJm5i c3A7VGhlIGdyYW51bGFyaXR5IG9mIGNsYXNzaWZpY2F0aW9uIG1heSB2YXJ5LiAmbmJzcDtGb3I8 YnIgY2xhc3M9IiI+DQpleGFtcGxlLCBhIG5ldHdvcmsgc3dpdGNoLCBhY3RpbmcgYXMgYSBjbGFz c2lmaWVyLCBtaWdodCBvbmx5IGJlIGFibGU8YnIgY2xhc3M9IiI+DQp0byBjbGFzc2lmeSBiYXNl ZCBvbiBhIDUtdHVwbGUsIHdoaWxlIGEgc2VydmljZSBmdW5jdGlvbiBtYXkgYmUgYWJsZTxiciBj bGFzcz0iIj4NCnRvIGluc3BlY3QgYXBwbGljYXRpb24gaW5mb3JtYXRpb24uICZuYnNwO1JlZ2Fy ZGxlc3Mgb2YgZ3JhbnVsYXJpdHksIHRoZTxiciBjbGFzcz0iIj4NCmNsYXNzaWZpY2F0aW9uIGlu Zm9ybWF0aW9uIGNhbiBiZSByZXByZXNlbnRlZCBpbiB0aGUgTlNILjxiciBjbGFzcz0iIj4NCjxi ciBjbGFzcz0iIj4NCklmIGEgMi10dXBsZSBpcyBwb3NzaWJsZSwgY291bGQgeW91IGFkZCB0aGF0 IGluIGFzIGFuIGV4YW1wbGUgaW5zdGVhZDxiciBjbGFzcz0iIj4NCm9mIG9yIGluIGFkZGl0aW9u IHRvIHRoZSA1LXR1cGxlPzxiciBjbGFzcz0iIj4NCjxiciBjbGFzcz0iIj4NCjxiciBjbGFzcz0i Ij4NClBRJmd0OyAmbmJzcDtUaGUgNS10dXBsZSB3YXMgdXNlZCBvbmx5IGFzIGFuIGV4YW1wbGUg dGhhdCBpcyBjb21tb25seSB1bmRlcnN0b29kIGluPGJyIGNsYXNzPSIiPg0KdGhlIGNvbnRleHQg b2YgbmV0d29yayBkZXZpY2UgY2xhc3NpZmljYXRpb24uICZuYnNwO1RoZSBzZW50ZW5jZTogJnF1 b3Q7VGhlPGJyIGNsYXNzPSIiPg0KZ3JhbnVsYXJpdHkgb2YgY2xhc3NpZmljYXRpb24gbWF5IHZh cnku4oCdIGFkZHJlc3NlcyAyLCAzLCA0LCBuLXR1cGxlPGJyIGNsYXNzPSIiPg0KY2xhc3NpZmlj YXRpb24uICZuYnNwO0Z1cnRoZXIsIHRoYXQgcG9pbnQgaXMgcmVpbmZvcmNlZDog4oCcUmVnYXJk bGVzcyBvZjxiciBjbGFzcz0iIj4NCmdyYW51bGFyaXR5LCB0aGUgY2xhc3NpZmljYXRpb24gaW5m b3JtYXRpb24gY2FuIGJlIHJlcHJlc2VudGVkIGluIHRoZSBOU0guJnF1b3Q7PGJyIGNsYXNzPSIi Pg0KPGJyIGNsYXNzPSIiPg0KPGJyIGNsYXNzPSIiPg0KPGJyIGNsYXNzPSIiPg0KPGJyIGNsYXNz PSIiPg0KU2VjdGlvbiA3LjE8YnIgY2xhc3M9IiI+DQo8YnIgY2xhc3M9IiI+DQpUaGlzIHRleHQg Y29tZXMgdG9vIGxhdGUgaW4gdGhlIGRyYWZ0IGFuZCBJIHJlY29tbWVuZCBtYWtpbmcgYSBjbGVh cjxiciBjbGFzcz0iIj4NCnN0YXRlbWVudCBpbiB0aGUgaW50cm9kdWN0aW9uIHRoYXQgc2Vzc2lv biBlbmNyeXB0aW9uIHRvIHByb3RlY3QgdGhlPGJyIGNsYXNzPSIiPg0KZGF0YSBpbiB0cmFuc2l0 IHJlbGllcyBvbiB0aGUgYXBwbGljYXRpb24vc2VydmljZSBzZW5kaW5nL3JlY2VpdmluZzxiciBj bGFzcz0iIj4NCnRoZSBkYXRhIGFuZCBub3QgdGhlIFNGQy4gJm5ic3A7SSBtYWRlIHRoaXMgcG9p bnQgcHJldmlvdXNseSBhbmQgYW0gZ2xhZCB0bzxiciBjbGFzcz0iIj4NCnNlZSBzb21lIHRleHQs IGJ1dCB0aGluayBpdCB3b3VsZCBiZSBtdWNoIGJldHRlciB0byBzdGF0ZSB0aGlzIGVhcmx5PGJy IGNsYXNzPSIiPg0KaW4gdGhlIGRyYWZ0LiAmbmJzcDtUb3VjaGluZyB1cG9uIHByb3RlY3Rpb25z IGZvciBkYXRhIHN0cmVhbXMgdmVyc3VzIG1ldGE8YnIgY2xhc3M9IiI+DQpkYXRhIHdvdWxkIGJv dGggYmUgaW1wb3J0YW50IChsYXllcnMgZm9yIHRyYWZmaWMgYW5kIGFzc29jaWF0ZWQ8YnIgY2xh c3M9IiI+DQpwcm90ZWN0aW9ucykuICZuYnNwO0lmIGl04oCZcyBtZXRhIGRhdGEsIGRvIHRoZXkg bmVlZCB0byByZWx5IG9uIElQc2VjIGFuZDxiciBjbGFzcz0iIj4NCmhhdmluZyBhIDItdHVwbGUg YmUgdGhlIG1pbmltdW0/ICZuYnNwO1doZW4gaXMgdGhhdCBhcHBsaWVkPyAmbmJzcDtJcyB0aGVy ZSBtZXRhPGJyIGNsYXNzPSIiPg0KZGF0YSB0aGF0IGNvdWxkIGJlIHNlbnNpdGl2ZSBpZiBUTFMg d2FzIGluIHBsYWNlIGFuZCBhIDUtdHVwbGUgaXM8YnIgY2xhc3M9IiI+DQp2aXNpYmxlIChwZXJo YXBzIHRoZSBleGlzdGVuY2Ugb2YgY29tbXVuaWNhdGlvbiBpcyBzZW5zaXRpdmUpLiAmbmJzcDtB cmU8YnIgY2xhc3M9IiI+DQp0aGVyZSBvdGhlciBjb25zaWRlcmF0aW9ucyBmb3IgbWV0YWRhdGEg YW5kIGRhdGEgdGhhdCBuZWVkIHRvIGJlPGJyIGNsYXNzPSIiPg0Kc3RhdGVkIHVwIGZyb250IGFu ZCBwdXQgb3V0LW9mLXNjb3BlIGZvciBTRkM/ICZuYnNwO0nigJltIGFza2luZyB0aGVzZTxiciBj bGFzcz0iIj4NCnF1ZXN0aW9ucyBhcyBwcm92aWRpbmcgdGhlc2UgYW5zd2VycyBjb3VsZCBzaG93 IHRoYXQgdGhlIHJpc2sgaXM8YnIgY2xhc3M9IiI+DQpjb25zdHJhaW5lZC48YnIgY2xhc3M9IiI+ DQo8YnIgY2xhc3M9IiI+DQpEZXBlbmRpbmcgb24gdGhlIGluZm9ybWF0aW9uIGNhcnJpZWQgaW4g dGhlIG1ldGFkYXRhLCBkYXRhIHByaXZhY3k8YnIgY2xhc3M9IiI+DQpjb25zaWRlcmF0aW9ucyBt YXkgbmVlZCB0byBiZSBjb25zaWRlcmVkLiAmbmJzcDtGb3IgZXhhbXBsZSwgaWYgdGhlPGJyIGNs YXNzPSIiPg0KbWV0YWRhdGEgY29udmV5cyB0ZW5hbnQgaW5mb3JtYXRpb24sIHRoYXQgaW5mb3Jt YXRpb24gbWF5IG5lZWQgdG8gYmU8YnIgY2xhc3M9IiI+DQphdXRoZW50aWNhdGVkIGFuZC9vciBl bmNyeXB0ZWQgYmV0d2VlbiB0aGUgb3JpZ2luYXRvciBhbmQgdGhlPGJyIGNsYXNzPSIiPg0KaW50 ZW5kZWQgcmVjaXBpZW50cyAod2hpY2ggbWF5IGluY2x1ZGUgaW50ZW5kZWQgU0ZzIG9ubHkpLiAm bmJzcDtUaGUgTlNIPGJyIGNsYXNzPSIiPg0KaXRzZWxmIGRvZXMgbm90IHByb3ZpZGUgcHJpdmFj eSBmdW5jdGlvbnMsIHJhdGhlciBpdCByZWxpZXMgb24gdGhlPGJyIGNsYXNzPSIiPg0KdHJhbnNw b3J0L292ZXJsYXkgbGF5ZXIuICZuYnNwO0FuIG9wZXJhdG9yIGNhbiBzZWxlY3QgdGhlIGFwcHJv cHJpYXRlPGJyIGNsYXNzPSIiPg0KdHJhbnNwb3J0IHRvIGVuc3VyZSBjb25maWRlbnRpYWxpdHkg KGFuZCBvdGhlciBzZWN1cml0eSk8YnIgY2xhc3M9IiI+DQpjb25zaWRlcmF0aW9ucyBhcmUgbWV0 LiAmbmJzcDtNZXRhZGF0YSBwcml2YWN5IGFuZCBzZWN1cml0eSBjb25zaWRlcmF0aW9uczxiciBj bGFzcz0iIj4NCmFyZSBhIG1hdHRlciBmb3IgdGhlIGRvY3VtZW50cyB0aGF0IGRlZmluZSBtZXRh ZGF0YSBmb3JtYXQuPGJyIGNsYXNzPSIiPg0KPGJyIGNsYXNzPSIiPg0KPGJyIGNsYXNzPSIiPg0K PGJyIGNsYXNzPSIiPg0KUFEmZ3Q7ICZuYnNwO0FyZSB5b3Ugc3VnZ2VzdGluZyB0aGF0IGFwcGxp Y2F0aW9uIGxheWVyIGNvbmZpZGVudGlhbGx5IGJlIGFkZHJlc3NlZDxiciBjbGFzcz0iIj4NCmlu IHRoaXMgZHJhZnQ/ICZuYnNwOyZuYnNwO05TSCDigJxwbGF5cyBuaWNlbHnigJ0gd2l0aCBzdGFu ZGFyZCBlbmNyeXB0aW9uIHRyYW5zcG9ydHMsPGJyIGNsYXNzPSIiPg0KdGhlcmVmb3JlIGFsbG93 aW5nIG9wZXJhdG9ycyB0byDigJxzZWN1cmXigJ0gdGhlIHBhdGguICZuYnNwO0dvaW5nIHVwIHRo ZSBzdGFjayBmcm9tPGJyIGNsYXNzPSIiPg0KdGhhdCBzZWVtcyB0byBiZSBvdXRzaWRlIHRoZSBz Y29wZSBvZiBOU0ggYW5kIGluY29uc2lzdGVudCB3aXRoIG90aGVyPGJyIGNsYXNzPSIiPg0KcHJv dG9jb2wgcmVxdWlyZW1lbnRzLjxiciBjbGFzcz0iIj4NCjxiciBjbGFzcz0iIj4NCjxiciBjbGFz cz0iIj4NCk90aGVyIGNvbW1lbnRzOjxiciBjbGFzcz0iIj4NCjxiciBjbGFzcz0iIj4NCknigJlk IGxpa2UgdG8gc2VlOzxiciBjbGFzcz0iIj4NCmh0dHBzOi8vdG9vbHMuaWV0Zi5vcmcvaHRtbC9k cmFmdC1tZ2x0LXNmYy1zZWN1cml0eS1lbnZpcm9ubWVudC1yZXEtMDI8YnIgY2xhc3M9IiI+DQpQ dWJsaXNoZWQgYmVmb3JlIHRoaXMgZG9jdW1lbnQgYW5kIHRoZW4gaGF2ZSB0aGF0IGFzIGEgcmVm ZXJlbmNlLiAmbmJzcDtPbmU8YnIgY2xhc3M9IiI+DQpvZiB0aGUgY29tbWVudHMgSSBtYWRlIHBy ZXZpb3VzbHkgd2FzIHRvIGxpc3Qgb3V0IHRoZSBsYXllcmluZyBhbmQ8YnIgY2xhc3M9IiI+DQpw cm90ZWN0aW9ucyBleHBlY3RlZCBvbiBkYXRhIGFuZCBOU0guICZuYnNwO1RoaXMgaGFzIGJlZW4g ZG9uZSBpbiB0aGU8YnIgY2xhc3M9IiI+DQpzZWN1cml0eSBlbnZpcm9ubWVudCBkcmFmdCwgc2Vj dGlvbiA0IHNob3VsZCBiZSByZWZlcmVuY2VkOjxiciBjbGFzcz0iIj4NCjxiciBjbGFzcz0iIj4N ClNlY3Rpb24gNCBwcm92aWRlcyBhbiBvdmVyYWxsIGRlc2NyaXB0aW9uIG9mIHRoZSBTRkMgZW52 aXJvbm1lbnQgd2l0aDxiciBjbGFzcz0iIj4NCnRoZSBpbnRyb2R1Y3Rpb24gb2YgdGhlIGRpZmZl cmVudCBwbGFuZXMgKFNGQyBDb250cm9sIFBsYW5lLCB0aGUgU0ZDPGJyIGNsYXNzPSIiPg0KTWFu YWdlbWVudCBQbGFuZSwgdGhlIFRlbmFudCdzIHVzZXIgUGxhbmUgYW5kIHRoZSBTRkMgRGF0YSBQ bGFuZSkuPGJyIGNsYXNzPSIiPg0KPGJyIGNsYXNzPSIiPg0KPGJyIGNsYXNzPSIiPg0KPGJyIGNs YXNzPSIiPg0KUFEmZ3Q7ICZuYnNwO0FzIEkgbWVudGlvbmVkIG9uIGFub3RoZXIgdGhyZWFkOiBh IHNlY3VyZSBlbnZpcm9ubWVudCBkcmFmdCBpcyBub3Q8YnIgY2xhc3M9IiI+DQpyZWxhdGVkIHRv IE5TSCBwZXIgc2UuPGJyIGNsYXNzPSIiPg0KPGJyIGNsYXNzPSIiPg0KPGJyIGNsYXNzPSIiPg0K PGJyIGNsYXNzPSIiPg0KPGJyIGNsYXNzPSIiPg0KVGhpcyBpcyBhIHZlcnkgaW1wb3J0YW50IHBv aW50IGZvciBhbnlvbmUgcmV2aWV3aW5nIGZvciBzZWN1cml0eSBhczxiciBjbGFzcz0iIj4NCmFy ZSB0aGUgZW52aXJvbm1lbnQgc2VjdXJpdHkgcmVxdWlyZW1lbnRzLiAmbmJzcDtUaGUgc2VjdXJp dHkgZW52aXJvbm1lbnQ8YnIgY2xhc3M9IiI+DQpyZXF1aXJlbWVudHMgZHJhZnQgc3RpbGwgbmVl ZHMgYSBsaXR0bGUgbW9yZSB3b3JrIGZyb20gYSBxdWljayByZWFkLDxiciBjbGFzcz0iIj4NCmJ1 dCBoZWxwcyBhIGxvdC4gJm5ic3A7SSBuZWVkIHRvIGZpbmlzaCByZWFkaW5nIHRoZSBzZWN1cml0 eSBlbnZpcm9ubWVudDxiciBjbGFzcz0iIj4NCmRyYWZ0LjxiciBjbGFzcz0iIj4NCjxiciBjbGFz cz0iIj4NCi0tPGJyIGNsYXNzPSIiPg0KPGJyIGNsYXNzPSIiPg0KQmVzdCByZWdhcmRzLDxiciBj bGFzcz0iIj4NCkthdGhsZWVuPGJyIGNsYXNzPSIiPg0KPGJyIGNsYXNzPSIiPg0KX19fX19fX19f X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX188YnIgY2xhc3M9IiI+DQpzZmMg bWFpbGluZyBsaXN0PGJyIGNsYXNzPSIiPg0Kc2ZjQGlldGYub3JnPGJyIGNsYXNzPSIiPg0KaHR0 cHM6Ly93d3cuaWV0Zi5vcmcvbWFpbG1hbi9saXN0aW5mby9zZmM8YnIgY2xhc3M9IiI+DQo8YnIg Y2xhc3M9IiI+DQo8YnIgY2xhc3M9IiI+DQo8YnIgY2xhc3M9IiI+DQo8YnIgY2xhc3M9IiI+DQo8 YnIgY2xhc3M9IiI+DQotLTxiciBjbGFzcz0iIj4NCjxiciBjbGFzcz0iIj4NCkJlc3QgcmVnYXJk cyw8YnIgY2xhc3M9IiI+DQpLYXRobGVlbjxiciBjbGFzcz0iIj4NCjxiciBjbGFzcz0iIj4NCl9f X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fPGJyIGNsYXNzPSIi Pg0Kc2ZjIG1haWxpbmcgbGlzdDxiciBjbGFzcz0iIj4NCnNmY0BpZXRmLm9yZzxiciBjbGFzcz0i Ij4NCmh0dHBzOi8vd3d3LmlldGYub3JnL21haWxtYW4vbGlzdGluZm8vc2ZjPGJyIGNsYXNzPSIi Pg0KPGJyIGNsYXNzPSIiPg0KPGJyIGNsYXNzPSIiPg0KPC9ibG9ja3F1b3RlPg0KPGJyIGNsYXNz PSIiPg0KPGJyIGNsYXNzPSIiPg0KPGJyIGNsYXNzPSIiPg0KLS08YnIgY2xhc3M9IiI+DQo8YnIg Y2xhc3M9IiI+DQpCZXN0IHJlZ2FyZHMsPGJyIGNsYXNzPSIiPg0KS2F0aGxlZW48YnIgY2xhc3M9 IiI+DQo8L2Jsb2NrcXVvdGU+DQo8YnIgY2xhc3M9IiI+DQo8L2Jsb2NrcXVvdGU+DQo8YnIgY2xh c3M9IiI+DQo8YnIgY2xhc3M9IiI+DQo8YnIgY2xhc3M9IiI+DQotLSA8YnIgY2xhc3M9IiI+DQo8 YnIgY2xhc3M9IiI+DQpCZXN0IHJlZ2FyZHMsPGJyIGNsYXNzPSIiPg0KS2F0aGxlZW48YnIgY2xh c3M9IiI+DQo8L2Rpdj4NCjwvZGl2Pg0KPC9ibG9ja3F1b3RlPg0KPC9kaXY+DQo8YnIgY2xhc3M9 IiI+DQo8L2Rpdj4NCjwvZGl2Pg0KPC9ib2R5Pg0KPC9odG1sPg0K --_000_CD89AF2629BC412F891A7828BFED1C70ciscocom_-- From nobody Wed Sep 20 09:38:33 2017 Return-Path: X-Original-To: sfc@ietfa.amsl.com Delivered-To: sfc@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CE6A013202D for ; Wed, 20 Sep 2017 09:38:31 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.221 X-Spam-Level: X-Spam-Status: No, score=-4.221 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fAdoEjWFog5Y for ; Wed, 20 Sep 2017 09:38:29 -0700 (PDT) Received: from lhrrgout.huawei.com (lhrrgout.huawei.com [194.213.3.17]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 04B841330B3 for ; Wed, 20 Sep 2017 09:38:27 -0700 (PDT) Received: from 172.18.7.190 (EHLO lhreml704-cah.china.huawei.com) ([172.18.7.190]) by lhrrg02-dlp.huawei.com (MOS 4.3.7-GA FastPath queued) with ESMTP id DOZ42057; Wed, 20 Sep 2017 16:38:26 +0000 (GMT) Received: from SJCEML702-CHM.china.huawei.com (10.208.112.38) by lhreml704-cah.china.huawei.com (10.201.108.45) with Microsoft SMTP Server (TLS) id 14.3.301.0; Wed, 20 Sep 2017 17:38:25 +0100 Received: from SJCEML701-CHM.china.huawei.com ([169.254.3.215]) by SJCEML702-CHM.china.huawei.com ([169.254.4.207]) with mapi id 14.03.0301.000; Wed, 20 Sep 2017 09:38:20 -0700 From: James N Guichard To: Kathleen Moriarty , "Carlos Pignataro (cpignata)" CC: "Paul Quinn (paulq)" , "sfc@ietf.org" Thread-Topic: [sfc] Early review draft-ietf-sfc-nsh Thread-Index: AQHTMLsbRau/r9AAcUuIcpK3SEbYOaK9DSmAgAAEeICAABTtgIABNZkAgAAKhgCAAAZ5AP//jLGA Date: Wed, 20 Sep 2017 16:38:20 +0000 Message-ID: References: <6971D34B-DC0E-4C3E-B412-3C2F8FAE5704@cisco.com> <43ED911F-2174-4930-A9BE-1B2A81CD03E9@cisco.com> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.47.147.116] Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-CFilter-Loop: Reflected X-Mirapoint-Virus-RAPID-Raw: score=unknown(0), refid=str=0001.0A090205.59C29982.00AA, ss=1, re=0.000, recu=0.000, reip=0.000, cl=1, cld=1, fgs=0, ip=169.254.3.215, so=2013-06-18 04:22:30, dmn=2013-03-21 17:37:32 X-Mirapoint-Loop-Id: 28f6b99ee3e317eaac66537eeb35732c Archived-At: Subject: Re: [sfc] Early review draft-ietf-sfc-nsh X-BeenThere: sfc@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Network Service Chaining List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 Sep 2017 16:38:32 -0000 SGkgS2F0aGxlZW4sDQoNCkkgYW0gbm90IHF1aXRlIGNsZWFyIGFzIHRvIGV4YWN0bHkgd2hhdCBp cyBjb25mdXNpbmcgd2l0aCB0aGUgZXhpc3RpbmcgdGV4dCAoLTIxIHZlcnNpb24pLiBRdW90aW5n IGZyb20gc2VjdGlvbiAxOg0KDQogICBUaGUgTmV0d29yayBTZXJ2aWNlIEhlYWRlciAoTlNIKSBz cGVjaWZpY2F0aW9uIGRlZmluZXMgYSBuZXcgcHJvdG9jb2wNCiAgIGFuZCBhc3NvY2lhdGVkIGVu Y2Fwc3VsYXRpb24gZm9yIHRoZSBjcmVhdGlvbiBvZiBkeW5hbWljIHNlcnZpY2UNCiAgIGNoYWlu cywgb3BlcmF0aW5nIGF0IHRoZSBzZXJ2aWNlIHBsYW5lLiAgVGhlIE5TSCBpcyBkZXNpZ25lZCB0 bw0KICAgZW5jYXBzdWxhdGUgYW4gb3JpZ2luYWwgcGFja2V0IG9yIGZyYW1lLCBhbmQgaW4gdHVy biBiZSBlbmNhcHN1bGF0ZWQNCiAgIGJ5IGFuIG91dGVyIHRyYW5zcG9ydCAod2hpY2ggaXMgdXNl ZCB0byBkZWxpdmVyIHRoZSBOU0ggdG8gTlNILWF3YXJlDQogICBuZXR3b3JrIGVsZW1lbnRzKSwg YXMgc2hvd24gaW4gRmlndXJlIDE6DQoNCiAgICAgICAgICAgICAgICAgICAgICstLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0rDQogICAgICAgICAgICAgICAgICAgICB8ICAgIFRyYW5zcG9y dCBFbmNhcHN1bGF0aW9uICAgfA0KICAgICAgICAgICAgICAgICAgICAgKy0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLSsNCiAgICAgICAgICAgICAgICAgICAgIHwgTmV0d29yayBTZXJ2aWNl IEhlYWRlciAoTlNIKSB8DQogICAgICAgICAgICAgICAgICAgICArLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tKw0KICAgICAgICAgICAgICAgICAgICAgfCAgICBPcmlnaW5hbCBQYWNrZXQg LyBGcmFtZSAgIHwNCiAgICAgICAgICAgICAgICAgICAgICstLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0rDQoNCiAgICAgICAgICAgICAgRmlndXJlIDE6IE5ldHdvcmsgU2VydmljZSBIZWFk ZXIgRW5jYXBzdWxhdGlvbg0KDQpUaGlzIHN0YXRlcyB0aGF0IHRoZSBOU0ggaXMgZGVzaWduZWQg dG8gZW5jYXBzdWxhdGUgdGhlIG9yaWdpbmFsIHBhY2tldC9mcmFtZSAocmVhZCBJUCBwYWNrZXQg b3IgRXRoZXJuZXQgZnJhbWUpIGFuZCB0aGVuIGluIHR1cm4gYmUgY2FycmllZCBieSBhbiBvdXRl ciB0cmFuc3BvcnQuIFRoZSBmaWd1cmUgY2xlYXJseSBzaG93cyB0aGF0IHRoZSBvdXRlciB0cmFu c3BvcnQgaW4gdGhpcyBjb250ZXh0IGlzICJUcmFuc3BvcnQgRW5jYXBzdWxhdGlvbiIuIFRoZSBk cmFmdCB0aGVuIGdvZXMgb24gdG8gZGVzY3JpYmUgd2hhdCBOU0ggaXMgYW5kIHRoZW4gaW4gc2Vj dGlvbiA0IG1vcmUgZGV0YWlsIGlzIHByb3ZpZGVkIG9uIHRoZSB0cmFuc3BvcnQgZW5jYXBzdWxh dGlvbi4gTm93IHJlYWRpbmcgc2VjdGlvbiA0IGl0IHN0YXJ0cyBieSBzYXlpbmc6DQoNCk9uY2Ug dGhlIE5TSCBpcyBhZGRlZCB0byBhIHBhY2tldCwgYW4gb3V0ZXIgZW5jYXBzdWxhdGlvbiBpcyB1 c2VkIHRvDQogICBmb3J3YXJkIHRoZSBvcmlnaW5hbCBwYWNrZXQgYW5kIHRoZSBhc3NvY2lhdGVk IG1ldGFkYXRhIHRvIHRoZSBzdGFydA0KICAgb2YgYSBzZXJ2aWNlIGNoYWluLg0KDQpJcyB0aGUg Y29uZnVzaW9uIGNhdXNlZCBieSBzZWN0aW9uIDEgJiA0IHRleHQgc2F5aW5nICJvdXRlciBlbmNh cHN1bGF0aW9uIiBvciAib3V0ZXIgdHJhbnNwb3J0IiByYXRoZXIgdGhhbiAiVHJhbnNwb3J0IEVu Y2Fwc3VsYXRpb24iID8gSWYgc28gdGhhdCBpcyBlYXNpbHkgZml4ZWQgOi0pDQoNClRoYW5rcyEN Cg0KSmltDQoNCi0tLS0tT3JpZ2luYWwgTWVzc2FnZS0tLS0tDQpGcm9tOiBzZmMgW21haWx0bzpz ZmMtYm91bmNlc0BpZXRmLm9yZ10gT24gQmVoYWxmIE9mIEthdGhsZWVuIE1vcmlhcnR5DQpTZW50 OiBXZWRuZXNkYXksIFNlcHRlbWJlciAyMCwgMjAxNyAxMjoyMiBQTQ0KVG86IENhcmxvcyBQaWdu YXRhcm8gKGNwaWduYXRhKSA8Y3BpZ25hdGFAY2lzY28uY29tPg0KQ2M6IFBhdWwgUXVpbm4gKHBh dWxxKSA8cGF1bHFAY2lzY28uY29tPjsgc2ZjQGlldGYub3JnDQpTdWJqZWN0OiBSZTogW3NmY10g RWFybHkgcmV2aWV3IGRyYWZ0LWlldGYtc2ZjLW5zaA0KDQpIaSBDYXJsb3MsDQoNClBsZWFzZSBs b29rIGF0IHRoZSB0ZXh0IGluIHRoZSBjdXJyZW50IGRvY3VtZW50LiAgSXQgb25seSBzYXlzIHRy YW5zcG9ydCBpbiB0aGUgdGV4dCBJIHF1b3RlZC4gIFRoZSBkaWFncmFtIGFsc28gb25seSBzYXlz IHRyYW5zcG9ydC4NCkRyYWZ0cyBuZWVkIHRvIGJlIGNsZWFybHkgd3JpdHRlbiB0byBiZSBicm9h ZGx5IHVuZGVyc3Rvb2QgYW5kIHRoZSB3YXkgdGhlIHRleHQgaXMgbm93LCBpdCBpcyBub3QuICBJ IHRoaW5rIGNsZWFuaW5nIGl0IHVwIGEgYml0IHdpbGwgbGlmdCBzb21lIG9mIHRoZSBzZWN1cml0 eSBjb25jZXJucyBhcyBzb21lIGFyZSBhZGRyZXNzZWQgcHJpb3IgdG8gTlNIIHNlZWluZyB0aGUg SVAgcGFja2V0IG9yIGZyYW1lLg0KDQpZb3VyIHJlc3BvbnNlIGhlbHBzLCBidXQgcGxlYXNlIHRh a2UgdGhlIHRpbWUgdG8gbG9vayB0aHJvdWdoIHRoZSBkb2N1bWVudCB0byBzZWUgaG93IGl0IGNh biBiZSBjbGFyaWZpZWQgc28gb25lIGRvZXMgbm90IGhhdmUgdGhlIHF1ZXN0aW9ucyBJIGFuZCBv dGhlcnMgaGF2ZSByYWlzZWQuDQoNClRoYW5rIHlvdSwNCkthdGhsZWVuDQoNCk9uIFdlZCwgU2Vw IDIwLCAyMDE3IGF0IDExOjU5IEFNLCBDYXJsb3MgUGlnbmF0YXJvIChjcGlnbmF0YSkgPGNwaWdu YXRhQGNpc2NvLmNvbT4gd3JvdGU6DQo+IEhpLCBLYXRobGVlbiwNCj4NCj4gVGhhbmsgeW91IGZv ciBhc2tpbmcgZXhwbGljaXRseS4gVGhpcyBkb2N1bWVudCB1c2VkIHRvIGhhdmUgZXhwbGljaXQg 4oCcTlNIIEVuY2Fwc3VsYXRpb24gRXhhbXBsZXPigJ0sIGJ1dCB3ZXJlIHRha2VuIG91dCAoYXQg dGhlIEFE4oCZcyByZXF1ZXN0KSBiYXNlZCBvbiB0aGUgYXJndW1lbnQgdGhhdCDigJxldmVyeW9u ZSB3b3VsZCBsaWtlIHRvIGhhdmUgdGhlaXIgZW5jYXBzdWxhdGlvbuKAnS4gV2UgY2FuIGFsd2F5 cyBicmluZyB0aGVtIGJhY2sgaWYgZGVzaXJlZCwgZXZlbiB3aXRoaW4gYSBub24tbm9ybWF0aXZl IGFwcGVuZGl4Lg0KPg0KPiBBcyBJIGZvbGxvdyB5b3VyIHF1ZXN0aW9ucywgSSB3aWxsIHRyeSBt eSBiZXN0IHRvIGFuc3dlciBhbmQgY2xhcmlmeS4NCj4NCj4gSSBhbSBub3Qgc3VyZSB3aGljaCDi gJxidW5ueSB0cmFpbOKAnSB0b29rIHRoZSBjb252ZXJzYXRpb24gaGVyZSwgYnV0IHBlcmhhcHMg YSBjb3VwbGUgb2YgdG9wLXBvc3QgY2xhcmlmaWNhdGlvbnMgbWlnaHQgaGVscDoNCj4NCj4gMS4g 4oCcT3JpZ2luYWwgUGFja2V0L0ZyYW1l4oCdIC0+IHRoZSB0ZXJtaW5vbG9neSBQYWNrZXQvRnJh bWUsIGFzIGNvbW1vbmx5IHVzZWQsIGRlbm90ZXMgYW4gSVAgcGFja2V0IG9yIGFuIEV0aGVybmV0 IGZyYW1lLg0KPiAyLiBUaGUgb3V0ZXIgIlRyYW5zcG9ydCBFbmNhcHN1bGF0aW9u4oCdIGRvZXMg Km5vdCogbWVhbiBUQ1AuIEl0IHVzZXMgdGhlIHdvcmQg4oCcVHJhbnNwb3J04oCdIGFzIHRyYW5z cG9ydCBwcm9maWxlLCBhbiBlbmNhcHN1bGF0aW9uIHRoYXQgdHJhbnNwb3J0cywgbm90IGFzIFRD UC4gR1JFIGlzIG9uZSBleGFtcGxlIG9mIGEgdHJhbnNwb3J0IGVuY2Fwc3VsYXRpb24sIG5vdCBU Q1AgYXMgYSDigJxMNCBUcmFuc3BvcnQgTGF5ZXIgcHJvdG9jb2zigJ0uDQo+DQo+IEluIHBvaW50 ICMyLCBHUkUgaXMgdGhlIFRyYW5zcG9ydCB0aGF0IE5TSCB1c2VzIGJldHdlZW4gU0ZGcy9TRnMu IEFuZCBmdXJ0aGVyLCBzaW5jZSBOU0ggaXMgVHJhbnNwb3J0IEVuY2Fwc3VsYXRpb24gYWdub3N0 aWMsIHdlIGFyZSB0YWxraW5nIGFib3V0IHBvdGVudGlhbGx5IGEgYnJvYWQgc2V0IG9mIHByb3Rv Y29sc+KApiBJ4oCZZCBlbmNvdXJhZ2UgdXMgdG8gbm90IGF0dGVtcHQgdG8gY2xhc3NpZnkgdGhl bSBpbiBPU0kgTGF5ZXJzLg0KPg0KPiBJIGNhbiBzZWUgdGhhdCBzb21lIG9mIHRoaXMgbWlnaHQg bm90IGJlIHRvdGFsbHkgY2xlYXIgaWYgc2Nhbm5pbmcgdGhyb3VnaCB0aGUgZG9jdW1lbnQsIGJ1 dCBpdCBpcyBjbGVhciBmb3IgYW4gaW1wbGVtZW50b3IuDQo+DQo+IFNlZSBUYWJsZSAxIGFuZCBU YWJsZSAzIGZvciBleGFtcGxlcyAoVHJhbnNwb3J0IGNvbHVtbikNCj4NCj4gSSBob3BlIHRoaXMg aGVscHMgc2V0IGNsYXJpZnlpbmcgY29udGV4dCwgc2VlIGlubGluZSBmb3IgbW9yZSBzcGVjaWZp YyBkZXRhaWxzLi4uDQo+DQo+PiBPbiBTZXAgMjAsIDIwMTcsIGF0IDExOjIxIEFNLCBLYXRobGVl biBNb3JpYXJ0eSA8S2F0aGxlZW4uTW9yaWFydHkuaWV0ZkBnbWFpbC5jb20+IHdyb3RlOg0KPj4N Cj4+IEhpIENhcmxvcywNCj4+DQo+PiBJdCdzIGEgc3RhcnQsIGJ1dCBzaG91bGQgYmUgbW9yZSBz cGVjaWZpYy4NCj4NCj4gVGhlIHNwZWNpZmljcyBhcmUgaW4gdGhlIGRvY3VtZW50LCBldmVuIGV4 YW1wbGVzIGFzIHBlciBUYWJsZXMgMSBhbmQgMy4NCj4NCj4+IFdoYXQgYXJlIHRoZSBvcmlnaW5h bA0KPj4gcGFja2V0cy9mcmFtZSAtIGlzIHRoaXMgbGluayBsYXllciBvciBuZXR3b3JrIG9yIGJv dGg/DQo+DQo+IFRoZXNlIGFyZSB0aGUgcGFja2V0cyBvciBmcmFtZXMgaW5jb21pbmcgaW50byBh IGNsYXNzaWZpZXIsIG9yaWdpbmFsLCB0aGVuIE5TSCBpcyBpbXBvc2VkLCB0aGVuIGEgdHJhbnNw b3J0IGVuY2Fwc3VsYXRpb24gaXMgaW1wb3NlZC4NCj4NCj4+ICBJdCBzZWVtcyBsaWtlDQo+PiBi b3RoIGZyb20gdGhlIGRpYWdyYW0sIGJ1dCBpcyB0aGF0IHJlYWxseSB0aGUgY2FzZT8NCj4NCj4g WWVzLCBpdCBpcyBib3RoLiBSZWFsbHkgdGhlIGNhc2UuDQo+DQo+Pg0KPj4gVGhlbiBmb3IgdGhl IHRyYW5zcG9ydCBlbmNhcHN1bGF0aW9uLCBpcyB0aGlzIGxheWVyIDMgb3IgND8NCj4NCj4gSSBi ZWxpZXZlIGl0IGlzIGEgc291cmNlIG9mIGhlYWRhY2hlIGFuZCBjb25mdXNpb24gdG8gdGhpbmsg YWJvdXQgT1NJIGxheWVyc+KApiB3aGF0IGxheWVyIGlzIElQLWluLUlQPyBBbmQgYW4gTVBMUyBQ c2V1ZG93aXJlIHRyYW5zcG9ydGluZyBFdGhlcm5ldD8gT3IgYW4gSVB2Ni9MMlRQdjMgcHNldWRv d2lyZSB0cmFuc3BvcnRpbmcgVERNPw0KPg0KPj4NCj4+IFRoZSB3b3JkaW5nIHRoYXQgcHJlY2Vk ZXMgdGhpcyBpcyBhIGJpdCBjb25mdXNpbmcgKGhlcmUgZm9yIHJlZmVyZW5jZSk6DQo+Pg0KPj4g ICBUaGUgTmV0d29yayBTZXJ2aWNlIEhlYWRlciAoTlNIKSBzcGVjaWZpY2F0aW9uIGRlZmluZXMg YSBuZXcgcHJvdG9jb2wNCj4+ICAgYW5kIGFzc29jaWF0ZWQgZW5jYXBzdWxhdGlvbiBmb3IgdGhl IGNyZWF0aW9uIG9mIGR5bmFtaWMgc2VydmljZQ0KPj4gICBjaGFpbnMsIG9wZXJhdGluZyBhdCB0 aGUgc2VydmljZSBwbGFuZS4gIFRoZSBOU0ggaXMgZGVzaWduZWQgdG8NCj4+ICAgZW5jYXBzdWxh dGUgYW4gb3JpZ2luYWwgcGFja2V0IG9yIGZyYW1lLCBhbmQgaW4gdHVybiBiZSBlbmNhcHN1bGF0 ZWQNCj4+ICAgYnkgYW4gb3V0ZXIgdHJhbnNwb3J0ICh3aGljaCBpcyB1c2VkIHRvIGRlbGl2ZXIg dGhlIE5TSCB0byBOU0gtYXdhcmUNCj4+ICAgbmV0d29yayBlbGVtZW50cyksIGFzIHNob3duIGlu IEZpZ3VyZSAxOg0KPg0KPiBEb2VzIHRoZSBleHBsYW5hdGlvbiBhYm92ZSBoZWxwPyBJIGFtIG5v dCBzdXJlIGhvdyB0byBiZXN0IGFuc3dlcuKApiBiZWNhdXNlIEkgZG8gbm90IGZpbmQgaXQgY29u ZnVzaW5nLiBUaGlzIHRleHQgaXMgdGhlIHJlc3VsdCBvZiByZXZpZXdlcnMgYXNraW5nIGZvciBj bGFyaXR5LCBhbmQgdGhlbiBhY2tub3dsZWRnaW5nIHRoYXQgdGhlIHBhcmFncmFwaCBhYm92ZSBi cm91Z2h0IHRoYXQgY2xhcml0eS4NCj4NCj4+DQo+PiBOb3JtYWxseSwgdGhlIGhpZ2hlciBsYXll cnMgYXJlIGVuY2Fwc3VsYXRlZCwNCj4NCj4gV2hhdCBpcyBoaWdoZXIgYW5kIGxvd2VyPyBBbmQg Zm9yIHdoYXQgZGVmaW5pdGlvbiBvZiDigJxOb3JtYWxseeKAnT8gV2hhdOKAmXMgYSBUdW5uZWw/ DQo+DQo+PiBidXQgdGhpcyB3b3JkaW5nDQo+PiBkZXNjcmliZXMganVzdCB0aGUgb3Bwb3NpdGUu ICBJdCBzYXlzIHRoZSBwYWNrZXQvZnJhbWUgYXQgbGF5ZXIgMi8zIA0KPj4gKGp1c3QgZ29pbmcg ZnJvbSB0aGUgbm9ybWFsIHVzZXMgb2YgcGFja2V0IGFuZCBmcmFtZSB0byBhc3N1bWUgbGF5ZXIg DQo+PiAzLzIpLg0KPg0KPiBDb3JyZWN0LiBJUCBwYWNrZXQsIEV0aGVybmV0IEZyYW1lLg0KPg0K Pj4gIE5IUyBlbmNhcHN1bGF0ZXMgdGhhdCwgYW5kIHRoZW4gaXMgZW5jYXBzdWxhdGVkIGJ5IGEg dHJhbnNwb3J0IGxheWVyIA0KPj4gMy80Pw0KPg0KPiBOby4NCj4NCj4gV2hlcmUgZG9lcyBpdCBz YXkg4oCcVHJhbnNwb3J0IExheWVy4oCdPw0KPg0KPiBOb3RlIHRoYXQg4oCcTmV0d29yayBUcmFu c3BvcnTigJ0sIGFuZCDigJxUcmFuc3BvcnQgRW5jYXBzdWxhdGlvbuKAnSBhcmUgdGVybXMgY29t aW5nIGZyb20gUkZDIDc2NjUuDQo+DQo+IEFuZCB0byBiZSBjbGVhcjogbWFueSBSRkNzIHVzZSDi gJxUcmFuc3BvcnQgRW5jYXBzdWxhdGlvbuKAnSBvciBhIA0KPiB2YXJpYXRpb24gb2YgdGhhdCAo RW5jYXBzdWxhdGlvbiBmb3IgVHJhbnNwb3J0LCBUcmFuc3BvcnQtaW5kZXBlbmRlbnQgDQo+IEVu Y2Fwc3VsYXRpb24sIGV0Yy4pDQo+DQo+IFNlZSBUYWJsZSAxIGFuZCBUYWJsZSAzLCBUcmFuc3Bv cnQgY29sdW1uLCBmb3IgZXhhbXBsZXMuDQo+DQo+DQo+PiAgSWYgeW91IGNhbiBjbGFyaWZ5IHRo aXMgdGV4dCBvciBtYWtlIGl0IGNsZWFyIHRoYXQgeW91IHJlYWxseSANCj4+IGludGVuZGVkIHRv IGRvIHRoaXMgb2RkIGVuY2Fwc3VsYXRpb24sIHRoYXQgd291bGQgaGVscCBhIGxvdC4NCj4NCj4g SG9wZWZ1bGx5IG15IGV4cGxhbmF0aW9uIGhlbHBzLg0KPg0KPj4gVW5kZXJzdGFuZGluZyB0aGUg bGF5ZXJzIHRoaXMgYWxsIGhhcHBlbnMgYXQgaXMgdmVyeSBpbXBvcnRhbnQuICBJZiANCj4+IE5T SCBpcyB0aGUgdHJpZ2dlciBmb3IgdGhlIGxheWVyIDMvNCB0cmFuc3BvcnQsIGhvdyBjYW4gc2Vj dXJpdHkgYmUgDQo+PiBhcHBsaWVkPyAgT3IgaXMgaXQgYWRkcmVzc2VkIGJ5IGEgcHJpb3IgMy80 IGVuY2Fwc3VsYXRpb24gYnkgdGhlIA0KPj4gb3JpZ2luYWwgcGFja2V0L2ZyYW1lPw0KPj4NCj4+ IFRoYW5rcywNCj4+IEthdGhsZWVuDQo+Pg0KPg0KPg0KPiDigJQNCj4gQ2FybG9zIFBpZ25hdGFy bywgY2FybG9zQGNpc2NvLmNvbQ0KPg0KPg0KPj4NCj4+IE9uIFR1ZSwgU2VwIDE5LCAyMDE3IGF0 IDQ6NTMgUE0sIENhcmxvcyBQaWduYXRhcm8gKGNwaWduYXRhKSANCj4+IDxjcGlnbmF0YUBjaXNj by5jb20+IHdyb3RlOg0KPj4+IEhpLCBLYXRobGVlbiwNCj4+Pg0KPj4+IFRoYW5rcyBmb3IgdGhl IGNsYXJpZmljYXRpb24uDQo+Pj4NCj4+PiBSZWdhcmRpbmc6DQo+Pj4NCj4+PiBpcyB0aGF0IHRo ZSBsYXllcmluZyBuZWVkcyB0byBiZSBzcGVjaWZpY2FsbHkgc3RhdGVkIHRvIGNsZWFybHkNCj4+ Pg0KPj4+DQo+Pj4gTGlrZSB0aGlzPw0KPj4+IGh0dHBzOi8vdG9vbHMuaWV0Zi5vcmcvaHRtbC9k cmFmdC1pZXRmLXNmYy1uc2gtMjEjc2VjdGlvbi0xDQo+Pj4NCj4+PiAgICAgICAgICAgICAgICAg ICAgICstLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0rDQo+Pj4gICAgICAgICAgICAgICAg ICAgICB8ICAgIFRyYW5zcG9ydCBFbmNhcHN1bGF0aW9uICAgfA0KPj4+ICAgICAgICAgICAgICAg ICAgICAgKy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLSsNCj4+PiAgICAgICAgICAgICAg ICAgICAgIHwgTmV0d29yayBTZXJ2aWNlIEhlYWRlciAoTlNIKSB8DQo+Pj4gICAgICAgICAgICAg ICAgICAgICArLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tKw0KPj4+ICAgICAgICAgICAg ICAgICAgICAgfCAgICBPcmlnaW5hbCBQYWNrZXQgLyBGcmFtZSAgIHwNCj4+PiAgICAgICAgICAg ICAgICAgICAgICstLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0rDQo+Pj4NCj4+PiAgICAg ICAgICAgICAgRmlndXJlIDE6IE5ldHdvcmsgU2VydmljZSBIZWFkZXIgRW5jYXBzdWxhdGlvbg0K Pj4+DQo+Pj4gSSB0aGluayBpZiB5b3UgbGFpZCB0aGlzIG91dA0KPj4+IG5pY2VseSBhbmQgY2xl YXJseSBzaG93ZWQgd2hlcmUgdHJhbnNwb3J0IHNlY3VyaXR5IGlzIGFkZHJlc3NlZCBhdA0KPj4+ IGFub3RoZXIgbGF5ZXIgKG91dC1vZi1zY29wZSksIGl0IHdvdWxkIGdvIGEgbG9uZyB3YXkuDQo+ Pj4NCj4+Pg0KPj4+IEhvcGVmdWxseSB0aGUgYWJvdmUgKGV4aXN0aW5nKSBmaWd1cmUgYW5kIHRl eHQgaXMgY2xlYXIuIEluIHRoYXQgY2FzZToNCj4+Pg0KPj4+IE9uZSBpZGVhIGlzIHRvIGNhdGVn b3JpemUgdGhlIHBhcmFncmFwaHMgaW4gdGhlIFNlY3VyaXR5IENvbnNpZGVyYXRpb25zIHRvDQo+ Pj4gbWFrZSB0aG9zZSByZWxhdGlvbnMgbW9yZSBjbGVhci4NCj4+Pg0KPj4+IOKAlA0KPj4+IENh cmxvcyBQaWduYXRhcm8uDQo+Pj4NCj4+Pg0KPj4+IE9uIFNlcCAxOSwgMjAxNywgYXQgMzozOCBQ TSwgS2F0aGxlZW4gTW9yaWFydHkNCj4+PiA8S2F0aGxlZW4uTW9yaWFydHkuaWV0ZkBnbWFpbC5j b20+IHdyb3RlOg0KPj4+DQo+Pj4gVGhhbmtzIGZvciB0aGUgcmVzcG9uc2VzLiAgSSdtIGdvaW5n IHRvIHRvcCBwb3N0IGFzIEkgdGhpbiB0aGUgbWFpbg0KPj4+IHBvaW50IG9mIG15IHJldmlldyBp cyB0aGF0IHRoZSBsYXllcmluZyBuZWVkcyB0byBiZSBzcGVjaWZpY2FsbHkNCj4+PiBzdGF0ZWQg dG8gY2xlYXJseSBzY29wZSB0aGUgcHJvYmxlbSBzcGFjZSBmb3IgTlNIIHNlY3VyaXR5DQo+Pj4g Y29uc2lkZXJhdGlvbnMuICBUaGUgZHJhZnQgYXMtd3JpdHRlbiBpcyBub3QgY2xlYXIgYW5kIGFz IGEgcmVzdWx0LA0KPj4+IHNlY3VyaXR5IHJldmlld3MgYXJlIHZlcnkgZGlmZmljdWx0LiAgSSB0 aGluayBpZiB5b3UgbGFpZCB0aGlzIG91dA0KPj4+IG5pY2VseSBhbmQgY2xlYXJseSBzaG93ZWQg d2hlcmUgdHJhbnNwb3J0IHNlY3VyaXR5IGlzIGFkZHJlc3NlZCBhdA0KPj4+IGFub3RoZXIgbGF5 ZXIgKG91dC1vZi1zY29wZSksIGl0IHdvdWxkIGdvIGEgbG9uZyB3YXkuICBBbHRob3VnaCB0aGUN Cj4+PiBkcmFmdCBpbXByb3ZlZCBhIGJpdCBmcm9tIHRoZSBwcmV2aW91cyB2ZXJzaW9uLCBJIHRo aW5rIGEgY2FyZWZ1bA0KPj4+IHJldmlldyBhbmQgZWRpdCBwYXNzIHdvdWxkIGRvIGEgbG90IG9m IGdvb2QsIHNwZWNpZmljYWxseSBhcm91bmQNCj4+PiBjbGFyaXR5IG9mIHRoZSBwcm9ibGVtIHNw YWNlIGFuZCBzb2x1dGlvbi4gIFRoZSBxdWVzdGlvbnMgSSBhc2tlZCB3ZXJlDQo+Pj4gYSByZXN1 bHQgb2YgbGFjayBvZiBjbGFyaXR5IGluIHRoZSBkcmFmdC4NCj4+Pg0KPj4+IFRoYW5rcywNCj4+ PiBLYXRobGVlbg0KPj4+DQo+Pj4gT24gVHVlLCBTZXAgMTksIDIwMTcgYXQgMzoyMiBQTSwgUGF1 bCBRdWlubiAocGF1bHEpIDxwYXVscUBjaXNjby5jb20+IHdyb3RlOg0KPj4+DQo+Pj4gSGksDQo+ Pj4NCj4+PiBUaGFuayB5b3UgZm9yIHRoZSByZXZpZXcuICBQbGVhc2Ugc2VlIHNvbWUgY29tbWVu dHMgaW5saW5lIGJlbG93Lg0KPj4+DQo+Pj4gUGF1bA0KPj4+DQo+Pj4gT24gU2VwIDE4LCAyMDE3 LCBhdCA0OjE1IFBNLCBLYXRobGVlbiBNb3JpYXJ0eQ0KPj4+IDxrYXRobGVlbi5tb3JpYXJ0eS5p ZXRmQGdtYWlsLmNvbT4gd3JvdGU6DQo+Pj4NCj4+PiBIZWxsbywNCj4+Pg0KPj4+IEF0IEFsaWEn cyByZXF1ZXN0LCBJIGRpZCBhbiBlYXJseSByZXZpZXcgb2YgZHJhZnQtaWV0Zi1zZmMtbnNoLiAg SGVyZQ0KPj4+IGFyZSBzb21lIGluaXRpYWwgY29tbWVudHMgYW5kIEkgbWF5IGhhdmUgbW9yZSB3 aGVuIHRoZSBkcmFmdCBpcw0KPj4+IHJldmlzZWQgYW5kIGlzIGluIGZvciBJRVNHIHJldmlldy4g IEkgYXBwcmVjaWF0ZSB5b3VyIGVmZm9ydHMNCj4+PiBhZGRyZXNzaW5nIHRoZSBjb21tZW50cyBy ZWNlaXZlZCB0byBkYXRlLiAgSSBob3BlIHlvdSBmaW5kIHRoZXNlDQo+Pj4gc3VnZ2VzdGlvbnMg YXMgaGVscGZ1bCBpbXByb3ZlbWVudHMgdG8gdGhlIGRvY3VtZW50IGFuZCBjbGFyaXR5IG9mIE5T SA0KPj4+IHNlY3VyaXR5IGNvbmNlcm5zLg0KPj4+DQo+Pj4NCj4+PiBTZWN0aW9uIDEgLQ0KPj4+ DQo+Pj4gVGhlIGludGVuZGVkIHNjb3BlIGluIHRoZSBpbnRyb2R1Y3Rpb24gc2hvdWxkIGFsc28g aW5jbHVkZSBtZW50aW9uIG9mDQo+Pj4gbXVsdGktdGVuYW5jeS4gIFRoaXMgY2hhbmdlcyB0aGUg c2VjdXJpdHkgcmVxdWlyZW1lbnRzIGFuZCBpcyB2ZXJ5DQo+Pj4gaW1wb3J0YW50IHRvIG5vdGUu DQo+Pj4NCj4+PiBTZWN0aW9uIDEuNCAtDQo+Pj4NCj4+PiA1LiAgVHJhbnNwb3J0IEFnbm9zdGlj OiBUaGUgTlNIIGlzIGVuY2Fwc3VsYXRpb24taW5kZXBlbmRlbnQsIG1lYW5pbmcNCj4+PiAgICAg aXQgY2FuIGJlIHRyYW5zcG9ydGVkIGJ5IGEgdmFyaWV0eSBvZiBwcm90b2NvbHMuICBBbiBhcHBy b3ByaWF0ZQ0KPj4+ICAgICAoZm9yIGEgZ2l2ZW4gZGVwbG95bWVudCkgZW5jYXBzdWxhdGlvbiBw cm90b2NvbCBjYW4gYmUgdXNlZCB0bw0KPj4+ICAgICBjYXJyeSBOU0gtZW5jYXBzdWxhdGVkIHRy YWZmaWMuICBUaGlzIHRyYW5zcG9ydCBtYXkgZm9ybSBhbg0KPj4+ICAgICBvdmVybGF5IG5ldHdv cmsgYW5kIGlmIGFuIGV4aXN0aW5nIG92ZXJsYXkgdG9wb2xvZ3kgcHJvdmlkZXMgdGhlDQo+Pj4g ICAgIHJlcXVpcmVkIHNlcnZpY2UgcGF0aCBjb25uZWN0aXZpdHksIHRoYXQgZXhpc3Rpbmcgb3Zl cmxheSBtYXkgYmUNCj4+PiAgICAgdXNlZC4NCj4+Pg0KPj4+IElzIHRoZXJlIGEgcHJlZmVycmVk IHRyYW5zcG9ydCBzbyB5b3UgY291bGQgc3BlY2lmeSBhIHJlY29tbWVuZGVkDQo+Pj4gdHJhbnNw b3J0IHNlY3VyaXR5IHByb3RvY29sPw0KPj4+DQo+Pj4NCj4+PiBQUT4gVGhlcmUgaXMgbm90LiAg SW4gZmFjdCBhdCB0aGUgQUTigJlzIHJlcXVlc3Qgc2FtcGxlIHRyYW5zcG9ydHMgd2VyZQ0KPj4+ IHJlbW92ZWQgdG8gZW5zdXJlIHRoYXQgdGhlcmUgd2FzIG5vIGltcGxpZWQgcHJlZmVyZW5jZS4g IFRoZXJlZm9yZSwgYW4NCj4+PiBvcGVyYXRvciBjYW4gc2VsZWN0IHRoZWlyIHByZWZlcnJlZCB0 cmFuc3BvcnRzLCBpbmNsdWRpbmcg4oCUIGFzIHBlciB0aGUNCj4+PiBzZWN1cml0eSBjb25zaWRl cmF0aW9ucyBzZWN0aW9uIOKAlCBvbmVzIHRoYXQgcHJvdmlkZSBlbmNyeXB0aW9uLg0KPj4+DQo+ Pj4NCj4+PiBTZWN0aW9uIDIsIDNyZCBzZW50ZW5jZToNCj4+PiBTdWJzZXF1ZW50bHksIGFuDQo+ Pj4gb3V0ZXIgZW5jYXBzdWxhdGlvbiBpcyBpbXBvc2VkIG9uIHRoZSBOU0gsIHdoaWNoIGlzIHVz ZWQgZm9yIG5ldHdvcmsNCj4+PiBmb3J3YXJkaW5nLg0KPj4+DQo+Pj4gS25vd2luZyBtb3JlIGFi b3V0IHRoaXMgd291bGQgaGVscCB0byB1bmRlcnN0YW5kIG9wdGlvbnMgb3IgaWYgdGhlcmUNCj4+ PiBpcyBhbm90aGVyIGRyYWZ0IHRoYXQgYWRkcmVzc2VzIHRoaXMgb3V0ZXIgZW5jYXBzdWxhdGlv biB0aGF0IGlzDQo+Pj4gaW1wb3NlZCBhbmQgdGhlIHRyYW5zcG9ydCBzZWN1cml0eSByZXF1aXJl bWVudHMgdGhhdCBnbyBhbG9uZyB3aXRoIGl0Lg0KPj4+DQo+Pj4NCj4+PiBQUT4gU2luY2UgTlNI IGRlZmluZXMgbm8gcHJlZmVycmVkIHRyYW5zcG9ydChzKSwgdGhlIHNlY3VyaXR5IG9mIHRoZQ0K Pj4+IHNlbGVjdGVkIHRyYW5zcG9ydCBpcyBsZWZ0IHRvIHRoZSB0cmFuc3BvcnQgc3RhbmRhcmQu ICAgU28sIGZvciBleGFtcGxlLCBpZg0KPj4+IGFuIG9wZXJhdG9yIGVsZWN0cyB0byB1c2UgdGhl IE5WTzMgZGVmaW5lZCBwcm90b2NvbCwgdGhlbiB0aGUgb3BlcmF0b3IgaGFzDQo+Pj4gZXhwbGlj aXRseSBzZWxlY3RlZCB0aGF0IG92ZXJsYXkuDQo+Pj4NCj4+Pg0KPj4+IFRyYW5zcG9ydCBtYXkg YmUgaG9wIHRvIGhvcCwgYW5kIHRoZXJlIG1pZ2h0IG5vdCBiZSBlbmNyeXB0aW9uIG9mIHRoaXMN Cj4+PiBoZWFkZXIgaWYgdGhlIGFwcGxpY2F0aW9uIHVzZXMgYW4gZW5jcnlwdGVkIHRyYW5zcG9y dCBlbmNhcHN1bGF0ZWQgaW4NCj4+PiB0aGlzIGxheWVyLiAgSW4gYW55IGNhc2UsIGl0IHNlZW1z IGludGVncml0eSBwcm90ZWN0aW9uIGlzIGENCj4+PiByZXF1aXJlbWVudCBmb3IgYSBtdWx0aS10 ZW5hbnQgZW52aXJvbm1lbnQuICBDb3VsZCB0aGUgQ09TRSBNQUMNCj4+PiBmdW5jdGlvbiBmaXQg dGhlIGJpbGwgc2luY2UgaXQgaXMgaW50ZW5kZWQgZm9yIGNvbmNpc2UgZm9ybWF0cz8NCj4+PiBo dHRwczovL2RhdGF0cmFja2VyLmlldGYub3JnL2RvYy9yZmM4MTUyDQo+Pj4gSk9TRSBwcm9kdWNl ZCBhIHNpbWlsYXIgZnVuY3Rpb24gd2l0aCBKU09OLCBidXQgaXQgd291bGQgYmUgc2xpZ2h0bHkg bGFyZ2VyLg0KPj4+DQo+Pj4gU2VjdGlvbiA3LjE6DQo+Pj4NCj4+PiBUaGUgZm9sbG93aW5nIHBh cmFncmFwaCBpbXBsaWVzIHRoYXQgYW55dGhpbmcgbGVzcyB0aGFuIGEgNS10dXBsZQ0KPj4+IGlz buKAmXQgdXNlZnVsIGFuZCB0aGF0IHlvdSBpbnRlbmQgdG8gdXNlIHRyYWZmaWMgY29udGVudCB3 aGVuDQo+Pj4gYXZhaWxhYmxlLiAgVGhpcyBpcyBjb25jZXJuaW5nLiAgQ2Fu4oCZdCB5b3UgdXNl IGEgMi10dXBsZT8gIFdoYXQgaWYNCj4+PiBJUHNlYyB0cmFuc3BvcnQgbW9kZSB3ZXJlIGluIHVz ZSwgaXMgdGhpcyBzb2x1dGlvbiBkZWFkIGluIHRoZSB3YXRlcj8NCj4+Pg0KPj4+IFJlZ2FyZGxl c3Mgb2YgdGhlIHNvdXJjZSwgbWV0YWRhdGEgcmVmbGVjdHMgdGhlICJyZXN1bHQiIG9mDQo+Pj4g Y2xhc3NpZmljYXRpb24uICBUaGUgZ3JhbnVsYXJpdHkgb2YgY2xhc3NpZmljYXRpb24gbWF5IHZh cnkuICBGb3INCj4+PiBleGFtcGxlLCBhIG5ldHdvcmsgc3dpdGNoLCBhY3RpbmcgYXMgYSBjbGFz c2lmaWVyLCBtaWdodCBvbmx5IGJlIGFibGUNCj4+PiB0byBjbGFzc2lmeSBiYXNlZCBvbiBhIDUt dHVwbGUsIHdoaWxlIGEgc2VydmljZSBmdW5jdGlvbiBtYXkgYmUgYWJsZQ0KPj4+IHRvIGluc3Bl Y3QgYXBwbGljYXRpb24gaW5mb3JtYXRpb24uICBSZWdhcmRsZXNzIG9mIGdyYW51bGFyaXR5LCB0 aGUNCj4+PiBjbGFzc2lmaWNhdGlvbiBpbmZvcm1hdGlvbiBjYW4gYmUgcmVwcmVzZW50ZWQgaW4g dGhlIE5TSC4NCj4+Pg0KPj4+IElmIGEgMi10dXBsZSBpcyBwb3NzaWJsZSwgY291bGQgeW91IGFk ZCB0aGF0IGluIGFzIGFuIGV4YW1wbGUgaW5zdGVhZA0KPj4+IG9mIG9yIGluIGFkZGl0aW9uIHRv IHRoZSA1LXR1cGxlPw0KPj4+DQo+Pj4NCj4+PiBQUT4gIFRoZSA1LXR1cGxlIHdhcyB1c2VkIG9u bHkgYXMgYW4gZXhhbXBsZSB0aGF0IGlzIGNvbW1vbmx5IHVuZGVyc3Rvb2QgaW4NCj4+PiB0aGUg Y29udGV4dCBvZiBuZXR3b3JrIGRldmljZSBjbGFzc2lmaWNhdGlvbi4gIFRoZSBzZW50ZW5jZTog IlRoZQ0KPj4+IGdyYW51bGFyaXR5IG9mIGNsYXNzaWZpY2F0aW9uIG1heSB2YXJ5LuKAnSBhZGRy ZXNzZXMgMiwgMywgNCwgbi10dXBsZQ0KPj4+IGNsYXNzaWZpY2F0aW9uLiAgRnVydGhlciwgdGhh dCBwb2ludCBpcyByZWluZm9yY2VkOiDigJxSZWdhcmRsZXNzIG9mDQo+Pj4gZ3JhbnVsYXJpdHks IHRoZSBjbGFzc2lmaWNhdGlvbiBpbmZvcm1hdGlvbiBjYW4gYmUgcmVwcmVzZW50ZWQgaW4gdGhl IE5TSC4iDQo+Pj4NCj4+Pg0KPj4+DQo+Pj4NCj4+PiBTZWN0aW9uIDcuMQ0KPj4+DQo+Pj4gVGhp cyB0ZXh0IGNvbWVzIHRvbyBsYXRlIGluIHRoZSBkcmFmdCBhbmQgSSByZWNvbW1lbmQgbWFraW5n IGEgY2xlYXINCj4+PiBzdGF0ZW1lbnQgaW4gdGhlIGludHJvZHVjdGlvbiB0aGF0IHNlc3Npb24g ZW5jcnlwdGlvbiB0byBwcm90ZWN0IHRoZQ0KPj4+IGRhdGEgaW4gdHJhbnNpdCByZWxpZXMgb24g dGhlIGFwcGxpY2F0aW9uL3NlcnZpY2Ugc2VuZGluZy9yZWNlaXZpbmcNCj4+PiB0aGUgZGF0YSBh bmQgbm90IHRoZSBTRkMuICBJIG1hZGUgdGhpcyBwb2ludCBwcmV2aW91c2x5IGFuZCBhbSBnbGFk IHRvDQo+Pj4gc2VlIHNvbWUgdGV4dCwgYnV0IHRoaW5rIGl0IHdvdWxkIGJlIG11Y2ggYmV0dGVy IHRvIHN0YXRlIHRoaXMgZWFybHkNCj4+PiBpbiB0aGUgZHJhZnQuICBUb3VjaGluZyB1cG9uIHBy b3RlY3Rpb25zIGZvciBkYXRhIHN0cmVhbXMgdmVyc3VzIG1ldGENCj4+PiBkYXRhIHdvdWxkIGJv dGggYmUgaW1wb3J0YW50IChsYXllcnMgZm9yIHRyYWZmaWMgYW5kIGFzc29jaWF0ZWQNCj4+PiBw cm90ZWN0aW9ucykuICBJZiBpdOKAmXMgbWV0YSBkYXRhLCBkbyB0aGV5IG5lZWQgdG8gcmVseSBv biBJUHNlYyBhbmQNCj4+PiBoYXZpbmcgYSAyLXR1cGxlIGJlIHRoZSBtaW5pbXVtPyAgV2hlbiBp cyB0aGF0IGFwcGxpZWQ/ICBJcyB0aGVyZSBtZXRhDQo+Pj4gZGF0YSB0aGF0IGNvdWxkIGJlIHNl bnNpdGl2ZSBpZiBUTFMgd2FzIGluIHBsYWNlIGFuZCBhIDUtdHVwbGUgaXMNCj4+PiB2aXNpYmxl IChwZXJoYXBzIHRoZSBleGlzdGVuY2Ugb2YgY29tbXVuaWNhdGlvbiBpcyBzZW5zaXRpdmUpLiAg QXJlDQo+Pj4gdGhlcmUgb3RoZXIgY29uc2lkZXJhdGlvbnMgZm9yIG1ldGFkYXRhIGFuZCBkYXRh IHRoYXQgbmVlZCB0byBiZQ0KPj4+IHN0YXRlZCB1cCBmcm9udCBhbmQgcHV0IG91dC1vZi1zY29w ZSBmb3IgU0ZDPyAgSeKAmW0gYXNraW5nIHRoZXNlDQo+Pj4gcXVlc3Rpb25zIGFzIHByb3ZpZGlu ZyB0aGVzZSBhbnN3ZXJzIGNvdWxkIHNob3cgdGhhdCB0aGUgcmlzayBpcw0KPj4+IGNvbnN0cmFp bmVkLg0KPj4+DQo+Pj4gRGVwZW5kaW5nIG9uIHRoZSBpbmZvcm1hdGlvbiBjYXJyaWVkIGluIHRo ZSBtZXRhZGF0YSwgZGF0YSBwcml2YWN5DQo+Pj4gY29uc2lkZXJhdGlvbnMgbWF5IG5lZWQgdG8g YmUgY29uc2lkZXJlZC4gIEZvciBleGFtcGxlLCBpZiB0aGUNCj4+PiBtZXRhZGF0YSBjb252ZXlz IHRlbmFudCBpbmZvcm1hdGlvbiwgdGhhdCBpbmZvcm1hdGlvbiBtYXkgbmVlZCB0byBiZQ0KPj4+ IGF1dGhlbnRpY2F0ZWQgYW5kL29yIGVuY3J5cHRlZCBiZXR3ZWVuIHRoZSBvcmlnaW5hdG9yIGFu ZCB0aGUNCj4+PiBpbnRlbmRlZCByZWNpcGllbnRzICh3aGljaCBtYXkgaW5jbHVkZSBpbnRlbmRl ZCBTRnMgb25seSkuICBUaGUgTlNIDQo+Pj4gaXRzZWxmIGRvZXMgbm90IHByb3ZpZGUgcHJpdmFj eSBmdW5jdGlvbnMsIHJhdGhlciBpdCByZWxpZXMgb24gdGhlDQo+Pj4gdHJhbnNwb3J0L292ZXJs YXkgbGF5ZXIuICBBbiBvcGVyYXRvciBjYW4gc2VsZWN0IHRoZSBhcHByb3ByaWF0ZQ0KPj4+IHRy YW5zcG9ydCB0byBlbnN1cmUgY29uZmlkZW50aWFsaXR5IChhbmQgb3RoZXIgc2VjdXJpdHkpDQo+ Pj4gY29uc2lkZXJhdGlvbnMgYXJlIG1ldC4gIE1ldGFkYXRhIHByaXZhY3kgYW5kIHNlY3VyaXR5 IGNvbnNpZGVyYXRpb25zDQo+Pj4gYXJlIGEgbWF0dGVyIGZvciB0aGUgZG9jdW1lbnRzIHRoYXQg ZGVmaW5lIG1ldGFkYXRhIGZvcm1hdC4NCj4+Pg0KPj4+DQo+Pj4NCj4+PiBQUT4gIEFyZSB5b3Ug c3VnZ2VzdGluZyB0aGF0IGFwcGxpY2F0aW9uIGxheWVyIGNvbmZpZGVudGlhbGx5IGJlIGFkZHJl c3NlZA0KPj4+IGluIHRoaXMgZHJhZnQ/ICAgTlNIIOKAnHBsYXlzIG5pY2VseeKAnSB3aXRoIHN0 YW5kYXJkIGVuY3J5cHRpb24gdHJhbnNwb3J0cywNCj4+PiB0aGVyZWZvcmUgYWxsb3dpbmcgb3Bl cmF0b3JzIHRvIOKAnHNlY3VyZeKAnSB0aGUgcGF0aC4gIEdvaW5nIHVwIHRoZSBzdGFjayBmcm9t DQo+Pj4gdGhhdCBzZWVtcyB0byBiZSBvdXRzaWRlIHRoZSBzY29wZSBvZiBOU0ggYW5kIGluY29u c2lzdGVudCB3aXRoIG90aGVyDQo+Pj4gcHJvdG9jb2wgcmVxdWlyZW1lbnRzLg0KPj4+DQo+Pj4N Cj4+PiBPdGhlciBjb21tZW50czoNCj4+Pg0KPj4+IEnigJlkIGxpa2UgdG8gc2VlOw0KPj4+IGh0 dHBzOi8vdG9vbHMuaWV0Zi5vcmcvaHRtbC9kcmFmdC1tZ2x0LXNmYy1zZWN1cml0eS1lbnZpcm9u bWVudC1yZXEtMDINCj4+PiBQdWJsaXNoZWQgYmVmb3JlIHRoaXMgZG9jdW1lbnQgYW5kIHRoZW4g aGF2ZSB0aGF0IGFzIGEgcmVmZXJlbmNlLiAgT25lDQo+Pj4gb2YgdGhlIGNvbW1lbnRzIEkgbWFk ZSBwcmV2aW91c2x5IHdhcyB0byBsaXN0IG91dCB0aGUgbGF5ZXJpbmcgYW5kDQo+Pj4gcHJvdGVj dGlvbnMgZXhwZWN0ZWQgb24gZGF0YSBhbmQgTlNILiAgVGhpcyBoYXMgYmVlbiBkb25lIGluIHRo ZQ0KPj4+IHNlY3VyaXR5IGVudmlyb25tZW50IGRyYWZ0LCBzZWN0aW9uIDQgc2hvdWxkIGJlIHJl ZmVyZW5jZWQ6DQo+Pj4NCj4+PiBTZWN0aW9uIDQgcHJvdmlkZXMgYW4gb3ZlcmFsbCBkZXNjcmlw dGlvbiBvZiB0aGUgU0ZDIGVudmlyb25tZW50IHdpdGgNCj4+PiB0aGUgaW50cm9kdWN0aW9uIG9m IHRoZSBkaWZmZXJlbnQgcGxhbmVzIChTRkMgQ29udHJvbCBQbGFuZSwgdGhlIFNGQw0KPj4+IE1h bmFnZW1lbnQgUGxhbmUsIHRoZSBUZW5hbnQncyB1c2VyIFBsYW5lIGFuZCB0aGUgU0ZDIERhdGEg UGxhbmUpLg0KPj4+DQo+Pj4NCj4+Pg0KPj4+IFBRPiAgQXMgSSBtZW50aW9uZWQgb24gYW5vdGhl ciB0aHJlYWQ6IGEgc2VjdXJlIGVudmlyb25tZW50IGRyYWZ0IGlzIG5vdA0KPj4+IHJlbGF0ZWQg dG8gTlNIIHBlciBzZS4NCj4+Pg0KPj4+DQo+Pj4NCj4+Pg0KPj4+IFRoaXMgaXMgYSB2ZXJ5IGlt cG9ydGFudCBwb2ludCBmb3IgYW55b25lIHJldmlld2luZyBmb3Igc2VjdXJpdHkgYXMNCj4+PiBh cmUgdGhlIGVudmlyb25tZW50IHNlY3VyaXR5IHJlcXVpcmVtZW50cy4gIFRoZSBzZWN1cml0eSBl bnZpcm9ubWVudA0KPj4+IHJlcXVpcmVtZW50cyBkcmFmdCBzdGlsbCBuZWVkcyBhIGxpdHRsZSBt b3JlIHdvcmsgZnJvbSBhIHF1aWNrIHJlYWQsDQo+Pj4gYnV0IGhlbHBzIGEgbG90LiAgSSBuZWVk IHRvIGZpbmlzaCByZWFkaW5nIHRoZSBzZWN1cml0eSBlbnZpcm9ubWVudA0KPj4+IGRyYWZ0Lg0K Pj4+DQo+Pj4gLS0NCj4+Pg0KPj4+IEJlc3QgcmVnYXJkcywNCj4+PiBLYXRobGVlbg0KPj4+DQo+ Pj4gX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18NCj4+PiBz ZmMgbWFpbGluZyBsaXN0DQo+Pj4gc2ZjQGlldGYub3JnDQo+Pj4gaHR0cHM6Ly93d3cuaWV0Zi5v cmcvbWFpbG1hbi9saXN0aW5mby9zZmMNCj4+Pg0KPj4+DQo+Pj4NCj4+Pg0KPj4+DQo+Pj4gLS0N Cj4+Pg0KPj4+IEJlc3QgcmVnYXJkcywNCj4+PiBLYXRobGVlbg0KPj4+DQo+Pj4gX19fX19fX19f X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18NCj4+PiBzZmMgbWFpbGluZyBs aXN0DQo+Pj4gc2ZjQGlldGYub3JnDQo+Pj4gaHR0cHM6Ly93d3cuaWV0Zi5vcmcvbWFpbG1hbi9s aXN0aW5mby9zZmMNCj4+Pg0KPj4+DQo+Pg0KPj4NCj4+DQo+PiAtLQ0KPj4NCj4+IEJlc3QgcmVn YXJkcywNCj4+IEthdGhsZWVuDQo+DQoNCg0KDQotLSANCg0KQmVzdCByZWdhcmRzLA0KS2F0aGxl ZW4NCg0KX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18NCnNm YyBtYWlsaW5nIGxpc3QNCnNmY0BpZXRmLm9yZw0KaHR0cHM6Ly93d3cuaWV0Zi5vcmcvbWFpbG1h bi9saXN0aW5mby9zZmMNCg== From nobody Wed Sep 20 09:49:18 2017 Return-Path: X-Original-To: sfc@ietfa.amsl.com Delivered-To: sfc@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7DB651331C2 for ; Wed, 20 Sep 2017 09:49:15 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2 X-Spam-Level: X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5WX4YpH9LRuk for ; Wed, 20 Sep 2017 09:49:13 -0700 (PDT) Received: from mail-pg0-x233.google.com (mail-pg0-x233.google.com [IPv6:2607:f8b0:400e:c05::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CDF891331BA for ; Wed, 20 Sep 2017 09:49:12 -0700 (PDT) Received: by mail-pg0-x233.google.com with SMTP id i195so1986068pgd.9 for ; Wed, 20 Sep 2017 09:49:12 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=MnaU8RfM81oq+bByu5HG/wXQY0YljdFcv+2O8HjgpFE=; b=R5Zz9GnoVOvAfHDxiqVGuN/3chbh5jPi/Ce+s106eTwe6ktJkVvasQQR+rGuvHEZzi jsDIDpOzaJs17Rlc8kQy0/Wk+6EI4K7cuKd/dV0MYTeJ4wVLaCxfi2aOc1UvmLYmTNIm lLemSzwfzq+Sab2WWVC53FAYMqm/KIjrxVJ7P3s7Uxbe/K99gcP7In1OteRAmv5Rjv9y QqIBwu+QQki3SMcVZb03Rdg+vzyd5rw8nHIbWzvTH8W+IZNTx2DWvcIcRA68FqhFVL8A 4pzLUPZef/Vjtv9q7/6lrxSCeEg1z3aF9TRL2NlWUOGKRpCH+srxdZAUkLFSFZQeexkh kCdw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=MnaU8RfM81oq+bByu5HG/wXQY0YljdFcv+2O8HjgpFE=; b=X8jza+JZ7clNaQv/WMBHnJX+EeP0I8GIfk4G9aHU25IQidRCSSa0YR+5q9+TOBd3YK eGr6dtmR9rpai5ptKkfXlcIdav1+074SKVGO2vgSFOb1X51CpWOPbtGgH8utWpzQHXEM AI9ccXL2xo4qJzeIGdynybB2GmuJ90QEK3rHdgjo6gB7wCZqfnENDPHbimcSWNEQvzkK p60/QpFm62nI5TaCgfmPZUD/1uo8pPUABsPkSnQDjdVx5hT9egMHbnt3NrWF41QvIeQp i56ggl5Eau2aXSCgva7ZNndXGyzqykp4Z8VG4JZ/iRM++XtllRJ+jFB5/Hg55I14R7+8 mI3Q== X-Gm-Message-State: AHPjjUjo3XP2dqkSB1y4hVPYSJlFcrUxOcrXqvdtV0qCO5hoqwtOLmxe JI5VoBVSHABASjP/5jubEw7YehGiYRveKKojzNM= X-Google-Smtp-Source: AOwi7QCQY61Wp3kXoxhlhWhsl83j1v5Z9fnDeBdOisTcZHdp7IBGuVpwwNM99p33qyFrkbkYlS0vBxPMosvFpeFRlfU= X-Received: by 10.98.103.89 with SMTP id b86mr2696368pfc.319.1505926152222; Wed, 20 Sep 2017 09:49:12 -0700 (PDT) MIME-Version: 1.0 Received: by 10.100.144.1 with HTTP; Wed, 20 Sep 2017 09:48:31 -0700 (PDT) In-Reply-To: References: <6971D34B-DC0E-4C3E-B412-3C2F8FAE5704@cisco.com> <43ED911F-2174-4930-A9BE-1B2A81CD03E9@cisco.com> From: Kathleen Moriarty Date: Wed, 20 Sep 2017 12:48:31 -0400 Message-ID: To: James N Guichard Cc: "Carlos Pignataro (cpignata)" , "Paul Quinn (paulq)" , "sfc@ietf.org" Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Archived-At: Subject: Re: [sfc] Early review draft-ietf-sfc-nsh X-BeenThere: sfc@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Network Service Chaining List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 Sep 2017 16:49:15 -0000 On Wed, Sep 20, 2017 at 12:38 PM, James N Guichard wrote: > Hi Kathleen, > > I am not quite clear as to exactly what is confusing with the existing te= xt (-21 version). Quoting from section 1: > > The Network Service Header (NSH) specification defines a new protocol > and associated encapsulation for the creation of dynamic service > chains, operating at the service plane. The NSH is designed to > encapsulate an original packet or frame, and in turn be encapsulated > by an outer transport (which is used to deliver the NSH to NSH-aware > network elements), as shown in Figure 1: > > +------------------------------+ > | Transport Encapsulation | > +------------------------------+ > | Network Service Header (NSH) | > +------------------------------+ > | Original Packet / Frame | > +------------------------------+ > > Figure 1: Network Service Header Encapsulation > > This states that the NSH is designed to encapsulate the original packet/f= rame (read IP packet or Ethernet frame) and then in turn be carried by an o= uter transport. The figure clearly shows that the outer transport in this c= ontext is "Transport Encapsulation". The draft then goes on to describe wha= t NSH is and then in section 4 more detail is provided on the transport enc= apsulation. Now reading section 4 it starts by saying: > > Once the NSH is added to a packet, an outer encapsulation is used to > forward the original packet and the associated metadata to the start > of a service chain. > > Is the confusion caused by section 1 & 4 text saying "outer encapsulation= " or "outer transport" rather than "Transport Encapsulation" ? If so that i= s easily fixed :-) Jim, this would help. It's hard when you are in the weeds of something to look at it from a new comers view. The email responses are extensive, so you may have cleared some of the questions up from other reviewers in email rather than the draft. Making the text clear as to what is happening is very important. Best, Kathleen > > Thanks! > > Jim > > -----Original Message----- > From: sfc [mailto:sfc-bounces@ietf.org] On Behalf Of Kathleen Moriarty > Sent: Wednesday, September 20, 2017 12:22 PM > To: Carlos Pignataro (cpignata) > Cc: Paul Quinn (paulq) ; sfc@ietf.org > Subject: Re: [sfc] Early review draft-ietf-sfc-nsh > > Hi Carlos, > > Please look at the text in the current document. It only says transport = in the text I quoted. The diagram also only says transport. > Drafts need to be clearly written to be broadly understood and the way th= e text is now, it is not. I think cleaning it up a bit will lift some of t= he security concerns as some are addressed prior to NSH seeing the IP packe= t or frame. > > Your response helps, but please take the time to look through the documen= t to see how it can be clarified so one does not have the questions I and o= thers have raised. > > Thank you, > Kathleen > > On Wed, Sep 20, 2017 at 11:59 AM, Carlos Pignataro (cpignata) wrote: >> Hi, Kathleen, >> >> Thank you for asking explicitly. This document used to have explicit =E2= =80=9CNSH Encapsulation Examples=E2=80=9D, but were taken out (at the AD=E2= =80=99s request) based on the argument that =E2=80=9Ceveryone would like to= have their encapsulation=E2=80=9D. We can always bring them back if desire= d, even within a non-normative appendix. >> >> As I follow your questions, I will try my best to answer and clarify. >> >> I am not sure which =E2=80=9Cbunny trail=E2=80=9D took the conversation = here, but perhaps a couple of top-post clarifications might help: >> >> 1. =E2=80=9COriginal Packet/Frame=E2=80=9D -> the terminology Packet/Fra= me, as commonly used, denotes an IP packet or an Ethernet frame. >> 2. The outer "Transport Encapsulation=E2=80=9D does *not* mean TCP. It u= ses the word =E2=80=9CTransport=E2=80=9D as transport profile, an encapsula= tion that transports, not as TCP. GRE is one example of a transport encapsu= lation, not TCP as a =E2=80=9CL4 Transport Layer protocol=E2=80=9D. >> >> In point #2, GRE is the Transport that NSH uses between SFFs/SFs. And fu= rther, since NSH is Transport Encapsulation agnostic, we are talking about = potentially a broad set of protocols=E2=80=A6 I=E2=80=99d encourage us to n= ot attempt to classify them in OSI Layers. >> >> I can see that some of this might not be totally clear if scanning throu= gh the document, but it is clear for an implementor. >> >> See Table 1 and Table 3 for examples (Transport column) >> >> I hope this helps set clarifying context, see inline for more specific d= etails... >> >>> On Sep 20, 2017, at 11:21 AM, Kathleen Moriarty wrote: >>> >>> Hi Carlos, >>> >>> It's a start, but should be more specific. >> >> The specifics are in the document, even examples as per Tables 1 and 3. >> >>> What are the original >>> packets/frame - is this link layer or network or both? >> >> These are the packets or frames incoming into a classifier, original, th= en NSH is imposed, then a transport encapsulation is imposed. >> >>> It seems like >>> both from the diagram, but is that really the case? >> >> Yes, it is both. Really the case. >> >>> >>> Then for the transport encapsulation, is this layer 3 or 4? >> >> I believe it is a source of headache and confusion to think about OSI la= yers=E2=80=A6 what layer is IP-in-IP? And an MPLS Pseudowire transporting E= thernet? Or an IPv6/L2TPv3 pseudowire transporting TDM? >> >>> >>> The wording that precedes this is a bit confusing (here for reference): >>> >>> The Network Service Header (NSH) specification defines a new protocol >>> and associated encapsulation for the creation of dynamic service >>> chains, operating at the service plane. The NSH is designed to >>> encapsulate an original packet or frame, and in turn be encapsulated >>> by an outer transport (which is used to deliver the NSH to NSH-aware >>> network elements), as shown in Figure 1: >> >> Does the explanation above help? I am not sure how to best answer=E2=80= =A6 because I do not find it confusing. This text is the result of reviewer= s asking for clarity, and then acknowledging that the paragraph above broug= ht that clarity. >> >>> >>> Normally, the higher layers are encapsulated, >> >> What is higher and lower? And for what definition of =E2=80=9CNormally= =E2=80=9D? What=E2=80=99s a Tunnel? >> >>> but this wording >>> describes just the opposite. It says the packet/frame at layer 2/3 >>> (just going from the normal uses of packet and frame to assume layer >>> 3/2). >> >> Correct. IP packet, Ethernet Frame. >> >>> NHS encapsulates that, and then is encapsulated by a transport layer >>> 3/4? >> >> No. >> >> Where does it say =E2=80=9CTransport Layer=E2=80=9D? >> >> Note that =E2=80=9CNetwork Transport=E2=80=9D, and =E2=80=9CTransport En= capsulation=E2=80=9D are terms coming from RFC 7665. >> >> And to be clear: many RFCs use =E2=80=9CTransport Encapsulation=E2=80=9D= or a >> variation of that (Encapsulation for Transport, Transport-independent >> Encapsulation, etc.) >> >> See Table 1 and Table 3, Transport column, for examples. >> >> >>> If you can clarify this text or make it clear that you really >>> intended to do this odd encapsulation, that would help a lot. >> >> Hopefully my explanation helps. >> >>> Understanding the layers this all happens at is very important. If >>> NSH is the trigger for the layer 3/4 transport, how can security be >>> applied? Or is it addressed by a prior 3/4 encapsulation by the >>> original packet/frame? >>> >>> Thanks, >>> Kathleen >>> >> >> >> =E2=80=94 >> Carlos Pignataro, carlos@cisco.com >> >> >>> >>> On Tue, Sep 19, 2017 at 4:53 PM, Carlos Pignataro (cpignata) >>> wrote: >>>> Hi, Kathleen, >>>> >>>> Thanks for the clarification. >>>> >>>> Regarding: >>>> >>>> is that the layering needs to be specifically stated to clearly >>>> >>>> >>>> Like this? >>>> https://tools.ietf.org/html/draft-ietf-sfc-nsh-21#section-1 >>>> >>>> +------------------------------+ >>>> | Transport Encapsulation | >>>> +------------------------------+ >>>> | Network Service Header (NSH) | >>>> +------------------------------+ >>>> | Original Packet / Frame | >>>> +------------------------------+ >>>> >>>> Figure 1: Network Service Header Encapsulation >>>> >>>> I think if you laid this out >>>> nicely and clearly showed where transport security is addressed at >>>> another layer (out-of-scope), it would go a long way. >>>> >>>> >>>> Hopefully the above (existing) figure and text is clear. In that case: >>>> >>>> One idea is to categorize the paragraphs in the Security Consideration= s to >>>> make those relations more clear. >>>> >>>> =E2=80=94 >>>> Carlos Pignataro. >>>> >>>> >>>> On Sep 19, 2017, at 3:38 PM, Kathleen Moriarty >>>> wrote: >>>> >>>> Thanks for the responses. I'm going to top post as I thin the main >>>> point of my review is that the layering needs to be specifically >>>> stated to clearly scope the problem space for NSH security >>>> considerations. The draft as-written is not clear and as a result, >>>> security reviews are very difficult. I think if you laid this out >>>> nicely and clearly showed where transport security is addressed at >>>> another layer (out-of-scope), it would go a long way. Although the >>>> draft improved a bit from the previous version, I think a careful >>>> review and edit pass would do a lot of good, specifically around >>>> clarity of the problem space and solution. The questions I asked were >>>> a result of lack of clarity in the draft. >>>> >>>> Thanks, >>>> Kathleen >>>> >>>> On Tue, Sep 19, 2017 at 3:22 PM, Paul Quinn (paulq) = wrote: >>>> >>>> Hi, >>>> >>>> Thank you for the review. Please see some comments inline below. >>>> >>>> Paul >>>> >>>> On Sep 18, 2017, at 4:15 PM, Kathleen Moriarty >>>> wrote: >>>> >>>> Hello, >>>> >>>> At Alia's request, I did an early review of draft-ietf-sfc-nsh. Here >>>> are some initial comments and I may have more when the draft is >>>> revised and is in for IESG review. I appreciate your efforts >>>> addressing the comments received to date. I hope you find these >>>> suggestions as helpful improvements to the document and clarity of NSH >>>> security concerns. >>>> >>>> >>>> Section 1 - >>>> >>>> The intended scope in the introduction should also include mention of >>>> multi-tenancy. This changes the security requirements and is very >>>> important to note. >>>> >>>> Section 1.4 - >>>> >>>> 5. Transport Agnostic: The NSH is encapsulation-independent, meaning >>>> it can be transported by a variety of protocols. An appropriate >>>> (for a given deployment) encapsulation protocol can be used to >>>> carry NSH-encapsulated traffic. This transport may form an >>>> overlay network and if an existing overlay topology provides the >>>> required service path connectivity, that existing overlay may be >>>> used. >>>> >>>> Is there a preferred transport so you could specify a recommended >>>> transport security protocol? >>>> >>>> >>>> PQ> There is not. In fact at the AD=E2=80=99s request sample transpor= ts were >>>> removed to ensure that there was no implied preference. Therefore, an >>>> operator can select their preferred transports, including =E2=80=94 as= per the >>>> security considerations section =E2=80=94 ones that provide encryption= . >>>> >>>> >>>> Section 2, 3rd sentence: >>>> Subsequently, an >>>> outer encapsulation is imposed on the NSH, which is used for network >>>> forwarding. >>>> >>>> Knowing more about this would help to understand options or if there >>>> is another draft that addresses this outer encapsulation that is >>>> imposed and the transport security requirements that go along with it. >>>> >>>> >>>> PQ> Since NSH defines no preferred transport(s), the security of the >>>> selected transport is left to the transport standard. So, for exampl= e, if >>>> an operator elects to use the NVO3 defined protocol, then the operator= has >>>> explicitly selected that overlay. >>>> >>>> >>>> Transport may be hop to hop, and there might not be encryption of this >>>> header if the application uses an encrypted transport encapsulated in >>>> this layer. In any case, it seems integrity protection is a >>>> requirement for a multi-tenant environment. Could the COSE MAC >>>> function fit the bill since it is intended for concise formats? >>>> https://datatracker.ietf.org/doc/rfc8152 >>>> JOSE produced a similar function with JSON, but it would be slightly l= arger. >>>> >>>> Section 7.1: >>>> >>>> The following paragraph implies that anything less than a 5-tuple >>>> isn=E2=80=99t useful and that you intend to use traffic content when >>>> available. This is concerning. Can=E2=80=99t you use a 2-tuple? Wha= t if >>>> IPsec transport mode were in use, is this solution dead in the water? >>>> >>>> Regardless of the source, metadata reflects the "result" of >>>> classification. The granularity of classification may vary. For >>>> example, a network switch, acting as a classifier, might only be able >>>> to classify based on a 5-tuple, while a service function may be able >>>> to inspect application information. Regardless of granularity, the >>>> classification information can be represented in the NSH. >>>> >>>> If a 2-tuple is possible, could you add that in as an example instead >>>> of or in addition to the 5-tuple? >>>> >>>> >>>> PQ> The 5-tuple was used only as an example that is commonly understo= od in >>>> the context of network device classification. The sentence: "The >>>> granularity of classification may vary.=E2=80=9D addresses 2, 3, 4, n-= tuple >>>> classification. Further, that point is reinforced: =E2=80=9CRegardles= s of >>>> granularity, the classification information can be represented in the = NSH." >>>> >>>> >>>> >>>> >>>> Section 7.1 >>>> >>>> This text comes too late in the draft and I recommend making a clear >>>> statement in the introduction that session encryption to protect the >>>> data in transit relies on the application/service sending/receiving >>>> the data and not the SFC. I made this point previously and am glad to >>>> see some text, but think it would be much better to state this early >>>> in the draft. Touching upon protections for data streams versus meta >>>> data would both be important (layers for traffic and associated >>>> protections). If it=E2=80=99s meta data, do they need to rely on IPse= c and >>>> having a 2-tuple be the minimum? When is that applied? Is there meta >>>> data that could be sensitive if TLS was in place and a 5-tuple is >>>> visible (perhaps the existence of communication is sensitive). Are >>>> there other considerations for metadata and data that need to be >>>> stated up front and put out-of-scope for SFC? I=E2=80=99m asking thes= e >>>> questions as providing these answers could show that the risk is >>>> constrained. >>>> >>>> Depending on the information carried in the metadata, data privacy >>>> considerations may need to be considered. For example, if the >>>> metadata conveys tenant information, that information may need to be >>>> authenticated and/or encrypted between the originator and the >>>> intended recipients (which may include intended SFs only). The NSH >>>> itself does not provide privacy functions, rather it relies on the >>>> transport/overlay layer. An operator can select the appropriate >>>> transport to ensure confidentiality (and other security) >>>> considerations are met. Metadata privacy and security considerations >>>> are a matter for the documents that define metadata format. >>>> >>>> >>>> >>>> PQ> Are you suggesting that application layer confidentially be addre= ssed >>>> in this draft? NSH =E2=80=9Cplays nicely=E2=80=9D with standard encr= yption transports, >>>> therefore allowing operators to =E2=80=9Csecure=E2=80=9D the path. Go= ing up the stack from >>>> that seems to be outside the scope of NSH and inconsistent with other >>>> protocol requirements. >>>> >>>> >>>> Other comments: >>>> >>>> I=E2=80=99d like to see; >>>> https://tools.ietf.org/html/draft-mglt-sfc-security-environment-req-02 >>>> Published before this document and then have that as a reference. One >>>> of the comments I made previously was to list out the layering and >>>> protections expected on data and NSH. This has been done in the >>>> security environment draft, section 4 should be referenced: >>>> >>>> Section 4 provides an overall description of the SFC environment with >>>> the introduction of the different planes (SFC Control Plane, the SFC >>>> Management Plane, the Tenant's user Plane and the SFC Data Plane). >>>> >>>> >>>> >>>> PQ> As I mentioned on another thread: a secure environment draft is n= ot >>>> related to NSH per se. >>>> >>>> >>>> >>>> >>>> This is a very important point for anyone reviewing for security as >>>> are the environment security requirements. The security environment >>>> requirements draft still needs a little more work from a quick read, >>>> but helps a lot. I need to finish reading the security environment >>>> draft. >>>> >>>> -- >>>> >>>> Best regards, >>>> Kathleen >>>> >>>> _______________________________________________ >>>> sfc mailing list >>>> sfc@ietf.org >>>> https://www.ietf.org/mailman/listinfo/sfc >>>> >>>> >>>> >>>> >>>> >>>> -- >>>> >>>> Best regards, >>>> Kathleen >>>> >>>> _______________________________________________ >>>> sfc mailing list >>>> sfc@ietf.org >>>> https://www.ietf.org/mailman/listinfo/sfc >>>> >>>> >>> >>> >>> >>> -- >>> >>> Best regards, >>> Kathleen >> > > > > -- > > Best regards, > Kathleen > > _______________________________________________ > sfc mailing list > sfc@ietf.org > https://www.ietf.org/mailman/listinfo/sfc --=20 Best regards, Kathleen From nobody Wed Sep 20 23:34:40 2017 Return-Path: X-Original-To: sfc@ietfa.amsl.com Delivered-To: sfc@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5971B132D14 for ; Wed, 20 Sep 2017 23:34:39 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.618 X-Spam-Level: X-Spam-Status: No, score=-2.618 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dcvgNFWMdvQO for ; Wed, 20 Sep 2017 23:34:37 -0700 (PDT) Received: from relais-inet.orange.com (mta136.mail.business.static.orange.com [80.12.70.36]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BA6101320C9 for ; Wed, 20 Sep 2017 23:34:37 -0700 (PDT) Received: from opfednr05.francetelecom.fr (unknown [xx.xx.xx.69]) by opfednr26.francetelecom.fr (ESMTP service) with ESMTP id 246B5204CA; Thu, 21 Sep 2017 08:34:36 +0200 (CEST) Received: from Exchangemail-eme2.itn.ftgroup (unknown [xx.xx.31.69]) by opfednr05.francetelecom.fr (ESMTP service) with ESMTP id 0A57F20066; Thu, 21 Sep 2017 08:34:36 +0200 (CEST) Received: from OPEXCLILMA3.corporate.adroot.infra.ftgroup ([fe80::60a9:abc3:86e6:2541]) by OPEXCLILMA2.corporate.adroot.infra.ftgroup ([fe80::bc1c:ad2f:eda3:8c3d%18]) with mapi id 14.03.0361.001; Thu, 21 Sep 2017 08:34:35 +0200 From: To: "Joel M. Halpern" , "sfc@ietf.org" Thread-Topic: [sfc] NSH Security Thread-Index: AQHTMNEFiqey/UsaS0edmNxZKI/JWqK+4I9g Date: Thu, 21 Sep 2017 06:34:35 +0000 Message-ID: <787AE7BB302AE849A7480A190F8B93300A046C67@OPEXCLILMA3.corporate.adroot.infra.ftgroup> References: <4e3137c3-357c-fdd9-5173-3c488d4f3ae1@joelhalpern.com> In-Reply-To: <4e3137c3-357c-fdd9-5173-3c488d4f3ae1@joelhalpern.com> Accept-Language: fr-FR, en-US Content-Language: fr-FR X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.168.234.5] Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Archived-At: Subject: Re: [sfc] NSH Security X-BeenThere: sfc@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Network Service Chaining List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 21 Sep 2017 06:34:39 -0000 Hi Joel, all,=20 I would have a different answer if this question was raised when this draft= was first submitted (that is, two years ago).=20 But now given the energy that was put recently on the NSH specification to = enhance it, I don't think draft-mglt-sfc-security-environment-req is needed= for the completion of the NSH document.=20 The NSH spec is clear about it applicability (single administrative domain)= , including calling out measures to prevent leaking privacy and security is= sues related to manipulating metadata. Cheers, Med > -----Message d'origine----- > De=A0: sfc [mailto:sfc-bounces@ietf.org] De la part de Joel M. Halpern > Envoy=E9=A0: mardi 19 septembre 2017 00:54 > =C0=A0: sfc@ietf.org > Objet=A0: [sfc] NSH Security >=20 > One of the Area Directors has suggested that > https://tools.ietf.org/html/draft-mglt-sfc-security-environment-req-02 > may be necessary for completion of the NSH work. > While this is not a formal call for adoption, I would like to hear from > working group members whether they consider that document ready for WG > adoption. >=20 > Thank you, > Joel >=20 > _______________________________________________ > sfc mailing list > sfc@ietf.org > https://www.ietf.org/mailman/listinfo/sfc From nobody Thu Sep 21 00:05:40 2017 Return-Path: X-Original-To: sfc@ietfa.amsl.com Delivered-To: sfc@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A792C133058 for ; Thu, 21 Sep 2017 00:05:39 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -5.398 X-Spam-Level: X-Spam-Status: No, score=-5.398 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-2.8, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qyZjBA-qZSGu for ; Thu, 21 Sep 2017 00:05:37 -0700 (PDT) Received: from relais-inet.orange.com (mta135.mail.business.static.orange.com [80.12.70.35]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9126B132D14 for ; Thu, 21 Sep 2017 00:05:36 -0700 (PDT) Received: from opfednr06.francetelecom.fr (unknown [xx.xx.xx.70]) by opfednr21.francetelecom.fr (ESMTP service) with ESMTP id DC9EEC0396; Thu, 21 Sep 2017 09:05:34 +0200 (CEST) Received: from Exchangemail-eme2.itn.ftgroup (unknown [xx.xx.31.41]) by opfednr06.francetelecom.fr (ESMTP service) with ESMTP id B98441A005E; Thu, 21 Sep 2017 09:05:34 +0200 (CEST) Received: from OPEXCLILMA3.corporate.adroot.infra.ftgroup ([fe80::60a9:abc3:86e6:2541]) by OPEXCLILM31.corporate.adroot.infra.ftgroup ([fe80::2cc9:4bac:7b7d:229d%19]) with mapi id 14.03.0361.001; Thu, 21 Sep 2017 09:05:34 +0200 From: To: James N Guichard , Kathleen Moriarty , "Carlos Pignataro (cpignata)" CC: "Paul Quinn (paulq)" , "sfc@ietf.org" Thread-Topic: [sfc] Early review draft-ietf-sfc-nsh Thread-Index: AQHTMiRMpzz0uH4rQUycl274uJH+26K9zPsAgAAGeQCAAAR4AIABEQDw Date: Thu, 21 Sep 2017 07:05:34 +0000 Message-ID: <787AE7BB302AE849A7480A190F8B93300A046CB0@OPEXCLILMA3.corporate.adroot.infra.ftgroup> References: <6971D34B-DC0E-4C3E-B412-3C2F8FAE5704@cisco.com> <43ED911F-2174-4930-A9BE-1B2A81CD03E9@cisco.com> In-Reply-To: Accept-Language: fr-FR, en-US Content-Language: fr-FR X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.168.234.5] Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 MIME-Version: 1.0 Archived-At: Subject: Re: [sfc] Early review draft-ietf-sfc-nsh X-BeenThere: sfc@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Network Service Chaining List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 21 Sep 2017 07:05:39 -0000 SmltLCBhbGwsIA0KDQpJIGRvIHVuZGVyc3RhbmQgdGhlIGNvbmZ1c2lvbiB0aGF0IGlzIGluZHVj ZWQgYnkgInRyYW5zcG9ydCIgaW4gdGhlIE5TSCBkb2N1bWVudC4gVXNpbmcgYW5vdGhlciB0ZXJt IHdvdWxkIGZpeCB0aGlzLCBzdXJlLiANCg0KQnV0LCB3ZSBuZWVkIHRvIGtlZXAgaW4gbWluZCB0 aGF0IE5TSCBzcGVjIGlzIHJlZmVycmluZyB0byBSRkM3NjY1IHdoaWNoIHVzZXMgInRyYW5zcG9y dCIgZXh0ZW5zaXZlbHkuIElNSE8sIHRoZSBmb2xsb3dpbmcgZmlndXJlIGZyb20gUkZDNzY2NSBp cyB2ZXJ5IGhlbHBmdWwgdG8gdW5kZXJzdGFuZCB0aGUgU0ZDIGxheWVyaW5nLCBpbmNsdWRpbmcg dGhlIG5vdGlvbiBvZiBvdXRlci10cmFuc3BvcnQgZW5jYXBzdWxhdGlvbi4gDQoNCiAgICAgICAg ICArLS0tLS0tLS0tLS0tLS0tLSsgICAgICAgICAgICAgICAgICAgICAgICArLS0tLS0tLS0tLS0t LS0tLSsNCiAgICAgICAgICB8ICAgU0ZDLWF3YXJlICAgIHwgICAgICAgICAgICAgICAgICAgICAg ICB8ICBTRkMtdW5hd2FyZSAgIHwNCiAgICAgICAgICB8U2VydmljZSBGdW5jdGlvbnwgICAgICAg ICAgICAgICAgICAgICAgICB8U2VydmljZSBGdW5jdGlvbnwNCiAgICAgICAgICArLS0tLS0tLSst LS0tLS0tLSsgICAgICAgICAgICAgICAgICAgICAgICArLS0tLS0tLSstLS0tLS0tLSsNCiAgICAg ICAgICAgICAgICAgIHwgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHwN CiAgICAgICAgICAgIFNGQyBFbmNhcHN1bGF0aW9uICAgICAgICAgICAgICAgICAgICAgICBObyBT RkMgRW5jYXBzdWxhdGlvbg0KICAgICAgICAgICAgICAgICAgfCAgICAgICAgICAgICAgICAgIFNG QyAgICAgICAgICAgICAgICAgICAgfA0KICAgICArLS0tLS0tLS0tKyAgKy0tLS0tLS0tLS0tLS0t LS0rIEVuY2Fwc3VsYXRpb24gICAgICstLS0tLS0tLS0rDQogICAgIHxTRkMtQXdhcmV8LS0tLS0t LS0tLS0tLS0tLS0rICBcICAgICArLS0tLS0tLS0tLS0tfFNGQyBQcm94eXwNCiAgICAgfCAgICBT RiAgIHwgLi4uIC0tLS0tLS0tLS0rICBcICBcICAgLyAgICAgICAgICAgICArLS0tLS0tLS0tKw0K ICAgICArLS0tLS0tLS0tKyAgICAgICAgICAgICAgICBcICBcICBcIC8NCiAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICArLS0tLS0tLSstLS0tLS0tLSsNCiAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICB8ICAgU0YgRm9yd2FyZGVyIHwNCiAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICB8ICAgICAgKFNGRikgICAgIHwNCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAr LS0tLS0tLSstLS0tLS0tLSsNCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg IHwNCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBTRkMgRW5jYXBzdWxhdGlvbg0KICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgfA0KICAgICAgICAgICAgICAgICAg ICAgICAgICAgLi4uIFNGQy1lbmFibGVkIERvbWFpbiAuLi4NCiAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgIHwNCiAgICAgICAgICAgICAgICAgICAgICAgICAgIE5ldHdvcmsg T3ZlcmxheSBUcmFuc3BvcnQNCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg IHwNCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgXywuLi4uLl8NCiAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgLC0nICAgICAgICBgLS4NCiAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAvICAgICAgICAgICAgICBgLg0KICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgfCAgICAgTmV0d29yayAgICB8DQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICBg LiAgICAgICAgICAgICAgLw0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBgLl9fICAg ICBfXywtJw0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgYCcnJycNCg0KSWRl YWxseSwgd2UgZG9uJ3QgZXZlbiBuZWVkIHRvIHJlLWRlc2NyaWJlIHRoZSBsYXllcmluZyBpbiB0 aGUgTlNIIHNwZWMgZ2l2ZW4gdGhhdCB0aGUgZHJhZnQgZGVsaW1pdHMgaXRzIHNjb3BlIGNsZWFy bHk6DQoNClRoZSBOU0ggaXMgdGhlIFNGQyBlbmNhcHN1bGF0aW9uIHJlcXVpcmVkIHRvIHN1cHBv cnQNCiAgICAgICAgXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eDQogICB0aGUgU2VydmljZSBGdW5j dGlvbiBDaGFpbmluZyAoU0ZDKSBhcmNoaXRlY3R1cmUgKGRlZmluZWQgaW4NCiAgIFJGQzc2NjUp Lg0KDQpDaGVlcnMsDQpNZWQNCg0KPiAtLS0tLU1lc3NhZ2UgZCdvcmlnaW5lLS0tLS0NCj4gRGXC oDogc2ZjIFttYWlsdG86c2ZjLWJvdW5jZXNAaWV0Zi5vcmddIERlIGxhIHBhcnQgZGUgSmFtZXMg TiBHdWljaGFyZA0KPiBFbnZvecOpwqA6IG1lcmNyZWRpIDIwIHNlcHRlbWJyZSAyMDE3IDE4OjM4 DQo+IMOAwqA6IEthdGhsZWVuIE1vcmlhcnR5OyBDYXJsb3MgUGlnbmF0YXJvIChjcGlnbmF0YSkN Cj4gQ2PCoDogUGF1bCBRdWlubiAocGF1bHEpOyBzZmNAaWV0Zi5vcmcNCj4gT2JqZXTCoDogUmU6 IFtzZmNdIEVhcmx5IHJldmlldyBkcmFmdC1pZXRmLXNmYy1uc2gNCj4gDQo+IEhpIEthdGhsZWVu LA0KPiANCj4gSSBhbSBub3QgcXVpdGUgY2xlYXIgYXMgdG8gZXhhY3RseSB3aGF0IGlzIGNvbmZ1 c2luZyB3aXRoIHRoZSBleGlzdGluZw0KPiB0ZXh0ICgtMjEgdmVyc2lvbikuIFF1b3RpbmcgZnJv bSBzZWN0aW9uIDE6DQo+IA0KPiAgICBUaGUgTmV0d29yayBTZXJ2aWNlIEhlYWRlciAoTlNIKSBz cGVjaWZpY2F0aW9uIGRlZmluZXMgYSBuZXcgcHJvdG9jb2wNCj4gICAgYW5kIGFzc29jaWF0ZWQg ZW5jYXBzdWxhdGlvbiBmb3IgdGhlIGNyZWF0aW9uIG9mIGR5bmFtaWMgc2VydmljZQ0KPiAgICBj aGFpbnMsIG9wZXJhdGluZyBhdCB0aGUgc2VydmljZSBwbGFuZS4gIFRoZSBOU0ggaXMgZGVzaWdu ZWQgdG8NCj4gICAgZW5jYXBzdWxhdGUgYW4gb3JpZ2luYWwgcGFja2V0IG9yIGZyYW1lLCBhbmQg aW4gdHVybiBiZSBlbmNhcHN1bGF0ZWQNCj4gICAgYnkgYW4gb3V0ZXIgdHJhbnNwb3J0ICh3aGlj aCBpcyB1c2VkIHRvIGRlbGl2ZXIgdGhlIE5TSCB0byBOU0gtYXdhcmUNCj4gICAgbmV0d29yayBl bGVtZW50cyksIGFzIHNob3duIGluIEZpZ3VyZSAxOg0KPiANCj4gICAgICAgICAgICAgICAgICAg ICAgKy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLSsNCj4gICAgICAgICAgICAgICAgICAg ICAgfCAgICBUcmFuc3BvcnQgRW5jYXBzdWxhdGlvbiAgIHwNCj4gICAgICAgICAgICAgICAgICAg ICAgKy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLSsNCj4gICAgICAgICAgICAgICAgICAg ICAgfCBOZXR3b3JrIFNlcnZpY2UgSGVhZGVyIChOU0gpIHwNCj4gICAgICAgICAgICAgICAgICAg ICAgKy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLSsNCj4gICAgICAgICAgICAgICAgICAg ICAgfCAgICBPcmlnaW5hbCBQYWNrZXQgLyBGcmFtZSAgIHwNCj4gICAgICAgICAgICAgICAgICAg ICAgKy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLSsNCj4gDQo+ICAgICAgICAgICAgICAg RmlndXJlIDE6IE5ldHdvcmsgU2VydmljZSBIZWFkZXIgRW5jYXBzdWxhdGlvbg0KPiANCj4gVGhp cyBzdGF0ZXMgdGhhdCB0aGUgTlNIIGlzIGRlc2lnbmVkIHRvIGVuY2Fwc3VsYXRlIHRoZSBvcmln aW5hbA0KPiBwYWNrZXQvZnJhbWUgKHJlYWQgSVAgcGFja2V0IG9yIEV0aGVybmV0IGZyYW1lKSBh bmQgdGhlbiBpbiB0dXJuIGJlDQo+IGNhcnJpZWQgYnkgYW4gb3V0ZXIgdHJhbnNwb3J0LiBUaGUg ZmlndXJlIGNsZWFybHkgc2hvd3MgdGhhdCB0aGUgb3V0ZXINCj4gdHJhbnNwb3J0IGluIHRoaXMg Y29udGV4dCBpcyAiVHJhbnNwb3J0IEVuY2Fwc3VsYXRpb24iLiBUaGUgZHJhZnQgdGhlbg0KPiBn b2VzIG9uIHRvIGRlc2NyaWJlIHdoYXQgTlNIIGlzIGFuZCB0aGVuIGluIHNlY3Rpb24gNCBtb3Jl IGRldGFpbCBpcw0KPiBwcm92aWRlZCBvbiB0aGUgdHJhbnNwb3J0IGVuY2Fwc3VsYXRpb24uIE5v dyByZWFkaW5nIHNlY3Rpb24gNCBpdCBzdGFydHMNCj4gYnkgc2F5aW5nOg0KPiANCj4gT25jZSB0 aGUgTlNIIGlzIGFkZGVkIHRvIGEgcGFja2V0LCBhbiBvdXRlciBlbmNhcHN1bGF0aW9uIGlzIHVz ZWQgdG8NCj4gICAgZm9yd2FyZCB0aGUgb3JpZ2luYWwgcGFja2V0IGFuZCB0aGUgYXNzb2NpYXRl ZCBtZXRhZGF0YSB0byB0aGUgc3RhcnQNCj4gICAgb2YgYSBzZXJ2aWNlIGNoYWluLg0KPiANCj4g SXMgdGhlIGNvbmZ1c2lvbiBjYXVzZWQgYnkgc2VjdGlvbiAxICYgNCB0ZXh0IHNheWluZyAib3V0 ZXIgZW5jYXBzdWxhdGlvbiINCj4gb3IgIm91dGVyIHRyYW5zcG9ydCIgcmF0aGVyIHRoYW4gIlRy YW5zcG9ydCBFbmNhcHN1bGF0aW9uIiA/IElmIHNvIHRoYXQgaXMNCj4gZWFzaWx5IGZpeGVkIDot KQ0KPiANCj4gVGhhbmtzIQ0KPiANCj4gSmltDQo+IA0KPiAtLS0tLU9yaWdpbmFsIE1lc3NhZ2Ut LS0tLQ0KPiBGcm9tOiBzZmMgW21haWx0bzpzZmMtYm91bmNlc0BpZXRmLm9yZ10gT24gQmVoYWxm IE9mIEthdGhsZWVuIE1vcmlhcnR5DQo+IFNlbnQ6IFdlZG5lc2RheSwgU2VwdGVtYmVyIDIwLCAy MDE3IDEyOjIyIFBNDQo+IFRvOiBDYXJsb3MgUGlnbmF0YXJvIChjcGlnbmF0YSkgPGNwaWduYXRh QGNpc2NvLmNvbT4NCj4gQ2M6IFBhdWwgUXVpbm4gKHBhdWxxKSA8cGF1bHFAY2lzY28uY29tPjsg c2ZjQGlldGYub3JnDQo+IFN1YmplY3Q6IFJlOiBbc2ZjXSBFYXJseSByZXZpZXcgZHJhZnQtaWV0 Zi1zZmMtbnNoDQo+IA0KPiBIaSBDYXJsb3MsDQo+IA0KPiBQbGVhc2UgbG9vayBhdCB0aGUgdGV4 dCBpbiB0aGUgY3VycmVudCBkb2N1bWVudC4gIEl0IG9ubHkgc2F5cyB0cmFuc3BvcnQNCj4gaW4g dGhlIHRleHQgSSBxdW90ZWQuICBUaGUgZGlhZ3JhbSBhbHNvIG9ubHkgc2F5cyB0cmFuc3BvcnQu DQo+IERyYWZ0cyBuZWVkIHRvIGJlIGNsZWFybHkgd3JpdHRlbiB0byBiZSBicm9hZGx5IHVuZGVy c3Rvb2QgYW5kIHRoZSB3YXkgdGhlDQo+IHRleHQgaXMgbm93LCBpdCBpcyBub3QuICBJIHRoaW5r IGNsZWFuaW5nIGl0IHVwIGEgYml0IHdpbGwgbGlmdCBzb21lIG9mDQo+IHRoZSBzZWN1cml0eSBj b25jZXJucyBhcyBzb21lIGFyZSBhZGRyZXNzZWQgcHJpb3IgdG8gTlNIIHNlZWluZyB0aGUgSVAN Cj4gcGFja2V0IG9yIGZyYW1lLg0KPiANCj4gWW91ciByZXNwb25zZSBoZWxwcywgYnV0IHBsZWFz ZSB0YWtlIHRoZSB0aW1lIHRvIGxvb2sgdGhyb3VnaCB0aGUgZG9jdW1lbnQNCj4gdG8gc2VlIGhv dyBpdCBjYW4gYmUgY2xhcmlmaWVkIHNvIG9uZSBkb2VzIG5vdCBoYXZlIHRoZSBxdWVzdGlvbnMg SSBhbmQNCj4gb3RoZXJzIGhhdmUgcmFpc2VkLg0KPiANCj4gVGhhbmsgeW91LA0KPiBLYXRobGVl bg0KPiANCj4gT24gV2VkLCBTZXAgMjAsIDIwMTcgYXQgMTE6NTkgQU0sIENhcmxvcyBQaWduYXRh cm8gKGNwaWduYXRhKQ0KPiA8Y3BpZ25hdGFAY2lzY28uY29tPiB3cm90ZToNCj4gPiBIaSwgS2F0 aGxlZW4sDQo+ID4NCj4gPiBUaGFuayB5b3UgZm9yIGFza2luZyBleHBsaWNpdGx5LiBUaGlzIGRv Y3VtZW50IHVzZWQgdG8gaGF2ZSBleHBsaWNpdA0KPiDigJxOU0ggRW5jYXBzdWxhdGlvbiBFeGFt cGxlc+KAnSwgYnV0IHdlcmUgdGFrZW4gb3V0IChhdCB0aGUgQUTigJlzIHJlcXVlc3QpDQo+IGJh c2VkIG9uIHRoZSBhcmd1bWVudCB0aGF0IOKAnGV2ZXJ5b25lIHdvdWxkIGxpa2UgdG8gaGF2ZSB0 aGVpcg0KPiBlbmNhcHN1bGF0aW9u4oCdLiBXZSBjYW4gYWx3YXlzIGJyaW5nIHRoZW0gYmFjayBp ZiBkZXNpcmVkLCBldmVuIHdpdGhpbiBhDQo+IG5vbi1ub3JtYXRpdmUgYXBwZW5kaXguDQo+ID4N Cj4gPiBBcyBJIGZvbGxvdyB5b3VyIHF1ZXN0aW9ucywgSSB3aWxsIHRyeSBteSBiZXN0IHRvIGFu c3dlciBhbmQgY2xhcmlmeS4NCj4gPg0KPiA+IEkgYW0gbm90IHN1cmUgd2hpY2gg4oCcYnVubnkg dHJhaWzigJ0gdG9vayB0aGUgY29udmVyc2F0aW9uIGhlcmUsIGJ1dA0KPiBwZXJoYXBzIGEgY291 cGxlIG9mIHRvcC1wb3N0IGNsYXJpZmljYXRpb25zIG1pZ2h0IGhlbHA6DQo+ID4NCj4gPiAxLiDi gJxPcmlnaW5hbCBQYWNrZXQvRnJhbWXigJ0gLT4gdGhlIHRlcm1pbm9sb2d5IFBhY2tldC9GcmFt ZSwgYXMgY29tbW9ubHkNCj4gdXNlZCwgZGVub3RlcyBhbiBJUCBwYWNrZXQgb3IgYW4gRXRoZXJu ZXQgZnJhbWUuDQo+ID4gMi4gVGhlIG91dGVyICJUcmFuc3BvcnQgRW5jYXBzdWxhdGlvbuKAnSBk b2VzICpub3QqIG1lYW4gVENQLiBJdCB1c2VzIHRoZQ0KPiB3b3JkIOKAnFRyYW5zcG9ydOKAnSBh cyB0cmFuc3BvcnQgcHJvZmlsZSwgYW4gZW5jYXBzdWxhdGlvbiB0aGF0IHRyYW5zcG9ydHMsDQo+ IG5vdCBhcyBUQ1AuIEdSRSBpcyBvbmUgZXhhbXBsZSBvZiBhIHRyYW5zcG9ydCBlbmNhcHN1bGF0 aW9uLCBub3QgVENQIGFzIGENCj4g4oCcTDQgVHJhbnNwb3J0IExheWVyIHByb3RvY29s4oCdLg0K PiA+DQo+ID4gSW4gcG9pbnQgIzIsIEdSRSBpcyB0aGUgVHJhbnNwb3J0IHRoYXQgTlNIIHVzZXMg YmV0d2VlbiBTRkZzL1NGcy4gQW5kDQo+IGZ1cnRoZXIsIHNpbmNlIE5TSCBpcyBUcmFuc3BvcnQg RW5jYXBzdWxhdGlvbiBhZ25vc3RpYywgd2UgYXJlIHRhbGtpbmcNCj4gYWJvdXQgcG90ZW50aWFs bHkgYSBicm9hZCBzZXQgb2YgcHJvdG9jb2xz4oCmIEnigJlkIGVuY291cmFnZSB1cyB0byBub3QN Cj4gYXR0ZW1wdCB0byBjbGFzc2lmeSB0aGVtIGluIE9TSSBMYXllcnMuDQo+ID4NCj4gPiBJIGNh biBzZWUgdGhhdCBzb21lIG9mIHRoaXMgbWlnaHQgbm90IGJlIHRvdGFsbHkgY2xlYXIgaWYgc2Nh bm5pbmcNCj4gdGhyb3VnaCB0aGUgZG9jdW1lbnQsIGJ1dCBpdCBpcyBjbGVhciBmb3IgYW4gaW1w bGVtZW50b3IuDQo+ID4NCj4gPiBTZWUgVGFibGUgMSBhbmQgVGFibGUgMyBmb3IgZXhhbXBsZXMg KFRyYW5zcG9ydCBjb2x1bW4pDQo+ID4NCj4gPiBJIGhvcGUgdGhpcyBoZWxwcyBzZXQgY2xhcmlm eWluZyBjb250ZXh0LCBzZWUgaW5saW5lIGZvciBtb3JlIHNwZWNpZmljDQo+IGRldGFpbHMuLi4N Cj4gPg0KPiA+PiBPbiBTZXAgMjAsIDIwMTcsIGF0IDExOjIxIEFNLCBLYXRobGVlbiBNb3JpYXJ0 eQ0KPiA8S2F0aGxlZW4uTW9yaWFydHkuaWV0ZkBnbWFpbC5jb20+IHdyb3RlOg0KPiA+Pg0KPiA+ PiBIaSBDYXJsb3MsDQo+ID4+DQo+ID4+IEl0J3MgYSBzdGFydCwgYnV0IHNob3VsZCBiZSBtb3Jl IHNwZWNpZmljLg0KPiA+DQo+ID4gVGhlIHNwZWNpZmljcyBhcmUgaW4gdGhlIGRvY3VtZW50LCBl dmVuIGV4YW1wbGVzIGFzIHBlciBUYWJsZXMgMSBhbmQgMy4NCj4gPg0KPiA+PiBXaGF0IGFyZSB0 aGUgb3JpZ2luYWwNCj4gPj4gcGFja2V0cy9mcmFtZSAtIGlzIHRoaXMgbGluayBsYXllciBvciBu ZXR3b3JrIG9yIGJvdGg/DQo+ID4NCj4gPiBUaGVzZSBhcmUgdGhlIHBhY2tldHMgb3IgZnJhbWVz IGluY29taW5nIGludG8gYSBjbGFzc2lmaWVyLCBvcmlnaW5hbCwNCj4gdGhlbiBOU0ggaXMgaW1w b3NlZCwgdGhlbiBhIHRyYW5zcG9ydCBlbmNhcHN1bGF0aW9uIGlzIGltcG9zZWQuDQo+ID4NCj4g Pj4gIEl0IHNlZW1zIGxpa2UNCj4gPj4gYm90aCBmcm9tIHRoZSBkaWFncmFtLCBidXQgaXMgdGhh dCByZWFsbHkgdGhlIGNhc2U/DQo+ID4NCj4gPiBZZXMsIGl0IGlzIGJvdGguIFJlYWxseSB0aGUg Y2FzZS4NCj4gPg0KPiA+Pg0KPiA+PiBUaGVuIGZvciB0aGUgdHJhbnNwb3J0IGVuY2Fwc3VsYXRp b24sIGlzIHRoaXMgbGF5ZXIgMyBvciA0Pw0KPiA+DQo+ID4gSSBiZWxpZXZlIGl0IGlzIGEgc291 cmNlIG9mIGhlYWRhY2hlIGFuZCBjb25mdXNpb24gdG8gdGhpbmsgYWJvdXQgT1NJDQo+IGxheWVy c+KApiB3aGF0IGxheWVyIGlzIElQLWluLUlQPyBBbmQgYW4gTVBMUyBQc2V1ZG93aXJlIHRyYW5z cG9ydGluZw0KPiBFdGhlcm5ldD8gT3IgYW4gSVB2Ni9MMlRQdjMgcHNldWRvd2lyZSB0cmFuc3Bv cnRpbmcgVERNPw0KPiA+DQo+ID4+DQo+ID4+IFRoZSB3b3JkaW5nIHRoYXQgcHJlY2VkZXMgdGhp cyBpcyBhIGJpdCBjb25mdXNpbmcgKGhlcmUgZm9yIHJlZmVyZW5jZSk6DQo+ID4+DQo+ID4+ICAg VGhlIE5ldHdvcmsgU2VydmljZSBIZWFkZXIgKE5TSCkgc3BlY2lmaWNhdGlvbiBkZWZpbmVzIGEg bmV3IHByb3RvY29sDQo+ID4+ICAgYW5kIGFzc29jaWF0ZWQgZW5jYXBzdWxhdGlvbiBmb3IgdGhl IGNyZWF0aW9uIG9mIGR5bmFtaWMgc2VydmljZQ0KPiA+PiAgIGNoYWlucywgb3BlcmF0aW5nIGF0 IHRoZSBzZXJ2aWNlIHBsYW5lLiAgVGhlIE5TSCBpcyBkZXNpZ25lZCB0bw0KPiA+PiAgIGVuY2Fw c3VsYXRlIGFuIG9yaWdpbmFsIHBhY2tldCBvciBmcmFtZSwgYW5kIGluIHR1cm4gYmUgZW5jYXBz dWxhdGVkDQo+ID4+ICAgYnkgYW4gb3V0ZXIgdHJhbnNwb3J0ICh3aGljaCBpcyB1c2VkIHRvIGRl bGl2ZXIgdGhlIE5TSCB0byBOU0gtYXdhcmUNCj4gPj4gICBuZXR3b3JrIGVsZW1lbnRzKSwgYXMg c2hvd24gaW4gRmlndXJlIDE6DQo+ID4NCj4gPiBEb2VzIHRoZSBleHBsYW5hdGlvbiBhYm92ZSBo ZWxwPyBJIGFtIG5vdCBzdXJlIGhvdyB0byBiZXN0IGFuc3dlcuKApg0KPiBiZWNhdXNlIEkgZG8g bm90IGZpbmQgaXQgY29uZnVzaW5nLiBUaGlzIHRleHQgaXMgdGhlIHJlc3VsdCBvZiByZXZpZXdl cnMNCj4gYXNraW5nIGZvciBjbGFyaXR5LCBhbmQgdGhlbiBhY2tub3dsZWRnaW5nIHRoYXQgdGhl IHBhcmFncmFwaCBhYm92ZQ0KPiBicm91Z2h0IHRoYXQgY2xhcml0eS4NCj4gPg0KPiA+Pg0KPiA+ PiBOb3JtYWxseSwgdGhlIGhpZ2hlciBsYXllcnMgYXJlIGVuY2Fwc3VsYXRlZCwNCj4gPg0KPiA+ IFdoYXQgaXMgaGlnaGVyIGFuZCBsb3dlcj8gQW5kIGZvciB3aGF0IGRlZmluaXRpb24gb2Yg4oCc Tm9ybWFsbHnigJ0/IFdoYXTigJlzDQo+IGEgVHVubmVsPw0KPiA+DQo+ID4+IGJ1dCB0aGlzIHdv cmRpbmcNCj4gPj4gZGVzY3JpYmVzIGp1c3QgdGhlIG9wcG9zaXRlLiAgSXQgc2F5cyB0aGUgcGFj a2V0L2ZyYW1lIGF0IGxheWVyIDIvMw0KPiA+PiAoanVzdCBnb2luZyBmcm9tIHRoZSBub3JtYWwg dXNlcyBvZiBwYWNrZXQgYW5kIGZyYW1lIHRvIGFzc3VtZSBsYXllcg0KPiA+PiAzLzIpLg0KPiA+ DQo+ID4gQ29ycmVjdC4gSVAgcGFja2V0LCBFdGhlcm5ldCBGcmFtZS4NCj4gPg0KPiA+PiAgTkhT IGVuY2Fwc3VsYXRlcyB0aGF0LCBhbmQgdGhlbiBpcyBlbmNhcHN1bGF0ZWQgYnkgYSB0cmFuc3Bv cnQgbGF5ZXINCj4gPj4gMy80Pw0KPiA+DQo+ID4gTm8uDQo+ID4NCj4gPiBXaGVyZSBkb2VzIGl0 IHNheSDigJxUcmFuc3BvcnQgTGF5ZXLigJ0/DQo+ID4NCj4gPiBOb3RlIHRoYXQg4oCcTmV0d29y ayBUcmFuc3BvcnTigJ0sIGFuZCDigJxUcmFuc3BvcnQgRW5jYXBzdWxhdGlvbuKAnSBhcmUgdGVy bXMNCj4gY29taW5nIGZyb20gUkZDIDc2NjUuDQo+ID4NCj4gPiBBbmQgdG8gYmUgY2xlYXI6IG1h bnkgUkZDcyB1c2Ug4oCcVHJhbnNwb3J0IEVuY2Fwc3VsYXRpb27igJ0gb3IgYQ0KPiA+IHZhcmlh dGlvbiBvZiB0aGF0IChFbmNhcHN1bGF0aW9uIGZvciBUcmFuc3BvcnQsIFRyYW5zcG9ydC1pbmRl cGVuZGVudA0KPiA+IEVuY2Fwc3VsYXRpb24sIGV0Yy4pDQo+ID4NCj4gPiBTZWUgVGFibGUgMSBh bmQgVGFibGUgMywgVHJhbnNwb3J0IGNvbHVtbiwgZm9yIGV4YW1wbGVzLg0KPiA+DQo+ID4NCj4g Pj4gIElmIHlvdSBjYW4gY2xhcmlmeSB0aGlzIHRleHQgb3IgbWFrZSBpdCBjbGVhciB0aGF0IHlv dSByZWFsbHkNCj4gPj4gaW50ZW5kZWQgdG8gZG8gdGhpcyBvZGQgZW5jYXBzdWxhdGlvbiwgdGhh dCB3b3VsZCBoZWxwIGEgbG90Lg0KPiA+DQo+ID4gSG9wZWZ1bGx5IG15IGV4cGxhbmF0aW9uIGhl bHBzLg0KPiA+DQo+ID4+IFVuZGVyc3RhbmRpbmcgdGhlIGxheWVycyB0aGlzIGFsbCBoYXBwZW5z IGF0IGlzIHZlcnkgaW1wb3J0YW50LiAgSWYNCj4gPj4gTlNIIGlzIHRoZSB0cmlnZ2VyIGZvciB0 aGUgbGF5ZXIgMy80IHRyYW5zcG9ydCwgaG93IGNhbiBzZWN1cml0eSBiZQ0KPiA+PiBhcHBsaWVk PyAgT3IgaXMgaXQgYWRkcmVzc2VkIGJ5IGEgcHJpb3IgMy80IGVuY2Fwc3VsYXRpb24gYnkgdGhl DQo+ID4+IG9yaWdpbmFsIHBhY2tldC9mcmFtZT8NCj4gPj4NCj4gPj4gVGhhbmtzLA0KPiA+PiBL YXRobGVlbg0KPiA+Pg0KPiA+DQo+ID4NCj4gPiDigJQNCj4gPiBDYXJsb3MgUGlnbmF0YXJvLCBj YXJsb3NAY2lzY28uY29tDQo+ID4NCj4gPg0KPiA+Pg0KPiA+PiBPbiBUdWUsIFNlcCAxOSwgMjAx NyBhdCA0OjUzIFBNLCBDYXJsb3MgUGlnbmF0YXJvIChjcGlnbmF0YSkNCj4gPj4gPGNwaWduYXRh QGNpc2NvLmNvbT4gd3JvdGU6DQo+ID4+PiBIaSwgS2F0aGxlZW4sDQo+ID4+Pg0KPiA+Pj4gVGhh bmtzIGZvciB0aGUgY2xhcmlmaWNhdGlvbi4NCj4gPj4+DQo+ID4+PiBSZWdhcmRpbmc6DQo+ID4+ Pg0KPiA+Pj4gaXMgdGhhdCB0aGUgbGF5ZXJpbmcgbmVlZHMgdG8gYmUgc3BlY2lmaWNhbGx5IHN0 YXRlZCB0byBjbGVhcmx5DQo+ID4+Pg0KPiA+Pj4NCj4gPj4+IExpa2UgdGhpcz8NCj4gPj4+IGh0 dHBzOi8vdG9vbHMuaWV0Zi5vcmcvaHRtbC9kcmFmdC1pZXRmLXNmYy1uc2gtMjEjc2VjdGlvbi0x DQo+ID4+Pg0KPiA+Pj4gICAgICAgICAgICAgICAgICAgICArLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tKw0KPiA+Pj4gICAgICAgICAgICAgICAgICAgICB8ICAgIFRyYW5zcG9ydCBFbmNh cHN1bGF0aW9uICAgfA0KPiA+Pj4gICAgICAgICAgICAgICAgICAgICArLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tKw0KPiA+Pj4gICAgICAgICAgICAgICAgICAgICB8IE5ldHdvcmsgU2Vy dmljZSBIZWFkZXIgKE5TSCkgfA0KPiA+Pj4gICAgICAgICAgICAgICAgICAgICArLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tKw0KPiA+Pj4gICAgICAgICAgICAgICAgICAgICB8ICAgIE9y aWdpbmFsIFBhY2tldCAvIEZyYW1lICAgfA0KPiA+Pj4gICAgICAgICAgICAgICAgICAgICArLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tKw0KPiA+Pj4NCj4gPj4+ICAgICAgICAgICAgICBG aWd1cmUgMTogTmV0d29yayBTZXJ2aWNlIEhlYWRlciBFbmNhcHN1bGF0aW9uDQo+ID4+Pg0KPiA+ Pj4gSSB0aGluayBpZiB5b3UgbGFpZCB0aGlzIG91dA0KPiA+Pj4gbmljZWx5IGFuZCBjbGVhcmx5 IHNob3dlZCB3aGVyZSB0cmFuc3BvcnQgc2VjdXJpdHkgaXMgYWRkcmVzc2VkIGF0DQo+ID4+PiBh bm90aGVyIGxheWVyIChvdXQtb2Ytc2NvcGUpLCBpdCB3b3VsZCBnbyBhIGxvbmcgd2F5Lg0KPiA+ Pj4NCj4gPj4+DQo+ID4+PiBIb3BlZnVsbHkgdGhlIGFib3ZlIChleGlzdGluZykgZmlndXJlIGFu ZCB0ZXh0IGlzIGNsZWFyLiBJbiB0aGF0IGNhc2U6DQo+ID4+Pg0KPiA+Pj4gT25lIGlkZWEgaXMg dG8gY2F0ZWdvcml6ZSB0aGUgcGFyYWdyYXBocyBpbiB0aGUgU2VjdXJpdHkNCj4gQ29uc2lkZXJh dGlvbnMgdG8NCj4gPj4+IG1ha2UgdGhvc2UgcmVsYXRpb25zIG1vcmUgY2xlYXIuDQo+ID4+Pg0K PiA+Pj4g4oCUDQo+ID4+PiBDYXJsb3MgUGlnbmF0YXJvLg0KPiA+Pj4NCj4gPj4+DQo+ID4+PiBP biBTZXAgMTksIDIwMTcsIGF0IDM6MzggUE0sIEthdGhsZWVuIE1vcmlhcnR5DQo+ID4+PiA8S2F0 aGxlZW4uTW9yaWFydHkuaWV0ZkBnbWFpbC5jb20+IHdyb3RlOg0KPiA+Pj4NCj4gPj4+IFRoYW5r cyBmb3IgdGhlIHJlc3BvbnNlcy4gIEknbSBnb2luZyB0byB0b3AgcG9zdCBhcyBJIHRoaW4gdGhl IG1haW4NCj4gPj4+IHBvaW50IG9mIG15IHJldmlldyBpcyB0aGF0IHRoZSBsYXllcmluZyBuZWVk cyB0byBiZSBzcGVjaWZpY2FsbHkNCj4gPj4+IHN0YXRlZCB0byBjbGVhcmx5IHNjb3BlIHRoZSBw cm9ibGVtIHNwYWNlIGZvciBOU0ggc2VjdXJpdHkNCj4gPj4+IGNvbnNpZGVyYXRpb25zLiAgVGhl IGRyYWZ0IGFzLXdyaXR0ZW4gaXMgbm90IGNsZWFyIGFuZCBhcyBhIHJlc3VsdCwNCj4gPj4+IHNl Y3VyaXR5IHJldmlld3MgYXJlIHZlcnkgZGlmZmljdWx0LiAgSSB0aGluayBpZiB5b3UgbGFpZCB0 aGlzIG91dA0KPiA+Pj4gbmljZWx5IGFuZCBjbGVhcmx5IHNob3dlZCB3aGVyZSB0cmFuc3BvcnQg c2VjdXJpdHkgaXMgYWRkcmVzc2VkIGF0DQo+ID4+PiBhbm90aGVyIGxheWVyIChvdXQtb2Ytc2Nv cGUpLCBpdCB3b3VsZCBnbyBhIGxvbmcgd2F5LiAgQWx0aG91Z2ggdGhlDQo+ID4+PiBkcmFmdCBp bXByb3ZlZCBhIGJpdCBmcm9tIHRoZSBwcmV2aW91cyB2ZXJzaW9uLCBJIHRoaW5rIGEgY2FyZWZ1 bA0KPiA+Pj4gcmV2aWV3IGFuZCBlZGl0IHBhc3Mgd291bGQgZG8gYSBsb3Qgb2YgZ29vZCwgc3Bl Y2lmaWNhbGx5IGFyb3VuZA0KPiA+Pj4gY2xhcml0eSBvZiB0aGUgcHJvYmxlbSBzcGFjZSBhbmQg c29sdXRpb24uICBUaGUgcXVlc3Rpb25zIEkgYXNrZWQgd2VyZQ0KPiA+Pj4gYSByZXN1bHQgb2Yg bGFjayBvZiBjbGFyaXR5IGluIHRoZSBkcmFmdC4NCj4gPj4+DQo+ID4+PiBUaGFua3MsDQo+ID4+ PiBLYXRobGVlbg0KPiA+Pj4NCj4gPj4+IE9uIFR1ZSwgU2VwIDE5LCAyMDE3IGF0IDM6MjIgUE0s IFBhdWwgUXVpbm4gKHBhdWxxKSA8cGF1bHFAY2lzY28uY29tPg0KPiB3cm90ZToNCj4gPj4+DQo+ ID4+PiBIaSwNCj4gPj4+DQo+ID4+PiBUaGFuayB5b3UgZm9yIHRoZSByZXZpZXcuICBQbGVhc2Ug c2VlIHNvbWUgY29tbWVudHMgaW5saW5lIGJlbG93Lg0KPiA+Pj4NCj4gPj4+IFBhdWwNCj4gPj4+ DQo+ID4+PiBPbiBTZXAgMTgsIDIwMTcsIGF0IDQ6MTUgUE0sIEthdGhsZWVuIE1vcmlhcnR5DQo+ ID4+PiA8a2F0aGxlZW4ubW9yaWFydHkuaWV0ZkBnbWFpbC5jb20+IHdyb3RlOg0KPiA+Pj4NCj4g Pj4+IEhlbGxvLA0KPiA+Pj4NCj4gPj4+IEF0IEFsaWEncyByZXF1ZXN0LCBJIGRpZCBhbiBlYXJs eSByZXZpZXcgb2YgZHJhZnQtaWV0Zi1zZmMtbnNoLiAgSGVyZQ0KPiA+Pj4gYXJlIHNvbWUgaW5p dGlhbCBjb21tZW50cyBhbmQgSSBtYXkgaGF2ZSBtb3JlIHdoZW4gdGhlIGRyYWZ0IGlzDQo+ID4+ PiByZXZpc2VkIGFuZCBpcyBpbiBmb3IgSUVTRyByZXZpZXcuICBJIGFwcHJlY2lhdGUgeW91ciBl ZmZvcnRzDQo+ID4+PiBhZGRyZXNzaW5nIHRoZSBjb21tZW50cyByZWNlaXZlZCB0byBkYXRlLiAg SSBob3BlIHlvdSBmaW5kIHRoZXNlDQo+ID4+PiBzdWdnZXN0aW9ucyBhcyBoZWxwZnVsIGltcHJv dmVtZW50cyB0byB0aGUgZG9jdW1lbnQgYW5kIGNsYXJpdHkgb2YgTlNIDQo+ID4+PiBzZWN1cml0 eSBjb25jZXJucy4NCj4gPj4+DQo+ID4+Pg0KPiA+Pj4gU2VjdGlvbiAxIC0NCj4gPj4+DQo+ID4+ PiBUaGUgaW50ZW5kZWQgc2NvcGUgaW4gdGhlIGludHJvZHVjdGlvbiBzaG91bGQgYWxzbyBpbmNs dWRlIG1lbnRpb24gb2YNCj4gPj4+IG11bHRpLXRlbmFuY3kuICBUaGlzIGNoYW5nZXMgdGhlIHNl Y3VyaXR5IHJlcXVpcmVtZW50cyBhbmQgaXMgdmVyeQ0KPiA+Pj4gaW1wb3J0YW50IHRvIG5vdGUu DQo+ID4+Pg0KPiA+Pj4gU2VjdGlvbiAxLjQgLQ0KPiA+Pj4NCj4gPj4+IDUuICBUcmFuc3BvcnQg QWdub3N0aWM6IFRoZSBOU0ggaXMgZW5jYXBzdWxhdGlvbi1pbmRlcGVuZGVudCwgbWVhbmluZw0K PiA+Pj4gICAgIGl0IGNhbiBiZSB0cmFuc3BvcnRlZCBieSBhIHZhcmlldHkgb2YgcHJvdG9jb2xz LiAgQW4gYXBwcm9wcmlhdGUNCj4gPj4+ICAgICAoZm9yIGEgZ2l2ZW4gZGVwbG95bWVudCkgZW5j YXBzdWxhdGlvbiBwcm90b2NvbCBjYW4gYmUgdXNlZCB0bw0KPiA+Pj4gICAgIGNhcnJ5IE5TSC1l bmNhcHN1bGF0ZWQgdHJhZmZpYy4gIFRoaXMgdHJhbnNwb3J0IG1heSBmb3JtIGFuDQo+ID4+PiAg ICAgb3ZlcmxheSBuZXR3b3JrIGFuZCBpZiBhbiBleGlzdGluZyBvdmVybGF5IHRvcG9sb2d5IHBy b3ZpZGVzIHRoZQ0KPiA+Pj4gICAgIHJlcXVpcmVkIHNlcnZpY2UgcGF0aCBjb25uZWN0aXZpdHks IHRoYXQgZXhpc3Rpbmcgb3ZlcmxheSBtYXkgYmUNCj4gPj4+ICAgICB1c2VkLg0KPiA+Pj4NCj4g Pj4+IElzIHRoZXJlIGEgcHJlZmVycmVkIHRyYW5zcG9ydCBzbyB5b3UgY291bGQgc3BlY2lmeSBh IHJlY29tbWVuZGVkDQo+ID4+PiB0cmFuc3BvcnQgc2VjdXJpdHkgcHJvdG9jb2w/DQo+ID4+Pg0K PiA+Pj4NCj4gPj4+IFBRPiBUaGVyZSBpcyBub3QuICBJbiBmYWN0IGF0IHRoZSBBROKAmXMgcmVx dWVzdCBzYW1wbGUgdHJhbnNwb3J0cyB3ZXJlDQo+ID4+PiByZW1vdmVkIHRvIGVuc3VyZSB0aGF0 IHRoZXJlIHdhcyBubyBpbXBsaWVkIHByZWZlcmVuY2UuICBUaGVyZWZvcmUsIGFuDQo+ID4+PiBv cGVyYXRvciBjYW4gc2VsZWN0IHRoZWlyIHByZWZlcnJlZCB0cmFuc3BvcnRzLCBpbmNsdWRpbmcg 4oCUIGFzIHBlciB0aGUNCj4gPj4+IHNlY3VyaXR5IGNvbnNpZGVyYXRpb25zIHNlY3Rpb24g4oCU IG9uZXMgdGhhdCBwcm92aWRlIGVuY3J5cHRpb24uDQo+ID4+Pg0KPiA+Pj4NCj4gPj4+IFNlY3Rp b24gMiwgM3JkIHNlbnRlbmNlOg0KPiA+Pj4gU3Vic2VxdWVudGx5LCBhbg0KPiA+Pj4gb3V0ZXIg ZW5jYXBzdWxhdGlvbiBpcyBpbXBvc2VkIG9uIHRoZSBOU0gsIHdoaWNoIGlzIHVzZWQgZm9yIG5l dHdvcmsNCj4gPj4+IGZvcndhcmRpbmcuDQo+ID4+Pg0KPiA+Pj4gS25vd2luZyBtb3JlIGFib3V0 IHRoaXMgd291bGQgaGVscCB0byB1bmRlcnN0YW5kIG9wdGlvbnMgb3IgaWYgdGhlcmUNCj4gPj4+ IGlzIGFub3RoZXIgZHJhZnQgdGhhdCBhZGRyZXNzZXMgdGhpcyBvdXRlciBlbmNhcHN1bGF0aW9u IHRoYXQgaXMNCj4gPj4+IGltcG9zZWQgYW5kIHRoZSB0cmFuc3BvcnQgc2VjdXJpdHkgcmVxdWly ZW1lbnRzIHRoYXQgZ28gYWxvbmcgd2l0aCBpdC4NCj4gPj4+DQo+ID4+Pg0KPiA+Pj4gUFE+IFNp bmNlIE5TSCBkZWZpbmVzIG5vIHByZWZlcnJlZCB0cmFuc3BvcnQocyksIHRoZSBzZWN1cml0eSBv ZiB0aGUNCj4gPj4+IHNlbGVjdGVkIHRyYW5zcG9ydCBpcyBsZWZ0IHRvIHRoZSB0cmFuc3BvcnQg c3RhbmRhcmQuICAgU28sIGZvcg0KPiBleGFtcGxlLCBpZg0KPiA+Pj4gYW4gb3BlcmF0b3IgZWxl Y3RzIHRvIHVzZSB0aGUgTlZPMyBkZWZpbmVkIHByb3RvY29sLCB0aGVuIHRoZSBvcGVyYXRvcg0K PiBoYXMNCj4gPj4+IGV4cGxpY2l0bHkgc2VsZWN0ZWQgdGhhdCBvdmVybGF5Lg0KPiA+Pj4NCj4g Pj4+DQo+ID4+PiBUcmFuc3BvcnQgbWF5IGJlIGhvcCB0byBob3AsIGFuZCB0aGVyZSBtaWdodCBu b3QgYmUgZW5jcnlwdGlvbiBvZiB0aGlzDQo+ID4+PiBoZWFkZXIgaWYgdGhlIGFwcGxpY2F0aW9u IHVzZXMgYW4gZW5jcnlwdGVkIHRyYW5zcG9ydCBlbmNhcHN1bGF0ZWQgaW4NCj4gPj4+IHRoaXMg bGF5ZXIuICBJbiBhbnkgY2FzZSwgaXQgc2VlbXMgaW50ZWdyaXR5IHByb3RlY3Rpb24gaXMgYQ0K PiA+Pj4gcmVxdWlyZW1lbnQgZm9yIGEgbXVsdGktdGVuYW50IGVudmlyb25tZW50LiAgQ291bGQg dGhlIENPU0UgTUFDDQo+ID4+PiBmdW5jdGlvbiBmaXQgdGhlIGJpbGwgc2luY2UgaXQgaXMgaW50 ZW5kZWQgZm9yIGNvbmNpc2UgZm9ybWF0cz8NCj4gPj4+IGh0dHBzOi8vZGF0YXRyYWNrZXIuaWV0 Zi5vcmcvZG9jL3JmYzgxNTINCj4gPj4+IEpPU0UgcHJvZHVjZWQgYSBzaW1pbGFyIGZ1bmN0aW9u IHdpdGggSlNPTiwgYnV0IGl0IHdvdWxkIGJlIHNsaWdodGx5DQo+IGxhcmdlci4NCj4gPj4+DQo+ ID4+PiBTZWN0aW9uIDcuMToNCj4gPj4+DQo+ID4+PiBUaGUgZm9sbG93aW5nIHBhcmFncmFwaCBp bXBsaWVzIHRoYXQgYW55dGhpbmcgbGVzcyB0aGFuIGEgNS10dXBsZQ0KPiA+Pj4gaXNu4oCZdCB1 c2VmdWwgYW5kIHRoYXQgeW91IGludGVuZCB0byB1c2UgdHJhZmZpYyBjb250ZW50IHdoZW4NCj4g Pj4+IGF2YWlsYWJsZS4gIFRoaXMgaXMgY29uY2VybmluZy4gIENhbuKAmXQgeW91IHVzZSBhIDIt dHVwbGU/ICBXaGF0IGlmDQo+ID4+PiBJUHNlYyB0cmFuc3BvcnQgbW9kZSB3ZXJlIGluIHVzZSwg aXMgdGhpcyBzb2x1dGlvbiBkZWFkIGluIHRoZSB3YXRlcj8NCj4gPj4+DQo+ID4+PiBSZWdhcmRs ZXNzIG9mIHRoZSBzb3VyY2UsIG1ldGFkYXRhIHJlZmxlY3RzIHRoZSAicmVzdWx0IiBvZg0KPiA+ Pj4gY2xhc3NpZmljYXRpb24uICBUaGUgZ3JhbnVsYXJpdHkgb2YgY2xhc3NpZmljYXRpb24gbWF5 IHZhcnkuICBGb3INCj4gPj4+IGV4YW1wbGUsIGEgbmV0d29yayBzd2l0Y2gsIGFjdGluZyBhcyBh IGNsYXNzaWZpZXIsIG1pZ2h0IG9ubHkgYmUgYWJsZQ0KPiA+Pj4gdG8gY2xhc3NpZnkgYmFzZWQg b24gYSA1LXR1cGxlLCB3aGlsZSBhIHNlcnZpY2UgZnVuY3Rpb24gbWF5IGJlIGFibGUNCj4gPj4+ IHRvIGluc3BlY3QgYXBwbGljYXRpb24gaW5mb3JtYXRpb24uICBSZWdhcmRsZXNzIG9mIGdyYW51 bGFyaXR5LCB0aGUNCj4gPj4+IGNsYXNzaWZpY2F0aW9uIGluZm9ybWF0aW9uIGNhbiBiZSByZXBy ZXNlbnRlZCBpbiB0aGUgTlNILg0KPiA+Pj4NCj4gPj4+IElmIGEgMi10dXBsZSBpcyBwb3NzaWJs ZSwgY291bGQgeW91IGFkZCB0aGF0IGluIGFzIGFuIGV4YW1wbGUgaW5zdGVhZA0KPiA+Pj4gb2Yg b3IgaW4gYWRkaXRpb24gdG8gdGhlIDUtdHVwbGU/DQo+ID4+Pg0KPiA+Pj4NCj4gPj4+IFBRPiAg VGhlIDUtdHVwbGUgd2FzIHVzZWQgb25seSBhcyBhbiBleGFtcGxlIHRoYXQgaXMgY29tbW9ubHkN Cj4gdW5kZXJzdG9vZCBpbg0KPiA+Pj4gdGhlIGNvbnRleHQgb2YgbmV0d29yayBkZXZpY2UgY2xh c3NpZmljYXRpb24uICBUaGUgc2VudGVuY2U6ICJUaGUNCj4gPj4+IGdyYW51bGFyaXR5IG9mIGNs YXNzaWZpY2F0aW9uIG1heSB2YXJ5LuKAnSBhZGRyZXNzZXMgMiwgMywgNCwgbi10dXBsZQ0KPiA+ Pj4gY2xhc3NpZmljYXRpb24uICBGdXJ0aGVyLCB0aGF0IHBvaW50IGlzIHJlaW5mb3JjZWQ6IOKA nFJlZ2FyZGxlc3Mgb2YNCj4gPj4+IGdyYW51bGFyaXR5LCB0aGUgY2xhc3NpZmljYXRpb24gaW5m b3JtYXRpb24gY2FuIGJlIHJlcHJlc2VudGVkIGluIHRoZQ0KPiBOU0guIg0KPiA+Pj4NCj4gPj4+ DQo+ID4+Pg0KPiA+Pj4NCj4gPj4+IFNlY3Rpb24gNy4xDQo+ID4+Pg0KPiA+Pj4gVGhpcyB0ZXh0 IGNvbWVzIHRvbyBsYXRlIGluIHRoZSBkcmFmdCBhbmQgSSByZWNvbW1lbmQgbWFraW5nIGEgY2xl YXINCj4gPj4+IHN0YXRlbWVudCBpbiB0aGUgaW50cm9kdWN0aW9uIHRoYXQgc2Vzc2lvbiBlbmNy eXB0aW9uIHRvIHByb3RlY3QgdGhlDQo+ID4+PiBkYXRhIGluIHRyYW5zaXQgcmVsaWVzIG9uIHRo ZSBhcHBsaWNhdGlvbi9zZXJ2aWNlIHNlbmRpbmcvcmVjZWl2aW5nDQo+ID4+PiB0aGUgZGF0YSBh bmQgbm90IHRoZSBTRkMuICBJIG1hZGUgdGhpcyBwb2ludCBwcmV2aW91c2x5IGFuZCBhbSBnbGFk IHRvDQo+ID4+PiBzZWUgc29tZSB0ZXh0LCBidXQgdGhpbmsgaXQgd291bGQgYmUgbXVjaCBiZXR0 ZXIgdG8gc3RhdGUgdGhpcyBlYXJseQ0KPiA+Pj4gaW4gdGhlIGRyYWZ0LiAgVG91Y2hpbmcgdXBv biBwcm90ZWN0aW9ucyBmb3IgZGF0YSBzdHJlYW1zIHZlcnN1cyBtZXRhDQo+ID4+PiBkYXRhIHdv dWxkIGJvdGggYmUgaW1wb3J0YW50IChsYXllcnMgZm9yIHRyYWZmaWMgYW5kIGFzc29jaWF0ZWQN Cj4gPj4+IHByb3RlY3Rpb25zKS4gIElmIGl04oCZcyBtZXRhIGRhdGEsIGRvIHRoZXkgbmVlZCB0 byByZWx5IG9uIElQc2VjIGFuZA0KPiA+Pj4gaGF2aW5nIGEgMi10dXBsZSBiZSB0aGUgbWluaW11 bT8gIFdoZW4gaXMgdGhhdCBhcHBsaWVkPyAgSXMgdGhlcmUgbWV0YQ0KPiA+Pj4gZGF0YSB0aGF0 IGNvdWxkIGJlIHNlbnNpdGl2ZSBpZiBUTFMgd2FzIGluIHBsYWNlIGFuZCBhIDUtdHVwbGUgaXMN Cj4gPj4+IHZpc2libGUgKHBlcmhhcHMgdGhlIGV4aXN0ZW5jZSBvZiBjb21tdW5pY2F0aW9uIGlz IHNlbnNpdGl2ZSkuICBBcmUNCj4gPj4+IHRoZXJlIG90aGVyIGNvbnNpZGVyYXRpb25zIGZvciBt ZXRhZGF0YSBhbmQgZGF0YSB0aGF0IG5lZWQgdG8gYmUNCj4gPj4+IHN0YXRlZCB1cCBmcm9udCBh bmQgcHV0IG91dC1vZi1zY29wZSBmb3IgU0ZDPyAgSeKAmW0gYXNraW5nIHRoZXNlDQo+ID4+PiBx dWVzdGlvbnMgYXMgcHJvdmlkaW5nIHRoZXNlIGFuc3dlcnMgY291bGQgc2hvdyB0aGF0IHRoZSBy aXNrIGlzDQo+ID4+PiBjb25zdHJhaW5lZC4NCj4gPj4+DQo+ID4+PiBEZXBlbmRpbmcgb24gdGhl IGluZm9ybWF0aW9uIGNhcnJpZWQgaW4gdGhlIG1ldGFkYXRhLCBkYXRhIHByaXZhY3kNCj4gPj4+ IGNvbnNpZGVyYXRpb25zIG1heSBuZWVkIHRvIGJlIGNvbnNpZGVyZWQuICBGb3IgZXhhbXBsZSwg aWYgdGhlDQo+ID4+PiBtZXRhZGF0YSBjb252ZXlzIHRlbmFudCBpbmZvcm1hdGlvbiwgdGhhdCBp bmZvcm1hdGlvbiBtYXkgbmVlZCB0byBiZQ0KPiA+Pj4gYXV0aGVudGljYXRlZCBhbmQvb3IgZW5j cnlwdGVkIGJldHdlZW4gdGhlIG9yaWdpbmF0b3IgYW5kIHRoZQ0KPiA+Pj4gaW50ZW5kZWQgcmVj aXBpZW50cyAod2hpY2ggbWF5IGluY2x1ZGUgaW50ZW5kZWQgU0ZzIG9ubHkpLiAgVGhlIE5TSA0K PiA+Pj4gaXRzZWxmIGRvZXMgbm90IHByb3ZpZGUgcHJpdmFjeSBmdW5jdGlvbnMsIHJhdGhlciBp dCByZWxpZXMgb24gdGhlDQo+ID4+PiB0cmFuc3BvcnQvb3ZlcmxheSBsYXllci4gIEFuIG9wZXJh dG9yIGNhbiBzZWxlY3QgdGhlIGFwcHJvcHJpYXRlDQo+ID4+PiB0cmFuc3BvcnQgdG8gZW5zdXJl IGNvbmZpZGVudGlhbGl0eSAoYW5kIG90aGVyIHNlY3VyaXR5KQ0KPiA+Pj4gY29uc2lkZXJhdGlv bnMgYXJlIG1ldC4gIE1ldGFkYXRhIHByaXZhY3kgYW5kIHNlY3VyaXR5IGNvbnNpZGVyYXRpb25z DQo+ID4+PiBhcmUgYSBtYXR0ZXIgZm9yIHRoZSBkb2N1bWVudHMgdGhhdCBkZWZpbmUgbWV0YWRh dGEgZm9ybWF0Lg0KPiA+Pj4NCj4gPj4+DQo+ID4+Pg0KPiA+Pj4gUFE+ICBBcmUgeW91IHN1Z2dl c3RpbmcgdGhhdCBhcHBsaWNhdGlvbiBsYXllciBjb25maWRlbnRpYWxseSBiZQ0KPiBhZGRyZXNz ZWQNCj4gPj4+IGluIHRoaXMgZHJhZnQ/ICAgTlNIIOKAnHBsYXlzIG5pY2VseeKAnSB3aXRoIHN0 YW5kYXJkIGVuY3J5cHRpb24NCj4gdHJhbnNwb3J0cywNCj4gPj4+IHRoZXJlZm9yZSBhbGxvd2lu ZyBvcGVyYXRvcnMgdG8g4oCcc2VjdXJl4oCdIHRoZSBwYXRoLiAgR29pbmcgdXAgdGhlIHN0YWNr DQo+IGZyb20NCj4gPj4+IHRoYXQgc2VlbXMgdG8gYmUgb3V0c2lkZSB0aGUgc2NvcGUgb2YgTlNI IGFuZCBpbmNvbnNpc3RlbnQgd2l0aCBvdGhlcg0KPiA+Pj4gcHJvdG9jb2wgcmVxdWlyZW1lbnRz Lg0KPiA+Pj4NCj4gPj4+DQo+ID4+PiBPdGhlciBjb21tZW50czoNCj4gPj4+DQo+ID4+PiBJ4oCZ ZCBsaWtlIHRvIHNlZTsNCj4gPj4+IGh0dHBzOi8vdG9vbHMuaWV0Zi5vcmcvaHRtbC9kcmFmdC1t Z2x0LXNmYy1zZWN1cml0eS1lbnZpcm9ubWVudC1yZXEtMDINCj4gPj4+IFB1Ymxpc2hlZCBiZWZv cmUgdGhpcyBkb2N1bWVudCBhbmQgdGhlbiBoYXZlIHRoYXQgYXMgYSByZWZlcmVuY2UuICBPbmUN Cj4gPj4+IG9mIHRoZSBjb21tZW50cyBJIG1hZGUgcHJldmlvdXNseSB3YXMgdG8gbGlzdCBvdXQg dGhlIGxheWVyaW5nIGFuZA0KPiA+Pj4gcHJvdGVjdGlvbnMgZXhwZWN0ZWQgb24gZGF0YSBhbmQg TlNILiAgVGhpcyBoYXMgYmVlbiBkb25lIGluIHRoZQ0KPiA+Pj4gc2VjdXJpdHkgZW52aXJvbm1l bnQgZHJhZnQsIHNlY3Rpb24gNCBzaG91bGQgYmUgcmVmZXJlbmNlZDoNCj4gPj4+DQo+ID4+PiBT ZWN0aW9uIDQgcHJvdmlkZXMgYW4gb3ZlcmFsbCBkZXNjcmlwdGlvbiBvZiB0aGUgU0ZDIGVudmly b25tZW50IHdpdGgNCj4gPj4+IHRoZSBpbnRyb2R1Y3Rpb24gb2YgdGhlIGRpZmZlcmVudCBwbGFu ZXMgKFNGQyBDb250cm9sIFBsYW5lLCB0aGUgU0ZDDQo+ID4+PiBNYW5hZ2VtZW50IFBsYW5lLCB0 aGUgVGVuYW50J3MgdXNlciBQbGFuZSBhbmQgdGhlIFNGQyBEYXRhIFBsYW5lKS4NCj4gPj4+DQo+ ID4+Pg0KPiA+Pj4NCj4gPj4+IFBRPiAgQXMgSSBtZW50aW9uZWQgb24gYW5vdGhlciB0aHJlYWQ6 IGEgc2VjdXJlIGVudmlyb25tZW50IGRyYWZ0IGlzDQo+IG5vdA0KPiA+Pj4gcmVsYXRlZCB0byBO U0ggcGVyIHNlLg0KPiA+Pj4NCj4gPj4+DQo+ID4+Pg0KPiA+Pj4NCj4gPj4+IFRoaXMgaXMgYSB2 ZXJ5IGltcG9ydGFudCBwb2ludCBmb3IgYW55b25lIHJldmlld2luZyBmb3Igc2VjdXJpdHkgYXMN Cj4gPj4+IGFyZSB0aGUgZW52aXJvbm1lbnQgc2VjdXJpdHkgcmVxdWlyZW1lbnRzLiAgVGhlIHNl Y3VyaXR5IGVudmlyb25tZW50DQo+ID4+PiByZXF1aXJlbWVudHMgZHJhZnQgc3RpbGwgbmVlZHMg YSBsaXR0bGUgbW9yZSB3b3JrIGZyb20gYSBxdWljayByZWFkLA0KPiA+Pj4gYnV0IGhlbHBzIGEg bG90LiAgSSBuZWVkIHRvIGZpbmlzaCByZWFkaW5nIHRoZSBzZWN1cml0eSBlbnZpcm9ubWVudA0K PiA+Pj4gZHJhZnQuDQo+ID4+Pg0KPiA+Pj4gLS0NCj4gPj4+DQo+ID4+PiBCZXN0IHJlZ2FyZHMs DQo+ID4+PiBLYXRobGVlbg0KPiA+Pj4NCj4gPj4+IF9fX19fX19fX19fX19fX19fX19fX19fX19f X19fX19fX19fX19fX19fX19fX19fDQo+ID4+PiBzZmMgbWFpbGluZyBsaXN0DQo+ID4+PiBzZmNA aWV0Zi5vcmcNCj4gPj4+IGh0dHBzOi8vd3d3LmlldGYub3JnL21haWxtYW4vbGlzdGluZm8vc2Zj DQo+ID4+Pg0KPiA+Pj4NCj4gPj4+DQo+ID4+Pg0KPiA+Pj4NCj4gPj4+IC0tDQo+ID4+Pg0KPiA+ Pj4gQmVzdCByZWdhcmRzLA0KPiA+Pj4gS2F0aGxlZW4NCj4gPj4+DQo+ID4+PiBfX19fX19fX19f X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fXw0KPiA+Pj4gc2ZjIG1haWxpbmcg bGlzdA0KPiA+Pj4gc2ZjQGlldGYub3JnDQo+ID4+PiBodHRwczovL3d3dy5pZXRmLm9yZy9tYWls bWFuL2xpc3RpbmZvL3NmYw0KPiA+Pj4NCj4gPj4+DQo+ID4+DQo+ID4+DQo+ID4+DQo+ID4+IC0t DQo+ID4+DQo+ID4+IEJlc3QgcmVnYXJkcywNCj4gPj4gS2F0aGxlZW4NCj4gPg0KPiANCj4gDQo+ IA0KPiAtLQ0KPiANCj4gQmVzdCByZWdhcmRzLA0KPiBLYXRobGVlbg0KPiANCj4gX19fX19fX19f X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18NCj4gc2ZjIG1haWxpbmcgbGlz dA0KPiBzZmNAaWV0Zi5vcmcNCj4gaHR0cHM6Ly93d3cuaWV0Zi5vcmcvbWFpbG1hbi9saXN0aW5m by9zZmMNCj4gX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18N Cj4gc2ZjIG1haWxpbmcgbGlzdA0KPiBzZmNAaWV0Zi5vcmcNCj4gaHR0cHM6Ly93d3cuaWV0Zi5v cmcvbWFpbG1hbi9saXN0aW5mby9zZmMNCg== From nobody Thu Sep 21 02:04:24 2017 Return-Path: X-Original-To: sfc@ietfa.amsl.com Delivered-To: sfc@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 401B11344FC; Thu, 21 Sep 2017 02:04:16 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.618 X-Spam-Level: X-Spam-Status: No, score=-2.618 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GvQgkwTsdJnF; Thu, 21 Sep 2017 02:04:13 -0700 (PDT) Received: from relais-inet.orange.com (mta241.mail.business.static.orange.com [80.12.66.41]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0BCFE1344B7; Thu, 21 Sep 2017 02:02:43 -0700 (PDT) Received: from opfedar03.francetelecom.fr (unknown [xx.xx.xx.5]) by opfedar22.francetelecom.fr (ESMTP service) with ESMTP id 6651360671; Thu, 21 Sep 2017 11:02:41 +0200 (CEST) Received: from Exchangemail-eme2.itn.ftgroup (unknown [xx.xx.31.31]) by opfedar03.francetelecom.fr (ESMTP service) with ESMTP id 43A1018006A; Thu, 21 Sep 2017 11:02:41 +0200 (CEST) Received: from OPEXCLILMA3.corporate.adroot.infra.ftgroup ([fe80::60a9:abc3:86e6:2541]) by OPEXCLILM22.corporate.adroot.infra.ftgroup ([fe80::8c90:f4e9:be28:2a1%19]) with mapi id 14.03.0361.001; Thu, 21 Sep 2017 11:02:40 +0200 From: To: "adrian@olddog.co.uk" , "'Van De Velde, Gunter (Nokia - BE/Antwerp)'" , "'Joel M. Halpern'" , "mpls@ietf.org" CC: 'Service Function Chaining IETF list' Thread-Topic: [sfc] An MPLS Forwarding plane for SFC Thread-Index: AdMjXxXVPkarGltYRZ25UDV5w+jgOv//4TmAgAPeI4CAACDZgP/lNE4w Date: Thu, 21 Sep 2017 09:02:40 +0000 Message-ID: <787AE7BB302AE849A7480A190F8B93300A046ED4@OPEXCLILMA3.corporate.adroot.infra.ftgroup> References: <034601d3235f$1f4ef590$5dece0b0$@olddog.co.uk> <04bb01d3255f$f53a5d00$dfaf1700$@olddog.co.uk> In-Reply-To: <04bb01d3255f$f53a5d00$dfaf1700$@olddog.co.uk> Accept-Language: fr-FR, en-US Content-Language: fr-FR X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.168.234.5] Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Archived-At: Subject: Re: [sfc] An MPLS Forwarding plane for SFC X-BeenThere: sfc@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Network Service Chaining List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 21 Sep 2017 09:04:16 -0000 Hi Adrian, all, Fully agree, this is a pragmatic solution for a given type of networks. Tha= t's said, there are some implications on SFs, that need to be MPLS-aware to= o. Of course, if your take is that supplying metadata to SFs won't fly, the= n this confirms again the pragmatism of the proposal for a particular deplo= yment case.=20 FWIW, we have considered in the past a similar approach for IPv6-enbaled ne= tworks (https://tools.ietf.org/html/draft-jacquenet-sfc-ipv6-eh-01). It has= the merit to have the same expectations on routers as for SR.=20 For all these proposals, a new behavior is needed to be followed by SFC-awa= re nodes. What differs is the channel used to signal a chain and to supply = additional data for SFC purposes.=20 Leveraging on existing code/capabilities is good for a vendor/implementer, = but the risk is that a given solution will need to support all/many of thes= e flavors. Which is not optimal.=20 Putting aside which WG will work on what, we need to think about this colle= ctively.=20 Cheers, Med > -----Message d'origine----- > De=A0: sfc [mailto:sfc-bounces@ietf.org] De la part de Adrian Farrel > Envoy=E9=A0: lundi 4 septembre 2017 11:27 > =C0=A0: 'Van De Velde, Gunter (Nokia - BE/Antwerp)'; 'Joel M. Halpern'; > mpls@ietf.org > Cc=A0: 'Service Function Chaining IETF list' > Objet=A0: Re: [sfc] An MPLS Forwarding plane for SFC >=20 > Hi, >=20 > > I believe that the approach as Adrian outlines is very pragmatic. >=20 > Thanks, Gunter. >=20 > A few points... >=20 > - As I said in my email and as we note in the draft, this approach is > somewhat > limited when compared to the full function that can be achieved with > the > NSH. > - I quite understand that this is not the approach that the SFC working > group > adopted, and that the reasons for the development of the NSH were drive= n > both by technical concerns and by constraints of the WG charter. > - This proposal is not intended as antagonistic competition to the work o= f > the SFC working group. Indeed, we have been sitting on this draft > waiting > for the NSH draft to progress. > - But we are offering a pragmatic alternative that can deliver a subset o= f > NSH > function in a well-known environment. Our hope is that the SFF can be > achieved with off-the-shelf MPLS hardware. > - I copied my email to the SFC list because that seemed the polite and > right > thing to do, not because I think that working group should be > developing > this solution. IMHO, this wok belongs in the MPLS working group. >=20 > Cheers, > Adrian >=20 >=20 > > Joel, not sure I agree about being bound by transport mechanism when > using > > MPLS, as the MPLS sequenced labels can be transported over any type of > > transport just like NSH could be transported. > > For sure there is as Adrian mentions a trade-off regarding flexibility, > so each will > > find its application realm. > > For many the flexibility in the sequenced MPLS label approach will be > sufficient > > for business purpose. > > > > G/ > > > > > > On 01/09/2017, 22:25, "sfc on behalf of Joel M. Halpern" bounces@ietf.org > > on behalf of jmh@joelhalpern.com> wrote: > > > > Reading this draft, what you have proposed is a specific transport > > mechanism, using MPLS. By removing the NSH header, you remove the > > transport agnostic properties that the Working Group was > specifically > > chartered to achieve. > > By recasting the metadata into a label sequence, you make any > metaata > > processing significantly harder, and make applications dependent > upon > > the MPLS transport, rather than being able to rely on the NSH > format. > > If this pattern were followed for other transports, we would requir= e > SFF > > and SF which understood how to parse and process all of the > different > > transport encodings of the path, and SF would have to understand al= l > the > > different transport encodings of the metadata. > > > > Why is this beneficial? > > > > If what you want to do is carry NSH, with an MPLS label stack that > > represents the whole sequence of places to visit, we would still > have to > > assume that SF preserved the MPLS stack, but their processing, > assuming > > they could find the carried NSH header under the MPLS stack, would > at > > least be independent of the transport. > > > > Yours, > > Joel > > > > On 9/1/17 4:15 PM, Adrian Farrel wrote: > > > Hi, > > > > > > We've been working up some ideas for using an MPLS forwarding > plane > > (switching > > > or SR) for SFC. > > > > > > We have constrained ourselves to the architecture developed by th= e > SFC > > working > > > group, and have used the NSH as a functional model. > > > > > > MPLS is somewhat limited compared to the NSH encapsulation, so > there is a > > > trade-off between using a new encapsulation with full function an= d > a good > > set of > > > function using an existing forwarding plane. > > > > > > At the moment this is an early version of our work, but we though= t > you'd like > > to > > > see our thought processes. > > > > > > (FWIW draft-ietf-bess-nsh-bgp-control-plane is applicable to NSH > or MPLS > > > encapsulations and includes mechanisms to select between the two.= ) > > > > > > Cheers, > > > Adrian > > > > > >> -----Original Message----- > > >> From: I-D-Announce [mailto:i-d-announce-bounces@ietf.org] On > Behalf Of > > >> internet-drafts@ietf.org > > >> Sent: 01 September 2017 21:00 > > >> To: i-d-announce@ietf.org > > >> Subject: I-D Action: draft-farrel-mpls-sfc-00.txt > > >> > > >> > > >> A New Internet-Draft is available from the on-line Internet- > Drafts > > > directories. > > >> > > >> > > >> Title : An MPLS-Based Forwarding Plane for > Service Function > > > Chaining > > >> Authors : Adrian Farrel > > >> Stewart Bryant > > >> John Drake > > >> Filename : draft-farrel-mpls-sfc-00.txt > > >> Pages : 23 > > >> Date : 2017-09-01 > > >> > > >> Abstract: > > >> Service Function Chaining (SFC) is the process of directing > packets > > >> through a network so that they can be acted on by an ordered > set of > > >> abstract service functions before being delivered to the > intended > > >> destination. An architecture for SFC is defined in RFC7665. > > >> > > >> The Network Service Header (NSH) can be inserted into packet= s > to > > >> steer them along a specific path to realize a Service > Function Chain. > > >> > > >> Multiprotocol Label Switching (MPLS) is a widely deployed > forwarding > > >> technology that uses labels to identify the forwarding > actions to be > > >> taken at each hop through a network. Segment Routing is a > mechanism > > >> that provides a source routing paradigm for steering packets > in an > > >> MPLS network. > > >> > > >> This document describes how Service Function Chaining can be > achieved > > >> in an MPLS network by means of a logical representation of > the NSH in > > >> an MPLS label stack. > > >> > > >> > > >> > > >> The IETF datatracker status page for this draft is: > > >> https://datatracker.ietf.org/doc/draft-farrel-mpls-sfc/ > > >> > > >> There are also htmlized versions available at: > > >> https://tools.ietf.org/html/draft-farrel-mpls-sfc-00 > > >> https://datatracker.ietf.org/doc/html/draft-farrel-mpls-sfc-00 > > >> > > >> > > >> Please note that it may take a couple of minutes from the time o= f > > submission > > >> until the htmlized version and diff are available at > tools.ietf.org. > > >> > > >> Internet-Drafts are also available by anonymous FTP at: > > >> ftp://ftp.ietf.org/internet-drafts/ > > >> > > >> _______________________________________________ > > >> I-D-Announce mailing list > > >> I-D-Announce@ietf.org > > >> https://www.ietf.org/mailman/listinfo/i-d-announce > > >> Internet-Draft directories: http://www.ietf.org/shadow.html > > >> or ftp://ftp.ietf.org/ietf/1shadow-sites.txt > > > > > > _______________________________________________ > > > sfc mailing list > > > sfc@ietf.org > > > https://www.ietf.org/mailman/listinfo/sfc > > > > > > > _______________________________________________ > > sfc mailing list > > sfc@ietf.org > > https://www.ietf.org/mailman/listinfo/sfc > > >=20 >=20 > _______________________________________________ > sfc mailing list > sfc@ietf.org > https://www.ietf.org/mailman/listinfo/sfc From nobody Thu Sep 21 05:47:38 2017 Return-Path: X-Original-To: sfc@ietfa.amsl.com Delivered-To: sfc@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6C18A1342E7 for ; Thu, 21 Sep 2017 05:47:36 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -14.519 X-Spam-Level: X-Spam-Status: No, score=-14.519 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id St_RNaDRplxh for ; Thu, 21 Sep 2017 05:47:32 -0700 (PDT) Received: from rcdn-iport-9.cisco.com (rcdn-iport-9.cisco.com [173.37.86.80]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 31A011330B1 for ; Thu, 21 Sep 2017 05:47:32 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=82000; q=dns/txt; s=iport; t=1505998052; x=1507207652; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=kKiiW1yyk6e2VDNOXHtJaHWDJ/yMw5dFbMXnGBq/Yv4=; b=L+fcieVBMEYpgVJENKBT3gnZfNtevSNAJkBgQGhDTwbws41u2Seu3IYK eB4rbLOqKPeYUMfalM+jDR1TqqIqRLSnQ6t2qjgkRCbtNCoZDhoFpQ8K6 V9qmMwcTj01+D9ZvzfcFVqwvfdShQaNi1r63Doi22JFHfgQD/g/7HpwDo s=; X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0CjAABAtMNZ/5ldJa1cGQEBAQEBAQEBA?= =?us-ascii?q?QEBBwEBAQEBgy0tZG4nB4NviiCPeIF0iECNag6CAQMKGAEKhRgCGoN5PxgBAgE?= =?us-ascii?q?BAQEBAQFrKIUYAQEBAQMBARgBCARABwQHDAQCAQgOAwEDAQEhAQYDAgICHwYLF?= =?us-ascii?q?AMGCAIEDgUbiTRMAxUQpnSBbTqHNA2DPgEBAQEBAQEBAQEBAQEBAQEBAQEBARg?= =?us-ascii?q?FgyuBYiCBUYFkK4FwgQ2CWYFmJB8QIYJbL4IxBYoPBo4yiBA8AodbiASEd4ITg?= =?us-ascii?q?W+DfIN+hwKMYYgwAhEZAYE4AR84QUx3FUkSAYUGHIFndgGILoEQAQEB?= X-IronPort-AV: E=Sophos;i="5.42,425,1500940800"; d="scan'208,217";a="296050828" Received: from rcdn-core-2.cisco.com ([173.37.93.153]) by rcdn-iport-9.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 21 Sep 2017 12:47:30 +0000 Received: from XCH-RTP-008.cisco.com (xch-rtp-008.cisco.com [64.101.220.148]) by rcdn-core-2.cisco.com (8.14.5/8.14.5) with ESMTP id v8LClTcj027410 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Thu, 21 Sep 2017 12:47:29 GMT Received: from xch-rtp-020.cisco.com (64.101.220.160) by XCH-RTP-008.cisco.com (64.101.220.148) with Microsoft SMTP Server (TLS) id 15.0.1263.5; Thu, 21 Sep 2017 08:47:29 -0400 Received: from xch-rtp-020.cisco.com ([64.101.220.160]) by XCH-RTP-020.cisco.com ([64.101.220.160]) with mapi id 15.00.1263.000; Thu, 21 Sep 2017 08:47:28 -0400 From: "Carlos Pignataro (cpignata)" To: Med Boucadair CC: James N Guichard , Kathleen Moriarty , "Paul Quinn (paulq)" , "sfc@ietf.org" Thread-Topic: [sfc] Early review draft-ietf-sfc-nsh Thread-Index: AQHTMLsSqoZIGRErdkS+KbebYim9zKK82t6AgAAEeYCAABTqgIABNZsAgAAKggCAAAZ9AIAABHkAgADyTQCAAF+CAA== Date: Thu, 21 Sep 2017 12:47:28 +0000 Message-ID: <65C0A290-C73E-40A5-B41C-4E0C4181BDAB@cisco.com> References: <6971D34B-DC0E-4C3E-B412-3C2F8FAE5704@cisco.com> <43ED911F-2174-4930-A9BE-1B2A81CD03E9@cisco.com> <787AE7BB302AE849A7480A190F8B93300A046CB0@OPEXCLILMA3.corporate.adroot.infra.ftgroup> In-Reply-To: <787AE7BB302AE849A7480A190F8B93300A046CB0@OPEXCLILMA3.corporate.adroot.infra.ftgroup> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-exchange-messagesentrepresentingtype: 1 x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [10.118.116.133] Content-Type: multipart/alternative; boundary="_000_65C0A290C73E40A5B41C4E0C4181BDABciscocom_" MIME-Version: 1.0 Archived-At: Subject: Re: [sfc] Early review draft-ietf-sfc-nsh X-BeenThere: sfc@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Network Service Chaining List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 21 Sep 2017 12:47:36 -0000 --_000_65C0A290C73E40A5B41C4E0C4181BDABciscocom_ Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 SGksIE1lZCwNCg0KSSBmdWxseSBhZ3JlZSB3aXRoIHlvdS4gSG93ZXZlciwgSSBkaWQgZ28gdGhy b3VnaCB0aGUgd2hvbGUgZG9jdW1lbnQgbWFraW5nIHN1cmUgd2Ugd2VyZSBhbHdheXMgdXNpbmcg 4oCcdHJhbnNwb3J0IGVuY2Fwc3VsYXRpb27igJ0uIEZyYW5rbHksIEkgZGlkIGZpbmQgYSBmZXcg cGxhY2VzIHdoZXJlIG5vcm1hbGl6aW5nIGFuZCBjbGVhbmluZyB0aGUgdGVybWlub2xvZ3kgaGVs cGVkIGEgbG90LiBJ4oCZbGwgcG9zdCB0aG9zZSBjaGFuZ2VzIGJlZm9yZSBuZXh0IHdlZWsgKEkg d2FudCB0byBtYWtlIHNvbWUgdXBkYXRlcyB0byB0aGUgc2VjdXJpdHkgY29uc2lkZXJhdGlvbnMg YXMgd2VsbCwgYW5kIHRoZW4gcmVsZWFzZSkuDQoNCkkgYWxzbyBhZ3JlZSB0aGF0LCBpbiB0aGVv cnksIHdlIGRvIG5vdCBuZWVkIHRvIHJlLWRlc2NyaWJlIHRoZSBsYXllcmluZyBhbmQgYWxsIHRo ZSBwaWVjZXMgZXhpc3QgaW4gUkZDIDc2NjUgYW5kIGluIHRoZSBOU0ggc3BlYy4gSSBkbyBub3Qg bWluZCBlcnJpbmcgb24gdGhlIHNpZGUgb2YgZXh0cmEgY2xhcml0eSBmb3IgdGhlIHVuaW5pdGlh dGVkIHJlYWRlci4NCg0KSSB3aWxsIGFzayB5b3UgdG8gY2hlY2sgb3V0IHRoZSBmb3J0aGNvbWlu ZyByZXZpc2lvbiAtMjIuDQoNClRoYW5rcyENCg0K4oCUDQpDYXJsb3MgUGlnbmF0YXJvLCBjYXJs b3NAY2lzY28uY29tPG1haWx0bzpjYXJsb3NAY2lzY28uY29tPg0KDQrigJxTb21ldGltZXMgSSB1 c2UgYmlnIHdvcmRzIHRoYXQgSSBkbyBub3QgZnVsbHkgdW5kZXJzdGFuZCwgdG8gbWFrZSBteXNl bGYgc291bmQgbW9yZSBwaG90b3N5bnRoZXNpcy4iDQoNCk9uIFNlcCAyMSwgMjAxNywgYXQgMzow NSBBTSwgbW9oYW1lZC5ib3VjYWRhaXJAb3JhbmdlLmNvbTxtYWlsdG86bW9oYW1lZC5ib3VjYWRh aXJAb3JhbmdlLmNvbT4gd3JvdGU6DQoNCkppbSwgYWxsLA0KDQpJIGRvIHVuZGVyc3RhbmQgdGhl IGNvbmZ1c2lvbiB0aGF0IGlzIGluZHVjZWQgYnkgInRyYW5zcG9ydCIgaW4gdGhlIE5TSCBkb2N1 bWVudC4gVXNpbmcgYW5vdGhlciB0ZXJtIHdvdWxkIGZpeCB0aGlzLCBzdXJlLg0KDQpCdXQsIHdl IG5lZWQgdG8ga2VlcCBpbiBtaW5kIHRoYXQgTlNIIHNwZWMgaXMgcmVmZXJyaW5nIHRvIFJGQzc2 NjUgd2hpY2ggdXNlcyAidHJhbnNwb3J0IiBleHRlbnNpdmVseS4gSU1ITywgdGhlIGZvbGxvd2lu ZyBmaWd1cmUgZnJvbSBSRkM3NjY1IGlzIHZlcnkgaGVscGZ1bCB0byB1bmRlcnN0YW5kIHRoZSBT RkMgbGF5ZXJpbmcsIGluY2x1ZGluZyB0aGUgbm90aW9uIG9mIG91dGVyLXRyYW5zcG9ydCBlbmNh cHN1bGF0aW9uLg0KDQogICAgICAgICArLS0tLS0tLS0tLS0tLS0tLSsgICAgICAgICAgICAgICAg ICAgICAgICArLS0tLS0tLS0tLS0tLS0tLSsNCiAgICAgICAgIHwgICBTRkMtYXdhcmUgICAgfCAg ICAgICAgICAgICAgICAgICAgICAgIHwgIFNGQy11bmF3YXJlICAgfA0KICAgICAgICAgfFNlcnZp Y2UgRnVuY3Rpb258ICAgICAgICAgICAgICAgICAgICAgICAgfFNlcnZpY2UgRnVuY3Rpb258DQog ICAgICAgICArLS0tLS0tLSstLS0tLS0tLSsgICAgICAgICAgICAgICAgICAgICAgICArLS0tLS0t LSstLS0tLS0tLSsNCiAgICAgICAgICAgICAgICAgfCAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgfA0KICAgICAgICAgICBTRkMgRW5jYXBzdWxhdGlvbiAgICAgICAgICAg ICAgICAgICAgICAgTm8gU0ZDIEVuY2Fwc3VsYXRpb24NCiAgICAgICAgICAgICAgICAgfCAgICAg ICAgICAgICAgICAgIFNGQyAgICAgICAgICAgICAgICAgICAgfA0KICAgICstLS0tLS0tLS0rICAr LS0tLS0tLS0tLS0tLS0tLSsgRW5jYXBzdWxhdGlvbiAgICAgKy0tLS0tLS0tLSsNCiAgICB8U0ZD LUF3YXJlfC0tLS0tLS0tLS0tLS0tLS0tKyAgXCAgICAgKy0tLS0tLS0tLS0tLXxTRkMgUHJveHl8 DQogICAgfCAgICBTRiAgIHwgLi4uIC0tLS0tLS0tLS0rICBcICBcICAgLyAgICAgICAgICAgICAr LS0tLS0tLS0tKw0KICAgICstLS0tLS0tLS0rICAgICAgICAgICAgICAgIFwgIFwgIFwgLw0KICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgKy0tLS0tLS0rLS0tLS0tLS0rDQogICAgICAgICAg ICAgICAgICAgICAgICAgICAgICB8ICAgU0YgRm9yd2FyZGVyIHwNCiAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgIHwgICAgICAoU0ZGKSAgICAgfA0KICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgKy0tLS0tLS0rLS0tLS0tLS0rDQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgIHwNCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFNGQyBFbmNhcHN1bGF0aW9u DQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHwNCiAgICAgICAgICAgICAg ICAgICAgICAgICAgLi4uIFNGQy1lbmFibGVkIERvbWFpbiAuLi4NCiAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgfA0KICAgICAgICAgICAgICAgICAgICAgICAgICBOZXR3b3Jr IE92ZXJsYXkgVHJhbnNwb3J0DQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg IHwNCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBfLC4uLi4uXw0KICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICwtJyAgICAgICAgYC0uDQogICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAvICAgICAgICAgICAgICBgLg0KICAgICAgICAgICAgICAgICAgICAgICAgICAg ICB8ICAgICBOZXR3b3JrICAgIHwNCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgYC4gICAg ICAgICAgICAgIC8NCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBgLl9fICAgICBfXywt Jw0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBgJycnJw0KDQpJZGVhbGx5LCB3 ZSBkb24ndCBldmVuIG5lZWQgdG8gcmUtZGVzY3JpYmUgdGhlIGxheWVyaW5nIGluIHRoZSBOU0gg c3BlYyBnaXZlbiB0aGF0IHRoZSBkcmFmdCBkZWxpbWl0cyBpdHMgc2NvcGUgY2xlYXJseToNCg0K VGhlIE5TSCBpcyB0aGUgU0ZDIGVuY2Fwc3VsYXRpb24gcmVxdWlyZWQgdG8gc3VwcG9ydA0KICAg ICAgIF5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXg0KICB0aGUgU2VydmljZSBGdW5jdGlvbiBDaGFp bmluZyAoU0ZDKSBhcmNoaXRlY3R1cmUgKGRlZmluZWQgaW4NCiAgUkZDNzY2NSkuDQoNCkNoZWVy cywNCk1lZA0KDQotLS0tLU1lc3NhZ2UgZCdvcmlnaW5lLS0tLS0NCkRlIDogc2ZjIFttYWlsdG86 c2ZjLWJvdW5jZXNAaWV0Zi5vcmddIERlIGxhIHBhcnQgZGUgSmFtZXMgTiBHdWljaGFyZA0KRW52 b3nDqSA6IG1lcmNyZWRpIDIwIHNlcHRlbWJyZSAyMDE3IDE4OjM4DQrDgCA6IEthdGhsZWVuIE1v cmlhcnR5OyBDYXJsb3MgUGlnbmF0YXJvIChjcGlnbmF0YSkNCkNjIDogUGF1bCBRdWlubiAocGF1 bHEpOyBzZmNAaWV0Zi5vcmc8bWFpbHRvOnNmY0BpZXRmLm9yZz4NCk9iamV0IDogUmU6IFtzZmNd IEVhcmx5IHJldmlldyBkcmFmdC1pZXRmLXNmYy1uc2gNCg0KSGkgS2F0aGxlZW4sDQoNCkkgYW0g bm90IHF1aXRlIGNsZWFyIGFzIHRvIGV4YWN0bHkgd2hhdCBpcyBjb25mdXNpbmcgd2l0aCB0aGUg ZXhpc3RpbmcNCnRleHQgKC0yMSB2ZXJzaW9uKS4gUXVvdGluZyBmcm9tIHNlY3Rpb24gMToNCg0K ICBUaGUgTmV0d29yayBTZXJ2aWNlIEhlYWRlciAoTlNIKSBzcGVjaWZpY2F0aW9uIGRlZmluZXMg YSBuZXcgcHJvdG9jb2wNCiAgYW5kIGFzc29jaWF0ZWQgZW5jYXBzdWxhdGlvbiBmb3IgdGhlIGNy ZWF0aW9uIG9mIGR5bmFtaWMgc2VydmljZQ0KICBjaGFpbnMsIG9wZXJhdGluZyBhdCB0aGUgc2Vy dmljZSBwbGFuZS4gIFRoZSBOU0ggaXMgZGVzaWduZWQgdG8NCiAgZW5jYXBzdWxhdGUgYW4gb3Jp Z2luYWwgcGFja2V0IG9yIGZyYW1lLCBhbmQgaW4gdHVybiBiZSBlbmNhcHN1bGF0ZWQNCiAgYnkg YW4gb3V0ZXIgdHJhbnNwb3J0ICh3aGljaCBpcyB1c2VkIHRvIGRlbGl2ZXIgdGhlIE5TSCB0byBO U0gtYXdhcmUNCiAgbmV0d29yayBlbGVtZW50cyksIGFzIHNob3duIGluIEZpZ3VyZSAxOg0KDQog ICAgICAgICAgICAgICAgICAgICstLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0rDQogICAg ICAgICAgICAgICAgICAgIHwgICAgVHJhbnNwb3J0IEVuY2Fwc3VsYXRpb24gICB8DQogICAgICAg ICAgICAgICAgICAgICstLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0rDQogICAgICAgICAg ICAgICAgICAgIHwgTmV0d29yayBTZXJ2aWNlIEhlYWRlciAoTlNIKSB8DQogICAgICAgICAgICAg ICAgICAgICstLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0rDQogICAgICAgICAgICAgICAg ICAgIHwgICAgT3JpZ2luYWwgUGFja2V0IC8gRnJhbWUgICB8DQogICAgICAgICAgICAgICAgICAg ICstLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0rDQoNCiAgICAgICAgICAgICBGaWd1cmUg MTogTmV0d29yayBTZXJ2aWNlIEhlYWRlciBFbmNhcHN1bGF0aW9uDQoNClRoaXMgc3RhdGVzIHRo YXQgdGhlIE5TSCBpcyBkZXNpZ25lZCB0byBlbmNhcHN1bGF0ZSB0aGUgb3JpZ2luYWwNCnBhY2tl dC9mcmFtZSAocmVhZCBJUCBwYWNrZXQgb3IgRXRoZXJuZXQgZnJhbWUpIGFuZCB0aGVuIGluIHR1 cm4gYmUNCmNhcnJpZWQgYnkgYW4gb3V0ZXIgdHJhbnNwb3J0LiBUaGUgZmlndXJlIGNsZWFybHkg c2hvd3MgdGhhdCB0aGUgb3V0ZXINCnRyYW5zcG9ydCBpbiB0aGlzIGNvbnRleHQgaXMgIlRyYW5z cG9ydCBFbmNhcHN1bGF0aW9uIi4gVGhlIGRyYWZ0IHRoZW4NCmdvZXMgb24gdG8gZGVzY3JpYmUg d2hhdCBOU0ggaXMgYW5kIHRoZW4gaW4gc2VjdGlvbiA0IG1vcmUgZGV0YWlsIGlzDQpwcm92aWRl ZCBvbiB0aGUgdHJhbnNwb3J0IGVuY2Fwc3VsYXRpb24uIE5vdyByZWFkaW5nIHNlY3Rpb24gNCBp dCBzdGFydHMNCmJ5IHNheWluZzoNCg0KT25jZSB0aGUgTlNIIGlzIGFkZGVkIHRvIGEgcGFja2V0 LCBhbiBvdXRlciBlbmNhcHN1bGF0aW9uIGlzIHVzZWQgdG8NCiAgZm9yd2FyZCB0aGUgb3JpZ2lu YWwgcGFja2V0IGFuZCB0aGUgYXNzb2NpYXRlZCBtZXRhZGF0YSB0byB0aGUgc3RhcnQNCiAgb2Yg YSBzZXJ2aWNlIGNoYWluLg0KDQpJcyB0aGUgY29uZnVzaW9uIGNhdXNlZCBieSBzZWN0aW9uIDEg JiA0IHRleHQgc2F5aW5nICJvdXRlciBlbmNhcHN1bGF0aW9uIg0Kb3IgIm91dGVyIHRyYW5zcG9y dCIgcmF0aGVyIHRoYW4gIlRyYW5zcG9ydCBFbmNhcHN1bGF0aW9uIiA/IElmIHNvIHRoYXQgaXMN CmVhc2lseSBmaXhlZCA6LSkNCg0KVGhhbmtzIQ0KDQpKaW0NCg0KLS0tLS1PcmlnaW5hbCBNZXNz YWdlLS0tLS0NCkZyb206IHNmYyBbbWFpbHRvOnNmYy1ib3VuY2VzQGlldGYub3JnXSBPbiBCZWhh bGYgT2YgS2F0aGxlZW4gTW9yaWFydHkNClNlbnQ6IFdlZG5lc2RheSwgU2VwdGVtYmVyIDIwLCAy MDE3IDEyOjIyIFBNDQpUbzogQ2FybG9zIFBpZ25hdGFybyAoY3BpZ25hdGEpIDxjcGlnbmF0YUBj aXNjby5jb208bWFpbHRvOmNwaWduYXRhQGNpc2NvLmNvbT4+DQpDYzogUGF1bCBRdWlubiAocGF1 bHEpIDxwYXVscUBjaXNjby5jb208bWFpbHRvOnBhdWxxQGNpc2NvLmNvbT4+OyBzZmNAaWV0Zi5v cmc8bWFpbHRvOnNmY0BpZXRmLm9yZz4NClN1YmplY3Q6IFJlOiBbc2ZjXSBFYXJseSByZXZpZXcg ZHJhZnQtaWV0Zi1zZmMtbnNoDQoNCkhpIENhcmxvcywNCg0KUGxlYXNlIGxvb2sgYXQgdGhlIHRl eHQgaW4gdGhlIGN1cnJlbnQgZG9jdW1lbnQuICBJdCBvbmx5IHNheXMgdHJhbnNwb3J0DQppbiB0 aGUgdGV4dCBJIHF1b3RlZC4gIFRoZSBkaWFncmFtIGFsc28gb25seSBzYXlzIHRyYW5zcG9ydC4N CkRyYWZ0cyBuZWVkIHRvIGJlIGNsZWFybHkgd3JpdHRlbiB0byBiZSBicm9hZGx5IHVuZGVyc3Rv b2QgYW5kIHRoZSB3YXkgdGhlDQp0ZXh0IGlzIG5vdywgaXQgaXMgbm90LiAgSSB0aGluayBjbGVh bmluZyBpdCB1cCBhIGJpdCB3aWxsIGxpZnQgc29tZSBvZg0KdGhlIHNlY3VyaXR5IGNvbmNlcm5z IGFzIHNvbWUgYXJlIGFkZHJlc3NlZCBwcmlvciB0byBOU0ggc2VlaW5nIHRoZSBJUA0KcGFja2V0 IG9yIGZyYW1lLg0KDQpZb3VyIHJlc3BvbnNlIGhlbHBzLCBidXQgcGxlYXNlIHRha2UgdGhlIHRp bWUgdG8gbG9vayB0aHJvdWdoIHRoZSBkb2N1bWVudA0KdG8gc2VlIGhvdyBpdCBjYW4gYmUgY2xh cmlmaWVkIHNvIG9uZSBkb2VzIG5vdCBoYXZlIHRoZSBxdWVzdGlvbnMgSSBhbmQNCm90aGVycyBo YXZlIHJhaXNlZC4NCg0KVGhhbmsgeW91LA0KS2F0aGxlZW4NCg0KT24gV2VkLCBTZXAgMjAsIDIw MTcgYXQgMTE6NTkgQU0sIENhcmxvcyBQaWduYXRhcm8gKGNwaWduYXRhKQ0KPGNwaWduYXRhQGNp c2NvLmNvbTxtYWlsdG86Y3BpZ25hdGFAY2lzY28uY29tPj4gd3JvdGU6DQpIaSwgS2F0aGxlZW4s DQoNClRoYW5rIHlvdSBmb3IgYXNraW5nIGV4cGxpY2l0bHkuIFRoaXMgZG9jdW1lbnQgdXNlZCB0 byBoYXZlIGV4cGxpY2l0DQrigJxOU0ggRW5jYXBzdWxhdGlvbiBFeGFtcGxlc+KAnSwgYnV0IHdl cmUgdGFrZW4gb3V0IChhdCB0aGUgQUTigJlzIHJlcXVlc3QpDQpiYXNlZCBvbiB0aGUgYXJndW1l bnQgdGhhdCDigJxldmVyeW9uZSB3b3VsZCBsaWtlIHRvIGhhdmUgdGhlaXINCmVuY2Fwc3VsYXRp b27igJ0uIFdlIGNhbiBhbHdheXMgYnJpbmcgdGhlbSBiYWNrIGlmIGRlc2lyZWQsIGV2ZW4gd2l0 aGluIGENCm5vbi1ub3JtYXRpdmUgYXBwZW5kaXguDQoNCkFzIEkgZm9sbG93IHlvdXIgcXVlc3Rp b25zLCBJIHdpbGwgdHJ5IG15IGJlc3QgdG8gYW5zd2VyIGFuZCBjbGFyaWZ5Lg0KDQpJIGFtIG5v dCBzdXJlIHdoaWNoIOKAnGJ1bm55IHRyYWls4oCdIHRvb2sgdGhlIGNvbnZlcnNhdGlvbiBoZXJl LCBidXQNCnBlcmhhcHMgYSBjb3VwbGUgb2YgdG9wLXBvc3QgY2xhcmlmaWNhdGlvbnMgbWlnaHQg aGVscDoNCg0KMS4g4oCcT3JpZ2luYWwgUGFja2V0L0ZyYW1l4oCdIC0+IHRoZSB0ZXJtaW5vbG9n eSBQYWNrZXQvRnJhbWUsIGFzIGNvbW1vbmx5DQp1c2VkLCBkZW5vdGVzIGFuIElQIHBhY2tldCBv ciBhbiBFdGhlcm5ldCBmcmFtZS4NCjIuIFRoZSBvdXRlciAiVHJhbnNwb3J0IEVuY2Fwc3VsYXRp b27igJ0gZG9lcyAqbm90KiBtZWFuIFRDUC4gSXQgdXNlcyB0aGUNCndvcmQg4oCcVHJhbnNwb3J0 4oCdIGFzIHRyYW5zcG9ydCBwcm9maWxlLCBhbiBlbmNhcHN1bGF0aW9uIHRoYXQgdHJhbnNwb3J0 cywNCm5vdCBhcyBUQ1AuIEdSRSBpcyBvbmUgZXhhbXBsZSBvZiBhIHRyYW5zcG9ydCBlbmNhcHN1 bGF0aW9uLCBub3QgVENQIGFzIGENCuKAnEw0IFRyYW5zcG9ydCBMYXllciBwcm90b2NvbOKAnS4N Cg0KSW4gcG9pbnQgIzIsIEdSRSBpcyB0aGUgVHJhbnNwb3J0IHRoYXQgTlNIIHVzZXMgYmV0d2Vl biBTRkZzL1NGcy4gQW5kDQpmdXJ0aGVyLCBzaW5jZSBOU0ggaXMgVHJhbnNwb3J0IEVuY2Fwc3Vs YXRpb24gYWdub3N0aWMsIHdlIGFyZSB0YWxraW5nDQphYm91dCBwb3RlbnRpYWxseSBhIGJyb2Fk IHNldCBvZiBwcm90b2NvbHPigKYgSeKAmWQgZW5jb3VyYWdlIHVzIHRvIG5vdA0KYXR0ZW1wdCB0 byBjbGFzc2lmeSB0aGVtIGluIE9TSSBMYXllcnMuDQoNCkkgY2FuIHNlZSB0aGF0IHNvbWUgb2Yg dGhpcyBtaWdodCBub3QgYmUgdG90YWxseSBjbGVhciBpZiBzY2FubmluZw0KdGhyb3VnaCB0aGUg ZG9jdW1lbnQsIGJ1dCBpdCBpcyBjbGVhciBmb3IgYW4gaW1wbGVtZW50b3IuDQoNClNlZSBUYWJs ZSAxIGFuZCBUYWJsZSAzIGZvciBleGFtcGxlcyAoVHJhbnNwb3J0IGNvbHVtbikNCg0KSSBob3Bl IHRoaXMgaGVscHMgc2V0IGNsYXJpZnlpbmcgY29udGV4dCwgc2VlIGlubGluZSBmb3IgbW9yZSBz cGVjaWZpYw0KZGV0YWlscy4uLg0KDQpPbiBTZXAgMjAsIDIwMTcsIGF0IDExOjIxIEFNLCBLYXRo bGVlbiBNb3JpYXJ0eQ0KPEthdGhsZWVuLk1vcmlhcnR5LmlldGZAZ21haWwuY29tPG1haWx0bzpL YXRobGVlbi5Nb3JpYXJ0eS5pZXRmQGdtYWlsLmNvbT4+IHdyb3RlOg0KDQpIaSBDYXJsb3MsDQoN Ckl0J3MgYSBzdGFydCwgYnV0IHNob3VsZCBiZSBtb3JlIHNwZWNpZmljLg0KDQpUaGUgc3BlY2lm aWNzIGFyZSBpbiB0aGUgZG9jdW1lbnQsIGV2ZW4gZXhhbXBsZXMgYXMgcGVyIFRhYmxlcyAxIGFu ZCAzLg0KDQpXaGF0IGFyZSB0aGUgb3JpZ2luYWwNCnBhY2tldHMvZnJhbWUgLSBpcyB0aGlzIGxp bmsgbGF5ZXIgb3IgbmV0d29yayBvciBib3RoPw0KDQpUaGVzZSBhcmUgdGhlIHBhY2tldHMgb3Ig ZnJhbWVzIGluY29taW5nIGludG8gYSBjbGFzc2lmaWVyLCBvcmlnaW5hbCwNCnRoZW4gTlNIIGlz IGltcG9zZWQsIHRoZW4gYSB0cmFuc3BvcnQgZW5jYXBzdWxhdGlvbiBpcyBpbXBvc2VkLg0KDQpJ dCBzZWVtcyBsaWtlDQpib3RoIGZyb20gdGhlIGRpYWdyYW0sIGJ1dCBpcyB0aGF0IHJlYWxseSB0 aGUgY2FzZT8NCg0KWWVzLCBpdCBpcyBib3RoLiBSZWFsbHkgdGhlIGNhc2UuDQoNCg0KVGhlbiBm b3IgdGhlIHRyYW5zcG9ydCBlbmNhcHN1bGF0aW9uLCBpcyB0aGlzIGxheWVyIDMgb3IgND8NCg0K SSBiZWxpZXZlIGl0IGlzIGEgc291cmNlIG9mIGhlYWRhY2hlIGFuZCBjb25mdXNpb24gdG8gdGhp bmsgYWJvdXQgT1NJDQpsYXllcnPigKYgd2hhdCBsYXllciBpcyBJUC1pbi1JUD8gQW5kIGFuIE1Q TFMgUHNldWRvd2lyZSB0cmFuc3BvcnRpbmcNCkV0aGVybmV0PyBPciBhbiBJUHY2L0wyVFB2MyBw c2V1ZG93aXJlIHRyYW5zcG9ydGluZyBURE0/DQoNCg0KVGhlIHdvcmRpbmcgdGhhdCBwcmVjZWRl cyB0aGlzIGlzIGEgYml0IGNvbmZ1c2luZyAoaGVyZSBmb3IgcmVmZXJlbmNlKToNCg0KIFRoZSBO ZXR3b3JrIFNlcnZpY2UgSGVhZGVyIChOU0gpIHNwZWNpZmljYXRpb24gZGVmaW5lcyBhIG5ldyBw cm90b2NvbA0KIGFuZCBhc3NvY2lhdGVkIGVuY2Fwc3VsYXRpb24gZm9yIHRoZSBjcmVhdGlvbiBv ZiBkeW5hbWljIHNlcnZpY2UNCiBjaGFpbnMsIG9wZXJhdGluZyBhdCB0aGUgc2VydmljZSBwbGFu ZS4gIFRoZSBOU0ggaXMgZGVzaWduZWQgdG8NCiBlbmNhcHN1bGF0ZSBhbiBvcmlnaW5hbCBwYWNr ZXQgb3IgZnJhbWUsIGFuZCBpbiB0dXJuIGJlIGVuY2Fwc3VsYXRlZA0KIGJ5IGFuIG91dGVyIHRy YW5zcG9ydCAod2hpY2ggaXMgdXNlZCB0byBkZWxpdmVyIHRoZSBOU0ggdG8gTlNILWF3YXJlDQog bmV0d29yayBlbGVtZW50cyksIGFzIHNob3duIGluIEZpZ3VyZSAxOg0KDQpEb2VzIHRoZSBleHBs YW5hdGlvbiBhYm92ZSBoZWxwPyBJIGFtIG5vdCBzdXJlIGhvdyB0byBiZXN0IGFuc3dlcuKApg0K YmVjYXVzZSBJIGRvIG5vdCBmaW5kIGl0IGNvbmZ1c2luZy4gVGhpcyB0ZXh0IGlzIHRoZSByZXN1 bHQgb2YgcmV2aWV3ZXJzDQphc2tpbmcgZm9yIGNsYXJpdHksIGFuZCB0aGVuIGFja25vd2xlZGdp bmcgdGhhdCB0aGUgcGFyYWdyYXBoIGFib3ZlDQpicm91Z2h0IHRoYXQgY2xhcml0eS4NCg0KDQpO b3JtYWxseSwgdGhlIGhpZ2hlciBsYXllcnMgYXJlIGVuY2Fwc3VsYXRlZCwNCg0KV2hhdCBpcyBo aWdoZXIgYW5kIGxvd2VyPyBBbmQgZm9yIHdoYXQgZGVmaW5pdGlvbiBvZiDigJxOb3JtYWxseeKA nT8gV2hhdOKAmXMNCmEgVHVubmVsPw0KDQpidXQgdGhpcyB3b3JkaW5nDQpkZXNjcmliZXMganVz dCB0aGUgb3Bwb3NpdGUuICBJdCBzYXlzIHRoZSBwYWNrZXQvZnJhbWUgYXQgbGF5ZXIgMi8zDQoo anVzdCBnb2luZyBmcm9tIHRoZSBub3JtYWwgdXNlcyBvZiBwYWNrZXQgYW5kIGZyYW1lIHRvIGFz c3VtZSBsYXllcg0KMy8yKS4NCg0KQ29ycmVjdC4gSVAgcGFja2V0LCBFdGhlcm5ldCBGcmFtZS4N Cg0KTkhTIGVuY2Fwc3VsYXRlcyB0aGF0LCBhbmQgdGhlbiBpcyBlbmNhcHN1bGF0ZWQgYnkgYSB0 cmFuc3BvcnQgbGF5ZXINCjMvND8NCg0KTm8uDQoNCldoZXJlIGRvZXMgaXQgc2F5IOKAnFRyYW5z cG9ydCBMYXllcuKAnT8NCg0KTm90ZSB0aGF0IOKAnE5ldHdvcmsgVHJhbnNwb3J04oCdLCBhbmQg 4oCcVHJhbnNwb3J0IEVuY2Fwc3VsYXRpb27igJ0gYXJlIHRlcm1zDQpjb21pbmcgZnJvbSBSRkMg NzY2NS4NCg0KQW5kIHRvIGJlIGNsZWFyOiBtYW55IFJGQ3MgdXNlIOKAnFRyYW5zcG9ydCBFbmNh cHN1bGF0aW9u4oCdIG9yIGENCnZhcmlhdGlvbiBvZiB0aGF0IChFbmNhcHN1bGF0aW9uIGZvciBU cmFuc3BvcnQsIFRyYW5zcG9ydC1pbmRlcGVuZGVudA0KRW5jYXBzdWxhdGlvbiwgZXRjLikNCg0K U2VlIFRhYmxlIDEgYW5kIFRhYmxlIDMsIFRyYW5zcG9ydCBjb2x1bW4sIGZvciBleGFtcGxlcy4N Cg0KDQpJZiB5b3UgY2FuIGNsYXJpZnkgdGhpcyB0ZXh0IG9yIG1ha2UgaXQgY2xlYXIgdGhhdCB5 b3UgcmVhbGx5DQppbnRlbmRlZCB0byBkbyB0aGlzIG9kZCBlbmNhcHN1bGF0aW9uLCB0aGF0IHdv dWxkIGhlbHAgYSBsb3QuDQoNCkhvcGVmdWxseSBteSBleHBsYW5hdGlvbiBoZWxwcy4NCg0KVW5k ZXJzdGFuZGluZyB0aGUgbGF5ZXJzIHRoaXMgYWxsIGhhcHBlbnMgYXQgaXMgdmVyeSBpbXBvcnRh bnQuICBJZg0KTlNIIGlzIHRoZSB0cmlnZ2VyIGZvciB0aGUgbGF5ZXIgMy80IHRyYW5zcG9ydCwg aG93IGNhbiBzZWN1cml0eSBiZQ0KYXBwbGllZD8gIE9yIGlzIGl0IGFkZHJlc3NlZCBieSBhIHBy aW9yIDMvNCBlbmNhcHN1bGF0aW9uIGJ5IHRoZQ0Kb3JpZ2luYWwgcGFja2V0L2ZyYW1lPw0KDQpU aGFua3MsDQpLYXRobGVlbg0KDQoNCg0K4oCUDQpDYXJsb3MgUGlnbmF0YXJvLCBjYXJsb3NAY2lz Y28uY29tPG1haWx0bzpjYXJsb3NAY2lzY28uY29tPg0KDQoNCg0KT24gVHVlLCBTZXAgMTksIDIw MTcgYXQgNDo1MyBQTSwgQ2FybG9zIFBpZ25hdGFybyAoY3BpZ25hdGEpDQo8Y3BpZ25hdGFAY2lz Y28uY29tPG1haWx0bzpjcGlnbmF0YUBjaXNjby5jb20+PiB3cm90ZToNCkhpLCBLYXRobGVlbiwN Cg0KVGhhbmtzIGZvciB0aGUgY2xhcmlmaWNhdGlvbi4NCg0KUmVnYXJkaW5nOg0KDQppcyB0aGF0 IHRoZSBsYXllcmluZyBuZWVkcyB0byBiZSBzcGVjaWZpY2FsbHkgc3RhdGVkIHRvIGNsZWFybHkN Cg0KDQpMaWtlIHRoaXM/DQpodHRwczovL3Rvb2xzLmlldGYub3JnL2h0bWwvZHJhZnQtaWV0Zi1z ZmMtbnNoLTIxI3NlY3Rpb24tMQ0KDQogICAgICAgICAgICAgICAgICAgKy0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLSsNCiAgICAgICAgICAgICAgICAgICB8ICAgIFRyYW5zcG9ydCBFbmNh cHN1bGF0aW9uICAgfA0KICAgICAgICAgICAgICAgICAgICstLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0rDQogICAgICAgICAgICAgICAgICAgfCBOZXR3b3JrIFNlcnZpY2UgSGVhZGVyIChO U0gpIHwNCiAgICAgICAgICAgICAgICAgICArLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t Kw0KICAgICAgICAgICAgICAgICAgIHwgICAgT3JpZ2luYWwgUGFja2V0IC8gRnJhbWUgICB8DQog ICAgICAgICAgICAgICAgICAgKy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLSsNCg0KICAg ICAgICAgICAgRmlndXJlIDE6IE5ldHdvcmsgU2VydmljZSBIZWFkZXIgRW5jYXBzdWxhdGlvbg0K DQpJIHRoaW5rIGlmIHlvdSBsYWlkIHRoaXMgb3V0DQpuaWNlbHkgYW5kIGNsZWFybHkgc2hvd2Vk IHdoZXJlIHRyYW5zcG9ydCBzZWN1cml0eSBpcyBhZGRyZXNzZWQgYXQNCmFub3RoZXIgbGF5ZXIg KG91dC1vZi1zY29wZSksIGl0IHdvdWxkIGdvIGEgbG9uZyB3YXkuDQoNCg0KSG9wZWZ1bGx5IHRo ZSBhYm92ZSAoZXhpc3RpbmcpIGZpZ3VyZSBhbmQgdGV4dCBpcyBjbGVhci4gSW4gdGhhdCBjYXNl Og0KDQpPbmUgaWRlYSBpcyB0byBjYXRlZ29yaXplIHRoZSBwYXJhZ3JhcGhzIGluIHRoZSBTZWN1 cml0eQ0KQ29uc2lkZXJhdGlvbnMgdG8NCm1ha2UgdGhvc2UgcmVsYXRpb25zIG1vcmUgY2xlYXIu DQoNCuKAlA0KQ2FybG9zIFBpZ25hdGFyby4NCg0KDQpPbiBTZXAgMTksIDIwMTcsIGF0IDM6Mzgg UE0sIEthdGhsZWVuIE1vcmlhcnR5DQo8S2F0aGxlZW4uTW9yaWFydHkuaWV0ZkBnbWFpbC5jb208 bWFpbHRvOkthdGhsZWVuLk1vcmlhcnR5LmlldGZAZ21haWwuY29tPj4gd3JvdGU6DQoNClRoYW5r cyBmb3IgdGhlIHJlc3BvbnNlcy4gIEknbSBnb2luZyB0byB0b3AgcG9zdCBhcyBJIHRoaW4gdGhl IG1haW4NCnBvaW50IG9mIG15IHJldmlldyBpcyB0aGF0IHRoZSBsYXllcmluZyBuZWVkcyB0byBi ZSBzcGVjaWZpY2FsbHkNCnN0YXRlZCB0byBjbGVhcmx5IHNjb3BlIHRoZSBwcm9ibGVtIHNwYWNl IGZvciBOU0ggc2VjdXJpdHkNCmNvbnNpZGVyYXRpb25zLiAgVGhlIGRyYWZ0IGFzLXdyaXR0ZW4g aXMgbm90IGNsZWFyIGFuZCBhcyBhIHJlc3VsdCwNCnNlY3VyaXR5IHJldmlld3MgYXJlIHZlcnkg ZGlmZmljdWx0LiAgSSB0aGluayBpZiB5b3UgbGFpZCB0aGlzIG91dA0KbmljZWx5IGFuZCBjbGVh cmx5IHNob3dlZCB3aGVyZSB0cmFuc3BvcnQgc2VjdXJpdHkgaXMgYWRkcmVzc2VkIGF0DQphbm90 aGVyIGxheWVyIChvdXQtb2Ytc2NvcGUpLCBpdCB3b3VsZCBnbyBhIGxvbmcgd2F5LiAgQWx0aG91 Z2ggdGhlDQpkcmFmdCBpbXByb3ZlZCBhIGJpdCBmcm9tIHRoZSBwcmV2aW91cyB2ZXJzaW9uLCBJ IHRoaW5rIGEgY2FyZWZ1bA0KcmV2aWV3IGFuZCBlZGl0IHBhc3Mgd291bGQgZG8gYSBsb3Qgb2Yg Z29vZCwgc3BlY2lmaWNhbGx5IGFyb3VuZA0KY2xhcml0eSBvZiB0aGUgcHJvYmxlbSBzcGFjZSBh bmQgc29sdXRpb24uICBUaGUgcXVlc3Rpb25zIEkgYXNrZWQgd2VyZQ0KYSByZXN1bHQgb2YgbGFj ayBvZiBjbGFyaXR5IGluIHRoZSBkcmFmdC4NCg0KVGhhbmtzLA0KS2F0aGxlZW4NCg0KT24gVHVl LCBTZXAgMTksIDIwMTcgYXQgMzoyMiBQTSwgUGF1bCBRdWlubiAocGF1bHEpIDxwYXVscUBjaXNj by5jb208bWFpbHRvOnBhdWxxQGNpc2NvLmNvbT4+DQp3cm90ZToNCg0KSGksDQoNClRoYW5rIHlv dSBmb3IgdGhlIHJldmlldy4gIFBsZWFzZSBzZWUgc29tZSBjb21tZW50cyBpbmxpbmUgYmVsb3cu DQoNClBhdWwNCg0KT24gU2VwIDE4LCAyMDE3LCBhdCA0OjE1IFBNLCBLYXRobGVlbiBNb3JpYXJ0 eQ0KPGthdGhsZWVuLm1vcmlhcnR5LmlldGZAZ21haWwuY29tPG1haWx0bzprYXRobGVlbi5tb3Jp YXJ0eS5pZXRmQGdtYWlsLmNvbT4+IHdyb3RlOg0KDQpIZWxsbywNCg0KQXQgQWxpYSdzIHJlcXVl c3QsIEkgZGlkIGFuIGVhcmx5IHJldmlldyBvZiBkcmFmdC1pZXRmLXNmYy1uc2guICBIZXJlDQph cmUgc29tZSBpbml0aWFsIGNvbW1lbnRzIGFuZCBJIG1heSBoYXZlIG1vcmUgd2hlbiB0aGUgZHJh ZnQgaXMNCnJldmlzZWQgYW5kIGlzIGluIGZvciBJRVNHIHJldmlldy4gIEkgYXBwcmVjaWF0ZSB5 b3VyIGVmZm9ydHMNCmFkZHJlc3NpbmcgdGhlIGNvbW1lbnRzIHJlY2VpdmVkIHRvIGRhdGUuICBJ IGhvcGUgeW91IGZpbmQgdGhlc2UNCnN1Z2dlc3Rpb25zIGFzIGhlbHBmdWwgaW1wcm92ZW1lbnRz IHRvIHRoZSBkb2N1bWVudCBhbmQgY2xhcml0eSBvZiBOU0gNCnNlY3VyaXR5IGNvbmNlcm5zLg0K DQoNClNlY3Rpb24gMSAtDQoNClRoZSBpbnRlbmRlZCBzY29wZSBpbiB0aGUgaW50cm9kdWN0aW9u IHNob3VsZCBhbHNvIGluY2x1ZGUgbWVudGlvbiBvZg0KbXVsdGktdGVuYW5jeS4gIFRoaXMgY2hh bmdlcyB0aGUgc2VjdXJpdHkgcmVxdWlyZW1lbnRzIGFuZCBpcyB2ZXJ5DQppbXBvcnRhbnQgdG8g bm90ZS4NCg0KU2VjdGlvbiAxLjQgLQ0KDQo1LiAgVHJhbnNwb3J0IEFnbm9zdGljOiBUaGUgTlNI IGlzIGVuY2Fwc3VsYXRpb24taW5kZXBlbmRlbnQsIG1lYW5pbmcNCiAgIGl0IGNhbiBiZSB0cmFu c3BvcnRlZCBieSBhIHZhcmlldHkgb2YgcHJvdG9jb2xzLiAgQW4gYXBwcm9wcmlhdGUNCiAgIChm b3IgYSBnaXZlbiBkZXBsb3ltZW50KSBlbmNhcHN1bGF0aW9uIHByb3RvY29sIGNhbiBiZSB1c2Vk IHRvDQogICBjYXJyeSBOU0gtZW5jYXBzdWxhdGVkIHRyYWZmaWMuICBUaGlzIHRyYW5zcG9ydCBt YXkgZm9ybSBhbg0KICAgb3ZlcmxheSBuZXR3b3JrIGFuZCBpZiBhbiBleGlzdGluZyBvdmVybGF5 IHRvcG9sb2d5IHByb3ZpZGVzIHRoZQ0KICAgcmVxdWlyZWQgc2VydmljZSBwYXRoIGNvbm5lY3Rp dml0eSwgdGhhdCBleGlzdGluZyBvdmVybGF5IG1heSBiZQ0KICAgdXNlZC4NCg0KSXMgdGhlcmUg YSBwcmVmZXJyZWQgdHJhbnNwb3J0IHNvIHlvdSBjb3VsZCBzcGVjaWZ5IGEgcmVjb21tZW5kZWQN CnRyYW5zcG9ydCBzZWN1cml0eSBwcm90b2NvbD8NCg0KDQpQUT4gVGhlcmUgaXMgbm90LiAgSW4g ZmFjdCBhdCB0aGUgQUTigJlzIHJlcXVlc3Qgc2FtcGxlIHRyYW5zcG9ydHMgd2VyZQ0KcmVtb3Zl ZCB0byBlbnN1cmUgdGhhdCB0aGVyZSB3YXMgbm8gaW1wbGllZCBwcmVmZXJlbmNlLiAgVGhlcmVm b3JlLCBhbg0Kb3BlcmF0b3IgY2FuIHNlbGVjdCB0aGVpciBwcmVmZXJyZWQgdHJhbnNwb3J0cywg aW5jbHVkaW5nIOKAlCBhcyBwZXIgdGhlDQpzZWN1cml0eSBjb25zaWRlcmF0aW9ucyBzZWN0aW9u IOKAlCBvbmVzIHRoYXQgcHJvdmlkZSBlbmNyeXB0aW9uLg0KDQoNClNlY3Rpb24gMiwgM3JkIHNl bnRlbmNlOg0KU3Vic2VxdWVudGx5LCBhbg0Kb3V0ZXIgZW5jYXBzdWxhdGlvbiBpcyBpbXBvc2Vk IG9uIHRoZSBOU0gsIHdoaWNoIGlzIHVzZWQgZm9yIG5ldHdvcmsNCmZvcndhcmRpbmcuDQoNCktu b3dpbmcgbW9yZSBhYm91dCB0aGlzIHdvdWxkIGhlbHAgdG8gdW5kZXJzdGFuZCBvcHRpb25zIG9y IGlmIHRoZXJlDQppcyBhbm90aGVyIGRyYWZ0IHRoYXQgYWRkcmVzc2VzIHRoaXMgb3V0ZXIgZW5j YXBzdWxhdGlvbiB0aGF0IGlzDQppbXBvc2VkIGFuZCB0aGUgdHJhbnNwb3J0IHNlY3VyaXR5IHJl cXVpcmVtZW50cyB0aGF0IGdvIGFsb25nIHdpdGggaXQuDQoNCg0KUFE+IFNpbmNlIE5TSCBkZWZp bmVzIG5vIHByZWZlcnJlZCB0cmFuc3BvcnQocyksIHRoZSBzZWN1cml0eSBvZiB0aGUNCnNlbGVj dGVkIHRyYW5zcG9ydCBpcyBsZWZ0IHRvIHRoZSB0cmFuc3BvcnQgc3RhbmRhcmQuICAgU28sIGZv cg0KZXhhbXBsZSwgaWYNCmFuIG9wZXJhdG9yIGVsZWN0cyB0byB1c2UgdGhlIE5WTzMgZGVmaW5l ZCBwcm90b2NvbCwgdGhlbiB0aGUgb3BlcmF0b3INCmhhcw0KZXhwbGljaXRseSBzZWxlY3RlZCB0 aGF0IG92ZXJsYXkuDQoNCg0KVHJhbnNwb3J0IG1heSBiZSBob3AgdG8gaG9wLCBhbmQgdGhlcmUg bWlnaHQgbm90IGJlIGVuY3J5cHRpb24gb2YgdGhpcw0KaGVhZGVyIGlmIHRoZSBhcHBsaWNhdGlv biB1c2VzIGFuIGVuY3J5cHRlZCB0cmFuc3BvcnQgZW5jYXBzdWxhdGVkIGluDQp0aGlzIGxheWVy LiAgSW4gYW55IGNhc2UsIGl0IHNlZW1zIGludGVncml0eSBwcm90ZWN0aW9uIGlzIGENCnJlcXVp cmVtZW50IGZvciBhIG11bHRpLXRlbmFudCBlbnZpcm9ubWVudC4gIENvdWxkIHRoZSBDT1NFIE1B Qw0KZnVuY3Rpb24gZml0IHRoZSBiaWxsIHNpbmNlIGl0IGlzIGludGVuZGVkIGZvciBjb25jaXNl IGZvcm1hdHM/DQpodHRwczovL2RhdGF0cmFja2VyLmlldGYub3JnL2RvYy9yZmM4MTUyDQpKT1NF IHByb2R1Y2VkIGEgc2ltaWxhciBmdW5jdGlvbiB3aXRoIEpTT04sIGJ1dCBpdCB3b3VsZCBiZSBz bGlnaHRseQ0KbGFyZ2VyLg0KDQpTZWN0aW9uIDcuMToNCg0KVGhlIGZvbGxvd2luZyBwYXJhZ3Jh cGggaW1wbGllcyB0aGF0IGFueXRoaW5nIGxlc3MgdGhhbiBhIDUtdHVwbGUNCmlzbuKAmXQgdXNl ZnVsIGFuZCB0aGF0IHlvdSBpbnRlbmQgdG8gdXNlIHRyYWZmaWMgY29udGVudCB3aGVuDQphdmFp bGFibGUuICBUaGlzIGlzIGNvbmNlcm5pbmcuICBDYW7igJl0IHlvdSB1c2UgYSAyLXR1cGxlPyAg V2hhdCBpZg0KSVBzZWMgdHJhbnNwb3J0IG1vZGUgd2VyZSBpbiB1c2UsIGlzIHRoaXMgc29sdXRp b24gZGVhZCBpbiB0aGUgd2F0ZXI/DQoNClJlZ2FyZGxlc3Mgb2YgdGhlIHNvdXJjZSwgbWV0YWRh dGEgcmVmbGVjdHMgdGhlICJyZXN1bHQiIG9mDQpjbGFzc2lmaWNhdGlvbi4gIFRoZSBncmFudWxh cml0eSBvZiBjbGFzc2lmaWNhdGlvbiBtYXkgdmFyeS4gIEZvcg0KZXhhbXBsZSwgYSBuZXR3b3Jr IHN3aXRjaCwgYWN0aW5nIGFzIGEgY2xhc3NpZmllciwgbWlnaHQgb25seSBiZSBhYmxlDQp0byBj bGFzc2lmeSBiYXNlZCBvbiBhIDUtdHVwbGUsIHdoaWxlIGEgc2VydmljZSBmdW5jdGlvbiBtYXkg YmUgYWJsZQ0KdG8gaW5zcGVjdCBhcHBsaWNhdGlvbiBpbmZvcm1hdGlvbi4gIFJlZ2FyZGxlc3Mg b2YgZ3JhbnVsYXJpdHksIHRoZQ0KY2xhc3NpZmljYXRpb24gaW5mb3JtYXRpb24gY2FuIGJlIHJl cHJlc2VudGVkIGluIHRoZSBOU0guDQoNCklmIGEgMi10dXBsZSBpcyBwb3NzaWJsZSwgY291bGQg eW91IGFkZCB0aGF0IGluIGFzIGFuIGV4YW1wbGUgaW5zdGVhZA0Kb2Ygb3IgaW4gYWRkaXRpb24g dG8gdGhlIDUtdHVwbGU/DQoNCg0KUFE+ICBUaGUgNS10dXBsZSB3YXMgdXNlZCBvbmx5IGFzIGFu IGV4YW1wbGUgdGhhdCBpcyBjb21tb25seQ0KdW5kZXJzdG9vZCBpbg0KdGhlIGNvbnRleHQgb2Yg bmV0d29yayBkZXZpY2UgY2xhc3NpZmljYXRpb24uICBUaGUgc2VudGVuY2U6ICJUaGUNCmdyYW51 bGFyaXR5IG9mIGNsYXNzaWZpY2F0aW9uIG1heSB2YXJ5LuKAnSBhZGRyZXNzZXMgMiwgMywgNCwg bi10dXBsZQ0KY2xhc3NpZmljYXRpb24uICBGdXJ0aGVyLCB0aGF0IHBvaW50IGlzIHJlaW5mb3Jj ZWQ6IOKAnFJlZ2FyZGxlc3Mgb2YNCmdyYW51bGFyaXR5LCB0aGUgY2xhc3NpZmljYXRpb24gaW5m b3JtYXRpb24gY2FuIGJlIHJlcHJlc2VudGVkIGluIHRoZQ0KTlNILiINCg0KDQoNCg0KU2VjdGlv biA3LjENCg0KVGhpcyB0ZXh0IGNvbWVzIHRvbyBsYXRlIGluIHRoZSBkcmFmdCBhbmQgSSByZWNv bW1lbmQgbWFraW5nIGEgY2xlYXINCnN0YXRlbWVudCBpbiB0aGUgaW50cm9kdWN0aW9uIHRoYXQg c2Vzc2lvbiBlbmNyeXB0aW9uIHRvIHByb3RlY3QgdGhlDQpkYXRhIGluIHRyYW5zaXQgcmVsaWVz IG9uIHRoZSBhcHBsaWNhdGlvbi9zZXJ2aWNlIHNlbmRpbmcvcmVjZWl2aW5nDQp0aGUgZGF0YSBh bmQgbm90IHRoZSBTRkMuICBJIG1hZGUgdGhpcyBwb2ludCBwcmV2aW91c2x5IGFuZCBhbSBnbGFk IHRvDQpzZWUgc29tZSB0ZXh0LCBidXQgdGhpbmsgaXQgd291bGQgYmUgbXVjaCBiZXR0ZXIgdG8g c3RhdGUgdGhpcyBlYXJseQ0KaW4gdGhlIGRyYWZ0LiAgVG91Y2hpbmcgdXBvbiBwcm90ZWN0aW9u cyBmb3IgZGF0YSBzdHJlYW1zIHZlcnN1cyBtZXRhDQpkYXRhIHdvdWxkIGJvdGggYmUgaW1wb3J0 YW50IChsYXllcnMgZm9yIHRyYWZmaWMgYW5kIGFzc29jaWF0ZWQNCnByb3RlY3Rpb25zKS4gIElm IGl04oCZcyBtZXRhIGRhdGEsIGRvIHRoZXkgbmVlZCB0byByZWx5IG9uIElQc2VjIGFuZA0KaGF2 aW5nIGEgMi10dXBsZSBiZSB0aGUgbWluaW11bT8gIFdoZW4gaXMgdGhhdCBhcHBsaWVkPyAgSXMg dGhlcmUgbWV0YQ0KZGF0YSB0aGF0IGNvdWxkIGJlIHNlbnNpdGl2ZSBpZiBUTFMgd2FzIGluIHBs YWNlIGFuZCBhIDUtdHVwbGUgaXMNCnZpc2libGUgKHBlcmhhcHMgdGhlIGV4aXN0ZW5jZSBvZiBj b21tdW5pY2F0aW9uIGlzIHNlbnNpdGl2ZSkuICBBcmUNCnRoZXJlIG90aGVyIGNvbnNpZGVyYXRp b25zIGZvciBtZXRhZGF0YSBhbmQgZGF0YSB0aGF0IG5lZWQgdG8gYmUNCnN0YXRlZCB1cCBmcm9u dCBhbmQgcHV0IG91dC1vZi1zY29wZSBmb3IgU0ZDPyAgSeKAmW0gYXNraW5nIHRoZXNlDQpxdWVz dGlvbnMgYXMgcHJvdmlkaW5nIHRoZXNlIGFuc3dlcnMgY291bGQgc2hvdyB0aGF0IHRoZSByaXNr IGlzDQpjb25zdHJhaW5lZC4NCg0KRGVwZW5kaW5nIG9uIHRoZSBpbmZvcm1hdGlvbiBjYXJyaWVk IGluIHRoZSBtZXRhZGF0YSwgZGF0YSBwcml2YWN5DQpjb25zaWRlcmF0aW9ucyBtYXkgbmVlZCB0 byBiZSBjb25zaWRlcmVkLiAgRm9yIGV4YW1wbGUsIGlmIHRoZQ0KbWV0YWRhdGEgY29udmV5cyB0 ZW5hbnQgaW5mb3JtYXRpb24sIHRoYXQgaW5mb3JtYXRpb24gbWF5IG5lZWQgdG8gYmUNCmF1dGhl bnRpY2F0ZWQgYW5kL29yIGVuY3J5cHRlZCBiZXR3ZWVuIHRoZSBvcmlnaW5hdG9yIGFuZCB0aGUN CmludGVuZGVkIHJlY2lwaWVudHMgKHdoaWNoIG1heSBpbmNsdWRlIGludGVuZGVkIFNGcyBvbmx5 KS4gIFRoZSBOU0gNCml0c2VsZiBkb2VzIG5vdCBwcm92aWRlIHByaXZhY3kgZnVuY3Rpb25zLCBy YXRoZXIgaXQgcmVsaWVzIG9uIHRoZQ0KdHJhbnNwb3J0L292ZXJsYXkgbGF5ZXIuICBBbiBvcGVy YXRvciBjYW4gc2VsZWN0IHRoZSBhcHByb3ByaWF0ZQ0KdHJhbnNwb3J0IHRvIGVuc3VyZSBjb25m aWRlbnRpYWxpdHkgKGFuZCBvdGhlciBzZWN1cml0eSkNCmNvbnNpZGVyYXRpb25zIGFyZSBtZXQu ICBNZXRhZGF0YSBwcml2YWN5IGFuZCBzZWN1cml0eSBjb25zaWRlcmF0aW9ucw0KYXJlIGEgbWF0 dGVyIGZvciB0aGUgZG9jdW1lbnRzIHRoYXQgZGVmaW5lIG1ldGFkYXRhIGZvcm1hdC4NCg0KDQoN ClBRPiAgQXJlIHlvdSBzdWdnZXN0aW5nIHRoYXQgYXBwbGljYXRpb24gbGF5ZXIgY29uZmlkZW50 aWFsbHkgYmUNCmFkZHJlc3NlZA0KaW4gdGhpcyBkcmFmdD8gICBOU0gg4oCccGxheXMgbmljZWx5 4oCdIHdpdGggc3RhbmRhcmQgZW5jcnlwdGlvbg0KdHJhbnNwb3J0cywNCnRoZXJlZm9yZSBhbGxv d2luZyBvcGVyYXRvcnMgdG8g4oCcc2VjdXJl4oCdIHRoZSBwYXRoLiAgR29pbmcgdXAgdGhlIHN0 YWNrDQpmcm9tDQp0aGF0IHNlZW1zIHRvIGJlIG91dHNpZGUgdGhlIHNjb3BlIG9mIE5TSCBhbmQg aW5jb25zaXN0ZW50IHdpdGggb3RoZXINCnByb3RvY29sIHJlcXVpcmVtZW50cy4NCg0KDQpPdGhl ciBjb21tZW50czoNCg0KSeKAmWQgbGlrZSB0byBzZWU7DQpodHRwczovL3Rvb2xzLmlldGYub3Jn L2h0bWwvZHJhZnQtbWdsdC1zZmMtc2VjdXJpdHktZW52aXJvbm1lbnQtcmVxLTAyDQpQdWJsaXNo ZWQgYmVmb3JlIHRoaXMgZG9jdW1lbnQgYW5kIHRoZW4gaGF2ZSB0aGF0IGFzIGEgcmVmZXJlbmNl LiAgT25lDQpvZiB0aGUgY29tbWVudHMgSSBtYWRlIHByZXZpb3VzbHkgd2FzIHRvIGxpc3Qgb3V0 IHRoZSBsYXllcmluZyBhbmQNCnByb3RlY3Rpb25zIGV4cGVjdGVkIG9uIGRhdGEgYW5kIE5TSC4g IFRoaXMgaGFzIGJlZW4gZG9uZSBpbiB0aGUNCnNlY3VyaXR5IGVudmlyb25tZW50IGRyYWZ0LCBz ZWN0aW9uIDQgc2hvdWxkIGJlIHJlZmVyZW5jZWQ6DQoNClNlY3Rpb24gNCBwcm92aWRlcyBhbiBv dmVyYWxsIGRlc2NyaXB0aW9uIG9mIHRoZSBTRkMgZW52aXJvbm1lbnQgd2l0aA0KdGhlIGludHJv ZHVjdGlvbiBvZiB0aGUgZGlmZmVyZW50IHBsYW5lcyAoU0ZDIENvbnRyb2wgUGxhbmUsIHRoZSBT RkMNCk1hbmFnZW1lbnQgUGxhbmUsIHRoZSBUZW5hbnQncyB1c2VyIFBsYW5lIGFuZCB0aGUgU0ZD IERhdGEgUGxhbmUpLg0KDQoNCg0KUFE+ICBBcyBJIG1lbnRpb25lZCBvbiBhbm90aGVyIHRocmVh ZDogYSBzZWN1cmUgZW52aXJvbm1lbnQgZHJhZnQgaXMNCm5vdA0KcmVsYXRlZCB0byBOU0ggcGVy IHNlLg0KDQoNCg0KDQpUaGlzIGlzIGEgdmVyeSBpbXBvcnRhbnQgcG9pbnQgZm9yIGFueW9uZSBy ZXZpZXdpbmcgZm9yIHNlY3VyaXR5IGFzDQphcmUgdGhlIGVudmlyb25tZW50IHNlY3VyaXR5IHJl cXVpcmVtZW50cy4gIFRoZSBzZWN1cml0eSBlbnZpcm9ubWVudA0KcmVxdWlyZW1lbnRzIGRyYWZ0 IHN0aWxsIG5lZWRzIGEgbGl0dGxlIG1vcmUgd29yayBmcm9tIGEgcXVpY2sgcmVhZCwNCmJ1dCBo ZWxwcyBhIGxvdC4gIEkgbmVlZCB0byBmaW5pc2ggcmVhZGluZyB0aGUgc2VjdXJpdHkgZW52aXJv bm1lbnQNCmRyYWZ0Lg0KDQotLQ0KDQpCZXN0IHJlZ2FyZHMsDQpLYXRobGVlbg0KDQpfX19fX19f X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fXw0Kc2ZjIG1haWxpbmcgbGlz dA0Kc2ZjQGlldGYub3JnPG1haWx0bzpzZmNAaWV0Zi5vcmc+DQpodHRwczovL3d3dy5pZXRmLm9y Zy9tYWlsbWFuL2xpc3RpbmZvL3NmYw0KDQoNCg0KDQoNCi0tDQoNCkJlc3QgcmVnYXJkcywNCkth dGhsZWVuDQoNCl9fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f DQpzZmMgbWFpbGluZyBsaXN0DQpzZmNAaWV0Zi5vcmcNCmh0dHBzOi8vd3d3LmlldGYub3JnL21h aWxtYW4vbGlzdGluZm8vc2ZjDQoNCg0KDQoNCg0KLS0NCg0KQmVzdCByZWdhcmRzLA0KS2F0aGxl ZW4NCg0KDQoNCg0KLS0NCg0KQmVzdCByZWdhcmRzLA0KS2F0aGxlZW4NCg0KX19fX19fX19fX19f X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18NCnNmYyBtYWlsaW5nIGxpc3QNCnNm Y0BpZXRmLm9yZzxtYWlsdG86c2ZjQGlldGYub3JnPg0KaHR0cHM6Ly93d3cuaWV0Zi5vcmcvbWFp bG1hbi9saXN0aW5mby9zZmMNCl9fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f X19fX19fX19fDQpzZmMgbWFpbGluZyBsaXN0DQpzZmNAaWV0Zi5vcmcNCmh0dHBzOi8vd3d3Lmll dGYub3JnL21haWxtYW4vbGlzdGluZm8vc2ZjDQoNCg== --_000_65C0A290C73E40A5B41C4E0C4181BDABciscocom_ Content-Type: text/html; charset="utf-8" Content-ID: Content-Transfer-Encoding: base64 PGh0bWw+DQo8aGVhZD4NCjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIgY29udGVudD0i dGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Ij4NCjwvaGVhZD4NCjxib2R5IHN0eWxlPSJ3b3JkLXdy YXA6IGJyZWFrLXdvcmQ7IC13ZWJraXQtbmJzcC1tb2RlOiBzcGFjZTsgLXdlYmtpdC1saW5lLWJy ZWFrOiBhZnRlci13aGl0ZS1zcGFjZTsiIGNsYXNzPSIiPg0KSGksIE1lZCwNCjxkaXYgY2xhc3M9 IiI+PGJyIGNsYXNzPSIiPg0KPC9kaXY+DQo8ZGl2IGNsYXNzPSIiPkkgZnVsbHkgYWdyZWUgd2l0 aCB5b3UuIEhvd2V2ZXIsIEkgZGlkIGdvIHRocm91Z2ggdGhlIHdob2xlIGRvY3VtZW50IG1ha2lu ZyBzdXJlIHdlIHdlcmUgYWx3YXlzIHVzaW5nIOKAnHRyYW5zcG9ydCBlbmNhcHN1bGF0aW9u4oCd LiBGcmFua2x5LCBJIGRpZCBmaW5kIGEgZmV3IHBsYWNlcyB3aGVyZSBub3JtYWxpemluZyBhbmQg Y2xlYW5pbmcgdGhlIHRlcm1pbm9sb2d5IGhlbHBlZCBhIGxvdC4gSeKAmWxsIHBvc3QgdGhvc2Ug Y2hhbmdlcw0KIGJlZm9yZSBuZXh0IHdlZWsgKEkgd2FudCB0byBtYWtlIHNvbWUgdXBkYXRlcyB0 byB0aGUgc2VjdXJpdHkgY29uc2lkZXJhdGlvbnMgYXMgd2VsbCwgYW5kIHRoZW4gcmVsZWFzZSku PC9kaXY+DQo8ZGl2IGNsYXNzPSIiPjxiciBjbGFzcz0iIj4NCjwvZGl2Pg0KPGRpdiBjbGFzcz0i Ij5JIGFsc28gYWdyZWUgdGhhdCwgaW4gdGhlb3J5LCB3ZSBkbyBub3QgbmVlZCB0byByZS1kZXNj cmliZSB0aGUgbGF5ZXJpbmcgYW5kIGFsbCB0aGUgcGllY2VzIGV4aXN0IGluIFJGQyA3NjY1IGFu ZCBpbiB0aGUgTlNIIHNwZWMuIEkgZG8gbm90IG1pbmQgZXJyaW5nIG9uIHRoZSBzaWRlIG9mIGV4 dHJhIGNsYXJpdHkgZm9yIHRoZSB1bmluaXRpYXRlZCByZWFkZXIuPC9kaXY+DQo8ZGl2IGNsYXNz PSIiPjxiciBjbGFzcz0iIj4NCjwvZGl2Pg0KPGRpdiBjbGFzcz0iIj5JIHdpbGwgYXNrIHlvdSB0 byBjaGVjayBvdXQgdGhlIGZvcnRoY29taW5nIHJldmlzaW9uIC0yMi48L2Rpdj4NCjxkaXYgY2xh c3M9IiI+PGJyIGNsYXNzPSIiPg0KPC9kaXY+DQo8ZGl2IGNsYXNzPSIiPlRoYW5rcyE8L2Rpdj4N CjxkaXYgY2xhc3M9IiI+PGJyIGNsYXNzPSIiPg0KPGRpdiBjbGFzcz0iIj4NCjxkaXYgc3R5bGU9 ImNvbG9yOiByZ2IoMCwgMCwgMCk7IGxldHRlci1zcGFjaW5nOiBub3JtYWw7IHRleHQtYWxpZ246 IHN0YXJ0OyB0ZXh0LWluZGVudDogMHB4OyB0ZXh0LXRyYW5zZm9ybTogbm9uZTsgd2hpdGUtc3Bh Y2U6IG5vcm1hbDsgd29yZC1zcGFjaW5nOiAwcHg7IC13ZWJraXQtdGV4dC1zdHJva2Utd2lkdGg6 IDBweDsgd29yZC13cmFwOiBicmVhay13b3JkOyAtd2Via2l0LW5ic3AtbW9kZTogc3BhY2U7IC13 ZWJraXQtbGluZS1icmVhazogYWZ0ZXItd2hpdGUtc3BhY2U7IiBjbGFzcz0iIj4NCuKAlDxiciBj bGFzcz0iIj4NCkNhcmxvcyBQaWduYXRhcm8sJm5ic3A7PGEgaHJlZj0ibWFpbHRvOmNhcmxvc0Bj aXNjby5jb20iIGNsYXNzPSIiPmNhcmxvc0BjaXNjby5jb208L2E+PGJyIGNsYXNzPSIiPg0KPGJy IGNsYXNzPSIiPg0KPGkgY2xhc3M9IiI+4oCcU29tZXRpbWVzIEkgdXNlIGJpZyB3b3JkcyB0aGF0 IEkgZG8gbm90IGZ1bGx5IHVuZGVyc3RhbmQsIHRvIG1ha2UgbXlzZWxmIHNvdW5kIG1vcmUgcGhv dG9zeW50aGVzaXMuJnF1b3Q7PC9pPjwvZGl2Pg0KPC9kaXY+DQo8YnIgY2xhc3M9IiI+DQo8ZGl2 Pg0KPGJsb2NrcXVvdGUgdHlwZT0iY2l0ZSIgY2xhc3M9IiI+DQo8ZGl2IGNsYXNzPSIiPk9uIFNl cCAyMSwgMjAxNywgYXQgMzowNSBBTSwgPGEgaHJlZj0ibWFpbHRvOm1vaGFtZWQuYm91Y2FkYWly QG9yYW5nZS5jb20iIGNsYXNzPSIiPg0KbW9oYW1lZC5ib3VjYWRhaXJAb3JhbmdlLmNvbTwvYT4g d3JvdGU6PC9kaXY+DQo8YnIgY2xhc3M9IkFwcGxlLWludGVyY2hhbmdlLW5ld2xpbmUiPg0KPGRp diBjbGFzcz0iIj4NCjxkaXYgY2xhc3M9IiI+SmltLCBhbGwsIDxiciBjbGFzcz0iIj4NCjxiciBj bGFzcz0iIj4NCkkgZG8gdW5kZXJzdGFuZCB0aGUgY29uZnVzaW9uIHRoYXQgaXMgaW5kdWNlZCBi eSAmcXVvdDt0cmFuc3BvcnQmcXVvdDsgaW4gdGhlIE5TSCBkb2N1bWVudC4gVXNpbmcgYW5vdGhl ciB0ZXJtIHdvdWxkIGZpeCB0aGlzLCBzdXJlLg0KPGJyIGNsYXNzPSIiPg0KPGJyIGNsYXNzPSIi Pg0KQnV0LCB3ZSBuZWVkIHRvIGtlZXAgaW4gbWluZCB0aGF0IE5TSCBzcGVjIGlzIHJlZmVycmlu ZyB0byBSRkM3NjY1IHdoaWNoIHVzZXMgJnF1b3Q7dHJhbnNwb3J0JnF1b3Q7IGV4dGVuc2l2ZWx5 LiBJTUhPLCB0aGUgZm9sbG93aW5nIGZpZ3VyZSBmcm9tIFJGQzc2NjUgaXMgdmVyeSBoZWxwZnVs IHRvIHVuZGVyc3RhbmQgdGhlIFNGQyBsYXllcmluZywgaW5jbHVkaW5nIHRoZSBub3Rpb24gb2Yg b3V0ZXItdHJhbnNwb3J0IGVuY2Fwc3VsYXRpb24uDQo8YnIgY2xhc3M9IiI+DQo8YnIgY2xhc3M9 IiI+DQombmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJz cDsmIzQzOy0tLS0tLS0tLS0tLS0tLS0mIzQzOyAmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJz cDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsm bmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmIzQz Oy0tLS0tLS0tLS0tLS0tLS0mIzQzOzxiciBjbGFzcz0iIj4NCiZuYnNwOyZuYnNwOyZuYnNwOyZu YnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwO3wgJm5ic3A7Jm5ic3A7U0ZDLWF3YXJl ICZuYnNwOyZuYnNwOyZuYnNwO3wgJm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7 Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5i c3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7fCAmbmJzcDtTRkMt dW5hd2FyZSAmbmJzcDsmbmJzcDt8PGJyIGNsYXNzPSIiPg0KJm5ic3A7Jm5ic3A7Jm5ic3A7Jm5i c3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7fFNlcnZpY2UgRnVuY3Rpb258ICZuYnNw OyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZu YnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNw OyZuYnNwOyZuYnNwOyZuYnNwO3xTZXJ2aWNlIEZ1bmN0aW9ufDxiciBjbGFzcz0iIj4NCiZuYnNw OyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyYjNDM7LS0t LS0tLSYjNDM7LS0tLS0tLS0mIzQzOyAmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJz cDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsm bmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmIzQzOy0tLS0t LS0mIzQzOy0tLS0tLS0tJiM0Mzs8YnIgY2xhc3M9IiI+DQombmJzcDsmbmJzcDsmbmJzcDsmbmJz cDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsm bmJzcDsmbmJzcDsmbmJzcDsmbmJzcDt8ICZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZu YnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNw OyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZu YnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNw OyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwO3w8YnIgY2xhc3M9IiI+DQombmJz cDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsm bmJzcDtTRkMgRW5jYXBzdWxhdGlvbiAmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJz cDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsm bmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDtObyBTRkMgRW5jYXBzdWxh dGlvbjxiciBjbGFzcz0iIj4NCiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZu YnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNw OyZuYnNwO3wgJm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7 Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7U0ZD ICZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZu YnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNw O3w8YnIgY2xhc3M9IiI+DQombmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmIzQzOy0tLS0tLS0tLSYj NDM7ICZuYnNwOyYjNDM7LS0tLS0tLS0tLS0tLS0tLSYjNDM7IEVuY2Fwc3VsYXRpb24gJm5ic3A7 Jm5ic3A7Jm5ic3A7Jm5ic3A7JiM0MzstLS0tLS0tLS0mIzQzOzxiciBjbGFzcz0iIj4NCiZuYnNw OyZuYnNwOyZuYnNwOyZuYnNwO3xTRkMtQXdhcmV8LS0tLS0tLS0tLS0tLS0tLS0mIzQzOyAmbmJz cDtcICZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyYjNDM7LS0tLS0tLS0tLS0tfFNGQyBQcm94eXw8 YnIgY2xhc3M9IiI+DQombmJzcDsmbmJzcDsmbmJzcDsmbmJzcDt8ICZuYnNwOyZuYnNwOyZuYnNw O1NGICZuYnNwOyZuYnNwO3wgLi4uIC0tLS0tLS0tLS0mIzQzOyAmbmJzcDtcICZuYnNwO1wgJm5i c3A7Jm5ic3A7LyAmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJz cDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmIzQzOy0tLS0tLS0tLSYjNDM7PGJyIGNsYXNzPSIi Pg0KJm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7JiM0MzstLS0tLS0tLS0mIzQzOyAmbmJzcDsmbmJz cDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsm bmJzcDsmbmJzcDsmbmJzcDsmbmJzcDtcICZuYnNwO1wgJm5ic3A7XCAvPGJyIGNsYXNzPSIiPg0K Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5i c3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7 Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5i c3A7Jm5ic3A7JiM0MzstLS0tLS0tJiM0MzstLS0tLS0tLSYjNDM7PGJyIGNsYXNzPSIiPg0KJm5i c3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7 Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5i c3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7 Jm5ic3A7fCAmbmJzcDsmbmJzcDtTRiBGb3J3YXJkZXIgfDxiciBjbGFzcz0iIj4NCiZuYnNwOyZu YnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNw OyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZu YnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNw O3wgJm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7KFNGRikgJm5ic3A7Jm5ic3A7Jm5ic3A7 Jm5ic3A7fDxiciBjbGFzcz0iIj4NCiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNw OyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZu YnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNw OyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyYjNDM7LS0tLS0tLSYjNDM7LS0tLS0tLS0m IzQzOzxiciBjbGFzcz0iIj4NCiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZu YnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNw OyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZu YnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNw OyZuYnNwOyZuYnNwOyZuYnNwO3w8YnIgY2xhc3M9IiI+DQombmJzcDsmbmJzcDsmbmJzcDsmbmJz cDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsm bmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJz cDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDtTRkMgRW5jYXBzdWxh dGlvbjxiciBjbGFzcz0iIj4NCiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZu YnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNw OyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZu YnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNw OyZuYnNwOyZuYnNwOyZuYnNwO3w8YnIgY2xhc3M9IiI+DQombmJzcDsmbmJzcDsmbmJzcDsmbmJz cDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsm bmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJz cDsmbmJzcDsmbmJzcDsmbmJzcDsuLi4gU0ZDLWVuYWJsZWQgRG9tYWluIC4uLjxiciBjbGFzcz0i Ij4NCiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNw OyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZu YnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNw OyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZu YnNwO3w8YnIgY2xhc3M9IiI+DQombmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsm bmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJz cDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsm bmJzcDtOZXR3b3JrIE92ZXJsYXkgVHJhbnNwb3J0PGJyIGNsYXNzPSIiPg0KJm5ic3A7Jm5ic3A7 Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5i c3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7 Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5i c3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7fDxiciBjbGFzcz0i Ij4NCiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNw OyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZu YnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNw OyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwO18sLi4uLi5fPGJyIGNsYXNzPSIi Pg0KJm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7 Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5i c3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7 Jm5ic3A7Jm5ic3A7Jm5ic3A7LC0nICZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNw OyZuYnNwO2AtLjxiciBjbGFzcz0iIj4NCiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZu YnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNw OyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZu YnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOy8gJm5ic3A7Jm5ic3A7Jm5ic3A7Jm5i c3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7 YC48YnIgY2xhc3M9IiI+DQombmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJz cDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsm bmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJz cDsmbmJzcDsmbmJzcDsmbmJzcDt8ICZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwO05ldHdvcmsgJm5i c3A7Jm5ic3A7Jm5ic3A7fDxiciBjbGFzcz0iIj4NCiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZu YnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNw OyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZu YnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwO2AuICZuYnNwOyZuYnNwOyZuYnNwOyZu YnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNw Oy88YnIgY2xhc3M9IiI+DQombmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJz cDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsm bmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJz cDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDtgLl9fICZuYnNwOyZuYnNwOyZuYnNwOyZu YnNwO19fLC0nPGJyIGNsYXNzPSIiPg0KJm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5i c3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7 Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5i c3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7 Jm5ic3A7YCcnJyc8YnIgY2xhc3M9IiI+DQo8YnIgY2xhc3M9IiI+DQpJZGVhbGx5LCB3ZSBkb24n dCBldmVuIG5lZWQgdG8gcmUtZGVzY3JpYmUgdGhlIGxheWVyaW5nIGluIHRoZSBOU0ggc3BlYyBn aXZlbiB0aGF0IHRoZSBkcmFmdCBkZWxpbWl0cyBpdHMgc2NvcGUgY2xlYXJseTo8YnIgY2xhc3M9 IiI+DQo8YnIgY2xhc3M9IiI+DQpUaGUgTlNIIGlzIHRoZSBTRkMgZW5jYXBzdWxhdGlvbiByZXF1 aXJlZCB0byBzdXBwb3J0PGJyIGNsYXNzPSIiPg0KJm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5i c3A7Jm5ic3A7Jm5ic3A7Xl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5ePGJyIGNsYXNzPSIiPg0KJm5i c3A7Jm5ic3A7dGhlIFNlcnZpY2UgRnVuY3Rpb24gQ2hhaW5pbmcgKFNGQykgYXJjaGl0ZWN0dXJl IChkZWZpbmVkIGluPGJyIGNsYXNzPSIiPg0KJm5ic3A7Jm5ic3A7UkZDNzY2NSkuPGJyIGNsYXNz PSIiPg0KPGJyIGNsYXNzPSIiPg0KQ2hlZXJzLDxiciBjbGFzcz0iIj4NCk1lZDxiciBjbGFzcz0i Ij4NCjxiciBjbGFzcz0iIj4NCjxibG9ja3F1b3RlIHR5cGU9ImNpdGUiIGNsYXNzPSIiPi0tLS0t TWVzc2FnZSBkJ29yaWdpbmUtLS0tLTxiciBjbGFzcz0iIj4NCkRlJm5ic3A7OiBzZmMgWzxhIGhy ZWY9Im1haWx0bzpzZmMtYm91bmNlc0BpZXRmLm9yZyIgY2xhc3M9IiI+bWFpbHRvOnNmYy1ib3Vu Y2VzQGlldGYub3JnPC9hPl0gRGUgbGEgcGFydCBkZSBKYW1lcyBOIEd1aWNoYXJkPGJyIGNsYXNz PSIiPg0KRW52b3nDqSZuYnNwOzogbWVyY3JlZGkgMjAgc2VwdGVtYnJlIDIwMTcgMTg6Mzg8YnIg Y2xhc3M9IiI+DQrDgCZuYnNwOzogS2F0aGxlZW4gTW9yaWFydHk7IENhcmxvcyBQaWduYXRhcm8g KGNwaWduYXRhKTxiciBjbGFzcz0iIj4NCkNjJm5ic3A7OiBQYXVsIFF1aW5uIChwYXVscSk7IDxh IGhyZWY9Im1haWx0bzpzZmNAaWV0Zi5vcmciIGNsYXNzPSIiPnNmY0BpZXRmLm9yZzwvYT48YnIg Y2xhc3M9IiI+DQpPYmpldCZuYnNwOzogUmU6IFtzZmNdIEVhcmx5IHJldmlldyBkcmFmdC1pZXRm LXNmYy1uc2g8YnIgY2xhc3M9IiI+DQo8YnIgY2xhc3M9IiI+DQpIaSBLYXRobGVlbiw8YnIgY2xh c3M9IiI+DQo8YnIgY2xhc3M9IiI+DQpJIGFtIG5vdCBxdWl0ZSBjbGVhciBhcyB0byBleGFjdGx5 IHdoYXQgaXMgY29uZnVzaW5nIHdpdGggdGhlIGV4aXN0aW5nPGJyIGNsYXNzPSIiPg0KdGV4dCAo LTIxIHZlcnNpb24pLiBRdW90aW5nIGZyb20gc2VjdGlvbiAxOjxiciBjbGFzcz0iIj4NCjxiciBj bGFzcz0iIj4NCiZuYnNwOyZuYnNwO1RoZSBOZXR3b3JrIFNlcnZpY2UgSGVhZGVyIChOU0gpIHNw ZWNpZmljYXRpb24gZGVmaW5lcyBhIG5ldyBwcm90b2NvbDxiciBjbGFzcz0iIj4NCiZuYnNwOyZu YnNwO2FuZCBhc3NvY2lhdGVkIGVuY2Fwc3VsYXRpb24gZm9yIHRoZSBjcmVhdGlvbiBvZiBkeW5h bWljIHNlcnZpY2U8YnIgY2xhc3M9IiI+DQombmJzcDsmbmJzcDtjaGFpbnMsIG9wZXJhdGluZyBh dCB0aGUgc2VydmljZSBwbGFuZS4gJm5ic3A7VGhlIE5TSCBpcyBkZXNpZ25lZCB0bzxiciBjbGFz cz0iIj4NCiZuYnNwOyZuYnNwO2VuY2Fwc3VsYXRlIGFuIG9yaWdpbmFsIHBhY2tldCBvciBmcmFt ZSwgYW5kIGluIHR1cm4gYmUgZW5jYXBzdWxhdGVkPGJyIGNsYXNzPSIiPg0KJm5ic3A7Jm5ic3A7 YnkgYW4gb3V0ZXIgdHJhbnNwb3J0ICh3aGljaCBpcyB1c2VkIHRvIGRlbGl2ZXIgdGhlIE5TSCB0 byBOU0gtYXdhcmU8YnIgY2xhc3M9IiI+DQombmJzcDsmbmJzcDtuZXR3b3JrIGVsZW1lbnRzKSwg YXMgc2hvd24gaW4gRmlndXJlIDE6PGJyIGNsYXNzPSIiPg0KPGJyIGNsYXNzPSIiPg0KJm5ic3A7 Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5i c3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7 JiM0MzstLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0mIzQzOzxiciBjbGFzcz0iIj4NCiZu YnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNw OyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZu YnNwO3wgJm5ic3A7Jm5ic3A7Jm5ic3A7VHJhbnNwb3J0IEVuY2Fwc3VsYXRpb24gJm5ic3A7Jm5i c3A7fDxiciBjbGFzcz0iIj4NCiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZu YnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNw OyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyYjNDM7LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tJiM0Mzs8YnIgY2xhc3M9IiI+DQombmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJz cDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsm bmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDt8IE5ldHdvcmsgU2VydmljZSBIZWFkZXIgKE5T SCkgfDxiciBjbGFzcz0iIj4NCiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZu YnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNw OyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyYjNDM7LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tJiM0Mzs8YnIgY2xhc3M9IiI+DQombmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJz cDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsm bmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDt8ICZuYnNwOyZuYnNwOyZuYnNwO09yaWdpbmFs IFBhY2tldCAvIEZyYW1lICZuYnNwOyZuYnNwO3w8YnIgY2xhc3M9IiI+DQombmJzcDsmbmJzcDsm bmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJz cDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmIzQzOy0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLSYjNDM7PGJyIGNsYXNzPSIiPg0KPGJyIGNsYXNz PSIiPg0KJm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5i c3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7RmlndXJlIDE6IE5ldHdvcmsgU2VydmljZSBIZWFk ZXIgRW5jYXBzdWxhdGlvbjxiciBjbGFzcz0iIj4NCjxiciBjbGFzcz0iIj4NClRoaXMgc3RhdGVz IHRoYXQgdGhlIE5TSCBpcyBkZXNpZ25lZCB0byBlbmNhcHN1bGF0ZSB0aGUgb3JpZ2luYWw8YnIg Y2xhc3M9IiI+DQpwYWNrZXQvZnJhbWUgKHJlYWQgSVAgcGFja2V0IG9yIEV0aGVybmV0IGZyYW1l KSBhbmQgdGhlbiBpbiB0dXJuIGJlPGJyIGNsYXNzPSIiPg0KY2FycmllZCBieSBhbiBvdXRlciB0 cmFuc3BvcnQuIFRoZSBmaWd1cmUgY2xlYXJseSBzaG93cyB0aGF0IHRoZSBvdXRlcjxiciBjbGFz cz0iIj4NCnRyYW5zcG9ydCBpbiB0aGlzIGNvbnRleHQgaXMgJnF1b3Q7VHJhbnNwb3J0IEVuY2Fw c3VsYXRpb24mcXVvdDsuIFRoZSBkcmFmdCB0aGVuPGJyIGNsYXNzPSIiPg0KZ29lcyBvbiB0byBk ZXNjcmliZSB3aGF0IE5TSCBpcyBhbmQgdGhlbiBpbiBzZWN0aW9uIDQgbW9yZSBkZXRhaWwgaXM8 YnIgY2xhc3M9IiI+DQpwcm92aWRlZCBvbiB0aGUgdHJhbnNwb3J0IGVuY2Fwc3VsYXRpb24uIE5v dyByZWFkaW5nIHNlY3Rpb24gNCBpdCBzdGFydHM8YnIgY2xhc3M9IiI+DQpieSBzYXlpbmc6PGJy IGNsYXNzPSIiPg0KPGJyIGNsYXNzPSIiPg0KT25jZSB0aGUgTlNIIGlzIGFkZGVkIHRvIGEgcGFj a2V0LCBhbiBvdXRlciBlbmNhcHN1bGF0aW9uIGlzIHVzZWQgdG88YnIgY2xhc3M9IiI+DQombmJz cDsmbmJzcDtmb3J3YXJkIHRoZSBvcmlnaW5hbCBwYWNrZXQgYW5kIHRoZSBhc3NvY2lhdGVkIG1l dGFkYXRhIHRvIHRoZSBzdGFydDxiciBjbGFzcz0iIj4NCiZuYnNwOyZuYnNwO29mIGEgc2Vydmlj ZSBjaGFpbi48YnIgY2xhc3M9IiI+DQo8YnIgY2xhc3M9IiI+DQpJcyB0aGUgY29uZnVzaW9uIGNh dXNlZCBieSBzZWN0aW9uIDEgJmFtcDsgNCB0ZXh0IHNheWluZyAmcXVvdDtvdXRlciBlbmNhcHN1 bGF0aW9uJnF1b3Q7PGJyIGNsYXNzPSIiPg0Kb3IgJnF1b3Q7b3V0ZXIgdHJhbnNwb3J0JnF1b3Q7 IHJhdGhlciB0aGFuICZxdW90O1RyYW5zcG9ydCBFbmNhcHN1bGF0aW9uJnF1b3Q7ID8gSWYgc28g dGhhdCBpczxiciBjbGFzcz0iIj4NCmVhc2lseSBmaXhlZCA6LSk8YnIgY2xhc3M9IiI+DQo8YnIg Y2xhc3M9IiI+DQpUaGFua3MhPGJyIGNsYXNzPSIiPg0KPGJyIGNsYXNzPSIiPg0KSmltPGJyIGNs YXNzPSIiPg0KPGJyIGNsYXNzPSIiPg0KLS0tLS1PcmlnaW5hbCBNZXNzYWdlLS0tLS08YnIgY2xh c3M9IiI+DQpGcm9tOiBzZmMgWzxhIGhyZWY9Im1haWx0bzpzZmMtYm91bmNlc0BpZXRmLm9yZyIg Y2xhc3M9IiI+bWFpbHRvOnNmYy1ib3VuY2VzQGlldGYub3JnPC9hPl0gT24gQmVoYWxmIE9mIEth dGhsZWVuIE1vcmlhcnR5PGJyIGNsYXNzPSIiPg0KU2VudDogV2VkbmVzZGF5LCBTZXB0ZW1iZXIg MjAsIDIwMTcgMTI6MjIgUE08YnIgY2xhc3M9IiI+DQpUbzogQ2FybG9zIFBpZ25hdGFybyAoY3Bp Z25hdGEpICZsdDs8YSBocmVmPSJtYWlsdG86Y3BpZ25hdGFAY2lzY28uY29tIiBjbGFzcz0iIj5j cGlnbmF0YUBjaXNjby5jb208L2E+Jmd0OzxiciBjbGFzcz0iIj4NCkNjOiBQYXVsIFF1aW5uIChw YXVscSkgJmx0OzxhIGhyZWY9Im1haWx0bzpwYXVscUBjaXNjby5jb20iIGNsYXNzPSIiPnBhdWxx QGNpc2NvLmNvbTwvYT4mZ3Q7Ow0KPGEgaHJlZj0ibWFpbHRvOnNmY0BpZXRmLm9yZyIgY2xhc3M9 IiI+c2ZjQGlldGYub3JnPC9hPjxiciBjbGFzcz0iIj4NClN1YmplY3Q6IFJlOiBbc2ZjXSBFYXJs eSByZXZpZXcgZHJhZnQtaWV0Zi1zZmMtbnNoPGJyIGNsYXNzPSIiPg0KPGJyIGNsYXNzPSIiPg0K SGkgQ2FybG9zLDxiciBjbGFzcz0iIj4NCjxiciBjbGFzcz0iIj4NClBsZWFzZSBsb29rIGF0IHRo ZSB0ZXh0IGluIHRoZSBjdXJyZW50IGRvY3VtZW50LiAmbmJzcDtJdCBvbmx5IHNheXMgdHJhbnNw b3J0PGJyIGNsYXNzPSIiPg0KaW4gdGhlIHRleHQgSSBxdW90ZWQuICZuYnNwO1RoZSBkaWFncmFt IGFsc28gb25seSBzYXlzIHRyYW5zcG9ydC48YnIgY2xhc3M9IiI+DQpEcmFmdHMgbmVlZCB0byBi ZSBjbGVhcmx5IHdyaXR0ZW4gdG8gYmUgYnJvYWRseSB1bmRlcnN0b29kIGFuZCB0aGUgd2F5IHRo ZTxiciBjbGFzcz0iIj4NCnRleHQgaXMgbm93LCBpdCBpcyBub3QuICZuYnNwO0kgdGhpbmsgY2xl YW5pbmcgaXQgdXAgYSBiaXQgd2lsbCBsaWZ0IHNvbWUgb2Y8YnIgY2xhc3M9IiI+DQp0aGUgc2Vj dXJpdHkgY29uY2VybnMgYXMgc29tZSBhcmUgYWRkcmVzc2VkIHByaW9yIHRvIE5TSCBzZWVpbmcg dGhlIElQPGJyIGNsYXNzPSIiPg0KcGFja2V0IG9yIGZyYW1lLjxiciBjbGFzcz0iIj4NCjxiciBj bGFzcz0iIj4NCllvdXIgcmVzcG9uc2UgaGVscHMsIGJ1dCBwbGVhc2UgdGFrZSB0aGUgdGltZSB0 byBsb29rIHRocm91Z2ggdGhlIGRvY3VtZW50PGJyIGNsYXNzPSIiPg0KdG8gc2VlIGhvdyBpdCBj YW4gYmUgY2xhcmlmaWVkIHNvIG9uZSBkb2VzIG5vdCBoYXZlIHRoZSBxdWVzdGlvbnMgSSBhbmQ8 YnIgY2xhc3M9IiI+DQpvdGhlcnMgaGF2ZSByYWlzZWQuPGJyIGNsYXNzPSIiPg0KPGJyIGNsYXNz PSIiPg0KVGhhbmsgeW91LDxiciBjbGFzcz0iIj4NCkthdGhsZWVuPGJyIGNsYXNzPSIiPg0KPGJy IGNsYXNzPSIiPg0KT24gV2VkLCBTZXAgMjAsIDIwMTcgYXQgMTE6NTkgQU0sIENhcmxvcyBQaWdu YXRhcm8gKGNwaWduYXRhKTxiciBjbGFzcz0iIj4NCiZsdDs8YSBocmVmPSJtYWlsdG86Y3BpZ25h dGFAY2lzY28uY29tIiBjbGFzcz0iIj5jcGlnbmF0YUBjaXNjby5jb208L2E+Jmd0OyB3cm90ZTo8 YnIgY2xhc3M9IiI+DQo8YmxvY2txdW90ZSB0eXBlPSJjaXRlIiBjbGFzcz0iIj5IaSwgS2F0aGxl ZW4sPGJyIGNsYXNzPSIiPg0KPGJyIGNsYXNzPSIiPg0KVGhhbmsgeW91IGZvciBhc2tpbmcgZXhw bGljaXRseS4gVGhpcyBkb2N1bWVudCB1c2VkIHRvIGhhdmUgZXhwbGljaXQ8YnIgY2xhc3M9IiI+ DQo8L2Jsb2NrcXVvdGU+DQrigJxOU0ggRW5jYXBzdWxhdGlvbiBFeGFtcGxlc+KAnSwgYnV0IHdl cmUgdGFrZW4gb3V0IChhdCB0aGUgQUTigJlzIHJlcXVlc3QpPGJyIGNsYXNzPSIiPg0KYmFzZWQg b24gdGhlIGFyZ3VtZW50IHRoYXQg4oCcZXZlcnlvbmUgd291bGQgbGlrZSB0byBoYXZlIHRoZWly PGJyIGNsYXNzPSIiPg0KZW5jYXBzdWxhdGlvbuKAnS4gV2UgY2FuIGFsd2F5cyBicmluZyB0aGVt IGJhY2sgaWYgZGVzaXJlZCwgZXZlbiB3aXRoaW4gYTxiciBjbGFzcz0iIj4NCm5vbi1ub3JtYXRp dmUgYXBwZW5kaXguPGJyIGNsYXNzPSIiPg0KPGJsb2NrcXVvdGUgdHlwZT0iY2l0ZSIgY2xhc3M9 IiI+PGJyIGNsYXNzPSIiPg0KQXMgSSBmb2xsb3cgeW91ciBxdWVzdGlvbnMsIEkgd2lsbCB0cnkg bXkgYmVzdCB0byBhbnN3ZXIgYW5kIGNsYXJpZnkuPGJyIGNsYXNzPSIiPg0KPGJyIGNsYXNzPSIi Pg0KSSBhbSBub3Qgc3VyZSB3aGljaCDigJxidW5ueSB0cmFpbOKAnSB0b29rIHRoZSBjb252ZXJz YXRpb24gaGVyZSwgYnV0PGJyIGNsYXNzPSIiPg0KPC9ibG9ja3F1b3RlPg0KcGVyaGFwcyBhIGNv dXBsZSBvZiB0b3AtcG9zdCBjbGFyaWZpY2F0aW9ucyBtaWdodCBoZWxwOjxiciBjbGFzcz0iIj4N CjxibG9ja3F1b3RlIHR5cGU9ImNpdGUiIGNsYXNzPSIiPjxiciBjbGFzcz0iIj4NCjEuIOKAnE9y aWdpbmFsIFBhY2tldC9GcmFtZeKAnSAtJmd0OyB0aGUgdGVybWlub2xvZ3kgUGFja2V0L0ZyYW1l LCBhcyBjb21tb25seTxiciBjbGFzcz0iIj4NCjwvYmxvY2txdW90ZT4NCnVzZWQsIGRlbm90ZXMg YW4gSVAgcGFja2V0IG9yIGFuIEV0aGVybmV0IGZyYW1lLjxiciBjbGFzcz0iIj4NCjxibG9ja3F1 b3RlIHR5cGU9ImNpdGUiIGNsYXNzPSIiPjIuIFRoZSBvdXRlciAmcXVvdDtUcmFuc3BvcnQgRW5j YXBzdWxhdGlvbuKAnSBkb2VzICpub3QqIG1lYW4gVENQLiBJdCB1c2VzIHRoZTxiciBjbGFzcz0i Ij4NCjwvYmxvY2txdW90ZT4NCndvcmQg4oCcVHJhbnNwb3J04oCdIGFzIHRyYW5zcG9ydCBwcm9m aWxlLCBhbiBlbmNhcHN1bGF0aW9uIHRoYXQgdHJhbnNwb3J0cyw8YnIgY2xhc3M9IiI+DQpub3Qg YXMgVENQLiBHUkUgaXMgb25lIGV4YW1wbGUgb2YgYSB0cmFuc3BvcnQgZW5jYXBzdWxhdGlvbiwg bm90IFRDUCBhcyBhPGJyIGNsYXNzPSIiPg0K4oCcTDQgVHJhbnNwb3J0IExheWVyIHByb3RvY29s 4oCdLjxiciBjbGFzcz0iIj4NCjxibG9ja3F1b3RlIHR5cGU9ImNpdGUiIGNsYXNzPSIiPjxiciBj bGFzcz0iIj4NCkluIHBvaW50ICMyLCBHUkUgaXMgdGhlIFRyYW5zcG9ydCB0aGF0IE5TSCB1c2Vz IGJldHdlZW4gU0ZGcy9TRnMuIEFuZDxiciBjbGFzcz0iIj4NCjwvYmxvY2txdW90ZT4NCmZ1cnRo ZXIsIHNpbmNlIE5TSCBpcyBUcmFuc3BvcnQgRW5jYXBzdWxhdGlvbiBhZ25vc3RpYywgd2UgYXJl IHRhbGtpbmc8YnIgY2xhc3M9IiI+DQphYm91dCBwb3RlbnRpYWxseSBhIGJyb2FkIHNldCBvZiBw cm90b2NvbHPigKYgSeKAmWQgZW5jb3VyYWdlIHVzIHRvIG5vdDxiciBjbGFzcz0iIj4NCmF0dGVt cHQgdG8gY2xhc3NpZnkgdGhlbSBpbiBPU0kgTGF5ZXJzLjxiciBjbGFzcz0iIj4NCjxibG9ja3F1 b3RlIHR5cGU9ImNpdGUiIGNsYXNzPSIiPjxiciBjbGFzcz0iIj4NCkkgY2FuIHNlZSB0aGF0IHNv bWUgb2YgdGhpcyBtaWdodCBub3QgYmUgdG90YWxseSBjbGVhciBpZiBzY2FubmluZzxiciBjbGFz cz0iIj4NCjwvYmxvY2txdW90ZT4NCnRocm91Z2ggdGhlIGRvY3VtZW50LCBidXQgaXQgaXMgY2xl YXIgZm9yIGFuIGltcGxlbWVudG9yLjxiciBjbGFzcz0iIj4NCjxibG9ja3F1b3RlIHR5cGU9ImNp dGUiIGNsYXNzPSIiPjxiciBjbGFzcz0iIj4NClNlZSBUYWJsZSAxIGFuZCBUYWJsZSAzIGZvciBl eGFtcGxlcyAoVHJhbnNwb3J0IGNvbHVtbik8YnIgY2xhc3M9IiI+DQo8YnIgY2xhc3M9IiI+DQpJ IGhvcGUgdGhpcyBoZWxwcyBzZXQgY2xhcmlmeWluZyBjb250ZXh0LCBzZWUgaW5saW5lIGZvciBt b3JlIHNwZWNpZmljPGJyIGNsYXNzPSIiPg0KPC9ibG9ja3F1b3RlPg0KZGV0YWlscy4uLjxiciBj bGFzcz0iIj4NCjxibG9ja3F1b3RlIHR5cGU9ImNpdGUiIGNsYXNzPSIiPjxiciBjbGFzcz0iIj4N CjxibG9ja3F1b3RlIHR5cGU9ImNpdGUiIGNsYXNzPSIiPk9uIFNlcCAyMCwgMjAxNywgYXQgMTE6 MjEgQU0sIEthdGhsZWVuIE1vcmlhcnR5PGJyIGNsYXNzPSIiPg0KPC9ibG9ja3F1b3RlPg0KPC9i bG9ja3F1b3RlPg0KJmx0OzxhIGhyZWY9Im1haWx0bzpLYXRobGVlbi5Nb3JpYXJ0eS5pZXRmQGdt YWlsLmNvbSIgY2xhc3M9IiI+S2F0aGxlZW4uTW9yaWFydHkuaWV0ZkBnbWFpbC5jb208L2E+Jmd0 OyB3cm90ZTo8YnIgY2xhc3M9IiI+DQo8YmxvY2txdW90ZSB0eXBlPSJjaXRlIiBjbGFzcz0iIj4N CjxibG9ja3F1b3RlIHR5cGU9ImNpdGUiIGNsYXNzPSIiPjxiciBjbGFzcz0iIj4NCkhpIENhcmxv cyw8YnIgY2xhc3M9IiI+DQo8YnIgY2xhc3M9IiI+DQpJdCdzIGEgc3RhcnQsIGJ1dCBzaG91bGQg YmUgbW9yZSBzcGVjaWZpYy48YnIgY2xhc3M9IiI+DQo8L2Jsb2NrcXVvdGU+DQo8YnIgY2xhc3M9 IiI+DQpUaGUgc3BlY2lmaWNzIGFyZSBpbiB0aGUgZG9jdW1lbnQsIGV2ZW4gZXhhbXBsZXMgYXMg cGVyIFRhYmxlcyAxIGFuZCAzLjxiciBjbGFzcz0iIj4NCjxiciBjbGFzcz0iIj4NCjxibG9ja3F1 b3RlIHR5cGU9ImNpdGUiIGNsYXNzPSIiPldoYXQgYXJlIHRoZSBvcmlnaW5hbDxiciBjbGFzcz0i Ij4NCnBhY2tldHMvZnJhbWUgLSBpcyB0aGlzIGxpbmsgbGF5ZXIgb3IgbmV0d29yayBvciBib3Ro PzxiciBjbGFzcz0iIj4NCjwvYmxvY2txdW90ZT4NCjxiciBjbGFzcz0iIj4NClRoZXNlIGFyZSB0 aGUgcGFja2V0cyBvciBmcmFtZXMgaW5jb21pbmcgaW50byBhIGNsYXNzaWZpZXIsIG9yaWdpbmFs LDxiciBjbGFzcz0iIj4NCjwvYmxvY2txdW90ZT4NCnRoZW4gTlNIIGlzIGltcG9zZWQsIHRoZW4g YSB0cmFuc3BvcnQgZW5jYXBzdWxhdGlvbiBpcyBpbXBvc2VkLjxiciBjbGFzcz0iIj4NCjxibG9j a3F1b3RlIHR5cGU9ImNpdGUiIGNsYXNzPSIiPjxiciBjbGFzcz0iIj4NCjxibG9ja3F1b3RlIHR5 cGU9ImNpdGUiIGNsYXNzPSIiPkl0IHNlZW1zIGxpa2U8YnIgY2xhc3M9IiI+DQpib3RoIGZyb20g dGhlIGRpYWdyYW0sIGJ1dCBpcyB0aGF0IHJlYWxseSB0aGUgY2FzZT88YnIgY2xhc3M9IiI+DQo8 L2Jsb2NrcXVvdGU+DQo8YnIgY2xhc3M9IiI+DQpZZXMsIGl0IGlzIGJvdGguIFJlYWxseSB0aGUg Y2FzZS48YnIgY2xhc3M9IiI+DQo8YnIgY2xhc3M9IiI+DQo8YmxvY2txdW90ZSB0eXBlPSJjaXRl IiBjbGFzcz0iIj48YnIgY2xhc3M9IiI+DQpUaGVuIGZvciB0aGUgdHJhbnNwb3J0IGVuY2Fwc3Vs YXRpb24sIGlzIHRoaXMgbGF5ZXIgMyBvciA0PzxiciBjbGFzcz0iIj4NCjwvYmxvY2txdW90ZT4N CjxiciBjbGFzcz0iIj4NCkkgYmVsaWV2ZSBpdCBpcyBhIHNvdXJjZSBvZiBoZWFkYWNoZSBhbmQg Y29uZnVzaW9uIHRvIHRoaW5rIGFib3V0IE9TSTxiciBjbGFzcz0iIj4NCjwvYmxvY2txdW90ZT4N CmxheWVyc+KApiB3aGF0IGxheWVyIGlzIElQLWluLUlQPyBBbmQgYW4gTVBMUyBQc2V1ZG93aXJl IHRyYW5zcG9ydGluZzxiciBjbGFzcz0iIj4NCkV0aGVybmV0PyBPciBhbiBJUHY2L0wyVFB2MyBw c2V1ZG93aXJlIHRyYW5zcG9ydGluZyBURE0/PGJyIGNsYXNzPSIiPg0KPGJsb2NrcXVvdGUgdHlw ZT0iY2l0ZSIgY2xhc3M9IiI+PGJyIGNsYXNzPSIiPg0KPGJsb2NrcXVvdGUgdHlwZT0iY2l0ZSIg Y2xhc3M9IiI+PGJyIGNsYXNzPSIiPg0KVGhlIHdvcmRpbmcgdGhhdCBwcmVjZWRlcyB0aGlzIGlz IGEgYml0IGNvbmZ1c2luZyAoaGVyZSBmb3IgcmVmZXJlbmNlKTo8YnIgY2xhc3M9IiI+DQo8YnIg Y2xhc3M9IiI+DQombmJzcDtUaGUgTmV0d29yayBTZXJ2aWNlIEhlYWRlciAoTlNIKSBzcGVjaWZp Y2F0aW9uIGRlZmluZXMgYSBuZXcgcHJvdG9jb2w8YnIgY2xhc3M9IiI+DQombmJzcDthbmQgYXNz b2NpYXRlZCBlbmNhcHN1bGF0aW9uIGZvciB0aGUgY3JlYXRpb24gb2YgZHluYW1pYyBzZXJ2aWNl PGJyIGNsYXNzPSIiPg0KJm5ic3A7Y2hhaW5zLCBvcGVyYXRpbmcgYXQgdGhlIHNlcnZpY2UgcGxh bmUuICZuYnNwO1RoZSBOU0ggaXMgZGVzaWduZWQgdG88YnIgY2xhc3M9IiI+DQombmJzcDtlbmNh cHN1bGF0ZSBhbiBvcmlnaW5hbCBwYWNrZXQgb3IgZnJhbWUsIGFuZCBpbiB0dXJuIGJlIGVuY2Fw c3VsYXRlZDxiciBjbGFzcz0iIj4NCiZuYnNwO2J5IGFuIG91dGVyIHRyYW5zcG9ydCAod2hpY2gg aXMgdXNlZCB0byBkZWxpdmVyIHRoZSBOU0ggdG8gTlNILWF3YXJlPGJyIGNsYXNzPSIiPg0KJm5i c3A7bmV0d29yayBlbGVtZW50cyksIGFzIHNob3duIGluIEZpZ3VyZSAxOjxiciBjbGFzcz0iIj4N CjwvYmxvY2txdW90ZT4NCjxiciBjbGFzcz0iIj4NCkRvZXMgdGhlIGV4cGxhbmF0aW9uIGFib3Zl IGhlbHA/IEkgYW0gbm90IHN1cmUgaG93IHRvIGJlc3QgYW5zd2Vy4oCmPGJyIGNsYXNzPSIiPg0K PC9ibG9ja3F1b3RlPg0KYmVjYXVzZSBJIGRvIG5vdCBmaW5kIGl0IGNvbmZ1c2luZy4gVGhpcyB0 ZXh0IGlzIHRoZSByZXN1bHQgb2YgcmV2aWV3ZXJzPGJyIGNsYXNzPSIiPg0KYXNraW5nIGZvciBj bGFyaXR5LCBhbmQgdGhlbiBhY2tub3dsZWRnaW5nIHRoYXQgdGhlIHBhcmFncmFwaCBhYm92ZTxi ciBjbGFzcz0iIj4NCmJyb3VnaHQgdGhhdCBjbGFyaXR5LjxiciBjbGFzcz0iIj4NCjxibG9ja3F1 b3RlIHR5cGU9ImNpdGUiIGNsYXNzPSIiPjxiciBjbGFzcz0iIj4NCjxibG9ja3F1b3RlIHR5cGU9 ImNpdGUiIGNsYXNzPSIiPjxiciBjbGFzcz0iIj4NCk5vcm1hbGx5LCB0aGUgaGlnaGVyIGxheWVy cyBhcmUgZW5jYXBzdWxhdGVkLDxiciBjbGFzcz0iIj4NCjwvYmxvY2txdW90ZT4NCjxiciBjbGFz cz0iIj4NCldoYXQgaXMgaGlnaGVyIGFuZCBsb3dlcj8gQW5kIGZvciB3aGF0IGRlZmluaXRpb24g b2Yg4oCcTm9ybWFsbHnigJ0/IFdoYXTigJlzPGJyIGNsYXNzPSIiPg0KPC9ibG9ja3F1b3RlPg0K YSBUdW5uZWw/PGJyIGNsYXNzPSIiPg0KPGJsb2NrcXVvdGUgdHlwZT0iY2l0ZSIgY2xhc3M9IiI+ PGJyIGNsYXNzPSIiPg0KPGJsb2NrcXVvdGUgdHlwZT0iY2l0ZSIgY2xhc3M9IiI+YnV0IHRoaXMg d29yZGluZzxiciBjbGFzcz0iIj4NCmRlc2NyaWJlcyBqdXN0IHRoZSBvcHBvc2l0ZS4gJm5ic3A7 SXQgc2F5cyB0aGUgcGFja2V0L2ZyYW1lIGF0IGxheWVyIDIvMzxiciBjbGFzcz0iIj4NCihqdXN0 IGdvaW5nIGZyb20gdGhlIG5vcm1hbCB1c2VzIG9mIHBhY2tldCBhbmQgZnJhbWUgdG8gYXNzdW1l IGxheWVyPGJyIGNsYXNzPSIiPg0KMy8yKS48YnIgY2xhc3M9IiI+DQo8L2Jsb2NrcXVvdGU+DQo8 YnIgY2xhc3M9IiI+DQpDb3JyZWN0LiBJUCBwYWNrZXQsIEV0aGVybmV0IEZyYW1lLjxiciBjbGFz cz0iIj4NCjxiciBjbGFzcz0iIj4NCjxibG9ja3F1b3RlIHR5cGU9ImNpdGUiIGNsYXNzPSIiPk5I UyBlbmNhcHN1bGF0ZXMgdGhhdCwgYW5kIHRoZW4gaXMgZW5jYXBzdWxhdGVkIGJ5IGEgdHJhbnNw b3J0IGxheWVyPGJyIGNsYXNzPSIiPg0KMy80PzxiciBjbGFzcz0iIj4NCjwvYmxvY2txdW90ZT4N CjxiciBjbGFzcz0iIj4NCk5vLjxiciBjbGFzcz0iIj4NCjxiciBjbGFzcz0iIj4NCldoZXJlIGRv ZXMgaXQgc2F5IOKAnFRyYW5zcG9ydCBMYXllcuKAnT88YnIgY2xhc3M9IiI+DQo8YnIgY2xhc3M9 IiI+DQpOb3RlIHRoYXQg4oCcTmV0d29yayBUcmFuc3BvcnTigJ0sIGFuZCDigJxUcmFuc3BvcnQg RW5jYXBzdWxhdGlvbuKAnSBhcmUgdGVybXM8YnIgY2xhc3M9IiI+DQo8L2Jsb2NrcXVvdGU+DQpj b21pbmcgZnJvbSBSRkMgNzY2NS48YnIgY2xhc3M9IiI+DQo8YmxvY2txdW90ZSB0eXBlPSJjaXRl IiBjbGFzcz0iIj48YnIgY2xhc3M9IiI+DQpBbmQgdG8gYmUgY2xlYXI6IG1hbnkgUkZDcyB1c2Ug 4oCcVHJhbnNwb3J0IEVuY2Fwc3VsYXRpb27igJ0gb3IgYTxiciBjbGFzcz0iIj4NCnZhcmlhdGlv biBvZiB0aGF0IChFbmNhcHN1bGF0aW9uIGZvciBUcmFuc3BvcnQsIFRyYW5zcG9ydC1pbmRlcGVu ZGVudDxiciBjbGFzcz0iIj4NCkVuY2Fwc3VsYXRpb24sIGV0Yy4pPGJyIGNsYXNzPSIiPg0KPGJy IGNsYXNzPSIiPg0KU2VlIFRhYmxlIDEgYW5kIFRhYmxlIDMsIFRyYW5zcG9ydCBjb2x1bW4sIGZv ciBleGFtcGxlcy48YnIgY2xhc3M9IiI+DQo8YnIgY2xhc3M9IiI+DQo8YnIgY2xhc3M9IiI+DQo8 YmxvY2txdW90ZSB0eXBlPSJjaXRlIiBjbGFzcz0iIj5JZiB5b3UgY2FuIGNsYXJpZnkgdGhpcyB0 ZXh0IG9yIG1ha2UgaXQgY2xlYXIgdGhhdCB5b3UgcmVhbGx5PGJyIGNsYXNzPSIiPg0KaW50ZW5k ZWQgdG8gZG8gdGhpcyBvZGQgZW5jYXBzdWxhdGlvbiwgdGhhdCB3b3VsZCBoZWxwIGEgbG90Ljxi ciBjbGFzcz0iIj4NCjwvYmxvY2txdW90ZT4NCjxiciBjbGFzcz0iIj4NCkhvcGVmdWxseSBteSBl eHBsYW5hdGlvbiBoZWxwcy48YnIgY2xhc3M9IiI+DQo8YnIgY2xhc3M9IiI+DQo8YmxvY2txdW90 ZSB0eXBlPSJjaXRlIiBjbGFzcz0iIj5VbmRlcnN0YW5kaW5nIHRoZSBsYXllcnMgdGhpcyBhbGwg aGFwcGVucyBhdCBpcyB2ZXJ5IGltcG9ydGFudC4gJm5ic3A7SWY8YnIgY2xhc3M9IiI+DQpOU0gg aXMgdGhlIHRyaWdnZXIgZm9yIHRoZSBsYXllciAzLzQgdHJhbnNwb3J0LCBob3cgY2FuIHNlY3Vy aXR5IGJlPGJyIGNsYXNzPSIiPg0KYXBwbGllZD8gJm5ic3A7T3IgaXMgaXQgYWRkcmVzc2VkIGJ5 IGEgcHJpb3IgMy80IGVuY2Fwc3VsYXRpb24gYnkgdGhlPGJyIGNsYXNzPSIiPg0Kb3JpZ2luYWwg cGFja2V0L2ZyYW1lPzxiciBjbGFzcz0iIj4NCjxiciBjbGFzcz0iIj4NClRoYW5rcyw8YnIgY2xh c3M9IiI+DQpLYXRobGVlbjxiciBjbGFzcz0iIj4NCjxiciBjbGFzcz0iIj4NCjwvYmxvY2txdW90 ZT4NCjxiciBjbGFzcz0iIj4NCjxiciBjbGFzcz0iIj4NCuKAlDxiciBjbGFzcz0iIj4NCkNhcmxv cyBQaWduYXRhcm8sIDxhIGhyZWY9Im1haWx0bzpjYXJsb3NAY2lzY28uY29tIiBjbGFzcz0iIj5j YXJsb3NAY2lzY28uY29tPC9hPjxiciBjbGFzcz0iIj4NCjxiciBjbGFzcz0iIj4NCjxiciBjbGFz cz0iIj4NCjxibG9ja3F1b3RlIHR5cGU9ImNpdGUiIGNsYXNzPSIiPjxiciBjbGFzcz0iIj4NCk9u IFR1ZSwgU2VwIDE5LCAyMDE3IGF0IDQ6NTMgUE0sIENhcmxvcyBQaWduYXRhcm8gKGNwaWduYXRh KTxiciBjbGFzcz0iIj4NCiZsdDs8YSBocmVmPSJtYWlsdG86Y3BpZ25hdGFAY2lzY28uY29tIiBj bGFzcz0iIj5jcGlnbmF0YUBjaXNjby5jb208L2E+Jmd0OyB3cm90ZTo8YnIgY2xhc3M9IiI+DQo8 YmxvY2txdW90ZSB0eXBlPSJjaXRlIiBjbGFzcz0iIj5IaSwgS2F0aGxlZW4sPGJyIGNsYXNzPSIi Pg0KPGJyIGNsYXNzPSIiPg0KVGhhbmtzIGZvciB0aGUgY2xhcmlmaWNhdGlvbi48YnIgY2xhc3M9 IiI+DQo8YnIgY2xhc3M9IiI+DQpSZWdhcmRpbmc6PGJyIGNsYXNzPSIiPg0KPGJyIGNsYXNzPSIi Pg0KaXMgdGhhdCB0aGUgbGF5ZXJpbmcgbmVlZHMgdG8gYmUgc3BlY2lmaWNhbGx5IHN0YXRlZCB0 byBjbGVhcmx5PGJyIGNsYXNzPSIiPg0KPGJyIGNsYXNzPSIiPg0KPGJyIGNsYXNzPSIiPg0KTGlr ZSB0aGlzPzxiciBjbGFzcz0iIj4NCjxhIGhyZWY9Imh0dHBzOi8vdG9vbHMuaWV0Zi5vcmcvaHRt bC9kcmFmdC1pZXRmLXNmYy1uc2gtMjEjc2VjdGlvbi0xIiBjbGFzcz0iIj5odHRwczovL3Rvb2xz LmlldGYub3JnL2h0bWwvZHJhZnQtaWV0Zi1zZmMtbnNoLTIxI3NlY3Rpb24tMTwvYT48YnIgY2xh c3M9IiI+DQo8YnIgY2xhc3M9IiI+DQombmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJz cDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsm bmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmIzQzOy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LSYjNDM7PGJyIGNsYXNzPSIiPg0KJm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7 Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5i c3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7fCAmbmJzcDsmbmJzcDsmbmJzcDtUcmFuc3BvcnQgRW5jYXBz dWxhdGlvbiAmbmJzcDsmbmJzcDt8PGJyIGNsYXNzPSIiPg0KJm5ic3A7Jm5ic3A7Jm5ic3A7Jm5i c3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7 Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7JiM0MzstLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0mIzQzOzxiciBjbGFzcz0iIj4NCiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNw OyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZu YnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwO3wgTmV0d29yayBTZXJ2aWNlIEhlYWRl ciAoTlNIKSB8PGJyIGNsYXNzPSIiPg0KJm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5i c3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7 Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7JiM0MzstLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0mIzQzOzxiciBjbGFzcz0iIj4NCiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNw OyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZu YnNwOyZuYnNwOyZuYnNwOyZuYnNwO3wgJm5ic3A7Jm5ic3A7Jm5ic3A7T3JpZ2luYWwgUGFja2V0 IC8gRnJhbWUgJm5ic3A7Jm5ic3A7fDxiciBjbGFzcz0iIj4NCiZuYnNwOyZuYnNwOyZuYnNwOyZu YnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNw OyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyYjNDM7LS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tJiM0Mzs8YnIgY2xhc3M9IiI+DQo8YnIgY2xhc3M9IiI+DQombmJzcDsm bmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJz cDsmbmJzcDtGaWd1cmUgMTogTmV0d29yayBTZXJ2aWNlIEhlYWRlciBFbmNhcHN1bGF0aW9uPGJy IGNsYXNzPSIiPg0KPGJyIGNsYXNzPSIiPg0KSSB0aGluayBpZiB5b3UgbGFpZCB0aGlzIG91dDxi ciBjbGFzcz0iIj4NCm5pY2VseSBhbmQgY2xlYXJseSBzaG93ZWQgd2hlcmUgdHJhbnNwb3J0IHNl Y3VyaXR5IGlzIGFkZHJlc3NlZCBhdDxiciBjbGFzcz0iIj4NCmFub3RoZXIgbGF5ZXIgKG91dC1v Zi1zY29wZSksIGl0IHdvdWxkIGdvIGEgbG9uZyB3YXkuPGJyIGNsYXNzPSIiPg0KPGJyIGNsYXNz PSIiPg0KPGJyIGNsYXNzPSIiPg0KSG9wZWZ1bGx5IHRoZSBhYm92ZSAoZXhpc3RpbmcpIGZpZ3Vy ZSBhbmQgdGV4dCBpcyBjbGVhci4gSW4gdGhhdCBjYXNlOjxiciBjbGFzcz0iIj4NCjxiciBjbGFz cz0iIj4NCk9uZSBpZGVhIGlzIHRvIGNhdGVnb3JpemUgdGhlIHBhcmFncmFwaHMgaW4gdGhlIFNl Y3VyaXR5PGJyIGNsYXNzPSIiPg0KPC9ibG9ja3F1b3RlPg0KPC9ibG9ja3F1b3RlPg0KPC9ibG9j a3F1b3RlPg0KQ29uc2lkZXJhdGlvbnMgdG88YnIgY2xhc3M9IiI+DQo8YmxvY2txdW90ZSB0eXBl PSJjaXRlIiBjbGFzcz0iIj4NCjxibG9ja3F1b3RlIHR5cGU9ImNpdGUiIGNsYXNzPSIiPg0KPGJs b2NrcXVvdGUgdHlwZT0iY2l0ZSIgY2xhc3M9IiI+bWFrZSB0aG9zZSByZWxhdGlvbnMgbW9yZSBj bGVhci48YnIgY2xhc3M9IiI+DQo8YnIgY2xhc3M9IiI+DQrigJQ8YnIgY2xhc3M9IiI+DQpDYXJs b3MgUGlnbmF0YXJvLjxiciBjbGFzcz0iIj4NCjxiciBjbGFzcz0iIj4NCjxiciBjbGFzcz0iIj4N Ck9uIFNlcCAxOSwgMjAxNywgYXQgMzozOCBQTSwgS2F0aGxlZW4gTW9yaWFydHk8YnIgY2xhc3M9 IiI+DQombHQ7PGEgaHJlZj0ibWFpbHRvOkthdGhsZWVuLk1vcmlhcnR5LmlldGZAZ21haWwuY29t IiBjbGFzcz0iIj5LYXRobGVlbi5Nb3JpYXJ0eS5pZXRmQGdtYWlsLmNvbTwvYT4mZ3Q7IHdyb3Rl OjxiciBjbGFzcz0iIj4NCjxiciBjbGFzcz0iIj4NClRoYW5rcyBmb3IgdGhlIHJlc3BvbnNlcy4g Jm5ic3A7SSdtIGdvaW5nIHRvIHRvcCBwb3N0IGFzIEkgdGhpbiB0aGUgbWFpbjxiciBjbGFzcz0i Ij4NCnBvaW50IG9mIG15IHJldmlldyBpcyB0aGF0IHRoZSBsYXllcmluZyBuZWVkcyB0byBiZSBz cGVjaWZpY2FsbHk8YnIgY2xhc3M9IiI+DQpzdGF0ZWQgdG8gY2xlYXJseSBzY29wZSB0aGUgcHJv YmxlbSBzcGFjZSBmb3IgTlNIIHNlY3VyaXR5PGJyIGNsYXNzPSIiPg0KY29uc2lkZXJhdGlvbnMu ICZuYnNwO1RoZSBkcmFmdCBhcy13cml0dGVuIGlzIG5vdCBjbGVhciBhbmQgYXMgYSByZXN1bHQs PGJyIGNsYXNzPSIiPg0Kc2VjdXJpdHkgcmV2aWV3cyBhcmUgdmVyeSBkaWZmaWN1bHQuICZuYnNw O0kgdGhpbmsgaWYgeW91IGxhaWQgdGhpcyBvdXQ8YnIgY2xhc3M9IiI+DQpuaWNlbHkgYW5kIGNs ZWFybHkgc2hvd2VkIHdoZXJlIHRyYW5zcG9ydCBzZWN1cml0eSBpcyBhZGRyZXNzZWQgYXQ8YnIg Y2xhc3M9IiI+DQphbm90aGVyIGxheWVyIChvdXQtb2Ytc2NvcGUpLCBpdCB3b3VsZCBnbyBhIGxv bmcgd2F5LiAmbmJzcDtBbHRob3VnaCB0aGU8YnIgY2xhc3M9IiI+DQpkcmFmdCBpbXByb3ZlZCBh IGJpdCBmcm9tIHRoZSBwcmV2aW91cyB2ZXJzaW9uLCBJIHRoaW5rIGEgY2FyZWZ1bDxiciBjbGFz cz0iIj4NCnJldmlldyBhbmQgZWRpdCBwYXNzIHdvdWxkIGRvIGEgbG90IG9mIGdvb2QsIHNwZWNp ZmljYWxseSBhcm91bmQ8YnIgY2xhc3M9IiI+DQpjbGFyaXR5IG9mIHRoZSBwcm9ibGVtIHNwYWNl IGFuZCBzb2x1dGlvbi4gJm5ic3A7VGhlIHF1ZXN0aW9ucyBJIGFza2VkIHdlcmU8YnIgY2xhc3M9 IiI+DQphIHJlc3VsdCBvZiBsYWNrIG9mIGNsYXJpdHkgaW4gdGhlIGRyYWZ0LjxiciBjbGFzcz0i Ij4NCjxiciBjbGFzcz0iIj4NClRoYW5rcyw8YnIgY2xhc3M9IiI+DQpLYXRobGVlbjxiciBjbGFz cz0iIj4NCjxiciBjbGFzcz0iIj4NCk9uIFR1ZSwgU2VwIDE5LCAyMDE3IGF0IDM6MjIgUE0sIFBh dWwgUXVpbm4gKHBhdWxxKSAmbHQ7PGEgaHJlZj0ibWFpbHRvOnBhdWxxQGNpc2NvLmNvbSIgY2xh c3M9IiI+cGF1bHFAY2lzY28uY29tPC9hPiZndDs8YnIgY2xhc3M9IiI+DQo8L2Jsb2NrcXVvdGU+ DQo8L2Jsb2NrcXVvdGU+DQo8L2Jsb2NrcXVvdGU+DQp3cm90ZTo8YnIgY2xhc3M9IiI+DQo8Ymxv Y2txdW90ZSB0eXBlPSJjaXRlIiBjbGFzcz0iIj4NCjxibG9ja3F1b3RlIHR5cGU9ImNpdGUiIGNs YXNzPSIiPg0KPGJsb2NrcXVvdGUgdHlwZT0iY2l0ZSIgY2xhc3M9IiI+PGJyIGNsYXNzPSIiPg0K SGksPGJyIGNsYXNzPSIiPg0KPGJyIGNsYXNzPSIiPg0KVGhhbmsgeW91IGZvciB0aGUgcmV2aWV3 LiAmbmJzcDtQbGVhc2Ugc2VlIHNvbWUgY29tbWVudHMgaW5saW5lIGJlbG93LjxiciBjbGFzcz0i Ij4NCjxiciBjbGFzcz0iIj4NClBhdWw8YnIgY2xhc3M9IiI+DQo8YnIgY2xhc3M9IiI+DQpPbiBT ZXAgMTgsIDIwMTcsIGF0IDQ6MTUgUE0sIEthdGhsZWVuIE1vcmlhcnR5PGJyIGNsYXNzPSIiPg0K Jmx0OzxhIGhyZWY9Im1haWx0bzprYXRobGVlbi5tb3JpYXJ0eS5pZXRmQGdtYWlsLmNvbSIgY2xh c3M9IiI+a2F0aGxlZW4ubW9yaWFydHkuaWV0ZkBnbWFpbC5jb208L2E+Jmd0OyB3cm90ZTo8YnIg Y2xhc3M9IiI+DQo8YnIgY2xhc3M9IiI+DQpIZWxsbyw8YnIgY2xhc3M9IiI+DQo8YnIgY2xhc3M9 IiI+DQpBdCBBbGlhJ3MgcmVxdWVzdCwgSSBkaWQgYW4gZWFybHkgcmV2aWV3IG9mIGRyYWZ0LWll dGYtc2ZjLW5zaC4gJm5ic3A7SGVyZTxiciBjbGFzcz0iIj4NCmFyZSBzb21lIGluaXRpYWwgY29t bWVudHMgYW5kIEkgbWF5IGhhdmUgbW9yZSB3aGVuIHRoZSBkcmFmdCBpczxiciBjbGFzcz0iIj4N CnJldmlzZWQgYW5kIGlzIGluIGZvciBJRVNHIHJldmlldy4gJm5ic3A7SSBhcHByZWNpYXRlIHlv dXIgZWZmb3J0czxiciBjbGFzcz0iIj4NCmFkZHJlc3NpbmcgdGhlIGNvbW1lbnRzIHJlY2VpdmVk IHRvIGRhdGUuICZuYnNwO0kgaG9wZSB5b3UgZmluZCB0aGVzZTxiciBjbGFzcz0iIj4NCnN1Z2dl c3Rpb25zIGFzIGhlbHBmdWwgaW1wcm92ZW1lbnRzIHRvIHRoZSBkb2N1bWVudCBhbmQgY2xhcml0 eSBvZiBOU0g8YnIgY2xhc3M9IiI+DQpzZWN1cml0eSBjb25jZXJucy48YnIgY2xhc3M9IiI+DQo8 YnIgY2xhc3M9IiI+DQo8YnIgY2xhc3M9IiI+DQpTZWN0aW9uIDEgLTxiciBjbGFzcz0iIj4NCjxi ciBjbGFzcz0iIj4NClRoZSBpbnRlbmRlZCBzY29wZSBpbiB0aGUgaW50cm9kdWN0aW9uIHNob3Vs ZCBhbHNvIGluY2x1ZGUgbWVudGlvbiBvZjxiciBjbGFzcz0iIj4NCm11bHRpLXRlbmFuY3kuICZu YnNwO1RoaXMgY2hhbmdlcyB0aGUgc2VjdXJpdHkgcmVxdWlyZW1lbnRzIGFuZCBpcyB2ZXJ5PGJy IGNsYXNzPSIiPg0KaW1wb3J0YW50IHRvIG5vdGUuPGJyIGNsYXNzPSIiPg0KPGJyIGNsYXNzPSIi Pg0KU2VjdGlvbiAxLjQgLTxiciBjbGFzcz0iIj4NCjxiciBjbGFzcz0iIj4NCjUuICZuYnNwO1Ry YW5zcG9ydCBBZ25vc3RpYzogVGhlIE5TSCBpcyBlbmNhcHN1bGF0aW9uLWluZGVwZW5kZW50LCBt ZWFuaW5nPGJyIGNsYXNzPSIiPg0KJm5ic3A7Jm5ic3A7Jm5ic3A7aXQgY2FuIGJlIHRyYW5zcG9y dGVkIGJ5IGEgdmFyaWV0eSBvZiBwcm90b2NvbHMuICZuYnNwO0FuIGFwcHJvcHJpYXRlPGJyIGNs YXNzPSIiPg0KJm5ic3A7Jm5ic3A7Jm5ic3A7KGZvciBhIGdpdmVuIGRlcGxveW1lbnQpIGVuY2Fw c3VsYXRpb24gcHJvdG9jb2wgY2FuIGJlIHVzZWQgdG88YnIgY2xhc3M9IiI+DQombmJzcDsmbmJz cDsmbmJzcDtjYXJyeSBOU0gtZW5jYXBzdWxhdGVkIHRyYWZmaWMuICZuYnNwO1RoaXMgdHJhbnNw b3J0IG1heSBmb3JtIGFuPGJyIGNsYXNzPSIiPg0KJm5ic3A7Jm5ic3A7Jm5ic3A7b3ZlcmxheSBu ZXR3b3JrIGFuZCBpZiBhbiBleGlzdGluZyBvdmVybGF5IHRvcG9sb2d5IHByb3ZpZGVzIHRoZTxi ciBjbGFzcz0iIj4NCiZuYnNwOyZuYnNwOyZuYnNwO3JlcXVpcmVkIHNlcnZpY2UgcGF0aCBjb25u ZWN0aXZpdHksIHRoYXQgZXhpc3Rpbmcgb3ZlcmxheSBtYXkgYmU8YnIgY2xhc3M9IiI+DQombmJz cDsmbmJzcDsmbmJzcDt1c2VkLjxiciBjbGFzcz0iIj4NCjxiciBjbGFzcz0iIj4NCklzIHRoZXJl IGEgcHJlZmVycmVkIHRyYW5zcG9ydCBzbyB5b3UgY291bGQgc3BlY2lmeSBhIHJlY29tbWVuZGVk PGJyIGNsYXNzPSIiPg0KdHJhbnNwb3J0IHNlY3VyaXR5IHByb3RvY29sPzxiciBjbGFzcz0iIj4N CjxiciBjbGFzcz0iIj4NCjxiciBjbGFzcz0iIj4NClBRJmd0OyBUaGVyZSBpcyBub3QuICZuYnNw O0luIGZhY3QgYXQgdGhlIEFE4oCZcyByZXF1ZXN0IHNhbXBsZSB0cmFuc3BvcnRzIHdlcmU8YnIg Y2xhc3M9IiI+DQpyZW1vdmVkIHRvIGVuc3VyZSB0aGF0IHRoZXJlIHdhcyBubyBpbXBsaWVkIHBy ZWZlcmVuY2UuICZuYnNwO1RoZXJlZm9yZSwgYW48YnIgY2xhc3M9IiI+DQpvcGVyYXRvciBjYW4g c2VsZWN0IHRoZWlyIHByZWZlcnJlZCB0cmFuc3BvcnRzLCBpbmNsdWRpbmcg4oCUIGFzIHBlciB0 aGU8YnIgY2xhc3M9IiI+DQpzZWN1cml0eSBjb25zaWRlcmF0aW9ucyBzZWN0aW9uIOKAlCBvbmVz IHRoYXQgcHJvdmlkZSBlbmNyeXB0aW9uLjxiciBjbGFzcz0iIj4NCjxiciBjbGFzcz0iIj4NCjxi ciBjbGFzcz0iIj4NClNlY3Rpb24gMiwgM3JkIHNlbnRlbmNlOjxiciBjbGFzcz0iIj4NClN1YnNl cXVlbnRseSwgYW48YnIgY2xhc3M9IiI+DQpvdXRlciBlbmNhcHN1bGF0aW9uIGlzIGltcG9zZWQg b24gdGhlIE5TSCwgd2hpY2ggaXMgdXNlZCBmb3IgbmV0d29yazxiciBjbGFzcz0iIj4NCmZvcndh cmRpbmcuPGJyIGNsYXNzPSIiPg0KPGJyIGNsYXNzPSIiPg0KS25vd2luZyBtb3JlIGFib3V0IHRo aXMgd291bGQgaGVscCB0byB1bmRlcnN0YW5kIG9wdGlvbnMgb3IgaWYgdGhlcmU8YnIgY2xhc3M9 IiI+DQppcyBhbm90aGVyIGRyYWZ0IHRoYXQgYWRkcmVzc2VzIHRoaXMgb3V0ZXIgZW5jYXBzdWxh dGlvbiB0aGF0IGlzPGJyIGNsYXNzPSIiPg0KaW1wb3NlZCBhbmQgdGhlIHRyYW5zcG9ydCBzZWN1 cml0eSByZXF1aXJlbWVudHMgdGhhdCBnbyBhbG9uZyB3aXRoIGl0LjxiciBjbGFzcz0iIj4NCjxi ciBjbGFzcz0iIj4NCjxiciBjbGFzcz0iIj4NClBRJmd0OyBTaW5jZSBOU0ggZGVmaW5lcyBubyBw cmVmZXJyZWQgdHJhbnNwb3J0KHMpLCB0aGUgc2VjdXJpdHkgb2YgdGhlPGJyIGNsYXNzPSIiPg0K c2VsZWN0ZWQgdHJhbnNwb3J0IGlzIGxlZnQgdG8gdGhlIHRyYW5zcG9ydCBzdGFuZGFyZC4gJm5i c3A7Jm5ic3A7U28sIGZvcjxiciBjbGFzcz0iIj4NCjwvYmxvY2txdW90ZT4NCjwvYmxvY2txdW90 ZT4NCjwvYmxvY2txdW90ZT4NCmV4YW1wbGUsIGlmPGJyIGNsYXNzPSIiPg0KPGJsb2NrcXVvdGUg dHlwZT0iY2l0ZSIgY2xhc3M9IiI+DQo8YmxvY2txdW90ZSB0eXBlPSJjaXRlIiBjbGFzcz0iIj4N CjxibG9ja3F1b3RlIHR5cGU9ImNpdGUiIGNsYXNzPSIiPmFuIG9wZXJhdG9yIGVsZWN0cyB0byB1 c2UgdGhlIE5WTzMgZGVmaW5lZCBwcm90b2NvbCwgdGhlbiB0aGUgb3BlcmF0b3I8YnIgY2xhc3M9 IiI+DQo8L2Jsb2NrcXVvdGU+DQo8L2Jsb2NrcXVvdGU+DQo8L2Jsb2NrcXVvdGU+DQpoYXM8YnIg Y2xhc3M9IiI+DQo8YmxvY2txdW90ZSB0eXBlPSJjaXRlIiBjbGFzcz0iIj4NCjxibG9ja3F1b3Rl IHR5cGU9ImNpdGUiIGNsYXNzPSIiPg0KPGJsb2NrcXVvdGUgdHlwZT0iY2l0ZSIgY2xhc3M9IiI+ ZXhwbGljaXRseSBzZWxlY3RlZCB0aGF0IG92ZXJsYXkuPGJyIGNsYXNzPSIiPg0KPGJyIGNsYXNz PSIiPg0KPGJyIGNsYXNzPSIiPg0KVHJhbnNwb3J0IG1heSBiZSBob3AgdG8gaG9wLCBhbmQgdGhl cmUgbWlnaHQgbm90IGJlIGVuY3J5cHRpb24gb2YgdGhpczxiciBjbGFzcz0iIj4NCmhlYWRlciBp ZiB0aGUgYXBwbGljYXRpb24gdXNlcyBhbiBlbmNyeXB0ZWQgdHJhbnNwb3J0IGVuY2Fwc3VsYXRl ZCBpbjxiciBjbGFzcz0iIj4NCnRoaXMgbGF5ZXIuICZuYnNwO0luIGFueSBjYXNlLCBpdCBzZWVt cyBpbnRlZ3JpdHkgcHJvdGVjdGlvbiBpcyBhPGJyIGNsYXNzPSIiPg0KcmVxdWlyZW1lbnQgZm9y IGEgbXVsdGktdGVuYW50IGVudmlyb25tZW50LiAmbmJzcDtDb3VsZCB0aGUgQ09TRSBNQUM8YnIg Y2xhc3M9IiI+DQpmdW5jdGlvbiBmaXQgdGhlIGJpbGwgc2luY2UgaXQgaXMgaW50ZW5kZWQgZm9y IGNvbmNpc2UgZm9ybWF0cz88YnIgY2xhc3M9IiI+DQo8YSBocmVmPSJodHRwczovL2RhdGF0cmFj a2VyLmlldGYub3JnL2RvYy9yZmM4MTUyIiBjbGFzcz0iIj5odHRwczovL2RhdGF0cmFja2VyLmll dGYub3JnL2RvYy9yZmM4MTUyPC9hPjxiciBjbGFzcz0iIj4NCkpPU0UgcHJvZHVjZWQgYSBzaW1p bGFyIGZ1bmN0aW9uIHdpdGggSlNPTiwgYnV0IGl0IHdvdWxkIGJlIHNsaWdodGx5PGJyIGNsYXNz PSIiPg0KPC9ibG9ja3F1b3RlPg0KPC9ibG9ja3F1b3RlPg0KPC9ibG9ja3F1b3RlPg0KbGFyZ2Vy LjxiciBjbGFzcz0iIj4NCjxibG9ja3F1b3RlIHR5cGU9ImNpdGUiIGNsYXNzPSIiPg0KPGJsb2Nr cXVvdGUgdHlwZT0iY2l0ZSIgY2xhc3M9IiI+DQo8YmxvY2txdW90ZSB0eXBlPSJjaXRlIiBjbGFz cz0iIj48YnIgY2xhc3M9IiI+DQpTZWN0aW9uIDcuMTo8YnIgY2xhc3M9IiI+DQo8YnIgY2xhc3M9 IiI+DQpUaGUgZm9sbG93aW5nIHBhcmFncmFwaCBpbXBsaWVzIHRoYXQgYW55dGhpbmcgbGVzcyB0 aGFuIGEgNS10dXBsZTxiciBjbGFzcz0iIj4NCmlzbuKAmXQgdXNlZnVsIGFuZCB0aGF0IHlvdSBp bnRlbmQgdG8gdXNlIHRyYWZmaWMgY29udGVudCB3aGVuPGJyIGNsYXNzPSIiPg0KYXZhaWxhYmxl LiAmbmJzcDtUaGlzIGlzIGNvbmNlcm5pbmcuICZuYnNwO0NhbuKAmXQgeW91IHVzZSBhIDItdHVw bGU/ICZuYnNwO1doYXQgaWY8YnIgY2xhc3M9IiI+DQpJUHNlYyB0cmFuc3BvcnQgbW9kZSB3ZXJl IGluIHVzZSwgaXMgdGhpcyBzb2x1dGlvbiBkZWFkIGluIHRoZSB3YXRlcj88YnIgY2xhc3M9IiI+ DQo8YnIgY2xhc3M9IiI+DQpSZWdhcmRsZXNzIG9mIHRoZSBzb3VyY2UsIG1ldGFkYXRhIHJlZmxl Y3RzIHRoZSAmcXVvdDtyZXN1bHQmcXVvdDsgb2Y8YnIgY2xhc3M9IiI+DQpjbGFzc2lmaWNhdGlv bi4gJm5ic3A7VGhlIGdyYW51bGFyaXR5IG9mIGNsYXNzaWZpY2F0aW9uIG1heSB2YXJ5LiAmbmJz cDtGb3I8YnIgY2xhc3M9IiI+DQpleGFtcGxlLCBhIG5ldHdvcmsgc3dpdGNoLCBhY3RpbmcgYXMg YSBjbGFzc2lmaWVyLCBtaWdodCBvbmx5IGJlIGFibGU8YnIgY2xhc3M9IiI+DQp0byBjbGFzc2lm eSBiYXNlZCBvbiBhIDUtdHVwbGUsIHdoaWxlIGEgc2VydmljZSBmdW5jdGlvbiBtYXkgYmUgYWJs ZTxiciBjbGFzcz0iIj4NCnRvIGluc3BlY3QgYXBwbGljYXRpb24gaW5mb3JtYXRpb24uICZuYnNw O1JlZ2FyZGxlc3Mgb2YgZ3JhbnVsYXJpdHksIHRoZTxiciBjbGFzcz0iIj4NCmNsYXNzaWZpY2F0 aW9uIGluZm9ybWF0aW9uIGNhbiBiZSByZXByZXNlbnRlZCBpbiB0aGUgTlNILjxiciBjbGFzcz0i Ij4NCjxiciBjbGFzcz0iIj4NCklmIGEgMi10dXBsZSBpcyBwb3NzaWJsZSwgY291bGQgeW91IGFk ZCB0aGF0IGluIGFzIGFuIGV4YW1wbGUgaW5zdGVhZDxiciBjbGFzcz0iIj4NCm9mIG9yIGluIGFk ZGl0aW9uIHRvIHRoZSA1LXR1cGxlPzxiciBjbGFzcz0iIj4NCjxiciBjbGFzcz0iIj4NCjxiciBj bGFzcz0iIj4NClBRJmd0OyAmbmJzcDtUaGUgNS10dXBsZSB3YXMgdXNlZCBvbmx5IGFzIGFuIGV4 YW1wbGUgdGhhdCBpcyBjb21tb25seTxiciBjbGFzcz0iIj4NCjwvYmxvY2txdW90ZT4NCjwvYmxv Y2txdW90ZT4NCjwvYmxvY2txdW90ZT4NCnVuZGVyc3Rvb2QgaW48YnIgY2xhc3M9IiI+DQo8Ymxv Y2txdW90ZSB0eXBlPSJjaXRlIiBjbGFzcz0iIj4NCjxibG9ja3F1b3RlIHR5cGU9ImNpdGUiIGNs YXNzPSIiPg0KPGJsb2NrcXVvdGUgdHlwZT0iY2l0ZSIgY2xhc3M9IiI+dGhlIGNvbnRleHQgb2Yg bmV0d29yayBkZXZpY2UgY2xhc3NpZmljYXRpb24uICZuYnNwO1RoZSBzZW50ZW5jZTogJnF1b3Q7 VGhlPGJyIGNsYXNzPSIiPg0KZ3JhbnVsYXJpdHkgb2YgY2xhc3NpZmljYXRpb24gbWF5IHZhcnku 4oCdIGFkZHJlc3NlcyAyLCAzLCA0LCBuLXR1cGxlPGJyIGNsYXNzPSIiPg0KY2xhc3NpZmljYXRp b24uICZuYnNwO0Z1cnRoZXIsIHRoYXQgcG9pbnQgaXMgcmVpbmZvcmNlZDog4oCcUmVnYXJkbGVz cyBvZjxiciBjbGFzcz0iIj4NCmdyYW51bGFyaXR5LCB0aGUgY2xhc3NpZmljYXRpb24gaW5mb3Jt YXRpb24gY2FuIGJlIHJlcHJlc2VudGVkIGluIHRoZTxiciBjbGFzcz0iIj4NCjwvYmxvY2txdW90 ZT4NCjwvYmxvY2txdW90ZT4NCjwvYmxvY2txdW90ZT4NCk5TSC4mcXVvdDs8YnIgY2xhc3M9IiI+ DQo8YmxvY2txdW90ZSB0eXBlPSJjaXRlIiBjbGFzcz0iIj4NCjxibG9ja3F1b3RlIHR5cGU9ImNp dGUiIGNsYXNzPSIiPg0KPGJsb2NrcXVvdGUgdHlwZT0iY2l0ZSIgY2xhc3M9IiI+PGJyIGNsYXNz PSIiPg0KPGJyIGNsYXNzPSIiPg0KPGJyIGNsYXNzPSIiPg0KPGJyIGNsYXNzPSIiPg0KU2VjdGlv biA3LjE8YnIgY2xhc3M9IiI+DQo8YnIgY2xhc3M9IiI+DQpUaGlzIHRleHQgY29tZXMgdG9vIGxh dGUgaW4gdGhlIGRyYWZ0IGFuZCBJIHJlY29tbWVuZCBtYWtpbmcgYSBjbGVhcjxiciBjbGFzcz0i Ij4NCnN0YXRlbWVudCBpbiB0aGUgaW50cm9kdWN0aW9uIHRoYXQgc2Vzc2lvbiBlbmNyeXB0aW9u IHRvIHByb3RlY3QgdGhlPGJyIGNsYXNzPSIiPg0KZGF0YSBpbiB0cmFuc2l0IHJlbGllcyBvbiB0 aGUgYXBwbGljYXRpb24vc2VydmljZSBzZW5kaW5nL3JlY2VpdmluZzxiciBjbGFzcz0iIj4NCnRo ZSBkYXRhIGFuZCBub3QgdGhlIFNGQy4gJm5ic3A7SSBtYWRlIHRoaXMgcG9pbnQgcHJldmlvdXNs eSBhbmQgYW0gZ2xhZCB0bzxiciBjbGFzcz0iIj4NCnNlZSBzb21lIHRleHQsIGJ1dCB0aGluayBp dCB3b3VsZCBiZSBtdWNoIGJldHRlciB0byBzdGF0ZSB0aGlzIGVhcmx5PGJyIGNsYXNzPSIiPg0K aW4gdGhlIGRyYWZ0LiAmbmJzcDtUb3VjaGluZyB1cG9uIHByb3RlY3Rpb25zIGZvciBkYXRhIHN0 cmVhbXMgdmVyc3VzIG1ldGE8YnIgY2xhc3M9IiI+DQpkYXRhIHdvdWxkIGJvdGggYmUgaW1wb3J0 YW50IChsYXllcnMgZm9yIHRyYWZmaWMgYW5kIGFzc29jaWF0ZWQ8YnIgY2xhc3M9IiI+DQpwcm90 ZWN0aW9ucykuICZuYnNwO0lmIGl04oCZcyBtZXRhIGRhdGEsIGRvIHRoZXkgbmVlZCB0byByZWx5 IG9uIElQc2VjIGFuZDxiciBjbGFzcz0iIj4NCmhhdmluZyBhIDItdHVwbGUgYmUgdGhlIG1pbmlt dW0/ICZuYnNwO1doZW4gaXMgdGhhdCBhcHBsaWVkPyAmbmJzcDtJcyB0aGVyZSBtZXRhPGJyIGNs YXNzPSIiPg0KZGF0YSB0aGF0IGNvdWxkIGJlIHNlbnNpdGl2ZSBpZiBUTFMgd2FzIGluIHBsYWNl IGFuZCBhIDUtdHVwbGUgaXM8YnIgY2xhc3M9IiI+DQp2aXNpYmxlIChwZXJoYXBzIHRoZSBleGlz dGVuY2Ugb2YgY29tbXVuaWNhdGlvbiBpcyBzZW5zaXRpdmUpLiAmbmJzcDtBcmU8YnIgY2xhc3M9 IiI+DQp0aGVyZSBvdGhlciBjb25zaWRlcmF0aW9ucyBmb3IgbWV0YWRhdGEgYW5kIGRhdGEgdGhh dCBuZWVkIHRvIGJlPGJyIGNsYXNzPSIiPg0Kc3RhdGVkIHVwIGZyb250IGFuZCBwdXQgb3V0LW9m LXNjb3BlIGZvciBTRkM/ICZuYnNwO0nigJltIGFza2luZyB0aGVzZTxiciBjbGFzcz0iIj4NCnF1 ZXN0aW9ucyBhcyBwcm92aWRpbmcgdGhlc2UgYW5zd2VycyBjb3VsZCBzaG93IHRoYXQgdGhlIHJp c2sgaXM8YnIgY2xhc3M9IiI+DQpjb25zdHJhaW5lZC48YnIgY2xhc3M9IiI+DQo8YnIgY2xhc3M9 IiI+DQpEZXBlbmRpbmcgb24gdGhlIGluZm9ybWF0aW9uIGNhcnJpZWQgaW4gdGhlIG1ldGFkYXRh LCBkYXRhIHByaXZhY3k8YnIgY2xhc3M9IiI+DQpjb25zaWRlcmF0aW9ucyBtYXkgbmVlZCB0byBi ZSBjb25zaWRlcmVkLiAmbmJzcDtGb3IgZXhhbXBsZSwgaWYgdGhlPGJyIGNsYXNzPSIiPg0KbWV0 YWRhdGEgY29udmV5cyB0ZW5hbnQgaW5mb3JtYXRpb24sIHRoYXQgaW5mb3JtYXRpb24gbWF5IG5l ZWQgdG8gYmU8YnIgY2xhc3M9IiI+DQphdXRoZW50aWNhdGVkIGFuZC9vciBlbmNyeXB0ZWQgYmV0 d2VlbiB0aGUgb3JpZ2luYXRvciBhbmQgdGhlPGJyIGNsYXNzPSIiPg0KaW50ZW5kZWQgcmVjaXBp ZW50cyAod2hpY2ggbWF5IGluY2x1ZGUgaW50ZW5kZWQgU0ZzIG9ubHkpLiAmbmJzcDtUaGUgTlNI PGJyIGNsYXNzPSIiPg0KaXRzZWxmIGRvZXMgbm90IHByb3ZpZGUgcHJpdmFjeSBmdW5jdGlvbnMs IHJhdGhlciBpdCByZWxpZXMgb24gdGhlPGJyIGNsYXNzPSIiPg0KdHJhbnNwb3J0L292ZXJsYXkg bGF5ZXIuICZuYnNwO0FuIG9wZXJhdG9yIGNhbiBzZWxlY3QgdGhlIGFwcHJvcHJpYXRlPGJyIGNs YXNzPSIiPg0KdHJhbnNwb3J0IHRvIGVuc3VyZSBjb25maWRlbnRpYWxpdHkgKGFuZCBvdGhlciBz ZWN1cml0eSk8YnIgY2xhc3M9IiI+DQpjb25zaWRlcmF0aW9ucyBhcmUgbWV0LiAmbmJzcDtNZXRh ZGF0YSBwcml2YWN5IGFuZCBzZWN1cml0eSBjb25zaWRlcmF0aW9uczxiciBjbGFzcz0iIj4NCmFy ZSBhIG1hdHRlciBmb3IgdGhlIGRvY3VtZW50cyB0aGF0IGRlZmluZSBtZXRhZGF0YSBmb3JtYXQu PGJyIGNsYXNzPSIiPg0KPGJyIGNsYXNzPSIiPg0KPGJyIGNsYXNzPSIiPg0KPGJyIGNsYXNzPSIi Pg0KUFEmZ3Q7ICZuYnNwO0FyZSB5b3Ugc3VnZ2VzdGluZyB0aGF0IGFwcGxpY2F0aW9uIGxheWVy IGNvbmZpZGVudGlhbGx5IGJlPGJyIGNsYXNzPSIiPg0KPC9ibG9ja3F1b3RlPg0KPC9ibG9ja3F1 b3RlPg0KPC9ibG9ja3F1b3RlPg0KYWRkcmVzc2VkPGJyIGNsYXNzPSIiPg0KPGJsb2NrcXVvdGUg dHlwZT0iY2l0ZSIgY2xhc3M9IiI+DQo8YmxvY2txdW90ZSB0eXBlPSJjaXRlIiBjbGFzcz0iIj4N CjxibG9ja3F1b3RlIHR5cGU9ImNpdGUiIGNsYXNzPSIiPmluIHRoaXMgZHJhZnQ/ICZuYnNwOyZu YnNwO05TSCDigJxwbGF5cyBuaWNlbHnigJ0gd2l0aCBzdGFuZGFyZCBlbmNyeXB0aW9uPGJyIGNs YXNzPSIiPg0KPC9ibG9ja3F1b3RlPg0KPC9ibG9ja3F1b3RlPg0KPC9ibG9ja3F1b3RlPg0KdHJh bnNwb3J0cyw8YnIgY2xhc3M9IiI+DQo8YmxvY2txdW90ZSB0eXBlPSJjaXRlIiBjbGFzcz0iIj4N CjxibG9ja3F1b3RlIHR5cGU9ImNpdGUiIGNsYXNzPSIiPg0KPGJsb2NrcXVvdGUgdHlwZT0iY2l0 ZSIgY2xhc3M9IiI+dGhlcmVmb3JlIGFsbG93aW5nIG9wZXJhdG9ycyB0byDigJxzZWN1cmXigJ0g dGhlIHBhdGguICZuYnNwO0dvaW5nIHVwIHRoZSBzdGFjazxiciBjbGFzcz0iIj4NCjwvYmxvY2tx dW90ZT4NCjwvYmxvY2txdW90ZT4NCjwvYmxvY2txdW90ZT4NCmZyb208YnIgY2xhc3M9IiI+DQo8 YmxvY2txdW90ZSB0eXBlPSJjaXRlIiBjbGFzcz0iIj4NCjxibG9ja3F1b3RlIHR5cGU9ImNpdGUi IGNsYXNzPSIiPg0KPGJsb2NrcXVvdGUgdHlwZT0iY2l0ZSIgY2xhc3M9IiI+dGhhdCBzZWVtcyB0 byBiZSBvdXRzaWRlIHRoZSBzY29wZSBvZiBOU0ggYW5kIGluY29uc2lzdGVudCB3aXRoIG90aGVy PGJyIGNsYXNzPSIiPg0KcHJvdG9jb2wgcmVxdWlyZW1lbnRzLjxiciBjbGFzcz0iIj4NCjxiciBj bGFzcz0iIj4NCjxiciBjbGFzcz0iIj4NCk90aGVyIGNvbW1lbnRzOjxiciBjbGFzcz0iIj4NCjxi ciBjbGFzcz0iIj4NCknigJlkIGxpa2UgdG8gc2VlOzxiciBjbGFzcz0iIj4NCjxhIGhyZWY9Imh0 dHBzOi8vdG9vbHMuaWV0Zi5vcmcvaHRtbC9kcmFmdC1tZ2x0LXNmYy1zZWN1cml0eS1lbnZpcm9u bWVudC1yZXEtMDIiIGNsYXNzPSIiPmh0dHBzOi8vdG9vbHMuaWV0Zi5vcmcvaHRtbC9kcmFmdC1t Z2x0LXNmYy1zZWN1cml0eS1lbnZpcm9ubWVudC1yZXEtMDI8L2E+PGJyIGNsYXNzPSIiPg0KUHVi bGlzaGVkIGJlZm9yZSB0aGlzIGRvY3VtZW50IGFuZCB0aGVuIGhhdmUgdGhhdCBhcyBhIHJlZmVy ZW5jZS4gJm5ic3A7T25lPGJyIGNsYXNzPSIiPg0Kb2YgdGhlIGNvbW1lbnRzIEkgbWFkZSBwcmV2 aW91c2x5IHdhcyB0byBsaXN0IG91dCB0aGUgbGF5ZXJpbmcgYW5kPGJyIGNsYXNzPSIiPg0KcHJv dGVjdGlvbnMgZXhwZWN0ZWQgb24gZGF0YSBhbmQgTlNILiAmbmJzcDtUaGlzIGhhcyBiZWVuIGRv bmUgaW4gdGhlPGJyIGNsYXNzPSIiPg0Kc2VjdXJpdHkgZW52aXJvbm1lbnQgZHJhZnQsIHNlY3Rp b24gNCBzaG91bGQgYmUgcmVmZXJlbmNlZDo8YnIgY2xhc3M9IiI+DQo8YnIgY2xhc3M9IiI+DQpT ZWN0aW9uIDQgcHJvdmlkZXMgYW4gb3ZlcmFsbCBkZXNjcmlwdGlvbiBvZiB0aGUgU0ZDIGVudmly b25tZW50IHdpdGg8YnIgY2xhc3M9IiI+DQp0aGUgaW50cm9kdWN0aW9uIG9mIHRoZSBkaWZmZXJl bnQgcGxhbmVzIChTRkMgQ29udHJvbCBQbGFuZSwgdGhlIFNGQzxiciBjbGFzcz0iIj4NCk1hbmFn ZW1lbnQgUGxhbmUsIHRoZSBUZW5hbnQncyB1c2VyIFBsYW5lIGFuZCB0aGUgU0ZDIERhdGEgUGxh bmUpLjxiciBjbGFzcz0iIj4NCjxiciBjbGFzcz0iIj4NCjxiciBjbGFzcz0iIj4NCjxiciBjbGFz cz0iIj4NClBRJmd0OyAmbmJzcDtBcyBJIG1lbnRpb25lZCBvbiBhbm90aGVyIHRocmVhZDogYSBz ZWN1cmUgZW52aXJvbm1lbnQgZHJhZnQgaXM8YnIgY2xhc3M9IiI+DQo8L2Jsb2NrcXVvdGU+DQo8 L2Jsb2NrcXVvdGU+DQo8L2Jsb2NrcXVvdGU+DQpub3Q8YnIgY2xhc3M9IiI+DQo8YmxvY2txdW90 ZSB0eXBlPSJjaXRlIiBjbGFzcz0iIj4NCjxibG9ja3F1b3RlIHR5cGU9ImNpdGUiIGNsYXNzPSIi Pg0KPGJsb2NrcXVvdGUgdHlwZT0iY2l0ZSIgY2xhc3M9IiI+cmVsYXRlZCB0byBOU0ggcGVyIHNl LjxiciBjbGFzcz0iIj4NCjxiciBjbGFzcz0iIj4NCjxiciBjbGFzcz0iIj4NCjxiciBjbGFzcz0i Ij4NCjxiciBjbGFzcz0iIj4NClRoaXMgaXMgYSB2ZXJ5IGltcG9ydGFudCBwb2ludCBmb3IgYW55 b25lIHJldmlld2luZyBmb3Igc2VjdXJpdHkgYXM8YnIgY2xhc3M9IiI+DQphcmUgdGhlIGVudmly b25tZW50IHNlY3VyaXR5IHJlcXVpcmVtZW50cy4gJm5ic3A7VGhlIHNlY3VyaXR5IGVudmlyb25t ZW50PGJyIGNsYXNzPSIiPg0KcmVxdWlyZW1lbnRzIGRyYWZ0IHN0aWxsIG5lZWRzIGEgbGl0dGxl IG1vcmUgd29yayBmcm9tIGEgcXVpY2sgcmVhZCw8YnIgY2xhc3M9IiI+DQpidXQgaGVscHMgYSBs b3QuICZuYnNwO0kgbmVlZCB0byBmaW5pc2ggcmVhZGluZyB0aGUgc2VjdXJpdHkgZW52aXJvbm1l bnQ8YnIgY2xhc3M9IiI+DQpkcmFmdC48YnIgY2xhc3M9IiI+DQo8YnIgY2xhc3M9IiI+DQotLTxi ciBjbGFzcz0iIj4NCjxiciBjbGFzcz0iIj4NCkJlc3QgcmVnYXJkcyw8YnIgY2xhc3M9IiI+DQpL YXRobGVlbjxiciBjbGFzcz0iIj4NCjxiciBjbGFzcz0iIj4NCl9fX19fX19fX19fX19fX19fX19f X19fX19fX19fX19fX19fX19fX19fX19fX19fPGJyIGNsYXNzPSIiPg0Kc2ZjIG1haWxpbmcgbGlz dDxiciBjbGFzcz0iIj4NCjxhIGhyZWY9Im1haWx0bzpzZmNAaWV0Zi5vcmciIGNsYXNzPSIiPnNm Y0BpZXRmLm9yZzwvYT48YnIgY2xhc3M9IiI+DQo8YSBocmVmPSJodHRwczovL3d3dy5pZXRmLm9y Zy9tYWlsbWFuL2xpc3RpbmZvL3NmYyIgY2xhc3M9IiI+aHR0cHM6Ly93d3cuaWV0Zi5vcmcvbWFp bG1hbi9saXN0aW5mby9zZmM8L2E+PGJyIGNsYXNzPSIiPg0KPGJyIGNsYXNzPSIiPg0KPGJyIGNs YXNzPSIiPg0KPGJyIGNsYXNzPSIiPg0KPGJyIGNsYXNzPSIiPg0KPGJyIGNsYXNzPSIiPg0KLS08 YnIgY2xhc3M9IiI+DQo8YnIgY2xhc3M9IiI+DQpCZXN0IHJlZ2FyZHMsPGJyIGNsYXNzPSIiPg0K S2F0aGxlZW48YnIgY2xhc3M9IiI+DQo8YnIgY2xhc3M9IiI+DQpfX19fX19fX19fX19fX19fX19f X19fX19fX19fX19fX19fX19fX19fX19fX19fXzxiciBjbGFzcz0iIj4NCnNmYyBtYWlsaW5nIGxp c3Q8YnIgY2xhc3M9IiI+DQpzZmNAaWV0Zi5vcmc8YnIgY2xhc3M9IiI+DQpodHRwczovL3d3dy5p ZXRmLm9yZy9tYWlsbWFuL2xpc3RpbmZvL3NmYzxiciBjbGFzcz0iIj4NCjxiciBjbGFzcz0iIj4N CjxiciBjbGFzcz0iIj4NCjwvYmxvY2txdW90ZT4NCjxiciBjbGFzcz0iIj4NCjxiciBjbGFzcz0i Ij4NCjxiciBjbGFzcz0iIj4NCi0tPGJyIGNsYXNzPSIiPg0KPGJyIGNsYXNzPSIiPg0KQmVzdCBy ZWdhcmRzLDxiciBjbGFzcz0iIj4NCkthdGhsZWVuPGJyIGNsYXNzPSIiPg0KPC9ibG9ja3F1b3Rl Pg0KPGJyIGNsYXNzPSIiPg0KPC9ibG9ja3F1b3RlPg0KPGJyIGNsYXNzPSIiPg0KPGJyIGNsYXNz PSIiPg0KPGJyIGNsYXNzPSIiPg0KLS08YnIgY2xhc3M9IiI+DQo8YnIgY2xhc3M9IiI+DQpCZXN0 IHJlZ2FyZHMsPGJyIGNsYXNzPSIiPg0KS2F0aGxlZW48YnIgY2xhc3M9IiI+DQo8YnIgY2xhc3M9 IiI+DQpfX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fXzxiciBj bGFzcz0iIj4NCnNmYyBtYWlsaW5nIGxpc3Q8YnIgY2xhc3M9IiI+DQo8YSBocmVmPSJtYWlsdG86 c2ZjQGlldGYub3JnIiBjbGFzcz0iIj5zZmNAaWV0Zi5vcmc8L2E+PGJyIGNsYXNzPSIiPg0KPGEg aHJlZj0iaHR0cHM6Ly93d3cuaWV0Zi5vcmcvbWFpbG1hbi9saXN0aW5mby9zZmMiIGNsYXNzPSIi Pmh0dHBzOi8vd3d3LmlldGYub3JnL21haWxtYW4vbGlzdGluZm8vc2ZjPC9hPjxiciBjbGFzcz0i Ij4NCl9fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fPGJyIGNs YXNzPSIiPg0Kc2ZjIG1haWxpbmcgbGlzdDxiciBjbGFzcz0iIj4NCnNmY0BpZXRmLm9yZzxiciBj bGFzcz0iIj4NCmh0dHBzOi8vd3d3LmlldGYub3JnL21haWxtYW4vbGlzdGluZm8vc2ZjPGJyIGNs YXNzPSIiPg0KPC9ibG9ja3F1b3RlPg0KPC9kaXY+DQo8L2Rpdj4NCjwvYmxvY2txdW90ZT4NCjwv ZGl2Pg0KPGJyIGNsYXNzPSIiPg0KPC9kaXY+DQo8L2JvZHk+DQo8L2h0bWw+DQo= --_000_65C0A290C73E40A5B41C4E0C4181BDABciscocom_-- From nobody Thu Sep 21 06:26:18 2017 Return-Path: X-Original-To: sfc@ietfa.amsl.com Delivered-To: sfc@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D1A5C134B46 for ; Thu, 21 Sep 2017 06:26:16 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.999 X-Spam-Level: X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id himWUYl_fkbv for ; Thu, 21 Sep 2017 06:26:14 -0700 (PDT) Received: from mail-pf0-x233.google.com (mail-pf0-x233.google.com [IPv6:2607:f8b0:400e:c00::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DDC86134AA7 for ; Thu, 21 Sep 2017 06:26:13 -0700 (PDT) Received: by mail-pf0-x233.google.com with SMTP id g65so3200224pfe.13 for ; Thu, 21 Sep 2017 06:26:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=LxXvXwB5kfo7KCaU/tU62yzy1UOiQ9Wp9yZm/pHOQn4=; b=EsI8zNnOYaH+eORQhbS1OAsWge+Xbk915foEyMKXlo4A4WiiqjV6/1Kq8ZVh7uSanJ Waa2tXfPG2Hzp64Yce6xrkxd1MP0nMUwy8DeJKjUt7QNu9PAvi6YZw7RAZUjKLDuB9Jy Znz6hL86/CyETqPeeZk4qCHRbxOXMTr5MtJtx8LdJQJHjRBvEYpvFNzwAeq19D8iy+5Z fDAvGzPr3gegoGhkLxsX1wkZ7qFT/reU/6VhiLwyXdc+vhnAx8SLLKr8uHW9RYJ+wjUD YqEg4/81zU+AtzKXU/BQp3pUGJhUAw8Wr0PtUQJIZpfutAx3xb6zUnAjy7auRfJDd3t9 7MPA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=LxXvXwB5kfo7KCaU/tU62yzy1UOiQ9Wp9yZm/pHOQn4=; b=Ns7Rwhf43XoYqrc7iJ+DE5tkkRFgMO+f+1jD88do2su5+rwtvutCzGrQlOMHyPWE0P bhosDclftun/e5en4lSNFeHbw8C7ge58K+XSJ7FB1jXJdbjdSKZ3fduAYtzDqr+U12R9 Toj4rNg5HJtvjFpoVxe/rFXUZlp8JHdi6+p3XW1yxSlgovYhLXx83HpiOMItvh6nXAmA Lo154xmEdXYZnovAt56N785Q7ukvpBhMn5bgW5ncD9WvGa0Su+lPIXOcX1EGMLkJvnIS g4/7OE5gZRI28s7Axs/tls7mtKTIuhJ7FnZlM3ip1slLIn7Ju7IS7I0UQrO/FJKWnUft xIsg== X-Gm-Message-State: AHPjjUh7V9R2awcohQPpPoTTGW3jVCJnPpV3bqcCKvsopqBk3v0PVxJI I8VzhUMCiGGOBEBO2ND4Cc9duFuZMHFgUPBEVVc= X-Google-Smtp-Source: AOwi7QCLLM3060sKWCqkWwOMjb5ZOqQ0DQCIdly/7mJmamv8OBF+vlveOW01hzOTzLHNSZ6bgvq1VbRSVoyACpOOPGg= X-Received: by 10.101.82.9 with SMTP id o9mr5889358pgp.42.1506000373231; Thu, 21 Sep 2017 06:26:13 -0700 (PDT) MIME-Version: 1.0 Received: by 10.100.144.1 with HTTP; Thu, 21 Sep 2017 06:25:32 -0700 (PDT) In-Reply-To: <65C0A290-C73E-40A5-B41C-4E0C4181BDAB@cisco.com> References: <6971D34B-DC0E-4C3E-B412-3C2F8FAE5704@cisco.com> <43ED911F-2174-4930-A9BE-1B2A81CD03E9@cisco.com> <787AE7BB302AE849A7480A190F8B93300A046CB0@OPEXCLILMA3.corporate.adroot.infra.ftgroup> <65C0A290-C73E-40A5-B41C-4E0C4181BDAB@cisco.com> From: Kathleen Moriarty Date: Thu, 21 Sep 2017 09:25:32 -0400 Message-ID: To: "Carlos Pignataro (cpignata)" Cc: Med Boucadair , James N Guichard , "Paul Quinn (paulq)" , "sfc@ietf.org" Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Archived-At: Subject: Re: [sfc] Early review draft-ietf-sfc-nsh X-BeenThere: sfc@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Network Service Chaining List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 21 Sep 2017 13:26:17 -0000 On Thu, Sep 21, 2017 at 8:47 AM, Carlos Pignataro (cpignata) wrote: > Hi, Med, > > I fully agree with you. However, I did go through the whole document maki= ng > sure we were always using =E2=80=9Ctransport encapsulation=E2=80=9D. Fran= kly, I did find a > few places where normalizing and cleaning the terminology helped a lot. I= =E2=80=99ll > post those changes before next week (I want to make some updates to the > security considerations as well, and then release). > > I also agree that, in theory, we do not need to re-describe the layering = and > all the pieces exist in RFC 7665 and in the NSH spec. I do not mind errin= g > on the side of extra clarity for the uninitiated reader. > > I will ask you to check out the forthcoming revision -22. Thank you. I think this will be very helpful. Perhaps a reference to the diagram Med pointed out would fit somewhere in the introduction? You don't need to include it again. Having not looked at the update yet, I am not sure if that is necessary. Thanks, Kathleen > > Thanks! > > =E2=80=94 > Carlos Pignataro, carlos@cisco.com > > =E2=80=9CSometimes I use big words that I do not fully understand, to mak= e myself > sound more photosynthesis." > > On Sep 21, 2017, at 3:05 AM, mohamed.boucadair@orange.com wrote: > > Jim, all, > > I do understand the confusion that is induced by "transport" in the NSH > document. Using another term would fix this, sure. > > But, we need to keep in mind that NSH spec is referring to RFC7665 which > uses "transport" extensively. IMHO, the following figure from RFC7665 is > very helpful to understand the SFC layering, including the notion of > outer-transport encapsulation. > > +----------------+ +----------------+ > | SFC-aware | | SFC-unaware | > |Service Function| |Service Function| > +-------+--------+ +-------+--------+ > | | > SFC Encapsulation No SFC Encapsulation > | SFC | > +---------+ +----------------+ Encapsulation +---------+ > |SFC-Aware|-----------------+ \ +------------|SFC Proxy| > | SF | ... ----------+ \ \ / +---------+ > +---------+ \ \ \ / > +-------+--------+ > | SF Forwarder | > | (SFF) | > +-------+--------+ > | > SFC Encapsulation > | > ... SFC-enabled Domain ... > | > Network Overlay Transport > | > _,....._ > ,-' `-. > / `. > | Network | > `. / > `.__ __,-' > `'''' > > Ideally, we don't even need to re-describe the layering in the NSH spec > given that the draft delimits its scope clearly: > > The NSH is the SFC encapsulation required to support > ^^^^^^^^^^^^^^^^^^^^^^^^ > the Service Function Chaining (SFC) architecture (defined in > RFC7665). > > Cheers, > Med > > -----Message d'origine----- > De : sfc [mailto:sfc-bounces@ietf.org] De la part de James N Guichard > Envoy=C3=A9 : mercredi 20 septembre 2017 18:38 > =C3=80 : Kathleen Moriarty; Carlos Pignataro (cpignata) > Cc : Paul Quinn (paulq); sfc@ietf.org > Objet : Re: [sfc] Early review draft-ietf-sfc-nsh > > Hi Kathleen, > > I am not quite clear as to exactly what is confusing with the existing > text (-21 version). Quoting from section 1: > > The Network Service Header (NSH) specification defines a new protocol > and associated encapsulation for the creation of dynamic service > chains, operating at the service plane. The NSH is designed to > encapsulate an original packet or frame, and in turn be encapsulated > by an outer transport (which is used to deliver the NSH to NSH-aware > network elements), as shown in Figure 1: > > +------------------------------+ > | Transport Encapsulation | > +------------------------------+ > | Network Service Header (NSH) | > +------------------------------+ > | Original Packet / Frame | > +------------------------------+ > > Figure 1: Network Service Header Encapsulation > > This states that the NSH is designed to encapsulate the original > packet/frame (read IP packet or Ethernet frame) and then in turn be > carried by an outer transport. The figure clearly shows that the outer > transport in this context is "Transport Encapsulation". The draft then > goes on to describe what NSH is and then in section 4 more detail is > provided on the transport encapsulation. Now reading section 4 it starts > by saying: > > Once the NSH is added to a packet, an outer encapsulation is used to > forward the original packet and the associated metadata to the start > of a service chain. > > Is the confusion caused by section 1 & 4 text saying "outer encapsulation= " > or "outer transport" rather than "Transport Encapsulation" ? If so that i= s > easily fixed :-) > > Thanks! > > Jim > > -----Original Message----- > From: sfc [mailto:sfc-bounces@ietf.org] On Behalf Of Kathleen Moriarty > Sent: Wednesday, September 20, 2017 12:22 PM > To: Carlos Pignataro (cpignata) > Cc: Paul Quinn (paulq) ; sfc@ietf.org > Subject: Re: [sfc] Early review draft-ietf-sfc-nsh > > Hi Carlos, > > Please look at the text in the current document. It only says transport > in the text I quoted. The diagram also only says transport. > Drafts need to be clearly written to be broadly understood and the way th= e > text is now, it is not. I think cleaning it up a bit will lift some of > the security concerns as some are addressed prior to NSH seeing the IP > packet or frame. > > Your response helps, but please take the time to look through the documen= t > to see how it can be clarified so one does not have the questions I and > others have raised. > > Thank you, > Kathleen > > On Wed, Sep 20, 2017 at 11:59 AM, Carlos Pignataro (cpignata) > wrote: > > Hi, Kathleen, > > Thank you for asking explicitly. This document used to have explicit > > =E2=80=9CNSH Encapsulation Examples=E2=80=9D, but were taken out (at the = AD=E2=80=99s request) > based on the argument that =E2=80=9Ceveryone would like to have their > encapsulation=E2=80=9D. We can always bring them back if desired, even wi= thin a > non-normative appendix. > > > As I follow your questions, I will try my best to answer and clarify. > > I am not sure which =E2=80=9Cbunny trail=E2=80=9D took the conversation h= ere, but > > perhaps a couple of top-post clarifications might help: > > > 1. =E2=80=9COriginal Packet/Frame=E2=80=9D -> the terminology Packet/Fram= e, as commonly > > used, denotes an IP packet or an Ethernet frame. > > 2. The outer "Transport Encapsulation=E2=80=9D does *not* mean TCP. It us= es the > > word =E2=80=9CTransport=E2=80=9D as transport profile, an encapsulation t= hat transports, > not as TCP. GRE is one example of a transport encapsulation, not TCP as a > =E2=80=9CL4 Transport Layer protocol=E2=80=9D. > > > In point #2, GRE is the Transport that NSH uses between SFFs/SFs. And > > further, since NSH is Transport Encapsulation agnostic, we are talking > about potentially a broad set of protocols=E2=80=A6 I=E2=80=99d encourage= us to not > attempt to classify them in OSI Layers. > > > I can see that some of this might not be totally clear if scanning > > through the document, but it is clear for an implementor. > > > See Table 1 and Table 3 for examples (Transport column) > > I hope this helps set clarifying context, see inline for more specific > > details... > > > On Sep 20, 2017, at 11:21 AM, Kathleen Moriarty > > wrote: > > > Hi Carlos, > > It's a start, but should be more specific. > > > The specifics are in the document, even examples as per Tables 1 and 3. > > What are the original > packets/frame - is this link layer or network or both? > > > These are the packets or frames incoming into a classifier, original, > > then NSH is imposed, then a transport encapsulation is imposed. > > > It seems like > both from the diagram, but is that really the case? > > > Yes, it is both. Really the case. > > > Then for the transport encapsulation, is this layer 3 or 4? > > > I believe it is a source of headache and confusion to think about OSI > > layers=E2=80=A6 what layer is IP-in-IP? And an MPLS Pseudowire transporti= ng > Ethernet? Or an IPv6/L2TPv3 pseudowire transporting TDM? > > > > The wording that precedes this is a bit confusing (here for reference): > > The Network Service Header (NSH) specification defines a new protocol > and associated encapsulation for the creation of dynamic service > chains, operating at the service plane. The NSH is designed to > encapsulate an original packet or frame, and in turn be encapsulated > by an outer transport (which is used to deliver the NSH to NSH-aware > network elements), as shown in Figure 1: > > > Does the explanation above help? I am not sure how to best answer=E2=80= =A6 > > because I do not find it confusing. This text is the result of reviewers > asking for clarity, and then acknowledging that the paragraph above > brought that clarity. > > > > Normally, the higher layers are encapsulated, > > > What is higher and lower? And for what definition of =E2=80=9CNormally=E2= =80=9D? What=E2=80=99s > > a Tunnel? > > > but this wording > describes just the opposite. It says the packet/frame at layer 2/3 > (just going from the normal uses of packet and frame to assume layer > 3/2). > > > Correct. IP packet, Ethernet Frame. > > NHS encapsulates that, and then is encapsulated by a transport layer > 3/4? > > > No. > > Where does it say =E2=80=9CTransport Layer=E2=80=9D? > > Note that =E2=80=9CNetwork Transport=E2=80=9D, and =E2=80=9CTransport Enc= apsulation=E2=80=9D are terms > > coming from RFC 7665. > > > And to be clear: many RFCs use =E2=80=9CTransport Encapsulation=E2=80=9D = or a > variation of that (Encapsulation for Transport, Transport-independent > Encapsulation, etc.) > > See Table 1 and Table 3, Transport column, for examples. > > > If you can clarify this text or make it clear that you really > intended to do this odd encapsulation, that would help a lot. > > > Hopefully my explanation helps. > > Understanding the layers this all happens at is very important. If > NSH is the trigger for the layer 3/4 transport, how can security be > applied? Or is it addressed by a prior 3/4 encapsulation by the > original packet/frame? > > Thanks, > Kathleen > > > > =E2=80=94 > Carlos Pignataro, carlos@cisco.com > > > > On Tue, Sep 19, 2017 at 4:53 PM, Carlos Pignataro (cpignata) > wrote: > > Hi, Kathleen, > > Thanks for the clarification. > > Regarding: > > is that the layering needs to be specifically stated to clearly > > > Like this? > https://tools.ietf.org/html/draft-ietf-sfc-nsh-21#section-1 > > +------------------------------+ > | Transport Encapsulation | > +------------------------------+ > | Network Service Header (NSH) | > +------------------------------+ > | Original Packet / Frame | > +------------------------------+ > > Figure 1: Network Service Header Encapsulation > > I think if you laid this out > nicely and clearly showed where transport security is addressed at > another layer (out-of-scope), it would go a long way. > > > Hopefully the above (existing) figure and text is clear. In that case: > > One idea is to categorize the paragraphs in the Security > > Considerations to > > make those relations more clear. > > =E2=80=94 > Carlos Pignataro. > > > On Sep 19, 2017, at 3:38 PM, Kathleen Moriarty > wrote: > > Thanks for the responses. I'm going to top post as I thin the main > point of my review is that the layering needs to be specifically > stated to clearly scope the problem space for NSH security > considerations. The draft as-written is not clear and as a result, > security reviews are very difficult. I think if you laid this out > nicely and clearly showed where transport security is addressed at > another layer (out-of-scope), it would go a long way. Although the > draft improved a bit from the previous version, I think a careful > review and edit pass would do a lot of good, specifically around > clarity of the problem space and solution. The questions I asked were > a result of lack of clarity in the draft. > > Thanks, > Kathleen > > On Tue, Sep 19, 2017 at 3:22 PM, Paul Quinn (paulq) > > wrote: > > > Hi, > > Thank you for the review. Please see some comments inline below. > > Paul > > On Sep 18, 2017, at 4:15 PM, Kathleen Moriarty > wrote: > > Hello, > > At Alia's request, I did an early review of draft-ietf-sfc-nsh. Here > are some initial comments and I may have more when the draft is > revised and is in for IESG review. I appreciate your efforts > addressing the comments received to date. I hope you find these > suggestions as helpful improvements to the document and clarity of NSH > security concerns. > > > Section 1 - > > The intended scope in the introduction should also include mention of > multi-tenancy. This changes the security requirements and is very > important to note. > > Section 1.4 - > > 5. Transport Agnostic: The NSH is encapsulation-independent, meaning > it can be transported by a variety of protocols. An appropriate > (for a given deployment) encapsulation protocol can be used to > carry NSH-encapsulated traffic. This transport may form an > overlay network and if an existing overlay topology provides the > required service path connectivity, that existing overlay may be > used. > > Is there a preferred transport so you could specify a recommended > transport security protocol? > > > PQ> There is not. In fact at the AD=E2=80=99s request sample transports = were > removed to ensure that there was no implied preference. Therefore, an > operator can select their preferred transports, including =E2=80=94 as pe= r the > security considerations section =E2=80=94 ones that provide encryption. > > > Section 2, 3rd sentence: > Subsequently, an > outer encapsulation is imposed on the NSH, which is used for network > forwarding. > > Knowing more about this would help to understand options or if there > is another draft that addresses this outer encapsulation that is > imposed and the transport security requirements that go along with it. > > > PQ> Since NSH defines no preferred transport(s), the security of the > selected transport is left to the transport standard. So, for > > example, if > > an operator elects to use the NVO3 defined protocol, then the operator > > has > > explicitly selected that overlay. > > > Transport may be hop to hop, and there might not be encryption of this > header if the application uses an encrypted transport encapsulated in > this layer. In any case, it seems integrity protection is a > requirement for a multi-tenant environment. Could the COSE MAC > function fit the bill since it is intended for concise formats? > https://datatracker.ietf.org/doc/rfc8152 > JOSE produced a similar function with JSON, but it would be slightly > > larger. > > > Section 7.1: > > The following paragraph implies that anything less than a 5-tuple > isn=E2=80=99t useful and that you intend to use traffic content when > available. This is concerning. Can=E2=80=99t you use a 2-tuple? What i= f > IPsec transport mode were in use, is this solution dead in the water? > > Regardless of the source, metadata reflects the "result" of > classification. The granularity of classification may vary. For > example, a network switch, acting as a classifier, might only be able > to classify based on a 5-tuple, while a service function may be able > to inspect application information. Regardless of granularity, the > classification information can be represented in the NSH. > > If a 2-tuple is possible, could you add that in as an example instead > of or in addition to the 5-tuple? > > > PQ> The 5-tuple was used only as an example that is commonly > > understood in > > the context of network device classification. The sentence: "The > granularity of classification may vary.=E2=80=9D addresses 2, 3, 4, n-tup= le > classification. Further, that point is reinforced: =E2=80=9CRegardless o= f > granularity, the classification information can be represented in the > > NSH." > > > > > > Section 7.1 > > This text comes too late in the draft and I recommend making a clear > statement in the introduction that session encryption to protect the > data in transit relies on the application/service sending/receiving > the data and not the SFC. I made this point previously and am glad to > see some text, but think it would be much better to state this early > in the draft. Touching upon protections for data streams versus meta > data would both be important (layers for traffic and associated > protections). If it=E2=80=99s meta data, do they need to rely on IPsec a= nd > having a 2-tuple be the minimum? When is that applied? Is there meta > data that could be sensitive if TLS was in place and a 5-tuple is > visible (perhaps the existence of communication is sensitive). Are > there other considerations for metadata and data that need to be > stated up front and put out-of-scope for SFC? I=E2=80=99m asking these > questions as providing these answers could show that the risk is > constrained. > > Depending on the information carried in the metadata, data privacy > considerations may need to be considered. For example, if the > metadata conveys tenant information, that information may need to be > authenticated and/or encrypted between the originator and the > intended recipients (which may include intended SFs only). The NSH > itself does not provide privacy functions, rather it relies on the > transport/overlay layer. An operator can select the appropriate > transport to ensure confidentiality (and other security) > considerations are met. Metadata privacy and security considerations > are a matter for the documents that define metadata format. > > > > PQ> Are you suggesting that application layer confidentially be > > addressed > > in this draft? NSH =E2=80=9Cplays nicely=E2=80=9D with standard encrypt= ion > > transports, > > therefore allowing operators to =E2=80=9Csecure=E2=80=9D the path. Going= up the stack > > from > > that seems to be outside the scope of NSH and inconsistent with other > protocol requirements. > > > Other comments: > > I=E2=80=99d like to see; > https://tools.ietf.org/html/draft-mglt-sfc-security-environment-req-02 > Published before this document and then have that as a reference. One > of the comments I made previously was to list out the layering and > protections expected on data and NSH. This has been done in the > security environment draft, section 4 should be referenced: > > Section 4 provides an overall description of the SFC environment with > the introduction of the different planes (SFC Control Plane, the SFC > Management Plane, the Tenant's user Plane and the SFC Data Plane). > > > > PQ> As I mentioned on another thread: a secure environment draft is > > not > > related to NSH per se. > > > > > This is a very important point for anyone reviewing for security as > are the environment security requirements. The security environment > requirements draft still needs a little more work from a quick read, > but helps a lot. I need to finish reading the security environment > draft. > > -- > > Best regards, > Kathleen > > _______________________________________________ > sfc mailing list > sfc@ietf.org > https://www.ietf.org/mailman/listinfo/sfc > > > > > > -- > > Best regards, > Kathleen > > _______________________________________________ > sfc mailing list > sfc@ietf.org > https://www.ietf.org/mailman/listinfo/sfc > > > > > > -- > > Best regards, > Kathleen > > > > > > -- > > Best regards, > Kathleen > > _______________________________________________ > sfc mailing list > sfc@ietf.org > https://www.ietf.org/mailman/listinfo/sfc > _______________________________________________ > sfc mailing list > sfc@ietf.org > https://www.ietf.org/mailman/listinfo/sfc > > --=20 Best regards, Kathleen From nobody Fri Sep 22 08:17:36 2017 Return-Path: X-Original-To: sfc@ietfa.amsl.com Delivered-To: sfc@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F051F1344A0 for ; Fri, 22 Sep 2017 08:17:34 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.301 X-Spam-Level: X-Spam-Status: No, score=-1.301 tagged_above=-999 required=5 tests=[BAYES_05=-0.5, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=joelhalpern.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id X4OjIxhxdAfR for ; Fri, 22 Sep 2017 08:17:33 -0700 (PDT) Received: from mailb2.tigertech.net (mailb2.tigertech.net [208.80.4.154]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AB4ED13449F for ; Fri, 22 Sep 2017 08:17:33 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by mailb2.tigertech.net (Postfix) with ESMTP id 8CD963E3167 for ; Fri, 22 Sep 2017 08:17:33 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=joelhalpern.com; s=1.tigertech; t=1506093453; bh=OTEhxupntVLJsQDQm0q9cj6cG4MgNOnaNDNN8M3+Jik=; h=To:From:Subject:Date:From; b=CeAuonTzcxHe4UtP4rwiddDU3UaaL8v9EcsAHxO5Q7ZBtjr+nNJlNWsjjkRaoTShO cmExV3VtcRZwJDzfPl2dj7TlPoLRcpvWLFrEgU6QbuCfaN1EnR3PhQdC3vAzd5rIr9 UFi7+u+ef+wpsoKJKnHsrMstdonFkHGfre5i4090= X-Virus-Scanned: Debian amavisd-new at b2.tigertech.net Received: from Joels-MacBook-Pro.local (unknown [50.225.209.67]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mailb2.tigertech.net (Postfix) with ESMTPSA id 2F3111C0214 for ; Fri, 22 Sep 2017 08:17:33 -0700 (PDT) To: "sfc@ietf.org" From: "Joel M. Halpern" Message-ID: Date: Fri, 22 Sep 2017 11:17:32 -0400 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:52.0) Gecko/20100101 Thunderbird/52.3.0 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit Archived-At: Subject: [sfc] Adoption call for https://datatracker.ietf.org/doc/draft-guichard-sfc-nsh-dc-allocation/ X-BeenThere: sfc@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Network Service Chaining List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 Sep 2017 15:17:35 -0000 The authors of Network Service Header (NSH) MD Type 1: Context Header Allocation (Data Center): https://datatracker.ietf.org/doc/draft-guichard-sfc-nsh-dc-allocation/ Have requested working group adoption of this draft. The itnended status, as ntoed in the draft is Informational. Please speak up if you think this is, or is not, a good thing for the working group to adopt. Adoption in this case means it is a good basis for a working group produced informational RFC. While all feedback his helpful, comments pro or con with explanations are much more helpful than just "yes please" or "no thank you". Yours, Joel M. Halpern From nobody Fri Sep 22 08:18:17 2017 Return-Path: X-Original-To: sfc@ietf.org Delivered-To: sfc@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 0BEC61344B3; Fri, 22 Sep 2017 08:18:16 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: IETF Secretariat To: , , X-Test-IDTracker: no X-IETF-IDTracker: 6.62.1 Auto-Submitted: auto-generated Precedence: bulk Message-ID: <150609349604.16773.1371332042822787799.idtracker@ietfa.amsl.com> Date: Fri, 22 Sep 2017 08:18:16 -0700 Archived-At: Subject: [sfc] The SFC WG has placed draft-guichard-sfc-nsh-dc-allocation in state "Candidate for WG Adoption" X-BeenThere: sfc@ietf.org X-Mailman-Version: 2.1.22 List-Id: Network Service Chaining List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 Sep 2017 15:18:16 -0000 The SFC WG has placed draft-guichard-sfc-nsh-dc-allocation in state Candidate for WG Adoption (entered by Joel Halpern) The document is available at https://datatracker.ietf.org/doc/draft-guichard-sfc-nsh-dc-allocation/ Comment: Adoption has been requested by the authors. From nobody Fri Sep 22 08:19:48 2017 Return-Path: X-Original-To: sfc@ietf.org Delivered-To: sfc@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id E74B5132F69; Fri, 15 Sep 2017 12:55:16 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: Liaison Statement Management Tool To: "Jim Guichard" , "Joel M. Halpern" Cc: Alvaro Retana , hroh@tta.or.kr, Deborah Brungard , Joel Halpern , Scott Mansfield , jhbaek@kisa.or.kr, Service Function Chaining Discussion List , Alia Atlas , Jim Guichard , zhiyuan.1.hu@nokia-sbell.com, itu-t-liaison@iab.org X-Test-IDTracker: no X-IETF-IDTracker: 6.61.0 Auto-Submitted: auto-generated Precedence: bulk Message-ID: <150550531690.4846.1954917115901379472.idtracker@ietfa.amsl.com> Date: Fri, 15 Sep 2017 12:55:16 -0700 Archived-At: X-Mailman-Approved-At: Fri, 22 Sep 2017 08:19:45 -0700 Subject: [sfc] New Liaison Statement, "LS on ongoing ITU-T SG17 work on security aspects for software-defined networking" X-BeenThere: sfc@ietf.org X-Mailman-Version: 2.1.22 List-Id: Network Service Chaining List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 15 Sep 2017 19:55:17 -0000 Title: LS on ongoing ITU-T SG17 work on security aspects for software-defined networking Submission Date: 2017-09-15 URL of the IETF Web page: https://datatracker.ietf.org/liaison/1542/ Please reply by 2018-02-28 From: Xiaoya Yang To: Jim Guichard , Joel M. Halpern Cc: Alvaro Retana ,Deborah Brungard ,Joel Halpern ,Scott Mansfield ,Service Function Chaining Discussion List ,Alia Atlas ,Jim Guichard ,itu-t-liaison@iab.org Response Contacts: zhiyuan.1.hu@nokia-sbell.com, hroh@tta.or.kr, jhbaek@kisa.or.kr Technical Contacts: Purpose: For comment Body: ITU-T Study Group 17 is pleased to inform you of the progress of SDN security works in its Q2/17 and Q6/17. We have been developing two SDN-related draft Recommendations: X.sdnsec-1, Security services using SDN, and X.sdnsec-3, Security guideline of Service Function Chain based on SDN. We have also created two new work items: X.ssc, Security Service Chain Architecture and X.srnv, Security requirements of Network Virtualization. Details are found in Appendix below. In the spirit of our continuous and ongoing collaboration, we look forward to your feedback and further collaboration. Attachments: 1. Revised text of draft Recommendation X.sdnsec-1, Security services using SDN (TD768). 2. The first version of draft Recommendation X.sdnsec-3, Security guideline of Service Function Chain based on SDN (TD728). 3. New work item draft Recommendation X.ssc, Security Service Chain Architecture (TD668). 4. New work item draft Recommendation X.srnv, Security Requirements of Network Virtualization (TD674). Attachments: sp16-sg17-oLS-00061 https://www.ietf.org/lib/dt/documents/LIAISON/liaison-2017-09-15-itu-t-sg-17-sfc-ls-on-ongoing-itu-t-sg17-work-on-security-aspects-for-software-defined-networking-attachment-1.pdf sp16-sg17-oLS-00061att1 https://www.ietf.org/lib/dt/documents/LIAISON/liaison-2017-09-15-itu-t-sg-17-sfc-ls-on-ongoing-itu-t-sg17-work-on-security-aspects-for-software-defined-networking-attachment-2.pdf sp16-sg17-oLS-00061att2 https://www.ietf.org/lib/dt/documents/LIAISON/liaison-2017-09-15-itu-t-sg-17-sfc-ls-on-ongoing-itu-t-sg17-work-on-security-aspects-for-software-defined-networking-attachment-3.pdf sp16-sg17-oLS-00061att3 https://www.ietf.org/lib/dt/documents/LIAISON/liaison-2017-09-15-itu-t-sg-17-sfc-ls-on-ongoing-itu-t-sg17-work-on-security-aspects-for-software-defined-networking-attachment-4.pdf sp16-sg17-oLS-00061att4 https://www.ietf.org/lib/dt/documents/LIAISON/liaison-2017-09-15-itu-t-sg-17-sfc-ls-on-ongoing-itu-t-sg17-work-on-security-aspects-for-software-defined-networking-attachment-5.pdf From nobody Fri Sep 22 08:20:06 2017 Return-Path: X-Original-To: sfc@ietfa.amsl.com Delivered-To: sfc@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 232CB1344B1 for ; Fri, 22 Sep 2017 08:20:04 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.701 X-Spam-Level: X-Spam-Status: No, score=-2.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=joelhalpern.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OYCehKqCW52Z for ; Fri, 22 Sep 2017 08:19:59 -0700 (PDT) Received: from mailb2.tigertech.net (mailb2.tigertech.net [208.80.4.154]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AC67F1344A6 for ; Fri, 22 Sep 2017 08:19:59 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by mailb2.tigertech.net (Postfix) with ESMTP id 94D671C0692 for ; Fri, 22 Sep 2017 08:19:59 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=joelhalpern.com; s=1.tigertech; t=1506093599; bh=VOWlmT8PMrdJofITK/RnFH2C75M1N8bNcnHoqJihKCU=; h=Subject:From:To:References:Date:In-Reply-To:From; b=mTtDFpvwtvcDQmIS7H1pmCXRBwPP7eFvMj86N5j3Q0VjqEsUsuOe1XM/mXCM7obBi F5frpBN28GZ2ImS0j1ZpbpacrY/Eq+MsDgZuyk1QOvrriSMqjG4JZBlyKbllU15Lt+ Y4odg+vgab42xiVctUEcEYqKAuRTTqScrhk99Q18= X-Virus-Scanned: Debian amavisd-new at b2.tigertech.net Received: from Joels-MacBook-Pro.local (unknown [50.225.209.67]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mailb2.tigertech.net (Postfix) with ESMTPSA id 1EB0B3E3207 for ; Fri, 22 Sep 2017 08:19:59 -0700 (PDT) From: "Joel M. Halpern" To: "sfc@ietf.org" References: Message-ID: <584c2f8b-5d05-a908-698e-1a4487fd6961@joelhalpern.com> Date: Fri, 22 Sep 2017 11:19:58 -0400 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:52.0) Gecko/20100101 Thunderbird/52.3.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 8bit Archived-At: Subject: Re: [sfc] Adoption call for https://datatracker.ietf.org/doc/draft-guichard-sfc-nsh-dc-allocation/ X-BeenThere: sfc@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Network Service Chaining List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 Sep 2017 15:20:04 -0000 And when I went to update the tool, I realized I had left out one important item. The expectation is that we will complete this call on October 6. Thank you, Joel On 9/22/17 11:17 AM, Joel M. Halpern wrote: > The authors of Network Service Header (NSH) MD Type 1: Context Header > Allocation (Data Center): > > https://datatracker.ietf.org/doc/draft-guichard-sfc-nsh-dc-allocation/ > > Have requested working group adoption of this draft.  The itnended > status, as ntoed in the draft is Informational. > > Please speak up if you think this is, or is not, a good thing for the > working group to adopt.  Adoption in this case means it is a good basis > for a working group produced informational RFC. > > While all feedback his helpful, comments pro or con with explanations > are much more helpful than just "yes please" or "no thank you". > > Yours, > Joel M. Halpern > > _______________________________________________ > sfc mailing list > sfc@ietf.org > https://www.ietf.org/mailman/listinfo/sfc > From nobody Fri Sep 22 09:02:43 2017 Return-Path: X-Original-To: sfc@ietfa.amsl.com Delivered-To: sfc@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 65F9113450F for ; Fri, 22 Sep 2017 09:02:41 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.699 X-Spam-Level: X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Q0XyhsZbPTU3 for ; Fri, 22 Sep 2017 09:02:39 -0700 (PDT) Received: from mail-lf0-x22d.google.com (mail-lf0-x22d.google.com [IPv6:2a00:1450:4010:c07::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4AB82134503 for ; Fri, 22 Sep 2017 09:02:39 -0700 (PDT) Received: by mail-lf0-x22d.google.com with SMTP id q132so1581384lfe.5 for ; Fri, 22 Sep 2017 09:02:39 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to; bh=iLJpkAWwzpHcnzysx4BRCAjMCicwjuAO/5/fuRgj/x0=; b=HATh0/Oj3QcXYtAYLmnh7OvXEOfppwLOZ/nzr3wWjUi/vjruQItkYqu8ft7mZMuVjs QN4lZ+bX3vpxOgMF1T1WoSFtQr2evmFzgvsthDJpvJr/eemCewq06Hq1PAF4BPGhHNmt 8AqxJX+xz+MxQmeXT5Hm3h3DDmpowR4mIJeqEZTEK/BfwMMLLzMd0GJ7H4m/7XqOLXvC SVIx3Sbf7JcriYrpyB4Hw1/sBUbRSwe6juSclO9XBbe/Ujf2PNmDbW+Tnm71uynpHTeS X2PF4rtYCMQNz1yCUFO4ApZ7jLawC2NNaVqbzrEfqm9HbviWh8P6TDtrPKpWtw77kld/ nrEA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to; bh=iLJpkAWwzpHcnzysx4BRCAjMCicwjuAO/5/fuRgj/x0=; b=fabi8fppDwoa+kfuOfFj7k2NEWk5lHdmnlDozUXMeALEjlwCDQvNsG2E5qcKqdCWDh 6RwjJdt7tvwh+GNvR9qqLSQGG7t+Wf/+qb+olx2bCY4iu/X4JPbZ/Hp7W++3kvyYY4Y4 w4H/5MtfqpCrVDXCCa4cpB0WjOx+DB7I+z0dRP5zjActVmRE4PbhXRFyI+FZ5m1gzYHl aMw9+BIbf+cyeE0d8Q34lp97H71QSkc8upN1o8n54u2aDXb1tXDAwMKK4bZ4TLHR1z5N /plCLEzWQsQDmIdmxfUYOlrPhNHDZkwzJjhMriBBnFixdG2E7VhCtyJ/Q/Xn0L6ZTSp1 LrvQ== X-Gm-Message-State: AHPjjUi4BPEgdGDHayrzejwJ4JmQYnUHANeOhtVcA/dhUixTH2AxGs3m 8gmNbHILyam2LN8crLwkLUVZnj2mPDgbiKDRbv4= X-Google-Smtp-Source: AOwi7QBy/rdiRud1zaipdPix9YeoMQISzF0xu9Y2Hktuid+ss1wTlczgwfk5svgEzhx7eM+VLZgS6BIEceXEXlvhVR0= X-Received: by 10.25.205.149 with SMTP id d143mr2300006lfg.147.1506096157158; Fri, 22 Sep 2017 09:02:37 -0700 (PDT) MIME-Version: 1.0 Received: by 10.46.32.201 with HTTP; Fri, 22 Sep 2017 09:02:36 -0700 (PDT) In-Reply-To: <150609577476.16577.124000347763189618.idtracker@ietfa.amsl.com> References: <150609577476.16577.124000347763189618.idtracker@ietfa.amsl.com> From: Greg Mirsky Date: Fri, 22 Sep 2017 09:02:36 -0700 Message-ID: To: sfc@ietf.org Content-Type: multipart/alternative; boundary="001a1141219271f1210559c95611" Archived-At: Subject: [sfc] Fwd: New Version Notification for draft-wang-sfc-multi-layer-oam-10.txt X-BeenThere: sfc@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Network Service Chaining List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 Sep 2017 16:02:41 -0000 --001a1141219271f1210559c95611 Content-Type: text/plain; charset="UTF-8" Dear All, the new version of the draft includes the following changes: - clarify the scope being set on active OAM in SFC; - define encapsulation of active OAM into NSH; - add SFC echo request/reply control message; - define use of SFC echo request/reply without IP/UDP encapsulation. Appreciate your comments, questions. Regards, Greg ---------- Forwarded message ---------- From: Date: Fri, Sep 22, 2017 at 8:56 AM Subject: New Version Notification for draft-wang-sfc-multi-layer-oam-10.txt To: Bhumip Khasnabish , Gregory Mirsky < gregimirsky@gmail.com>, Wei Meng , "Cui(Linda) Wang" < lindawangjoy@gmail.com> A new version of I-D, draft-wang-sfc-multi-layer-oam-10.txt has been successfully submitted by Greg Mirsky and posted to the IETF repository. Name: draft-wang-sfc-multi-layer-oam Revision: 10 Title: Multi-Layer Active OAM for Service Function Chains in Networks Document date: 2017-09-21 Group: Individual Submission Pages: 16 URL: https://www.ietf.org/internet-drafts/draft-wang-sfc-multi- layer-oam-10.txt Status: https://datatracker.ietf.org/doc/draft-wang-sfc-multi- layer-oam/ Htmlized: https://tools.ietf.org/html/draft-wang-sfc-multi-layer- oam-10 Htmlized: https://datatracker.ietf.org/doc/html/draft-wang-sfc-multi- layer-oam-10 Diff: https://www.ietf.org/rfcdiff?url2=draft-wang-sfc-multi- layer-oam-10 Abstract: A multi-layer approach to the task of Operation, Administration and Maintenance (OAM) of Service Function Chains (SFCs) in networks is presented. Based on the requirements towards active OAM for SFC, a multi-layer model is introduced. A mechanism to detect and localize defects using the multi-layer model is also described. Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. The IETF Secretariat --001a1141219271f1210559c95611 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Dear All,
the new version of the draft includes the fo= llowing changes:
  • clarify the scope being set on active OA= M in SFC;
  • define encapsulation of active OAM into NSH;
  • add = SFC echo request/reply control message;
  • define use of SFC echo requ= est/reply without IP/UDP encapsulation.
Appreciate your comme= nts, questions.

Regards,
Greg
=
---------- Forwarded message ---------= -
From: <internet-drafts@ietf.org>
Date: Fri, Sep 22, 2017 at 8:56 AM
Subject: New Version Notificatio= n for draft-wang-sfc-multi-layer-oam-10.txt
To: Bhumip Khasnabish <bhumip.khasnabish@ztetx.com>, Gregory Mirsky <gregimir= sky@gmail.com>, Wei Meng <meng.wei2@zte.com.cn>, "Cui(Linda) Wang" <lindawangjoy@gmail.com>


A new version of I-D, draft-wang-sfc-multi-layer-oam-10.txt
has been successfully submitted by Greg Mirsky and posted to the
IETF repository.

Name:=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0draft-wang-sfc-multi-layer-oa= m
Revision:=C2=A0 =C2=A0 =C2=A0 =C2=A010
Title:=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 Multi-Layer Active OAM for Service= Function Chains in Networks
Document date:=C2=A0 2017-09-21
Group:=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 Individual Submission
Pages:=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 16
URL:=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 https://www.ietf.org/internet-drafts/draft-wang-sf= c-multi-layer-oam-10.txt
Status:=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0https://datatracker.ietf.org/doc/draft-wang-sfc-multi-layer-= oam/
Htmlized:=C2=A0 =C2=A0 =C2=A0 =C2=A0htt= ps://tools.ietf.org/html/draft-wang-sfc-multi-layer-oam-10 Htmlized:=C2=A0 =C2=A0 =C2=A0 =C2=A0https://datatracker.ietf.org/doc/html/draft-wang-sfc-multi-layer-oam-10
Diff:=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0https://www.ietf.org/rfcdiff?url2=3Ddraft-wang-sfc-mult= i-layer-oam-10

Abstract:
=C2=A0 =C2=A0A multi-layer approach to the task of Operation, Administratio= n and
=C2=A0 =C2=A0Maintenance (OAM) of Service Function Chains (SFCs) in network= s is
=C2=A0 =C2=A0presented.=C2=A0 Based on the requirements towards active OAM = for SFC, a
=C2=A0 =C2=A0multi-layer model is introduced.=C2=A0 A mechanism to detect a= nd localize
=C2=A0 =C2=A0defects using the multi-layer model is also described.




Please note that it may take a couple of minutes from the time of submissio= n
until the htmlized version and diff are available at tools.ietf.org.

The IETF Secretariat


--001a1141219271f1210559c95611-- From nobody Fri Sep 22 10:22:41 2017 Return-Path: X-Original-To: sfc@ietfa.amsl.com Delivered-To: sfc@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BC14C134554 for ; Fri, 22 Sep 2017 10:22:39 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.699 X-Spam-Level: X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id s4fDpjM7e09H for ; Fri, 22 Sep 2017 10:22:38 -0700 (PDT) Received: from mail-io0-x22a.google.com (mail-io0-x22a.google.com [IPv6:2607:f8b0:4001:c06::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4F3F313452A for ; Fri, 22 Sep 2017 10:22:38 -0700 (PDT) Received: by mail-io0-x22a.google.com with SMTP id v36so4620316ioi.1 for ; Fri, 22 Sep 2017 10:22:38 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=JlK0ApWEDoDzQfIq6B6JaJEFall3n0gUUBi4e3XF+mg=; b=GdwZ5cG+TaWPrF2J3gpGZEGr74uDnLiwMffSbAKgQ/BLu4YX7wq1cWs/AxmSrrTRi6 5NHyaEYRXk/IsQG+XNZDwpbfsGYpJeLJWgfZL8T/ChxIBt81/dX0dqdIhjG3s5Zjg/Dw t3THK8TB9EGbo7Ylil/KhE7tSjbtBCLYNanpXb7LYW5H/YgEtJFEoKwDJj6HXemNcD3w cnPmv3o+9ZrkNMe636gClQXlM6FTMkN+vMLPwdqCx0wXwtSwluhq3E39TgDhFkt3HFLp PhMSxKrT4X8M404S83JdYwtWAPX6uVVlOv0C5MwV67pfUxZmCMfM+6CcZAYvNklw/EXo CUgw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=JlK0ApWEDoDzQfIq6B6JaJEFall3n0gUUBi4e3XF+mg=; b=WJQCVgnxU9N+VNta8Ym0dt47hWD8qNWPnD8sxwuVHg5q4PuDiUdNU0RiqZZGF5MvOe knIviubhS2Gp6Q8SjnwzQdOeLBW1G3etaqxVEAzpmfMfDPaQfWQdJ4ZnzqeIJ8vIqi35 a9WLw0Q78HsSAlzLyyPcZEbms/qGQUtLRizmrjdJzJ0PzHy9ECShbOkSG5JZP0Bb3RvG 4VH1q/wVKnGPQKUKNGxA8I01Ta+yyXdOVaF82qFT2lzVZuA5/JabxGgeaiQ5jq4xAKf9 /Vv0KgNvrdA5/fjlMt0akVMxa3Ew6O9Eux5tjtMtUI9pfS/NnMhxlNzblt6dKr8OVLVl vHzA== X-Gm-Message-State: AHPjjUg7bq4Z2GbAOMlp2S1Z6SkBJZm0YY9RQNTyFayZ8WTkCRWLnqOy J787iwAQiJdG7+C+nL1s2Ezxrk0+rGeh/IXtavDMnA== X-Google-Smtp-Source: AOwi7QDdVAOfaEIMllfE9eOdT1I7QrJG+zq30DbRRqY3KEv1HS5A1VBLkoLh15IvHlO7pXqBZO3XgPEiM9i0PvI6Xs8= X-Received: by 10.202.173.203 with SMTP id w194mr7158582oie.4.1506100957558; Fri, 22 Sep 2017 10:22:37 -0700 (PDT) MIME-Version: 1.0 Received: by 10.202.84.21 with HTTP; Fri, 22 Sep 2017 10:22:16 -0700 (PDT) In-Reply-To: References: From: "Andrew G. Malis" Date: Fri, 22 Sep 2017 13:22:16 -0400 Message-ID: To: "Joel M. Halpern" Cc: "sfc@ietf.org" Content-Type: multipart/alternative; boundary="001a113cf59c923cc70559ca745c" Archived-At: Subject: Re: [sfc] Adoption call for https://datatracker.ietf.org/doc/draft-guichard-sfc-nsh-dc-allocation/ X-BeenThere: sfc@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Network Service Chaining List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 Sep 2017 17:22:40 -0000 --001a113cf59c923cc70559ca745c Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Joel, I support adoption, it=E2=80=99s important to have a document that describe= s a recommended use for the metadata field in the NSH. My only comment is with the terminology "recommended default allocation=E2= =80=9D. The allocation can be the default, which means it=E2=80=99s the usual alloc= ation but can be changed if necessary. or it can be recommended, which basically means the same, but =E2=80=9Crecommended default=E2=80=9D seems to be redun= dant. This can be addressed following adoption. Cheers, Andy On Fri, Sep 22, 2017 at 11:17 AM, Joel M. Halpern wrote: > The authors of Network Service Header (NSH) MD Type 1: Context Header > Allocation (Data Center): > > https://datatracker.ietf.org/doc/draft-guichard-sfc-nsh-dc-allocation/ > > Have requested working group adoption of this draft. The itnended status= , > as ntoed in the draft is Informational. > > Please speak up if you think this is, or is not, a good thing for the > working group to adopt. Adoption in this case means it is a good basis f= or > a working group produced informational RFC. > > While all feedback his helpful, comments pro or con with explanations are > much more helpful than just "yes please" or "no thank you". > > Yours, > Joel M. Halpern > > _______________________________________________ > sfc mailing list > sfc@ietf.org > https://www.ietf.org/mailman/listinfo/sfc > --001a113cf59c923cc70559ca745c Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Joel,

I support adoption, it=E2=80=99s = important to have a document that describes a recommended use for the metad= ata field in the NSH.

My only comment is with the = terminology "recommended default allocation=E2=80=9D. The allocation c= an be the default, which means it=E2=80=99s the usual allocation but can be= changed if necessary. or it can be recommended, which basically means the = same, but =E2=80=9Crecommended default=E2=80=9D seems to be redundant.=C2= =A0 This can be addressed following adoption.

Chee= rs,
Andy

On Fri, Sep 22, 2017 at 11:17 AM, Joel M. Halpe= rn <jmh@joelhalpern.com> wrote:
The authors of Network Service Header (NSH) MD Type 1: Context Head= er Allocation (Data Center):

https://datatracker.ietf.org/d= oc/draft-guichard-sfc-nsh-dc-allocation/

Have requested working group adoption of this draft.=C2=A0 The itnended sta= tus, as ntoed in the draft is Informational.

Please speak up if you think this is, or is not, a good thing for the worki= ng group to adopt.=C2=A0 Adoption in this case means it is a good basis for= a working group produced informational RFC.

While all feedback his helpful, comments pro or con with explanations are m= uch more helpful than just "yes please" or "no thank you&quo= t;.

Yours,
Joel M. Halpern

_______________________________________________
sfc mailing list
sfc@ietf.org
https://www.ietf.org/mailman/listinfo/sfc

--001a113cf59c923cc70559ca745c-- From nobody Fri Sep 22 11:47:53 2017 Return-Path: X-Original-To: sfc@ietf.org Delivered-To: sfc@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id AF73413459F; Fri, 22 Sep 2017 11:47:45 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: internet-drafts@ietf.org To: Cc: sfc@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 6.62.1 Auto-Submitted: auto-generated Precedence: bulk Message-ID: <150610606566.16821.14068363788976561118@ietfa.amsl.com> Date: Fri, 22 Sep 2017 11:47:45 -0700 Archived-At: Subject: [sfc] I-D Action: draft-ietf-sfc-nsh-22.txt X-BeenThere: sfc@ietf.org X-Mailman-Version: 2.1.22 List-Id: Network Service Chaining List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 Sep 2017 18:47:46 -0000 A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Service Function Chaining WG of the IETF. Title : Network Service Header (NSH) Authors : Paul Quinn Uri Elzur Carlos Pignataro Filename : draft-ietf-sfc-nsh-22.txt Pages : 34 Date : 2017-09-22 Abstract: This document describes a Network Service Header (NSH) imposed on packets or frames to realize service function paths. The NSH also provides a mechanism for metadata exchange along the instantiated service paths. The NSH is the SFC encapsulation required to support the Service Function Chaining (SFC) architecture (defined in RFC7665). The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-sfc-nsh/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-sfc-nsh-22 https://datatracker.ietf.org/doc/html/draft-ietf-sfc-nsh-22 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-sfc-nsh-22 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ From nobody Fri Sep 22 12:00:04 2017 Return-Path: X-Original-To: sfc@ietfa.amsl.com Delivered-To: sfc@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1471C134597 for ; Fri, 22 Sep 2017 12:00:03 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -14.52 X-Spam-Level: X-Spam-Status: No, score=-14.52 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EE3fCkDzJiy9 for ; Fri, 22 Sep 2017 12:00:01 -0700 (PDT) Received: from alln-iport-1.cisco.com (alln-iport-1.cisco.com [173.37.142.88]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CB8FA124207 for ; Fri, 22 Sep 2017 12:00:00 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=9576; q=dns/txt; s=iport; t=1506106800; x=1507316400; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=7LI7eK2wJvGs8KgPCSY5Ma2OnP/ooD8KA9tvRzESQzk=; b=KXYF7NoNxt/eLyJ8v06FkMazu235X4pX98muVVTuil2aUvMK/xovWsZU HgGEBwIsv8/a/LmZ73SYc9qmv+3aX2ALoMMkE5QREzRAWoZUDRUvFU305 gpMsyHo3h95aToHgZaVnzLOfGCyqZqL/1Y0+tys+SJTBuOydtL2M7bH6u A=; X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0C7AQAAXcVZ/4MNJK1cGQEBAQEBAQEBA?= =?us-ascii?q?QEBBwEBAQEBg1pkbicHg2+aG4FSkQyHUAoYAQqFGAIahApXAQIBAQEBAQJrKIU?= =?us-ascii?q?ZAgEDAQEhSAMLEAIBCBItAwICAiULFAMOAgQOBYlPZBCnCoInixcBAQEBAQEBA?= =?us-ascii?q?QEBAQEBAQEBAQEBAQEdgyuCAoFRgg8LgnKDKYIQglUvgjEFmEqITQKHW4x/ghN?= =?us-ascii?q?bhROJOIFLlRcCERkBgTgBV4EOeBUfKhIBhwp2iRuBEAEBAQ?= X-IronPort-AV: E=Sophos;i="5.42,427,1500940800"; d="scan'208,217";a="7365610" Received: from alln-core-1.cisco.com ([173.36.13.131]) by alln-iport-1.cisco.com with ESMTP/TLS/DHE-RSA-AES256-SHA; 22 Sep 2017 19:00:00 +0000 Received: from XCH-RTP-017.cisco.com (xch-rtp-017.cisco.com [64.101.220.157]) by alln-core-1.cisco.com (8.14.5/8.14.5) with ESMTP id v8MIxxi5008400 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Fri, 22 Sep 2017 18:59:59 GMT Received: from xch-rtp-020.cisco.com (64.101.220.160) by XCH-RTP-017.cisco.com (64.101.220.157) with Microsoft SMTP Server (TLS) id 15.0.1263.5; Fri, 22 Sep 2017 14:59:59 -0400 Received: from xch-rtp-020.cisco.com ([64.101.220.160]) by XCH-RTP-020.cisco.com ([64.101.220.160]) with mapi id 15.00.1263.000; Fri, 22 Sep 2017 14:59:59 -0400 From: "Carlos Pignataro (cpignata)" To: Service Function Chaining IETF list CC: Alia Atlas , Kathleen Moriarty Thread-Topic: [sfc] I-D Action: draft-ietf-sfc-nsh-22.txt Thread-Index: AQHTM9NjkmJ37Ca8xk21qPCm787NLaLBhVgA Date: Fri, 22 Sep 2017 18:59:58 +0000 Message-ID: References: <150610606566.16821.14068363788976561118@ietfa.amsl.com> In-Reply-To: <150610606566.16821.14068363788976561118@ietfa.amsl.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-exchange-messagesentrepresentingtype: 1 x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [10.118.116.133] Content-Type: multipart/alternative; boundary="_000_D4864131FA804529881B23A0C6AE732Cciscocom_" MIME-Version: 1.0 Archived-At: Subject: Re: [sfc] I-D Action: draft-ietf-sfc-nsh-22.txt X-BeenThere: sfc@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Network Service Chaining List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 Sep 2017 19:00:03 -0000 --_000_D4864131FA804529881B23A0C6AE732Cciscocom_ Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 SGksIFNGQywgQWxpYSwgS2F0aGxlZW4sDQoNClRoaXMgbmV3IHJldmlzaW9uIGFkZHJlc3NlczoN CiogQ29tbWVudHMgZnJvbSBLYXRobGVlbiBhbmQgZHJhbWF0aWNhbGx5IGNsZWFucyB1cCBieSBu b3JtYWxpemluZyB0aGUgInRyYW5zcG9ydCBlbmNhcHN1bGF0aW9u4oCdIG5vbWVuY2xhdHVyZS4N CiogUGVuZGluZyBpc3N1ZXMgZnJvbSBBbGlhLCBpbmNsdWRpbmcgRXhwZXJ0IFJldmlldyBndWlk YW5jZS4NCg0KUGxlYXNlIHJldmlldy4NCg0KVGhhbmtzLA0KDQrigJQNCkNhcmxvcyBQaWduYXRh cm8NCg0KT24gU2VwIDIyLCAyMDE3LCBhdCAyOjQ3IFBNLCBpbnRlcm5ldC1kcmFmdHNAaWV0Zi5v cmc8bWFpbHRvOmludGVybmV0LWRyYWZ0c0BpZXRmLm9yZz4gd3JvdGU6DQoNCg0KQSBOZXcgSW50 ZXJuZXQtRHJhZnQgaXMgYXZhaWxhYmxlIGZyb20gdGhlIG9uLWxpbmUgSW50ZXJuZXQtRHJhZnRz IGRpcmVjdG9yaWVzLg0KVGhpcyBkcmFmdCBpcyBhIHdvcmsgaXRlbSBvZiB0aGUgU2VydmljZSBG dW5jdGlvbiBDaGFpbmluZyBXRyBvZiB0aGUgSUVURi4NCg0KICAgICAgIFRpdGxlICAgICAgICAg ICA6IE5ldHdvcmsgU2VydmljZSBIZWFkZXIgKE5TSCkNCiAgICAgICBBdXRob3JzICAgICAgICAg OiBQYXVsIFF1aW5uDQogICAgICAgICAgICAgICAgICAgICAgICAgVXJpIEVsenVyDQogICAgICAg ICAgICAgICAgICAgICAgICAgQ2FybG9zIFBpZ25hdGFybw0KRmlsZW5hbWUgICAgICAgIDogZHJh ZnQtaWV0Zi1zZmMtbnNoLTIyLnR4dA0KUGFnZXMgICAgICAgICAgIDogMzQNCkRhdGUgICAgICAg ICAgICA6IDIwMTctMDktMjINCg0KQWJzdHJhY3Q6DQogIFRoaXMgZG9jdW1lbnQgZGVzY3JpYmVz IGEgTmV0d29yayBTZXJ2aWNlIEhlYWRlciAoTlNIKSBpbXBvc2VkIG9uDQogIHBhY2tldHMgb3Ig ZnJhbWVzIHRvIHJlYWxpemUgc2VydmljZSBmdW5jdGlvbiBwYXRocy4gIFRoZSBOU0ggYWxzbw0K ICBwcm92aWRlcyBhIG1lY2hhbmlzbSBmb3IgbWV0YWRhdGEgZXhjaGFuZ2UgYWxvbmcgdGhlIGlu c3RhbnRpYXRlZA0KICBzZXJ2aWNlIHBhdGhzLiAgVGhlIE5TSCBpcyB0aGUgU0ZDIGVuY2Fwc3Vs YXRpb24gcmVxdWlyZWQgdG8gc3VwcG9ydA0KICB0aGUgU2VydmljZSBGdW5jdGlvbiBDaGFpbmlu ZyAoU0ZDKSBhcmNoaXRlY3R1cmUgKGRlZmluZWQgaW4NCiAgUkZDNzY2NSkuDQoNCg0KVGhlIElF VEYgZGF0YXRyYWNrZXIgc3RhdHVzIHBhZ2UgZm9yIHRoaXMgZHJhZnQgaXM6DQpodHRwczovL2Rh dGF0cmFja2VyLmlldGYub3JnL2RvYy9kcmFmdC1pZXRmLXNmYy1uc2gvDQoNClRoZXJlIGFyZSBh bHNvIGh0bWxpemVkIHZlcnNpb25zIGF2YWlsYWJsZSBhdDoNCmh0dHBzOi8vdG9vbHMuaWV0Zi5v cmcvaHRtbC9kcmFmdC1pZXRmLXNmYy1uc2gtMjINCmh0dHBzOi8vZGF0YXRyYWNrZXIuaWV0Zi5v cmcvZG9jL2h0bWwvZHJhZnQtaWV0Zi1zZmMtbnNoLTIyDQoNCkEgZGlmZiBmcm9tIHRoZSBwcmV2 aW91cyB2ZXJzaW9uIGlzIGF2YWlsYWJsZSBhdDoNCmh0dHBzOi8vd3d3LmlldGYub3JnL3JmY2Rp ZmY/dXJsMj1kcmFmdC1pZXRmLXNmYy1uc2gtMjINCg0KDQpQbGVhc2Ugbm90ZSB0aGF0IGl0IG1h eSB0YWtlIGEgY291cGxlIG9mIG1pbnV0ZXMgZnJvbSB0aGUgdGltZSBvZiBzdWJtaXNzaW9uDQp1 bnRpbCB0aGUgaHRtbGl6ZWQgdmVyc2lvbiBhbmQgZGlmZiBhcmUgYXZhaWxhYmxlIGF0IHRvb2xz LmlldGYub3JnLg0KDQpJbnRlcm5ldC1EcmFmdHMgYXJlIGFsc28gYXZhaWxhYmxlIGJ5IGFub255 bW91cyBGVFAgYXQ6DQpmdHA6Ly9mdHAuaWV0Zi5vcmcvaW50ZXJuZXQtZHJhZnRzLw0KDQpfX19f X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fXw0Kc2ZjIG1haWxpbmcg bGlzdA0Kc2ZjQGlldGYub3JnDQpodHRwczovL3d3dy5pZXRmLm9yZy9tYWlsbWFuL2xpc3RpbmZv L3NmYw0KDQo= --_000_D4864131FA804529881B23A0C6AE732Cciscocom_ Content-Type: text/html; charset="utf-8" Content-ID: <295F8B213342274484E5665B729C2BD5@emea.cisco.com> Content-Transfer-Encoding: base64 PGh0bWw+DQo8aGVhZD4NCjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIgY29udGVudD0i dGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Ij4NCjwvaGVhZD4NCjxib2R5IHN0eWxlPSJ3b3JkLXdy YXA6IGJyZWFrLXdvcmQ7IC13ZWJraXQtbmJzcC1tb2RlOiBzcGFjZTsgLXdlYmtpdC1saW5lLWJy ZWFrOiBhZnRlci13aGl0ZS1zcGFjZTsiIGNsYXNzPSIiPg0KSGksIFNGQywgQWxpYSwgS2F0aGxl ZW4sDQo8ZGl2IGNsYXNzPSIiPjxiciBjbGFzcz0iIj4NCjwvZGl2Pg0KPGRpdiBjbGFzcz0iIj5U aGlzIG5ldyByZXZpc2lvbiBhZGRyZXNzZXM6PC9kaXY+DQo8ZGl2IGNsYXNzPSIiPiogQ29tbWVu dHMgZnJvbSBLYXRobGVlbiBhbmQgZHJhbWF0aWNhbGx5IGNsZWFucyB1cCBieSBub3JtYWxpemlu ZyB0aGUgJnF1b3Q7dHJhbnNwb3J0IGVuY2Fwc3VsYXRpb27igJ0gbm9tZW5jbGF0dXJlLjwvZGl2 Pg0KPGRpdiBjbGFzcz0iIj4qIFBlbmRpbmcgaXNzdWVzIGZyb20gQWxpYSwgaW5jbHVkaW5nIEV4 cGVydCBSZXZpZXcgZ3VpZGFuY2UuPC9kaXY+DQo8ZGl2IGNsYXNzPSIiPjxiciBjbGFzcz0iIj4N CjwvZGl2Pg0KPGRpdiBjbGFzcz0iIj5QbGVhc2UgcmV2aWV3LjwvZGl2Pg0KPGRpdiBjbGFzcz0i Ij48YnIgY2xhc3M9IiI+DQo8L2Rpdj4NCjxkaXYgY2xhc3M9IiI+VGhhbmtzLDwvZGl2Pg0KPGRp diBjbGFzcz0iIj48YnIgY2xhc3M9IiI+DQo8ZGl2IGNsYXNzPSIiPg0KPGRpdiBzdHlsZT0iY29s b3I6IHJnYigwLCAwLCAwKTsgbGV0dGVyLXNwYWNpbmc6IG5vcm1hbDsgdGV4dC1hbGlnbjogc3Rh cnQ7IHRleHQtaW5kZW50OiAwcHg7IHRleHQtdHJhbnNmb3JtOiBub25lOyB3aGl0ZS1zcGFjZTog bm9ybWFsOyB3b3JkLXNwYWNpbmc6IDBweDsgLXdlYmtpdC10ZXh0LXN0cm9rZS13aWR0aDogMHB4 OyB3b3JkLXdyYXA6IGJyZWFrLXdvcmQ7IC13ZWJraXQtbmJzcC1tb2RlOiBzcGFjZTsgLXdlYmtp dC1saW5lLWJyZWFrOiBhZnRlci13aGl0ZS1zcGFjZTsiIGNsYXNzPSIiPg0K4oCUPGJyIGNsYXNz PSIiPg0KQ2FybG9zIFBpZ25hdGFybzxiciBjbGFzcz0iIj4NCjwvZGl2Pg0KPGRpdiBzdHlsZT0i Y29sb3I6IHJnYigwLCAwLCAwKTsgbGV0dGVyLXNwYWNpbmc6IG5vcm1hbDsgdGV4dC1hbGlnbjog c3RhcnQ7IHRleHQtaW5kZW50OiAwcHg7IHRleHQtdHJhbnNmb3JtOiBub25lOyB3aGl0ZS1zcGFj ZTogbm9ybWFsOyB3b3JkLXNwYWNpbmc6IDBweDsgLXdlYmtpdC10ZXh0LXN0cm9rZS13aWR0aDog MHB4OyB3b3JkLXdyYXA6IGJyZWFrLXdvcmQ7IC13ZWJraXQtbmJzcC1tb2RlOiBzcGFjZTsgLXdl YmtpdC1saW5lLWJyZWFrOiBhZnRlci13aGl0ZS1zcGFjZTsiIGNsYXNzPSIiPg0KPGJyIGNsYXNz PSIiPg0KPC9kaXY+DQo8L2Rpdj4NCjxkaXY+DQo8YmxvY2txdW90ZSB0eXBlPSJjaXRlIiBjbGFz cz0iIj4NCjxkaXYgY2xhc3M9IiI+T24gU2VwIDIyLCAyMDE3LCBhdCAyOjQ3IFBNLCA8YSBocmVm PSJtYWlsdG86aW50ZXJuZXQtZHJhZnRzQGlldGYub3JnIiBjbGFzcz0iIj4NCmludGVybmV0LWRy YWZ0c0BpZXRmLm9yZzwvYT4gd3JvdGU6PC9kaXY+DQo8YnIgY2xhc3M9IkFwcGxlLWludGVyY2hh bmdlLW5ld2xpbmUiPg0KPGRpdiBjbGFzcz0iIj4NCjxkaXYgY2xhc3M9IiI+PGJyIGNsYXNzPSIi Pg0KQSBOZXcgSW50ZXJuZXQtRHJhZnQgaXMgYXZhaWxhYmxlIGZyb20gdGhlIG9uLWxpbmUgSW50 ZXJuZXQtRHJhZnRzIGRpcmVjdG9yaWVzLjxiciBjbGFzcz0iIj4NClRoaXMgZHJhZnQgaXMgYSB3 b3JrIGl0ZW0gb2YgdGhlIFNlcnZpY2UgRnVuY3Rpb24gQ2hhaW5pbmcgV0cgb2YgdGhlIElFVEYu PGJyIGNsYXNzPSIiPg0KPGJyIGNsYXNzPSIiPg0KJm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5i c3A7Jm5ic3A7Jm5ic3A7VGl0bGUgJm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7 Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7OiBOZXR3b3JrIFNlcnZpY2UgSGVhZGVyIChOU0gpPGJy IGNsYXNzPSIiPg0KJm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7QXV0 aG9ycyAmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDs6IFBh dWwgUXVpbm48YnIgY2xhc3M9IiI+DQombmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJz cDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsm bmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJz cDtVcmkgRWx6dXI8YnIgY2xhc3M9IiI+DQombmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsm bmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJz cDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsm bmJzcDtDYXJsb3MgUGlnbmF0YXJvPGJyIGNsYXNzPSIiPg0KPHNwYW4gY2xhc3M9IkFwcGxlLXRh Yi1zcGFuIiBzdHlsZT0id2hpdGUtc3BhY2U6cHJlIj48L3NwYW4+RmlsZW5hbWUgJm5ic3A7Jm5i c3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7OiBkcmFmdC1pZXRmLXNmYy1uc2gtMjIu dHh0PGJyIGNsYXNzPSIiPg0KPHNwYW4gY2xhc3M9IkFwcGxlLXRhYi1zcGFuIiBzdHlsZT0id2hp dGUtc3BhY2U6cHJlIj48L3NwYW4+UGFnZXMgJm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7 Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7OiAzNDxiciBjbGFzcz0iIj4NCjxzcGFuIGNs YXNzPSJBcHBsZS10YWItc3BhbiIgc3R5bGU9IndoaXRlLXNwYWNlOnByZSI+PC9zcGFuPkRhdGUg Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5i c3A7Jm5ic3A7OiAyMDE3LTA5LTIyPGJyIGNsYXNzPSIiPg0KPGJyIGNsYXNzPSIiPg0KQWJzdHJh Y3Q6PGJyIGNsYXNzPSIiPg0KJm5ic3A7Jm5ic3A7VGhpcyBkb2N1bWVudCBkZXNjcmliZXMgYSBO ZXR3b3JrIFNlcnZpY2UgSGVhZGVyIChOU0gpIGltcG9zZWQgb248YnIgY2xhc3M9IiI+DQombmJz cDsmbmJzcDtwYWNrZXRzIG9yIGZyYW1lcyB0byByZWFsaXplIHNlcnZpY2UgZnVuY3Rpb24gcGF0 aHMuICZuYnNwO1RoZSBOU0ggYWxzbzxiciBjbGFzcz0iIj4NCiZuYnNwOyZuYnNwO3Byb3ZpZGVz IGEgbWVjaGFuaXNtIGZvciBtZXRhZGF0YSBleGNoYW5nZSBhbG9uZyB0aGUgaW5zdGFudGlhdGVk PGJyIGNsYXNzPSIiPg0KJm5ic3A7Jm5ic3A7c2VydmljZSBwYXRocy4gJm5ic3A7VGhlIE5TSCBp cyB0aGUgU0ZDIGVuY2Fwc3VsYXRpb24gcmVxdWlyZWQgdG8gc3VwcG9ydDxiciBjbGFzcz0iIj4N CiZuYnNwOyZuYnNwO3RoZSBTZXJ2aWNlIEZ1bmN0aW9uIENoYWluaW5nIChTRkMpIGFyY2hpdGVj dHVyZSAoZGVmaW5lZCBpbjxiciBjbGFzcz0iIj4NCiZuYnNwOyZuYnNwO1JGQzc2NjUpLjxiciBj bGFzcz0iIj4NCjxiciBjbGFzcz0iIj4NCjxiciBjbGFzcz0iIj4NClRoZSBJRVRGIGRhdGF0cmFj a2VyIHN0YXR1cyBwYWdlIGZvciB0aGlzIGRyYWZ0IGlzOjxiciBjbGFzcz0iIj4NCjxhIGhyZWY9 Imh0dHBzOi8vZGF0YXRyYWNrZXIuaWV0Zi5vcmcvZG9jL2RyYWZ0LWlldGYtc2ZjLW5zaC8iIGNs YXNzPSIiPmh0dHBzOi8vZGF0YXRyYWNrZXIuaWV0Zi5vcmcvZG9jL2RyYWZ0LWlldGYtc2ZjLW5z aC88L2E+PGJyIGNsYXNzPSIiPg0KPGJyIGNsYXNzPSIiPg0KVGhlcmUgYXJlIGFsc28gaHRtbGl6 ZWQgdmVyc2lvbnMgYXZhaWxhYmxlIGF0OjxiciBjbGFzcz0iIj4NCjxhIGhyZWY9Imh0dHBzOi8v dG9vbHMuaWV0Zi5vcmcvaHRtbC9kcmFmdC1pZXRmLXNmYy1uc2gtMjIiIGNsYXNzPSIiPmh0dHBz Oi8vdG9vbHMuaWV0Zi5vcmcvaHRtbC9kcmFmdC1pZXRmLXNmYy1uc2gtMjI8L2E+PGJyIGNsYXNz PSIiPg0KaHR0cHM6Ly9kYXRhdHJhY2tlci5pZXRmLm9yZy9kb2MvaHRtbC9kcmFmdC1pZXRmLXNm Yy1uc2gtMjI8YnIgY2xhc3M9IiI+DQo8YnIgY2xhc3M9IiI+DQpBIGRpZmYgZnJvbSB0aGUgcHJl dmlvdXMgdmVyc2lvbiBpcyBhdmFpbGFibGUgYXQ6PGJyIGNsYXNzPSIiPg0KaHR0cHM6Ly93d3cu aWV0Zi5vcmcvcmZjZGlmZj91cmwyPWRyYWZ0LWlldGYtc2ZjLW5zaC0yMjxiciBjbGFzcz0iIj4N CjxiciBjbGFzcz0iIj4NCjxiciBjbGFzcz0iIj4NClBsZWFzZSBub3RlIHRoYXQgaXQgbWF5IHRh a2UgYSBjb3VwbGUgb2YgbWludXRlcyBmcm9tIHRoZSB0aW1lIG9mIHN1Ym1pc3Npb248YnIgY2xh c3M9IiI+DQp1bnRpbCB0aGUgaHRtbGl6ZWQgdmVyc2lvbiBhbmQgZGlmZiBhcmUgYXZhaWxhYmxl IGF0IHRvb2xzLmlldGYub3JnLjxiciBjbGFzcz0iIj4NCjxiciBjbGFzcz0iIj4NCkludGVybmV0 LURyYWZ0cyBhcmUgYWxzbyBhdmFpbGFibGUgYnkgYW5vbnltb3VzIEZUUCBhdDo8YnIgY2xhc3M9 IiI+DQpmdHA6Ly9mdHAuaWV0Zi5vcmcvaW50ZXJuZXQtZHJhZnRzLzxiciBjbGFzcz0iIj4NCjxi ciBjbGFzcz0iIj4NCl9fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f X19fPGJyIGNsYXNzPSIiPg0Kc2ZjIG1haWxpbmcgbGlzdDxiciBjbGFzcz0iIj4NCnNmY0BpZXRm Lm9yZzxiciBjbGFzcz0iIj4NCmh0dHBzOi8vd3d3LmlldGYub3JnL21haWxtYW4vbGlzdGluZm8v c2ZjPGJyIGNsYXNzPSIiPg0KPC9kaXY+DQo8L2Rpdj4NCjwvYmxvY2txdW90ZT4NCjwvZGl2Pg0K PGJyIGNsYXNzPSIiPg0KPC9kaXY+DQo8L2JvZHk+DQo8L2h0bWw+DQo= --_000_D4864131FA804529881B23A0C6AE732Cciscocom_-- From nobody Fri Sep 22 13:25:34 2017 Return-Path: X-Original-To: sfc@ietfa.amsl.com Delivered-To: sfc@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DD35A1323B8; Fri, 22 Sep 2017 13:25:32 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.999 X-Spam-Level: X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oFzUNxfcy-SV; Fri, 22 Sep 2017 13:25:30 -0700 (PDT) Received: from mail-wr0-x22d.google.com (mail-wr0-x22d.google.com [IPv6:2a00:1450:400c:c0c::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A965A1241F3; Fri, 22 Sep 2017 13:25:29 -0700 (PDT) Received: by mail-wr0-x22d.google.com with SMTP id l22so1721637wrc.10; Fri, 22 Sep 2017 13:25:29 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=1VAXZuonXdYWNDerNvNajJ2WtzK7Z2wIKhV2qufihgo=; b=amPn7rQjN8jAKnB20M60ovjVBs280M/JPSU6KBntRLgHkqinGVw2vAobw2l35tL3Ja raQumeWmOMtzryUtF8fVtTd0bTY02xS0NQej0Zk7LsKP3NMJVwqRoK/kXEnIT4RG0nTw CAUtkpEgXZfiHOy+huTi6IRnEjkPf6HXny/faknTXH9D8ueFcJG6Zq8aGe5wnKG+LXOz rbvle2woedmapqfwM9iZe3OoWCx4gFKBn23XTjDl4i4UoQkkp7gZF7y4Jpfsx4A+XCKF qntvv3CEh0J8BiqziYHcDqYRu85wrmPGUmhKZPVXtKyn3jK7ViShvau7fCvGw46kfOR9 Y45g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=1VAXZuonXdYWNDerNvNajJ2WtzK7Z2wIKhV2qufihgo=; b=GLHlcWnDHS5kXkwG5Pn1tEWwdSHP/yoSSr27JReaPEOoGElke9KIbHnHfB/HLVrQAu YkgEBZxPjAK+qmFAcbWim2IC4O3EkDPFzRGsL4bDBNUZN0eqGzMpBb9e9apEBPxZ214V SuIkFH4taGYiQjIR64gcgZZ9qBYrk3w8EvOVNWrDhItXcMq8ySilVlGLXe7tBsLZYPz5 6LZ09yKv+sAybbgBzf+fx9X8iMmEtL4miQ5IJ1WcvU6yYyxhOERFiERiIzVpZEbu04kz oBCiA9ClfxHCueu2dUDN8H6DiZb72zas+AMcwuNFx7dcIJN1iTjl9DB07PnML5+Mhdx9 Wcig== X-Gm-Message-State: AHPjjUgsy2f4R9aXjHQfuqHrI+BMkUnXp47j9M0BfQ/Tit4kZRH5UuW0 5q6jCm11Cyir5P05/DSN97zfht+6Zhe4ITuyeR4= X-Google-Smtp-Source: AOwi7QC5/+7zbt9zKWJG9O8QvI+2iwwZoAhYM5sqGs/Un9l5UJPbie8Wl4EbeGqf0v0hz6lYedgvTxZBO8/sQySupKk= X-Received: by 10.223.169.51 with SMTP id u48mr236588wrc.270.1506111927923; Fri, 22 Sep 2017 13:25:27 -0700 (PDT) MIME-Version: 1.0 Received: by 10.223.136.153 with HTTP; Fri, 22 Sep 2017 13:25:27 -0700 (PDT) In-Reply-To: <29A6B17C-F815-4A03-A63C-CB265F0175A2@cisco.com> References: <29A6B17C-F815-4A03-A63C-CB265F0175A2@cisco.com> From: Alia Atlas Date: Fri, 22 Sep 2017 16:25:27 -0400 Message-ID: To: "Carlos Pignataro (cpignata)" Cc: "sfc@ietf.org" , "draft-ietf-sfc-nsh@ietf.org" Content-Type: multipart/alternative; boundary="f403045cf4da74b8620559cd02e9" Archived-At: Subject: Re: [sfc] Additional AD review comments on draft-ietf-sfc-nsh-20 X-BeenThere: sfc@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Network Service Chaining List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 Sep 2017 20:25:33 -0000 --f403045cf4da74b8620559cd02e9 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Hi Carlos, First, thanks for the updated version -21. The rest is inline. On Mon, Sep 18, 2017 at 2:14 PM, Carlos Pignataro (cpignata) < cpignata@cisco.com> wrote: > Hi, Alia, > > You addressed this email to me, but I just noticed I failed to respond = =E2=80=94 > apologies! > > > On Sep 7, 2017, at 3:39 PM, Alia Atlas wrote: > > > > Carlos, > > > > The draft is much improved. Thank you for your hard work. I still see > the following three issues. > > > > Thanks, let=E2=80=99s see those three, inline. > > > > > 1) Sec 2.2: "The O bit MUST be set for OAM packets and MUST NOT be set > for non-OAM > > packets. The O bit MUST NOT be modified along the SFP." > > What happens if the packet is reclassified - potentially to a different > SFP? > > > > Sec 3 doesn't clarify this."When the logical classifier performs re- > > classification that results in a change of service path, it MUST > > replace the existing NSH with a new NSH with the Base Header and > > Service Path Header reflecting the new service path information > > and MUST set the initial SI. Metadata MAY be preserved in the > > new NSH." > > > > I do not think Sec 3 needs to clarify it. Section 2.2 already says: > > =E2=80=9CO bit: [=E2=80=A6] The actual format and processing of SFC > OAM packets is outside the scope of this specification=E2=80=9D > > So we should not attempt to specify the processing here. > > If you believe it helps, we can add =E2=80=9CThe value of the O bit MUST = be > preserved in the new NSH=E2=80=9D, but that would go against S2.2=E2=80= =99s scope. My concern is the following example. Say that an operator wants to do the equivalent of a traceroute to see how a packet is put into an SFP and what SFs it goes through (or maybe just SFFs). Assume that is done by setting the O bit in the first NSH and then the encapsulated packet has duplicated contents to be guided properly. If that packet then is reclassified, is the O bit cleared? I have a real hesitation here about the future interoperability of something like traceroute, if the behavior for the treatment of the O bit isn't specified for (re)classifiers. For instance, if an SF or SFF doesn't support this new NSH-traceroute, then a hop would be skipped in the report back - but if the (re)classifier does it wrong, then all the hops downstream of the (re)classifier will suffer. Do you or others have data on what current implementations are doing as part of reclassification? My interest isn't in changing the behavior (hopefully it is being done consistently) but in clearly documenting the expectations. > > It would be good to specify the behavior for the unassigned flags as > well; that way there will be consistent assumptions for future extensions= , > if needed. > > > > Since they are Unassigned, the have no behavior specified, other than > what=E2=80=99s already there: > > =E2=80=9CUnassigned bits MUST > be set to zero upon origination, and MUST be ignored and preserved > unmodified by other NSH supporting elements. At reception, all > elements MUST NOT modify their actions based on these unknown bits.=E2= =80=9D > > What else is missing? Survival through a reclassifier is what I am thinking about. In one model, there is the ability to pass along flags with a packet from the initial classification until the end of the SFC. In another model, the flags only survive until the first reclassifier. What one can do with these flags is different. IMHO, it'd be better to clarify that unassigned flags should be copied transparently from an old NSH to a new/updated NSH. Then, when and if the flags are assigned meanings, that can inform and change what classifiers that understand the flag meaning will do. > > 2) Sec 7.1: "For example, if the metadata conveys tenant information, > that information may need to be authenticated and/or encrypted between th= e > originator and the > > intended recipients (which may include intended SFs only)." > > A reference to draft-reddy-sfc-nsh-encrypt, which defines how to encryp= t > the meta-data would be most helpful in making this sound less aspirationa= l; > > Sure. It=E2=80=99s already cited in the Security Considerations section, = but we > can add another citation. Done in the working copy. > > > so would having that draft not be 2 years expired and ignored by the WG= . > > > > 3) Sec 11.2.5: Guidance for the expert review is needed. > > Good point. Thanks. > > Here=E2=80=99s an attempt, please complete. I am hesitant to request disc= ussion on > the SFC list, do you think we should (and request in that document that t= he > list is kept open)? > > > Expert Review requests MUST include a single code point per request. > Designated Experts evaluating new allocation requests from this regist= ry > should consider the potential scarcity of code points for an 8-bit > value, > and check both for duplications as well as availability of > documentation. > > This is a good start. I'd add that standardized protocols should have preference and if the range goes over 50% allocated, then IANA should alert the responsible AD so that a new policy can be considered. Thanks, Alia > > > > Regards, > > Alia > > =E2=80=94 > Carlos Pignataro, carlos@cisco.com > > =E2=80=9CSometimes I use big words that I do not fully understand, to mak= e myself > sound more photosynthesis." > > --f403045cf4da74b8620559cd02e9 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Hi Carlos,

First, thanks for the update= d version -21.=C2=A0

The rest is inline.

On Mon, Sep 18, 2017 at 2:14 PM, Carlos Pignataro = (cpignata) <cpignata@cisco.com> wrote:
Hi, Alia,

You addressed this email to me, but I just noticed I failed to respond =E2= =80=94 apologies!

> On Sep 7, 2017, at 3:39 PM, Alia Atlas <akatlas@gmail.com> wrote:
>
> Carlos,
>
> The draft is much improved.=C2=A0 Thank you for your hard work.=C2=A0 = I still see the following three issues.
>

Thanks, let=E2=80=99s see those three, inline.

>
> 1) Sec 2.2: "The O bit MUST be set for OAM packets and MUST NOT b= e set for non-OAM
>=C2=A0 =C2=A0 packets.=C2=A0 The O bit MUST NOT be modified along the S= FP."
> What happens if the packet is reclassified - potentially to a differen= t SFP?
>
> Sec 3 doesn't clarify this."When the logical classifier perfo= rms re-
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 classification that results in a change of = service path, it MUST
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 replace the existing NSH with a new NSH wit= h the Base Header and
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 Service Path Header reflecting the new serv= ice path information
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 and MUST set the initial SI.=C2=A0 Metadata= MAY be preserved in the
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 new NSH."
>

I do not think Sec 3 needs to clarify it. Section 2.2 already says:<= br>
=E2=80=9CO bit: [=E2=80=A6] The actual format and processing of SFC
=C2=A0 =C2=A0OAM packets is outside the scope of this specification=E2=80= =9D

So we should not attempt to specify the processing here.

If you believe it helps, we can add =E2=80=9CThe value of the O bit MUST be= preserved in the new NSH=E2=80=9D, but that would go against S2.2=E2=80=99= s scope.

My concern is the following exampl= e.=C2=A0 Say that an operator wants to do the equivalent of a traceroute to= see how a packet is put into an SFP and what SFs it goes through (or maybe= just SFFs).=C2=A0 Assume that is done by setting the O bit in the first NS= H and then the encapsulated packet has duplicated contents to be guided pro= perly.=C2=A0 If that packet then is reclassified, is the O bit cleared?

I have a real hesitation here about the future intero= perability of something like traceroute, =C2=A0if the behavior for the trea= tment of the O bit isn't specified for (re)classifiers.=C2=A0 For insta= nce, if an SF or SFF doesn't support this new NSH-traceroute, then a ho= p would be skipped in the report back - but if the (re)classifier does it w= rong, then all the hops downstream of the (re)classifier will suffer.
=

Do you or others have data on what current implementati= ons are doing as part of reclassification? My interest isn't in changin= g the behavior (hopefully it is being done consistently) but in clearly doc= umenting the expectations.

=C2=A0
> It would be good to specify the behavior for the unassigned flags as w= ell; that way there will be consistent assumptions for future extensions, i= f needed.
>

Since they are Unassigned, the have no behavior specified, other tha= n what=E2=80=99s already there:

=E2=80=9CUnassigned bits MUST
=C2=A0 =C2=A0be set to zero upon origination, and MUST be ignored and prese= rved
=C2=A0 =C2=A0unmodified by other NSH supporting elements.=C2=A0 At receptio= n, all
=C2=A0 =C2=A0elements MUST NOT modify their actions based on these unknown = bits.=E2=80=9D

What else is missing?

Survival through a re= classifier is what I am thinking about.=C2=A0
In one model, there= is the ability to pass along flags with a packet from the initial classifi= cation until the end of the SFC.
In another model, the flags only= survive until the first reclassifier.
What one can do with these= flags is different. =C2=A0
IMHO, it'd be better to clarify t= hat unassigned flags should be copied transparently from an old NSH to a ne= w/updated NSH.
Then, when and if the flags are assigned meanings,= that can inform and change what classifiers that understand the flag
=
meaning will do.=C2=A0
=C2=A0
> 2) Sec 7.1: "For example, if the metadata conveys tenant informat= ion, that information may need to be authenticated and/or encrypted between= the originator and the
>=C2=A0 =C2=A0 intended recipients (which may include intended SFs only)= ."
> A reference to draft-reddy-sfc-nsh-encrypt, which defines how to encry= pt the meta-data would be most helpful in making this sound less aspiration= al;

Sure. It=E2=80=99s already cited in the Security Considerations sect= ion, but we can add another citation. Done in the working copy.

> so would having that draft not be 2 years expired and ignored by the W= G.
>
> 3) Sec 11.2.5: Guidance for the expert review is needed.

Good point. Thanks.

Here=E2=80=99s an attempt, please complete. I am hesitant to request discus= sion on the SFC list, do you think we should (and request in that document = that the list is kept open)?

<t>
Expert Review requests MUST include a single code point per request.
=C2=A0 =C2=A0Designated Experts evaluating new allocation requests from thi= s registry
=C2=A0 =C2=A0should consider the potential scarcity of code points for an 8= -bit value,
=C2=A0 =C2=A0and check both for duplications as well as availability of doc= umentation.
</t>

This is a good start.=C2=A0 = I'd add that standardized protocols should have preference and
if the range goes over 50% allocated, then IANA should alert the responsi= ble AD so
that a new policy can be considered.

Thanks,
Alia
=C2=A0
>
> Regards,
> Alia

=E2=80=94
Carlos Pignataro, carlos@cisco.com<= br>
=E2=80=9CSometimes I use big words that I do not fully understand, to make = myself sound more photosynthesis."


--f403045cf4da74b8620559cd02e9-- From nobody Fri Sep 22 13:38:35 2017 Return-Path: X-Original-To: sfc@ietfa.amsl.com Delivered-To: sfc@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3EF14132A1A; Fri, 22 Sep 2017 13:38:34 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.701 X-Spam-Level: X-Spam-Status: No, score=-2.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=joelhalpern.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 46sj5mn2JzUN; Fri, 22 Sep 2017 13:38:33 -0700 (PDT) Received: from mailb2.tigertech.net (mailb2.tigertech.net [208.80.4.154]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1E8B4120724; Fri, 22 Sep 2017 13:38:33 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by mailb2.tigertech.net (Postfix) with ESMTP id 064B562099B; Fri, 22 Sep 2017 13:38:33 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=joelhalpern.com; s=1.tigertech; t=1506112713; bh=1TffBHrabKzkItWHQ9qmA+bPrfD5jb4ccU/pW5FguKM=; h=Subject:To:Cc:References:From:Date:In-Reply-To:From; b=G2vLK7MA0Lc4p/fa9W+mhxi03PPw4yCjKjFGcfffHOZ5hilZ0eaVCXW1MFQPL9vxl gWyG0pmO+v0t7GPAILe8aq5PgtNKnIBtBkfGaHKRAQAWBbrROO0LQVUDDuX3pJASAg DVysyffXWM4btWSB25+EsLV/7v83hHyc0hvwzhIk= X-Virus-Scanned: Debian amavisd-new at b2.tigertech.net Received: from Joels-MacBook-Pro.local (unknown [50.225.209.67]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mailb2.tigertech.net (Postfix) with ESMTPSA id 472F11C0692; Fri, 22 Sep 2017 13:38:32 -0700 (PDT) To: Alia Atlas , "Carlos Pignataro (cpignata)" Cc: "draft-ietf-sfc-nsh@ietf.org" , "sfc@ietf.org" References: <29A6B17C-F815-4A03-A63C-CB265F0175A2@cisco.com> From: "Joel M. Halpern" Message-ID: Date: Fri, 22 Sep 2017 16:38:31 -0400 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:52.0) Gecko/20100101 Thunderbird/52.3.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 8bit Archived-At: Subject: Re: [sfc] Additional AD review comments on draft-ietf-sfc-nsh-20 X-BeenThere: sfc@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Network Service Chaining List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 Sep 2017 20:38:34 -0000 Trimmed, with one piece retained as context. If IANA is willing to accept a request for an alert, I can see using that. and half is as good as any other percentage. I do not know what it would mean in practice to add text saying that standardized protocols should have preference. At least until we hit 50%? What would an expert do differently with or without that item? Yours, Joel On 9/22/17 4:25 PM, Alia Atlas wrote: ... > > 3) Sec 11.2.5: Guidance for the expert review is needed. > > Good point. Thanks. > > Here’s an attempt, please complete. I am hesitant to request > discussion on the SFC list, do you think we should (and request in > that document that the list is kept open)? > > > Expert Review requests MUST include a single code point per request. >    Designated Experts evaluating new allocation requests from this > registry >    should consider the potential scarcity of code points for an > 8-bit value, >    and check both for duplications as well as availability of > documentation. > > > > This is a good start.  I'd add that standardized protocols should have > preference and > if the range goes over 50% allocated, then IANA should alert the > responsible AD so > that a new policy can be considered. > > Thanks, > Alia From nobody Fri Sep 22 13:43:31 2017 Return-Path: X-Original-To: sfc@ietfa.amsl.com Delivered-To: sfc@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 01748120724; Fri, 22 Sep 2017 13:43:30 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.699 X-Spam-Level: X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wVhK1P8B9vdG; Fri, 22 Sep 2017 13:43:27 -0700 (PDT) Received: from mail-wm0-x22b.google.com (mail-wm0-x22b.google.com [IPv6:2a00:1450:400c:c09::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5C00C1320D8; Fri, 22 Sep 2017 13:43:27 -0700 (PDT) Received: by mail-wm0-x22b.google.com with SMTP id r74so6889036wme.4; Fri, 22 Sep 2017 13:43:27 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=9clg8w+MmxrNEc0qJ1Q2UEuqbHIW931ZlOdL2sikRDQ=; b=GWol960FiH/9xU2Czecg4+hRztUoecFAGZ92K6tsh/MnWd1o2Kca3fgRb6bbrB8Cmc rNiE+gLIceh3xRNx58y+FJqFYlvIyANvBnx7Lwupy1q2V03hgWTcGfRas0Hyj2TObl5y 3iRG5pLDo3W7FSoYMiI0g5EmRmL+PkF8dsJPKTW4hNK4E0bXeleCYrh72b1Xvp2bZ/Kc LTRtQQGdCWtg1ihbLJOUB4NX8QM/tkBaOIfx/X/MyndKX6Azn0arpNGyoev9UPLDdT3K cNFbtfKspZN2NRVorbIaSQI/AD+bj1AMMown9AW+Ot+dHQBQUUi/dZcnWWKNA6YvzgFg eTXQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=9clg8w+MmxrNEc0qJ1Q2UEuqbHIW931ZlOdL2sikRDQ=; b=ZrLeQpIeQDZkcrKVbYheS5kBXAx7ra8ZbOWsrBff4t8GOemlk87qp4SJZ4fwEs/6aq PYDtiMKXYV+IuQaxt7oZkSokHlPzEj1AEB56ycT1spkxY5CnvYGhJ1GAjcxFMcLJWEUQ 2d8WFYN5mBRihLdiC35L6gm0LQKYNulbtQzWzZHrMP/Nhv16J5ANuEEL7hUWgAeZlwgC jNdC1CGfxYUgxcuiap/eMXiz6bOwzH5+A/qJ+W7JMM2vrSGTd9B+ehbQLQ/JlnwkV0ZP sDNYj+EFFD7gl82fLojV87VvKlN64cTGasxi9sPvekDNzEME1/Pky3A9qKSh/POzbEZ2 qglg== X-Gm-Message-State: AHPjjUhmveXB6x+wrimRDLadgMrU4banRirj0hwwGIxBsTpMBVvMiHdl R7oRYuffBTk1He+McSMmsRZo4D4C5aalw8EAf5E= X-Google-Smtp-Source: AOwi7QBYNDp3FSuo26dmO4E3N2y78IWIQ752zfR0bMNx/+qVzpVfi9ZOVLB+GByJPBxIuBjNI/MzPuy6QfLxYBa2R68= X-Received: by 10.28.18.210 with SMTP id 201mr4389172wms.135.1506113005660; Fri, 22 Sep 2017 13:43:25 -0700 (PDT) MIME-Version: 1.0 Received: by 10.223.136.153 with HTTP; Fri, 22 Sep 2017 13:43:25 -0700 (PDT) In-Reply-To: References: <29A6B17C-F815-4A03-A63C-CB265F0175A2@cisco.com> From: Alia Atlas Date: Fri, 22 Sep 2017 16:43:25 -0400 Message-ID: To: "Joel M. Halpern" Cc: "Carlos Pignataro (cpignata)" , "draft-ietf-sfc-nsh@ietf.org" , "sfc@ietf.org" Content-Type: multipart/alternative; boundary="001a1145b02cb1ae540559cd42ca" Archived-At: Subject: Re: [sfc] Additional AD review comments on draft-ietf-sfc-nsh-20 X-BeenThere: sfc@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Network Service Chaining List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 Sep 2017 20:43:30 -0000 --001a1145b02cb1ae540559cd42ca Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Fri, Sep 22, 2017 at 4:38 PM, Joel M. Halpern wrote: > Trimmed, with one piece retained as context. > If IANA is willing to accept a request for an alert, I can see using > that. and half is as good as any other percentage. > I would be startled to burn through that much, but this gives an alert early enough that the IETF/WG process could respond. Since IANA is responsible for recording the allocation, it should be relatively easy to track and indicate. I do not know what it would mean in practice to add text saying that > standardized protocols should have preference. At least until we hit 50%= ? > What would an expert do differently with or without that item? > My thought is to provide a bit of pressure for requests that are extremely proprietary formats; it would be more relevant as and if the registry gets fuller. To be clearer - these are minor suggested refinements to improve - not requirements to proceed. Regards, Alia > Yours, > Joel > > > On 9/22/17 4:25 PM, Alia Atlas wrote: > ... > > > 3) Sec 11.2.5: Guidance for the expert review is needed. >> >> Good point. Thanks. >> >> Here=E2=80=99s an attempt, please complete. I am hesitant to request >> discussion on the SFC list, do you think we should (and request in >> that document that the list is kept open)? >> >> >> Expert Review requests MUST include a single code point per request. >> Designated Experts evaluating new allocation requests from this >> registry >> should consider the potential scarcity of code points for an >> 8-bit value, >> and check both for duplications as well as availability of >> documentation. >> >> >> >> This is a good start. I'd add that standardized protocols should have >> preference and >> if the range goes over 50% allocated, then IANA should alert the >> responsible AD so >> that a new policy can be considered. >> >> Thanks, >> Alia >> > --001a1145b02cb1ae540559cd42ca Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
On F= ri, Sep 22, 2017 at 4:38 PM, Joel M. Halpern <jmh@joelhalpern.com&g= t; wrote:
Trimmed, with one piece = retained as context.
If IANA is willing to accept a request for an alert, I can see using that.= =C2=A0 and half is as good as any other percentage.
I would be startled to burn through that much, but this gives = an alert early enough that the IETF/WG process could respond. =C2=A0
<= div>Since IANA is responsible for recording the allocation, it should be re= latively easy to track and indicate.=C2=A0

I do not know what it would mean in practice to add text saying that standa= rdized protocols should have preference.=C2=A0 At least until we hit 50%?= =C2=A0 What would an expert do differently with or without that item?

My thought is to provide a bit of pressure f= or requests that are extremely proprietary formats; it would be more releva= nt as and if the registry gets fuller.

To be clear= er - these are minor suggested refinements to improve - not requirements to= proceed.

Regards,
Alia
=C2=A0=
Yours,
Joel


On 9/22/17 4:25 PM, Alia Atlas wrote:
...

=C2=A0 =C2=A0 > 3) Sec 11.2.5: Guidance for the expert review is needed.=

=C2=A0 =C2=A0 Good point. Thanks.

=C2=A0 =C2=A0 Here=E2=80=99s an attempt, please complete. I am hesitant to = request
=C2=A0 =C2=A0 discussion on the SFC list, do you think we should (and reque= st in
=C2=A0 =C2=A0 that document that the list is kept open)?

=C2=A0 =C2=A0 <t>
=C2=A0 =C2=A0 Expert Review requests MUST include a single code point per r= equest.
=C2=A0 =C2=A0 =C2=A0=C2=A0 =C2=A0Designated Experts evaluating new allocati= on requests from this
=C2=A0 =C2=A0 registry
=C2=A0 =C2=A0 =C2=A0=C2=A0 =C2=A0should consider the potential scarcity of = code points for an
=C2=A0 =C2=A0 8-bit value,
=C2=A0 =C2=A0 =C2=A0=C2=A0 =C2=A0and check both for duplications as well as= availability of
=C2=A0 =C2=A0 documentation.
=C2=A0 =C2=A0 </t>


This is a good start.=C2=A0 I'd add that standardized protocols should = have preference and
if the range goes over 50% allocated, then IANA should alert the responsibl= e AD so
that a new policy can be considered.

Thanks,
Alia

--001a1145b02cb1ae540559cd42ca-- From nobody Fri Sep 22 13:53:56 2017 Return-Path: X-Original-To: sfc@ietfa.amsl.com Delivered-To: sfc@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1507013301E; Fri, 22 Sep 2017 13:53:55 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -14.52 X-Spam-Level: X-Spam-Status: No, score=-14.52 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7o1zM5LMvPC4; Fri, 22 Sep 2017 13:53:53 -0700 (PDT) Received: from rcdn-iport-6.cisco.com (rcdn-iport-6.cisco.com [173.37.86.77]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 66082132F3F; Fri, 22 Sep 2017 13:53:53 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=10192; q=dns/txt; s=iport; t=1506113633; x=1507323233; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=vgrHJQ6PFdG+uXsB8letWlCYW+e+j4zz6B6BwAPe7Ds=; b=NT0KIHV8+kEnqwMK40lcBdFd3IKtTLsQKv70PBZDuMeZ7K8Ld/aRFwRD dZKD/aYrNhd5STlrGu4ZNKvatyNA3FSCn8yTc8nSbmTDsaAfIp3lTYIvn 2IKHM0qQFLX8JkMAuQ2OssCJWEGw5pxNykt5OpD6yJ+ZDscNoI5V2XZeD A=; X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0C5AQCZd8VZ/5FdJa1cGQEBAQEBAQEBA?= =?us-ascii?q?QEBBwEBAQEBg1qBUicHg2+aG4F0iD+IK4U+ghIKhTsCGoQKQRYBAgEBAQEBAQF?= =?us-ascii?q?rKIUZAQQBI0gOBQsCAQgOMQMCAgIfERQRAgQOBYlPTAMNCKcigieHNg2DWAEBA?= =?us-ascii?q?QEBAQEBAQEBAQEBAQEBAQEBAR2DK4ICgVGBZCuCfYJZhTUvgjEFoFs8Ao9hhHm?= =?us-ascii?q?CE4VuiwOMZYgyAhEZAYE4ASYFLIEOeBVJEgGHCnaJG4EQAQEB?= X-IronPort-AV: E=Sophos;i="5.42,427,1500940800"; d="scan'208,217";a="298890049" Received: from rcdn-core-9.cisco.com ([173.37.93.145]) by rcdn-iport-6.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 22 Sep 2017 20:53:52 +0000 Received: from XCH-RTP-016.cisco.com (xch-rtp-016.cisco.com [64.101.220.156]) by rcdn-core-9.cisco.com (8.14.5/8.14.5) with ESMTP id v8MKrqdc025001 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Fri, 22 Sep 2017 20:53:52 GMT Received: from xch-rtp-020.cisco.com (64.101.220.160) by XCH-RTP-016.cisco.com (64.101.220.156) with Microsoft SMTP Server (TLS) id 15.0.1263.5; Fri, 22 Sep 2017 16:53:51 -0400 Received: from xch-rtp-020.cisco.com ([64.101.220.160]) by XCH-RTP-020.cisco.com ([64.101.220.160]) with mapi id 15.00.1263.000; Fri, 22 Sep 2017 16:53:51 -0400 From: "Carlos Pignataro (cpignata)" To: Alia Atlas CC: "Joel M. Halpern" , "draft-ietf-sfc-nsh@ietf.org" , "sfc@ietf.org" Thread-Topic: [sfc] Additional AD review comments on draft-ietf-sfc-nsh-20 Thread-Index: AQHTKBEJ6j37PwZL1EeImcQxKOWXRaK7RsUAgAZuAYCAAAOngIAAAV6AgAAC44A= Date: Fri, 22 Sep 2017 20:53:51 +0000 Message-ID: <35CE2C0C-84F5-48B4-991D-A0D6C824D697@cisco.com> References: <29A6B17C-F815-4A03-A63C-CB265F0175A2@cisco.com> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-exchange-messagesentrepresentingtype: 1 x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [10.118.116.133] Content-Type: multipart/alternative; boundary="_000_35CE2C0C84F548B4991DA0D6C824D697ciscocom_" MIME-Version: 1.0 Archived-At: Subject: Re: [sfc] Additional AD review comments on draft-ietf-sfc-nsh-20 X-BeenThere: sfc@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Network Service Chaining List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 Sep 2017 20:53:55 -0000 --_000_35CE2C0C84F548B4991DA0D6C824D697ciscocom_ Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 VGhlc2UgYXJlIGdvb2Qgc3VnZ2VzdGlvbnMsIEFsaWEsIHRoYXQgSSBiZWxpZXZlIHdlIG5lZWQg dG8gYWNjb21tb2RhdGUuDQoNCuKAlA0KQ2FybG9zIFBpZ25hdGFybywgY2FybG9zQGNpc2NvLmNv bTxtYWlsdG86Y2FybG9zQGNpc2NvLmNvbT4NCg0K4oCcU29tZXRpbWVzIEkgdXNlIGJpZyB3b3Jk cyB0aGF0IEkgZG8gbm90IGZ1bGx5IHVuZGVyc3RhbmQsIHRvIG1ha2UgbXlzZWxmIHNvdW5kIG1v cmUgcGhvdG9zeW50aGVzaXMuIg0KDQpPbiBTZXAgMjIsIDIwMTcsIGF0IDQ6NDMgUE0sIEFsaWEg QXRsYXMgPGFrYXRsYXNAZ21haWwuY29tPG1haWx0bzpha2F0bGFzQGdtYWlsLmNvbT4+IHdyb3Rl Og0KDQpPbiBGcmksIFNlcCAyMiwgMjAxNyBhdCA0OjM4IFBNLCBKb2VsIE0uIEhhbHBlcm4gPGpt aEBqb2VsaGFscGVybi5jb208bWFpbHRvOmptaEBqb2VsaGFscGVybi5jb20+PiB3cm90ZToNClRy aW1tZWQsIHdpdGggb25lIHBpZWNlIHJldGFpbmVkIGFzIGNvbnRleHQuDQpJZiBJQU5BIGlzIHdp bGxpbmcgdG8gYWNjZXB0IGEgcmVxdWVzdCBmb3IgYW4gYWxlcnQsIEkgY2FuIHNlZSB1c2luZyB0 aGF0LiAgYW5kIGhhbGYgaXMgYXMgZ29vZCBhcyBhbnkgb3RoZXIgcGVyY2VudGFnZS4NCg0KSSB3 b3VsZCBiZSBzdGFydGxlZCB0byBidXJuIHRocm91Z2ggdGhhdCBtdWNoLCBidXQgdGhpcyBnaXZl cyBhbiBhbGVydCBlYXJseSBlbm91Z2ggdGhhdCB0aGUgSUVURi9XRyBwcm9jZXNzIGNvdWxkIHJl c3BvbmQuDQpTaW5jZSBJQU5BIGlzIHJlc3BvbnNpYmxlIGZvciByZWNvcmRpbmcgdGhlIGFsbG9j YXRpb24sIGl0IHNob3VsZCBiZSByZWxhdGl2ZWx5IGVhc3kgdG8gdHJhY2sgYW5kIGluZGljYXRl Lg0KDQpJIGRvIG5vdCBrbm93IHdoYXQgaXQgd291bGQgbWVhbiBpbiBwcmFjdGljZSB0byBhZGQg dGV4dCBzYXlpbmcgdGhhdCBzdGFuZGFyZGl6ZWQgcHJvdG9jb2xzIHNob3VsZCBoYXZlIHByZWZl cmVuY2UuICBBdCBsZWFzdCB1bnRpbCB3ZSBoaXQgNTAlPyAgV2hhdCB3b3VsZCBhbiBleHBlcnQg ZG8gZGlmZmVyZW50bHkgd2l0aCBvciB3aXRob3V0IHRoYXQgaXRlbT8NCg0KTXkgdGhvdWdodCBp cyB0byBwcm92aWRlIGEgYml0IG9mIHByZXNzdXJlIGZvciByZXF1ZXN0cyB0aGF0IGFyZSBleHRy ZW1lbHkgcHJvcHJpZXRhcnkgZm9ybWF0czsgaXQgd291bGQgYmUgbW9yZSByZWxldmFudCBhcyBh bmQgaWYgdGhlIHJlZ2lzdHJ5IGdldHMgZnVsbGVyLg0KDQpUbyBiZSBjbGVhcmVyIC0gdGhlc2Ug YXJlIG1pbm9yIHN1Z2dlc3RlZCByZWZpbmVtZW50cyB0byBpbXByb3ZlIC0gbm90IHJlcXVpcmVt ZW50cyB0byBwcm9jZWVkLg0KDQpSZWdhcmRzLA0KQWxpYQ0KDQpZb3VycywNCkpvZWwNCg0KDQpP biA5LzIyLzE3IDQ6MjUgUE0sIEFsaWEgQXRsYXMgd3JvdGU6DQouLi4NCg0KICAgID4gMykgU2Vj IDExLjIuNTogR3VpZGFuY2UgZm9yIHRoZSBleHBlcnQgcmV2aWV3IGlzIG5lZWRlZC4NCg0KICAg IEdvb2QgcG9pbnQuIFRoYW5rcy4NCg0KICAgIEhlcmXigJlzIGFuIGF0dGVtcHQsIHBsZWFzZSBj b21wbGV0ZS4gSSBhbSBoZXNpdGFudCB0byByZXF1ZXN0DQogICAgZGlzY3Vzc2lvbiBvbiB0aGUg U0ZDIGxpc3QsIGRvIHlvdSB0aGluayB3ZSBzaG91bGQgKGFuZCByZXF1ZXN0IGluDQogICAgdGhh dCBkb2N1bWVudCB0aGF0IHRoZSBsaXN0IGlzIGtlcHQgb3Blbik/DQoNCiAgICA8dD4NCiAgICBF eHBlcnQgUmV2aWV3IHJlcXVlc3RzIE1VU1QgaW5jbHVkZSBhIHNpbmdsZSBjb2RlIHBvaW50IHBl ciByZXF1ZXN0Lg0KICAgICAgICBEZXNpZ25hdGVkIEV4cGVydHMgZXZhbHVhdGluZyBuZXcgYWxs b2NhdGlvbiByZXF1ZXN0cyBmcm9tIHRoaXMNCiAgICByZWdpc3RyeQ0KICAgICAgICBzaG91bGQg Y29uc2lkZXIgdGhlIHBvdGVudGlhbCBzY2FyY2l0eSBvZiBjb2RlIHBvaW50cyBmb3IgYW4NCiAg ICA4LWJpdCB2YWx1ZSwNCiAgICAgICAgYW5kIGNoZWNrIGJvdGggZm9yIGR1cGxpY2F0aW9ucyBh cyB3ZWxsIGFzIGF2YWlsYWJpbGl0eSBvZg0KICAgIGRvY3VtZW50YXRpb24uDQogICAgPC90Pg0K DQoNClRoaXMgaXMgYSBnb29kIHN0YXJ0LiAgSSdkIGFkZCB0aGF0IHN0YW5kYXJkaXplZCBwcm90 b2NvbHMgc2hvdWxkIGhhdmUgcHJlZmVyZW5jZSBhbmQNCmlmIHRoZSByYW5nZSBnb2VzIG92ZXIg NTAlIGFsbG9jYXRlZCwgdGhlbiBJQU5BIHNob3VsZCBhbGVydCB0aGUgcmVzcG9uc2libGUgQUQg c28NCnRoYXQgYSBuZXcgcG9saWN5IGNhbiBiZSBjb25zaWRlcmVkLg0KDQpUaGFua3MsDQpBbGlh DQoNCg0K --_000_35CE2C0C84F548B4991DA0D6C824D697ciscocom_ Content-Type: text/html; charset="utf-8" Content-ID: <3327FE16F5171848BE465633293142A0@emea.cisco.com> Content-Transfer-Encoding: base64 PGh0bWw+DQo8aGVhZD4NCjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIgY29udGVudD0i dGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Ij4NCjwvaGVhZD4NCjxib2R5IHN0eWxlPSJ3b3JkLXdy YXA6IGJyZWFrLXdvcmQ7IC13ZWJraXQtbmJzcC1tb2RlOiBzcGFjZTsgLXdlYmtpdC1saW5lLWJy ZWFrOiBhZnRlci13aGl0ZS1zcGFjZTsiIGNsYXNzPSIiPg0KVGhlc2UgYXJlIGdvb2Qgc3VnZ2Vz dGlvbnMsIEFsaWEsIHRoYXQgSSBiZWxpZXZlIHdlIG5lZWQgdG8gYWNjb21tb2RhdGUuDQo8ZGl2 IGNsYXNzPSIiPjxiciBjbGFzcz0iIj4NCjxkaXYgY2xhc3M9IiI+DQo8ZGl2IHN0eWxlPSJjb2xv cjogcmdiKDAsIDAsIDApOyBsZXR0ZXItc3BhY2luZzogbm9ybWFsOyB0ZXh0LWFsaWduOiBzdGFy dDsgdGV4dC1pbmRlbnQ6IDBweDsgdGV4dC10cmFuc2Zvcm06IG5vbmU7IHdoaXRlLXNwYWNlOiBu b3JtYWw7IHdvcmQtc3BhY2luZzogMHB4OyAtd2Via2l0LXRleHQtc3Ryb2tlLXdpZHRoOiAwcHg7 IHdvcmQtd3JhcDogYnJlYWstd29yZDsgLXdlYmtpdC1uYnNwLW1vZGU6IHNwYWNlOyAtd2Via2l0 LWxpbmUtYnJlYWs6IGFmdGVyLXdoaXRlLXNwYWNlOyIgY2xhc3M9IiI+DQrigJQ8YnIgY2xhc3M9 IiI+DQpDYXJsb3MgUGlnbmF0YXJvLCZuYnNwOzxhIGhyZWY9Im1haWx0bzpjYXJsb3NAY2lzY28u Y29tIiBjbGFzcz0iIj5jYXJsb3NAY2lzY28uY29tPC9hPjxiciBjbGFzcz0iIj4NCjxiciBjbGFz cz0iIj4NCjxpIGNsYXNzPSIiPuKAnFNvbWV0aW1lcyBJIHVzZSBiaWcgd29yZHMgdGhhdCBJIGRv IG5vdCBmdWxseSB1bmRlcnN0YW5kLCB0byBtYWtlIG15c2VsZiBzb3VuZCBtb3JlIHBob3Rvc3lu dGhlc2lzLiZxdW90OzwvaT48L2Rpdj4NCjwvZGl2Pg0KPGJyIGNsYXNzPSIiPg0KPGRpdj4NCjxi bG9ja3F1b3RlIHR5cGU9ImNpdGUiIGNsYXNzPSIiPg0KPGRpdiBjbGFzcz0iIj5PbiBTZXAgMjIs IDIwMTcsIGF0IDQ6NDMgUE0sIEFsaWEgQXRsYXMgJmx0OzxhIGhyZWY9Im1haWx0bzpha2F0bGFz QGdtYWlsLmNvbSIgY2xhc3M9IiI+YWthdGxhc0BnbWFpbC5jb208L2E+Jmd0OyB3cm90ZTo8L2Rp dj4NCjxiciBjbGFzcz0iQXBwbGUtaW50ZXJjaGFuZ2UtbmV3bGluZSI+DQo8ZGl2IGNsYXNzPSIi Pg0KPGRpdiBkaXI9Imx0ciIgY2xhc3M9IiI+DQo8ZGl2IGNsYXNzPSJnbWFpbF9leHRyYSI+DQo8 ZGl2IGNsYXNzPSJnbWFpbF9xdW90ZSI+T24gRnJpLCBTZXAgMjIsIDIwMTcgYXQgNDozOCBQTSwg Sm9lbCBNLiBIYWxwZXJuIDxzcGFuIGRpcj0ibHRyIiBjbGFzcz0iIj4NCiZsdDs8YSBocmVmPSJt YWlsdG86am1oQGpvZWxoYWxwZXJuLmNvbSIgdGFyZ2V0PSJfYmxhbmsiIGNsYXNzPSIiPmptaEBq b2VsaGFscGVybi5jb208L2E+Jmd0Ozwvc3Bhbj4gd3JvdGU6PGJyIGNsYXNzPSIiPg0KPGJsb2Nr cXVvdGUgY2xhc3M9ImdtYWlsX3F1b3RlIiBzdHlsZT0ibWFyZ2luOjAgMCAwIC44ZXg7Ym9yZGVy LWxlZnQ6MXB4ICNjY2Mgc29saWQ7cGFkZGluZy1sZWZ0OjFleCI+DQpUcmltbWVkLCB3aXRoIG9u ZSBwaWVjZSByZXRhaW5lZCBhcyBjb250ZXh0LjxiciBjbGFzcz0iIj4NCklmIElBTkEgaXMgd2ls bGluZyB0byBhY2NlcHQgYSByZXF1ZXN0IGZvciBhbiBhbGVydCwgSSBjYW4gc2VlIHVzaW5nIHRo YXQuJm5ic3A7IGFuZCBoYWxmIGlzIGFzIGdvb2QgYXMgYW55IG90aGVyIHBlcmNlbnRhZ2UuPGJy IGNsYXNzPSIiPg0KPC9ibG9ja3F1b3RlPg0KPGRpdiBjbGFzcz0iIj48YnIgY2xhc3M9IiI+DQo8 L2Rpdj4NCjxkaXYgY2xhc3M9IiI+SSB3b3VsZCBiZSBzdGFydGxlZCB0byBidXJuIHRocm91Z2gg dGhhdCBtdWNoLCBidXQgdGhpcyBnaXZlcyBhbiBhbGVydCBlYXJseSBlbm91Z2ggdGhhdCB0aGUg SUVURi9XRyBwcm9jZXNzIGNvdWxkIHJlc3BvbmQuICZuYnNwOzwvZGl2Pg0KPGRpdiBjbGFzcz0i Ij5TaW5jZSBJQU5BIGlzIHJlc3BvbnNpYmxlIGZvciByZWNvcmRpbmcgdGhlIGFsbG9jYXRpb24s IGl0IHNob3VsZCBiZSByZWxhdGl2ZWx5IGVhc3kgdG8gdHJhY2sgYW5kIGluZGljYXRlLiZuYnNw OzwvZGl2Pg0KPGRpdiBjbGFzcz0iIj48YnIgY2xhc3M9IiI+DQo8L2Rpdj4NCjxibG9ja3F1b3Rl IGNsYXNzPSJnbWFpbF9xdW90ZSIgc3R5bGU9Im1hcmdpbjowIDAgMCAuOGV4O2JvcmRlci1sZWZ0 OjFweCAjY2NjIHNvbGlkO3BhZGRpbmctbGVmdDoxZXgiPg0KSSBkbyBub3Qga25vdyB3aGF0IGl0 IHdvdWxkIG1lYW4gaW4gcHJhY3RpY2UgdG8gYWRkIHRleHQgc2F5aW5nIHRoYXQgc3RhbmRhcmRp emVkIHByb3RvY29scyBzaG91bGQgaGF2ZSBwcmVmZXJlbmNlLiZuYnNwOyBBdCBsZWFzdCB1bnRp bCB3ZSBoaXQgNTAlPyZuYnNwOyBXaGF0IHdvdWxkIGFuIGV4cGVydCBkbyBkaWZmZXJlbnRseSB3 aXRoIG9yIHdpdGhvdXQgdGhhdCBpdGVtPzxiciBjbGFzcz0iIj4NCjwvYmxvY2txdW90ZT4NCjxk aXYgY2xhc3M9IiI+PGJyIGNsYXNzPSIiPg0KPC9kaXY+DQo8ZGl2IGNsYXNzPSIiPk15IHRob3Vn aHQgaXMgdG8gcHJvdmlkZSBhIGJpdCBvZiBwcmVzc3VyZSBmb3IgcmVxdWVzdHMgdGhhdCBhcmUg ZXh0cmVtZWx5IHByb3ByaWV0YXJ5IGZvcm1hdHM7IGl0IHdvdWxkIGJlIG1vcmUgcmVsZXZhbnQg YXMgYW5kIGlmIHRoZSByZWdpc3RyeSBnZXRzIGZ1bGxlci48L2Rpdj4NCjxkaXYgY2xhc3M9IiI+ PGJyIGNsYXNzPSIiPg0KPC9kaXY+DQo8ZGl2IGNsYXNzPSIiPlRvIGJlIGNsZWFyZXIgLSB0aGVz ZSBhcmUgbWlub3Igc3VnZ2VzdGVkIHJlZmluZW1lbnRzIHRvIGltcHJvdmUgLSBub3QgcmVxdWly ZW1lbnRzIHRvIHByb2NlZWQuPC9kaXY+DQo8ZGl2IGNsYXNzPSIiPjxiciBjbGFzcz0iIj4NCjwv ZGl2Pg0KPGRpdiBjbGFzcz0iIj5SZWdhcmRzLDwvZGl2Pg0KPGRpdiBjbGFzcz0iIj5BbGlhPC9k aXY+DQo8ZGl2IGNsYXNzPSIiPiZuYnNwOzwvZGl2Pg0KPGJsb2NrcXVvdGUgY2xhc3M9ImdtYWls X3F1b3RlIiBzdHlsZT0ibWFyZ2luOjAgMCAwIC44ZXg7Ym9yZGVyLWxlZnQ6MXB4ICNjY2Mgc29s aWQ7cGFkZGluZy1sZWZ0OjFleCI+DQpZb3Vycyw8YnIgY2xhc3M9IiI+DQpKb2VsPGJyIGNsYXNz PSIiPg0KPGJyIGNsYXNzPSIiPg0KPGJyIGNsYXNzPSIiPg0KT24gOS8yMi8xNyA0OjI1IFBNLCBB bGlhIEF0bGFzIHdyb3RlOjxiciBjbGFzcz0iIj4NCi4uLg0KPGRpdiBjbGFzcz0iSE9FblpiIj4N CjxkaXYgY2xhc3M9Img1Ij48YnIgY2xhc3M9IiI+DQo8YmxvY2txdW90ZSBjbGFzcz0iZ21haWxf cXVvdGUiIHN0eWxlPSJtYXJnaW46MCAwIDAgLjhleDtib3JkZXItbGVmdDoxcHggI2NjYyBzb2xp ZDtwYWRkaW5nLWxlZnQ6MWV4Ij4NCiZuYnNwOyAmbmJzcDsgJmd0OyAzKSBTZWMgMTEuMi41OiBH dWlkYW5jZSBmb3IgdGhlIGV4cGVydCByZXZpZXcgaXMgbmVlZGVkLjxiciBjbGFzcz0iIj4NCjxi ciBjbGFzcz0iIj4NCiZuYnNwOyAmbmJzcDsgR29vZCBwb2ludC4gVGhhbmtzLjxiciBjbGFzcz0i Ij4NCjxiciBjbGFzcz0iIj4NCiZuYnNwOyAmbmJzcDsgSGVyZeKAmXMgYW4gYXR0ZW1wdCwgcGxl YXNlIGNvbXBsZXRlLiBJIGFtIGhlc2l0YW50IHRvIHJlcXVlc3Q8YnIgY2xhc3M9IiI+DQombmJz cDsgJm5ic3A7IGRpc2N1c3Npb24gb24gdGhlIFNGQyBsaXN0LCBkbyB5b3UgdGhpbmsgd2Ugc2hv dWxkIChhbmQgcmVxdWVzdCBpbjxiciBjbGFzcz0iIj4NCiZuYnNwOyAmbmJzcDsgdGhhdCBkb2N1 bWVudCB0aGF0IHRoZSBsaXN0IGlzIGtlcHQgb3Blbik/PGJyIGNsYXNzPSIiPg0KPGJyIGNsYXNz PSIiPg0KJm5ic3A7ICZuYnNwOyAmbHQ7dCZndDs8YnIgY2xhc3M9IiI+DQombmJzcDsgJm5ic3A7 IEV4cGVydCBSZXZpZXcgcmVxdWVzdHMgTVVTVCBpbmNsdWRlIGEgc2luZ2xlIGNvZGUgcG9pbnQg cGVyIHJlcXVlc3QuPGJyIGNsYXNzPSIiPg0KJm5ic3A7ICZuYnNwOyAmbmJzcDsmbmJzcDsgJm5i c3A7RGVzaWduYXRlZCBFeHBlcnRzIGV2YWx1YXRpbmcgbmV3IGFsbG9jYXRpb24gcmVxdWVzdHMg ZnJvbSB0aGlzPGJyIGNsYXNzPSIiPg0KJm5ic3A7ICZuYnNwOyByZWdpc3RyeTxiciBjbGFzcz0i Ij4NCiZuYnNwOyAmbmJzcDsgJm5ic3A7Jm5ic3A7ICZuYnNwO3Nob3VsZCBjb25zaWRlciB0aGUg cG90ZW50aWFsIHNjYXJjaXR5IG9mIGNvZGUgcG9pbnRzIGZvciBhbjxiciBjbGFzcz0iIj4NCiZu YnNwOyAmbmJzcDsgOC1iaXQgdmFsdWUsPGJyIGNsYXNzPSIiPg0KJm5ic3A7ICZuYnNwOyAmbmJz cDsmbmJzcDsgJm5ic3A7YW5kIGNoZWNrIGJvdGggZm9yIGR1cGxpY2F0aW9ucyBhcyB3ZWxsIGFz IGF2YWlsYWJpbGl0eSBvZjxiciBjbGFzcz0iIj4NCiZuYnNwOyAmbmJzcDsgZG9jdW1lbnRhdGlv bi48YnIgY2xhc3M9IiI+DQombmJzcDsgJm5ic3A7ICZsdDsvdCZndDs8YnIgY2xhc3M9IiI+DQo8 YnIgY2xhc3M9IiI+DQo8YnIgY2xhc3M9IiI+DQpUaGlzIGlzIGEgZ29vZCBzdGFydC4mbmJzcDsg SSdkIGFkZCB0aGF0IHN0YW5kYXJkaXplZCBwcm90b2NvbHMgc2hvdWxkIGhhdmUgcHJlZmVyZW5j ZSBhbmQ8YnIgY2xhc3M9IiI+DQppZiB0aGUgcmFuZ2UgZ29lcyBvdmVyIDUwJSBhbGxvY2F0ZWQs IHRoZW4gSUFOQSBzaG91bGQgYWxlcnQgdGhlIHJlc3BvbnNpYmxlIEFEIHNvPGJyIGNsYXNzPSIi Pg0KdGhhdCBhIG5ldyBwb2xpY3kgY2FuIGJlIGNvbnNpZGVyZWQuPGJyIGNsYXNzPSIiPg0KPGJy IGNsYXNzPSIiPg0KVGhhbmtzLDxiciBjbGFzcz0iIj4NCkFsaWE8YnIgY2xhc3M9IiI+DQo8L2Js b2NrcXVvdGU+DQo8L2Rpdj4NCjwvZGl2Pg0KPC9ibG9ja3F1b3RlPg0KPC9kaXY+DQo8YnIgY2xh c3M9IiI+DQo8L2Rpdj4NCjwvZGl2Pg0KPC9kaXY+DQo8L2Jsb2NrcXVvdGU+DQo8L2Rpdj4NCjxi ciBjbGFzcz0iIj4NCjwvZGl2Pg0KPC9ib2R5Pg0KPC9odG1sPg0K --_000_35CE2C0C84F548B4991DA0D6C824D697ciscocom_-- From nobody Fri Sep 22 14:10:14 2017 Return-Path: X-Original-To: sfc@ietf.org Delivered-To: sfc@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 7118713219B; Fri, 22 Sep 2017 14:10:13 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: internet-drafts@ietf.org To: Cc: sfc@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 6.62.1 Auto-Submitted: auto-generated Precedence: bulk Message-ID: <150611461342.16764.658775322238296334@ietfa.amsl.com> Date: Fri, 22 Sep 2017 14:10:13 -0700 Archived-At: Subject: [sfc] I-D Action: draft-ietf-sfc-nsh-23.txt X-BeenThere: sfc@ietf.org X-Mailman-Version: 2.1.22 List-Id: Network Service Chaining List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 Sep 2017 21:10:13 -0000 A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Service Function Chaining WG of the IETF. Title : Network Service Header (NSH) Authors : Paul Quinn Uri Elzur Carlos Pignataro Filename : draft-ietf-sfc-nsh-23.txt Pages : 34 Date : 2017-09-22 Abstract: This document describes a Network Service Header (NSH) imposed on packets or frames to realize service function paths. The NSH also provides a mechanism for metadata exchange along the instantiated service paths. The NSH is the SFC encapsulation required to support the Service Function Chaining (SFC) architecture (defined in RFC7665). The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-sfc-nsh/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-sfc-nsh-23 https://datatracker.ietf.org/doc/html/draft-ietf-sfc-nsh-23 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-sfc-nsh-23 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ From nobody Fri Sep 22 14:16:06 2017 Return-Path: X-Original-To: sfc@ietfa.amsl.com Delivered-To: sfc@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EE4CA13301F; Fri, 22 Sep 2017 14:16:04 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -14.52 X-Spam-Level: X-Spam-Status: No, score=-14.52 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9klp73Z1xxBo; Fri, 22 Sep 2017 14:16:02 -0700 (PDT) Received: from alln-iport-6.cisco.com (alln-iport-6.cisco.com [173.37.142.93]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 89C0813219B; Fri, 22 Sep 2017 14:16:02 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=22614; q=dns/txt; s=iport; t=1506114962; x=1507324562; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=wcsIRrMdkP6HCzmLvpUE0w403NGL91JiqUGO+gF6uMc=; b=En2+pjXF/WcatRe7fnYFNesKh1sdQaZFNs1bkUWVq1WrEMCoNNjiQDa3 ecSCDidKie3f15AlSuNKVZfhRa16waBXX7PI+OB8g94Wt+O9AxQJ5Ifxl lncJ+yM9Ig2gVEJtePj84OKHrCyJ2hg8jxKhEbx8Chs73WjnJZ5Vm3YXP w=; X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0C5AQDHfMVZ/51dJa1cGQEBAQEBAQEBA?= =?us-ascii?q?QEBBwEBAQEBg1qBUicHg2+aG4F0iD+IK4VMggQKhTsCGoQKVwECAQEBAQECayi?= =?us-ascii?q?FGAEBAQECASNIDgULAgEIDgonAwICAh8RFBECBA4FiU9MAw0IpyCCJ4c2DYNYA?= =?us-ascii?q?QEBAQEBAQEBAQEBAQEBAQEBAQEBHYMrgWEBIIFRgWQrgn2CWYFvARIBgzIvgjE?= =?us-ascii?q?FigcBiRiFKogRPAKIcIZxhHmCE4VuiwOMZYgyAhEZAYE4AVeBAwt4FUkSAYcKd?= =?us-ascii?q?od4gSOBEAEBAQ?= X-IronPort-AV: E=Sophos;i="5.42,427,1500940800"; d="scan'208,217";a="6876579" Received: from rcdn-core-6.cisco.com ([173.37.93.157]) by alln-iport-6.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 22 Sep 2017 21:16:01 +0000 Received: from XCH-RTP-017.cisco.com (xch-rtp-017.cisco.com [64.101.220.157]) by rcdn-core-6.cisco.com (8.14.5/8.14.5) with ESMTP id v8MLG1kE021178 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Fri, 22 Sep 2017 21:16:01 GMT Received: from xch-rtp-020.cisco.com (64.101.220.160) by XCH-RTP-017.cisco.com (64.101.220.157) with Microsoft SMTP Server (TLS) id 15.0.1263.5; Fri, 22 Sep 2017 17:16:00 -0400 Received: from xch-rtp-020.cisco.com ([64.101.220.160]) by XCH-RTP-020.cisco.com ([64.101.220.160]) with mapi id 15.00.1263.000; Fri, 22 Sep 2017 17:16:00 -0400 From: "Carlos Pignataro (cpignata)" To: Alia Atlas CC: "sfc@ietf.org" , "draft-ietf-sfc-nsh@ietf.org" Thread-Topic: Additional AD review comments on draft-ietf-sfc-nsh-20 Thread-Index: AQHTKBEJ6j37PwZL1EeImcQxKOWXRaK7RsUAgAZuAYCAAA4ZAA== Date: Fri, 22 Sep 2017 21:16:00 +0000 Message-ID: <9A9C0616-9B5E-42B5-9A03-F2833F28C105@cisco.com> References: <29A6B17C-F815-4A03-A63C-CB265F0175A2@cisco.com> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-exchange-messagesentrepresentingtype: 1 x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [10.118.116.133] Content-Type: multipart/alternative; boundary="_000_9A9C06169B5E42B59A03F2833F28C105ciscocom_" MIME-Version: 1.0 Archived-At: Subject: Re: [sfc] Additional AD review comments on draft-ietf-sfc-nsh-20 X-BeenThere: sfc@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Network Service Chaining List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 Sep 2017 21:16:05 -0000 --_000_9A9C06169B5E42B59A03F2833F28C105ciscocom_ Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 SGkgQWxpYSwNCg0KRmlyc3QsIHRoYW5rcyBmb3IgdGhlIGZvbGxvdy11cCBhbmQgZGlhbG9ndWUu DQoNCi0yMyBpcyBvdXQuDQoNCkkgYW0gbm93IGNvbnZpbmNlZCB0aGF0IHNwZWNpZnlpbmcgdGhl IGJlaGF2aW9yIHJlZ2FyZGluZyB0aGUgTyBhbmQgdW5hc3NpZ25lZCBiaXRzIHVwb24gcmVjbGFz c2lmaWNhdGlvbiBpcyBub3Qgb25seSBoYXJtbGVzcywgbm90IG9ubHkgdXNlZnVsLCBidXQgcG90 ZW50aWFsbHkgbmVjZXNzYXJ5LiBUaGFua3MgZm9yIHB1c2hpbmcuDQoNClRoZSBJQU5BIGNvbW1l bnQgYWJvdXQgc2lnbmFsaW5nIHdoZW4gaGFsZiBlbXB0eSAvIGhhbGYgZnVsbCBpcyBnb29kIOKA lCBpZiBJQU5BIHNpZ25zIHVwIGZvciBpdC4gQnV0LCBsaWtlIEpvZWwsIEkgYW0gbm90IHN1cmUg aG93IHRvIHdyaXRlIHRvIOKAnGdpdmUgcHJlZmVyZW5jZeKAnSB0byBzdGFuZGFyZCBwcm90b2Nv bHMuDQoNClRoYW5rcyENCg0K4oCUDQpDYXJsb3MgUGlnbmF0YXJvLCBjYXJsb3NAY2lzY28uY29t PG1haWx0bzpjYXJsb3NAY2lzY28uY29tPg0KDQrigJxTb21ldGltZXMgSSB1c2UgYmlnIHdvcmRz IHRoYXQgSSBkbyBub3QgZnVsbHkgdW5kZXJzdGFuZCwgdG8gbWFrZSBteXNlbGYgc291bmQgbW9y ZSBwaG90b3N5bnRoZXNpcy4iDQoNCk9uIFNlcCAyMiwgMjAxNywgYXQgNDoyNSBQTSwgQWxpYSBB dGxhcyA8YWthdGxhc0BnbWFpbC5jb208bWFpbHRvOmFrYXRsYXNAZ21haWwuY29tPj4gd3JvdGU6 DQoNCkhpIENhcmxvcywNCg0KRmlyc3QsIHRoYW5rcyBmb3IgdGhlIHVwZGF0ZWQgdmVyc2lvbiAt MjEuDQoNClRoZSByZXN0IGlzIGlubGluZS4NCg0KT24gTW9uLCBTZXAgMTgsIDIwMTcgYXQgMjox NCBQTSwgQ2FybG9zIFBpZ25hdGFybyAoY3BpZ25hdGEpIDxjcGlnbmF0YUBjaXNjby5jb208bWFp bHRvOmNwaWduYXRhQGNpc2NvLmNvbT4+IHdyb3RlOg0KSGksIEFsaWEsDQoNCllvdSBhZGRyZXNz ZWQgdGhpcyBlbWFpbCB0byBtZSwgYnV0IEkganVzdCBub3RpY2VkIEkgZmFpbGVkIHRvIHJlc3Bv bmQg4oCUIGFwb2xvZ2llcyENCg0KPiBPbiBTZXAgNywgMjAxNywgYXQgMzozOSBQTSwgQWxpYSBB dGxhcyA8YWthdGxhc0BnbWFpbC5jb208bWFpbHRvOmFrYXRsYXNAZ21haWwuY29tPj4gd3JvdGU6 DQo+DQo+IENhcmxvcywNCj4NCj4gVGhlIGRyYWZ0IGlzIG11Y2ggaW1wcm92ZWQuICBUaGFuayB5 b3UgZm9yIHlvdXIgaGFyZCB3b3JrLiAgSSBzdGlsbCBzZWUgdGhlIGZvbGxvd2luZyB0aHJlZSBp c3N1ZXMuDQo+DQoNClRoYW5rcywgbGV04oCZcyBzZWUgdGhvc2UgdGhyZWUsIGlubGluZS4NCg0K Pg0KPiAxKSBTZWMgMi4yOiAiVGhlIE8gYml0IE1VU1QgYmUgc2V0IGZvciBPQU0gcGFja2V0cyBh bmQgTVVTVCBOT1QgYmUgc2V0IGZvciBub24tT0FNDQo+ICAgIHBhY2tldHMuICBUaGUgTyBiaXQg TVVTVCBOT1QgYmUgbW9kaWZpZWQgYWxvbmcgdGhlIFNGUC4iDQo+IFdoYXQgaGFwcGVucyBpZiB0 aGUgcGFja2V0IGlzIHJlY2xhc3NpZmllZCAtIHBvdGVudGlhbGx5IHRvIGEgZGlmZmVyZW50IFNG UD8NCj4NCj4gU2VjIDMgZG9lc24ndCBjbGFyaWZ5IHRoaXMuIldoZW4gdGhlIGxvZ2ljYWwgY2xh c3NpZmllciBwZXJmb3JtcyByZS0NCj4gICAgICAgIGNsYXNzaWZpY2F0aW9uIHRoYXQgcmVzdWx0 cyBpbiBhIGNoYW5nZSBvZiBzZXJ2aWNlIHBhdGgsIGl0IE1VU1QNCj4gICAgICAgIHJlcGxhY2Ug dGhlIGV4aXN0aW5nIE5TSCB3aXRoIGEgbmV3IE5TSCB3aXRoIHRoZSBCYXNlIEhlYWRlciBhbmQN Cj4gICAgICAgIFNlcnZpY2UgUGF0aCBIZWFkZXIgcmVmbGVjdGluZyB0aGUgbmV3IHNlcnZpY2Ug cGF0aCBpbmZvcm1hdGlvbg0KPiAgICAgICAgYW5kIE1VU1Qgc2V0IHRoZSBpbml0aWFsIFNJLiAg TWV0YWRhdGEgTUFZIGJlIHByZXNlcnZlZCBpbiB0aGUNCj4gICAgICAgIG5ldyBOU0guIg0KPg0K DQpJIGRvIG5vdCB0aGluayBTZWMgMyBuZWVkcyB0byBjbGFyaWZ5IGl0LiBTZWN0aW9uIDIuMiBh bHJlYWR5IHNheXM6DQoNCuKAnE8gYml0OiBb4oCmXSBUaGUgYWN0dWFsIGZvcm1hdCBhbmQgcHJv Y2Vzc2luZyBvZiBTRkMNCiAgIE9BTSBwYWNrZXRzIGlzIG91dHNpZGUgdGhlIHNjb3BlIG9mIHRo aXMgc3BlY2lmaWNhdGlvbuKAnQ0KDQpTbyB3ZSBzaG91bGQgbm90IGF0dGVtcHQgdG8gc3BlY2lm eSB0aGUgcHJvY2Vzc2luZyBoZXJlLg0KDQpJZiB5b3UgYmVsaWV2ZSBpdCBoZWxwcywgd2UgY2Fu IGFkZCDigJxUaGUgdmFsdWUgb2YgdGhlIE8gYml0IE1VU1QgYmUgcHJlc2VydmVkIGluIHRoZSBu ZXcgTlNI4oCdLCBidXQgdGhhdCB3b3VsZCBnbyBhZ2FpbnN0IFMyLjLigJlzIHNjb3BlLg0KDQpN eSBjb25jZXJuIGlzIHRoZSBmb2xsb3dpbmcgZXhhbXBsZS4gIFNheSB0aGF0IGFuIG9wZXJhdG9y IHdhbnRzIHRvIGRvIHRoZSBlcXVpdmFsZW50IG9mIGEgdHJhY2Vyb3V0ZSB0byBzZWUgaG93IGEg cGFja2V0IGlzIHB1dCBpbnRvIGFuIFNGUCBhbmQgd2hhdCBTRnMgaXQgZ29lcyB0aHJvdWdoIChv ciBtYXliZSBqdXN0IFNGRnMpLiAgQXNzdW1lIHRoYXQgaXMgZG9uZSBieSBzZXR0aW5nIHRoZSBP IGJpdCBpbiB0aGUgZmlyc3QgTlNIIGFuZCB0aGVuIHRoZSBlbmNhcHN1bGF0ZWQgcGFja2V0IGhh cyBkdXBsaWNhdGVkIGNvbnRlbnRzIHRvIGJlIGd1aWRlZCBwcm9wZXJseS4gIElmIHRoYXQgcGFj a2V0IHRoZW4gaXMgcmVjbGFzc2lmaWVkLCBpcyB0aGUgTyBiaXQgY2xlYXJlZD8NCg0KSSBoYXZl IGEgcmVhbCBoZXNpdGF0aW9uIGhlcmUgYWJvdXQgdGhlIGZ1dHVyZSBpbnRlcm9wZXJhYmlsaXR5 IG9mIHNvbWV0aGluZyBsaWtlIHRyYWNlcm91dGUsICBpZiB0aGUgYmVoYXZpb3IgZm9yIHRoZSB0 cmVhdG1lbnQgb2YgdGhlIE8gYml0IGlzbid0IHNwZWNpZmllZCBmb3IgKHJlKWNsYXNzaWZpZXJz LiAgRm9yIGluc3RhbmNlLCBpZiBhbiBTRiBvciBTRkYgZG9lc24ndCBzdXBwb3J0IHRoaXMgbmV3 IE5TSC10cmFjZXJvdXRlLCB0aGVuIGEgaG9wIHdvdWxkIGJlIHNraXBwZWQgaW4gdGhlIHJlcG9y dCBiYWNrIC0gYnV0IGlmIHRoZSAocmUpY2xhc3NpZmllciBkb2VzIGl0IHdyb25nLCB0aGVuIGFs bCB0aGUgaG9wcyBkb3duc3RyZWFtIG9mIHRoZSAocmUpY2xhc3NpZmllciB3aWxsIHN1ZmZlci4N Cg0KRG8geW91IG9yIG90aGVycyBoYXZlIGRhdGEgb24gd2hhdCBjdXJyZW50IGltcGxlbWVudGF0 aW9ucyBhcmUgZG9pbmcgYXMgcGFydCBvZiByZWNsYXNzaWZpY2F0aW9uPyBNeSBpbnRlcmVzdCBp c24ndCBpbiBjaGFuZ2luZyB0aGUgYmVoYXZpb3IgKGhvcGVmdWxseSBpdCBpcyBiZWluZyBkb25l IGNvbnNpc3RlbnRseSkgYnV0IGluIGNsZWFybHkgZG9jdW1lbnRpbmcgdGhlIGV4cGVjdGF0aW9u cy4NCg0KDQo+IEl0IHdvdWxkIGJlIGdvb2QgdG8gc3BlY2lmeSB0aGUgYmVoYXZpb3IgZm9yIHRo ZSB1bmFzc2lnbmVkIGZsYWdzIGFzIHdlbGw7IHRoYXQgd2F5IHRoZXJlIHdpbGwgYmUgY29uc2lz dGVudCBhc3N1bXB0aW9ucyBmb3IgZnV0dXJlIGV4dGVuc2lvbnMsIGlmIG5lZWRlZC4NCj4NCg0K U2luY2UgdGhleSBhcmUgVW5hc3NpZ25lZCwgdGhlIGhhdmUgbm8gYmVoYXZpb3Igc3BlY2lmaWVk LCBvdGhlciB0aGFuIHdoYXTigJlzIGFscmVhZHkgdGhlcmU6DQoNCuKAnFVuYXNzaWduZWQgYml0 cyBNVVNUDQogICBiZSBzZXQgdG8gemVybyB1cG9uIG9yaWdpbmF0aW9uLCBhbmQgTVVTVCBiZSBp Z25vcmVkIGFuZCBwcmVzZXJ2ZWQNCiAgIHVubW9kaWZpZWQgYnkgb3RoZXIgTlNIIHN1cHBvcnRp bmcgZWxlbWVudHMuICBBdCByZWNlcHRpb24sIGFsbA0KICAgZWxlbWVudHMgTVVTVCBOT1QgbW9k aWZ5IHRoZWlyIGFjdGlvbnMgYmFzZWQgb24gdGhlc2UgdW5rbm93biBiaXRzLuKAnQ0KDQpXaGF0 IGVsc2UgaXMgbWlzc2luZz8NCg0KU3Vydml2YWwgdGhyb3VnaCBhIHJlY2xhc3NpZmllciBpcyB3 aGF0IEkgYW0gdGhpbmtpbmcgYWJvdXQuDQpJbiBvbmUgbW9kZWwsIHRoZXJlIGlzIHRoZSBhYmls aXR5IHRvIHBhc3MgYWxvbmcgZmxhZ3Mgd2l0aCBhIHBhY2tldCBmcm9tIHRoZSBpbml0aWFsIGNs YXNzaWZpY2F0aW9uIHVudGlsIHRoZSBlbmQgb2YgdGhlIFNGQy4NCkluIGFub3RoZXIgbW9kZWws IHRoZSBmbGFncyBvbmx5IHN1cnZpdmUgdW50aWwgdGhlIGZpcnN0IHJlY2xhc3NpZmllci4NCldo YXQgb25lIGNhbiBkbyB3aXRoIHRoZXNlIGZsYWdzIGlzIGRpZmZlcmVudC4NCklNSE8sIGl0J2Qg YmUgYmV0dGVyIHRvIGNsYXJpZnkgdGhhdCB1bmFzc2lnbmVkIGZsYWdzIHNob3VsZCBiZSBjb3Bp ZWQgdHJhbnNwYXJlbnRseSBmcm9tIGFuIG9sZCBOU0ggdG8gYSBuZXcvdXBkYXRlZCBOU0guDQpU aGVuLCB3aGVuIGFuZCBpZiB0aGUgZmxhZ3MgYXJlIGFzc2lnbmVkIG1lYW5pbmdzLCB0aGF0IGNh biBpbmZvcm0gYW5kIGNoYW5nZSB3aGF0IGNsYXNzaWZpZXJzIHRoYXQgdW5kZXJzdGFuZCB0aGUg ZmxhZw0KbWVhbmluZyB3aWxsIGRvLg0KDQo+IDIpIFNlYyA3LjE6ICJGb3IgZXhhbXBsZSwgaWYg dGhlIG1ldGFkYXRhIGNvbnZleXMgdGVuYW50IGluZm9ybWF0aW9uLCB0aGF0IGluZm9ybWF0aW9u IG1heSBuZWVkIHRvIGJlIGF1dGhlbnRpY2F0ZWQgYW5kL29yIGVuY3J5cHRlZCBiZXR3ZWVuIHRo ZSBvcmlnaW5hdG9yIGFuZCB0aGUNCj4gICAgaW50ZW5kZWQgcmVjaXBpZW50cyAod2hpY2ggbWF5 IGluY2x1ZGUgaW50ZW5kZWQgU0ZzIG9ubHkpLiINCj4gQSByZWZlcmVuY2UgdG8gZHJhZnQtcmVk ZHktc2ZjLW5zaC1lbmNyeXB0LCB3aGljaCBkZWZpbmVzIGhvdyB0byBlbmNyeXB0IHRoZSBtZXRh LWRhdGEgd291bGQgYmUgbW9zdCBoZWxwZnVsIGluIG1ha2luZyB0aGlzIHNvdW5kIGxlc3MgYXNw aXJhdGlvbmFsOw0KDQpTdXJlLiBJdOKAmXMgYWxyZWFkeSBjaXRlZCBpbiB0aGUgU2VjdXJpdHkg Q29uc2lkZXJhdGlvbnMgc2VjdGlvbiwgYnV0IHdlIGNhbiBhZGQgYW5vdGhlciBjaXRhdGlvbi4g RG9uZSBpbiB0aGUgd29ya2luZyBjb3B5Lg0KDQo+IHNvIHdvdWxkIGhhdmluZyB0aGF0IGRyYWZ0 IG5vdCBiZSAyIHllYXJzIGV4cGlyZWQgYW5kIGlnbm9yZWQgYnkgdGhlIFdHLg0KPg0KPiAzKSBT ZWMgMTEuMi41OiBHdWlkYW5jZSBmb3IgdGhlIGV4cGVydCByZXZpZXcgaXMgbmVlZGVkLg0KDQpH b29kIHBvaW50LiBUaGFua3MuDQoNCkhlcmXigJlzIGFuIGF0dGVtcHQsIHBsZWFzZSBjb21wbGV0 ZS4gSSBhbSBoZXNpdGFudCB0byByZXF1ZXN0IGRpc2N1c3Npb24gb24gdGhlIFNGQyBsaXN0LCBk byB5b3UgdGhpbmsgd2Ugc2hvdWxkIChhbmQgcmVxdWVzdCBpbiB0aGF0IGRvY3VtZW50IHRoYXQg dGhlIGxpc3QgaXMga2VwdCBvcGVuKT8NCg0KPHQ+DQpFeHBlcnQgUmV2aWV3IHJlcXVlc3RzIE1V U1QgaW5jbHVkZSBhIHNpbmdsZSBjb2RlIHBvaW50IHBlciByZXF1ZXN0Lg0KICAgRGVzaWduYXRl ZCBFeHBlcnRzIGV2YWx1YXRpbmcgbmV3IGFsbG9jYXRpb24gcmVxdWVzdHMgZnJvbSB0aGlzIHJl Z2lzdHJ5DQogICBzaG91bGQgY29uc2lkZXIgdGhlIHBvdGVudGlhbCBzY2FyY2l0eSBvZiBjb2Rl IHBvaW50cyBmb3IgYW4gOC1iaXQgdmFsdWUsDQogICBhbmQgY2hlY2sgYm90aCBmb3IgZHVwbGlj YXRpb25zIGFzIHdlbGwgYXMgYXZhaWxhYmlsaXR5IG9mIGRvY3VtZW50YXRpb24uDQo8L3Q+DQoN ClRoaXMgaXMgYSBnb29kIHN0YXJ0LiAgSSdkIGFkZCB0aGF0IHN0YW5kYXJkaXplZCBwcm90b2Nv bHMgc2hvdWxkIGhhdmUgcHJlZmVyZW5jZSBhbmQNCmlmIHRoZSByYW5nZSBnb2VzIG92ZXIgNTAl IGFsbG9jYXRlZCwgdGhlbiBJQU5BIHNob3VsZCBhbGVydCB0aGUgcmVzcG9uc2libGUgQUQgc28N CnRoYXQgYSBuZXcgcG9saWN5IGNhbiBiZSBjb25zaWRlcmVkLg0KDQpUaGFua3MsDQpBbGlhDQoN Cj4NCj4gUmVnYXJkcywNCj4gQWxpYQ0KDQrigJQNCkNhcmxvcyBQaWduYXRhcm8sIGNhcmxvc0Bj aXNjby5jb208bWFpbHRvOmNhcmxvc0BjaXNjby5jb20+DQoNCuKAnFNvbWV0aW1lcyBJIHVzZSBi aWcgd29yZHMgdGhhdCBJIGRvIG5vdCBmdWxseSB1bmRlcnN0YW5kLCB0byBtYWtlIG15c2VsZiBz b3VuZCBtb3JlIHBob3Rvc3ludGhlc2lzLiINCg0KDQoNCg== --_000_9A9C06169B5E42B59A03F2833F28C105ciscocom_ Content-Type: text/html; charset="utf-8" Content-ID: Content-Transfer-Encoding: base64 PGh0bWw+DQo8aGVhZD4NCjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIgY29udGVudD0i dGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Ij4NCjwvaGVhZD4NCjxib2R5IHN0eWxlPSJ3b3JkLXdy YXA6IGJyZWFrLXdvcmQ7IC13ZWJraXQtbmJzcC1tb2RlOiBzcGFjZTsgLXdlYmtpdC1saW5lLWJy ZWFrOiBhZnRlci13aGl0ZS1zcGFjZTsiIGNsYXNzPSIiPg0KSGkgQWxpYSwNCjxkaXYgY2xhc3M9 IiI+PGJyIGNsYXNzPSIiPg0KPC9kaXY+DQo8ZGl2IGNsYXNzPSIiPkZpcnN0LCB0aGFua3MgZm9y IHRoZSBmb2xsb3ctdXAgYW5kIGRpYWxvZ3VlLiZuYnNwOzwvZGl2Pg0KPGRpdiBjbGFzcz0iIj48 YnIgY2xhc3M9IiI+DQo8L2Rpdj4NCjxkaXYgY2xhc3M9IiI+LTIzIGlzIG91dC48L2Rpdj4NCjxk aXYgY2xhc3M9IiI+PGJyIGNsYXNzPSIiPg0KPC9kaXY+DQo8ZGl2IGNsYXNzPSIiPkkgYW0gbm93 IGNvbnZpbmNlZCB0aGF0IHNwZWNpZnlpbmcgdGhlIGJlaGF2aW9yIHJlZ2FyZGluZyB0aGUgTyBh bmQgdW5hc3NpZ25lZCBiaXRzIHVwb24gcmVjbGFzc2lmaWNhdGlvbiBpcyBub3Qgb25seSBoYXJt bGVzcywgbm90IG9ubHkgdXNlZnVsLCBidXQgcG90ZW50aWFsbHkgbmVjZXNzYXJ5LiBUaGFua3Mg Zm9yIHB1c2hpbmcuPC9kaXY+DQo8ZGl2IGNsYXNzPSIiPjxiciBjbGFzcz0iIj4NCjwvZGl2Pg0K PGRpdiBjbGFzcz0iIj5UaGUgSUFOQSBjb21tZW50IGFib3V0IHNpZ25hbGluZyB3aGVuIGhhbGYg ZW1wdHkgLyBoYWxmIGZ1bGwgaXMgZ29vZCDigJQgaWYgSUFOQSBzaWducyB1cCBmb3IgaXQuIEJ1 dCwgbGlrZSBKb2VsLCBJIGFtIG5vdCBzdXJlIGhvdyB0byB3cml0ZSB0byDigJxnaXZlIHByZWZl cmVuY2XigJ0gdG8gc3RhbmRhcmQgcHJvdG9jb2xzLjwvZGl2Pg0KPGRpdiBjbGFzcz0iIj48YnIg Y2xhc3M9IiI+DQo8L2Rpdj4NCjxkaXYgY2xhc3M9IiI+VGhhbmtzITwvZGl2Pg0KPGRpdiBjbGFz cz0iIj48YnIgY2xhc3M9IiI+DQo8ZGl2IGNsYXNzPSIiPg0KPGRpdiBzdHlsZT0iY29sb3I6IHJn YigwLCAwLCAwKTsgbGV0dGVyLXNwYWNpbmc6IG5vcm1hbDsgdGV4dC1hbGlnbjogc3RhcnQ7IHRl eHQtaW5kZW50OiAwcHg7IHRleHQtdHJhbnNmb3JtOiBub25lOyB3aGl0ZS1zcGFjZTogbm9ybWFs OyB3b3JkLXNwYWNpbmc6IDBweDsgLXdlYmtpdC10ZXh0LXN0cm9rZS13aWR0aDogMHB4OyB3b3Jk LXdyYXA6IGJyZWFrLXdvcmQ7IC13ZWJraXQtbmJzcC1tb2RlOiBzcGFjZTsgLXdlYmtpdC1saW5l LWJyZWFrOiBhZnRlci13aGl0ZS1zcGFjZTsiIGNsYXNzPSIiPg0K4oCUPGJyIGNsYXNzPSIiPg0K Q2FybG9zIFBpZ25hdGFybywmbmJzcDs8YSBocmVmPSJtYWlsdG86Y2FybG9zQGNpc2NvLmNvbSIg Y2xhc3M9IiI+Y2FybG9zQGNpc2NvLmNvbTwvYT48YnIgY2xhc3M9IiI+DQo8YnIgY2xhc3M9IiI+ DQo8aSBjbGFzcz0iIj7igJxTb21ldGltZXMgSSB1c2UgYmlnIHdvcmRzIHRoYXQgSSBkbyBub3Qg ZnVsbHkgdW5kZXJzdGFuZCwgdG8gbWFrZSBteXNlbGYgc291bmQgbW9yZSBwaG90b3N5bnRoZXNp cy4mcXVvdDs8L2k+PC9kaXY+DQo8L2Rpdj4NCjxiciBjbGFzcz0iIj4NCjxkaXY+DQo8YmxvY2tx dW90ZSB0eXBlPSJjaXRlIiBjbGFzcz0iIj4NCjxkaXYgY2xhc3M9IiI+T24gU2VwIDIyLCAyMDE3 LCBhdCA0OjI1IFBNLCBBbGlhIEF0bGFzICZsdDs8YSBocmVmPSJtYWlsdG86YWthdGxhc0BnbWFp bC5jb20iIGNsYXNzPSIiPmFrYXRsYXNAZ21haWwuY29tPC9hPiZndDsgd3JvdGU6PC9kaXY+DQo8 YnIgY2xhc3M9IkFwcGxlLWludGVyY2hhbmdlLW5ld2xpbmUiPg0KPGRpdiBjbGFzcz0iIj4NCjxk aXYgZGlyPSJsdHIiIGNsYXNzPSIiPkhpIENhcmxvcywNCjxkaXYgY2xhc3M9IiI+PGJyIGNsYXNz PSIiPg0KPC9kaXY+DQo8ZGl2IGNsYXNzPSIiPkZpcnN0LCB0aGFua3MgZm9yIHRoZSB1cGRhdGVk IHZlcnNpb24gLTIxLiZuYnNwOzwvZGl2Pg0KPGRpdiBjbGFzcz0iZ21haWxfZXh0cmEiPjxiciBj bGFzcz0iIj4NCjwvZGl2Pg0KPGRpdiBjbGFzcz0iZ21haWxfZXh0cmEiPlRoZSByZXN0IGlzIGlu bGluZS48L2Rpdj4NCjxkaXYgY2xhc3M9ImdtYWlsX2V4dHJhIj48YnIgY2xhc3M9IiI+DQo8ZGl2 IGNsYXNzPSJnbWFpbF9xdW90ZSI+T24gTW9uLCBTZXAgMTgsIDIwMTcgYXQgMjoxNCBQTSwgQ2Fy bG9zIFBpZ25hdGFybyAoY3BpZ25hdGEpDQo8c3BhbiBkaXI9Imx0ciIgY2xhc3M9IiI+Jmx0Ozxh IGhyZWY9Im1haWx0bzpjcGlnbmF0YUBjaXNjby5jb20iIHRhcmdldD0iX2JsYW5rIiBjbGFzcz0i Ij5jcGlnbmF0YUBjaXNjby5jb208L2E+Jmd0Ozwvc3Bhbj4gd3JvdGU6PGJyIGNsYXNzPSIiPg0K PGJsb2NrcXVvdGUgY2xhc3M9ImdtYWlsX3F1b3RlIiBzdHlsZT0ibWFyZ2luOjAgMCAwIC44ZXg7 Ym9yZGVyLWxlZnQ6MXB4ICNjY2Mgc29saWQ7cGFkZGluZy1sZWZ0OjFleCI+DQpIaSwgQWxpYSw8 YnIgY2xhc3M9IiI+DQo8YnIgY2xhc3M9IiI+DQpZb3UgYWRkcmVzc2VkIHRoaXMgZW1haWwgdG8g bWUsIGJ1dCBJIGp1c3Qgbm90aWNlZCBJIGZhaWxlZCB0byByZXNwb25kIOKAlCBhcG9sb2dpZXMh PGJyIGNsYXNzPSIiPg0KPHNwYW4gY2xhc3M9IiI+PGJyIGNsYXNzPSIiPg0KJmd0OyBPbiBTZXAg NywgMjAxNywgYXQgMzozOSBQTSwgQWxpYSBBdGxhcyAmbHQ7PGEgaHJlZj0ibWFpbHRvOmFrYXRs YXNAZ21haWwuY29tIiBjbGFzcz0iIj5ha2F0bGFzQGdtYWlsLmNvbTwvYT4mZ3Q7IHdyb3RlOjxi ciBjbGFzcz0iIj4NCiZndDs8YnIgY2xhc3M9IiI+DQomZ3Q7IENhcmxvcyw8YnIgY2xhc3M9IiI+ DQomZ3Q7PGJyIGNsYXNzPSIiPg0KJmd0OyBUaGUgZHJhZnQgaXMgbXVjaCBpbXByb3ZlZC4mbmJz cDsgVGhhbmsgeW91IGZvciB5b3VyIGhhcmQgd29yay4mbmJzcDsgSSBzdGlsbCBzZWUgdGhlIGZv bGxvd2luZyB0aHJlZSBpc3N1ZXMuPGJyIGNsYXNzPSIiPg0KJmd0OzxiciBjbGFzcz0iIj4NCjxi ciBjbGFzcz0iIj4NCjwvc3Bhbj5UaGFua3MsIGxldOKAmXMgc2VlIHRob3NlIHRocmVlLCBpbmxp bmUuPGJyIGNsYXNzPSIiPg0KPHNwYW4gY2xhc3M9IiI+PGJyIGNsYXNzPSIiPg0KJmd0OzxiciBj bGFzcz0iIj4NCiZndDsgMSkgU2VjIDIuMjogJnF1b3Q7VGhlIE8gYml0IE1VU1QgYmUgc2V0IGZv ciBPQU0gcGFja2V0cyBhbmQgTVVTVCBOT1QgYmUgc2V0IGZvciBub24tT0FNPGJyIGNsYXNzPSIi Pg0KJmd0OyZuYnNwOyAmbmJzcDsgcGFja2V0cy4mbmJzcDsgVGhlIE8gYml0IE1VU1QgTk9UIGJl IG1vZGlmaWVkIGFsb25nIHRoZSBTRlAuJnF1b3Q7PGJyIGNsYXNzPSIiPg0KJmd0OyBXaGF0IGhh cHBlbnMgaWYgdGhlIHBhY2tldCBpcyByZWNsYXNzaWZpZWQgLSBwb3RlbnRpYWxseSB0byBhIGRp ZmZlcmVudCBTRlA/PGJyIGNsYXNzPSIiPg0KJmd0OzxiciBjbGFzcz0iIj4NCiZndDsgU2VjIDMg ZG9lc24ndCBjbGFyaWZ5IHRoaXMuJnF1b3Q7V2hlbiB0aGUgbG9naWNhbCBjbGFzc2lmaWVyIHBl cmZvcm1zIHJlLTxiciBjbGFzcz0iIj4NCiZndDsmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsg Y2xhc3NpZmljYXRpb24gdGhhdCByZXN1bHRzIGluIGEgY2hhbmdlIG9mIHNlcnZpY2UgcGF0aCwg aXQgTVVTVDxiciBjbGFzcz0iIj4NCiZndDsmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgcmVw bGFjZSB0aGUgZXhpc3RpbmcgTlNIIHdpdGggYSBuZXcgTlNIIHdpdGggdGhlIEJhc2UgSGVhZGVy IGFuZDxiciBjbGFzcz0iIj4NCiZndDsmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgU2Vydmlj ZSBQYXRoIEhlYWRlciByZWZsZWN0aW5nIHRoZSBuZXcgc2VydmljZSBwYXRoIGluZm9ybWF0aW9u PGJyIGNsYXNzPSIiPg0KJmd0OyZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyBhbmQgTVVTVCBz ZXQgdGhlIGluaXRpYWwgU0kuJm5ic3A7IE1ldGFkYXRhIE1BWSBiZSBwcmVzZXJ2ZWQgaW4gdGhl PGJyIGNsYXNzPSIiPg0KJmd0OyZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyBuZXcgTlNILiZx dW90OzxiciBjbGFzcz0iIj4NCiZndDs8YnIgY2xhc3M9IiI+DQo8YnIgY2xhc3M9IiI+DQo8L3Nw YW4+SSBkbyBub3QgdGhpbmsgU2VjIDMgbmVlZHMgdG8gY2xhcmlmeSBpdC4gU2VjdGlvbiAyLjIg YWxyZWFkeSBzYXlzOjxiciBjbGFzcz0iIj4NCjxiciBjbGFzcz0iIj4NCuKAnE8gYml0OiBb4oCm XSBUaGUgYWN0dWFsIGZvcm1hdCBhbmQgcHJvY2Vzc2luZyBvZiBTRkM8YnIgY2xhc3M9IiI+DQom bmJzcDsgJm5ic3A7T0FNIHBhY2tldHMgaXMgb3V0c2lkZSB0aGUgc2NvcGUgb2YgdGhpcyBzcGVj aWZpY2F0aW9u4oCdPGJyIGNsYXNzPSIiPg0KPGJyIGNsYXNzPSIiPg0KU28gd2Ugc2hvdWxkIG5v dCBhdHRlbXB0IHRvIHNwZWNpZnkgdGhlIHByb2Nlc3NpbmcgaGVyZS48YnIgY2xhc3M9IiI+DQo8 YnIgY2xhc3M9IiI+DQpJZiB5b3UgYmVsaWV2ZSBpdCBoZWxwcywgd2UgY2FuIGFkZCDigJxUaGUg dmFsdWUgb2YgdGhlIE8gYml0IE1VU1QgYmUgcHJlc2VydmVkIGluIHRoZSBuZXcgTlNI4oCdLCBi dXQgdGhhdCB3b3VsZCBnbyBhZ2FpbnN0IFMyLjLigJlzIHNjb3BlLjwvYmxvY2txdW90ZT4NCjxk aXYgY2xhc3M9IiI+PGJyIGNsYXNzPSIiPg0KPC9kaXY+DQo8ZGl2IGNsYXNzPSIiPk15IGNvbmNl cm4gaXMgdGhlIGZvbGxvd2luZyBleGFtcGxlLiZuYnNwOyBTYXkgdGhhdCBhbiBvcGVyYXRvciB3 YW50cyB0byBkbyB0aGUgZXF1aXZhbGVudCBvZiBhIHRyYWNlcm91dGUgdG8gc2VlIGhvdyBhIHBh Y2tldCBpcyBwdXQgaW50byBhbiBTRlAgYW5kIHdoYXQgU0ZzIGl0IGdvZXMgdGhyb3VnaCAob3Ig bWF5YmUganVzdCBTRkZzKS4mbmJzcDsgQXNzdW1lIHRoYXQgaXMgZG9uZSBieSBzZXR0aW5nIHRo ZSBPIGJpdCBpbiB0aGUgZmlyc3QNCiBOU0ggYW5kIHRoZW4gdGhlIGVuY2Fwc3VsYXRlZCBwYWNr ZXQgaGFzIGR1cGxpY2F0ZWQgY29udGVudHMgdG8gYmUgZ3VpZGVkIHByb3Blcmx5LiZuYnNwOyBJ ZiB0aGF0IHBhY2tldCB0aGVuIGlzIHJlY2xhc3NpZmllZCwgaXMgdGhlIE8gYml0IGNsZWFyZWQ/ PC9kaXY+DQo8ZGl2IGNsYXNzPSIiPjxiciBjbGFzcz0iIj4NCjwvZGl2Pg0KPGRpdiBjbGFzcz0i Ij5JIGhhdmUgYSByZWFsIGhlc2l0YXRpb24gaGVyZSBhYm91dCB0aGUgZnV0dXJlIGludGVyb3Bl cmFiaWxpdHkgb2Ygc29tZXRoaW5nIGxpa2UgdHJhY2Vyb3V0ZSwgJm5ic3A7aWYgdGhlIGJlaGF2 aW9yIGZvciB0aGUgdHJlYXRtZW50IG9mIHRoZSBPIGJpdCBpc24ndCBzcGVjaWZpZWQgZm9yIChy ZSljbGFzc2lmaWVycy4mbmJzcDsgRm9yIGluc3RhbmNlLCBpZiBhbiBTRiBvciBTRkYgZG9lc24n dCBzdXBwb3J0IHRoaXMgbmV3IE5TSC10cmFjZXJvdXRlLA0KIHRoZW4gYSBob3Agd291bGQgYmUg c2tpcHBlZCBpbiB0aGUgcmVwb3J0IGJhY2sgLSBidXQgaWYgdGhlIChyZSljbGFzc2lmaWVyIGRv ZXMgaXQgd3JvbmcsIHRoZW4gYWxsIHRoZSBob3BzIGRvd25zdHJlYW0gb2YgdGhlIChyZSljbGFz c2lmaWVyIHdpbGwgc3VmZmVyLjwvZGl2Pg0KPGRpdiBjbGFzcz0iIj48YnIgY2xhc3M9IiI+DQo8 L2Rpdj4NCjxkaXYgY2xhc3M9IiI+RG8geW91IG9yIG90aGVycyBoYXZlIGRhdGEgb24gd2hhdCBj dXJyZW50IGltcGxlbWVudGF0aW9ucyBhcmUgZG9pbmcgYXMgcGFydCBvZiByZWNsYXNzaWZpY2F0 aW9uPyBNeSBpbnRlcmVzdCBpc24ndCBpbiBjaGFuZ2luZyB0aGUgYmVoYXZpb3IgKGhvcGVmdWxs eSBpdCBpcyBiZWluZyBkb25lIGNvbnNpc3RlbnRseSkgYnV0IGluIGNsZWFybHkgZG9jdW1lbnRp bmcgdGhlIGV4cGVjdGF0aW9ucy48L2Rpdj4NCjxkaXYgY2xhc3M9IiI+PGJyIGNsYXNzPSIiPg0K PC9kaXY+DQo8ZGl2IGNsYXNzPSIiPiZuYnNwOzwvZGl2Pg0KPGJsb2NrcXVvdGUgY2xhc3M9Imdt YWlsX3F1b3RlIiBzdHlsZT0ibWFyZ2luOjAgMCAwIC44ZXg7Ym9yZGVyLWxlZnQ6MXB4ICNjY2Mg c29saWQ7cGFkZGluZy1sZWZ0OjFleCI+DQo8c3BhbiBjbGFzcz0iIj4mZ3Q7IEl0IHdvdWxkIGJl IGdvb2QgdG8gc3BlY2lmeSB0aGUgYmVoYXZpb3IgZm9yIHRoZSB1bmFzc2lnbmVkIGZsYWdzIGFz IHdlbGw7IHRoYXQgd2F5IHRoZXJlIHdpbGwgYmUgY29uc2lzdGVudCBhc3N1bXB0aW9ucyBmb3Ig ZnV0dXJlIGV4dGVuc2lvbnMsIGlmIG5lZWRlZC48YnIgY2xhc3M9IiI+DQomZ3Q7PGJyIGNsYXNz PSIiPg0KPGJyIGNsYXNzPSIiPg0KPC9zcGFuPlNpbmNlIHRoZXkgYXJlIFVuYXNzaWduZWQsIHRo ZSBoYXZlIG5vIGJlaGF2aW9yIHNwZWNpZmllZCwgb3RoZXIgdGhhbiB3aGF04oCZcyBhbHJlYWR5 IHRoZXJlOjxiciBjbGFzcz0iIj4NCjxiciBjbGFzcz0iIj4NCuKAnFVuYXNzaWduZWQgYml0cyBN VVNUPGJyIGNsYXNzPSIiPg0KJm5ic3A7ICZuYnNwO2JlIHNldCB0byB6ZXJvIHVwb24gb3JpZ2lu YXRpb24sIGFuZCBNVVNUIGJlIGlnbm9yZWQgYW5kIHByZXNlcnZlZDxiciBjbGFzcz0iIj4NCiZu YnNwOyAmbmJzcDt1bm1vZGlmaWVkIGJ5IG90aGVyIE5TSCBzdXBwb3J0aW5nIGVsZW1lbnRzLiZu YnNwOyBBdCByZWNlcHRpb24sIGFsbDxiciBjbGFzcz0iIj4NCiZuYnNwOyAmbmJzcDtlbGVtZW50 cyBNVVNUIE5PVCBtb2RpZnkgdGhlaXIgYWN0aW9ucyBiYXNlZCBvbiB0aGVzZSB1bmtub3duIGJp dHMu4oCdPGJyIGNsYXNzPSIiPg0KPGJyIGNsYXNzPSIiPg0KV2hhdCBlbHNlIGlzIG1pc3Npbmc/ PC9ibG9ja3F1b3RlPg0KPGRpdiBjbGFzcz0iIj48YnIgY2xhc3M9IiI+DQo8L2Rpdj4NCjxkaXYg Y2xhc3M9IiI+U3Vydml2YWwgdGhyb3VnaCBhIHJlY2xhc3NpZmllciBpcyB3aGF0IEkgYW0gdGhp bmtpbmcgYWJvdXQuJm5ic3A7PC9kaXY+DQo8ZGl2IGNsYXNzPSIiPkluIG9uZSBtb2RlbCwgdGhl cmUgaXMgdGhlIGFiaWxpdHkgdG8gcGFzcyBhbG9uZyBmbGFncyB3aXRoIGEgcGFja2V0IGZyb20g dGhlIGluaXRpYWwgY2xhc3NpZmljYXRpb24gdW50aWwgdGhlIGVuZCBvZiB0aGUgU0ZDLjwvZGl2 Pg0KPGRpdiBjbGFzcz0iIj5JbiBhbm90aGVyIG1vZGVsLCB0aGUgZmxhZ3Mgb25seSBzdXJ2aXZl IHVudGlsIHRoZSBmaXJzdCByZWNsYXNzaWZpZXIuPC9kaXY+DQo8ZGl2IGNsYXNzPSIiPldoYXQg b25lIGNhbiBkbyB3aXRoIHRoZXNlIGZsYWdzIGlzIGRpZmZlcmVudC4gJm5ic3A7PC9kaXY+DQo8 ZGl2IGNsYXNzPSIiPklNSE8sIGl0J2QgYmUgYmV0dGVyIHRvIGNsYXJpZnkgdGhhdCB1bmFzc2ln bmVkIGZsYWdzIHNob3VsZCBiZSBjb3BpZWQgdHJhbnNwYXJlbnRseSBmcm9tIGFuIG9sZCBOU0gg dG8gYSBuZXcvdXBkYXRlZCBOU0guPC9kaXY+DQo8ZGl2IGNsYXNzPSIiPlRoZW4sIHdoZW4gYW5k IGlmIHRoZSBmbGFncyBhcmUgYXNzaWduZWQgbWVhbmluZ3MsIHRoYXQgY2FuIGluZm9ybSBhbmQg Y2hhbmdlIHdoYXQgY2xhc3NpZmllcnMgdGhhdCB1bmRlcnN0YW5kIHRoZSBmbGFnPC9kaXY+DQo8 ZGl2IGNsYXNzPSIiPm1lYW5pbmcgd2lsbCBkby4mbmJzcDs8L2Rpdj4NCjxkaXYgY2xhc3M9IiI+ Jm5ic3A7PC9kaXY+DQo8YmxvY2txdW90ZSBjbGFzcz0iZ21haWxfcXVvdGUiIHN0eWxlPSJtYXJn aW46MCAwIDAgLjhleDtib3JkZXItbGVmdDoxcHggI2NjYyBzb2xpZDtwYWRkaW5nLWxlZnQ6MWV4 Ij4NCjxzcGFuIGNsYXNzPSIiPiZndDsgMikgU2VjIDcuMTogJnF1b3Q7Rm9yIGV4YW1wbGUsIGlm IHRoZSBtZXRhZGF0YSBjb252ZXlzIHRlbmFudCBpbmZvcm1hdGlvbiwgdGhhdCBpbmZvcm1hdGlv biBtYXkgbmVlZCB0byBiZSBhdXRoZW50aWNhdGVkIGFuZC9vciBlbmNyeXB0ZWQgYmV0d2VlbiB0 aGUgb3JpZ2luYXRvciBhbmQgdGhlPGJyIGNsYXNzPSIiPg0KJmd0OyZuYnNwOyAmbmJzcDsgaW50 ZW5kZWQgcmVjaXBpZW50cyAod2hpY2ggbWF5IGluY2x1ZGUgaW50ZW5kZWQgU0ZzIG9ubHkpLiZx dW90OzxiciBjbGFzcz0iIj4NCiZndDsgQSByZWZlcmVuY2UgdG8gZHJhZnQtcmVkZHktc2ZjLW5z aC1lbmNyeXB0LCB3aGljaCBkZWZpbmVzIGhvdyB0byBlbmNyeXB0IHRoZSBtZXRhLWRhdGEgd291 bGQgYmUgbW9zdCBoZWxwZnVsIGluIG1ha2luZyB0aGlzIHNvdW5kIGxlc3MgYXNwaXJhdGlvbmFs OzxiciBjbGFzcz0iIj4NCjxiciBjbGFzcz0iIj4NCjwvc3Bhbj5TdXJlLiBJdOKAmXMgYWxyZWFk eSBjaXRlZCBpbiB0aGUgU2VjdXJpdHkgQ29uc2lkZXJhdGlvbnMgc2VjdGlvbiwgYnV0IHdlIGNh biBhZGQgYW5vdGhlciBjaXRhdGlvbi4gRG9uZSBpbiB0aGUgd29ya2luZyBjb3B5LjxiciBjbGFz cz0iIj4NCjxzcGFuIGNsYXNzPSIiPjxiciBjbGFzcz0iIj4NCiZndDsgc28gd291bGQgaGF2aW5n IHRoYXQgZHJhZnQgbm90IGJlIDIgeWVhcnMgZXhwaXJlZCBhbmQgaWdub3JlZCBieSB0aGUgV0cu PGJyIGNsYXNzPSIiPg0KJmd0OzxiciBjbGFzcz0iIj4NCiZndDsgMykgU2VjIDExLjIuNTogR3Vp ZGFuY2UgZm9yIHRoZSBleHBlcnQgcmV2aWV3IGlzIG5lZWRlZC48YnIgY2xhc3M9IiI+DQo8YnIg Y2xhc3M9IiI+DQo8L3NwYW4+R29vZCBwb2ludC4gVGhhbmtzLjxiciBjbGFzcz0iIj4NCjxiciBj bGFzcz0iIj4NCkhlcmXigJlzIGFuIGF0dGVtcHQsIHBsZWFzZSBjb21wbGV0ZS4gSSBhbSBoZXNp dGFudCB0byByZXF1ZXN0IGRpc2N1c3Npb24gb24gdGhlIFNGQyBsaXN0LCBkbyB5b3UgdGhpbmsg d2Ugc2hvdWxkIChhbmQgcmVxdWVzdCBpbiB0aGF0IGRvY3VtZW50IHRoYXQgdGhlIGxpc3QgaXMg a2VwdCBvcGVuKT88YnIgY2xhc3M9IiI+DQo8YnIgY2xhc3M9IiI+DQombHQ7dCZndDs8YnIgY2xh c3M9IiI+DQpFeHBlcnQgUmV2aWV3IHJlcXVlc3RzIE1VU1QgaW5jbHVkZSBhIHNpbmdsZSBjb2Rl IHBvaW50IHBlciByZXF1ZXN0LjxiciBjbGFzcz0iIj4NCiZuYnNwOyAmbmJzcDtEZXNpZ25hdGVk IEV4cGVydHMgZXZhbHVhdGluZyBuZXcgYWxsb2NhdGlvbiByZXF1ZXN0cyBmcm9tIHRoaXMgcmVn aXN0cnk8YnIgY2xhc3M9IiI+DQombmJzcDsgJm5ic3A7c2hvdWxkIGNvbnNpZGVyIHRoZSBwb3Rl bnRpYWwgc2NhcmNpdHkgb2YgY29kZSBwb2ludHMgZm9yIGFuIDgtYml0IHZhbHVlLDxiciBjbGFz cz0iIj4NCiZuYnNwOyAmbmJzcDthbmQgY2hlY2sgYm90aCBmb3IgZHVwbGljYXRpb25zIGFzIHdl bGwgYXMgYXZhaWxhYmlsaXR5IG9mIGRvY3VtZW50YXRpb24uPGJyIGNsYXNzPSIiPg0KJmx0Oy90 Jmd0OzxiciBjbGFzcz0iIj4NCjwvYmxvY2txdW90ZT4NCjxkaXYgY2xhc3M9IiI+PGJyIGNsYXNz PSIiPg0KPC9kaXY+DQo8ZGl2IGNsYXNzPSIiPlRoaXMgaXMgYSBnb29kIHN0YXJ0LiZuYnNwOyBJ J2QgYWRkIHRoYXQgc3RhbmRhcmRpemVkIHByb3RvY29scyBzaG91bGQgaGF2ZSBwcmVmZXJlbmNl IGFuZDwvZGl2Pg0KPGRpdiBjbGFzcz0iIj5pZiB0aGUgcmFuZ2UgZ29lcyBvdmVyIDUwJSBhbGxv Y2F0ZWQsIHRoZW4gSUFOQSBzaG91bGQgYWxlcnQgdGhlIHJlc3BvbnNpYmxlIEFEIHNvPC9kaXY+ DQo8ZGl2IGNsYXNzPSIiPnRoYXQgYSBuZXcgcG9saWN5IGNhbiBiZSBjb25zaWRlcmVkLjwvZGl2 Pg0KPGRpdiBjbGFzcz0iIj48YnIgY2xhc3M9IiI+DQo8L2Rpdj4NCjxkaXYgY2xhc3M9IiI+VGhh bmtzLDwvZGl2Pg0KPGRpdiBjbGFzcz0iIj5BbGlhPC9kaXY+DQo8ZGl2IGNsYXNzPSIiPiZuYnNw OzwvZGl2Pg0KPGJsb2NrcXVvdGUgY2xhc3M9ImdtYWlsX3F1b3RlIiBzdHlsZT0ibWFyZ2luOjAg MCAwIC44ZXg7Ym9yZGVyLWxlZnQ6MXB4ICNjY2Mgc29saWQ7cGFkZGluZy1sZWZ0OjFleCI+DQom Z3Q7PGJyIGNsYXNzPSIiPg0KJmd0OyBSZWdhcmRzLDxiciBjbGFzcz0iIj4NCiZndDsgQWxpYTxi ciBjbGFzcz0iIj4NCjxiciBjbGFzcz0iIj4NCuKAlDxiciBjbGFzcz0iIj4NCkNhcmxvcyBQaWdu YXRhcm8sIDxhIGhyZWY9Im1haWx0bzpjYXJsb3NAY2lzY28uY29tIiBjbGFzcz0iIj5jYXJsb3NA Y2lzY28uY29tPC9hPjxiciBjbGFzcz0iIj4NCjxiciBjbGFzcz0iIj4NCuKAnFNvbWV0aW1lcyBJ IHVzZSBiaWcgd29yZHMgdGhhdCBJIGRvIG5vdCBmdWxseSB1bmRlcnN0YW5kLCB0byBtYWtlIG15 c2VsZiBzb3VuZCBtb3JlIHBob3Rvc3ludGhlc2lzLiZxdW90OzxiciBjbGFzcz0iIj4NCjxiciBj bGFzcz0iIj4NCjwvYmxvY2txdW90ZT4NCjwvZGl2Pg0KPGJyIGNsYXNzPSIiPg0KPC9kaXY+DQo8 L2Rpdj4NCjwvZGl2Pg0KPC9ibG9ja3F1b3RlPg0KPC9kaXY+DQo8YnIgY2xhc3M9IiI+DQo8L2Rp dj4NCjwvYm9keT4NCjwvaHRtbD4NCg== --_000_9A9C06169B5E42B59A03F2833F28C105ciscocom_-- From nobody Mon Sep 25 07:22:26 2017 Return-Path: X-Original-To: sfc@ietf.org Delivered-To: sfc@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 7D9D3134323; Mon, 25 Sep 2017 07:22:25 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: internet-drafts@ietf.org To: Cc: sfc@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 6.62.1 Auto-Submitted: auto-generated Precedence: bulk Message-ID: <150634934546.27358.11749076116729320248@ietfa.amsl.com> Date: Mon, 25 Sep 2017 07:22:25 -0700 Archived-At: Subject: [sfc] I-D Action: draft-ietf-sfc-nsh-24.txt X-BeenThere: sfc@ietf.org X-Mailman-Version: 2.1.22 List-Id: Network Service Chaining List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 25 Sep 2017 14:22:25 -0000 A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Service Function Chaining WG of the IETF. Title : Network Service Header (NSH) Authors : Paul Quinn Uri Elzur Carlos Pignataro Filename : draft-ietf-sfc-nsh-24.txt Pages : 35 Date : 2017-09-25 Abstract: This document describes a Network Service Header (NSH) imposed on packets or frames to realize service function paths. The NSH also provides a mechanism for metadata exchange along the instantiated service paths. The NSH is the SFC encapsulation required to support the Service Function Chaining (SFC) architecture (defined in RFC7665). The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-sfc-nsh/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-sfc-nsh-24 https://datatracker.ietf.org/doc/html/draft-ietf-sfc-nsh-24 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-sfc-nsh-24 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ From nobody Mon Sep 25 11:35:11 2017 Return-Path: X-Original-To: sfc@ietfa.amsl.com Delivered-To: sfc@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DF2F1134535; Mon, 25 Sep 2017 11:35:09 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.301 X-Spam-Level: X-Spam-Status: No, score=-4.301 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=f5.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 84iwCWqeEF1h; Mon, 25 Sep 2017 11:35:08 -0700 (PDT) Received: from mail15.f5.com (mail15.f5.com [104.219.106.14]) (using TLSv1.2 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 743841330B2; Mon, 25 Sep 2017 11:35:03 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=f5.com; i=@f5.com; q=dns/txt; s=f5; t=1506364509; x=1537900509; h=from:to:subject:date:message-id:references:in-reply-to: content-id:content-transfer-encoding:mime-version; bh=88qghkVBEQiy8lK3gY34Ukbzx22ME9uU8qTyzxqxFrs=; b=YLK5x13UxUU0iBR5VNsdlsIfvcy8z1Agbx52MTpMp0M6AF+DxUkOeC1a 3GN2q/f4Z0dRJCDfRLs5QqkM4fGy74HqXC8RqaMb2uml0dFbHd0IdAfuF 3Bfq3EqHdr3tFbTy6E4mnI0IgBj+Etu8lSHu5UzHz0UVMpFMxQvK0OITp FaCyOKbXmGABucNwk7YAYVGTRIvEQGvlZMfEAHaOZHZJ+LIjNAPOxh7OC rFEtdNsn7IFzXeZ8m2jst8hVlO9DLqIZ9A4GHGvF1RVfDu+cZcOzRt1QL dooVQ6N+sDsqAEetJbHy99Nzt/gAqj4grd4rZCtGaGHasQZm8rOYTqYD2 g==; X-IronPort-AV: E=McAfee;i="5900,7806,8665"; a="21815105" X-IronPort-AV: E=Sophos;i="5.42,437,1500966000"; d="scan'208";a="21815105" X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from sv5ccpems02.olympus.f5net.com (HELO owa.f5.com) ([172.23.209.13]) by mail.f5net.com with ESMTP/TLS/AES256-GCM-SHA384; 25 Sep 2017 11:35:03 -0700 Received: from SV5CCPEMS01.olympus.F5Net.com (172.23.209.12) by SV5CCPEMS02.olympus.F5Net.com (172.23.209.13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1034.26; Mon, 25 Sep 2017 11:35:01 -0700 Received: from SV5CCPEMS01.olympus.F5Net.com ([fe80::8cea:a209:8eb7:c2ab]) by SV5CCPEMS01.olympus.F5Net.com ([fe80::8cea:a209:8eb7:c2ab%19]) with mapi id 15.01.1034.026; Mon, 25 Sep 2017 11:35:01 -0700 From: Sumandra Majee To: IETF Secretariat , "sfc-chairs@ietf.org" , "sfc@ietf.org" , "draft-guichard-sfc-nsh-dc-allocation@ietf.org" Thread-Topic: The SFC WG has placed draft-guichard-sfc-nsh-dc-allocation in state "Candidate for WG Adoption" Thread-Index: AQHTM7YEoMWnPi7AAkOvLVO4NddUxaLF8pKA Date: Mon, 25 Sep 2017 18:35:01 +0000 Message-ID: <030A1CF3-BD82-4C44-9C78-F1C1069052AE@f5.com> References: <150609349604.16773.1371332042822787799.idtracker@ietfa.amsl.com> In-Reply-To: <150609349604.16773.1371332042822787799.idtracker@ietfa.amsl.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: user-agent: Microsoft-MacOutlook/f.25.0.170815 x-originating-ip: [172.23.235.192] Content-Type: text/plain; charset="utf-8" Content-ID: Content-Transfer-Encoding: base64 MIME-Version: 1.0 Archived-At: Subject: Re: [sfc] The SFC WG has placed draft-guichard-sfc-nsh-dc-allocation in state "Candidate for WG Adoption" X-BeenThere: sfc@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Network Service Chaining List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 25 Sep 2017 18:35:10 -0000 c3VwcG9ydA0KDQpPbiA5LzIyLzE3LCA4OjE4IEFNLCAiSUVURiBTZWNyZXRhcmlhdCIgPGlldGYt c2VjcmV0YXJpYXQtcmVwbHlAaWV0Zi5vcmc+IHdyb3RlOg0KDQogICAgRVhURVJOQUwgTUFJTDog aWV0Zi1zZWNyZXRhcmlhdC1yZXBseUBpZXRmLm9yZw0KICAgIA0KICAgIFRoZSBTRkMgV0cgaGFz IHBsYWNlZCBkcmFmdC1ndWljaGFyZC1zZmMtbnNoLWRjLWFsbG9jYXRpb24gaW4gc3RhdGUNCiAg ICBDYW5kaWRhdGUgZm9yIFdHIEFkb3B0aW9uIChlbnRlcmVkIGJ5IEpvZWwgSGFscGVybikNCiAg ICANCiAgICBUaGUgZG9jdW1lbnQgaXMgYXZhaWxhYmxlIGF0DQogICAgaHR0cHM6Ly9kYXRhdHJh Y2tlci5pZXRmLm9yZy9kb2MvZHJhZnQtZ3VpY2hhcmQtc2ZjLW5zaC1kYy1hbGxvY2F0aW9uLw0K ICAgIA0KICAgIENvbW1lbnQ6DQogICAgQWRvcHRpb24gaGFzIGJlZW4gcmVxdWVzdGVkIGJ5IHRo ZSBhdXRob3JzLg0KICAgIA0KDQo= From nobody Tue Sep 26 09:22:41 2017 Return-Path: X-Original-To: sfc@ietf.org Delivered-To: sfc@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id D904C132E24; Tue, 26 Sep 2017 09:22:39 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: Spencer Dawkins To: "The IESG" Cc: draft-ietf-sfc-nsh@ietf.org, "Joel M. Halpern" , sfc-chairs@ietf.org, jmh@joelhalpern.com, sfc@ietf.org, wes@mti-systems.com X-Test-IDTracker: no X-IETF-IDTracker: 6.62.1 Auto-Submitted: auto-generated Precedence: bulk Message-ID: <150644295986.20869.15901882753312059319.idtracker@ietfa.amsl.com> Date: Tue, 26 Sep 2017 09:22:39 -0700 Archived-At: Subject: [sfc] Spencer Dawkins' No Objection on draft-ietf-sfc-nsh-24: (with COMMENT) X-BeenThere: sfc@ietf.org X-Mailman-Version: 2.1.22 List-Id: Network Service Chaining List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 26 Sep 2017 16:22:40 -0000 Spencer Dawkins has entered the following ballot position for draft-ietf-sfc-nsh-24: No Objection When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-sfc-nsh/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- Thank you for responding to Wes Eddy's TSV-ART review of -19 (and, of course, for making text changes that seemed appropriate). It seems to me that you describe expectations about the applicability of NSH in various places in the document, and in various ways. You might consider (for example) pulling the common elements of statements like (from Section 5) Within a managed administrative domain, an operator can ensure that the underlay MTU is sufficient to carry SFC traffic without requiring fragmentation. Given that the intended scope of the NSH is within a single provider's operational domain, that approach is sufficient. and (from Section 8) NSH is designed for use within operator environments. As such, it does not include any mandatory security mechanisms. As with many other protocols, without enhancements, the NSH encapsulation can be spoofed and is subject to snooping and modification in transit. However, the deployment scope (as defined in [RFC7665]) of the NSH encapsulation is limited to a single network administrative domain as a controlled environment, with trusted devices (e.g., a data center) hence mitigating the risk of unauthorized manipulation of the encapsulation headers or metadata. This controlled environment is an important assumption for NSH. There is one additional important assumption: All of the service functions used by an operator in service chains are assumed to be selected and vetted by the operator. into one section describing the applicability of NSH, appearing MUCH earlier in the document (the most detailed description of your expectations looks like it appears in the Security Considerations section, but parts of that description are applicable to the Fragmentation Considerations section, which appears three sections earlier in the document). The reader would have your intended applicability in mind much earlier and more clearly, and you could just invoke your expectations by reference when you need to explain how they apply elsewhere in the document, so the expectations in play would be consistent across mentions throughout the document. I'm still bothered that this document doesn't explicitly mention ICMP blocking as a problem for PMTUD with IP encapsulations. We're just not good at path MTU discovery, so it seems useful to call this out explicitly when a document expects to use PMTUD. That way, people who use NSH will know to check for ICMP blocking on their networks before they receive their first trouble reports. This almost reached my threshold for balloting Discuss, so I'd hope you folks would consider that. I see that the applicability of NSH includes encapsulations that don't provide a path MTU discovery mechanism, and that your resolution for those encapsulations is to log events when a "too big" packet is dropped. Could you educate me, as to whether all encapsulations detect that this is happening? It might be that encapsulations are using a fixed maximum MTU by definition, so that what you're logging is an attempt to send a payload that violates the protocol definition of the encapsulation, but I don't know that that's true in all cases, so thought I should ask. I saw a suggestion from Joe Touch (in a response to the TSV-ART review) to consider looking at the terminology developed for draft-ietf-intarea-tunnels. I didn't see a reply to that suggestion, and I didn't see a reference to draft-ietf-intarea-tunnels in -24 - was this considered? (I'm also asking because I want to keep track of whether people applying encapsulations find that document useful, of course) (Joe's follow-up is at https://mailarchive.ietf.org/arch/msg/tsv-art/CsdWwR9B5_AB64D0eFl-KIE7_NA) From nobody Tue Sep 26 12:17:16 2017 Return-Path: X-Original-To: sfc@ietf.org Delivered-To: sfc@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id B18E7134311; Tue, 26 Sep 2017 12:17:07 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: Alvaro Retana To: "The IESG" Cc: draft-ietf-sfc-nsh@ietf.org, "Joel M. Halpern" , sfc-chairs@ietf.org, sfc@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 6.62.1 Auto-Submitted: auto-generated Precedence: bulk Message-ID: <150645342771.20838.9063204620273064987.idtracker@ietfa.amsl.com> Date: Tue, 26 Sep 2017 12:17:07 -0700 Archived-At: Subject: [sfc] Alvaro Retana's No Objection on draft-ietf-sfc-nsh-24: (with COMMENT) X-BeenThere: sfc@ietf.org X-Mailman-Version: 2.1.22 List-Id: Network Service Chaining List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 26 Sep 2017 19:17:08 -0000 Alvaro Retana has entered the following ballot position for draft-ietf-sfc-nsh-24: No Objection When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-sfc-nsh/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- (1) While describing the MD Type field, Section 2.2. (NSH Base Header) talks about the specific scenario in which "a device will support MD Type 0x1 (as per the MUST) metadata, yet be deployed in a network with MD Type 0x2 metadata packets", and it specifies that "the MD Type 0x1 node, MUST utilize the base header length field to determine the original payload offset if it requires access to the original packet/frame." This is the case where the node in question *does not* support MD Type 0x2, right? If so, then the specification above seems to go against (in the last sentence of the same paragraph): "Packets with MD Type values not supported by an implementation MUST be silently dropped." IOW, if the node doesn't support 0x2, why wouldn't it just drop the packet? (2) Section 2.5.1. (Optional Variable Length Metadata) says that this document "does not make any assumption about Context Headers that are mandatory-to-implement or those that are mandatory-to-process. These considerations are deployment-specific." But the next couple of paragraphs specify explicit actions for them (mandatory-to-process): Upon receipt of a packet that belongs to a given SFP, if a mandatory- to-process context header is missing in that packet, the SFC-aware SF MUST NOT process the packet and MUST log an error at least once per the SPI for which the mandatory metadata is missing. If multiple mandatory-to-process context headers are required for a given SFP, the control plane MAY instruct the SFC-aware SF with the order to consume these Context Headers. If no instructions are provided and the SFC-aware SF will make use of or modify the specific context header, then the SFC-aware SF MUST process these Context Headers in the order they appear in an NSH packet. Maybe I'm confused about considerations being deployment specific vs specifying what to do here. Can you please clarify? (3) "SFFs MUST use the Service Path Header for selecting the next SF or SFF in the service path." Section 6 explains most of what has to be done -- what I think is still not clear in this document is where the information in Tables 1-4 comes from. There may be different ways for an SFF to learn that, and I would imagine that it is out-of-scope of this document. Please say so -- maybe there's a relevant reference to rfc7665 (?). (4) Section 11.1. (NSH EtherType) seems out of place in this document because (1) the document doesn't discuss the transport itself, and (2) it is in the IANA section... (5) What is the "IETF Base NSH MD Class" (Section 11.2.4)? Ahh, I see that Section 11.2.6 talks about "the type values owned by the IETF"; it would be good to say that MD Class 0x0000 is being assigned to the IETF (in 11.2.4). Nits: In section 2.2. (NSH Base Header), it would be nice to have a forward reference when the Service Index is first mentioned. It may be nice to explicitly state in the description of the MD Type field (Section 2.2) that for length = 0x2 and MD Type = 0x2, there are in fact no optional context headers. (I know there's some text about this later in section 2.5.) "...all domain edges MUST filter based on the carried protocol in the VxLAN-gpe". That "MUST" is out of place because the text is an example. From nobody Tue Sep 26 12:39:32 2017 Return-Path: X-Original-To: sfc@ietfa.amsl.com Delivered-To: sfc@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B2CF91330B2; Tue, 26 Sep 2017 12:39:31 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.7 X-Spam-Level: X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=joelhalpern.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QrbcZ7VqzCPf; Tue, 26 Sep 2017 12:39:30 -0700 (PDT) Received: from maila2.tigertech.net (maila2.tigertech.net [208.80.4.152]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 396AB134325; Tue, 26 Sep 2017 12:39:29 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by maila2.tigertech.net (Postfix) with ESMTP id 20A43A000B9; Tue, 26 Sep 2017 12:39:29 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=joelhalpern.com; s=1.tigertech; t=1506454769; bh=saSNLh9czWtjEZcn6OpzO0OX0FxmibslRgcPsf4LpDc=; h=Subject:To:Cc:References:From:Date:In-Reply-To:From; b=A4LV+EATmQ4edMoU8sCBllX/7BQsQEc+p0vX9OuqOsb0yT18GDILp41nN+c8ugo36 UecmqbSGL4/lfw3MeMllHGtkXjnOc84WGskRoufLHqxQZuguh0uzcnPokKfJV6gSt3 FUcZmhZdqo6IzLOL0AnuAB355pzS3Q1AXEzQgqU0= X-Virus-Scanned: Debian amavisd-new at maila2.tigertech.net Received: from Joels-MacBook-Pro.local (unknown [50.225.209.67]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by maila2.tigertech.net (Postfix) with ESMTPSA id 9E10524097D; Tue, 26 Sep 2017 12:39:27 -0700 (PDT) To: Alvaro Retana , The IESG Cc: draft-ietf-sfc-nsh@ietf.org, sfc-chairs@ietf.org, sfc@ietf.org References: <150645342771.20838.9063204620273064987.idtracker@ietfa.amsl.com> From: "Joel M. Halpern" Message-ID: Date: Tue, 26 Sep 2017 15:39:26 -0400 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:52.0) Gecko/20100101 Thunderbird/52.3.0 MIME-Version: 1.0 In-Reply-To: <150645342771.20838.9063204620273064987.idtracker@ietfa.amsl.com> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit Archived-At: Subject: Re: [sfc] Alvaro Retana's No Objection on draft-ietf-sfc-nsh-24: (with COMMENT) X-BeenThere: sfc@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Network Service Chaining List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 26 Sep 2017 19:39:32 -0000 Thank you Alvaro. I can comment on some of these, as I think we need some assistance finding better words. The rest I will leave to Carlos. Your comment 1 is about non-support of MD2 and the requirement that the entity use the length field anyway. What we are trying to communicate (and have not gotten right) is that devices which need the packet, but do not need the metadata, are required to cope with MD2 with a length greater than 2. An example of such a device is an SFF which has multiple valid hosp along the SFP, and uses the underlying packet header fields to pick one. It is required to function even when handed an MD2 packet. This is part of a compromise to make MD2 usable even with devices that were built principally for MD1. Can you suggest better wording. (Given that this is the base section, I do not want a long example here.) Your comment 2 asks about mandatory-to-implement and mandatory-to-deply metadata. We are not defining what is mandatory to implement. The text you ask about is not defining which things are mandatory to implement. Rather, it is talking about what a service function should do when it does not receive something it considers mandatory. Is there a better way to say that? On your question 4, we wanted to note the assignment. I agree it is a bit odd. Do you think we should remove it? Yours, Joel On 9/26/17 3:17 PM, Alvaro Retana wrote: > Alvaro Retana has entered the following ballot position for > draft-ietf-sfc-nsh-24: No Objection > > When responding, please keep the subject line intact and reply to all > email addresses included in the To and CC lines. (Feel free to cut this > introductory paragraph, however.) > > > Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html > for more information about IESG DISCUSS and COMMENT positions. > > > The document, along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/draft-ietf-sfc-nsh/ > > > > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > (1) While describing the MD Type field, Section 2.2. (NSH Base Header) talks > about the specific scenario in which "a device will support MD Type 0x1 (as per > the MUST) metadata, yet be deployed in a network with MD Type 0x2 metadata > packets", and it specifies that "the MD Type 0x1 node, MUST utilize the base > header length field to determine the original payload offset if it requires > access to the original packet/frame." This is the case where the node in > question *does not* support MD Type 0x2, right? If so, then the specification > above seems to go against (in the last sentence of the same paragraph): > "Packets with MD Type values not supported by an implementation MUST be > silently dropped." IOW, if the node doesn't support 0x2, why wouldn't it just > drop the packet? > > (2) Section 2.5.1. (Optional Variable Length Metadata) says that this document > "does not make any assumption about Context Headers that are > mandatory-to-implement or those that are mandatory-to-process. These > considerations are deployment-specific." But the next couple of paragraphs > specify explicit actions for them (mandatory-to-process): > > Upon receipt of a packet that belongs to a given SFP, if a mandatory- > to-process context header is missing in that packet, the SFC-aware SF > MUST NOT process the packet and MUST log an error at least once per > the SPI for which the mandatory metadata is missing. > > If multiple mandatory-to-process context headers are required for a > given SFP, the control plane MAY instruct the SFC-aware SF with the > order to consume these Context Headers. If no instructions are > provided and the SFC-aware SF will make use of or modify the specific > context header, then the SFC-aware SF MUST process these Context > Headers in the order they appear in an NSH packet. > > Maybe I'm confused about considerations being deployment specific vs specifying > what to do here. Can you please clarify? > > (3) "SFFs MUST use the Service Path Header for selecting the next SF or SFF in > the service path." Section 6 explains most of what has to be done -- what I > think is still not clear in this document is where the information in Tables > 1-4 comes from. There may be different ways for an SFF to learn that, and I > would imagine that it is out-of-scope of this document. Please say so -- maybe > there's a relevant reference to rfc7665 (?). > > (4) Section 11.1. (NSH EtherType) seems out of place in this document because > (1) the document doesn't discuss the transport itself, and (2) it is in the > IANA section... > > (5) What is the "IETF Base NSH MD Class" (Section 11.2.4)? Ahh, I see that > Section 11.2.6 talks about "the type values owned by the IETF"; it would be > good to say that MD Class 0x0000 is being assigned to the IETF (in 11.2.4). > > Nits: > > In section 2.2. (NSH Base Header), it would be nice to have a forward reference > when the Service Index is first mentioned. > > It may be nice to explicitly state in the description of the MD Type field > (Section 2.2) that for length = 0x2 and MD Type = 0x2, there are in fact no > optional context headers. (I know there's some text about this later in section > 2.5.) > > "...all domain edges MUST filter based on the carried protocol in the > VxLAN-gpe". That "MUST" is out of place because the text is an example. > > From nobody Tue Sep 26 13:44:42 2017 Return-Path: X-Original-To: sfc@ietf.org Delivered-To: sfc@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 12391134463; Tue, 26 Sep 2017 13:44:35 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: Kathleen Moriarty To: "The IESG" Cc: draft-ietf-sfc-nsh@ietf.org, "Joel M. Halpern" , sfc-chairs@ietf.org, jmh@joelhalpern.com, sfc@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 6.62.1 Auto-Submitted: auto-generated Precedence: bulk Message-ID: <150645867503.20862.14046225395932721314.idtracker@ietfa.amsl.com> Date: Tue, 26 Sep 2017 13:44:35 -0700 Archived-At: Subject: [sfc] Kathleen Moriarty's Discuss on draft-ietf-sfc-nsh-24: (with DISCUSS and COMMENT) X-BeenThere: sfc@ietf.org X-Mailman-Version: 2.1.22 List-Id: Network Service Chaining List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 26 Sep 2017 20:44:35 -0000 Kathleen Moriarty has entered the following ballot position for draft-ietf-sfc-nsh-24: Discuss When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-sfc-nsh/ ---------------------------------------------------------------------- DISCUSS: ---------------------------------------------------------------------- First, I'd like to thank the authors and WG for your efforts in recent revisions of this draft, it has come a long way. I still want to poke at the lack of a requirement for either integrity protection on the NSH itself or for MUSTs on protections from the transport encapsulation. Attacks inside of a data center or single operator domains happen all too often. The number from 2016 is up 164% as of a statistic I saw earlier today. We can't srug this off anymore. Security Considerations section: First two sentences say: NSH is designed for use within operator environments. As such, it does not include any mandatory security mechanisms. I think you intended the first sentence to say, "within a single operator environment" as what you have now could be multiple networks managed separately with that statement. Then for the second sentence, I know you don't have an integrity mechanism mandated, but I really think one should be. Couldn't the path be altered and not detectable if there is no integrity checking? This could be used to avoid security protections or to route it inappropriately through a multi-tenant environment. Sure, the underlying protocol should provide session encryption on application traffic, but there's no reason why security shouldn't have been baked into this protocol as a requirement. >From the architecture document, the security considerations section calls attention to possible issues related to lack of integrity checking. Since no encapsulating transport is specified with required session encryption, and the NSH addition doesn't have integrity protection, how will you meet this architecture requirement from RFC7665: Service Overlay: Underneath the service function forwarders, the components that are responsible for performing the transport forwarding consult the outer-transport encapsulation for underlay forwarding. Used transport mechanisms should satisfy the security requirements of the specific SFC deployment. These requirements typically include varying degrees of traffic separation, protection against different attacks (e.g., spoofing, man-in-the-middle, brute-force, or insertion attacks), and can also include authenticity and integrity checking, and/or confidentiality provisions, for both the network overlay transport and traffic it encapsulates. It seems from this text, something should be specified for the transport encapsulation. >From the text in the draft under review: As with many other protocols, without enhancements, the NSH encapsulation could can be spoofed or otherwise modified and is subject to snooping and modification in transit. However, the deployment scope (as defined in [RFC7665]) of the NSH encapsulation is limited to a single network administrative domain as a controlled environment, with trusted devices (e.g., a data center) hence mitigating the risk of unauthorized manipulation of the encapsulation headers or metadata. This is in direct conflict with the Service Overlay requirements in the Security Considerations of RFC7665. Section 8.1 I'd like to see some MUSTs to address the concerns listed in RFC7665 for encapsulation requirements or an addition of integrity protection on NSH itself. ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- This introductory text is much improved from a previous version and my comments, thanks for the update. This helps quite a bit. The Network Service Header (NSH) specification defines a new protocol and associated encapsulation for the creation of dynamic service chains, operating at the service plane. The NSH is designed to encapsulate an original packet or frame, and in turn be encapsulated by an outer transport encapsulation (which is used to deliver the NSH to NSH-aware network elements), as shown in Figure 1: Section 8.1: I don't think you need the text on BCP38. It's a helpful recommendation in general, but I don't see how it's directly applicable to this specification. Thank you for adding the text on Boundary protections per the SecDir review, I think this is very helpful. From nobody Tue Sep 26 20:43:17 2017 Return-Path: X-Original-To: sfc@ietfa.amsl.com Delivered-To: sfc@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2915F133054; Tue, 26 Sep 2017 20:43:15 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -14.521 X-Spam-Level: X-Spam-Status: No, score=-14.521 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xEiB6TsD77GM; Tue, 26 Sep 2017 20:43:12 -0700 (PDT) Received: from alln-iport-7.cisco.com (alln-iport-7.cisco.com [173.37.142.94]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 795781321DE; Tue, 26 Sep 2017 20:43:12 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=10732; q=dns/txt; s=iport; t=1506483792; x=1507693392; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=8HDkKGV9p+t15ENEQBiKfoJzfWCC9/OPN9r7d1az61s=; b=O1FkigrebXqh5zN9DYLvcXmw7VJKtOH+PH78iTmsnIMjECeG3bu6/C2H PEMQk35lk3t4XL/2a1YSeTLi1nB61h0Ptjz8ht9Hnrm1n73AGe8+NJyns ooDooIFBZAbPW3jB9PDveSqU2J6UEmh2cf+Ku+CCuvAWtobtyyDGnTtVZ A=; X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0CsAgB9HctZ/49dJa1bGQEBAQEBAQEBA?= =?us-ascii?q?QEBBwEBAQEBg1tkbicHg2+aG4FUIohCjXeCBAolhRYCGoQ1VwECAQEBAQECayi?= =?us-ascii?q?FGAEBAQECASMRQAUFCwIBCBgCAiYCAgIfERUQAgQOBYoaAw0IEKhKgieHOQ2DW?= =?us-ascii?q?AEBAQEBAQEBAQEBAQEBAQEBAQEBARgFgQ6CHYICgVGBaisLgnKCXoFzAQsHAR+?= =?us-ascii?q?DEy+CMQWKEo47iBc8AodciAaEeYIThW+DfocGjGeIMwIRGQGBOAFXgQMLeBVJE?= =?us-ascii?q?gGFBxyBZ3YBhWYPF4EMgRABAQE?= X-IronPort-AV: E=Sophos;i="5.42,443,1500940800"; d="scan'208";a="8645910" Received: from rcdn-core-7.cisco.com ([173.37.93.143]) by alln-iport-7.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 27 Sep 2017 03:43:11 +0000 Received: from XCH-RTP-018.cisco.com (xch-rtp-018.cisco.com [64.101.220.158]) by rcdn-core-7.cisco.com (8.14.5/8.14.5) with ESMTP id v8R3hAMr012499 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Wed, 27 Sep 2017 03:43:10 GMT Received: from xch-rtp-020.cisco.com (64.101.220.160) by XCH-RTP-018.cisco.com (64.101.220.158) with Microsoft SMTP Server (TLS) id 15.0.1320.4; Tue, 26 Sep 2017 23:43:09 -0400 Received: from xch-rtp-020.cisco.com ([64.101.220.160]) by XCH-RTP-020.cisco.com ([64.101.220.160]) with mapi id 15.00.1320.000; Tue, 26 Sep 2017 23:43:09 -0400 From: "Carlos Pignataro (cpignata)" To: Spencer Dawkins CC: The IESG , "draft-ietf-sfc-nsh@ietf.org" , "Joel M. Halpern" , "sfc-chairs@ietf.org" , "Service Function Chaining IETF list" , "wes@mti-systems.com" Thread-Topic: Spencer Dawkins' No Objection on draft-ietf-sfc-nsh-24: (with COMMENT) Thread-Index: AQHTNuOuC2VDXw4nt0CnFP5cZ4x7oKLIWr+A Date: Wed, 27 Sep 2017 03:43:09 +0000 Message-ID: References: <150644295986.20869.15901882753312059319.idtracker@ietfa.amsl.com> In-Reply-To: <150644295986.20869.15901882753312059319.idtracker@ietfa.amsl.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-exchange-messagesentrepresentingtype: 1 x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [10.118.116.133] Content-Type: text/plain; charset="utf-8" Content-ID: <9661982A4E33104FBC7BABF033AE48E9@emea.cisco.com> Content-Transfer-Encoding: base64 MIME-Version: 1.0 Archived-At: Subject: Re: [sfc] Spencer Dawkins' No Objection on draft-ietf-sfc-nsh-24: (with COMMENT) X-BeenThere: sfc@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Network Service Chaining List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Sep 2017 03:43:15 -0000 TWFueSB0aGFua3MgU3BlbmNlciBmb3IgdGhlIGNvbW1lbnRzIGJlbG93IQ0KDQpQbGVhc2Ugc2Vl IGlubGluZS4NCg0KPiBPbiBTZXAgMjYsIDIwMTcsIGF0IDEyOjIyIFBNLCBTcGVuY2VyIERhd2tp bnMgPHNwZW5jZXJkYXdraW5zLmlldGZAZ21haWwuY29tPiB3cm90ZToNCj4gDQo+IFNwZW5jZXIg RGF3a2lucyBoYXMgZW50ZXJlZCB0aGUgZm9sbG93aW5nIGJhbGxvdCBwb3NpdGlvbiBmb3INCj4g ZHJhZnQtaWV0Zi1zZmMtbnNoLTI0OiBObyBPYmplY3Rpb24NCj4gDQo+IFdoZW4gcmVzcG9uZGlu ZywgcGxlYXNlIGtlZXAgdGhlIHN1YmplY3QgbGluZSBpbnRhY3QgYW5kIHJlcGx5IHRvIGFsbA0K PiBlbWFpbCBhZGRyZXNzZXMgaW5jbHVkZWQgaW4gdGhlIFRvIGFuZCBDQyBsaW5lcy4gKEZlZWwg ZnJlZSB0byBjdXQgdGhpcw0KPiBpbnRyb2R1Y3RvcnkgcGFyYWdyYXBoLCBob3dldmVyLikNCj4g DQo+IA0KPiBQbGVhc2UgcmVmZXIgdG8gaHR0cHM6Ly93d3cuaWV0Zi5vcmcvaWVzZy9zdGF0ZW1l bnQvZGlzY3Vzcy1jcml0ZXJpYS5odG1sDQo+IGZvciBtb3JlIGluZm9ybWF0aW9uIGFib3V0IElF U0cgRElTQ1VTUyBhbmQgQ09NTUVOVCBwb3NpdGlvbnMuDQo+IA0KPiANCj4gVGhlIGRvY3VtZW50 LCBhbG9uZyB3aXRoIG90aGVyIGJhbGxvdCBwb3NpdGlvbnMsIGNhbiBiZSBmb3VuZCBoZXJlOg0K PiBodHRwczovL2RhdGF0cmFja2VyLmlldGYub3JnL2RvYy9kcmFmdC1pZXRmLXNmYy1uc2gvDQo+ IA0KPiANCj4gDQo+IC0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCj4gQ09NTUVOVDoNCj4gLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0K PiANCj4gVGhhbmsgeW91IGZvciByZXNwb25kaW5nIHRvIFdlcyBFZGR5J3MgVFNWLUFSVCByZXZp ZXcgb2YgLTE5IChhbmQsIG9mIGNvdXJzZSwNCj4gZm9yIG1ha2luZyB0ZXh0IGNoYW5nZXMgdGhh dCBzZWVtZWQgYXBwcm9wcmlhdGUpLg0KPiANCg0KVGhhbmtzIHRvIFdlcyBmb3IgdGFraW5nIHRo ZSB0aW1lIHRvIHJldmlldyENCg0KV2UgZGlkIGdvIG92ZXIgdGhlIHdob2xlIGRvY3VtZW50IHdp dGggYSBmaW5lIGNvbWIgY2xlYW5pbmcgdXAgdGVybXMgYmFzZWQgb24gV2Vz4oCZIGZlZWRiYWNr Lg0KDQo+IEl0IHNlZW1zIHRvIG1lIHRoYXQgeW91IGRlc2NyaWJlIGV4cGVjdGF0aW9ucyBhYm91 dCB0aGUgYXBwbGljYWJpbGl0eSBvZiBOU0ggaW4NCj4gdmFyaW91cyBwbGFjZXMgaW4gdGhlIGRv Y3VtZW50LCBhbmQgaW4gdmFyaW91cyB3YXlzLiBZb3UgbWlnaHQgY29uc2lkZXIgKGZvcg0KPiBl eGFtcGxlKSBwdWxsaW5nIHRoZSBjb21tb24gZWxlbWVudHMgb2Ygc3RhdGVtZW50cyBsaWtlIChm cm9tIFNlY3Rpb24gNSkNCj4gDQo+ICAgV2l0aGluIGEgbWFuYWdlZCBhZG1pbmlzdHJhdGl2ZSBk b21haW4sIGFuIG9wZXJhdG9yIGNhbiBlbnN1cmUgdGhhdA0KPiAgIHRoZSB1bmRlcmxheSBNVFUg aXMgc3VmZmljaWVudCB0byBjYXJyeSBTRkMgdHJhZmZpYyB3aXRob3V0IHJlcXVpcmluZw0KPiAg IGZyYWdtZW50YXRpb24uICBHaXZlbiB0aGF0IHRoZSBpbnRlbmRlZCBzY29wZSBvZiB0aGUgTlNI IGlzIHdpdGhpbiBhDQo+ICAgc2luZ2xlIHByb3ZpZGVyJ3Mgb3BlcmF0aW9uYWwgZG9tYWluLCB0 aGF0IGFwcHJvYWNoIGlzIHN1ZmZpY2llbnQuDQo+IA0KPiBhbmQgKGZyb20gU2VjdGlvbiA4KQ0K PiANCj4gIE5TSCBpcyBkZXNpZ25lZCBmb3IgdXNlIHdpdGhpbiBvcGVyYXRvciBlbnZpcm9ubWVu dHMuICBBcyBzdWNoLCBpdA0KPiAgIGRvZXMgbm90IGluY2x1ZGUgYW55IG1hbmRhdG9yeSBzZWN1 cml0eSBtZWNoYW5pc21zLiAgQXMgd2l0aCBtYW55DQo+ICAgb3RoZXIgcHJvdG9jb2xzLCB3aXRo b3V0IGVuaGFuY2VtZW50cywgdGhlIE5TSCBlbmNhcHN1bGF0aW9uIGNhbiBiZQ0KPiAgIHNwb29m ZWQgYW5kIGlzIHN1YmplY3QgdG8gc25vb3BpbmcgYW5kIG1vZGlmaWNhdGlvbiBpbiB0cmFuc2l0 Lg0KPiANCj4gICBIb3dldmVyLCB0aGUgZGVwbG95bWVudCBzY29wZSAoYXMgZGVmaW5lZCBpbiBb UkZDNzY2NV0pIG9mIHRoZSBOU0gNCj4gICBlbmNhcHN1bGF0aW9uIGlzIGxpbWl0ZWQgdG8gYSBz aW5nbGUgbmV0d29yayBhZG1pbmlzdHJhdGl2ZSBkb21haW4gYXMNCj4gICBhIGNvbnRyb2xsZWQg ZW52aXJvbm1lbnQsIHdpdGggdHJ1c3RlZCBkZXZpY2VzIChlLmcuLCBhIGRhdGEgY2VudGVyKQ0K PiAgIGhlbmNlIG1pdGlnYXRpbmcgdGhlIHJpc2sgb2YgdW5hdXRob3JpemVkIG1hbmlwdWxhdGlv biBvZiB0aGUNCj4gICBlbmNhcHN1bGF0aW9uIGhlYWRlcnMgb3IgbWV0YWRhdGEuICBUaGlzIGNv bnRyb2xsZWQgZW52aXJvbm1lbnQgaXMgYW4NCj4gICBpbXBvcnRhbnQgYXNzdW1wdGlvbiBmb3Ig TlNILiAgVGhlcmUgaXMgb25lIGFkZGl0aW9uYWwgaW1wb3J0YW50DQo+ICAgYXNzdW1wdGlvbjog QWxsIG9mIHRoZSBzZXJ2aWNlIGZ1bmN0aW9ucyB1c2VkIGJ5IGFuIG9wZXJhdG9yIGluDQo+ICAg c2VydmljZSBjaGFpbnMgYXJlIGFzc3VtZWQgdG8gYmUgc2VsZWN0ZWQgYW5kIHZldHRlZCBieSB0 aGUgb3BlcmF0b3IuDQo+IA0KPiBpbnRvIG9uZSBzZWN0aW9uIGRlc2NyaWJpbmcgdGhlIGFwcGxp Y2FiaWxpdHkgb2YgTlNILCBhcHBlYXJpbmcgTVVDSCBlYXJsaWVyIGluDQo+IHRoZSBkb2N1bWVu dCAodGhlIG1vc3QgZGV0YWlsZWQgZGVzY3JpcHRpb24gb2YgeW91ciBleHBlY3RhdGlvbnMgbG9v a3MgbGlrZSBpdA0KPiBhcHBlYXJzIGluIHRoZSBTZWN1cml0eSBDb25zaWRlcmF0aW9ucyBzZWN0 aW9uLCBidXQgcGFydHMgb2YgdGhhdCBkZXNjcmlwdGlvbg0KPiBhcmUgYXBwbGljYWJsZSB0byB0 aGUgRnJhZ21lbnRhdGlvbiBDb25zaWRlcmF0aW9ucyBzZWN0aW9uLCB3aGljaCBhcHBlYXJzIHRo cmVlDQo+IHNlY3Rpb25zIGVhcmxpZXIgaW4gdGhlIGRvY3VtZW50KS4gVGhlIHJlYWRlciB3b3Vs ZCBoYXZlIHlvdXIgaW50ZW5kZWQNCj4gYXBwbGljYWJpbGl0eSBpbiBtaW5kIG11Y2ggZWFybGll ciBhbmQgbW9yZSBjbGVhcmx5LCBhbmQgeW91IGNvdWxkIGp1c3QgaW52b2tlDQo+IHlvdXIgZXhw ZWN0YXRpb25zIGJ5IHJlZmVyZW5jZSB3aGVuIHlvdSBuZWVkIHRvIGV4cGxhaW4gaG93IHRoZXkg YXBwbHkNCj4gZWxzZXdoZXJlIGluIHRoZSBkb2N1bWVudCwgc28gdGhlIGV4cGVjdGF0aW9ucyBp biBwbGF5IHdvdWxkIGJlIGNvbnNpc3RlbnQNCj4gYWNyb3NzIG1lbnRpb25zIHRocm91Z2hvdXQg dGhlIGRvY3VtZW50Lg0KDQpXZSBhcmUgdmVyeSBoZXNpdGFudCB0byBtYWtlIGRyYXN0aWMgc3Ry dWN0dXJhbCBtb2RpZmljYXRpb25zIHRvIHRoZSBkb2N1bWVudCBhdCB0aGlzIHN0YWdlLg0KDQpJ IHVuZGVyc3RhbmQgeW91ciBwb2ludCBhYm91dCBjb21waWxpbmcgYSBsaXN0IG9mIGV4cGVjdGF0 aW9ucyB0aHJvdWdob3V0IHRoZSBkb2N1bWVudCBpbnRvIGEgc2VsZi1jb250YWluZWQgaW5kZXgu IEhvd2V2ZXIsIHRob3NlIGV4cGVjdGF0aW9ucyBhcmUgdmVyeSBkaWZmZXJlbnQgZm9yIGVhY2gg YXJlYSAoZS5nLiwgc2VjdXJpdHksIGVuY2Fwc3VsYXRpb24gdHJhbnNwb3J0LCBldGMuKSBhbmQg YXJlIGN1cnJlbnRseSBmdW5jdGlvbmFsbHkgb3JnYW5pemVkLiBUaGUgZ29hbCBpcyBub3QgdG8g aGF2ZSBhIGxpc3Qgb2YgcmVxdWlyZW1lbnRzLCBidXQgaGF2ZSBpbXBsZW1lbnRvcnMgZnVuY3Rp b25hbGx5IHJlYWQgdGhyb3VnaCB0aGUgY29tcGxldGUgc3BlY2lmaWNhdGlvbi4NCg0KQmFzZWQg b24gZWFybGllciBmZWVkYmFjaywgd2UgZGlkIHByZXNlbnQgYSBtb3JlIGRlbGliZXJhdGUgYW5k IGludGVudGlvbmFsIGFwcGxpY2FiaWxpdHkgZWFybHkgb24sIGluIHRoZSBJbnRyb2R1Y3Rpb24u IFNlZSB0aGlyZC10by1sYXN0IHBhcmFncmFwaCBvZiBTZWN0aW9uIDEuDQoNCj4gDQo+IEknbSBz dGlsbCBib3RoZXJlZCB0aGF0IHRoaXMgZG9jdW1lbnQgZG9lc24ndCBleHBsaWNpdGx5IG1lbnRp b24gSUNNUCBibG9ja2luZw0KPiBhcyBhIHByb2JsZW0gZm9yIFBNVFVEIHdpdGggSVAgZW5jYXBz dWxhdGlvbnMuDQoNCldlIGRvIG5vdCB3YW50IHRvIHRha2UgYXdheSBmcm9tIHRoZSBmb2N1cyBv ZiB0aGUgZG9jdW1lbnQsIHRvIGhhdmUgYW4gYW5hbHlzaXMgb2YgUE1UVUQuIERvaW5nIHNvIHdv dWxkIGJlIHVuZmFpciB0byBQTVRVRCwgYW5kIGludmFyaWFibHkgaW5jb3JyZWN0IGJ5IG9taXNz aW9uLiBUaGVyZSBhcmUgb3RoZXIgdGhpbmdzIHRoYXQgYnJlYWsgUE1UVUQgdG9vIHBvdGVudGlh bGx5LCBhbmQgb3RoZXIgcmlza3Mgc3VjaCBhcyBJQ01QIGF0dGFja3MsIGV0Yy4NCg0KR2l2ZW4g dGhlIGZhY3QgdGhhdCB0aGUgSVAgZW5jYXBzdWxhdGlvbiBjYW4gYmUgSVB2NCBvciBJUHY2LCB3 ZSBkbyBub3Qgd2FudCB0byBleHBsYWluIFBNVFVELg0KDQpUaGF0IHNhaWQsIGlmIHRoZXJlIGlz IGEgc2luZ2xlIFJlZmVyZW5jZSB0aGF0IHlvdSBmZWVsIGNhcHR1cmVzIHRoZSBQTVRVRCBwcm9i bGVtcyBhbmQgZ3VpZGFuY2UsIHdlIHdpbGwgYmUgaGFwcHkgdG8gYWRkIGl0IQ0KDQoNCj4gV2Un cmUganVzdCBub3QgZ29vZCBhdCBwYXRoIE1UVQ0KPiBkaXNjb3ZlcnksIHNvIGl0IHNlZW1zIHVz ZWZ1bCB0byBjYWxsIHRoaXMgb3V0IGV4cGxpY2l0bHkgd2hlbiBhIGRvY3VtZW50DQo+IGV4cGVj dHMgdG8gdXNlIFBNVFVELiBUaGF0IHdheSwgcGVvcGxlIHdobyB1c2UgTlNIIHdpbGwga25vdyB0 byBjaGVjayBmb3IgSUNNUA0KPiBibG9ja2luZyBvbiB0aGVpciBuZXR3b3JrcyBiZWZvcmUgdGhl eSByZWNlaXZlIHRoZWlyIGZpcnN0IHRyb3VibGUgcmVwb3J0cy4NCj4gVGhpcyBhbG1vc3QgcmVh Y2hlZCBteSB0aHJlc2hvbGQgZm9yIGJhbGxvdGluZyBEaXNjdXNzLCBzbyBJJ2QgaG9wZSB5b3Ug Zm9sa3MNCj4gd291bGQgY29uc2lkZXIgdGhhdC4NCg0KV2UgYXJlIGNvbnNpZGVyaW5nIGFuZCBo YXBweSB0byBhZGQgc29tZSB0ZXh0IGFib3V0IHRoZSBwcm9ibGVtLiBIb3dldmVyLCB3ZSB3ZXJl IHVuYWJsZSB0byBmaW5kIGEgc2luZ2xlIHJlZmVyZW5jZSB0aGF0IGF0b21pY2FsbHkgZGVzY3Jp YmVzIHRoZSBwcm9ibGVtIGFuZCBnaXZlcyByZWNvbW1lbmRhdGlvbi4gRXZlbiBSRkMgODIwMSBp bmNsdWRlcyBvbmx5IGEgc2luZ2xlLXNlbnRlbmNlIGxvc3QgaW4gbWlkZGxlIG9mIHRoZSBJbnRy b2R1Y3Rpb24uDQoNClByb3Bvc2FsOg0KDQpPTEQ6DQogICBGb3IgZXhhbXBsZSwgd2hlbiB0aGUg TlNIIGlzIGVuY2Fwc3VsYXRlZCBpbiBJUCwgSVAtbGV2ZWwNCiAgIGZyYWdtZW50YXRpb24gY291 cGxlZCB3aXRoIFBhdGggTVRVIERpc2NvdmVyeSAoUE1UVUQpIGlzIHVzZWQuIA0KDQpORVc6DQoN CiAgIEZvciBleGFtcGxlLCB3aGVuIHRoZSBOU0ggaXMgZW5jYXBzdWxhdGVkIGluIElQLCBJUC1s ZXZlbA0KICAgZnJhZ21lbnRhdGlvbiBjb3VwbGVkIHdpdGggUGF0aCBNVFUgRGlzY292ZXJ5IChQ TVRVRCkgaXMgdXNlZC4gIFNpbmNlDQogICBQTVRVRCByZWxpZXMgb24gSUNNUCBtZXNzYWdlcywg YW4gb3BlcmF0b3Igc2hvdWxkIGVuc3VyZSBJQ01QDQogICBwYWNrZXRzIGFyZSBub3QgYmxvY2tl ZC4NCg0KQnV0IGEgY2l0YXRpb24gd291bGQgZW5yaWNoIHRoaXMuIFBsZWFzZSBsZXQgdXMga25v dy4gUkZDIDI5MjMgaXMgdG9vIFRDUCBzcGVjaWZpYywgZXRjLi4uDQoNCj4gDQo+IEkgc2VlIHRo YXQgdGhlIGFwcGxpY2FiaWxpdHkgb2YgTlNIIGluY2x1ZGVzIGVuY2Fwc3VsYXRpb25zIHRoYXQg ZG9uJ3QgcHJvdmlkZQ0KPiBhIHBhdGggTVRVIGRpc2NvdmVyeSBtZWNoYW5pc20sIGFuZCB0aGF0 IHlvdXIgcmVzb2x1dGlvbiBmb3IgdGhvc2UNCj4gZW5jYXBzdWxhdGlvbnMgaXMgdG8gbG9nIGV2 ZW50cyB3aGVuIGEgInRvbyBiaWciIHBhY2tldCBpcyBkcm9wcGVkLiBDb3VsZCB5b3UNCj4gZWR1 Y2F0ZSBtZSwgYXMgdG8gd2hldGhlciBhbGwgZW5jYXBzdWxhdGlvbnMgZGV0ZWN0IHRoYXQgdGhp cyBpcyBoYXBwZW5pbmc/IEl0DQo+IG1pZ2h0IGJlIHRoYXQgZW5jYXBzdWxhdGlvbnMgYXJlIHVz aW5nIGEgZml4ZWQgbWF4aW11bSBNVFUgYnkgZGVmaW5pdGlvbiwgc28NCj4gdGhhdCB3aGF0IHlv dSdyZSBsb2dnaW5nIGlzIGFuIGF0dGVtcHQgdG8gc2VuZCBhIHBheWxvYWQgdGhhdCB2aW9sYXRl cyB0aGUNCj4gcHJvdG9jb2wgZGVmaW5pdGlvbiBvZiB0aGUgZW5jYXBzdWxhdGlvbiwgYnV0IEkg ZG9uJ3Qga25vdyB0aGF0IHRoYXQncyB0cnVlIGluDQo+IGFsbCBjYXNlcywgc28gdGhvdWdodCBJ IHNob3VsZCBhc2suDQoNCldlIGNhbm5vdCBwcm92ZSBpZiAqYWxsKiBlbmNhcHN1bGF0aW9ucyBk ZXRlY3QgdGhhdCBhcyBoYXBwZW5pbmcsIGFzIHlvdSBhcmUgYXNraW5nLiBIb3dldmVyLCBpZiBh biBlbmNhcHN1bGF0aW9uIGRyb3BzIGEgcGFja2V0IGZvciB0aGF0IHJlYXNvbiB3ZSBhcmUgYWRk aW5nIGEgcmVxdWlyZW1lbnQgZm9yIHRob3NlIGVuY2Fwcy4gDQoNCj4gDQo+IEkgc2F3IGEgc3Vn Z2VzdGlvbiBmcm9tIEpvZSBUb3VjaCAoaW4gYSByZXNwb25zZSB0byB0aGUgVFNWLUFSVCByZXZp ZXcpIHRvDQo+IGNvbnNpZGVyIGxvb2tpbmcgYXQgdGhlIHRlcm1pbm9sb2d5IGRldmVsb3BlZCBm b3IgZHJhZnQtaWV0Zi1pbnRhcmVhLXR1bm5lbHMuIEkNCj4gZGlkbid0IHNlZSBhIHJlcGx5IHRv IHRoYXQgc3VnZ2VzdGlvbiwgYW5kIEkgZGlkbid0IHNlZSBhIHJlZmVyZW5jZSB0bw0KPiBkcmFm dC1pZXRmLWludGFyZWEtdHVubmVscyBpbiAtMjQgLSB3YXMgdGhpcyBjb25zaWRlcmVkPw0KDQpB cG9sb2dpZXMgZm9yIG5vdCBoYXZpbmcgcmVzcG9uZGVkLiBZZXMsIHRoaXMgd2FzIGNvbnNpZGVy ZWQuDQoNClRoZSBuZWVkcyBvZiBkcmFmdC1pZXRmLXNmYy1uc2ggYXJlIHNvIGJhc2ljIGluIHRo aXMgcmVnYXJkcyB0aGF0IHdlIHVzZSBvbmx5IHR3byB0ZXJtcy4gVGhvc2UgdHdvIHRlcm1zIGFy ZSBleGFjdCB0ZXJtcyBkZWZpbmVkIGluIGRyYWZ0LWlldGYtaW50YXJlYS10dW5uZWxzLiBNVFUg YW5kIFBNVFVELiBUaGlzIGRvY3VtZW50IGRvZXMgbm90IG1ha2UgdXNlIG9mIHRoaW5ncyBsaWtl IEVNVFVfUi4NCg0KPiANCj4gKEknbSBhbHNvIGFza2luZyBiZWNhdXNlIEkgd2FudCB0byBrZWVw IHRyYWNrIG9mIHdoZXRoZXIgcGVvcGxlIGFwcGx5aW5nDQo+IGVuY2Fwc3VsYXRpb25zIGZpbmQg dGhhdCBkb2N1bWVudCB1c2VmdWwsIG9mIGNvdXJzZSkNCg0KSSByZXZpZXdlZCBhbiBlYXJsaWVy IGl0ZXJhdGlvbiBvZiB0aGF0IGRvY3VtZW50LCBhbG1vc3QgYSBkZWNhZGUgYWdvICghISkgYW5k IHNlbnQgcGFnZXMgb2YgY29tbWVudHMuIEkgYWxzbyByZXZpZXdlZCBhIHN1YnNlcXVlbnQgaW50 YXJlYSBXRyB2ZXJzaW9uIG9mIGl0LiBUaGUgYXBwbGljYWJpbGl0eSBvZiB0aGF0IGRvYyB0byBk cmFmdC1pZXRmLXNmYy1uc2ggaXMgcXVpdGUgbGltaXRlZC4gDQoNCkJ5IHRoZSB3YXksIHRoZSB0 cmVhdG1lbnQgb2YgSUNNUCBibG9ja2FnZSBpbiBkcmFmdC1pZXRmLWludGFyZWEtdHVubmVscyBp cyBxdWl0ZSBub3QgZXhoYXVzdGl2ZSDigJQgYW5kIHRoYXQgZG9jdW1lbnQgc2VlbXMgYSBiZXR0 ZXIgcGxhY2UgZm9yIGNvbXBsYWluaW5nIGFib3V0IElDTVAgYW5kIFBNVFVELg0KDQo+IA0KPiAo Sm9lJ3MgZm9sbG93LXVwIGlzIGF0DQo+IGh0dHBzOi8vbWFpbGFyY2hpdmUuaWV0Zi5vcmcvYXJj aC9tc2cvdHN2LWFydC9Dc2RXd1I5QjVfQUI2NEQwZUZsLUtJRTdfTkEpDQo+IA0KPiANCg0KDQpU aGFua3MgYWdhaW4hDQoNCuKAlCBDYXJsb3MuDQoNCg== From nobody Tue Sep 26 21:14:22 2017 Return-Path: X-Original-To: sfc@ietfa.amsl.com Delivered-To: sfc@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D3764134496; Tue, 26 Sep 2017 21:14:16 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -14.521 X-Spam-Level: X-Spam-Status: No, score=-14.521 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RZe3ZZX2QegN; Tue, 26 Sep 2017 21:14:14 -0700 (PDT) Received: from rcdn-iport-5.cisco.com (rcdn-iport-5.cisco.com [173.37.86.76]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 426EC12ECEC; Tue, 26 Sep 2017 21:14:14 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=8072; q=dns/txt; s=iport; t=1506485654; x=1507695254; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=yVklZvsZU/SMMPDDpGetMh/fF/Zl+U3CRuAp1GBmNA4=; b=SA1FcC/MmI5cQ/07YmYjcHvoLx5TMScmWZgJFpX6jaXqhc6rX3nPIDMI ZoLfInABrJTQuF6V15RGo/Pkrl38xvNmzOfB8eQuAaIU9EYf085RFKNDX /IM71589Es8z2AkgljcHuWr5DtOkcPqhcrkU/b5kc2PMEjRUMXeUzUjiy U=; X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0AHAQAGJctZ/4wNJK1bGQEBAQEBAQEBA?= =?us-ascii?q?QEBBwEBAQEBg1tkbhQTB4Nvih+PfIFUIpYrDoIECiOFGAIahDU/GAECAQEBAQE?= =?us-ascii?q?BAWsohRgBAQEBAgEjETMSBQsCAQgYAgImAgICMBUQAgQOBYoqCBCoToInix4BA?= =?us-ascii?q?QEBAQEBAQEBAQEBAQEBAQEBAQEYBYEOgh2CAoFRgWorC4JyhFEBEgEfgxMvgjE?= =?us-ascii?q?FihKOO4hTAodcgxNJiSOCE4VviwSVGgIRGQGBOAEfOIEDC3gVWwGFBxyBZ3YBh?= =?us-ascii?q?XWBI4EQAQEB?= X-IronPort-AV: E=Sophos;i="5.42,443,1500940800"; d="scan'208";a="82485090" Received: from alln-core-7.cisco.com ([173.36.13.140]) by rcdn-iport-5.cisco.com with ESMTP/TLS/DHE-RSA-AES256-SHA; 27 Sep 2017 04:14:12 +0000 Received: from XCH-RTP-001.cisco.com (xch-rtp-001.cisco.com [64.101.220.141]) by alln-core-7.cisco.com (8.14.5/8.14.5) with ESMTP id v8R4ECQF013994 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Wed, 27 Sep 2017 04:14:12 GMT Received: from xch-rtp-020.cisco.com (64.101.220.160) by XCH-RTP-001.cisco.com (64.101.220.141) with Microsoft SMTP Server (TLS) id 15.0.1320.4; Wed, 27 Sep 2017 00:14:11 -0400 Received: from xch-rtp-020.cisco.com ([64.101.220.160]) by XCH-RTP-020.cisco.com ([64.101.220.160]) with mapi id 15.00.1320.000; Wed, 27 Sep 2017 00:14:11 -0400 From: "Carlos Pignataro (cpignata)" To: "Alvaro Retana (aretana)" CC: The IESG , "draft-ietf-sfc-nsh@ietf.org" , "Joel M. Halpern" , "sfc-chairs@ietf.org" , "sfc@ietf.org" Thread-Topic: Alvaro Retana's No Objection on draft-ietf-sfc-nsh-24: (with COMMENT) Thread-Index: AQHTNvwOtqmwlMp+xUy8F8i54ZXAOqLIYzqA Date: Wed, 27 Sep 2017 04:14:11 +0000 Message-ID: <314D7BB3-23A0-4E4E-9557-B323736BA851@cisco.com> References: <150645342771.20838.9063204620273064987.idtracker@ietfa.amsl.com> In-Reply-To: <150645342771.20838.9063204620273064987.idtracker@ietfa.amsl.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-exchange-messagesentrepresentingtype: 1 x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [10.118.116.133] Content-Type: text/plain; charset="utf-8" Content-ID: Content-Transfer-Encoding: base64 MIME-Version: 1.0 Archived-At: Subject: Re: [sfc] Alvaro Retana's No Objection on draft-ietf-sfc-nsh-24: (with COMMENT) X-BeenThere: sfc@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Network Service Chaining List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Sep 2017 04:14:17 -0000 VGhhbmsgeW91IGZvciB0aGUgY29tbWVudHMsIEFsdmFybyENCg0KUGxlYXNlIHNlZSBpbmxpbmUu DQoNCj4gT24gU2VwIDI2LCAyMDE3LCBhdCAzOjE3IFBNLCBBbHZhcm8gUmV0YW5hIChhcmV0YW5h KSA8YXJldGFuYUBjaXNjby5jb20+IHdyb3RlOg0KPiANCj4gQWx2YXJvIFJldGFuYSBoYXMgZW50 ZXJlZCB0aGUgZm9sbG93aW5nIGJhbGxvdCBwb3NpdGlvbiBmb3INCj4gZHJhZnQtaWV0Zi1zZmMt bnNoLTI0OiBObyBPYmplY3Rpb24NCj4gDQo+IFdoZW4gcmVzcG9uZGluZywgcGxlYXNlIGtlZXAg dGhlIHN1YmplY3QgbGluZSBpbnRhY3QgYW5kIHJlcGx5IHRvIGFsbA0KPiBlbWFpbCBhZGRyZXNz ZXMgaW5jbHVkZWQgaW4gdGhlIFRvIGFuZCBDQyBsaW5lcy4gKEZlZWwgZnJlZSB0byBjdXQgdGhp cw0KPiBpbnRyb2R1Y3RvcnkgcGFyYWdyYXBoLCBob3dldmVyLikNCj4gDQo+IA0KPiBQbGVhc2Ug cmVmZXIgdG8gaHR0cHM6Ly93d3cuaWV0Zi5vcmcvaWVzZy9zdGF0ZW1lbnQvZGlzY3Vzcy1jcml0 ZXJpYS5odG1sDQo+IGZvciBtb3JlIGluZm9ybWF0aW9uIGFib3V0IElFU0cgRElTQ1VTUyBhbmQg Q09NTUVOVCBwb3NpdGlvbnMuDQo+IA0KPiANCj4gVGhlIGRvY3VtZW50LCBhbG9uZyB3aXRoIG90 aGVyIGJhbGxvdCBwb3NpdGlvbnMsIGNhbiBiZSBmb3VuZCBoZXJlOg0KPiBodHRwczovL2RhdGF0 cmFja2VyLmlldGYub3JnL2RvYy9kcmFmdC1pZXRmLXNmYy1uc2gvDQo+IA0KPiANCj4gDQo+IC0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0NCj4gQ09NTUVOVDoNCj4gLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KPiANCj4gKDEpIFdoaWxl IGRlc2NyaWJpbmcgdGhlIE1EIFR5cGUgZmllbGQsIFNlY3Rpb24gMi4yLiAoTlNIIEJhc2UgSGVh ZGVyKSB0YWxrcw0KPiBhYm91dCB0aGUgc3BlY2lmaWMgc2NlbmFyaW8gaW4gd2hpY2ggImEgZGV2 aWNlIHdpbGwgc3VwcG9ydCBNRCBUeXBlIDB4MSAoYXMgcGVyDQo+IHRoZSBNVVNUKSBtZXRhZGF0 YSwgeWV0IGJlIGRlcGxveWVkIGluIGEgbmV0d29yayB3aXRoIE1EIFR5cGUgMHgyIG1ldGFkYXRh DQo+IHBhY2tldHMiLCBhbmQgaXQgc3BlY2lmaWVzIHRoYXQgInRoZSBNRCBUeXBlIDB4MSBub2Rl LCBNVVNUIHV0aWxpemUgdGhlIGJhc2UNCj4gaGVhZGVyIGxlbmd0aCBmaWVsZCB0byBkZXRlcm1p bmUgdGhlIG9yaWdpbmFsIHBheWxvYWQgb2Zmc2V0IGlmIGl0IHJlcXVpcmVzDQo+IGFjY2VzcyB0 byB0aGUgb3JpZ2luYWwgcGFja2V0L2ZyYW1lLiIgIFRoaXMgaXMgdGhlIGNhc2Ugd2hlcmUgdGhl IG5vZGUgaW4NCj4gcXVlc3Rpb24gKmRvZXMgbm90KiBzdXBwb3J0IE1EIFR5cGUgMHgyLCByaWdo dD8gIElmIHNvLCB0aGVuIHRoZSBzcGVjaWZpY2F0aW9uDQo+IGFib3ZlIHNlZW1zIHRvIGdvIGFn YWluc3QgKGluIHRoZSBsYXN0IHNlbnRlbmNlIG9mIHRoZSBzYW1lIHBhcmFncmFwaCk6DQo+ICJQ YWNrZXRzIHdpdGggTUQgVHlwZSB2YWx1ZXMgbm90IHN1cHBvcnRlZCBieSBhbiBpbXBsZW1lbnRh dGlvbiBNVVNUIGJlDQo+IHNpbGVudGx5IGRyb3BwZWQuIiAgSU9XLCBpZiB0aGUgbm9kZSBkb2Vz bid0IHN1cHBvcnQgMHgyLCB3aHkgd291bGRuJ3QgaXQganVzdA0KPiBkcm9wIHRoZSBwYWNrZXQ/ DQoNCkpvZWwgYWxyZWFkeSBhbnN3ZXJlZCB0aGlzIHBvaW50Lg0KDQo+IA0KPiAoMikgU2VjdGlv biAyLjUuMS4gKE9wdGlvbmFsIFZhcmlhYmxlIExlbmd0aCBNZXRhZGF0YSkgc2F5cyB0aGF0IHRo aXMgZG9jdW1lbnQNCj4gImRvZXMgbm90IG1ha2UgYW55IGFzc3VtcHRpb24gYWJvdXQgQ29udGV4 dCBIZWFkZXJzIHRoYXQgYXJlDQo+IG1hbmRhdG9yeS10by1pbXBsZW1lbnQgb3IgdGhvc2UgdGhh dCBhcmUgbWFuZGF0b3J5LXRvLXByb2Nlc3MuICBUaGVzZQ0KPiBjb25zaWRlcmF0aW9ucyBhcmUg ZGVwbG95bWVudC1zcGVjaWZpYy4iICBCdXQgdGhlIG5leHQgY291cGxlIG9mIHBhcmFncmFwaHMN Cj4gc3BlY2lmeSBleHBsaWNpdCBhY3Rpb25zIGZvciB0aGVtIChtYW5kYXRvcnktdG8tcHJvY2Vz cyk6DQo+IA0KPiAgIFVwb24gcmVjZWlwdCBvZiBhIHBhY2tldCB0aGF0IGJlbG9uZ3MgdG8gYSBn aXZlbiBTRlAsIGlmIGEgbWFuZGF0b3J5LQ0KPiAgIHRvLXByb2Nlc3MgY29udGV4dCBoZWFkZXIg aXMgbWlzc2luZyBpbiB0aGF0IHBhY2tldCwgdGhlIFNGQy1hd2FyZSBTRg0KPiAgIE1VU1QgTk9U IHByb2Nlc3MgdGhlIHBhY2tldCBhbmQgTVVTVCBsb2cgYW4gZXJyb3IgYXQgbGVhc3Qgb25jZSBw ZXINCj4gICB0aGUgU1BJIGZvciB3aGljaCB0aGUgbWFuZGF0b3J5IG1ldGFkYXRhIGlzIG1pc3Np bmcuDQo+IA0KPiAgIElmIG11bHRpcGxlIG1hbmRhdG9yeS10by1wcm9jZXNzIGNvbnRleHQgaGVh ZGVycyBhcmUgcmVxdWlyZWQgZm9yIGENCj4gICBnaXZlbiBTRlAsIHRoZSBjb250cm9sIHBsYW5l IE1BWSBpbnN0cnVjdCB0aGUgU0ZDLWF3YXJlIFNGIHdpdGggdGhlDQo+ICAgb3JkZXIgdG8gY29u c3VtZSB0aGVzZSBDb250ZXh0IEhlYWRlcnMuICBJZiBubyBpbnN0cnVjdGlvbnMgYXJlDQo+ICAg cHJvdmlkZWQgYW5kIHRoZSBTRkMtYXdhcmUgU0Ygd2lsbCBtYWtlIHVzZSBvZiBvciBtb2RpZnkg dGhlIHNwZWNpZmljDQo+ICAgY29udGV4dCBoZWFkZXIsIHRoZW4gdGhlIFNGQy1hd2FyZSBTRiBN VVNUIHByb2Nlc3MgdGhlc2UgQ29udGV4dA0KPiAgIEhlYWRlcnMgaW4gdGhlIG9yZGVyIHRoZXkg YXBwZWFyIGluIGFuIE5TSCBwYWNrZXQuDQo+IA0KPiBNYXliZSBJJ20gY29uZnVzZWQgYWJvdXQg Y29uc2lkZXJhdGlvbnMgYmVpbmcgZGVwbG95bWVudCBzcGVjaWZpYyB2cyBzcGVjaWZ5aW5nDQo+ IHdoYXQgdG8gZG8gaGVyZS4gIENhbiB5b3UgcGxlYXNlIGNsYXJpZnk/DQoNCkpvZWwgYWxzbyBj bGFyaWZpZWQgdGhpcyBpbiBoaXMgcmVzcG9uc2Ug4oCUIGlmIHlvdSBoYXZlIGltcHJvdmVtZW50 cyB0byB0aGUgdGV4dCBmb3IgY2xhcml0eSBsZXQgdXMga25vdy4NCg0KVGhlIGlkZWEgaXMgdGhh dCB0aGlzIGRvY3VtZW50IGRvZXMgbm90IHNwZWNpZnkgd2hhdCBpcyBtYW5kYXRvcnkgdG8gaW1w bGVtZW50LCBvbmx5IHRoZSB0cmVhdG1lbnQgd2hlbiB0aGF0IGlzIHRoZSBjYXNlLg0KDQo+IA0K PiAoMykgIlNGRnMgTVVTVCB1c2UgdGhlIFNlcnZpY2UgUGF0aCBIZWFkZXIgZm9yIHNlbGVjdGlu ZyB0aGUgbmV4dCBTRiBvciBTRkYgaW4NCj4gdGhlIHNlcnZpY2UgcGF0aC4iICBTZWN0aW9uIDYg ZXhwbGFpbnMgbW9zdCBvZiB3aGF0IGhhcyB0byBiZSBkb25lIC0tIHdoYXQgSQ0KPiB0aGluayBp cyBzdGlsbCBub3QgY2xlYXIgaW4gdGhpcyBkb2N1bWVudCBpcyB3aGVyZSB0aGUgaW5mb3JtYXRp b24gaW4gVGFibGVzDQo+IDEtNCBjb21lcyBmcm9tLiAgVGhlcmUgbWF5IGJlIGRpZmZlcmVudCB3 YXlzIGZvciBhbiBTRkYgdG8gbGVhcm4gdGhhdCwgYW5kIEkNCj4gd291bGQgaW1hZ2luZSB0aGF0 IGl0IGlzIG91dC1vZi1zY29wZSBvZiB0aGlzIGRvY3VtZW50LiAgUGxlYXNlIHNheSBzbyAtLSBt YXliZQ0KPiB0aGVyZSdzIGEgcmVsZXZhbnQgcmVmZXJlbmNlIHRvIHJmYzc2NjUgKD8pLg0KDQpU aGUgd2F5IGluIHdoaWNoIGFuIFNGRiBsZWFybnMgaW5mbyBmcm9tIHRoYXQgdGFibGUgaXMgb3V0 IG9mIHNjb3BlLCBpbiBjYXNlcyBpbXBsZW1lbnRhdGlvbiBzcGVjaWZpYyBhbmQgZG9lcyBub3Qg YWZmZWN0IGludGVyb3BlcmFiaWxpdHkuICBCdXQgdGhlIGRlZmluaXRpb25zIGluIHNlY3Rpb24g MiBzYXkgY2FzZXMgd2hlcmUgaW5mb3JtYXRpb24gaXMgZXhwZWN0ZWQgZnJvbSB0aGUgY29udHJv bCBwbGFuZSBhbmQgb3V0c2lkZSB0aGUgc2NvcGUgb2YgdGhlIE5TSCBzcGVjaWZpY2F0aW9uLg0K DQpXZSBhcmUgaGFwcHkgdG8gY2xhcmlmeSBpZiB0aGVyZSBpcyBzb21ldGhpbmcgdGhhdCBpcyBj YXVzaW5nIGNvbmZ1c2lvbiDigJQgbWF5YmUgeW91IGNvdWxkIHN1Z2dlc3QgdGV4dCB0byDigJxz YXkgc2/igJ0/DQoNCj4gDQo+ICg0KSBTZWN0aW9uIDExLjEuIChOU0ggRXRoZXJUeXBlKSBzZWVt cyBvdXQgb2YgcGxhY2UgaW4gdGhpcyBkb2N1bWVudCBiZWNhdXNlDQo+ICgxKSB0aGUgZG9jdW1l bnQgZG9lc24ndCBkaXNjdXNzIHRoZSB0cmFuc3BvcnQgaXRzZWxmLCBhbmQgKDIpIGl0IGlzIGlu IHRoZQ0KPiBJQU5BIHNlY3Rpb27igKYNCg0KWW91IGhhdmUgYSBnb29kIHBvaW50IOKAlCBKb2Vs IGFza2VkIOKAnCBEbyB5b3UgdGhpbmsgd2Ugc2hvdWxkIHJlbW92ZSBpdD/igJ0NCg0KSSB0aGlu ayB3ZSBzaG91bGQga2VlcCBpdCBpbiwgYmVjYXVzZSBpdCBpcyBpbXBvcnRhbnQgaW5mb3JtYXRp b24gZm9yIGFuIGltcGxlbWVudG9yIHRvIGhhdmUsIHJlZ2FyZGxlc3Mgb2YgdGhvc2UgdHdvIHBv aW50cy4gDQoNCkJ1dCBwZXJoYXBzIGl0IHNob3VsZCBiZSBtb3ZlZCBvdXQgb2YgdGhhdCBzZWN0 aW9uIGFuZCBpbnRvIGEgc2VwYXJhdGUgbm9uLW5vcm1hdGl2ZSBzZWN0aW9uPyBEbyB5b3UgaGF2 ZSByZWNvbW1lbmRhdGlvbnMgdGhlcmU/DQoNCkFsaWEgd2FzIHRyYWNraW5nIHRoZSBOU0ggRXRo ZXJUeXBlIHZhbHVlLiBBbGlhLCB0aG91Z2h0cz8NCg0KPiANCj4gKDUpIFdoYXQgaXMgdGhlICJJ RVRGIEJhc2UgTlNIIE1EIENsYXNzIiAoU2VjdGlvbiAxMS4yLjQpPyAgQWhoLCBJIHNlZSB0aGF0 DQo+IFNlY3Rpb24gMTEuMi42IHRhbGtzIGFib3V0ICJ0aGUgdHlwZSB2YWx1ZXMgb3duZWQgYnkg dGhlIElFVEYiOyBpdCB3b3VsZCBiZQ0KPiBnb29kIHRvIHNheSB0aGF0IE1EIENsYXNzIDB4MDAw MCBpcyBiZWluZyBhc3NpZ25lZCB0byB0aGUgSUVURiAoaW4gMTEuMi40KS4NCj4gDQoNCkdyZWF0 IHBvaW50LiBJIHdpbGwgYWRkIGNyb3NzLXJlZmVyZW5jZXMgaW4gYm90aCAxMS4yLjQgYW5kIDEx LjIuNiBwb2ludGluZyB0byBlYWNoIG90aGVyLg0KDQpBbHNvLCBtb3ZpbmcgMTEuMi42IHRvIGJl IGltbWVkaWF0ZWx5IGFmdGVyIDExLjIuNCB3aWxsIGhlbHAgYXMgd2VsbC4NCg0KQm90aCBkb25l IGluIG91ciB3b3JraW5nIGNvcHkuDQoNCj4gTml0czoNCj4gDQo+IEluIHNlY3Rpb24gMi4yLiAo TlNIIEJhc2UgSGVhZGVyKSwgaXQgd291bGQgYmUgbmljZSB0byBoYXZlIGEgZm9yd2FyZCByZWZl cmVuY2UNCj4gd2hlbiB0aGUgU2VydmljZSBJbmRleCBpcyBmaXJzdCBtZW50aW9uZWQuDQo+IA0K DQpTb3JyeSBJIGRpZCBub3QgZm9sbG93LiBTZWN0aW9uIDIuMSBzaG93cyB0aGUgQmFzZSBIZWFk ZXIgKFNlY3Rpb24gMi4yKSBhbmQgdGhlIFNlcnZpY2UgUGF0aCBIZWFkZXIgKFNlY3Rpb24gMi4z KS4NCg0KV2hlcmUgd291bGQgeW91IGxpa2UgYSBmb3J3YXJkIHBvaW50ZXIgdG8gdGhlIFNJPw0K DQo+IEl0IG1heSBiZSBuaWNlIHRvIGV4cGxpY2l0bHkgc3RhdGUgaW4gdGhlIGRlc2NyaXB0aW9u IG9mIHRoZSBNRCBUeXBlIGZpZWxkDQo+IChTZWN0aW9uIDIuMikgdGhhdCBmb3IgbGVuZ3RoID0g MHgyIGFuZCBNRCBUeXBlID0gMHgyLCB0aGVyZSBhcmUgaW4gZmFjdCBubw0KPiBvcHRpb25hbCBj b250ZXh0IGhlYWRlcnMuIChJIGtub3cgdGhlcmUncyBzb21lIHRleHQgYWJvdXQgdGhpcyBsYXRl ciBpbiBzZWN0aW9uDQo+IDIuNS4pDQoNCk9LLiBBZGRlZCwgDQoNCj4gDQo+ICIuLi5hbGwgZG9t YWluIGVkZ2VzIE1VU1QgZmlsdGVyIGJhc2VkIG9uIHRoZSBjYXJyaWVkIHByb3RvY29sIGluIHRo ZQ0KPiBWeExBTi1ncGUiLiAgVGhhdCAiTVVTVCIgaXMgb3V0IG9mIHBsYWNlIGJlY2F1c2UgdGhl IHRleHQgaXMgYW4gZXhhbXBsZS4NCj4gDQoNCkdyZWF0IHBvaW50LiBGaXhlZC4NCg0KVGhhbmtz LA0KDQrigJQgQ2FybG9zLg0KDQo+IA0KDQo= From nobody Tue Sep 26 21:48:36 2017 Return-Path: X-Original-To: sfc@ietfa.amsl.com Delivered-To: sfc@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D6FD81344ED; Tue, 26 Sep 2017 21:48:27 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -14.521 X-Spam-Level: X-Spam-Status: No, score=-14.521 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8XDRSxUcGh7i; Tue, 26 Sep 2017 21:48:25 -0700 (PDT) Received: from alln-iport-8.cisco.com (alln-iport-8.cisco.com [173.37.142.95]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 18DAD1321CB; Tue, 26 Sep 2017 21:48:25 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=11238; q=dns/txt; s=iport; t=1506487705; x=1507697305; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=5gHfTq2BcOZNUg7soLH3Wj9LBKqMVzQGxX89p+L6/ns=; b=By6nAPHQ74GYmVKEis6OjkbirOFY6czk6vI6xGLSz4f/M2wI/t/WVvAP nBc51LEDUhpzywqD1Ujv7FFhU75aL2MChVv1c1IcnMSExCuYLQ2yfiZFT flyiYB56JSeyD61Xdm4L15KL5RxgzshN7GaiJWFCxPjzJ2jzV4e+MBsvJ Q=; X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0DqAQAMLctZ/4wNJK1bGQEBAQEBAQEBA?= =?us-ascii?q?QEBBwEBAQEBg1tkbicHg2+aG4F2iEKNd4IECiWFFgIahDVXAQIBAQEBAQJrKIU?= =?us-ascii?q?YAQEBAQEBASMRRQULAgEIEgYCAiYCAgIfERUCDgIEDgUaigADDQgQqFqCJ4c5D?= =?us-ascii?q?YNYAQEBAQEBAQEBAQEBAQEBAQEBAQEBHYEOgh2CAoFRgWorgn2CXoFzAQsHAR8?= =?us-ascii?q?4AoJZL4IxBYdEgk6OO4gXPAKHXIc3T4R5ghOFb4N+hwaKC4JchT6CdQIRGQGBO?= =?us-ascii?q?AFXgQMLeBVbAYU8gU52AYVmDxeBDIEQAQEB?= X-IronPort-AV: E=Sophos;i="5.42,443,1500940800"; d="scan'208";a="8669424" Received: from alln-core-7.cisco.com ([173.36.13.140]) by alln-iport-8.cisco.com with ESMTP/TLS/DHE-RSA-AES256-SHA; 27 Sep 2017 04:48:24 +0000 Received: from XCH-RTP-018.cisco.com (xch-rtp-018.cisco.com [64.101.220.158]) by alln-core-7.cisco.com (8.14.5/8.14.5) with ESMTP id v8R4mNhK006259 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Wed, 27 Sep 2017 04:48:24 GMT Received: from xch-rtp-020.cisco.com (64.101.220.160) by XCH-RTP-018.cisco.com (64.101.220.158) with Microsoft SMTP Server (TLS) id 15.0.1320.4; Wed, 27 Sep 2017 00:48:23 -0400 Received: from xch-rtp-020.cisco.com ([64.101.220.160]) by XCH-RTP-020.cisco.com ([64.101.220.160]) with mapi id 15.00.1320.000; Wed, 27 Sep 2017 00:48:23 -0400 From: "Carlos Pignataro (cpignata)" To: Kathleen Moriarty CC: The IESG , "draft-ietf-sfc-nsh@ietf.org" , "Joel M. Halpern" , "sfc-chairs@ietf.org" , "sfc@ietf.org" Thread-Topic: Kathleen Moriarty's Discuss on draft-ietf-sfc-nsh-24: (with DISCUSS and COMMENT) Thread-Index: AQHTNwhESLr2/8ugJkqnhLubM0mfVqLIbLCA Date: Wed, 27 Sep 2017 04:48:23 +0000 Message-ID: References: <150645867503.20862.14046225395932721314.idtracker@ietfa.amsl.com> In-Reply-To: <150645867503.20862.14046225395932721314.idtracker@ietfa.amsl.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-exchange-messagesentrepresentingtype: 1 x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [10.118.116.133] Content-Type: text/plain; charset="utf-8" Content-ID: <9AD5DB3B433EF14C8D57FF0B444F7DB7@emea.cisco.com> Content-Transfer-Encoding: base64 MIME-Version: 1.0 Archived-At: Subject: Re: [sfc] Kathleen Moriarty's Discuss on draft-ietf-sfc-nsh-24: (with DISCUSS and COMMENT) X-BeenThere: sfc@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Network Service Chaining List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Sep 2017 04:48:28 -0000 VGhhbmsgeW91IEthdGhsZWVuIGZvciByZXZpZXdpbmcgdGhpcyBkb2N1bWVudCBhbmQgdGhlIGlu cHV0IGJlbG93IQ0KDQpQbGVhc2Ugc2VlIGlubGluZS4NCg0KDQo+IE9uIFNlcCAyNiwgMjAxNywg YXQgNDo0NCBQTSwgS2F0aGxlZW4gTW9yaWFydHkgPEthdGhsZWVuLk1vcmlhcnR5LmlldGZAZ21h aWwuY29tPiB3cm90ZToNCj4gDQo+IEthdGhsZWVuIE1vcmlhcnR5IGhhcyBlbnRlcmVkIHRoZSBm b2xsb3dpbmcgYmFsbG90IHBvc2l0aW9uIGZvcg0KPiBkcmFmdC1pZXRmLXNmYy1uc2gtMjQ6IERp c2N1c3MNCj4gDQo+IFdoZW4gcmVzcG9uZGluZywgcGxlYXNlIGtlZXAgdGhlIHN1YmplY3QgbGlu ZSBpbnRhY3QgYW5kIHJlcGx5IHRvIGFsbA0KPiBlbWFpbCBhZGRyZXNzZXMgaW5jbHVkZWQgaW4g dGhlIFRvIGFuZCBDQyBsaW5lcy4gKEZlZWwgZnJlZSB0byBjdXQgdGhpcw0KPiBpbnRyb2R1Y3Rv cnkgcGFyYWdyYXBoLCBob3dldmVyLikNCj4gDQo+IA0KPiBQbGVhc2UgcmVmZXIgdG8gaHR0cHM6 Ly93d3cuaWV0Zi5vcmcvaWVzZy9zdGF0ZW1lbnQvZGlzY3Vzcy1jcml0ZXJpYS5odG1sDQo+IGZv ciBtb3JlIGluZm9ybWF0aW9uIGFib3V0IElFU0cgRElTQ1VTUyBhbmQgQ09NTUVOVCBwb3NpdGlv bnMuDQo+IA0KPiANCj4gVGhlIGRvY3VtZW50LCBhbG9uZyB3aXRoIG90aGVyIGJhbGxvdCBwb3Np dGlvbnMsIGNhbiBiZSBmb3VuZCBoZXJlOg0KPiBodHRwczovL2RhdGF0cmFja2VyLmlldGYub3Jn L2RvYy9kcmFmdC1pZXRmLXNmYy1uc2gvDQo+IA0KPiANCj4gDQo+IC0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCj4g RElTQ1VTUzoNCj4gLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KPiANCj4gRmlyc3QsIEknZCBsaWtlIHRvIHRoYW5r IHRoZSBhdXRob3JzIGFuZCBXRyBmb3IgeW91ciBlZmZvcnRzIGluIHJlY2VudA0KPiByZXZpc2lv bnMgb2YgdGhpcyBkcmFmdCwgaXQgaGFzIGNvbWUgYSBsb25nIHdheS4NCg0KVGhhbmsgeW91IGZv ciBlYXJseSBmZWVkYmFjaywgd2hpY2ggaGVscGVkIHVzIGltcHJvdmUgdGhlIHNwZWMhDQoNCj4g IEkgc3RpbGwgd2FudCB0byBwb2tlIGF0IHRoZQ0KPiBsYWNrIG9mIGEgcmVxdWlyZW1lbnQgZm9y IGVpdGhlciBpbnRlZ3JpdHkgcHJvdGVjdGlvbiBvbiB0aGUgTlNIIGl0c2VsZiBvciBmb3INCj4g TVVTVHMgb24gcHJvdGVjdGlvbnMgZnJvbSB0aGUgdHJhbnNwb3J0IGVuY2Fwc3VsYXRpb24uICBB dHRhY2tzIGluc2lkZSBvZiBhDQo+IGRhdGEgY2VudGVyIG9yIHNpbmdsZSBvcGVyYXRvciBkb21h aW5zIGhhcHBlbiBhbGwgdG9vIG9mdGVuLiAgVGhlIG51bWJlciBmcm9tDQo+IDIwMTYgaXMgdXAg MTY0JSBhcyBvZiBhIHN0YXRpc3RpYyBJIHNhdyBlYXJsaWVyIHRvZGF5Lg0KDQpTZWFyY2ggZW5n aW5lcyBmaW5kIGFsbCBzb3J0IG9mIGludGVyZXN0aW5nIGFuZCB1bmludGVyZXN0aW5nIHN0YXRp c3RpY3Mgc2VhcmNoaW5nIGZvciDigJwyMDE2IGlzIHVwIDE2NCXigJ0uIFRyeSBpdCA6LSkNCg0K SWYgeW91IGFyZSByZWZlcnJpbmcgdG8gdGhlIEdlbWFsdG8gWzFdIFsyXSBzdHVkeSwgdGhvc2Ug YXJlIF9ub3RfIOKAnEF0dGFja3MgaW5zaWRlIG9mIGEgZGF0YSBjZW50ZXIgb3Igc2luZ2xlIG9w ZXJhdG9yIGRvbWFpbnPigJ0uIFRob3NlIGFyZSBudW1iZXIgb2YgZGF0YSByZWNvcmRzIGxvc3Qg b3Igc3RvbGVuLiBZb3UgaW1wbGllZCB0aGUgbnVtYmVyIG9mIGF0dGFja3MgaW5zaWRlIGEgZGF0 YSBjZW50ZXIgaW5jcmVhc2VkIGJ5IHRoYXQgbnVtYmVyLCB3aGljaCBtYXkgb3IgbWF5IG5vdCBi ZSB0aGUgY2FzZSwgYnV0IHRoZXJlIGRvZXMgbm90IHNlZW0gdG8gYmUgYSBzdHVkeSBhYm91dCBp dC4NCg0KUGxlYXNlIG5vdGUgdGhhdCBJIGFtIG5vdCBtaW5pbWl6aW5nIHRoZSBpc3N1ZSwgbm9y IGxvb2tpbmcgdGhlIG90aGVyIHdheSBvciBidXJ5aW5nIHRoZSBoZWFkIGluIHRoZSBzYW5kLi4u IEJ1dCB0aHJvd2luZyBhIG51bWJlciBsaWtlIDE2NCUgd2l0aG91dCBpdHMgc2VtYW50aWMgYW5k IGNvbnRleHQgZG9lcyBub3QgY29udmV5IGFjdGlvbmFibGUgaW5mb3JtYXRpb24uIA0KDQpbMV0g aHR0cDovL2JyZWFjaGxldmVsaW5kZXguY29tL2Fzc2V0cy9CcmVhY2gtTGV2ZWwtSW5kZXgtUmVw b3J0LUgxLTIwMTctR2VtYWx0by5wZGYNClsyXSBodHRwOi8vd3d3LmRpZ2l0YWx0cmFuc2FjdGlv bnMubmV0L25ld3Mvc3RvcnkvNzQyMQ0KDQpBbnl3YXkuLi4NCg0KPiAgV2UgY2FuJ3Qgc3J1ZyB0 aGlzIG9mZg0KPiBhbnltb3JlLg0KPiANCg0KQWdyZWVkLiBXZSBhcmUgbm90IHNocnVnZ2luZyBp dCBvZmYuIFNlZSBiZWxvdy4NCg0KPiBTZWN1cml0eSBDb25zaWRlcmF0aW9ucyBzZWN0aW9uOg0K PiBGaXJzdCB0d28gc2VudGVuY2VzIHNheToNCj4gICBOU0ggaXMgZGVzaWduZWQgZm9yIHVzZSB3 aXRoaW4gb3BlcmF0b3IgZW52aXJvbm1lbnRzLiAgQXMgc3VjaCwgaXQNCj4gICBkb2VzIG5vdCBp bmNsdWRlIGFueSBtYW5kYXRvcnkgc2VjdXJpdHkgbWVjaGFuaXNtcy4NCj4gDQo+IEkgdGhpbmsg eW91IGludGVuZGVkIHRoZSBmaXJzdCBzZW50ZW5jZSB0byBzYXksICJ3aXRoaW4gYSBzaW5nbGUg b3BlcmF0b3INCj4gZW52aXJvbm1lbnQiIGFzIHdoYXQgeW91IGhhdmUgbm93IGNvdWxkIGJlIG11 bHRpcGxlIG5ldHdvcmtzIG1hbmFnZWQgc2VwYXJhdGVseQ0KPiB3aXRoIHRoYXQgc3RhdGVtZW50 Lg0KDQpZZXMhIFRoYW5rIHlvdSBmb3IgY2F0Y2hpbmcgdGhpcy4gV2UgYWxzbyBjYXVnaHQgaXQg aW4gYSByZS1yZXZpZXcuDQoNCj4gIFRoZW4gZm9yIHRoZSBzZWNvbmQgc2VudGVuY2UsIEkga25v dyB5b3UgZG9uJ3QgaGF2ZSBhbg0KPiBpbnRlZ3JpdHkgbWVjaGFuaXNtIG1hbmRhdGVkLCBidXQg SSByZWFsbHkgdGhpbmsgb25lIHNob3VsZCBiZS4gIENvdWxkbid0IHRoZQ0KPiBwYXRoIGJlIGFs dGVyZWQgYW5kIG5vdCBkZXRlY3RhYmxlIGlmIHRoZXJlIGlzIG5vIGludGVncml0eSBjaGVja2lu Zz8NCg0KVGhlIHBhdGggY2FuIGJlIGFsdGVyZWQgaW4gdGhlIHRyYW5zcG9ydCBlbmNhcHN1bGF0 aW9uIGVhc2llci4NCg0KQnV0IHRoZSBtYWluIHBvaW50IGlzIHRoYXQgdGhlcmUgYXJlIHdheXMg dG8gcHJvdmlkZSBpbnRlZ3JpdHkgY2hlY2tpbmcgd2l0aGluIHRoZSB0cmFuc3BvcnQgZW5jYXBz dWxhdGlvbiwgd2l0aCBwcm92ZW4gZXhpc3RpbmcgbWVjaGFuaXNtcy4gQW5kIHdlIGFkdm9jYXRl IHRoZWlyIHVzZS4NCg0KPiAgVGhpcw0KPiBjb3VsZCBiZSB1c2VkIHRvIGF2b2lkIHNlY3VyaXR5 IHByb3RlY3Rpb25zIG9yIHRvIHJvdXRlIGl0IGluYXBwcm9wcmlhdGVseQ0KPiB0aHJvdWdoIGEg bXVsdGktdGVuYW50IGVudmlyb25tZW50LiAgU3VyZSwgdGhlIHVuZGVybHlpbmcgcHJvdG9jb2wg c2hvdWxkDQo+IHByb3ZpZGUgc2Vzc2lvbiBlbmNyeXB0aW9uIG9uIGFwcGxpY2F0aW9uIHRyYWZm aWMsIGJ1dCB0aGVyZSdzIG5vIHJlYXNvbiB3aHkNCj4gc2VjdXJpdHkgc2hvdWxkbid0IGhhdmUg YmVlbiBiYWtlZCBpbnRvIHRoaXMgcHJvdG9jb2wgYXMgYSByZXF1aXJlbWVudC4NCg0KRG8geW91 IG1lYW4gdGhlIOKAnG92ZXJseWluZ+KAnSBwcm90b2NvbCBzaG91bGQgcHJvdmlkZSBzZXNzaW9u IGVuY3J5cHRpb24gb24gYXBwbGljYXRpb24gdHJhZmZpYz8NCg0KVGhlIHVuZGVybHlpbmcgcHJv dG9jb2wgaXMgYWxyZWFkeSBjb3ZlcmVkIGluIFNlY3Rpb24gOC4xLg0KDQo+IA0KPj4gRnJvbSB0 aGUgYXJjaGl0ZWN0dXJlIGRvY3VtZW50LCB0aGUgc2VjdXJpdHkgY29uc2lkZXJhdGlvbnMgc2Vj dGlvbiBjYWxscw0KPiBhdHRlbnRpb24gdG8gcG9zc2libGUgaXNzdWVzIHJlbGF0ZWQgdG8gbGFj ayBvZiBpbnRlZ3JpdHkgY2hlY2tpbmcuICBTaW5jZSBubw0KPiBlbmNhcHN1bGF0aW5nIHRyYW5z cG9ydCBpcyBzcGVjaWZpZWQgd2l0aCByZXF1aXJlZCBzZXNzaW9uIGVuY3J5cHRpb24sIGFuZCB0 aGUNCj4gTlNIIGFkZGl0aW9uIGRvZXNuJ3QgaGF2ZSBpbnRlZ3JpdHkgcHJvdGVjdGlvbiwgaG93 IHdpbGwgeW91IG1lZXQgdGhpcw0KPiBhcmNoaXRlY3R1cmUgcmVxdWlyZW1lbnQgZnJvbSBSRkM3 NjY1Og0KPiANCj4gIFNlcnZpY2UgT3ZlcmxheTogIFVuZGVybmVhdGggdGhlIHNlcnZpY2UgZnVu Y3Rpb24gZm9yd2FyZGVycywgdGhlDQo+ICAgICAgICBjb21wb25lbnRzIHRoYXQgYXJlIHJlc3Bv bnNpYmxlIGZvciBwZXJmb3JtaW5nIHRoZSB0cmFuc3BvcnQNCj4gICAgICAgIGZvcndhcmRpbmcg Y29uc3VsdCB0aGUgb3V0ZXItdHJhbnNwb3J0IGVuY2Fwc3VsYXRpb24gZm9yDQo+ICAgICAgICB1 bmRlcmxheSBmb3J3YXJkaW5nLiAgVXNlZCB0cmFuc3BvcnQgbWVjaGFuaXNtcyBzaG91bGQgc2F0 aXNmeQ0KPiAgICAgICAgdGhlIHNlY3VyaXR5IHJlcXVpcmVtZW50cyBvZiB0aGUgc3BlY2lmaWMg U0ZDIGRlcGxveW1lbnQuICBUaGVzZQ0KPiAgICAgICAgcmVxdWlyZW1lbnRzIHR5cGljYWxseSBp bmNsdWRlIHZhcnlpbmcgZGVncmVlcyBvZiB0cmFmZmljDQo+ICAgICAgICBzZXBhcmF0aW9uLCBw cm90ZWN0aW9uIGFnYWluc3QgZGlmZmVyZW50IGF0dGFja3MgKGUuZy4sDQo+ICAgICAgICBzcG9v ZmluZywgbWFuLWluLXRoZS1taWRkbGUsIGJydXRlLWZvcmNlLCBvciBpbnNlcnRpb24gYXR0YWNr cyksDQo+ICAgICAgICBhbmQgY2FuIGFsc28gaW5jbHVkZSBhdXRoZW50aWNpdHkgYW5kIGludGVn cml0eSBjaGVja2luZywgYW5kL29yDQo+ICAgICAgICBjb25maWRlbnRpYWxpdHkgcHJvdmlzaW9u cywgZm9yIGJvdGggdGhlIG5ldHdvcmsgb3ZlcmxheQ0KPiAgICAgICAgdHJhbnNwb3J0IGFuZCB0 cmFmZmljIGl0IGVuY2Fwc3VsYXRlcy4NCj4gDQoNCkkgbWF5IGJlIG1pc3Npbmcgc29tZXRoaW5n LCBidXQgd2hhdCBJIHJlYWQgZnJvbSBSRkMgNzY2NSBzYXlzOg0KDQogICAgICAiVXNlZCB0cmFu c3BvcnQgbWVjaGFuaXNtcyBzaG91bGQgc2F0aXNmeQ0KICAgICAgIHRoZSBzZWN1cml0eSByZXF1 aXJlbWVudHMgb2YgdGhlIHNwZWNpZmljIFNGQyBkZXBsb3ltZW50LiINCg0KPiBJdCBzZWVtcyBm cm9tIHRoaXMgdGV4dCwgc29tZXRoaW5nIHNob3VsZCBiZSBzcGVjaWZpZWQgZm9yIHRoZSB0cmFu c3BvcnQNCj4gZW5jYXBzdWxhdGlvbi4NCg0KSSBhZ3JlZSBhbmQgZGlzYWdyZWUsIGluIGEgd2F5 Lg0KDQpZZXMsIHNvbWV0aGluZyBvdWdodCB0byBiZSBzcGVjaWZpZWQsIGZvciB0aGUgdHJhbnNw b3J0IGVuY2Fwc3VsYXRpb24gc3BlY2lmaWNhdGlvbnMsIG5vdCBmb3IgdGhlIE5TSCBzcGVjLg0K DQpPciByZXBocmFzaW5nLCB0aGUgZG9jdW1lbnQgaXMgc3BlY2lmeWluZyB0aGUgTlNIIGRhdGEg cGxhbmUgbGF5ZXIsIG5vdCBiZXlvbmQuIEFuZCBpbiB0aGlzIGNvbnRleHQgaXMgc3BlY2lmeWlu ZyBzZWN1cml0eSBlbGVtZW50cyBpbiB0aGUgdHJhbnNwb3J0IGVuY2Fwc3VsYXRpb24gaW4gYSBn ZW5lcmljIGZhc2hpb24sIGFuZCBmb3IgdGhlIE1ldGFkYXRhIGl0c2VsZi4NCg0KPiANCj4+IEZy b20gdGhlIHRleHQgaW4gdGhlIGRyYWZ0IHVuZGVyIHJldmlldzoNCj4gICBBcyB3aXRoIG1hbnkN Cj4gICBvdGhlciBwcm90b2NvbHMsIHdpdGhvdXQgZW5oYW5jZW1lbnRzLCB0aGUgTlNIIGVuY2Fw c3VsYXRpb24gY291bGQgY2FuIGJlDQo+ICAgc3Bvb2ZlZA0KPiAgIG9yIG90aGVyd2lzZSBtb2Rp ZmllZCBhbmQgaXMgc3ViamVjdCB0byBzbm9vcGluZyBhbmQgbW9kaWZpY2F0aW9uIGluIHRyYW5z aXQuDQo+IA0KPiAgIEhvd2V2ZXIsIHRoZSBkZXBsb3ltZW50IHNjb3BlIChhcyBkZWZpbmVkIGlu IFtSRkM3NjY1XSkgb2YgdGhlIE5TSA0KPiAgIGVuY2Fwc3VsYXRpb24gaXMgbGltaXRlZCB0byBh IHNpbmdsZSBuZXR3b3JrIGFkbWluaXN0cmF0aXZlIGRvbWFpbiBhcw0KPiAgIGEgY29udHJvbGxl ZCBlbnZpcm9ubWVudCwgd2l0aCB0cnVzdGVkIGRldmljZXMgKGUuZy4sIGEgZGF0YSBjZW50ZXIp DQo+ICAgaGVuY2UgbWl0aWdhdGluZyB0aGUgcmlzayBvZiB1bmF1dGhvcml6ZWQgbWFuaXB1bGF0 aW9uIG9mIHRoZQ0KPiAgIGVuY2Fwc3VsYXRpb24gaGVhZGVycyBvciBtZXRhZGF0YS4NCj4gDQo+ IFRoaXMgaXMgaW4gZGlyZWN0IGNvbmZsaWN0IHdpdGggdGhlIFNlcnZpY2UgT3ZlcmxheSByZXF1 aXJlbWVudHMgaW4gdGhlDQo+IFNlY3VyaXR5IENvbnNpZGVyYXRpb25zIG9mIFJGQzc2NjUuDQoN CkkgZG8gbm90IHRoaW5rIGl0IGlzLCBhcyBzaG93biBhYm92ZS4gQ291bGQgeW91IHBsZWFzZSBi ZSBtb3JlIHNwZWNpZmljPw0KDQpQbGVhc2Ugbm90ZSB0aGF0IHdlIG1lYW5pbmdmdWxseSBhbmQg ZHJhbWF0aWNhbGx5IOKAnGJlZWZlZCB1cOKAnSBhbGwgdGhpcyB0ZXh0IGZyb20gd2hlbiB5b3Ug cmV2aWV3ZWQgLTE4Lg0KDQo+IA0KPiBTZWN0aW9uIDguMQ0KPiBJJ2QgbGlrZSB0byBzZWUgc29t ZSBNVVNUcyB0byBhZGRyZXNzIHRoZSBjb25jZXJucyBsaXN0ZWQgaW4gUkZDNzY2NSBmb3INCj4g ZW5jYXBzdWxhdGlvbiByZXF1aXJlbWVudHMgb3IgYW4gYWRkaXRpb24gb2YgaW50ZWdyaXR5IHBy b3RlY3Rpb24gb24gTlNIIGl0c2VsZi4NCj4gDQoNClNlZSBhYm92ZS4NCg0KV2UgY2Fubm90IGFk ZCBhIE1VU1QgZm9yIHNvbWV0aGluZyB3ZSBhcmUgbm90IHNwZWNpZnlpbmcuIEFuZCBhdCB0aGUg TlNIIGl0c2VsZiwgd2UgYXJlIGJlaW5nIHZlcnkgZXhwbGljaXQgYWJvdXQgdGhlIHRocmVhdHMg YW5kIG1vdGl2YXRpb25zLCBTZWN0aW9uIDguMy4NCg0KPiANCj4gLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KPiBD T01NRU5UOg0KPiAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQo+IA0KPiBUaGlzIGludHJvZHVjdG9yeSB0ZXh0IGlz IG11Y2ggaW1wcm92ZWQgZnJvbSBhIHByZXZpb3VzIHZlcnNpb24gYW5kIG15DQo+IGNvbW1lbnRz LCB0aGFua3MgZm9yIHRoZSB1cGRhdGUuICBUaGlzIGhlbHBzIHF1aXRlIGEgYml0Lg0KDQpHcmVh dCB0byBoZWFyIQ0KDQo+IA0KPiAgIFRoZSBOZXR3b3JrIFNlcnZpY2UgSGVhZGVyIChOU0gpIHNw ZWNpZmljYXRpb24gZGVmaW5lcyBhIG5ldyBwcm90b2NvbA0KPiAgIGFuZCBhc3NvY2lhdGVkIGVu Y2Fwc3VsYXRpb24gZm9yIHRoZSBjcmVhdGlvbiBvZiBkeW5hbWljIHNlcnZpY2UNCj4gICBjaGFp bnMsIG9wZXJhdGluZyBhdCB0aGUgc2VydmljZSBwbGFuZS4gIFRoZSBOU0ggaXMgZGVzaWduZWQg dG8NCj4gICBlbmNhcHN1bGF0ZSBhbiBvcmlnaW5hbCBwYWNrZXQgb3IgZnJhbWUsIGFuZCBpbiB0 dXJuIGJlIGVuY2Fwc3VsYXRlZA0KPiAgIGJ5IGFuIG91dGVyIHRyYW5zcG9ydCBlbmNhcHN1bGF0 aW9uICh3aGljaCBpcyB1c2VkIHRvIGRlbGl2ZXIgdGhlIE5TSA0KPiAgIHRvIE5TSC1hd2FyZSBu ZXR3b3JrIGVsZW1lbnRzKSwgYXMgc2hvd24gaW4gRmlndXJlIDE6DQo+IA0KDQpJIGp1c3QgcmVt ZW1iZXIgdGhhdCB5b3UgaGFkIHN1Z2dlc3RlZCBhZGRpbmcgYSBwb2ludGVyIHRvIEZpZ3VyZSAz IGZyb20gUkZDIDc2NjUgYXMgd2VsbC4gV2lsbCBhZGQgdGhhdCB0byB0aGUgSW50cm8uDQoNCj4g U2VjdGlvbiA4LjE6DQo+IEkgZG9uJ3QgdGhpbmsgeW91IG5lZWQgdGhlIHRleHQgb24gQkNQMzgu ICBJdCdzIGEgaGVscGZ1bCByZWNvbW1lbmRhdGlvbiBpbg0KPiBnZW5lcmFsLCBidXQgSSBkb24n dCBzZWUgaG93IGl0J3MgZGlyZWN0bHkgYXBwbGljYWJsZSB0byB0aGlzIHNwZWNpZmljYXRpb24u DQoNCkl0IHNlZW1zIHJlbGV2YW50IGluIHRoZSBjb250ZXh0IG9mIGZpbHRlcmluZyB0cmFmZmlj IHRoYXQgZ29lcyBpbnRvIHRoZSBzZXJ2aWNlIGZ1bmN0aW9uIHBhdGguIEJ1dCBpZiB5b3UgaW5z aXN0LCB3ZSBjYW4gY29tbWVudCBpdCBvdXQgaW4gdGhlIHNvdXJjZS4NCg0KPiANCj4gVGhhbmsg eW91IGZvciBhZGRpbmcgdGhlIHRleHQgb24gQm91bmRhcnkgcHJvdGVjdGlvbnMgcGVyIHRoZSBT ZWNEaXIgcmV2aWV3LCBJDQo+IHRoaW5rIHRoaXMgaXMgdmVyeSBoZWxwZnVsLg0KPiANCj4gDQoN Ck9mIGNvdXJzZSEgVGhhbmsgeW91IGFnYWluLCBLYXRobGVlbi4NCg0K4oCUIENhcmxvcy4NCg0K DQo= From nobody Tue Sep 26 23:29:28 2017 Return-Path: X-Original-To: sfc@ietfa.amsl.com Delivered-To: sfc@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 71B8712895E; Tue, 26 Sep 2017 23:29:21 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.699 X-Spam-Level: X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gVp6UjZv9GFa; Tue, 26 Sep 2017 23:29:18 -0700 (PDT) Received: from mail-yw0-x22c.google.com (mail-yw0-x22c.google.com [IPv6:2607:f8b0:4002:c05::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8BAF81286C7; Tue, 26 Sep 2017 23:29:18 -0700 (PDT) Received: by mail-yw0-x22c.google.com with SMTP id x131so8616965ywa.10; Tue, 26 Sep 2017 23:29:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=dSpC8ZAhXSgxyB2N29aEhZqfNl3DE1gKDtcAiSU0SMo=; b=QbdF99+6NWGcHQezgW/owacwfXbXoDyYvzZmqTjK9vE9IjsVgVdG1A0pyJq46vSfQ0 G+IoV2IYy4w7keTEGLSphIyRIMvhOxCP5hrFAeSKUQ++rJeBsK1ydKSKewBIAlVoaDaE nnN+4k408h06+sLDZSUIvdZhh2D+f3F47R8rH3ismm4Ru0J7HBphW2xsdKPF048b8Dpd n+rWeCQ46CEhxUv2Q2Jqfwb6WAOs9S5urgYn3gv8cCJrD2+kMOKPS4UGo/XeDpcrxHNz dy6aNimJ1iDHtB1yc6MSVOUgwfdOOedQSDgwsttIFxBWI3ul+V98whzIfVQxpJQpZPEY kB8w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=dSpC8ZAhXSgxyB2N29aEhZqfNl3DE1gKDtcAiSU0SMo=; b=VAsuoP6YsHV5i4apWwDmmXUWnWGAXEGNtRaFSt/VnNOrqydQlmgtkXj5mzrx2oug4X X4njd604VefZ/TZzqPZDtX8Wrr0Um4QFZzpfYtjWfgLqewxBePHST1fUQmSP4bTR4Vwr k2VIx3IwJTWNDdBvD9XmqGLD/fI22gDX5u72ZnjtlUAtaJefgCElpERsyiDaBZfVW+MZ 4R9iNw6nNZUGxtUi8JHhA7LEVQEBo4tAApAz8AC9z1TF33vGDICr8oJy/x+BQPnh+BY0 94k+nTlicz0RHTw87Vh6SLeVDRNBWMjONz2apgfzf5cMWEeBu60zWzRZNAp86UKx1CLB eriA== X-Gm-Message-State: AHPjjUgJ8l1/YX7jrLhxr4otPhvHzErRtJLC8slYSYjRVGxtKoRA4ftS Uy12v9AjQE8xAdLcFDTgZkBYTVkiszmPygZ0Oo4= X-Google-Smtp-Source: AOwi7QCDNaJ6a5Ome283cDJ9VbGNGKyErenupyQGHeW3s5dNNFWHh2f5nPwtDIp0UhrXZc4ZuPeO2rGVEAMT49R/mrE= X-Received: by 10.129.123.194 with SMTP id w185mr161493ywc.333.1506493757646; Tue, 26 Sep 2017 23:29:17 -0700 (PDT) MIME-Version: 1.0 Received: by 10.37.2.71 with HTTP; Tue, 26 Sep 2017 23:29:17 -0700 (PDT) Received: by 10.37.2.71 with HTTP; Tue, 26 Sep 2017 23:29:17 -0700 (PDT) In-Reply-To: References: <150644295986.20869.15901882753312059319.idtracker@ietfa.amsl.com> From: Spencer Dawkins at IETF Date: Wed, 27 Sep 2017 14:29:17 +0800 Message-ID: To: "Carlos Pignataro (cpignata)" Cc: iesg@ietf.org, Wesley Eddy , "draft-ietf-sfc-nsh@ietf.org" , Service Function Chaining IETF list , "sfc-chairs@ietf.org" , "Joel M. Halpern" Content-Type: multipart/alternative; boundary="001a1149390447ef7f055a25e994" Archived-At: Subject: Re: [sfc] Spencer Dawkins' No Objection on draft-ietf-sfc-nsh-24: (with COMMENT) X-BeenThere: sfc@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Network Service Chaining List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Sep 2017 06:29:21 -0000 --001a1149390447ef7f055a25e994 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Hi, Carlos, On Sep 27, 2017 11:43, "Carlos Pignataro (cpignata)" wrote: Many thanks Spencer for the comments below! Please see inline. > On Sep 26, 2017, at 12:22 PM, Spencer Dawkins < spencerdawkins.ietf@gmail.com> wrote: > > Spencer Dawkins has entered the following ballot position for > draft-ietf-sfc-nsh-24: No Objection > > When responding, please keep the subject line intact and reply to all > email addresses included in the To and CC lines. (Feel free to cut this > introductory paragraph, however.) > > > Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html > for more information about IESG DISCUSS and COMMENT positions. > > > The document, along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/draft-ietf-sfc-nsh/ > > > > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > Thank you for responding to Wes Eddy's TSV-ART review of -19 (and, of course, > for making text changes that seemed appropriate). > Thanks to Wes for taking the time to review! We did go over the whole document with a fine comb cleaning up terms based on Wes=E2=80=99 feedback. > It seems to me that you describe expectations about the applicability of NSH in > various places in the document, and in various ways. You might consider (for > example) pulling the common elements of statements like (from Section 5) > > Within a managed administrative domain, an operator can ensure that > the underlay MTU is sufficient to carry SFC traffic without requiring > fragmentation. Given that the intended scope of the NSH is within a > single provider's operational domain, that approach is sufficient. > > and (from Section 8) > > NSH is designed for use within operator environments. As such, it > does not include any mandatory security mechanisms. As with many > other protocols, without enhancements, the NSH encapsulation can be > spoofed and is subject to snooping and modification in transit. > > However, the deployment scope (as defined in [RFC7665]) of the NSH > encapsulation is limited to a single network administrative domain as > a controlled environment, with trusted devices (e.g., a data center) > hence mitigating the risk of unauthorized manipulation of the > encapsulation headers or metadata. This controlled environment is an > important assumption for NSH. There is one additional important > assumption: All of the service functions used by an operator in > service chains are assumed to be selected and vetted by the operator. > > into one section describing the applicability of NSH, appearing MUCH earlier in > the document (the most detailed description of your expectations looks like it > appears in the Security Considerations section, but parts of that description > are applicable to the Fragmentation Considerations section, which appears three > sections earlier in the document). The reader would have your intended > applicability in mind much earlier and more clearly, and you could just invoke > your expectations by reference when you need to explain how they apply > elsewhere in the document, so the expectations in play would be consisten= t > across mentions throughout the document. We are very hesitant to make drastic structural modifications to the document at this stage. Understood :-) I understand your point about compiling a list of expectations throughout the document into a self-contained index. However, those expectations are very different for each area (e.g., security, encapsulation transport, etc.) and are currently functionally organized. The goal is not to have a list of requirements, but have implementors functionally read through the complete specification. Right, but the problem is that the expectations that kept me from balloting Discuss were three sections after the section TSV ADs turn to automatically. So our mileage for functional organization differs. ISTM that providing key information allowing an informed decision about whether to use this mechanism in the 8th section, under security considerations, is really waiting until the last minute. Suspense is good for novels, but maybe not for implementers and operators. This isn't quite as late as adding MUSTs in the IANA considerations section, but it's close. If you can think of a better way to ensure that people making deployment decisions understand the limitations, that would be good. If not, it's a comment. Do the right thing, of course. Based on earlier feedback, we did present a more deliberate and intentional applicability early on, in the Introduction. See third-to-last paragraph of Section 1. That definitely helps. Thanks for that. > > I'm still bothered that this document doesn't explicitly mention ICMP blocking > as a problem for PMTUD with IP encapsulations. We do not want to take away from the focus of the document, to have an analysis of PMTUD. Doing so would be unfair to PMTUD, and invariably incorrect by omission. There are other things that break PMTUD too potentially, and other risks such as ICMP attacks, etc. Given the fact that the IP encapsulation can be IPv4 or IPv6, we do not want to explain PMTUD. That said, if there is a single Reference that you feel captures the PMTUD problems and guidance, we will be happy to add it! > We're just not good at path MTU > discovery, so it seems useful to call this out explicitly when a document > expects to use PMTUD. That way, people who use NSH will know to check for ICMP > blocking on their networks before they receive their first trouble reports. > This almost reached my threshold for balloting Discuss, so I'd hope you folks > would consider that. We are considering and happy to add some text about the problem. However, we were unable to find a single reference that atomically describes the problem and gives recommendation. Even RFC 8201 includes only a single-sentence lost in middle of the Introduction. The reason coming up with a reference for this is hard, is because we're just not very good at path MTU discovery :p But 8201 is possibly the best reference available (recent Internet Standard). Do the right thing ... Proposal: OLD: For example, when the NSH is encapsulated in IP, IP-level fragmentation coupled with Path MTU Discovery (PMTUD) is used. NEW: For example, when the NSH is encapsulated in IP, IP-level fragmentation coupled with Path MTU Discovery (PMTUD) is used. Since PMTUD relies on ICMP messages, an operator should ensure ICMP packets are not blocked. But a citation would enrich this. Please let us know. RFC 2923 is too TCP specific, etc... This text is helpful. If mentioning 8201 somewhere seems helpful, that would be fine with me. > > I see that the applicability of NSH includes encapsulations that don't provide > a path MTU discovery mechanism, and that your resolution for those > encapsulations is to log events when a "too big" packet is dropped. Could you > educate me, as to whether all encapsulations detect that this is happening? It > might be that encapsulations are using a fixed maximum MTU by definition, so > that what you're logging is an attempt to send a payload that violates th= e > protocol definition of the encapsulation, but I don't know that that's true in > all cases, so thought I should ask. We cannot prove if *all* encapsulations detect that as happening, as you are asking. However, if an encapsulation drops a packet for that reason we are adding a requirement for those encaps. Perfect. > > I saw a suggestion from Joe Touch (in a response to the TSV-ART review) t= o > consider looking at the terminology developed for draft-ietf-intarea-tunnels. I > didn't see a reply to that suggestion, and I didn't see a reference to > draft-ietf-intarea-tunnels in -24 - was this considered? Apologies for not having responded. Yes, this was considered. The needs of draft-ietf-sfc-nsh are so basic in this regards that we use only two terms. Those two terms are exact terms defined in draft-ietf-intarea-tunnels. MTU and PMTUD. This document does not make use of things like EMTU_R. Thanks for the feedback. > > (I'm also asking because I want to keep track of whether people applying > encapsulations find that document useful, of course) I reviewed an earlier iteration of that document, almost a decade ago (!!) and sent pages of comments. I also reviewed a subsequent intarea WG version of it. The applicability of that doc to draft-ietf-sfc-nsh is quite limited= . By the way, the treatment of ICMP blockage in draft-ietf-intarea-tunnels is quite not exhaustive =E2=80=94 and that document seems a better place for complaining about ICMP and PMTUD. Perhaps so. Thanks for all this. Spencer > > (Joe's follow-up is at > https://mailarchive.ietf.org/arch/msg/tsv-art/CsdWwR9B5_AB64D0eFl-KIE7_NA= ) > > Thanks again! =E2=80=94 Carlos. --001a1149390447ef7f055a25e994 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Hi, Carlos,

On Sep 27, 2017 11:43, "Carlos Pignataro (cpignat= a)" <cpigna= ta@cisco.com> wrote:
Many thanks Spencer for the comments below!

Please see inline.

> On Sep 26, 2017, at 12:22 PM, Spencer Dawkins <spencerdawkins.ietf@gmail.co= m> wrote:
>
> Spencer Dawkins has entered the following ballot position for
> draft-ietf-sfc-nsh-24: No Objection
>
> When responding, please keep the subject line intact and reply to all<= br> > email addresses included in the To and CC lines. (Feel free to cut thi= s
> introductory paragraph, however.)
>
>
> Please refer to https://www.ietf.org/i= esg/statement/discuss-criteria.html
> for more information about IESG DISCUSS and COMMENT positions.
>
>
> The document, along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/dra= ft-ietf-sfc-nsh/
>
>
>
> ------------------------------------------------------------= ----------
> COMMENT:
> ------------------------------------------------------------= ----------
>
> Thank you for responding to Wes Eddy's TSV-ART review of -19 (and,= of course,
> for making text changes that seemed appropriate).
>

Thanks to Wes for taking the time to review!

We did go over the whole document with a fine comb cleaning up terms based = on Wes=E2=80=99 feedback.

> It seems to me that you describe expectations about the applicability = of NSH in
> various places in the document, and in various ways. You might conside= r (for
> example) pulling the common elements of statements like (from Section = 5)
>
>=C2=A0 =C2=A0Within a managed administrative domain, an operator can en= sure that
>=C2=A0 =C2=A0the underlay MTU is sufficient to carry SFC traffic withou= t requiring
>=C2=A0 =C2=A0fragmentation.=C2=A0 Given that the intended scope of the = NSH is within a
>=C2=A0 =C2=A0single provider's operational domain, that approach is= sufficient.
>
> and (from Section 8)
>
>=C2=A0 NSH is designed for use within operator environments.=C2=A0 As s= uch, it
>=C2=A0 =C2=A0does not include any mandatory security mechanisms.=C2=A0 = As with many
>=C2=A0 =C2=A0other protocols, without enhancements, the NSH encapsulati= on can be
>=C2=A0 =C2=A0spoofed and is subject to snooping and modification in tra= nsit.
>
>=C2=A0 =C2=A0However, the deployment scope (as defined in [RFC7665]) of= the NSH
>=C2=A0 =C2=A0encapsulation is limited to a single network administrativ= e domain as
>=C2=A0 =C2=A0a controlled environment, with trusted devices (e.g., a da= ta center)
>=C2=A0 =C2=A0hence mitigating the risk of unauthorized manipulation of = the
>=C2=A0 =C2=A0encapsulation headers or metadata.=C2=A0 This controlled e= nvironment is an
>=C2=A0 =C2=A0important assumption for NSH.=C2=A0 There is one additiona= l important
>=C2=A0 =C2=A0assumption: All of the service functions used by an operat= or in
>=C2=A0 =C2=A0service chains are assumed to be selected and vetted by th= e operator.
>
> into one section describing the applicability of NSH, appearing MUCH e= arlier in
> the document (the most detailed description of your expectations looks= like it
> appears in the Security Considerations section, but parts of that desc= ription
> are applicable to the Fragmentation Considerations section, which appe= ars three
> sections earlier in the document). The reader would have your intended=
> applicability in mind much earlier and more clearly, and you could jus= t invoke
> your expectations by reference when you need to explain how they apply=
> elsewhere in the document, so the expectations in play would be consis= tent
> across mentions throughout the document.

We are very hesitant to make drastic structural modifications to the = document at this stage.

Understood :-)

<= blockquote class=3D"m_2137512800493707436quote" style=3D"margin:0 0 0 .8ex;= border-left:1px #ccc solid;padding-left:1ex">I understand your point about = compiling a list of expectations throughout the document into a self-contai= ned index. However, those expectations are very different for each area (e.= g., security, encapsulation transport, etc.) and are currently functionally= organized. The goal is not to have a list of requirements, but have implem= entors functionally read through the complete specification.

Right, but th= e problem is that the expectations that kept me from balloting Discuss were= three sections after the section TSV ADs turn to automatically. So our mil= eage for functional organization differs.

=
ISTM that providing key information allowing an informed = decision about whether to use this mechanism in the 8th section, under secu= rity considerations, is really waiting until the last minute. Suspense is g= ood for novels, but maybe not for implementers and operators.

This isn't quite as late as addin= g MUSTs in the IANA considerations section, but it's close.

If you can think of a better way to= ensure that people making deployment decisions understand the limitations,= that would be good.=C2=A0

If not, it's a comment. Do the right thing, of course.

=C2=A0Based = on earlier feedback, we did present a more deliberate and intentional appli= cability early on, in the Introduction. See third-to-last paragraph of Sect= ion 1.

That definitely helps. Thanks for that.
=

>
> I'm still bothered that this document doesn't explicitly menti= on ICMP blocking
> as a problem for PMTUD with IP encapsulations.

We do not want to take away from the focus of the document, to have a= n analysis of PMTUD. Doing so would be unfair to PMTUD, and invariably inco= rrect by omission. There are other things that break PMTUD too potentially,= and other risks such as ICMP attacks, etc.

Given the fact that the IP encapsulation can be IPv4 or IPv6, we do not wan= t to explain PMTUD.

That said, if there is a single Reference that you feel captures the PMTUD = problems and guidance, we will be happy to add it!


> We're just not good at path MTU
> discovery, so it seems useful to call this out explicitly when a docum= ent
> expects to use PMTUD. That way, people who use NSH will know to check = for ICMP
> blocking on their networks before they receive their first trouble rep= orts.
> This almost reached my threshold for balloting Discuss, so I'd hop= e you folks
> would consider that.

We are considering and happy to add some text about the problem. Howe= ver, we were unable to find a single reference that atomically describes th= e problem and gives recommendation. Even RFC 8201 includes only a single-se= ntence lost in middle of the Introduction.

The reason coming up with a= reference for this is hard, is because we're just not very good at pat= h MTU discovery =C2=A0:p

But 8201 is possibly the best reference available (recent Internet Standar= d). Do the right thing ...


Proposal:

OLD:
=C2=A0 =C2=A0For example, when the NSH is encapsulated in IP, IP-level
=C2=A0 =C2=A0fragmentation coupled with Path MTU Discovery (PMTUD) is used.=

NEW:

=C2=A0 =C2=A0For example, when the NSH is encapsulated in IP, IP-level
=C2=A0 =C2=A0fragmentation coupled with Path MTU Discovery (PMTUD) is used.= =C2=A0 Since
=C2=A0 =C2=A0PMTUD relies on ICMP messages, an operator should ensure ICMP<= br> =C2=A0 =C2=A0packets are not blocked.

But a citation would enrich this. Please let us know. RFC 2923 is too TCP s= pecific, etc...

This text is helpful. If mentioning 8201 somewhere see= ms helpful, that would be fine with me.


>
> I see that the applicability of NSH includes encapsulations that don&#= 39;t provide
> a path MTU discovery mechanism, and that your resolution for those
> encapsulations is to log events when a "too big" packet is d= ropped. Could you
> educate me, as to whether all encapsulations detect that this is happe= ning? It
> might be that encapsulations are using a fixed maximum MTU by definiti= on, so
> that what you're logging is an attempt to send a payload that viol= ates the
> protocol definition of the encapsulation, but I don't know that th= at's true in
> all cases, so thought I should ask.

We cannot prove if *all* encapsulations detect that as happening, as = you are asking. However, if an encapsulation drops a packet for that reason= we are adding a requirement for those encaps.
=

Perfect.

>
> I saw a suggestion from Joe Touch (in a response to the TSV-ART review= ) to
> consider looking at the terminology developed for draft-ietf-intarea-t= unnels. I
> didn't see a reply to that suggestion, and I didn't see a refe= rence to
> draft-ietf-intarea-tunnels in -24 - was this considered?

Apologies for not having responded. Yes, this was considered.

The needs of draft-ietf-sfc-nsh are so basic in this regards that we use on= ly two terms. Those two terms are exact terms defined in draft-ietf-intarea= -tunnels. MTU and PMTUD. This document does not make use of things like EMT= U_R.

Thanks for the feedback.


>
> (I'm also asking because I want to keep track of whether people ap= plying
> encapsulations find that document useful, of course)

I reviewed an earlier iteration of that document, almost a decade ago= (!!) and sent pages of comments. I also reviewed a subsequent intarea WG v= ersion of it. The applicability of that doc to draft-ietf-sfc-nsh is quite = limited.

By the way, the treatment of ICMP blockage in draft-ietf-intarea-tunnels is= quite not exhaustive =E2=80=94 and that document seems a better place for = complaining about ICMP and PMTUD.

Perhaps so.
<= br>
Thanks for all this.

=
Spencer

>
> (Joe's follow-up is at
> https://mailarchive.ie= tf.org/arch/msg/tsv-art/CsdWwR9B5_AB64D0eFl-KIE7_NA)
>
>


Thanks again!

=E2=80=94 Carlos.
--001a1149390447ef7f055a25e994-- From nobody Wed Sep 27 02:30:00 2017 Return-Path: X-Original-To: sfc@ietf.org Delivered-To: sfc@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 1CD251348A4; Wed, 27 Sep 2017 02:29:53 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: Alexey Melnikov To: "The IESG" Cc: draft-ietf-sfc-nsh@ietf.org, "Joel M. Halpern" , sfc-chairs@ietf.org, jmh@joelhalpern.com, sfc@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 6.62.1 Auto-Submitted: auto-generated Precedence: bulk Message-ID: <150650459311.24969.3080825211607015738.idtracker@ietfa.amsl.com> Date: Wed, 27 Sep 2017 02:29:53 -0700 Archived-At: Subject: [sfc] Alexey Melnikov's No Objection on draft-ietf-sfc-nsh-24: (with COMMENT) X-BeenThere: sfc@ietf.org X-Mailman-Version: 2.1.22 List-Id: Network Service Chaining List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Sep 2017 09:29:53 -0000 Alexey Melnikov has entered the following ballot position for draft-ietf-sfc-nsh-24: No Objection When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-sfc-nsh/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- I am agreeing with Kathleen's DISCUSS. Also, have you thought about likelyhood of introducing new versions, and if it is likely, what kind of restrictions do you want to impose on future versions (e.g. requirements on backward compatibility) and what are the criteria for bumping the version number? For example, future versions must use the same Base Header and Service Path header, but can add new mandatory fields after that. Etc. From nobody Wed Sep 27 04:49:53 2017 Return-Path: X-Original-To: sfc@ietfa.amsl.com Delivered-To: sfc@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C383A1349E1; Wed, 27 Sep 2017 04:49:46 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.619 X-Spam-Level: X-Spam-Status: No, score=-2.619 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VSs8_PRQTj_m; Wed, 27 Sep 2017 04:49:45 -0700 (PDT) Received: from relais-inet.orange.com (mta239.mail.business.static.orange.com [80.12.66.39]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BDBF1132026; Wed, 27 Sep 2017 04:49:44 -0700 (PDT) Received: from opfedar04.francetelecom.fr (unknown [xx.xx.xx.6]) by opfedar20.francetelecom.fr (ESMTP service) with ESMTP id 342F91207A1; Wed, 27 Sep 2017 13:49:43 +0200 (CEST) Received: from Exchangemail-eme2.itn.ftgroup (unknown [xx.xx.31.10]) by opfedar04.francetelecom.fr (ESMTP service) with ESMTP id 00D884005C; Wed, 27 Sep 2017 13:49:43 +0200 (CEST) Received: from OPEXCLILMA3.corporate.adroot.infra.ftgroup ([fe80::60a9:abc3:86e6:2541]) by OPEXCLILM5C.corporate.adroot.infra.ftgroup ([fe80::4bd:9b2b:3651:6fba%19]) with mapi id 14.03.0361.001; Wed, 27 Sep 2017 13:49:42 +0200 From: To: Alexey Melnikov , The IESG CC: "draft-ietf-sfc-nsh@ietf.org" , "jmh@joelhalpern.com" , "sfc-chairs@ietf.org" , "sfc@ietf.org" Thread-Topic: [sfc] Alexey Melnikov's No Objection on draft-ietf-sfc-nsh-24: (with COMMENT) Thread-Index: AQHTN3MxtXH3EalpAkWJfR9b4FB7wKLImnSQ Date: Wed, 27 Sep 2017 11:49:42 +0000 Message-ID: <787AE7BB302AE849A7480A190F8B93300A04AD4C@OPEXCLILMA3.corporate.adroot.infra.ftgroup> References: <150650459311.24969.3080825211607015738.idtracker@ietfa.amsl.com> In-Reply-To: <150650459311.24969.3080825211607015738.idtracker@ietfa.amsl.com> Accept-Language: fr-FR, en-US Content-Language: fr-FR X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.168.234.3] Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Archived-At: Subject: Re: [sfc] Alexey Melnikov's No Objection on draft-ietf-sfc-nsh-24: (with COMMENT) X-BeenThere: sfc@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Network Service Chaining List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Sep 2017 11:49:47 -0000 Dear Alexey,=20 With regards to your comment about future versions, the WG used to have thi= s ticket: https://trac.ietf.org/trac/sfc/ticket/6=20 There wasn't a consensus to add version negotiation or to discuss how backw= ard compatibility will be ensured.=20 There was a suggestion by Joel at that time to include this NEW text (https= ://www.ietf.org/mail-archive/web/sfc/current/msg03181.html):=20 "If an packet presumed to carry an NSH header is received at an SFF, and th= e SFF does not understnad the version of the protocol as indicated in the b= ase header, the packet MUST be discarded, and the event SHOULD be logged." Paul (one the document editors) agreed with that text but I'm afraid that t= ext wasn't added to the draft. It isn't too late, though. Thank you. Cheers, Med > -----Message d'origine----- > De=A0: sfc [mailto:sfc-bounces@ietf.org] De la part de Alexey Melnikov > Envoy=E9=A0: mercredi 27 septembre 2017 11:30 > =C0=A0: The IESG > Cc=A0: draft-ietf-sfc-nsh@ietf.org; jmh@joelhalpern.com; sfc- > chairs@ietf.org; sfc@ietf.org > Objet=A0: [sfc] Alexey Melnikov's No Objection on draft-ietf-sfc-nsh-24: > (with COMMENT) >=20 > Alexey Melnikov has entered the following ballot position for > draft-ietf-sfc-nsh-24: No Objection >=20 > When responding, please keep the subject line intact and reply to all > email addresses included in the To and CC lines. (Feel free to cut this > introductory paragraph, however.) >=20 >=20 > Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html > for more information about IESG DISCUSS and COMMENT positions. >=20 >=20 > The document, along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/draft-ietf-sfc-nsh/ >=20 >=20 >=20 > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- >=20 > I am agreeing with Kathleen's DISCUSS. >=20 > Also, have you thought about likelyhood of introducing new versions, and > if it > is likely, what kind of restrictions do you want to impose on future > versions > (e.g. requirements on backward compatibility) and what are the criteria > for > bumping the version number? For example, future versions must use the sam= e > Base > Header and Service Path header, but can add new mandatory fields after > that. > Etc. >=20 >=20 > _______________________________________________ > sfc mailing list > sfc@ietf.org > https://www.ietf.org/mailman/listinfo/sfc From nobody Wed Sep 27 04:50:21 2017 Return-Path: X-Original-To: sfc@ietfa.amsl.com Delivered-To: sfc@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4FD741349E1; Wed, 27 Sep 2017 04:50:14 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -14.521 X-Spam-Level: X-Spam-Status: No, score=-14.521 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2Hl6uNFAmAx5; Wed, 27 Sep 2017 04:50:08 -0700 (PDT) Received: from alln-iport-5.cisco.com (alln-iport-5.cisco.com [173.37.142.92]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 61B5E1349E6; Wed, 27 Sep 2017 04:50:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=13980; q=dns/txt; s=iport; t=1506513001; x=1507722601; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=TS2SuFPIChNQGT8orswJhL6t8aXUeAbBYSjpiztQ/Ug=; b=g6yaNQJJe0bZD/mLxpi4HRU3tZJfxoz+mI31fdM2WQo2zi3g2hw5v+a4 ZAm3t9A50kcHRx/473/Jfh6qk47RCLAn72KAVDXgDzXfSi1Iqg0CBIxzs xDJLVUvr1pVvkADjbAC0MXcAGblWM9ZGwkAHH/ZLLQ+A2OTE/18Y5YFeY 0=; X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0DCAQDUj8tZ/51dJa1cGQEBAQEBAQEBA?= =?us-ascii?q?QEBBwEBAQEBg1xkbicHg2+ZfYF2eYdJjXeCBAolhRYCGoQ+VwECAQEBAQECayi?= =?us-ascii?q?FGAEBAQECASMRQAUFCwIBCBgCAiYCAgIfERUQAgQOBYoZAw0IEKh/gieHPA2DO?= =?us-ascii?q?wEBAQEBAQEBAQEBAQEBAQEBAQEBARgFgQ6CHYICgVGBaiuBcFg1gl6BcwELBwE?= =?us-ascii?q?2gnwvgjEFihKOO4gXPAKHXIgGhHmCE4Vug36HBoxniDMCERkBgTgBV4EDC3gVS?= =?us-ascii?q?RIBhQccgWd2AYVoDxcDgQmBEAEBAQ?= X-IronPort-AV: E=Sophos;i="5.42,445,1500940800"; d="scan'208";a="8817227" Received: from rcdn-core-6.cisco.com ([173.37.93.157]) by alln-iport-5.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 27 Sep 2017 11:50:00 +0000 Received: from XCH-RTP-017.cisco.com (xch-rtp-017.cisco.com [64.101.220.157]) by rcdn-core-6.cisco.com (8.14.5/8.14.5) with ESMTP id v8RBnxD3014642 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Wed, 27 Sep 2017 11:50:00 GMT Received: from xch-rtp-020.cisco.com (64.101.220.160) by XCH-RTP-017.cisco.com (64.101.220.157) with Microsoft SMTP Server (TLS) id 15.0.1320.4; Wed, 27 Sep 2017 07:49:59 -0400 Received: from xch-rtp-020.cisco.com ([64.101.220.160]) by XCH-RTP-020.cisco.com ([64.101.220.160]) with mapi id 15.00.1320.000; Wed, 27 Sep 2017 07:49:59 -0400 From: "Carlos Pignataro (cpignata)" To: Spencer Dawkins at IETF CC: The IESG , Wesley Eddy , "draft-ietf-sfc-nsh@ietf.org" , "Service Function Chaining IETF list" , "sfc-chairs@ietf.org" , "Joel M. Halpern" Thread-Topic: Spencer Dawkins' No Objection on draft-ietf-sfc-nsh-24: (with COMMENT) Thread-Index: AQHTNuOuC2VDXw4nt0CnFP5cZ4x7oKLIWr+AgAAua4CAAFmZAA== Date: Wed, 27 Sep 2017 11:49:58 +0000 Message-ID: <4725A208-5A57-4C62-B12C-E41E7F9D5CFE@cisco.com> References: <150644295986.20869.15901882753312059319.idtracker@ietfa.amsl.com> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-exchange-messagesentrepresentingtype: 1 x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [10.118.116.133] Content-Type: text/plain; charset="utf-8" Content-ID: <70F03B904C1AF54681B9ADAAC081EDF8@emea.cisco.com> Content-Transfer-Encoding: base64 MIME-Version: 1.0 Archived-At: Subject: Re: [sfc] Spencer Dawkins' No Objection on draft-ietf-sfc-nsh-24: (with COMMENT) X-BeenThere: sfc@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Network Service Chaining List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Sep 2017 11:50:14 -0000 SGksIFNwZW5jZXIsDQoNClRoYW5rIHlvdSBmb3IgeW91ciBxdWljayBhbmQgdGhvdWdodGZ1bCBy ZXNwb25zZS4NCg0KPiBJZiBub3QsIGl0J3MgYSBjb21tZW50LiBEbyB0aGUgcmlnaHQgdGhpbmcs IG9mIGNvdXJzZS4NCg0KV2UgdGFrZSB0aGUgY29tbWVudCBzZXJpb3VzbHkgYXMgaXQgaXMgYSB1 bmlxdWUgbGFzdCBvcHBvcnR1bml0eSB0byBpbXByb3ZlLCBhbmQgIHJlYWxseSBhcHByZWNpYXRl IHRoZSDigJxEbyB0aGUgcmlnaHQgdGhpbmfigJ0gYXBwcm9hY2guDQoNClNwZWNpZmljcyBpbmxp bmUuDQoNCg0KPiBPbiBTZXAgMjcsIDIwMTcsIGF0IDI6MjkgQU0sIFNwZW5jZXIgRGF3a2lucyBh dCBJRVRGIDxzcGVuY2VyZGF3a2lucy5pZXRmQGdtYWlsLmNvbT4gd3JvdGU6DQo+IA0KPiBIaSwg Q2FybG9zLA0KPiANCj4gT24gU2VwIDI3LCAyMDE3IDExOjQzLCAiQ2FybG9zIFBpZ25hdGFybyAo Y3BpZ25hdGEpIiA8Y3BpZ25hdGFAY2lzY28uY29tPiB3cm90ZToNCj4gTWFueSB0aGFua3MgU3Bl bmNlciBmb3IgdGhlIGNvbW1lbnRzIGJlbG93IQ0KPiANCj4gUGxlYXNlIHNlZSBpbmxpbmUuDQo+ IA0KPiA+IE9uIFNlcCAyNiwgMjAxNywgYXQgMTI6MjIgUE0sIFNwZW5jZXIgRGF3a2lucyA8c3Bl bmNlcmRhd2tpbnMuaWV0ZkBnbWFpbC5jb20+IHdyb3RlOg0KPiA+DQo+ID4gU3BlbmNlciBEYXdr aW5zIGhhcyBlbnRlcmVkIHRoZSBmb2xsb3dpbmcgYmFsbG90IHBvc2l0aW9uIGZvcg0KPiA+IGRy YWZ0LWlldGYtc2ZjLW5zaC0yNDogTm8gT2JqZWN0aW9uDQo+ID4NCj4gPiBXaGVuIHJlc3BvbmRp bmcsIHBsZWFzZSBrZWVwIHRoZSBzdWJqZWN0IGxpbmUgaW50YWN0IGFuZCByZXBseSB0byBhbGwN Cj4gPiBlbWFpbCBhZGRyZXNzZXMgaW5jbHVkZWQgaW4gdGhlIFRvIGFuZCBDQyBsaW5lcy4gKEZl ZWwgZnJlZSB0byBjdXQgdGhpcw0KPiA+IGludHJvZHVjdG9yeSBwYXJhZ3JhcGgsIGhvd2V2ZXIu KQ0KPiA+DQo+ID4NCj4gPiBQbGVhc2UgcmVmZXIgdG8gaHR0cHM6Ly93d3cuaWV0Zi5vcmcvaWVz Zy9zdGF0ZW1lbnQvZGlzY3Vzcy1jcml0ZXJpYS5odG1sDQo+ID4gZm9yIG1vcmUgaW5mb3JtYXRp b24gYWJvdXQgSUVTRyBESVNDVVNTIGFuZCBDT01NRU5UIHBvc2l0aW9ucy4NCj4gPg0KPiA+DQo+ ID4gVGhlIGRvY3VtZW50LCBhbG9uZyB3aXRoIG90aGVyIGJhbGxvdCBwb3NpdGlvbnMsIGNhbiBi ZSBmb3VuZCBoZXJlOg0KPiA+IGh0dHBzOi8vZGF0YXRyYWNrZXIuaWV0Zi5vcmcvZG9jL2RyYWZ0 LWlldGYtc2ZjLW5zaC8NCj4gPg0KPiA+DQo+ID4NCj4gPiAtLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQo+ID4gQ09N TUVOVDoNCj4gPiAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQo+ID4NCj4gPiBUaGFuayB5b3UgZm9yIHJlc3BvbmRp bmcgdG8gV2VzIEVkZHkncyBUU1YtQVJUIHJldmlldyBvZiAtMTkgKGFuZCwgb2YgY291cnNlLA0K PiA+IGZvciBtYWtpbmcgdGV4dCBjaGFuZ2VzIHRoYXQgc2VlbWVkIGFwcHJvcHJpYXRlKS4NCj4g Pg0KPiANCj4gVGhhbmtzIHRvIFdlcyBmb3IgdGFraW5nIHRoZSB0aW1lIHRvIHJldmlldyENCj4g DQo+IFdlIGRpZCBnbyBvdmVyIHRoZSB3aG9sZSBkb2N1bWVudCB3aXRoIGEgZmluZSBjb21iIGNs ZWFuaW5nIHVwIHRlcm1zIGJhc2VkIG9uIFdlc+KAmSBmZWVkYmFjay4NCj4gDQo+ID4gSXQgc2Vl bXMgdG8gbWUgdGhhdCB5b3UgZGVzY3JpYmUgZXhwZWN0YXRpb25zIGFib3V0IHRoZSBhcHBsaWNh YmlsaXR5IG9mIE5TSCBpbg0KPiA+IHZhcmlvdXMgcGxhY2VzIGluIHRoZSBkb2N1bWVudCwgYW5k IGluIHZhcmlvdXMgd2F5cy4gWW91IG1pZ2h0IGNvbnNpZGVyIChmb3INCj4gPiBleGFtcGxlKSBw dWxsaW5nIHRoZSBjb21tb24gZWxlbWVudHMgb2Ygc3RhdGVtZW50cyBsaWtlIChmcm9tIFNlY3Rp b24gNSkNCj4gPg0KPiA+ICAgV2l0aGluIGEgbWFuYWdlZCBhZG1pbmlzdHJhdGl2ZSBkb21haW4s IGFuIG9wZXJhdG9yIGNhbiBlbnN1cmUgdGhhdA0KPiA+ICAgdGhlIHVuZGVybGF5IE1UVSBpcyBz dWZmaWNpZW50IHRvIGNhcnJ5IFNGQyB0cmFmZmljIHdpdGhvdXQgcmVxdWlyaW5nDQo+ID4gICBm cmFnbWVudGF0aW9uLiAgR2l2ZW4gdGhhdCB0aGUgaW50ZW5kZWQgc2NvcGUgb2YgdGhlIE5TSCBp cyB3aXRoaW4gYQ0KPiA+ICAgc2luZ2xlIHByb3ZpZGVyJ3Mgb3BlcmF0aW9uYWwgZG9tYWluLCB0 aGF0IGFwcHJvYWNoIGlzIHN1ZmZpY2llbnQuDQo+ID4NCj4gPiBhbmQgKGZyb20gU2VjdGlvbiA4 KQ0KPiA+DQo+ID4gIE5TSCBpcyBkZXNpZ25lZCBmb3IgdXNlIHdpdGhpbiBvcGVyYXRvciBlbnZp cm9ubWVudHMuICBBcyBzdWNoLCBpdA0KPiA+ICAgZG9lcyBub3QgaW5jbHVkZSBhbnkgbWFuZGF0 b3J5IHNlY3VyaXR5IG1lY2hhbmlzbXMuICBBcyB3aXRoIG1hbnkNCj4gPiAgIG90aGVyIHByb3Rv Y29scywgd2l0aG91dCBlbmhhbmNlbWVudHMsIHRoZSBOU0ggZW5jYXBzdWxhdGlvbiBjYW4gYmUN Cj4gPiAgIHNwb29mZWQgYW5kIGlzIHN1YmplY3QgdG8gc25vb3BpbmcgYW5kIG1vZGlmaWNhdGlv biBpbiB0cmFuc2l0Lg0KPiA+DQo+ID4gICBIb3dldmVyLCB0aGUgZGVwbG95bWVudCBzY29wZSAo YXMgZGVmaW5lZCBpbiBbUkZDNzY2NV0pIG9mIHRoZSBOU0gNCj4gPiAgIGVuY2Fwc3VsYXRpb24g aXMgbGltaXRlZCB0byBhIHNpbmdsZSBuZXR3b3JrIGFkbWluaXN0cmF0aXZlIGRvbWFpbiBhcw0K PiA+ICAgYSBjb250cm9sbGVkIGVudmlyb25tZW50LCB3aXRoIHRydXN0ZWQgZGV2aWNlcyAoZS5n LiwgYSBkYXRhIGNlbnRlcikNCj4gPiAgIGhlbmNlIG1pdGlnYXRpbmcgdGhlIHJpc2sgb2YgdW5h dXRob3JpemVkIG1hbmlwdWxhdGlvbiBvZiB0aGUNCj4gPiAgIGVuY2Fwc3VsYXRpb24gaGVhZGVy cyBvciBtZXRhZGF0YS4gIFRoaXMgY29udHJvbGxlZCBlbnZpcm9ubWVudCBpcyBhbg0KPiA+ICAg aW1wb3J0YW50IGFzc3VtcHRpb24gZm9yIE5TSC4gIFRoZXJlIGlzIG9uZSBhZGRpdGlvbmFsIGlt cG9ydGFudA0KPiA+ICAgYXNzdW1wdGlvbjogQWxsIG9mIHRoZSBzZXJ2aWNlIGZ1bmN0aW9ucyB1 c2VkIGJ5IGFuIG9wZXJhdG9yIGluDQo+ID4gICBzZXJ2aWNlIGNoYWlucyBhcmUgYXNzdW1lZCB0 byBiZSBzZWxlY3RlZCBhbmQgdmV0dGVkIGJ5IHRoZSBvcGVyYXRvci4NCj4gPg0KPiA+IGludG8g b25lIHNlY3Rpb24gZGVzY3JpYmluZyB0aGUgYXBwbGljYWJpbGl0eSBvZiBOU0gsIGFwcGVhcmlu ZyBNVUNIIGVhcmxpZXIgaW4NCj4gPiB0aGUgZG9jdW1lbnQgKHRoZSBtb3N0IGRldGFpbGVkIGRl c2NyaXB0aW9uIG9mIHlvdXIgZXhwZWN0YXRpb25zIGxvb2tzIGxpa2UgaXQNCj4gPiBhcHBlYXJz IGluIHRoZSBTZWN1cml0eSBDb25zaWRlcmF0aW9ucyBzZWN0aW9uLCBidXQgcGFydHMgb2YgdGhh dCBkZXNjcmlwdGlvbg0KPiA+IGFyZSBhcHBsaWNhYmxlIHRvIHRoZSBGcmFnbWVudGF0aW9uIENv bnNpZGVyYXRpb25zIHNlY3Rpb24sIHdoaWNoIGFwcGVhcnMgdGhyZWUNCj4gPiBzZWN0aW9ucyBl YXJsaWVyIGluIHRoZSBkb2N1bWVudCkuIFRoZSByZWFkZXIgd291bGQgaGF2ZSB5b3VyIGludGVu ZGVkDQo+ID4gYXBwbGljYWJpbGl0eSBpbiBtaW5kIG11Y2ggZWFybGllciBhbmQgbW9yZSBjbGVh cmx5LCBhbmQgeW91IGNvdWxkIGp1c3QgaW52b2tlDQo+ID4geW91ciBleHBlY3RhdGlvbnMgYnkg cmVmZXJlbmNlIHdoZW4geW91IG5lZWQgdG8gZXhwbGFpbiBob3cgdGhleSBhcHBseQ0KPiA+IGVs c2V3aGVyZSBpbiB0aGUgZG9jdW1lbnQsIHNvIHRoZSBleHBlY3RhdGlvbnMgaW4gcGxheSB3b3Vs ZCBiZSBjb25zaXN0ZW50DQo+ID4gYWNyb3NzIG1lbnRpb25zIHRocm91Z2hvdXQgdGhlIGRvY3Vt ZW50Lg0KPiANCj4gV2UgYXJlIHZlcnkgaGVzaXRhbnQgdG8gbWFrZSBkcmFzdGljIHN0cnVjdHVy YWwgbW9kaWZpY2F0aW9ucyB0byB0aGUgZG9jdW1lbnQgYXQgdGhpcyBzdGFnZS4NCj4gDQo+IFVu ZGVyc3Rvb2QgOi0pDQo+IA0KPiBJIHVuZGVyc3RhbmQgeW91ciBwb2ludCBhYm91dCBjb21waWxp bmcgYSBsaXN0IG9mIGV4cGVjdGF0aW9ucyB0aHJvdWdob3V0IHRoZSBkb2N1bWVudCBpbnRvIGEg c2VsZi1jb250YWluZWQgaW5kZXguIEhvd2V2ZXIsIHRob3NlIGV4cGVjdGF0aW9ucyBhcmUgdmVy eSBkaWZmZXJlbnQgZm9yIGVhY2ggYXJlYSAoZS5nLiwgc2VjdXJpdHksIGVuY2Fwc3VsYXRpb24g dHJhbnNwb3J0LCBldGMuKSBhbmQgYXJlIGN1cnJlbnRseSBmdW5jdGlvbmFsbHkgb3JnYW5pemVk LiBUaGUgZ29hbCBpcyBub3QgdG8gaGF2ZSBhIGxpc3Qgb2YgcmVxdWlyZW1lbnRzLCBidXQgaGF2 ZSBpbXBsZW1lbnRvcnMgZnVuY3Rpb25hbGx5IHJlYWQgdGhyb3VnaCB0aGUgY29tcGxldGUgc3Bl Y2lmaWNhdGlvbi4NCj4gDQo+IFJpZ2h0LCBidXQgdGhlIHByb2JsZW0gaXMgdGhhdCB0aGUgZXhw ZWN0YXRpb25zIHRoYXQga2VwdCBtZSBmcm9tIGJhbGxvdGluZyBEaXNjdXNzIHdlcmUgdGhyZWUg c2VjdGlvbnMgYWZ0ZXIgdGhlIHNlY3Rpb24gVFNWIEFEcyB0dXJuIHRvIGF1dG9tYXRpY2FsbHku IFNvIG91ciBtaWxlYWdlIGZvciBmdW5jdGlvbmFsIG9yZ2FuaXphdGlvbiBkaWZmZXJzLg0KPiAN Cj4gSVNUTSB0aGF0IHByb3ZpZGluZyBrZXkgaW5mb3JtYXRpb24gYWxsb3dpbmcgYW4gaW5mb3Jt ZWQgZGVjaXNpb24gYWJvdXQgd2hldGhlciB0byB1c2UgdGhpcyBtZWNoYW5pc20gaW4gdGhlIDh0 aCBzZWN0aW9uLCB1bmRlciBzZWN1cml0eSBjb25zaWRlcmF0aW9ucywgaXMgcmVhbGx5IHdhaXRp bmcgdW50aWwgdGhlIGxhc3QgbWludXRlLiBTdXNwZW5zZSBpcyBnb29kIGZvciBub3ZlbHMsIGJ1 dCBtYXliZSBub3QgZm9yIGltcGxlbWVudGVycyBhbmQgb3BlcmF0b3JzLg0KPiANCj4gVGhpcyBp c24ndCBxdWl0ZSBhcyBsYXRlIGFzIGFkZGluZyBNVVNUcyBpbiB0aGUgSUFOQSBjb25zaWRlcmF0 aW9ucyBzZWN0aW9uLCBidXQgaXQncyBjbG9zZS4NCj4gDQo+IElmIHlvdSBjYW4gdGhpbmsgb2Yg YSBiZXR0ZXIgd2F5IHRvIGVuc3VyZSB0aGF0IHBlb3BsZSBtYWtpbmcgZGVwbG95bWVudCBkZWNp c2lvbnMgdW5kZXJzdGFuZCB0aGUgbGltaXRhdGlvbnMsIHRoYXQgd291bGQgYmUgZ29vZC4gDQo+ IA0KDQpJIHRoaW5rIHdoYXQgeW91IGFyZSBhZnRlciBpcyBtb3N0bHkgY29udGFpbmVkIGluIHRo ZSBsYXN0IDQgcGFyYWdyYXBocyBvZiB0aGUgSW50cm9kdWN0aW9uLiBXb3VsZCBpdCBoZWxwIGlm IHdlIHBsYWNlIHRob3NlIHVuZGVyIGEgc3ViLWhlYWRpbmcg4oCcMS4xIFNjb3Bl4oCdIG9yIOKA nDEuMSBBcHBsaWNhYmlsaXR54oCdPw0KDQo+IElmIG5vdCwgaXQncyBhIGNvbW1lbnQuIERvIHRo ZSByaWdodCB0aGluZywgb2YgY291cnNlLg0KPiANCj4gIEJhc2VkIG9uIGVhcmxpZXIgZmVlZGJh Y2ssIHdlIGRpZCBwcmVzZW50IGEgbW9yZSBkZWxpYmVyYXRlIGFuZCBpbnRlbnRpb25hbCBhcHBs aWNhYmlsaXR5IGVhcmx5IG9uLCBpbiB0aGUgSW50cm9kdWN0aW9uLiBTZWUgdGhpcmQtdG8tbGFz dCBwYXJhZ3JhcGggb2YgU2VjdGlvbiAxLg0KPiANCj4gVGhhdCBkZWZpbml0ZWx5IGhlbHBzLiBU aGFua3MgZm9yIHRoYXQuDQo+IA0KPiA+DQo+ID4gSSdtIHN0aWxsIGJvdGhlcmVkIHRoYXQgdGhp cyBkb2N1bWVudCBkb2Vzbid0IGV4cGxpY2l0bHkgbWVudGlvbiBJQ01QIGJsb2NraW5nDQo+ID4g YXMgYSBwcm9ibGVtIGZvciBQTVRVRCB3aXRoIElQIGVuY2Fwc3VsYXRpb25zLg0KPiANCj4gV2Ug ZG8gbm90IHdhbnQgdG8gdGFrZSBhd2F5IGZyb20gdGhlIGZvY3VzIG9mIHRoZSBkb2N1bWVudCwg dG8gaGF2ZSBhbiBhbmFseXNpcyBvZiBQTVRVRC4gRG9pbmcgc28gd291bGQgYmUgdW5mYWlyIHRv IFBNVFVELCBhbmQgaW52YXJpYWJseSBpbmNvcnJlY3QgYnkgb21pc3Npb24uIFRoZXJlIGFyZSBv dGhlciB0aGluZ3MgdGhhdCBicmVhayBQTVRVRCB0b28gcG90ZW50aWFsbHksIGFuZCBvdGhlciBy aXNrcyBzdWNoIGFzIElDTVAgYXR0YWNrcywgZXRjLg0KPiANCj4gR2l2ZW4gdGhlIGZhY3QgdGhh dCB0aGUgSVAgZW5jYXBzdWxhdGlvbiBjYW4gYmUgSVB2NCBvciBJUHY2LCB3ZSBkbyBub3Qgd2Fu dCB0byBleHBsYWluIFBNVFVELg0KPiANCj4gVGhhdCBzYWlkLCBpZiB0aGVyZSBpcyBhIHNpbmds ZSBSZWZlcmVuY2UgdGhhdCB5b3UgZmVlbCBjYXB0dXJlcyB0aGUgUE1UVUQgcHJvYmxlbXMgYW5k IGd1aWRhbmNlLCB3ZSB3aWxsIGJlIGhhcHB5IHRvIGFkZCBpdCENCj4gDQo+IA0KPiA+IFdlJ3Jl IGp1c3Qgbm90IGdvb2QgYXQgcGF0aCBNVFUNCj4gPiBkaXNjb3ZlcnksIHNvIGl0IHNlZW1zIHVz ZWZ1bCB0byBjYWxsIHRoaXMgb3V0IGV4cGxpY2l0bHkgd2hlbiBhIGRvY3VtZW50DQo+ID4gZXhw ZWN0cyB0byB1c2UgUE1UVUQuIFRoYXQgd2F5LCBwZW9wbGUgd2hvIHVzZSBOU0ggd2lsbCBrbm93 IHRvIGNoZWNrIGZvciBJQ01QDQo+ID4gYmxvY2tpbmcgb24gdGhlaXIgbmV0d29ya3MgYmVmb3Jl IHRoZXkgcmVjZWl2ZSB0aGVpciBmaXJzdCB0cm91YmxlIHJlcG9ydHMuDQo+ID4gVGhpcyBhbG1v c3QgcmVhY2hlZCBteSB0aHJlc2hvbGQgZm9yIGJhbGxvdGluZyBEaXNjdXNzLCBzbyBJJ2QgaG9w ZSB5b3UgZm9sa3MNCj4gPiB3b3VsZCBjb25zaWRlciB0aGF0Lg0KPiANCj4gV2UgYXJlIGNvbnNp ZGVyaW5nIGFuZCBoYXBweSB0byBhZGQgc29tZSB0ZXh0IGFib3V0IHRoZSBwcm9ibGVtLiBIb3dl dmVyLCB3ZSB3ZXJlIHVuYWJsZSB0byBmaW5kIGEgc2luZ2xlIHJlZmVyZW5jZSB0aGF0IGF0b21p Y2FsbHkgZGVzY3JpYmVzIHRoZSBwcm9ibGVtIGFuZCBnaXZlcyByZWNvbW1lbmRhdGlvbi4gRXZl biBSRkMgODIwMSBpbmNsdWRlcyBvbmx5IGEgc2luZ2xlLXNlbnRlbmNlIGxvc3QgaW4gbWlkZGxl IG9mIHRoZSBJbnRyb2R1Y3Rpb24uDQo+IA0KPiBUaGUgcmVhc29uIGNvbWluZyB1cCB3aXRoIGEg cmVmZXJlbmNlIGZvciB0aGlzIGlzIGhhcmQsIGlzIGJlY2F1c2Ugd2UncmUganVzdCBub3QgdmVy eSBnb29kIGF0IHBhdGggTVRVIGRpc2NvdmVyeSAgOnANCj4gDQo+IEJ1dCA4MjAxIGlzIHBvc3Np Ymx5IHRoZSBiZXN0IHJlZmVyZW5jZSBhdmFpbGFibGUgKHJlY2VudCBJbnRlcm5ldCBTdGFuZGFy ZCkuIERvIHRoZSByaWdodCB0aGluZyAuLi4NCj4gDQo+IA0KPiBQcm9wb3NhbDoNCj4gDQo+IE9M RDoNCj4gICAgRm9yIGV4YW1wbGUsIHdoZW4gdGhlIE5TSCBpcyBlbmNhcHN1bGF0ZWQgaW4gSVAs IElQLWxldmVsDQo+ICAgIGZyYWdtZW50YXRpb24gY291cGxlZCB3aXRoIFBhdGggTVRVIERpc2Nv dmVyeSAoUE1UVUQpIGlzIHVzZWQuDQo+IA0KPiBORVc6DQo+IA0KPiAgICBGb3IgZXhhbXBsZSwg d2hlbiB0aGUgTlNIIGlzIGVuY2Fwc3VsYXRlZCBpbiBJUCwgSVAtbGV2ZWwNCj4gICAgZnJhZ21l bnRhdGlvbiBjb3VwbGVkIHdpdGggUGF0aCBNVFUgRGlzY292ZXJ5IChQTVRVRCkgaXMgdXNlZC4g IFNpbmNlDQo+ICAgIFBNVFVEIHJlbGllcyBvbiBJQ01QIG1lc3NhZ2VzLCBhbiBvcGVyYXRvciBz aG91bGQgZW5zdXJlIElDTVANCj4gICAgcGFja2V0cyBhcmUgbm90IGJsb2NrZWQuDQo+IA0KPiBC dXQgYSBjaXRhdGlvbiB3b3VsZCBlbnJpY2ggdGhpcy4gUGxlYXNlIGxldCB1cyBrbm93LiBSRkMg MjkyMyBpcyB0b28gVENQIHNwZWNpZmljLCBldGMuLi4NCj4gDQo+IFRoaXMgdGV4dCBpcyBoZWxw ZnVsLiBJZiBtZW50aW9uaW5nIDgyMDEgc29tZXdoZXJlIHNlZW1zIGhlbHBmdWwsIHRoYXQgd291 bGQgYmUgZmluZSB3aXRoIG1lLg0KPiANCg0KU291bmRzIGdvb2QuIEFkZGVkIGJvdGggdGhlIHRl eHQgYW5kIGEgY2l0YXRpb24uDQoNCj4gDQo+ID4NCj4gPiBJIHNlZSB0aGF0IHRoZSBhcHBsaWNh YmlsaXR5IG9mIE5TSCBpbmNsdWRlcyBlbmNhcHN1bGF0aW9ucyB0aGF0IGRvbid0IHByb3ZpZGUN Cj4gPiBhIHBhdGggTVRVIGRpc2NvdmVyeSBtZWNoYW5pc20sIGFuZCB0aGF0IHlvdXIgcmVzb2x1 dGlvbiBmb3IgdGhvc2UNCj4gPiBlbmNhcHN1bGF0aW9ucyBpcyB0byBsb2cgZXZlbnRzIHdoZW4g YSAidG9vIGJpZyIgcGFja2V0IGlzIGRyb3BwZWQuIENvdWxkIHlvdQ0KPiA+IGVkdWNhdGUgbWUs IGFzIHRvIHdoZXRoZXIgYWxsIGVuY2Fwc3VsYXRpb25zIGRldGVjdCB0aGF0IHRoaXMgaXMgaGFw cGVuaW5nPyBJdA0KPiA+IG1pZ2h0IGJlIHRoYXQgZW5jYXBzdWxhdGlvbnMgYXJlIHVzaW5nIGEg Zml4ZWQgbWF4aW11bSBNVFUgYnkgZGVmaW5pdGlvbiwgc28NCj4gPiB0aGF0IHdoYXQgeW91J3Jl IGxvZ2dpbmcgaXMgYW4gYXR0ZW1wdCB0byBzZW5kIGEgcGF5bG9hZCB0aGF0IHZpb2xhdGVzIHRo ZQ0KPiA+IHByb3RvY29sIGRlZmluaXRpb24gb2YgdGhlIGVuY2Fwc3VsYXRpb24sIGJ1dCBJIGRv bid0IGtub3cgdGhhdCB0aGF0J3MgdHJ1ZSBpbg0KPiA+IGFsbCBjYXNlcywgc28gdGhvdWdodCBJ IHNob3VsZCBhc2suDQo+IA0KPiBXZSBjYW5ub3QgcHJvdmUgaWYgKmFsbCogZW5jYXBzdWxhdGlv bnMgZGV0ZWN0IHRoYXQgYXMgaGFwcGVuaW5nLCBhcyB5b3UgYXJlIGFza2luZy4gSG93ZXZlciwg aWYgYW4gZW5jYXBzdWxhdGlvbiBkcm9wcyBhIHBhY2tldCBmb3IgdGhhdCByZWFzb24gd2UgYXJl IGFkZGluZyBhIHJlcXVpcmVtZW50IGZvciB0aG9zZSBlbmNhcHMuDQo+IA0KPiBQZXJmZWN0Lg0K PiANCj4gPg0KPiA+IEkgc2F3IGEgc3VnZ2VzdGlvbiBmcm9tIEpvZSBUb3VjaCAoaW4gYSByZXNw b25zZSB0byB0aGUgVFNWLUFSVCByZXZpZXcpIHRvDQo+ID4gY29uc2lkZXIgbG9va2luZyBhdCB0 aGUgdGVybWlub2xvZ3kgZGV2ZWxvcGVkIGZvciBkcmFmdC1pZXRmLWludGFyZWEtdHVubmVscy4g SQ0KPiA+IGRpZG4ndCBzZWUgYSByZXBseSB0byB0aGF0IHN1Z2dlc3Rpb24sIGFuZCBJIGRpZG4n dCBzZWUgYSByZWZlcmVuY2UgdG8NCj4gPiBkcmFmdC1pZXRmLWludGFyZWEtdHVubmVscyBpbiAt MjQgLSB3YXMgdGhpcyBjb25zaWRlcmVkPw0KPiANCj4gQXBvbG9naWVzIGZvciBub3QgaGF2aW5n IHJlc3BvbmRlZC4gWWVzLCB0aGlzIHdhcyBjb25zaWRlcmVkLg0KPiANCj4gVGhlIG5lZWRzIG9m IGRyYWZ0LWlldGYtc2ZjLW5zaCBhcmUgc28gYmFzaWMgaW4gdGhpcyByZWdhcmRzIHRoYXQgd2Ug dXNlIG9ubHkgdHdvIHRlcm1zLiBUaG9zZSB0d28gdGVybXMgYXJlIGV4YWN0IHRlcm1zIGRlZmlu ZWQgaW4gZHJhZnQtaWV0Zi1pbnRhcmVhLXR1bm5lbHMuIE1UVSBhbmQgUE1UVUQuIFRoaXMgZG9j dW1lbnQgZG9lcyBub3QgbWFrZSB1c2Ugb2YgdGhpbmdzIGxpa2UgRU1UVV9SLg0KPiANCj4gVGhh bmtzIGZvciB0aGUgZmVlZGJhY2suDQo+IA0KPiANCj4gPg0KPiA+IChJJ20gYWxzbyBhc2tpbmcg YmVjYXVzZSBJIHdhbnQgdG8ga2VlcCB0cmFjayBvZiB3aGV0aGVyIHBlb3BsZSBhcHBseWluZw0K PiA+IGVuY2Fwc3VsYXRpb25zIGZpbmQgdGhhdCBkb2N1bWVudCB1c2VmdWwsIG9mIGNvdXJzZSkN Cj4gDQo+IEkgcmV2aWV3ZWQgYW4gZWFybGllciBpdGVyYXRpb24gb2YgdGhhdCBkb2N1bWVudCwg YWxtb3N0IGEgZGVjYWRlIGFnbyAoISEpIGFuZCBzZW50IHBhZ2VzIG9mIGNvbW1lbnRzLiBJIGFs c28gcmV2aWV3ZWQgYSBzdWJzZXF1ZW50IGludGFyZWEgV0cgdmVyc2lvbiBvZiBpdC4gVGhlIGFw cGxpY2FiaWxpdHkgb2YgdGhhdCBkb2MgdG8gZHJhZnQtaWV0Zi1zZmMtbnNoIGlzIHF1aXRlIGxp bWl0ZWQuDQo+IA0KPiBCeSB0aGUgd2F5LCB0aGUgdHJlYXRtZW50IG9mIElDTVAgYmxvY2thZ2Ug aW4gZHJhZnQtaWV0Zi1pbnRhcmVhLXR1bm5lbHMgaXMgcXVpdGUgbm90IGV4aGF1c3RpdmUg4oCU IGFuZCB0aGF0IGRvY3VtZW50IHNlZW1zIGEgYmV0dGVyIHBsYWNlIGZvciBjb21wbGFpbmluZyBh Ym91dCBJQ01QIGFuZCBQTVRVRC4NCj4gDQo+IFBlcmhhcHMgc28uDQo+IA0KPiBUaGFua3MgZm9y IGFsbCB0aGlzLg0KDQpUaGFuayB5b3UsIFNwZW5jZXIhDQoNCuKAlCBDYXJsb3MuDQoNCj4gDQo+ IFNwZW5jZXINCj4gDQo+ID4NCj4gPiAoSm9lJ3MgZm9sbG93LXVwIGlzIGF0DQo+ID4gaHR0cHM6 Ly9tYWlsYXJjaGl2ZS5pZXRmLm9yZy9hcmNoL21zZy90c3YtYXJ0L0NzZFd3UjlCNV9BQjY0RDBl RmwtS0lFN19OQSkNCj4gPg0KPiA+DQo+IA0KPiANCj4gVGhhbmtzIGFnYWluIQ0KPiANCj4g4oCU IENhcmxvcy4NCg0K From nobody Wed Sep 27 05:07:03 2017 Return-Path: X-Original-To: sfc@ietfa.amsl.com Delivered-To: sfc@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 18E77134AF8; Wed, 27 Sep 2017 05:07:01 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -14.521 X-Spam-Level: X-Spam-Status: No, score=-14.521 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id s845ifoo_jaH; Wed, 27 Sep 2017 05:06:54 -0700 (PDT) Received: from rcdn-iport-9.cisco.com (rcdn-iport-9.cisco.com [173.37.86.80]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AA893134A02; Wed, 27 Sep 2017 05:02:44 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=3486; q=dns/txt; s=iport; t=1506513764; x=1507723364; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=N1ClW+qboz/WsTV11ArFFWXzd2eR3KjggTuHfVVNfEI=; b=MhpxMvnjYkYu5UeEGHlMX0hxitswWwt3zk2O5fMT3+psRSH2qNEQMfER 3/oo3o7ZFcEjvkrW7BYS/dyoI1dNXbqyeVEuWTVP1OSSns4cI84bmdJFZ gxRvY+e26MNgfe9sLZ5CRlTgR1ooM4cYNrr45lu64Fz6f9T0c98SdDg5W A=; X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0DBAQAOk8tZ/4oNJK1cGQEBAQEBAQEBA?= =?us-ascii?q?QEBBwEBAQEBg1xkbicHg2+ZfYF2lisOggQKI4UYAhqEPkAXAQIBAQEBAQEBayi?= =?us-ascii?q?FGAEBAQECASMRRQULAgEIDgoCAiYCAgIwFRACBA4FiikIEKh1gieLBAEBAQEBA?= =?us-ascii?q?QEBAQEBAQEBAQEBAQEBARgFgQ6CHYICgVGBaiuCfYRRARIBgzIvgjEFihKOO4h?= =?us-ascii?q?TAodcjH+CE4VuiwSVGgIRGQGBOAEgATaBAwt4FVsBhQccgWd2AYV3gSOBEAEBA?= =?us-ascii?q?Q?= X-IronPort-AV: E=Sophos;i="5.42,445,1500940800"; d="scan'208";a="298418672" Received: from alln-core-5.cisco.com ([173.36.13.138]) by rcdn-iport-9.cisco.com with ESMTP/TLS/DHE-RSA-AES256-SHA; 27 Sep 2017 12:02:28 +0000 Received: from XCH-RTP-017.cisco.com (xch-rtp-017.cisco.com [64.101.220.157]) by alln-core-5.cisco.com (8.14.5/8.14.5) with ESMTP id v8RC2SqA021297 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Wed, 27 Sep 2017 12:02:28 GMT Received: from xch-rtp-020.cisco.com (64.101.220.160) by XCH-RTP-017.cisco.com (64.101.220.157) with Microsoft SMTP Server (TLS) id 15.0.1320.4; Wed, 27 Sep 2017 08:02:27 -0400 Received: from xch-rtp-020.cisco.com ([64.101.220.160]) by XCH-RTP-020.cisco.com ([64.101.220.160]) with mapi id 15.00.1320.000; Wed, 27 Sep 2017 08:02:27 -0400 From: "Carlos Pignataro (cpignata)" To: Alexey Melnikov CC: The IESG , "draft-ietf-sfc-nsh@ietf.org" , "Joel M. Halpern" , "sfc-chairs@ietf.org" , "sfc@ietf.org" Thread-Topic: Alexey Melnikov's No Objection on draft-ietf-sfc-nsh-24: (with COMMENT) Thread-Index: AQHTN3Mv4m1k6McXfE2++LvefpNKqKLI5SGA Date: Wed, 27 Sep 2017 12:02:27 +0000 Message-ID: References: <150650459311.24969.3080825211607015738.idtracker@ietfa.amsl.com> In-Reply-To: <150650459311.24969.3080825211607015738.idtracker@ietfa.amsl.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-exchange-messagesentrepresentingtype: 1 x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [10.118.116.133] Content-Type: text/plain; charset="utf-8" Content-ID: <95D77381ACC3FD42845C662247E83AD3@emea.cisco.com> Content-Transfer-Encoding: base64 MIME-Version: 1.0 Archived-At: Subject: Re: [sfc] Alexey Melnikov's No Objection on draft-ietf-sfc-nsh-24: (with COMMENT) X-BeenThere: sfc@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Network Service Chaining List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Sep 2017 12:07:01 -0000 VGhhbmssIEFsZXhleS4NCg0KPiBPbiBTZXAgMjcsIDIwMTcsIGF0IDU6MjkgQU0sIEFsZXhleSBN ZWxuaWtvdiA8YWFtZWxuaWtvdkBmYXN0bWFpbC5mbT4gd3JvdGU6DQo+IA0KPiBBbGV4ZXkgTWVs bmlrb3YgaGFzIGVudGVyZWQgdGhlIGZvbGxvd2luZyBiYWxsb3QgcG9zaXRpb24gZm9yDQo+IGRy YWZ0LWlldGYtc2ZjLW5zaC0yNDogTm8gT2JqZWN0aW9uDQo+IA0KPiBXaGVuIHJlc3BvbmRpbmcs IHBsZWFzZSBrZWVwIHRoZSBzdWJqZWN0IGxpbmUgaW50YWN0IGFuZCByZXBseSB0byBhbGwNCj4g ZW1haWwgYWRkcmVzc2VzIGluY2x1ZGVkIGluIHRoZSBUbyBhbmQgQ0MgbGluZXMuIChGZWVsIGZy ZWUgdG8gY3V0IHRoaXMNCj4gaW50cm9kdWN0b3J5IHBhcmFncmFwaCwgaG93ZXZlci4pDQo+IA0K PiANCj4gUGxlYXNlIHJlZmVyIHRvIGh0dHBzOi8vd3d3LmlldGYub3JnL2llc2cvc3RhdGVtZW50 L2Rpc2N1c3MtY3JpdGVyaWEuaHRtbA0KPiBmb3IgbW9yZSBpbmZvcm1hdGlvbiBhYm91dCBJRVNH IERJU0NVU1MgYW5kIENPTU1FTlQgcG9zaXRpb25zLg0KPiANCj4gDQo+IFRoZSBkb2N1bWVudCwg YWxvbmcgd2l0aCBvdGhlciBiYWxsb3QgcG9zaXRpb25zLCBjYW4gYmUgZm91bmQgaGVyZToNCj4g aHR0cHM6Ly9kYXRhdHJhY2tlci5pZXRmLm9yZy9kb2MvZHJhZnQtaWV0Zi1zZmMtbnNoLw0KPiAN Cj4gDQo+IA0KPiAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQo+IENPTU1FTlQ6DQo+IC0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCj4g DQo+IEkgYW0gYWdyZWVpbmcgd2l0aCBLYXRobGVlbidzIERJU0NVU1MuDQo+IA0KPiBBbHNvLCBo YXZlIHlvdSB0aG91Z2h0IGFib3V0IGxpa2VseWhvb2Qgb2YgaW50cm9kdWNpbmcgbmV3IHZlcnNp b25zLCBhbmQgaWYgaXQNCj4gaXMgbGlrZWx5LCB3aGF0IGtpbmQgb2YgcmVzdHJpY3Rpb25zIGRv IHlvdSB3YW50IHRvIGltcG9zZSBvbiBmdXR1cmUgdmVyc2lvbnMNCj4gKGUuZy4gcmVxdWlyZW1l bnRzIG9uIGJhY2t3YXJkIGNvbXBhdGliaWxpdHkpIGFuZCB3aGF0IGFyZSB0aGUgY3JpdGVyaWEg Zm9yDQo+IGJ1bXBpbmcgdGhlIHZlcnNpb24gbnVtYmVyPyBGb3IgZXhhbXBsZSwgZnV0dXJlIHZl cnNpb25zIG11c3QgdXNlIHRoZSBzYW1lIEJhc2UNCj4gSGVhZGVyIGFuZCBTZXJ2aWNlIFBhdGgg aGVhZGVyLCBidXQgY2FuIGFkZCBuZXcgbWFuZGF0b3J5IGZpZWxkcyBhZnRlciB0aGF0Lg0KPiBF dGMuDQoNClRoaXMgaXMgYSBnb29kIHF1ZXN0aW9uLg0KDQpUaGUgV0cgZGlkIG5vdCBkZWVwbHkg Y29uc2lkZXIgd2hhdCB0aGUgcmVxdWlyZW1lbnRzIG1pZ2h0IGJlIHRvIGhhdmUgdG8gdmVyc2lv bisrLiBGcmFua2x5LCB3ZSB3ZXJlIGFsbCBmb2N1c2VkIG9uIGdldHRpbmcgdGhpcyB2ZXJzaW9u IHJpZ2h0IDotKSB3aGljaCB3b3VsZCBtaW5pbWl6ZSB0aGUgbmVlZCBmb3IgYnVtcGluZyB1cCB0 aGUgdmVyc2lvbiBmaWVsZC4NCg0KVGhlIFZlcnNpb24gZmllbGQgaXMgdGhlcmUgdG8gZW5zdXJl IGludGVyb3BlcmFiaWxpdHkg4oCUIHNvIGEgbm9uLWludGVyb3BlcmFibGUgY2hhbmdlIHRvIE5T SCBtaWdodCByZXF1aXJlIGluY3JlYXNpbmcgdGhlIHZlcnNpb24gZmllbGQsIGFuZCBkZWZpbmlu ZyB3aXRoaW4gdGhlIG5ldyB2ZXJzaW9uIHRoZSBwb3RlbnRpYWwgYmFja3dhcmRzIGNvbXBhdGli aWxpdHkgbW9kZXMuIEJ1dCwgYWdhaW4sIHNlZW1zIHdpbGRseSBwcmVtYXR1cmUgdG8gYXR0ZW1w dCB0byBmb3Jlc2VlIHdoYXQgdGhvc2UgbWlnaHQgYmUsIGlmIGFueS4gUGVyc29uYWxseSwgSSB0 aGluayBuZWVkIG5vdCBiZSB0b28gcHJlc2NyaXB0aXZlIG9uIHRoaXMuDQoNCkEgc2VwYXJhdGUg KHlldCByZWxhdGVkKSBxdWVzdGlvbiBpcyB3aGF0IE1lZCBicm91Z2h0IHVwLCB3aGljaCBpcyB0 aGUgdHJlYXRtZW50IG9mIG90aGVyIChwb3RlbnRpYWxseSBmdXR1cmUpIHZlcnNpb25zIGJ5IHRo ZSBjdXJyZW50IHNwZWMuIFRoYXQgaXMgaW5kZWVkIHNvbWV0aGluZyB3ZSBuZWVkIHRvIHNwZWNp ZnkuDQoNCknigJlsbCBhZGQgdGhlIHRleHQgZnJvbSBKb2VsIEguIHRoYXQgTWVkIHBvaW50ZWQg dG8uIChUaGFua3MgTWVkISBBbmQgSm9lbCEpDQoNCgkiSWYgYW4gcGFja2V0IHByZXN1bWVkIHRv IGNhcnJ5IGFuIE5TSCBoZWFkZXIgaXMgcmVjZWl2ZWQgDQoJYXQgYW4gU0ZGLCBhbmQgdGhlIFNG RiBkb2VzIG5vdCB1bmRlcnN0bmFkIHRoZSB2ZXJzaW9uIG9mIA0KCXRoZSBwcm90b2NvbCBhcyBp bmRpY2F0ZWQgaW4gdGhlIGJhc2UgaGVhZGVyLCB0aGUgcGFja2V0IE1VU1QgDQoJYmUgZGlzY2Fy ZGVkLCBhbmQgdGhlIGV2ZW50IFNIT1VMRCBiZSBsb2dnZWQuIg0KDQpBbGV4ZWksIFdHLCBwbGVh c2UgbGV0IHVzIGtub3cgaWYgdGhlcmXigJlzIGFueSBjb25jZXJucyB3aXRoIHRoaXMgYXBwcm9h Y2guDQoNClRoYW5rcyENCg0KQ2FybG9zLg0KDQo+IA0KPiANCg0K From nobody Wed Sep 27 05:10:40 2017 Return-Path: X-Original-To: sfc@ietfa.amsl.com Delivered-To: sfc@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EBDFC134A20; Wed, 27 Sep 2017 05:10:37 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.699 X-Spam-Level: X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SeFcV0vLP6DX; Wed, 27 Sep 2017 05:10:34 -0700 (PDT) Received: from mail-yw0-x236.google.com (mail-yw0-x236.google.com [IPv6:2607:f8b0:4002:c05::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A9689134AC5; Wed, 27 Sep 2017 05:05:17 -0700 (PDT) Received: by mail-yw0-x236.google.com with SMTP id v72so9113999ywa.3; Wed, 27 Sep 2017 05:05:17 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=LHJKDKFCQ0EqQ3L0ln1yYISThWjgQzBu9a/02Y5Cf8I=; b=apkAbZ76kwPlP5zV6UmJWbnlFnJsluKkB54PJ5/8I/bG9XVJmVqFVLHiFzfLl1R8Ak Um0b5N4MKC4UDt8L9KNcPaUZSchE/w1da71MbdC24UOqu7ZXOtLx1YQVNS0gZNcUTaw0 xrN3Pv0GWf83QqDSiJzzaGEoAY55eEUJDshAepzf1Wep4IeLt2zMU65W/DbSHklIqjIQ 1BOYHIfWa8eAQrF6FLQJKdYve3D6AuywDZP+4fo+6tp822inJGLDAz1HsWGqR6tdaBFT 4+07CotEL9+45rckmVV/XHwvF7jcpMG3WlPdtnpi11nXhM9YtAdb/jOSuekKWfT2/XHS B+8w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=LHJKDKFCQ0EqQ3L0ln1yYISThWjgQzBu9a/02Y5Cf8I=; b=VapS243L3LmS5lLVb727TAggN72c6HTH0AvRHYAdgl0rRiIDVzVA/tpnFXgMzt8jTZ q18hM3T3NblXmOmNZIUjS7qVyd9oKxCdDuksfBOfRp3lnUNhaq6j7J+EySmCDdGMUUS6 POIlQ3SqjrU2MITa/nJFQmNktS5X1E0RbHIdhfMzXAkK5ZFULT5XCK0GLAFGPZH94mQ0 OSMWhtDVWbGrvjEFaPNC76M+plPhjkDsY/driLezY5scVnBEXZuWUchNrBMGmhlI8BCl KXIjdJIGRAz6w8q7dW3KT+Ax3+cTw2q3ezI11YE9/8QP+fhIAedlpHS9DQXGHS6lLwqE Xx4Q== X-Gm-Message-State: AHPjjUi42FvsMB18GO4r8yJ86oizdZQ+4yo/lrcRBWuTGROY0f3+wK6P Ev5bawC1IVL+69LUdfjzkqUiqwRfSPSAyEznf503Ww== X-Google-Smtp-Source: AOwi7QD/NWSkRcgsIv9aX+HgXTqevscjuinbmAeb1UhxZuN6hFI4WyspaL6s/CbG5HoYdqR4iQEkM3PqWt+46iQ85GE= X-Received: by 10.129.109.151 with SMTP id i145mr701587ywc.142.1506513916616; Wed, 27 Sep 2017 05:05:16 -0700 (PDT) MIME-Version: 1.0 Received: by 10.37.2.71 with HTTP; Wed, 27 Sep 2017 05:05:16 -0700 (PDT) Received: by 10.37.2.71 with HTTP; Wed, 27 Sep 2017 05:05:16 -0700 (PDT) In-Reply-To: <4725A208-5A57-4C62-B12C-E41E7F9D5CFE@cisco.com> References: <150644295986.20869.15901882753312059319.idtracker@ietfa.amsl.com> <4725A208-5A57-4C62-B12C-E41E7F9D5CFE@cisco.com> From: Spencer Dawkins at IETF Date: Wed, 27 Sep 2017 20:05:16 +0800 Message-ID: To: "Carlos Pignataro (cpignata)" Cc: iesg@ietf.org, "draft-ietf-sfc-nsh@ietf.org" , Wesley Eddy , "Joel M. Halpern" , "sfc-chairs@ietf.org" , Service Function Chaining IETF list Content-Type: multipart/alternative; boundary="001a114dad66d963fe055a2a9ab5" Archived-At: Subject: Re: [sfc] Spencer Dawkins' No Objection on draft-ietf-sfc-nsh-24: (with COMMENT) X-BeenThere: sfc@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Network Service Chaining List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Sep 2017 12:10:38 -0000 --001a114dad66d963fe055a2a9ab5 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Hi, Carlos, On Sep 27, 2017 19:50, "Carlos Pignataro (cpignata)" wrote: Hi, Spencer, Thank you for your quick and thoughtful response. > If not, it's a comment. Do the right thing, of course. We take the comment seriously as it is a unique last opportunity to improve, and really appreciate the =E2=80=9CDo the right thing=E2=80=9D ap= proach. Specifics inline. > On Sep 27, 2017, at 2:29 AM, Spencer Dawkins at IETF < spencerdawkins.ietf@gmail.com> wrote: > > Hi, Carlos, > > On Sep 27, 2017 11:43, "Carlos Pignataro (cpignata)" wrote: > Many thanks Spencer for the comments below! > > Please see inline. > > > On Sep 26, 2017, at 12:22 PM, Spencer Dawkins < spencerdawkins.ietf@gmail.com> wrote: > > > > Spencer Dawkins has entered the following ballot position for > > draft-ietf-sfc-nsh-24: No Objection > > > > When responding, please keep the subject line intact and reply to all > > email addresses included in the To and CC lines. (Feel free to cut this > > introductory paragraph, however.) > > > > > > Please refer to https://www.ietf.org/iesg/statement/discuss-criteria. html > > for more information about IESG DISCUSS and COMMENT positions. > > > > > > The document, along with other ballot positions, can be found here: > > https://datatracker.ietf.org/doc/draft-ietf-sfc-nsh/ > > > > > > > > ---------------------------------------------------------------------- > > COMMENT: > > ---------------------------------------------------------------------- > > > > Thank you for responding to Wes Eddy's TSV-ART review of -19 (and, of course, > > for making text changes that seemed appropriate). > > > > Thanks to Wes for taking the time to review! > > We did go over the whole document with a fine comb cleaning up terms based on Wes=E2=80=99 feedback. > > > It seems to me that you describe expectations about the applicability of NSH in > > various places in the document, and in various ways. You might consider (for > > example) pulling the common elements of statements like (from Section 5= ) > > > > Within a managed administrative domain, an operator can ensure that > > the underlay MTU is sufficient to carry SFC traffic without requiring > > fragmentation. Given that the intended scope of the NSH is within a > > single provider's operational domain, that approach is sufficient. > > > > and (from Section 8) > > > > NSH is designed for use within operator environments. As such, it > > does not include any mandatory security mechanisms. As with many > > other protocols, without enhancements, the NSH encapsulation can be > > spoofed and is subject to snooping and modification in transit. > > > > However, the deployment scope (as defined in [RFC7665]) of the NSH > > encapsulation is limited to a single network administrative domain as > > a controlled environment, with trusted devices (e.g., a data center) > > hence mitigating the risk of unauthorized manipulation of the > > encapsulation headers or metadata. This controlled environment is an > > important assumption for NSH. There is one additional important > > assumption: All of the service functions used by an operator in > > service chains are assumed to be selected and vetted by the operator. > > > > into one section describing the applicability of NSH, appearing MUCH earlier in > > the document (the most detailed description of your expectations looks like it > > appears in the Security Considerations section, but parts of that description > > are applicable to the Fragmentation Considerations section, which appears three > > sections earlier in the document). The reader would have your intended > > applicability in mind much earlier and more clearly, and you could just invoke > > your expectations by reference when you need to explain how they apply > > elsewhere in the document, so the expectations in play would be consistent > > across mentions throughout the document. > > We are very hesitant to make drastic structural modifications to the document at this stage. > > Understood :-) > > I understand your point about compiling a list of expectations throughout the document into a self-contained index. However, those expectations are very different for each area (e.g., security, encapsulation transport, etc.) and are currently functionally organized. The goal is not to have a list of requirements, but have implementors functionally read through the complete specification. > > Right, but the problem is that the expectations that kept me from balloting Discuss were three sections after the section TSV ADs turn to automatically. So our mileage for functional organization differs. > > ISTM that providing key information allowing an informed decision about whether to use this mechanism in the 8th section, under security considerations, is really waiting until the last minute. Suspense is good for novels, but maybe not for implementers and operators. > > This isn't quite as late as adding MUSTs in the IANA considerations section, but it's close. > > If you can think of a better way to ensure that people making deployment decisions understand the limitations, that would be good. > I think what you are after is mostly contained in the last 4 paragraphs of the Introduction. Would it help if we place those under a sub-heading =E2= =80=9C1.1 Scope=E2=80=9D or =E2=80=9C1.1 Applicability=E2=80=9D? This seems helpful. If it's useful for you to know, I'd prefer Applicability, just because I think IETF is doing more specifications that aren't generically deployable, and would like our readers and implementers to be more aware of whether they should be using each cool new thing on their own networks. You may have noticed that most of our recent tunneling specifications break congestion considerations into two sections - one, saying what's safe to deploy anywhere, and one saying what you can probably get away with if your network is closely monitored. We want people to be very aware of applicability considerations in many cases. > If not, it's a comment. Do the right thing, of course. > > Based on earlier feedback, we did present a more deliberate and intentional applicability early on, in the Introduction. See third-to-last paragraph of Section 1. > > That definitely helps. Thanks for that. > > > > > I'm still bothered that this document doesn't explicitly mention ICMP blocking > > as a problem for PMTUD with IP encapsulations. > > We do not want to take away from the focus of the document, to have an analysis of PMTUD. Doing so would be unfair to PMTUD, and invariably incorrect by omission. There are other things that break PMTUD too potentially, and other risks such as ICMP attacks, etc. > > Given the fact that the IP encapsulation can be IPv4 or IPv6, we do not want to explain PMTUD. > > That said, if there is a single Reference that you feel captures the PMTUD problems and guidance, we will be happy to add it! > > > > We're just not good at path MTU > > discovery, so it seems useful to call this out explicitly when a document > > expects to use PMTUD. That way, people who use NSH will know to check for ICMP > > blocking on their networks before they receive their first trouble reports. > > This almost reached my threshold for balloting Discuss, so I'd hope you folks > > would consider that. > > We are considering and happy to add some text about the problem. However, we were unable to find a single reference that atomically describes the problem and gives recommendation. Even RFC 8201 includes only a single-sentence lost in middle of the Introduction. > > The reason coming up with a reference for this is hard, is because we're just not very good at path MTU discovery :p > > But 8201 is possibly the best reference available (recent Internet Standard). Do the right thing ... > > > Proposal: > > OLD: > For example, when the NSH is encapsulated in IP, IP-level > fragmentation coupled with Path MTU Discovery (PMTUD) is used. > > NEW: > > For example, when the NSH is encapsulated in IP, IP-level > fragmentation coupled with Path MTU Discovery (PMTUD) is used. Since > PMTUD relies on ICMP messages, an operator should ensure ICMP > packets are not blocked. > > But a citation would enrich this. Please let us know. RFC 2923 is too TCP specific, etc... > > This text is helpful. If mentioning 8201 somewhere seems helpful, that would be fine with me. > Sounds good. Added both the text and a citation. Thanks. I think you're good to go. Spencer > > > > > I see that the applicability of NSH includes encapsulations that don't provide > > a path MTU discovery mechanism, and that your resolution for those > > encapsulations is to log events when a "too big" packet is dropped. Could you > > educate me, as to whether all encapsulations detect that this is happening? It > > might be that encapsulations are using a fixed maximum MTU by definition, so > > that what you're logging is an attempt to send a payload that violates the > > protocol definition of the encapsulation, but I don't know that that's true in > > all cases, so thought I should ask. > > We cannot prove if *all* encapsulations detect that as happening, as you are asking. However, if an encapsulation drops a packet for that reason we are adding a requirement for those encaps. > > Perfect. > > > > > I saw a suggestion from Joe Touch (in a response to the TSV-ART review) to > > consider looking at the terminology developed for draft-ietf-intarea-tunnels. I > > didn't see a reply to that suggestion, and I didn't see a reference to > > draft-ietf-intarea-tunnels in -24 - was this considered? > > Apologies for not having responded. Yes, this was considered. > > The needs of draft-ietf-sfc-nsh are so basic in this regards that we use only two terms. Those two terms are exact terms defined in draft-ietf-intarea-tunnels. MTU and PMTUD. This document does not make use of things like EMTU_R. > > Thanks for the feedback. > > > > > > (I'm also asking because I want to keep track of whether people applyin= g > > encapsulations find that document useful, of course) > > I reviewed an earlier iteration of that document, almost a decade ago (!!) and sent pages of comments. I also reviewed a subsequent intarea WG version of it. The applicability of that doc to draft-ietf-sfc-nsh is quite limited. > > By the way, the treatment of ICMP blockage in draft-ietf-intarea-tunnels is quite not exhaustive =E2=80=94 and that document seems a better place fo= r complaining about ICMP and PMTUD. > > Perhaps so. > > Thanks for all this. Thank you, Spencer! =E2=80=94 Carlos. > > Spencer > > > > > (Joe's follow-up is at > > https://mailarchive.ietf.org/arch/msg/tsv-art/CsdWwR9B5_ AB64D0eFl-KIE7_NA) > > > > > > > Thanks again! > > =E2=80=94 Carlos. --001a114dad66d963fe055a2a9ab5 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Hi, Carlos,

On Sep 27, 2017 19:50, "Carlos Pignataro (cpignat= a)" <cpignata@cisco.com&g= t; wrote:
Hi, Spencer,

Thank you for your quick and thoughtful response.

> If not, it's a comment. Do the right thing, of course.

We take the comment seriously as it is a unique last opportunity to i= mprove, and=C2=A0 really appreciate the =E2=80=9CDo the right thing=E2=80= =9D approach.

Specifics inline.


> On Sep 27, 2017, at 2:29 AM, Spencer Dawkins at IETF <spencerdawkins.ietf@gmail.com&= gt; wrote:
>
> Hi, Carlos,
>
> On Sep 27, 2017 11:43, "Carlos Pignataro (cpignata)" <cpignata@cisco.com> wrote:
> Many thanks Spencer for the comments below!
>
> Please see inline.
>
> > On Sep 26, 2017, at 12:22 PM, Spencer Dawkins <spencerdawkins.ietf@gmail.com>= ; wrote:
> >
> > Spencer Dawkins has entered the following ballot position for
> > draft-ietf-sfc-nsh-24: No Objection
> >
> > When responding, please keep the subject line intact and reply to= all
> > email addresses included in the To and CC lines. (Feel free to cu= t this
> > introductory paragraph, however.)
> >
> >
> > Please refer to https://www.ietf.= org/iesg/statement/discuss-criteria.html
> > for more information about IESG DISCUSS and COMMENT positions. > >
> >
> > The document, along with other ballot positions, can be found her= e:
> > https://datatracker.ietf.org/doc/= draft-ietf-sfc-nsh/
> >
> >
> >
> > ------------------------------------------------------------= ----------
> > COMMENT:
> > ------------------------------------------------------------= ----------
> >
> > Thank you for responding to Wes Eddy's TSV-ART review of -19 = (and, of course,
> > for making text changes that seemed appropriate).
> >
>
> Thanks to Wes for taking the time to review!
>
> We did go over the whole document with a fine comb cleaning up terms b= ased on Wes=E2=80=99 feedback.
>
> > It seems to me that you describe expectations about the applicabi= lity of NSH in
> > various places in the document, and in various ways. You might co= nsider (for
> > example) pulling the common elements of statements like (from Sec= tion 5)
> >
> >=C2=A0 =C2=A0Within a managed administrative domain, an operator c= an ensure that
> >=C2=A0 =C2=A0the underlay MTU is sufficient to carry SFC traffic w= ithout requiring
> >=C2=A0 =C2=A0fragmentation.=C2=A0 Given that the intended scope of= the NSH is within a
> >=C2=A0 =C2=A0single provider's operational domain, that approa= ch is sufficient.
> >
> > and (from Section 8)
> >
> >=C2=A0 NSH is designed for use within operator environments.=C2=A0= As such, it
> >=C2=A0 =C2=A0does not include any mandatory security mechanisms.= =C2=A0 As with many
> >=C2=A0 =C2=A0other protocols, without enhancements, the NSH encaps= ulation can be
> >=C2=A0 =C2=A0spoofed and is subject to snooping and modification i= n transit.
> >
> >=C2=A0 =C2=A0However, the deployment scope (as defined in [RFC7665= ]) of the NSH
> >=C2=A0 =C2=A0encapsulation is limited to a single network administ= rative domain as
> >=C2=A0 =C2=A0a controlled environment, with trusted devices (e.g.,= a data center)
> >=C2=A0 =C2=A0hence mitigating the risk of unauthorized manipulatio= n of the
> >=C2=A0 =C2=A0encapsulation headers or metadata.=C2=A0 This control= led environment is an
> >=C2=A0 =C2=A0important assumption for NSH.=C2=A0 There is one addi= tional important
> >=C2=A0 =C2=A0assumption: All of the service functions used by an o= perator in
> >=C2=A0 =C2=A0service chains are assumed to be selected and vetted = by the operator.
> >
> > into one section describing the applicability of NSH, appearing M= UCH earlier in
> > the document (the most detailed description of your expectations = looks like it
> > appears in the Security Considerations section, but parts of that= description
> > are applicable to the Fragmentation Considerations section, which= appears three
> > sections earlier in the document). The reader would have your int= ended
> > applicability in mind much earlier and more clearly, and you coul= d just invoke
> > your expectations by reference when you need to explain how they = apply
> > elsewhere in the document, so the expectations in play would be c= onsistent
> > across mentions throughout the document.
>
> We are very hesitant to make drastic structural modifications to the d= ocument at this stage.
>
> Understood :-)
>
> I understand your point about compiling a list of expectations through= out the document into a self-contained index. However, those expectations a= re very different for each area (e.g., security, encapsulation transport, e= tc.) and are currently functionally organized. The goal is not to have a li= st of requirements, but have implementors functionally read through the com= plete specification.
>
> Right, but the problem is that the expectations that kept me from ball= oting Discuss were three sections after the section TSV ADs turn to automat= ically. So our mileage for functional organization differs.
>
> ISTM that providing key information allowing an informed decision abou= t whether to use this mechanism in the 8th section, under security consider= ations, is really waiting until the last minute. Suspense is good for novel= s, but maybe not for implementers and operators.
>
> This isn't quite as late as adding MUSTs in the IANA consideration= s section, but it's close.
>
> If you can think of a better way to ensure that people making deployme= nt decisions understand the limitations, that would be good.
>

I think what you are after is mostly contained in the last 4 paragrap= hs of the Introduction. Would it help if we place those under a sub-heading= =E2=80=9C1.1 Scope=E2=80=9D or =E2=80=9C1.1 Applicability=E2=80=9D?

T= his seems helpful. If it's useful for you to know, I'd prefer Appli= cability, just because I think IETF is doing more specifications that aren&= #39;t generically deployable, and would like our readers and implementers t= o be more aware of whether they should be using each cool new thing on thei= r own networks.

You may = have noticed that most of our recent tunneling specifications break congest= ion considerations into two sections - one, saying what's safe to deplo= y anywhere, and one saying what you can probably get away with if your netw= ork is closely monitored.

We want people to be very aware of applicability considerations in many c= ases.

> If not, it's a comment. Do the right th= ing, of course.
>
>=C2=A0 Based on earlier feedback, we did present a more deliberate and = intentional applicability early on, in the Introduction. See third-to-last = paragraph of Section 1.
>
> That definitely helps. Thanks for that.
>
> >
> > I'm still bothered that this document doesn't explicitly = mention ICMP blocking
> > as a problem for PMTUD with IP encapsulations.
>
> We do not want to take away from the focus of the document, to have an= analysis of PMTUD. Doing so would be unfair to PMTUD, and invariably incor= rect by omission. There are other things that break PMTUD too potentially, = and other risks such as ICMP attacks, etc.
>
> Given the fact that the IP encapsulation can be IPv4 or IPv6, we do no= t want to explain PMTUD.
>
> That said, if there is a single Reference that you feel captures the P= MTUD problems and guidance, we will be happy to add it!
>
>
> > We're just not good at path MTU
> > discovery, so it seems useful to call this out explicitly when a = document
> > expects to use PMTUD. That way, people who use NSH will know to c= heck for ICMP
> > blocking on their networks before they receive their first troubl= e reports.
> > This almost reached my threshold for balloting Discuss, so I'= d hope you folks
> > would consider that.
>
> We are considering and happy to add some text about the problem. Howev= er, we were unable to find a single reference that atomically describes the= problem and gives recommendation. Even RFC 8201 includes only a single-sen= tence lost in middle of the Introduction.
>
> The reason coming up with a reference for this is hard, is because we&= #39;re just not very good at path MTU discovery=C2=A0 :p
>
> But 8201 is possibly the best reference available (recent Internet Sta= ndard). Do the right thing ...
>
>
> Proposal:
>
> OLD:
>=C2=A0 =C2=A0 For example, when the NSH is encapsulated in IP, IP-level=
>=C2=A0 =C2=A0 fragmentation coupled with Path MTU Discovery (PMTUD) is = used.
>
> NEW:
>
>=C2=A0 =C2=A0 For example, when the NSH is encapsulated in IP, IP-level=
>=C2=A0 =C2=A0 fragmentation coupled with Path MTU Discovery (PMTUD) is = used.=C2=A0 Since
>=C2=A0 =C2=A0 PMTUD relies on ICMP messages, an operator should ensure = ICMP
>=C2=A0 =C2=A0 packets are not blocked.
>
> But a citation would enrich this. Please let us know. RFC 2923 is too = TCP specific, etc...
>
> This text is helpful. If mentioning 8201 somewhere seems helpful, that= would be fine with me.
>

Sounds good. Added both the text and a citation.

Thanks. I think= you're good to go.

= Spencer

>
> >
> > I see that the applicability of NSH includes encapsulations that = don't provide
> > a path MTU discovery mechanism, and that your resolution for thos= e
> > encapsulations is to log events when a "too big" packet= is dropped. Could you
> > educate me, as to whether all encapsulations detect that this is = happening? It
> > might be that encapsulations are using a fixed maximum MTU by def= inition, so
> > that what you're logging is an attempt to send a payload that= violates the
> > protocol definition of the encapsulation, but I don't know th= at that's true in
> > all cases, so thought I should ask.
>
> We cannot prove if *all* encapsulations detect that as happening, as y= ou are asking. However, if an encapsulation drops a packet for that reason = we are adding a requirement for those encaps.
>
> Perfect.
>
> >
> > I saw a suggestion from Joe Touch (in a response to the TSV-ART r= eview) to
> > consider looking at the terminology developed for draft-ietf-inta= rea-tunnels. I
> > didn't see a reply to that suggestion, and I didn't see a= reference to
> > draft-ietf-intarea-tunnels in -24 - was this considered?
>
> Apologies for not having responded. Yes, this was considered.
>
> The needs of draft-ietf-sfc-nsh are so basic in this regards that we u= se only two terms. Those two terms are exact terms defined in draft-ietf-in= tarea-tunnels. MTU and PMTUD. This document does not make use of things lik= e EMTU_R.
>
> Thanks for the feedback.
>
>
> >
> > (I'm also asking because I want to keep track of whether peop= le applying
> > encapsulations find that document useful, of course)
>
> I reviewed an earlier iteration of that document, almost a decade ago = (!!) and sent pages of comments. I also reviewed a subsequent intarea WG ve= rsion of it. The applicability of that doc to draft-ietf-sfc-nsh is quite l= imited.
>
> By the way, the treatment of ICMP blockage in draft-ietf-intarea-tunne= ls is quite not exhaustive =E2=80=94 and that document seems a better place= for complaining about ICMP and PMTUD.
>
> Perhaps so.
>
> Thanks for all this.

Thank you, Spencer!

=E2=80=94 Carlos.

>
> Spencer
>
> >
> > (Joe's follow-up is at
> > https://mailarchi= ve.ietf.org/arch/msg/tsv-art/CsdWwR9B5_AB64D0eFl-KIE7_NA)
> >
> >
>
>
> Thanks again!
>
> =E2=80=94 Carlos.


--001a114dad66d963fe055a2a9ab5-- From nobody Wed Sep 27 05:13:13 2017 Return-Path: X-Original-To: sfc@ietfa.amsl.com Delivered-To: sfc@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1533A134A62; Wed, 27 Sep 2017 05:13:07 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -14.52 X-Spam-Level: X-Spam-Status: No, score=-14.52 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7ZzbqdPeABGj; Wed, 27 Sep 2017 05:13:00 -0700 (PDT) Received: from alln-iport-1.cisco.com (alln-iport-1.cisco.com [173.37.142.88]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4CB8A134B60; Wed, 27 Sep 2017 05:07:19 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=41790; q=dns/txt; s=iport; t=1506514039; x=1507723639; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=TJHFELsmuacVaSUDOvpyA6AsKfpWLF68LAemYXFUoog=; b=KSCDq+Yn/n3N2KTLHJ/7YpPJYaXHbja/RdWFIv4dWOJzmrvu4AUJdzs6 NCtVl7BgFOSa9sDQqFfUrWzrA15MjTVRo43SuM1Abuj/Jnr9/XT3EPCHn q1HYH8pWZw276s1nfxYOziBvWhqt+DYNbXEulQz/znIsIocdWdPx4MeFy w=; X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0DCAQDVk8tZ/5tdJa1cGQEBAQEBAQEBA?= =?us-ascii?q?QEBBwEBAQEBgm9tZG4nB4NvmX2BdnmHSY13ggQKJYUWAhqEP1cBAgEBAQEBAms?= =?us-ascii?q?ohRgBAQEBAgEaCVEFBQsCAQgYIAcDAgICHxEUEQIEDgWJTUwDDQgQqHKCJ4c8D?= =?us-ascii?q?YM7AQEBAQEBAQEBAQEBAQEBAQEBAQEBGAWDK4ICgVGBaiuBcFg1gl6BcwELBwE?= =?us-ascii?q?2gnwvgjEFihKOO4gXPAKHXIgGhHmCE4Vug36HBoxniDMCERkBgTgBV4EDC3gVS?= =?us-ascii?q?RIBhE45HIFndgGFaA8XA4EJgRABAQE?= X-IronPort-AV: E=Sophos;i="5.42,445,1500940800"; d="scan'208,217";a="9352886" Received: from rcdn-core-4.cisco.com ([173.37.93.155]) by alln-iport-1.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 27 Sep 2017 12:07:17 +0000 Received: from XCH-RTP-018.cisco.com (xch-rtp-018.cisco.com [64.101.220.158]) by rcdn-core-4.cisco.com (8.14.5/8.14.5) with ESMTP id v8RC7HZm023256 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Wed, 27 Sep 2017 12:07:17 GMT Received: from xch-rtp-020.cisco.com (64.101.220.160) by XCH-RTP-018.cisco.com (64.101.220.158) with Microsoft SMTP Server (TLS) id 15.0.1320.4; Wed, 27 Sep 2017 08:07:16 -0400 Received: from xch-rtp-020.cisco.com ([64.101.220.160]) by XCH-RTP-020.cisco.com ([64.101.220.160]) with mapi id 15.00.1320.000; Wed, 27 Sep 2017 08:07:16 -0400 From: "Carlos Pignataro (cpignata)" To: Spencer Dawkins at IETF CC: The IESG , "draft-ietf-sfc-nsh@ietf.org" , Wesley Eddy , "Joel M. Halpern" , "sfc-chairs@ietf.org" , Service Function Chaining IETF list Thread-Topic: Spencer Dawkins' No Objection on draft-ietf-sfc-nsh-24: (with COMMENT) Thread-Index: AQHTNuOuC2VDXw4nt0CnFP5cZ4x7oKLIWr+AgAAua4CAAFmZAIAABEYAgAAAjwA= Date: Wed, 27 Sep 2017 12:07:16 +0000 Message-ID: <00327B3B-465B-4BD1-A392-AD5E102F9044@cisco.com> References: <150644295986.20869.15901882753312059319.idtracker@ietfa.amsl.com> <4725A208-5A57-4C62-B12C-E41E7F9D5CFE@cisco.com> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-exchange-messagesentrepresentingtype: 1 x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [10.118.116.133] Content-Type: multipart/alternative; boundary="_000_00327B3B465B4BD1A392AD5E102F9044ciscocom_" MIME-Version: 1.0 Archived-At: Subject: Re: [sfc] Spencer Dawkins' No Objection on draft-ietf-sfc-nsh-24: (with COMMENT) X-BeenThere: sfc@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Network Service Chaining List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Sep 2017 12:13:07 -0000 --_000_00327B3B465B4BD1A392AD5E102F9044ciscocom_ Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 U291bmRzIGxpa2UgYSBnb29kIGFwcHJvYWNoLCBTcGVuY2VyLiBEb25lLg0KDQrigJQNCkNhcmxv cyBQaWduYXRhcm8sIGNhcmxvc0BjaXNjby5jb208bWFpbHRvOmNhcmxvc0BjaXNjby5jb20+DQoN CuKAnFNvbWV0aW1lcyBJIHVzZSBiaWcgd29yZHMgdGhhdCBJIGRvIG5vdCBmdWxseSB1bmRlcnN0 YW5kLCB0byBtYWtlIG15c2VsZiBzb3VuZCBtb3JlIHBob3Rvc3ludGhlc2lzLiINCg0KT24gU2Vw IDI3LCAyMDE3LCBhdCA4OjA1IEFNLCBTcGVuY2VyIERhd2tpbnMgYXQgSUVURiA8c3BlbmNlcmRh d2tpbnMuaWV0ZkBnbWFpbC5jb208bWFpbHRvOnNwZW5jZXJkYXdraW5zLmlldGZAZ21haWwuY29t Pj4gd3JvdGU6DQoNCkhpLCBDYXJsb3MsDQoNCk9uIFNlcCAyNywgMjAxNyAxOTo1MCwgIkNhcmxv cyBQaWduYXRhcm8gKGNwaWduYXRhKSIgPGNwaWduYXRhQGNpc2NvLmNvbTxtYWlsdG86Y3BpZ25h dGFAY2lzY28uY29tPj4gd3JvdGU6DQpIaSwgU3BlbmNlciwNCg0KVGhhbmsgeW91IGZvciB5b3Vy IHF1aWNrIGFuZCB0aG91Z2h0ZnVsIHJlc3BvbnNlLg0KDQo+IElmIG5vdCwgaXQncyBhIGNvbW1l bnQuIERvIHRoZSByaWdodCB0aGluZywgb2YgY291cnNlLg0KDQpXZSB0YWtlIHRoZSBjb21tZW50 IHNlcmlvdXNseSBhcyBpdCBpcyBhIHVuaXF1ZSBsYXN0IG9wcG9ydHVuaXR5IHRvIGltcHJvdmUs IGFuZCAgcmVhbGx5IGFwcHJlY2lhdGUgdGhlIOKAnERvIHRoZSByaWdodCB0aGluZ+KAnSBhcHBy b2FjaC4NCg0KU3BlY2lmaWNzIGlubGluZS4NCg0KDQo+IE9uIFNlcCAyNywgMjAxNywgYXQgMjoy OSBBTSwgU3BlbmNlciBEYXdraW5zIGF0IElFVEYgPHNwZW5jZXJkYXdraW5zLmlldGZAZ21haWwu Y29tPG1haWx0bzpzcGVuY2VyZGF3a2lucy5pZXRmQGdtYWlsLmNvbT4+IHdyb3RlOg0KPg0KPiBI aSwgQ2FybG9zLA0KPg0KPiBPbiBTZXAgMjcsIDIwMTcgMTE6NDMsICJDYXJsb3MgUGlnbmF0YXJv IChjcGlnbmF0YSkiIDxjcGlnbmF0YUBjaXNjby5jb208bWFpbHRvOmNwaWduYXRhQGNpc2NvLmNv bT4+IHdyb3RlOg0KPiBNYW55IHRoYW5rcyBTcGVuY2VyIGZvciB0aGUgY29tbWVudHMgYmVsb3ch DQo+DQo+IFBsZWFzZSBzZWUgaW5saW5lLg0KPg0KPiA+IE9uIFNlcCAyNiwgMjAxNywgYXQgMTI6 MjIgUE0sIFNwZW5jZXIgRGF3a2lucyA8c3BlbmNlcmRhd2tpbnMuaWV0ZkBnbWFpbC5jb208bWFp bHRvOnNwZW5jZXJkYXdraW5zLmlldGZAZ21haWwuY29tPj4gd3JvdGU6DQo+ID4NCj4gPiBTcGVu Y2VyIERhd2tpbnMgaGFzIGVudGVyZWQgdGhlIGZvbGxvd2luZyBiYWxsb3QgcG9zaXRpb24gZm9y DQo+ID4gZHJhZnQtaWV0Zi1zZmMtbnNoLTI0OiBObyBPYmplY3Rpb24NCj4gPg0KPiA+IFdoZW4g cmVzcG9uZGluZywgcGxlYXNlIGtlZXAgdGhlIHN1YmplY3QgbGluZSBpbnRhY3QgYW5kIHJlcGx5 IHRvIGFsbA0KPiA+IGVtYWlsIGFkZHJlc3NlcyBpbmNsdWRlZCBpbiB0aGUgVG8gYW5kIENDIGxp bmVzLiAoRmVlbCBmcmVlIHRvIGN1dCB0aGlzDQo+ID4gaW50cm9kdWN0b3J5IHBhcmFncmFwaCwg aG93ZXZlci4pDQo+ID4NCj4gPg0KPiA+IFBsZWFzZSByZWZlciB0byBodHRwczovL3d3dy5pZXRm Lm9yZy9pZXNnL3N0YXRlbWVudC9kaXNjdXNzLWNyaXRlcmlhLmh0bWwNCj4gPiBmb3IgbW9yZSBp bmZvcm1hdGlvbiBhYm91dCBJRVNHIERJU0NVU1MgYW5kIENPTU1FTlQgcG9zaXRpb25zLg0KPiA+ DQo+ID4NCj4gPiBUaGUgZG9jdW1lbnQsIGFsb25nIHdpdGggb3RoZXIgYmFsbG90IHBvc2l0aW9u cywgY2FuIGJlIGZvdW5kIGhlcmU6DQo+ID4gaHR0cHM6Ly9kYXRhdHJhY2tlci5pZXRmLm9yZy9k b2MvZHJhZnQtaWV0Zi1zZmMtbnNoLw0KPiA+DQo+ID4NCj4gPg0KPiA+IC0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0N Cj4gPiBDT01NRU5UOg0KPiA+IC0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCj4gPg0KPiA+IFRoYW5rIHlvdSBmb3Ig cmVzcG9uZGluZyB0byBXZXMgRWRkeSdzIFRTVi1BUlQgcmV2aWV3IG9mIC0xOSAoYW5kLCBvZiBj b3Vyc2UsDQo+ID4gZm9yIG1ha2luZyB0ZXh0IGNoYW5nZXMgdGhhdCBzZWVtZWQgYXBwcm9wcmlh dGUpLg0KPiA+DQo+DQo+IFRoYW5rcyB0byBXZXMgZm9yIHRha2luZyB0aGUgdGltZSB0byByZXZp ZXchDQo+DQo+IFdlIGRpZCBnbyBvdmVyIHRoZSB3aG9sZSBkb2N1bWVudCB3aXRoIGEgZmluZSBj b21iIGNsZWFuaW5nIHVwIHRlcm1zIGJhc2VkIG9uIFdlc+KAmSBmZWVkYmFjay4NCj4NCj4gPiBJ dCBzZWVtcyB0byBtZSB0aGF0IHlvdSBkZXNjcmliZSBleHBlY3RhdGlvbnMgYWJvdXQgdGhlIGFw cGxpY2FiaWxpdHkgb2YgTlNIIGluDQo+ID4gdmFyaW91cyBwbGFjZXMgaW4gdGhlIGRvY3VtZW50 LCBhbmQgaW4gdmFyaW91cyB3YXlzLiBZb3UgbWlnaHQgY29uc2lkZXIgKGZvcg0KPiA+IGV4YW1w bGUpIHB1bGxpbmcgdGhlIGNvbW1vbiBlbGVtZW50cyBvZiBzdGF0ZW1lbnRzIGxpa2UgKGZyb20g U2VjdGlvbiA1KQ0KPiA+DQo+ID4gICBXaXRoaW4gYSBtYW5hZ2VkIGFkbWluaXN0cmF0aXZlIGRv bWFpbiwgYW4gb3BlcmF0b3IgY2FuIGVuc3VyZSB0aGF0DQo+ID4gICB0aGUgdW5kZXJsYXkgTVRV IGlzIHN1ZmZpY2llbnQgdG8gY2FycnkgU0ZDIHRyYWZmaWMgd2l0aG91dCByZXF1aXJpbmcNCj4g PiAgIGZyYWdtZW50YXRpb24uICBHaXZlbiB0aGF0IHRoZSBpbnRlbmRlZCBzY29wZSBvZiB0aGUg TlNIIGlzIHdpdGhpbiBhDQo+ID4gICBzaW5nbGUgcHJvdmlkZXIncyBvcGVyYXRpb25hbCBkb21h aW4sIHRoYXQgYXBwcm9hY2ggaXMgc3VmZmljaWVudC4NCj4gPg0KPiA+IGFuZCAoZnJvbSBTZWN0 aW9uIDgpDQo+ID4NCj4gPiAgTlNIIGlzIGRlc2lnbmVkIGZvciB1c2Ugd2l0aGluIG9wZXJhdG9y IGVudmlyb25tZW50cy4gIEFzIHN1Y2gsIGl0DQo+ID4gICBkb2VzIG5vdCBpbmNsdWRlIGFueSBt YW5kYXRvcnkgc2VjdXJpdHkgbWVjaGFuaXNtcy4gIEFzIHdpdGggbWFueQ0KPiA+ICAgb3RoZXIg cHJvdG9jb2xzLCB3aXRob3V0IGVuaGFuY2VtZW50cywgdGhlIE5TSCBlbmNhcHN1bGF0aW9uIGNh biBiZQ0KPiA+ICAgc3Bvb2ZlZCBhbmQgaXMgc3ViamVjdCB0byBzbm9vcGluZyBhbmQgbW9kaWZp Y2F0aW9uIGluIHRyYW5zaXQuDQo+ID4NCj4gPiAgIEhvd2V2ZXIsIHRoZSBkZXBsb3ltZW50IHNj b3BlIChhcyBkZWZpbmVkIGluIFtSRkM3NjY1XSkgb2YgdGhlIE5TSA0KPiA+ICAgZW5jYXBzdWxh dGlvbiBpcyBsaW1pdGVkIHRvIGEgc2luZ2xlIG5ldHdvcmsgYWRtaW5pc3RyYXRpdmUgZG9tYWlu IGFzDQo+ID4gICBhIGNvbnRyb2xsZWQgZW52aXJvbm1lbnQsIHdpdGggdHJ1c3RlZCBkZXZpY2Vz IChlLmcuLCBhIGRhdGEgY2VudGVyKQ0KPiA+ICAgaGVuY2UgbWl0aWdhdGluZyB0aGUgcmlzayBv ZiB1bmF1dGhvcml6ZWQgbWFuaXB1bGF0aW9uIG9mIHRoZQ0KPiA+ICAgZW5jYXBzdWxhdGlvbiBo ZWFkZXJzIG9yIG1ldGFkYXRhLiAgVGhpcyBjb250cm9sbGVkIGVudmlyb25tZW50IGlzIGFuDQo+ ID4gICBpbXBvcnRhbnQgYXNzdW1wdGlvbiBmb3IgTlNILiAgVGhlcmUgaXMgb25lIGFkZGl0aW9u YWwgaW1wb3J0YW50DQo+ID4gICBhc3N1bXB0aW9uOiBBbGwgb2YgdGhlIHNlcnZpY2UgZnVuY3Rp b25zIHVzZWQgYnkgYW4gb3BlcmF0b3IgaW4NCj4gPiAgIHNlcnZpY2UgY2hhaW5zIGFyZSBhc3N1 bWVkIHRvIGJlIHNlbGVjdGVkIGFuZCB2ZXR0ZWQgYnkgdGhlIG9wZXJhdG9yLg0KPiA+DQo+ID4g aW50byBvbmUgc2VjdGlvbiBkZXNjcmliaW5nIHRoZSBhcHBsaWNhYmlsaXR5IG9mIE5TSCwgYXBw ZWFyaW5nIE1VQ0ggZWFybGllciBpbg0KPiA+IHRoZSBkb2N1bWVudCAodGhlIG1vc3QgZGV0YWls ZWQgZGVzY3JpcHRpb24gb2YgeW91ciBleHBlY3RhdGlvbnMgbG9va3MgbGlrZSBpdA0KPiA+IGFw cGVhcnMgaW4gdGhlIFNlY3VyaXR5IENvbnNpZGVyYXRpb25zIHNlY3Rpb24sIGJ1dCBwYXJ0cyBv ZiB0aGF0IGRlc2NyaXB0aW9uDQo+ID4gYXJlIGFwcGxpY2FibGUgdG8gdGhlIEZyYWdtZW50YXRp b24gQ29uc2lkZXJhdGlvbnMgc2VjdGlvbiwgd2hpY2ggYXBwZWFycyB0aHJlZQ0KPiA+IHNlY3Rp b25zIGVhcmxpZXIgaW4gdGhlIGRvY3VtZW50KS4gVGhlIHJlYWRlciB3b3VsZCBoYXZlIHlvdXIg aW50ZW5kZWQNCj4gPiBhcHBsaWNhYmlsaXR5IGluIG1pbmQgbXVjaCBlYXJsaWVyIGFuZCBtb3Jl IGNsZWFybHksIGFuZCB5b3UgY291bGQganVzdCBpbnZva2UNCj4gPiB5b3VyIGV4cGVjdGF0aW9u cyBieSByZWZlcmVuY2Ugd2hlbiB5b3UgbmVlZCB0byBleHBsYWluIGhvdyB0aGV5IGFwcGx5DQo+ ID4gZWxzZXdoZXJlIGluIHRoZSBkb2N1bWVudCwgc28gdGhlIGV4cGVjdGF0aW9ucyBpbiBwbGF5 IHdvdWxkIGJlIGNvbnNpc3RlbnQNCj4gPiBhY3Jvc3MgbWVudGlvbnMgdGhyb3VnaG91dCB0aGUg ZG9jdW1lbnQuDQo+DQo+IFdlIGFyZSB2ZXJ5IGhlc2l0YW50IHRvIG1ha2UgZHJhc3RpYyBzdHJ1 Y3R1cmFsIG1vZGlmaWNhdGlvbnMgdG8gdGhlIGRvY3VtZW50IGF0IHRoaXMgc3RhZ2UuDQo+DQo+ IFVuZGVyc3Rvb2QgOi0pDQo+DQo+IEkgdW5kZXJzdGFuZCB5b3VyIHBvaW50IGFib3V0IGNvbXBp bGluZyBhIGxpc3Qgb2YgZXhwZWN0YXRpb25zIHRocm91Z2hvdXQgdGhlIGRvY3VtZW50IGludG8g YSBzZWxmLWNvbnRhaW5lZCBpbmRleC4gSG93ZXZlciwgdGhvc2UgZXhwZWN0YXRpb25zIGFyZSB2 ZXJ5IGRpZmZlcmVudCBmb3IgZWFjaCBhcmVhIChlLmcuLCBzZWN1cml0eSwgZW5jYXBzdWxhdGlv biB0cmFuc3BvcnQsIGV0Yy4pIGFuZCBhcmUgY3VycmVudGx5IGZ1bmN0aW9uYWxseSBvcmdhbml6 ZWQuIFRoZSBnb2FsIGlzIG5vdCB0byBoYXZlIGEgbGlzdCBvZiByZXF1aXJlbWVudHMsIGJ1dCBo YXZlIGltcGxlbWVudG9ycyBmdW5jdGlvbmFsbHkgcmVhZCB0aHJvdWdoIHRoZSBjb21wbGV0ZSBz cGVjaWZpY2F0aW9uLg0KPg0KPiBSaWdodCwgYnV0IHRoZSBwcm9ibGVtIGlzIHRoYXQgdGhlIGV4 cGVjdGF0aW9ucyB0aGF0IGtlcHQgbWUgZnJvbSBiYWxsb3RpbmcgRGlzY3VzcyB3ZXJlIHRocmVl IHNlY3Rpb25zIGFmdGVyIHRoZSBzZWN0aW9uIFRTViBBRHMgdHVybiB0byBhdXRvbWF0aWNhbGx5 LiBTbyBvdXIgbWlsZWFnZSBmb3IgZnVuY3Rpb25hbCBvcmdhbml6YXRpb24gZGlmZmVycy4NCj4N Cj4gSVNUTSB0aGF0IHByb3ZpZGluZyBrZXkgaW5mb3JtYXRpb24gYWxsb3dpbmcgYW4gaW5mb3Jt ZWQgZGVjaXNpb24gYWJvdXQgd2hldGhlciB0byB1c2UgdGhpcyBtZWNoYW5pc20gaW4gdGhlIDh0 aCBzZWN0aW9uLCB1bmRlciBzZWN1cml0eSBjb25zaWRlcmF0aW9ucywgaXMgcmVhbGx5IHdhaXRp bmcgdW50aWwgdGhlIGxhc3QgbWludXRlLiBTdXNwZW5zZSBpcyBnb29kIGZvciBub3ZlbHMsIGJ1 dCBtYXliZSBub3QgZm9yIGltcGxlbWVudGVycyBhbmQgb3BlcmF0b3JzLg0KPg0KPiBUaGlzIGlz bid0IHF1aXRlIGFzIGxhdGUgYXMgYWRkaW5nIE1VU1RzIGluIHRoZSBJQU5BIGNvbnNpZGVyYXRp b25zIHNlY3Rpb24sIGJ1dCBpdCdzIGNsb3NlLg0KPg0KPiBJZiB5b3UgY2FuIHRoaW5rIG9mIGEg YmV0dGVyIHdheSB0byBlbnN1cmUgdGhhdCBwZW9wbGUgbWFraW5nIGRlcGxveW1lbnQgZGVjaXNp b25zIHVuZGVyc3RhbmQgdGhlIGxpbWl0YXRpb25zLCB0aGF0IHdvdWxkIGJlIGdvb2QuDQo+DQoN CkkgdGhpbmsgd2hhdCB5b3UgYXJlIGFmdGVyIGlzIG1vc3RseSBjb250YWluZWQgaW4gdGhlIGxh c3QgNCBwYXJhZ3JhcGhzIG9mIHRoZSBJbnRyb2R1Y3Rpb24uIFdvdWxkIGl0IGhlbHAgaWYgd2Ug cGxhY2UgdGhvc2UgdW5kZXIgYSBzdWItaGVhZGluZyDigJwxLjEgU2NvcGXigJ0gb3Ig4oCcMS4x IEFwcGxpY2FiaWxpdHnigJ0/DQoNClRoaXMgc2VlbXMgaGVscGZ1bC4gSWYgaXQncyB1c2VmdWwg Zm9yIHlvdSB0byBrbm93LCBJJ2QgcHJlZmVyIEFwcGxpY2FiaWxpdHksIGp1c3QgYmVjYXVzZSBJ IHRoaW5rIElFVEYgaXMgZG9pbmcgbW9yZSBzcGVjaWZpY2F0aW9ucyB0aGF0IGFyZW4ndCBnZW5l cmljYWxseSBkZXBsb3lhYmxlLCBhbmQgd291bGQgbGlrZSBvdXIgcmVhZGVycyBhbmQgaW1wbGVt ZW50ZXJzIHRvIGJlIG1vcmUgYXdhcmUgb2Ygd2hldGhlciB0aGV5IHNob3VsZCBiZSB1c2luZyBl YWNoIGNvb2wgbmV3IHRoaW5nIG9uIHRoZWlyIG93biBuZXR3b3Jrcy4NCg0KWW91IG1heSBoYXZl IG5vdGljZWQgdGhhdCBtb3N0IG9mIG91ciByZWNlbnQgdHVubmVsaW5nIHNwZWNpZmljYXRpb25z IGJyZWFrIGNvbmdlc3Rpb24gY29uc2lkZXJhdGlvbnMgaW50byB0d28gc2VjdGlvbnMgLSBvbmUs IHNheWluZyB3aGF0J3Mgc2FmZSB0byBkZXBsb3kgYW55d2hlcmUsIGFuZCBvbmUgc2F5aW5nIHdo YXQgeW91IGNhbiBwcm9iYWJseSBnZXQgYXdheSB3aXRoIGlmIHlvdXIgbmV0d29yayBpcyBjbG9z ZWx5IG1vbml0b3JlZC4NCg0KV2Ugd2FudCBwZW9wbGUgdG8gYmUgdmVyeSBhd2FyZSBvZiBhcHBs aWNhYmlsaXR5IGNvbnNpZGVyYXRpb25zIGluIG1hbnkgY2FzZXMuDQoNCj4gSWYgbm90LCBpdCdz IGEgY29tbWVudC4gRG8gdGhlIHJpZ2h0IHRoaW5nLCBvZiBjb3Vyc2UuDQo+DQo+ICBCYXNlZCBv biBlYXJsaWVyIGZlZWRiYWNrLCB3ZSBkaWQgcHJlc2VudCBhIG1vcmUgZGVsaWJlcmF0ZSBhbmQg aW50ZW50aW9uYWwgYXBwbGljYWJpbGl0eSBlYXJseSBvbiwgaW4gdGhlIEludHJvZHVjdGlvbi4g U2VlIHRoaXJkLXRvLWxhc3QgcGFyYWdyYXBoIG9mIFNlY3Rpb24gMS4NCj4NCj4gVGhhdCBkZWZp bml0ZWx5IGhlbHBzLiBUaGFua3MgZm9yIHRoYXQuDQo+DQo+ID4NCj4gPiBJJ20gc3RpbGwgYm90 aGVyZWQgdGhhdCB0aGlzIGRvY3VtZW50IGRvZXNuJ3QgZXhwbGljaXRseSBtZW50aW9uIElDTVAg YmxvY2tpbmcNCj4gPiBhcyBhIHByb2JsZW0gZm9yIFBNVFVEIHdpdGggSVAgZW5jYXBzdWxhdGlv bnMuDQo+DQo+IFdlIGRvIG5vdCB3YW50IHRvIHRha2UgYXdheSBmcm9tIHRoZSBmb2N1cyBvZiB0 aGUgZG9jdW1lbnQsIHRvIGhhdmUgYW4gYW5hbHlzaXMgb2YgUE1UVUQuIERvaW5nIHNvIHdvdWxk IGJlIHVuZmFpciB0byBQTVRVRCwgYW5kIGludmFyaWFibHkgaW5jb3JyZWN0IGJ5IG9taXNzaW9u LiBUaGVyZSBhcmUgb3RoZXIgdGhpbmdzIHRoYXQgYnJlYWsgUE1UVUQgdG9vIHBvdGVudGlhbGx5 LCBhbmQgb3RoZXIgcmlza3Mgc3VjaCBhcyBJQ01QIGF0dGFja3MsIGV0Yy4NCj4NCj4gR2l2ZW4g dGhlIGZhY3QgdGhhdCB0aGUgSVAgZW5jYXBzdWxhdGlvbiBjYW4gYmUgSVB2NCBvciBJUHY2LCB3 ZSBkbyBub3Qgd2FudCB0byBleHBsYWluIFBNVFVELg0KPg0KPiBUaGF0IHNhaWQsIGlmIHRoZXJl IGlzIGEgc2luZ2xlIFJlZmVyZW5jZSB0aGF0IHlvdSBmZWVsIGNhcHR1cmVzIHRoZSBQTVRVRCBw cm9ibGVtcyBhbmQgZ3VpZGFuY2UsIHdlIHdpbGwgYmUgaGFwcHkgdG8gYWRkIGl0IQ0KPg0KPg0K PiA+IFdlJ3JlIGp1c3Qgbm90IGdvb2QgYXQgcGF0aCBNVFUNCj4gPiBkaXNjb3ZlcnksIHNvIGl0 IHNlZW1zIHVzZWZ1bCB0byBjYWxsIHRoaXMgb3V0IGV4cGxpY2l0bHkgd2hlbiBhIGRvY3VtZW50 DQo+ID4gZXhwZWN0cyB0byB1c2UgUE1UVUQuIFRoYXQgd2F5LCBwZW9wbGUgd2hvIHVzZSBOU0gg d2lsbCBrbm93IHRvIGNoZWNrIGZvciBJQ01QDQo+ID4gYmxvY2tpbmcgb24gdGhlaXIgbmV0d29y a3MgYmVmb3JlIHRoZXkgcmVjZWl2ZSB0aGVpciBmaXJzdCB0cm91YmxlIHJlcG9ydHMuDQo+ID4g VGhpcyBhbG1vc3QgcmVhY2hlZCBteSB0aHJlc2hvbGQgZm9yIGJhbGxvdGluZyBEaXNjdXNzLCBz byBJJ2QgaG9wZSB5b3UgZm9sa3MNCj4gPiB3b3VsZCBjb25zaWRlciB0aGF0Lg0KPg0KPiBXZSBh cmUgY29uc2lkZXJpbmcgYW5kIGhhcHB5IHRvIGFkZCBzb21lIHRleHQgYWJvdXQgdGhlIHByb2Js ZW0uIEhvd2V2ZXIsIHdlIHdlcmUgdW5hYmxlIHRvIGZpbmQgYSBzaW5nbGUgcmVmZXJlbmNlIHRo YXQgYXRvbWljYWxseSBkZXNjcmliZXMgdGhlIHByb2JsZW0gYW5kIGdpdmVzIHJlY29tbWVuZGF0 aW9uLiBFdmVuIFJGQyA4MjAxIGluY2x1ZGVzIG9ubHkgYSBzaW5nbGUtc2VudGVuY2UgbG9zdCBp biBtaWRkbGUgb2YgdGhlIEludHJvZHVjdGlvbi4NCj4NCj4gVGhlIHJlYXNvbiBjb21pbmcgdXAg d2l0aCBhIHJlZmVyZW5jZSBmb3IgdGhpcyBpcyBoYXJkLCBpcyBiZWNhdXNlIHdlJ3JlIGp1c3Qg bm90IHZlcnkgZ29vZCBhdCBwYXRoIE1UVSBkaXNjb3ZlcnkgIDpwDQo+DQo+IEJ1dCA4MjAxIGlz IHBvc3NpYmx5IHRoZSBiZXN0IHJlZmVyZW5jZSBhdmFpbGFibGUgKHJlY2VudCBJbnRlcm5ldCBT dGFuZGFyZCkuIERvIHRoZSByaWdodCB0aGluZyAuLi4NCj4NCj4NCj4gUHJvcG9zYWw6DQo+DQo+ IE9MRDoNCj4gICAgRm9yIGV4YW1wbGUsIHdoZW4gdGhlIE5TSCBpcyBlbmNhcHN1bGF0ZWQgaW4g SVAsIElQLWxldmVsDQo+ICAgIGZyYWdtZW50YXRpb24gY291cGxlZCB3aXRoIFBhdGggTVRVIERp c2NvdmVyeSAoUE1UVUQpIGlzIHVzZWQuDQo+DQo+IE5FVzoNCj4NCj4gICAgRm9yIGV4YW1wbGUs IHdoZW4gdGhlIE5TSCBpcyBlbmNhcHN1bGF0ZWQgaW4gSVAsIElQLWxldmVsDQo+ICAgIGZyYWdt ZW50YXRpb24gY291cGxlZCB3aXRoIFBhdGggTVRVIERpc2NvdmVyeSAoUE1UVUQpIGlzIHVzZWQu ICBTaW5jZQ0KPiAgICBQTVRVRCByZWxpZXMgb24gSUNNUCBtZXNzYWdlcywgYW4gb3BlcmF0b3Ig c2hvdWxkIGVuc3VyZSBJQ01QDQo+ICAgIHBhY2tldHMgYXJlIG5vdCBibG9ja2VkLg0KPg0KPiBC dXQgYSBjaXRhdGlvbiB3b3VsZCBlbnJpY2ggdGhpcy4gUGxlYXNlIGxldCB1cyBrbm93LiBSRkMg MjkyMyBpcyB0b28gVENQIHNwZWNpZmljLCBldGMuLi4NCj4NCj4gVGhpcyB0ZXh0IGlzIGhlbHBm dWwuIElmIG1lbnRpb25pbmcgODIwMSBzb21ld2hlcmUgc2VlbXMgaGVscGZ1bCwgdGhhdCB3b3Vs ZCBiZSBmaW5lIHdpdGggbWUuDQo+DQoNClNvdW5kcyBnb29kLiBBZGRlZCBib3RoIHRoZSB0ZXh0 IGFuZCBhIGNpdGF0aW9uLg0KDQpUaGFua3MuIEkgdGhpbmsgeW91J3JlIGdvb2QgdG8gZ28uDQoN ClNwZW5jZXINCg0KPg0KPiA+DQo+ID4gSSBzZWUgdGhhdCB0aGUgYXBwbGljYWJpbGl0eSBvZiBO U0ggaW5jbHVkZXMgZW5jYXBzdWxhdGlvbnMgdGhhdCBkb24ndCBwcm92aWRlDQo+ID4gYSBwYXRo IE1UVSBkaXNjb3ZlcnkgbWVjaGFuaXNtLCBhbmQgdGhhdCB5b3VyIHJlc29sdXRpb24gZm9yIHRo b3NlDQo+ID4gZW5jYXBzdWxhdGlvbnMgaXMgdG8gbG9nIGV2ZW50cyB3aGVuIGEgInRvbyBiaWci IHBhY2tldCBpcyBkcm9wcGVkLiBDb3VsZCB5b3UNCj4gPiBlZHVjYXRlIG1lLCBhcyB0byB3aGV0 aGVyIGFsbCBlbmNhcHN1bGF0aW9ucyBkZXRlY3QgdGhhdCB0aGlzIGlzIGhhcHBlbmluZz8gSXQN Cj4gPiBtaWdodCBiZSB0aGF0IGVuY2Fwc3VsYXRpb25zIGFyZSB1c2luZyBhIGZpeGVkIG1heGlt dW0gTVRVIGJ5IGRlZmluaXRpb24sIHNvDQo+ID4gdGhhdCB3aGF0IHlvdSdyZSBsb2dnaW5nIGlz IGFuIGF0dGVtcHQgdG8gc2VuZCBhIHBheWxvYWQgdGhhdCB2aW9sYXRlcyB0aGUNCj4gPiBwcm90 b2NvbCBkZWZpbml0aW9uIG9mIHRoZSBlbmNhcHN1bGF0aW9uLCBidXQgSSBkb24ndCBrbm93IHRo YXQgdGhhdCdzIHRydWUgaW4NCj4gPiBhbGwgY2FzZXMsIHNvIHRob3VnaHQgSSBzaG91bGQgYXNr Lg0KPg0KPiBXZSBjYW5ub3QgcHJvdmUgaWYgKmFsbCogZW5jYXBzdWxhdGlvbnMgZGV0ZWN0IHRo YXQgYXMgaGFwcGVuaW5nLCBhcyB5b3UgYXJlIGFza2luZy4gSG93ZXZlciwgaWYgYW4gZW5jYXBz dWxhdGlvbiBkcm9wcyBhIHBhY2tldCBmb3IgdGhhdCByZWFzb24gd2UgYXJlIGFkZGluZyBhIHJl cXVpcmVtZW50IGZvciB0aG9zZSBlbmNhcHMuDQo+DQo+IFBlcmZlY3QuDQo+DQo+ID4NCj4gPiBJ IHNhdyBhIHN1Z2dlc3Rpb24gZnJvbSBKb2UgVG91Y2ggKGluIGEgcmVzcG9uc2UgdG8gdGhlIFRT Vi1BUlQgcmV2aWV3KSB0bw0KPiA+IGNvbnNpZGVyIGxvb2tpbmcgYXQgdGhlIHRlcm1pbm9sb2d5 IGRldmVsb3BlZCBmb3IgZHJhZnQtaWV0Zi1pbnRhcmVhLXR1bm5lbHMuIEkNCj4gPiBkaWRuJ3Qg c2VlIGEgcmVwbHkgdG8gdGhhdCBzdWdnZXN0aW9uLCBhbmQgSSBkaWRuJ3Qgc2VlIGEgcmVmZXJl bmNlIHRvDQo+ID4gZHJhZnQtaWV0Zi1pbnRhcmVhLXR1bm5lbHMgaW4gLTI0IC0gd2FzIHRoaXMg Y29uc2lkZXJlZD8NCj4NCj4gQXBvbG9naWVzIGZvciBub3QgaGF2aW5nIHJlc3BvbmRlZC4gWWVz LCB0aGlzIHdhcyBjb25zaWRlcmVkLg0KPg0KPiBUaGUgbmVlZHMgb2YgZHJhZnQtaWV0Zi1zZmMt bnNoIGFyZSBzbyBiYXNpYyBpbiB0aGlzIHJlZ2FyZHMgdGhhdCB3ZSB1c2Ugb25seSB0d28gdGVy bXMuIFRob3NlIHR3byB0ZXJtcyBhcmUgZXhhY3QgdGVybXMgZGVmaW5lZCBpbiBkcmFmdC1pZXRm LWludGFyZWEtdHVubmVscy4gTVRVIGFuZCBQTVRVRC4gVGhpcyBkb2N1bWVudCBkb2VzIG5vdCBt YWtlIHVzZSBvZiB0aGluZ3MgbGlrZSBFTVRVX1IuDQo+DQo+IFRoYW5rcyBmb3IgdGhlIGZlZWRi YWNrLg0KPg0KPg0KPiA+DQo+ID4gKEknbSBhbHNvIGFza2luZyBiZWNhdXNlIEkgd2FudCB0byBr ZWVwIHRyYWNrIG9mIHdoZXRoZXIgcGVvcGxlIGFwcGx5aW5nDQo+ID4gZW5jYXBzdWxhdGlvbnMg ZmluZCB0aGF0IGRvY3VtZW50IHVzZWZ1bCwgb2YgY291cnNlKQ0KPg0KPiBJIHJldmlld2VkIGFu IGVhcmxpZXIgaXRlcmF0aW9uIG9mIHRoYXQgZG9jdW1lbnQsIGFsbW9zdCBhIGRlY2FkZSBhZ28g KCEhKSBhbmQgc2VudCBwYWdlcyBvZiBjb21tZW50cy4gSSBhbHNvIHJldmlld2VkIGEgc3Vic2Vx dWVudCBpbnRhcmVhIFdHIHZlcnNpb24gb2YgaXQuIFRoZSBhcHBsaWNhYmlsaXR5IG9mIHRoYXQg ZG9jIHRvIGRyYWZ0LWlldGYtc2ZjLW5zaCBpcyBxdWl0ZSBsaW1pdGVkLg0KPg0KPiBCeSB0aGUg d2F5LCB0aGUgdHJlYXRtZW50IG9mIElDTVAgYmxvY2thZ2UgaW4gZHJhZnQtaWV0Zi1pbnRhcmVh LXR1bm5lbHMgaXMgcXVpdGUgbm90IGV4aGF1c3RpdmUg4oCUIGFuZCB0aGF0IGRvY3VtZW50IHNl ZW1zIGEgYmV0dGVyIHBsYWNlIGZvciBjb21wbGFpbmluZyBhYm91dCBJQ01QIGFuZCBQTVRVRC4N Cj4NCj4gUGVyaGFwcyBzby4NCj4NCj4gVGhhbmtzIGZvciBhbGwgdGhpcy4NCg0KVGhhbmsgeW91 LCBTcGVuY2VyIQ0KDQrigJQgQ2FybG9zLg0KDQo+DQo+IFNwZW5jZXINCj4NCj4gPg0KPiA+IChK b2UncyBmb2xsb3ctdXAgaXMgYXQNCj4gPiBodHRwczovL21haWxhcmNoaXZlLmlldGYub3JnL2Fy Y2gvbXNnL3Rzdi1hcnQvQ3NkV3dSOUI1X0FCNjREMGVGbC1LSUU3X05BKQ0KPiA+DQo+ID4NCj4N Cj4NCj4gVGhhbmtzIGFnYWluIQ0KPg0KPiDigJQgQ2FybG9zLg0KDQo= --_000_00327B3B465B4BD1A392AD5E102F9044ciscocom_ Content-Type: text/html; charset="utf-8" Content-ID: <6643447AFDC82444B388C71DF59DA534@emea.cisco.com> Content-Transfer-Encoding: base64 PGh0bWw+DQo8aGVhZD4NCjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIgY29udGVudD0i dGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Ij4NCjwvaGVhZD4NCjxib2R5IHN0eWxlPSJ3b3JkLXdy YXA6IGJyZWFrLXdvcmQ7IC13ZWJraXQtbmJzcC1tb2RlOiBzcGFjZTsgLXdlYmtpdC1saW5lLWJy ZWFrOiBhZnRlci13aGl0ZS1zcGFjZTsiIGNsYXNzPSIiPg0KU291bmRzIGxpa2UgYSBnb29kIGFw cHJvYWNoLCBTcGVuY2VyLiBEb25lLg0KPGRpdiBjbGFzcz0iIj48YnIgY2xhc3M9IiI+DQo8ZGl2 IGNsYXNzPSIiPg0KPGRpdiBzdHlsZT0iY29sb3I6IHJnYigwLCAwLCAwKTsgbGV0dGVyLXNwYWNp bmc6IG5vcm1hbDsgdGV4dC1hbGlnbjogc3RhcnQ7IHRleHQtaW5kZW50OiAwcHg7IHRleHQtdHJh bnNmb3JtOiBub25lOyB3aGl0ZS1zcGFjZTogbm9ybWFsOyB3b3JkLXNwYWNpbmc6IDBweDsgLXdl YmtpdC10ZXh0LXN0cm9rZS13aWR0aDogMHB4OyB3b3JkLXdyYXA6IGJyZWFrLXdvcmQ7IC13ZWJr aXQtbmJzcC1tb2RlOiBzcGFjZTsgLXdlYmtpdC1saW5lLWJyZWFrOiBhZnRlci13aGl0ZS1zcGFj ZTsiIGNsYXNzPSIiPg0K4oCUPGJyIGNsYXNzPSIiPg0KQ2FybG9zIFBpZ25hdGFybywmbmJzcDs8 YSBocmVmPSJtYWlsdG86Y2FybG9zQGNpc2NvLmNvbSIgY2xhc3M9IiI+Y2FybG9zQGNpc2NvLmNv bTwvYT48YnIgY2xhc3M9IiI+DQo8YnIgY2xhc3M9IiI+DQo8aSBjbGFzcz0iIj7igJxTb21ldGlt ZXMgSSB1c2UgYmlnIHdvcmRzIHRoYXQgSSBkbyBub3QgZnVsbHkgdW5kZXJzdGFuZCwgdG8gbWFr ZSBteXNlbGYgc291bmQgbW9yZSBwaG90b3N5bnRoZXNpcy4mcXVvdDs8L2k+PC9kaXY+DQo8L2Rp dj4NCjxiciBjbGFzcz0iIj4NCjxkaXY+DQo8YmxvY2txdW90ZSB0eXBlPSJjaXRlIiBjbGFzcz0i Ij4NCjxkaXYgY2xhc3M9IiI+T24gU2VwIDI3LCAyMDE3LCBhdCA4OjA1IEFNLCBTcGVuY2VyIERh d2tpbnMgYXQgSUVURiAmbHQ7PGEgaHJlZj0ibWFpbHRvOnNwZW5jZXJkYXdraW5zLmlldGZAZ21h aWwuY29tIiBjbGFzcz0iIj5zcGVuY2VyZGF3a2lucy5pZXRmQGdtYWlsLmNvbTwvYT4mZ3Q7IHdy b3RlOjwvZGl2Pg0KPGJyIGNsYXNzPSJBcHBsZS1pbnRlcmNoYW5nZS1uZXdsaW5lIj4NCjxkaXYg Y2xhc3M9IiI+DQo8ZGl2IGRpcj0iYXV0byIgc3R5bGU9ImZvbnQtZmFtaWx5OiBIZWx2ZXRpY2E7 IGZvbnQtc2l6ZTogMTJweDsgZm9udC1zdHlsZTogbm9ybWFsOyBmb250LXZhcmlhbnQtY2Fwczog bm9ybWFsOyBmb250LXdlaWdodDogbm9ybWFsOyBsZXR0ZXItc3BhY2luZzogbm9ybWFsOyB0ZXh0 LWFsaWduOiBzdGFydDsgdGV4dC1pbmRlbnQ6IDBweDsgdGV4dC10cmFuc2Zvcm06IG5vbmU7IHdo aXRlLXNwYWNlOiBub3JtYWw7IHdvcmQtc3BhY2luZzogMHB4OyAtd2Via2l0LXRleHQtc3Ryb2tl LXdpZHRoOiAwcHg7IiBjbGFzcz0iIj4NCjxkaXYgY2xhc3M9IiI+SGksIENhcmxvcyw8YnIgY2xh c3M9IiI+DQo8ZGl2IGNsYXNzPSJnbWFpbF9leHRyYSI+PGJyIGNsYXNzPSIiPg0KPGRpdiBjbGFz cz0iZ21haWxfcXVvdGUiPk9uIFNlcCAyNywgMjAxNyAxOTo1MCwgJnF1b3Q7Q2FybG9zIFBpZ25h dGFybyAoY3BpZ25hdGEpJnF1b3Q7ICZsdDs8YSBocmVmPSJtYWlsdG86Y3BpZ25hdGFAY2lzY28u Y29tIiBjbGFzcz0iIj5jcGlnbmF0YUBjaXNjby5jb208L2E+Jmd0OyB3cm90ZTo8YnIgdHlwZT0i YXR0cmlidXRpb24iIGNsYXNzPSIiPg0KPGJsb2NrcXVvdGUgY2xhc3M9InF1b3RlIiBzdHlsZT0i bWFyZ2luOiAwcHggMHB4IDBweCAwLjhleDsgYm9yZGVyLWxlZnQtd2lkdGg6IDFweDsgYm9yZGVy LWxlZnQtc3R5bGU6IHNvbGlkOyBib3JkZXItbGVmdC1jb2xvcjogcmdiKDIwNCwgMjA0LCAyMDQp OyBwYWRkaW5nLWxlZnQ6IDFleDsiPg0KSGksIFNwZW5jZXIsPGJyIGNsYXNzPSIiPg0KPGJyIGNs YXNzPSIiPg0KVGhhbmsgeW91IGZvciB5b3VyIHF1aWNrIGFuZCB0aG91Z2h0ZnVsIHJlc3BvbnNl LjxiciBjbGFzcz0iIj4NCjxkaXYgY2xhc3M9InF1b3RlZC10ZXh0Ij48YnIgY2xhc3M9IiI+DQom Z3Q7IElmIG5vdCwgaXQncyBhIGNvbW1lbnQuIERvIHRoZSByaWdodCB0aGluZywgb2YgY291cnNl LjxiciBjbGFzcz0iIj4NCjxiciBjbGFzcz0iIj4NCjwvZGl2Pg0KV2UgdGFrZSB0aGUgY29tbWVu dCBzZXJpb3VzbHkgYXMgaXQgaXMgYSB1bmlxdWUgbGFzdCBvcHBvcnR1bml0eSB0byBpbXByb3Zl LCBhbmQmbmJzcDsgcmVhbGx5IGFwcHJlY2lhdGUgdGhlIOKAnERvIHRoZSByaWdodCB0aGluZ+KA nSBhcHByb2FjaC48YnIgY2xhc3M9IiI+DQo8YnIgY2xhc3M9IiI+DQpTcGVjaWZpY3MgaW5saW5l LjxiciBjbGFzcz0iIj4NCjxkaXYgY2xhc3M9ImVsaWRlZC10ZXh0Ij48YnIgY2xhc3M9IiI+DQo8 YnIgY2xhc3M9IiI+DQomZ3Q7IE9uIFNlcCAyNywgMjAxNywgYXQgMjoyOSBBTSwgU3BlbmNlciBE YXdraW5zIGF0IElFVEYgJmx0OzxhIGhyZWY9Im1haWx0bzpzcGVuY2VyZGF3a2lucy5pZXRmQGdt YWlsLmNvbSIgY2xhc3M9IiI+c3BlbmNlcmRhd2tpbnMuaWV0ZkBnbWFpbC5jb208L2E+PHdiciBj bGFzcz0iIj4mZ3Q7IHdyb3RlOjxiciBjbGFzcz0iIj4NCiZndDs8YnIgY2xhc3M9IiI+DQomZ3Q7 IEhpLCBDYXJsb3MsPGJyIGNsYXNzPSIiPg0KJmd0OzxiciBjbGFzcz0iIj4NCiZndDsgT24gU2Vw IDI3LCAyMDE3IDExOjQzLCAmcXVvdDtDYXJsb3MgUGlnbmF0YXJvIChjcGlnbmF0YSkmcXVvdDsg Jmx0OzxhIGhyZWY9Im1haWx0bzpjcGlnbmF0YUBjaXNjby5jb20iIGNsYXNzPSIiPmNwaWduYXRh QGNpc2NvLmNvbTwvYT4mZ3Q7IHdyb3RlOjxiciBjbGFzcz0iIj4NCiZndDsgTWFueSB0aGFua3Mg U3BlbmNlciBmb3IgdGhlIGNvbW1lbnRzIGJlbG93ITxiciBjbGFzcz0iIj4NCiZndDs8YnIgY2xh c3M9IiI+DQomZ3Q7IFBsZWFzZSBzZWUgaW5saW5lLjxiciBjbGFzcz0iIj4NCiZndDs8YnIgY2xh c3M9IiI+DQomZ3Q7ICZndDsgT24gU2VwIDI2LCAyMDE3LCBhdCAxMjoyMiBQTSwgU3BlbmNlciBE YXdraW5zICZsdDs8YSBocmVmPSJtYWlsdG86c3BlbmNlcmRhd2tpbnMuaWV0ZkBnbWFpbC5jb20i IGNsYXNzPSIiPnNwZW5jZXJkYXdraW5zLmlldGZAZ21haWwuY29tPC9hPjx3YnIgY2xhc3M9IiI+ Jmd0OyB3cm90ZTo8YnIgY2xhc3M9IiI+DQomZ3Q7ICZndDs8YnIgY2xhc3M9IiI+DQomZ3Q7ICZn dDsgU3BlbmNlciBEYXdraW5zIGhhcyBlbnRlcmVkIHRoZSBmb2xsb3dpbmcgYmFsbG90IHBvc2l0 aW9uIGZvcjxiciBjbGFzcz0iIj4NCiZndDsgJmd0OyBkcmFmdC1pZXRmLXNmYy1uc2gtMjQ6IE5v IE9iamVjdGlvbjxiciBjbGFzcz0iIj4NCiZndDsgJmd0OzxiciBjbGFzcz0iIj4NCiZndDsgJmd0 OyBXaGVuIHJlc3BvbmRpbmcsIHBsZWFzZSBrZWVwIHRoZSBzdWJqZWN0IGxpbmUgaW50YWN0IGFu ZCByZXBseSB0byBhbGw8YnIgY2xhc3M9IiI+DQomZ3Q7ICZndDsgZW1haWwgYWRkcmVzc2VzIGlu Y2x1ZGVkIGluIHRoZSBUbyBhbmQgQ0MgbGluZXMuIChGZWVsIGZyZWUgdG8gY3V0IHRoaXM8YnIg Y2xhc3M9IiI+DQomZ3Q7ICZndDsgaW50cm9kdWN0b3J5IHBhcmFncmFwaCwgaG93ZXZlci4pPGJy IGNsYXNzPSIiPg0KJmd0OyAmZ3Q7PGJyIGNsYXNzPSIiPg0KJmd0OyAmZ3Q7PGJyIGNsYXNzPSIi Pg0KJmd0OyAmZ3Q7IFBsZWFzZSByZWZlciB0bzxzcGFuIGNsYXNzPSJBcHBsZS1jb252ZXJ0ZWQt c3BhY2UiPiZuYnNwOzwvc3Bhbj48YSBocmVmPSJodHRwczovL3d3dy5pZXRmLm9yZy9pZXNnL3N0 YXRlbWVudC9kaXNjdXNzLWNyaXRlcmlhLmh0bWwiIHJlbD0ibm9yZWZlcnJlciIgdGFyZ2V0PSJf YmxhbmsiIGNsYXNzPSIiPmh0dHBzOi8vd3d3LmlldGYub3JnL2llc2cvPHdiciBjbGFzcz0iIj5z dGF0ZW1lbnQvZGlzY3Vzcy1jcml0ZXJpYS48d2JyIGNsYXNzPSIiPmh0bWw8L2E+PGJyIGNsYXNz PSIiPg0KJmd0OyAmZ3Q7IGZvciBtb3JlIGluZm9ybWF0aW9uIGFib3V0IElFU0cgRElTQ1VTUyBh bmQgQ09NTUVOVCBwb3NpdGlvbnMuPGJyIGNsYXNzPSIiPg0KJmd0OyAmZ3Q7PGJyIGNsYXNzPSIi Pg0KJmd0OyAmZ3Q7PGJyIGNsYXNzPSIiPg0KJmd0OyAmZ3Q7IFRoZSBkb2N1bWVudCwgYWxvbmcg d2l0aCBvdGhlciBiYWxsb3QgcG9zaXRpb25zLCBjYW4gYmUgZm91bmQgaGVyZTo8YnIgY2xhc3M9 IiI+DQomZ3Q7ICZndDs8c3BhbiBjbGFzcz0iQXBwbGUtY29udmVydGVkLXNwYWNlIj4mbmJzcDs8 L3NwYW4+PGEgaHJlZj0iaHR0cHM6Ly9kYXRhdHJhY2tlci5pZXRmLm9yZy9kb2MvZHJhZnQtaWV0 Zi1zZmMtbnNoLyIgcmVsPSJub3JlZmVycmVyIiB0YXJnZXQ9Il9ibGFuayIgY2xhc3M9IiI+aHR0 cHM6Ly9kYXRhdHJhY2tlci5pZXRmLm9yZy88d2JyIGNsYXNzPSIiPmRvYy9kcmFmdC1pZXRmLXNm Yy1uc2gvPC9hPjxiciBjbGFzcz0iIj4NCiZndDsgJmd0OzxiciBjbGFzcz0iIj4NCiZndDsgJmd0 OzxiciBjbGFzcz0iIj4NCiZndDsgJmd0OzxiciBjbGFzcz0iIj4NCiZndDsgJmd0OyAtLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS08d2JyIGNsYXNzPSIiPi0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLTx3YnIgY2xhc3M9IiI+LS0tLS0tLS0tLTxiciBjbGFzcz0iIj4NCiZndDsgJmd0 OyBDT01NRU5UOjxiciBjbGFzcz0iIj4NCiZndDsgJmd0OyAtLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS08d2JyIGNsYXNzPSIiPi0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLTx3YnIg Y2xhc3M9IiI+LS0tLS0tLS0tLTxiciBjbGFzcz0iIj4NCiZndDsgJmd0OzxiciBjbGFzcz0iIj4N CiZndDsgJmd0OyBUaGFuayB5b3UgZm9yIHJlc3BvbmRpbmcgdG8gV2VzIEVkZHkncyBUU1YtQVJU IHJldmlldyBvZiAtMTkgKGFuZCwgb2YgY291cnNlLDxiciBjbGFzcz0iIj4NCiZndDsgJmd0OyBm b3IgbWFraW5nIHRleHQgY2hhbmdlcyB0aGF0IHNlZW1lZCBhcHByb3ByaWF0ZSkuPGJyIGNsYXNz PSIiPg0KJmd0OyAmZ3Q7PGJyIGNsYXNzPSIiPg0KJmd0OzxiciBjbGFzcz0iIj4NCiZndDsgVGhh bmtzIHRvIFdlcyBmb3IgdGFraW5nIHRoZSB0aW1lIHRvIHJldmlldyE8YnIgY2xhc3M9IiI+DQom Z3Q7PGJyIGNsYXNzPSIiPg0KJmd0OyBXZSBkaWQgZ28gb3ZlciB0aGUgd2hvbGUgZG9jdW1lbnQg d2l0aCBhIGZpbmUgY29tYiBjbGVhbmluZyB1cCB0ZXJtcyBiYXNlZCBvbiBXZXPigJkgZmVlZGJh Y2suPGJyIGNsYXNzPSIiPg0KJmd0OzxiciBjbGFzcz0iIj4NCiZndDsgJmd0OyBJdCBzZWVtcyB0 byBtZSB0aGF0IHlvdSBkZXNjcmliZSBleHBlY3RhdGlvbnMgYWJvdXQgdGhlIGFwcGxpY2FiaWxp dHkgb2YgTlNIIGluPGJyIGNsYXNzPSIiPg0KJmd0OyAmZ3Q7IHZhcmlvdXMgcGxhY2VzIGluIHRo ZSBkb2N1bWVudCwgYW5kIGluIHZhcmlvdXMgd2F5cy4gWW91IG1pZ2h0IGNvbnNpZGVyIChmb3I8 YnIgY2xhc3M9IiI+DQomZ3Q7ICZndDsgZXhhbXBsZSkgcHVsbGluZyB0aGUgY29tbW9uIGVsZW1l bnRzIG9mIHN0YXRlbWVudHMgbGlrZSAoZnJvbSBTZWN0aW9uIDUpPGJyIGNsYXNzPSIiPg0KJmd0 OyAmZ3Q7PGJyIGNsYXNzPSIiPg0KJmd0OyAmZ3Q7Jm5ic3A7ICZuYnNwO1dpdGhpbiBhIG1hbmFn ZWQgYWRtaW5pc3RyYXRpdmUgZG9tYWluLCBhbiBvcGVyYXRvciBjYW4gZW5zdXJlIHRoYXQ8YnIg Y2xhc3M9IiI+DQomZ3Q7ICZndDsmbmJzcDsgJm5ic3A7dGhlIHVuZGVybGF5IE1UVSBpcyBzdWZm aWNpZW50IHRvIGNhcnJ5IFNGQyB0cmFmZmljIHdpdGhvdXQgcmVxdWlyaW5nPGJyIGNsYXNzPSIi Pg0KJmd0OyAmZ3Q7Jm5ic3A7ICZuYnNwO2ZyYWdtZW50YXRpb24uJm5ic3A7IEdpdmVuIHRoYXQg dGhlIGludGVuZGVkIHNjb3BlIG9mIHRoZSBOU0ggaXMgd2l0aGluIGE8YnIgY2xhc3M9IiI+DQom Z3Q7ICZndDsmbmJzcDsgJm5ic3A7c2luZ2xlIHByb3ZpZGVyJ3Mgb3BlcmF0aW9uYWwgZG9tYWlu LCB0aGF0IGFwcHJvYWNoIGlzIHN1ZmZpY2llbnQuPGJyIGNsYXNzPSIiPg0KJmd0OyAmZ3Q7PGJy IGNsYXNzPSIiPg0KJmd0OyAmZ3Q7IGFuZCAoZnJvbSBTZWN0aW9uIDgpPGJyIGNsYXNzPSIiPg0K Jmd0OyAmZ3Q7PGJyIGNsYXNzPSIiPg0KJmd0OyAmZ3Q7Jm5ic3A7IE5TSCBpcyBkZXNpZ25lZCBm b3IgdXNlIHdpdGhpbiBvcGVyYXRvciBlbnZpcm9ubWVudHMuJm5ic3A7IEFzIHN1Y2gsIGl0PGJy IGNsYXNzPSIiPg0KJmd0OyAmZ3Q7Jm5ic3A7ICZuYnNwO2RvZXMgbm90IGluY2x1ZGUgYW55IG1h bmRhdG9yeSBzZWN1cml0eSBtZWNoYW5pc21zLiZuYnNwOyBBcyB3aXRoIG1hbnk8YnIgY2xhc3M9 IiI+DQomZ3Q7ICZndDsmbmJzcDsgJm5ic3A7b3RoZXIgcHJvdG9jb2xzLCB3aXRob3V0IGVuaGFu Y2VtZW50cywgdGhlIE5TSCBlbmNhcHN1bGF0aW9uIGNhbiBiZTxiciBjbGFzcz0iIj4NCiZndDsg Jmd0OyZuYnNwOyAmbmJzcDtzcG9vZmVkIGFuZCBpcyBzdWJqZWN0IHRvIHNub29waW5nIGFuZCBt b2RpZmljYXRpb24gaW4gdHJhbnNpdC48YnIgY2xhc3M9IiI+DQomZ3Q7ICZndDs8YnIgY2xhc3M9 IiI+DQomZ3Q7ICZndDsmbmJzcDsgJm5ic3A7SG93ZXZlciwgdGhlIGRlcGxveW1lbnQgc2NvcGUg KGFzIGRlZmluZWQgaW4gW1JGQzc2NjVdKSBvZiB0aGUgTlNIPGJyIGNsYXNzPSIiPg0KJmd0OyAm Z3Q7Jm5ic3A7ICZuYnNwO2VuY2Fwc3VsYXRpb24gaXMgbGltaXRlZCB0byBhIHNpbmdsZSBuZXR3 b3JrIGFkbWluaXN0cmF0aXZlIGRvbWFpbiBhczxiciBjbGFzcz0iIj4NCiZndDsgJmd0OyZuYnNw OyAmbmJzcDthIGNvbnRyb2xsZWQgZW52aXJvbm1lbnQsIHdpdGggdHJ1c3RlZCBkZXZpY2VzIChl LmcuLCBhIGRhdGEgY2VudGVyKTxiciBjbGFzcz0iIj4NCiZndDsgJmd0OyZuYnNwOyAmbmJzcDto ZW5jZSBtaXRpZ2F0aW5nIHRoZSByaXNrIG9mIHVuYXV0aG9yaXplZCBtYW5pcHVsYXRpb24gb2Yg dGhlPGJyIGNsYXNzPSIiPg0KJmd0OyAmZ3Q7Jm5ic3A7ICZuYnNwO2VuY2Fwc3VsYXRpb24gaGVh ZGVycyBvciBtZXRhZGF0YS4mbmJzcDsgVGhpcyBjb250cm9sbGVkIGVudmlyb25tZW50IGlzIGFu PGJyIGNsYXNzPSIiPg0KJmd0OyAmZ3Q7Jm5ic3A7ICZuYnNwO2ltcG9ydGFudCBhc3N1bXB0aW9u IGZvciBOU0guJm5ic3A7IFRoZXJlIGlzIG9uZSBhZGRpdGlvbmFsIGltcG9ydGFudDxiciBjbGFz cz0iIj4NCiZndDsgJmd0OyZuYnNwOyAmbmJzcDthc3N1bXB0aW9uOiBBbGwgb2YgdGhlIHNlcnZp Y2UgZnVuY3Rpb25zIHVzZWQgYnkgYW4gb3BlcmF0b3IgaW48YnIgY2xhc3M9IiI+DQomZ3Q7ICZn dDsmbmJzcDsgJm5ic3A7c2VydmljZSBjaGFpbnMgYXJlIGFzc3VtZWQgdG8gYmUgc2VsZWN0ZWQg YW5kIHZldHRlZCBieSB0aGUgb3BlcmF0b3IuPGJyIGNsYXNzPSIiPg0KJmd0OyAmZ3Q7PGJyIGNs YXNzPSIiPg0KJmd0OyAmZ3Q7IGludG8gb25lIHNlY3Rpb24gZGVzY3JpYmluZyB0aGUgYXBwbGlj YWJpbGl0eSBvZiBOU0gsIGFwcGVhcmluZyBNVUNIIGVhcmxpZXIgaW48YnIgY2xhc3M9IiI+DQom Z3Q7ICZndDsgdGhlIGRvY3VtZW50ICh0aGUgbW9zdCBkZXRhaWxlZCBkZXNjcmlwdGlvbiBvZiB5 b3VyIGV4cGVjdGF0aW9ucyBsb29rcyBsaWtlIGl0PGJyIGNsYXNzPSIiPg0KJmd0OyAmZ3Q7IGFw cGVhcnMgaW4gdGhlIFNlY3VyaXR5IENvbnNpZGVyYXRpb25zIHNlY3Rpb24sIGJ1dCBwYXJ0cyBv ZiB0aGF0IGRlc2NyaXB0aW9uPGJyIGNsYXNzPSIiPg0KJmd0OyAmZ3Q7IGFyZSBhcHBsaWNhYmxl IHRvIHRoZSBGcmFnbWVudGF0aW9uIENvbnNpZGVyYXRpb25zIHNlY3Rpb24sIHdoaWNoIGFwcGVh cnMgdGhyZWU8YnIgY2xhc3M9IiI+DQomZ3Q7ICZndDsgc2VjdGlvbnMgZWFybGllciBpbiB0aGUg ZG9jdW1lbnQpLiBUaGUgcmVhZGVyIHdvdWxkIGhhdmUgeW91ciBpbnRlbmRlZDxiciBjbGFzcz0i Ij4NCiZndDsgJmd0OyBhcHBsaWNhYmlsaXR5IGluIG1pbmQgbXVjaCBlYXJsaWVyIGFuZCBtb3Jl IGNsZWFybHksIGFuZCB5b3UgY291bGQganVzdCBpbnZva2U8YnIgY2xhc3M9IiI+DQomZ3Q7ICZn dDsgeW91ciBleHBlY3RhdGlvbnMgYnkgcmVmZXJlbmNlIHdoZW4geW91IG5lZWQgdG8gZXhwbGFp biBob3cgdGhleSBhcHBseTxiciBjbGFzcz0iIj4NCiZndDsgJmd0OyBlbHNld2hlcmUgaW4gdGhl IGRvY3VtZW50LCBzbyB0aGUgZXhwZWN0YXRpb25zIGluIHBsYXkgd291bGQgYmUgY29uc2lzdGVu dDxiciBjbGFzcz0iIj4NCiZndDsgJmd0OyBhY3Jvc3MgbWVudGlvbnMgdGhyb3VnaG91dCB0aGUg ZG9jdW1lbnQuPGJyIGNsYXNzPSIiPg0KJmd0OzxiciBjbGFzcz0iIj4NCiZndDsgV2UgYXJlIHZl cnkgaGVzaXRhbnQgdG8gbWFrZSBkcmFzdGljIHN0cnVjdHVyYWwgbW9kaWZpY2F0aW9ucyB0byB0 aGUgZG9jdW1lbnQgYXQgdGhpcyBzdGFnZS48YnIgY2xhc3M9IiI+DQomZ3Q7PGJyIGNsYXNzPSIi Pg0KJmd0OyBVbmRlcnN0b29kIDotKTxiciBjbGFzcz0iIj4NCiZndDs8YnIgY2xhc3M9IiI+DQom Z3Q7IEkgdW5kZXJzdGFuZCB5b3VyIHBvaW50IGFib3V0IGNvbXBpbGluZyBhIGxpc3Qgb2YgZXhw ZWN0YXRpb25zIHRocm91Z2hvdXQgdGhlIGRvY3VtZW50IGludG8gYSBzZWxmLWNvbnRhaW5lZCBp bmRleC4gSG93ZXZlciwgdGhvc2UgZXhwZWN0YXRpb25zIGFyZSB2ZXJ5IGRpZmZlcmVudCBmb3Ig ZWFjaCBhcmVhIChlLmcuLCBzZWN1cml0eSwgZW5jYXBzdWxhdGlvbiB0cmFuc3BvcnQsIGV0Yy4p IGFuZCBhcmUgY3VycmVudGx5IGZ1bmN0aW9uYWxseQ0KIG9yZ2FuaXplZC4gVGhlIGdvYWwgaXMg bm90IHRvIGhhdmUgYSBsaXN0IG9mIHJlcXVpcmVtZW50cywgYnV0IGhhdmUgaW1wbGVtZW50b3Jz IGZ1bmN0aW9uYWxseSByZWFkIHRocm91Z2ggdGhlIGNvbXBsZXRlIHNwZWNpZmljYXRpb24uPGJy IGNsYXNzPSIiPg0KJmd0OzxiciBjbGFzcz0iIj4NCiZndDsgUmlnaHQsIGJ1dCB0aGUgcHJvYmxl bSBpcyB0aGF0IHRoZSBleHBlY3RhdGlvbnMgdGhhdCBrZXB0IG1lIGZyb20gYmFsbG90aW5nIERp c2N1c3Mgd2VyZSB0aHJlZSBzZWN0aW9ucyBhZnRlciB0aGUgc2VjdGlvbiBUU1YgQURzIHR1cm4g dG8gYXV0b21hdGljYWxseS4gU28gb3VyIG1pbGVhZ2UgZm9yIGZ1bmN0aW9uYWwgb3JnYW5pemF0 aW9uIGRpZmZlcnMuPGJyIGNsYXNzPSIiPg0KJmd0OzxiciBjbGFzcz0iIj4NCiZndDsgSVNUTSB0 aGF0IHByb3ZpZGluZyBrZXkgaW5mb3JtYXRpb24gYWxsb3dpbmcgYW4gaW5mb3JtZWQgZGVjaXNp b24gYWJvdXQgd2hldGhlciB0byB1c2UgdGhpcyBtZWNoYW5pc20gaW4gdGhlIDh0aCBzZWN0aW9u LCB1bmRlciBzZWN1cml0eSBjb25zaWRlcmF0aW9ucywgaXMgcmVhbGx5IHdhaXRpbmcgdW50aWwg dGhlIGxhc3QgbWludXRlLiBTdXNwZW5zZSBpcyBnb29kIGZvciBub3ZlbHMsIGJ1dCBtYXliZSBu b3QgZm9yIGltcGxlbWVudGVycyBhbmQNCiBvcGVyYXRvcnMuPGJyIGNsYXNzPSIiPg0KJmd0Ozxi ciBjbGFzcz0iIj4NCiZndDsgVGhpcyBpc24ndCBxdWl0ZSBhcyBsYXRlIGFzIGFkZGluZyBNVVNU cyBpbiB0aGUgSUFOQSBjb25zaWRlcmF0aW9ucyBzZWN0aW9uLCBidXQgaXQncyBjbG9zZS48YnIg Y2xhc3M9IiI+DQomZ3Q7PGJyIGNsYXNzPSIiPg0KJmd0OyBJZiB5b3UgY2FuIHRoaW5rIG9mIGEg YmV0dGVyIHdheSB0byBlbnN1cmUgdGhhdCBwZW9wbGUgbWFraW5nIGRlcGxveW1lbnQgZGVjaXNp b25zIHVuZGVyc3RhbmQgdGhlIGxpbWl0YXRpb25zLCB0aGF0IHdvdWxkIGJlIGdvb2QuPGJyIGNs YXNzPSIiPg0KJmd0OzxiciBjbGFzcz0iIj4NCjxiciBjbGFzcz0iIj4NCjwvZGl2Pg0KSSB0aGlu ayB3aGF0IHlvdSBhcmUgYWZ0ZXIgaXMgbW9zdGx5IGNvbnRhaW5lZCBpbiB0aGUgbGFzdCA0IHBh cmFncmFwaHMgb2YgdGhlIEludHJvZHVjdGlvbi4gV291bGQgaXQgaGVscCBpZiB3ZSBwbGFjZSB0 aG9zZSB1bmRlciBhIHN1Yi1oZWFkaW5nIOKAnDEuMSBTY29wZeKAnSBvciDigJwxLjEgQXBwbGlj YWJpbGl0eeKAnT88YnIgY2xhc3M9IiI+DQo8L2Jsb2NrcXVvdGU+DQo8L2Rpdj4NCjwvZGl2Pg0K PC9kaXY+DQo8ZGl2IGRpcj0iYXV0byIgY2xhc3M9IiI+PGJyIGNsYXNzPSIiPg0KPC9kaXY+DQo8 ZGl2IGRpcj0iYXV0byIgY2xhc3M9IiI+VGhpcyBzZWVtcyBoZWxwZnVsLiBJZiBpdCdzIHVzZWZ1 bCBmb3IgeW91IHRvIGtub3csIEknZCBwcmVmZXIgQXBwbGljYWJpbGl0eSwganVzdCBiZWNhdXNl IEkgdGhpbmsgSUVURiBpcyBkb2luZyBtb3JlIHNwZWNpZmljYXRpb25zIHRoYXQgYXJlbid0IGdl bmVyaWNhbGx5IGRlcGxveWFibGUsIGFuZCB3b3VsZCBsaWtlIG91ciByZWFkZXJzIGFuZCBpbXBs ZW1lbnRlcnMgdG8gYmUgbW9yZSBhd2FyZSBvZg0KIHdoZXRoZXIgdGhleSBzaG91bGQgYmUgdXNp bmcgZWFjaCBjb29sIG5ldyB0aGluZyBvbiB0aGVpciBvd24gbmV0d29ya3MuPC9kaXY+DQo8ZGl2 IGRpcj0iYXV0byIgY2xhc3M9IiI+PGJyIGNsYXNzPSIiPg0KPC9kaXY+DQo8ZGl2IGRpcj0iYXV0 byIgY2xhc3M9IiI+WW91IG1heSBoYXZlIG5vdGljZWQgdGhhdCBtb3N0IG9mIG91ciByZWNlbnQg dHVubmVsaW5nIHNwZWNpZmljYXRpb25zIGJyZWFrIGNvbmdlc3Rpb24gY29uc2lkZXJhdGlvbnMg aW50byB0d28gc2VjdGlvbnMgLSBvbmUsIHNheWluZyB3aGF0J3Mgc2FmZSB0byBkZXBsb3kgYW55 d2hlcmUsIGFuZCBvbmUgc2F5aW5nIHdoYXQgeW91IGNhbiBwcm9iYWJseSBnZXQgYXdheSB3aXRo IGlmIHlvdXIgbmV0d29yaw0KIGlzIGNsb3NlbHkgbW9uaXRvcmVkLjwvZGl2Pg0KPGRpdiBkaXI9 ImF1dG8iIGNsYXNzPSIiPjxiciBjbGFzcz0iIj4NCjwvZGl2Pg0KPGRpdiBkaXI9ImF1dG8iIGNs YXNzPSIiPldlIHdhbnQgcGVvcGxlIHRvIGJlIHZlcnkgYXdhcmUgb2YgYXBwbGljYWJpbGl0eSBj b25zaWRlcmF0aW9ucyBpbiBtYW55IGNhc2VzLjwvZGl2Pg0KPGRpdiBkaXI9ImF1dG8iIGNsYXNz PSIiPjxiciBjbGFzcz0iIj4NCjwvZGl2Pg0KPGRpdiBkaXI9ImF1dG8iIGNsYXNzPSIiPg0KPGRp diBjbGFzcz0iZ21haWxfZXh0cmEiPg0KPGRpdiBjbGFzcz0iZ21haWxfcXVvdGUiPg0KPGJsb2Nr cXVvdGUgY2xhc3M9InF1b3RlIiBzdHlsZT0ibWFyZ2luOiAwcHggMHB4IDBweCAwLjhleDsgYm9y ZGVyLWxlZnQtd2lkdGg6IDFweDsgYm9yZGVyLWxlZnQtc3R5bGU6IHNvbGlkOyBib3JkZXItbGVm dC1jb2xvcjogcmdiKDIwNCwgMjA0LCAyMDQpOyBwYWRkaW5nLWxlZnQ6IDFleDsiPg0KPGRpdiBj bGFzcz0iZWxpZGVkLXRleHQiPiZndDsgSWYgbm90LCBpdCdzIGEgY29tbWVudC4gRG8gdGhlIHJp Z2h0IHRoaW5nLCBvZiBjb3Vyc2UuPGJyIGNsYXNzPSIiPg0KJmd0OzxiciBjbGFzcz0iIj4NCiZn dDsmbmJzcDsgQmFzZWQgb24gZWFybGllciBmZWVkYmFjaywgd2UgZGlkIHByZXNlbnQgYSBtb3Jl IGRlbGliZXJhdGUgYW5kIGludGVudGlvbmFsIGFwcGxpY2FiaWxpdHkgZWFybHkgb24sIGluIHRo ZSBJbnRyb2R1Y3Rpb24uIFNlZSB0aGlyZC10by1sYXN0IHBhcmFncmFwaCBvZiBTZWN0aW9uIDEu PGJyIGNsYXNzPSIiPg0KJmd0OzxiciBjbGFzcz0iIj4NCiZndDsgVGhhdCBkZWZpbml0ZWx5IGhl bHBzLiBUaGFua3MgZm9yIHRoYXQuPGJyIGNsYXNzPSIiPg0KJmd0OzxiciBjbGFzcz0iIj4NCiZn dDsgJmd0OzxiciBjbGFzcz0iIj4NCiZndDsgJmd0OyBJJ20gc3RpbGwgYm90aGVyZWQgdGhhdCB0 aGlzIGRvY3VtZW50IGRvZXNuJ3QgZXhwbGljaXRseSBtZW50aW9uIElDTVAgYmxvY2tpbmc8YnIg Y2xhc3M9IiI+DQomZ3Q7ICZndDsgYXMgYSBwcm9ibGVtIGZvciBQTVRVRCB3aXRoIElQIGVuY2Fw c3VsYXRpb25zLjxiciBjbGFzcz0iIj4NCiZndDs8YnIgY2xhc3M9IiI+DQomZ3Q7IFdlIGRvIG5v dCB3YW50IHRvIHRha2UgYXdheSBmcm9tIHRoZSBmb2N1cyBvZiB0aGUgZG9jdW1lbnQsIHRvIGhh dmUgYW4gYW5hbHlzaXMgb2YgUE1UVUQuIERvaW5nIHNvIHdvdWxkIGJlIHVuZmFpciB0byBQTVRV RCwgYW5kIGludmFyaWFibHkgaW5jb3JyZWN0IGJ5IG9taXNzaW9uLiBUaGVyZSBhcmUgb3RoZXIg dGhpbmdzIHRoYXQgYnJlYWsgUE1UVUQgdG9vIHBvdGVudGlhbGx5LCBhbmQgb3RoZXIgcmlza3Mg c3VjaCBhcyBJQ01QIGF0dGFja3MsDQogZXRjLjxiciBjbGFzcz0iIj4NCiZndDs8YnIgY2xhc3M9 IiI+DQomZ3Q7IEdpdmVuIHRoZSBmYWN0IHRoYXQgdGhlIElQIGVuY2Fwc3VsYXRpb24gY2FuIGJl IElQdjQgb3IgSVB2Niwgd2UgZG8gbm90IHdhbnQgdG8gZXhwbGFpbiBQTVRVRC48YnIgY2xhc3M9 IiI+DQomZ3Q7PGJyIGNsYXNzPSIiPg0KJmd0OyBUaGF0IHNhaWQsIGlmIHRoZXJlIGlzIGEgc2lu Z2xlIFJlZmVyZW5jZSB0aGF0IHlvdSBmZWVsIGNhcHR1cmVzIHRoZSBQTVRVRCBwcm9ibGVtcyBh bmQgZ3VpZGFuY2UsIHdlIHdpbGwgYmUgaGFwcHkgdG8gYWRkIGl0ITxiciBjbGFzcz0iIj4NCiZn dDs8YnIgY2xhc3M9IiI+DQomZ3Q7PGJyIGNsYXNzPSIiPg0KJmd0OyAmZ3Q7IFdlJ3JlIGp1c3Qg bm90IGdvb2QgYXQgcGF0aCBNVFU8YnIgY2xhc3M9IiI+DQomZ3Q7ICZndDsgZGlzY292ZXJ5LCBz byBpdCBzZWVtcyB1c2VmdWwgdG8gY2FsbCB0aGlzIG91dCBleHBsaWNpdGx5IHdoZW4gYSBkb2N1 bWVudDxiciBjbGFzcz0iIj4NCiZndDsgJmd0OyBleHBlY3RzIHRvIHVzZSBQTVRVRC4gVGhhdCB3 YXksIHBlb3BsZSB3aG8gdXNlIE5TSCB3aWxsIGtub3cgdG8gY2hlY2sgZm9yIElDTVA8YnIgY2xh c3M9IiI+DQomZ3Q7ICZndDsgYmxvY2tpbmcgb24gdGhlaXIgbmV0d29ya3MgYmVmb3JlIHRoZXkg cmVjZWl2ZSB0aGVpciBmaXJzdCB0cm91YmxlIHJlcG9ydHMuPGJyIGNsYXNzPSIiPg0KJmd0OyAm Z3Q7IFRoaXMgYWxtb3N0IHJlYWNoZWQgbXkgdGhyZXNob2xkIGZvciBiYWxsb3RpbmcgRGlzY3Vz cywgc28gSSdkIGhvcGUgeW91IGZvbGtzPGJyIGNsYXNzPSIiPg0KJmd0OyAmZ3Q7IHdvdWxkIGNv bnNpZGVyIHRoYXQuPGJyIGNsYXNzPSIiPg0KJmd0OzxiciBjbGFzcz0iIj4NCiZndDsgV2UgYXJl IGNvbnNpZGVyaW5nIGFuZCBoYXBweSB0byBhZGQgc29tZSB0ZXh0IGFib3V0IHRoZSBwcm9ibGVt LiBIb3dldmVyLCB3ZSB3ZXJlIHVuYWJsZSB0byBmaW5kIGEgc2luZ2xlIHJlZmVyZW5jZSB0aGF0 IGF0b21pY2FsbHkgZGVzY3JpYmVzIHRoZSBwcm9ibGVtIGFuZCBnaXZlcyByZWNvbW1lbmRhdGlv bi4gRXZlbiBSRkMgODIwMSBpbmNsdWRlcyBvbmx5IGEgc2luZ2xlLXNlbnRlbmNlIGxvc3QgaW4g bWlkZGxlIG9mIHRoZSBJbnRyb2R1Y3Rpb24uPGJyIGNsYXNzPSIiPg0KJmd0OzxiciBjbGFzcz0i Ij4NCiZndDsgVGhlIHJlYXNvbiBjb21pbmcgdXAgd2l0aCBhIHJlZmVyZW5jZSBmb3IgdGhpcyBp cyBoYXJkLCBpcyBiZWNhdXNlIHdlJ3JlIGp1c3Qgbm90IHZlcnkgZ29vZCBhdCBwYXRoIE1UVSBk aXNjb3ZlcnkmbmJzcDsgOnA8YnIgY2xhc3M9IiI+DQomZ3Q7PGJyIGNsYXNzPSIiPg0KJmd0OyBC dXQgODIwMSBpcyBwb3NzaWJseSB0aGUgYmVzdCByZWZlcmVuY2UgYXZhaWxhYmxlIChyZWNlbnQg SW50ZXJuZXQgU3RhbmRhcmQpLiBEbyB0aGUgcmlnaHQgdGhpbmcgLi4uPGJyIGNsYXNzPSIiPg0K Jmd0OzxiciBjbGFzcz0iIj4NCiZndDs8YnIgY2xhc3M9IiI+DQomZ3Q7IFByb3Bvc2FsOjxiciBj bGFzcz0iIj4NCiZndDs8YnIgY2xhc3M9IiI+DQomZ3Q7IE9MRDo8YnIgY2xhc3M9IiI+DQomZ3Q7 Jm5ic3A7ICZuYnNwOyBGb3IgZXhhbXBsZSwgd2hlbiB0aGUgTlNIIGlzIGVuY2Fwc3VsYXRlZCBp biBJUCwgSVAtbGV2ZWw8YnIgY2xhc3M9IiI+DQomZ3Q7Jm5ic3A7ICZuYnNwOyBmcmFnbWVudGF0 aW9uIGNvdXBsZWQgd2l0aCBQYXRoIE1UVSBEaXNjb3ZlcnkgKFBNVFVEKSBpcyB1c2VkLjxiciBj bGFzcz0iIj4NCiZndDs8YnIgY2xhc3M9IiI+DQomZ3Q7IE5FVzo8YnIgY2xhc3M9IiI+DQomZ3Q7 PGJyIGNsYXNzPSIiPg0KJmd0OyZuYnNwOyAmbmJzcDsgRm9yIGV4YW1wbGUsIHdoZW4gdGhlIE5T SCBpcyBlbmNhcHN1bGF0ZWQgaW4gSVAsIElQLWxldmVsPGJyIGNsYXNzPSIiPg0KJmd0OyZuYnNw OyAmbmJzcDsgZnJhZ21lbnRhdGlvbiBjb3VwbGVkIHdpdGggUGF0aCBNVFUgRGlzY292ZXJ5IChQ TVRVRCkgaXMgdXNlZC4mbmJzcDsgU2luY2U8YnIgY2xhc3M9IiI+DQomZ3Q7Jm5ic3A7ICZuYnNw OyBQTVRVRCByZWxpZXMgb24gSUNNUCBtZXNzYWdlcywgYW4gb3BlcmF0b3Igc2hvdWxkIGVuc3Vy ZSBJQ01QPGJyIGNsYXNzPSIiPg0KJmd0OyZuYnNwOyAmbmJzcDsgcGFja2V0cyBhcmUgbm90IGJs b2NrZWQuPGJyIGNsYXNzPSIiPg0KJmd0OzxiciBjbGFzcz0iIj4NCiZndDsgQnV0IGEgY2l0YXRp b24gd291bGQgZW5yaWNoIHRoaXMuIFBsZWFzZSBsZXQgdXMga25vdy4gUkZDIDI5MjMgaXMgdG9v IFRDUCBzcGVjaWZpYywgZXRjLi4uPGJyIGNsYXNzPSIiPg0KJmd0OzxiciBjbGFzcz0iIj4NCiZn dDsgVGhpcyB0ZXh0IGlzIGhlbHBmdWwuIElmIG1lbnRpb25pbmcgODIwMSBzb21ld2hlcmUgc2Vl bXMgaGVscGZ1bCwgdGhhdCB3b3VsZCBiZSBmaW5lIHdpdGggbWUuPGJyIGNsYXNzPSIiPg0KJmd0 OzxiciBjbGFzcz0iIj4NCjxiciBjbGFzcz0iIj4NCjwvZGl2Pg0KU291bmRzIGdvb2QuIEFkZGVk IGJvdGggdGhlIHRleHQgYW5kIGEgY2l0YXRpb24uPGJyIGNsYXNzPSIiPg0KPC9ibG9ja3F1b3Rl Pg0KPC9kaXY+DQo8L2Rpdj4NCjwvZGl2Pg0KPGRpdiBkaXI9ImF1dG8iIGNsYXNzPSIiPjxiciBj bGFzcz0iIj4NCjwvZGl2Pg0KPGRpdiBkaXI9ImF1dG8iIGNsYXNzPSIiPlRoYW5rcy4gSSB0aGlu ayB5b3UncmUgZ29vZCB0byBnby48L2Rpdj4NCjxkaXYgZGlyPSJhdXRvIiBjbGFzcz0iIj48YnIg Y2xhc3M9IiI+DQo8L2Rpdj4NCjxkaXYgZGlyPSJhdXRvIiBjbGFzcz0iIj5TcGVuY2VyPC9kaXY+ DQo8ZGl2IGRpcj0iYXV0byIgY2xhc3M9IiI+PGJyIGNsYXNzPSIiPg0KPC9kaXY+DQo8ZGl2IGRp cj0iYXV0byIgY2xhc3M9IiI+DQo8ZGl2IGNsYXNzPSJnbWFpbF9leHRyYSI+DQo8ZGl2IGNsYXNz PSJnbWFpbF9xdW90ZSI+DQo8YmxvY2txdW90ZSBjbGFzcz0icXVvdGUiIHN0eWxlPSJtYXJnaW46 IDBweCAwcHggMHB4IDAuOGV4OyBib3JkZXItbGVmdC13aWR0aDogMXB4OyBib3JkZXItbGVmdC1z dHlsZTogc29saWQ7IGJvcmRlci1sZWZ0LWNvbG9yOiByZ2IoMjA0LCAyMDQsIDIwNCk7IHBhZGRp bmctbGVmdDogMWV4OyI+DQo8ZGl2IGNsYXNzPSJxdW90ZWQtdGV4dCI+Jmd0OzxiciBjbGFzcz0i Ij4NCiZndDsgJmd0OzxiciBjbGFzcz0iIj4NCiZndDsgJmd0OyBJIHNlZSB0aGF0IHRoZSBhcHBs aWNhYmlsaXR5IG9mIE5TSCBpbmNsdWRlcyBlbmNhcHN1bGF0aW9ucyB0aGF0IGRvbid0IHByb3Zp ZGU8YnIgY2xhc3M9IiI+DQomZ3Q7ICZndDsgYSBwYXRoIE1UVSBkaXNjb3ZlcnkgbWVjaGFuaXNt LCBhbmQgdGhhdCB5b3VyIHJlc29sdXRpb24gZm9yIHRob3NlPGJyIGNsYXNzPSIiPg0KJmd0OyAm Z3Q7IGVuY2Fwc3VsYXRpb25zIGlzIHRvIGxvZyBldmVudHMgd2hlbiBhICZxdW90O3RvbyBiaWcm cXVvdDsgcGFja2V0IGlzIGRyb3BwZWQuIENvdWxkIHlvdTxiciBjbGFzcz0iIj4NCiZndDsgJmd0 OyBlZHVjYXRlIG1lLCBhcyB0byB3aGV0aGVyIGFsbCBlbmNhcHN1bGF0aW9ucyBkZXRlY3QgdGhh dCB0aGlzIGlzIGhhcHBlbmluZz8gSXQ8YnIgY2xhc3M9IiI+DQomZ3Q7ICZndDsgbWlnaHQgYmUg dGhhdCBlbmNhcHN1bGF0aW9ucyBhcmUgdXNpbmcgYSBmaXhlZCBtYXhpbXVtIE1UVSBieSBkZWZp bml0aW9uLCBzbzxiciBjbGFzcz0iIj4NCiZndDsgJmd0OyB0aGF0IHdoYXQgeW91J3JlIGxvZ2dp bmcgaXMgYW4gYXR0ZW1wdCB0byBzZW5kIGEgcGF5bG9hZCB0aGF0IHZpb2xhdGVzIHRoZTxiciBj bGFzcz0iIj4NCiZndDsgJmd0OyBwcm90b2NvbCBkZWZpbml0aW9uIG9mIHRoZSBlbmNhcHN1bGF0 aW9uLCBidXQgSSBkb24ndCBrbm93IHRoYXQgdGhhdCdzIHRydWUgaW48YnIgY2xhc3M9IiI+DQom Z3Q7ICZndDsgYWxsIGNhc2VzLCBzbyB0aG91Z2h0IEkgc2hvdWxkIGFzay48YnIgY2xhc3M9IiI+ DQomZ3Q7PGJyIGNsYXNzPSIiPg0KJmd0OyBXZSBjYW5ub3QgcHJvdmUgaWYgKmFsbCogZW5jYXBz dWxhdGlvbnMgZGV0ZWN0IHRoYXQgYXMgaGFwcGVuaW5nLCBhcyB5b3UgYXJlIGFza2luZy4gSG93 ZXZlciwgaWYgYW4gZW5jYXBzdWxhdGlvbiBkcm9wcyBhIHBhY2tldCBmb3IgdGhhdCByZWFzb24g d2UgYXJlIGFkZGluZyBhIHJlcXVpcmVtZW50IGZvciB0aG9zZSBlbmNhcHMuPGJyIGNsYXNzPSIi Pg0KJmd0OzxiciBjbGFzcz0iIj4NCiZndDsgUGVyZmVjdC48YnIgY2xhc3M9IiI+DQomZ3Q7PGJy IGNsYXNzPSIiPg0KJmd0OyAmZ3Q7PGJyIGNsYXNzPSIiPg0KJmd0OyAmZ3Q7IEkgc2F3IGEgc3Vn Z2VzdGlvbiBmcm9tIEpvZSBUb3VjaCAoaW4gYSByZXNwb25zZSB0byB0aGUgVFNWLUFSVCByZXZp ZXcpIHRvPGJyIGNsYXNzPSIiPg0KJmd0OyAmZ3Q7IGNvbnNpZGVyIGxvb2tpbmcgYXQgdGhlIHRl cm1pbm9sb2d5IGRldmVsb3BlZCBmb3IgZHJhZnQtaWV0Zi1pbnRhcmVhLXR1bm5lbHMuIEk8YnIg Y2xhc3M9IiI+DQomZ3Q7ICZndDsgZGlkbid0IHNlZSBhIHJlcGx5IHRvIHRoYXQgc3VnZ2VzdGlv biwgYW5kIEkgZGlkbid0IHNlZSBhIHJlZmVyZW5jZSB0bzxiciBjbGFzcz0iIj4NCiZndDsgJmd0 OyBkcmFmdC1pZXRmLWludGFyZWEtdHVubmVscyBpbiAtMjQgLSB3YXMgdGhpcyBjb25zaWRlcmVk PzxiciBjbGFzcz0iIj4NCiZndDs8YnIgY2xhc3M9IiI+DQomZ3Q7IEFwb2xvZ2llcyBmb3Igbm90 IGhhdmluZyByZXNwb25kZWQuIFllcywgdGhpcyB3YXMgY29uc2lkZXJlZC48YnIgY2xhc3M9IiI+ DQomZ3Q7PGJyIGNsYXNzPSIiPg0KJmd0OyBUaGUgbmVlZHMgb2YgZHJhZnQtaWV0Zi1zZmMtbnNo IGFyZSBzbyBiYXNpYyBpbiB0aGlzIHJlZ2FyZHMgdGhhdCB3ZSB1c2Ugb25seSB0d28gdGVybXMu IFRob3NlIHR3byB0ZXJtcyBhcmUgZXhhY3QgdGVybXMgZGVmaW5lZCBpbiBkcmFmdC1pZXRmLWlu dGFyZWEtdHVubmVscy4gTVRVIGFuZCBQTVRVRC4gVGhpcyBkb2N1bWVudCBkb2VzIG5vdCBtYWtl IHVzZSBvZiB0aGluZ3MgbGlrZSBFTVRVX1IuPGJyIGNsYXNzPSIiPg0KJmd0OzxiciBjbGFzcz0i Ij4NCiZndDsgVGhhbmtzIGZvciB0aGUgZmVlZGJhY2suPGJyIGNsYXNzPSIiPg0KJmd0OzxiciBj bGFzcz0iIj4NCiZndDs8YnIgY2xhc3M9IiI+DQomZ3Q7ICZndDs8YnIgY2xhc3M9IiI+DQomZ3Q7 ICZndDsgKEknbSBhbHNvIGFza2luZyBiZWNhdXNlIEkgd2FudCB0byBrZWVwIHRyYWNrIG9mIHdo ZXRoZXIgcGVvcGxlIGFwcGx5aW5nPGJyIGNsYXNzPSIiPg0KJmd0OyAmZ3Q7IGVuY2Fwc3VsYXRp b25zIGZpbmQgdGhhdCBkb2N1bWVudCB1c2VmdWwsIG9mIGNvdXJzZSk8YnIgY2xhc3M9IiI+DQom Z3Q7PGJyIGNsYXNzPSIiPg0KJmd0OyBJIHJldmlld2VkIGFuIGVhcmxpZXIgaXRlcmF0aW9uIG9m IHRoYXQgZG9jdW1lbnQsIGFsbW9zdCBhIGRlY2FkZSBhZ28gKCEhKSBhbmQgc2VudCBwYWdlcyBv ZiBjb21tZW50cy4gSSBhbHNvIHJldmlld2VkIGEgc3Vic2VxdWVudCBpbnRhcmVhIFdHIHZlcnNp b24gb2YgaXQuIFRoZSBhcHBsaWNhYmlsaXR5IG9mIHRoYXQgZG9jIHRvIGRyYWZ0LWlldGYtc2Zj LW5zaCBpcyBxdWl0ZSBsaW1pdGVkLjxiciBjbGFzcz0iIj4NCiZndDs8YnIgY2xhc3M9IiI+DQom Z3Q7IEJ5IHRoZSB3YXksIHRoZSB0cmVhdG1lbnQgb2YgSUNNUCBibG9ja2FnZSBpbiBkcmFmdC1p ZXRmLWludGFyZWEtdHVubmVscyBpcyBxdWl0ZSBub3QgZXhoYXVzdGl2ZSDigJQgYW5kIHRoYXQg ZG9jdW1lbnQgc2VlbXMgYSBiZXR0ZXIgcGxhY2UgZm9yIGNvbXBsYWluaW5nIGFib3V0IElDTVAg YW5kIFBNVFVELjxiciBjbGFzcz0iIj4NCiZndDs8YnIgY2xhc3M9IiI+DQomZ3Q7IFBlcmhhcHMg c28uPGJyIGNsYXNzPSIiPg0KJmd0OzxiciBjbGFzcz0iIj4NCiZndDsgVGhhbmtzIGZvciBhbGwg dGhpcy48YnIgY2xhc3M9IiI+DQo8YnIgY2xhc3M9IiI+DQo8L2Rpdj4NClRoYW5rIHlvdSwgU3Bl bmNlciE8YnIgY2xhc3M9IiI+DQo8Zm9udCBjb2xvcj0iIzg4ODg4OCIgY2xhc3M9IiI+PGJyIGNs YXNzPSIiPg0K4oCUIENhcmxvcy48YnIgY2xhc3M9IiI+DQo8L2ZvbnQ+DQo8ZGl2IGNsYXNzPSJl bGlkZWQtdGV4dCI+PGJyIGNsYXNzPSIiPg0KJmd0OzxiciBjbGFzcz0iIj4NCiZndDsgU3BlbmNl cjxiciBjbGFzcz0iIj4NCiZndDs8YnIgY2xhc3M9IiI+DQomZ3Q7ICZndDs8YnIgY2xhc3M9IiI+ DQomZ3Q7ICZndDsgKEpvZSdzIGZvbGxvdy11cCBpcyBhdDxiciBjbGFzcz0iIj4NCiZndDsgJmd0 OzxzcGFuIGNsYXNzPSJBcHBsZS1jb252ZXJ0ZWQtc3BhY2UiPiZuYnNwOzwvc3Bhbj48YSBocmVm PSJodHRwczovL21haWxhcmNoaXZlLmlldGYub3JnL2FyY2gvbXNnL3Rzdi1hcnQvQ3NkV3dSOUI1 X0FCNjREMGVGbC1LSUU3X05BIiByZWw9Im5vcmVmZXJyZXIiIHRhcmdldD0iX2JsYW5rIiBjbGFz cz0iIj5odHRwczovL21haWxhcmNoaXZlLmlldGYub3JnLzx3YnIgY2xhc3M9IiI+YXJjaC9tc2cv dHN2LWFydC9Dc2RXd1I5QjVfPHdiciBjbGFzcz0iIj5BQjY0RDBlRmwtS0lFN19OQTwvYT4pPGJy IGNsYXNzPSIiPg0KJmd0OyAmZ3Q7PGJyIGNsYXNzPSIiPg0KJmd0OyAmZ3Q7PGJyIGNsYXNzPSIi Pg0KJmd0OzxiciBjbGFzcz0iIj4NCiZndDs8YnIgY2xhc3M9IiI+DQomZ3Q7IFRoYW5rcyBhZ2Fp biE8YnIgY2xhc3M9IiI+DQomZ3Q7PGJyIGNsYXNzPSIiPg0KJmd0OyDigJQgQ2FybG9zLjwvZGl2 Pg0KPC9ibG9ja3F1b3RlPg0KPC9kaXY+DQo8L2Rpdj4NCjwvZGl2Pg0KPC9kaXY+DQo8L2Rpdj4N CjwvYmxvY2txdW90ZT4NCjwvZGl2Pg0KPGJyIGNsYXNzPSIiPg0KPC9kaXY+DQo8L2JvZHk+DQo8 L2h0bWw+DQo= --_000_00327B3B465B4BD1A392AD5E102F9044ciscocom_-- From nobody Wed Sep 27 08:10:41 2017 Return-Path: X-Original-To: sfc@ietfa.amsl.com Delivered-To: sfc@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 20076134D65; Wed, 27 Sep 2017 08:10:40 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.699 X-Spam-Level: X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id shqtlfHiO4oy; Wed, 27 Sep 2017 08:10:36 -0700 (PDT) Received: from mail-wm0-x232.google.com (mail-wm0-x232.google.com [IPv6:2a00:1450:400c:c09::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DFAC4134CFE; Wed, 27 Sep 2017 08:07:26 -0700 (PDT) Received: by mail-wm0-x232.google.com with SMTP id r136so19507182wmf.2; Wed, 27 Sep 2017 08:07:26 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=fQZE4d5Mtljr90x9B90ngSSjeEdPqEd7QPtFYUt4QNU=; b=EGPwr4Mo99tpWtt9HYESR721GUbq/FJh2iss3qCybeDwAM67yQZ+W0ZTIGZcb8/ry0 c4iXFLI1CwAVpwxB7nVQp7Xcnv0aUKeXq9IQY6Rca1OURLD7ngZgXzkzs4vH2SaNK1uz hCd4AgRPXDKcGM8Mqfz2ko+f3a8zYB2iqIS5vlrks89KxW0eoCNkx1sn19IV1W3QL2V0 i4cmRVJnLiKk8fz4a0qn0Nzgnkc6uZXMaBnjv8QVpS61lFXZlCMsNURfnpxsB0aZ3Gxd E3Q5Ad2TqI0Ye+Uu+0jRfqzMfLFHtwer4WTNN3nv8bp8yUZ9fFkhyXd9qznuPFDE4si+ EwoQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=fQZE4d5Mtljr90x9B90ngSSjeEdPqEd7QPtFYUt4QNU=; b=llrua1FNtqtPd8R4v1I1tqK8JdJPD1tIxry3qyqvt/CdjmKftVoRRvgW9thgtOUMod EwfH1WLYhzXvLfPVlxwje3MoDrwyBBmuhr6/mONo+S19p7DRz6bVikw/Gdr/HeZANJI+ cTo9G1vlEuigQpFtD/3QBMFPzPS1yWzlZtNFbGedmepysfqgqGZ+U6beeFxwwb1EOBOQ BOfevKHNMVReJrJwlZzuoWEqcPDZaMO/yZk6owsPKlZ/EsZs8UyDk0mX9eZznjdb5iN7 0sS0T+EhsMdfq52mzFhNWJzKS8uUFO/iXtZ/eUbOZD5jlFEps4lKw2rALhS6l/VC5q0n vlrw== X-Gm-Message-State: AHPjjUhXQIHpYLGJzCy5NCKKLDgrDcVG3lLIHvMBLEjlvNPWZceqRK+P Wg2y7/qKwSEvKenKFqvvIOZ+yjIMBJYb4pbxwVkOJQ== X-Google-Smtp-Source: AOwi7QBXaJqfDYtNs2B1s2bjFQKECGoT5KxF+TwfQ9jadEFyTNRV3FneY44aucju2fuOweoFNrwvR4j+rkS5CiX9Qzw= X-Received: by 10.28.54.101 with SMTP id d98mr546770wma.90.1506524845180; Wed, 27 Sep 2017 08:07:25 -0700 (PDT) MIME-Version: 1.0 Received: by 10.223.136.153 with HTTP; Wed, 27 Sep 2017 08:07:24 -0700 (PDT) In-Reply-To: <314D7BB3-23A0-4E4E-9557-B323736BA851@cisco.com> References: <150645342771.20838.9063204620273064987.idtracker@ietfa.amsl.com> <314D7BB3-23A0-4E4E-9557-B323736BA851@cisco.com> From: Alia Atlas Date: Wed, 27 Sep 2017 11:07:24 -0400 Message-ID: To: "Carlos Pignataro (cpignata)" Cc: "Alvaro Retana (aretana)" , "draft-ietf-sfc-nsh@ietf.org" , "Joel M. Halpern" , "sfc-chairs@ietf.org" , The IESG , "sfc@ietf.org" Content-Type: multipart/alternative; boundary="001a11436bb23e261e055a2d26c5" Archived-At: Subject: Re: [sfc] Alvaro Retana's No Objection on draft-ietf-sfc-nsh-24: (with COMMENT) X-BeenThere: sfc@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Network Service Chaining List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Sep 2017 15:10:40 -0000 --001a11436bb23e261e055a2d26c5 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Wed, Sep 27, 2017 at 12:14 AM, Carlos Pignataro (cpignata) < cpignata@cisco.com> wrote: > Thank you for the comments, Alvaro! > > Please see inline. > > > On Sep 26, 2017, at 3:17 PM, Alvaro Retana (aretana) > wrote: > > > > Alvaro Retana has entered the following ballot position for > > draft-ietf-sfc-nsh-24: No Objection > > > > When responding, please keep the subject line intact and reply to all > > email addresses included in the To and CC lines. (Feel free to cut this > > introductory paragraph, however.) > > > > > > Please refer to https://www.ietf.org/iesg/statement/discuss-criteria. > html > > for more information about IESG DISCUSS and COMMENT positions. > > > > > > The document, along with other ballot positions, can be found here: > > https://datatracker.ietf.org/doc/draft-ietf-sfc-nsh/ > > > > > > > > ---------------------------------------------------------------------- > > COMMENT: > > ---------------------------------------------------------------------- > > > > (1) While describing the MD Type field, Section 2.2. (NSH Base Header) > talks > > about the specific scenario in which "a device will support MD Type 0x1 > (as per > > the MUST) metadata, yet be deployed in a network with MD Type 0x2 > metadata > > packets", and it specifies that "the MD Type 0x1 node, MUST utilize the > base > > header length field to determine the original payload offset if it > requires > > access to the original packet/frame." This is the case where the node = in > > question *does not* support MD Type 0x2, right? If so, then the > specification > > above seems to go against (in the last sentence of the same paragraph): > > "Packets with MD Type values not supported by an implementation MUST be > > silently dropped." IOW, if the node doesn't support 0x2, why wouldn't > it just > > drop the packet? > > Joel already answered this point. > > > > > (2) Section 2.5.1. (Optional Variable Length Metadata) says that this > document > > "does not make any assumption about Context Headers that are > > mandatory-to-implement or those that are mandatory-to-process. These > > considerations are deployment-specific." But the next couple of > paragraphs > > specify explicit actions for them (mandatory-to-process): > > > > Upon receipt of a packet that belongs to a given SFP, if a mandatory- > > to-process context header is missing in that packet, the SFC-aware SF > > MUST NOT process the packet and MUST log an error at least once per > > the SPI for which the mandatory metadata is missing. > > > > If multiple mandatory-to-process context headers are required for a > > given SFP, the control plane MAY instruct the SFC-aware SF with the > > order to consume these Context Headers. If no instructions are > > provided and the SFC-aware SF will make use of or modify the specific > > context header, then the SFC-aware SF MUST process these Context > > Headers in the order they appear in an NSH packet. > > > > Maybe I'm confused about considerations being deployment specific vs > specifying > > what to do here. Can you please clarify? > > Joel also clarified this in his response =E2=80=94 if you have improvemen= ts to the > text for clarity let us know. > > The idea is that this document does not specify what is mandatory to > implement, only the treatment when that is the case. > > > > > (3) "SFFs MUST use the Service Path Header for selecting the next SF or > SFF in > > the service path." Section 6 explains most of what has to be done -- > what I > > think is still not clear in this document is where the information in > Tables > > 1-4 comes from. There may be different ways for an SFF to learn that, > and I > > would imagine that it is out-of-scope of this document. Please say so > -- maybe > > there's a relevant reference to rfc7665 (?). > > The way in which an SFF learns info from that table is out of scope, in > cases implementation specific and does not affect interoperability. But > the definitions in section 2 say cases where information is expected from > the control plane and outside the scope of the NSH specification. > > We are happy to clarify if there is something that is causing confusion = =E2=80=94 > maybe you could suggest text to =E2=80=9Csay so=E2=80=9D? > > > > > (4) Section 11.1. (NSH EtherType) seems out of place in this document > because > > (1) the document doesn't discuss the transport itself, and (2) it is in > the > > IANA section=E2=80=A6 > > You have a good point =E2=80=94 Joel asked =E2=80=9C Do you think we shou= ld remove it?=E2=80=9D > > I think we should keep it in, because it is important information for an > implementor to have, regardless of those two points. > > But perhaps it should be moved out of that section and into a separate > non-normative section? Do you have recommendations there? > > Alia was tracking the NSH EtherType value. Alia, thoughts? For implementations, it needs to stay in the document. If having it in the IANA section is confusing, having a separate section is fine. There may still be some details to clear up with IEEE, since the original owner of the EtherType is Cisco. Regards, Alia > > > (5) What is the "IETF Base NSH MD Class" (Section 11.2.4)? Ahh, I see > that > > Section 11.2.6 talks about "the type values owned by the IETF"; it woul= d > be > > good to say that MD Class 0x0000 is being assigned to the IETF (in > 11.2.4). > > > > Great point. I will add cross-references in both 11.2.4 and 11.2.6 > pointing to each other. > > Also, moving 11.2.6 to be immediately after 11.2.4 will help as well. > > Both done in our working copy. > > > Nits: > > > > In section 2.2. (NSH Base Header), it would be nice to have a forward > reference > > when the Service Index is first mentioned. > > > > Sorry I did not follow. Section 2.1 shows the Base Header (Section 2.2) > and the Service Path Header (Section 2.3). > > Where would you like a forward pointer to the SI? > > > It may be nice to explicitly state in the description of the MD Type > field > > (Section 2.2) that for length =3D 0x2 and MD Type =3D 0x2, there are in= fact > no > > optional context headers. (I know there's some text about this later in > section > > 2.5.) > > OK. Added, > > > > > "...all domain edges MUST filter based on the carried protocol in the > > VxLAN-gpe". That "MUST" is out of place because the text is an example= . > > > > Great point. Fixed. > > Thanks, > > =E2=80=94 Carlos. > > > > > --001a11436bb23e261e055a2d26c5 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable


On Wed, Sep 27, 2017 at 12:14 AM, Carlos Pignataro (cpignata) <cpigna= ta@cisco.com> wrote:
Thank = you for the comments, Alvaro!

Please see inline.

> On Sep 26, 2017, at 3:17 PM, Alvaro Retana (aretana) <aretana@cisco.com> wrote:
>
> Alvaro Retana has entered the following ballot position for
> draft-ietf-sfc-nsh-24: No Objection
>
> When responding, please keep the subject line intact and reply to all<= br> > email addresses included in the To and CC lines. (Feel free to cut thi= s
> introductory paragraph, however.)
>
>
> Please refer to https://www.ietf.org/i= esg/statement/discuss-criteria.html
> for more information about IESG DISCUSS and COMMENT positions.
>
>
> The document, along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/dra= ft-ietf-sfc-nsh/
>
>
>
> ------------------------------------------------------------= ----------
> COMMENT:
> ------------------------------------------------------------= ----------
>
> (1) While describing the MD Type field, Section 2.2. (NSH Base Header)= talks
> about the specific scenario in which "a device will support MD Ty= pe 0x1 (as per
> the MUST) metadata, yet be deployed in a network with MD Type 0x2 meta= data
> packets", and it specifies that "the MD Type 0x1 node, MUST = utilize the base
> header length field to determine the original payload offset if it req= uires
> access to the original packet/frame."=C2=A0 This is the case wher= e the node in
> question *does not* support MD Type 0x2, right?=C2=A0 If so, then the = specification
> above seems to go against (in the last sentence of the same paragraph)= :
> "Packets with MD Type values not supported by an implementation M= UST be
> silently dropped."=C2=A0 IOW, if the node doesn't support 0x2= , why wouldn't it just
> drop the packet?

Joel already answered this point.

>
> (2) Section 2.5.1. (Optional Variable Length Metadata) says that this = document
> "does not make any assumption about Context Headers that are
> mandatory-to-implement or those that are mandatory-to-process.=C2=A0 T= hese
> considerations are deployment-specific."=C2=A0 But the next coupl= e of paragraphs
> specify explicit actions for them (mandatory-to-process):
>
>=C2=A0 =C2=A0Upon receipt of a packet that belongs to a given SFP, if a= mandatory-
>=C2=A0 =C2=A0to-process context header is missing in that packet, the S= FC-aware SF
>=C2=A0 =C2=A0MUST NOT process the packet and MUST log an error at least= once per
>=C2=A0 =C2=A0the SPI for which the mandatory metadata is missing.
>
>=C2=A0 =C2=A0If multiple mandatory-to-process context headers are requi= red for a
>=C2=A0 =C2=A0given SFP, the control plane MAY instruct the SFC-aware SF= with the
>=C2=A0 =C2=A0order to consume these Context Headers.=C2=A0 If no instru= ctions are
>=C2=A0 =C2=A0provided and the SFC-aware SF will make use of or modify t= he specific
>=C2=A0 =C2=A0context header, then the SFC-aware SF MUST process these C= ontext
>=C2=A0 =C2=A0Headers in the order they appear in an NSH packet.
>
> Maybe I'm confused about considerations being deployment specific = vs specifying
> what to do here.=C2=A0 Can you please clarify?

Joel also clarified this in his response =E2=80=94 if you have impro= vements to the text for clarity let us know.

The idea is that this document does not specify what is mandatory to implem= ent, only the treatment when that is the case.

>
> (3) "SFFs MUST use the Service Path Header for selecting the next= SF or SFF in
> the service path."=C2=A0 Section 6 explains most of what has to b= e done -- what I
> think is still not clear in this document is where the information in = Tables
> 1-4 comes from.=C2=A0 There may be different ways for an SFF to learn = that, and I
> would imagine that it is out-of-scope of this document.=C2=A0 Please s= ay so -- maybe
> there's a relevant reference to rfc7665 (?).

The way in which an SFF learns info from that table is out of scope,= in cases implementation specific and does not affect interoperability.=C2= =A0 But the definitions in section 2 say cases where information is expecte= d from the control plane and outside the scope of the NSH specification.
We are happy to clarify if there is something that is causing confusion =E2= =80=94 maybe you could suggest text to =E2=80=9Csay so=E2=80=9D?

>
> (4) Section 11.1. (NSH EtherType) seems out of place in this document = because
> (1) the document doesn't discuss the transport itself, and (2) it = is in the
> IANA section=E2=80=A6

You have a good point =E2=80=94 Joel asked =E2=80=9C Do you think we should= remove it?=E2=80=9D

I think we should keep it in, because it is important information for an im= plementor to have, regardless of those two points.

But perhaps it should be moved out of that section and into a separate non-= normative section? Do you have recommendations there?

Alia was tracking the NSH EtherType value. Alia, thoughts?

For implementations, it needs to stay in the document.=C2= =A0=C2=A0
If having it in the IANA section is confusing, having a= separate section is fine.
There may still be some details to cle= ar up with IEEE, since the original owner of the EtherType is Cisco.

Regards,
Alia=C2=A0

>
> (5) What is the "IETF Base NSH MD Class" (Section 11.2.4)?= =C2=A0 Ahh, I see that
> Section 11.2.6 talks about "the type values owned by the IETF&quo= t;; it would be
> good to say that MD Class 0x0000 is being assigned to the IETF (in 11.= 2.4).
>

Great point. I will add cross-references in both 11.2.4 and 11.2.6 p= ointing to each other.

Also, moving 11.2.6 to be immediately after 11.2.4 will help as well.

Both done in our working copy.

> Nits:
>
> In section 2.2. (NSH Base Header), it would be nice to have a forward = reference
> when the Service Index is first mentioned.
>

Sorry I did not follow. Section 2.1 shows the Base Header (Section 2= .2) and the Service Path Header (Section 2.3).

Where would you like a forward pointer to the SI?

> It may be nice to explicitly state in the description of the MD Type f= ield
> (Section 2.2) that for length =3D 0x2 and MD Type =3D 0x2, there are i= n fact no
> optional context headers. (I know there's some text about this lat= er in section
> 2.5.)

OK. Added,

>
> "...all domain edges MUST filter based on the carried protocol in= the
> VxLAN-gpe".=C2=A0 That "MUST" is out of place because t= he text is an example.
>

Great point. Fixed.

Thanks,

=E2=80=94 Carlos.

>


--001a11436bb23e261e055a2d26c5-- From nobody Wed Sep 27 09:47:53 2017 Return-Path: X-Original-To: sfc@ietfa.amsl.com Delivered-To: sfc@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D9E8E134E30; Wed, 27 Sep 2017 09:47:45 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2 X-Spam-Level: X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id e5GsFmGA-1rt; Wed, 27 Sep 2017 09:47:43 -0700 (PDT) Received: from mail-pg0-x230.google.com (mail-pg0-x230.google.com [IPv6:2607:f8b0:400e:c05::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E4794134E34; Wed, 27 Sep 2017 09:47:42 -0700 (PDT) Received: by mail-pg0-x230.google.com with SMTP id b11so8074653pgn.12; Wed, 27 Sep 2017 09:47:42 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=2E5V4PHJ6RK3Iwzy0n3oIvsePfq+GhB6LwEfKPeG09M=; b=MqTsbfPvVKG3hjbml9ZjYSDh18eWtsvzMH9Q934ZVhlBpZh2c5OhZwJG2BC+1AD27F gvvHsH2dE83rOsiNc73ZbPhXcnIP0699yGqsbPNU/r+Rbu7t+mBprzqf7z+StVxEa9eM TQQSQh+p8ng07PeSjl1ij49KA5VDyS8iRCxAprs1Mee7EjaubUrhUf3FJiPI2QvSZBQ+ +JAnYcC9OHtfaNn1f7KkckIFxFnoo6SYBJ1Br3ohMpxvU2IGxWR3drc8TC88fZwGpD4T vonhsmLT9FJ6dbY/g8lottv66A2RfgJuJaG1f8ChvqdvRL+7V+k1qc5uWGTKD3l9AUDg TzEg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=2E5V4PHJ6RK3Iwzy0n3oIvsePfq+GhB6LwEfKPeG09M=; b=V3b3ysmnX1Fwri13LKXehuPQFAaZ/4krzSFcDr1eCEmjL5djSv6M0oBRL4XMwZS2tN 7auzkqlxwOxci542vw81YEcCV+zL5DTL1VA/YnH8TuPmWhWwT8vfiHAug/+42US7m53e og7FAolr/OZvtfcPYWqcHVoQj8VGJR5a6QT4Vu+Ojqsq+a0ovjRGYNcQvmZboAD+EGy6 ToXXQuMkvfoV2wst1txRP4pS3rUZiRQLIr1CWwVMqmDLGveHfao/u2q08PTd385ooYgT 2NcVYQEFIr98FpQkjaGu7Y+zfFpAFTny2JMrd+PvLauW+IIMJs1ADpIPDNWME+nVAIcq /orQ== X-Gm-Message-State: AHPjjUg9QQ0yVfGgPYC55PovECeWIUOrdFGz3LemjYCfpNzyKb9HqOZc HpsSMjPohB74B6WlTqIynmST3Jpn0dieli7Kbpk= X-Google-Smtp-Source: AOwi7QAoGicyqEA94qvTEyB8AMEiReKpfqsLB/USso/p1/IdGqlDBTWXOEsVHNzGv558cgDkAZmTkHwwVTpgMxzCUUo= X-Received: by 10.99.117.30 with SMTP id q30mr1806033pgc.75.1506530862336; Wed, 27 Sep 2017 09:47:42 -0700 (PDT) MIME-Version: 1.0 Received: by 10.100.134.8 with HTTP; Wed, 27 Sep 2017 09:47:01 -0700 (PDT) In-Reply-To: References: <150645867503.20862.14046225395932721314.idtracker@ietfa.amsl.com> From: Kathleen Moriarty Date: Wed, 27 Sep 2017 12:47:01 -0400 Message-ID: To: "Carlos Pignataro (cpignata)" Cc: The IESG , "draft-ietf-sfc-nsh@ietf.org" , "Joel M. Halpern" , "sfc-chairs@ietf.org" , "sfc@ietf.org" Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Archived-At: Subject: Re: [sfc] Kathleen Moriarty's Discuss on draft-ietf-sfc-nsh-24: (with DISCUSS and COMMENT) X-BeenThere: sfc@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Network Service Chaining List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Sep 2017 16:47:46 -0000 Hi Carlos, Thanks for the quick response, inline. On Wed, Sep 27, 2017 at 12:48 AM, Carlos Pignataro (cpignata) wrote: > Thank you Kathleen for reviewing this document and the input below! > > Please see inline. > > >> On Sep 26, 2017, at 4:44 PM, Kathleen Moriarty wrote: >> >> Kathleen Moriarty has entered the following ballot position for >> draft-ietf-sfc-nsh-24: Discuss >> >> When responding, please keep the subject line intact and reply to all >> email addresses included in the To and CC lines. (Feel free to cut this >> introductory paragraph, however.) >> >> >> Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.htm= l >> for more information about IESG DISCUSS and COMMENT positions. >> >> >> The document, along with other ballot positions, can be found here: >> https://datatracker.ietf.org/doc/draft-ietf-sfc-nsh/ >> >> >> >> ---------------------------------------------------------------------- >> DISCUSS: >> ---------------------------------------------------------------------- >> >> First, I'd like to thank the authors and WG for your efforts in recent >> revisions of this draft, it has come a long way. > > Thank you for early feedback, which helped us improve the spec! > >> I still want to poke at the >> lack of a requirement for either integrity protection on the NSH itself = or for >> MUSTs on protections from the transport encapsulation. Attacks inside o= f a >> data center or single operator domains happen all too often. The number= from >> 2016 is up 164% as of a statistic I saw earlier today. > > Search engines find all sort of interesting and uninteresting statistics = searching for =E2=80=9C2016 is up 164%=E2=80=9D. Try it :-) > > If you are referring to the Gemalto [1] [2] study, those are _not_ =E2=80= =9CAttacks inside of a data center or single operator domains=E2=80=9D. Tho= se are number of data records lost or stolen. You implied the number of att= acks inside a data center increased by that number, which may or may not be= the case, but there does not seem to be a study about it. Another source quoted it incorrectly, but 918 is a really high number of data breaches compromising 1.9 billion records. 918 data centers being compromised 9 months into the year is something to consider when you are putting out technology that establishes alternate paths through a data center that might not follow the logical path - easier to avoid mitigation points if the data center is relying on those inline. https://www.gemalto.com/press/Pages/First-Half-2017-Breach-Level-Index-Repo= rt-Identity-Theft-and-Poor-Internal-Security-Practices-Take-a-Toll.aspx > > Please note that I am not minimizing the issue, nor looking the other way= or burying the head in the sand... But throwing a number like 164% without= its semantic and context does not convey actionable information. > > [1] http://breachlevelindex.com/assets/Breach-Level-Index-Report-H1-2017-= Gemalto.pdf > [2] http://www.digitaltransactions.net/news/story/7421 Sorry, I see these types of reports often and it's just a reminder that this is important, the numbers are no declining and this technology could have an impact on how traffic is routed or mis-routed through a data center and could be used during an attack. > > Anyway... > >> We can't srug this off >> anymore. >> > > Agreed. We are not shrugging it off. See below. > >> Security Considerations section: >> First two sentences say: >> NSH is designed for use within operator environments. As such, it >> does not include any mandatory security mechanisms. >> >> I think you intended the first sentence to say, "within a single operato= r >> environment" as what you have now could be multiple networks managed sep= arately >> with that statement. > > Yes! Thank you for catching this. We also caught it in a re-review. > >> Then for the second sentence, I know you don't have an >> integrity mechanism mandated, but I really think one should be. Couldn'= t the >> path be altered and not detectable if there is no integrity checking? > > The path can be altered in the transport encapsulation easier. It's not an excuse to not do this correctly. We should be working to minimize the attack surface given the current state of compromises. > > But the main point is that there are ways to provide integrity checking w= ithin the transport encapsulation, with proven existing mechanisms. And we = advocate their use. I don't see that strongly enough, hence wanting to discuss this more. > >> This >> could be used to avoid security protections or to route it inappropriate= ly >> through a multi-tenant environment. Sure, the underlying protocol shoul= d >> provide session encryption on application traffic, but there's no reason= why >> security shouldn't have been baked into this protocol as a requirement. > > Do you mean the =E2=80=9Coverlying=E2=80=9D protocol should provide sessi= on encryption on application traffic? > > The underlying protocol is already covered in Section 8.1. No, I'm worried about the NSH content specifically as that is what this draft is about. > >> >>> From the architecture document, the security considerations section cal= ls >> attention to possible issues related to lack of integrity checking. Sin= ce no >> encapsulating transport is specified with required session encryption, a= nd the >> NSH addition doesn't have integrity protection, how will you meet this >> architecture requirement from RFC7665: >> >> Service Overlay: Underneath the service function forwarders, the >> components that are responsible for performing the transport >> forwarding consult the outer-transport encapsulation for >> underlay forwarding. Used transport mechanisms should satisfy >> the security requirements of the specific SFC deployment. These >> requirements typically include varying degrees of traffic >> separation, protection against different attacks (e.g., >> spoofing, man-in-the-middle, brute-force, or insertion attacks), >> and can also include authenticity and integrity checking, and/or >> confidentiality provisions, for both the network overlay >> transport and traffic it encapsulates. >> > > I may be missing something, but what I read from RFC 7665 says: > > "Used transport mechanisms should satisfy > the security requirements of the specific SFC deployment." But you only have SHOULD statements to address these concerns and not MUST statements for the encapsulating transport. > >> It seems from this text, something should be specified for the transport >> encapsulation. > > I agree and disagree, in a way. > > Yes, something ought to be specified, for the transport encapsulation spe= cifications, not for the NSH spec. Then you need to point to it in another draft from NSH or we have a gap that allows for problems to surface. > > Or rephrasing, the document is specifying the NSH data plane layer, not b= eyond. And in this context is specifying security elements in the transport= encapsulation in a generic fashion, and for the Metadata itself. Then where is it specified and how is it linked to this draft to form adequate requirements? > >> >>> From the text in the draft under review: >> As with many >> other protocols, without enhancements, the NSH encapsulation could can= be >> spoofed >> or otherwise modified and is subject to snooping and modification in t= ransit. >> >> However, the deployment scope (as defined in [RFC7665]) of the NSH >> encapsulation is limited to a single network administrative domain as >> a controlled environment, with trusted devices (e.g., a data center) >> hence mitigating the risk of unauthorized manipulation of the >> encapsulation headers or metadata. >> >> This is in direct conflict with the Service Overlay requirements in the >> Security Considerations of RFC7665. > > I do not think it is, as shown above. Could you please be more specific? The text from the draft under review states that you can rely on the single domain operator environment as a security measure and that's really not adequate to address the problems stated in the first paragraph of the quoted text - spoofed and active interception attacks - these happen during attacks within the data center. Since it is one way to alter the flow of traffic, I think there really should be integrity protection built into NSH. > > Please note that we meaningfully and dramatically =E2=80=9Cbeefed up=E2= =80=9D all this text from when you reviewed -18. Yes, and while I appreciate the improvements, there is more work to be done for today's treat landscape. We're not talking about a legacy protocol here with no options, something can be done. > >> >> Section 8.1 >> I'd like to see some MUSTs to address the concerns listed in RFC7665 for >> encapsulation requirements or an addition of integrity protection on NSH= itself. >> > > See above. > > We cannot add a MUST for something we are not specifying. And at the NSH = itself, we are being very explicit about the threats and motivations, Secti= on 8.3. I'd prefer integrity protection to be added directly into NSH anyway. > >> >> ---------------------------------------------------------------------- >> COMMENT: >> ---------------------------------------------------------------------- >> >> This introductory text is much improved from a previous version and my >> comments, thanks for the update. This helps quite a bit. > > Great to hear! > >> >> The Network Service Header (NSH) specification defines a new protocol >> and associated encapsulation for the creation of dynamic service >> chains, operating at the service plane. The NSH is designed to >> encapsulate an original packet or frame, and in turn be encapsulated >> by an outer transport encapsulation (which is used to deliver the NSH >> to NSH-aware network elements), as shown in Figure 1: >> > > I just remember that you had suggested adding a pointer to Figure 3 from = RFC 7665 as well. Will add that to the Intro. Thanks! > >> Section 8.1: >> I don't think you need the text on BCP38. It's a helpful recommendation= in >> general, but I don't see how it's directly applicable to this specificat= ion. > > It seems relevant in the context of filtering traffic that goes into the = service function path. But if you insist, we can comment it out in the sour= ce. Take it or leave it, it doesn't matter much. Thank you, Kathleen > >> >> Thank you for adding the text on Boundary protections per the SecDir rev= iew, I >> think this is very helpful. >> >> > > Of course! Thank you again, Kathleen. > > =E2=80=94 Carlos. > > --=20 Best regards, Kathleen From nobody Wed Sep 27 10:02:53 2017 Return-Path: X-Original-To: sfc@ietf.org Delivered-To: sfc@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id C2015134E52; Wed, 27 Sep 2017 10:02:45 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 8bit From: =?utf-8?q?Mirja_K=C3=BChlewind?= To: "The IESG" Cc: draft-ietf-sfc-nsh@ietf.org, "Joel M. Halpern" , sfc-chairs@ietf.org, jmh@joelhalpern.com, sfc@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 6.62.1 Auto-Submitted: auto-generated Precedence: bulk Message-ID: <150653176579.25051.17983729650964908105.idtracker@ietfa.amsl.com> Date: Wed, 27 Sep 2017 10:02:45 -0700 Archived-At: Subject: [sfc] =?utf-8?q?Mirja_K=C3=BChlewind=27s_Discuss_on_draft-ietf-sf?= =?utf-8?q?c-nsh-24=3A_=28with_DISCUSS_and_COMMENT=29?= X-BeenThere: sfc@ietf.org X-Mailman-Version: 2.1.22 List-Id: Network Service Chaining List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Sep 2017 17:02:46 -0000 Mirja Kühlewind has entered the following ballot position for draft-ietf-sfc-nsh-24: Discuss When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-sfc-nsh/ ---------------------------------------------------------------------- DISCUSS: ---------------------------------------------------------------------- I have a couple of comments on the design. I know, as always in IESG review state, it's probably too late to make any changes to the actual header format, therefore most of my comments are actually in the comment section below. I still decided to note them so at least people can consider these points. However, there are a few things that I need clarification for before publication, which I note in this section: 1) Sec 2.2 "SF/SFF/SFC Proxy/Classifier implementations that do not support SFC OAM procedures SHOULD discard packets with O bit set, but MAY support a configurable parameter to enable forwarding received SFC OAM packets unmodified to the next element in the chain. Forwarding OAM packets unmodified by SFC elements that do not support SFC OAM procedures may be acceptable for a subset of OAM functions, but can result in unexpected outcomes for others; thus, it is recommended to analyze the impact of forwarding an OAM packet for all OAM functions prior to enabling this behavior. The configurable parameter MUST be disabled by default." This part is really unclear to me and I believe needs to be further specified. Where should this configurable parameter be? In the Context header? Why don't you just use one of the unassigned bit to indicate if an unknown (OAM) packet should be forwarded or not? Moreover, I also disagree with this text. If there is a bit/a way to indicate if a not supported OAM packet should be forwarded or not, it should just be defined like this, while any considerations if that bit should be set or not depend on the OAM function itself and do not need to be discussed here. Finally, it is not well explained what an OAM packet is at all. Is that a 'fake' packet that is generated by the operator to actively test the (potentially newly configured) SFP? If so, why does a SF need to know if a packet is an OAM packet or not? Usually it's a bad idea to use different kind of traffic for testing compared to what will be used in operations. Please provide more explanation here! 2) section 2.4 "An SFC-aware SF MUST receive the data semantics first in order to process the data placed in the mandatory context field. The data semantics include both the allocation schema and the meaning of the included data. How an SFC-aware SF gets the data semantics is outside the scope of this specification." This is really confusing to me. I think this is what you need an actually data semantics aka type field for in the base header. Or is there an actual reason to not put this information directly in the base header where it is need but instead assuming some magical way this information may take to reach the node? If the assumption is that the SF is configured to know based of the SFI what the content of the context header has to be, you a) need to say that in the draft, and b) that's really error-prone because it's really hard to tell if the conext header actually holds the information that you need or just random crap (of course depending of the expected data type of this information). In short, I think you really need a type field somewhere here. In any case, you really need to explain this more! Also, the text further says: "An SF or SFC Proxy that does not know the format or semantics of the Context Header for an NSH with MD Type 1 MUST discard any packet with such an NSH..." How does the SFC proxy know that it knows the format or not if there is no type field or identifier that indicates what the format should be? Also, a related question from me: why is the context header present in all types of NSH if there is no use for it defined in this document yet? Why is there no fixed length NSH without a context header then? 3) Section 2.5.1: "If multiple instances of the same metadata are included in an NSH packet, but the definition of that context header does not allow for it, the SFC-aware SF MUST process the first instance and ignore subsequent instances." This seems error prone to me. If the same metadata appears multiple where it should not, that seems clearly like an error case for me. Just using the first one and proceed normally might not be the right thing to do. In any case I think such an occasion should at least be logged. If the multiple instances are just a copy of each other and carry the same information, it's probably okay to use that information and proceed. If the different instances carry different information, it maybe a bit dangerous to just use the first one and ignore others silently. In this case I would rather recommend to drop the packet... 4) In line with the second comment from the tsv-art review (thanks Wes!), I don't really understand why this documents says (sec 6) that there can be multiple next hops for the same SFP or SFs can be traversed in a different order. May understanding (from a quick look at RFC7665) would be that, if those things are needed e.g. for load balancing, then one should define different SFPs and the Classifier must have the knowledge that two SFP are equivalent and select them respectively. The reason why I'm really concerned about this is that usually a number of packets below to a flow and all packets belonging to the same flow just ideally take the same route. But usually only the Classifier has a notion of what a flow is and respectively will assign the SFI to the packets belonging to the same flow. If now any SF on the path can more or less randomly decided to forward packet belong to the same flow to one or another next nodes, I would assume that this is not only a problem for the flow, e.g. reordering, but also for SF itself in many cases. ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- Further considerations: 1) I don't really see why a TTL in the base header is needed. I mostly understand why there is the Service Index in service header, also I think there should be better mean to validate that you SFP is correct and I ideally you should really not need this. However, loop prevention can be provided by both mechanism and moreover there is probably also often a TTL in the encapsulation protocol and loop prevention should really be a function of that forwarding protocol and not the NSH. 2) I don't see why you need the type field in the base header. This is fully redundant because because all you need is the length field. If the length is 0x2 it is what you have defined as type 1 if the length field is larger it is type 2. I also don't see the need for any other types in future because you also have the version field; if you need anything else you should go or probably have to go for a new version. Note that the general probably with unnecessary redundancy is that is add complexity. If you keep this redundancy you have to separately handle and implement the case(s) where the type is 1 but the length is larger than expected. If at all you could probably just use one bit to indicate that the length field is present and if not the length is 0x2. However, saving bits does not really seem to be a concern for you, so that might not actually be an advantage. 3) sec 2.5.1 "Unassigned bit: One unassigned bit is available for future use. This bit MUST NOT be set, and MUST be ignored on receipt." Is there an actual reason to have an unassigned bit here? Because I would assume that the type already provided enough flexibility for way to extend the metadata format in any way needed. 4) Also section 2.5.1: " Length: Indicates the length of the variable metadata, in bytes. In case the metadata length is not an integer number of 4-byte words, the sender MUST add pad bytes immediately following the last metadata byte to extend the metadata to an integer number of 4-byte words. The receiver MUST round up the length field to the nearest 4-byte word boundary, to locate and process the next field in the packet." Your definition of the length field might be more error-prone than needed. It would probably be easier to simply define the length as 4-byte words, and the type of course defines the content of the metadata field and as such can simply define which part of the total metadata field holds certain data of a certain type and with part is padding. 5) And finally I have to say it is unclear to me why the SFI and SI field are described as a separate header. Given they have to be present in all SFH, I would consider them as two fields of the base header. But it is after all really just an editorial issue. However, all this together with my previous comments makes the protocol spec actually much more complicated than it needs to be... 6) I also have to agree to the last comment of the tsv-art review: I think it would have been nicer to not only described the NSH but also define mappings to a set of possible encapsulations because I would assume that for each encapsulation there are a couple specific considerations that need to be made to make things work successfully. I don't think that all encapsulations can be captured by general consideration and I cannot make up my mind to go through all cases in my head to figure out if there are things that needs to be noted. From nobody Wed Sep 27 10:48:47 2017 Return-Path: X-Original-To: sfc@ietfa.amsl.com Delivered-To: sfc@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B3A02134EC5; Wed, 27 Sep 2017 10:48:46 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -14.521 X-Spam-Level: X-Spam-Status: No, score=-14.521 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VhKbw5g-M3Ne; Wed, 27 Sep 2017 10:48:44 -0700 (PDT) Received: from rcdn-iport-6.cisco.com (rcdn-iport-6.cisco.com [173.37.86.77]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4749A1349C4; Wed, 27 Sep 2017 10:48:44 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=19838; q=dns/txt; s=iport; t=1506534524; x=1507744124; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=VxeSAaVmP64kjlGmeZ5PpbTY5YvmIzkppFMsb/tG1T8=; b=UbYGs6OtwUABT6BJcm7riJm2hAxJF2LTB3ux2rsho7pb6QM9U3VgVZ7S 8jVSqssmYEf+Wqaehx/5qVgAtA4PNq4Gj2k2VQ1CMOjJPvx1tasRpi+2h Crmubifg5Wqldiook0Mj9x2TRNJKRieC7FO/g6gceDutFlOmZ2OE1YpQD 8=; X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0CdAABh48tZ/5tdJa1UCRkBAQEBAQEBA?= =?us-ascii?q?QEBAQcBAQEBAYNcZG4nB4Nxih+PXoF2iEKNaQ6CBAoehR0CGoRCPxgBAgEBAQE?= =?us-ascii?q?BAQFrKIUYAQEBAQEBASMRRQULAgEIEgYCAhAWAgICHxEVAg0BAgQOBRqJfwMNC?= =?us-ascii?q?BCoH4InhzwNgzsBAQEBAQEBAQEBAQEBAQEBAQEBAQEdgQ6CGQSBG0YhgVGBaiu?= =?us-ascii?q?BcIENgl6BcwEIAwcBEEcCglkvgjEFh0SCTo49iBg8AodchzlPhHmCE4Vug36HB?= =?us-ascii?q?4oNglyFPoJ1AhEZAYE4AR84gQMLeBVbAYUHHBl/T3YBh2sPGIEMgRABAQE?= X-IronPort-AV: E=Sophos;i="5.42,446,1500940800"; d="scan'208";a="300768390" Received: from rcdn-core-4.cisco.com ([173.37.93.155]) by rcdn-iport-6.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 27 Sep 2017 17:48:42 +0000 Received: from XCH-RTP-016.cisco.com (xch-rtp-016.cisco.com [64.101.220.156]) by rcdn-core-4.cisco.com (8.14.5/8.14.5) with ESMTP id v8RHmgMA028327 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Wed, 27 Sep 2017 17:48:42 GMT Received: from xch-rtp-020.cisco.com (64.101.220.160) by XCH-RTP-016.cisco.com (64.101.220.156) with Microsoft SMTP Server (TLS) id 15.0.1320.4; Wed, 27 Sep 2017 13:48:41 -0400 Received: from xch-rtp-020.cisco.com ([64.101.220.160]) by XCH-RTP-020.cisco.com ([64.101.220.160]) with mapi id 15.00.1320.000; Wed, 27 Sep 2017 13:48:41 -0400 From: "Carlos Pignataro (cpignata)" To: Kathleen Moriarty CC: The IESG , "draft-ietf-sfc-nsh@ietf.org" , "Joel M. Halpern" , "sfc-chairs@ietf.org" , "sfc@ietf.org" Thread-Topic: Kathleen Moriarty's Discuss on draft-ietf-sfc-nsh-24: (with DISCUSS and COMMENT) Thread-Index: AQHTNwhESLr2/8ugJkqnhLubM0mfVqLIbLCAgADIyICAABE7gA== Date: Wed, 27 Sep 2017 17:48:41 +0000 Message-ID: <2AB54847-8B23-4F0A-A2B0-98D097792AC5@cisco.com> References: <150645867503.20862.14046225395932721314.idtracker@ietfa.amsl.com> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-exchange-messagesentrepresentingtype: 1 x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [10.118.116.134] Content-Type: text/plain; charset="utf-8" Content-ID: <101B83CF35757F409E3CB0D3C95184F0@emea.cisco.com> Content-Transfer-Encoding: base64 MIME-Version: 1.0 Archived-At: Subject: Re: [sfc] Kathleen Moriarty's Discuss on draft-ietf-sfc-nsh-24: (with DISCUSS and COMMENT) X-BeenThere: sfc@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Network Service Chaining List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Sep 2017 17:48:47 -0000 SGksIEthdGhsZWVuLA0KDQpUaGFua3MgZm9yIHRoZSBkaWFsb2d1ZSDigJQgUGxlYXNlIHNlZSBp bmxpbmUsIEkgYW0gZm9jdXNpbmcgb24gdGhlIGFjdGlvbmFibGUgY29tbWVudHMsIGFuZCB0aGUg b25lcyB3aGVyZSBJIHRoaW5rIHZpZXdzIG1vc3RseSBkaXZlcmdlLg0KDQo+IE9uIFNlcCAyNywg MjAxNywgYXQgMTI6NDcgUE0sIEthdGhsZWVuIE1vcmlhcnR5IDxLYXRobGVlbi5Nb3JpYXJ0eS5p ZXRmQGdtYWlsLmNvbT4gd3JvdGU6DQo+IA0KPiBIaSBDYXJsb3MsDQo+IA0KPiBUaGFua3MgZm9y IHRoZSBxdWljayByZXNwb25zZSwgaW5saW5lLg0KPiANCj4gT24gV2VkLCBTZXAgMjcsIDIwMTcg YXQgMTI6NDggQU0sIENhcmxvcyBQaWduYXRhcm8gKGNwaWduYXRhKQ0KPiA8Y3BpZ25hdGFAY2lz Y28uY29tPiB3cm90ZToNCj4+IFRoYW5rIHlvdSBLYXRobGVlbiBmb3IgcmV2aWV3aW5nIHRoaXMg ZG9jdW1lbnQgYW5kIHRoZSBpbnB1dCBiZWxvdyENCj4+IA0KPj4gUGxlYXNlIHNlZSBpbmxpbmUu DQo+PiANCj4+IA0KPj4+IE9uIFNlcCAyNiwgMjAxNywgYXQgNDo0NCBQTSwgS2F0aGxlZW4gTW9y aWFydHkgPEthdGhsZWVuLk1vcmlhcnR5LmlldGZAZ21haWwuY29tPiB3cm90ZToNCj4+PiANCj4+ PiBLYXRobGVlbiBNb3JpYXJ0eSBoYXMgZW50ZXJlZCB0aGUgZm9sbG93aW5nIGJhbGxvdCBwb3Np dGlvbiBmb3INCj4+PiBkcmFmdC1pZXRmLXNmYy1uc2gtMjQ6IERpc2N1c3MNCj4+PiANCj4+PiBX aGVuIHJlc3BvbmRpbmcsIHBsZWFzZSBrZWVwIHRoZSBzdWJqZWN0IGxpbmUgaW50YWN0IGFuZCBy ZXBseSB0byBhbGwNCj4+PiBlbWFpbCBhZGRyZXNzZXMgaW5jbHVkZWQgaW4gdGhlIFRvIGFuZCBD QyBsaW5lcy4gKEZlZWwgZnJlZSB0byBjdXQgdGhpcw0KPj4+IGludHJvZHVjdG9yeSBwYXJhZ3Jh cGgsIGhvd2V2ZXIuKQ0KPj4+IA0KPj4+IA0KPj4+IFBsZWFzZSByZWZlciB0byBodHRwczovL3d3 dy5pZXRmLm9yZy9pZXNnL3N0YXRlbWVudC9kaXNjdXNzLWNyaXRlcmlhLmh0bWwNCj4+PiBmb3Ig bW9yZSBpbmZvcm1hdGlvbiBhYm91dCBJRVNHIERJU0NVU1MgYW5kIENPTU1FTlQgcG9zaXRpb25z Lg0KPj4+IA0KPj4+IA0KPj4+IFRoZSBkb2N1bWVudCwgYWxvbmcgd2l0aCBvdGhlciBiYWxsb3Qg cG9zaXRpb25zLCBjYW4gYmUgZm91bmQgaGVyZToNCj4+PiBodHRwczovL2RhdGF0cmFja2VyLmll dGYub3JnL2RvYy9kcmFmdC1pZXRmLXNmYy1uc2gvDQo+Pj4gDQo+Pj4gDQo+Pj4gDQo+Pj4gLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLQ0KPj4+IERJU0NVU1M6DQo+Pj4gLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KPj4+IA0KPj4+IEZp cnN0LCBJJ2QgbGlrZSB0byB0aGFuayB0aGUgYXV0aG9ycyBhbmQgV0cgZm9yIHlvdXIgZWZmb3J0 cyBpbiByZWNlbnQNCj4+PiByZXZpc2lvbnMgb2YgdGhpcyBkcmFmdCwgaXQgaGFzIGNvbWUgYSBs b25nIHdheS4NCj4+IA0KPj4gVGhhbmsgeW91IGZvciBlYXJseSBmZWVkYmFjaywgd2hpY2ggaGVs cGVkIHVzIGltcHJvdmUgdGhlIHNwZWMhDQo+PiANCj4+PiBJIHN0aWxsIHdhbnQgdG8gcG9rZSBh dCB0aGUNCj4+PiBsYWNrIG9mIGEgcmVxdWlyZW1lbnQgZm9yIGVpdGhlciBpbnRlZ3JpdHkgcHJv dGVjdGlvbiBvbiB0aGUgTlNIIGl0c2VsZiBvciBmb3INCj4+PiBNVVNUcyBvbiBwcm90ZWN0aW9u cyBmcm9tIHRoZSB0cmFuc3BvcnQgZW5jYXBzdWxhdGlvbi4gIEF0dGFja3MgaW5zaWRlIG9mIGEN Cj4+PiBkYXRhIGNlbnRlciBvciBzaW5nbGUgb3BlcmF0b3IgZG9tYWlucyBoYXBwZW4gYWxsIHRv byBvZnRlbi4gIFRoZSBudW1iZXIgZnJvbQ0KPj4+IDIwMTYgaXMgdXAgMTY0JSBhcyBvZiBhIHN0 YXRpc3RpYyBJIHNhdyBlYXJsaWVyIHRvZGF5Lg0KPj4gDQo+PiBTZWFyY2ggZW5naW5lcyBmaW5k IGFsbCBzb3J0IG9mIGludGVyZXN0aW5nIGFuZCB1bmludGVyZXN0aW5nIHN0YXRpc3RpY3Mgc2Vh cmNoaW5nIGZvciDigJwyMDE2IGlzIHVwIDE2NCXigJ0uIFRyeSBpdCA6LSkNCj4+IA0KPj4gSWYg eW91IGFyZSByZWZlcnJpbmcgdG8gdGhlIEdlbWFsdG8gWzFdIFsyXSBzdHVkeSwgdGhvc2UgYXJl IF9ub3RfIOKAnEF0dGFja3MgaW5zaWRlIG9mIGEgZGF0YSBjZW50ZXIgb3Igc2luZ2xlIG9wZXJh dG9yIGRvbWFpbnPigJ0uIFRob3NlIGFyZSBudW1iZXIgb2YgZGF0YSByZWNvcmRzIGxvc3Qgb3Ig c3RvbGVuLiBZb3UgaW1wbGllZCB0aGUgbnVtYmVyIG9mIGF0dGFja3MgaW5zaWRlIGEgZGF0YSBj ZW50ZXIgaW5jcmVhc2VkIGJ5IHRoYXQgbnVtYmVyLCB3aGljaCBtYXkgb3IgbWF5IG5vdCBiZSB0 aGUgY2FzZSwgYnV0IHRoZXJlIGRvZXMgbm90IHNlZW0gdG8gYmUgYSBzdHVkeSBhYm91dCBpdC4N Cj4gDQo+IEFub3RoZXIgc291cmNlIHF1b3RlZCBpdCBpbmNvcnJlY3RseSwgYnV0IDkxOCBpcyBh IHJlYWxseSBoaWdoIG51bWJlcg0KPiBvZiBkYXRhIGJyZWFjaGVzIGNvbXByb21pc2luZyAxLjkg YmlsbGlvbiByZWNvcmRzLiAgOTE4IGRhdGEgY2VudGVycw0KPiBiZWluZyBjb21wcm9taXNlZCA5 IG1vbnRocyBpbnRvIHRoZSB5ZWFyIGlzIHNvbWV0aGluZyB0byBjb25zaWRlciB3aGVuDQo+IHlv dSBhcmUgcHV0dGluZyBvdXQgdGVjaG5vbG9neSB0aGF0IGVzdGFibGlzaGVzIGFsdGVybmF0ZSBw YXRocw0KPiB0aHJvdWdoIGEgZGF0YSBjZW50ZXIgdGhhdCBtaWdodCBub3QgZm9sbG93IHRoZSBs b2dpY2FsIHBhdGggLSBlYXNpZXINCj4gdG8gYXZvaWQgbWl0aWdhdGlvbiBwb2ludHMgaWYgdGhl IGRhdGEgY2VudGVyIGlzIHJlbHlpbmcgb24gdGhvc2UNCj4gaW5saW5lLg0KPiANCj4gaHR0cHM6 Ly93d3cuZ2VtYWx0by5jb20vcHJlc3MvUGFnZXMvRmlyc3QtSGFsZi0yMDE3LUJyZWFjaC1MZXZl bC1JbmRleC1SZXBvcnQtSWRlbnRpdHktVGhlZnQtYW5kLVBvb3ItSW50ZXJuYWwtU2VjdXJpdHkt UHJhY3RpY2VzLVRha2UtYS1Ub2xsLmFzcHgNCj4gDQo+PiANCj4+IFBsZWFzZSBub3RlIHRoYXQg SSBhbSBub3QgbWluaW1pemluZyB0aGUgaXNzdWUsIG5vciBsb29raW5nIHRoZSBvdGhlciB3YXkg b3IgYnVyeWluZyB0aGUgaGVhZCBpbiB0aGUgc2FuZC4uLiBCdXQgdGhyb3dpbmcgYSBudW1iZXIg bGlrZSAxNjQlIHdpdGhvdXQgaXRzIHNlbWFudGljIGFuZCBjb250ZXh0IGRvZXMgbm90IGNvbnZl eSBhY3Rpb25hYmxlIGluZm9ybWF0aW9uLg0KPj4gDQo+PiBbMV0gaHR0cDovL2JyZWFjaGxldmVs aW5kZXguY29tL2Fzc2V0cy9CcmVhY2gtTGV2ZWwtSW5kZXgtUmVwb3J0LUgxLTIwMTctR2VtYWx0 by5wZGYNCj4+IFsyXSBodHRwOi8vd3d3LmRpZ2l0YWx0cmFuc2FjdGlvbnMubmV0L25ld3Mvc3Rv cnkvNzQyMQ0KPiANCj4gU29ycnksIEkgc2VlIHRoZXNlIHR5cGVzIG9mIHJlcG9ydHMgb2Z0ZW4g YW5kIGl0J3MganVzdCBhIHJlbWluZGVyDQo+IHRoYXQgdGhpcyBpcyBpbXBvcnRhbnQsIHRoZSBu dW1iZXJzIGFyZSBubyBkZWNsaW5pbmcgYW5kIHRoaXMNCj4gdGVjaG5vbG9neSBjb3VsZCBoYXZl IGFuIGltcGFjdCBvbiBob3cgdHJhZmZpYyBpcyByb3V0ZWQgb3IgbWlzLXJvdXRlZA0KPiB0aHJv dWdoIGEgZGF0YSBjZW50ZXIgYW5kIGNvdWxkIGJlIHVzZWQgZHVyaW5nIGFuIGF0dGFjay4NCj4g DQo+PiANCj4+IEFueXdheS4uLg0KPj4gDQo+Pj4gV2UgY2FuJ3Qgc3J1ZyB0aGlzIG9mZg0KPj4+ IGFueW1vcmUuDQo+Pj4gDQo+PiANCj4+IEFncmVlZC4gV2UgYXJlIG5vdCBzaHJ1Z2dpbmcgaXQg b2ZmLiBTZWUgYmVsb3cuDQo+PiANCj4+PiBTZWN1cml0eSBDb25zaWRlcmF0aW9ucyBzZWN0aW9u Og0KPj4+IEZpcnN0IHR3byBzZW50ZW5jZXMgc2F5Og0KPj4+ICBOU0ggaXMgZGVzaWduZWQgZm9y IHVzZSB3aXRoaW4gb3BlcmF0b3IgZW52aXJvbm1lbnRzLiAgQXMgc3VjaCwgaXQNCj4+PiAgZG9l cyBub3QgaW5jbHVkZSBhbnkgbWFuZGF0b3J5IHNlY3VyaXR5IG1lY2hhbmlzbXMuDQo+Pj4gDQo+ Pj4gSSB0aGluayB5b3UgaW50ZW5kZWQgdGhlIGZpcnN0IHNlbnRlbmNlIHRvIHNheSwgIndpdGhp biBhIHNpbmdsZSBvcGVyYXRvcg0KPj4+IGVudmlyb25tZW50IiBhcyB3aGF0IHlvdSBoYXZlIG5v dyBjb3VsZCBiZSBtdWx0aXBsZSBuZXR3b3JrcyBtYW5hZ2VkIHNlcGFyYXRlbHkNCj4+PiB3aXRo IHRoYXQgc3RhdGVtZW50Lg0KPj4gDQo+PiBZZXMhIFRoYW5rIHlvdSBmb3IgY2F0Y2hpbmcgdGhp cy4gV2UgYWxzbyBjYXVnaHQgaXQgaW4gYSByZS1yZXZpZXcuDQo+PiANCj4+PiBUaGVuIGZvciB0 aGUgc2Vjb25kIHNlbnRlbmNlLCBJIGtub3cgeW91IGRvbid0IGhhdmUgYW4NCj4+PiBpbnRlZ3Jp dHkgbWVjaGFuaXNtIG1hbmRhdGVkLCBidXQgSSByZWFsbHkgdGhpbmsgb25lIHNob3VsZCBiZS4g IENvdWxkbid0IHRoZQ0KPj4+IHBhdGggYmUgYWx0ZXJlZCBhbmQgbm90IGRldGVjdGFibGUgaWYg dGhlcmUgaXMgbm8gaW50ZWdyaXR5IGNoZWNraW5nPw0KPj4gDQo+PiBUaGUgcGF0aCBjYW4gYmUg YWx0ZXJlZCBpbiB0aGUgdHJhbnNwb3J0IGVuY2Fwc3VsYXRpb24gZWFzaWVyLg0KPiANCj4gSXQn cyBub3QgYW4gZXhjdXNlIHRvIG5vdCBkbyB0aGlzIGNvcnJlY3RseS4gIFdlIHNob3VsZCBiZSB3 b3JraW5nIHRvDQo+IG1pbmltaXplIHRoZSBhdHRhY2sgc3VyZmFjZSBnaXZlbiB0aGUgY3VycmVu dCBzdGF0ZSBvZiBjb21wcm9taXNlcy4NCg0KT2YgY291cnNlLiBCdXQgbXkgcG9pbnQgaXMgdGhh dCB3ZSBhcmUgbm90IGRvaW5nIHRoaXMgaW5jb3JyZWN0bHkuDQoNCkZpcnN0LCBpZiB5b3UgbG9v ayBhdCBob3cgc2VydmljZSBjaGFpbmluZyBpcyBhY2hpZXZlZCB0b2RheSwgaXQgc2hvdWxkIGJl IGNsZWFyIHRvIHlvdSB0aGF0IHRoaXMgdGVjaG5vbG9neSBub3Qgb25seSBkb2VzIG5vdCBtYWtl IHRoaW5ncyB3b3JzdCBidXQgYWxzbyByZWR1Y2VzIHRoZSBhdHRhY2sgc3VyZmFjZS4NCg0KTW9y ZSBvbiB0aGlzIGJlbG93LiBJIGJlbGlldmUgSSB1bmRlcnN0YW5kICpleGFjdGx5KiB3aGF0IGlz IHRoZSBkaXNhZ3JlZW1lbnQuDQoNCj4gDQo+PiANCj4+IEJ1dCB0aGUgbWFpbiBwb2ludCBpcyB0 aGF0IHRoZXJlIGFyZSB3YXlzIHRvIHByb3ZpZGUgaW50ZWdyaXR5IGNoZWNraW5nIHdpdGhpbiB0 aGUgdHJhbnNwb3J0IGVuY2Fwc3VsYXRpb24sIHdpdGggcHJvdmVuIGV4aXN0aW5nIG1lY2hhbmlz bXMuIEFuZCB3ZSBhZHZvY2F0ZSB0aGVpciB1c2UuDQo+IA0KPiBJIGRvbid0IHNlZSB0aGF0IHN0 cm9uZ2x5IGVub3VnaCwgaGVuY2Ugd2FudGluZyB0byBkaXNjdXNzIHRoaXMgbW9yZS4NCj4gDQoN ClNvdW5kcyBnb29kIOKAlCBsZXTigJlzIGRpc2N1c3MgaXQuDQoNCj4+IA0KPj4+IFRoaXMNCj4+ PiBjb3VsZCBiZSB1c2VkIHRvIGF2b2lkIHNlY3VyaXR5IHByb3RlY3Rpb25zIG9yIHRvIHJvdXRl IGl0IGluYXBwcm9wcmlhdGVseQ0KPj4+IHRocm91Z2ggYSBtdWx0aS10ZW5hbnQgZW52aXJvbm1l bnQuICBTdXJlLCB0aGUgdW5kZXJseWluZyBwcm90b2NvbCBzaG91bGQNCj4+PiBwcm92aWRlIHNl c3Npb24gZW5jcnlwdGlvbiBvbiBhcHBsaWNhdGlvbiB0cmFmZmljLCBidXQgdGhlcmUncyBubyBy ZWFzb24gd2h5DQo+Pj4gc2VjdXJpdHkgc2hvdWxkbid0IGhhdmUgYmVlbiBiYWtlZCBpbnRvIHRo aXMgcHJvdG9jb2wgYXMgYSByZXF1aXJlbWVudC4NCj4+IA0KPj4gRG8geW91IG1lYW4gdGhlIOKA nG92ZXJseWluZ+KAnSBwcm90b2NvbCBzaG91bGQgcHJvdmlkZSBzZXNzaW9uIGVuY3J5cHRpb24g b24gYXBwbGljYXRpb24gdHJhZmZpYz8NCj4+IA0KPj4gVGhlIHVuZGVybHlpbmcgcHJvdG9jb2wg aXMgYWxyZWFkeSBjb3ZlcmVkIGluIFNlY3Rpb24gOC4xLg0KPiANCj4gTm8sIEknbSB3b3JyaWVk IGFib3V0IHRoZSBOU0ggY29udGVudCBzcGVjaWZpY2FsbHkgYXMgdGhhdCBpcyB3aGF0DQo+IHRo aXMgZHJhZnQgaXMgYWJvdXQuDQo+IA0KDQpUaGUgTlNIIGNvbnRlbnQgaXMgcHJvdGVjdGVkIGJ5 IHRoZSB0cmFuc3BvcnQgZW5jYXBzdWxhdGlvbiwgYXMgcmVxdWlyZWQgYnkgc3BlY2lmaWMgZGVw bG95bWVudHMuDQoNCj4+IA0KPj4+IA0KPj4+PiBGcm9tIHRoZSBhcmNoaXRlY3R1cmUgZG9jdW1l bnQsIHRoZSBzZWN1cml0eSBjb25zaWRlcmF0aW9ucyBzZWN0aW9uIGNhbGxzDQo+Pj4gYXR0ZW50 aW9uIHRvIHBvc3NpYmxlIGlzc3VlcyByZWxhdGVkIHRvIGxhY2sgb2YgaW50ZWdyaXR5IGNoZWNr aW5nLiAgU2luY2Ugbm8NCj4+PiBlbmNhcHN1bGF0aW5nIHRyYW5zcG9ydCBpcyBzcGVjaWZpZWQg d2l0aCByZXF1aXJlZCBzZXNzaW9uIGVuY3J5cHRpb24sIGFuZCB0aGUNCj4+PiBOU0ggYWRkaXRp b24gZG9lc24ndCBoYXZlIGludGVncml0eSBwcm90ZWN0aW9uLCBob3cgd2lsbCB5b3UgbWVldCB0 aGlzDQo+Pj4gYXJjaGl0ZWN0dXJlIHJlcXVpcmVtZW50IGZyb20gUkZDNzY2NToNCj4+PiANCj4+ PiBTZXJ2aWNlIE92ZXJsYXk6ICBVbmRlcm5lYXRoIHRoZSBzZXJ2aWNlIGZ1bmN0aW9uIGZvcndh cmRlcnMsIHRoZQ0KPj4+ICAgICAgIGNvbXBvbmVudHMgdGhhdCBhcmUgcmVzcG9uc2libGUgZm9y IHBlcmZvcm1pbmcgdGhlIHRyYW5zcG9ydA0KPj4+ICAgICAgIGZvcndhcmRpbmcgY29uc3VsdCB0 aGUgb3V0ZXItdHJhbnNwb3J0IGVuY2Fwc3VsYXRpb24gZm9yDQo+Pj4gICAgICAgdW5kZXJsYXkg Zm9yd2FyZGluZy4gIFVzZWQgdHJhbnNwb3J0IG1lY2hhbmlzbXMgc2hvdWxkIHNhdGlzZnkNCj4+ PiAgICAgICB0aGUgc2VjdXJpdHkgcmVxdWlyZW1lbnRzIG9mIHRoZSBzcGVjaWZpYyBTRkMgZGVw bG95bWVudC4gIFRoZXNlDQo+Pj4gICAgICAgcmVxdWlyZW1lbnRzIHR5cGljYWxseSBpbmNsdWRl IHZhcnlpbmcgZGVncmVlcyBvZiB0cmFmZmljDQo+Pj4gICAgICAgc2VwYXJhdGlvbiwgcHJvdGVj dGlvbiBhZ2FpbnN0IGRpZmZlcmVudCBhdHRhY2tzIChlLmcuLA0KPj4+ICAgICAgIHNwb29maW5n LCBtYW4taW4tdGhlLW1pZGRsZSwgYnJ1dGUtZm9yY2UsIG9yIGluc2VydGlvbiBhdHRhY2tzKSwN Cj4+PiAgICAgICBhbmQgY2FuIGFsc28gaW5jbHVkZSBhdXRoZW50aWNpdHkgYW5kIGludGVncml0 eSBjaGVja2luZywgYW5kL29yDQo+Pj4gICAgICAgY29uZmlkZW50aWFsaXR5IHByb3Zpc2lvbnMs IGZvciBib3RoIHRoZSBuZXR3b3JrIG92ZXJsYXkNCj4+PiAgICAgICB0cmFuc3BvcnQgYW5kIHRy YWZmaWMgaXQgZW5jYXBzdWxhdGVzLg0KPj4+IA0KPj4gDQo+PiBJIG1heSBiZSBtaXNzaW5nIHNv bWV0aGluZywgYnV0IHdoYXQgSSByZWFkIGZyb20gUkZDIDc2NjUgc2F5czoNCj4+IA0KPj4gICAg ICAiVXNlZCB0cmFuc3BvcnQgbWVjaGFuaXNtcyBzaG91bGQgc2F0aXNmeQ0KPj4gICAgICAgdGhl IHNlY3VyaXR5IHJlcXVpcmVtZW50cyBvZiB0aGUgc3BlY2lmaWMgU0ZDIGRlcGxveW1lbnQuIg0K PiANCj4gQnV0IHlvdSBvbmx5IGhhdmUgU0hPVUxEIHN0YXRlbWVudHMgdG8gYWRkcmVzcyB0aGVz ZSBjb25jZXJucyBhbmQgbm90DQo+IE1VU1Qgc3RhdGVtZW50cyBmb3IgdGhlIGVuY2Fwc3VsYXRp bmcgdHJhbnNwb3J0Lg0KDQpXaGljaCBtZWFucyBpdCBpcyBjb3JyZWN0bHkgbWVldGluZyB0aGUg YXJjaGl0ZWN0dXJhbCByZXF1aXJlbWVudC4gUkZDIDc2NjUgZG9lcyBub3Qgc2F5IOKAnHlvdSBN VVNUIGFueXRoaW5nIGZvciB0cmFuc3BvcnTigJ0uDQoNCkFuZCBhbHNvIGJlY2F1c2UgdGhpcyBk b2N1bWVudCBkb2VzICpub3QqIHNwZWNpZnkgdGhlIHRyYW5zcG9ydCBlbmNhcHN1bGF0aW9uLiAN Cg0KVGhhdCBzYWlkLCB0aGVyZSBpcyBhIE1VU1QgaW4gU2VjdGlvbiA4LjEuIEFuZCBldmVuLCBJ IHdvdWxkIG5vdCBvcHBvc2UgY2hhbmdpbmcgYW5vdGhlciBTSE9VTEQgdG8gTVVTVCBpbiBTZWN0 aW9uIDguMS4sIG1heWJlIHRoZSBmaXJzdCBvbmUuDQoNCj4gIA0KPj4gDQo+Pj4gSXQgc2VlbXMg ZnJvbSB0aGlzIHRleHQsIHNvbWV0aGluZyBzaG91bGQgYmUgc3BlY2lmaWVkIGZvciB0aGUgdHJh bnNwb3J0DQo+Pj4gZW5jYXBzdWxhdGlvbi4NCj4+IA0KPj4gSSBhZ3JlZSBhbmQgZGlzYWdyZWUs IGluIGEgd2F5Lg0KPj4gDQo+PiBZZXMsIHNvbWV0aGluZyBvdWdodCB0byBiZSBzcGVjaWZpZWQs IGZvciB0aGUgdHJhbnNwb3J0IGVuY2Fwc3VsYXRpb24gc3BlY2lmaWNhdGlvbnMsIG5vdCBmb3Ig dGhlIE5TSCBzcGVjLg0KPiANCj4gVGhlbiB5b3UgbmVlZCB0byBwb2ludCB0byBpdCBpbiBhbm90 aGVyIGRyYWZ0IGZyb20gTlNIIG9yIHdlIGhhdmUgYQ0KPiBnYXAgdGhhdCBhbGxvd3MgZm9yIHBy b2JsZW1zIHRvIHN1cmZhY2UuDQoNClRoZSBvdGhlciB3YXkgYXJvdW5kLCBhIHRyYW5zcG9ydCBl bmNhcHN1bGF0aW9uIHdvdWxkIHBvaW50IHRvIE5TSC4NCg0KPiANCj4+IA0KPj4gT3IgcmVwaHJh c2luZywgdGhlIGRvY3VtZW50IGlzIHNwZWNpZnlpbmcgdGhlIE5TSCBkYXRhIHBsYW5lIGxheWVy LCBub3QgYmV5b25kLiBBbmQgaW4gdGhpcyBjb250ZXh0IGlzIHNwZWNpZnlpbmcgc2VjdXJpdHkg ZWxlbWVudHMgaW4gdGhlIHRyYW5zcG9ydCBlbmNhcHN1bGF0aW9uIGluIGEgZ2VuZXJpYyBmYXNo aW9uLCBhbmQgZm9yIHRoZSBNZXRhZGF0YSBpdHNlbGYuDQo+IA0KPiBUaGVuIHdoZXJlIGlzIGl0 IHNwZWNpZmllZCBhbmQgaG93IGlzIGl0IGxpbmtlZCB0byB0aGlzIGRyYWZ0IHRvIGZvcm0NCj4g YWRlcXVhdGUgcmVxdWlyZW1lbnRzPw0KPiANCj4+IA0KPj4+IA0KPj4+PiBGcm9tIHRoZSB0ZXh0 IGluIHRoZSBkcmFmdCB1bmRlciByZXZpZXc6DQo+Pj4gIEFzIHdpdGggbWFueQ0KPj4+ICBvdGhl ciBwcm90b2NvbHMsIHdpdGhvdXQgZW5oYW5jZW1lbnRzLCB0aGUgTlNIIGVuY2Fwc3VsYXRpb24g Y291bGQgY2FuIGJlDQo+Pj4gIHNwb29mZWQNCj4+PiAgb3Igb3RoZXJ3aXNlIG1vZGlmaWVkIGFu ZCBpcyBzdWJqZWN0IHRvIHNub29waW5nIGFuZCBtb2RpZmljYXRpb24gaW4gdHJhbnNpdC4NCj4+ PiANCj4+PiAgSG93ZXZlciwgdGhlIGRlcGxveW1lbnQgc2NvcGUgKGFzIGRlZmluZWQgaW4gW1JG Qzc2NjVdKSBvZiB0aGUgTlNIDQo+Pj4gIGVuY2Fwc3VsYXRpb24gaXMgbGltaXRlZCB0byBhIHNp bmdsZSBuZXR3b3JrIGFkbWluaXN0cmF0aXZlIGRvbWFpbiBhcw0KPj4+ICBhIGNvbnRyb2xsZWQg ZW52aXJvbm1lbnQsIHdpdGggdHJ1c3RlZCBkZXZpY2VzIChlLmcuLCBhIGRhdGEgY2VudGVyKQ0K Pj4+ICBoZW5jZSBtaXRpZ2F0aW5nIHRoZSByaXNrIG9mIHVuYXV0aG9yaXplZCBtYW5pcHVsYXRp b24gb2YgdGhlDQo+Pj4gIGVuY2Fwc3VsYXRpb24gaGVhZGVycyBvciBtZXRhZGF0YS4NCj4+PiAN Cj4+PiBUaGlzIGlzIGluIGRpcmVjdCBjb25mbGljdCB3aXRoIHRoZSBTZXJ2aWNlIE92ZXJsYXkg cmVxdWlyZW1lbnRzIGluIHRoZQ0KPj4+IFNlY3VyaXR5IENvbnNpZGVyYXRpb25zIG9mIFJGQzc2 NjUuDQo+PiANCj4+IEkgZG8gbm90IHRoaW5rIGl0IGlzLCBhcyBzaG93biBhYm92ZS4gQ291bGQg eW91IHBsZWFzZSBiZSBtb3JlIHNwZWNpZmljPw0KPiANCj4gVGhlIHRleHQgZnJvbSB0aGUgZHJh ZnQgdW5kZXIgcmV2aWV3IHN0YXRlcyB0aGF0IHlvdSBjYW4gcmVseSBvbiB0aGUNCj4gc2luZ2xl IGRvbWFpbiBvcGVyYXRvciBlbnZpcm9ubWVudCBhcyBhIHNlY3VyaXR5IG1lYXN1cmUNCg0KV2hh dCB5b3UgYXJlIHN0YXRpbmcgaXMgaW5jb3JyZWN0Lg0KDQpBbmQgdGhpcywgSSBiZWxpZXZlLCBp cyBhIGtleSBzb3VyY2Ugb2YgeW91ciBESVNDVVNTLCB3aGljaCBJIHRoaW5rIGlzIGEgbWlzdW5k ZXJzdGFuZGluZyBvZiB0aGUgZXhpc3RpbmcgdGV4dC4NCg0KVGhlIGRyYWZ0IGN1cnJlbnRseSBz YXlzOg0KDQogICBPcGVyYXRvcnMgU0hPVUxEIHRoZW4gc2VsZWN0IGEgdHJhbnNwb3J0DQogICBl bmNhcHN1bGF0aW9uIHByb3RvY29sIHN1Y2ggYXMgb25lIHRoYXQgc3VwcG9ydHMgW1JGQzYwNzFd IHRvIHByb3ZpZGUNCiAgIHRoZSBuZWVkZWQgcHJvdGVjdGlvbiAoZS5nLiwgYXV0aGVudGljaXR5 LCBjb25maWRlbnRpYWxpdHkpIGZvciB0aGUNCiAgIHRyYWZmaWMgYmV0d2VlbiBTRkMgY29tcG9u ZW50cy4NCg0KQW5kIHRoZW4gc2F5czoNCg0KICAgT25lIHVzZWZ1bCBlbGVtZW50IG9mIHByb3Zp ZGluZyBwcml2YWN5IHByb3RlY3Rpb24gZm9yIHNlbnNpdGl2ZQ0KICAgbWV0YWRhdGEgaXMgZGVz Y3JpYmVkIHVuZGVyIHRoZSAiU0ZDIEVuY2Fwc3VsYXRpb24iIGFyZWEgb2YgdGhlDQogICBTZWN1 cml0eSBDb25zaWRlcmF0aW9ucyBvZiBbUkZDNzY2NV0uICBPcGVyYXRvcnMgY2FuIGFuZCBzaG91 bGQgdXNlDQogICBpbmRpcmVjdCBpZGVudGlmaWNhdGlvbiBmb3IgbWV0YWRhdGEgZGVlbWVkIHRv IGJlIHNlbnNpdGl2ZSAoc3VjaCBhcw0KICAgcGVyc29uYWxseSBpZGVudGlmeWluZyBpbmZvcm1h dGlvbikgc2lnbmlmaWNhbnRseSBtaXRpZ2F0aW5nIHRoZSByaXNrDQogICBvZiBwcml2YWN5IHZp b2xhdGlvbi4gDQoNCkFuZCB0aGVuIGZ1cnRoZXIgc2F5czoNCg0KICAgRm9yIHRob3NlIHNpdHVh dGlvbnMgd2hlcmUgb2JmdXNjYXRpb24gaXMgZWl0aGVyIGluYXBwbGljYWJsZSBvcg0KICAganVk Z2VkIHRvIGJlIGluc3VmZmljaWVudCwgYW4gb3BlcmF0b3IgY2FuIGFsc28gZW5jcnlwdCB0aGUg bWV0YWRhdGEuDQogICBBbiBhcHByb2FjaCB0byBhbiBvcHRpb25hbCBjYXBhYmlsaXR5IHRvIGRv IHRoaXMgd2FzIGV4cGxvcmVkIGluDQogICBbSS1ELnJlZGR5LXNmYy1uc2gtZW5jcnlwdF0uICBG b3Igb3RoZXIgc2l0dWF0aW9ucyB3aGVyZSBncmVhdGVyDQogICBhc3N1cmFuY2UgaXMgZGVzaXJl ZCwgb3B0aW9uYWwgbWVjaGFuaXNtcyBzdWNoIGFzDQogICBbSS1ELmJyb2NrbmVycy1wcm9vZi1v Zi10cmFuc2l0XSBjYW4gYmUgdXNlZC4NCg0KU28sIGZvbGxvd2luZyBvbiBbSS1ELnJlZGR5LXNm Yy1uc2gtZW5jcnlwdF0sIGl0IHNheXM6DQoNCiAgIFRoaXMgZHJhZnQgYWRkcyBhdXRoZW50aWNh dGlvbg0KICAgYW5kIG9wdGlvbmFsIGVuY3J5cHRpb24gZGlyZWN0bHkgdG8gTlNILiAgVGhpcyB3 YXkgTlNIIGRhdGEgZG9lcyBub3QNCiAgIGhhdmUgdG8gcmVseSBvbiB1bmRlcmx5aW5nIHRyYW5z cG9ydCBlbmNhcHN1bGF0aW9uIGZvciBzZWN1cml0eSBhbmQNCiAgIGNvbmZpZGVudGlhbGl0eS4N Cg0KQW5kOg0KDQogICBBbiBOU0ggaW1wb3NlciBpbnNlcnRzIGFuIEF1dGhlbnRpY2F0aW9uIFRh ZyBUTFYgZm9yIGRhdGEgb3JpZ2luDQogICBhdXRoZW50aWNhdGlvbiBhbmQgaW50ZWdyaXR5IHBy b3RlY3Rpb24uDQoNCkFsbCB0aGUgcGllY2VzIGFyZSB0aGVyZS4NCg0KPiBhbmQgdGhhdCdzDQo+ IHJlYWxseSBub3QgYWRlcXVhdGUgdG8gYWRkcmVzcyB0aGUgcHJvYmxlbXMgc3RhdGVkIGluIHRo ZSBmaXJzdA0KPiBwYXJhZ3JhcGggb2YgdGhlIHF1b3RlZCB0ZXh0IC0gc3Bvb2ZlZCBhbmQgYWN0 aXZlIGludGVyY2VwdGlvbiBhdHRhY2tzDQo+IC0gdGhlc2UgaGFwcGVuIGR1cmluZyBhdHRhY2tz IHdpdGhpbiB0aGUgZGF0YSBjZW50ZXIuICBTaW5jZSBpdCBpcyBvbmUNCj4gd2F5IHRvIGFsdGVy IHRoZSBmbG93IG9mIHRyYWZmaWMsIEkgdGhpbmsgdGhlcmUgcmVhbGx5IHNob3VsZCBiZQ0KPiBp bnRlZ3JpdHkgcHJvdGVjdGlvbiBidWlsdCBpbnRvIE5TSC4NCg0KU2VlIGFib3ZlLg0KDQo+IA0K Pj4gDQo+PiBQbGVhc2Ugbm90ZSB0aGF0IHdlIG1lYW5pbmdmdWxseSBhbmQgZHJhbWF0aWNhbGx5 IOKAnGJlZWZlZCB1cOKAnSBhbGwgdGhpcyB0ZXh0IGZyb20gd2hlbiB5b3UgcmV2aWV3ZWQgLTE4 Lg0KPiANCj4gWWVzLCBhbmQgd2hpbGUgSSBhcHByZWNpYXRlIHRoZSBpbXByb3ZlbWVudHMsIHRo ZXJlIGlzIG1vcmUgd29yayB0byBiZQ0KPiBkb25lIGZvciB0b2RheSdzIHRyZWF0IGxhbmRzY2Fw ZS4gIFdlJ3JlIG5vdCB0YWxraW5nIGFib3V0IGEgbGVnYWN5DQo+IHByb3RvY29sIGhlcmUgd2l0 aCBubyBvcHRpb25zLCBzb21ldGhpbmcgY2FuIGJlIGRvbmUuDQoNCkNvdWxkIHlvdSBwbGVhc2Ug c2hhcmUgbW9yZSBzcGVjaWZpY3MgYmFzZWQgb24gdGhlIHJlc3BvbnNlcyBhYm92ZT8NCg0KDQoN Cj4gDQo+PiANCj4+PiANCj4+PiBTZWN0aW9uIDguMQ0KPj4+IEknZCBsaWtlIHRvIHNlZSBzb21l IE1VU1RzIHRvIGFkZHJlc3MgdGhlIGNvbmNlcm5zIGxpc3RlZCBpbiBSRkM3NjY1IGZvcg0KPj4+ IGVuY2Fwc3VsYXRpb24gcmVxdWlyZW1lbnRzIG9yIGFuIGFkZGl0aW9uIG9mIGludGVncml0eSBw cm90ZWN0aW9uIG9uIE5TSCBpdHNlbGYuDQo+Pj4gDQo+PiANCj4+IFNlZSBhYm92ZS4NCj4+IA0K Pj4gV2UgY2Fubm90IGFkZCBhIE1VU1QgZm9yIHNvbWV0aGluZyB3ZSBhcmUgbm90IHNwZWNpZnlp bmcuIEFuZCBhdCB0aGUgTlNIIGl0c2VsZiwgd2UgYXJlIGJlaW5nIHZlcnkgZXhwbGljaXQgYWJv dXQgdGhlIHRocmVhdHMgYW5kIG1vdGl2YXRpb25zLCBTZWN0aW9uIDguMy4NCj4gDQo+IEknZCBw cmVmZXIgaW50ZWdyaXR5IHByb3RlY3Rpb24gdG8gYmUgYWRkZWQgZGlyZWN0bHkgaW50byBOU0gg YW55d2F5Lg0KDQpJIHVuZGVyc3RhbmQgdGhhdCwgYW5kIHRoZSBjdXJyZW50IHRleHQgZ2l2ZXMg aW50ZWdyaXR5IHByb3RlY3Rpb24gdXNpbmcgcHJvdmVuIGV4aXN0aW5nIHByb3RvY29scyBpbiB0 aGUgZW5jYXAsIGFuZCBwb2ludHMgdG8gb3B0aW9uYWwgbWV0aG9kcyB0byBkbyBzb21ldGhpbmcg aW4gTlNILCBpbmNsdWRpbmcgUHJvb2Ygb2YgVHJhbnNpdCBbSS1ELmJyb2NrbmVycy1wcm9vZi1v Zi10cmFuc2l0XS4NCg0KPiANCj4+IA0KPj4+IA0KPj4+IC0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCj4+PiBDT01N RU5UOg0KPj4+IC0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCj4+PiANCj4+PiBUaGlzIGludHJvZHVjdG9yeSB0ZXh0 IGlzIG11Y2ggaW1wcm92ZWQgZnJvbSBhIHByZXZpb3VzIHZlcnNpb24gYW5kIG15DQo+Pj4gY29t bWVudHMsIHRoYW5rcyBmb3IgdGhlIHVwZGF0ZS4gIFRoaXMgaGVscHMgcXVpdGUgYSBiaXQuDQo+ PiANCj4+IEdyZWF0IHRvIGhlYXIhDQo+PiANCj4+PiANCj4+PiAgVGhlIE5ldHdvcmsgU2Vydmlj ZSBIZWFkZXIgKE5TSCkgc3BlY2lmaWNhdGlvbiBkZWZpbmVzIGEgbmV3IHByb3RvY29sDQo+Pj4g IGFuZCBhc3NvY2lhdGVkIGVuY2Fwc3VsYXRpb24gZm9yIHRoZSBjcmVhdGlvbiBvZiBkeW5hbWlj IHNlcnZpY2UNCj4+PiAgY2hhaW5zLCBvcGVyYXRpbmcgYXQgdGhlIHNlcnZpY2UgcGxhbmUuICBU aGUgTlNIIGlzIGRlc2lnbmVkIHRvDQo+Pj4gIGVuY2Fwc3VsYXRlIGFuIG9yaWdpbmFsIHBhY2tl dCBvciBmcmFtZSwgYW5kIGluIHR1cm4gYmUgZW5jYXBzdWxhdGVkDQo+Pj4gIGJ5IGFuIG91dGVy IHRyYW5zcG9ydCBlbmNhcHN1bGF0aW9uICh3aGljaCBpcyB1c2VkIHRvIGRlbGl2ZXIgdGhlIE5T SA0KPj4+ICB0byBOU0gtYXdhcmUgbmV0d29yayBlbGVtZW50cyksIGFzIHNob3duIGluIEZpZ3Vy ZSAxOg0KPj4+IA0KPj4gDQo+PiBJIGp1c3QgcmVtZW1iZXIgdGhhdCB5b3UgaGFkIHN1Z2dlc3Rl ZCBhZGRpbmcgYSBwb2ludGVyIHRvIEZpZ3VyZSAzIGZyb20gUkZDIDc2NjUgYXMgd2VsbC4gV2ls bCBhZGQgdGhhdCB0byB0aGUgSW50cm8uDQo+IA0KPiBUaGFua3MhDQoNCllvdSBhcmUgd2VsY29t ZS4NCg0KPiANCj4+IA0KPj4+IFNlY3Rpb24gOC4xOg0KPj4+IEkgZG9uJ3QgdGhpbmsgeW91IG5l ZWQgdGhlIHRleHQgb24gQkNQMzguICBJdCdzIGEgaGVscGZ1bCByZWNvbW1lbmRhdGlvbiBpbg0K Pj4+IGdlbmVyYWwsIGJ1dCBJIGRvbid0IHNlZSBob3cgaXQncyBkaXJlY3RseSBhcHBsaWNhYmxl IHRvIHRoaXMgc3BlY2lmaWNhdGlvbi4NCj4+IA0KPj4gSXQgc2VlbXMgcmVsZXZhbnQgaW4gdGhl IGNvbnRleHQgb2YgZmlsdGVyaW5nIHRyYWZmaWMgdGhhdCBnb2VzIGludG8gdGhlIHNlcnZpY2Ug ZnVuY3Rpb24gcGF0aC4gQnV0IGlmIHlvdSBpbnNpc3QsIHdlIGNhbiBjb21tZW50IGl0IG91dCBp biB0aGUgc291cmNlLg0KPiANCj4gVGFrZSBpdCBvciBsZWF2ZSBpdCwgaXQgZG9lc24ndCBtYXR0 ZXIgbXVjaC4NCj4gDQoNClNvdW5kcyBnb29kIOKAlCB0aGFua3MhDQoNCuKAlCBDYXJsb3MuDQoN Cj4gVGhhbmsgeW91LA0KPiBLYXRobGVlbg0KPiANCj4+IA0KPj4+IA0KPj4+IFRoYW5rIHlvdSBm b3IgYWRkaW5nIHRoZSB0ZXh0IG9uIEJvdW5kYXJ5IHByb3RlY3Rpb25zIHBlciB0aGUgU2VjRGly IHJldmlldywgSQ0KPj4+IHRoaW5rIHRoaXMgaXMgdmVyeSBoZWxwZnVsLg0KPj4+IA0KPj4+IA0K Pj4gDQo+PiBPZiBjb3Vyc2UhIFRoYW5rIHlvdSBhZ2FpbiwgS2F0aGxlZW4uDQo+PiANCj4+IOKA lCBDYXJsb3MuDQo+PiANCj4+IA0KPiANCj4gDQo+IA0KPiAtLSANCj4gDQo+IEJlc3QgcmVnYXJk cywNCj4gS2F0aGxlZW4NCg0K From nobody Wed Sep 27 11:36:15 2017 Return-Path: X-Original-To: sfc@ietfa.amsl.com Delivered-To: sfc@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A94AE134EE3; Wed, 27 Sep 2017 11:36:09 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -14.521 X-Spam-Level: X-Spam-Status: No, score=-14.521 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LzKJR3k6WzmY; Wed, 27 Sep 2017 11:36:08 -0700 (PDT) Received: from rcdn-iport-3.cisco.com (rcdn-iport-3.cisco.com [173.37.86.74]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D3065134EC1; Wed, 27 Sep 2017 11:36:07 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=4070; q=dns/txt; s=iport; t=1506537367; x=1507746967; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=p988jm5DIpYwfdhpeb4FbTf7pEDfHpl7I5WDd6eNGS8=; b=J9Dml1cGuR9SoFRY6/uoqkZCBQy60VvvROVt+Bw9yBXAFLnz0jrG00If Jfbyigph3Eqrp2bfvsI3xEzn5PFT+TP936lwFN1gZHBsnVKMoEn4tau4E cu5L436LpkwEnLiCokLq01mJTgdUYBYWHzQq+JNOm6STOy51RNaAbD7Yr 0=; X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0DoAAD07stZ/4gNJK1dGQEBAQEBAQEBA?= =?us-ascii?q?QEBBwEBAQEBg1xkbicHg3GKH49egVQiiEKNaQ6CBAojhRgCGoRCPxgBAgEBAQE?= =?us-ascii?q?BAQFrKIUYAQEBAQIBIxFFBQsCAQgYAgImAgICHxEVEAIEDgWKGQMNCBCoEoInh?= =?us-ascii?q?zsNgzsBAQEBAQEBAQEBAQEBAQEBAQEBAQEYBYEOgh2CAoFRghULgnKCXoFzARI?= =?us-ascii?q?BgzIvgjEFihKWVTwCh1yICIR5ghOFbosFjGmFPoJ1AhEZAYE4AR84QkELeBVbA?= =?us-ascii?q?YU8gU52AYYhgSSBEAEBAQ?= X-IronPort-AV: E=Sophos;i="5.42,446,1500940800"; d="scan'208";a="290365398" Received: from alln-core-3.cisco.com ([173.36.13.136]) by rcdn-iport-3.cisco.com with ESMTP/TLS/DHE-RSA-AES256-SHA; 27 Sep 2017 18:36:06 +0000 Received: from XCH-RCD-006.cisco.com (xch-rcd-006.cisco.com [173.37.102.16]) by alln-core-3.cisco.com (8.14.5/8.14.5) with ESMTP id v8RIa60k024868 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Wed, 27 Sep 2017 18:36:06 GMT Received: from xch-rcd-008.cisco.com (173.37.102.18) by XCH-RCD-006.cisco.com (173.37.102.16) with Microsoft SMTP Server (TLS) id 15.0.1320.4; Wed, 27 Sep 2017 13:36:06 -0500 Received: from xch-rcd-008.cisco.com ([173.37.102.18]) by XCH-RCD-008.cisco.com ([173.37.102.18]) with mapi id 15.00.1320.000; Wed, 27 Sep 2017 13:36:06 -0500 From: "Paul Quinn (paulq)" To: Kathleen Moriarty CC: The IESG , "draft-ietf-sfc-nsh@ietf.org" , "Joel M. Halpern" , "sfc-chairs@ietf.org" , "sfc@ietf.org" Thread-Topic: Kathleen Moriarty's Discuss on draft-ietf-sfc-nsh-24: (with DISCUSS and COMMENT) Thread-Index: AQHTNwhEr6N4KlDAPEOxOLbE2zOrfaLJZLWA Date: Wed, 27 Sep 2017 18:36:06 +0000 Message-ID: <44F57C98-6191-4B59-BD30-E611B78B0089@cisco.com> References: <150645867503.20862.14046225395932721314.idtracker@ietfa.amsl.com> In-Reply-To: <150645867503.20862.14046225395932721314.idtracker@ietfa.amsl.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-exchange-messagesentrepresentingtype: 1 x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [10.19.17.234] Content-Type: text/plain; charset="utf-8" Content-ID: <965B567125AB014ABEFB80C4EB329C71@emea.cisco.com> Content-Transfer-Encoding: base64 MIME-Version: 1.0 Archived-At: Subject: Re: [sfc] Kathleen Moriarty's Discuss on draft-ietf-sfc-nsh-24: (with DISCUSS and COMMENT) X-BeenThere: sfc@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Network Service Chaining List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Sep 2017 18:36:09 -0000 SGksDQoNCg0KPiBPbiBTZXAgMjYsIDIwMTcsIGF0IDQ6NDQgUE0sIEthdGhsZWVuIE1vcmlhcnR5 IDxrYXRobGVlbi5tb3JpYXJ0eS5pZXRmQGdtYWlsLmNvbT4gd3JvdGU6DQo+IA0KPiBLYXRobGVl biBNb3JpYXJ0eSBoYXMgZW50ZXJlZCB0aGUgZm9sbG93aW5nIGJhbGxvdCBwb3NpdGlvbiBmb3IN Cj4gZHJhZnQtaWV0Zi1zZmMtbnNoLTI0OiBEaXNjdXNzDQo+IA0KPiBXaGVuIHJlc3BvbmRpbmcs IHBsZWFzZSBrZWVwIHRoZSBzdWJqZWN0IGxpbmUgaW50YWN0IGFuZCByZXBseSB0byBhbGwNCj4g ZW1haWwgYWRkcmVzc2VzIGluY2x1ZGVkIGluIHRoZSBUbyBhbmQgQ0MgbGluZXMuIChGZWVsIGZy ZWUgdG8gY3V0IHRoaXMNCj4gaW50cm9kdWN0b3J5IHBhcmFncmFwaCwgaG93ZXZlci4pDQo+IA0K PiANCj4gUGxlYXNlIHJlZmVyIHRvIGh0dHBzOi8vd3d3LmlldGYub3JnL2llc2cvc3RhdGVtZW50 L2Rpc2N1c3MtY3JpdGVyaWEuaHRtbA0KPiBmb3IgbW9yZSBpbmZvcm1hdGlvbiBhYm91dCBJRVNH IERJU0NVU1MgYW5kIENPTU1FTlQgcG9zaXRpb25zLg0KPiANCj4gDQo+IFRoZSBkb2N1bWVudCwg YWxvbmcgd2l0aCBvdGhlciBiYWxsb3QgcG9zaXRpb25zLCBjYW4gYmUgZm91bmQgaGVyZToNCj4g aHR0cHM6Ly9kYXRhdHJhY2tlci5pZXRmLm9yZy9kb2MvZHJhZnQtaWV0Zi1zZmMtbnNoLw0KPiAN Cj4gDQo+IA0KPiAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQo+IERJU0NVU1M6DQo+IC0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCj4g DQo+IEZpcnN0LCBJJ2QgbGlrZSB0byB0aGFuayB0aGUgYXV0aG9ycyBhbmQgV0cgZm9yIHlvdXIg ZWZmb3J0cyBpbiByZWNlbnQNCj4gcmV2aXNpb25zIG9mIHRoaXMgZHJhZnQsIGl0IGhhcyBjb21l IGEgbG9uZyB3YXkuICANCg0KUFE+IEFuZCB0aGFuayB5b3UgZm9yIHRoZSBkZXRhaWxlZCByZXZp ZXdzISAgWW91ciBmZWVkYmFjayBoYXMgaGVscGVkIGltcHJvdmUgdGhpcyBkcmFmdCBhbmQgaXMg bXVjaCBhcHByZWNpYXRlZCENCiANCg0KDQo+IEkgc3RpbGwgd2FudCB0byBwb2tlIGF0IHRoZQ0K PiBsYWNrIG9mIGEgcmVxdWlyZW1lbnQgZm9yIGVpdGhlciBpbnRlZ3JpdHkgcHJvdGVjdGlvbiBv biB0aGUgTlNIIGl0c2VsZiBvciBmb3INCj4gTVVTVHMgb24gcHJvdGVjdGlvbnMgZnJvbSB0aGUg dHJhbnNwb3J0IGVuY2Fwc3VsYXRpb24uICBBdHRhY2tzIGluc2lkZSBvZiBhDQo+IGRhdGEgY2Vu dGVyIG9yIHNpbmdsZSBvcGVyYXRvciBkb21haW5zIGhhcHBlbiBhbGwgdG9vIG9mdGVuLiAgVGhl IG51bWJlciBmcm9tDQo+IDIwMTYgaXMgdXAgMTY0JSBhcyBvZiBhIHN0YXRpc3RpYyBJIHNhdyBl YXJsaWVyIHRvZGF5LiAgV2UgY2FuJ3Qgc3J1ZyB0aGlzIG9mZg0KPiBhbnltb3JlLg0KPiANCj4g U2VjdXJpdHkgQ29uc2lkZXJhdGlvbnMgc2VjdGlvbjoNCj4gRmlyc3QgdHdvIHNlbnRlbmNlcyBz YXk6DQo+ICAgTlNIIGlzIGRlc2lnbmVkIGZvciB1c2Ugd2l0aGluIG9wZXJhdG9yIGVudmlyb25t ZW50cy4gIEFzIHN1Y2gsIGl0DQo+ICAgZG9lcyBub3QgaW5jbHVkZSBhbnkgbWFuZGF0b3J5IHNl Y3VyaXR5IG1lY2hhbmlzbXMuDQo+IA0KPiBJIHRoaW5rIHlvdSBpbnRlbmRlZCB0aGUgZmlyc3Qg c2VudGVuY2UgdG8gc2F5LCAid2l0aGluIGEgc2luZ2xlIG9wZXJhdG9yDQo+IGVudmlyb25tZW50 IiBhcyB3aGF0IHlvdSBoYXZlIG5vdyBjb3VsZCBiZSBtdWx0aXBsZSBuZXR3b3JrcyBtYW5hZ2Vk IHNlcGFyYXRlbHkNCj4gd2l0aCB0aGF0IHN0YXRlbWVudC4gIFRoZW4gZm9yIHRoZSBzZWNvbmQg c2VudGVuY2UsIEkga25vdyB5b3UgZG9uJ3QgaGF2ZSBhbg0KPiBpbnRlZ3JpdHkgbWVjaGFuaXNt IG1hbmRhdGVkLCBidXQgSSByZWFsbHkgdGhpbmsgb25lIHNob3VsZCBiZS4gIENvdWxkbid0IHRo ZQ0KPiBwYXRoIGJlIGFsdGVyZWQgYW5kIG5vdCBkZXRlY3RhYmxlIGlmIHRoZXJlIGlzIG5vIGlu dGVncml0eSBjaGVja2luZz8gIFRoaXMNCj4gY291bGQgYmUgdXNlZCB0byBhdm9pZCBzZWN1cml0 eSBwcm90ZWN0aW9ucyBvciB0byByb3V0ZSBpdCBpbmFwcHJvcHJpYXRlbHkNCj4gdGhyb3VnaCBh IG11bHRpLXRlbmFudCBlbnZpcm9ubWVudC4gIFN1cmUsIHRoZSB1bmRlcmx5aW5nIHByb3RvY29s IHNob3VsZA0KPiBwcm92aWRlIHNlc3Npb24gZW5jcnlwdGlvbiBvbiBhcHBsaWNhdGlvbiB0cmFm ZmljLCBidXQgdGhlcmUncyBubyByZWFzb24gd2h5DQo+IHNlY3VyaXR5IHNob3VsZG4ndCBoYXZl IGJlZW4gYmFrZWQgaW50byB0aGlzIHByb3RvY29sIGFzIGEgcmVxdWlyZW1lbnQuDQoNClBRPiAg VGhlIGRyYWZ0IGNsZWFybHkgcHJvdmlkZXMgd2VsbCB1bmRlcnN0b29kIGFuZCBhY2NlcHRlZCBm b3JtcyBvZiBpbnRlZ3JpdHkgYW5kL29yIGNvbmZpZGVudGlhbGl0eSB1c2luZyBzdGFuZGFyZCBw cm90b2NvbHMuICAgUmVxdWlyaW5nIOKAnGJha2VkIGlu4oCdIHNlY3VyaXR5IOKAlCBpbiB0aGUg Zm9ybSBvZiBpbnRlZ3JpdHkgYW5kL29yIGNvbmZpZGVudGlhbGl0eSDigJQgc2VlbXMgbm90IG9u bHkgdW5uZWNlc3NhcnkgYnV0IGEgYnVyZGVuIHRoYXQgdGhlIElFVEYsIGluIGdlbmVyYWwsIGhh cyBub3QgaW1wb3NlZC4gICBMZXTigJlzIGxvb2sgYXQgcmVjZW50IHdvcmsgaW4gYSBjb3VwbGUg b2Ygb3RoZXIgV0dzIGZvciBzb21lIHJlY2VudCBkYXRhIHBvaW50czogaSkgbnZvMzogVlhMQU4g YW5kICBnZW5ldmUsIGlpKSBTUFJJTkcgYW5kIHNlZ21lbnQgcm91dGluZy4gICAgSW4gYWxsIHRo b3NlIGNhc2VzLCDigJxpbnRlZ3JpdHnigJ0gaXMgbm90IChjb3JyZWN0bHkpIGVuZm9yY2VkIGlu IHRoZSBkYXRhcGxhbmUuICAgTlNIIGZvbGxvd3MgYSBzaW1pbGFyIHBoaWxvc29waHkuICANCg0K PHRyaW1tZWQ+ From nobody Wed Sep 27 11:41:38 2017 Return-Path: X-Original-To: sfc@ietfa.amsl.com Delivered-To: sfc@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 95C741342F5; Wed, 27 Sep 2017 11:41:36 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.999 X-Spam-Level: X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id x7OT72Aqkd_r; Wed, 27 Sep 2017 11:41:33 -0700 (PDT) Received: from mail-wr0-x234.google.com (mail-wr0-x234.google.com [IPv6:2a00:1450:400c:c0c::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 54A05132D4B; Wed, 27 Sep 2017 11:41:33 -0700 (PDT) Received: by mail-wr0-x234.google.com with SMTP id m18so18061714wrm.2; Wed, 27 Sep 2017 11:41:33 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=pSb6vlCz8uhxkICTpaDtj4PUUyRemzKL5pZjlknRnIE=; b=g+co/+5YtTCuCuIdaaIKEfKpq1dSjBUngNHEqscBCAuGQvXlvp7WKXo2azD2x4HmbW 9U36w5QTBsgsEG2Fc7zrzRyjHc35Up4/uX3K4ev+RAJZmRf4tYAlmgXENIUxAEdPJvD+ vFUwLhEKqWGLk7vP7AorHmMCU+9vPnL4MOBeG+D2ISlgDrfstvPBB+DjNts+U+7d+pZq OrJcz5TPTaie8yxw6RMyRd3yllXxcFglwOmzqAk7kIo/sP5KGJ64VrwiT6zS8k7OIE3L uzn+Bl7Ny4PKD1jzqRm5m2Cszz4pDJjX8AZTtzbTu8UACqxipwrSD8Y91FIPZjutxwC+ vKSw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=pSb6vlCz8uhxkICTpaDtj4PUUyRemzKL5pZjlknRnIE=; b=TyZzUQ95vkQu7xyandpGx5MXnJaTtmvwaJSXL+4gjNpFFrlchIjFDUoBSywOcSUeml YdF2X5PPJtTrGzGvNFPsahZmMOZ7RWEQioyDatXPNdb+MV2S3qAKsOTLTFHMc+z0xqUm 2rcZIRb+S+KmOyqjC6mmxsHCU8OXA5PIiKc9ZbGmIaLvD5Ug0t4icrkstviXwbgj121P +96jdh8YHUNdjBSlFUoaA44ln4eVCca94PH3J+xTx8h8T1oD+QAIAhwXcudnQlaNsMoA euorhpbj6hwTlf2YNx+2fSm/i7aeus1YZ6AnT5EJyVYfgicspeVTe56DC8gn/eVC7bul 4umg== X-Gm-Message-State: AHPjjUgSv+UmHuzv0h51Awj+diVlT3B3r7grpvCtbGG2VEfRu58h2/de vZvqHUn84R/Zu6HZJaGgbdZ4gRBBqmjBgXlbaeU= X-Google-Smtp-Source: AOwi7QD0lxKWofbjJJ9USIE0WmNsByCd2/4TbUt2iihAMM0NzZr20FdyfyZzfYKyN/l6gXDLHNrtxQmcIvDbzmO7J1k= X-Received: by 10.223.147.195 with SMTP id 61mr2254877wrp.119.1506537691692; Wed, 27 Sep 2017 11:41:31 -0700 (PDT) MIME-Version: 1.0 Received: by 10.223.136.153 with HTTP; Wed, 27 Sep 2017 11:41:31 -0700 (PDT) In-Reply-To: <44F57C98-6191-4B59-BD30-E611B78B0089@cisco.com> References: <150645867503.20862.14046225395932721314.idtracker@ietfa.amsl.com> <44F57C98-6191-4B59-BD30-E611B78B0089@cisco.com> From: Alia Atlas Date: Wed, 27 Sep 2017 14:41:31 -0400 Message-ID: To: "Paul Quinn (paulq)" Cc: Kathleen Moriarty , "draft-ietf-sfc-nsh@ietf.org" , "Joel M. Halpern" , "sfc-chairs@ietf.org" , The IESG , "sfc@ietf.org" Content-Type: multipart/alternative; boundary="94eb2c0da5e8f44a07055a302396" Archived-At: Subject: Re: [sfc] Kathleen Moriarty's Discuss on draft-ietf-sfc-nsh-24: (with DISCUSS and COMMENT) X-BeenThere: sfc@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Network Service Chaining List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Sep 2017 18:41:37 -0000 --94eb2c0da5e8f44a07055a302396 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Wed, Sep 27, 2017 at 2:36 PM, Paul Quinn (paulq) wrote= : > Hi, > > > > On Sep 26, 2017, at 4:44 PM, Kathleen Moriarty < > kathleen.moriarty.ietf@gmail.com> wrote: > > > > Kathleen Moriarty has entered the following ballot position for > > draft-ietf-sfc-nsh-24: Discuss > > > > When responding, please keep the subject line intact and reply to all > > email addresses included in the To and CC lines. (Feel free to cut this > > introductory paragraph, however.) > > > > > > Please refer to https://www.ietf.org/iesg/statement/discuss-criteria. > html > > for more information about IESG DISCUSS and COMMENT positions. > > > > > > The document, along with other ballot positions, can be found here: > > https://datatracker.ietf.org/doc/draft-ietf-sfc-nsh/ > > > > > > > > ---------------------------------------------------------------------- > > DISCUSS: > > ---------------------------------------------------------------------- > > > > First, I'd like to thank the authors and WG for your efforts in recent > > revisions of this draft, it has come a long way. > > PQ> And thank you for the detailed reviews! Your feedback has helped > improve this draft and is much appreciated! > > > > > I still want to poke at the > > lack of a requirement for either integrity protection on the NSH itself > or for > > MUSTs on protections from the transport encapsulation. Attacks inside > of a > > data center or single operator domains happen all too often. The numbe= r > from > > 2016 is up 164% as of a statistic I saw earlier today. We can't srug > this off > > anymore. > > > > Security Considerations section: > > First two sentences say: > > NSH is designed for use within operator environments. As such, it > > does not include any mandatory security mechanisms. > > > > I think you intended the first sentence to say, "within a single operat= or > > environment" as what you have now could be multiple networks managed > separately > > with that statement. Then for the second sentence, I know you don't > have an > > integrity mechanism mandated, but I really think one should be. > Couldn't the > > path be altered and not detectable if there is no integrity checking? > This > > could be used to avoid security protections or to route it > inappropriately > > through a multi-tenant environment. Sure, the underlying protocol shou= ld > > provide session encryption on application traffic, but there's no reaso= n > why > > security shouldn't have been baked into this protocol as a requirement. > > PQ> The draft clearly provides well understood and accepted forms of > integrity and/or confidentiality using standard protocols. Requiring > =E2=80=9Cbaked in=E2=80=9D security =E2=80=94 in the form of integrity an= d/or confidentiality =E2=80=94 > seems not only unnecessary but a burden that the IETF, in general, has no= t > imposed. Let=E2=80=99s look at recent work in a couple of other WGs for= some > recent data points: i) nvo3: VXLAN and geneve, ii) SPRING and segment > routing. In all those cases, =E2=80=9Cintegrity=E2=80=9D is not (corre= ctly) enforced in > the dataplane. NSH follows a similar philosophy. > VXLAN is an Independent Stream RFC. Geneve has not finished going through the process and NVO3 is working on draft-mglt-nvo3-geneve-encryption-option-00 as an example mechanism. SPRING drafts are not through the IESG yet - but are based on reusing the existing 18+ year old MPLS data-plane. The IPv6 version has its own issues and has not progressed. Regards, Alia --94eb2c0da5e8f44a07055a302396 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
On W= ed, Sep 27, 2017 at 2:36 PM, Paul Quinn (paulq) <paulq@cisco.com> wrote:
Hi,


> On Sep 26, 2017, at 4:44 PM, Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com&= gt; wrote:
>
> Kathleen Moriarty has entered the following ballot position for
> draft-ietf-sfc-nsh-24: Discuss
>
> When responding, please keep the subject line intact and reply to all<= br> > email addresses included in the To and CC lines. (Feel free to cut thi= s
> introductory paragraph, however.)
>
>
> Please refer to https://www.ietf.org/i= esg/statement/discuss-criteria.html
> for more information about IESG DISCUSS and COMMENT positions.
>
>
> The document, along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/dra= ft-ietf-sfc-nsh/
>
>
>
> ------------------------------------------------------------= ----------
> DISCUSS:
> ------------------------------------------------------------= ----------
>
> First, I'd like to thank the authors and WG for your efforts in re= cent
> revisions of this draft, it has come a long way.

PQ> And thank you for the detailed reviews!=C2=A0 Your feedback h= as helped improve this draft and is much appreciated!



> I still want to poke at the
> lack of a requirement for either integrity protection on the NSH itsel= f or for
> MUSTs on protections from the transport encapsulation.=C2=A0 Attacks i= nside of a
> data center or single operator domains happen all too often.=C2=A0 The= number from
> 2016 is up 164% as of a statistic I saw earlier today.=C2=A0 We can= 9;t srug this off
> anymore.
>
> Security Considerations section:
> First two sentences say:
>=C2=A0 =C2=A0NSH is designed for use within operator environments.=C2= =A0 As such, it
>=C2=A0 =C2=A0does not include any mandatory security mechanisms.
>
> I think you intended the first sentence to say, "within a single = operator
> environment" as what you have now could be multiple networks mana= ged separately
> with that statement.=C2=A0 Then for the second sentence, I know you do= n't have an
> integrity mechanism mandated, but I really think one should be.=C2=A0 = Couldn't the
> path be altered and not detectable if there is no integrity checking?= =C2=A0 This
> could be used to avoid security protections or to route it inappropria= tely
> through a multi-tenant environment.=C2=A0 Sure, the underlying protoco= l should
> provide session encryption on application traffic, but there's no = reason why
> security shouldn't have been baked into this protocol as a require= ment.

PQ>=C2=A0 The draft clearly provides well understood and accepted= forms of integrity and/or confidentiality using standard protocols.=C2=A0 = =C2=A0Requiring =E2=80=9Cbaked in=E2=80=9D security =E2=80=94 in the form o= f integrity and/or confidentiality =E2=80=94 seems not only unnecessary but= a burden that the IETF, in general, has not imposed.=C2=A0 =C2=A0Let=E2=80= =99s look at recent work in a couple of other WGs for some recent data poin= ts: i) nvo3: VXLAN and=C2=A0 geneve, ii) SPRING and segment routing.=C2=A0 = =C2=A0 In all those cases, =E2=80=9Cintegrity=E2=80=9D is not (correctly) e= nforced in the dataplane.=C2=A0 =C2=A0NSH follows a similar philosophy.
=

VXLAN is an Independent Stream RFC.
<= div>Geneve has not finished going through the process and NVO3 is working o= n=C2=A0draft-mglt-nvo3-geneve-encryption-option-00 as an example mechanism.= =C2=A0

SPRING drafts are not through the IESG yet = - but are based on reusing the existing 18+ year old MPLS data-plane.=C2=A0= The IPv6 version has its own issues and has not progressed.

=C2=A0R= egards,
Alia
--94eb2c0da5e8f44a07055a302396-- From nobody Wed Sep 27 11:42:05 2017 Return-Path: X-Original-To: sfc@ietfa.amsl.com Delivered-To: sfc@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 59385134EEF; Wed, 27 Sep 2017 11:42:03 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -14.521 X-Spam-Level: X-Spam-Status: No, score=-14.521 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wiOfNjulsGOu; Wed, 27 Sep 2017 11:41:52 -0700 (PDT) Received: from alln-iport-5.cisco.com (alln-iport-5.cisco.com [173.37.142.92]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CF8F4132D4B; Wed, 27 Sep 2017 11:41:47 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=8922; q=dns/txt; s=iport; t=1506537708; x=1507747308; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=ux6RYVXKAwxkfTHyrHZv+HPRNT9qzIAVBFzMRgIp9cw=; b=HtzHShHZi7iGJ/f05fxvugamlbeLikvi51GliH9qk/agiIPJobD7kqvv 2ZYDZFr67KrShev/ntUNrRBlkcHrJG3qa6DUrlKGWn6eHUMKqFFCj7zG/ cSLYDeC+CBLXCWbAPsUiz2drjDrn/hoF3+pv7/IZ6qPAiWj2II8K2DL9a k=; X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0BcAgDZ78tZ/4wNJK1dGQEBAQEBAQEBA?= =?us-ascii?q?QEBBwEBAQEBg1xkbicHg3GZfYFUIpY5ggQKI4UYAhqEQlcBAgEBAQEBAmsohRg?= =?us-ascii?q?BAQEBAgEjETMSBQsCAQgYAgImAgICMBUQAgQBDQWKKQgQqAiCJ4sDAQEBAQEBA?= =?us-ascii?q?QEBAQEBAQEBAQEBAQEBGAWBDoIdggKBUYFqKwuCcoRRARIBH4MTL4IxBYoSjj2?= =?us-ascii?q?IVAKHXINciSWCE4VuiwWVHAIRGQGBOAFXgQMLeBVbAYUHHIFndgGGIYEkgRABA?= =?us-ascii?q?QE?= X-IronPort-AV: E=Sophos;i="5.42,446,1500940800"; d="scan'208";a="9007519" Received: from alln-core-7.cisco.com ([173.36.13.140]) by alln-iport-5.cisco.com with ESMTP/TLS/DHE-RSA-AES256-SHA; 27 Sep 2017 18:41:46 +0000 Received: from XCH-RCD-004.cisco.com (xch-rcd-004.cisco.com [173.37.102.14]) by alln-core-7.cisco.com (8.14.5/8.14.5) with ESMTP id v8RIfk7o023199 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Wed, 27 Sep 2017 18:41:46 GMT Received: from xch-aln-002.cisco.com (173.36.7.12) by XCH-RCD-004.cisco.com (173.37.102.14) with Microsoft SMTP Server (TLS) id 15.0.1320.4; Wed, 27 Sep 2017 13:41:46 -0500 Received: from xch-aln-002.cisco.com ([173.36.7.12]) by XCH-ALN-002.cisco.com ([173.36.7.12]) with mapi id 15.00.1320.000; Wed, 27 Sep 2017 13:41:45 -0500 From: "Alvaro Retana (aretana)" To: "Joel M. Halpern" , "draft-ietf-sfc-nsh@ietf.org" CC: "sfc-chairs@ietf.org" , "sfc@ietf.org" , The IESG Thread-Topic: Alvaro Retana's No Objection on draft-ietf-sfc-nsh-24: (with COMMENT) Thread-Index: AQHTNvwPSKnF4jH870C6uqg24S/4ZKLH5CsAgAE/KYA= Date: Wed, 27 Sep 2017 18:41:45 +0000 Message-ID: References: <150645342771.20838.9063204620273064987.idtracker@ietfa.amsl.com> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: user-agent: Microsoft-MacOutlook/f.25.0.170815 x-ms-exchange-messagesentrepresentingtype: 1 x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [10.117.15.4] Content-Type: text/plain; charset="utf-8" Content-ID: Content-Transfer-Encoding: base64 MIME-Version: 1.0 Archived-At: Subject: Re: [sfc] Alvaro Retana's No Objection on draft-ietf-sfc-nsh-24: (with COMMENT) X-BeenThere: sfc@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Network Service Chaining List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Sep 2017 18:42:03 -0000 T24gOS8yNi8xNywgMzozOSBQTSwgIkpvZWwgTS4gSGFscGVybiIgPGptaEBqb2VsaGFscGVybi5j b20+IHdyb3RlOg0KDQpKb2VsOg0KDQpIaSENCg0KPiBZb3VyIGNvbW1lbnQgMSBpcyBhYm91dCBu b24tc3VwcG9ydCBvZiBNRDIgYW5kIHRoZSByZXF1aXJlbWVudCB0aGF0IA0KPiB0aGUgZW50aXR5 IHVzZSB0aGUgbGVuZ3RoIGZpZWxkIGFueXdheS4NCj4gV2hhdCB3ZSBhcmUgdHJ5aW5nIHRvIGNv bW11bmljYXRlIChhbmQgaGF2ZSBub3QgZ290dGVuIHJpZ2h0KSBpcyB0aGF0IA0KPiBkZXZpY2Vz IHdoaWNoIG5lZWQgdGhlIHBhY2tldCwgYnV0IGRvIG5vdCBuZWVkIHRoZSBtZXRhZGF0YSwgYXJl IA0KPiByZXF1aXJlZCB0byBjb3BlIHdpdGggTUQyIHdpdGggYSBsZW5ndGggZ3JlYXRlciB0aGFu IDIuICBBbiBleGFtcGxlIG9mIA0KPiBzdWNoIGEgZGV2aWNlIGlzIGFuIFNGRiB3aGljaCBoYXMg bXVsdGlwbGUgdmFsaWQgaG9zcCBhbG9uZyB0aGUgU0ZQLCBhbmQgDQo+IHVzZXMgdGhlIHVuZGVy bHlpbmcgcGFja2V0IGhlYWRlciBmaWVsZHMgdG8gcGljayBvbmUuICBJdCBpcyByZXF1aXJlZCB0 byANCj4gZnVuY3Rpb24gZXZlbiB3aGVuIGhhbmRlZCBhbiBNRDIgcGFja2V0Lg0KPiBUaGlzIGlz IHBhcnQgb2YgYSBjb21wcm9taXNlIHRvIG1ha2UgTUQyIHVzYWJsZSBldmVuIHdpdGggZGV2aWNl cyB0aGF0IA0KPiB3ZXJlIGJ1aWx0IHByaW5jaXBhbGx5IGZvciBNRDEuDQo+IENhbiB5b3Ugc3Vn Z2VzdCBiZXR0ZXIgd29yZGluZy4gIChHaXZlbiB0aGF0IHRoaXMgaXMgdGhlIGJhc2Ugc2VjdGlv biwgSSANCj4gZG8gbm90IHdhbnQgYSBsb25nIGV4YW1wbGUgaGVyZS4pDQoNCk15IG1haW4gY29u Y2VybiBpcyB0aGF0IHRoZSBkb2N1bWVudCBzYXlzIHRoYXQgcGFja2V0cyB3aXRoIGFuIHVuc3Vw cG9ydGVkIE1EIFR5cGUg4oCcTVVTVCBiZQ0Kc2lsZW50bHkgZHJvcHBlZOKAnS4gIFRoZSBjb21w bGljYXRpb24gaXMgdGhhdCB0aGUgZG9jdW1lbnQgYWxzbyBzcGVjaWZpZXMg4oCccGFydGlhbOKA nSBzdXBwb3J0IGZvciBNRCBUeXBlIDI6IOKAnE5TSCBpbXBsZW1lbnRhdGlvbnMgTVVTVCBzdXBw b3J0IE1EIHR5cGVzIDB4MSBhbmQgMHgyICh3aGVyZSB0aGUgbGVuZ3RoIGlzIDB4MikuICBOU0gg aW1wbGVtZW50YXRpb25zIFNIT1VMRCBzdXBwb3J0IE1EIFR5cGUgMHgyIHdpdGggbGVuZ3RoIGdy ZWF0ZXIgdGhhbiAweDIu4oCdICANCg0KSXQgc2VlbXMgdG8gbWUgdGhhdCBwdXR0aW5nIGEgZGV2 aWNlIHRoYXQgb25seSBzdXBwb3J0cyBvbmUgTUQgVHlwZSAob3IgaW4gdGhpcyBjYXNlIHBhcnRp YWwgc3VwcG9ydCBmb3IgYW5vdGhlcikgaW4gYSBuZXR3b3JrIHNob3VsZCBub3QgYmUgZXhwZWN0 ZWQgdG8gZGVhbCB3aXRoIHN1cHBvcnRpbmcgb3RoZXIgdHlwZXPigKZhbmQgc2hvdWxkIGJlIHNv bWV0aGluZyBoaWdobGlnaHRlZCBmb3IgZGVwbG95bWVudCBjb25zaWRlcmF0aW9uLg0KDQpIYXZp bmcgc2FpZCB0aGF0LCBoZXJl4oCZcyBhIHN1Z2dlc3Rpb246DQoNCk9MRD4NCiAgIOKApiAgVGhl cmUgZXhpc3RzLA0KICAgaG93ZXZlciwgYSBtaWRkbGUgZ3JvdW5kLCB3aGVyZWluIGEgZGV2aWNl IHdpbGwgc3VwcG9ydCBNRCBUeXBlIDB4MQ0KICAgKGFzIHBlciB0aGUgTVVTVCkgbWV0YWRhdGEs IHlldCBiZSBkZXBsb3llZCBpbiBhIG5ldHdvcmsgd2l0aCBNRCBUeXBlDQogICAweDIgbWV0YWRh dGEgcGFja2V0cy4gIEluIHRoYXQgY2FzZSwgdGhlIE1EIFR5cGUgMHgxIG5vZGUsIE1VU1QNCiAg IHV0aWxpemUgdGhlIGJhc2UgaGVhZGVyIGxlbmd0aCBmaWVsZCB0byBkZXRlcm1pbmUgdGhlIG9y aWdpbmFsDQogICBwYXlsb2FkIG9mZnNldCBpZiBpdCByZXF1aXJlcyBhY2Nlc3MgdG8gdGhlIG9y aWdpbmFsIHBhY2tldC9mcmFtZS4NCg0KTkVXPg0KICAg4oCmIERldmljZXMgdGhhdCBkb27igJl0 IHN1cHBvcnQgTUQgVHlwZSAweDIgd2l0aCBsZW5ndGggZ3JlYXRlciB0aGFuIA0KICAgMHgyIE1V U1QgaWdub3JlIGFueSBvcHRpb25hbCBjb250ZXh0IGhlYWRlcnMgYW5kIHByb2Nlc3MgdGhlIHBh Y2tldCANCiAgIHdpdGhvdXQgdGhlbTsgdGhlIGJhc2UgaGVhZGVyIGxlbmd0aCBmaWVsZCBjYW4g YmUgdXNlZCB0byBkZXRlcm1pbmUgdGhlIA0KICAgb3JpZ2luYWwgcGF5bG9hZCBvZmZzZXQgaWYg YWNjZXNzIHRvIHRoZSBvcmlnaW5hbCBwYWNrZXQvZnJhbWUgaXMgcmVxdWlyZWQuIA0KDQoNCg0K VGhhbmtzIQ0KDQpBbHZhcm8uDQoNCg0KT24gOS8yNi8xNyAzOjE3IFBNLCBBbHZhcm8gUmV0YW5h IHdyb3RlOg0KPiBBbHZhcm8gUmV0YW5hIGhhcyBlbnRlcmVkIHRoZSBmb2xsb3dpbmcgYmFsbG90 IHBvc2l0aW9uIGZvcg0KPiBkcmFmdC1pZXRmLXNmYy1uc2gtMjQ6IE5vIE9iamVjdGlvbg0KPiAN Cj4gV2hlbiByZXNwb25kaW5nLCBwbGVhc2Uga2VlcCB0aGUgc3ViamVjdCBsaW5lIGludGFjdCBh bmQgcmVwbHkgdG8gYWxsDQo+IGVtYWlsIGFkZHJlc3NlcyBpbmNsdWRlZCBpbiB0aGUgVG8gYW5k IENDIGxpbmVzLiAoRmVlbCBmcmVlIHRvIGN1dCB0aGlzDQo+IGludHJvZHVjdG9yeSBwYXJhZ3Jh cGgsIGhvd2V2ZXIuKQ0KPiANCj4gDQo+IFBsZWFzZSByZWZlciB0byBodHRwczovL3d3dy5pZXRm Lm9yZy9pZXNnL3N0YXRlbWVudC9kaXNjdXNzLWNyaXRlcmlhLmh0bWwNCj4gZm9yIG1vcmUgaW5m b3JtYXRpb24gYWJvdXQgSUVTRyBESVNDVVNTIGFuZCBDT01NRU5UIHBvc2l0aW9ucy4NCj4gDQo+ IA0KPiBUaGUgZG9jdW1lbnQsIGFsb25nIHdpdGggb3RoZXIgYmFsbG90IHBvc2l0aW9ucywgY2Fu IGJlIGZvdW5kIGhlcmU6DQo+IGh0dHBzOi8vZGF0YXRyYWNrZXIuaWV0Zi5vcmcvZG9jL2RyYWZ0 LWlldGYtc2ZjLW5zaC8NCj4gDQo+IA0KPiANCj4gLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KPiBDT01NRU5UOg0K PiAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tDQo+IA0KPiAoMSkgV2hpbGUgZGVzY3JpYmluZyB0aGUgTUQgVHlwZSBm aWVsZCwgU2VjdGlvbiAyLjIuIChOU0ggQmFzZSBIZWFkZXIpIHRhbGtzDQo+IGFib3V0IHRoZSBz cGVjaWZpYyBzY2VuYXJpbyBpbiB3aGljaCAiYSBkZXZpY2Ugd2lsbCBzdXBwb3J0IE1EIFR5cGUg MHgxIChhcyBwZXINCj4gdGhlIE1VU1QpIG1ldGFkYXRhLCB5ZXQgYmUgZGVwbG95ZWQgaW4gYSBu ZXR3b3JrIHdpdGggTUQgVHlwZSAweDIgbWV0YWRhdGENCj4gcGFja2V0cyIsIGFuZCBpdCBzcGVj aWZpZXMgdGhhdCAidGhlIE1EIFR5cGUgMHgxIG5vZGUsIE1VU1QgdXRpbGl6ZSB0aGUgYmFzZQ0K PiBoZWFkZXIgbGVuZ3RoIGZpZWxkIHRvIGRldGVybWluZSB0aGUgb3JpZ2luYWwgcGF5bG9hZCBv ZmZzZXQgaWYgaXQgcmVxdWlyZXMNCj4gYWNjZXNzIHRvIHRoZSBvcmlnaW5hbCBwYWNrZXQvZnJh bWUuIiAgVGhpcyBpcyB0aGUgY2FzZSB3aGVyZSB0aGUgbm9kZSBpbg0KPiBxdWVzdGlvbiAqZG9l cyBub3QqIHN1cHBvcnQgTUQgVHlwZSAweDIsIHJpZ2h0PyAgSWYgc28sIHRoZW4gdGhlIHNwZWNp ZmljYXRpb24NCj4gYWJvdmUgc2VlbXMgdG8gZ28gYWdhaW5zdCAoaW4gdGhlIGxhc3Qgc2VudGVu Y2Ugb2YgdGhlIHNhbWUgcGFyYWdyYXBoKToNCj4gIlBhY2tldHMgd2l0aCBNRCBUeXBlIHZhbHVl cyBub3Qgc3VwcG9ydGVkIGJ5IGFuIGltcGxlbWVudGF0aW9uIE1VU1QgYmUNCj4gc2lsZW50bHkg ZHJvcHBlZC4iICBJT1csIGlmIHRoZSBub2RlIGRvZXNuJ3Qgc3VwcG9ydCAweDIsIHdoeSB3b3Vs ZG4ndCBpdCBqdXN0DQo+IGRyb3AgdGhlIHBhY2tldD8NCj4gDQo+ICgyKSBTZWN0aW9uIDIuNS4x LiAoT3B0aW9uYWwgVmFyaWFibGUgTGVuZ3RoIE1ldGFkYXRhKSBzYXlzIHRoYXQgdGhpcyBkb2N1 bWVudA0KPiAiZG9lcyBub3QgbWFrZSBhbnkgYXNzdW1wdGlvbiBhYm91dCBDb250ZXh0IEhlYWRl cnMgdGhhdCBhcmUNCj4gbWFuZGF0b3J5LXRvLWltcGxlbWVudCBvciB0aG9zZSB0aGF0IGFyZSBt YW5kYXRvcnktdG8tcHJvY2Vzcy4gIFRoZXNlDQo+IGNvbnNpZGVyYXRpb25zIGFyZSBkZXBsb3lt ZW50LXNwZWNpZmljLiIgIEJ1dCB0aGUgbmV4dCBjb3VwbGUgb2YgcGFyYWdyYXBocw0KPiBzcGVj aWZ5IGV4cGxpY2l0IGFjdGlvbnMgZm9yIHRoZW0gKG1hbmRhdG9yeS10by1wcm9jZXNzKToNCj4g DQo+ICAgICBVcG9uIHJlY2VpcHQgb2YgYSBwYWNrZXQgdGhhdCBiZWxvbmdzIHRvIGEgZ2l2ZW4g U0ZQLCBpZiBhIG1hbmRhdG9yeS0NCj4gICAgIHRvLXByb2Nlc3MgY29udGV4dCBoZWFkZXIgaXMg bWlzc2luZyBpbiB0aGF0IHBhY2tldCwgdGhlIFNGQy1hd2FyZSBTRg0KPiAgICAgTVVTVCBOT1Qg cHJvY2VzcyB0aGUgcGFja2V0IGFuZCBNVVNUIGxvZyBhbiBlcnJvciBhdCBsZWFzdCBvbmNlIHBl cg0KPiAgICAgdGhlIFNQSSBmb3Igd2hpY2ggdGhlIG1hbmRhdG9yeSBtZXRhZGF0YSBpcyBtaXNz aW5nLg0KPiANCj4gICAgIElmIG11bHRpcGxlIG1hbmRhdG9yeS10by1wcm9jZXNzIGNvbnRleHQg aGVhZGVycyBhcmUgcmVxdWlyZWQgZm9yIGENCj4gICAgIGdpdmVuIFNGUCwgdGhlIGNvbnRyb2wg cGxhbmUgTUFZIGluc3RydWN0IHRoZSBTRkMtYXdhcmUgU0Ygd2l0aCB0aGUNCj4gICAgIG9yZGVy IHRvIGNvbnN1bWUgdGhlc2UgQ29udGV4dCBIZWFkZXJzLiAgSWYgbm8gaW5zdHJ1Y3Rpb25zIGFy ZQ0KPiAgICAgcHJvdmlkZWQgYW5kIHRoZSBTRkMtYXdhcmUgU0Ygd2lsbCBtYWtlIHVzZSBvZiBv ciBtb2RpZnkgdGhlIHNwZWNpZmljDQo+ICAgICBjb250ZXh0IGhlYWRlciwgdGhlbiB0aGUgU0ZD LWF3YXJlIFNGIE1VU1QgcHJvY2VzcyB0aGVzZSBDb250ZXh0DQo+ICAgICBIZWFkZXJzIGluIHRo ZSBvcmRlciB0aGV5IGFwcGVhciBpbiBhbiBOU0ggcGFja2V0Lg0KPiANCj4gTWF5YmUgSSdtIGNv bmZ1c2VkIGFib3V0IGNvbnNpZGVyYXRpb25zIGJlaW5nIGRlcGxveW1lbnQgc3BlY2lmaWMgdnMg c3BlY2lmeWluZw0KPiB3aGF0IHRvIGRvIGhlcmUuICBDYW4geW91IHBsZWFzZSBjbGFyaWZ5Pw0K PiANCj4gKDMpICJTRkZzIE1VU1QgdXNlIHRoZSBTZXJ2aWNlIFBhdGggSGVhZGVyIGZvciBzZWxl Y3RpbmcgdGhlIG5leHQgU0Ygb3IgU0ZGIGluDQo+IHRoZSBzZXJ2aWNlIHBhdGguIiAgU2VjdGlv biA2IGV4cGxhaW5zIG1vc3Qgb2Ygd2hhdCBoYXMgdG8gYmUgZG9uZSAtLSB3aGF0IEkNCj4gdGhp bmsgaXMgc3RpbGwgbm90IGNsZWFyIGluIHRoaXMgZG9jdW1lbnQgaXMgd2hlcmUgdGhlIGluZm9y bWF0aW9uIGluIFRhYmxlcw0KPiAxLTQgY29tZXMgZnJvbS4gIFRoZXJlIG1heSBiZSBkaWZmZXJl bnQgd2F5cyBmb3IgYW4gU0ZGIHRvIGxlYXJuIHRoYXQsIGFuZCBJDQo+IHdvdWxkIGltYWdpbmUg dGhhdCBpdCBpcyBvdXQtb2Ytc2NvcGUgb2YgdGhpcyBkb2N1bWVudC4gIFBsZWFzZSBzYXkgc28g LS0gbWF5YmUNCj4gdGhlcmUncyBhIHJlbGV2YW50IHJlZmVyZW5jZSB0byByZmM3NjY1ICg/KS4N Cj4gDQo+ICg0KSBTZWN0aW9uIDExLjEuIChOU0ggRXRoZXJUeXBlKSBzZWVtcyBvdXQgb2YgcGxh Y2UgaW4gdGhpcyBkb2N1bWVudCBiZWNhdXNlDQo+ICgxKSB0aGUgZG9jdW1lbnQgZG9lc24ndCBk aXNjdXNzIHRoZSB0cmFuc3BvcnQgaXRzZWxmLCBhbmQgKDIpIGl0IGlzIGluIHRoZQ0KPiBJQU5B IHNlY3Rpb24uLi4NCj4gDQo+ICg1KSBXaGF0IGlzIHRoZSAiSUVURiBCYXNlIE5TSCBNRCBDbGFz cyIgKFNlY3Rpb24gMTEuMi40KT8gIEFoaCwgSSBzZWUgdGhhdA0KPiBTZWN0aW9uIDExLjIuNiB0 YWxrcyBhYm91dCAidGhlIHR5cGUgdmFsdWVzIG93bmVkIGJ5IHRoZSBJRVRGIjsgaXQgd291bGQg YmUNCj4gZ29vZCB0byBzYXkgdGhhdCBNRCBDbGFzcyAweDAwMDAgaXMgYmVpbmcgYXNzaWduZWQg dG8gdGhlIElFVEYgKGluIDExLjIuNCkuDQo+IA0KPiBOaXRzOg0KPiANCj4gSW4gc2VjdGlvbiAy LjIuIChOU0ggQmFzZSBIZWFkZXIpLCBpdCB3b3VsZCBiZSBuaWNlIHRvIGhhdmUgYSBmb3J3YXJk IHJlZmVyZW5jZQ0KPiB3aGVuIHRoZSBTZXJ2aWNlIEluZGV4IGlzIGZpcnN0IG1lbnRpb25lZC4N Cj4gDQo+IEl0IG1heSBiZSBuaWNlIHRvIGV4cGxpY2l0bHkgc3RhdGUgaW4gdGhlIGRlc2NyaXB0 aW9uIG9mIHRoZSBNRCBUeXBlIGZpZWxkDQo+IChTZWN0aW9uIDIuMikgdGhhdCBmb3IgbGVuZ3Ro ID0gMHgyIGFuZCBNRCBUeXBlID0gMHgyLCB0aGVyZSBhcmUgaW4gZmFjdCBubw0KPiBvcHRpb25h bCBjb250ZXh0IGhlYWRlcnMuIChJIGtub3cgdGhlcmUncyBzb21lIHRleHQgYWJvdXQgdGhpcyBs YXRlciBpbiBzZWN0aW9uDQo+IDIuNS4pDQo+IA0KPiAiLi4uYWxsIGRvbWFpbiBlZGdlcyBNVVNU IGZpbHRlciBiYXNlZCBvbiB0aGUgY2FycmllZCBwcm90b2NvbCBpbiB0aGUNCj4gVnhMQU4tZ3Bl Ii4gIFRoYXQgIk1VU1QiIGlzIG91dCBvZiBwbGFjZSBiZWNhdXNlIHRoZSB0ZXh0IGlzIGFuIGV4 YW1wbGUuDQo+IA0KPiANCg0KDQo= From nobody Wed Sep 27 11:43:46 2017 Return-Path: X-Original-To: sfc@ietfa.amsl.com Delivered-To: sfc@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 885A61330AD; Wed, 27 Sep 2017 11:43:39 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.701 X-Spam-Level: X-Spam-Status: No, score=-2.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=joelhalpern.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uQWVhZkdstVA; Wed, 27 Sep 2017 11:43:37 -0700 (PDT) Received: from maila2.tigertech.net (maila2.tigertech.net [208.80.4.152]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9E87C132D4B; Wed, 27 Sep 2017 11:43:37 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by maila2.tigertech.net (Postfix) with ESMTP id 85E5040062F; Wed, 27 Sep 2017 11:43:37 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=joelhalpern.com; s=1.tigertech; t=1506537817; bh=kbglMvdC2iYze3ZQHzcoxBYzyFNgVc8JPnt3rmx6U5A=; h=Subject:To:Cc:References:From:Date:In-Reply-To:From; b=nbymiG+XCRDQUEIm0alb2kbmMP+xseDKDODpMCvtHAr416/3dVdwEaXrsKVZStsS/ obcrOo2VWYkDPIyaup+V6WAw/cYiFRNCcl/llF7aAkjTtih52YrSMtOH66c7Y+sF2x CyIi06AnojRHHVUJw/KIvq5cvxpMxnkJ/YF6ah7Y= X-Virus-Scanned: Debian amavisd-new at maila2.tigertech.net Received: from Joels-MacBook-Pro.local (unknown [50.225.209.67]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by maila2.tigertech.net (Postfix) with ESMTPSA id 6B271400337; Wed, 27 Sep 2017 11:43:36 -0700 (PDT) To: "Alvaro Retana (aretana)" , "Joel M. Halpern" , "draft-ietf-sfc-nsh@ietf.org" Cc: "sfc-chairs@ietf.org" , "sfc@ietf.org" , The IESG References: <150645342771.20838.9063204620273064987.idtracker@ietfa.amsl.com> From: "Joel M. Halpern" Message-ID: <094fba4c-9a98-6aec-6f01-1070faa0b182@joelhalpern.com> Date: Wed, 27 Sep 2017 14:43:35 -0400 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:52.0) Gecko/20100101 Thunderbird/52.3.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 8bit Archived-At: Subject: Re: [sfc] Alvaro Retana's No Objection on draft-ietf-sfc-nsh-24: (with COMMENT) X-BeenThere: sfc@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Network Service Chaining List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Sep 2017 18:43:39 -0000 Thanks Alvaro. That change seems fine with me. Yours, Joel On 9/27/17 2:41 PM, Alvaro Retana (aretana) wrote: > On 9/26/17, 3:39 PM, "Joel M. Halpern" wrote: > > Joel: > > Hi! > >> Your comment 1 is about non-support of MD2 and the requirement that >> the entity use the length field anyway. >> What we are trying to communicate (and have not gotten right) is that >> devices which need the packet, but do not need the metadata, are >> required to cope with MD2 with a length greater than 2. An example of >> such a device is an SFF which has multiple valid hosp along the SFP, and >> uses the underlying packet header fields to pick one. It is required to >> function even when handed an MD2 packet. >> This is part of a compromise to make MD2 usable even with devices that >> were built principally for MD1. >> Can you suggest better wording. (Given that this is the base section, I >> do not want a long example here.) > > My main concern is that the document says that packets with an unsupported MD Type “MUST be > silently dropped”. The complication is that the document also specifies “partial” support for MD Type 2: “NSH implementations MUST support MD types 0x1 and 0x2 (where the length is 0x2). NSH implementations SHOULD support MD Type 0x2 with length greater than 0x2.” > > It seems to me that putting a device that only supports one MD Type (or in this case partial support for another) in a network should not be expected to deal with supporting other types…and should be something highlighted for deployment consideration. > > Having said that, here’s a suggestion: > > OLD> > … There exists, > however, a middle ground, wherein a device will support MD Type 0x1 > (as per the MUST) metadata, yet be deployed in a network with MD Type > 0x2 metadata packets. In that case, the MD Type 0x1 node, MUST > utilize the base header length field to determine the original > payload offset if it requires access to the original packet/frame. > > NEW> > … Devices that don’t support MD Type 0x2 with length greater than > 0x2 MUST ignore any optional context headers and process the packet > without them; the base header length field can be used to determine the > original payload offset if access to the original packet/frame is required. > > > > Thanks! > > Alvaro. > > > On 9/26/17 3:17 PM, Alvaro Retana wrote: >> Alvaro Retana has entered the following ballot position for >> draft-ietf-sfc-nsh-24: No Objection >> >> When responding, please keep the subject line intact and reply to all >> email addresses included in the To and CC lines. (Feel free to cut this >> introductory paragraph, however.) >> >> >> Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html >> for more information about IESG DISCUSS and COMMENT positions. >> >> >> The document, along with other ballot positions, can be found here: >> https://datatracker.ietf.org/doc/draft-ietf-sfc-nsh/ >> >> >> >> ---------------------------------------------------------------------- >> COMMENT: >> ---------------------------------------------------------------------- >> >> (1) While describing the MD Type field, Section 2.2. (NSH Base Header) talks >> about the specific scenario in which "a device will support MD Type 0x1 (as per >> the MUST) metadata, yet be deployed in a network with MD Type 0x2 metadata >> packets", and it specifies that "the MD Type 0x1 node, MUST utilize the base >> header length field to determine the original payload offset if it requires >> access to the original packet/frame." This is the case where the node in >> question *does not* support MD Type 0x2, right? If so, then the specification >> above seems to go against (in the last sentence of the same paragraph): >> "Packets with MD Type values not supported by an implementation MUST be >> silently dropped." IOW, if the node doesn't support 0x2, why wouldn't it just >> drop the packet? >> >> (2) Section 2.5.1. (Optional Variable Length Metadata) says that this document >> "does not make any assumption about Context Headers that are >> mandatory-to-implement or those that are mandatory-to-process. These >> considerations are deployment-specific." But the next couple of paragraphs >> specify explicit actions for them (mandatory-to-process): >> >> Upon receipt of a packet that belongs to a given SFP, if a mandatory- >> to-process context header is missing in that packet, the SFC-aware SF >> MUST NOT process the packet and MUST log an error at least once per >> the SPI for which the mandatory metadata is missing. >> >> If multiple mandatory-to-process context headers are required for a >> given SFP, the control plane MAY instruct the SFC-aware SF with the >> order to consume these Context Headers. If no instructions are >> provided and the SFC-aware SF will make use of or modify the specific >> context header, then the SFC-aware SF MUST process these Context >> Headers in the order they appear in an NSH packet. >> >> Maybe I'm confused about considerations being deployment specific vs specifying >> what to do here. Can you please clarify? >> >> (3) "SFFs MUST use the Service Path Header for selecting the next SF or SFF in >> the service path." Section 6 explains most of what has to be done -- what I >> think is still not clear in this document is where the information in Tables >> 1-4 comes from. There may be different ways for an SFF to learn that, and I >> would imagine that it is out-of-scope of this document. Please say so -- maybe >> there's a relevant reference to rfc7665 (?). >> >> (4) Section 11.1. (NSH EtherType) seems out of place in this document because >> (1) the document doesn't discuss the transport itself, and (2) it is in the >> IANA section... >> >> (5) What is the "IETF Base NSH MD Class" (Section 11.2.4)? Ahh, I see that >> Section 11.2.6 talks about "the type values owned by the IETF"; it would be >> good to say that MD Class 0x0000 is being assigned to the IETF (in 11.2.4). >> >> Nits: >> >> In section 2.2. (NSH Base Header), it would be nice to have a forward reference >> when the Service Index is first mentioned. >> >> It may be nice to explicitly state in the description of the MD Type field >> (Section 2.2) that for length = 0x2 and MD Type = 0x2, there are in fact no >> optional context headers. (I know there's some text about this later in section >> 2.5.) >> >> "...all domain edges MUST filter based on the carried protocol in the >> VxLAN-gpe". That "MUST" is out of place because the text is an example. >> >> > > From nobody Wed Sep 27 11:47:25 2017 Return-Path: X-Original-To: sfc@ietfa.amsl.com Delivered-To: sfc@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7DB0F132D4B; Wed, 27 Sep 2017 11:47:23 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -14.521 X-Spam-Level: X-Spam-Status: No, score=-14.521 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id G-Jo3pdYilNU; Wed, 27 Sep 2017 11:47:22 -0700 (PDT) Received: from rcdn-iport-8.cisco.com (rcdn-iport-8.cisco.com [173.37.86.79]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 20857132D51; Wed, 27 Sep 2017 11:47:22 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=2636; q=dns/txt; s=iport; t=1506538042; x=1507747642; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=2iD0E8CakcFFkMhGatOVKXtoVbk9l6FXNN4BmqcclmU=; b=iABmT/exss8ESNy3PpOpVkGvm3TWbc44ec3r5Rdf6U9VwGv4etOvrpRO UWYCi0GTe2ew5cFPM2C/Cp4t7qiMKDc6RBaB3/igLZu320SJ24IQx0aPI ORctAtIYV9yLcD7zACY+rlLV3EQI7iFcq61l0ohht15NbQro3oMITS+rP k=; X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0BaAgBR8ctZ/4UNJK1dGQEBAQEBAQEBA?= =?us-ascii?q?QEBBwEBAQEBg1yBUhQTB4NxmX2BVCKWK4ISCoU7AhqEQkAXAQIBAQEBAQEBayi?= =?us-ascii?q?FGQEEASMRRQULAgEGAhoCJgICAjAVEAIEDgWKKQiKLp1mgieLAwEBAQEBAQEBA?= =?us-ascii?q?QEBAQEBAQEBAQEBAR2BDoIdggKBUYFqKwuCcoUEgxMvgjEBBJhPiFQClF2CE4V?= =?us-ascii?q?uiwWVHAIRGQGBOAEhAjSBDngVWwGFBxyBZ3aHRoEQAQEB?= X-IronPort-AV: E=Sophos;i="5.42,446,1500940800"; d="scan'208";a="298912607" Received: from alln-core-11.cisco.com ([173.36.13.133]) by rcdn-iport-8.cisco.com with ESMTP/TLS/DHE-RSA-AES256-SHA; 27 Sep 2017 18:47:21 +0000 Received: from XCH-ALN-017.cisco.com (xch-aln-017.cisco.com [173.36.7.27]) by alln-core-11.cisco.com (8.14.5/8.14.5) with ESMTP id v8RIlL0Z015910 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Wed, 27 Sep 2017 18:47:21 GMT Received: from xch-aln-002.cisco.com (173.36.7.12) by XCH-ALN-017.cisco.com (173.36.7.27) with Microsoft SMTP Server (TLS) id 15.0.1320.4; Wed, 27 Sep 2017 13:47:20 -0500 Received: from xch-aln-002.cisco.com ([173.36.7.12]) by XCH-ALN-002.cisco.com ([173.36.7.12]) with mapi id 15.00.1320.000; Wed, 27 Sep 2017 13:47:20 -0500 From: "Alvaro Retana (aretana)" To: "Carlos Pignataro (cpignata)" CC: The IESG , "draft-ietf-sfc-nsh@ietf.org" , "Joel M. Halpern" , "sfc-chairs@ietf.org" , "sfc@ietf.org" Thread-Topic: Alvaro Retana's No Objection on draft-ietf-sfc-nsh-24: (with COMMENT) Thread-Index: AQHTNvwPSKnF4jH870C6uqg24S/4ZKLIc/2AgACw5wA= Date: Wed, 27 Sep 2017 18:47:20 +0000 Message-ID: <52AB6267-C5E5-4871-9C90-988F5F1DFD93@cisco.com> References: <150645342771.20838.9063204620273064987.idtracker@ietfa.amsl.com> <314D7BB3-23A0-4E4E-9557-B323736BA851@cisco.com> In-Reply-To: <314D7BB3-23A0-4E4E-9557-B323736BA851@cisco.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: user-agent: Microsoft-MacOutlook/f.25.0.170815 x-ms-exchange-messagesentrepresentingtype: 1 x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [10.117.15.4] Content-Type: text/plain; charset="utf-8" Content-ID: <649A704B857CB14D80828F112B6166A1@emea.cisco.com> Content-Transfer-Encoding: base64 MIME-Version: 1.0 Archived-At: Subject: Re: [sfc] Alvaro Retana's No Objection on draft-ietf-sfc-nsh-24: (with COMMENT) X-BeenThere: sfc@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Network Service Chaining List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Sep 2017 18:47:23 -0000 T24gOS8yNy8xNywgMTI6MTQgQU0sICJDYXJsb3MgUGlnbmF0YXJvIChjcGlnbmF0YSkiIDxjcGln bmF0YUBjaXNjby5jb20+IHdyb3RlOg0KDQpDYXJsb3M6DQoNCkhpIQ0KDQrigKYNCj4gPiAoMykg IlNGRnMgTVVTVCB1c2UgdGhlIFNlcnZpY2UgUGF0aCBIZWFkZXIgZm9yIHNlbGVjdGluZyB0aGUg bmV4dCBTRiBvciBTRkYgaW4NCj4gPiB0aGUgc2VydmljZSBwYXRoLiIgIFNlY3Rpb24gNiBleHBs YWlucyBtb3N0IG9mIHdoYXQgaGFzIHRvIGJlIGRvbmUgLS0gd2hhdCBJDQo+ID4gdGhpbmsgaXMg c3RpbGwgbm90IGNsZWFyIGluIHRoaXMgZG9jdW1lbnQgaXMgd2hlcmUgdGhlIGluZm9ybWF0aW9u IGluIFRhYmxlcw0KPiA+IDEtNCBjb21lcyBmcm9tLiAgVGhlcmUgbWF5IGJlIGRpZmZlcmVudCB3 YXlzIGZvciBhbiBTRkYgdG8gbGVhcm4gdGhhdCwgYW5kIEkNCj4gPiB3b3VsZCBpbWFnaW5lIHRo YXQgaXQgaXMgb3V0LW9mLXNjb3BlIG9mIHRoaXMgZG9jdW1lbnQuICBQbGVhc2Ugc2F5IHNvIC0t IG1heWJlDQo+ID4gdGhlcmUncyBhIHJlbGV2YW50IHJlZmVyZW5jZSB0byByZmM3NjY1ICg/KS4N Cj4NCj4gVGhlIHdheSBpbiB3aGljaCBhbiBTRkYgbGVhcm5zIGluZm8gZnJvbSB0aGF0IHRhYmxl IGlzIG91dCBvZiBzY29wZSwgaW4gY2FzZXMgDQo+IGltcGxlbWVudGF0aW9uIHNwZWNpZmljIGFu ZCBkb2VzIG5vdCBhZmZlY3QgaW50ZXJvcGVyYWJpbGl0eS4gIA0KDQpJIGFncmVlLg0KDQo+IEJ1 dCB0aGUgZGVmaW5pdGlvbnMgaW4gc2VjdGlvbiAyIHNheSBjYXNlcyB3aGVyZSBpbmZvcm1hdGlv biBpcyBleHBlY3RlZCBmcm9tIA0KPiB0aGUgY29udHJvbCBwbGFuZSBhbmQgb3V0c2lkZSB0aGUg c2NvcGUgb2YgdGhlIE5TSCBzcGVjaWZpY2F0aW9uLg0KPg0KPiBXZSBhcmUgaGFwcHkgdG8gY2xh cmlmeSBpZiB0aGVyZSBpcyBzb21ldGhpbmcgdGhhdCBpcyBjYXVzaW5nIGNvbmZ1c2lvbiDigJQg bWF5YmUgDQo+IHlvdSBjb3VsZCBzdWdnZXN0IHRleHQgdG8g4oCcc2F5IHNv4oCdPw0KDQpJIGxv b2tlZCwgYnV0IGNvdWxkbuKAmXQgZmluZCB3aGVyZSB0aGUgdGV4dCB0YWxrcyBhYm91dCBpbmZv cm1hdGlvbiBleHBlY3RlZCBmcm9tIHRoZSBjb250cm9sIHBsYW5lLg0KDQpJbiBhbnkgY2FzZSwg aGVyZeKAmXMgYSBzdWdnZXN0aW9uOiDigJxUaGUgaW5mb3JtYXRpb24gY29udGFpbmVkIGluIFRh YmxlcyAxLTQgbWF5IGJlIHJlY2VpdmVkIGZyb20gdGhlIGNvbnRyb2wgcGxhbmUsIGJ1dCB0aGUg ZXhhY3QgbWVjaGFuaXNtIGlzIG91dHNpZGUgdGhlIHNjb3BlIG9mIHRoaXMgZG9jdW1lbnQu4oCd DQoNCg0K4oCmIA0KPiA+IEluIHNlY3Rpb24gMi4yLiAoTlNIIEJhc2UgSGVhZGVyKSwgaXQgd291 bGQgYmUgbmljZSB0byBoYXZlIGEgZm9yd2FyZCByZWZlcmVuY2UNCj4gPiB3aGVuIHRoZSBTZXJ2 aWNlIEluZGV4IGlzIGZpcnN0IG1lbnRpb25lZC4NCj4gDQo+DQo+IFNvcnJ5IEkgZGlkIG5vdCBm b2xsb3cuIFNlY3Rpb24gMi4xIHNob3dzIHRoZSBCYXNlIEhlYWRlciAoU2VjdGlvbiAyLjIpIGFu ZCB0aGUNCj4gU2VydmljZSBQYXRoIEhlYWRlciAoU2VjdGlvbiAyLjMpLg0KPg0KPiBXaGVyZSB3 b3VsZCB5b3UgbGlrZSBhIGZvcndhcmQgcG9pbnRlciB0byB0aGUgU0k/DQoNCkluIHNlY3Rpb24g Mi4yLCB3aGVyZSB0aGUgVFRMIGlzIGJlaW5nIGV4cGxhaW5lZCwgaXQgc2F5czog4oCcVGhpcyBU VEwgZmllbGQgaXMgdGhlIHByaW1hcnkgbG9vcCBwcmV2ZW50aW9uIFRoaXMgVFRMIG1lY2hhbmlz bSByZXByZXNlbnRzIGEgcm9idXN0IGNvbXBsZW1lbnQgdG8gdGhlIFNlcnZpY2UgSW5kZXjigKbi gJ0gIEhvd2V2ZXIsIHRoZSBTZXJ2aWNlIEluZGV4IGlzIG5vdCBpbnRyb2R1Y2VkIHVudGlsIHRo ZSBuZXh0IHNlY3Rpb24uDQoNCg0KVGhhbmtzIQ0KDQpBbHZhcm8uDQoNCg== From nobody Wed Sep 27 11:50:55 2017 Return-Path: X-Original-To: sfc@ietfa.amsl.com Delivered-To: sfc@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 67EF8134BDA; Wed, 27 Sep 2017 11:50:48 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -14.521 X-Spam-Level: X-Spam-Status: No, score=-14.521 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id R7u1AMcH-Iv2; Wed, 27 Sep 2017 11:50:46 -0700 (PDT) Received: from alln-iport-4.cisco.com (alln-iport-4.cisco.com [173.37.142.91]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 91EC41330AD; Wed, 27 Sep 2017 11:50:46 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=1722; q=dns/txt; s=iport; t=1506538246; x=1507747846; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=ETbHfvxblCn98aqGJv0oT3QqxUg52ptO5E0C/YIhAZQ=; b=GrIY+vdmGLgLxsbo+Ogoy9m34oHD2Uop4qZ5ncPdW1iKB1Kz8CKWMTgE s4Fkdte8zFmkrgMQp/0qvWSYvzzfh9fDNWByXAq1n+OTqsLg4yKYFDr/R kxeGhr2yqmEIWuwVb4uWoNdvi2n6p54vuIvtzM8oXIMdDBGeVPKHw+yF/ U=; X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0BaAgAC8stZ/4ENJK1cGQEBAQEBAQEBA?= =?us-ascii?q?QEBBwEBAQEBg1yBUicHg3GZfYFUiGSNd4IECoU7AhqEQlcBAgEBAQEBAmsohRk?= =?us-ascii?q?GIxFFEAIBCA4MAiYCAgIfERUQAgQOBYoZAxWoEIInhzsNgzsBAQEBAQEBAQEBA?= =?us-ascii?q?QEBAQEBAQEBAQEdgQ6CHYICgVGBaisLgnKCXoIOGIMTL4IxAQSYT4gYPAKKb4R?= =?us-ascii?q?1hHmTBoxpiDMCERkBgTgBV4EOeBVbAYcKdodGgRABAQE?= X-IronPort-AV: E=Sophos;i="5.42,446,1500940800"; d="scan'208";a="9529951" Received: from alln-core-9.cisco.com ([173.36.13.129]) by alln-iport-4.cisco.com with ESMTP/TLS/DHE-RSA-AES256-SHA; 27 Sep 2017 18:50:45 +0000 Received: from XCH-ALN-018.cisco.com (xch-aln-018.cisco.com [173.36.7.28]) by alln-core-9.cisco.com (8.14.5/8.14.5) with ESMTP id v8RIojrS031560 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Wed, 27 Sep 2017 18:50:45 GMT Received: from xch-aln-002.cisco.com (173.36.7.12) by XCH-ALN-018.cisco.com (173.36.7.28) with Microsoft SMTP Server (TLS) id 15.0.1320.4; Wed, 27 Sep 2017 13:50:45 -0500 Received: from xch-aln-002.cisco.com ([173.36.7.12]) by XCH-ALN-002.cisco.com ([173.36.7.12]) with mapi id 15.00.1320.000; Wed, 27 Sep 2017 13:50:44 -0500 From: "Alvaro Retana (aretana)" To: Alia Atlas CC: "draft-ietf-sfc-nsh@ietf.org" , "Joel M. Halpern" , "sfc-chairs@ietf.org" , The IESG , "sfc@ietf.org" , "Carlos Pignataro (cpignata)" Thread-Topic: Alvaro Retana's No Objection on draft-ietf-sfc-nsh-24: (with COMMENT) Thread-Index: AQHTNvwPSKnF4jH870C6uqg24S/4ZKLIc/2AgAC2ggD///tYAA== Date: Wed, 27 Sep 2017 18:50:44 +0000 Message-ID: <5C29C4F3-3051-4C91-9DAE-990344103BF7@cisco.com> References: <150645342771.20838.9063204620273064987.idtracker@ietfa.amsl.com> <314D7BB3-23A0-4E4E-9557-B323736BA851@cisco.com> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: user-agent: Microsoft-MacOutlook/f.25.0.170815 x-ms-exchange-messagesentrepresentingtype: 1 x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [10.117.15.4] Content-Type: text/plain; charset="utf-8" Content-ID: <05D84C28BE5A8C4FB637852DDF2047F6@emea.cisco.com> Content-Transfer-Encoding: base64 MIME-Version: 1.0 Archived-At: Subject: Re: [sfc] Alvaro Retana's No Objection on draft-ietf-sfc-nsh-24: (with COMMENT) X-BeenThere: sfc@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Network Service Chaining List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Sep 2017 18:50:48 -0000 T24gOS8yNy8xNywgMTE6MDcgQU0sICJBbGlhIEF0bGFzIiA8YWthdGxhc0BnbWFpbC5jb20+IHdy b3RlOg0KDQpIaSENCg0KPiA+ID4gKDQpIFNlY3Rpb24gMTEuMS4gKE5TSCBFdGhlclR5cGUpIHNl ZW1zIG91dCBvZiBwbGFjZSBpbiB0aGlzIA0KPiA+ID4gZG9jdW1lbnQgYmVjYXVzZSAoMSkgdGhl IGRvY3VtZW50IGRvZXNuJ3QgZGlzY3VzcyB0aGUgDQo+ID4gPiB0cmFuc3BvcnQgaXRzZWxmLCBh bmQgKDIpIGl0IGlzIGluIHRoZSBJQU5BIHNlY3Rpb27igKYNCj4gPg0KPiA+IFlvdSBoYXZlIGEg Z29vZCBwb2ludCDigJQgSm9lbCBhc2tlZCDigJwgRG8geW91IHRoaW5rIHdlIA0KPiA+IHNob3Vs ZCByZW1vdmUgaXQ/4oCdDQo+ID4NCj4gPiBJIHRoaW5rIHdlIHNob3VsZCBrZWVwIGl0IGluLCBi ZWNhdXNlIGl0IGlzIGltcG9ydGFudCBpbmZvcm1hdGlvbg0KPiA+IGZvciBhbiBpbXBsZW1lbnRv ciB0byBoYXZlLCByZWdhcmRsZXNzIG9mIHRob3NlIHR3byBwb2ludHMuDQo+ID4NCj4gPiBCdXQg cGVyaGFwcyBpdCBzaG91bGQgYmUgbW92ZWQgb3V0IG9mIHRoYXQgc2VjdGlvbiBhbmQgaW50byBh IA0KPiA+IHNlcGFyYXRlIG5vbi1ub3JtYXRpdmUgc2VjdGlvbj8gRG8geW91IGhhdmUgcmVjb21t ZW5kYXRpb25zIA0KPiA+IHRoZXJlPw0KPiA+DQo+ID4gQWxpYSB3YXMgdHJhY2tpbmcgdGhlIE5T SCBFdGhlclR5cGUgdmFsdWUuIEFsaWEsIHRob3VnaHRzPw0KPg0KPiBGb3IgaW1wbGVtZW50YXRp b25zLCBpdCBuZWVkcyB0byBzdGF5IGluIHRoZSBkb2N1bWVudC7CoMKgDQo+IElmIGhhdmluZyBp dCBpbiB0aGUgSUFOQSBzZWN0aW9uIGlzIGNvbmZ1c2luZywgaGF2aW5nIGEgc2VwYXJhdGUgc2Vj dGlvbiBpcyANCj4gZmluZS4NCj4gVGhlcmUgbWF5IHN0aWxsIGJlIHNvbWUgZGV0YWlscyB0byBj bGVhciB1cCB3aXRoIElFRUUsIHNpbmNlIHRoZSBvcmlnaW5hbCANCj4gb3duZXIgb2YgdGhlIEV0 aGVyVHlwZSBpcyBDaXNjby4NCg0KVGhlIG1haW4gcmVhc29uIEkgdGhpbmsgaXQgc2hvdWxkIGJl IGNvbXBsZXRlbHkgcmVtb3ZlZCBpcyBiZWNhdXNlIHRocm91Z2hvdXQgdGhlIGRvY3VtZW50IHRo ZSBwb2ludCBhYm91dCB0aGUgTlNIIGJlaW5nIHRyYW5zcG9ydCBpbmRlcGVuZGVudCBpcyBjbGVh cmx5IG1hZGUuICBUaGUgRXRoZXJUeXBlIGluZm9ybWF0aW9uIGlzIHRyYW5zcG9ydC1zcGVjaWZp YyDigJMgSSBqdXN0IGRvbuKAmXQgdGhpbmsgaXQgYmVsb25ncyBoZXJlLg0KDQpBbHZhcm8uDQoN Cg== From nobody Wed Sep 27 11:54:49 2017 Return-Path: X-Original-To: sfc@ietfa.amsl.com Delivered-To: sfc@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 51AA41330AD; Wed, 27 Sep 2017 11:54:43 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.699 X-Spam-Level: X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id X1-cZit69Zvw; Wed, 27 Sep 2017 11:54:41 -0700 (PDT) Received: from mail-wm0-x22d.google.com (mail-wm0-x22d.google.com [IPv6:2a00:1450:400c:c09::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7DBCA132D4B; Wed, 27 Sep 2017 11:54:41 -0700 (PDT) Received: by mail-wm0-x22d.google.com with SMTP id r74so21721413wme.4; Wed, 27 Sep 2017 11:54:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=n+GQHZCbgn4KaTaUrmyU9imYIwiq36w27UcfSvgHBSU=; b=AB7HQRlCwxMKA4MYMDlds/3mCVH1eMOXwhArwyuHXAZ8lOdJtmBiMRTS++OBVxPerk HedH6RlYY8n2Nc91rX176G6znLcbmulJLuLdV6tXD1auiEKmnZofFa6S+k0CXhYisIuM Pj4ZAuWXiAiWa8y0ox1FG/ao7Il0zpVRN6ggNLa+Mr56VldSXMvkaVujaNZK4exWzqL8 5TtVfou/3o5J6hqtkQw2pw2mQU6r6hSD+5/3pM6lCZ0zvIW/QUGUJRjNH/NJuRixoald S4o43k4P6F0q5FuVNsNn27fC9AMT69zJ1LFxx48Gi3B87SGl375alg7UU4hHzdWGFL9Z gC9w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=n+GQHZCbgn4KaTaUrmyU9imYIwiq36w27UcfSvgHBSU=; b=IdYDCMIgSYUidm12Iu99HqGdTa/xaJREZoHKeKzma212WAX3Qc0f4lwy5bCOkJvAyn Txdaq3i2E+CZNZXUtqLZy7aDuh/j607zNdbEUdM4CiRuO2dAYI8isvC+F/sQW6blOfzo 7y58j5bpxNnukm0ItoZxJPx+ayl3PV0iYuwzu5PgJOBzMd9bT1TNirbxefu9klF8zitY OCJ8irBc19yM5o8VlZJ9Z/4BbF9oU3xOBg4EPLtxlemMflbzTYO4RIVpxKdEmrYKz8dP xO2A0byD/Hv5n2QvrMXuPOdZK34YDtAJvCpK5YWQYOVeEkEdT1Eu0c1TbB3fsPhOgWL4 iDnQ== X-Gm-Message-State: AHPjjUgFUIBF7kn+QjNV+rbgF0fFhpr5vb1tMBNUrOQ/T+JTERedX5o6 d+Ko18BoemUE7A4Vz5kPkwJXkknVShWz52WK9jk= X-Google-Smtp-Source: AOwi7QACiPDcnF+08wfj5+BriG+HZ6SDdzBve403nmubuVdhcmEbs4jn/SNheACooUi0qnyZZLXQglEiz7a+SYOl0LE= X-Received: by 10.28.18.210 with SMTP id 201mr971842wms.135.1506538479842; Wed, 27 Sep 2017 11:54:39 -0700 (PDT) MIME-Version: 1.0 Received: by 10.223.136.153 with HTTP; Wed, 27 Sep 2017 11:54:39 -0700 (PDT) In-Reply-To: <5C29C4F3-3051-4C91-9DAE-990344103BF7@cisco.com> References: <150645342771.20838.9063204620273064987.idtracker@ietfa.amsl.com> <314D7BB3-23A0-4E4E-9557-B323736BA851@cisco.com> <5C29C4F3-3051-4C91-9DAE-990344103BF7@cisco.com> From: Alia Atlas Date: Wed, 27 Sep 2017 14:54:39 -0400 Message-ID: To: "Alvaro Retana (aretana)" Cc: "draft-ietf-sfc-nsh@ietf.org" , "Joel M. Halpern" , "sfc-chairs@ietf.org" , The IESG , "sfc@ietf.org" , "Carlos Pignataro (cpignata)" Content-Type: multipart/alternative; boundary="001a1145b02cee7c15055a3052e4" Archived-At: Subject: Re: [sfc] Alvaro Retana's No Objection on draft-ietf-sfc-nsh-24: (with COMMENT) X-BeenThere: sfc@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Network Service Chaining List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Sep 2017 18:54:43 -0000 --001a1145b02cee7c15055a3052e4 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Wed, Sep 27, 2017 at 2:50 PM, Alvaro Retana (aretana) wrote: > On 9/27/17, 11:07 AM, "Alia Atlas" wrote: > > Hi! > > > > > (4) Section 11.1. (NSH EtherType) seems out of place in this > > > > document because (1) the document doesn't discuss the > > > > transport itself, and (2) it is in the IANA section=E2=80=A6 > > > > > > You have a good point =E2=80=94 Joel asked =E2=80=9C Do you think we > > > should remove it?=E2=80=9D > > > > > > I think we should keep it in, because it is important information > > > for an implementor to have, regardless of those two points. > > > > > > But perhaps it should be moved out of that section and into a > > > separate non-normative section? Do you have recommendations > > > there? > > > > > > Alia was tracking the NSH EtherType value. Alia, thoughts? > > > > For implementations, it needs to stay in the document. > > If having it in the IANA section is confusing, having a separate sectio= n > is > > fine. > > There may still be some details to clear up with IEEE, since the origin= al > > owner of the EtherType is Cisco. > > The main reason I think it should be completely removed is because > throughout the document the point about the NSH being transport independe= nt > is clearly made. The EtherType information is transport-specific =E2=80= =93 I just > don=E2=80=99t think it belongs here. > If the WG had a transport-specific draft in progress, I'd agree with you. Lacking such a vehicle... --001a1145b02cee7c15055a3052e4 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable


On Wed, Sep 27, 2017 at 2:50 PM, Alvaro Retana (aretana) <aretana@cisc= o.com> wrote:
On 9/27/17, 1= 1:07 AM, "Alia Atlas" <ak= atlas@gmail.com> wrote:

Hi!

> > > (4) Section 11.1. (NSH EtherType) seems out of place in this=
> > > document because (1) the document doesn't discuss the > > > transport itself, and (2) it is in the IANA section=E2=80=A6=
> >
> > You have a good point =E2=80=94 Joel asked =E2=80=9C Do you think= we
> > should remove it?=E2=80=9D
> >
> > I think we should keep it in, because it is important information=
> > for an implementor to have, regardless of those two points.
> >
> > But perhaps it should be moved out of that section and into a
> > separate non-normative section? Do you have recommendations
> > there?
> >
> > Alia was tracking the NSH EtherType value. Alia, thoughts?
>
> For implementations, it needs to stay in the document.=C2=A0=C2=A0
> If having it in the IANA section is confusing, having a separate secti= on is
> fine.
> There may still be some details to clear up with IEEE, since the origi= nal
> owner of the EtherType is Cisco.

The main reason I think it should be completely removed is because t= hroughout the document the point about the NSH being transport independent = is clearly made.=C2=A0 The EtherType information is transport-specific =E2= =80=93 I just don=E2=80=99t think it belongs here.
If the WG had a transport-specific draft in progress, I'd a= gree with you.=C2=A0 Lacking such a vehicle...=C2=A0
--001a1145b02cee7c15055a3052e4-- From nobody Wed Sep 27 12:13:42 2017 Return-Path: X-Original-To: sfc@ietfa.amsl.com Delivered-To: sfc@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D4204134F01; Wed, 27 Sep 2017 12:13:34 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -14.521 X-Spam-Level: X-Spam-Status: No, score=-14.521 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mPrujBvSI4Fc; Wed, 27 Sep 2017 12:13:31 -0700 (PDT) Received: from alln-iport-2.cisco.com (alln-iport-2.cisco.com [173.37.142.89]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F1566134EF8; Wed, 27 Sep 2017 12:13:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=19936; q=dns/txt; s=iport; t=1506539611; x=1507749211; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=PKlGY0+4dXOpol/Fxu1WusT0o6tWuSE0JfNKww83AEg=; b=Qag1ME8K2MVOggSx+SqZzUGFKuXjz+WbZKLH1TJ11FP5ldkk6FDIAYkX N6Gc5MZ3sZJg1tu4194OuC6IjEpxDYeq+/Z31PFqOHjH1tuEoitCJVPJi C0oHrjvuG9rYXVt/vUPOMBxF9kfoEk3+imt4VHZfBSstN16dk8fw0KM47 s=; X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0BcAgDz9stZ/4cNJK1cGQEBAQEBAQEBA?= =?us-ascii?q?QEBBwEBAQEBg1xkbicHg3GZfYFUIpY5ggQKI4UYAhqEQlcBAgEBAQEBAmsohRg?= =?us-ascii?q?BAQEBAgEjEUUFCwIBCBgCAiYCAgIwFQULAgQOBYopCBCoAYIniwMBAQEBAQEBA?= =?us-ascii?q?QEBAQEBAQEBAQEBAQEYBYEOgh2CAoFRgWorC4JyhFEBEgEfgxMvgjEFigQOjj2?= =?us-ascii?q?IVAKHXINciSWCE4VuiwWCSodnimsCERkBgTgBV4EDC3gVWwGFBAMcGYFOdgGGF?= =?us-ascii?q?A0YB4EFgRABAQE?= X-IronPort-AV: E=Sophos;i="5.42,446,1500940800"; d="scan'208";a="9553072" Received: from alln-core-2.cisco.com ([173.36.13.135]) by alln-iport-2.cisco.com with ESMTP/TLS/DHE-RSA-AES256-SHA; 27 Sep 2017 19:13:29 +0000 Received: from XCH-RTP-019.cisco.com (xch-rtp-019.cisco.com [64.101.220.159]) by alln-core-2.cisco.com (8.14.5/8.14.5) with ESMTP id v8RJDTE0027314 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Wed, 27 Sep 2017 19:13:29 GMT Received: from xch-rtp-020.cisco.com (64.101.220.160) by XCH-RTP-019.cisco.com (64.101.220.159) with Microsoft SMTP Server (TLS) id 15.0.1320.4; Wed, 27 Sep 2017 15:13:28 -0400 Received: from xch-rtp-020.cisco.com ([64.101.220.160]) by XCH-RTP-020.cisco.com ([64.101.220.160]) with mapi id 15.00.1320.000; Wed, 27 Sep 2017 15:13:28 -0400 From: "Carlos Pignataro (cpignata)" To: =?utf-8?B?TWlyamEgS8O8aGxld2luZA==?= CC: The IESG , "draft-ietf-sfc-nsh@ietf.org" , "Joel M. Halpern" , "sfc-chairs@ietf.org" , "sfc@ietf.org" Thread-Topic: =?utf-8?B?TWlyamEgS8O8aGxld2luZCdzIERpc2N1c3Mgb24gZHJhZnQtaWV0Zi1zZmMt?= =?utf-8?Q?nsh-24:_(with_DISCUSS_and_COMMENT)?= Thread-Index: AQHTN7J1Oxxnh9G/fUSWyQ0CGGrMWKLJXQ6A Date: Wed, 27 Sep 2017 19:13:28 +0000 Message-ID: <2BA88A4C-8083-44DC-82A6-7AB8DB616EB6@cisco.com> References: <150653176579.25051.17983729650964908105.idtracker@ietfa.amsl.com> In-Reply-To: <150653176579.25051.17983729650964908105.idtracker@ietfa.amsl.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-exchange-messagesentrepresentingtype: 1 x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [10.118.116.133] Content-Type: text/plain; charset="utf-8" Content-ID: <5B93A5CBA4980B47847F7F4BAEEB9733@emea.cisco.com> Content-Transfer-Encoding: base64 MIME-Version: 1.0 Archived-At: Subject: Re: [sfc] =?utf-8?q?Mirja_K=C3=BChlewind=27s_Discuss_on_draft-ietf-s?= =?utf-8?q?fc-nsh-24=3A_=28with_DISCUSS_and_COMMENT=29?= X-BeenThere: sfc@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Network Service Chaining List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Sep 2017 19:13:35 -0000 VGhhbmsgeW91LCBNaXJqYSwgZm9yIHRoZXNlIHF1ZXN0aW9ucyBhbmQgZGV0YWlscy4NCg0KUGxl YXNlIGZpbmQgZm9sbG93LXVwcyBpbmxpbmUuDQoNCj4gT24gU2VwIDI3LCAyMDE3LCBhdCAxOjAy IFBNLCBNaXJqYSBLw7xobGV3aW5kIDxpZXRmQGt1ZWhsZXdpbmQubmV0PiB3cm90ZToNCj4gDQo+ IE1pcmphIEvDvGhsZXdpbmQgaGFzIGVudGVyZWQgdGhlIGZvbGxvd2luZyBiYWxsb3QgcG9zaXRp b24gZm9yDQo+IGRyYWZ0LWlldGYtc2ZjLW5zaC0yNDogRGlzY3Vzcw0KPiANCj4gV2hlbiByZXNw b25kaW5nLCBwbGVhc2Uga2VlcCB0aGUgc3ViamVjdCBsaW5lIGludGFjdCBhbmQgcmVwbHkgdG8g YWxsDQo+IGVtYWlsIGFkZHJlc3NlcyBpbmNsdWRlZCBpbiB0aGUgVG8gYW5kIENDIGxpbmVzLiAo RmVlbCBmcmVlIHRvIGN1dCB0aGlzDQo+IGludHJvZHVjdG9yeSBwYXJhZ3JhcGgsIGhvd2V2ZXIu KQ0KPiANCj4gDQo+IFBsZWFzZSByZWZlciB0byBodHRwczovL3d3dy5pZXRmLm9yZy9pZXNnL3N0 YXRlbWVudC9kaXNjdXNzLWNyaXRlcmlhLmh0bWwNCj4gZm9yIG1vcmUgaW5mb3JtYXRpb24gYWJv dXQgSUVTRyBESVNDVVNTIGFuZCBDT01NRU5UIHBvc2l0aW9ucy4NCj4gDQo+IA0KPiBUaGUgZG9j dW1lbnQsIGFsb25nIHdpdGggb3RoZXIgYmFsbG90IHBvc2l0aW9ucywgY2FuIGJlIGZvdW5kIGhl cmU6DQo+IGh0dHBzOi8vZGF0YXRyYWNrZXIuaWV0Zi5vcmcvZG9jL2RyYWZ0LWlldGYtc2ZjLW5z aC8NCj4gDQo+IA0KPiANCj4gLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KPiBESVNDVVNTOg0KPiAtLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tDQo+IA0KPiBJIGhhdmUgYSBjb3VwbGUgb2YgY29tbWVudHMgb24gdGhlIGRlc2lnbi4gSSBr bm93LCBhcyBhbHdheXMgaW4gSUVTRyByZXZpZXcNCj4gc3RhdGUsIGl0J3MgcHJvYmFibHkgdG9v IGxhdGUgdG8gbWFrZSBhbnkgY2hhbmdlcyB0byB0aGUgYWN0dWFsIGhlYWRlciBmb3JtYXQsDQo+ IHRoZXJlZm9yZSBtb3N0IG9mIG15IGNvbW1lbnRzIGFyZSBhY3R1YWxseSBpbiB0aGUgY29tbWVu dCBzZWN0aW9uIGJlbG93LiBJDQo+IHN0aWxsIGRlY2lkZWQgdG8gbm90ZSB0aGVtIHNvIGF0IGxl YXN0IHBlb3BsZSBjYW4gY29uc2lkZXIgdGhlc2UgcG9pbnRzLg0KPiBIb3dldmVyLCB0aGVyZSBh cmUgYSBmZXcgdGhpbmdzIHRoYXQgSSBuZWVkIGNsYXJpZmljYXRpb24gZm9yIGJlZm9yZQ0KPiBw dWJsaWNhdGlvbiwgd2hpY2ggSSBub3RlIGluIHRoaXMgc2VjdGlvbjoNCj4gDQo+IDEpIFNlYyAy LjINCj4gIlNGL1NGRi9TRkMgUHJveHkvQ2xhc3NpZmllciBpbXBsZW1lbnRhdGlvbnMgdGhhdCBk byBub3Qgc3VwcG9ydCBTRkMNCj4gIE9BTSBwcm9jZWR1cmVzIFNIT1VMRCBkaXNjYXJkIHBhY2tl dHMgd2l0aCBPIGJpdCBzZXQsIGJ1dCBNQVkgc3VwcG9ydA0KPiAgYSBjb25maWd1cmFibGUgcGFy YW1ldGVyIHRvIGVuYWJsZSBmb3J3YXJkaW5nIHJlY2VpdmVkIFNGQyBPQU0NCj4gIHBhY2tldHMg dW5tb2RpZmllZCB0byB0aGUgbmV4dCBlbGVtZW50IGluIHRoZSBjaGFpbi4gIEZvcndhcmRpbmcg T0FNDQo+ICBwYWNrZXRzIHVubW9kaWZpZWQgYnkgU0ZDIGVsZW1lbnRzIHRoYXQgZG8gbm90IHN1 cHBvcnQgU0ZDIE9BTQ0KPiAgcHJvY2VkdXJlcyBtYXkgYmUgYWNjZXB0YWJsZSBmb3IgYSBzdWJz ZXQgb2YgT0FNIGZ1bmN0aW9ucywgYnV0IGNhbg0KPiAgcmVzdWx0IGluIHVuZXhwZWN0ZWQgb3V0 Y29tZXMgZm9yIG90aGVyczsgdGh1cywgaXQgaXMgcmVjb21tZW5kZWQgdG8NCj4gIGFuYWx5emUg dGhlIGltcGFjdCBvZiBmb3J3YXJkaW5nIGFuIE9BTSBwYWNrZXQgZm9yIGFsbCBPQU0gZnVuY3Rp b25zDQo+ICBwcmlvciB0byBlbmFibGluZyB0aGlzIGJlaGF2aW9yLiAgVGhlIGNvbmZpZ3VyYWJs ZSBwYXJhbWV0ZXIgTVVTVCBiZQ0KPiAgZGlzYWJsZWQgYnkgZGVmYXVsdC4iDQo+IFRoaXMgcGFy dCBpcyByZWFsbHkgdW5jbGVhciB0byBtZSBhbmQgSSBiZWxpZXZlIG5lZWRzIHRvIGJlIGZ1cnRo ZXIgc3BlY2lmaWVkLg0KPiBXaGVyZSBzaG91bGQgdGhpcyBjb25maWd1cmFibGUgcGFyYW1ldGVy IGJlPyBJbiB0aGUgQ29udGV4dCBoZWFkZXI/IFdoeSBkb24ndA0KPiB5b3UganVzdCB1c2Ugb25l IG9mIHRoZSB1bmFzc2lnbmVkIGJpdCB0byBpbmRpY2F0ZSBpZiBhbiB1bmtub3duIChPQU0pIHBh Y2tldA0KPiBzaG91bGQgYmUgZm9yd2FyZGVkIG9yIG5vdD8NCg0KVGhlIGNvbmZpZ3VyYWJsZSBw YXJhbWV0ZXIgcmVmZXJzIHRvIGEgY29uZmlndXJhdGlvbiBzdGF0ZSBhbmQgZGV2aWNlIG9wZXJh dGlvbmFsIHN0YXRlIHZhcmlhYmxlLCBhbmQgbm90IGEgZGF0YSBwbGFuZSBwYWNrZXQgZmllbGQu DQoNCkluIG90aGVyIHdvcmRzLCB0aGUgZGVmYXVsdCBpcyBkcm9wLiBCdXQgaWYgdGhlIHNldHRp bmcgYGNvbmZpZ3VyZSBzZmYgZm9yd2FyZCBvYW1gIHRoZW4gaXQgaXMgZm9yd2FyZGVkLg0KDQpJ IHdpbGwgc2F5IHRoYXQgdGhpcyB3YXMgYSBzdHJvbmcgY29udGVudGlvdXMgcG9pbnQgaW4gdGhl IFdHIHByb2Nlc3MgdG8ga2VlcCB0aGlzIGNvbmZpZ3VyYXRpb24gb3B0aW9uIChhbHRob3VnaCBt eSBwZXJzb25hbCBwcmVmZXJlbmNlIHdhcyBub3QgdG8gaGF2ZSBpdCwgdGhlIFdHIHdhcyBsb3Vk IG9uIGl0LikNCg0KPiBNb3Jlb3ZlciwgSSBhbHNvIGRpc2FncmVlIHdpdGggdGhpcyB0ZXh0LiBJ ZiB0aGVyZQ0KPiBpcyBhIGJpdC9hIHdheSB0byBpbmRpY2F0ZSBpZiBhIG5vdCBzdXBwb3J0ZWQg T0FNIHBhY2tldCBzaG91bGQgYmUgZm9yd2FyZGVkIG9yDQo+IG5vdCwgaXQgc2hvdWxkIGp1c3Qg YmUgZGVmaW5lZCBsaWtlIHRoaXMsIHdoaWxlIGFueSBjb25zaWRlcmF0aW9ucyBpZiB0aGF0IGJp dA0KPiBzaG91bGQgYmUgc2V0IG9yIG5vdCBkZXBlbmQgb24gdGhlIE9BTSBmdW5jdGlvbiBpdHNl bGYgYW5kIGRvIG5vdCBuZWVkIHRvIGJlDQo+IGRpc2N1c3NlZCBoZXJlLg0KDQpJIHRoaW5rIHRo ZSBkaXNhZ3JlZW1lbnQgY29tZXMgZnJvbSBiZWxpZXZpbmcgdGhlIGNvbmZpZyBvcHRpb24gaXMg YSBkYXRhIHBsYW5lIGJpdC4NCg0KPiBGaW5hbGx5LCBpdCBpcyBub3Qgd2VsbCBleHBsYWluZWQg d2hhdCBhbiBPQU0gcGFja2V0IGlzIGF0IGFsbC4NCg0KSWYgaXQgaGVscHMsIGFsdGhvdWdoIGl0 IHNlZW1zIHJlZHVuZGFudCwgd2UgY2FuIGFkZCBhIHBvaW50ZXIgdG8gUkZDIDYyOTEgb3IgUkZD IDcyNzYuIA0KDQo+IElzIHRoYXQgYSAnZmFrZScgcGFja2V0IHRoYXQgaXMgZ2VuZXJhdGVkIGJ5 IHRoZSBvcGVyYXRvciB0byBhY3RpdmVseSB0ZXN0IHRoZQ0KPiAocG90ZW50aWFsbHkgbmV3bHkg Y29uZmlndXJlZCkgU0ZQPyBJZiBzbywgd2h5IGRvZXMgYSBTRiBuZWVkIHRvIGtub3cgaWYgYQ0K PiBwYWNrZXQgaXMgYW4gT0FNIHBhY2tldCBvciBub3Q/DQoNCkl0IGlzIGFuIE9BTSBwYWNrZXQs IHdoaWNoIGNhbiBpbmNsdWRlIGNvbm5lY3Rpdml0eSB2ZXJpZmljYXRpb24sIGNvbnRpbnVpdHkg Y2hlY2ssIHBlcmZvcm1hbmNlIG1hbmFnZW1lbnQsIGV0Yy4gSXQgY291bGQgYmUgYSBzeW50aGV0 aWMgcGFja2V0LCBvciwgd2VsbCwgYW4gT0FNIHBhY2tldCA6LSkNCg0KPiBVc3VhbGx5IGl0J3Mg YSBiYWQgaWRlYSB0byB1c2UgZGlmZmVyZW50IGtpbmQNCj4gb2YgdHJhZmZpYyBmb3IgdGVzdGlu ZyBjb21wYXJlZCB0byB3aGF0IHdpbGwgYmUgdXNlZCBpbiBvcGVyYXRpb25zLiBQbGVhc2UNCj4g cHJvdmlkZSBtb3JlIGV4cGxhbmF0aW9uIGhlcmUhDQoNCkkgYW0gbm90IHN1cmUgaG93IHRvIGFk ZHJlc3MgdGhpcywgc2luY2UgdGhlIGRlZmluaXRpb24gb2YgT0FNIGZvciBTRlAgaXMgb3V0c2lk ZSB0aGUgc2NvcGUuIA0KDQpEYXRhIHBsYW5lIHByb3RvY29scyB1c2UgYW4gJ2ludGVyY2VwdGlv biBtYXJrZXLigJkgdG8gZGlmZmVyZW50aWF0ZSB0aGVtIGZyb20gYWN0dWFsIHRyYWZmaWMsIGlu IHRoZSBjb250ZXh0IG9mIEFjdGl2ZSBvciBIeWJyaWQgT0FNIChhcyBvcHBvc2VkIHRvIFBhc3Np dmUgT0FNKS4NCg0KPiANCj4gMikgc2VjdGlvbiAyLjQNCj4gIkFuIFNGQy1hd2FyZSBTRiBNVVNU IHJlY2VpdmUgdGhlIGRhdGEgc2VtYW50aWNzIGZpcnN0IGluIG9yZGVyIHRvDQo+ICBwcm9jZXNz IHRoZSBkYXRhIHBsYWNlZCBpbiB0aGUgbWFuZGF0b3J5IGNvbnRleHQgZmllbGQuICBUaGUgZGF0 YQ0KPiAgc2VtYW50aWNzIGluY2x1ZGUgYm90aCB0aGUgYWxsb2NhdGlvbiBzY2hlbWEgYW5kIHRo ZSBtZWFuaW5nIG9mIHRoZQ0KPiAgaW5jbHVkZWQgZGF0YS4gIEhvdyBhbiBTRkMtYXdhcmUgU0Yg Z2V0cyB0aGUgZGF0YSBzZW1hbnRpY3MgaXMNCj4gIG91dHNpZGUgdGhlIHNjb3BlIG9mIHRoaXMg c3BlY2lmaWNhdGlvbi4iDQo+IFRoaXMgaXMgcmVhbGx5IGNvbmZ1c2luZyB0byBtZS4gSSB0aGlu ayB0aGlzIGlzIHdoYXQgeW91IG5lZWQgYW4gYWN0dWFsbHkgZGF0YQ0KPiBzZW1hbnRpY3MgYWth IHR5cGUgZmllbGQgZm9yIGluIHRoZSBiYXNlIGhlYWRlci4gT3IgaXMgdGhlcmUgYW4gYWN0dWFs IHJlYXNvbg0KPiB0byBub3QgcHV0IHRoaXMgaW5mb3JtYXRpb24gZGlyZWN0bHkgaW4gdGhlIGJh c2UgaGVhZGVyIHdoZXJlIGl0IGlzIG5lZWQgYnV0DQo+IGluc3RlYWQgYXNzdW1pbmcgc29tZSBt YWdpY2FsIHdheSB0aGlzIGluZm9ybWF0aW9uIG1heSB0YWtlIHRvIHJlYWNoIHRoZSBub2RlPw0K DQpCZWxpZXZlIGl0IG9yIG5vdCwgbm8gbWFnaWMgaW52b2x2ZWQuIEl04oCZcyBjYWxsZWQg4oCc Y29udHJvbCBwbGFuZeKAnSB3aGljaCBpcyBvdXQgb2Ygc2NvcGUuDQoNCj4gSWYgdGhlIGFzc3Vt cHRpb24gaXMgdGhhdCB0aGUgU0YgaXMgY29uZmlndXJlZCB0byBrbm93IGJhc2VkIG9mIHRoZSBT Rkkgd2hhdA0KPiB0aGUgY29udGVudCBvZiB0aGUgY29udGV4dCBoZWFkZXIgaGFzIHRvIGJlLA0K DQpObywgdGhlIGFzc3VtcHRpb24gaXMgbm90IHRoYXQgYW4gU0Yg4oCcaXMgY29uZmlndXJlZOKA nS4gQW5kIHRoZSBhc3N1bXB0aW9uIGlzIG5vdCB0aGF0IHRoZSBTRiBrbm93cyB3aGF0IHRoZSBj b250ZW50IG9mIHRoZSBjb250ZXh0IGhlYWRlciBpcy4NCg0KVGhlIGFzc3VtcHRpb24gaXMgdGhh dCB0aGUgU0YgbmVlZHMgdG8gcmVjZWl2ZSB0aGUgZGF0YSBzZW1hbnRpY3MgYmVmb3JlIHByb2Nl c3NpbmcgdGhlIGRhdGEgcGxhbmUgcGFja2V0Lg0KDQo+IHlvdSBhKSBuZWVkIHRvIHNheSB0aGF0 IGluIHRoZQ0KPiBkcmFmdCwNCg0KVGhlIGRvY3VtZW50IHNheXMgd2hhdCBpdCBtZWFucyBhbmQg bWVhbnMgd2hhdCBpdCBzYXlzIGluIHRoaXMgcmVnYXJkcy4gSWYgeW91IGZpbmQgdGhlIHRleHQg Y29uZnVzaW5nLCB3ZSBjYW4gdHJ5IHRvIGNsYXJpZnkgaXQgc29tZWhvdy4NCg0KPiBhbmQgYikg dGhhdCdzIHJlYWxseSBlcnJvci1wcm9uZSBiZWNhdXNlIGl0J3MgcmVhbGx5IGhhcmQgdG8gdGVs bCBpZiB0aGUNCj4gY29uZXh0IGhlYWRlciBhY3R1YWxseSBob2xkcyB0aGUgaW5mb3JtYXRpb24g dGhhdCB5b3UgbmVlZCBvciBqdXN0IHJhbmRvbSBjcmFwDQoNCklzIOKAnGNyYXDigJ0gYSB0ZWNo bmljYWwgdGVybSBoZXJlPw0KDQo+IChvZiBjb3Vyc2UgZGVwZW5kaW5nIG9mIHRoZSBleHBlY3Rl ZCBkYXRhIHR5cGUgb2YgdGhpcyBpbmZvcm1hdGlvbikuIEluIHNob3J0LA0KPiBJIHRoaW5rIHlv dSByZWFsbHkgbmVlZCBhIHR5cGUgZmllbGQgc29tZXdoZXJlIGhlcmUuDQoNCk1pcmphLCB0aGVy ZeKAmXMgc2VsZi1kZXNjcmliaW5nIGRhdGEgYW5kIG5vbi1zZWxmLWRlc2NyaXZpbmcgZGF0YS4g Qm90aCBoYXZlIHRoZWlyIHBsYWNlIGFuZCBjYW4gYmUgdXNlZCBiYXNlZCBvbiB3aGF0IGEgcHJv dG9jb2wgaXMgb3B0aW1pemluZy4gVGhpcyB0ZXh0IGRlc2NyaWJlZCBhIHVzZSBvZiB0aGUgbGF0 dGVyLg0KDQo+IEluIGFueSBjYXNlLCB5b3UgcmVhbGx5DQo+IG5lZWQgdG8gZXhwbGFpbiB0aGlz IG1vcmUhIEFsc28sIHRoZSB0ZXh0IGZ1cnRoZXIgc2F5czogIkFuIFNGIG9yIFNGQyBQcm94eQ0K PiB0aGF0IGRvZXMgbm90IGtub3cgdGhlIGZvcm1hdCBvciBzZW1hbnRpY3Mgb2YgdGhlDQo+ICBD b250ZXh0IEhlYWRlciBmb3IgYW4gTlNIIHdpdGggTUQgVHlwZSAxIE1VU1QgZGlzY2FyZCBhbnkg cGFja2V0IHdpdGgNCj4gIHN1Y2ggYW4gTlNI4oCmIg0KDQpJIGtlZXAgcmVhZGluZyB0aGVzZSBj b3VwbGUgb2Ygc2VudGVuY2VzIGFuZCBJIHVuZGVyc3RhbmQgd2hhdCB0aGV5IHNheS4gU28gSSBh bSBub3QgcG9zaXRpdmUgYXQgdGhpcyBwb2ludCBob3cgdG8gaGVscCBvdXQuDQoNCj4gSG93IGRv ZXMgdGhlIFNGQyBwcm94eSBrbm93IHRoYXQgaXQga25vd3MgdGhlIGZvcm1hdCBvciBub3QgaWYg dGhlcmUgaXMgbm8gdHlwZQ0KPiBmaWVsZCBvciBpZGVudGlmaWVyIHRoYXQgaW5kaWNhdGVzIHdo YXQgdGhlIGZvcm1hdCBzaG91bGQgYmU/DQoNClNhbWUgYXMgdGhlIGZpcnN0IHNlbnRlbmNlIHlv dSBpbmNsdWRlZCBpbiB0aGlzIERJU0NVU1MgaXRlbSAjMjogDQoNCiJBbiBTRkMtYXdhcmUgU0Yg TVVTVCByZWNlaXZlIHRoZSBkYXRhIHNlbWFudGljcyBmaXJzdCBpbiBvcmRlciB0bw0KIHByb2Nl c3MgdGhlIGRhdGEgcGxhY2VkIGluIHRoZSBtYW5kYXRvcnkgY29udGV4dCBmaWVsZC7igJ0NCg0K U2luY2UgYW4gU0ZDIHByb3h5IGFjdHMgYXMgYW4gU0ZDLWF3YXJlIFNGLiBUaGF0IGlzIGNsZWFy IGluIHRoZSBkb2N1bWVudC4NCg0KVGhhdCBzYWlkLCBJIHdpbGwgYWRkIHRoZSBmb2xsb3dpbmcg dG8gbWFrZSBpdCB1bmFtYmlndW91c2x5IGNsZWFyOg0KDQoNCiJBbiBTRkMtYXdhcmUgU0Ygb3Ig U0YgUHJveHkgTVVTVCByZWNlaXZlIHRoZSBkYXRhIHNlbWFudGljcyBmaXJzdCBpbiBvcmRlciB0 bw0KIHByb2Nlc3MgdGhlIGRhdGEgcGxhY2VkIGluIHRoZSBtYW5kYXRvcnkgY29udGV4dCBmaWVs ZC7igJ0NCg0KQW5kIA0KDQpPTEQ6DQogaW5jbHVkZWQgZGF0YS4gIEhvdyBhbiBTRkMtYXdhcmUg U0YgZ2V0cyB0aGUgZGF0YSBzZW1hbnRpY3MgaXMNCiBvdXRzaWRlIHRoZSBzY29wZSBvZiB0aGlz IHNwZWNpZmljYXRpb24u4oCdDQoNCk5FVzoNCiBpbmNsdWRlZCBkYXRhLiAgSG93IGFuIFNGQy1h d2FyZSBTRiBvciBTRkMgUHJveHkgZ2V0cyB0aGUgZGF0YSBzZW1hbnRpY3MgaXMNCiBvdXRzaWRl IHRoZSBzY29wZSBvZiB0aGlzIHNwZWNpZmljYXRpb24uIg0KDQo+IA0KPiBBbHNvLCBhIHJlbGF0 ZWQgcXVlc3Rpb24gZnJvbSBtZTogd2h5IGlzIHRoZSBjb250ZXh0IGhlYWRlciBwcmVzZW50IGlu IGFsbA0KPiB0eXBlcyBvZiBOU0ggaWYgdGhlcmUgaXMgbm8gdXNlIGZvciBpdCBkZWZpbmVkIGlu IHRoaXMgZG9jdW1lbnQgeWV0PyBXaHkgaXMNCj4gdGhlcmUgbm8gZml4ZWQgbGVuZ3RoIE5TSCB3 aXRob3V0IGEgY29udGV4dCBoZWFkZXIgdGhlbj8NCg0KVGhpcyBkb2N1bWVudCBkZWZpbmVzIHR3 byBDb250ZXh0IEhlYWRlciBUeXBlczogZml4ZWQgc2l6ZSwgYW5kIFRMVi1iYXNlZC4gVGhlcmUg aXMgbm90IG5lZWQsIGFzIGZhciBhcyB0aGUgV0cgaGFkIGNvbmNsdWRlZCwgZm9yIGEgZml4ZWQg c2l6ZSBubyBtZXRhZGF0YSBNRCBUeXBlLiANCg0KV2hhdCB5b3UgZGVzY3JpYmUgY2FuIGJlIGFj aGlldmVkIHdpdGggTUQgVHlwZSAyIExlbmd0aCA9IDIuDQoNCj4gDQo+IDMpIFNlY3Rpb24gMi41 LjE6DQo+ICJJZiBtdWx0aXBsZSBpbnN0YW5jZXMgb2YgdGhlIHNhbWUgbWV0YWRhdGEgYXJlIGlu Y2x1ZGVkIGluIGFuIE5TSA0KPiAgcGFja2V0LCBidXQgdGhlIGRlZmluaXRpb24gb2YgdGhhdCBj b250ZXh0IGhlYWRlciBkb2VzIG5vdCBhbGxvdyBmb3INCj4gIGl0LCB0aGUgU0ZDLWF3YXJlIFNG IE1VU1QgcHJvY2VzcyB0aGUgZmlyc3QgaW5zdGFuY2UgYW5kIGlnbm9yZQ0KPiAgc3Vic2VxdWVu dCBpbnN0YW5jZXMuIg0KPiBUaGlzIHNlZW1zIGVycm9yIHByb25lIHRvIG1lLiBJZiB0aGUgc2Ft ZSBtZXRhZGF0YSBhcHBlYXJzIG11bHRpcGxlIHdoZXJlIGl0DQo+IHNob3VsZCBub3QsIHRoYXQg c2VlbXMgY2xlYXJseSBsaWtlIGFuIGVycm9yIGNhc2UgZm9yIG1lLiBKdXN0IHVzaW5nIHRoZSBm aXJzdA0KPiBvbmUgYW5kIHByb2NlZWQgbm9ybWFsbHkgbWlnaHQgbm90IGJlIHRoZSByaWdodCB0 aGluZyB0byBkby4gSW4gYW55IGNhc2UgSQ0KPiB0aGluayBzdWNoIGFuIG9jY2FzaW9uIHNob3Vs ZCBhdCBsZWFzdCBiZSBsb2dnZWQuDQoNCk9LLCB3aWxsIGFkZCBvcHRpb25hbCBsb2dnaW5nIGFu ZCBlcnJvciBjb3VudGluZyBvZiB0aGUgcG90ZW50aWFsbHkgZXJyb3IgY2FzZSBldmVudC4NCg0K PiBJZiB0aGUgbXVsdGlwbGUgaW5zdGFuY2VzIGFyZQ0KPiBqdXN0IGEgY29weSBvZiBlYWNoIG90 aGVyIGFuZCBjYXJyeSB0aGUgc2FtZSBpbmZvcm1hdGlvbiwgaXQncyBwcm9iYWJseSBva2F5IHRv DQo+IHVzZSB0aGF0IGluZm9ybWF0aW9uIGFuZCBwcm9jZWVkLiBJZiB0aGUgZGlmZmVyZW50IGlu c3RhbmNlcyBjYXJyeSBkaWZmZXJlbnQNCj4gaW5mb3JtYXRpb24sIGl0IG1heWJlIGEgYml0IGRh bmdlcm91cyB0byBqdXN0IHVzZSB0aGUgZmlyc3Qgb25lIGFuZCBpZ25vcmUNCj4gb3RoZXJzIHNp bGVudGx5LiBJbiB0aGlzIGNhc2UgSSB3b3VsZCByYXRoZXIgcmVjb21tZW5kIHRvIGRyb3AgdGhl IHBhY2tldOKApg0KPiANCj4gNCkgSW4gbGluZSB3aXRoIHRoZSBzZWNvbmQgY29tbWVudCBmcm9t IHRoZSB0c3YtYXJ0IHJldmlldyAodGhhbmtzIFdlcyEpLCBJDQo+IGRvbid0IHJlYWxseSB1bmRl cnN0YW5kIHdoeSB0aGlzIGRvY3VtZW50cyBzYXlzIChzZWMgNikgdGhhdCB0aGVyZSBjYW4gYmUN Cj4gbXVsdGlwbGUgbmV4dCBob3BzIGZvciB0aGUgc2FtZSBTRlAgb3IgU0ZzIGNhbiBiZSB0cmF2 ZXJzZWQgaW4gYSBkaWZmZXJlbnQNCj4gb3JkZXIuIE1heSB1bmRlcnN0YW5kaW5nIChmcm9tIGEg cXVpY2sgbG9vayBhdCBSRkM3NjY1KSB3b3VsZCBiZSB0aGF0LCBpZiB0aG9zZQ0KPiB0aGluZ3Mg YXJlIG5lZWRlZCBlLmcuIGZvciBsb2FkIGJhbGFuY2luZywgdGhlbiBvbmUgc2hvdWxkIGRlZmlu ZSBkaWZmZXJlbnQNCj4gU0ZQcyBhbmQgdGhlIENsYXNzaWZpZXIgbXVzdCBoYXZlIHRoZSBrbm93 bGVkZ2UgdGhhdCB0d28gU0ZQIGFyZSBlcXVpdmFsZW50IGFuZA0KPiBzZWxlY3QgdGhlbSByZXNw ZWN0aXZlbHkuDQoNCk5vdCByZWFsbHkuIExpa2UgeW91IHNhaWQsIGZvciBMQi4NCg0KPiBUaGUg cmVhc29uIHdoeSBJJ20gcmVhbGx5IGNvbmNlcm5lZCBhYm91dCB0aGlzIGlzDQo+IHRoYXQgdXN1 YWxseSBhIG51bWJlciBvZiBwYWNrZXRzIGJlbG93IHRvIGEgZmxvdyBhbmQgYWxsIHBhY2tldHMg YmVsb25naW5nIHRvDQo+IHRoZSBzYW1lIGZsb3cganVzdCBpZGVhbGx5IHRha2UgdGhlIHNhbWUg cm91dGUuIEJ1dCB1c3VhbGx5IG9ubHkgdGhlIENsYXNzaWZpZXINCj4gaGFzIGEgbm90aW9uIG9m IHdoYXQgYSBmbG93IGlzIGFuZCByZXNwZWN0aXZlbHkgd2lsbCBhc3NpZ24gdGhlIFNGSSB0byB0 aGUNCj4gcGFja2V0cyBiZWxvbmdpbmcgdG8gdGhlIHNhbWUgZmxvdy4gSWYgbm93IGFueSBTRiBv biB0aGUgcGF0aCBjYW4gbW9yZSBvciBsZXNzDQo+IHJhbmRvbWx5IGRlY2lkZWQgdG8gZm9yd2Fy ZCBwYWNrZXQgYmVsb25nIHRvIHRoZSBzYW1lIGZsb3cgdG8gb25lIG9yIGFub3RoZXINCj4gbmV4 dCBub2RlcywgSSB3b3VsZCBhc3N1bWUgdGhhdCB0aGlzIGlzIG5vdCBvbmx5IGEgcHJvYmxlbSBm b3IgdGhlIGZsb3csIGUuZy4NCj4gcmVvcmRlcmluZywgYnV0IGFsc28gZm9yIFNGIGl0c2VsZiBp biBtYW55IGNhc2VzLg0KDQpodHRwczovL3Rvb2xzLmlldGYub3JnL2h0bWwvcmZjNzY2NSNzZWN0 aW9uLTUuNQ0KDQoNCj4gDQo+IA0KPiAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQo+IENPTU1FTlQ6DQo+IC0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0NCj4gDQo+IEZ1cnRoZXIgY29uc2lkZXJhdGlvbnM6DQo+IA0KPiAxKSBJIGRvbid0 IHJlYWxseSBzZWUgd2h5IGEgVFRMIGluIHRoZSBiYXNlIGhlYWRlciBpcyBuZWVkZWQuIEkgbW9z dGx5DQo+IHVuZGVyc3RhbmQgd2h5IHRoZXJlIGlzIHRoZSBTZXJ2aWNlIEluZGV4IGluIHNlcnZp Y2UgaGVhZGVyLCBhbHNvIEkgdGhpbmsgdGhlcmUNCj4gc2hvdWxkIGJlIGJldHRlciBtZWFuIHRv IHZhbGlkYXRlIHRoYXQgeW91IFNGUCBpcyBjb3JyZWN0IGFuZCBJIGlkZWFsbHkgeW91DQo+IHNo b3VsZCByZWFsbHkgbm90IG5lZWQgdGhpcy4gSG93ZXZlciwgbG9vcCBwcmV2ZW50aW9uIGNhbiBi ZSBwcm92aWRlZCBieSBib3RoDQo+IG1lY2hhbmlzbSBhbmQgbW9yZW92ZXIgdGhlcmUgaXMgcHJv YmFibHkgYWxzbyBvZnRlbiBhIFRUTCBpbiB0aGUgZW5jYXBzdWxhdGlvbg0KPiBwcm90b2NvbCBh bmQgbG9vcCBwcmV2ZW50aW9uIHNob3VsZCByZWFsbHkgYmUgYSBmdW5jdGlvbiBvZiB0aGF0IGZv cndhcmRpbmcNCj4gcHJvdG9jb2wgYW5kIG5vdCB0aGUgTlNILg0KDQpUaGUgV0cgaGFkIGEgc3Ry b25nIHZvaWNlIG9uIHRoZSBuZWVkIG9mIHRoaXMgZmllbGQuDQoNCihJIGRvIG5vdCBkaXNhZ3Jl ZSB3aXRoIHlvdSkNCg0KQnV0IHRoZXJlIGFyZSBjYXNlcyB3aGVyZSBTSSBpcyBub3QgZGVjcmVt ZW50ZWQsIG5vciBpcyB0aGUgZW5jYXBzdWxhdGlvbi1sZXZlbCBUVEwuDQoNCj4gDQo+IDIpIEkg ZG9uJ3Qgc2VlIHdoeSB5b3UgbmVlZCB0aGUgdHlwZSBmaWVsZCBpbiB0aGUgYmFzZSBoZWFkZXIu IFRoaXMgaXMgZnVsbHkNCj4gcmVkdW5kYW50IGJlY2F1c2UgYmVjYXVzZSBhbGwgeW91IG5lZWQg aXMgdGhlIGxlbmd0aCBmaWVsZC4gSWYgdGhlIGxlbmd0aCBpcw0KPiAweDIgaXQgaXMgd2hhdCB5 b3UgaGF2ZSBkZWZpbmVkIGFzIHR5cGUgMSBpZiB0aGUgbGVuZ3RoIGZpZWxkIGlzIGxhcmdlciBp dCBpcw0KPiB0eXBlIDIuDQoNClRoYW5rcyBmb3IgdGhlIGF0dGVtcHQgYXQgb3ZlcmxvYWRpbmcs IGJ1dCBuby4gTGVuZ3RoID0gNj8NCg0KPiBJIGFsc28gZG9uJ3Qgc2VlIHRoZSBuZWVkIGZvciBh bnkgb3RoZXIgdHlwZXMgaW4gZnV0dXJlIGJlY2F1c2UgeW91DQo+IGFsc28gaGF2ZSB0aGUgdmVy c2lvbiBmaWVsZDsNCg0KTk8uDQoNCldlIGRvICpub3QqIHdhbnQgdG8gYnVtcCB1cCB0aGUgVmVy c2lvbiBmaWVsZCBmb3IgdGhlIHdob2xlIHByb3RvY29sIHdoZW4gcG90ZW50aWFsbHkgYWRkaW5n IGEgbmV3IE1EIFR5cGUuDQoNCj4gaWYgeW91IG5lZWQgYW55dGhpbmcgZWxzZSB5b3Ugc2hvdWxk IGdvIG9yDQo+IHByb2JhYmx5IGhhdmUgdG8gZ28gZm9yIGEgbmV3IHZlcnNpb24uIE5vdGUgdGhh dCB0aGUgZ2VuZXJhbCBwcm9iYWJseSB3aXRoDQo+IHVubmVjZXNzYXJ5IHJlZHVuZGFuY3kgaXMg dGhhdCBpcyBhZGQgY29tcGxleGl0eS4gSWYgeW91IGtlZXAgdGhpcyByZWR1bmRhbmN5DQo+IHlv dSBoYXZlIHRvIHNlcGFyYXRlbHkgaGFuZGxlIGFuZCBpbXBsZW1lbnQgdGhlIGNhc2Uocykgd2hl cmUgdGhlIHR5cGUgaXMgMSBidXQNCj4gdGhlIGxlbmd0aCBpcyBsYXJnZXIgdGhhbiBleHBlY3Rl ZC4gSWYgYXQgYWxsIHlvdSBjb3VsZCBwcm9iYWJseSBqdXN0IHVzZSBvbmUNCj4gYml0IHRvIGlu ZGljYXRlIHRoYXQgdGhlIGxlbmd0aCBmaWVsZCBpcyBwcmVzZW50IGFuZCBpZiBub3QgdGhlIGxl bmd0aCBpcyAweDIuDQo+IEhvd2V2ZXIsIHNhdmluZyBiaXRzIGRvZXMgbm90IHJlYWxseSBzZWVt IHRvIGJlIGEgY29uY2VybiBmb3IgeW91LCBzbyB0aGF0DQo+IG1pZ2h0IG5vdCBhY3R1YWxseSBi ZSBhbiBhZHZhbnRhZ2UuDQoNCkkgZGlkIG5vdCBmdWxseSBmb2xsb3cgdGhlIHRyYWluIG9mIGJy YW5jaGluZyBwcm9zIGFuZCBjb25zIGluIHlvdXIgc3RhdGVtZW50LCBidXQgbGlrZSB5b3Ugc2Fp ZCBlYXJsaWVyLCB0aGVyZeKAmXMgcnVubmluZyBjb2RlIG9uIHRoaXMgYW5kIHdvdWxkIG5vdCBi ZSBwcm9kdWN0aXZlIHRvIGRlZmluZSBhIGRpZmZlcmVudCBzaW1pbGFyIHByb3RvY29sLg0KDQo+ IA0KPiAzKSBzZWMgMi41LjENCj4gIlVuYXNzaWduZWQgYml0OiBPbmUgdW5hc3NpZ25lZCBiaXQg aXMgYXZhaWxhYmxlIGZvciBmdXR1cmUgdXNlLiAgVGhpcw0KPiAgYml0IE1VU1QgTk9UIGJlIHNl dCwgYW5kIE1VU1QgYmUgaWdub3JlZCBvbiByZWNlaXB0LiINCj4gSXMgdGhlcmUgYW4gYWN0dWFs IHJlYXNvbiB0byBoYXZlIGFuIHVuYXNzaWduZWQgYml0IGhlcmU/DQoNCkkgYW0gbm90IHN1cmUg SSB1bmRlcnN0YW5kIHRoZSBxdWVzdGlvbi4NCg0KVGhlIGhlYWRlciBpcyAzMi1iaXQgYWxpZ25l ZCwgYW5kIHRoZXJl4oCZcyBsZXNzIGZpZWxkcyBkZWZpbmVkIHRoYXQgYXZhaWxhYmxlIGJpdHMg aW4gYSAzMi1iaXQgd29yZOKApiANCg0KPiBCZWNhdXNlIEkgd291bGQNCj4gYXNzdW1lIHRoYXQg dGhlIHR5cGUgYWxyZWFkeSBwcm92aWRlZCBlbm91Z2ggZmxleGliaWxpdHkgZm9yIHdheSB0byBl eHRlbmQgdGhlDQo+IG1ldGFkYXRhIGZvcm1hdCBpbiBhbnkgd2F5IG5lZWRlZC4NCj4gDQoNCj8N Cg0KPiA0KSBBbHNvIHNlY3Rpb24gMi41LjE6DQo+ICIgICBMZW5ndGg6IEluZGljYXRlcyB0aGUg bGVuZ3RoIG9mIHRoZSB2YXJpYWJsZSBtZXRhZGF0YSwgaW4gYnl0ZXMuICBJbg0KPiAgY2FzZSB0 aGUgbWV0YWRhdGEgbGVuZ3RoIGlzIG5vdCBhbiBpbnRlZ2VyIG51bWJlciBvZiA0LWJ5dGUgd29y ZHMsDQo+ICB0aGUgc2VuZGVyIE1VU1QgYWRkIHBhZCBieXRlcyBpbW1lZGlhdGVseSBmb2xsb3dp bmcgdGhlIGxhc3QgbWV0YWRhdGENCj4gIGJ5dGUgdG8gZXh0ZW5kIHRoZSBtZXRhZGF0YSB0byBh biBpbnRlZ2VyIG51bWJlciBvZiA0LWJ5dGUgd29yZHMuDQo+ICBUaGUgcmVjZWl2ZXIgTVVTVCBy b3VuZCB1cCB0aGUgbGVuZ3RoIGZpZWxkIHRvIHRoZSBuZWFyZXN0IDQtYnl0ZQ0KPiAgd29yZCBi b3VuZGFyeSwgdG8gbG9jYXRlIGFuZCBwcm9jZXNzIHRoZSBuZXh0IGZpZWxkIGluIHRoZSBwYWNr ZXQuIg0KPiBZb3VyIGRlZmluaXRpb24gb2YgdGhlIGxlbmd0aCBmaWVsZCBtaWdodCBiZSBtb3Jl IGVycm9yLXByb25lIHRoYW4gbmVlZGVkLiBJdA0KPiB3b3VsZCBwcm9iYWJseSBiZSBlYXNpZXIg dG8gc2ltcGx5IGRlZmluZSB0aGUgbGVuZ3RoIGFzIDQtYnl0ZSB3b3JkcywgYW5kIHRoZSANCj4g dHlwZSBvZiBjb3Vyc2UgZGVmaW5lcyB0aGUgY29udGVudCBvZiB0aGUgbWV0YWRhdGEgZmllbGQg YW5kIGFzIHN1Y2ggY2FuIHNpbXBseQ0KPiBkZWZpbmUgd2hpY2ggcGFydCBvZiB0aGUgdG90YWwg bWV0YWRhdGEgZmllbGQgaG9sZHMgY2VydGFpbiBkYXRhIG9mIGEgY2VydGFpbg0KPiB0eXBlIGFu ZCB3aXRoIHBhcnQgaXMgcGFkZGluZy4NCj4gDQoNClRoYW5rIHlvdS4gU2VlIGFib3ZlLg0KDQo+ IDUpIEFuZCBmaW5hbGx5IEkgaGF2ZSB0byBzYXkgaXQgaXMgdW5jbGVhciB0byBtZSB3aHkgdGhl IFNGSSBhbmQgU0kgZmllbGQgYXJlDQo+IGRlc2NyaWJlZCBhcyBhIHNlcGFyYXRlIGhlYWRlci4g R2l2ZW4gdGhleSBoYXZlIHRvIGJlIHByZXNlbnQgaW4gYWxsIFNGSCwNCg0KV2hhdCBpcyDigJxT RkjigJ0/DQoNCj4gSQ0KPiB3b3VsZCBjb25zaWRlciB0aGVtIGFzIHR3byBmaWVsZHMgb2YgdGhl IGJhc2UgaGVhZGVyLiBCdXQgaXQgaXMgYWZ0ZXIgYWxsDQo+IHJlYWxseSBqdXN0IGFuIGVkaXRv cmlhbCBpc3N1ZS4gSG93ZXZlciwgYWxsIHRoaXMgdG9nZXRoZXIgd2l0aCBteSBwcmV2aW91cw0K PiBjb21tZW50cyBtYWtlcyB0aGUgcHJvdG9jb2wgc3BlYyBhY3R1YWxseSBtdWNoIG1vcmUgY29t cGxpY2F0ZWQgdGhhbiBpdCBuZWVkcw0KPiB0byBiZeKApg0KDQpOb3RlZC4NCg0KPiANCj4gNikg SSBhbHNvIGhhdmUgdG8gYWdyZWUgdG8gdGhlIGxhc3QgY29tbWVudCBvZiB0aGUgdHN2LWFydCBy ZXZpZXc6IEkgdGhpbmsgaXQNCj4gd291bGQgaGF2ZSBiZWVuIG5pY2VyIHRvIG5vdCBvbmx5IGRl c2NyaWJlZCB0aGUgTlNIIGJ1dCBhbHNvIGRlZmluZSBtYXBwaW5ncyB0bw0KPiBhIHNldCBvZiBw b3NzaWJsZSBlbmNhcHN1bGF0aW9ucyBiZWNhdXNlIEkgd291bGQgYXNzdW1lIHRoYXQgZm9yIGVh Y2gNCj4gZW5jYXBzdWxhdGlvbiB0aGVyZSBhcmUgYSBjb3VwbGUgc3BlY2lmaWMgY29uc2lkZXJh dGlvbnMgdGhhdCBuZWVkIHRvIGJlIG1hZGUNCj4gdG8gbWFrZSB0aGluZ3Mgd29yayBzdWNjZXNz ZnVsbHkuIEkgZG9uJ3QgdGhpbmsgdGhhdCBhbGwgZW5jYXBzdWxhdGlvbnMgY2FuIGJlDQo+IGNh cHR1cmVkIGJ5IGdlbmVyYWwgY29uc2lkZXJhdGlvbiBhbmQgSSBjYW5ub3QgbWFrZSB1cCBteSBt aW5kIHRvIGdvIHRocm91Z2gNCj4gYWxsIGNhc2VzIGluIG15IGhlYWQgdG8gZmlndXJlIG91dCBp ZiB0aGVyZSBhcmUgdGhpbmdzIHRoYXQgbmVlZHMgdG8gYmUgbm90ZWQuDQo+IA0KPiANCg0KT0su DQoNClRoYW5rcyBhZ2FpbiwNCg0KQ2FybG9zLg0KDQo= From nobody Wed Sep 27 12:16:00 2017 Return-Path: X-Original-To: sfc@ietfa.amsl.com Delivered-To: sfc@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C533B134F0D; Wed, 27 Sep 2017 12:15:52 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -14.52 X-Spam-Level: X-Spam-Status: No, score=-14.52 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6NseqSpPYyrq; Wed, 27 Sep 2017 12:15:50 -0700 (PDT) Received: from rcdn-iport-4.cisco.com (rcdn-iport-4.cisco.com [173.37.86.75]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 611281342EE; Wed, 27 Sep 2017 12:15:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=23514; q=dns/txt; s=iport; t=1506539750; x=1507749350; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=f5T3pfQRWwGZ/2TNIrcLwtIMM3YCBd220zZdLrgTv4E=; b=S4sL45spQj0XfiSszEDcQSGLaB9UKVnEqhsuhngNN6paqN4TdZJivnPl D/yKPHtwc6CNoYVDe51And4ook9R6mRNJAvB5SKsNrNG6I5Y0AqZma/oA uz13gLIvsDtkLB2SACQxMpYHJmIEXLvUrTl7mkJLIDF6FmOZGTPxxdqW7 M=; X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0CZAgBT+MtZ/4YNJK1cGQEBAQEBAQEBA?= =?us-ascii?q?QEBBwEBAQEBg1xkbicHg3GZfYFUkQ+FPg6CBAojhRgCGoRCQBcBAgEBAQEBAQF?= =?us-ascii?q?rKIUZBiNEEhACAQg/AwICAjAUEQIEDgWJTWQQp3aCJ4sDAQEBAQEBAQEBAQEBA?= =?us-ascii?q?QEBAQEBAQEBGAWDK4ICgVGBaisLgnKEUQESAYMyL4IxBYoSjj2IVAKHXINciSU?= =?us-ascii?q?MggeFbosFlRwCERkBgTgBIQE1gQMLeBVbAYUHHIFndgGGIYEkgRABAQE?= X-IronPort-AV: E=Sophos;i="5.42,446,1500940800"; d="scan'208,217";a="300745762" Received: from alln-core-12.cisco.com ([173.36.13.134]) by rcdn-iport-4.cisco.com with ESMTP/TLS/DHE-RSA-AES256-SHA; 27 Sep 2017 19:15:48 +0000 Received: from XCH-RTP-001.cisco.com (xch-rtp-001.cisco.com [64.101.220.141]) by alln-core-12.cisco.com (8.14.5/8.14.5) with ESMTP id v8RJFm6h006087 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Wed, 27 Sep 2017 19:15:48 GMT Received: from xch-rtp-020.cisco.com (64.101.220.160) by XCH-RTP-001.cisco.com (64.101.220.141) with Microsoft SMTP Server (TLS) id 15.0.1320.4; Wed, 27 Sep 2017 15:15:47 -0400 Received: from xch-rtp-020.cisco.com ([64.101.220.160]) by XCH-RTP-020.cisco.com ([64.101.220.160]) with mapi id 15.00.1320.000; Wed, 27 Sep 2017 15:15:47 -0400 From: "Carlos Pignataro (cpignata)" To: "Joel M. Halpern" CC: "Alvaro Retana (aretana)" , "draft-ietf-sfc-nsh@ietf.org" , "sfc-chairs@ietf.org" , "sfc@ietf.org" , The IESG Thread-Topic: Alvaro Retana's No Objection on draft-ietf-sfc-nsh-24: (with COMMENT) Thread-Index: AQHTNvwOtqmwlMp+xUy8F8i54ZXAOqLH02gAgAGCN4CAAACDgIAACP+A Date: Wed, 27 Sep 2017 19:15:47 +0000 Message-ID: References: <150645342771.20838.9063204620273064987.idtracker@ietfa.amsl.com> <094fba4c-9a98-6aec-6f01-1070faa0b182@joelhalpern.com> In-Reply-To: <094fba4c-9a98-6aec-6f01-1070faa0b182@joelhalpern.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-exchange-messagesentrepresentingtype: 1 x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [10.118.116.133] Content-Type: multipart/alternative; boundary="_000_EC83047C25844EF5A93DDEBB8F7D20B0ciscocom_" MIME-Version: 1.0 Archived-At: Subject: Re: [sfc] Alvaro Retana's No Objection on draft-ietf-sfc-nsh-24: (with COMMENT) X-BeenThere: sfc@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Network Service Chaining List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Sep 2017 19:15:53 -0000 --_000_EC83047C25844EF5A93DDEBB8F7D20B0ciscocom_ Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 KzEuDQoNCkluY29ycG9yYXRlZC4NCg0K4oCUDQpDYXJsb3MgUGlnbmF0YXJvLCBjYXJsb3NAY2lz Y28uY29tPG1haWx0bzpjYXJsb3NAY2lzY28uY29tPg0KDQrigJxTb21ldGltZXMgSSB1c2UgYmln IHdvcmRzIHRoYXQgSSBkbyBub3QgZnVsbHkgdW5kZXJzdGFuZCwgdG8gbWFrZSBteXNlbGYgc291 bmQgbW9yZSBwaG90b3N5bnRoZXNpcy4iDQoNCk9uIFNlcCAyNywgMjAxNywgYXQgMjo0MyBQTSwg Sm9lbCBNLiBIYWxwZXJuIDxqbWhAam9lbGhhbHBlcm4uY29tPG1haWx0bzpqbWhAam9lbGhhbHBl cm4uY29tPj4gd3JvdGU6DQoNClRoYW5rcyBBbHZhcm8uICBUaGF0IGNoYW5nZSBzZWVtcyBmaW5l IHdpdGggbWUuDQoNCllvdXJzLA0KSm9lbA0KDQpPbiA5LzI3LzE3IDI6NDEgUE0sIEFsdmFybyBS ZXRhbmEgKGFyZXRhbmEpIHdyb3RlOg0KT24gOS8yNi8xNywgMzozOSBQTSwgIkpvZWwgTS4gSGFs cGVybiIgPGptaEBqb2VsaGFscGVybi5jb208bWFpbHRvOmptaEBqb2VsaGFscGVybi5jb20+PiB3 cm90ZToNCkpvZWw6DQpIaSENCllvdXIgY29tbWVudCAxIGlzIGFib3V0IG5vbi1zdXBwb3J0IG9m IE1EMiBhbmQgdGhlIHJlcXVpcmVtZW50IHRoYXQNCnRoZSBlbnRpdHkgdXNlIHRoZSBsZW5ndGgg ZmllbGQgYW55d2F5Lg0KV2hhdCB3ZSBhcmUgdHJ5aW5nIHRvIGNvbW11bmljYXRlIChhbmQgaGF2 ZSBub3QgZ290dGVuIHJpZ2h0KSBpcyB0aGF0DQpkZXZpY2VzIHdoaWNoIG5lZWQgdGhlIHBhY2tl dCwgYnV0IGRvIG5vdCBuZWVkIHRoZSBtZXRhZGF0YSwgYXJlDQpyZXF1aXJlZCB0byBjb3BlIHdp dGggTUQyIHdpdGggYSBsZW5ndGggZ3JlYXRlciB0aGFuIDIuICBBbiBleGFtcGxlIG9mDQpzdWNo IGEgZGV2aWNlIGlzIGFuIFNGRiB3aGljaCBoYXMgbXVsdGlwbGUgdmFsaWQgaG9zcCBhbG9uZyB0 aGUgU0ZQLCBhbmQNCnVzZXMgdGhlIHVuZGVybHlpbmcgcGFja2V0IGhlYWRlciBmaWVsZHMgdG8g cGljayBvbmUuICBJdCBpcyByZXF1aXJlZCB0bw0KZnVuY3Rpb24gZXZlbiB3aGVuIGhhbmRlZCBh biBNRDIgcGFja2V0Lg0KVGhpcyBpcyBwYXJ0IG9mIGEgY29tcHJvbWlzZSB0byBtYWtlIE1EMiB1 c2FibGUgZXZlbiB3aXRoIGRldmljZXMgdGhhdA0Kd2VyZSBidWlsdCBwcmluY2lwYWxseSBmb3Ig TUQxLg0KQ2FuIHlvdSBzdWdnZXN0IGJldHRlciB3b3JkaW5nLiAgKEdpdmVuIHRoYXQgdGhpcyBp cyB0aGUgYmFzZSBzZWN0aW9uLCBJDQpkbyBub3Qgd2FudCBhIGxvbmcgZXhhbXBsZSBoZXJlLikN Ck15IG1haW4gY29uY2VybiBpcyB0aGF0IHRoZSBkb2N1bWVudCBzYXlzIHRoYXQgcGFja2V0cyB3 aXRoIGFuIHVuc3VwcG9ydGVkIE1EIFR5cGUg4oCcTVVTVCBiZQ0Kc2lsZW50bHkgZHJvcHBlZOKA nS4gIFRoZSBjb21wbGljYXRpb24gaXMgdGhhdCB0aGUgZG9jdW1lbnQgYWxzbyBzcGVjaWZpZXMg 4oCccGFydGlhbOKAnSBzdXBwb3J0IGZvciBNRCBUeXBlIDI6IOKAnE5TSCBpbXBsZW1lbnRhdGlv bnMgTVVTVCBzdXBwb3J0IE1EIHR5cGVzIDB4MSBhbmQgMHgyICh3aGVyZSB0aGUgbGVuZ3RoIGlz IDB4MikuICBOU0ggaW1wbGVtZW50YXRpb25zIFNIT1VMRCBzdXBwb3J0IE1EIFR5cGUgMHgyIHdp dGggbGVuZ3RoIGdyZWF0ZXIgdGhhbiAweDIu4oCdDQpJdCBzZWVtcyB0byBtZSB0aGF0IHB1dHRp bmcgYSBkZXZpY2UgdGhhdCBvbmx5IHN1cHBvcnRzIG9uZSBNRCBUeXBlIChvciBpbiB0aGlzIGNh c2UgcGFydGlhbCBzdXBwb3J0IGZvciBhbm90aGVyKSBpbiBhIG5ldHdvcmsgc2hvdWxkIG5vdCBi ZSBleHBlY3RlZCB0byBkZWFsIHdpdGggc3VwcG9ydGluZyBvdGhlciB0eXBlc+KApmFuZCBzaG91 bGQgYmUgc29tZXRoaW5nIGhpZ2hsaWdodGVkIGZvciBkZXBsb3ltZW50IGNvbnNpZGVyYXRpb24u DQpIYXZpbmcgc2FpZCB0aGF0LCBoZXJl4oCZcyBhIHN1Z2dlc3Rpb246DQpPTEQ+DQogICDigKYg IFRoZXJlIGV4aXN0cywNCiAgIGhvd2V2ZXIsIGEgbWlkZGxlIGdyb3VuZCwgd2hlcmVpbiBhIGRl dmljZSB3aWxsIHN1cHBvcnQgTUQgVHlwZSAweDENCiAgIChhcyBwZXIgdGhlIE1VU1QpIG1ldGFk YXRhLCB5ZXQgYmUgZGVwbG95ZWQgaW4gYSBuZXR3b3JrIHdpdGggTUQgVHlwZQ0KICAgMHgyIG1l dGFkYXRhIHBhY2tldHMuICBJbiB0aGF0IGNhc2UsIHRoZSBNRCBUeXBlIDB4MSBub2RlLCBNVVNU DQogICB1dGlsaXplIHRoZSBiYXNlIGhlYWRlciBsZW5ndGggZmllbGQgdG8gZGV0ZXJtaW5lIHRo ZSBvcmlnaW5hbA0KICAgcGF5bG9hZCBvZmZzZXQgaWYgaXQgcmVxdWlyZXMgYWNjZXNzIHRvIHRo ZSBvcmlnaW5hbCBwYWNrZXQvZnJhbWUuDQpORVc+DQogICDigKYgRGV2aWNlcyB0aGF0IGRvbuKA mXQgc3VwcG9ydCBNRCBUeXBlIDB4MiB3aXRoIGxlbmd0aCBncmVhdGVyIHRoYW4NCiAgIDB4MiBN VVNUIGlnbm9yZSBhbnkgb3B0aW9uYWwgY29udGV4dCBoZWFkZXJzIGFuZCBwcm9jZXNzIHRoZSBw YWNrZXQNCiAgIHdpdGhvdXQgdGhlbTsgdGhlIGJhc2UgaGVhZGVyIGxlbmd0aCBmaWVsZCBjYW4g YmUgdXNlZCB0byBkZXRlcm1pbmUgdGhlDQogICBvcmlnaW5hbCBwYXlsb2FkIG9mZnNldCBpZiBh Y2Nlc3MgdG8gdGhlIG9yaWdpbmFsIHBhY2tldC9mcmFtZSBpcyByZXF1aXJlZC4NClRoYW5rcyEN CkFsdmFyby4NCk9uIDkvMjYvMTcgMzoxNyBQTSwgQWx2YXJvIFJldGFuYSB3cm90ZToNCkFsdmFy byBSZXRhbmEgaGFzIGVudGVyZWQgdGhlIGZvbGxvd2luZyBiYWxsb3QgcG9zaXRpb24gZm9yDQpk cmFmdC1pZXRmLXNmYy1uc2gtMjQ6IE5vIE9iamVjdGlvbg0KDQpXaGVuIHJlc3BvbmRpbmcsIHBs ZWFzZSBrZWVwIHRoZSBzdWJqZWN0IGxpbmUgaW50YWN0IGFuZCByZXBseSB0byBhbGwNCmVtYWls IGFkZHJlc3NlcyBpbmNsdWRlZCBpbiB0aGUgVG8gYW5kIENDIGxpbmVzLiAoRmVlbCBmcmVlIHRv IGN1dCB0aGlzDQppbnRyb2R1Y3RvcnkgcGFyYWdyYXBoLCBob3dldmVyLikNCg0KDQpQbGVhc2Ug cmVmZXIgdG8gaHR0cHM6Ly93d3cuaWV0Zi5vcmcvaWVzZy9zdGF0ZW1lbnQvZGlzY3Vzcy1jcml0 ZXJpYS5odG1sDQpmb3IgbW9yZSBpbmZvcm1hdGlvbiBhYm91dCBJRVNHIERJU0NVU1MgYW5kIENP TU1FTlQgcG9zaXRpb25zLg0KDQoNClRoZSBkb2N1bWVudCwgYWxvbmcgd2l0aCBvdGhlciBiYWxs b3QgcG9zaXRpb25zLCBjYW4gYmUgZm91bmQgaGVyZToNCmh0dHBzOi8vZGF0YXRyYWNrZXIuaWV0 Zi5vcmcvZG9jL2RyYWZ0LWlldGYtc2ZjLW5zaC8NCg0KDQoNCi0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCkNPTU1F TlQ6DQotLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tDQoNCigxKSBXaGlsZSBkZXNjcmliaW5nIHRoZSBNRCBUeXBlIGZp ZWxkLCBTZWN0aW9uIDIuMi4gKE5TSCBCYXNlIEhlYWRlcikgdGFsa3MNCmFib3V0IHRoZSBzcGVj aWZpYyBzY2VuYXJpbyBpbiB3aGljaCAiYSBkZXZpY2Ugd2lsbCBzdXBwb3J0IE1EIFR5cGUgMHgx IChhcyBwZXINCnRoZSBNVVNUKSBtZXRhZGF0YSwgeWV0IGJlIGRlcGxveWVkIGluIGEgbmV0d29y ayB3aXRoIE1EIFR5cGUgMHgyIG1ldGFkYXRhDQpwYWNrZXRzIiwgYW5kIGl0IHNwZWNpZmllcyB0 aGF0ICJ0aGUgTUQgVHlwZSAweDEgbm9kZSwgTVVTVCB1dGlsaXplIHRoZSBiYXNlDQpoZWFkZXIg bGVuZ3RoIGZpZWxkIHRvIGRldGVybWluZSB0aGUgb3JpZ2luYWwgcGF5bG9hZCBvZmZzZXQgaWYg aXQgcmVxdWlyZXMNCmFjY2VzcyB0byB0aGUgb3JpZ2luYWwgcGFja2V0L2ZyYW1lLiIgIFRoaXMg aXMgdGhlIGNhc2Ugd2hlcmUgdGhlIG5vZGUgaW4NCnF1ZXN0aW9uICpkb2VzIG5vdCogc3VwcG9y dCBNRCBUeXBlIDB4MiwgcmlnaHQ/ICBJZiBzbywgdGhlbiB0aGUgc3BlY2lmaWNhdGlvbg0KYWJv dmUgc2VlbXMgdG8gZ28gYWdhaW5zdCAoaW4gdGhlIGxhc3Qgc2VudGVuY2Ugb2YgdGhlIHNhbWUg cGFyYWdyYXBoKToNCiJQYWNrZXRzIHdpdGggTUQgVHlwZSB2YWx1ZXMgbm90IHN1cHBvcnRlZCBi eSBhbiBpbXBsZW1lbnRhdGlvbiBNVVNUIGJlDQpzaWxlbnRseSBkcm9wcGVkLiIgIElPVywgaWYg dGhlIG5vZGUgZG9lc24ndCBzdXBwb3J0IDB4Miwgd2h5IHdvdWxkbid0IGl0IGp1c3QNCmRyb3Ag dGhlIHBhY2tldD8NCg0KKDIpIFNlY3Rpb24gMi41LjEuIChPcHRpb25hbCBWYXJpYWJsZSBMZW5n dGggTWV0YWRhdGEpIHNheXMgdGhhdCB0aGlzIGRvY3VtZW50DQoiZG9lcyBub3QgbWFrZSBhbnkg YXNzdW1wdGlvbiBhYm91dCBDb250ZXh0IEhlYWRlcnMgdGhhdCBhcmUNCm1hbmRhdG9yeS10by1p bXBsZW1lbnQgb3IgdGhvc2UgdGhhdCBhcmUgbWFuZGF0b3J5LXRvLXByb2Nlc3MuICBUaGVzZQ0K Y29uc2lkZXJhdGlvbnMgYXJlIGRlcGxveW1lbnQtc3BlY2lmaWMuIiAgQnV0IHRoZSBuZXh0IGNv dXBsZSBvZiBwYXJhZ3JhcGhzDQpzcGVjaWZ5IGV4cGxpY2l0IGFjdGlvbnMgZm9yIHRoZW0gKG1h bmRhdG9yeS10by1wcm9jZXNzKToNCg0KICAgIFVwb24gcmVjZWlwdCBvZiBhIHBhY2tldCB0aGF0 IGJlbG9uZ3MgdG8gYSBnaXZlbiBTRlAsIGlmIGEgbWFuZGF0b3J5LQ0KICAgIHRvLXByb2Nlc3Mg Y29udGV4dCBoZWFkZXIgaXMgbWlzc2luZyBpbiB0aGF0IHBhY2tldCwgdGhlIFNGQy1hd2FyZSBT Rg0KICAgIE1VU1QgTk9UIHByb2Nlc3MgdGhlIHBhY2tldCBhbmQgTVVTVCBsb2cgYW4gZXJyb3Ig YXQgbGVhc3Qgb25jZSBwZXINCiAgICB0aGUgU1BJIGZvciB3aGljaCB0aGUgbWFuZGF0b3J5IG1l dGFkYXRhIGlzIG1pc3NpbmcuDQoNCiAgICBJZiBtdWx0aXBsZSBtYW5kYXRvcnktdG8tcHJvY2Vz cyBjb250ZXh0IGhlYWRlcnMgYXJlIHJlcXVpcmVkIGZvciBhDQogICAgZ2l2ZW4gU0ZQLCB0aGUg Y29udHJvbCBwbGFuZSBNQVkgaW5zdHJ1Y3QgdGhlIFNGQy1hd2FyZSBTRiB3aXRoIHRoZQ0KICAg IG9yZGVyIHRvIGNvbnN1bWUgdGhlc2UgQ29udGV4dCBIZWFkZXJzLiAgSWYgbm8gaW5zdHJ1Y3Rp b25zIGFyZQ0KICAgIHByb3ZpZGVkIGFuZCB0aGUgU0ZDLWF3YXJlIFNGIHdpbGwgbWFrZSB1c2Ug b2Ygb3IgbW9kaWZ5IHRoZSBzcGVjaWZpYw0KICAgIGNvbnRleHQgaGVhZGVyLCB0aGVuIHRoZSBT RkMtYXdhcmUgU0YgTVVTVCBwcm9jZXNzIHRoZXNlIENvbnRleHQNCiAgICBIZWFkZXJzIGluIHRo ZSBvcmRlciB0aGV5IGFwcGVhciBpbiBhbiBOU0ggcGFja2V0Lg0KDQpNYXliZSBJJ20gY29uZnVz ZWQgYWJvdXQgY29uc2lkZXJhdGlvbnMgYmVpbmcgZGVwbG95bWVudCBzcGVjaWZpYyB2cyBzcGVj aWZ5aW5nDQp3aGF0IHRvIGRvIGhlcmUuICBDYW4geW91IHBsZWFzZSBjbGFyaWZ5Pw0KDQooMykg IlNGRnMgTVVTVCB1c2UgdGhlIFNlcnZpY2UgUGF0aCBIZWFkZXIgZm9yIHNlbGVjdGluZyB0aGUg bmV4dCBTRiBvciBTRkYgaW4NCnRoZSBzZXJ2aWNlIHBhdGguIiAgU2VjdGlvbiA2IGV4cGxhaW5z IG1vc3Qgb2Ygd2hhdCBoYXMgdG8gYmUgZG9uZSAtLSB3aGF0IEkNCnRoaW5rIGlzIHN0aWxsIG5v dCBjbGVhciBpbiB0aGlzIGRvY3VtZW50IGlzIHdoZXJlIHRoZSBpbmZvcm1hdGlvbiBpbiBUYWJs ZXMNCjEtNCBjb21lcyBmcm9tLiAgVGhlcmUgbWF5IGJlIGRpZmZlcmVudCB3YXlzIGZvciBhbiBT RkYgdG8gbGVhcm4gdGhhdCwgYW5kIEkNCndvdWxkIGltYWdpbmUgdGhhdCBpdCBpcyBvdXQtb2Yt c2NvcGUgb2YgdGhpcyBkb2N1bWVudC4gIFBsZWFzZSBzYXkgc28gLS0gbWF5YmUNCnRoZXJlJ3Mg YSByZWxldmFudCByZWZlcmVuY2UgdG8gcmZjNzY2NSAoPykuDQoNCig0KSBTZWN0aW9uIDExLjEu IChOU0ggRXRoZXJUeXBlKSBzZWVtcyBvdXQgb2YgcGxhY2UgaW4gdGhpcyBkb2N1bWVudCBiZWNh dXNlDQooMSkgdGhlIGRvY3VtZW50IGRvZXNuJ3QgZGlzY3VzcyB0aGUgdHJhbnNwb3J0IGl0c2Vs ZiwgYW5kICgyKSBpdCBpcyBpbiB0aGUNCklBTkEgc2VjdGlvbi4uLg0KDQooNSkgV2hhdCBpcyB0 aGUgIklFVEYgQmFzZSBOU0ggTUQgQ2xhc3MiIChTZWN0aW9uIDExLjIuNCk/ICBBaGgsIEkgc2Vl IHRoYXQNClNlY3Rpb24gMTEuMi42IHRhbGtzIGFib3V0ICJ0aGUgdHlwZSB2YWx1ZXMgb3duZWQg YnkgdGhlIElFVEYiOyBpdCB3b3VsZCBiZQ0KZ29vZCB0byBzYXkgdGhhdCBNRCBDbGFzcyAweDAw MDAgaXMgYmVpbmcgYXNzaWduZWQgdG8gdGhlIElFVEYgKGluIDExLjIuNCkuDQoNCk5pdHM6DQoN CkluIHNlY3Rpb24gMi4yLiAoTlNIIEJhc2UgSGVhZGVyKSwgaXQgd291bGQgYmUgbmljZSB0byBo YXZlIGEgZm9yd2FyZCByZWZlcmVuY2UNCndoZW4gdGhlIFNlcnZpY2UgSW5kZXggaXMgZmlyc3Qg bWVudGlvbmVkLg0KDQpJdCBtYXkgYmUgbmljZSB0byBleHBsaWNpdGx5IHN0YXRlIGluIHRoZSBk ZXNjcmlwdGlvbiBvZiB0aGUgTUQgVHlwZSBmaWVsZA0KKFNlY3Rpb24gMi4yKSB0aGF0IGZvciBs ZW5ndGggPSAweDIgYW5kIE1EIFR5cGUgPSAweDIsIHRoZXJlIGFyZSBpbiBmYWN0IG5vDQpvcHRp b25hbCBjb250ZXh0IGhlYWRlcnMuIChJIGtub3cgdGhlcmUncyBzb21lIHRleHQgYWJvdXQgdGhp cyBsYXRlciBpbiBzZWN0aW9uDQoyLjUuKQ0KDQoiLi4uYWxsIGRvbWFpbiBlZGdlcyBNVVNUIGZp bHRlciBiYXNlZCBvbiB0aGUgY2FycmllZCBwcm90b2NvbCBpbiB0aGUNClZ4TEFOLWdwZSIuICBU aGF0ICJNVVNUIiBpcyBvdXQgb2YgcGxhY2UgYmVjYXVzZSB0aGUgdGV4dCBpcyBhbiBleGFtcGxl Lg0KDQoNCg0K --_000_EC83047C25844EF5A93DDEBB8F7D20B0ciscocom_ Content-Type: text/html; charset="utf-8" Content-ID: <3DCD2E0A431B2641BF7B4B428C20E219@emea.cisco.com> Content-Transfer-Encoding: base64 PGh0bWw+DQo8aGVhZD4NCjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIgY29udGVudD0i dGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Ij4NCjwvaGVhZD4NCjxib2R5IHN0eWxlPSJ3b3JkLXdy YXA6IGJyZWFrLXdvcmQ7IC13ZWJraXQtbmJzcC1tb2RlOiBzcGFjZTsgLXdlYmtpdC1saW5lLWJy ZWFrOiBhZnRlci13aGl0ZS1zcGFjZTsiIGNsYXNzPSIiPg0KJiM0MzsxLg0KPGRpdiBjbGFzcz0i Ij48YnIgY2xhc3M9IiI+DQo8L2Rpdj4NCjxkaXYgY2xhc3M9IiI+SW5jb3Jwb3JhdGVkLjwvZGl2 Pg0KPGRpdiBjbGFzcz0iIj48YnIgY2xhc3M9IiI+DQo8ZGl2IGNsYXNzPSIiPg0KPGRpdiBzdHls ZT0iY29sb3I6IHJnYigwLCAwLCAwKTsgbGV0dGVyLXNwYWNpbmc6IG5vcm1hbDsgdGV4dC1hbGln bjogc3RhcnQ7IHRleHQtaW5kZW50OiAwcHg7IHRleHQtdHJhbnNmb3JtOiBub25lOyB3aGl0ZS1z cGFjZTogbm9ybWFsOyB3b3JkLXNwYWNpbmc6IDBweDsgLXdlYmtpdC10ZXh0LXN0cm9rZS13aWR0 aDogMHB4OyB3b3JkLXdyYXA6IGJyZWFrLXdvcmQ7IC13ZWJraXQtbmJzcC1tb2RlOiBzcGFjZTsg LXdlYmtpdC1saW5lLWJyZWFrOiBhZnRlci13aGl0ZS1zcGFjZTsiIGNsYXNzPSIiPg0K4oCUPGJy IGNsYXNzPSIiPg0KQ2FybG9zIFBpZ25hdGFybywmbmJzcDs8YSBocmVmPSJtYWlsdG86Y2FybG9z QGNpc2NvLmNvbSIgY2xhc3M9IiI+Y2FybG9zQGNpc2NvLmNvbTwvYT48YnIgY2xhc3M9IiI+DQo8 YnIgY2xhc3M9IiI+DQo8aSBjbGFzcz0iIj7igJxTb21ldGltZXMgSSB1c2UgYmlnIHdvcmRzIHRo YXQgSSBkbyBub3QgZnVsbHkgdW5kZXJzdGFuZCwgdG8gbWFrZSBteXNlbGYgc291bmQgbW9yZSBw aG90b3N5bnRoZXNpcy4mcXVvdDs8L2k+PC9kaXY+DQo8L2Rpdj4NCjxiciBjbGFzcz0iIj4NCjxk aXY+DQo8YmxvY2txdW90ZSB0eXBlPSJjaXRlIiBjbGFzcz0iIj4NCjxkaXYgY2xhc3M9IiI+T24g U2VwIDI3LCAyMDE3LCBhdCAyOjQzIFBNLCBKb2VsIE0uIEhhbHBlcm4gJmx0OzxhIGhyZWY9Im1h aWx0bzpqbWhAam9lbGhhbHBlcm4uY29tIiBjbGFzcz0iIj5qbWhAam9lbGhhbHBlcm4uY29tPC9h PiZndDsgd3JvdGU6PC9kaXY+DQo8YnIgY2xhc3M9IkFwcGxlLWludGVyY2hhbmdlLW5ld2xpbmUi Pg0KPGRpdiBjbGFzcz0iIj4NCjxkaXYgY2xhc3M9IiI+VGhhbmtzIEFsdmFyby4gJm5ic3A7VGhh dCBjaGFuZ2Ugc2VlbXMgZmluZSB3aXRoIG1lLjxiciBjbGFzcz0iIj4NCjxiciBjbGFzcz0iIj4N CllvdXJzLDxiciBjbGFzcz0iIj4NCkpvZWw8YnIgY2xhc3M9IiI+DQo8YnIgY2xhc3M9IiI+DQpP biA5LzI3LzE3IDI6NDEgUE0sIEFsdmFybyBSZXRhbmEgKGFyZXRhbmEpIHdyb3RlOjxiciBjbGFz cz0iIj4NCjxibG9ja3F1b3RlIHR5cGU9ImNpdGUiIGNsYXNzPSIiPk9uIDkvMjYvMTcsIDM6Mzkg UE0sICZxdW90O0pvZWwgTS4gSGFscGVybiZxdW90OyAmbHQ7PGEgaHJlZj0ibWFpbHRvOmptaEBq b2VsaGFscGVybi5jb20iIGNsYXNzPSIiPmptaEBqb2VsaGFscGVybi5jb208L2E+Jmd0OyB3cm90 ZTo8YnIgY2xhc3M9IiI+DQpKb2VsOjxiciBjbGFzcz0iIj4NCkhpITxiciBjbGFzcz0iIj4NCjxi bG9ja3F1b3RlIHR5cGU9ImNpdGUiIGNsYXNzPSIiPllvdXIgY29tbWVudCAxIGlzIGFib3V0IG5v bi1zdXBwb3J0IG9mIE1EMiBhbmQgdGhlIHJlcXVpcmVtZW50IHRoYXQ8YnIgY2xhc3M9IiI+DQp0 aGUgZW50aXR5IHVzZSB0aGUgbGVuZ3RoIGZpZWxkIGFueXdheS48YnIgY2xhc3M9IiI+DQpXaGF0 IHdlIGFyZSB0cnlpbmcgdG8gY29tbXVuaWNhdGUgKGFuZCBoYXZlIG5vdCBnb3R0ZW4gcmlnaHQp IGlzIHRoYXQ8YnIgY2xhc3M9IiI+DQpkZXZpY2VzIHdoaWNoIG5lZWQgdGhlIHBhY2tldCwgYnV0 IGRvIG5vdCBuZWVkIHRoZSBtZXRhZGF0YSwgYXJlPGJyIGNsYXNzPSIiPg0KcmVxdWlyZWQgdG8g Y29wZSB3aXRoIE1EMiB3aXRoIGEgbGVuZ3RoIGdyZWF0ZXIgdGhhbiAyLiAmbmJzcDtBbiBleGFt cGxlIG9mPGJyIGNsYXNzPSIiPg0Kc3VjaCBhIGRldmljZSBpcyBhbiBTRkYgd2hpY2ggaGFzIG11 bHRpcGxlIHZhbGlkIGhvc3AgYWxvbmcgdGhlIFNGUCwgYW5kPGJyIGNsYXNzPSIiPg0KdXNlcyB0 aGUgdW5kZXJseWluZyBwYWNrZXQgaGVhZGVyIGZpZWxkcyB0byBwaWNrIG9uZS4gJm5ic3A7SXQg aXMgcmVxdWlyZWQgdG88YnIgY2xhc3M9IiI+DQpmdW5jdGlvbiBldmVuIHdoZW4gaGFuZGVkIGFu IE1EMiBwYWNrZXQuPGJyIGNsYXNzPSIiPg0KVGhpcyBpcyBwYXJ0IG9mIGEgY29tcHJvbWlzZSB0 byBtYWtlIE1EMiB1c2FibGUgZXZlbiB3aXRoIGRldmljZXMgdGhhdDxiciBjbGFzcz0iIj4NCndl cmUgYnVpbHQgcHJpbmNpcGFsbHkgZm9yIE1EMS48YnIgY2xhc3M9IiI+DQpDYW4geW91IHN1Z2dl c3QgYmV0dGVyIHdvcmRpbmcuICZuYnNwOyhHaXZlbiB0aGF0IHRoaXMgaXMgdGhlIGJhc2Ugc2Vj dGlvbiwgSTxiciBjbGFzcz0iIj4NCmRvIG5vdCB3YW50IGEgbG9uZyBleGFtcGxlIGhlcmUuKTxi ciBjbGFzcz0iIj4NCjwvYmxvY2txdW90ZT4NCk15IG1haW4gY29uY2VybiBpcyB0aGF0IHRoZSBk b2N1bWVudCBzYXlzIHRoYXQgcGFja2V0cyB3aXRoIGFuIHVuc3VwcG9ydGVkIE1EIFR5cGUg4oCc TVVTVCBiZTxiciBjbGFzcz0iIj4NCnNpbGVudGx5IGRyb3BwZWTigJ0uICZuYnNwO1RoZSBjb21w bGljYXRpb24gaXMgdGhhdCB0aGUgZG9jdW1lbnQgYWxzbyBzcGVjaWZpZXMg4oCccGFydGlhbOKA nSBzdXBwb3J0IGZvciBNRCBUeXBlIDI6IOKAnE5TSCBpbXBsZW1lbnRhdGlvbnMgTVVTVCBzdXBw b3J0IE1EIHR5cGVzIDB4MSBhbmQgMHgyICh3aGVyZSB0aGUgbGVuZ3RoIGlzIDB4MikuICZuYnNw O05TSCBpbXBsZW1lbnRhdGlvbnMgU0hPVUxEIHN1cHBvcnQgTUQgVHlwZSAweDIgd2l0aCBsZW5n dGggZ3JlYXRlciB0aGFuDQogMHgyLuKAnTxiciBjbGFzcz0iIj4NCkl0IHNlZW1zIHRvIG1lIHRo YXQgcHV0dGluZyBhIGRldmljZSB0aGF0IG9ubHkgc3VwcG9ydHMgb25lIE1EIFR5cGUgKG9yIGlu IHRoaXMgY2FzZSBwYXJ0aWFsIHN1cHBvcnQgZm9yIGFub3RoZXIpIGluIGEgbmV0d29yayBzaG91 bGQgbm90IGJlIGV4cGVjdGVkIHRvIGRlYWwgd2l0aCBzdXBwb3J0aW5nIG90aGVyIHR5cGVz4oCm YW5kIHNob3VsZCBiZSBzb21ldGhpbmcgaGlnaGxpZ2h0ZWQgZm9yIGRlcGxveW1lbnQgY29uc2lk ZXJhdGlvbi48YnIgY2xhc3M9IiI+DQpIYXZpbmcgc2FpZCB0aGF0LCBoZXJl4oCZcyBhIHN1Z2dl c3Rpb246PGJyIGNsYXNzPSIiPg0KT0xEJmd0OzxiciBjbGFzcz0iIj4NCiZuYnNwOyZuYnNwOyZu YnNwO+KApiAmbmJzcDtUaGVyZSBleGlzdHMsPGJyIGNsYXNzPSIiPg0KJm5ic3A7Jm5ic3A7Jm5i c3A7aG93ZXZlciwgYSBtaWRkbGUgZ3JvdW5kLCB3aGVyZWluIGEgZGV2aWNlIHdpbGwgc3VwcG9y dCBNRCBUeXBlIDB4MTxiciBjbGFzcz0iIj4NCiZuYnNwOyZuYnNwOyZuYnNwOyhhcyBwZXIgdGhl IE1VU1QpIG1ldGFkYXRhLCB5ZXQgYmUgZGVwbG95ZWQgaW4gYSBuZXR3b3JrIHdpdGggTUQgVHlw ZTxiciBjbGFzcz0iIj4NCiZuYnNwOyZuYnNwOyZuYnNwOzB4MiBtZXRhZGF0YSBwYWNrZXRzLiAm bmJzcDtJbiB0aGF0IGNhc2UsIHRoZSBNRCBUeXBlIDB4MSBub2RlLCBNVVNUPGJyIGNsYXNzPSIi Pg0KJm5ic3A7Jm5ic3A7Jm5ic3A7dXRpbGl6ZSB0aGUgYmFzZSBoZWFkZXIgbGVuZ3RoIGZpZWxk IHRvIGRldGVybWluZSB0aGUgb3JpZ2luYWw8YnIgY2xhc3M9IiI+DQombmJzcDsmbmJzcDsmbmJz cDtwYXlsb2FkIG9mZnNldCBpZiBpdCByZXF1aXJlcyBhY2Nlc3MgdG8gdGhlIG9yaWdpbmFsIHBh Y2tldC9mcmFtZS48YnIgY2xhc3M9IiI+DQpORVcmZ3Q7PGJyIGNsYXNzPSIiPg0KJm5ic3A7Jm5i c3A7Jm5ic3A74oCmIERldmljZXMgdGhhdCBkb27igJl0IHN1cHBvcnQgTUQgVHlwZSAweDIgd2l0 aCBsZW5ndGggZ3JlYXRlciB0aGFuPGJyIGNsYXNzPSIiPg0KJm5ic3A7Jm5ic3A7Jm5ic3A7MHgy IE1VU1QgaWdub3JlIGFueSBvcHRpb25hbCBjb250ZXh0IGhlYWRlcnMgYW5kIHByb2Nlc3MgdGhl IHBhY2tldDxiciBjbGFzcz0iIj4NCiZuYnNwOyZuYnNwOyZuYnNwO3dpdGhvdXQgdGhlbTsgdGhl IGJhc2UgaGVhZGVyIGxlbmd0aCBmaWVsZCBjYW4gYmUgdXNlZCB0byBkZXRlcm1pbmUgdGhlPGJy IGNsYXNzPSIiPg0KJm5ic3A7Jm5ic3A7Jm5ic3A7b3JpZ2luYWwgcGF5bG9hZCBvZmZzZXQgaWYg YWNjZXNzIHRvIHRoZSBvcmlnaW5hbCBwYWNrZXQvZnJhbWUgaXMgcmVxdWlyZWQuPGJyIGNsYXNz PSIiPg0KVGhhbmtzITxiciBjbGFzcz0iIj4NCkFsdmFyby48YnIgY2xhc3M9IiI+DQpPbiA5LzI2 LzE3IDM6MTcgUE0sIEFsdmFybyBSZXRhbmEgd3JvdGU6PGJyIGNsYXNzPSIiPg0KPGJsb2NrcXVv dGUgdHlwZT0iY2l0ZSIgY2xhc3M9IiI+QWx2YXJvIFJldGFuYSBoYXMgZW50ZXJlZCB0aGUgZm9s bG93aW5nIGJhbGxvdCBwb3NpdGlvbiBmb3I8YnIgY2xhc3M9IiI+DQpkcmFmdC1pZXRmLXNmYy1u c2gtMjQ6IE5vIE9iamVjdGlvbjxiciBjbGFzcz0iIj4NCjxiciBjbGFzcz0iIj4NCldoZW4gcmVz cG9uZGluZywgcGxlYXNlIGtlZXAgdGhlIHN1YmplY3QgbGluZSBpbnRhY3QgYW5kIHJlcGx5IHRv IGFsbDxiciBjbGFzcz0iIj4NCmVtYWlsIGFkZHJlc3NlcyBpbmNsdWRlZCBpbiB0aGUgVG8gYW5k IENDIGxpbmVzLiAoRmVlbCBmcmVlIHRvIGN1dCB0aGlzPGJyIGNsYXNzPSIiPg0KaW50cm9kdWN0 b3J5IHBhcmFncmFwaCwgaG93ZXZlci4pPGJyIGNsYXNzPSIiPg0KPGJyIGNsYXNzPSIiPg0KPGJy IGNsYXNzPSIiPg0KUGxlYXNlIHJlZmVyIHRvIDxhIGhyZWY9Imh0dHBzOi8vd3d3LmlldGYub3Jn L2llc2cvc3RhdGVtZW50L2Rpc2N1c3MtY3JpdGVyaWEuaHRtbCIgY2xhc3M9IiI+DQpodHRwczov L3d3dy5pZXRmLm9yZy9pZXNnL3N0YXRlbWVudC9kaXNjdXNzLWNyaXRlcmlhLmh0bWw8L2E+PGJy IGNsYXNzPSIiPg0KZm9yIG1vcmUgaW5mb3JtYXRpb24gYWJvdXQgSUVTRyBESVNDVVNTIGFuZCBD T01NRU5UIHBvc2l0aW9ucy48YnIgY2xhc3M9IiI+DQo8YnIgY2xhc3M9IiI+DQo8YnIgY2xhc3M9 IiI+DQpUaGUgZG9jdW1lbnQsIGFsb25nIHdpdGggb3RoZXIgYmFsbG90IHBvc2l0aW9ucywgY2Fu IGJlIGZvdW5kIGhlcmU6PGJyIGNsYXNzPSIiPg0KPGEgaHJlZj0iaHR0cHM6Ly9kYXRhdHJhY2tl ci5pZXRmLm9yZy9kb2MvZHJhZnQtaWV0Zi1zZmMtbnNoLyIgY2xhc3M9IiI+aHR0cHM6Ly9kYXRh dHJhY2tlci5pZXRmLm9yZy9kb2MvZHJhZnQtaWV0Zi1zZmMtbnNoLzwvYT48YnIgY2xhc3M9IiI+ DQo8YnIgY2xhc3M9IiI+DQo8YnIgY2xhc3M9IiI+DQo8YnIgY2xhc3M9IiI+DQotLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tPGJyIGNsYXNzPSIiPg0KQ09NTUVOVDo8YnIgY2xhc3M9IiI+DQotLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tPGJy IGNsYXNzPSIiPg0KPGJyIGNsYXNzPSIiPg0KKDEpIFdoaWxlIGRlc2NyaWJpbmcgdGhlIE1EIFR5 cGUgZmllbGQsIFNlY3Rpb24gMi4yLiAoTlNIIEJhc2UgSGVhZGVyKSB0YWxrczxiciBjbGFzcz0i Ij4NCmFib3V0IHRoZSBzcGVjaWZpYyBzY2VuYXJpbyBpbiB3aGljaCAmcXVvdDthIGRldmljZSB3 aWxsIHN1cHBvcnQgTUQgVHlwZSAweDEgKGFzIHBlcjxiciBjbGFzcz0iIj4NCnRoZSBNVVNUKSBt ZXRhZGF0YSwgeWV0IGJlIGRlcGxveWVkIGluIGEgbmV0d29yayB3aXRoIE1EIFR5cGUgMHgyIG1l dGFkYXRhPGJyIGNsYXNzPSIiPg0KcGFja2V0cyZxdW90OywgYW5kIGl0IHNwZWNpZmllcyB0aGF0 ICZxdW90O3RoZSBNRCBUeXBlIDB4MSBub2RlLCBNVVNUIHV0aWxpemUgdGhlIGJhc2U8YnIgY2xh c3M9IiI+DQpoZWFkZXIgbGVuZ3RoIGZpZWxkIHRvIGRldGVybWluZSB0aGUgb3JpZ2luYWwgcGF5 bG9hZCBvZmZzZXQgaWYgaXQgcmVxdWlyZXM8YnIgY2xhc3M9IiI+DQphY2Nlc3MgdG8gdGhlIG9y aWdpbmFsIHBhY2tldC9mcmFtZS4mcXVvdDsgJm5ic3A7VGhpcyBpcyB0aGUgY2FzZSB3aGVyZSB0 aGUgbm9kZSBpbjxiciBjbGFzcz0iIj4NCnF1ZXN0aW9uICpkb2VzIG5vdCogc3VwcG9ydCBNRCBU eXBlIDB4MiwgcmlnaHQ/ICZuYnNwO0lmIHNvLCB0aGVuIHRoZSBzcGVjaWZpY2F0aW9uPGJyIGNs YXNzPSIiPg0KYWJvdmUgc2VlbXMgdG8gZ28gYWdhaW5zdCAoaW4gdGhlIGxhc3Qgc2VudGVuY2Ug b2YgdGhlIHNhbWUgcGFyYWdyYXBoKTo8YnIgY2xhc3M9IiI+DQomcXVvdDtQYWNrZXRzIHdpdGgg TUQgVHlwZSB2YWx1ZXMgbm90IHN1cHBvcnRlZCBieSBhbiBpbXBsZW1lbnRhdGlvbiBNVVNUIGJl PGJyIGNsYXNzPSIiPg0Kc2lsZW50bHkgZHJvcHBlZC4mcXVvdDsgJm5ic3A7SU9XLCBpZiB0aGUg bm9kZSBkb2Vzbid0IHN1cHBvcnQgMHgyLCB3aHkgd291bGRuJ3QgaXQganVzdDxiciBjbGFzcz0i Ij4NCmRyb3AgdGhlIHBhY2tldD88YnIgY2xhc3M9IiI+DQo8YnIgY2xhc3M9IiI+DQooMikgU2Vj dGlvbiAyLjUuMS4gKE9wdGlvbmFsIFZhcmlhYmxlIExlbmd0aCBNZXRhZGF0YSkgc2F5cyB0aGF0 IHRoaXMgZG9jdW1lbnQ8YnIgY2xhc3M9IiI+DQomcXVvdDtkb2VzIG5vdCBtYWtlIGFueSBhc3N1 bXB0aW9uIGFib3V0IENvbnRleHQgSGVhZGVycyB0aGF0IGFyZTxiciBjbGFzcz0iIj4NCm1hbmRh dG9yeS10by1pbXBsZW1lbnQgb3IgdGhvc2UgdGhhdCBhcmUgbWFuZGF0b3J5LXRvLXByb2Nlc3Mu ICZuYnNwO1RoZXNlPGJyIGNsYXNzPSIiPg0KY29uc2lkZXJhdGlvbnMgYXJlIGRlcGxveW1lbnQt c3BlY2lmaWMuJnF1b3Q7ICZuYnNwO0J1dCB0aGUgbmV4dCBjb3VwbGUgb2YgcGFyYWdyYXBoczxi ciBjbGFzcz0iIj4NCnNwZWNpZnkgZXhwbGljaXQgYWN0aW9ucyBmb3IgdGhlbSAobWFuZGF0b3J5 LXRvLXByb2Nlc3MpOjxiciBjbGFzcz0iIj4NCjxiciBjbGFzcz0iIj4NCiZuYnNwOyZuYnNwOyZu YnNwOyZuYnNwO1Vwb24gcmVjZWlwdCBvZiBhIHBhY2tldCB0aGF0IGJlbG9uZ3MgdG8gYSBnaXZl biBTRlAsIGlmIGEgbWFuZGF0b3J5LTxiciBjbGFzcz0iIj4NCiZuYnNwOyZuYnNwOyZuYnNwOyZu YnNwO3RvLXByb2Nlc3MgY29udGV4dCBoZWFkZXIgaXMgbWlzc2luZyBpbiB0aGF0IHBhY2tldCwg dGhlIFNGQy1hd2FyZSBTRjxiciBjbGFzcz0iIj4NCiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwO01V U1QgTk9UIHByb2Nlc3MgdGhlIHBhY2tldCBhbmQgTVVTVCBsb2cgYW4gZXJyb3IgYXQgbGVhc3Qg b25jZSBwZXI8YnIgY2xhc3M9IiI+DQombmJzcDsmbmJzcDsmbmJzcDsmbmJzcDt0aGUgU1BJIGZv ciB3aGljaCB0aGUgbWFuZGF0b3J5IG1ldGFkYXRhIGlzIG1pc3NpbmcuPGJyIGNsYXNzPSIiPg0K PGJyIGNsYXNzPSIiPg0KJm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7SWYgbXVsdGlwbGUgbWFuZGF0 b3J5LXRvLXByb2Nlc3MgY29udGV4dCBoZWFkZXJzIGFyZSByZXF1aXJlZCBmb3IgYTxiciBjbGFz cz0iIj4NCiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwO2dpdmVuIFNGUCwgdGhlIGNvbnRyb2wgcGxh bmUgTUFZIGluc3RydWN0IHRoZSBTRkMtYXdhcmUgU0Ygd2l0aCB0aGU8YnIgY2xhc3M9IiI+DQom bmJzcDsmbmJzcDsmbmJzcDsmbmJzcDtvcmRlciB0byBjb25zdW1lIHRoZXNlIENvbnRleHQgSGVh ZGVycy4gJm5ic3A7SWYgbm8gaW5zdHJ1Y3Rpb25zIGFyZTxiciBjbGFzcz0iIj4NCiZuYnNwOyZu YnNwOyZuYnNwOyZuYnNwO3Byb3ZpZGVkIGFuZCB0aGUgU0ZDLWF3YXJlIFNGIHdpbGwgbWFrZSB1 c2Ugb2Ygb3IgbW9kaWZ5IHRoZSBzcGVjaWZpYzxiciBjbGFzcz0iIj4NCiZuYnNwOyZuYnNwOyZu YnNwOyZuYnNwO2NvbnRleHQgaGVhZGVyLCB0aGVuIHRoZSBTRkMtYXdhcmUgU0YgTVVTVCBwcm9j ZXNzIHRoZXNlIENvbnRleHQ8YnIgY2xhc3M9IiI+DQombmJzcDsmbmJzcDsmbmJzcDsmbmJzcDtI ZWFkZXJzIGluIHRoZSBvcmRlciB0aGV5IGFwcGVhciBpbiBhbiBOU0ggcGFja2V0LjxiciBjbGFz cz0iIj4NCjxiciBjbGFzcz0iIj4NCk1heWJlIEknbSBjb25mdXNlZCBhYm91dCBjb25zaWRlcmF0 aW9ucyBiZWluZyBkZXBsb3ltZW50IHNwZWNpZmljIHZzIHNwZWNpZnlpbmc8YnIgY2xhc3M9IiI+ DQp3aGF0IHRvIGRvIGhlcmUuICZuYnNwO0NhbiB5b3UgcGxlYXNlIGNsYXJpZnk/PGJyIGNsYXNz PSIiPg0KPGJyIGNsYXNzPSIiPg0KKDMpICZxdW90O1NGRnMgTVVTVCB1c2UgdGhlIFNlcnZpY2Ug UGF0aCBIZWFkZXIgZm9yIHNlbGVjdGluZyB0aGUgbmV4dCBTRiBvciBTRkYgaW48YnIgY2xhc3M9 IiI+DQp0aGUgc2VydmljZSBwYXRoLiZxdW90OyAmbmJzcDtTZWN0aW9uIDYgZXhwbGFpbnMgbW9z dCBvZiB3aGF0IGhhcyB0byBiZSBkb25lIC0tIHdoYXQgSTxiciBjbGFzcz0iIj4NCnRoaW5rIGlz IHN0aWxsIG5vdCBjbGVhciBpbiB0aGlzIGRvY3VtZW50IGlzIHdoZXJlIHRoZSBpbmZvcm1hdGlv biBpbiBUYWJsZXM8YnIgY2xhc3M9IiI+DQoxLTQgY29tZXMgZnJvbS4gJm5ic3A7VGhlcmUgbWF5 IGJlIGRpZmZlcmVudCB3YXlzIGZvciBhbiBTRkYgdG8gbGVhcm4gdGhhdCwgYW5kIEk8YnIgY2xh c3M9IiI+DQp3b3VsZCBpbWFnaW5lIHRoYXQgaXQgaXMgb3V0LW9mLXNjb3BlIG9mIHRoaXMgZG9j dW1lbnQuICZuYnNwO1BsZWFzZSBzYXkgc28gLS0gbWF5YmU8YnIgY2xhc3M9IiI+DQp0aGVyZSdz IGEgcmVsZXZhbnQgcmVmZXJlbmNlIHRvIHJmYzc2NjUgKD8pLjxiciBjbGFzcz0iIj4NCjxiciBj bGFzcz0iIj4NCig0KSBTZWN0aW9uIDExLjEuIChOU0ggRXRoZXJUeXBlKSBzZWVtcyBvdXQgb2Yg cGxhY2UgaW4gdGhpcyBkb2N1bWVudCBiZWNhdXNlPGJyIGNsYXNzPSIiPg0KKDEpIHRoZSBkb2N1 bWVudCBkb2Vzbid0IGRpc2N1c3MgdGhlIHRyYW5zcG9ydCBpdHNlbGYsIGFuZCAoMikgaXQgaXMg aW4gdGhlPGJyIGNsYXNzPSIiPg0KSUFOQSBzZWN0aW9uLi4uPGJyIGNsYXNzPSIiPg0KPGJyIGNs YXNzPSIiPg0KKDUpIFdoYXQgaXMgdGhlICZxdW90O0lFVEYgQmFzZSBOU0ggTUQgQ2xhc3MmcXVv dDsgKFNlY3Rpb24gMTEuMi40KT8gJm5ic3A7QWhoLCBJIHNlZSB0aGF0PGJyIGNsYXNzPSIiPg0K U2VjdGlvbiAxMS4yLjYgdGFsa3MgYWJvdXQgJnF1b3Q7dGhlIHR5cGUgdmFsdWVzIG93bmVkIGJ5 IHRoZSBJRVRGJnF1b3Q7OyBpdCB3b3VsZCBiZTxiciBjbGFzcz0iIj4NCmdvb2QgdG8gc2F5IHRo YXQgTUQgQ2xhc3MgMHgwMDAwIGlzIGJlaW5nIGFzc2lnbmVkIHRvIHRoZSBJRVRGIChpbiAxMS4y LjQpLjxiciBjbGFzcz0iIj4NCjxiciBjbGFzcz0iIj4NCk5pdHM6PGJyIGNsYXNzPSIiPg0KPGJy IGNsYXNzPSIiPg0KSW4gc2VjdGlvbiAyLjIuIChOU0ggQmFzZSBIZWFkZXIpLCBpdCB3b3VsZCBi ZSBuaWNlIHRvIGhhdmUgYSBmb3J3YXJkIHJlZmVyZW5jZTxiciBjbGFzcz0iIj4NCndoZW4gdGhl IFNlcnZpY2UgSW5kZXggaXMgZmlyc3QgbWVudGlvbmVkLjxiciBjbGFzcz0iIj4NCjxiciBjbGFz cz0iIj4NCkl0IG1heSBiZSBuaWNlIHRvIGV4cGxpY2l0bHkgc3RhdGUgaW4gdGhlIGRlc2NyaXB0 aW9uIG9mIHRoZSBNRCBUeXBlIGZpZWxkPGJyIGNsYXNzPSIiPg0KKFNlY3Rpb24gMi4yKSB0aGF0 IGZvciBsZW5ndGggPSAweDIgYW5kIE1EIFR5cGUgPSAweDIsIHRoZXJlIGFyZSBpbiBmYWN0IG5v PGJyIGNsYXNzPSIiPg0Kb3B0aW9uYWwgY29udGV4dCBoZWFkZXJzLiAoSSBrbm93IHRoZXJlJ3Mg c29tZSB0ZXh0IGFib3V0IHRoaXMgbGF0ZXIgaW4gc2VjdGlvbjxiciBjbGFzcz0iIj4NCjIuNS4p PGJyIGNsYXNzPSIiPg0KPGJyIGNsYXNzPSIiPg0KJnF1b3Q7Li4uYWxsIGRvbWFpbiBlZGdlcyBN VVNUIGZpbHRlciBiYXNlZCBvbiB0aGUgY2FycmllZCBwcm90b2NvbCBpbiB0aGU8YnIgY2xhc3M9 IiI+DQpWeExBTi1ncGUmcXVvdDsuICZuYnNwO1RoYXQgJnF1b3Q7TVVTVCZxdW90OyBpcyBvdXQg b2YgcGxhY2UgYmVjYXVzZSB0aGUgdGV4dCBpcyBhbiBleGFtcGxlLjxiciBjbGFzcz0iIj4NCjxi ciBjbGFzcz0iIj4NCjxiciBjbGFzcz0iIj4NCjwvYmxvY2txdW90ZT4NCjwvYmxvY2txdW90ZT4N CjwvZGl2Pg0KPC9kaXY+DQo8L2Jsb2NrcXVvdGU+DQo8L2Rpdj4NCjxiciBjbGFzcz0iIj4NCjwv ZGl2Pg0KPC9ib2R5Pg0KPC9odG1sPg0K --_000_EC83047C25844EF5A93DDEBB8F7D20B0ciscocom_-- From nobody Wed Sep 27 12:22:05 2017 Return-Path: X-Original-To: sfc@ietfa.amsl.com Delivered-To: sfc@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A752C134F26; Wed, 27 Sep 2017 12:22:04 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -14.52 X-Spam-Level: X-Spam-Status: No, score=-14.52 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id h2NAQWacPTlR; Wed, 27 Sep 2017 12:22:03 -0700 (PDT) Received: from rcdn-iport-5.cisco.com (rcdn-iport-5.cisco.com [173.37.86.76]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B1621134F27; Wed, 27 Sep 2017 12:22:02 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=7750; q=dns/txt; s=iport; t=1506540122; x=1507749722; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=C35DGsHPKBaCScbfXl1ACWbsVZBYOZwBNapk9xiiXKo=; b=J1gVWPClRrpLhEA4g0sz4z0pmec1XRNZTnyU6Vuzf/gwkKIznVUfyhAK OGncP3kye/EBnfIrdIz7+zgY2zMqKscpXFE7/tymI5NOIiplbcVZAki2s 6JyDyjvqLXJ1f54I5bTkYlLGIJRyph6P5LSuLQ0z0OaIxNUeO752B9ocB g=; X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0DIAQBH+ctZ/4QNJK1cGQEBAQEBAQEBA?= =?us-ascii?q?QEBBwEBAQEBg1yBUicHg3GZfYo4iCuFTIIECoU7AhqEQkIVAQIBAQEBAQEBayi?= =?us-ascii?q?FGQYjVhACAQgOMQMCAgIfERQRAgQOBYlNTAMVqAuCJ4c7DYM7AQEBAQEBAQEBA?= =?us-ascii?q?QEBAQEBAQEBAQEBHYMrggKBUYFqK4J9gl6BbiCDKy+CMQWYT4gYPAKKb4R1hHm?= =?us-ascii?q?TBoxpiDMCERkBgTgBNSKBDngVWwGHCnaHRoEQAQEB?= X-IronPort-AV: E=Sophos; i="5.42,446,1500940800"; d="scan'208,217"; a="82811722" Received: from alln-core-10.cisco.com ([173.36.13.132]) by rcdn-iport-5.cisco.com with ESMTP/TLS/DHE-RSA-AES256-SHA; 27 Sep 2017 19:22:01 +0000 Received: from XCH-RTP-002.cisco.com (xch-rtp-002.cisco.com [64.101.220.142]) by alln-core-10.cisco.com (8.14.5/8.14.5) with ESMTP id v8RJM18U000510 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Wed, 27 Sep 2017 19:22:01 GMT Received: from xch-rtp-020.cisco.com (64.101.220.160) by XCH-RTP-002.cisco.com (64.101.220.142) with Microsoft SMTP Server (TLS) id 15.0.1320.4; Wed, 27 Sep 2017 15:22:00 -0400 Received: from xch-rtp-020.cisco.com ([64.101.220.160]) by XCH-RTP-020.cisco.com ([64.101.220.160]) with mapi id 15.00.1320.000; Wed, 27 Sep 2017 15:22:00 -0400 From: "Carlos Pignataro (cpignata)" To: Alia Atlas CC: "Alvaro Retana (aretana)" , "draft-ietf-sfc-nsh@ietf.org" , "Joel M. Halpern" , "sfc-chairs@ietf.org" , The IESG , "sfc@ietf.org" Thread-Topic: Alvaro Retana's No Objection on draft-ietf-sfc-nsh-24: (with COMMENT) Thread-Index: AQHTNvwOtqmwlMp+xUy8F8i54ZXAOqLIYzqAgAC2gQCAAD5mAIAAARmAgAAHo4A= Date: Wed, 27 Sep 2017 19:22:00 +0000 Message-ID: References: <150645342771.20838.9063204620273064987.idtracker@ietfa.amsl.com> <314D7BB3-23A0-4E4E-9557-B323736BA851@cisco.com> <5C29C4F3-3051-4C91-9DAE-990344103BF7@cisco.com> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-exchange-messagesentrepresentingtype: 1 x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [10.118.116.133] Content-Type: multipart/alternative; boundary="_000_C16B5AFA9D7749BF8BD63DF071726D57ciscocom_" MIME-Version: 1.0 Archived-At: Subject: Re: [sfc] Alvaro Retana's No Objection on draft-ietf-sfc-nsh-24: (with COMMENT) X-BeenThere: sfc@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Network Service Chaining List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Sep 2017 19:22:04 -0000 --_000_C16B5AFA9D7749BF8BD63DF071726D57ciscocom_ Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 RGVhciBBbGlhLA0KDQpPbiBTZXAgMjcsIDIwMTcsIGF0IDI6NTQgUE0sIEFsaWEgQXRsYXMgPGFr YXRsYXNAZ21haWwuY29tPG1haWx0bzpha2F0bGFzQGdtYWlsLmNvbT4+IHdyb3RlOg0KDQoNCg0K T24gV2VkLCBTZXAgMjcsIDIwMTcgYXQgMjo1MCBQTSwgQWx2YXJvIFJldGFuYSAoYXJldGFuYSkg PGFyZXRhbmFAY2lzY28uY29tPG1haWx0bzphcmV0YW5hQGNpc2NvLmNvbT4+IHdyb3RlOg0KT24g OS8yNy8xNywgMTE6MDcgQU0sICJBbGlhIEF0bGFzIiA8YWthdGxhc0BnbWFpbC5jb208bWFpbHRv OmFrYXRsYXNAZ21haWwuY29tPj4gd3JvdGU6DQoNCkhpIQ0KDQo+ID4gPiAoNCkgU2VjdGlvbiAx MS4xLiAoTlNIIEV0aGVyVHlwZSkgc2VlbXMgb3V0IG9mIHBsYWNlIGluIHRoaXMNCj4gPiA+IGRv Y3VtZW50IGJlY2F1c2UgKDEpIHRoZSBkb2N1bWVudCBkb2Vzbid0IGRpc2N1c3MgdGhlDQo+ID4g PiB0cmFuc3BvcnQgaXRzZWxmLCBhbmQgKDIpIGl0IGlzIGluIHRoZSBJQU5BIHNlY3Rpb27igKYN Cj4gPg0KPiA+IFlvdSBoYXZlIGEgZ29vZCBwb2ludCDigJQgSm9lbCBhc2tlZCDigJwgRG8geW91 IHRoaW5rIHdlDQo+ID4gc2hvdWxkIHJlbW92ZSBpdD/igJ0NCj4gPg0KPiA+IEkgdGhpbmsgd2Ug c2hvdWxkIGtlZXAgaXQgaW4sIGJlY2F1c2UgaXQgaXMgaW1wb3J0YW50IGluZm9ybWF0aW9uDQo+ ID4gZm9yIGFuIGltcGxlbWVudG9yIHRvIGhhdmUsIHJlZ2FyZGxlc3Mgb2YgdGhvc2UgdHdvIHBv aW50cy4NCj4gPg0KPiA+IEJ1dCBwZXJoYXBzIGl0IHNob3VsZCBiZSBtb3ZlZCBvdXQgb2YgdGhh dCBzZWN0aW9uIGFuZCBpbnRvIGENCj4gPiBzZXBhcmF0ZSBub24tbm9ybWF0aXZlIHNlY3Rpb24/ IERvIHlvdSBoYXZlIHJlY29tbWVuZGF0aW9ucw0KPiA+IHRoZXJlPw0KPiA+DQo+ID4gQWxpYSB3 YXMgdHJhY2tpbmcgdGhlIE5TSCBFdGhlclR5cGUgdmFsdWUuIEFsaWEsIHRob3VnaHRzPw0KPg0K PiBGb3IgaW1wbGVtZW50YXRpb25zLCBpdCBuZWVkcyB0byBzdGF5IGluIHRoZSBkb2N1bWVudC4N Cj4gSWYgaGF2aW5nIGl0IGluIHRoZSBJQU5BIHNlY3Rpb24gaXMgY29uZnVzaW5nLCBoYXZpbmcg YSBzZXBhcmF0ZSBzZWN0aW9uIGlzDQo+IGZpbmUuDQo+IFRoZXJlIG1heSBzdGlsbCBiZSBzb21l IGRldGFpbHMgdG8gY2xlYXIgdXAgd2l0aCBJRUVFLCBzaW5jZSB0aGUgb3JpZ2luYWwNCj4gb3du ZXIgb2YgdGhlIEV0aGVyVHlwZSBpcyBDaXNjby4NCg0KVGhlIG1haW4gcmVhc29uIEkgdGhpbmsg aXQgc2hvdWxkIGJlIGNvbXBsZXRlbHkgcmVtb3ZlZCBpcyBiZWNhdXNlIHRocm91Z2hvdXQgdGhl IGRvY3VtZW50IHRoZSBwb2ludCBhYm91dCB0aGUgTlNIIGJlaW5nIHRyYW5zcG9ydCBpbmRlcGVu ZGVudCBpcyBjbGVhcmx5IG1hZGUuICBUaGUgRXRoZXJUeXBlIGluZm9ybWF0aW9uIGlzIHRyYW5z cG9ydC1zcGVjaWZpYyDigJMgSSBqdXN0IGRvbuKAmXQgdGhpbmsgaXQgYmVsb25ncyBoZXJlLg0K DQpJZiB0aGUgV0cgaGFkIGEgdHJhbnNwb3J0LXNwZWNpZmljIGRyYWZ0IGluIHByb2dyZXNzLCBJ J2QgYWdyZWUgd2l0aCB5b3UuICBMYWNraW5nIHN1Y2ggYSB2ZWhpY2xlLi4uDQoNCkFsdmFybyBo YWQgdHdvIHBvaW50cy4gT25lIHlvdSBhcmUgYWRkcmVzc2luZy4gVGhlIHNlY29uZCBvbmUgaXMg d2hldGhlciB0aGUgRXRoZXJ0eXBlIFNlY3Rpb24gc2hvdWxkIGJlIHdpdGhpbiB0aGUgSUFOQSBD b25zaWRlcmF0aW9ucyBzZWN0aW9uLg0KDQpTaW5jZSB5b3UgcmVjb21tZW5kIHdlIGxlYXZlIGl0 IGluLiBEbyB5b3UgcmVjb21tZW5kIHdlOg0KMS4gTGVhdmUgaXQgd2hlcmUgaXQgaXM/DQoyLiBN b3ZlIGlzIHNvbWV3aGVyZSBlbHNlIChhbmQgd2hlcmUpPw0KDQpUaGFua3MsDQoNCkNhcmxvcy4N Cg== --_000_C16B5AFA9D7749BF8BD63DF071726D57ciscocom_ Content-Type: text/html; charset="utf-8" Content-ID: Content-Transfer-Encoding: base64 PGh0bWw+DQo8aGVhZD4NCjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIgY29udGVudD0i dGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Ij4NCjwvaGVhZD4NCjxib2R5IHN0eWxlPSJ3b3JkLXdy YXA6IGJyZWFrLXdvcmQ7IC13ZWJraXQtbmJzcC1tb2RlOiBzcGFjZTsgLXdlYmtpdC1saW5lLWJy ZWFrOiBhZnRlci13aGl0ZS1zcGFjZTsiIGNsYXNzPSIiPg0KRGVhciBBbGlhLA0KPGRpdiBjbGFz cz0iIj48YnIgY2xhc3M9IiI+DQo8ZGl2Pg0KPGJsb2NrcXVvdGUgdHlwZT0iY2l0ZSIgY2xhc3M9 IiI+DQo8ZGl2IGNsYXNzPSIiPk9uIFNlcCAyNywgMjAxNywgYXQgMjo1NCBQTSwgQWxpYSBBdGxh cyAmbHQ7PGEgaHJlZj0ibWFpbHRvOmFrYXRsYXNAZ21haWwuY29tIiBjbGFzcz0iIj5ha2F0bGFz QGdtYWlsLmNvbTwvYT4mZ3Q7IHdyb3RlOjwvZGl2Pg0KPGJyIGNsYXNzPSJBcHBsZS1pbnRlcmNo YW5nZS1uZXdsaW5lIj4NCjxkaXYgY2xhc3M9IiI+DQo8ZGl2IGRpcj0ibHRyIiBjbGFzcz0iIj48 YnIgY2xhc3M9IiI+DQo8ZGl2IGNsYXNzPSJnbWFpbF9leHRyYSI+PGJyIGNsYXNzPSIiPg0KPGRp diBjbGFzcz0iZ21haWxfcXVvdGUiPk9uIFdlZCwgU2VwIDI3LCAyMDE3IGF0IDI6NTAgUE0sIEFs dmFybyBSZXRhbmEgKGFyZXRhbmEpDQo8c3BhbiBkaXI9Imx0ciIgY2xhc3M9IiI+Jmx0OzxhIGhy ZWY9Im1haWx0bzphcmV0YW5hQGNpc2NvLmNvbSIgdGFyZ2V0PSJfYmxhbmsiIGNsYXNzPSIiPmFy ZXRhbmFAY2lzY28uY29tPC9hPiZndDs8L3NwYW4+IHdyb3RlOjxiciBjbGFzcz0iIj4NCjxibG9j a3F1b3RlIGNsYXNzPSJnbWFpbF9xdW90ZSIgc3R5bGU9Im1hcmdpbjowIDAgMCAuOGV4O2JvcmRl ci1sZWZ0OjFweCAjY2NjIHNvbGlkO3BhZGRpbmctbGVmdDoxZXgiPg0KT24gOS8yNy8xNywgMTE6 MDcgQU0sICZxdW90O0FsaWEgQXRsYXMmcXVvdDsgJmx0OzxhIGhyZWY9Im1haWx0bzpha2F0bGFz QGdtYWlsLmNvbSIgY2xhc3M9IiI+YWthdGxhc0BnbWFpbC5jb208L2E+Jmd0OyB3cm90ZTo8YnIg Y2xhc3M9IiI+DQo8YnIgY2xhc3M9IiI+DQpIaSE8YnIgY2xhc3M9IiI+DQo8c3BhbiBjbGFzcz0i Ij48YnIgY2xhc3M9IiI+DQomZ3Q7ICZndDsgJmd0OyAoNCkgU2VjdGlvbiAxMS4xLiAoTlNIIEV0 aGVyVHlwZSkgc2VlbXMgb3V0IG9mIHBsYWNlIGluIHRoaXM8YnIgY2xhc3M9IiI+DQomZ3Q7ICZn dDsgJmd0OyBkb2N1bWVudCBiZWNhdXNlICgxKSB0aGUgZG9jdW1lbnQgZG9lc24ndCBkaXNjdXNz IHRoZTxiciBjbGFzcz0iIj4NCiZndDsgJmd0OyAmZ3Q7IHRyYW5zcG9ydCBpdHNlbGYsIGFuZCAo MikgaXQgaXMgaW4gdGhlIElBTkEgc2VjdGlvbuKApjxiciBjbGFzcz0iIj4NCiZndDsgJmd0Ozxi ciBjbGFzcz0iIj4NCiZndDsgJmd0OyBZb3UgaGF2ZSBhIGdvb2QgcG9pbnQg4oCUIEpvZWwgYXNr ZWQg4oCcIERvIHlvdSB0aGluayB3ZTxiciBjbGFzcz0iIj4NCiZndDsgJmd0OyBzaG91bGQgcmVt b3ZlIGl0P+KAnTxiciBjbGFzcz0iIj4NCiZndDsgJmd0OzxiciBjbGFzcz0iIj4NCiZndDsgJmd0 OyBJIHRoaW5rIHdlIHNob3VsZCBrZWVwIGl0IGluLCBiZWNhdXNlIGl0IGlzIGltcG9ydGFudCBp bmZvcm1hdGlvbjxiciBjbGFzcz0iIj4NCiZndDsgJmd0OyBmb3IgYW4gaW1wbGVtZW50b3IgdG8g aGF2ZSwgcmVnYXJkbGVzcyBvZiB0aG9zZSB0d28gcG9pbnRzLjxiciBjbGFzcz0iIj4NCiZndDsg Jmd0OzxiciBjbGFzcz0iIj4NCiZndDsgJmd0OyBCdXQgcGVyaGFwcyBpdCBzaG91bGQgYmUgbW92 ZWQgb3V0IG9mIHRoYXQgc2VjdGlvbiBhbmQgaW50byBhPGJyIGNsYXNzPSIiPg0KJmd0OyAmZ3Q7 IHNlcGFyYXRlIG5vbi1ub3JtYXRpdmUgc2VjdGlvbj8gRG8geW91IGhhdmUgcmVjb21tZW5kYXRp b25zPGJyIGNsYXNzPSIiPg0KJmd0OyAmZ3Q7IHRoZXJlPzxiciBjbGFzcz0iIj4NCiZndDsgJmd0 OzxiciBjbGFzcz0iIj4NCiZndDsgJmd0OyBBbGlhIHdhcyB0cmFja2luZyB0aGUgTlNIIEV0aGVy VHlwZSB2YWx1ZS4gQWxpYSwgdGhvdWdodHM/PGJyIGNsYXNzPSIiPg0KJmd0OzxiciBjbGFzcz0i Ij4NCiZndDsgRm9yIGltcGxlbWVudGF0aW9ucywgaXQgbmVlZHMgdG8gc3RheSBpbiB0aGUgZG9j dW1lbnQuJm5ic3A7Jm5ic3A7PGJyIGNsYXNzPSIiPg0KJmd0OyBJZiBoYXZpbmcgaXQgaW4gdGhl IElBTkEgc2VjdGlvbiBpcyBjb25mdXNpbmcsIGhhdmluZyBhIHNlcGFyYXRlIHNlY3Rpb24gaXM8 YnIgY2xhc3M9IiI+DQomZ3Q7IGZpbmUuPGJyIGNsYXNzPSIiPg0KJmd0OyBUaGVyZSBtYXkgc3Rp bGwgYmUgc29tZSBkZXRhaWxzIHRvIGNsZWFyIHVwIHdpdGggSUVFRSwgc2luY2UgdGhlIG9yaWdp bmFsPGJyIGNsYXNzPSIiPg0KJmd0OyBvd25lciBvZiB0aGUgRXRoZXJUeXBlIGlzIENpc2NvLjxi ciBjbGFzcz0iIj4NCjxiciBjbGFzcz0iIj4NCjwvc3Bhbj5UaGUgbWFpbiByZWFzb24gSSB0aGlu ayBpdCBzaG91bGQgYmUgY29tcGxldGVseSByZW1vdmVkIGlzIGJlY2F1c2UgdGhyb3VnaG91dCB0 aGUgZG9jdW1lbnQgdGhlIHBvaW50IGFib3V0IHRoZSBOU0ggYmVpbmcgdHJhbnNwb3J0IGluZGVw ZW5kZW50IGlzIGNsZWFybHkgbWFkZS4mbmJzcDsgVGhlIEV0aGVyVHlwZSBpbmZvcm1hdGlvbiBp cyB0cmFuc3BvcnQtc3BlY2lmaWMg4oCTIEkganVzdCBkb27igJl0IHRoaW5rIGl0IGJlbG9uZ3Mg aGVyZS48YnIgY2xhc3M9IiI+DQo8L2Jsb2NrcXVvdGU+DQo8ZGl2IGNsYXNzPSIiPjxiciBjbGFz cz0iIj4NCjwvZGl2Pg0KPGRpdiBjbGFzcz0iIj5JZiB0aGUgV0cgaGFkIGEgdHJhbnNwb3J0LXNw ZWNpZmljIGRyYWZ0IGluIHByb2dyZXNzLCBJJ2QgYWdyZWUgd2l0aCB5b3UuJm5ic3A7IExhY2tp bmcgc3VjaCBhIHZlaGljbGUuLi4mbmJzcDs8L2Rpdj4NCjwvZGl2Pg0KPC9kaXY+DQo8L2Rpdj4N CjwvZGl2Pg0KPC9ibG9ja3F1b3RlPg0KPC9kaXY+DQo8YnIgY2xhc3M9IiI+DQo8L2Rpdj4NCjxk aXYgY2xhc3M9IiI+QWx2YXJvIGhhZCB0d28gcG9pbnRzLiBPbmUgeW91IGFyZSBhZGRyZXNzaW5n LiBUaGUgc2Vjb25kIG9uZSBpcyB3aGV0aGVyIHRoZSBFdGhlcnR5cGUgU2VjdGlvbiBzaG91bGQg YmUgd2l0aGluIHRoZSBJQU5BIENvbnNpZGVyYXRpb25zIHNlY3Rpb24uPC9kaXY+DQo8ZGl2IGNs YXNzPSIiPjxiciBjbGFzcz0iIj4NCjwvZGl2Pg0KPGRpdiBjbGFzcz0iIj5TaW5jZSB5b3UgcmVj b21tZW5kIHdlIGxlYXZlIGl0IGluLiBEbyB5b3UgcmVjb21tZW5kIHdlOjwvZGl2Pg0KPGRpdiBj bGFzcz0iIj4xLiBMZWF2ZSBpdCB3aGVyZSBpdCBpcz88L2Rpdj4NCjxkaXYgY2xhc3M9IiI+Mi4g TW92ZSBpcyBzb21ld2hlcmUgZWxzZSAoYW5kIHdoZXJlKT88L2Rpdj4NCjxkaXYgY2xhc3M9IiI+ PGJyIGNsYXNzPSIiPg0KPC9kaXY+DQo8ZGl2IGNsYXNzPSIiPlRoYW5rcyw8L2Rpdj4NCjxkaXYg Y2xhc3M9IiI+PGJyIGNsYXNzPSIiPg0KPC9kaXY+DQo8ZGl2IGNsYXNzPSIiPkNhcmxvcy48L2Rp dj4NCjwvYm9keT4NCjwvaHRtbD4NCg== --_000_C16B5AFA9D7749BF8BD63DF071726D57ciscocom_-- From nobody Wed Sep 27 12:27:05 2017 Return-Path: X-Original-To: sfc@ietfa.amsl.com Delivered-To: sfc@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B4C8B134F38; Wed, 27 Sep 2017 12:26:58 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.999 X-Spam-Level: X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BkrdBH_MZk4M; Wed, 27 Sep 2017 12:26:57 -0700 (PDT) Received: from mail-wr0-x22f.google.com (mail-wr0-x22f.google.com [IPv6:2a00:1450:400c:c0c::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DB22513430C; Wed, 27 Sep 2017 12:26:56 -0700 (PDT) Received: by mail-wr0-x22f.google.com with SMTP id g29so18260804wrg.11; Wed, 27 Sep 2017 12:26:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=ilQRsyu/lapZENfGuTmVqb1zOVfp0sXgE5g5rpsANM0=; b=q98/d0vujEBfaDM09H8JjQX/fpznyFhOh+mJtJYCVFONSGU5W1Ya4bp1DJZATyiELG X1h6IVlwDcg9payjoL8/58pBt2XfEEjbUyweMShehCHStr237ZI2xPL8mKu1J+8q5aoE WLVybHINnSXEQtikKFiz4gecFn687uGy2svfWhnrU8fs2Uq2ayFGmL1l7EcfUTPfU3T1 M9SJnjuCyFxK9LQHoa9Pi1aZQlrVP9WblgP+Fhzcm6Tf7lFpEpgyjH4xt7hLjMJRXFIO dUMeBilxS6K7hOpqjg0s3hvdOE00qELk0cZv9CqknxY99I1hN9itlKg/hcQcPG3jZZ38 VJcw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=ilQRsyu/lapZENfGuTmVqb1zOVfp0sXgE5g5rpsANM0=; b=IIQvbury6kcK74QqW205lfQ1c2k7WkQLseZ10ski0+j41mj0MAw1Uommf0KJNT22Ma sfNih7jX30touLGyrhd9rqzK1zUtHhwzc8VcTai2cZTjqO90P3ZyURVv1I+O+spVvPKr C2h8DnJmOZ70hjBLhTROYxAdtynbMDn4Rd3YlcNiax7OWUl6R/uo3RrGUEqp4ta7G0IH I1n/IBFZMdk0jR9lDeQ3Fhf4uXItQ7gOrlmFG5q/RnhHFRJ3nvbHgpaspOW1r15E7jBc 6o//cszo+9pTMt1CQBOTTNUOa1qIeFt2gIyccNIFRnsjVmSt7ZLYMIgM3rC+4VJ81L4V 3aqg== X-Gm-Message-State: AMCzsaW+h+fnW4p1pjOxDgdymTqExa+BIE1NVU4Dr3/UnrfH7c/v66Bn Yrvyu4397tuDCcmPNm6F2SqXC6KhSAKSX2GOHxM= X-Google-Smtp-Source: AOwi7QB8SF/i5PdhQA0XnQESRefBp+dVnNdGQ86S0w66fs5NAm7l2kOFuZNJJa3/xjEtSuAWK4ViyafuvThO0nnrcNk= X-Received: by 10.223.178.203 with SMTP id g69mr2464652wrd.258.1506540415277; Wed, 27 Sep 2017 12:26:55 -0700 (PDT) MIME-Version: 1.0 Received: by 10.223.136.153 with HTTP; Wed, 27 Sep 2017 12:26:54 -0700 (PDT) In-Reply-To: References: <150645342771.20838.9063204620273064987.idtracker@ietfa.amsl.com> <314D7BB3-23A0-4E4E-9557-B323736BA851@cisco.com> <5C29C4F3-3051-4C91-9DAE-990344103BF7@cisco.com> From: Alia Atlas Date: Wed, 27 Sep 2017 15:26:54 -0400 Message-ID: To: "Carlos Pignataro (cpignata)" Cc: "Alvaro Retana (aretana)" , "draft-ietf-sfc-nsh@ietf.org" , "Joel M. Halpern" , "sfc-chairs@ietf.org" , The IESG , "sfc@ietf.org" Content-Type: multipart/alternative; boundary="f403045cf0724ae00f055a30c61c" Archived-At: Subject: Re: [sfc] Alvaro Retana's No Objection on draft-ietf-sfc-nsh-24: (with COMMENT) X-BeenThere: sfc@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Network Service Chaining List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Sep 2017 19:26:59 -0000 --f403045cf0724ae00f055a30c61c Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Dear Carlos, On Wed, Sep 27, 2017 at 3:22 PM, Carlos Pignataro (cpignata) < cpignata@cisco.com> wrote: > Dear Alia, > > On Sep 27, 2017, at 2:54 PM, Alia Atlas wrote: > > > > On Wed, Sep 27, 2017 at 2:50 PM, Alvaro Retana (aretana) < > aretana@cisco.com> wrote: > >> On 9/27/17, 11:07 AM, "Alia Atlas" wrote: >> >> Hi! >> >> > > > (4) Section 11.1. (NSH EtherType) seems out of place in this >> > > > document because (1) the document doesn't discuss the >> > > > transport itself, and (2) it is in the IANA section=E2=80=A6 >> > > >> > > You have a good point =E2=80=94 Joel asked =E2=80=9C Do you think we >> > > should remove it?=E2=80=9D >> > > >> > > I think we should keep it in, because it is important information >> > > for an implementor to have, regardless of those two points. >> > > >> > > But perhaps it should be moved out of that section and into a >> > > separate non-normative section? Do you have recommendations >> > > there? >> > > >> > > Alia was tracking the NSH EtherType value. Alia, thoughts? >> > >> > For implementations, it needs to stay in the document. >> > If having it in the IANA section is confusing, having a separate >> section is >> > fine. >> > There may still be some details to clear up with IEEE, since the >> original >> > owner of the EtherType is Cisco. >> >> The main reason I think it should be completely removed is because >> throughout the document the point about the NSH being transport independ= ent >> is clearly made. The EtherType information is transport-specific =E2=80= =93 I just >> don=E2=80=99t think it belongs here. >> > > If the WG had a transport-specific draft in progress, I'd agree with you. > Lacking such a vehicle... > > > Alvaro had two points. One you are addressing. The second one is whether > the Ethertype Section should be within the IANA Considerations section. > > Since you recommend we leave it in. Do you recommend we: > 1. Leave it where it is? > 2. Move is somewhere else (and where)? > Alvaro is right that it doesn't belong in the IANA Considerations section. I'm reluctant to create a "Transport Overlays Considerations" section - so perhaps an "Information on NSH-Related Codepoints" would be good? > Thanks, > > Carlos. > --f403045cf0724ae00f055a30c61c Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Dear Carlos,

On Wed, Sep 27, 2017 at 3:22 PM, Carlos Pignataro (cpignat= a) <cpignata@cisco.com> wrote:
Dear Alia,

On Sep 27, 2017, at 2:54 PM, Alia Atlas <akatlas@gmail.com> wrote:



On Wed, Sep 27, 2017 at 2:50 PM, Alvaro Retana (= aretana) <aretana@cisco.com> wrote:
On 9/27/17, 11:07 AM, "Alia Atlas" <akatlas@gmail.com> wrote:

Hi!

> > > (4) Section 11.1. (NSH EtherType) seems out of place in this=
> > > document because (1) the document doesn't discuss the > > > transport itself, and (2) it is in the IANA section=E2=80=A6=
> >
> > You have a good point =E2=80=94 Joel asked =E2=80=9C Do you think= we
> > should remove it?=E2=80=9D
> >
> > I think we should keep it in, because it is important information=
> > for an implementor to have, regardless of those two points.
> >
> > But perhaps it should be moved out of that section and into a
> > separate non-normative section? Do you have recommendations
> > there?
> >
> > Alia was tracking the NSH EtherType value. Alia, thoughts?
>
> For implementations, it needs to stay in the document.=C2=A0=C2=A0
> If having it in the IANA section is confusing, having a separate secti= on is
> fine.
> There may still be some details to clear up with IEEE, since the origi= nal
> owner of the EtherType is Cisco.

The main reason I think it should be completely removed is because t= hroughout the document the point about the NSH being transport independent = is clearly made.=C2=A0 The EtherType information is transport-specific =E2= =80=93 I just don=E2=80=99t think it belongs here.

If the WG had a transport-specific draft in progress, I'd agree wi= th you.=C2=A0 Lacking such a vehicle...=C2=A0

Alvaro had two points. One you are addressing. The second = one is whether the Ethertype Section should be within the IANA Consideratio= ns section.

Since you recommend we leave it in. Do you recommend we:
1. Leave it where it is?
2. Move is somewhere else (and where)?
Alvaro is right that it doesn't belong in the IANA Conside= rations section.
I'm reluctant to create a "Transport Ov= erlays Considerations" section - so perhaps an
"Informa= tion on NSH-Related Codepoints" would be good?
=C2=A0
<= blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1px= #ccc solid;padding-left:1ex">
Thanks,

Carlos.

--f403045cf0724ae00f055a30c61c-- From nobody Wed Sep 27 12:31:36 2017 Return-Path: X-Original-To: sfc@ietfa.amsl.com Delivered-To: sfc@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AB9A7134F19; Wed, 27 Sep 2017 12:31:33 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -14.521 X-Spam-Level: X-Spam-Status: No, score=-14.521 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Kw1NbfIINKBd; Wed, 27 Sep 2017 12:31:32 -0700 (PDT) Received: from rcdn-iport-1.cisco.com (rcdn-iport-1.cisco.com [173.37.86.72]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CBDFC134F45; Wed, 27 Sep 2017 12:31:31 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=3038; q=dns/txt; s=iport; t=1506540691; x=1507750291; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=oSHft0kgktr9OyJ+ObNhkuqJPqqc22Wxf50+R/jRUnA=; b=hpNztpazUmodcAlk5AZCGDs3STlYBahUbNZiDUTMkAckDkYLkBwdJ6Bl 9NiXGNpVexNqZN4NmLD/M/SI+XJa4fibJCUhMnG6N4WDvNLkWbHcxJ9Ze cPWnVjYASJeA6xAM71d06OnBKsA46scvM1L56gpkysdtup8iW2yzM6inw 4=; X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0BaAgAU/MtZ/49dJa1cGQEBAQEBAQEBA?= =?us-ascii?q?QEBBwEBAQEBg1yBUhQTB4NxmX2BVCKWK4ISCoU7AhqEQkEWAQIBAQEBAQEBayi?= =?us-ascii?q?FGAEBAQECASMRRQULAgEGAhgCAiYCAgIwFRACBA4FiikIih2dZoIniwIBAQEBA?= =?us-ascii?q?QEBAQEBAQEBAQEBAQEBAQEdgQ6CHYICgVGBaisLgnKFBIMTL4IxAQSYT4hUApR?= =?us-ascii?q?dghOFbosFlRwCERkBgTgBJgcqgQ54FVsBhQccgWd2h0aBEAEBAQ?= X-IronPort-AV: E=Sophos;i="5.42,446,1500940800"; d="scan'208";a="304389733" Received: from rcdn-core-7.cisco.com ([173.37.93.143]) by rcdn-iport-1.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 27 Sep 2017 19:31:30 +0000 Received: from XCH-RTP-004.cisco.com (xch-rtp-004.cisco.com [64.101.220.144]) by rcdn-core-7.cisco.com (8.14.5/8.14.5) with ESMTP id v8RJVUs2019387 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Wed, 27 Sep 2017 19:31:30 GMT Received: from xch-rtp-020.cisco.com (64.101.220.160) by XCH-RTP-004.cisco.com (64.101.220.144) with Microsoft SMTP Server (TLS) id 15.0.1320.4; Wed, 27 Sep 2017 15:31:29 -0400 Received: from xch-rtp-020.cisco.com ([64.101.220.160]) by XCH-RTP-020.cisco.com ([64.101.220.160]) with mapi id 15.00.1320.000; Wed, 27 Sep 2017 15:31:29 -0400 From: "Carlos Pignataro (cpignata)" To: "Alvaro Retana (aretana)" CC: The IESG , "draft-ietf-sfc-nsh@ietf.org" , "Joel M. Halpern" , "sfc-chairs@ietf.org" , "sfc@ietf.org" Thread-Topic: Alvaro Retana's No Objection on draft-ietf-sfc-nsh-24: (with COMMENT) Thread-Index: AQHTNvwOtqmwlMp+xUy8F8i54ZXAOqLIYzqAgADz9ACAAAxVAA== Date: Wed, 27 Sep 2017 19:31:29 +0000 Message-ID: <4A387B58-5225-4790-B968-1FA5E94F78BA@cisco.com> References: <150645342771.20838.9063204620273064987.idtracker@ietfa.amsl.com> <314D7BB3-23A0-4E4E-9557-B323736BA851@cisco.com> <52AB6267-C5E5-4871-9C90-988F5F1DFD93@cisco.com> In-Reply-To: <52AB6267-C5E5-4871-9C90-988F5F1DFD93@cisco.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-exchange-messagesentrepresentingtype: 1 x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [10.118.116.133] Content-Type: text/plain; charset="utf-8" Content-ID: Content-Transfer-Encoding: base64 MIME-Version: 1.0 Archived-At: Subject: Re: [sfc] Alvaro Retana's No Objection on draft-ietf-sfc-nsh-24: (with COMMENT) X-BeenThere: sfc@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Network Service Chaining List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Sep 2017 19:31:34 -0000 SGksIEFsdmFybywNCg0KDQo+IE9uIFNlcCAyNywgMjAxNywgYXQgMjo0NyBQTSwgQWx2YXJvIFJl dGFuYSAoYXJldGFuYSkgPGFyZXRhbmFAY2lzY28uY29tPiB3cm90ZToNCj4gDQo+IE9uIDkvMjcv MTcsIDEyOjE0IEFNLCAiQ2FybG9zIFBpZ25hdGFybyAoY3BpZ25hdGEpIiA8Y3BpZ25hdGFAY2lz Y28uY29tPiB3cm90ZToNCj4gDQo+IENhcmxvczoNCj4gDQo+IEhpIQ0KPiANCj4g4oCmDQo+Pj4g KDMpICJTRkZzIE1VU1QgdXNlIHRoZSBTZXJ2aWNlIFBhdGggSGVhZGVyIGZvciBzZWxlY3Rpbmcg dGhlIG5leHQgU0Ygb3IgU0ZGIGluDQo+Pj4gdGhlIHNlcnZpY2UgcGF0aC4iICBTZWN0aW9uIDYg ZXhwbGFpbnMgbW9zdCBvZiB3aGF0IGhhcyB0byBiZSBkb25lIC0tIHdoYXQgSQ0KPj4+IHRoaW5r IGlzIHN0aWxsIG5vdCBjbGVhciBpbiB0aGlzIGRvY3VtZW50IGlzIHdoZXJlIHRoZSBpbmZvcm1h dGlvbiBpbiBUYWJsZXMNCj4+PiAxLTQgY29tZXMgZnJvbS4gIFRoZXJlIG1heSBiZSBkaWZmZXJl bnQgd2F5cyBmb3IgYW4gU0ZGIHRvIGxlYXJuIHRoYXQsIGFuZCBJDQo+Pj4gd291bGQgaW1hZ2lu ZSB0aGF0IGl0IGlzIG91dC1vZi1zY29wZSBvZiB0aGlzIGRvY3VtZW50LiAgUGxlYXNlIHNheSBz byAtLSBtYXliZQ0KPj4+IHRoZXJlJ3MgYSByZWxldmFudCByZWZlcmVuY2UgdG8gcmZjNzY2NSAo PykuDQo+PiANCj4+IFRoZSB3YXkgaW4gd2hpY2ggYW4gU0ZGIGxlYXJucyBpbmZvIGZyb20gdGhh dCB0YWJsZSBpcyBvdXQgb2Ygc2NvcGUsIGluIGNhc2VzIA0KPj4gaW1wbGVtZW50YXRpb24gc3Bl Y2lmaWMgYW5kIGRvZXMgbm90IGFmZmVjdCBpbnRlcm9wZXJhYmlsaXR5LiAgDQo+IA0KPiBJIGFn cmVlLg0KPiANCg0KT0suDQoNCj4+IEJ1dCB0aGUgZGVmaW5pdGlvbnMgaW4gc2VjdGlvbiAyIHNh eSBjYXNlcyB3aGVyZSBpbmZvcm1hdGlvbiBpcyBleHBlY3RlZCBmcm9tIA0KPj4gdGhlIGNvbnRy b2wgcGxhbmUgYW5kIG91dHNpZGUgdGhlIHNjb3BlIG9mIHRoZSBOU0ggc3BlY2lmaWNhdGlvbi4N Cj4+IA0KPj4gV2UgYXJlIGhhcHB5IHRvIGNsYXJpZnkgaWYgdGhlcmUgaXMgc29tZXRoaW5nIHRo YXQgaXMgY2F1c2luZyBjb25mdXNpb24g4oCUIG1heWJlIA0KPj4geW91IGNvdWxkIHN1Z2dlc3Qg dGV4dCB0byDigJxzYXkgc2/igJ0/DQo+IA0KPiBJIGxvb2tlZCwgYnV0IGNvdWxkbuKAmXQgZmlu ZCB3aGVyZSB0aGUgdGV4dCB0YWxrcyBhYm91dCBpbmZvcm1hdGlvbiBleHBlY3RlZCBmcm9tIHRo ZSBjb250cm9sIHBsYW5lLg0KPiANCj4gSW4gYW55IGNhc2UsIGhlcmXigJlzIGEgc3VnZ2VzdGlv bjog4oCcVGhlIGluZm9ybWF0aW9uIGNvbnRhaW5lZCBpbiBUYWJsZXMgMS00IG1heSBiZSByZWNl aXZlZCBmcm9tIHRoZSBjb250cm9sIHBsYW5lLCBidXQgdGhlIGV4YWN0IG1lY2hhbmlzbSBpcyBv dXRzaWRlIHRoZSBzY29wZSBvZiB0aGlzIGRvY3VtZW50LuKAnQ0KDQpTdXJlLg0KDQo+IA0KPiAN Cj4g4oCmIA0KPj4+IEluIHNlY3Rpb24gMi4yLiAoTlNIIEJhc2UgSGVhZGVyKSwgaXQgd291bGQg YmUgbmljZSB0byBoYXZlIGEgZm9yd2FyZCByZWZlcmVuY2UNCj4+PiB3aGVuIHRoZSBTZXJ2aWNl IEluZGV4IGlzIGZpcnN0IG1lbnRpb25lZC4NCj4+IA0KPj4gDQo+PiBTb3JyeSBJIGRpZCBub3Qg Zm9sbG93LiBTZWN0aW9uIDIuMSBzaG93cyB0aGUgQmFzZSBIZWFkZXIgKFNlY3Rpb24gMi4yKSBh bmQgdGhlDQo+PiBTZXJ2aWNlIFBhdGggSGVhZGVyIChTZWN0aW9uIDIuMykuDQo+PiANCj4+IFdo ZXJlIHdvdWxkIHlvdSBsaWtlIGEgZm9yd2FyZCBwb2ludGVyIHRvIHRoZSBTST8NCj4gDQo+IElu IHNlY3Rpb24gMi4yLCB3aGVyZSB0aGUgVFRMIGlzIGJlaW5nIGV4cGxhaW5lZCwgaXQgc2F5czog 4oCcVGhpcyBUVEwgZmllbGQgaXMgdGhlIHByaW1hcnkgbG9vcCBwcmV2ZW50aW9uIFRoaXMgVFRM IG1lY2hhbmlzbSByZXByZXNlbnRzIGEgcm9idXN0IGNvbXBsZW1lbnQgdG8gdGhlIFNlcnZpY2Ug SW5kZXjigKbigJ0gIEhvd2V2ZXIsIHRoZSBTZXJ2aWNlIEluZGV4IGlzIG5vdCBpbnRyb2R1Y2Vk IHVudGlsIHRoZSBuZXh0IHNlY3Rpb24uDQo+IA0KDQpHb3QgaXQuIFNvcnJ5IEkgbWlzc2VkIGl0 LiBBZGRlZCBhIOKAnChzZWUgU2VjdGlvbiAyLjMp4oCdIHBhcmVudGhldGljYWwuDQoNClRoYW5r cywNCg0KQ2FybG9zLg0KDQo+IA0KPiBUaGFua3MhDQo+IA0KPiBBbHZhcm8uDQo+IA0KDQo= From nobody Wed Sep 27 12:39:57 2017 Return-Path: X-Original-To: sfc@ietfa.amsl.com Delivered-To: sfc@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D611A134F7D; Wed, 27 Sep 2017 12:39:55 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -14.52 X-Spam-Level: X-Spam-Status: No, score=-14.52 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PYDr_3gKJ1A4; Wed, 27 Sep 2017 12:39:54 -0700 (PDT) Received: from alln-iport-2.cisco.com (alln-iport-2.cisco.com [173.37.142.89]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 335EB134F85; Wed, 27 Sep 2017 12:39:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=11506; q=dns/txt; s=iport; t=1506541188; x=1507750788; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=ZPClWZq73dx+5ZESwsO884ly1mMlauvRR0Wnk5nrgTA=; b=SnebicRf2PBagVbY5JqhPE/bJKfOhcpYDMsnj8QbJYzSMJx0S+TZNGA0 wzvbPXOpvD2r/BIXnFY/0cE8cEL01AFkAD6IKLi5m8y8VUl3vWJTh40wV O1C3B5lI3/74rSqRVJqHicPtj+3Rr7vA9UtSPJT2QzTa9T0YB1oIrKA1A A=; X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0DIAQBB/stZ/4cNJK1cGQEBAQEBAQEBA?= =?us-ascii?q?QEBBwEBAQEBg1yBUicHg3GZfYo4iCuFTIIECoU7AhqEQlcBAgEBAQEBAmsohRk?= =?us-ascii?q?GI1YQAgEIDjEDAgICHxEUEQIEDgWJTUwDFagBgieHOg2DOwEBAQEBAQEBAQEBA?= =?us-ascii?q?QEBAQEBAQEBAR2DK4ICgVGBaiuCfYJegW4ggysvgjEFmE+IGDwCim+EdYR5kwa?= =?us-ascii?q?MaYgzAhEZAYE4AVeBDngVWwGHCnaHRoEQAQEB?= X-IronPort-AV: E=Sophos;i="5.42,446,1500940800"; d="scan'208,217";a="9562306" Received: from alln-core-2.cisco.com ([173.36.13.135]) by alln-iport-2.cisco.com with ESMTP/TLS/DHE-RSA-AES256-SHA; 27 Sep 2017 19:39:32 +0000 Received: from XCH-RTP-005.cisco.com (xch-rtp-005.cisco.com [64.101.220.145]) by alln-core-2.cisco.com (8.14.5/8.14.5) with ESMTP id v8RJdWEe016421 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Wed, 27 Sep 2017 19:39:32 GMT Received: from xch-rtp-020.cisco.com (64.101.220.160) by XCH-RTP-005.cisco.com (64.101.220.145) with Microsoft SMTP Server (TLS) id 15.0.1320.4; Wed, 27 Sep 2017 15:39:31 -0400 Received: from xch-rtp-020.cisco.com ([64.101.220.160]) by XCH-RTP-020.cisco.com ([64.101.220.160]) with mapi id 15.00.1320.000; Wed, 27 Sep 2017 15:39:31 -0400 From: "Carlos Pignataro (cpignata)" To: Alia Atlas CC: "Alvaro Retana (aretana)" , "draft-ietf-sfc-nsh@ietf.org" , "Joel M. Halpern" , "sfc-chairs@ietf.org" , The IESG , "sfc@ietf.org" Thread-Topic: Alvaro Retana's No Objection on draft-ietf-sfc-nsh-24: (with COMMENT) Thread-Index: AQHTNvwOtqmwlMp+xUy8F8i54ZXAOqLIYzqAgAC2gQCAAD5mAIAAARmAgAAHo4CAAAFfAIAAA4YA Date: Wed, 27 Sep 2017 19:39:31 +0000 Message-ID: References: <150645342771.20838.9063204620273064987.idtracker@ietfa.amsl.com> <314D7BB3-23A0-4E4E-9557-B323736BA851@cisco.com> <5C29C4F3-3051-4C91-9DAE-990344103BF7@cisco.com> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-exchange-messagesentrepresentingtype: 1 x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [10.118.116.133] Content-Type: multipart/alternative; boundary="_000_F6E16F25760E425E9EC3EFE167EFE272ciscocom_" MIME-Version: 1.0 Archived-At: Subject: Re: [sfc] Alvaro Retana's No Objection on draft-ietf-sfc-nsh-24: (with COMMENT) X-BeenThere: sfc@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Network Service Chaining List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Sep 2017 19:39:56 -0000 --_000_F6E16F25760E425E9EC3EFE167EFE272ciscocom_ Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 UGVyZmVjdCEgVGhhbmtzIQ0KDQrigJQNCkNhcmxvcyBQaWduYXRhcm8sIGNhcmxvc0BjaXNjby5j b208bWFpbHRvOmNhcmxvc0BjaXNjby5jb20+DQoNCuKAnFNvbWV0aW1lcyBJIHVzZSBiaWcgd29y ZHMgdGhhdCBJIGRvIG5vdCBmdWxseSB1bmRlcnN0YW5kLCB0byBtYWtlIG15c2VsZiBzb3VuZCBt b3JlIHBob3Rvc3ludGhlc2lzLiINCg0KT24gU2VwIDI3LCAyMDE3LCBhdCAzOjI2IFBNLCBBbGlh IEF0bGFzIDxha2F0bGFzQGdtYWlsLmNvbTxtYWlsdG86YWthdGxhc0BnbWFpbC5jb20+PiB3cm90 ZToNCg0KRGVhciBDYXJsb3MsDQoNCk9uIFdlZCwgU2VwIDI3LCAyMDE3IGF0IDM6MjIgUE0sIENh cmxvcyBQaWduYXRhcm8gKGNwaWduYXRhKSA8Y3BpZ25hdGFAY2lzY28uY29tPG1haWx0bzpjcGln bmF0YUBjaXNjby5jb20+PiB3cm90ZToNCkRlYXIgQWxpYSwNCg0KT24gU2VwIDI3LCAyMDE3LCBh dCAyOjU0IFBNLCBBbGlhIEF0bGFzIDxha2F0bGFzQGdtYWlsLmNvbTxtYWlsdG86YWthdGxhc0Bn bWFpbC5jb20+PiB3cm90ZToNCg0KDQoNCk9uIFdlZCwgU2VwIDI3LCAyMDE3IGF0IDI6NTAgUE0s IEFsdmFybyBSZXRhbmEgKGFyZXRhbmEpIDxhcmV0YW5hQGNpc2NvLmNvbTxtYWlsdG86YXJldGFu YUBjaXNjby5jb20+PiB3cm90ZToNCk9uIDkvMjcvMTcsIDExOjA3IEFNLCAiQWxpYSBBdGxhcyIg PGFrYXRsYXNAZ21haWwuY29tPG1haWx0bzpha2F0bGFzQGdtYWlsLmNvbT4+IHdyb3RlOg0KDQpI aSENCg0KPiA+ID4gKDQpIFNlY3Rpb24gMTEuMS4gKE5TSCBFdGhlclR5cGUpIHNlZW1zIG91dCBv ZiBwbGFjZSBpbiB0aGlzDQo+ID4gPiBkb2N1bWVudCBiZWNhdXNlICgxKSB0aGUgZG9jdW1lbnQg ZG9lc24ndCBkaXNjdXNzIHRoZQ0KPiA+ID4gdHJhbnNwb3J0IGl0c2VsZiwgYW5kICgyKSBpdCBp cyBpbiB0aGUgSUFOQSBzZWN0aW9u4oCmDQo+ID4NCj4gPiBZb3UgaGF2ZSBhIGdvb2QgcG9pbnQg 4oCUIEpvZWwgYXNrZWQg4oCcIERvIHlvdSB0aGluayB3ZQ0KPiA+IHNob3VsZCByZW1vdmUgaXQ/ 4oCdDQo+ID4NCj4gPiBJIHRoaW5rIHdlIHNob3VsZCBrZWVwIGl0IGluLCBiZWNhdXNlIGl0IGlz IGltcG9ydGFudCBpbmZvcm1hdGlvbg0KPiA+IGZvciBhbiBpbXBsZW1lbnRvciB0byBoYXZlLCBy ZWdhcmRsZXNzIG9mIHRob3NlIHR3byBwb2ludHMuDQo+ID4NCj4gPiBCdXQgcGVyaGFwcyBpdCBz aG91bGQgYmUgbW92ZWQgb3V0IG9mIHRoYXQgc2VjdGlvbiBhbmQgaW50byBhDQo+ID4gc2VwYXJh dGUgbm9uLW5vcm1hdGl2ZSBzZWN0aW9uPyBEbyB5b3UgaGF2ZSByZWNvbW1lbmRhdGlvbnMNCj4g PiB0aGVyZT8NCj4gPg0KPiA+IEFsaWEgd2FzIHRyYWNraW5nIHRoZSBOU0ggRXRoZXJUeXBlIHZh bHVlLiBBbGlhLCB0aG91Z2h0cz8NCj4NCj4gRm9yIGltcGxlbWVudGF0aW9ucywgaXQgbmVlZHMg dG8gc3RheSBpbiB0aGUgZG9jdW1lbnQuDQo+IElmIGhhdmluZyBpdCBpbiB0aGUgSUFOQSBzZWN0 aW9uIGlzIGNvbmZ1c2luZywgaGF2aW5nIGEgc2VwYXJhdGUgc2VjdGlvbiBpcw0KPiBmaW5lLg0K PiBUaGVyZSBtYXkgc3RpbGwgYmUgc29tZSBkZXRhaWxzIHRvIGNsZWFyIHVwIHdpdGggSUVFRSwg c2luY2UgdGhlIG9yaWdpbmFsDQo+IG93bmVyIG9mIHRoZSBFdGhlclR5cGUgaXMgQ2lzY28uDQoN ClRoZSBtYWluIHJlYXNvbiBJIHRoaW5rIGl0IHNob3VsZCBiZSBjb21wbGV0ZWx5IHJlbW92ZWQg aXMgYmVjYXVzZSB0aHJvdWdob3V0IHRoZSBkb2N1bWVudCB0aGUgcG9pbnQgYWJvdXQgdGhlIE5T SCBiZWluZyB0cmFuc3BvcnQgaW5kZXBlbmRlbnQgaXMgY2xlYXJseSBtYWRlLiAgVGhlIEV0aGVy VHlwZSBpbmZvcm1hdGlvbiBpcyB0cmFuc3BvcnQtc3BlY2lmaWMg4oCTIEkganVzdCBkb27igJl0 IHRoaW5rIGl0IGJlbG9uZ3MgaGVyZS4NCg0KSWYgdGhlIFdHIGhhZCBhIHRyYW5zcG9ydC1zcGVj aWZpYyBkcmFmdCBpbiBwcm9ncmVzcywgSSdkIGFncmVlIHdpdGggeW91LiAgTGFja2luZyBzdWNo IGEgdmVoaWNsZS4uLg0KDQpBbHZhcm8gaGFkIHR3byBwb2ludHMuIE9uZSB5b3UgYXJlIGFkZHJl c3NpbmcuIFRoZSBzZWNvbmQgb25lIGlzIHdoZXRoZXIgdGhlIEV0aGVydHlwZSBTZWN0aW9uIHNo b3VsZCBiZSB3aXRoaW4gdGhlIElBTkEgQ29uc2lkZXJhdGlvbnMgc2VjdGlvbi4NCg0KU2luY2Ug eW91IHJlY29tbWVuZCB3ZSBsZWF2ZSBpdCBpbi4gRG8geW91IHJlY29tbWVuZCB3ZToNCjEuIExl YXZlIGl0IHdoZXJlIGl0IGlzPw0KMi4gTW92ZSBpcyBzb21ld2hlcmUgZWxzZSAoYW5kIHdoZXJl KT8NCg0KQWx2YXJvIGlzIHJpZ2h0IHRoYXQgaXQgZG9lc24ndCBiZWxvbmcgaW4gdGhlIElBTkEg Q29uc2lkZXJhdGlvbnMgc2VjdGlvbi4NCkknbSByZWx1Y3RhbnQgdG8gY3JlYXRlIGEgIlRyYW5z cG9ydCBPdmVybGF5cyBDb25zaWRlcmF0aW9ucyIgc2VjdGlvbiAtIHNvIHBlcmhhcHMgYW4NCiJJ bmZvcm1hdGlvbiBvbiBOU0gtUmVsYXRlZCBDb2RlcG9pbnRzIiB3b3VsZCBiZSBnb29kPw0KDQpU aGFua3MsDQoNCkNhcmxvcy4NCg0KDQo= --_000_F6E16F25760E425E9EC3EFE167EFE272ciscocom_ Content-Type: text/html; charset="utf-8" Content-ID: <86D7D5723891B24E9DE6D8D9F111FB58@emea.cisco.com> Content-Transfer-Encoding: base64 PGh0bWw+DQo8aGVhZD4NCjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIgY29udGVudD0i dGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Ij4NCjwvaGVhZD4NCjxib2R5IHN0eWxlPSJ3b3JkLXdy YXA6IGJyZWFrLXdvcmQ7IC13ZWJraXQtbmJzcC1tb2RlOiBzcGFjZTsgLXdlYmtpdC1saW5lLWJy ZWFrOiBhZnRlci13aGl0ZS1zcGFjZTsiIGNsYXNzPSIiPg0KUGVyZmVjdCEgVGhhbmtzIQ0KPGRp diBjbGFzcz0iIj48YnIgY2xhc3M9IiI+DQo8ZGl2IGNsYXNzPSIiPg0KPGRpdiBzdHlsZT0iY29s b3I6IHJnYigwLCAwLCAwKTsgbGV0dGVyLXNwYWNpbmc6IG5vcm1hbDsgdGV4dC1hbGlnbjogc3Rh cnQ7IHRleHQtaW5kZW50OiAwcHg7IHRleHQtdHJhbnNmb3JtOiBub25lOyB3aGl0ZS1zcGFjZTog bm9ybWFsOyB3b3JkLXNwYWNpbmc6IDBweDsgLXdlYmtpdC10ZXh0LXN0cm9rZS13aWR0aDogMHB4 OyB3b3JkLXdyYXA6IGJyZWFrLXdvcmQ7IC13ZWJraXQtbmJzcC1tb2RlOiBzcGFjZTsgLXdlYmtp dC1saW5lLWJyZWFrOiBhZnRlci13aGl0ZS1zcGFjZTsiIGNsYXNzPSIiPg0K4oCUPGJyIGNsYXNz PSIiPg0KQ2FybG9zIFBpZ25hdGFybywmbmJzcDs8YSBocmVmPSJtYWlsdG86Y2FybG9zQGNpc2Nv LmNvbSIgY2xhc3M9IiI+Y2FybG9zQGNpc2NvLmNvbTwvYT48YnIgY2xhc3M9IiI+DQo8YnIgY2xh c3M9IiI+DQo8aSBjbGFzcz0iIj7igJxTb21ldGltZXMgSSB1c2UgYmlnIHdvcmRzIHRoYXQgSSBk byBub3QgZnVsbHkgdW5kZXJzdGFuZCwgdG8gbWFrZSBteXNlbGYgc291bmQgbW9yZSBwaG90b3N5 bnRoZXNpcy4mcXVvdDs8L2k+PC9kaXY+DQo8L2Rpdj4NCjxiciBjbGFzcz0iIj4NCjxkaXY+DQo8 YmxvY2txdW90ZSB0eXBlPSJjaXRlIiBjbGFzcz0iIj4NCjxkaXYgY2xhc3M9IiI+T24gU2VwIDI3 LCAyMDE3LCBhdCAzOjI2IFBNLCBBbGlhIEF0bGFzICZsdDs8YSBocmVmPSJtYWlsdG86YWthdGxh c0BnbWFpbC5jb20iIGNsYXNzPSIiPmFrYXRsYXNAZ21haWwuY29tPC9hPiZndDsgd3JvdGU6PC9k aXY+DQo8YnIgY2xhc3M9IkFwcGxlLWludGVyY2hhbmdlLW5ld2xpbmUiPg0KPGRpdiBjbGFzcz0i Ij4NCjxkaXYgZGlyPSJsdHIiIGNsYXNzPSIiPkRlYXIgQ2FybG9zLDxiciBjbGFzcz0iIj4NCjxk aXYgY2xhc3M9ImdtYWlsX2V4dHJhIj48YnIgY2xhc3M9IiI+DQo8ZGl2IGNsYXNzPSJnbWFpbF9x dW90ZSI+T24gV2VkLCBTZXAgMjcsIDIwMTcgYXQgMzoyMiBQTSwgQ2FybG9zIFBpZ25hdGFybyAo Y3BpZ25hdGEpDQo8c3BhbiBkaXI9Imx0ciIgY2xhc3M9IiI+Jmx0OzxhIGhyZWY9Im1haWx0bzpj cGlnbmF0YUBjaXNjby5jb20iIHRhcmdldD0iX2JsYW5rIiBjbGFzcz0iIj5jcGlnbmF0YUBjaXNj by5jb208L2E+Jmd0Ozwvc3Bhbj4gd3JvdGU6PGJyIGNsYXNzPSIiPg0KPGJsb2NrcXVvdGUgY2xh c3M9ImdtYWlsX3F1b3RlIiBzdHlsZT0ibWFyZ2luOjAgMCAwIC44ZXg7Ym9yZGVyLWxlZnQ6MXB4 ICNjY2Mgc29saWQ7cGFkZGluZy1sZWZ0OjFleCI+DQo8ZGl2IHN0eWxlPSJ3b3JkLXdyYXA6YnJl YWstd29yZCIgY2xhc3M9IiI+RGVhciBBbGlhLA0KPGRpdiBjbGFzcz0iIj4NCjxkaXYgY2xhc3M9 Img1Ij4NCjxkaXYgY2xhc3M9IiI+PGJyIGNsYXNzPSIiPg0KPGRpdiBjbGFzcz0iIj4NCjxibG9j a3F1b3RlIHR5cGU9ImNpdGUiIGNsYXNzPSIiPg0KPGRpdiBjbGFzcz0iIj5PbiBTZXAgMjcsIDIw MTcsIGF0IDI6NTQgUE0sIEFsaWEgQXRsYXMgJmx0OzxhIGhyZWY9Im1haWx0bzpha2F0bGFzQGdt YWlsLmNvbSIgdGFyZ2V0PSJfYmxhbmsiIGNsYXNzPSIiPmFrYXRsYXNAZ21haWwuY29tPC9hPiZn dDsgd3JvdGU6PC9kaXY+DQo8YnIgY2xhc3M9Im1fNjM0MTQ1MzE4MTc1NDE1NTc4M0FwcGxlLWlu dGVyY2hhbmdlLW5ld2xpbmUiPg0KPGRpdiBjbGFzcz0iIj4NCjxkaXYgZGlyPSJsdHIiIGNsYXNz PSIiPjxiciBjbGFzcz0iIj4NCjxkaXYgY2xhc3M9ImdtYWlsX2V4dHJhIj48YnIgY2xhc3M9IiI+ DQo8ZGl2IGNsYXNzPSJnbWFpbF9xdW90ZSI+T24gV2VkLCBTZXAgMjcsIDIwMTcgYXQgMjo1MCBQ TSwgQWx2YXJvIFJldGFuYSAoYXJldGFuYSkNCjxzcGFuIGRpcj0ibHRyIiBjbGFzcz0iIj4mbHQ7 PGEgaHJlZj0ibWFpbHRvOmFyZXRhbmFAY2lzY28uY29tIiB0YXJnZXQ9Il9ibGFuayIgY2xhc3M9 IiI+YXJldGFuYUBjaXNjby5jb208L2E+Jmd0Ozwvc3Bhbj4gd3JvdGU6PGJyIGNsYXNzPSIiPg0K PGJsb2NrcXVvdGUgY2xhc3M9ImdtYWlsX3F1b3RlIiBzdHlsZT0ibWFyZ2luOjAgMCAwIC44ZXg7 Ym9yZGVyLWxlZnQ6MXB4ICNjY2Mgc29saWQ7cGFkZGluZy1sZWZ0OjFleCI+DQpPbiA5LzI3LzE3 LCAxMTowNyBBTSwgJnF1b3Q7QWxpYSBBdGxhcyZxdW90OyAmbHQ7PGEgaHJlZj0ibWFpbHRvOmFr YXRsYXNAZ21haWwuY29tIiB0YXJnZXQ9Il9ibGFuayIgY2xhc3M9IiI+YWthdGxhc0BnbWFpbC5j b208L2E+Jmd0OyB3cm90ZTo8YnIgY2xhc3M9IiI+DQo8YnIgY2xhc3M9IiI+DQpIaSE8YnIgY2xh c3M9IiI+DQo8c3BhbiBjbGFzcz0iIj48YnIgY2xhc3M9IiI+DQomZ3Q7ICZndDsgJmd0OyAoNCkg U2VjdGlvbiAxMS4xLiAoTlNIIEV0aGVyVHlwZSkgc2VlbXMgb3V0IG9mIHBsYWNlIGluIHRoaXM8 YnIgY2xhc3M9IiI+DQomZ3Q7ICZndDsgJmd0OyBkb2N1bWVudCBiZWNhdXNlICgxKSB0aGUgZG9j dW1lbnQgZG9lc24ndCBkaXNjdXNzIHRoZTxiciBjbGFzcz0iIj4NCiZndDsgJmd0OyAmZ3Q7IHRy YW5zcG9ydCBpdHNlbGYsIGFuZCAoMikgaXQgaXMgaW4gdGhlIElBTkEgc2VjdGlvbuKApjxiciBj bGFzcz0iIj4NCiZndDsgJmd0OzxiciBjbGFzcz0iIj4NCiZndDsgJmd0OyBZb3UgaGF2ZSBhIGdv b2QgcG9pbnQg4oCUIEpvZWwgYXNrZWQg4oCcIERvIHlvdSB0aGluayB3ZTxiciBjbGFzcz0iIj4N CiZndDsgJmd0OyBzaG91bGQgcmVtb3ZlIGl0P+KAnTxiciBjbGFzcz0iIj4NCiZndDsgJmd0Ozxi ciBjbGFzcz0iIj4NCiZndDsgJmd0OyBJIHRoaW5rIHdlIHNob3VsZCBrZWVwIGl0IGluLCBiZWNh dXNlIGl0IGlzIGltcG9ydGFudCBpbmZvcm1hdGlvbjxiciBjbGFzcz0iIj4NCiZndDsgJmd0OyBm b3IgYW4gaW1wbGVtZW50b3IgdG8gaGF2ZSwgcmVnYXJkbGVzcyBvZiB0aG9zZSB0d28gcG9pbnRz LjxiciBjbGFzcz0iIj4NCiZndDsgJmd0OzxiciBjbGFzcz0iIj4NCiZndDsgJmd0OyBCdXQgcGVy aGFwcyBpdCBzaG91bGQgYmUgbW92ZWQgb3V0IG9mIHRoYXQgc2VjdGlvbiBhbmQgaW50byBhPGJy IGNsYXNzPSIiPg0KJmd0OyAmZ3Q7IHNlcGFyYXRlIG5vbi1ub3JtYXRpdmUgc2VjdGlvbj8gRG8g eW91IGhhdmUgcmVjb21tZW5kYXRpb25zPGJyIGNsYXNzPSIiPg0KJmd0OyAmZ3Q7IHRoZXJlPzxi ciBjbGFzcz0iIj4NCiZndDsgJmd0OzxiciBjbGFzcz0iIj4NCiZndDsgJmd0OyBBbGlhIHdhcyB0 cmFja2luZyB0aGUgTlNIIEV0aGVyVHlwZSB2YWx1ZS4gQWxpYSwgdGhvdWdodHM/PGJyIGNsYXNz PSIiPg0KJmd0OzxiciBjbGFzcz0iIj4NCiZndDsgRm9yIGltcGxlbWVudGF0aW9ucywgaXQgbmVl ZHMgdG8gc3RheSBpbiB0aGUgZG9jdW1lbnQuJm5ic3A7Jm5ic3A7PGJyIGNsYXNzPSIiPg0KJmd0 OyBJZiBoYXZpbmcgaXQgaW4gdGhlIElBTkEgc2VjdGlvbiBpcyBjb25mdXNpbmcsIGhhdmluZyBh IHNlcGFyYXRlIHNlY3Rpb24gaXM8YnIgY2xhc3M9IiI+DQomZ3Q7IGZpbmUuPGJyIGNsYXNzPSIi Pg0KJmd0OyBUaGVyZSBtYXkgc3RpbGwgYmUgc29tZSBkZXRhaWxzIHRvIGNsZWFyIHVwIHdpdGgg SUVFRSwgc2luY2UgdGhlIG9yaWdpbmFsPGJyIGNsYXNzPSIiPg0KJmd0OyBvd25lciBvZiB0aGUg RXRoZXJUeXBlIGlzIENpc2NvLjxiciBjbGFzcz0iIj4NCjxiciBjbGFzcz0iIj4NCjwvc3Bhbj5U aGUgbWFpbiByZWFzb24gSSB0aGluayBpdCBzaG91bGQgYmUgY29tcGxldGVseSByZW1vdmVkIGlz IGJlY2F1c2UgdGhyb3VnaG91dCB0aGUgZG9jdW1lbnQgdGhlIHBvaW50IGFib3V0IHRoZSBOU0gg YmVpbmcgdHJhbnNwb3J0IGluZGVwZW5kZW50IGlzIGNsZWFybHkgbWFkZS4mbmJzcDsgVGhlIEV0 aGVyVHlwZSBpbmZvcm1hdGlvbiBpcyB0cmFuc3BvcnQtc3BlY2lmaWMg4oCTIEkganVzdCBkb27i gJl0IHRoaW5rIGl0IGJlbG9uZ3MgaGVyZS48YnIgY2xhc3M9IiI+DQo8L2Jsb2NrcXVvdGU+DQo8 ZGl2IGNsYXNzPSIiPjxiciBjbGFzcz0iIj4NCjwvZGl2Pg0KPGRpdiBjbGFzcz0iIj5JZiB0aGUg V0cgaGFkIGEgdHJhbnNwb3J0LXNwZWNpZmljIGRyYWZ0IGluIHByb2dyZXNzLCBJJ2QgYWdyZWUg d2l0aCB5b3UuJm5ic3A7IExhY2tpbmcgc3VjaCBhIHZlaGljbGUuLi4mbmJzcDs8L2Rpdj4NCjwv ZGl2Pg0KPC9kaXY+DQo8L2Rpdj4NCjwvZGl2Pg0KPC9ibG9ja3F1b3RlPg0KPC9kaXY+DQo8YnIg Y2xhc3M9IiI+DQo8L2Rpdj4NCjwvZGl2Pg0KPC9kaXY+DQo8ZGl2IGNsYXNzPSIiPkFsdmFybyBo YWQgdHdvIHBvaW50cy4gT25lIHlvdSBhcmUgYWRkcmVzc2luZy4gVGhlIHNlY29uZCBvbmUgaXMg d2hldGhlciB0aGUgRXRoZXJ0eXBlIFNlY3Rpb24gc2hvdWxkIGJlIHdpdGhpbiB0aGUgSUFOQSBD b25zaWRlcmF0aW9ucyBzZWN0aW9uLjwvZGl2Pg0KPGRpdiBjbGFzcz0iIj48YnIgY2xhc3M9IiI+ DQo8L2Rpdj4NCjxkaXYgY2xhc3M9IiI+U2luY2UgeW91IHJlY29tbWVuZCB3ZSBsZWF2ZSBpdCBp bi4gRG8geW91IHJlY29tbWVuZCB3ZTo8L2Rpdj4NCjxkaXYgY2xhc3M9IiI+MS4gTGVhdmUgaXQg d2hlcmUgaXQgaXM/PC9kaXY+DQo8ZGl2IGNsYXNzPSIiPjIuIE1vdmUgaXMgc29tZXdoZXJlIGVs c2UgKGFuZCB3aGVyZSk/PC9kaXY+DQo8L2Rpdj4NCjwvYmxvY2txdW90ZT4NCjxkaXYgY2xhc3M9 IiI+PGJyIGNsYXNzPSIiPg0KPC9kaXY+DQo8ZGl2IGNsYXNzPSIiPkFsdmFybyBpcyByaWdodCB0 aGF0IGl0IGRvZXNuJ3QgYmVsb25nIGluIHRoZSBJQU5BIENvbnNpZGVyYXRpb25zIHNlY3Rpb24u PC9kaXY+DQo8ZGl2IGNsYXNzPSIiPkknbSByZWx1Y3RhbnQgdG8gY3JlYXRlIGEgJnF1b3Q7VHJh bnNwb3J0IE92ZXJsYXlzIENvbnNpZGVyYXRpb25zJnF1b3Q7IHNlY3Rpb24gLSBzbyBwZXJoYXBz IGFuPC9kaXY+DQo8ZGl2IGNsYXNzPSIiPiZxdW90O0luZm9ybWF0aW9uIG9uIE5TSC1SZWxhdGVk IENvZGVwb2ludHMmcXVvdDsgd291bGQgYmUgZ29vZD88L2Rpdj4NCjxkaXYgY2xhc3M9IiI+Jm5i c3A7PC9kaXY+DQo8YmxvY2txdW90ZSBjbGFzcz0iZ21haWxfcXVvdGUiIHN0eWxlPSJtYXJnaW46 MCAwIDAgLjhleDtib3JkZXItbGVmdDoxcHggI2NjYyBzb2xpZDtwYWRkaW5nLWxlZnQ6MWV4Ij4N CjxkaXYgc3R5bGU9IndvcmQtd3JhcDpicmVhay13b3JkIiBjbGFzcz0iIj4NCjxkaXYgY2xhc3M9 IiI+PC9kaXY+DQo8ZGl2IGNsYXNzPSIiPlRoYW5rcyw8L2Rpdj4NCjxkaXYgY2xhc3M9IiI+PGJy IGNsYXNzPSIiPg0KPC9kaXY+DQo8ZGl2IGNsYXNzPSIiPkNhcmxvcy48L2Rpdj4NCjwvZGl2Pg0K PC9ibG9ja3F1b3RlPg0KPC9kaXY+DQo8YnIgY2xhc3M9IiI+DQo8L2Rpdj4NCjwvZGl2Pg0KPC9k aXY+DQo8L2Jsb2NrcXVvdGU+DQo8L2Rpdj4NCjxiciBjbGFzcz0iIj4NCjwvZGl2Pg0KPC9ib2R5 Pg0KPC9odG1sPg0K --_000_F6E16F25760E425E9EC3EFE167EFE272ciscocom_-- From nobody Wed Sep 27 16:04:28 2017 Return-Path: X-Original-To: sfc@ietf.org Delivered-To: sfc@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 4134F135176; Wed, 27 Sep 2017 16:04:22 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: Warren Kumari To: "The IESG" Cc: draft-ietf-sfc-nsh@ietf.org, "Joel M. Halpern" , sfc-chairs@ietf.org, jmh@joelhalpern.com, sfc@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 6.62.1 Auto-Submitted: auto-generated Precedence: bulk Message-ID: <150655346225.13736.9274309575032004292.idtracker@ietfa.amsl.com> Date: Wed, 27 Sep 2017 16:04:22 -0700 Archived-At: Subject: [sfc] Warren Kumari's No Objection on draft-ietf-sfc-nsh-24: (with COMMENT) X-BeenThere: sfc@ietf.org X-Mailman-Version: 2.1.22 List-Id: Network Service Chaining List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Sep 2017 23:04:22 -0000 Warren Kumari has entered the following ballot position for draft-ietf-sfc-nsh-24: No Objection When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-sfc-nsh/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- I provided long (and somewhat grumpy!) comments on the previous version of this document -- I'd like to thank the authors, especially Carlos for addressing them. This version is, IMO, much improved. From nobody Wed Sep 27 17:29:22 2017 Return-Path: X-Original-To: sfc@ietf.org Delivered-To: sfc@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 7A8291351EA; Wed, 27 Sep 2017 17:29:11 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: Adam Roach To: "The IESG" Cc: draft-ietf-sfc-nsh@ietf.org, "Joel M. Halpern" , sfc-chairs@ietf.org, jmh@joelhalpern.com, sfc@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 6.62.1 Auto-Submitted: auto-generated Precedence: bulk Message-ID: <150655855149.13709.16317417586638739255.idtracker@ietfa.amsl.com> Date: Wed, 27 Sep 2017 17:29:11 -0700 Archived-At: Subject: [sfc] Adam Roach's No Objection on draft-ietf-sfc-nsh-24: (with COMMENT) X-BeenThere: sfc@ietf.org X-Mailman-Version: 2.1.22 List-Id: Network Service Chaining List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 Sep 2017 00:29:15 -0000 Adam Roach has entered the following ballot position for draft-ietf-sfc-nsh-24: No Objection When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-sfc-nsh/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- I have the same concern as Kathleen's DISCUSS, and would have blocked the draft on the same grounds if such a position were not already in place. The "crunchy perimeter, soft center" model of security was flawed to start with; and, even in those arenas where it was once fashionable, it's starting to be considered dated (e.g., much of the traffic inside data centers is secured using TLS -- see the recent discussions in the TLS working group for evidence of this situation). More notably, this "unconditionally trusted network zone" approach to security has led to some spectacular exploits recently (cf. https://www.wired.com/2016/04/the-critical-hole-at-the-heart-of-cell-phone-infrastructure/). Rather than explicitly fostering this model, the security section really needs to normatively disallow it. (n.b., I reviewed version -21 of the document -- but I don't find the changes between that version and -24 to address the issue Kathleen raises) ---- Section 3 says the following about reclassification behavior: When the logical classifier performs re- classification that results in a change of service path, it MUST replace the existing NSH with a new NSH with the Base Header and Service Path Header reflecting the new service path information and MUST set the initial SI. The O bit, as well as unassigned flags, MUST be copied transparently from the old NSH to a new NSH. Metadata MAY be preserved in the new NSH. I don't see anything here about copying the TTL. If the TTL isn't copied, you can end up with a stable (and unending) loop involving two classifiers (which seems even more damaging than usual, as the SI value won't generally survive a reclassification, right?). I would suggest adding "TTL" to the list of things that MUST be copied when reclassification occurs. From nobody Wed Sep 27 18:24:46 2017 Return-Path: X-Original-To: sfc@ietfa.amsl.com Delivered-To: sfc@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6C9ED135221; Wed, 27 Sep 2017 18:24:44 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.699 X-Spam-Level: X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=joelhalpern.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id r4aLcsFWQfU8; Wed, 27 Sep 2017 18:24:43 -0700 (PDT) Received: from maila2.tigertech.net (maila2.tigertech.net [208.80.4.152]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E9A0E135211; Wed, 27 Sep 2017 18:24:42 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by maila2.tigertech.net (Postfix) with ESMTP id CD7E325F044; Wed, 27 Sep 2017 18:24:42 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=joelhalpern.com; s=1.tigertech; t=1506561882; bh=7jMDFCG/BlgpaCOcJav2pXWtooiwPBuB6BSftgoRP3s=; h=Date:Subject:From:To:Cc:From; b=S8JkW4NGB27nHO/bwXrpHdExLQg0wBrqXOJYGS9j35YU7XeGUzASEZxpWuPbH75oN BkVEDUvHNSINJaoX7vkqfKDRQOhYf2aYLlmVEE+KfUfMoUfpmSJLjPRZH3sr0UHHOj 8MR6sGGfxh5pqT1QbPJ9yA0Y08FEGBiYp2HILJkw= X-Virus-Scanned: Debian amavisd-new at maila2.tigertech.net Received: from [10.21.82.104] (mobile-166-170-28-74.mycingular.net [166.170.28.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by maila2.tigertech.net (Postfix) with ESMTPSA id 13AFD245B9A; Wed, 27 Sep 2017 18:24:41 -0700 (PDT) Date: Wed, 27 Sep 2017 21:24:38 -0400 Importance: normal From: "jmh.direct" To: Adam Roach , The IESG Cc: draft-ietf-sfc-nsh@ietf.org, "Joel M. Halpern" , sfc-chairs@ietf.org, sfc@ietf.org MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="--_com.samsung.android.email_17132926071637870" Message-Id: <20170928012442.E9A0E135211@ietfa.amsl.com> Archived-At: Subject: Re: [sfc] Adam Roach's No Objection on draft-ietf-sfc-nsh-24: (with COMMENT) X-BeenThere: sfc@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Network Service Chaining List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 Sep 2017 01:24:44 -0000 ----_com.samsung.android.email_17132926071637870 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: base64 VGhhbmtzIGZvciBub3RpbmcgdGhlIFRUQyBjb3B5IGF0IHJlY2xhc3NpZmllZCBpc3N1ZS7CoCBZ b3UgYXJlIGNvcnJlY3QsIGFuZCBpbiBmYWN0IHRoYXQgd2FzIG9uZSBvZiB0aGUgbW90aXZhdGlv bnMgZm9yIHRoZSBUVEMgZmllbGQuwqAgV2Ugd2lsbCBmaXggdGhhdC5Zb3VycyxKb2VsCgoKU2Vu dCB2aWEgdGhlIFNhbXN1bmcgR2FsYXh5IFPCriA2LCBhbiBBVCZUIDRHIExURSBzbWFydHBob25l Ci0tLS0tLS0tIE9yaWdpbmFsIG1lc3NhZ2UgLS0tLS0tLS1Gcm9tOiBBZGFtIFJvYWNoIDxhZGFt QG5vc3RydW0uY29tPiBEYXRlOiA5LzI3LzE3ICAyMDoyOSAgKEdNVC0wNTowMCkgVG86IFRoZSBJ RVNHIDxpZXNnQGlldGYub3JnPiBDYzogZHJhZnQtaWV0Zi1zZmMtbnNoQGlldGYub3JnLCAiSm9l bCBNLiBIYWxwZXJuIiA8am1oQGpvZWxoYWxwZXJuLmNvbT4sIHNmYy1jaGFpcnNAaWV0Zi5vcmcs IGptaEBqb2VsaGFscGVybi5jb20sIHNmY0BpZXRmLm9yZyBTdWJqZWN0OiBBZGFtIFJvYWNoJ3Mg Tm8gT2JqZWN0aW9uIG9uIGRyYWZ0LWlldGYtc2ZjLW5zaC0yNDogKHdpdGggQ09NTUVOVCkgCkFk YW0gUm9hY2ggaGFzIGVudGVyZWQgdGhlIGZvbGxvd2luZyBiYWxsb3QgcG9zaXRpb24gZm9yCmRy YWZ0LWlldGYtc2ZjLW5zaC0yNDogTm8gT2JqZWN0aW9uCgpXaGVuIHJlc3BvbmRpbmcsIHBsZWFz ZSBrZWVwIHRoZSBzdWJqZWN0IGxpbmUgaW50YWN0IGFuZCByZXBseSB0byBhbGwKZW1haWwgYWRk cmVzc2VzIGluY2x1ZGVkIGluIHRoZSBUbyBhbmQgQ0MgbGluZXMuIChGZWVsIGZyZWUgdG8gY3V0 IHRoaXMKaW50cm9kdWN0b3J5IHBhcmFncmFwaCwgaG93ZXZlci4pCgoKUGxlYXNlIHJlZmVyIHRv IGh0dHBzOi8vd3d3LmlldGYub3JnL2llc2cvc3RhdGVtZW50L2Rpc2N1c3MtY3JpdGVyaWEuaHRt bApmb3IgbW9yZSBpbmZvcm1hdGlvbiBhYm91dCBJRVNHIERJU0NVU1MgYW5kIENPTU1FTlQgcG9z aXRpb25zLgoKClRoZSBkb2N1bWVudCwgYWxvbmcgd2l0aCBvdGhlciBiYWxsb3QgcG9zaXRpb25z LCBjYW4gYmUgZm91bmQgaGVyZToKaHR0cHM6Ly9kYXRhdHJhY2tlci5pZXRmLm9yZy9kb2MvZHJh ZnQtaWV0Zi1zZmMtbnNoLwoKCgotLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tCkNPTU1FTlQ6Ci0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0K CkkgaGF2ZSB0aGUgc2FtZSBjb25jZXJuIGFzIEthdGhsZWVuJ3MgRElTQ1VTUywgYW5kIHdvdWxk IGhhdmUgYmxvY2tlZCB0aGUgZHJhZnQKb24gdGhlIHNhbWUgZ3JvdW5kcyBpZiBzdWNoIGEgcG9z aXRpb24gd2VyZSBub3QgYWxyZWFkeSBpbiBwbGFjZS4gVGhlICJjcnVuY2h5CnBlcmltZXRlciwg c29mdCBjZW50ZXIiIG1vZGVsIG9mIHNlY3VyaXR5IHdhcyBmbGF3ZWQgdG8gc3RhcnQgd2l0aDsg YW5kLCBldmVuCmluIHRob3NlIGFyZW5hcyB3aGVyZSBpdCB3YXMgb25jZSBmYXNoaW9uYWJsZSwg aXQncyBzdGFydGluZyB0byBiZSBjb25zaWRlcmVkCmRhdGVkIChlLmcuLCBtdWNoIG9mIHRoZSB0 cmFmZmljIGluc2lkZSBkYXRhIGNlbnRlcnMgaXMgc2VjdXJlZCB1c2luZyBUTFMgLS0Kc2VlIHRo ZSByZWNlbnQgZGlzY3Vzc2lvbnMgaW4gdGhlIFRMUyB3b3JraW5nIGdyb3VwIGZvciBldmlkZW5j ZSBvZiB0aGlzCnNpdHVhdGlvbikuIE1vcmUgbm90YWJseSwgdGhpcyAidW5jb25kaXRpb25hbGx5 IHRydXN0ZWQgbmV0d29yayB6b25lIiBhcHByb2FjaAp0byBzZWN1cml0eSBoYXMgbGVkIHRvIHNv bWUgc3BlY3RhY3VsYXIgZXhwbG9pdHMgcmVjZW50bHkgKGNmLgpodHRwczovL3d3dy53aXJlZC5j b20vMjAxNi8wNC90aGUtY3JpdGljYWwtaG9sZS1hdC10aGUtaGVhcnQtb2YtY2VsbC1waG9uZS1p bmZyYXN0cnVjdHVyZS8pLgpSYXRoZXIgdGhhbiBleHBsaWNpdGx5IGZvc3RlcmluZyB0aGlzIG1v ZGVsLCB0aGUgc2VjdXJpdHkgc2VjdGlvbiByZWFsbHkgbmVlZHMKdG8gbm9ybWF0aXZlbHkgZGlz YWxsb3cgaXQuCgoobi5iLiwgSSByZXZpZXdlZCB2ZXJzaW9uIC0yMSBvZiB0aGUgZG9jdW1lbnQg LS0gYnV0IEkgZG9uJ3QgZmluZCB0aGUgY2hhbmdlcwpiZXR3ZWVuIHRoYXQgdmVyc2lvbiBhbmQg LTI0IHRvIGFkZHJlc3MgdGhlIGlzc3VlIEthdGhsZWVuIHJhaXNlcykKCi0tLS0KClNlY3Rpb24g MyBzYXlzIHRoZSBmb2xsb3dpbmcgYWJvdXQgcmVjbGFzc2lmaWNhdGlvbiBiZWhhdmlvcjoKCsKg wqDCoMKgwqDCoCBXaGVuIHRoZSBsb2dpY2FsIGNsYXNzaWZpZXIgcGVyZm9ybXMgcmUtCsKgwqDC oMKgwqDCoCBjbGFzc2lmaWNhdGlvbiB0aGF0IHJlc3VsdHMgaW4gYSBjaGFuZ2Ugb2Ygc2Vydmlj ZSBwYXRoLCBpdCBNVVNUCsKgwqDCoMKgwqDCoCByZXBsYWNlIHRoZSBleGlzdGluZyBOU0ggd2l0 aCBhIG5ldyBOU0ggd2l0aCB0aGUgQmFzZSBIZWFkZXIgYW5kCsKgwqDCoMKgwqDCoCBTZXJ2aWNl IFBhdGggSGVhZGVyIHJlZmxlY3RpbmcgdGhlIG5ldyBzZXJ2aWNlIHBhdGggaW5mb3JtYXRpb24K wqDCoMKgwqDCoMKgIGFuZCBNVVNUIHNldCB0aGUgaW5pdGlhbCBTSS7CoCBUaGUgTyBiaXQsIGFz IHdlbGwgYXMgdW5hc3NpZ25lZArCoMKgwqDCoMKgwqAgZmxhZ3MsIE1VU1QgYmUgY29waWVkIHRy YW5zcGFyZW50bHkgZnJvbSB0aGUgb2xkIE5TSCB0byBhIG5ldwrCoMKgwqDCoMKgwqAgTlNILsKg IE1ldGFkYXRhIE1BWSBiZSBwcmVzZXJ2ZWQgaW4gdGhlIG5ldyBOU0guCgpJIGRvbid0IHNlZSBh bnl0aGluZyBoZXJlIGFib3V0IGNvcHlpbmcgdGhlIFRUTC4gSWYgdGhlIFRUTCBpc24ndCBjb3Bp ZWQsIHlvdQpjYW4gZW5kIHVwIHdpdGggYSBzdGFibGUgKGFuZCB1bmVuZGluZykgbG9vcCBpbnZv bHZpbmcgdHdvIGNsYXNzaWZpZXJzICh3aGljaApzZWVtcyBldmVuIG1vcmUgZGFtYWdpbmcgdGhh biB1c3VhbCwgYXMgdGhlIFNJIHZhbHVlIHdvbid0IGdlbmVyYWxseSBzdXJ2aXZlIGEKcmVjbGFz c2lmaWNhdGlvbiwgcmlnaHQ/KS4gSSB3b3VsZCBzdWdnZXN0IGFkZGluZyAiVFRMIiB0byB0aGUg bGlzdCBvZiB0aGluZ3MKdGhhdCBNVVNUIGJlIGNvcGllZCB3aGVuIHJlY2xhc3NpZmljYXRpb24g b2NjdXJzLgoKCg== ----_com.samsung.android.email_17132926071637870 Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: base64 PGh0bWw+PGhlYWQ+PG1ldGEgaHR0cC1lcXVpdj0iQ29udGVudC1UeXBlIiBjb250ZW50PSJ0ZXh0 L2h0bWw7IGNoYXJzZXQ9VVRGLTgiPjwvaGVhZD48Ym9keT48ZGl2PlRoYW5rcyBmb3Igbm90aW5n IHRoZSBUVEMgY29weSBhdCByZWNsYXNzaWZpZWQgaXNzdWUuJm5ic3A7IFlvdSBhcmUgY29ycmVj dCwgYW5kIGluIGZhY3QgdGhhdCB3YXMgb25lIG9mIHRoZSBtb3RpdmF0aW9ucyBmb3IgdGhlIFRU QyBmaWVsZC4mbmJzcDsgV2Ugd2lsbCBmaXggdGhhdC48L2Rpdj48ZGl2PllvdXJzLDwvZGl2Pjxk aXY+Sm9lbDwvZGl2PjxkaXY+PGJyPjwvZGl2PjxkaXY+PGJyPjwvZGl2PjxkaXY+PGJyPjwvZGl2 PjxkaXYgaWQ9ImNvbXBvc2VyX3NpZ25hdHVyZSI+PGRpdiBzdHlsZT0iZm9udC1zaXplOjg1JTtj b2xvcjojNTc1NzU3IiBkaXI9ImF1dG8iPlNlbnQgdmlhIHRoZSBTYW1zdW5nIEdhbGF4eSBTwq4g NiwgYW4gQVQmYW1wO1QgNEcgTFRFIHNtYXJ0cGhvbmU8L2Rpdj48L2Rpdj48ZGl2Pjxicj48L2Rp dj48ZGl2IHN0eWxlPSJmb250LXNpemU6MTAwJTtjb2xvcjojMDAwMDAwIj48IS0tIG9yaWdpbmFs TWVzc2FnZSAtLT48ZGl2Pi0tLS0tLS0tIE9yaWdpbmFsIG1lc3NhZ2UgLS0tLS0tLS08L2Rpdj48 ZGl2PkZyb206IEFkYW0gUm9hY2ggJmx0O2FkYW1Abm9zdHJ1bS5jb20mZ3Q7IDwvZGl2PjxkaXY+ RGF0ZTogOS8yNy8xNyAgMjA6MjkgIChHTVQtMDU6MDApIDwvZGl2PjxkaXY+VG86IFRoZSBJRVNH ICZsdDtpZXNnQGlldGYub3JnJmd0OyA8L2Rpdj48ZGl2PkNjOiBkcmFmdC1pZXRmLXNmYy1uc2hA aWV0Zi5vcmcsICJKb2VsIE0uIEhhbHBlcm4iICZsdDtqbWhAam9lbGhhbHBlcm4uY29tJmd0Oywg c2ZjLWNoYWlyc0BpZXRmLm9yZywgam1oQGpvZWxoYWxwZXJuLmNvbSwgc2ZjQGlldGYub3JnIDwv ZGl2PjxkaXY+U3ViamVjdDogQWRhbSBSb2FjaCdzIE5vIE9iamVjdGlvbiBvbiBkcmFmdC1pZXRm LXNmYy1uc2gtMjQ6ICh3aXRoIENPTU1FTlQpIDwvZGl2PjxkaXY+PGJyPjwvZGl2PjwvZGl2PkFk YW0gUm9hY2ggaGFzIGVudGVyZWQgdGhlIGZvbGxvd2luZyBiYWxsb3QgcG9zaXRpb24gZm9yPGJy PmRyYWZ0LWlldGYtc2ZjLW5zaC0yNDogTm8gT2JqZWN0aW9uPGJyPjxicj5XaGVuIHJlc3BvbmRp bmcsIHBsZWFzZSBrZWVwIHRoZSBzdWJqZWN0IGxpbmUgaW50YWN0IGFuZCByZXBseSB0byBhbGw8 YnI+ZW1haWwgYWRkcmVzc2VzIGluY2x1ZGVkIGluIHRoZSBUbyBhbmQgQ0MgbGluZXMuIChGZWVs IGZyZWUgdG8gY3V0IHRoaXM8YnI+aW50cm9kdWN0b3J5IHBhcmFncmFwaCwgaG93ZXZlci4pPGJy Pjxicj48YnI+UGxlYXNlIHJlZmVyIHRvIGh0dHBzOi8vd3d3LmlldGYub3JnL2llc2cvc3RhdGVt ZW50L2Rpc2N1c3MtY3JpdGVyaWEuaHRtbDxicj5mb3IgbW9yZSBpbmZvcm1hdGlvbiBhYm91dCBJ RVNHIERJU0NVU1MgYW5kIENPTU1FTlQgcG9zaXRpb25zLjxicj48YnI+PGJyPlRoZSBkb2N1bWVu dCwgYWxvbmcgd2l0aCBvdGhlciBiYWxsb3QgcG9zaXRpb25zLCBjYW4gYmUgZm91bmQgaGVyZTo8 YnI+aHR0cHM6Ly9kYXRhdHJhY2tlci5pZXRmLm9yZy9kb2MvZHJhZnQtaWV0Zi1zZmMtbnNoLzxi cj48YnI+PGJyPjxicj4tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tPGJyPkNPTU1FTlQ6PGJyPi0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS08 YnI+PGJyPkkgaGF2ZSB0aGUgc2FtZSBjb25jZXJuIGFzIEthdGhsZWVuJ3MgRElTQ1VTUywgYW5k IHdvdWxkIGhhdmUgYmxvY2tlZCB0aGUgZHJhZnQ8YnI+b24gdGhlIHNhbWUgZ3JvdW5kcyBpZiBz dWNoIGEgcG9zaXRpb24gd2VyZSBub3QgYWxyZWFkeSBpbiBwbGFjZS4gVGhlICJjcnVuY2h5PGJy PnBlcmltZXRlciwgc29mdCBjZW50ZXIiIG1vZGVsIG9mIHNlY3VyaXR5IHdhcyBmbGF3ZWQgdG8g c3RhcnQgd2l0aDsgYW5kLCBldmVuPGJyPmluIHRob3NlIGFyZW5hcyB3aGVyZSBpdCB3YXMgb25j ZSBmYXNoaW9uYWJsZSwgaXQncyBzdGFydGluZyB0byBiZSBjb25zaWRlcmVkPGJyPmRhdGVkIChl LmcuLCBtdWNoIG9mIHRoZSB0cmFmZmljIGluc2lkZSBkYXRhIGNlbnRlcnMgaXMgc2VjdXJlZCB1 c2luZyBUTFMgLS08YnI+c2VlIHRoZSByZWNlbnQgZGlzY3Vzc2lvbnMgaW4gdGhlIFRMUyB3b3Jr aW5nIGdyb3VwIGZvciBldmlkZW5jZSBvZiB0aGlzPGJyPnNpdHVhdGlvbikuIE1vcmUgbm90YWJs eSwgdGhpcyAidW5jb25kaXRpb25hbGx5IHRydXN0ZWQgbmV0d29yayB6b25lIiBhcHByb2FjaDxi cj50byBzZWN1cml0eSBoYXMgbGVkIHRvIHNvbWUgc3BlY3RhY3VsYXIgZXhwbG9pdHMgcmVjZW50 bHkgKGNmLjxicj5odHRwczovL3d3dy53aXJlZC5jb20vMjAxNi8wNC90aGUtY3JpdGljYWwtaG9s ZS1hdC10aGUtaGVhcnQtb2YtY2VsbC1waG9uZS1pbmZyYXN0cnVjdHVyZS8pLjxicj5SYXRoZXIg dGhhbiBleHBsaWNpdGx5IGZvc3RlcmluZyB0aGlzIG1vZGVsLCB0aGUgc2VjdXJpdHkgc2VjdGlv biByZWFsbHkgbmVlZHM8YnI+dG8gbm9ybWF0aXZlbHkgZGlzYWxsb3cgaXQuPGJyPjxicj4obi5i LiwgSSByZXZpZXdlZCB2ZXJzaW9uIC0yMSBvZiB0aGUgZG9jdW1lbnQgLS0gYnV0IEkgZG9uJ3Qg ZmluZCB0aGUgY2hhbmdlczxicj5iZXR3ZWVuIHRoYXQgdmVyc2lvbiBhbmQgLTI0IHRvIGFkZHJl c3MgdGhlIGlzc3VlIEthdGhsZWVuIHJhaXNlcyk8YnI+PGJyPi0tLS08YnI+PGJyPlNlY3Rpb24g MyBzYXlzIHRoZSBmb2xsb3dpbmcgYWJvdXQgcmVjbGFzc2lmaWNhdGlvbiBiZWhhdmlvcjo8YnI+ PGJyPiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyBXaGVuIHRoZSBsb2dpY2Fs IGNsYXNzaWZpZXIgcGVyZm9ybXMgcmUtPGJyPiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNw OyZuYnNwOyBjbGFzc2lmaWNhdGlvbiB0aGF0IHJlc3VsdHMgaW4gYSBjaGFuZ2Ugb2Ygc2Vydmlj ZSBwYXRoLCBpdCBNVVNUPGJyPiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyBy ZXBsYWNlIHRoZSBleGlzdGluZyBOU0ggd2l0aCBhIG5ldyBOU0ggd2l0aCB0aGUgQmFzZSBIZWFk ZXIgYW5kPGJyPiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyBTZXJ2aWNlIFBh dGggSGVhZGVyIHJlZmxlY3RpbmcgdGhlIG5ldyBzZXJ2aWNlIHBhdGggaW5mb3JtYXRpb248YnI+ Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7IGFuZCBNVVNUIHNldCB0aGUgaW5p dGlhbCBTSS4mbmJzcDsgVGhlIE8gYml0LCBhcyB3ZWxsIGFzIHVuYXNzaWduZWQ8YnI+Jm5ic3A7 Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7IGZsYWdzLCBNVVNUIGJlIGNvcGllZCB0cmFu c3BhcmVudGx5IGZyb20gdGhlIG9sZCBOU0ggdG8gYSBuZXc8YnI+Jm5ic3A7Jm5ic3A7Jm5ic3A7 Jm5ic3A7Jm5ic3A7Jm5ic3A7IE5TSC4mbmJzcDsgTWV0YWRhdGEgTUFZIGJlIHByZXNlcnZlZCBp biB0aGUgbmV3IE5TSC48YnI+PGJyPkkgZG9uJ3Qgc2VlIGFueXRoaW5nIGhlcmUgYWJvdXQgY29w eWluZyB0aGUgVFRMLiBJZiB0aGUgVFRMIGlzbid0IGNvcGllZCwgeW91PGJyPmNhbiBlbmQgdXAg d2l0aCBhIHN0YWJsZSAoYW5kIHVuZW5kaW5nKSBsb29wIGludm9sdmluZyB0d28gY2xhc3NpZmll cnMgKHdoaWNoPGJyPnNlZW1zIGV2ZW4gbW9yZSBkYW1hZ2luZyB0aGFuIHVzdWFsLCBhcyB0aGUg U0kgdmFsdWUgd29uJ3QgZ2VuZXJhbGx5IHN1cnZpdmUgYTxicj5yZWNsYXNzaWZpY2F0aW9uLCBy aWdodD8pLiBJIHdvdWxkIHN1Z2dlc3QgYWRkaW5nICJUVEwiIHRvIHRoZSBsaXN0IG9mIHRoaW5n czxicj50aGF0IE1VU1QgYmUgY29waWVkIHdoZW4gcmVjbGFzc2lmaWNhdGlvbiBvY2N1cnMuPGJy Pjxicj48YnI+PC9ib2R5PjwvaHRtbD4= ----_com.samsung.android.email_17132926071637870-- From nobody Wed Sep 27 19:02:41 2017 Return-Path: X-Original-To: sfc@ietf.org Delivered-To: sfc@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id A2FE613232C; Wed, 27 Sep 2017 19:02:33 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: Ben Campbell To: "The IESG" Cc: draft-ietf-sfc-nsh@ietf.org, "Joel M. Halpern" , sfc-chairs@ietf.org, jmh@joelhalpern.com, sfc@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 6.62.1 Auto-Submitted: auto-generated Precedence: bulk Message-ID: <150656415366.13695.13637551894724173929.idtracker@ietfa.amsl.com> Date: Wed, 27 Sep 2017 19:02:33 -0700 Archived-At: Subject: [sfc] Ben Campbell's No Objection on draft-ietf-sfc-nsh-24: (with COMMENT) X-BeenThere: sfc@ietf.org X-Mailman-Version: 2.1.22 List-Id: Network Service Chaining List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 Sep 2017 02:02:33 -0000 Ben Campbell has entered the following ballot position for draft-ietf-sfc-nsh-24: No Objection When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-sfc-nsh/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- Substantive: - General: This is a mechanism to add metadata to user flows. There is very little discussion about how that metadata may relate to the application layer payloads. It's likely that some of those payloads will be encrypted by the user in an attempt to control what information is shared with middleboxes. I'd like to see some discussion about how this relates to the guidance in RFC 8165. (Note: I am on the fence about whether this should be a DISCUSS. But since "on the fence" is probably insufficient grounds for a DISCUSS, I'm leaving it as a comment.) - General: I support Kathleen's DISCUSS points concerning integrity protection. The document leaves that up to the transporting protocol. I think it's reasonable to recommend that that protocol at least default to providing integrity protection unless there's a good reason not to. -2.2, "version": How is the version field to be used by consumers? That is, what should a recipient do if the field contains a version number it doesn't support/recognize? -2.2, MD type 0x0: "Implementations SHOULD silently discard packets with MD Type 0x0." Why not MUST? -- MD type 0xF: "Implementations not explicitly configured to be part of an experiment SHOULD silently discard packets with MD Type 0xF." Why not MUST? -2.2, Next Protocol Values: Why are there 2 experimental values? (as opposed to 1, or, well, 3). -2.3, last paragraph (and several other places): This draft seems to take a position that a failed SFP means the service level flow fails. Are there no use cases where delivery of the service flow is critical and should happen even if the chain of middleboxes fails? -2.4, paragraph starting with "An SFC-aware SF MUST receive the data semantics..." I'm not sure what the intent of this paragraph is. Is that MUST really a statement of fact? Or is there really and expectation of an out-of-band delivery of some semantic definition? -3, list item 1: "A service classifier MUST insert an NSH at the start of an SFP." What if an initial classifier receives a packet that already has an NSH? Can multiple NSHs be stacked? -7.1, last paragraph: "Depending on the information carried in the metadata, data privacy considerations may need to be considered. " "may need to be considered" is weak sauce. Data privacy always needs to be considered, even if the _output_ of that consideration is that there is nothing sensitive being carried. Please consider dropping the "may". Also, this seems like an odd place to bury a privacy discussion. Please consider moving this to a "Privacy Considerations" section. -8, first paragraph: It seems like insider attacks are worth at least a mention when discussing a single operator environment as a mitigator against attacks. -8.1, 2nd paragraph: This doesn't seem like a single operator scenario, in the sense that part of the flow crosses a network that is not controlled by that operator. -8.3, 4th paragraph: Please elaborate on what is meant by "obfuscating" subscriber identifying information (as opposed to "encrypting" or "leaving it out in the first place".) Editorial: -2.2, "O bit", last paragraph: "The configurable parameter MUST be disabled by default." Does "disabled" mean "unset" (or "set to zero")? -2.2, "unassigned bits": "At reception, all elements MUST NOT modify their actions based on these unknown bits." Isn't that MUST NOT just a restatement of the "MUST ignore" from the previous sentence? There's no problem with reinforcing a point, but there shouldn't be multiple instances of the same 2119 requirement. Also, would logging a warning violate the "MUST NOT modify their actions/MUST ignore" requirement? -8, first paragraph: "NSH is designed for use within operator environments." Is there a missing "single" before "operator"? From nobody Wed Sep 27 19:45:31 2017 Return-Path: X-Original-To: sfc@ietfa.amsl.com Delivered-To: sfc@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9D1321344EC; Wed, 27 Sep 2017 19:45:23 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.7 X-Spam-Level: X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=joelhalpern.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nXz6-1HuQ0w6; Wed, 27 Sep 2017 19:45:21 -0700 (PDT) Received: from maila2.tigertech.net (maila2.tigertech.net [208.80.4.152]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CE5E713525E; Wed, 27 Sep 2017 19:45:21 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by maila2.tigertech.net (Postfix) with ESMTP id B52F32405F3; Wed, 27 Sep 2017 19:45:21 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=joelhalpern.com; s=1.tigertech; t=1506566721; bh=b9Sx8kHMcqunvsG3iM800kzcwx9jMfAEroMpJ7gNOIs=; h=Subject:To:Cc:References:From:Date:In-Reply-To:From; b=XtivV5Hb8VUZu8ehB9yme/0XcR+YLy/8myLWNGGkoJ9wl2LlULDFUg56VZnN3ecGr jZI10OzsjCuh7NbgCOIy4beWoxiNsm5saXgTFwHDMzjdnWRGMjy0l0ICqD0zCLKqlL 1NHzirzjRtVsdmTD+YPBILqy/dI6tLT4wC03vnKA= X-Virus-Scanned: Debian amavisd-new at maila2.tigertech.net Received: from Joels-MacBook-Pro.local (unknown [50.225.209.67]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by maila2.tigertech.net (Postfix) with ESMTPSA id 9496E2403A9; Wed, 27 Sep 2017 19:45:20 -0700 (PDT) To: Ben Campbell , The IESG Cc: draft-ietf-sfc-nsh@ietf.org, "Joel M. Halpern" , sfc-chairs@ietf.org, sfc@ietf.org References: <150656415366.13695.13637551894724173929.idtracker@ietfa.amsl.com> From: "Joel M. Halpern" Message-ID: <393cb3d3-687f-f092-435c-b95f207236cd@joelhalpern.com> Date: Wed, 27 Sep 2017 22:45:19 -0400 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:52.0) Gecko/20100101 Thunderbird/52.3.0 MIME-Version: 1.0 In-Reply-To: <150656415366.13695.13637551894724173929.idtracker@ietfa.amsl.com> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit Archived-At: Subject: Re: [sfc] Ben Campbell's No Objection on draft-ietf-sfc-nsh-24: (with COMMENT) - Encrypted content X-BeenThere: sfc@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Network Service Chaining List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 Sep 2017 02:45:24 -0000 Ben, I am really not clear on what to do with your comment about encrypted content. Nothing in this work enables or promotes operators breaking encryption (an earlier version had a line that incorrectly suggested such.) The metadata is used to mark what the operator wants to know about the packet. Even for encrypted content, the operator may need to knwo the ssubscriber ID. For encrypted content, the operator might (or might not) choose to put metadata indicating the the content is uninterpretable (if he decides it is uninterpretable.) Clearly, he can not put on infomration about the encrypted information, as he does not see that. I can not figure out where we would say something like that, or why we would say it. Yours, Joel On 9/27/17 10:02 PM, Ben Campbell wrote: > Ben Campbell has entered the following ballot position for > draft-ietf-sfc-nsh-24: No Objection > > When responding, please keep the subject line intact and reply to all > email addresses included in the To and CC lines. (Feel free to cut this > introductory paragraph, however.) > > > Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html > for more information about IESG DISCUSS and COMMENT positions. > > > The document, along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/draft-ietf-sfc-nsh/ > > > > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > Substantive: > > - General: This is a mechanism to add metadata to user flows. There is very > little discussion about how that metadata may relate to the application layer > payloads. It's likely that some of those payloads will be encrypted by the user > in an attempt to control what information is shared with middleboxes. I'd like > to see some discussion about how this relates to the guidance in RFC 8165. > (Note: I am on the fence about whether this should be a DISCUSS. But since "on > the fence" is probably insufficient grounds for a DISCUSS, I'm leaving it as a > comment.) > > - General: I support Kathleen's DISCUSS points concerning integrity protection. > The document leaves that up to the transporting protocol. I think it's > reasonable to recommend that that protocol at least default to providing > integrity protection unless there's a good reason not to. > > -2.2, "version": How is the version field to be used by consumers? That is, > what should a recipient do if the field contains a version number it doesn't > support/recognize? > > -2.2, MD type 0x0: "Implementations SHOULD silently > discard packets with MD Type 0x0." > Why not MUST? > > -- MD type 0xF: "Implementations not explicitly configured to be part of > an experiment SHOULD silently discard packets with MD Type 0xF." > Why not MUST? > > -2.2, Next Protocol Values: > Why are there 2 experimental values? (as opposed to 1, or, well, 3). > > -2.3, last paragraph (and several other places): > This draft seems to take a position that a failed SFP means the service level > flow fails. Are there no use cases where delivery of the service flow is > critical and should happen even if the chain of middleboxes fails? > > -2.4, paragraph starting with "An SFC-aware SF MUST receive the data > semantics..." I'm not sure what the intent of this paragraph is. Is that MUST > really a statement of fact? Or is there really and expectation of an > out-of-band delivery of some semantic definition? > > -3, list item 1: "A service classifier MUST insert an NSH at the start of an > SFP." What if an initial classifier receives a packet that already has an NSH? > Can multiple NSHs be stacked? > > -7.1, last paragraph: "Depending on the information carried in the metadata, > data privacy > considerations may need to be considered. " > "may need to be considered" is weak sauce. Data privacy always needs to be > considered, even if the _output_ of that consideration is that there is nothing > sensitive being carried. Please consider dropping the "may". > > Also, this seems like an odd place to bury a privacy discussion. Please > consider moving this to a "Privacy Considerations" section. > > -8, first paragraph: > It seems like insider attacks are worth at least a mention when discussing a > single operator environment as a mitigator against attacks. > > -8.1, 2nd paragraph: > This doesn't seem like a single operator scenario, in the sense that part of > the flow crosses a network that is not controlled by that operator. > > -8.3, 4th paragraph: Please elaborate on what is meant by "obfuscating" > subscriber identifying information (as opposed to "encrypting" or "leaving it > out in the first place".) > > Editorial: > > -2.2, "O bit", last paragraph: "The configurable parameter MUST be > disabled by default." > Does "disabled" mean "unset" (or "set to zero")? > > -2.2, "unassigned bits": "At reception, all > elements MUST NOT modify their actions based on these unknown bits." > Isn't that MUST NOT just a restatement of the "MUST ignore" from the previous > sentence? There's no problem with reinforcing a point, but there shouldn't be > multiple instances of the same 2119 requirement. Also, would logging a warning > violate the "MUST NOT modify their actions/MUST ignore" requirement? > > -8, first paragraph: "NSH is designed for use within operator environments." > Is there a missing "single" before "operator"? > > From nobody Wed Sep 27 20:01:03 2017 Return-Path: X-Original-To: sfc@ietf.org Delivered-To: sfc@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 10500135266; Wed, 27 Sep 2017 20:01:01 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: Eric Rescorla To: "The IESG" Cc: draft-ietf-sfc-nsh@ietf.org, "Joel M. Halpern" , sfc-chairs@ietf.org, jmh@joelhalpern.com, sfc@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 6.62.1 Auto-Submitted: auto-generated Precedence: bulk Message-ID: <150656766105.13740.10127057899137745873.idtracker@ietfa.amsl.com> Date: Wed, 27 Sep 2017 20:01:01 -0700 Archived-At: Subject: [sfc] Eric Rescorla's Discuss on draft-ietf-sfc-nsh-24: (with DISCUSS and COMMENT) X-BeenThere: sfc@ietf.org X-Mailman-Version: 2.1.22 List-Id: Network Service Chaining List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 Sep 2017 03:01:01 -0000 Eric Rescorla has entered the following ballot position for draft-ietf-sfc-nsh-24: Discuss When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-sfc-nsh/ ---------------------------------------------------------------------- DISCUSS: ---------------------------------------------------------------------- I concur with Kathleen's DISCUSS. To state my view of things: 1. The assumption that the datacenter is a secure environment is not a reasonable one. As Kathleen and Adam both observer, datacenter breaches are common and that is why people are moving towards encryption inside the data center. I see that this draft has text claiming that this is only to be deployed in safe environments, but we know that technologies like this get deployed outside the locations for which we claim they are to be deployed, and there's nothing here to stop that. Moreover, the whole trend towards cloud computing pushes us away from designs in which you can safely talk about single secure zones. 2. The text in S 8.1 about how you might want to use some kind of transport security does not seem sufficient. As above, we know that if we don't specify something, people will deploy this technology in insecure settings without any kind of security. I concur with Kathleen's point that this document should provide built-in security mechanisms rather than just punting to the under-layer. Given that as S 1 makes clear, all these SFs are part of the same administrative domain, this seems like a comparatively less challenging setting. If there is some reason why that's infeasible, that needs to be explained. ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- Line 143 | Original Packet / Frame | +------------------------------+ Nit: I would have expected this stack to go the other way, with TE on the bottom. Line 165 overlay domain using virtual connections and tunnels. A corollary is that a network administrative domain has a well defined perimeter. This is not a reasonable assumption in modern datacenter environments, especially if you have virtualized services. Line 372 1 prior to NSH forwarding lookup. Decrementing by 1 from an incoming value of 0 shall result in a TTL value of 63. The packet MUST NOT be forwarded if TTL is, after decrement, 0. I am having trouble following this, Is the point that I can emit a packet with TTL 0, which is effectively TTL 64? Line 375 This TTL field is the primary loop prevention This TTL mechanism represents a robust complement to the Service Index, as the TTL is Nit: "prevention mechanism. This"? Line 379 better, although not perfect, interoperation with pre-standard implementations that do not support this TTL field. This point would be clearer if it were made before the rule about decrement. Line 403 0x0 - This is a reserved value. Implementations SHOULD silently discard packets with MD Type 0x0. Why is this a SHOULD and not a MUST? That seems like it will create potential interop problems. Line 651 encapsulated packet. It is therefore the last node operating on the service header. Can you also nest NSHs? From nobody Wed Sep 27 21:16:11 2017 Return-Path: X-Original-To: sfc@ietfa.amsl.com Delivered-To: sfc@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7ACB01352B7; Wed, 27 Sep 2017 21:16:03 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.879 X-Spam-Level: X-Spam-Status: No, score=-1.879 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, T_SPF_HELO_PERMERROR=0.01, T_SPF_PERMERROR=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4MS6epBadkLS; Wed, 27 Sep 2017 21:15:55 -0700 (PDT) Received: from nostrum.com (raven-v6.nostrum.com [IPv6:2001:470:d:1130::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 95F4A1352F2; Wed, 27 Sep 2017 21:15:04 -0700 (PDT) Received: from [10.0.1.82] (cpe-66-25-7-22.tx.res.rr.com [66.25.7.22]) (authenticated bits=0) by nostrum.com (8.15.2/8.15.2) with ESMTPSA id v8S4F3UC022358 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO); Wed, 27 Sep 2017 23:15:03 -0500 (CDT) (envelope-from ben@nostrum.com) X-Authentication-Warning: raven.nostrum.com: Host cpe-66-25-7-22.tx.res.rr.com [66.25.7.22] claimed to be [10.0.1.82] From: Ben Campbell Message-Id: Content-Type: multipart/signed; boundary="Apple-Mail=_674BC2C9-59F5-4746-BA03-E5B8890658D2"; protocol="application/pgp-signature"; micalg=pgp-sha512 Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\)) Date: Wed, 27 Sep 2017 23:15:02 -0500 In-Reply-To: <393cb3d3-687f-f092-435c-b95f207236cd@joelhalpern.com> Cc: The IESG , draft-ietf-sfc-nsh@ietf.org, sfc-chairs@ietf.org, sfc@ietf.org To: "Joel M. Halpern" References: <150656415366.13695.13637551894724173929.idtracker@ietfa.amsl.com> <393cb3d3-687f-f092-435c-b95f207236cd@joelhalpern.com> X-Mailer: Apple Mail (2.3273) Archived-At: Subject: Re: [sfc] Ben Campbell's No Objection on draft-ietf-sfc-nsh-24: (with COMMENT) - Encrypted content X-BeenThere: sfc@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Network Service Chaining List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 Sep 2017 04:16:04 -0000 --Apple-Mail=_674BC2C9-59F5-4746-BA03-E5B8890658D2 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 Hi Joel, On reflection, the =E2=80=9Cencrypted payload=E2=80=9D part may be a red = herring. Let me generalize that to =E2=80=9Cwithheld information=E2=80=9D.= As you mention, the metadata marks what the operator wants to know = about a packet, but that may sometimes conflict with what the user = doesn=E2=80=99t want to them to know. Here=E2=80=99s an example: Lets consider an end user that doesn't want to be tracked for = advertising purposes. They block certain tracking cookies and anything = else that shows continuity of identity to web servers. But as you = mention, the operator needs or wants to know the subscriber ID, so the = classifier adds that to the NSH.. The terminal element in the chain = happens to be a web service that uses the NSH contents to track the user = for advertising purposes. You may recall a controversy a while back = about a major operator doing something similar using HTTP header = enrichment. I think the answer to this for this particular case is that the NSH is = assumed not to go outside a single administrative domain, and that all = elements in the same domain can be assumed to have access to the same = information. That is, the NSH is just a convenient way to transfer = metadata they could pass in other ways. While the user may not be = consoled by the fact that the web service tracking them belongs to the = same company as their access network, the use of the NSH doesn=E2=80=99t = add an issue that couldn=E2=80=99t already exist. (This suggests that = the idea of a single operator environment may be considerably more = complex that the draft makes it sound, but I don=E2=80=99t see much to = do about that.) So I guess what I am asking for is some text that recognizes that users = have an interest in metadata minimization, and some suggestion that = operators keep that in mind, and not add metadata beyond the minimum = needed to make the SFP function correctly. (To bring encryption back into the picture, one can probably construct = similar cases involving VPNs=E2=80=94for example services that add the = original source IP address as metadata to a VPN flow.) Thanks! Ben. > On Sep 27, 2017, at 9:45 PM, Joel M. Halpern = wrote: >=20 > Ben, I am really not clear on what to do with your comment about = encrypted content. >=20 > Nothing in this work enables or promotes operators breaking encryption = (an earlier version had a line that incorrectly suggested such.) > The metadata is used to mark what the operator wants to know about the = packet. Even for encrypted content, the operator may need to knwo the = ssubscriber ID. For encrypted content, the operator might (or might = not) choose to put metadata indicating the the content is = uninterpretable (if he decides it is uninterpretable.) Clearly, he can = not put on infomration about the encrypted information, as he does not = see that. > I can not figure out where we would say something like that, or why we = would say it. >=20 > Yours, > Joel >=20 > On 9/27/17 10:02 PM, Ben Campbell wrote: >> Ben Campbell has entered the following ballot position for >> draft-ietf-sfc-nsh-24: No Objection >> When responding, please keep the subject line intact and reply to all >> email addresses included in the To and CC lines. (Feel free to cut = this >> introductory paragraph, however.) >> Please refer to = https://www.ietf.org/iesg/statement/discuss-criteria.html >> for more information about IESG DISCUSS and COMMENT positions. >> The document, along with other ballot positions, can be found here: >> https://datatracker.ietf.org/doc/draft-ietf-sfc-nsh/ >> = ---------------------------------------------------------------------- >> COMMENT: >> = ---------------------------------------------------------------------- >> Substantive: >> - General: This is a mechanism to add metadata to user flows. There = is very >> little discussion about how that metadata may relate to the = application layer >> payloads. It's likely that some of those payloads will be encrypted = by the user >> in an attempt to control what information is shared with middleboxes. = I'd like >> to see some discussion about how this relates to the guidance in RFC = 8165. >> (Note: I am on the fence about whether this should be a DISCUSS. But = since "on >> the fence" is probably insufficient grounds for a DISCUSS, I'm = leaving it as a >> comment.) >> - General: I support Kathleen's DISCUSS points concerning integrity = protection. >> The document leaves that up to the transporting protocol. I think = it's >> reasonable to recommend that that protocol at least default to = providing >> integrity protection unless there's a good reason not to. >> -2.2, "version": How is the version field to be used by consumers? = That is, >> what should a recipient do if the field contains a version number it = doesn't >> support/recognize? >> -2.2, MD type 0x0: "Implementations SHOULD silently >> discard packets with MD Type 0x0." >> Why not MUST? >> -- MD type 0xF: "Implementations not explicitly configured to be part = of >> an experiment SHOULD silently discard packets with MD Type 0xF." >> Why not MUST? >> -2.2, Next Protocol Values: >> Why are there 2 experimental values? (as opposed to 1, or, well, 3). >> -2.3, last paragraph (and several other places): >> This draft seems to take a position that a failed SFP means the = service level >> flow fails. Are there no use cases where delivery of the service flow = is >> critical and should happen even if the chain of middleboxes fails? >> -2.4, paragraph starting with "An SFC-aware SF MUST receive the data >> semantics..." I'm not sure what the intent of this paragraph is. Is = that MUST >> really a statement of fact? Or is there really and expectation of an >> out-of-band delivery of some semantic definition? >> -3, list item 1: "A service classifier MUST insert an NSH at the = start of an >> SFP." What if an initial classifier receives a packet that already = has an NSH? >> Can multiple NSHs be stacked? >> -7.1, last paragraph: "Depending on the information carried in the = metadata, >> data privacy >> considerations may need to be considered. " >> "may need to be considered" is weak sauce. Data privacy always needs = to be >> considered, even if the _output_ of that consideration is that there = is nothing >> sensitive being carried. Please consider dropping the "may". >> Also, this seems like an odd place to bury a privacy discussion. = Please >> consider moving this to a "Privacy Considerations" section. >> -8, first paragraph: >> It seems like insider attacks are worth at least a mention when = discussing a >> single operator environment as a mitigator against attacks. >> -8.1, 2nd paragraph: >> This doesn't seem like a single operator scenario, in the sense that = part of >> the flow crosses a network that is not controlled by that operator. >> -8.3, 4th paragraph: Please elaborate on what is meant by = "obfuscating" >> subscriber identifying information (as opposed to "encrypting" or = "leaving it >> out in the first place".) >> Editorial: >> -2.2, "O bit", last paragraph: "The configurable parameter MUST be >> disabled by default." >> Does "disabled" mean "unset" (or "set to zero")? >> -2.2, "unassigned bits": "At reception, all >> elements MUST NOT modify their actions based on these unknown = bits." >> Isn't that MUST NOT just a restatement of the "MUST ignore" from the = previous >> sentence? There's no problem with reinforcing a point, but there = shouldn't be >> multiple instances of the same 2119 requirement. Also, would logging = a warning >> violate the "MUST NOT modify their actions/MUST ignore" requirement? >> -8, first paragraph: "NSH is designed for use within operator = environments." >> Is there a missing "single" before "operator"? --Apple-Mail=_674BC2C9-59F5-4746-BA03-E5B8890658D2 Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQIcBAEBCgAGBQJZzHdGAAoJEIBWSmyV89QNX2wP/126RJ6o5T+/cm7jQF5OOZ/l wD19fCGOFGKrUJbaJW2hXXt3Scn/9VuwblcpweJWHcYCpg2Vn6y4wb+YhR6eWkIn 4zVR4A8djOnG5hN2NU9Wc+qTZOpYfKuwDiS956akRKJOFpL4g1qQ/CwkdL/xnAfk XAadwkK9SMkdwiKDwf3xAtrsBbdioOKnlrwkDN0WEWY2lS6H57z+RU+u0HU7AnAz Lhc1ofwxuloIyRdXrdCKwkMbl0eOgunre1JTcVaO2z9t3XhU/NkdCNUTmzuVx/rz BuD1lHdk1viF8M5qNnxAIrhKdJqkAy36qPqj8KgQsq9tEmBnwPZ+/DHLiRPuc5t0 lJmCsJ3RYMcIiozSh7KYZtxNlnfEefreCHp0uWpyzomROuGcUblPFWqOtnGdRDPV 4LLxVBBqzUZzISKLcxcpzlbCY18ioHPHpYu+cgqPdkyamd25a2UUXMU/uptDtT4e vJ58V/jc6kqoUXT2PSaryEc3v7OBhEk/k/VElOFgU0ZVW/Y6vvlkRHJh2V1YOA3V +wjfnPI38BDKiGHuRVfO6IFt/R1zE5KkuPMAMiPVbo0gacDEfKPak0S6rJtu+eZn tIwcmI2pj4fGRN0p44cmPJfSUEVirPZN+UlGlYdpumFfi07xVVowkoq27H++9ORz fMa/b0Vx3QgnjPwnSnEw =bT7H -----END PGP SIGNATURE----- --Apple-Mail=_674BC2C9-59F5-4746-BA03-E5B8890658D2-- From nobody Wed Sep 27 21:38:19 2017 Return-Path: X-Original-To: sfc@ietfa.amsl.com Delivered-To: sfc@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5F0511352B6; Wed, 27 Sep 2017 21:38:11 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.7 X-Spam-Level: X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=joelhalpern.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uc8Sruk1Ct6Q; Wed, 27 Sep 2017 21:38:09 -0700 (PDT) Received: from maila2.tigertech.net (maila2.tigertech.net [208.80.4.152]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 018DF1352B1; Wed, 27 Sep 2017 21:38:07 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by maila2.tigertech.net (Postfix) with ESMTP id D282BA800D4; Wed, 27 Sep 2017 21:38:07 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=joelhalpern.com; s=1.tigertech; t=1506573487; bh=+1vJ6U95MLtupw41yaFE/e1r+rrcLriumqi3bHFZ8vc=; h=Subject:To:Cc:References:From:Date:In-Reply-To:From; b=RhOjGy0WXEwGfkmlCKr0IOc4Fqvy6ML6qEqQvDrNLH9BXVR7wutZR7x4K5wkQ5TPq 47GcLpAjpQmqycJ0VgdcC+PA4KrJkh+Kwf/onDJL2jAKdjbxzU9yeqX+dvXtv/KQ8n kXvoNnwISNQ9nvls4cn1nItxmnC8szK1QLSYQHz8= X-Virus-Scanned: Debian amavisd-new at maila2.tigertech.net Received: from Joels-MacBook-Pro.local (unknown [50.225.209.67]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by maila2.tigertech.net (Postfix) with ESMTPSA id CC3F8245B9A; Wed, 27 Sep 2017 21:38:06 -0700 (PDT) To: Ben Campbell Cc: The IESG , draft-ietf-sfc-nsh@ietf.org, sfc-chairs@ietf.org, sfc@ietf.org References: <150656415366.13695.13637551894724173929.idtracker@ietfa.amsl.com> <393cb3d3-687f-f092-435c-b95f207236cd@joelhalpern.com> From: "Joel M. Halpern" Message-ID: <1f7a5fe1-e6f7-786c-f50d-3abf732fae5a@joelhalpern.com> Date: Thu, 28 Sep 2017 00:38:05 -0400 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:52.0) Gecko/20100101 Thunderbird/52.3.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 8bit Archived-At: Subject: Re: [sfc] Ben Campbell's No Objection on draft-ietf-sfc-nsh-24: (with COMMENT) - Encrypted content X-BeenThere: sfc@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Network Service Chaining List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 Sep 2017 04:38:12 -0000 As far as I can tell, the key is the text in the middle where you note that this is all information that is available to the operator. There are all sorts of ways they can collect this information already, for use within their domain. The only viable solution to preventing the operator from having information you don't want is to not tell them. Which is why HTTPS, while not perfect, is useful. And is being used more. For example, an operator running CG Nat could collect the subscriber information (subscriber ID and currently used IP address). They can collect their NAT bindings. And they can sell that correlation to a third party. None of that requires or makes any use of NSH. The point of NSH is to make it practical for the operator to use disassembled functions where currently he must use integrated monoliths. So, for example, in the same CGNat scenario, with NSH the operator can mark the subscribe ID in the metadata so that he can apply subscriber policy in separate service functions, rather than requiring that they be tightly coupled to ingress device that knows who the subscriber is. This ability to decompose is being asked for by operators all over the place. (For those looking to place this is the buzzword spectrum, this is different from micro-services, although service chaining can be used along with micro-service architectures.) If you have specific text you can suggest on minimization, we can presumably add it. I don't think any of us disagree with the idea. It is clearly not something we can enforce. So I don't know how much good it will do. Yours, Joel On 9/28/17 12:15 AM, Ben Campbell wrote: > Hi Joel, > > On reflection, the “encrypted payload” part may be a red herring. Let me generalize that to “withheld information”. As you mention, the metadata marks what the operator wants to know about a packet, but that may sometimes conflict with what the user doesn’t want to them to know. Here’s an example: > > Lets consider an end user that doesn't want to be tracked for advertising purposes. They block certain tracking cookies and anything else that shows continuity of identity to web servers. But as you mention, the operator needs or wants to know the subscriber ID, so the classifier adds that to the NSH.. The terminal element in the chain happens to be a web service that uses the NSH contents to track the user for advertising purposes. You may recall a controversy a while back about a major operator doing something similar using HTTP header enrichment. > > I think the answer to this for this particular case is that the NSH is assumed not to go outside a single administrative domain, and that all elements in the same domain can be assumed to have access to the same information. That is, the NSH is just a convenient way to transfer metadata they could pass in other ways. While the user may not be consoled by the fact that the web service tracking them belongs to the same company as their access network, the use of the NSH doesn’t add an issue that couldn’t already exist. (This suggests that the idea of a single operator environment may be considerably more complex that the draft makes it sound, but I don’t see much to do about that.) > > So I guess what I am asking for is some text that recognizes that users have an interest in metadata minimization, and some suggestion that operators keep that in mind, and not add metadata beyond the minimum needed to make the SFP function correctly. > > (To bring encryption back into the picture, one can probably construct similar cases involving VPNs—for example services that add the original source IP address as metadata to a VPN flow.) > > Thanks! > > Ben. > >> On Sep 27, 2017, at 9:45 PM, Joel M. Halpern wrote: >> >> Ben, I am really not clear on what to do with your comment about encrypted content. >> >> Nothing in this work enables or promotes operators breaking encryption (an earlier version had a line that incorrectly suggested such.) >> The metadata is used to mark what the operator wants to know about the packet. Even for encrypted content, the operator may need to knwo the ssubscriber ID. For encrypted content, the operator might (or might not) choose to put metadata indicating the the content is uninterpretable (if he decides it is uninterpretable.) Clearly, he can not put on infomration about the encrypted information, as he does not see that. >> I can not figure out where we would say something like that, or why we would say it. >> >> Yours, >> Joel >> >> On 9/27/17 10:02 PM, Ben Campbell wrote: >>> Ben Campbell has entered the following ballot position for >>> draft-ietf-sfc-nsh-24: No Objection >>> When responding, please keep the subject line intact and reply to all >>> email addresses included in the To and CC lines. (Feel free to cut this >>> introductory paragraph, however.) >>> Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html >>> for more information about IESG DISCUSS and COMMENT positions. >>> The document, along with other ballot positions, can be found here: >>> https://datatracker.ietf.org/doc/draft-ietf-sfc-nsh/ >>> ---------------------------------------------------------------------- >>> COMMENT: >>> ---------------------------------------------------------------------- >>> Substantive: >>> - General: This is a mechanism to add metadata to user flows. There is very >>> little discussion about how that metadata may relate to the application layer >>> payloads. It's likely that some of those payloads will be encrypted by the user >>> in an attempt to control what information is shared with middleboxes. I'd like >>> to see some discussion about how this relates to the guidance in RFC 8165. >>> (Note: I am on the fence about whether this should be a DISCUSS. But since "on >>> the fence" is probably insufficient grounds for a DISCUSS, I'm leaving it as a >>> comment.) >>> - General: I support Kathleen's DISCUSS points concerning integrity protection. >>> The document leaves that up to the transporting protocol. I think it's >>> reasonable to recommend that that protocol at least default to providing >>> integrity protection unless there's a good reason not to. >>> -2.2, "version": How is the version field to be used by consumers? That is, >>> what should a recipient do if the field contains a version number it doesn't >>> support/recognize? >>> -2.2, MD type 0x0: "Implementations SHOULD silently >>> discard packets with MD Type 0x0." >>> Why not MUST? >>> -- MD type 0xF: "Implementations not explicitly configured to be part of >>> an experiment SHOULD silently discard packets with MD Type 0xF." >>> Why not MUST? >>> -2.2, Next Protocol Values: >>> Why are there 2 experimental values? (as opposed to 1, or, well, 3). >>> -2.3, last paragraph (and several other places): >>> This draft seems to take a position that a failed SFP means the service level >>> flow fails. Are there no use cases where delivery of the service flow is >>> critical and should happen even if the chain of middleboxes fails? >>> -2.4, paragraph starting with "An SFC-aware SF MUST receive the data >>> semantics..." I'm not sure what the intent of this paragraph is. Is that MUST >>> really a statement of fact? Or is there really and expectation of an >>> out-of-band delivery of some semantic definition? >>> -3, list item 1: "A service classifier MUST insert an NSH at the start of an >>> SFP." What if an initial classifier receives a packet that already has an NSH? >>> Can multiple NSHs be stacked? >>> -7.1, last paragraph: "Depending on the information carried in the metadata, >>> data privacy >>> considerations may need to be considered. " >>> "may need to be considered" is weak sauce. Data privacy always needs to be >>> considered, even if the _output_ of that consideration is that there is nothing >>> sensitive being carried. Please consider dropping the "may". >>> Also, this seems like an odd place to bury a privacy discussion. Please >>> consider moving this to a "Privacy Considerations" section. >>> -8, first paragraph: >>> It seems like insider attacks are worth at least a mention when discussing a >>> single operator environment as a mitigator against attacks. >>> -8.1, 2nd paragraph: >>> This doesn't seem like a single operator scenario, in the sense that part of >>> the flow crosses a network that is not controlled by that operator. >>> -8.3, 4th paragraph: Please elaborate on what is meant by "obfuscating" >>> subscriber identifying information (as opposed to "encrypting" or "leaving it >>> out in the first place".) >>> Editorial: >>> -2.2, "O bit", last paragraph: "The configurable parameter MUST be >>> disabled by default." >>> Does "disabled" mean "unset" (or "set to zero")? >>> -2.2, "unassigned bits": "At reception, all >>> elements MUST NOT modify their actions based on these unknown bits." >>> Isn't that MUST NOT just a restatement of the "MUST ignore" from the previous >>> sentence? There's no problem with reinforcing a point, but there shouldn't be >>> multiple instances of the same 2119 requirement. Also, would logging a warning >>> violate the "MUST NOT modify their actions/MUST ignore" requirement? >>> -8, first paragraph: "NSH is designed for use within operator environments." >>> Is there a missing "single" before "operator"? > From nobody Wed Sep 27 23:25:06 2017 Return-Path: X-Original-To: sfc@ietfa.amsl.com Delivered-To: sfc@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9D91D1321CB; Wed, 27 Sep 2017 23:25:04 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.618 X-Spam-Level: X-Spam-Status: No, score=-2.618 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oRUXJiZnJbDN; Wed, 27 Sep 2017 23:25:02 -0700 (PDT) Received: from relais-inet.orange.com (mta134.mail.business.static.orange.com [80.12.70.34]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 96C89126B7E; Wed, 27 Sep 2017 23:25:02 -0700 (PDT) Received: from opfednr06.francetelecom.fr (unknown [xx.xx.xx.70]) by opfednr23.francetelecom.fr (ESMTP service) with ESMTP id 13BA1C07E2; Thu, 28 Sep 2017 08:25:01 +0200 (CEST) Received: from Exchangemail-eme2.itn.ftgroup (unknown [xx.xx.31.61]) by opfednr06.francetelecom.fr (ESMTP service) with ESMTP id D32C41A0057; Thu, 28 Sep 2017 08:25:00 +0200 (CEST) Received: from OPEXCLILMA3.corporate.adroot.infra.ftgroup ([fe80::60a9:abc3:86e6:2541]) by OPEXCLILM7E.corporate.adroot.infra.ftgroup ([fe80::b91c:ea2c:ac8a:7462%19]) with mapi id 14.03.0361.001; Thu, 28 Sep 2017 08:25:00 +0200 From: To: Ben Campbell , "Joel M. Halpern" CC: "draft-ietf-sfc-nsh@ietf.org" , "sfc-chairs@ietf.org" , The IESG , "sfc@ietf.org" Thread-Topic: [sfc] Ben Campbell's No Objection on draft-ietf-sfc-nsh-24: (with COMMENT) - Encrypted content Thread-Index: AQHTOAPZIR8RCzGWz0O+T4ltduRPA6LJjycAgABFaTA= Date: Thu, 28 Sep 2017 06:24:59 +0000 Message-ID: <787AE7BB302AE849A7480A190F8B93300A04B418@OPEXCLILMA3.corporate.adroot.infra.ftgroup> References: <150656415366.13695.13637551894724173929.idtracker@ietfa.amsl.com> <393cb3d3-687f-f092-435c-b95f207236cd@joelhalpern.com> In-Reply-To: Accept-Language: fr-FR, en-US Content-Language: fr-FR X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.168.234.1] Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 MIME-Version: 1.0 Archived-At: Subject: Re: [sfc] Ben Campbell's No Objection on draft-ietf-sfc-nsh-24: (with COMMENT) - Encrypted content X-BeenThere: sfc@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Network Service Chaining List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 Sep 2017 06:25:05 -0000 RGVhciBCZW4sDQoNCldpdGggcmVnYXJkcyB0byB5b3VyIGNvbW1lbnRzIHZzLiBSRkM4MTY1LCBJ IGRvbid0IHNlZSBob3cgdGhlIGFkdmljZSBpbiA4MTY1IGNhbiBiZSBmb2xsb3dlZCBoZXJlLg0K DQpJIGhhdmUgcmFpc2VkIHRoZSBzcGVjaWZpY3Mgb2Ygc2VydmljZSBjaGFpbmluZyBkdXJpbmcg dGhlIElFVEYgTEMgb2YgZHJhZnQtaGFyZGllICg4MTY1KTogeW91IGNhbiBjaGVjayBhdCBodHRw czovL3d3dy5pZXRmLm9yZy9tYWlsLWFyY2hpdmUvd2ViL2lldGYvY3VycmVudC9tc2cxMDA5MDku aHRtbCAoc2VhcmNoIGZvciAic2VydmljZSBmdW5jdGlvbiBjaGFpbmluZyIpLiANCg0KQ2hlZXJz LA0KTWVkDQoNCj4gLS0tLS1NZXNzYWdlIGQnb3JpZ2luZS0tLS0tDQo+IERlwqA6IHNmYyBbbWFp bHRvOnNmYy1ib3VuY2VzQGlldGYub3JnXSBEZSBsYSBwYXJ0IGRlIEJlbiBDYW1wYmVsbA0KPiBF bnZvecOpwqA6IGpldWRpIDI4IHNlcHRlbWJyZSAyMDE3IDA2OjE1DQo+IMOAwqA6IEpvZWwgTS4g SGFscGVybg0KPiBDY8KgOiBkcmFmdC1pZXRmLXNmYy1uc2hAaWV0Zi5vcmc7IHNmYy1jaGFpcnNA aWV0Zi5vcmc7IFRoZSBJRVNHOw0KPiBzZmNAaWV0Zi5vcmcNCj4gT2JqZXTCoDogUmU6IFtzZmNd IEJlbiBDYW1wYmVsbCdzIE5vIE9iamVjdGlvbiBvbiBkcmFmdC1pZXRmLXNmYy1uc2gtMjQ6DQo+ ICh3aXRoIENPTU1FTlQpIC0gRW5jcnlwdGVkIGNvbnRlbnQNCj4gDQo+IEhpIEpvZWwsDQo+IA0K PiBPbiByZWZsZWN0aW9uLCB0aGUg4oCcZW5jcnlwdGVkIHBheWxvYWTigJ0gcGFydCBtYXkgYmUg YSByZWQgaGVycmluZy4gTGV0IG1lDQo+IGdlbmVyYWxpemUgdGhhdCB0byDigJx3aXRoaGVsZCBp bmZvcm1hdGlvbuKAnS4gIEFzIHlvdSBtZW50aW9uLCB0aGUgbWV0YWRhdGENCj4gbWFya3Mgd2hh dCB0aGUgb3BlcmF0b3Igd2FudHMgdG8ga25vdyBhYm91dCBhIHBhY2tldCwgYnV0IHRoYXQgbWF5 DQo+IHNvbWV0aW1lcyBjb25mbGljdCB3aXRoIHdoYXQgdGhlIHVzZXIgZG9lc27igJl0IHdhbnQg dG8gdGhlbSB0byBrbm93LiBIZXJl4oCZcw0KPiBhbiBleGFtcGxlOg0KPiANCj4gTGV0cyBjb25z aWRlciBhbiBlbmQgdXNlciB0aGF0IGRvZXNuJ3Qgd2FudCB0byBiZSB0cmFja2VkIGZvciBhZHZl cnRpc2luZw0KPiBwdXJwb3Nlcy4gVGhleSBibG9jayBjZXJ0YWluIHRyYWNraW5nIGNvb2tpZXMg YW5kIGFueXRoaW5nIGVsc2UgdGhhdCBzaG93cw0KPiBjb250aW51aXR5IG9mIGlkZW50aXR5IHRv IHdlYiBzZXJ2ZXJzLiBCdXQgYXMgeW91IG1lbnRpb24sIHRoZSBvcGVyYXRvcg0KPiBuZWVkcyBv ciB3YW50cyB0byBrbm93IHRoZSBzdWJzY3JpYmVyIElELCBzbyB0aGUgY2xhc3NpZmllciBhZGRz IHRoYXQgdG8NCj4gdGhlIE5TSC4uIFRoZSB0ZXJtaW5hbCBlbGVtZW50IGluIHRoZSBjaGFpbiBo YXBwZW5zIHRvIGJlIGEgd2ViIHNlcnZpY2UNCj4gdGhhdCB1c2VzIHRoZSBOU0ggY29udGVudHMg dG8gdHJhY2sgdGhlIHVzZXIgZm9yIGFkdmVydGlzaW5nIHB1cnBvc2VzLiBZb3UNCj4gbWF5IHJl Y2FsbCBhIGNvbnRyb3ZlcnN5IGEgd2hpbGUgYmFjayBhYm91dCBhIG1ham9yIG9wZXJhdG9yIGRv aW5nDQo+IHNvbWV0aGluZyBzaW1pbGFyIHVzaW5nIEhUVFAgaGVhZGVyIGVucmljaG1lbnQuDQo+ IA0KPiBJIHRoaW5rIHRoZSBhbnN3ZXIgdG8gdGhpcyBmb3IgdGhpcyBwYXJ0aWN1bGFyIGNhc2Ug aXMgdGhhdCB0aGUgTlNIIGlzDQo+IGFzc3VtZWQgbm90IHRvIGdvIG91dHNpZGUgYSBzaW5nbGUg YWRtaW5pc3RyYXRpdmUgZG9tYWluLCBhbmQgdGhhdCBhbGwNCj4gZWxlbWVudHMgaW4gdGhlIHNh bWUgZG9tYWluIGNhbiBiZSBhc3N1bWVkIHRvIGhhdmUgYWNjZXNzIHRvIHRoZSBzYW1lDQo+IGlu Zm9ybWF0aW9uLiBUaGF0IGlzLCB0aGUgTlNIIGlzIGp1c3QgYSBjb252ZW5pZW50IHdheSB0byB0 cmFuc2Zlcg0KPiBtZXRhZGF0YSB0aGV5IGNvdWxkIHBhc3MgaW4gb3RoZXIgd2F5cy4gV2hpbGUg dGhlIHVzZXIgbWF5IG5vdCBiZSBjb25zb2xlZA0KPiBieSB0aGUgZmFjdCB0aGF0IHRoZSB3ZWIg c2VydmljZSB0cmFja2luZyB0aGVtIGJlbG9uZ3MgdG8gdGhlIHNhbWUgY29tcGFueQ0KPiBhcyB0 aGVpciBhY2Nlc3MgbmV0d29yaywgdGhlIHVzZSBvZiB0aGUgTlNIIGRvZXNu4oCZdCBhZGQgYW4g aXNzdWUgdGhhdA0KPiBjb3VsZG7igJl0IGFscmVhZHkgZXhpc3QuIChUaGlzIHN1Z2dlc3RzIHRo YXQgdGhlIGlkZWEgb2YgYSBzaW5nbGUgb3BlcmF0b3INCj4gZW52aXJvbm1lbnQgbWF5IGJlIGNv bnNpZGVyYWJseSBtb3JlIGNvbXBsZXggdGhhdCB0aGUgZHJhZnQgbWFrZXMgaXQNCj4gc291bmQs IGJ1dCBJIGRvbuKAmXQgc2VlIG11Y2ggdG8gZG8gYWJvdXQgdGhhdC4pDQo+IA0KPiBTbyBJIGd1 ZXNzIHdoYXQgSSBhbSBhc2tpbmcgZm9yIGlzIHNvbWUgdGV4dCB0aGF0IHJlY29nbml6ZXMgdGhh dCB1c2Vycw0KPiBoYXZlIGFuIGludGVyZXN0IGluIG1ldGFkYXRhIG1pbmltaXphdGlvbiwgYW5k IHNvbWUgc3VnZ2VzdGlvbiB0aGF0DQo+IG9wZXJhdG9ycyBrZWVwIHRoYXQgaW4gbWluZCwgYW5k IG5vdCBhZGQgbWV0YWRhdGEgYmV5b25kIHRoZSBtaW5pbXVtDQo+IG5lZWRlZCB0byBtYWtlIHRo ZSBTRlAgZnVuY3Rpb24gY29ycmVjdGx5Lg0KPiANCj4gKFRvIGJyaW5nIGVuY3J5cHRpb24gYmFj ayBpbnRvIHRoZSBwaWN0dXJlLCBvbmUgY2FuIHByb2JhYmx5IGNvbnN0cnVjdA0KPiBzaW1pbGFy IGNhc2VzIGludm9sdmluZyBWUE5z4oCUZm9yIGV4YW1wbGUgc2VydmljZXMgdGhhdCBhZGQgdGhl IG9yaWdpbmFsDQo+IHNvdXJjZSBJUCBhZGRyZXNzIGFzIG1ldGFkYXRhIHRvIGEgVlBOIGZsb3cu KQ0KPiANCj4gVGhhbmtzIQ0KPiANCj4gQmVuLg0KPiANCj4gPiBPbiBTZXAgMjcsIDIwMTcsIGF0 IDk6NDUgUE0sIEpvZWwgTS4gSGFscGVybiA8am1oQGpvZWxoYWxwZXJuLmNvbT4NCj4gd3JvdGU6 DQo+ID4NCj4gPiBCZW4sIEkgYW0gIHJlYWxseSBub3QgY2xlYXIgb24gd2hhdCB0byBkbyB3aXRo IHlvdXIgY29tbWVudCBhYm91dA0KPiBlbmNyeXB0ZWQgY29udGVudC4NCj4gPg0KPiA+IE5vdGhp bmcgaW4gdGhpcyB3b3JrIGVuYWJsZXMgb3IgcHJvbW90ZXMgb3BlcmF0b3JzIGJyZWFraW5nIGVu Y3J5cHRpb24NCj4gKGFuIGVhcmxpZXIgdmVyc2lvbiBoYWQgYSBsaW5lIHRoYXQgaW5jb3JyZWN0 bHkgc3VnZ2VzdGVkIHN1Y2guKQ0KPiA+IFRoZSBtZXRhZGF0YSBpcyB1c2VkIHRvIG1hcmsgd2hh dCB0aGUgb3BlcmF0b3Igd2FudHMgdG8ga25vdyBhYm91dCB0aGUNCj4gcGFja2V0LiAgRXZlbiBm b3IgZW5jcnlwdGVkIGNvbnRlbnQsIHRoZSBvcGVyYXRvciBtYXkgbmVlZCB0byBrbndvIHRoZQ0K PiBzc3Vic2NyaWJlciBJRC4gIEZvciBlbmNyeXB0ZWQgY29udGVudCwgdGhlIG9wZXJhdG9yIG1p Z2h0IChvciBtaWdodCBub3QpDQo+IGNob29zZSB0byBwdXQgbWV0YWRhdGEgaW5kaWNhdGluZyB0 aGUgdGhlIGNvbnRlbnQgaXMgdW5pbnRlcnByZXRhYmxlIChpZg0KPiBoZSBkZWNpZGVzIGl0IGlz IHVuaW50ZXJwcmV0YWJsZS4pICBDbGVhcmx5LCBoZSBjYW4gbm90IHB1dCBvbiBpbmZvbXJhdGlv bg0KPiBhYm91dCB0aGUgZW5jcnlwdGVkIGluZm9ybWF0aW9uLCBhcyBoZSBkb2VzIG5vdCBzZWUg dGhhdC4NCj4gPiBJIGNhbiBub3QgZmlndXJlIG91dCB3aGVyZSB3ZSB3b3VsZCBzYXkgc29tZXRo aW5nIGxpa2UgdGhhdCwgb3Igd2h5IHdlDQo+IHdvdWxkIHNheSBpdC4NCj4gPg0KPiA+IFlvdXJz LA0KPiA+IEpvZWwNCj4gPg0KPiA+IE9uIDkvMjcvMTcgMTA6MDIgUE0sIEJlbiBDYW1wYmVsbCB3 cm90ZToNCj4gPj4gQmVuIENhbXBiZWxsIGhhcyBlbnRlcmVkIHRoZSBmb2xsb3dpbmcgYmFsbG90 IHBvc2l0aW9uIGZvcg0KPiA+PiBkcmFmdC1pZXRmLXNmYy1uc2gtMjQ6IE5vIE9iamVjdGlvbg0K PiA+PiBXaGVuIHJlc3BvbmRpbmcsIHBsZWFzZSBrZWVwIHRoZSBzdWJqZWN0IGxpbmUgaW50YWN0 IGFuZCByZXBseSB0byBhbGwNCj4gPj4gZW1haWwgYWRkcmVzc2VzIGluY2x1ZGVkIGluIHRoZSBU byBhbmQgQ0MgbGluZXMuIChGZWVsIGZyZWUgdG8gY3V0IHRoaXMNCj4gPj4gaW50cm9kdWN0b3J5 IHBhcmFncmFwaCwgaG93ZXZlci4pDQo+ID4+IFBsZWFzZSByZWZlciB0byBodHRwczovL3d3dy5p ZXRmLm9yZy9pZXNnL3N0YXRlbWVudC9kaXNjdXNzLQ0KPiBjcml0ZXJpYS5odG1sDQo+ID4+IGZv ciBtb3JlIGluZm9ybWF0aW9uIGFib3V0IElFU0cgRElTQ1VTUyBhbmQgQ09NTUVOVCBwb3NpdGlv bnMuDQo+ID4+IFRoZSBkb2N1bWVudCwgYWxvbmcgd2l0aCBvdGhlciBiYWxsb3QgcG9zaXRpb25z LCBjYW4gYmUgZm91bmQgaGVyZToNCj4gPj4gaHR0cHM6Ly9kYXRhdHJhY2tlci5pZXRmLm9yZy9k b2MvZHJhZnQtaWV0Zi1zZmMtbnNoLw0KPiA+PiAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQo+ID4+IENPTU1FTlQ6 DQo+ID4+IC0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0NCj4gPj4gU3Vic3RhbnRpdmU6DQo+ID4+IC0gR2VuZXJhbDog VGhpcyBpcyBhIG1lY2hhbmlzbSB0byBhZGQgbWV0YWRhdGEgdG8gdXNlciBmbG93cy4gVGhlcmUg aXMNCj4gdmVyeQ0KPiA+PiBsaXR0bGUgZGlzY3Vzc2lvbiBhYm91dCBob3cgdGhhdCBtZXRhZGF0 YSBtYXkgcmVsYXRlIHRvIHRoZSBhcHBsaWNhdGlvbg0KPiBsYXllcg0KPiA+PiBwYXlsb2Fkcy4g SXQncyBsaWtlbHkgdGhhdCBzb21lIG9mIHRob3NlIHBheWxvYWRzIHdpbGwgYmUgZW5jcnlwdGVk IGJ5DQo+IHRoZSB1c2VyDQo+ID4+IGluIGFuIGF0dGVtcHQgdG8gY29udHJvbCB3aGF0IGluZm9y bWF0aW9uIGlzIHNoYXJlZCB3aXRoIG1pZGRsZWJveGVzLg0KPiBJJ2QgbGlrZQ0KPiA+PiB0byBz ZWUgc29tZSBkaXNjdXNzaW9uIGFib3V0IGhvdyB0aGlzIHJlbGF0ZXMgdG8gdGhlIGd1aWRhbmNl IGluIFJGQw0KPiA4MTY1Lg0KPiA+PiAoTm90ZTogSSBhbSBvbiB0aGUgZmVuY2UgYWJvdXQgd2hl dGhlciB0aGlzIHNob3VsZCBiZSBhIERJU0NVU1MuIEJ1dA0KPiBzaW5jZSAib24NCj4gPj4gdGhl IGZlbmNlIiBpcyBwcm9iYWJseSBpbnN1ZmZpY2llbnQgZ3JvdW5kcyBmb3IgYSBESVNDVVNTLCBJ J20gbGVhdmluZw0KPiBpdCBhcyBhDQo+ID4+IGNvbW1lbnQuKQ0KPiA+PiAtIEdlbmVyYWw6IEkg c3VwcG9ydCBLYXRobGVlbidzIERJU0NVU1MgcG9pbnRzIGNvbmNlcm5pbmcgaW50ZWdyaXR5DQo+ IHByb3RlY3Rpb24uDQo+ID4+IFRoZSBkb2N1bWVudCBsZWF2ZXMgdGhhdCB1cCB0byB0aGUgdHJh bnNwb3J0aW5nIHByb3RvY29sLiBJIHRoaW5rIGl0J3MNCj4gPj4gcmVhc29uYWJsZSB0byByZWNv bW1lbmQgdGhhdCB0aGF0IHByb3RvY29sIGF0IGxlYXN0IGRlZmF1bHQgdG8NCj4gcHJvdmlkaW5n DQo+ID4+IGludGVncml0eSBwcm90ZWN0aW9uIHVubGVzcyB0aGVyZSdzIGEgZ29vZCByZWFzb24g bm90IHRvLg0KPiA+PiAtMi4yLCAidmVyc2lvbiI6IEhvdyBpcyB0aGUgdmVyc2lvbiBmaWVsZCB0 byBiZSB1c2VkIGJ5IGNvbnN1bWVycz8gVGhhdA0KPiBpcywNCj4gPj4gd2hhdCBzaG91bGQgYSBy ZWNpcGllbnQgZG8gaWYgdGhlIGZpZWxkIGNvbnRhaW5zIGEgdmVyc2lvbiBudW1iZXIgaXQNCj4g ZG9lc24ndA0KPiA+PiBzdXBwb3J0L3JlY29nbml6ZT8NCj4gPj4gLTIuMiwgTUQgdHlwZSAweDA6 ICJJbXBsZW1lbnRhdGlvbnMgU0hPVUxEIHNpbGVudGx5DQo+ID4+ICAgIGRpc2NhcmQgcGFja2V0 cyB3aXRoIE1EIFR5cGUgMHgwLiINCj4gPj4gV2h5IG5vdCBNVVNUPw0KPiA+PiAtLSBNRCB0eXBl IDB4RjogIkltcGxlbWVudGF0aW9ucyBub3QgZXhwbGljaXRseSBjb25maWd1cmVkIHRvIGJlIHBh cnQNCj4gb2YNCj4gPj4gICAgYW4gZXhwZXJpbWVudCBTSE9VTEQgc2lsZW50bHkgZGlzY2FyZCBw YWNrZXRzIHdpdGggTUQgVHlwZSAweEYuIg0KPiA+PiBXaHkgbm90IE1VU1Q/DQo+ID4+IC0yLjIs IE5leHQgUHJvdG9jb2wgVmFsdWVzOg0KPiA+PiBXaHkgYXJlIHRoZXJlIDIgZXhwZXJpbWVudGFs IHZhbHVlcz8gKGFzIG9wcG9zZWQgdG8gMSwgb3IsIHdlbGwsIDMpLg0KPiA+PiAtMi4zLCBsYXN0 IHBhcmFncmFwaCAoYW5kIHNldmVyYWwgb3RoZXIgcGxhY2VzKToNCj4gPj4gVGhpcyBkcmFmdCBz ZWVtcyB0byB0YWtlIGEgcG9zaXRpb24gdGhhdCBhIGZhaWxlZCBTRlAgbWVhbnMgdGhlIHNlcnZp Y2UNCj4gbGV2ZWwNCj4gPj4gZmxvdyBmYWlscy4gQXJlIHRoZXJlIG5vIHVzZSBjYXNlcyB3aGVy ZSBkZWxpdmVyeSBvZiB0aGUgc2VydmljZSBmbG93DQo+IGlzDQo+ID4+IGNyaXRpY2FsIGFuZCBz aG91bGQgaGFwcGVuIGV2ZW4gaWYgdGhlIGNoYWluIG9mIG1pZGRsZWJveGVzIGZhaWxzPw0KPiA+ PiAtMi40LCBwYXJhZ3JhcGggc3RhcnRpbmcgd2l0aCAiQW4gU0ZDLWF3YXJlIFNGIE1VU1QgcmVj ZWl2ZSB0aGUgZGF0YQ0KPiA+PiBzZW1hbnRpY3MuLi4iIEknbSBub3Qgc3VyZSB3aGF0IHRoZSBp bnRlbnQgb2YgdGhpcyBwYXJhZ3JhcGggaXMuIElzDQo+IHRoYXQgTVVTVA0KPiA+PiByZWFsbHkg YSBzdGF0ZW1lbnQgb2YgZmFjdD8gT3IgaXMgdGhlcmUgcmVhbGx5IGFuZCBleHBlY3RhdGlvbiBv ZiBhbg0KPiA+PiBvdXQtb2YtYmFuZCBkZWxpdmVyeSBvZiBzb21lIHNlbWFudGljIGRlZmluaXRp b24/DQo+ID4+IC0zLCBsaXN0IGl0ZW0gMTogIkEgc2VydmljZSBjbGFzc2lmaWVyIE1VU1QgaW5z ZXJ0IGFuIE5TSCBhdCB0aGUgc3RhcnQNCj4gb2YgYW4NCj4gPj4gU0ZQLiIgV2hhdCBpZiBhbiBp bml0aWFsIGNsYXNzaWZpZXIgcmVjZWl2ZXMgYSBwYWNrZXQgdGhhdCBhbHJlYWR5IGhhcw0KPiBh biBOU0g/DQo+ID4+IENhbiBtdWx0aXBsZSBOU0hzIGJlIHN0YWNrZWQ/DQo+ID4+IC03LjEsIGxh c3QgcGFyYWdyYXBoOiAiRGVwZW5kaW5nIG9uIHRoZSBpbmZvcm1hdGlvbiBjYXJyaWVkIGluIHRo ZQ0KPiBtZXRhZGF0YSwNCj4gPj4gZGF0YSBwcml2YWN5DQo+ID4+ICAgIGNvbnNpZGVyYXRpb25z IG1heSBuZWVkIHRvIGJlIGNvbnNpZGVyZWQuICINCj4gPj4gIm1heSBuZWVkIHRvIGJlIGNvbnNp ZGVyZWQiIGlzIHdlYWsgc2F1Y2UuIERhdGEgcHJpdmFjeSBhbHdheXMgbmVlZHMgdG8NCj4gYmUN Cj4gPj4gY29uc2lkZXJlZCwgZXZlbiBpZiB0aGUgX291dHB1dF8gb2YgdGhhdCBjb25zaWRlcmF0 aW9uIGlzIHRoYXQgdGhlcmUgaXMNCj4gbm90aGluZw0KPiA+PiBzZW5zaXRpdmUgYmVpbmcgY2Fy cmllZC4gUGxlYXNlIGNvbnNpZGVyIGRyb3BwaW5nIHRoZSAibWF5Ii4NCj4gPj4gQWxzbywgdGhp cyBzZWVtcyBsaWtlIGFuIG9kZCBwbGFjZSB0byBidXJ5IGEgcHJpdmFjeSBkaXNjdXNzaW9uLiBQ bGVhc2UNCj4gPj4gY29uc2lkZXIgbW92aW5nIHRoaXMgdG8gYSAiUHJpdmFjeSBDb25zaWRlcmF0 aW9ucyIgc2VjdGlvbi4NCj4gPj4gLTgsIGZpcnN0IHBhcmFncmFwaDoNCj4gPj4gSXQgc2VlbXMg bGlrZSBpbnNpZGVyIGF0dGFja3MgYXJlIHdvcnRoIGF0IGxlYXN0IGEgbWVudGlvbiB3aGVuDQo+ IGRpc2N1c3NpbmcgYQ0KPiA+PiBzaW5nbGUgb3BlcmF0b3IgZW52aXJvbm1lbnQgYXMgYSBtaXRp Z2F0b3IgYWdhaW5zdCBhdHRhY2tzLg0KPiA+PiAtOC4xLCAybmQgcGFyYWdyYXBoOg0KPiA+PiBU aGlzIGRvZXNuJ3Qgc2VlbSBsaWtlIGEgc2luZ2xlIG9wZXJhdG9yIHNjZW5hcmlvLCBpbiB0aGUg c2Vuc2UgdGhhdA0KPiBwYXJ0IG9mDQo+ID4+IHRoZSBmbG93IGNyb3NzZXMgYSBuZXR3b3JrIHRo YXQgaXMgbm90IGNvbnRyb2xsZWQgYnkgdGhhdCBvcGVyYXRvci4NCj4gPj4gLTguMywgNHRoIHBh cmFncmFwaDogUGxlYXNlIGVsYWJvcmF0ZSBvbiB3aGF0IGlzIG1lYW50IGJ5ICJvYmZ1c2NhdGlu ZyINCj4gPj4gc3Vic2NyaWJlciBpZGVudGlmeWluZyBpbmZvcm1hdGlvbiAoYXMgb3Bwb3NlZCB0 byAiZW5jcnlwdGluZyIgb3INCj4gImxlYXZpbmcgaXQNCj4gPj4gb3V0IGluIHRoZSBmaXJzdCBw bGFjZSIuKQ0KPiA+PiBFZGl0b3JpYWw6DQo+ID4+IC0yLjIsICJPIGJpdCIsIGxhc3QgcGFyYWdy YXBoOiAiVGhlIGNvbmZpZ3VyYWJsZSBwYXJhbWV0ZXIgTVVTVCBiZQ0KPiA+PiAgICBkaXNhYmxl ZCBieSBkZWZhdWx0LiINCj4gPj4gRG9lcyAiZGlzYWJsZWQiIG1lYW4gInVuc2V0IiAgKG9yICJz ZXQgdG8gemVybyIpPw0KPiA+PiAtMi4yLCAidW5hc3NpZ25lZCBiaXRzIjogIkF0IHJlY2VwdGlv biwgYWxsDQo+ID4+ICAgIGVsZW1lbnRzIE1VU1QgTk9UIG1vZGlmeSB0aGVpciBhY3Rpb25zIGJh c2VkIG9uIHRoZXNlIHVua25vd24gYml0cy4iDQo+ID4+IElzbid0IHRoYXQgTVVTVCBOT1QganVz dCBhIHJlc3RhdGVtZW50IG9mIHRoZSAiTVVTVCBpZ25vcmUiIGZyb20gdGhlDQo+IHByZXZpb3Vz DQo+ID4+IHNlbnRlbmNlPyBUaGVyZSdzIG5vIHByb2JsZW0gd2l0aCByZWluZm9yY2luZyBhIHBv aW50LCBidXQgdGhlcmUNCj4gc2hvdWxkbid0IGJlDQo+ID4+IG11bHRpcGxlIGluc3RhbmNlcyBv ZiB0aGUgc2FtZSAyMTE5IHJlcXVpcmVtZW50LiBBbHNvLCB3b3VsZCBsb2dnaW5nIGENCj4gd2Fy bmluZw0KPiA+PiB2aW9sYXRlIHRoZSAiTVVTVCBOT1QgbW9kaWZ5IHRoZWlyIGFjdGlvbnMvTVVT VCBpZ25vcmUiIHJlcXVpcmVtZW50Pw0KPiA+PiAtOCwgZmlyc3QgcGFyYWdyYXBoOiAiTlNIIGlz IGRlc2lnbmVkIGZvciB1c2Ugd2l0aGluIG9wZXJhdG9yDQo+IGVudmlyb25tZW50cy4iDQo+ID4+ IElzIHRoZXJlIGEgbWlzc2luZyAic2luZ2xlIiBiZWZvcmUgIm9wZXJhdG9yIj8NCg0K From nobody Thu Sep 28 01:21:42 2017 Return-Path: X-Original-To: sfc@ietf.org Delivered-To: sfc@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id D1E42126C7A; Thu, 28 Sep 2017 01:21:33 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: Suresh Krishnan To: "The IESG" Cc: draft-ietf-sfc-nsh@ietf.org, "Joel M. Halpern" , sfc-chairs@ietf.org, jmh@joelhalpern.com, sfc@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 6.62.1 Auto-Submitted: auto-generated Precedence: bulk Message-ID: <150658689385.13674.15555933364252655817.idtracker@ietfa.amsl.com> Date: Thu, 28 Sep 2017 01:21:33 -0700 Archived-At: Subject: [sfc] Suresh Krishnan's Discuss on draft-ietf-sfc-nsh-24: (with DISCUSS and COMMENT) X-BeenThere: sfc@ietf.org X-Mailman-Version: 2.1.22 List-Id: Network Service Chaining List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 Sep 2017 08:21:34 -0000 Suresh Krishnan has entered the following ballot position for draft-ietf-sfc-nsh-24: Discuss When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-sfc-nsh/ ---------------------------------------------------------------------- DISCUSS: ---------------------------------------------------------------------- * Section 5 I think the fragmentation part is underspecified. Take an example where IPv6 is used as the transport encapsulation. If the packet needs to be fragmented, will the NSH header be duplicated into each fragment? If so, this is new behavior for IP that will treat this like any other payload. If not how will the subsequent fragments be treated on the service path? ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- * Section 1.2. The definition of metadata seems to point to RFC7665 but the definition that follows does not match the definition from RFC7665. * Section 2.2 What does a "Next Protocol" with the value of 0x4 (NSH) mean? Does the NSH allow nesting. How will such system work? * Section 3 "The O bit, as well as unassigned flags, MUST be copied transparently from the old NSH to a new NSH." If there is reclassification, why is there an assumption that an OAM packet cannot be reclassified into a non OAM packet since a new NSH header is being inserted? * Section 8.1. Not sure what the reference to BCP38 means here. Is it for checking the source addresses the inner header that is getting encapsulated inside the NSH header? Or is it for the transport encapsulation header. Either way it is not clear what this entails. Please clarify. * Section 11.1 This section mentions that ethertype 0x894F has been allocated for NSH. Are there any other transport encapsulations planned? If not, I would recommend tightening the text around the transport encapsulations until other encapsulations are more well defined. e.g. How does the UDP transport encapsulation referred in the example work? From nobody Thu Sep 28 05:34:18 2017 Return-Path: X-Original-To: sfc@ietfa.amsl.com Delivered-To: sfc@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A7AE2134684; Thu, 28 Sep 2017 05:34:10 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.7 X-Spam-Level: X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=joelhalpern.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Axi_vE-VxGFu; Thu, 28 Sep 2017 05:34:09 -0700 (PDT) Received: from maila2.tigertech.net (maila2.tigertech.net [208.80.4.152]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F273F132D79; Thu, 28 Sep 2017 05:34:08 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by maila2.tigertech.net (Postfix) with ESMTP id D73DC240596; Thu, 28 Sep 2017 05:34:08 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=joelhalpern.com; s=1.tigertech; t=1506602048; bh=6QpuxPhys+7qID3ZI/SDJrz/Isz7ai1Wy4numIYJHsY=; h=Subject:To:Cc:References:From:Date:In-Reply-To:From; b=o2zOyCqvsi+QlnrsAijHlN2WMU+MwJildAXYWsDQSzCEQbUEWQWCr2rekF83pqg5W rjWxprVkm3MltYxz9jt9Oc0yKQwU224jxWNjoOQiSXJgl+Tyvwb5V15gtCj+HNk8hj w+b7CilsBXLPJbI8h5kW7IsLpjDln+qqCze87Odg= X-Virus-Scanned: Debian amavisd-new at maila2.tigertech.net Received: from Joels-MacBook-Pro.local (unknown [50.225.209.67]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by maila2.tigertech.net (Postfix) with ESMTPSA id D5878240727; Thu, 28 Sep 2017 05:34:07 -0700 (PDT) To: Suresh Krishnan , The IESG Cc: draft-ietf-sfc-nsh@ietf.org, "Joel M. Halpern" , sfc-chairs@ietf.org, sfc@ietf.org References: <150658689385.13674.15555933364252655817.idtracker@ietfa.amsl.com> From: "Joel M. Halpern" Message-ID: <355a8180-d527-10c6-7d2a-d71fc337bdef@joelhalpern.com> Date: Thu, 28 Sep 2017 08:34:06 -0400 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:52.0) Gecko/20100101 Thunderbird/52.3.0 MIME-Version: 1.0 In-Reply-To: <150658689385.13674.15555933364252655817.idtracker@ietfa.amsl.com> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit Archived-At: Subject: Re: [sfc] Suresh Krishnan's Discuss on draft-ietf-sfc-nsh-24: (with DISCUSS and COMMENT) X-BeenThere: sfc@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Network Service Chaining List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 Sep 2017 12:34:11 -0000 In order for your question to apply, I think we the situation would have to be one where both the outer tunnel (the transport protocol) and the user packet could be fragmented. As the NSH behavior is uniform across inner packets (e.g. they can be Ethernet or other non-fragmentable content), the intent is that any fragmentation need for the transport tunnel would be done as part of the transport protocol operation. Thus, if IPv6 is beign used as the transport protocol, the IPv6 packet will be addressed to the next SFF. If fragmentation is needed, that IPv6 paket would be fragmented before transmission. And would be reassembled by the receiving SFF IPv6 logic. In no case would the NSH header be duplicated as part of this process. We can add some text to clarify this. Yours, Joel On 9/28/17 4:21 AM, Suresh Krishnan wrote: > Suresh Krishnan has entered the following ballot position for > draft-ietf-sfc-nsh-24: Discuss > > When responding, please keep the subject line intact and reply to all > email addresses included in the To and CC lines. (Feel free to cut this > introductory paragraph, however.) > > > Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html > for more information about IESG DISCUSS and COMMENT positions. > > > The document, along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/draft-ietf-sfc-nsh/ > > > > ---------------------------------------------------------------------- > DISCUSS: > ---------------------------------------------------------------------- > > * Section 5 > > I think the fragmentation part is underspecified. Take an example where IPv6 is > used as the transport encapsulation. If the packet needs to be fragmented, will > the NSH header be duplicated into each fragment? If so, this is new behavior > for IP that will treat this like any other payload. If not how will the > subsequent fragments be treated on the service path? > > > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > * Section 1.2. > > The definition of metadata seems to point to RFC7665 but the definition that > follows does not match the definition from RFC7665. > > * Section 2.2 > > What does a "Next Protocol" with the value of 0x4 (NSH) mean? Does the NSH > allow nesting. How will such system work? > > * Section 3 > > "The O bit, as well as unassigned flags, MUST be copied transparently from the > old NSH to a new NSH." > > If there is reclassification, why is there an assumption that an OAM packet > cannot be reclassified into a non OAM packet since a new NSH header is being > inserted? > > * Section 8.1. > Not sure what the reference to BCP38 means here. Is it for checking the > source addresses the inner header that is getting encapsulated inside the > NSH header? Or is it for the transport encapsulation header. Either way it > is not clear what this entails. Please clarify. > > * Section 11.1 > > This section mentions that ethertype 0x894F has been allocated for NSH. Are > there any other transport encapsulations planned? If not, I would recommend > tightening the text around the transport encapsulations until other > encapsulations are more well defined. e.g. How does the UDP transport > encapsulation referred in the example work? > > From nobody Thu Sep 28 05:37:46 2017 Return-Path: X-Original-To: sfc@ietfa.amsl.com Delivered-To: sfc@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 398F8134684; Thu, 28 Sep 2017 05:37:39 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -14.519 X-Spam-Level: X-Spam-Status: No, score=-14.519 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id y1jgex7qNmcB; Thu, 28 Sep 2017 05:37:36 -0700 (PDT) Received: from alln-iport-6.cisco.com (alln-iport-6.cisco.com [173.37.142.93]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6F4BE134706; Thu, 28 Sep 2017 05:37:35 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=6670; q=dns/txt; s=iport; t=1506602255; x=1507811855; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=0eeltp6jRaeVzXxo72nVkYXcwCrCSJUTF1H6Sa42JBY=; b=ALSXbaxY4CnJ2lAwpC6vfadLEjso3Qc2jk7NtfT/r2InEg+epey1IiLv VCa1vajMdgsIChiSCwm5WSjwWSnN+G9MrVSyHs6vuodOHZUeujjGMpk8f ImtBSVXtLpGev8oaQmH7ycJ4+Y0CJjfruYbY9YqjDGvU7TVL5PCo+YNx/ I=; X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0BjAwDr68xZ/4gNJK1dGQEBAQEBAQEBA?= =?us-ascii?q?QEBBwEBAQEBg1xkbicHg3GZfoFUkQ+FTIIECiOFGAIahAZXAQIBAQEBAQJrKIU?= =?us-ascii?q?ZBiNWEAIBCD8DAgICMBQRAgQOBYlNZBCmZIIniwEBAQEBAQEBAQEBAQEBAQEBA?= =?us-ascii?q?QEBAQEYBYMrggKBUYIVC4JyhFEBEgGDMi+CMQWKEpcWAodcjQKCE4VuiwWVIAI?= =?us-ascii?q?RGQGBOAFXgQMLeBVbAYcKdgGGUIEkgRABAQE?= X-IronPort-AV: E=Sophos;i="5.42,450,1500940800"; d="scan'208,217";a="9353483" Received: from alln-core-3.cisco.com ([173.36.13.136]) by alln-iport-6.cisco.com with ESMTP/TLS/DHE-RSA-AES256-SHA; 28 Sep 2017 12:37:34 +0000 Received: from XCH-RTP-020.cisco.com (xch-rtp-020.cisco.com [64.101.220.160]) by alln-core-3.cisco.com (8.14.5/8.14.5) with ESMTP id v8SCbYg3022551 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Thu, 28 Sep 2017 12:37:34 GMT Received: from xch-rtp-020.cisco.com (64.101.220.160) by XCH-RTP-020.cisco.com (64.101.220.160) with Microsoft SMTP Server (TLS) id 15.0.1320.4; Thu, 28 Sep 2017 08:37:33 -0400 Received: from xch-rtp-020.cisco.com ([64.101.220.160]) by XCH-RTP-020.cisco.com ([64.101.220.160]) with mapi id 15.00.1320.000; Thu, 28 Sep 2017 08:37:33 -0400 From: "Carlos Pignataro (cpignata)" To: Warren Kumari CC: The IESG , "draft-ietf-sfc-nsh@ietf.org" , "Joel M. Halpern" , "sfc-chairs@ietf.org" , "sfc@ietf.org" Thread-Topic: Warren Kumari's No Objection on draft-ietf-sfc-nsh-24: (with COMMENT) Thread-Index: AQHTN+T20JPyU9zGikGEh4YLwUD4W6LKgF8A Date: Thu, 28 Sep 2017 12:37:33 +0000 Message-ID: <4F31BF45-C1B1-4137-BC39-E8786B31A7EC@cisco.com> References: <150655346225.13736.9274309575032004292.idtracker@ietfa.amsl.com> In-Reply-To: <150655346225.13736.9274309575032004292.idtracker@ietfa.amsl.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-exchange-messagesentrepresentingtype: 1 x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [10.150.6.172] Content-Type: multipart/alternative; boundary="_000_4F31BF45C1B14137BC39E8786B31A7ECciscocom_" MIME-Version: 1.0 Archived-At: Subject: Re: [sfc] Warren Kumari's No Objection on draft-ietf-sfc-nsh-24: (with COMMENT) X-BeenThere: sfc@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Network Service Chaining List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 Sep 2017 12:37:39 -0000 --_000_4F31BF45C1B14137BC39E8786B31A7ECciscocom_ Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 V2FycmVuLA0KDQpUaGFuayB5b3UgYWdhaW4gZ29lcyB0byB5b3UgZm9yIHlvdXIgZWFybHkgY29t bWVudHMsIGFuZCBmb2xsb3ctb24gZGlhbG9ndWUsIHdoaWNoIGltcHJvdmVkIHRoaXMgZG9jdW1l bnQhISENCg0K4oCUDQpDYXJsb3MgUGlnbmF0YXJvLCBjYXJsb3NAY2lzY28uY29tPG1haWx0bzpj YXJsb3NAY2lzY28uY29tPg0KDQrigJxTb21ldGltZXMgSSB1c2UgYmlnIHdvcmRzIHRoYXQgSSBk byBub3QgZnVsbHkgdW5kZXJzdGFuZCwgdG8gbWFrZSBteXNlbGYgc291bmQgbW9yZSBwaG90b3N5 bnRoZXNpcy7igJ0NCg0KDQpPbiBTZXAgMjcsIDIwMTcsIGF0IDc6MDQgUE0sIFdhcnJlbiBLdW1h cmkgPHdhcnJlbkBrdW1hcmkubmV0PG1haWx0bzp3YXJyZW5Aa3VtYXJpLm5ldD4+IHdyb3RlOg0K DQpXYXJyZW4gS3VtYXJpIGhhcyBlbnRlcmVkIHRoZSBmb2xsb3dpbmcgYmFsbG90IHBvc2l0aW9u IGZvcg0KZHJhZnQtaWV0Zi1zZmMtbnNoLTI0OiBObyBPYmplY3Rpb24NCg0KV2hlbiByZXNwb25k aW5nLCBwbGVhc2Uga2VlcCB0aGUgc3ViamVjdCBsaW5lIGludGFjdCBhbmQgcmVwbHkgdG8gYWxs DQplbWFpbCBhZGRyZXNzZXMgaW5jbHVkZWQgaW4gdGhlIFRvIGFuZCBDQyBsaW5lcy4gKEZlZWwg ZnJlZSB0byBjdXQgdGhpcw0KaW50cm9kdWN0b3J5IHBhcmFncmFwaCwgaG93ZXZlci4pDQoNCg0K UGxlYXNlIHJlZmVyIHRvIGh0dHBzOi8vd3d3LmlldGYub3JnL2llc2cvc3RhdGVtZW50L2Rpc2N1 c3MtY3JpdGVyaWEuaHRtbA0KZm9yIG1vcmUgaW5mb3JtYXRpb24gYWJvdXQgSUVTRyBESVNDVVNT IGFuZCBDT01NRU5UIHBvc2l0aW9ucy4NCg0KDQpUaGUgZG9jdW1lbnQsIGFsb25nIHdpdGggb3Ro ZXIgYmFsbG90IHBvc2l0aW9ucywgY2FuIGJlIGZvdW5kIGhlcmU6DQpodHRwczovL2RhdGF0cmFj a2VyLmlldGYub3JnL2RvYy9kcmFmdC1pZXRmLXNmYy1uc2gvDQoNCg0KDQotLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t DQpDT01NRU5UOg0KLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KDQpJIHByb3ZpZGVkIGxvbmcgKGFuZCBzb21ld2hh dCBncnVtcHkhKSBjb21tZW50cyBvbiB0aGUgcHJldmlvdXMgdmVyc2lvbiBvZiB0aGlzDQpkb2N1 bWVudCAtLSBJJ2QgbGlrZSB0byB0aGFuayB0aGUgYXV0aG9ycywgZXNwZWNpYWxseSBDYXJsb3Mg Zm9yIGFkZHJlc3NpbmcNCnRoZW0uIFRoaXMgdmVyc2lvbiBpcywgSU1PLCBtdWNoIGltcHJvdmVk Lg0KDQoNCg0K --_000_4F31BF45C1B14137BC39E8786B31A7ECciscocom_ Content-Type: text/html; charset="utf-8" Content-ID: <5E032A377E92554F86C422C8881C50CC@emea.cisco.com> Content-Transfer-Encoding: base64 PGh0bWw+DQo8aGVhZD4NCjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIgY29udGVudD0i dGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Ij4NCjwvaGVhZD4NCjxib2R5IHN0eWxlPSJ3b3JkLXdy YXA6IGJyZWFrLXdvcmQ7IC13ZWJraXQtbmJzcC1tb2RlOiBzcGFjZTsgLXdlYmtpdC1saW5lLWJy ZWFrOiBhZnRlci13aGl0ZS1zcGFjZTsiIGNsYXNzPSIiPg0KV2FycmVuLA0KPGRpdiBjbGFzcz0i Ij48YnIgY2xhc3M9IiI+DQo8L2Rpdj4NCjxkaXYgY2xhc3M9IiI+VGhhbmsgeW91IGFnYWluIGdv ZXMgdG8geW91IGZvciB5b3VyIGVhcmx5IGNvbW1lbnRzLCBhbmQgZm9sbG93LW9uIGRpYWxvZ3Vl LCB3aGljaCBpbXByb3ZlZCB0aGlzIGRvY3VtZW50ISEhPC9kaXY+DQo8ZGl2IGNsYXNzPSIiPjxi ciBjbGFzcz0iIj4NCjwvZGl2Pg0KPGRpdiBjbGFzcz0iIj4NCjxkaXYgY2xhc3M9IiI+DQo8ZGl2 IHN0eWxlPSJ0ZXh0LWFsaWduOiBzdGFydDsgdGV4dC1pbmRlbnQ6IDBweDsgd29yZC13cmFwOiBi cmVhay13b3JkOyAtd2Via2l0LW5ic3AtbW9kZTogc3BhY2U7IC13ZWJraXQtbGluZS1icmVhazog YWZ0ZXItd2hpdGUtc3BhY2U7IiBjbGFzcz0iIj4NCuKAlDxiciBjbGFzcz0iIj4NCkNhcmxvcyBQ aWduYXRhcm8sJm5ic3A7PGEgaHJlZj0ibWFpbHRvOmNhcmxvc0BjaXNjby5jb20iIHN0eWxlPSJj b2xvcjogcmdiKDAsIDAsIDApOyBsZXR0ZXItc3BhY2luZzogbm9ybWFsOyB0ZXh0LXRyYW5zZm9y bTogbm9uZTsgd2hpdGUtc3BhY2U6IG5vcm1hbDsgd29yZC1zcGFjaW5nOiAwcHg7IC13ZWJraXQt dGV4dC1zdHJva2Utd2lkdGg6IDBweDsiIGNsYXNzPSIiPmNhcmxvc0BjaXNjby5jb208L2E+PGJy IGNsYXNzPSIiPg0KPGJyIGNsYXNzPSIiPg0KPGkgc3R5bGU9ImNvbG9yOiByZ2IoMCwgMCwgMCk7 IGxldHRlci1zcGFjaW5nOiBub3JtYWw7IHRleHQtdHJhbnNmb3JtOiBub25lOyB3aGl0ZS1zcGFj ZTogbm9ybWFsOyB3b3JkLXNwYWNpbmc6IDBweDsgLXdlYmtpdC10ZXh0LXN0cm9rZS13aWR0aDog MHB4OyIgY2xhc3M9IiI+4oCcU29tZXRpbWVzIEkgdXNlIGJpZyB3b3JkcyB0aGF0IEkgZG8gbm90 IGZ1bGx5IHVuZGVyc3RhbmQsIHRvIG1ha2UgbXlzZWxmIHNvdW5kIG1vcmUgcGhvdG9zeW50aGVz aXMuPC9pPjxpIGNsYXNzPSIiPuKAnTwvaT48L2Rpdj4NCjxkaXYgc3R5bGU9ImNvbG9yOiByZ2Io MCwgMCwgMCk7IGxldHRlci1zcGFjaW5nOiBub3JtYWw7IHRleHQtYWxpZ246IHN0YXJ0OyB0ZXh0 LWluZGVudDogMHB4OyB0ZXh0LXRyYW5zZm9ybTogbm9uZTsgd2hpdGUtc3BhY2U6IG5vcm1hbDsg d29yZC1zcGFjaW5nOiAwcHg7IC13ZWJraXQtdGV4dC1zdHJva2Utd2lkdGg6IDBweDsgd29yZC13 cmFwOiBicmVhay13b3JkOyAtd2Via2l0LW5ic3AtbW9kZTogc3BhY2U7IC13ZWJraXQtbGluZS1i cmVhazogYWZ0ZXItd2hpdGUtc3BhY2U7IiBjbGFzcz0iIj4NCjxpIGNsYXNzPSIiPjxiciBjbGFz cz0iIj4NCjwvaT48L2Rpdj4NCjwvZGl2Pg0KPGJyIGNsYXNzPSIiPg0KPGRpdj4NCjxibG9ja3F1 b3RlIHR5cGU9ImNpdGUiIGNsYXNzPSIiPg0KPGRpdiBjbGFzcz0iIj5PbiBTZXAgMjcsIDIwMTcs IGF0IDc6MDQgUE0sIFdhcnJlbiBLdW1hcmkgJmx0OzxhIGhyZWY9Im1haWx0bzp3YXJyZW5Aa3Vt YXJpLm5ldCIgY2xhc3M9IiI+d2FycmVuQGt1bWFyaS5uZXQ8L2E+Jmd0OyB3cm90ZTo8L2Rpdj4N CjxiciBjbGFzcz0iQXBwbGUtaW50ZXJjaGFuZ2UtbmV3bGluZSI+DQo8ZGl2IGNsYXNzPSIiPg0K PGRpdiBjbGFzcz0iIj5XYXJyZW4gS3VtYXJpIGhhcyBlbnRlcmVkIHRoZSBmb2xsb3dpbmcgYmFs bG90IHBvc2l0aW9uIGZvcjxiciBjbGFzcz0iIj4NCmRyYWZ0LWlldGYtc2ZjLW5zaC0yNDogTm8g T2JqZWN0aW9uPGJyIGNsYXNzPSIiPg0KPGJyIGNsYXNzPSIiPg0KV2hlbiByZXNwb25kaW5nLCBw bGVhc2Uga2VlcCB0aGUgc3ViamVjdCBsaW5lIGludGFjdCBhbmQgcmVwbHkgdG8gYWxsPGJyIGNs YXNzPSIiPg0KZW1haWwgYWRkcmVzc2VzIGluY2x1ZGVkIGluIHRoZSBUbyBhbmQgQ0MgbGluZXMu IChGZWVsIGZyZWUgdG8gY3V0IHRoaXM8YnIgY2xhc3M9IiI+DQppbnRyb2R1Y3RvcnkgcGFyYWdy YXBoLCBob3dldmVyLik8YnIgY2xhc3M9IiI+DQo8YnIgY2xhc3M9IiI+DQo8YnIgY2xhc3M9IiI+ DQpQbGVhc2UgcmVmZXIgdG8gPGEgaHJlZj0iaHR0cHM6Ly93d3cuaWV0Zi5vcmcvaWVzZy9zdGF0 ZW1lbnQvZGlzY3Vzcy1jcml0ZXJpYS5odG1sIiBjbGFzcz0iIj4NCmh0dHBzOi8vd3d3LmlldGYu b3JnL2llc2cvc3RhdGVtZW50L2Rpc2N1c3MtY3JpdGVyaWEuaHRtbDwvYT48YnIgY2xhc3M9IiI+ DQpmb3IgbW9yZSBpbmZvcm1hdGlvbiBhYm91dCBJRVNHIERJU0NVU1MgYW5kIENPTU1FTlQgcG9z aXRpb25zLjxiciBjbGFzcz0iIj4NCjxiciBjbGFzcz0iIj4NCjxiciBjbGFzcz0iIj4NClRoZSBk b2N1bWVudCwgYWxvbmcgd2l0aCBvdGhlciBiYWxsb3QgcG9zaXRpb25zLCBjYW4gYmUgZm91bmQg aGVyZTo8YnIgY2xhc3M9IiI+DQo8YSBocmVmPSJodHRwczovL2RhdGF0cmFja2VyLmlldGYub3Jn L2RvYy9kcmFmdC1pZXRmLXNmYy1uc2gvIiBjbGFzcz0iIj5odHRwczovL2RhdGF0cmFja2VyLmll dGYub3JnL2RvYy9kcmFmdC1pZXRmLXNmYy1uc2gvPC9hPjxiciBjbGFzcz0iIj4NCjxiciBjbGFz cz0iIj4NCjxiciBjbGFzcz0iIj4NCjxiciBjbGFzcz0iIj4NCi0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS08YnIgY2xh c3M9IiI+DQpDT01NRU5UOjxiciBjbGFzcz0iIj4NCi0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS08YnIgY2xhc3M9IiI+ DQo8YnIgY2xhc3M9IiI+DQpJIHByb3ZpZGVkIGxvbmcgKGFuZCBzb21ld2hhdCBncnVtcHkhKSBj b21tZW50cyBvbiB0aGUgcHJldmlvdXMgdmVyc2lvbiBvZiB0aGlzPGJyIGNsYXNzPSIiPg0KZG9j dW1lbnQgLS0gSSdkIGxpa2UgdG8gdGhhbmsgdGhlIGF1dGhvcnMsIGVzcGVjaWFsbHkgQ2FybG9z IGZvciBhZGRyZXNzaW5nPGJyIGNsYXNzPSIiPg0KdGhlbS4gVGhpcyB2ZXJzaW9uIGlzLCBJTU8s IG11Y2ggaW1wcm92ZWQuPGJyIGNsYXNzPSIiPg0KPGJyIGNsYXNzPSIiPg0KPGJyIGNsYXNzPSIi Pg0KPC9kaXY+DQo8L2Rpdj4NCjwvYmxvY2txdW90ZT4NCjwvZGl2Pg0KPGJyIGNsYXNzPSIiPg0K PC9kaXY+DQo8L2JvZHk+DQo8L2h0bWw+DQo= --_000_4F31BF45C1B14137BC39E8786B31A7ECciscocom_-- From nobody Thu Sep 28 05:42:34 2017 Return-Path: X-Original-To: sfc@ietfa.amsl.com Delivered-To: sfc@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 679C0134684; Thu, 28 Sep 2017 05:42:27 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -14.52 X-Spam-Level: X-Spam-Status: No, score=-14.52 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id arpqU39N8fiX; Thu, 28 Sep 2017 05:42:25 -0700 (PDT) Received: from rcdn-iport-5.cisco.com (rcdn-iport-5.cisco.com [173.37.86.76]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 81897134704; Thu, 28 Sep 2017 05:42:25 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=4374; q=dns/txt; s=iport; t=1506602545; x=1507812145; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=0/F1h7dj92DgVaVZJeCHMqftxyx3pFx0XtKhLvfVzeM=; b=BdwbB4MGNoEJhzKPImmMG6Uo7oUwjbPYFu8t7jc2yX3TNXbRpRB9gl+x 047cwBqP+XpCYXQikotFUukTSpxBAPBrW0aPdHeWA6k6omvtRSa5PH+TY Vdo2fP1VcmDn5Yo0VRq8ag6PAfsPtw/zTkCzvjLDVMdtoBUra03YdVT+e Y=; X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0D5AQBc7cxZ/4wNJK1dGQEBAQEBAQEBA?= =?us-ascii?q?QEBBwEBAQEBg1xkbicHg3GZfoF2lisOggQKJYUWAhqEBkAXAQIBAQEBAQEBayi?= =?us-ascii?q?FGAEBAQECASMRRQULAgEIGAICJgICAjAVEAIEDgWKKQgQpmGCJ4sBAQEBAQEBA?= =?us-ascii?q?QEBAQEBAQEBAQEBAQEBGAWBDoIdggKBUYFqK4J9hFEBEgEfgxMvgjEFihKOP4h?= =?us-ascii?q?XAodcjQKCE4Vug36HB5IrgnUCERkBgTgBIQI0gQMLeBVJEgGHCnYBhlCBJIEQA?= =?us-ascii?q?QEB?= X-IronPort-AV: E=Sophos;i="5.42,450,1500940800"; d="scan'208";a="83117527" Received: from alln-core-7.cisco.com ([173.36.13.140]) by rcdn-iport-5.cisco.com with ESMTP/TLS/DHE-RSA-AES256-SHA; 28 Sep 2017 12:42:23 +0000 Received: from XCH-RTP-017.cisco.com (xch-rtp-017.cisco.com [64.101.220.157]) by alln-core-7.cisco.com (8.14.5/8.14.5) with ESMTP id v8SCgNkh023361 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Thu, 28 Sep 2017 12:42:23 GMT Received: from xch-rtp-020.cisco.com (64.101.220.160) by XCH-RTP-017.cisco.com (64.101.220.157) with Microsoft SMTP Server (TLS) id 15.0.1320.4; Thu, 28 Sep 2017 08:42:22 -0400 Received: from xch-rtp-020.cisco.com ([64.101.220.160]) by XCH-RTP-020.cisco.com ([64.101.220.160]) with mapi id 15.00.1320.000; Thu, 28 Sep 2017 08:42:22 -0400 From: "Carlos Pignataro (cpignata)" To: Adam Roach CC: The IESG , "draft-ietf-sfc-nsh@ietf.org" , "Joel M. Halpern" , "sfc-chairs@ietf.org" , "sfc@ietf.org" Thread-Topic: Adam Roach's No Objection on draft-ietf-sfc-nsh-24: (with COMMENT) Thread-Index: AQHTN/DT3u6dVMxUH02mdSSHNEFbvaLKgaCA Date: Thu, 28 Sep 2017 12:42:22 +0000 Message-ID: <78F0F9DF-64A7-423C-81A4-7C35D9F11FBB@cisco.com> References: <150655855149.13709.16317417586638739255.idtracker@ietfa.amsl.com> In-Reply-To: <150655855149.13709.16317417586638739255.idtracker@ietfa.amsl.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-exchange-messagesentrepresentingtype: 1 x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [10.150.6.172] Content-Type: text/plain; charset="utf-8" Content-ID: Content-Transfer-Encoding: base64 MIME-Version: 1.0 Archived-At: Subject: Re: [sfc] Adam Roach's No Objection on draft-ietf-sfc-nsh-24: (with COMMENT) X-BeenThere: sfc@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Network Service Chaining List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 Sep 2017 12:42:27 -0000 QWRhbSwNCg0KVGhhbmtzIGZvciB0aGUgY29tbWVudHMsIHBsZWFzZSBzZWUgaW5saW5lLg0KDQo+ IE9uIFNlcCAyNywgMjAxNywgYXQgODoyOSBQTSwgQWRhbSBSb2FjaCA8YWRhbUBub3N0cnVtLmNv bT4gd3JvdGU6DQo+IA0KPiBBZGFtIFJvYWNoIGhhcyBlbnRlcmVkIHRoZSBmb2xsb3dpbmcgYmFs bG90IHBvc2l0aW9uIGZvcg0KPiBkcmFmdC1pZXRmLXNmYy1uc2gtMjQ6IE5vIE9iamVjdGlvbg0K PiANCj4gV2hlbiByZXNwb25kaW5nLCBwbGVhc2Uga2VlcCB0aGUgc3ViamVjdCBsaW5lIGludGFj dCBhbmQgcmVwbHkgdG8gYWxsDQo+IGVtYWlsIGFkZHJlc3NlcyBpbmNsdWRlZCBpbiB0aGUgVG8g YW5kIENDIGxpbmVzLiAoRmVlbCBmcmVlIHRvIGN1dCB0aGlzDQo+IGludHJvZHVjdG9yeSBwYXJh Z3JhcGgsIGhvd2V2ZXIuKQ0KPiANCj4gDQo+IFBsZWFzZSByZWZlciB0byBodHRwczovL3d3dy5p ZXRmLm9yZy9pZXNnL3N0YXRlbWVudC9kaXNjdXNzLWNyaXRlcmlhLmh0bWwNCj4gZm9yIG1vcmUg aW5mb3JtYXRpb24gYWJvdXQgSUVTRyBESVNDVVNTIGFuZCBDT01NRU5UIHBvc2l0aW9ucy4NCj4g DQo+IA0KPiBUaGUgZG9jdW1lbnQsIGFsb25nIHdpdGggb3RoZXIgYmFsbG90IHBvc2l0aW9ucywg Y2FuIGJlIGZvdW5kIGhlcmU6DQo+IGh0dHBzOi8vZGF0YXRyYWNrZXIuaWV0Zi5vcmcvZG9jL2Ry YWZ0LWlldGYtc2ZjLW5zaC8NCj4gDQo+IA0KPiANCj4gLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KPiBDT01NRU5U Og0KPiAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tDQo+IA0KPiBJIGhhdmUgdGhlIHNhbWUgY29uY2VybiBhcyBLYXRo bGVlbidzIERJU0NVU1MsIGFuZCB3b3VsZCBoYXZlIGJsb2NrZWQgdGhlIGRyYWZ0DQo+IG9uIHRo ZSBzYW1lIGdyb3VuZHMgaWYgc3VjaCBhIHBvc2l0aW9uIHdlcmUgbm90IGFscmVhZHkgaW4gcGxh Y2UuIFRoZSAiY3J1bmNoeQ0KPiBwZXJpbWV0ZXIsIHNvZnQgY2VudGVyIiBtb2RlbCBvZiBzZWN1 cml0eSB3YXMgZmxhd2VkIHRvIHN0YXJ0IHdpdGg7DQoNCkkgdW5kZXJzdGFuZCB5b3VyIHN0YXRl bWVudCwgYnV0IHRoYXQgaXMgbm90IHdoYXQgdGhlIGRyYWZ0IHNheXMuIElmIGl0IGlzIG5vdCBj bGVhciwgd2Ugd2lsbCBjbGFyaWZ5Lg0KDQpIb3dldmVyLCBvZnRlbiBwZW9wbGUgcmVhZCB3aGF0 IHRoZWlyIG91ciBwcmVjb25kaXRpb25lZCB0byBleHBlY3QgYXMgb3Bwb3NlZCB0byB3aGF0IGlz IHRoZXJlIOKAlCBhbmQgdGhlbiBncm91cCB0aGlua2luZyB0YWtlcyBvdmVy4oCmLg0KDQo+IGFu ZCwgZXZlbg0KPiBpbiB0aG9zZSBhcmVuYXMgd2hlcmUgaXQgd2FzIG9uY2UgZmFzaGlvbmFibGUs IGl0J3Mgc3RhcnRpbmcgdG8gYmUgY29uc2lkZXJlZA0KPiBkYXRlZCAoZS5nLiwgbXVjaCBvZiB0 aGUgdHJhZmZpYyBpbnNpZGUgZGF0YSBjZW50ZXJzIGlzIHNlY3VyZWQgdXNpbmcgVExTIC0tDQo+ IHNlZSB0aGUgcmVjZW50IGRpc2N1c3Npb25zIGluIHRoZSBUTFMgd29ya2luZyBncm91cCBmb3Ig ZXZpZGVuY2Ugb2YgdGhpcw0KPiBzaXR1YXRpb24pLiBNb3JlIG5vdGFibHksIHRoaXMgInVuY29u ZGl0aW9uYWxseSB0cnVzdGVkIG5ldHdvcmsgem9uZSIgYXBwcm9hY2gNCj4gdG8gc2VjdXJpdHkg aGFzIGxlZCB0byBzb21lIHNwZWN0YWN1bGFyIGV4cGxvaXRzIHJlY2VudGx5IChjZi4NCj4gaHR0 cHM6Ly93d3cud2lyZWQuY29tLzIwMTYvMDQvdGhlLWNyaXRpY2FsLWhvbGUtYXQtdGhlLWhlYXJ0 LW9mLWNlbGwtcGhvbmUtaW5mcmFzdHJ1Y3R1cmUvKS4NCj4gUmF0aGVyIHRoYW4gZXhwbGljaXRs eSBmb3N0ZXJpbmcgdGhpcyBtb2RlbCwgdGhlIHNlY3VyaXR5IHNlY3Rpb24gcmVhbGx5IG5lZWRz DQo+IHRvIG5vcm1hdGl2ZWx5IGRpc2FsbG93IGl0Lg0KPiANCj4gKG4uYi4sIEkgcmV2aWV3ZWQg dmVyc2lvbiAtMjEgb2YgdGhlIGRvY3VtZW50IC0tIGJ1dCBJIGRvbid0IGZpbmQgdGhlIGNoYW5n ZXMNCj4gYmV0d2VlbiB0aGF0IHZlcnNpb24gYW5kIC0yNCB0byBhZGRyZXNzIHRoZSBpc3N1ZSBL YXRobGVlbiByYWlzZXMpDQo+IA0KPiAtLS0tDQo+IA0KPiBTZWN0aW9uIDMgc2F5cyB0aGUgZm9s bG93aW5nIGFib3V0IHJlY2xhc3NpZmljYXRpb24gYmVoYXZpb3I6DQo+IA0KPiAgICAgICBXaGVu IHRoZSBsb2dpY2FsIGNsYXNzaWZpZXIgcGVyZm9ybXMgcmUtDQo+ICAgICAgIGNsYXNzaWZpY2F0 aW9uIHRoYXQgcmVzdWx0cyBpbiBhIGNoYW5nZSBvZiBzZXJ2aWNlIHBhdGgsIGl0IE1VU1QNCj4g ICAgICAgcmVwbGFjZSB0aGUgZXhpc3RpbmcgTlNIIHdpdGggYSBuZXcgTlNIIHdpdGggdGhlIEJh c2UgSGVhZGVyIGFuZA0KPiAgICAgICBTZXJ2aWNlIFBhdGggSGVhZGVyIHJlZmxlY3RpbmcgdGhl IG5ldyBzZXJ2aWNlIHBhdGggaW5mb3JtYXRpb24NCj4gICAgICAgYW5kIE1VU1Qgc2V0IHRoZSBp bml0aWFsIFNJLiAgVGhlIE8gYml0LCBhcyB3ZWxsIGFzIHVuYXNzaWduZWQNCj4gICAgICAgZmxh Z3MsIE1VU1QgYmUgY29waWVkIHRyYW5zcGFyZW50bHkgZnJvbSB0aGUgb2xkIE5TSCB0byBhIG5l dw0KPiAgICAgICBOU0guICBNZXRhZGF0YSBNQVkgYmUgcHJlc2VydmVkIGluIHRoZSBuZXcgTlNI Lg0KPiANCj4gSSBkb24ndCBzZWUgYW55dGhpbmcgaGVyZSBhYm91dCBjb3B5aW5nIHRoZSBUVEwu DQoNCllvdSBhcmUgY29ycmVjdCBhbmQgZm91bmQgYSBidWcgYnkgb21pc3Npb24uIFRoYW5rIHlv dSENCg0KRml4ZWQgaW4gb3VyIHdvcmtpbmcgY29weS4NCg0KPiBJZiB0aGUgVFRMIGlzbid0IGNv cGllZCwgeW91DQo+IGNhbiBlbmQgdXAgd2l0aCBhIHN0YWJsZSAoYW5kIHVuZW5kaW5nKSBsb29w IGludm9sdmluZyB0d28gY2xhc3NpZmllcnMgKHdoaWNoDQo+IHNlZW1zIGV2ZW4gbW9yZSBkYW1h Z2luZyB0aGFuIHVzdWFsLCBhcyB0aGUgU0kgdmFsdWUgd29uJ3QgZ2VuZXJhbGx5IHN1cnZpdmUg YQ0KPiByZWNsYXNzaWZpY2F0aW9uLCByaWdodD8pLiBJIHdvdWxkIHN1Z2dlc3QgYWRkaW5nICJU VEwiIHRvIHRoZSBsaXN0IG9mIHRoaW5ncw0KPiB0aGF0IE1VU1QgYmUgY29waWVkIHdoZW4gcmVj bGFzc2lmaWNhdGlvbiBvY2N1cnMuDQo+IA0KDQpUaGFua3MsDQoNCkNhcmxvcy4NCg0KDQo+IA0K DQo= From nobody Thu Sep 28 05:58:14 2017 Return-Path: X-Original-To: sfc@ietfa.amsl.com Delivered-To: sfc@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3C3A4134722; Thu, 28 Sep 2017 05:58:05 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -14.52 X-Spam-Level: X-Spam-Status: No, score=-14.52 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ng1VJUwhWIuy; Thu, 28 Sep 2017 05:58:03 -0700 (PDT) Received: from alln-iport-8.cisco.com (alln-iport-8.cisco.com [173.37.142.95]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3AC8113471F; Thu, 28 Sep 2017 05:58:03 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=6176; q=dns/txt; s=iport; t=1506603483; x=1507813083; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=xRAp3M9ITxtDzl4V7hJmy1+4qtM1y+g4tzdxcAvNSKE=; b=EX581BGbHd04skFJxWIf3k4DCCOgVoKHH9p/oej1IfNDgrOzk4kxtjEM rPQjWrGTOHU2L6QhCTFJyKCWtUvYGAFIHNb4fOYj1hLSVNNEghSkLq0GT HiyCwf5ELNigkN5gLbsLPpV0JxvsAU70GUcEWeoknqhyhm/rxhlp10JxD 4=; X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0C5AgDM8MxZ/5xdJa1dGQEBAQEBAQEBA?= =?us-ascii?q?QEBBwEBAQEBg1xkbicHg3GZfoFUIohCjXeCBAojhRgCGoQGVwECAQEBAQECayi?= =?us-ascii?q?FGAEBAQECASMRRQULAgEIGAICJgICAh8RFRACBA4FihkDDQgQplWCJ4c6DYM7A?= =?us-ascii?q?QEBAQEBAQEBAQEBAQEBAQEBAQEBGAWBDoIdggKBUYFqKwuCcoJegXMBEgGDMi+?= =?us-ascii?q?CMQWKEo4/iBs8AodciAmEeYIThW6LBYxsiDQCERkBgTgBV4EDC3gVWwGFBxwZg?= =?us-ascii?q?U52AYZQgSSBEAEBAQ?= X-IronPort-AV: E=Sophos;i="5.42,450,1500940800"; d="scan'208";a="9375376" Received: from rcdn-core-5.cisco.com ([173.37.93.156]) by alln-iport-8.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 28 Sep 2017 12:58:02 +0000 Received: from XCH-RTP-019.cisco.com (xch-rtp-019.cisco.com [64.101.220.159]) by rcdn-core-5.cisco.com (8.14.5/8.14.5) with ESMTP id v8SCw2x6025841 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Thu, 28 Sep 2017 12:58:02 GMT Received: from xch-rtp-020.cisco.com (64.101.220.160) by XCH-RTP-019.cisco.com (64.101.220.159) with Microsoft SMTP Server (TLS) id 15.0.1320.4; Thu, 28 Sep 2017 08:58:01 -0400 Received: from xch-rtp-020.cisco.com ([64.101.220.160]) by XCH-RTP-020.cisco.com ([64.101.220.160]) with mapi id 15.00.1320.000; Thu, 28 Sep 2017 08:58:01 -0400 From: "Carlos Pignataro (cpignata)" To: Suresh Krishnan CC: The IESG , "draft-ietf-sfc-nsh@ietf.org" , "Joel M. Halpern" , "sfc-chairs@ietf.org" , "sfc@ietf.org" Thread-Topic: Suresh Krishnan's Discuss on draft-ietf-sfc-nsh-24: (with DISCUSS and COMMENT) Thread-Index: AQHTODLOqasxuJH6EEqS70nDDozjhaLKhXsA Date: Thu, 28 Sep 2017 12:58:01 +0000 Message-ID: <4A86D027-101E-4478-95EC-466D92940644@cisco.com> References: <150658689385.13674.15555933364252655817.idtracker@ietfa.amsl.com> In-Reply-To: <150658689385.13674.15555933364252655817.idtracker@ietfa.amsl.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-exchange-messagesentrepresentingtype: 1 x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [10.150.6.172] Content-Type: text/plain; charset="utf-8" Content-ID: <776907BB29854044BD3975FDB8AD8C12@emea.cisco.com> Content-Transfer-Encoding: base64 MIME-Version: 1.0 Archived-At: Subject: Re: [sfc] Suresh Krishnan's Discuss on draft-ietf-sfc-nsh-24: (with DISCUSS and COMMENT) X-BeenThere: sfc@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Network Service Chaining List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 Sep 2017 12:58:05 -0000 VGhhbmtzIFN1cmVzaCBmb3IgdGhlIHJldmlldyBhbmQgY29tbWVudHMhIFBsZWFzZSBzZWUgaW5s aW5lLg0KDQoNCj4gT24gU2VwIDI4LCAyMDE3LCBhdCA0OjIxIEFNLCBTdXJlc2ggS3Jpc2huYW4g PHN1cmVzaC5rcmlzaG5hbkBnbWFpbC5jb20+IHdyb3RlOg0KPiANCj4gU3VyZXNoIEtyaXNobmFu IGhhcyBlbnRlcmVkIHRoZSBmb2xsb3dpbmcgYmFsbG90IHBvc2l0aW9uIGZvcg0KPiBkcmFmdC1p ZXRmLXNmYy1uc2gtMjQ6IERpc2N1c3MNCj4gDQo+IFdoZW4gcmVzcG9uZGluZywgcGxlYXNlIGtl ZXAgdGhlIHN1YmplY3QgbGluZSBpbnRhY3QgYW5kIHJlcGx5IHRvIGFsbA0KPiBlbWFpbCBhZGRy ZXNzZXMgaW5jbHVkZWQgaW4gdGhlIFRvIGFuZCBDQyBsaW5lcy4gKEZlZWwgZnJlZSB0byBjdXQg dGhpcw0KPiBpbnRyb2R1Y3RvcnkgcGFyYWdyYXBoLCBob3dldmVyLikNCj4gDQo+IA0KPiBQbGVh c2UgcmVmZXIgdG8gaHR0cHM6Ly93d3cuaWV0Zi5vcmcvaWVzZy9zdGF0ZW1lbnQvZGlzY3Vzcy1j cml0ZXJpYS5odG1sDQo+IGZvciBtb3JlIGluZm9ybWF0aW9uIGFib3V0IElFU0cgRElTQ1VTUyBh bmQgQ09NTUVOVCBwb3NpdGlvbnMuDQo+IA0KPiANCj4gVGhlIGRvY3VtZW50LCBhbG9uZyB3aXRo IG90aGVyIGJhbGxvdCBwb3NpdGlvbnMsIGNhbiBiZSBmb3VuZCBoZXJlOg0KPiBodHRwczovL2Rh dGF0cmFja2VyLmlldGYub3JnL2RvYy9kcmFmdC1pZXRmLXNmYy1uc2gvDQo+IA0KPiANCj4gDQo+ IC0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0NCj4gRElTQ1VTUzoNCj4gLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KPiANCj4gKiBTZWN0 aW9uIDUNCj4gDQo+IEkgdGhpbmsgdGhlIGZyYWdtZW50YXRpb24gcGFydCBpcyB1bmRlcnNwZWNp ZmllZC4NCg0KSm9lbOKAmXMgcmVzcG9uZCBleHBsYWlucyB0aGlzLCBidXQganVzdCBmb3IgY29t cGxldGVuZXNzIHRha2luZyBhIHNsaWdodGx5IGRpZmZlcmVudCBhbmdsZS4NCg0KUGVyaGFwcyBp dCBuZWVkcyBhZGRpdGlvbmFsIGNsYXJpdHksIGJ1dCB0aGUgbmV0IG9mIHRoaXMgc2VjdGlvbiBp cyB0aGF0IGl0IGlzIG5vdCBzcGVjaWZ5aW5nIGFueSBuZXcgdHlwZSBvZiBmcmFnbWVudGF0aW9u IChpdCBjYW5ub3QgcmVhbGx5IGJlIHVuZGVyc3BlY2lmaWVkKS4NCg0KRmlyc3QsIE5TSCBkb2Vz IG5vdCBwcm92aWRlIGZyYWdtZW50YXRpb24uIEluc3RlYWQgaXQgcmVsaWVzIGluIHRoZSB1bmRl cmx5aW5nIHRyYW5zcG9ydCBlbmNhcHN1bGF0aW9uIGZvciBpdC4gVGFrZSBhIGNhc2UgaW4gd2hp Y2ggTlNIIGlzIGVuY2Fwc3VsYXRlZCBpbiBzb21lIE5WTzMgZW5jYXBzdWxhdGlvbiBhbmQgdGhl biBvdmVyIElQdjYuIFRoaXMgaXMgZG9uZSB0byBtb3ZlIHRoZSBOU0ggZnJvbSBhbiBTRkMtYXdh cmUgZWxlbWVudCB0byB0aGUgbmV4dCAoU0YvU0ZGL1NGQy1Qcm94eSkuIElmIHRoZSBOVk8zIGVu Y2Fwc3VsYXRpb24gZG9lcyBub3QgcHJvdmlkZSBmcmFnbWVudGF0aW9uIGVpdGhlciwgdGhlbiBy ZWd1bGFyIHZhbmlsbGEgSVB2NiBmcmFnIGlzIHBlcmZvcm1lZC4NCg0KPiBUYWtlIGFuIGV4YW1w bGUgd2hlcmUgSVB2NiBpcw0KPiB1c2VkIGFzIHRoZSB0cmFuc3BvcnQgZW5jYXBzdWxhdGlvbi4N Cg0KTm93LCBvbnRvIHlvdXIgZXhhbXBsZSBvbiB3aGljaCBOU0ggZ29lcyBvdmVyIElQdjYsIGVp dGhlciBkaXJlY3RseSBvciB2aWEgb3RoZXIgZW5jYXBzdWxhdGlvbiB0aGF0IGRvZXMgbm90IHBy b3ZpZGUgZnJhZ21lbnRhdGlvbiBlaXRoZXIuDQoNCj4gSWYgdGhlIHBhY2tldCBuZWVkcyB0byBi ZSBmcmFnbWVudGVkLCB3aWxsDQo+IHRoZSBOU0ggaGVhZGVyIGJlIGR1cGxpY2F0ZWQgaW50byBl YWNoIGZyYWdtZW50Pw0KDQpOby4gT3BhcXVlIHBheWxvYWQgYXMgZmFyIGFzIElQdjYgaXMgY29u Y2VybmVkLCByZWd1bGFyIHZhbmlsbGEgZnJhZ21lbnRhdGlvbiwgYW5kIHJlYXNzZW1ibHkgYmVm b3JlIHBhc3Npbmcgb250byBOU0guDQoNCj4gSWYgc28sIHRoaXMgaXMgbmV3IGJlaGF2aW9yDQo+ IGZvciBJUCB0aGF0IHdpbGwgdHJlYXQgdGhpcyBsaWtlIGFueSBvdGhlciBwYXlsb2FkLg0KDQpO byBuZXcgYmVoYXZpb3IuDQoNCj4gSWYgbm90IGhvdyB3aWxsIHRoZQ0KPiBzdWJzZXF1ZW50IGZy YWdtZW50cyBiZSB0cmVhdGVkIG9uIHRoZSBzZXJ2aWNlIHBhdGg/DQoNClRoZXkgYXJlIHJlYXNz ZW1ibGVkIGJlZm9yZSBoaXR0aW5nIHRoZSBuZXh0IFNGQy1hd2FyZSBlbGVtZW50Lg0KDQpEb2Vz IHRoYXQgY2xhcmlmeT8NCg0KQW55dGhpbmcgbWlzc2luZyBpbiB0aGUgdGV4dCBmcm9tIHlvdXIg cGVyc3BlY3RpdmU/DQoNCj4gDQo+IA0KPiAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQo+IENPTU1FTlQ6DQo+IC0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0NCj4gDQo+ICogU2VjdGlvbiAxLjIuDQo+IA0KPiBUaGUgZGVmaW5pdGlvbiBv ZiBtZXRhZGF0YSBzZWVtcyB0byBwb2ludCB0byBSRkM3NjY1IGJ1dCB0aGUgZGVmaW5pdGlvbiB0 aGF0DQo+IGZvbGxvd3MgZG9lcyBub3QgbWF0Y2ggdGhlIGRlZmluaXRpb24gZnJvbSBSRkM3NjY1 Lg0KDQpTb21lIERpcmVjdG9yYXRlIHJldmlld2VyIGNvbW1lbnRlZCBlYXJsaWVyIHRoYXQgdGhl IGRlZmluaXRpb24gb2YgUkZDNzY2NSB3YXMgbm90IHN1ZmZpY2llbnQuIENvbnNlcXVlbnRseSwg d2UgYWRkZWQgbW9yZSBjb2xvciBleHBhbmRpbmcgdGhlIGRlZi4NCg0KPiANCj4gKiBTZWN0aW9u IDIuMg0KPiANCj4gV2hhdCBkb2VzIGEgIk5leHQgUHJvdG9jb2wiIHdpdGggdGhlIHZhbHVlIG9m IDB4NCAoTlNIKSBtZWFuPyBEb2VzIHRoZSBOU0gNCj4gYWxsb3cgbmVzdGluZy4gSG93IHdpbGwg c3VjaCBzeXN0ZW0gd29yaz8NCg0KTm90IHNwZWNpZmllZCBoZXJlIGluIHRoaXMgc3BlYy4gSXQg aXMgYmVpbmcgZGVmaW5lZCBpbiBkcmFmdC1pZXRmLXNmYy1oaWVyYXJjaGljYWwuDQoNCldlIHdp bGwgY2xhcmlmeSB0aGF0IGluIHRoaXMgZG9jdW1lbnQuDQoNCj4gDQo+ICogU2VjdGlvbiAzDQo+ IA0KPiAiVGhlIE8gYml0LCBhcyB3ZWxsIGFzIHVuYXNzaWduZWQgZmxhZ3MsIE1VU1QgYmUgY29w aWVkIHRyYW5zcGFyZW50bHkgZnJvbSB0aGUNCj4gb2xkIE5TSCB0byBhIG5ldyBOU0guIg0KPiAN Cj4gSWYgdGhlcmUgaXMgcmVjbGFzc2lmaWNhdGlvbiwgd2h5IGlzIHRoZXJlIGFuIGFzc3VtcHRp b24gdGhhdCBhbiBPQU0gcGFja2V0DQo+IGNhbm5vdCBiZSByZWNsYXNzaWZpZWQgaW50byBhIG5v biBPQU0gcGFja2V0IHNpbmNlIGEgbmV3IE5TSCBoZWFkZXIgaXMgYmVpbmcNCj4gaW5zZXJ0ZWQ/ DQoNCkEgbm9uLU9BTSBwYWNrZXQgaXMgYSB1c2VyIHBhY2tldCwgd2UgZG8gbm90IHdhbnQgdG8g 4oCcY3JlYXRl4oCdIHVzZXIgcGFja2V0cyBtaWQtc3RyZWFtLg0KDQo+IA0KPiAqIFNlY3Rpb24g OC4xLg0KPiAgIE5vdCBzdXJlIHdoYXQgdGhlIHJlZmVyZW5jZSB0byBCQ1AzOCBtZWFucyBoZXJl LiBJcyBpdCBmb3IgY2hlY2tpbmcgdGhlDQo+ICAgc291cmNlIGFkZHJlc3NlcyB0aGUgaW5uZXIg aGVhZGVyIHRoYXQgaXMgZ2V0dGluZyBlbmNhcHN1bGF0ZWQgaW5zaWRlIHRoZQ0KPiAgIE5TSCBo ZWFkZXI/IE9yIGlzIGl0IGZvciB0aGUgdHJhbnNwb3J0IGVuY2Fwc3VsYXRpb24gaGVhZGVyLiBF aXRoZXIgd2F5IGl0DQo+ICAgaXMgbm90IGNsZWFyIHdoYXQgdGhpcyBlbnRhaWxzLiBQbGVhc2Ug Y2xhcmlmeS4NCg0KVGFrZW4gb3V0IGFzIHBlciBLYXRobGVlbuKAmXMgY29tbWVudC4NCg0KPiAN Cj4gKiBTZWN0aW9uIDExLjENCj4gDQo+IFRoaXMgc2VjdGlvbiBtZW50aW9ucyB0aGF0IGV0aGVy dHlwZSAweDg5NEYgaGFzIGJlZW4gYWxsb2NhdGVkIGZvciBOU0guIEFyZQ0KPiB0aGVyZSBhbnkg b3RoZXIgdHJhbnNwb3J0IGVuY2Fwc3VsYXRpb25zIHBsYW5uZWQ/IElmIG5vdCwgSSB3b3VsZCBy ZWNvbW1lbmQNCj4gdGlnaHRlbmluZyB0aGUgdGV4dCBhcm91bmQgdGhlIHRyYW5zcG9ydCBlbmNh cHN1bGF0aW9ucyB1bnRpbCBvdGhlcg0KPiBlbmNhcHN1bGF0aW9ucyBhcmUgbW9yZSB3ZWxsIGRl ZmluZWQuIGUuZy4gSG93IGRvZXMgdGhlIFVEUCB0cmFuc3BvcnQNCj4gZW5jYXBzdWxhdGlvbiBy ZWZlcnJlZCBpbiB0aGUgZXhhbXBsZSB3b3JrPw0KPiANCg0KUGFydCBvZiBtYWtpbmcgdGhpcyBk b2N1bWVudCB0cmFuc3BvcnQgZW5jYXBzdWxhdGlvbiBhZ25vc3RpYyBpcyB0byBub3QgZGVmaW5l IHRob3NlIHNwZWNpZmljcy4gVGhlIG9ubHkgZXhjZXB0aW9uIGFzIHlvdSBub3RlIGlzIHRoZSBl dHlwZSwgd2hpY2ggbmVlZHMgdG8gYmUgc29tZXdoZXJlLg0KDQpUaGFua3MhDQoNCkNhcmxvcy4N Cg0KPiANCg0K From nobody Thu Sep 28 06:36:00 2017 Return-Path: X-Original-To: sfc@ietfa.amsl.com Delivered-To: sfc@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F268A133061; Thu, 28 Sep 2017 06:35:57 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -14.52 X-Spam-Level: X-Spam-Status: No, score=-14.52 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SwvCHGdX89Qp; Thu, 28 Sep 2017 06:35:56 -0700 (PDT) Received: from alln-iport-6.cisco.com (alln-iport-6.cisco.com [173.37.142.93]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E7B02133059; Thu, 28 Sep 2017 06:35:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=8742; q=dns/txt; s=iport; t=1506605755; x=1507815355; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=60LEa03oeNfNXgmzTzcA1wNgIsXSD+Qgne3HI/BV018=; b=e4QyhwkY3zZNY27lYvQru6FZn73iZwUCd77/YJxbgWipdSpGPuijVgoO RnjjMjwPTXCodp13x7/++uTRnD4L6CjLiPrRiOn2OSlt1/O/8BTmPcG1P Nc8DYuaXC/Io0Uh93Oq9SgHzDc9WnaW8nivFmrUrGtQwMW58xDucYSQog 4=; X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0C5AgD3+cxZ/5BdJa1dGQEBAQEBAQEBA?= =?us-ascii?q?QEBBwEBAQEBg1xkbicHg3GZfoFUIpY5ggQKI4UYAhqEBlcBAgEBAQEBAmsohRg?= =?us-ascii?q?BAQEBAgEjETMSBQsCAQgYAgImAgICMBUQAgQOBYopCBClLhGBI4IniwMBAQEBA?= =?us-ascii?q?QEBAQEBAQEBAQEBAQEBAQEYBYEOgh2BYiCBUYFqKwuCcoRRARIBgzIvgjEFigs?= =?us-ascii?q?HiROFLIhXAodcjQKCE4VuiwWVIAIRGQGBOAFXgQMLeBVJEgGHCnYBhlCBJIEQA?= =?us-ascii?q?QEB?= X-IronPort-AV: E=Sophos;i="5.42,450,1500940800"; d="scan'208";a="9381296" Received: from rcdn-core-8.cisco.com ([173.37.93.144]) by alln-iport-6.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 28 Sep 2017 13:35:54 +0000 Received: from XCH-RTP-018.cisco.com (xch-rtp-018.cisco.com [64.101.220.158]) by rcdn-core-8.cisco.com (8.14.5/8.14.5) with ESMTP id v8SDZrg2010902 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Thu, 28 Sep 2017 13:35:53 GMT Received: from xch-rtp-020.cisco.com (64.101.220.160) by XCH-RTP-018.cisco.com (64.101.220.158) with Microsoft SMTP Server (TLS) id 15.0.1320.4; Thu, 28 Sep 2017 09:35:53 -0400 Received: from xch-rtp-020.cisco.com ([64.101.220.160]) by XCH-RTP-020.cisco.com ([64.101.220.160]) with mapi id 15.00.1320.000; Thu, 28 Sep 2017 09:35:53 -0400 From: "Carlos Pignataro (cpignata)" To: Ben Campbell CC: The IESG , "draft-ietf-sfc-nsh@ietf.org" , "Joel M. Halpern" , "sfc-chairs@ietf.org" , "sfc@ietf.org" Thread-Topic: Ben Campbell's No Objection on draft-ietf-sfc-nsh-24: (with COMMENT) Thread-Index: AQHTN/3co01n5FQz90uzvGjW5FYgxaLKkHmA Date: Thu, 28 Sep 2017 13:35:52 +0000 Message-ID: <41E4256A-C77E-4693-AB3C-798ADE7346EC@cisco.com> References: <150656415366.13695.13637551894724173929.idtracker@ietfa.amsl.com> In-Reply-To: <150656415366.13695.13637551894724173929.idtracker@ietfa.amsl.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-exchange-messagesentrepresentingtype: 1 x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [10.150.6.172] Content-Type: text/plain; charset="utf-8" Content-ID: <3E0B03CBA65D61488077ABD6B4F33DE5@emea.cisco.com> Content-Transfer-Encoding: base64 MIME-Version: 1.0 Archived-At: Subject: Re: [sfc] Ben Campbell's No Objection on draft-ietf-sfc-nsh-24: (with COMMENT) X-BeenThere: sfc@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Network Service Chaining List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 Sep 2017 13:35:58 -0000 QmVuLA0KDQpUaGFua3MgZm9yIHRha2luZyB0aGUgdGltZSB0byByZXZpZXcgYW5kIHByb3ZpZGUg dGhlc2UgY29tbWVudHMuDQoNCkpvZWwgYW5kIE1lZCBhbnN3ZXJlZCBhIGNvdXBsZSBvZiB0aGVz ZSwgSSB3aWxsIGZvY3VzIG9uIHRoZSByZW1haW5pbmcgb25lcy4NCg0KPiBPbiBTZXAgMjcsIDIw MTcsIGF0IDEwOjAyIFBNLCBCZW4gQ2FtcGJlbGwgPGJlbkBub3N0cnVtLmNvbT4gd3JvdGU6DQo+ IA0KPiBCZW4gQ2FtcGJlbGwgaGFzIGVudGVyZWQgdGhlIGZvbGxvd2luZyBiYWxsb3QgcG9zaXRp b24gZm9yDQo+IGRyYWZ0LWlldGYtc2ZjLW5zaC0yNDogTm8gT2JqZWN0aW9uDQo+IA0KPiBXaGVu IHJlc3BvbmRpbmcsIHBsZWFzZSBrZWVwIHRoZSBzdWJqZWN0IGxpbmUgaW50YWN0IGFuZCByZXBs eSB0byBhbGwNCj4gZW1haWwgYWRkcmVzc2VzIGluY2x1ZGVkIGluIHRoZSBUbyBhbmQgQ0MgbGlu ZXMuIChGZWVsIGZyZWUgdG8gY3V0IHRoaXMNCj4gaW50cm9kdWN0b3J5IHBhcmFncmFwaCwgaG93 ZXZlci4pDQo+IA0KPiANCj4gUGxlYXNlIHJlZmVyIHRvIGh0dHBzOi8vd3d3LmlldGYub3JnL2ll c2cvc3RhdGVtZW50L2Rpc2N1c3MtY3JpdGVyaWEuaHRtbA0KPiBmb3IgbW9yZSBpbmZvcm1hdGlv biBhYm91dCBJRVNHIERJU0NVU1MgYW5kIENPTU1FTlQgcG9zaXRpb25zLg0KPiANCj4gDQo+IFRo ZSBkb2N1bWVudCwgYWxvbmcgd2l0aCBvdGhlciBiYWxsb3QgcG9zaXRpb25zLCBjYW4gYmUgZm91 bmQgaGVyZToNCj4gaHR0cHM6Ly9kYXRhdHJhY2tlci5pZXRmLm9yZy9kb2MvZHJhZnQtaWV0Zi1z ZmMtbnNoLw0KPiANCj4gDQo+IA0KPiAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQo+IENPTU1FTlQ6DQo+IC0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0NCj4gDQo+IFN1YnN0YW50aXZlOg0KPiANCj4gLSBHZW5lcmFsOiBUaGlzIGlzIGEg bWVjaGFuaXNtIHRvIGFkZCBtZXRhZGF0YSB0byB1c2VyIGZsb3dzLiBUaGVyZSBpcyB2ZXJ5DQo+ IGxpdHRsZSBkaXNjdXNzaW9uIGFib3V0IGhvdyB0aGF0IG1ldGFkYXRhIG1heSByZWxhdGUgdG8g dGhlIGFwcGxpY2F0aW9uIGxheWVyDQo+IHBheWxvYWRzLiBJdCdzIGxpa2VseSB0aGF0IHNvbWUg b2YgdGhvc2UgcGF5bG9hZHMgd2lsbCBiZSBlbmNyeXB0ZWQgYnkgdGhlIHVzZXINCj4gaW4gYW4g YXR0ZW1wdCB0byBjb250cm9sIHdoYXQgaW5mb3JtYXRpb24gaXMgc2hhcmVkIHdpdGggbWlkZGxl Ym94ZXMuIEknZCBsaWtlDQo+IHRvIHNlZSBzb21lIGRpc2N1c3Npb24gYWJvdXQgaG93IHRoaXMg cmVsYXRlcyB0byB0aGUgZ3VpZGFuY2UgaW4gUkZDIDgxNjUuIA0KPiAoTm90ZTogSSBhbSBvbiB0 aGUgZmVuY2UgYWJvdXQgd2hldGhlciB0aGlzIHNob3VsZCBiZSBhIERJU0NVU1MuIEJ1dCBzaW5j ZSAib24NCj4gdGhlIGZlbmNlIiBpcyBwcm9iYWJseSBpbnN1ZmZpY2llbnQgZ3JvdW5kcyBmb3Ig YSBESVNDVVNTLCBJJ20gbGVhdmluZyBpdCBhcyBhDQo+IGNvbW1lbnQuKQ0KPiANCj4gLSBHZW5l cmFsOiBJIHN1cHBvcnQgS2F0aGxlZW4ncyBESVNDVVNTIHBvaW50cyBjb25jZXJuaW5nIGludGVn cml0eSBwcm90ZWN0aW9uLg0KPiBUaGUgZG9jdW1lbnQgbGVhdmVzIHRoYXQgdXAgdG8gdGhlIHRy YW5zcG9ydGluZyBwcm90b2NvbC4gSSB0aGluayBpdCdzDQo+IHJlYXNvbmFibGUgdG8gcmVjb21t ZW5kIHRoYXQgdGhhdCBwcm90b2NvbCBhdCBsZWFzdCBkZWZhdWx0IHRvIHByb3ZpZGluZw0KPiBp bnRlZ3JpdHkgcHJvdGVjdGlvbiB1bmxlc3MgdGhlcmUncyBhIGdvb2QgcmVhc29uIG5vdCB0by4N Cj4gDQo+IC0yLjIsICJ2ZXJzaW9uIjogSG93IGlzIHRoZSB2ZXJzaW9uIGZpZWxkIHRvIGJlIHVz ZWQgYnkgY29uc3VtZXJzPyBUaGF0IGlzLA0KPiB3aGF0IHNob3VsZCBhIHJlY2lwaWVudCBkbyBp ZiB0aGUgZmllbGQgY29udGFpbnMgYSB2ZXJzaW9uIG51bWJlciBpdCBkb2Vzbid0DQo+IHN1cHBv cnQvcmVjb2duaXplPw0KDQpPdXIgd29ya2luZyBjb3B5IGNvbnRhaW5zIHRoaXMgdGV4dCDigJQg d2lsbCBwb3N0IGJlZm9yZSB0aGUgVGVsZWNoYXQ6DQoNCiJJZiBhIHBhY2tldCBwcmVzdW1lZCB0 byBjYXJyeSBhbiBOU0ggaGVhZGVyIGlzIHJlY2VpdmVkIGF0IGFuIFNGRiwgYW5kIHRoZSBTRkYg ZG9lcyBub3QgdW5kZXJzdG5hZCB0aGUgdmVyc2lvbiBvZiB0aGUgcHJvdG9jb2wgYXMgaW5kaWNh dGVkIGluIHRoZSBiYXNlIGhlYWRlciwgdGhlIHBhY2tldCBNVVNUIGJlIGRpc2NhcmRlZCwgYW5k IHRoZSBldmVudCBTSE9VTEQgYmUgbG9nZ2VkLiINCg0KDQo+IA0KPiAtMi4yLCBNRCB0eXBlIDB4 MDogIkltcGxlbWVudGF0aW9ucyBTSE9VTEQgc2lsZW50bHkNCj4gICBkaXNjYXJkIHBhY2tldHMg d2l0aCBNRCBUeXBlIDB4MC4iDQo+IFdoeSBub3QgTVVTVD8NCg0KQmVjYXVzZSB3ZSBkbyBub3Qg d2FudCBhIGhhbW1lciBsYXJnZXIgdGhhbiBuZWVkZWQuIFNIT1VMRCBhY2hpZXZlcyBvdXIgZ29h bCB3aXRob3V0IGxvY2tpbmcgdGhlIGRvb3IgZm9yIGdvb2QsIHNob3VsZCB2YWxpZCByZWFzb25z IGJlIGZvdW5kLg0KDQo+IA0KPiAtLSBNRCB0eXBlIDB4RjogIkltcGxlbWVudGF0aW9ucyBub3Qg ZXhwbGljaXRseSBjb25maWd1cmVkIHRvIGJlIHBhcnQgb2YNCj4gICBhbiBleHBlcmltZW50IFNI T1VMRCBzaWxlbnRseSBkaXNjYXJkIHBhY2tldHMgd2l0aCBNRCBUeXBlIDB4Ri4iDQo+IFdoeSBu b3QgTVVTVD8NCg0KRGl0dG8uDQoNCj4gDQo+IC0yLjIsIE5leHQgUHJvdG9jb2wgVmFsdWVzOg0K PiBXaHkgYXJlIHRoZXJlIDIgZXhwZXJpbWVudGFsIHZhbHVlcz8gKGFzIG9wcG9zZWQgdG8gMSwg b3IsIHdlbGwsIDMpLg0KDQpObyBwYXJ0aWN1bGFyIHJlYXNvbi4gT25lIHNlZW1zIG5vdCBlbm91 Z2ggcG90ZW50aWFsbHkgZm9yIGNyZWF0aXZlIGV4cGVyaW1lbnRhdGlvbi4gDQoNCk15IGZhdm9y aXRlIG51bWJlciBpcyAyNywgYnV0IHdlIGZlbHQgdGhhdCB3YXMgdG9vIG1hbnkgOi0pIA0KDQo+ IA0KPiAtMi4zLCBsYXN0IHBhcmFncmFwaCAoYW5kIHNldmVyYWwgb3RoZXIgcGxhY2VzKToNCj4g VGhpcyBkcmFmdCBzZWVtcyB0byB0YWtlIGEgcG9zaXRpb24gdGhhdCBhIGZhaWxlZCBTRlAgbWVh bnMgdGhlIHNlcnZpY2UgbGV2ZWwNCj4gZmxvdyBmYWlscy4gQXJlIHRoZXJlIG5vIHVzZSBjYXNl cyB3aGVyZSBkZWxpdmVyeSBvZiB0aGUgc2VydmljZSBmbG93IGlzDQo+IGNyaXRpY2FsIGFuZCBz aG91bGQgaGFwcGVuIGV2ZW4gaWYgdGhlIGNoYWluIG9mIG1pZGRsZWJveGVzIGZhaWxzPw0KDQpU aGUgaXNzdWUgaXMgdGhhdCB3aXRoIFNJPTAgdGhlcmUgaXMgbm8gbmV4dCBTRiB0byBkZWxpdmVy Lg0KDQo+IA0KPiAtMi40LCBwYXJhZ3JhcGggc3RhcnRpbmcgd2l0aCAiQW4gU0ZDLWF3YXJlIFNG IE1VU1QgcmVjZWl2ZSB0aGUgZGF0YQ0KPiBzZW1hbnRpY3MuLi4iIEknbSBub3Qgc3VyZSB3aGF0 IHRoZSBpbnRlbnQgb2YgdGhpcyBwYXJhZ3JhcGggaXMuIElzIHRoYXQgTVVTVA0KPiByZWFsbHkg YSBzdGF0ZW1lbnQgb2YgZmFjdD8gT3IgaXMgdGhlcmUgcmVhbGx5IGFuZCBleHBlY3RhdGlvbiBv ZiBhbg0KPiBvdXQtb2YtYmFuZCBkZWxpdmVyeSBvZiBzb21lIHNlbWFudGljIGRlZmluaXRpb24/ DQo+IA0KDQpUaGVyZSBpcyB0aGUgZXhwZWN0YXRpb24gb2YgY29udHJvbCBwbGFuZSBkb3dubG9h ZCBvZiBpdCB1cG9uIFNGUCBwcm9ncmFtbWluZy4NCg0KPiAtMywgbGlzdCBpdGVtIDE6ICJBIHNl cnZpY2UgY2xhc3NpZmllciBNVVNUIGluc2VydCBhbiBOU0ggYXQgdGhlIHN0YXJ0IG9mIGFuDQo+ IFNGUC4iIFdoYXQgaWYgYW4gaW5pdGlhbCBjbGFzc2lmaWVyIHJlY2VpdmVzIGEgcGFja2V0IHRo YXQgYWxyZWFkeSBoYXMgYW4gTlNIPw0KPiBDYW4gbXVsdGlwbGUgTlNIcyBiZSBzdGFja2VkPw0K PiANCg0KTm90IG9uIHRoaXMgZG9jdW1lbnQsIHdlIGNsYXJpZmllZCB0aGlzIGJhc2VkIG9uIFN1 cmVzaOKAmSBjb21tZW50Lg0KDQo+IC03LjEsIGxhc3QgcGFyYWdyYXBoOiAiRGVwZW5kaW5nIG9u IHRoZSBpbmZvcm1hdGlvbiBjYXJyaWVkIGluIHRoZSBtZXRhZGF0YSwNCj4gZGF0YSBwcml2YWN5 DQo+ICAgY29uc2lkZXJhdGlvbnMgbWF5IG5lZWQgdG8gYmUgY29uc2lkZXJlZC4gIg0KPiAibWF5 IG5lZWQgdG8gYmUgY29uc2lkZXJlZCIgaXMgd2VhayBzYXVjZS4gRGF0YSBwcml2YWN5IGFsd2F5 cyBuZWVkcyB0byBiZQ0KPiBjb25zaWRlcmVkLCBldmVuIGlmIHRoZSBfb3V0cHV0XyBvZiB0aGF0 IGNvbnNpZGVyYXRpb24gaXMgdGhhdCB0aGVyZSBpcyBub3RoaW5nDQo+IHNlbnNpdGl2ZSBiZWlu ZyBjYXJyaWVkLiBQbGVhc2UgY29uc2lkZXIgZHJvcHBpbmcgdGhlICJtYXnigJ0uDQoNCldlIGNv dWxkIGRyb3AgaXQuIEhvd2V2ZXIsIHRoZXJlIGFyZSB2ZXJ5IHZhbGlkIGNhc2VzIG9mIFNGQyB3 aXRoIE5PIG1ldGFkYXRhLCBhbmQgdGhlbiB0aGUgY29uc2lkZXJhdGlvbiBpcyBOVUxMLiBUaGF0 4oCZcyB0aGUgcmVhc29uLCBubyBNRCwgbm8gY29uc2lkZXJhdGlvbi4NCg0KPiANCj4gQWxzbywg dGhpcyBzZWVtcyBsaWtlIGFuIG9kZCBwbGFjZSB0byBidXJ5IGEgcHJpdmFjeSBkaXNjdXNzaW9u LiBQbGVhc2UNCj4gY29uc2lkZXIgbW92aW5nIHRoaXMgdG8gYSAiUHJpdmFjeSBDb25zaWRlcmF0 aW9ucyIgc2VjdGlvbi4NCj4gDQo+IC04LCBmaXJzdCBwYXJhZ3JhcGg6DQo+IEl0IHNlZW1zIGxp a2UgaW5zaWRlciBhdHRhY2tzIGFyZSB3b3J0aCBhdCBsZWFzdCBhIG1lbnRpb24gd2hlbiBkaXNj dXNzaW5nIGENCj4gc2luZ2xlIG9wZXJhdG9yIGVudmlyb25tZW50IGFzIGEgbWl0aWdhdG9yIGFn YWluc3QgYXR0YWNrcy4NCj4gDQoNCldpbGwgYWRkcmVzcyBhcyBwYXJ0IG9mIHRoZSBsYXJnZXIg c2VjdXJpdHkgY29udmVyc2F0aW9uLg0KDQo+IC04LjEsIDJuZCBwYXJhZ3JhcGg6DQo+IFRoaXMg ZG9lc24ndCBzZWVtIGxpa2UgYSBzaW5nbGUgb3BlcmF0b3Igc2NlbmFyaW8sIGluIHRoZSBzZW5z ZSB0aGF0IHBhcnQgb2YNCj4gdGhlIGZsb3cgY3Jvc3NlcyBhIG5ldHdvcmsgdGhhdCBpcyBub3Qg Y29udHJvbGxlZCBieSB0aGF0IG9wZXJhdG9yLg0KPiANCg0KV2h5IG5vdD8gSXQgaXMgdmVyeSBj b21tb24gdG8gY29ubmVjdCB0d28gcGFydHMgb2YgYW4gb3BlcmF0aW9uIHdpdGggdHVubmVscyBv ZiB2YXJpb3VzIGtpbmRzLg0KDQo+IC04LjMsIDR0aCBwYXJhZ3JhcGg6IFBsZWFzZSBlbGFib3Jh dGUgb24gd2hhdCBpcyBtZWFudCBieSAib2JmdXNjYXRpbmciDQo+IHN1YnNjcmliZXIgaWRlbnRp ZnlpbmcgaW5mb3JtYXRpb24gKGFzIG9wcG9zZWQgdG8gImVuY3J5cHRpbmciIG9yICJsZWF2aW5n IGl0DQo+IG91dCBpbiB0aGUgZmlyc3QgcGxhY2XigJ0uKQ0KDQpXaWxsIGNvbnNpZGVyIGFzIHBh cnQgb2YgdGhlIGxhcmdlciBzZWN1cml0eSBjb252ZXJzYXRpb24uDQoNCj4gDQo+IEVkaXRvcmlh bDoNCj4gDQo+IC0yLjIsICJPIGJpdCIsIGxhc3QgcGFyYWdyYXBoOiAiVGhlIGNvbmZpZ3VyYWJs ZSBwYXJhbWV0ZXIgTVVTVCBiZQ0KPiAgIGRpc2FibGVkIGJ5IGRlZmF1bHQuIg0KPiBEb2VzICJk aXNhYmxlZCIgbWVhbiAidW5zZXQiICAob3IgInNldCB0byB6ZXJv4oCdKT8NCg0KTm8uIEl0IG1l YW5zIGRpc2FibGVkLg0KDQo+IA0KPiAtMi4yLCAidW5hc3NpZ25lZCBiaXRzIjogIkF0IHJlY2Vw dGlvbiwgYWxsDQo+ICAgZWxlbWVudHMgTVVTVCBOT1QgbW9kaWZ5IHRoZWlyIGFjdGlvbnMgYmFz ZWQgb24gdGhlc2UgdW5rbm93biBiaXRzLiINCj4gSXNuJ3QgdGhhdCBNVVNUIE5PVCBqdXN0IGEg cmVzdGF0ZW1lbnQgb2YgdGhlICJNVVNUIGlnbm9yZSIgZnJvbSB0aGUgcHJldmlvdXMNCj4gc2Vu dGVuY2U/IFRoZXJlJ3Mgbm8gcHJvYmxlbSB3aXRoIHJlaW5mb3JjaW5nIGEgcG9pbnQsIGJ1dCB0 aGVyZSBzaG91bGRuJ3QgYmUNCj4gbXVsdGlwbGUgaW5zdGFuY2VzIG9mIHRoZSBzYW1lIDIxMTkg cmVxdWlyZW1lbnQuIEFsc28sIHdvdWxkIGxvZ2dpbmcgYSB3YXJuaW5nDQo+IHZpb2xhdGUgdGhl ICJNVVNUIE5PVCBtb2RpZnkgdGhlaXIgYWN0aW9ucy9NVVNUIGlnbm9yZSIgcmVxdWlyZW1lbnQ/ DQoNCkl0IGlzIHNsaWdodGx5IGRpZmZlcmVudC4NCg0KPiANCj4gLTgsIGZpcnN0IHBhcmFncmFw aDogIk5TSCBpcyBkZXNpZ25lZCBmb3IgdXNlIHdpdGhpbiBvcGVyYXRvciBlbnZpcm9ubWVudHMu Ig0KPiBJcyB0aGVyZSBhIG1pc3NpbmcgInNpbmdsZSIgYmVmb3JlICJvcGVyYXRvciI/DQo+IA0K PiANCg0KR29vZCBwb2ludCwgZml4ZWQgYWxyZWFkeS4NCg0KVGhhbmtzLA0KDQpDYXJsb3MuDQoN Cg0K From nobody Thu Sep 28 06:44:24 2017 Return-Path: X-Original-To: sfc@ietf.org Delivered-To: sfc@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id F21CA134311; Thu, 28 Sep 2017 06:44:17 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: internet-drafts@ietf.org To: Cc: sfc@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 6.62.1 Auto-Submitted: auto-generated Precedence: bulk Message-ID: <150660625793.13687.11520205237698937806@ietfa.amsl.com> Date: Thu, 28 Sep 2017 06:44:17 -0700 Archived-At: Subject: [sfc] I-D Action: draft-ietf-sfc-nsh-25.txt X-BeenThere: sfc@ietf.org X-Mailman-Version: 2.1.22 List-Id: Network Service Chaining List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 Sep 2017 13:44:18 -0000 A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Service Function Chaining WG of the IETF. Title : Network Service Header (NSH) Authors : Paul Quinn Uri Elzur Carlos Pignataro Filename : draft-ietf-sfc-nsh-25.txt Pages : 37 Date : 2017-09-28 Abstract: This document describes a Network Service Header (NSH) imposed on packets or frames to realize service function paths. The NSH also provides a mechanism for metadata exchange along the instantiated service paths. The NSH is the SFC encapsulation required to support the Service Function Chaining (SFC) architecture (defined in RFC7665). The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-sfc-nsh/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-sfc-nsh-25 https://datatracker.ietf.org/doc/html/draft-ietf-sfc-nsh-25 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-sfc-nsh-25 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ From nobody Thu Sep 28 06:55:47 2017 Return-Path: X-Original-To: sfc@ietf.org Delivered-To: sfc@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 99538133063; Thu, 28 Sep 2017 06:55:45 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: Benoit Claise To: "The IESG" Cc: draft-ietf-sfc-nsh@ietf.org, "Joel M. Halpern" , sfc-chairs@ietf.org, jmh@joelhalpern.com, sfc@ietf.org, j.schoenwaelder@jacobs-university.de X-Test-IDTracker: no X-IETF-IDTracker: 6.62.1 Auto-Submitted: auto-generated Precedence: bulk Message-ID: <150660694562.13704.5074073969102470694.idtracker@ietfa.amsl.com> Date: Thu, 28 Sep 2017 06:55:45 -0700 Archived-At: Subject: [sfc] Benoit Claise's No Objection on draft-ietf-sfc-nsh-25: (with COMMENT) X-BeenThere: sfc@ietf.org X-Mailman-Version: 2.1.22 List-Id: Network Service Chaining List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 Sep 2017 13:55:46 -0000 Benoit Claise has entered the following ballot position for draft-ietf-sfc-nsh-25: No Objection When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-sfc-nsh/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- - Section 2.5.1., you might want to mention that no metadata are specified at this point in time. Indeed, "New IETF Assigned Optional Variable Length Metadata Type Registry is specified in this doc., but empty - Section 2.3 OPS question: SPI must be unique per admin domain? Otherwise, you're looking for trouble, right? This would be typically addressed in an "Operational Considerations" section. Where is my "Operational Considerations" section...? - Section 2.4 Fixed length metadata. This specification does not make any assumptions about the content of the 16 byte Context Header that must be present when the MD Type field is set to 1, and does not describe the structure or meaning of the included metadata. An SFC-aware SF MUST receive the data semantics first in order to process the data placed in the mandatory context field. The data semantics include both the allocation schema and the meaning of the included data. I understand that the order of the metadata in the Fixed Length Context Header is important, right? Should it be mentioned? I understand that the fixed length metadata are specific per service, and that's the reason why there is no IANA for fixed length. Should this be mentioned? - if you publish a new version, change the order of these two paragraphs: Unassigned bits: All other flag fields, marked U, are unassigned and available for future use, see Section 11.2.1. Unassigned bits MUST be set to zero upon origination, and MUST be ignored and preserved unmodified by other NSH supporting elements. At reception, all elements MUST NOT modify their actions based on these unknown bits. Length: The total length, in 4-byte words, of the NSH including the Base Header, the Service Path Header, the Fixed Length Context Header or Variable Length Context Header(s). The length MUST be 0x6 for MD Type equal to 0x1, and MUST be 0x2 or greater for MD Type equal to 0x2. The length of the NSH header MUST be an integer multiple of 4 bytes, thus variable length metadata is always padded out to a multiple of 4 bytes. Lacking some time before the telechat, but not worth deferring (there are enough DISCUSS'). FYI, I arrived at section 5. From nobody Thu Sep 28 07:02:25 2017 Return-Path: X-Original-To: sfc@ietfa.amsl.com Delivered-To: sfc@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E107F1331BA; Thu, 28 Sep 2017 07:02:22 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -14.52 X-Spam-Level: X-Spam-Status: No, score=-14.52 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mKruXNoSdm_J; Thu, 28 Sep 2017 07:02:21 -0700 (PDT) Received: from alln-iport-3.cisco.com (alln-iport-3.cisco.com [173.37.142.90]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 089B81320DC; Thu, 28 Sep 2017 07:02:20 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=9218; q=dns/txt; s=iport; t=1506607341; x=1507816941; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=YF0shIfGmsiq2awnvBhk8fuXAG7GYikZjlFS0UIH3UQ=; b=bP+ermkXqoTIbZxg0BP4gsXT3H/Mn9W7xyChN/R/kaV5/dDEMdX+pRvA +Yzp46Dz79VOaL9Ji+FQOc7PKg+j1DG5U930L6TZ4gHCzeCAGvZeJ9bXe Thty2Iy4E1q9eFx8L6DaOjxSGLTqsi/WpVr/0Y3c0iwPcJH9lVA8k/FeJ o=; X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0D5AQD7/8xZ/5xdJa1dGQEBAQEBAQEBA?= =?us-ascii?q?QEBBwEBAQEBg1xkbicHg3GZfoF2ljmCBAojhRgCGoQGVwECAQEBAQECayiFGAE?= =?us-ascii?q?BAQECASMRRQULAgEIDgoCAiYCAgIwFRACBA4FiikIEKZggieLBAEBAQEBAQEBA?= =?us-ascii?q?QEBAQEBAQEBAQEBARgFgQ6CHYFhASCBUYFqK4FwgQ2EUQELBwEfgxMvgjEFihK?= =?us-ascii?q?OP4hXAodcgxSJboIThW6LBZUgAhEZAYE4AVeBAwt4FVsBhTyBTnYBhkEPGIEMg?= =?us-ascii?q?RABAQE?= X-IronPort-AV: E=Sophos;i="5.42,450,1500940800"; d="scan'208";a="9943158" Received: from rcdn-core-5.cisco.com ([173.37.93.156]) by alln-iport-3.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 28 Sep 2017 14:02:20 +0000 Received: from XCH-RTP-019.cisco.com (xch-rtp-019.cisco.com [64.101.220.159]) by rcdn-core-5.cisco.com (8.14.5/8.14.5) with ESMTP id v8SE2JZo008760 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Thu, 28 Sep 2017 14:02:20 GMT Received: from xch-rtp-020.cisco.com (64.101.220.160) by XCH-RTP-019.cisco.com (64.101.220.159) with Microsoft SMTP Server (TLS) id 15.0.1320.4; Thu, 28 Sep 2017 10:02:19 -0400 Received: from xch-rtp-020.cisco.com ([64.101.220.160]) by XCH-RTP-020.cisco.com ([64.101.220.160]) with mapi id 15.00.1320.000; Thu, 28 Sep 2017 10:02:19 -0400 From: "Carlos Pignataro (cpignata)" To: Eric Rescorla CC: The IESG , "draft-ietf-sfc-nsh@ietf.org" , "Joel M. Halpern" , "sfc-chairs@ietf.org" , "sfc@ietf.org" Thread-Topic: Eric Rescorla's Discuss on draft-ietf-sfc-nsh-24: (with DISCUSS and COMMENT) Thread-Index: AQHTOAYHYSdlQhRLx0q1fm9NlsjUoKLKl8uA Date: Thu, 28 Sep 2017 14:02:18 +0000 Message-ID: References: <150656766105.13740.10127057899137745873.idtracker@ietfa.amsl.com> In-Reply-To: <150656766105.13740.10127057899137745873.idtracker@ietfa.amsl.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-exchange-messagesentrepresentingtype: 1 x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [10.150.6.172] Content-Type: text/plain; charset="utf-8" Content-ID: <7DC1DBB13825E444B62F53FFE4368E7D@emea.cisco.com> Content-Transfer-Encoding: base64 MIME-Version: 1.0 Archived-At: Subject: Re: [sfc] Eric Rescorla's Discuss on draft-ietf-sfc-nsh-24: (with DISCUSS and COMMENT) X-BeenThere: sfc@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Network Service Chaining List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 Sep 2017 14:02:23 -0000 SGksIEVyaWMsDQoNCj4gT24gU2VwIDI3LCAyMDE3LCBhdCAxMTowMSBQTSwgRXJpYyBSZXNjb3Js YSA8ZWtyQHJ0Zm0uY29tPiB3cm90ZToNCj4gDQo+IEVyaWMgUmVzY29ybGEgaGFzIGVudGVyZWQg dGhlIGZvbGxvd2luZyBiYWxsb3QgcG9zaXRpb24gZm9yDQo+IGRyYWZ0LWlldGYtc2ZjLW5zaC0y NDogRGlzY3Vzcw0KPiANCj4gV2hlbiByZXNwb25kaW5nLCBwbGVhc2Uga2VlcCB0aGUgc3ViamVj dCBsaW5lIGludGFjdCBhbmQgcmVwbHkgdG8gYWxsDQo+IGVtYWlsIGFkZHJlc3NlcyBpbmNsdWRl ZCBpbiB0aGUgVG8gYW5kIENDIGxpbmVzLiAoRmVlbCBmcmVlIHRvIGN1dCB0aGlzDQo+IGludHJv ZHVjdG9yeSBwYXJhZ3JhcGgsIGhvd2V2ZXIuKQ0KPiANCj4gDQo+IFBsZWFzZSByZWZlciB0byBo dHRwczovL3d3dy5pZXRmLm9yZy9pZXNnL3N0YXRlbWVudC9kaXNjdXNzLWNyaXRlcmlhLmh0bWwN Cj4gZm9yIG1vcmUgaW5mb3JtYXRpb24gYWJvdXQgSUVTRyBESVNDVVNTIGFuZCBDT01NRU5UIHBv c2l0aW9ucy4NCj4gDQo+IA0KPiBUaGUgZG9jdW1lbnQsIGFsb25nIHdpdGggb3RoZXIgYmFsbG90 IHBvc2l0aW9ucywgY2FuIGJlIGZvdW5kIGhlcmU6DQo+IGh0dHBzOi8vZGF0YXRyYWNrZXIuaWV0 Zi5vcmcvZG9jL2RyYWZ0LWlldGYtc2ZjLW5zaC8NCj4gDQo+IA0KPiANCj4gLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LQ0KPiBESVNDVVNTOg0KPiAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQo+IA0KPiBJIGNvbmN1ciB3aXRoIEthdGhs ZWVuJ3MgRElTQ1VTUy4gVG8gc3RhdGUgbXkgdmlldyBvZiB0aGluZ3M6DQoNClRoYW5rcy4gSXQg aXMgaW1wb3J0YW50IHRvIGRpc2N1c3MgdGhlIHNlY3VyaXR5IGNvbnNpZGVyYXRpb25zIGZvciBO U0ggKGMuZi4sIHNlcnZpY2UgY2hhaW5pbmcgdG9kYXkpLCBhbmQgc2VlIGhvdyB3ZSBjYW4gaW1w cm92ZSB0aGUgdGV4dCwgaWYgaXQgaXMgbm90IGNvbnZleWluZyB3aGF0IGl0IG5lZWRzIHRvLg0K DQo+IA0KPiAxLiBUaGUgYXNzdW1wdGlvbiB0aGF0IHRoZSBkYXRhY2VudGVyIGlzIGEgc2VjdXJl IGVudmlyb25tZW50IGlzIG5vdCBhDQo+IHJlYXNvbmFibGUgb25lLg0KDQpUaGF0IGlzICpub3Qq IHdoYXQgdGhlIGRyYWZ0IHNheXMhDQoNCiAgIEhvd2V2ZXIsIHRoZSBkZXBsb3ltZW50IHNjb3Bl IChhcyBkZWZpbmVkIGluIFtSRkM3NjY1XSkgb2YgdGhlIE5TSA0KICAgZW5jYXBzdWxhdGlvbiBp cyBsaW1pdGVkIHRvIGEgc2luZ2xlIG5ldHdvcmsgYWRtaW5pc3RyYXRpdmUgZG9tYWluIGFzDQog ICBhIGNvbnRyb2xsZWQgZW52aXJvbm1lbnQsIHdpdGggdHJ1c3RlZCBkZXZpY2VzIChlLmcuLCBh IGRhdGEgY2VudGVyKQ0KICAgaGVuY2UgbWl0aWdhdGluZyB0aGUgcmlzayBvZiB1bmF1dGhvcml6 ZWQgbWFuaXB1bGF0aW9uIG9mIHRoZQ0KICAgZW5jYXBzdWxhdGlvbiBoZWFkZXJzIG9yIG1ldGFk YXRhLg0KDQpJdCBzYXlzIOKAnG1pdGlnYXRpbmcgdGhlIHJpc2vigJ0uIEl0IGRvZXMgbm90IHNh eSDigJxpdCBpcyBhIHNlY3VyZSBlbnZpcm9ubWVudOKAnS4NCg0KU28sIHRvIGFkZHJlc3MgdGhl IHBvcnRpb24gb2YgdGhlIHJpc2sgdGhhdCBpcyAqbm90KiBtaXRpZ2F0ZWQgYnkgdGhhdCBhc3N1 bXB0aW9uLCB3ZSBoYXZlIHRoZSByZXN0IG9mIHRoZSB0ZXh0Lg0KDQo+IEFzIEthdGhsZWVuIGFu ZCBBZGFtIGJvdGggb2JzZXJ2ZXIsIGRhdGFjZW50ZXINCj4gYnJlYWNoZXMgYXJlIGNvbW1vbiBh bmQgdGhhdCBpcyB3aHkgcGVvcGxlIGFyZSBtb3ZpbmcgdG93YXJkcw0KPiBlbmNyeXB0aW9uIGlu c2lkZSB0aGUgZGF0YSBjZW50ZXIuIEkgc2VlIHRoYXQgdGhpcyBkcmFmdCBoYXMgdGV4dA0KPiBj bGFpbWluZyB0aGF0IHRoaXMgaXMgb25seSB0byBiZSBkZXBsb3llZCBpbiBzYWZlIGVudmlyb25t ZW50cywNCg0KQ1BJR05BVEEtTS1UMzBROm5zaCBjcGlnbmF0YSQgZ3JlcCBzYWZlIGRyYWZ0LWll dGYtc2ZjLW5zaC0yNC50eHQgDQpDUElHTkFUQS1NLVQzMFE6bnNoIGNwaWduYXRhJCANCg0KVGhl IHdvcmQg4oCcc2FmZeKAnSBpcyBub3QgcHJlc2VudCBpbiB0aGUgZG9jdW1lbnQuLi4NCg0KPiBi dXQgd2UNCj4ga25vdyB0aGF0IHRlY2hub2xvZ2llcyBsaWtlIHRoaXMgZ2V0IGRlcGxveWVkIG91 dHNpZGUgdGhlIGxvY2F0aW9ucw0KPiBmb3Igd2hpY2ggd2UgY2xhaW0gdGhleSBhcmUgdG8gYmUg ZGVwbG95ZWQsIGFuZCB0aGVyZSdzIG5vdGhpbmcgaGVyZQ0KPiB0byBzdG9wIHRoYXQuIE1vcmVv dmVyLCB0aGUgd2hvbGUgdHJlbmQgdG93YXJkcyBjbG91ZCBjb21wdXRpbmcgcHVzaGVzDQo+IHVz IGF3YXkgZnJvbSBkZXNpZ25zIGluIHdoaWNoIHlvdSBjYW4gc2FmZWx5IHRhbGsgYWJvdXQgc2lu Z2xlIHNlY3VyZQ0KPiB6b25lcy4NCj4gDQo+IDIuIFRoZSB0ZXh0IGluIFMgOC4xIGFib3V0IGhv dyB5b3UgbWlnaHQgd2FudCB0byB1c2Ugc29tZSBraW5kIG9mDQo+IHRyYW5zcG9ydCBzZWN1cml0 eSBkb2VzIG5vdCBzZWVtIHN1ZmZpY2llbnQuDQoNCkp1c3QgdG8gdW5kZXJzdGFuZOKApiB3aHkg aXQgZG9lcyBub3Qgc2VlbSBzdWZmaWNpZW50PyBQYWNrZXRzIG92ZXIgdGhlIERDIHdvdWxkIGJl IGVuY3J5cHRlZC4NCg0KPiBBcyBhYm92ZSwgd2Uga25vdyB0aGF0IGlmDQo+IHdlIGRvbid0IHNw ZWNpZnkgc29tZXRoaW5nLCBwZW9wbGUgd2lsbCBkZXBsb3kgdGhpcyB0ZWNobm9sb2d5IGluDQo+ IGluc2VjdXJlIHNldHRpbmdzIHdpdGhvdXQgYW55IGtpbmQgb2Ygc2VjdXJpdHkuDQo+IA0KDQpB Z2FpbiwgdGhhdCBpcyAqbm90KiB3aGF0IHRoZSBkb2N1bWVudCBzYXlzLg0KDQpBbmQgZnJhbmts eSwgdGhlIGRvY3VtZW50IGdpdmVzIGd1aWRhbmNlIHRvIHBlb3BsZSBkZXBsb3lpbmcgdGhpcy4g DQoNCj4gSSBjb25jdXIgd2l0aCBLYXRobGVlbidzIHBvaW50IHRoYXQgdGhpcyBkb2N1bWVudCBz aG91bGQgcHJvdmlkZQ0KPiBidWlsdC1pbiBzZWN1cml0eSBtZWNoYW5pc21zIHJhdGhlciB0aGFu IGp1c3QgcHVudGluZyB0byB0aGUNCj4gdW5kZXItbGF5ZXIuIEdpdmVuIHRoYXQgYXMgUyAxIG1h a2VzIGNsZWFyLCBhbGwgdGhlc2UgU0ZzIGFyZSBwYXJ0IG9mDQo+IHRoZSBzYW1lIGFkbWluaXN0 cmF0aXZlIGRvbWFpbiwgdGhpcyBzZWVtcyBsaWtlIGEgY29tcGFyYXRpdmVseSBsZXNzDQo+IGNo YWxsZW5naW5nIHNldHRpbmcuIElmIHRoZXJlIGlzIHNvbWUgcmVhc29uIHdoeSB0aGF0J3MgaW5m ZWFzaWJsZSwNCj4gdGhhdCBuZWVkcyB0byBiZSBleHBsYWluZWQuDQo+IA0KDQpCb3Jyb3dpbmcg ZnJvbSBhIHByZXZpb3VzIHJlc3BvbnNlOg0KDQpUaGUgZHJhZnQgY3VycmVudGx5IHNheXM6DQoN CiAgT3BlcmF0b3JzIFNIT1VMRCB0aGVuIHNlbGVjdCBhIHRyYW5zcG9ydA0KICBlbmNhcHN1bGF0 aW9uIHByb3RvY29sIHN1Y2ggYXMgb25lIHRoYXQgc3VwcG9ydHMgW1JGQzYwNzFdIHRvIHByb3Zp ZGUNCiAgdGhlIG5lZWRlZCBwcm90ZWN0aW9uIChlLmcuLCBhdXRoZW50aWNpdHksIGNvbmZpZGVu dGlhbGl0eSkgZm9yIHRoZQ0KICB0cmFmZmljIGJldHdlZW4gU0ZDIGNvbXBvbmVudHMuDQoNCkFu ZCB0aGVuIHNheXM6DQoNCiAgT25lIHVzZWZ1bCBlbGVtZW50IG9mIHByb3ZpZGluZyBwcml2YWN5 IHByb3RlY3Rpb24gZm9yIHNlbnNpdGl2ZQ0KICBtZXRhZGF0YSBpcyBkZXNjcmliZWQgdW5kZXIg dGhlICJTRkMgRW5jYXBzdWxhdGlvbiIgYXJlYSBvZiB0aGUNCiAgU2VjdXJpdHkgQ29uc2lkZXJh dGlvbnMgb2YgW1JGQzc2NjVdLiAgT3BlcmF0b3JzIGNhbiBhbmQgc2hvdWxkIHVzZQ0KICBpbmRp cmVjdCBpZGVudGlmaWNhdGlvbiBmb3IgbWV0YWRhdGEgZGVlbWVkIHRvIGJlIHNlbnNpdGl2ZSAo c3VjaCBhcw0KICBwZXJzb25hbGx5IGlkZW50aWZ5aW5nIGluZm9ybWF0aW9uKSBzaWduaWZpY2Fu dGx5IG1pdGlnYXRpbmcgdGhlIHJpc2sNCiAgb2YgcHJpdmFjeSB2aW9sYXRpb24uIA0KDQpBbmQg dGhlbiBmdXJ0aGVyIHNheXM6DQoNCiAgRm9yIHRob3NlIHNpdHVhdGlvbnMgd2hlcmUgb2JmdXNj YXRpb24gaXMgZWl0aGVyIGluYXBwbGljYWJsZSBvcg0KICBqdWRnZWQgdG8gYmUgaW5zdWZmaWNp ZW50LCBhbiBvcGVyYXRvciBjYW4gYWxzbyBlbmNyeXB0IHRoZSBtZXRhZGF0YS4NCiAgQW4gYXBw cm9hY2ggdG8gYW4gb3B0aW9uYWwgY2FwYWJpbGl0eSB0byBkbyB0aGlzIHdhcyBleHBsb3JlZCBp bg0KICBbSS1ELnJlZGR5LXNmYy1uc2gtZW5jcnlwdF0uICBGb3Igb3RoZXIgc2l0dWF0aW9ucyB3 aGVyZSBncmVhdGVyDQogIGFzc3VyYW5jZSBpcyBkZXNpcmVkLCBvcHRpb25hbCBtZWNoYW5pc21z IHN1Y2ggYXMNCiAgW0ktRC5icm9ja25lcnMtcHJvb2Ytb2YtdHJhbnNpdF0gY2FuIGJlIHVzZWQu DQoNClNvLCBmb2xsb3dpbmcgb24gW0ktRC5yZWRkeS1zZmMtbnNoLWVuY3J5cHRdLCBpdCBzYXlz Og0KDQogIFRoaXMgZHJhZnQgYWRkcyBhdXRoZW50aWNhdGlvbg0KICBhbmQgb3B0aW9uYWwgZW5j cnlwdGlvbiBkaXJlY3RseSB0byBOU0guICBUaGlzIHdheSBOU0ggZGF0YSBkb2VzIG5vdA0KICBo YXZlIHRvIHJlbHkgb24gdW5kZXJseWluZyB0cmFuc3BvcnQgZW5jYXBzdWxhdGlvbiBmb3Igc2Vj dXJpdHkgYW5kDQogIGNvbmZpZGVudGlhbGl0eS4NCg0KQW5kOg0KDQogIEFuIE5TSCBpbXBvc2Vy IGluc2VydHMgYW4gQXV0aGVudGljYXRpb24gVGFnIFRMViBmb3IgZGF0YSBvcmlnaW4NCiAgYXV0 aGVudGljYXRpb24gYW5kIGludGVncml0eSBwcm90ZWN0aW9uLg0KDQpBbGwgdGhlIHBpZWNlcyBh cmUgdGhlcmUuDQoNCj4gDQo+IC0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCj4gQ09NTUVOVDoNCj4gLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLQ0KPiANCg0KSSB3aWxsIHJlc3BvbmQgdG8gdGhlIGNvbW1lbnRzIG9uIHNlcGFyYXRlIGNv dmVyLg0KDQpUaGFua3MhDQoNCkNhcmxvcy4NCg0KPiBMaW5lIDE0Mw0KPiAgICAgICAgICAgICAg ICAgICAgIHwgICAgT3JpZ2luYWwgUGFja2V0IC8gRnJhbWUgICB8DQo+ICAgICAgICAgICAgICAg ICAgICAgKy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLSsNCj4gTml0OiBJIHdvdWxkIGhh dmUgZXhwZWN0ZWQgdGhpcyBzdGFjayB0byBnbyB0aGUgb3RoZXIgd2F5LCB3aXRoIFRFIG9uIHRo ZQ0KPiBib3R0b20uDQo+IA0KPiBMaW5lIDE2NQ0KPiAgIG92ZXJsYXkgZG9tYWluIHVzaW5nIHZp cnR1YWwgY29ubmVjdGlvbnMgYW5kIHR1bm5lbHMuICBBIGNvcm9sbGFyeSBpcw0KPiAgIHRoYXQg YSBuZXR3b3JrIGFkbWluaXN0cmF0aXZlIGRvbWFpbiBoYXMgYSB3ZWxsIGRlZmluZWQgcGVyaW1l dGVyLg0KPiBUaGlzIGlzIG5vdCBhIHJlYXNvbmFibGUgYXNzdW1wdGlvbiBpbiBtb2Rlcm4gZGF0 YWNlbnRlciBlbnZpcm9ubWVudHMsDQo+IGVzcGVjaWFsbHkgaWYgeW91IGhhdmUgdmlydHVhbGl6 ZWQgc2VydmljZXMuDQo+IA0KPiBMaW5lIDM3Mg0KPiAgIDEgcHJpb3IgdG8gTlNIIGZvcndhcmRp bmcgbG9va3VwLiAgRGVjcmVtZW50aW5nIGJ5IDEgZnJvbSBhbiBpbmNvbWluZw0KPiAgIHZhbHVl IG9mIDAgc2hhbGwgcmVzdWx0IGluIGEgVFRMIHZhbHVlIG9mIDYzLiAgVGhlIHBhY2tldCBNVVNU IE5PVCBiZQ0KPiAgIGZvcndhcmRlZCBpZiBUVEwgaXMsIGFmdGVyIGRlY3JlbWVudCwgMC4NCj4g SSBhbSBoYXZpbmcgdHJvdWJsZSBmb2xsb3dpbmcgdGhpcywgSXMgdGhlIHBvaW50IHRoYXQgSSBj YW4gZW1pdCBhIHBhY2tldCB3aXRoDQo+IFRUTCAwLCB3aGljaCBpcyBlZmZlY3RpdmVseSBUVEwg NjQ/DQo+IA0KPiBMaW5lIDM3NQ0KPiAgIFRoaXMgVFRMIGZpZWxkIGlzIHRoZSBwcmltYXJ5IGxv b3AgcHJldmVudGlvbiBUaGlzIFRUTCBtZWNoYW5pc20NCj4gICByZXByZXNlbnRzIGEgcm9idXN0 IGNvbXBsZW1lbnQgdG8gdGhlIFNlcnZpY2UgSW5kZXgsIGFzIHRoZSBUVEwgaXMNCj4gTml0OiAi cHJldmVudGlvbiBtZWNoYW5pc20uIFRoaXMiPw0KPiANCj4gTGluZSAzNzkNCj4gICBiZXR0ZXIs IGFsdGhvdWdoIG5vdCBwZXJmZWN0LCBpbnRlcm9wZXJhdGlvbiB3aXRoIHByZS1zdGFuZGFyZA0K PiAgIGltcGxlbWVudGF0aW9ucyB0aGF0IGRvIG5vdCBzdXBwb3J0IHRoaXMgVFRMIGZpZWxkLg0K PiBUaGlzIHBvaW50IHdvdWxkIGJlIGNsZWFyZXIgaWYgaXQgd2VyZSBtYWRlIGJlZm9yZSB0aGUg cnVsZSBhYm91dCBkZWNyZW1lbnQuDQo+IA0KPiBMaW5lIDQwMw0KPiAgIDB4MCAtIFRoaXMgaXMg YSByZXNlcnZlZCB2YWx1ZS4gIEltcGxlbWVudGF0aW9ucyBTSE9VTEQgc2lsZW50bHkNCj4gICBk aXNjYXJkIHBhY2tldHMgd2l0aCBNRCBUeXBlIDB4MC4NCj4gV2h5IGlzIHRoaXMgYSBTSE9VTEQg YW5kIG5vdCBhIE1VU1Q/IFRoYXQgc2VlbXMgbGlrZSBpdCB3aWxsIGNyZWF0ZSBwb3RlbnRpYWwN Cj4gaW50ZXJvcCBwcm9ibGVtcy4NCj4gDQo+IExpbmUgNjUxDQo+ICAgICAgIGVuY2Fwc3VsYXRl ZCBwYWNrZXQuICBJdCBpcyB0aGVyZWZvcmUgdGhlIGxhc3Qgbm9kZSBvcGVyYXRpbmcgb24NCj4g ICAgICAgdGhlIHNlcnZpY2UgaGVhZGVyLg0KPiBDYW4geW91IGFsc28gbmVzdCBOU0hzPw0KPiAN Cj4gDQoNCg== From nobody Thu Sep 28 07:09:33 2017 Return-Path: X-Original-To: sfc@ietfa.amsl.com Delivered-To: sfc@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 43256133209; Thu, 28 Sep 2017 07:09:18 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -14.52 X-Spam-Level: X-Spam-Status: No, score=-14.52 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id r1lF3JNFxWWF; Thu, 28 Sep 2017 07:09:10 -0700 (PDT) Received: from alln-iport-4.cisco.com (alln-iport-4.cisco.com [173.37.142.91]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A171C133079; Thu, 28 Sep 2017 07:09:09 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=6860; q=dns/txt; s=iport; t=1506607749; x=1507817349; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=pJp3pI35yFizM9VHkHaxiaFth/qTz1kaqih2cN/3iaI=; b=dklzGqPG8PFIx0reLrfohCCDQx+H3xfRbkjsDV9R1MBWlrOdB54gqi19 CrZWAbVb0D9Ja0QaJp4+SWYrkmQZTnzjpOcjGqzeouGzCgNHjWQksVvWV 3oH7pDrCLPokpk4fHunpI4hg6htvKMifndJwc18lHVxW0SNN/IpDfvf74 c=; X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0D5AQAoAc1Z/5NdJa1dGQEBAQEBAQEBA?= =?us-ascii?q?QEBBwEBAQEBg1xkbicHg3GZfoF2ljmCBAojhRgCGoQGVwECAQEBAQECayiFGAE?= =?us-ascii?q?BAQECAQ4VETEUBQsCAQYCDgoCAiYCAgIwFRACBA4FiikIEIh6nWaCJ4sEAQEBA?= =?us-ascii?q?QEBAQEBAQEBAQEBAQEBAQEBGAWBDoIdggKBUYFqK4FwgQ2EUQESAYMyL4IxBYo?= =?us-ascii?q?Sjj+IVwKHXI0CDIIHhW6DfocHlSACERkBgTgBV4EDC3gVWwGFPIFOdgGGUIEkg?= =?us-ascii?q?RABAQE?= X-IronPort-AV: E=Sophos;i="5.42,450,1500940800"; d="scan'208";a="9928482" Received: from rcdn-core-11.cisco.com ([173.37.93.147]) by alln-iport-4.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 28 Sep 2017 14:09:08 +0000 Received: from XCH-RTP-019.cisco.com (xch-rtp-019.cisco.com [64.101.220.159]) by rcdn-core-11.cisco.com (8.14.5/8.14.5) with ESMTP id v8SE9763022090 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Thu, 28 Sep 2017 14:09:08 GMT Received: from xch-rtp-020.cisco.com (64.101.220.160) by XCH-RTP-019.cisco.com (64.101.220.159) with Microsoft SMTP Server (TLS) id 15.0.1320.4; Thu, 28 Sep 2017 10:09:07 -0400 Received: from xch-rtp-020.cisco.com ([64.101.220.160]) by XCH-RTP-020.cisco.com ([64.101.220.160]) with mapi id 15.00.1320.000; Thu, 28 Sep 2017 10:09:07 -0400 From: "Carlos Pignataro (cpignata)" To: Eric Rescorla CC: The IESG , "draft-ietf-sfc-nsh@ietf.org" , "Joel M. Halpern" , "sfc-chairs@ietf.org" , "sfc@ietf.org" Thread-Topic: Eric Rescorla's Discuss on draft-ietf-sfc-nsh-24: (with DISCUSS and COMMENT) Thread-Index: AQHTOAYHYSdlQhRLx0q1fm9NlsjUoKLKmbGA Date: Thu, 28 Sep 2017 14:09:07 +0000 Message-ID: References: <150656766105.13740.10127057899137745873.idtracker@ietfa.amsl.com> In-Reply-To: <150656766105.13740.10127057899137745873.idtracker@ietfa.amsl.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-exchange-messagesentrepresentingtype: 1 x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [10.150.6.172] Content-Type: text/plain; charset="utf-8" Content-ID: <2ADE4891086A9A47BCCA2A49F15C2AA4@emea.cisco.com> Content-Transfer-Encoding: base64 MIME-Version: 1.0 Archived-At: Subject: Re: [sfc] Eric Rescorla's Discuss on draft-ietf-sfc-nsh-24: (with DISCUSS and COMMENT) X-BeenThere: sfc@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Network Service Chaining List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 Sep 2017 14:09:18 -0000 SGkgRXJpYywNCg0KUmVzcG9uZGluZyB0byB0aGUgQ09NTUVOVFMgcGFydCBvZiB5b3VyIGJhbGxv dCBub3cuIA0KDQpUaGFua3MgYWdhaW4gZm9yIHRoZSB0aG9yb3VnaCByZWFkIGFuZCByZXZpZXcg b2YgdGhlc2UgY29tbWVudHMuDQoNCj4gT24gU2VwIDI3LCAyMDE3LCBhdCAxMTowMSBQTSwgRXJp YyBSZXNjb3JsYSA8ZWtyQHJ0Zm0uY29tPiB3cm90ZToNCj4gDQo+IEVyaWMgUmVzY29ybGEgaGFz IGVudGVyZWQgdGhlIGZvbGxvd2luZyBiYWxsb3QgcG9zaXRpb24gZm9yDQo+IGRyYWZ0LWlldGYt c2ZjLW5zaC0yNDogRGlzY3Vzcw0KPiANCj4gV2hlbiByZXNwb25kaW5nLCBwbGVhc2Uga2VlcCB0 aGUgc3ViamVjdCBsaW5lIGludGFjdCBhbmQgcmVwbHkgdG8gYWxsDQo+IGVtYWlsIGFkZHJlc3Nl cyBpbmNsdWRlZCBpbiB0aGUgVG8gYW5kIENDIGxpbmVzLiAoRmVlbCBmcmVlIHRvIGN1dCB0aGlz DQo+IGludHJvZHVjdG9yeSBwYXJhZ3JhcGgsIGhvd2V2ZXIuKQ0KPiANCj4gDQo+IFBsZWFzZSBy ZWZlciB0byBodHRwczovL3d3dy5pZXRmLm9yZy9pZXNnL3N0YXRlbWVudC9kaXNjdXNzLWNyaXRl cmlhLmh0bWwNCj4gZm9yIG1vcmUgaW5mb3JtYXRpb24gYWJvdXQgSUVTRyBESVNDVVNTIGFuZCBD T01NRU5UIHBvc2l0aW9ucy4NCj4gDQo+IA0KPiBUaGUgZG9jdW1lbnQsIGFsb25nIHdpdGggb3Ro ZXIgYmFsbG90IHBvc2l0aW9ucywgY2FuIGJlIGZvdW5kIGhlcmU6DQo+IGh0dHBzOi8vZGF0YXRy YWNrZXIuaWV0Zi5vcmcvZG9jL2RyYWZ0LWlldGYtc2ZjLW5zaC8NCj4gDQo+IA0KPiANCj4gLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLQ0KPiBESVNDVVNTOg0KPiAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQo+IA0KPiBJIGNvbmN1ciB3 aXRoIEthdGhsZWVuJ3MgRElTQ1VTUy4gVG8gc3RhdGUgbXkgdmlldyBvZiB0aGluZ3M6DQo+IA0K PiAxLiBUaGUgYXNzdW1wdGlvbiB0aGF0IHRoZSBkYXRhY2VudGVyIGlzIGEgc2VjdXJlIGVudmly b25tZW50IGlzIG5vdCBhDQo+IHJlYXNvbmFibGUgb25lLiBBcyBLYXRobGVlbiBhbmQgQWRhbSBi b3RoIG9ic2VydmVyLCBkYXRhY2VudGVyDQo+IGJyZWFjaGVzIGFyZSBjb21tb24gYW5kIHRoYXQg aXMgd2h5IHBlb3BsZSBhcmUgbW92aW5nIHRvd2FyZHMNCj4gZW5jcnlwdGlvbiBpbnNpZGUgdGhl IGRhdGEgY2VudGVyLiBJIHNlZSB0aGF0IHRoaXMgZHJhZnQgaGFzIHRleHQNCj4gY2xhaW1pbmcg dGhhdCB0aGlzIGlzIG9ubHkgdG8gYmUgZGVwbG95ZWQgaW4gc2FmZSBlbnZpcm9ubWVudHMsIGJ1 dCB3ZQ0KPiBrbm93IHRoYXQgdGVjaG5vbG9naWVzIGxpa2UgdGhpcyBnZXQgZGVwbG95ZWQgb3V0 c2lkZSB0aGUgbG9jYXRpb25zDQo+IGZvciB3aGljaCB3ZSBjbGFpbSB0aGV5IGFyZSB0byBiZSBk ZXBsb3llZCwgYW5kIHRoZXJlJ3Mgbm90aGluZyBoZXJlDQo+IHRvIHN0b3AgdGhhdC4gTW9yZW92 ZXIsIHRoZSB3aG9sZSB0cmVuZCB0b3dhcmRzIGNsb3VkIGNvbXB1dGluZyBwdXNoZXMNCj4gdXMg YXdheSBmcm9tIGRlc2lnbnMgaW4gd2hpY2ggeW91IGNhbiBzYWZlbHkgdGFsayBhYm91dCBzaW5n bGUgc2VjdXJlDQo+IHpvbmVzLg0KPiANCj4gMi4gVGhlIHRleHQgaW4gUyA4LjEgYWJvdXQgaG93 IHlvdSBtaWdodCB3YW50IHRvIHVzZSBzb21lIGtpbmQgb2YNCj4gdHJhbnNwb3J0IHNlY3VyaXR5 IGRvZXMgbm90IHNlZW0gc3VmZmljaWVudC4gQXMgYWJvdmUsIHdlIGtub3cgdGhhdCBpZg0KPiB3 ZSBkb24ndCBzcGVjaWZ5IHNvbWV0aGluZywgcGVvcGxlIHdpbGwgZGVwbG95IHRoaXMgdGVjaG5v bG9neSBpbg0KPiBpbnNlY3VyZSBzZXR0aW5ncyB3aXRob3V0IGFueSBraW5kIG9mIHNlY3VyaXR5 Lg0KPiANCj4gSSBjb25jdXIgd2l0aCBLYXRobGVlbidzIHBvaW50IHRoYXQgdGhpcyBkb2N1bWVu dCBzaG91bGQgcHJvdmlkZQ0KPiBidWlsdC1pbiBzZWN1cml0eSBtZWNoYW5pc21zIHJhdGhlciB0 aGFuIGp1c3QgcHVudGluZyB0byB0aGUNCj4gdW5kZXItbGF5ZXIuIEdpdmVuIHRoYXQgYXMgUyAx IG1ha2VzIGNsZWFyLCBhbGwgdGhlc2UgU0ZzIGFyZSBwYXJ0IG9mDQo+IHRoZSBzYW1lIGFkbWlu aXN0cmF0aXZlIGRvbWFpbiwgdGhpcyBzZWVtcyBsaWtlIGEgY29tcGFyYXRpdmVseSBsZXNzDQo+ IGNoYWxsZW5naW5nIHNldHRpbmcuIElmIHRoZXJlIGlzIHNvbWUgcmVhc29uIHdoeSB0aGF0J3Mg aW5mZWFzaWJsZSwNCj4gdGhhdCBuZWVkcyB0byBiZSBleHBsYWluZWQuDQo+IA0KPiANCj4gLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLQ0KPiBDT01NRU5UOg0KPiAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQo+IA0KPiBMaW5lIDE0Mw0K PiAgICAgICAgICAgICAgICAgICAgIHwgICAgT3JpZ2luYWwgUGFja2V0IC8gRnJhbWUgICB8DQo+ ICAgICAgICAgICAgICAgICAgICAgKy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLSsNCj4g Tml0OiBJIHdvdWxkIGhhdmUgZXhwZWN0ZWQgdGhpcyBzdGFjayB0byBnbyB0aGUgb3RoZXIgd2F5 LCB3aXRoIFRFIG9uIHRoZQ0KPiBib3R0b20uDQo+IA0KDQpJIGtub3csIGFuZCBwcm9iYWJseSB5 b3UgYW5kIHJvdWdobHkgaGFsZiBvZiB0aGUgcmVhZGVycy4gSSBzdXNwZWN0IHRoYXQgdGhlIG90 aGVyIGhhbGYgd291bGQgbGlrZSBpdCBhcy1pcy4gVGFicyBvciBzcGFjZXM/IENhbm9uIG9yIE5p a29uPyBBcHBsZSBvciBXaW5kb3dzPyBUaGVzZSBwcm9iYWJseSBmYWxsIHVuZGVyIHRoZSBzYW1l IGNhdGVnb3J5LiBUaGUgaW1wb3J0YW50IHRoaW5nIGlzIHRoYXQgdGhlIGRlc2NyaXB0aW9uIG9m IHRoZSBsYXllcnMgYXJlIGNsZWFyLg0KDQo+IExpbmUgMTY1DQo+ICAgb3ZlcmxheSBkb21haW4g dXNpbmcgdmlydHVhbCBjb25uZWN0aW9ucyBhbmQgdHVubmVscy4gIEEgY29yb2xsYXJ5IGlzDQo+ ICAgdGhhdCBhIG5ldHdvcmsgYWRtaW5pc3RyYXRpdmUgZG9tYWluIGhhcyBhIHdlbGwgZGVmaW5l ZCBwZXJpbWV0ZXIuDQo+IFRoaXMgaXMgbm90IGEgcmVhc29uYWJsZSBhc3N1bXB0aW9uIGluIG1v ZGVybiBkYXRhY2VudGVyIGVudmlyb25tZW50cywNCj4gZXNwZWNpYWxseSBpZiB5b3UgaGF2ZSB2 aXJ0dWFsaXplZCBzZXJ2aWNlcy4NCj4gDQoNClRoZSBwZXJpbWV0ZXIgd291bGQgYmUgdmlydHVh bGl6ZWQgYnV0IHdlbGwgZGVmaW5lZC4gTm8/DQoNCj4gTGluZSAzNzINCj4gICAxIHByaW9yIHRv IE5TSCBmb3J3YXJkaW5nIGxvb2t1cC4gIERlY3JlbWVudGluZyBieSAxIGZyb20gYW4gaW5jb21p bmcNCj4gICB2YWx1ZSBvZiAwIHNoYWxsIHJlc3VsdCBpbiBhIFRUTCB2YWx1ZSBvZiA2My4gIFRo ZSBwYWNrZXQgTVVTVCBOT1QgYmUNCj4gICBmb3J3YXJkZWQgaWYgVFRMIGlzLCBhZnRlciBkZWNy ZW1lbnQsIDAuDQo+IEkgYW0gaGF2aW5nIHRyb3VibGUgZm9sbG93aW5nIHRoaXMsIElzIHRoZSBw b2ludCB0aGF0IEkgY2FuIGVtaXQgYSBwYWNrZXQgd2l0aA0KPiBUVEwgMCwgd2hpY2ggaXMgZWZm ZWN0aXZlbHkgVFRMIDY0Pw0KDQpUaGUgdGV4dCBzYXlzIHRoYXQgaWYgeW91IGRlY3JlbWVudCB0 byB6ZXJvIHlvdSBjYW5ub3QgZm9yd2FyZC4NCg0KPiANCj4gTGluZSAzNzUNCj4gICBUaGlzIFRU TCBmaWVsZCBpcyB0aGUgcHJpbWFyeSBsb29wIHByZXZlbnRpb24gVGhpcyBUVEwgbWVjaGFuaXNt DQo+ICAgcmVwcmVzZW50cyBhIHJvYnVzdCBjb21wbGVtZW50IHRvIHRoZSBTZXJ2aWNlIEluZGV4 LCBhcyB0aGUgVFRMIGlzDQo+IE5pdDogInByZXZlbnRpb24gbWVjaGFuaXNtLiBUaGlz4oCdPw0K DQpHcmVhdCBjYXRjaCEgVGhhbmtzIQ0KDQo+IA0KDQo+IExpbmUgMzc5DQo+ICAgYmV0dGVyLCBh bHRob3VnaCBub3QgcGVyZmVjdCwgaW50ZXJvcGVyYXRpb24gd2l0aCBwcmUtc3RhbmRhcmQNCj4g ICBpbXBsZW1lbnRhdGlvbnMgdGhhdCBkbyBub3Qgc3VwcG9ydCB0aGlzIFRUTCBmaWVsZC4NCj4g VGhpcyBwb2ludCB3b3VsZCBiZSBjbGVhcmVyIGlmIGl0IHdlcmUgbWFkZSBiZWZvcmUgdGhlIHJ1 bGUgYWJvdXQgZGVjcmVtZW50Lg0KPiANCg0KSSBhbSB2ZXJ5IGhlc2l0YW50IHRvIHJlLW9yZ2Fu aXplIHRoaXMgdGV4dCwgYmVjYXVzZSBpdCByZXByZXNlbnRzIGEgZGVsaWNhdGUgYmFsYW5jZSBv ZiBjb21wcm9taXNlIGZyb20gdGhlIFdHLg0KDQo+IExpbmUgNDAzDQo+ICAgMHgwIC0gVGhpcyBp cyBhIHJlc2VydmVkIHZhbHVlLiAgSW1wbGVtZW50YXRpb25zIFNIT1VMRCBzaWxlbnRseQ0KPiAg IGRpc2NhcmQgcGFja2V0cyB3aXRoIE1EIFR5cGUgMHgwLg0KPiBXaHkgaXMgdGhpcyBhIFNIT1VM RCBhbmQgbm90IGEgTVVTVD8gVGhhdCBzZWVtcyBsaWtlIGl0IHdpbGwgY3JlYXRlIHBvdGVudGlh bA0KPiBpbnRlcm9wIHByb2JsZW1zLg0KDQpCZWNhdXNlIHdlIGFjaGlldmUgdGhlIGdvYWwgb2Yg ZGlzY2FyZGluZyB3aXRoIHRoZSBsZWFzdCBhbW91bnQgb2Yg4oCcZm9yY2XigJ0g4oCUIHdpdGhv dXQgY29tcGxldGVseSBsb2NraW5nIHRoZSBkb29yIGFuZCB0aHJvd2luZyBhd2F5IHRoZSBrZXku DQoNCj4gDQo+IExpbmUgNjUxDQo+ICAgICAgIGVuY2Fwc3VsYXRlZCBwYWNrZXQuICBJdCBpcyB0 aGVyZWZvcmUgdGhlIGxhc3Qgbm9kZSBvcGVyYXRpbmcgb24NCj4gICAgICAgdGhlIHNlcnZpY2Ug aGVhZGVyLg0KPiBDYW4geW91IGFsc28gbmVzdCBOU0hzPw0KPiANCg0KVGhhbmtzIGZvciB0aGUg cXVlc3Rpb24uIFdlIHJlcGxpZWQgdG8gU3VyZXNoIG9uIHRoZSBzYW1lIHRvcGljLg0KDQpOb3Qg b24gdGlzIHNwZWMsIGJ1dCBiZWluZyBjb25zaWRlcmVkIGJ5IHRoZSBXRyBvbiBkcmFmdC1pZXRm LXNmYy1oaWVyYXJjaGljYWwuDQoNClRoYW5rcyENCg0K4oCUIENhcmxvcy4NCg0KPiANCg0K From nobody Thu Sep 28 07:11:42 2017 Return-Path: X-Original-To: sfc@ietfa.amsl.com Delivered-To: sfc@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4007413473F; Thu, 28 Sep 2017 07:11:41 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.999 X-Spam-Level: X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KOobX2KWbWzA; Thu, 28 Sep 2017 07:11:34 -0700 (PDT) Received: from mail-pf0-x22b.google.com (mail-pf0-x22b.google.com [IPv6:2607:f8b0:400e:c00::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 646411331D7; Thu, 28 Sep 2017 07:11:34 -0700 (PDT) Received: by mail-pf0-x22b.google.com with SMTP id r71so914630pfe.12; Thu, 28 Sep 2017 07:11:34 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=GV9scsXFSfGfxEHm5jwItbeG2j5RdOTjEv6ddgJUBnQ=; b=NDmMHa9o56iahvPoTRild7yCAKqbPevS2L4xgUy3ml39iKQp+15sTmi3d0hKS/fy/a bX4GbCfe9wduo2orA9WehaiwRq7SWyFcjFRfvb0JkUJUY75A1NiQ6Y9nZaYv58imVbnO nqxkY8Md1sputXs0x5HHeIVMZKlnJv8ABHrZg9wvZi9qmzNt5ZNycWhfjY1bAitZ15Bx cC+64ncDkFGXZrMZIaXyBZL4v8FEIduqBfoXsTgkOt6jY/yQV/X0vWRSxH3YH2qJczPn dnOd811bFtaA3GQBfDgaD67GBfrBq65LSABwFWg54w+WAPD9TLHRKgu2zJ9rOECF55Nu qD8g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=GV9scsXFSfGfxEHm5jwItbeG2j5RdOTjEv6ddgJUBnQ=; b=Rec8WVy0e7qZPwueaOB1t2v14ANlPDWYg6El/eX0aQwluOynMp2OZ0I/joEqSJX3FW LkXY4/RhxBrvqPXx7D7M2x2PRsnGa+fMaWXVHJSDN8iwMi2WiNRQzYXyoMjw4FwGLMa9 hc3yfUi5wcnxGbhxhHhSYww+ush6Fy9Nu4ygwv1C8jMRaOyAwrsYhG2QLtjxQlFVzyZ0 ikRnMJlgVvXIYVPHO7GJlWse/Wkbxw356J1ruFBSJCfG1tfZfpegjZdEf0GL/hr/KS0w vcqxFdRIpS+et8ZfdBvG87DausarqJefnXML4hq21VlJ44AHoiJ8blaD2rj2lFuEL+ef dEaQ== X-Gm-Message-State: AHPjjUjC7swzQq9CXdhvFLzpOwxHD6pq9k194jOtMOVrifApBwPnbAg9 6H+BzZjb/PJHGlsbT4NnoaGPgO7PAkNJRM3t3mk= X-Google-Smtp-Source: AOwi7QDs2Fba3aOvpnNUrn+cqzxtvNtsdGpgyKe1wW1kwGRvMQ6Guw0R7v5AtVtLkd3JUsTZV0icrcuIqejLe5vdgk8= X-Received: by 10.84.130.47 with SMTP id 44mr4155156plc.171.1506607893864; Thu, 28 Sep 2017 07:11:33 -0700 (PDT) MIME-Version: 1.0 Received: by 10.100.134.8 with HTTP; Thu, 28 Sep 2017 07:10:53 -0700 (PDT) In-Reply-To: References: <150656766105.13740.10127057899137745873.idtracker@ietfa.amsl.com> From: Kathleen Moriarty Date: Thu, 28 Sep 2017 10:10:53 -0400 Message-ID: To: "Carlos Pignataro (cpignata)" Cc: Eric Rescorla , "draft-ietf-sfc-nsh@ietf.org" , "Joel M. Halpern" , "sfc-chairs@ietf.org" , The IESG , "sfc@ietf.org" Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Archived-At: Subject: Re: [sfc] Eric Rescorla's Discuss on draft-ietf-sfc-nsh-24: (with DISCUSS and COMMENT) X-BeenThere: sfc@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Network Service Chaining List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 Sep 2017 14:11:41 -0000 Hi Carlos, Just a quick comment, I think what you are seeing here is similar to how we worked through the layering confusion. The text as-written is read differently by security people and those outside of the WG. It's really common to get into a grove of language usage within a group that is not understood in the same way outside of the group. While the expressions EKR includes below are not directly in the draft, this is how we read it, and are concerned with the damage that could be done with this protocol. If MPLS is used similarly instead, yes, it will have the same issues, but you also won't have a secure option if this is done with the same security (or lack thereof) as MPLS. Best regards, Kathleen On Thu, Sep 28, 2017 at 10:02 AM, Carlos Pignataro (cpignata) wrote: > Hi, Eric, > >> On Sep 27, 2017, at 11:01 PM, Eric Rescorla wrote: >> >> Eric Rescorla has entered the following ballot position for >> draft-ietf-sfc-nsh-24: Discuss >> >> When responding, please keep the subject line intact and reply to all >> email addresses included in the To and CC lines. (Feel free to cut this >> introductory paragraph, however.) >> >> >> Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.htm= l >> for more information about IESG DISCUSS and COMMENT positions. >> >> >> The document, along with other ballot positions, can be found here: >> https://datatracker.ietf.org/doc/draft-ietf-sfc-nsh/ >> >> >> >> ---------------------------------------------------------------------- >> DISCUSS: >> ---------------------------------------------------------------------- >> >> I concur with Kathleen's DISCUSS. To state my view of things: > > Thanks. It is important to discuss the security considerations for NSH (c= .f., service chaining today), and see how we can improve the text, if it is= not conveying what it needs to. > >> >> 1. The assumption that the datacenter is a secure environment is not a >> reasonable one. > > That is *not* what the draft says! > > However, the deployment scope (as defined in [RFC7665]) of the NSH > encapsulation is limited to a single network administrative domain as > a controlled environment, with trusted devices (e.g., a data center) > hence mitigating the risk of unauthorized manipulation of the > encapsulation headers or metadata. > > It says =E2=80=9Cmitigating the risk=E2=80=9D. It does not say =E2=80=9Ci= t is a secure environment=E2=80=9D. > > So, to address the portion of the risk that is *not* mitigated by that as= sumption, we have the rest of the text. > >> As Kathleen and Adam both observer, datacenter >> breaches are common and that is why people are moving towards >> encryption inside the data center. I see that this draft has text >> claiming that this is only to be deployed in safe environments, > > CPIGNATA-M-T30Q:nsh cpignata$ grep safe draft-ietf-sfc-nsh-24.txt > CPIGNATA-M-T30Q:nsh cpignata$ > > The word =E2=80=9Csafe=E2=80=9D is not present in the document... > >> but we >> know that technologies like this get deployed outside the locations >> for which we claim they are to be deployed, and there's nothing here >> to stop that. Moreover, the whole trend towards cloud computing pushes >> us away from designs in which you can safely talk about single secure >> zones. >> >> 2. The text in S 8.1 about how you might want to use some kind of >> transport security does not seem sufficient. > > Just to understand=E2=80=A6 why it does not seem sufficient? Packets over= the DC would be encrypted. > >> As above, we know that if >> we don't specify something, people will deploy this technology in >> insecure settings without any kind of security. >> > > Again, that is *not* what the document says. > > And frankly, the document gives guidance to people deploying this. > >> I concur with Kathleen's point that this document should provide >> built-in security mechanisms rather than just punting to the >> under-layer. Given that as S 1 makes clear, all these SFs are part of >> the same administrative domain, this seems like a comparatively less >> challenging setting. If there is some reason why that's infeasible, >> that needs to be explained. >> > > Borrowing from a previous response: > > The draft currently says: > > Operators SHOULD then select a transport > encapsulation protocol such as one that supports [RFC6071] to provide > the needed protection (e.g., authenticity, confidentiality) for the > traffic between SFC components. > > And then says: > > One useful element of providing privacy protection for sensitive > metadata is described under the "SFC Encapsulation" area of the > Security Considerations of [RFC7665]. Operators can and should use > indirect identification for metadata deemed to be sensitive (such as > personally identifying information) significantly mitigating the risk > of privacy violation. > > And then further says: > > For those situations where obfuscation is either inapplicable or > judged to be insufficient, an operator can also encrypt the metadata. > An approach to an optional capability to do this was explored in > [I-D.reddy-sfc-nsh-encrypt]. For other situations where greater > assurance is desired, optional mechanisms such as > [I-D.brockners-proof-of-transit] can be used. > > So, following on [I-D.reddy-sfc-nsh-encrypt], it says: > > This draft adds authentication > and optional encryption directly to NSH. This way NSH data does not > have to rely on underlying transport encapsulation for security and > confidentiality. > > And: > > An NSH imposer inserts an Authentication Tag TLV for data origin > authentication and integrity protection. > > All the pieces are there. > >> >> ---------------------------------------------------------------------- >> COMMENT: >> ---------------------------------------------------------------------- >> > > I will respond to the comments on separate cover. > > Thanks! > > Carlos. > >> Line 143 >> | Original Packet / Frame | >> +------------------------------+ >> Nit: I would have expected this stack to go the other way, with TE on th= e >> bottom. >> >> Line 165 >> overlay domain using virtual connections and tunnels. A corollary is >> that a network administrative domain has a well defined perimeter. >> This is not a reasonable assumption in modern datacenter environments, >> especially if you have virtualized services. >> >> Line 372 >> 1 prior to NSH forwarding lookup. Decrementing by 1 from an incoming >> value of 0 shall result in a TTL value of 63. The packet MUST NOT be >> forwarded if TTL is, after decrement, 0. >> I am having trouble following this, Is the point that I can emit a packe= t with >> TTL 0, which is effectively TTL 64? >> >> Line 375 >> This TTL field is the primary loop prevention This TTL mechanism >> represents a robust complement to the Service Index, as the TTL is >> Nit: "prevention mechanism. This"? >> >> Line 379 >> better, although not perfect, interoperation with pre-standard >> implementations that do not support this TTL field. >> This point would be clearer if it were made before the rule about decrem= ent. >> >> Line 403 >> 0x0 - This is a reserved value. Implementations SHOULD silently >> discard packets with MD Type 0x0. >> Why is this a SHOULD and not a MUST? That seems like it will create pote= ntial >> interop problems. >> >> Line 651 >> encapsulated packet. It is therefore the last node operating on >> the service header. >> Can you also nest NSHs? >> >> > --=20 Best regards, Kathleen From nobody Thu Sep 28 07:24:31 2017 Return-Path: X-Original-To: sfc@ietfa.amsl.com Delivered-To: sfc@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 04335133057; Thu, 28 Sep 2017 07:24:29 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.618 X-Spam-Level: X-Spam-Status: No, score=-2.618 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id H-zvnVeuTIhm; Thu, 28 Sep 2017 07:24:22 -0700 (PDT) Received: from relais-inet.orange.com (mta240.mail.business.static.orange.com [80.12.66.40]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9D5C81332C8; Thu, 28 Sep 2017 07:24:21 -0700 (PDT) Received: from opfedar04.francetelecom.fr (unknown [xx.xx.xx.6]) by opfedar26.francetelecom.fr (ESMTP service) with ESMTP id 48E381C0376; Thu, 28 Sep 2017 16:24:20 +0200 (CEST) Received: from Exchangemail-eme2.itn.ftgroup (unknown [xx.xx.31.63]) by opfedar04.francetelecom.fr (ESMTP service) with ESMTP id 257C340082; Thu, 28 Sep 2017 16:24:20 +0200 (CEST) Received: from OPEXCLILMA3.corporate.adroot.infra.ftgroup ([fe80::60a9:abc3:86e6:2541]) by OPEXCLILM6E.corporate.adroot.infra.ftgroup ([::1]) with mapi id 14.03.0361.001; Thu, 28 Sep 2017 16:24:19 +0200 From: To: Benoit Claise , The IESG CC: "j.schoenwaelder@jacobs-university.de" , "draft-ietf-sfc-nsh@ietf.org" , "jmh@joelhalpern.com" , "sfc-chairs@ietf.org" , "sfc@ietf.org" Thread-Topic: [sfc] Benoit Claise's No Objection on draft-ietf-sfc-nsh-25: (with COMMENT) Thread-Index: AQHTOGF/rMDNztBHFUuV7ZITX83d/aLKViQQ Date: Thu, 28 Sep 2017 14:24:18 +0000 Message-ID: <787AE7BB302AE849A7480A190F8B93300A04B8EE@OPEXCLILMA3.corporate.adroot.infra.ftgroup> References: <150660694562.13704.5074073969102470694.idtracker@ietfa.amsl.com> In-Reply-To: <150660694562.13704.5074073969102470694.idtracker@ietfa.amsl.com> Accept-Language: fr-FR, en-US Content-Language: fr-FR X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.168.234.1] Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Archived-At: Subject: Re: [sfc] Benoit Claise's No Objection on draft-ietf-sfc-nsh-25: (with COMMENT) X-BeenThere: sfc@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Network Service Chaining List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 Sep 2017 14:24:29 -0000 Hi Benoit,=20 Please see inline. Cheers, Med > -----Message d'origine----- > De=A0: sfc [mailto:sfc-bounces@ietf.org] De la part de Benoit Claise > Envoy=E9=A0: jeudi 28 septembre 2017 15:56 > =C0=A0: The IESG > Cc=A0: j.schoenwaelder@jacobs-university.de; draft-ietf-sfc-nsh@ietf.org; > jmh@joelhalpern.com; sfc-chairs@ietf.org; sfc@ietf.org > Objet=A0: [sfc] Benoit Claise's No Objection on draft-ietf-sfc-nsh-25: (w= ith > COMMENT) >=20 > Benoit Claise has entered the following ballot position for > draft-ietf-sfc-nsh-25: No Objection >=20 > When responding, please keep the subject line intact and reply to all > email addresses included in the To and CC lines. (Feel free to cut this > introductory paragraph, however.) >=20 >=20 > Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html > for more information about IESG DISCUSS and COMMENT positions. >=20 >=20 > The document, along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/draft-ietf-sfc-nsh/ >=20 >=20 >=20 > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- >=20 > - Section 2.5.1., you might want to mention that no metadata are specifie= d > at > this point in time. [Med] Aren't these mentions sufficient?=20 This specification does not make any assumption about Context Headers that are mandatory-to-implement or those that are mandatory-to- process. And=20 No initial values are assigned at the creation of the registry. Indeed, "New IETF Assigned Optional Variable Length > Metadata Type Registry is specified in this doc., but empty >=20 > - Section 2.3 > OPS question: SPI must be unique per admin domain? Otherwise, you're > looking > for trouble, right? This would be typically addressed in an "Operational > Considerations" section. Where is my "Operational Considerations" > section...? [Med] Already covered in the SFC architecture (RFC 7665): SFFs maintain the requisite SFP forwarding information. SFP forwarding information is associated with a service path identifier that is used to uniquely identify an SFP. >=20 > - Section 2.4 > Fixed length metadata. >=20 > This specification does not make any assumptions about the content of > the 16 byte Context Header that must be present when the MD Type > field is set to 1, and does not describe the structure or meaning of > the included metadata. >=20 > An SFC-aware SF MUST receive the data semantics first in order to > process the data placed in the mandatory context field. The data > semantics include both the allocation schema and the meaning of the > included data. >=20 > I understand that the order of the metadata in the Fixed Length Context > Header > is important, right? [Med] The notion of order in the opaque 16-byte block does not make in this= spec. How that block is structured is really out of scope.=20 Should it be mentioned? [Med] I don't think so. I understand that the fixed > length > metadata are specific per service, and that's the reason why there is no > IANA > for fixed length. Should this be mentioned? [Med] The agreement in the WG is to publish documents specifying MD#1 as in= formational documents. IANA is not involved in this process, because there = is no expected action with regards to MD#1 context headers.=20 >=20 > - if you publish a new version, change the order of these two paragraphs: >=20 > Unassigned bits: All other flag fields, marked U, are unassigned and > available for future use, see Section 11.2.1. Unassigned bits MUST > be set to zero upon origination, and MUST be ignored and preserved > unmodified by other NSH supporting elements. At reception, all > elements MUST NOT modify their actions based on these unknown bits. >=20 > Length: The total length, in 4-byte words, of the NSH including the > Base Header, the Service Path Header, the Fixed Length Context Header > or Variable Length Context Header(s). The length MUST be 0x6 for MD > Type equal to 0x1, and MUST be 0x2 or greater for MD Type equal to > 0x2. The length of the NSH header MUST be an integer multiple of 4 > bytes, thus variable length metadata is always padded out to a > multiple of 4 bytes. >=20 > Lacking some time before the telechat, but not worth deferring (there are > enough DISCUSS'). FYI, I arrived at section 5. >=20 >=20 > _______________________________________________ > sfc mailing list > sfc@ietf.org > https://www.ietf.org/mailman/listinfo/sfc From nobody Thu Sep 28 07:39:58 2017 Return-Path: X-Original-To: sfc@ietfa.amsl.com Delivered-To: sfc@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 16A2712EC30; Thu, 28 Sep 2017 07:39:56 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -14.519 X-Spam-Level: X-Spam-Status: No, score=-14.519 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GGwrcoogINLV; Thu, 28 Sep 2017 07:39:53 -0700 (PDT) Received: from rcdn-iport-2.cisco.com (rcdn-iport-2.cisco.com [173.37.86.73]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1FF5D13217D; Thu, 28 Sep 2017 07:39:53 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=18768; q=dns/txt; s=iport; t=1506609593; x=1507819193; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=Hmo1ero6pOPaRa5st6VJANQ39iyRerf8BxnbeVB6R5k=; b=M8x0vHagdX4MtuGlbBdLnlfKQfDoS3AymLxjVf8qIVMn1uRFw6s6ENdK vf/Tp+lCtf9Zg/IWPOyZNzdk0smT4lOxrtaJCaGicJwdGkFj8IUcjZ4+H WP4j/7rDkzDzTo1zEtpDRKriEH6vlzXl18i+/1k+zS+C6hEfplcSBSdfO M=; X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0DzAADUCM1Z/4cNJK1TChkBAQEBAQEBA?= =?us-ascii?q?QEBAQcBAQEBAYNcZG4nB4Nxih+PX4F2kG2FPg6CBAoYAQqFGAIahAY/GAECAQE?= =?us-ascii?q?BAQEBAWsohRkCAQMBASFLCxACAQgOAgItAwICAiULFAMOAgQOBYlNZBCmXIIni?= =?us-ascii?q?wIBAQEBAQEBAQEBAQEBAQEBAQEBAQEYBYMrggKBUYFqK4J9hFEBBwsBgzIvgjE?= =?us-ascii?q?FihKOP4hXAodcg12JJYIThW6LBZUgAhEZAYE4AR84gQMLeBVJEgGFBB+BZ3YBh?= =?us-ascii?q?lCBJIEQAQEB?= X-IronPort-AV: E=Sophos;i="5.42,450,1500940800"; d="scan'208,217";a="304137940" Received: from alln-core-2.cisco.com ([173.36.13.135]) by rcdn-iport-2.cisco.com with ESMTP/TLS/DHE-RSA-AES256-SHA; 28 Sep 2017 14:39:51 +0000 Received: from XCH-RTP-009.cisco.com (xch-rtp-009.cisco.com [64.101.220.149]) by alln-core-2.cisco.com (8.14.5/8.14.5) with ESMTP id v8SEdps2032320 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Thu, 28 Sep 2017 14:39:52 GMT Received: from xch-rtp-020.cisco.com (64.101.220.160) by XCH-RTP-009.cisco.com (64.101.220.149) with Microsoft SMTP Server (TLS) id 15.0.1320.4; Thu, 28 Sep 2017 10:39:50 -0400 Received: from xch-rtp-020.cisco.com ([64.101.220.160]) by XCH-RTP-020.cisco.com ([64.101.220.160]) with mapi id 15.00.1320.000; Thu, 28 Sep 2017 10:39:50 -0400 From: "Carlos Pignataro (cpignata)" To: Med Boucadair CC: "Benoit Claise (bclaise)" , The IESG , "j.schoenwaelder@jacobs-university.de" , "draft-ietf-sfc-nsh@ietf.org" , "Joel M. Halpern" , "sfc-chairs@ietf.org" , "sfc@ietf.org" Thread-Topic: [sfc] Benoit Claise's No Objection on draft-ietf-sfc-nsh-25: (with COMMENT) Thread-Index: AQHTOGF9KzlmGnAElku/rh4d1wFuUqLKnTsAgAAEVoA= Date: Thu, 28 Sep 2017 14:39:50 +0000 Message-ID: References: <150660694562.13704.5074073969102470694.idtracker@ietfa.amsl.com> <787AE7BB302AE849A7480A190F8B93300A04B8EE@OPEXCLILMA3.corporate.adroot.infra.ftgroup> In-Reply-To: <787AE7BB302AE849A7480A190F8B93300A04B8EE@OPEXCLILMA3.corporate.adroot.infra.ftgroup> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-exchange-messagesentrepresentingtype: 1 x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [10.150.6.172] Content-Type: multipart/alternative; boundary="_000_A090BB19ECCE40F9AFF3F152F3AB2909ciscocom_" MIME-Version: 1.0 Archived-At: Subject: Re: [sfc] Benoit Claise's No Objection on draft-ietf-sfc-nsh-25: (with COMMENT) X-BeenThere: sfc@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Network Service Chaining List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 Sep 2017 14:39:56 -0000 --_000_A090BB19ECCE40F9AFF3F152F3AB2909ciscocom_ Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 SGkgQmVub2l0LA0KDQpUaGVyZSBpcyBvbmUgZmluYWwgY29tbWVudCBiZWxvdyB0aGF0IHJlbWFp bmVkIHdpdGhvdXQgYSByZXNwb25zZToNCg0KT24gU2VwIDI4LCAyMDE3LCBhdCAxMDoyNCBBTSwg bW9oYW1lZC5ib3VjYWRhaXJAb3JhbmdlLmNvbTxtYWlsdG86bW9oYW1lZC5ib3VjYWRhaXJAb3Jh bmdlLmNvbT4gd3JvdGU6DQoNCkhpIEJlbm9pdCwNCg0KUGxlYXNlIHNlZSBpbmxpbmUuDQoNCkNo ZWVycywNCk1lZA0KDQotLS0tLU1lc3NhZ2UgZCdvcmlnaW5lLS0tLS0NCkRlIDogc2ZjIFttYWls dG86c2ZjLWJvdW5jZXNAaWV0Zi5vcmddIERlIGxhIHBhcnQgZGUgQmVub2l0IENsYWlzZQ0KRW52 b3nDqSA6IGpldWRpIDI4IHNlcHRlbWJyZSAyMDE3IDE1OjU2DQrDgCA6IFRoZSBJRVNHDQpDYyA6 IGouc2Nob2Vud2FlbGRlckBqYWNvYnMtdW5pdmVyc2l0eS5kZTxtYWlsdG86ai5zY2hvZW53YWVs ZGVyQGphY29icy11bml2ZXJzaXR5LmRlPjsgZHJhZnQtaWV0Zi1zZmMtbnNoQGlldGYub3JnPG1h aWx0bzpkcmFmdC1pZXRmLXNmYy1uc2hAaWV0Zi5vcmc+Ow0Kam1oQGpvZWxoYWxwZXJuLmNvbTxt YWlsdG86am1oQGpvZWxoYWxwZXJuLmNvbT47IHNmYy1jaGFpcnNAaWV0Zi5vcmc8bWFpbHRvOnNm Yy1jaGFpcnNAaWV0Zi5vcmc+OyBzZmNAaWV0Zi5vcmc8bWFpbHRvOnNmY0BpZXRmLm9yZz4NCk9i amV0IDogW3NmY10gQmVub2l0IENsYWlzZSdzIE5vIE9iamVjdGlvbiBvbiBkcmFmdC1pZXRmLXNm Yy1uc2gtMjU6ICh3aXRoDQpDT01NRU5UKQ0KDQpCZW5vaXQgQ2xhaXNlIGhhcyBlbnRlcmVkIHRo ZSBmb2xsb3dpbmcgYmFsbG90IHBvc2l0aW9uIGZvcg0KZHJhZnQtaWV0Zi1zZmMtbnNoLTI1OiBO byBPYmplY3Rpb24NCg0KV2hlbiByZXNwb25kaW5nLCBwbGVhc2Uga2VlcCB0aGUgc3ViamVjdCBs aW5lIGludGFjdCBhbmQgcmVwbHkgdG8gYWxsDQplbWFpbCBhZGRyZXNzZXMgaW5jbHVkZWQgaW4g dGhlIFRvIGFuZCBDQyBsaW5lcy4gKEZlZWwgZnJlZSB0byBjdXQgdGhpcw0KaW50cm9kdWN0b3J5 IHBhcmFncmFwaCwgaG93ZXZlci4pDQoNCg0KUGxlYXNlIHJlZmVyIHRvIGh0dHBzOi8vd3d3Lmll dGYub3JnL2llc2cvc3RhdGVtZW50L2Rpc2N1c3MtY3JpdGVyaWEuaHRtbA0KZm9yIG1vcmUgaW5m b3JtYXRpb24gYWJvdXQgSUVTRyBESVNDVVNTIGFuZCBDT01NRU5UIHBvc2l0aW9ucy4NCg0KDQpU aGUgZG9jdW1lbnQsIGFsb25nIHdpdGggb3RoZXIgYmFsbG90IHBvc2l0aW9ucywgY2FuIGJlIGZv dW5kIGhlcmU6DQpodHRwczovL2RhdGF0cmFja2VyLmlldGYub3JnL2RvYy9kcmFmdC1pZXRmLXNm Yy1uc2gvDQoNCg0KDQotLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQpDT01NRU5UOg0KLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KDQot IFNlY3Rpb24gMi41LjEuLCB5b3UgbWlnaHQgd2FudCB0byBtZW50aW9uIHRoYXQgbm8gbWV0YWRh dGEgYXJlIHNwZWNpZmllZA0KYXQNCnRoaXMgcG9pbnQgaW4gdGltZS4NCg0KW01lZF0gQXJlbid0 IHRoZXNlIG1lbnRpb25zIHN1ZmZpY2llbnQ/DQoNCiAgVGhpcyBzcGVjaWZpY2F0aW9uIGRvZXMg bm90IG1ha2UgYW55IGFzc3VtcHRpb24gYWJvdXQgQ29udGV4dCBIZWFkZXJzDQogIHRoYXQgYXJl IG1hbmRhdG9yeS10by1pbXBsZW1lbnQgb3IgdGhvc2UgdGhhdCBhcmUgbWFuZGF0b3J5LXRvLQ0K ICBwcm9jZXNzLg0KDQpBbmQNCg0KICBObyBpbml0aWFsIHZhbHVlcyBhcmUgYXNzaWduZWQgYXQg dGhlIGNyZWF0aW9uIG9mIHRoZSByZWdpc3RyeS4NCg0KSW5kZWVkLCAiTmV3IElFVEYgQXNzaWdu ZWQgT3B0aW9uYWwgVmFyaWFibGUgTGVuZ3RoDQpNZXRhZGF0YSBUeXBlIFJlZ2lzdHJ5IGlzIHNw ZWNpZmllZCBpbiB0aGlzIGRvYy4sIGJ1dCBlbXB0eQ0KDQotIFNlY3Rpb24gMi4zDQpPUFMgcXVl c3Rpb246IFNQSSBtdXN0IGJlIHVuaXF1ZSBwZXIgYWRtaW4gZG9tYWluPyBPdGhlcndpc2UsIHlv dSdyZQ0KbG9va2luZw0KZm9yIHRyb3VibGUsIHJpZ2h0PyBUaGlzIHdvdWxkIGJlIHR5cGljYWxs eSBhZGRyZXNzZWQgaW4gYW4gIk9wZXJhdGlvbmFsDQpDb25zaWRlcmF0aW9ucyIgc2VjdGlvbi4g V2hlcmUgaXMgbXkgIk9wZXJhdGlvbmFsIENvbnNpZGVyYXRpb25zIg0Kc2VjdGlvbi4uLj8NCg0K W01lZF0gQWxyZWFkeSBjb3ZlcmVkIGluIHRoZSBTRkMgYXJjaGl0ZWN0dXJlIChSRkMgNzY2NSk6 DQoNCiAgU0ZGcyBtYWludGFpbiB0aGUgcmVxdWlzaXRlIFNGUCBmb3J3YXJkaW5nIGluZm9ybWF0 aW9uLiAgU0ZQDQogIGZvcndhcmRpbmcgaW5mb3JtYXRpb24gaXMgYXNzb2NpYXRlZCB3aXRoIGEg c2VydmljZSBwYXRoIGlkZW50aWZpZXINCiAgdGhhdCBpcyB1c2VkIHRvIHVuaXF1ZWx5IGlkZW50 aWZ5IGFuIFNGUC4NCg0KDQotIFNlY3Rpb24gMi40DQpGaXhlZCBsZW5ndGggbWV0YWRhdGEuDQoN CiAgVGhpcyBzcGVjaWZpY2F0aW9uIGRvZXMgbm90IG1ha2UgYW55IGFzc3VtcHRpb25zIGFib3V0 IHRoZSBjb250ZW50IG9mDQogIHRoZSAxNiBieXRlIENvbnRleHQgSGVhZGVyIHRoYXQgbXVzdCBi ZSBwcmVzZW50IHdoZW4gdGhlIE1EIFR5cGUNCiAgZmllbGQgaXMgc2V0IHRvIDEsIGFuZCBkb2Vz IG5vdCBkZXNjcmliZSB0aGUgc3RydWN0dXJlIG9yIG1lYW5pbmcgb2YNCiAgdGhlIGluY2x1ZGVk IG1ldGFkYXRhLg0KDQogIEFuIFNGQy1hd2FyZSBTRiBNVVNUIHJlY2VpdmUgdGhlIGRhdGEgc2Vt YW50aWNzIGZpcnN0IGluIG9yZGVyIHRvDQogIHByb2Nlc3MgdGhlIGRhdGEgcGxhY2VkIGluIHRo ZSBtYW5kYXRvcnkgY29udGV4dCBmaWVsZC4gIFRoZSBkYXRhDQogIHNlbWFudGljcyBpbmNsdWRl IGJvdGggdGhlIGFsbG9jYXRpb24gc2NoZW1hIGFuZCB0aGUgbWVhbmluZyBvZiB0aGUNCiAgaW5j bHVkZWQgZGF0YS4NCg0KSSB1bmRlcnN0YW5kIHRoYXQgdGhlIG9yZGVyIG9mIHRoZSBtZXRhZGF0 YSBpbiB0aGUgRml4ZWQgTGVuZ3RoIENvbnRleHQNCkhlYWRlcg0KaXMgaW1wb3J0YW50LCByaWdo dD8NCg0KW01lZF0gVGhlIG5vdGlvbiBvZiBvcmRlciBpbiB0aGUgb3BhcXVlIDE2LWJ5dGUgYmxv Y2sgZG9lcyBub3QgbWFrZSBpbiB0aGlzIHNwZWMuIEhvdyB0aGF0IGJsb2NrIGlzIHN0cnVjdHVy ZWQgaXMgcmVhbGx5IG91dCBvZiBzY29wZS4NCg0KU2hvdWxkIGl0IGJlIG1lbnRpb25lZD8NCg0K W01lZF0gSSBkb24ndCB0aGluayBzby4NCg0KSSB1bmRlcnN0YW5kIHRoYXQgdGhlIGZpeGVkDQps ZW5ndGgNCm1ldGFkYXRhIGFyZSBzcGVjaWZpYyBwZXIgc2VydmljZSwgYW5kIHRoYXQncyB0aGUg cmVhc29uIHdoeSB0aGVyZSBpcyBubw0KSUFOQQ0KZm9yIGZpeGVkIGxlbmd0aC4gU2hvdWxkIHRo aXMgYmUgbWVudGlvbmVkPw0KDQpbTWVkXSBUaGUgYWdyZWVtZW50IGluIHRoZSBXRyBpcyB0byBw dWJsaXNoIGRvY3VtZW50cyBzcGVjaWZ5aW5nIE1EIzEgYXMgaW5mb3JtYXRpb25hbCBkb2N1bWVu dHMuIElBTkEgaXMgbm90IGludm9sdmVkIGluIHRoaXMgcHJvY2VzcywgYmVjYXVzZSB0aGVyZSBp cyBubyBleHBlY3RlZCBhY3Rpb24gd2l0aCByZWdhcmRzIHRvIE1EIzEgY29udGV4dCBoZWFkZXJz Lg0KDQoNCi0gaWYgeW91IHB1Ymxpc2ggYSBuZXcgdmVyc2lvbiwgY2hhbmdlIHRoZSBvcmRlciBv ZiB0aGVzZSB0d28gcGFyYWdyYXBoczoNCg0KRG9uZSAoaW4gdGhlIHdvcmtpbmcgY29weSkuDQoN Cg0KICBVbmFzc2lnbmVkIGJpdHM6IEFsbCBvdGhlciBmbGFnIGZpZWxkcywgbWFya2VkIFUsIGFy ZSB1bmFzc2lnbmVkIGFuZA0KICBhdmFpbGFibGUgZm9yIGZ1dHVyZSB1c2UsIHNlZSBTZWN0aW9u IDExLjIuMS4gIFVuYXNzaWduZWQgYml0cyBNVVNUDQogIGJlIHNldCB0byB6ZXJvIHVwb24gb3Jp Z2luYXRpb24sIGFuZCBNVVNUIGJlIGlnbm9yZWQgYW5kIHByZXNlcnZlZA0KICB1bm1vZGlmaWVk IGJ5IG90aGVyIE5TSCBzdXBwb3J0aW5nIGVsZW1lbnRzLiAgQXQgcmVjZXB0aW9uLCBhbGwNCiAg ZWxlbWVudHMgTVVTVCBOT1QgbW9kaWZ5IHRoZWlyIGFjdGlvbnMgYmFzZWQgb24gdGhlc2UgdW5r bm93biBiaXRzLg0KDQogIExlbmd0aDogVGhlIHRvdGFsIGxlbmd0aCwgaW4gNC1ieXRlIHdvcmRz LCBvZiB0aGUgTlNIIGluY2x1ZGluZyB0aGUNCiAgQmFzZSBIZWFkZXIsIHRoZSBTZXJ2aWNlIFBh dGggSGVhZGVyLCB0aGUgRml4ZWQgTGVuZ3RoIENvbnRleHQgSGVhZGVyDQogIG9yIFZhcmlhYmxl IExlbmd0aCBDb250ZXh0IEhlYWRlcihzKS4gIFRoZSBsZW5ndGggTVVTVCBiZSAweDYgZm9yIE1E DQogIFR5cGUgZXF1YWwgdG8gMHgxLCBhbmQgTVVTVCBiZSAweDIgb3IgZ3JlYXRlciBmb3IgTUQg VHlwZSBlcXVhbCB0bw0KICAweDIuICBUaGUgbGVuZ3RoIG9mIHRoZSBOU0ggaGVhZGVyIE1VU1Qg YmUgYW4gaW50ZWdlciBtdWx0aXBsZSBvZiA0DQogIGJ5dGVzLCB0aHVzIHZhcmlhYmxlIGxlbmd0 aCBtZXRhZGF0YSBpcyBhbHdheXMgcGFkZGVkIG91dCB0byBhDQogIG11bHRpcGxlIG9mIDQgYnl0 ZXMuDQoNCkxhY2tpbmcgc29tZSB0aW1lIGJlZm9yZSB0aGUgdGVsZWNoYXQsIGJ1dCBub3Qgd29y dGggZGVmZXJyaW5nICh0aGVyZSBhcmUNCmVub3VnaCBESVNDVVNTJykuIEZZSSwgSSBhcnJpdmVk IGF0IHNlY3Rpb24gNS4NCg0KDQpfX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f X19fX19fX19fXw0Kc2ZjIG1haWxpbmcgbGlzdA0Kc2ZjQGlldGYub3JnPG1haWx0bzpzZmNAaWV0 Zi5vcmc+DQpodHRwczovL3d3dy5pZXRmLm9yZy9tYWlsbWFuL2xpc3RpbmZvL3NmYw0KDQpUaGFu a3MhDQoNCkNhcmxvcy4NCg0K --_000_A090BB19ECCE40F9AFF3F152F3AB2909ciscocom_ Content-Type: text/html; charset="utf-8" Content-ID: <9375C879E95D9C4BA8BF64053746FBAE@emea.cisco.com> Content-Transfer-Encoding: base64 PGh0bWw+DQo8aGVhZD4NCjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIgY29udGVudD0i dGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Ij4NCjwvaGVhZD4NCjxib2R5IHN0eWxlPSJ3b3JkLXdy YXA6IGJyZWFrLXdvcmQ7IC13ZWJraXQtbmJzcC1tb2RlOiBzcGFjZTsgLXdlYmtpdC1saW5lLWJy ZWFrOiBhZnRlci13aGl0ZS1zcGFjZTsiIGNsYXNzPSIiPg0KSGkgQmVub2l0LA0KPGRpdiBjbGFz cz0iIj48YnIgY2xhc3M9IiI+DQo8L2Rpdj4NCjxkaXYgY2xhc3M9IiI+VGhlcmUgaXMgb25lIGZp bmFsIGNvbW1lbnQgYmVsb3cgdGhhdCByZW1haW5lZCB3aXRob3V0IGEgcmVzcG9uc2U6PGJyIGNs YXNzPSIiPg0KPGRpdiBjbGFzcz0iIj4NCjxkaXYgc3R5bGU9ImNvbG9yOiByZ2IoMCwgMCwgMCk7 IGxldHRlci1zcGFjaW5nOiBub3JtYWw7IHRleHQtYWxpZ246IHN0YXJ0OyB0ZXh0LWluZGVudDog MHB4OyB0ZXh0LXRyYW5zZm9ybTogbm9uZTsgd2hpdGUtc3BhY2U6IG5vcm1hbDsgd29yZC1zcGFj aW5nOiAwcHg7IC13ZWJraXQtdGV4dC1zdHJva2Utd2lkdGg6IDBweDsgd29yZC13cmFwOiBicmVh ay13b3JkOyAtd2Via2l0LW5ic3AtbW9kZTogc3BhY2U7IC13ZWJraXQtbGluZS1icmVhazogYWZ0 ZXItd2hpdGUtc3BhY2U7IiBjbGFzcz0iIj4NCjxiciBjbGFzcz0iIj4NCjwvZGl2Pg0KPC9kaXY+ DQo8ZGl2Pg0KPGJsb2NrcXVvdGUgdHlwZT0iY2l0ZSIgY2xhc3M9IiI+DQo8ZGl2IGNsYXNzPSIi Pk9uIFNlcCAyOCwgMjAxNywgYXQgMTA6MjQgQU0sIDxhIGhyZWY9Im1haWx0bzptb2hhbWVkLmJv dWNhZGFpckBvcmFuZ2UuY29tIiBjbGFzcz0iIj4NCm1vaGFtZWQuYm91Y2FkYWlyQG9yYW5nZS5j b208L2E+IHdyb3RlOjwvZGl2Pg0KPGJyIGNsYXNzPSJBcHBsZS1pbnRlcmNoYW5nZS1uZXdsaW5l Ij4NCjxkaXYgY2xhc3M9IiI+DQo8ZGl2IGNsYXNzPSIiPkhpIEJlbm9pdCwgPGJyIGNsYXNzPSIi Pg0KPGJyIGNsYXNzPSIiPg0KUGxlYXNlIHNlZSBpbmxpbmUuPGJyIGNsYXNzPSIiPg0KPGJyIGNs YXNzPSIiPg0KQ2hlZXJzLDxiciBjbGFzcz0iIj4NCk1lZDxiciBjbGFzcz0iIj4NCjxiciBjbGFz cz0iIj4NCjxibG9ja3F1b3RlIHR5cGU9ImNpdGUiIGNsYXNzPSIiPi0tLS0tTWVzc2FnZSBkJ29y aWdpbmUtLS0tLTxiciBjbGFzcz0iIj4NCkRlJm5ic3A7OiBzZmMgWzxhIGhyZWY9Im1haWx0bzpz ZmMtYm91bmNlc0BpZXRmLm9yZyIgY2xhc3M9IiI+bWFpbHRvOnNmYy1ib3VuY2VzQGlldGYub3Jn PC9hPl0gRGUgbGEgcGFydCBkZSBCZW5vaXQgQ2xhaXNlPGJyIGNsYXNzPSIiPg0KRW52b3nDqSZu YnNwOzogamV1ZGkgMjggc2VwdGVtYnJlIDIwMTcgMTU6NTY8YnIgY2xhc3M9IiI+DQrDgCZuYnNw OzogVGhlIElFU0c8YnIgY2xhc3M9IiI+DQpDYyZuYnNwOzogPGEgaHJlZj0ibWFpbHRvOmouc2No b2Vud2FlbGRlckBqYWNvYnMtdW5pdmVyc2l0eS5kZSIgY2xhc3M9IiI+ai5zY2hvZW53YWVsZGVy QGphY29icy11bml2ZXJzaXR5LmRlPC9hPjsNCjxhIGhyZWY9Im1haWx0bzpkcmFmdC1pZXRmLXNm Yy1uc2hAaWV0Zi5vcmciIGNsYXNzPSIiPmRyYWZ0LWlldGYtc2ZjLW5zaEBpZXRmLm9yZzwvYT47 PGJyIGNsYXNzPSIiPg0KPGEgaHJlZj0ibWFpbHRvOmptaEBqb2VsaGFscGVybi5jb20iIGNsYXNz PSIiPmptaEBqb2VsaGFscGVybi5jb208L2E+OyA8YSBocmVmPSJtYWlsdG86c2ZjLWNoYWlyc0Bp ZXRmLm9yZyIgY2xhc3M9IiI+DQpzZmMtY2hhaXJzQGlldGYub3JnPC9hPjsgPGEgaHJlZj0ibWFp bHRvOnNmY0BpZXRmLm9yZyIgY2xhc3M9IiI+c2ZjQGlldGYub3JnPC9hPjxiciBjbGFzcz0iIj4N Ck9iamV0Jm5ic3A7OiBbc2ZjXSBCZW5vaXQgQ2xhaXNlJ3MgTm8gT2JqZWN0aW9uIG9uIGRyYWZ0 LWlldGYtc2ZjLW5zaC0yNTogKHdpdGg8YnIgY2xhc3M9IiI+DQpDT01NRU5UKTxiciBjbGFzcz0i Ij4NCjxiciBjbGFzcz0iIj4NCkJlbm9pdCBDbGFpc2UgaGFzIGVudGVyZWQgdGhlIGZvbGxvd2lu ZyBiYWxsb3QgcG9zaXRpb24gZm9yPGJyIGNsYXNzPSIiPg0KZHJhZnQtaWV0Zi1zZmMtbnNoLTI1 OiBObyBPYmplY3Rpb248YnIgY2xhc3M9IiI+DQo8YnIgY2xhc3M9IiI+DQpXaGVuIHJlc3BvbmRp bmcsIHBsZWFzZSBrZWVwIHRoZSBzdWJqZWN0IGxpbmUgaW50YWN0IGFuZCByZXBseSB0byBhbGw8 YnIgY2xhc3M9IiI+DQplbWFpbCBhZGRyZXNzZXMgaW5jbHVkZWQgaW4gdGhlIFRvIGFuZCBDQyBs aW5lcy4gKEZlZWwgZnJlZSB0byBjdXQgdGhpczxiciBjbGFzcz0iIj4NCmludHJvZHVjdG9yeSBw YXJhZ3JhcGgsIGhvd2V2ZXIuKTxiciBjbGFzcz0iIj4NCjxiciBjbGFzcz0iIj4NCjxiciBjbGFz cz0iIj4NClBsZWFzZSByZWZlciB0byA8YSBocmVmPSJodHRwczovL3d3dy5pZXRmLm9yZy9pZXNn L3N0YXRlbWVudC9kaXNjdXNzLWNyaXRlcmlhLmh0bWwiIGNsYXNzPSIiPg0KaHR0cHM6Ly93d3cu aWV0Zi5vcmcvaWVzZy9zdGF0ZW1lbnQvZGlzY3Vzcy1jcml0ZXJpYS5odG1sPC9hPjxiciBjbGFz cz0iIj4NCmZvciBtb3JlIGluZm9ybWF0aW9uIGFib3V0IElFU0cgRElTQ1VTUyBhbmQgQ09NTUVO VCBwb3NpdGlvbnMuPGJyIGNsYXNzPSIiPg0KPGJyIGNsYXNzPSIiPg0KPGJyIGNsYXNzPSIiPg0K VGhlIGRvY3VtZW50LCBhbG9uZyB3aXRoIG90aGVyIGJhbGxvdCBwb3NpdGlvbnMsIGNhbiBiZSBm b3VuZCBoZXJlOjxiciBjbGFzcz0iIj4NCjxhIGhyZWY9Imh0dHBzOi8vZGF0YXRyYWNrZXIuaWV0 Zi5vcmcvZG9jL2RyYWZ0LWlldGYtc2ZjLW5zaC8iIGNsYXNzPSIiPmh0dHBzOi8vZGF0YXRyYWNr ZXIuaWV0Zi5vcmcvZG9jL2RyYWZ0LWlldGYtc2ZjLW5zaC88L2E+PGJyIGNsYXNzPSIiPg0KPGJy IGNsYXNzPSIiPg0KPGJyIGNsYXNzPSIiPg0KPGJyIGNsYXNzPSIiPg0KLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLTxi ciBjbGFzcz0iIj4NCkNPTU1FTlQ6PGJyIGNsYXNzPSIiPg0KLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLTxiciBjbGFz cz0iIj4NCjxiciBjbGFzcz0iIj4NCi0gU2VjdGlvbiAyLjUuMS4sIHlvdSBtaWdodCB3YW50IHRv IG1lbnRpb24gdGhhdCBubyBtZXRhZGF0YSBhcmUgc3BlY2lmaWVkPGJyIGNsYXNzPSIiPg0KYXQ8 YnIgY2xhc3M9IiI+DQp0aGlzIHBvaW50IGluIHRpbWUuPGJyIGNsYXNzPSIiPg0KPC9ibG9ja3F1 b3RlPg0KPGJyIGNsYXNzPSIiPg0KW01lZF0gQXJlbid0IHRoZXNlIG1lbnRpb25zIHN1ZmZpY2ll bnQ/IDxiciBjbGFzcz0iIj4NCjxiciBjbGFzcz0iIj4NCiZuYnNwOyZuYnNwO1RoaXMgc3BlY2lm aWNhdGlvbiBkb2VzIG5vdCBtYWtlIGFueSBhc3N1bXB0aW9uIGFib3V0IENvbnRleHQgSGVhZGVy czxiciBjbGFzcz0iIj4NCiZuYnNwOyZuYnNwO3RoYXQgYXJlIG1hbmRhdG9yeS10by1pbXBsZW1l bnQgb3IgdGhvc2UgdGhhdCBhcmUgbWFuZGF0b3J5LXRvLTxiciBjbGFzcz0iIj4NCiZuYnNwOyZu YnNwO3Byb2Nlc3MuPGJyIGNsYXNzPSIiPg0KPGJyIGNsYXNzPSIiPg0KQW5kIDxiciBjbGFzcz0i Ij4NCjxiciBjbGFzcz0iIj4NCiZuYnNwOyZuYnNwO05vIGluaXRpYWwgdmFsdWVzIGFyZSBhc3Np Z25lZCBhdCB0aGUgY3JlYXRpb24gb2YgdGhlIHJlZ2lzdHJ5LjxiciBjbGFzcz0iIj4NCjxiciBj bGFzcz0iIj4NCkluZGVlZCwgJnF1b3Q7TmV3IElFVEYgQXNzaWduZWQgT3B0aW9uYWwgVmFyaWFi bGUgTGVuZ3RoPGJyIGNsYXNzPSIiPg0KPGJsb2NrcXVvdGUgdHlwZT0iY2l0ZSIgY2xhc3M9IiI+ TWV0YWRhdGEgVHlwZSBSZWdpc3RyeSBpcyBzcGVjaWZpZWQgaW4gdGhpcyBkb2MuLCBidXQgZW1w dHk8YnIgY2xhc3M9IiI+DQo8YnIgY2xhc3M9IiI+DQotIFNlY3Rpb24gMi4zPGJyIGNsYXNzPSIi Pg0KT1BTIHF1ZXN0aW9uOiBTUEkgbXVzdCBiZSB1bmlxdWUgcGVyIGFkbWluIGRvbWFpbj8gT3Ro ZXJ3aXNlLCB5b3UncmU8YnIgY2xhc3M9IiI+DQpsb29raW5nPGJyIGNsYXNzPSIiPg0KZm9yIHRy b3VibGUsIHJpZ2h0PyBUaGlzIHdvdWxkIGJlIHR5cGljYWxseSBhZGRyZXNzZWQgaW4gYW4gJnF1 b3Q7T3BlcmF0aW9uYWw8YnIgY2xhc3M9IiI+DQpDb25zaWRlcmF0aW9ucyZxdW90OyBzZWN0aW9u LiBXaGVyZSBpcyBteSAmcXVvdDtPcGVyYXRpb25hbCBDb25zaWRlcmF0aW9ucyZxdW90OzxiciBj bGFzcz0iIj4NCnNlY3Rpb24uLi4/PGJyIGNsYXNzPSIiPg0KPC9ibG9ja3F1b3RlPg0KPGJyIGNs YXNzPSIiPg0KW01lZF0gQWxyZWFkeSBjb3ZlcmVkIGluIHRoZSBTRkMgYXJjaGl0ZWN0dXJlIChS RkMgNzY2NSk6PGJyIGNsYXNzPSIiPg0KPGJyIGNsYXNzPSIiPg0KJm5ic3A7Jm5ic3A7U0ZGcyBt YWludGFpbiB0aGUgcmVxdWlzaXRlIFNGUCBmb3J3YXJkaW5nIGluZm9ybWF0aW9uLiAmbmJzcDtT RlA8YnIgY2xhc3M9IiI+DQombmJzcDsmbmJzcDtmb3J3YXJkaW5nIGluZm9ybWF0aW9uIGlzIGFz c29jaWF0ZWQgd2l0aCBhIHNlcnZpY2UgcGF0aCBpZGVudGlmaWVyPGJyIGNsYXNzPSIiPg0KJm5i c3A7Jm5ic3A7dGhhdCBpcyB1c2VkIHRvIHVuaXF1ZWx5IGlkZW50aWZ5IGFuIFNGUC48YnIgY2xh c3M9IiI+DQo8YnIgY2xhc3M9IiI+DQo8YmxvY2txdW90ZSB0eXBlPSJjaXRlIiBjbGFzcz0iIj48 YnIgY2xhc3M9IiI+DQotIFNlY3Rpb24gMi40PGJyIGNsYXNzPSIiPg0KRml4ZWQgbGVuZ3RoIG1l dGFkYXRhLjxiciBjbGFzcz0iIj4NCjxiciBjbGFzcz0iIj4NCiZuYnNwOyZuYnNwO1RoaXMgc3Bl Y2lmaWNhdGlvbiBkb2VzIG5vdCBtYWtlIGFueSBhc3N1bXB0aW9ucyBhYm91dCB0aGUgY29udGVu dCBvZjxiciBjbGFzcz0iIj4NCiZuYnNwOyZuYnNwO3RoZSAxNiBieXRlIENvbnRleHQgSGVhZGVy IHRoYXQgbXVzdCBiZSBwcmVzZW50IHdoZW4gdGhlIE1EIFR5cGU8YnIgY2xhc3M9IiI+DQombmJz cDsmbmJzcDtmaWVsZCBpcyBzZXQgdG8gMSwgYW5kIGRvZXMgbm90IGRlc2NyaWJlIHRoZSBzdHJ1 Y3R1cmUgb3IgbWVhbmluZyBvZjxiciBjbGFzcz0iIj4NCiZuYnNwOyZuYnNwO3RoZSBpbmNsdWRl ZCBtZXRhZGF0YS48YnIgY2xhc3M9IiI+DQo8YnIgY2xhc3M9IiI+DQombmJzcDsmbmJzcDtBbiBT RkMtYXdhcmUgU0YgTVVTVCByZWNlaXZlIHRoZSBkYXRhIHNlbWFudGljcyBmaXJzdCBpbiBvcmRl ciB0bzxiciBjbGFzcz0iIj4NCiZuYnNwOyZuYnNwO3Byb2Nlc3MgdGhlIGRhdGEgcGxhY2VkIGlu IHRoZSBtYW5kYXRvcnkgY29udGV4dCBmaWVsZC4gJm5ic3A7VGhlIGRhdGE8YnIgY2xhc3M9IiI+ DQombmJzcDsmbmJzcDtzZW1hbnRpY3MgaW5jbHVkZSBib3RoIHRoZSBhbGxvY2F0aW9uIHNjaGVt YSBhbmQgdGhlIG1lYW5pbmcgb2YgdGhlPGJyIGNsYXNzPSIiPg0KJm5ic3A7Jm5ic3A7aW5jbHVk ZWQgZGF0YS48YnIgY2xhc3M9IiI+DQo8YnIgY2xhc3M9IiI+DQpJIHVuZGVyc3RhbmQgdGhhdCB0 aGUgb3JkZXIgb2YgdGhlIG1ldGFkYXRhIGluIHRoZSBGaXhlZCBMZW5ndGggQ29udGV4dDxiciBj bGFzcz0iIj4NCkhlYWRlcjxiciBjbGFzcz0iIj4NCmlzIGltcG9ydGFudCwgcmlnaHQ/PGJyIGNs YXNzPSIiPg0KPC9ibG9ja3F1b3RlPg0KPGJyIGNsYXNzPSIiPg0KW01lZF0gVGhlIG5vdGlvbiBv ZiBvcmRlciBpbiB0aGUgb3BhcXVlIDE2LWJ5dGUgYmxvY2sgZG9lcyBub3QgbWFrZSBpbiB0aGlz IHNwZWMuIEhvdyB0aGF0IGJsb2NrIGlzIHN0cnVjdHVyZWQgaXMgcmVhbGx5IG91dCBvZiBzY29w ZS4NCjxiciBjbGFzcz0iIj4NCjxiciBjbGFzcz0iIj4NClNob3VsZCBpdCBiZSBtZW50aW9uZWQ/ PGJyIGNsYXNzPSIiPg0KPGJyIGNsYXNzPSIiPg0KW01lZF0gSSBkb24ndCB0aGluayBzby48YnIg Y2xhc3M9IiI+DQo8YnIgY2xhc3M9IiI+DQpJIHVuZGVyc3RhbmQgdGhhdCB0aGUgZml4ZWQ8YnIg Y2xhc3M9IiI+DQo8YmxvY2txdW90ZSB0eXBlPSJjaXRlIiBjbGFzcz0iIj5sZW5ndGg8YnIgY2xh c3M9IiI+DQptZXRhZGF0YSBhcmUgc3BlY2lmaWMgcGVyIHNlcnZpY2UsIGFuZCB0aGF0J3MgdGhl IHJlYXNvbiB3aHkgdGhlcmUgaXMgbm88YnIgY2xhc3M9IiI+DQpJQU5BPGJyIGNsYXNzPSIiPg0K Zm9yIGZpeGVkIGxlbmd0aC4gU2hvdWxkIHRoaXMgYmUgbWVudGlvbmVkPzxiciBjbGFzcz0iIj4N CjwvYmxvY2txdW90ZT4NCjxiciBjbGFzcz0iIj4NCltNZWRdIFRoZSBhZ3JlZW1lbnQgaW4gdGhl IFdHIGlzIHRvIHB1Ymxpc2ggZG9jdW1lbnRzIHNwZWNpZnlpbmcgTUQjMSBhcyBpbmZvcm1hdGlv bmFsIGRvY3VtZW50cy4gSUFOQSBpcyBub3QgaW52b2x2ZWQgaW4gdGhpcyBwcm9jZXNzLCBiZWNh dXNlIHRoZXJlIGlzIG5vIGV4cGVjdGVkIGFjdGlvbiB3aXRoIHJlZ2FyZHMgdG8gTUQjMSBjb250 ZXh0IGhlYWRlcnMuDQo8YnIgY2xhc3M9IiI+DQo8YnIgY2xhc3M9IiI+DQo8YmxvY2txdW90ZSB0 eXBlPSJjaXRlIiBjbGFzcz0iIj48YnIgY2xhc3M9IiI+DQotIGlmIHlvdSBwdWJsaXNoIGEgbmV3 IHZlcnNpb24sIGNoYW5nZSB0aGUgb3JkZXIgb2YgdGhlc2UgdHdvIHBhcmFncmFwaHM6PGJyIGNs YXNzPSIiPg0KPC9ibG9ja3F1b3RlPg0KPC9kaXY+DQo8L2Rpdj4NCjwvYmxvY2txdW90ZT4NCjxk aXY+PGJyIGNsYXNzPSIiPg0KPC9kaXY+DQo8ZGl2PkRvbmUgKGluIHRoZSB3b3JraW5nIGNvcHkp LjwvZGl2Pg0KPGJyIGNsYXNzPSIiPg0KPGJsb2NrcXVvdGUgdHlwZT0iY2l0ZSIgY2xhc3M9IiI+ DQo8ZGl2IGNsYXNzPSIiPg0KPGRpdiBjbGFzcz0iIj4NCjxibG9ja3F1b3RlIHR5cGU9ImNpdGUi IGNsYXNzPSIiPjxiciBjbGFzcz0iIj4NCiZuYnNwOyZuYnNwO1VuYXNzaWduZWQgYml0czogQWxs IG90aGVyIGZsYWcgZmllbGRzLCBtYXJrZWQgVSwgYXJlIHVuYXNzaWduZWQgYW5kPGJyIGNsYXNz PSIiPg0KJm5ic3A7Jm5ic3A7YXZhaWxhYmxlIGZvciBmdXR1cmUgdXNlLCBzZWUgU2VjdGlvbiAx MS4yLjEuICZuYnNwO1VuYXNzaWduZWQgYml0cyBNVVNUPGJyIGNsYXNzPSIiPg0KJm5ic3A7Jm5i c3A7YmUgc2V0IHRvIHplcm8gdXBvbiBvcmlnaW5hdGlvbiwgYW5kIE1VU1QgYmUgaWdub3JlZCBh bmQgcHJlc2VydmVkPGJyIGNsYXNzPSIiPg0KJm5ic3A7Jm5ic3A7dW5tb2RpZmllZCBieSBvdGhl ciBOU0ggc3VwcG9ydGluZyBlbGVtZW50cy4gJm5ic3A7QXQgcmVjZXB0aW9uLCBhbGw8YnIgY2xh c3M9IiI+DQombmJzcDsmbmJzcDtlbGVtZW50cyBNVVNUIE5PVCBtb2RpZnkgdGhlaXIgYWN0aW9u cyBiYXNlZCBvbiB0aGVzZSB1bmtub3duIGJpdHMuPGJyIGNsYXNzPSIiPg0KPGJyIGNsYXNzPSIi Pg0KJm5ic3A7Jm5ic3A7TGVuZ3RoOiBUaGUgdG90YWwgbGVuZ3RoLCBpbiA0LWJ5dGUgd29yZHMs IG9mIHRoZSBOU0ggaW5jbHVkaW5nIHRoZTxiciBjbGFzcz0iIj4NCiZuYnNwOyZuYnNwO0Jhc2Ug SGVhZGVyLCB0aGUgU2VydmljZSBQYXRoIEhlYWRlciwgdGhlIEZpeGVkIExlbmd0aCBDb250ZXh0 IEhlYWRlcjxiciBjbGFzcz0iIj4NCiZuYnNwOyZuYnNwO29yIFZhcmlhYmxlIExlbmd0aCBDb250 ZXh0IEhlYWRlcihzKS4gJm5ic3A7VGhlIGxlbmd0aCBNVVNUIGJlIDB4NiBmb3IgTUQ8YnIgY2xh c3M9IiI+DQombmJzcDsmbmJzcDtUeXBlIGVxdWFsIHRvIDB4MSwgYW5kIE1VU1QgYmUgMHgyIG9y IGdyZWF0ZXIgZm9yIE1EIFR5cGUgZXF1YWwgdG88YnIgY2xhc3M9IiI+DQombmJzcDsmbmJzcDsw eDIuICZuYnNwO1RoZSBsZW5ndGggb2YgdGhlIE5TSCBoZWFkZXIgTVVTVCBiZSBhbiBpbnRlZ2Vy IG11bHRpcGxlIG9mIDQ8YnIgY2xhc3M9IiI+DQombmJzcDsmbmJzcDtieXRlcywgdGh1cyB2YXJp YWJsZSBsZW5ndGggbWV0YWRhdGEgaXMgYWx3YXlzIHBhZGRlZCBvdXQgdG8gYTxiciBjbGFzcz0i Ij4NCiZuYnNwOyZuYnNwO211bHRpcGxlIG9mIDQgYnl0ZXMuPGJyIGNsYXNzPSIiPg0KPGJyIGNs YXNzPSIiPg0KTGFja2luZyBzb21lIHRpbWUgYmVmb3JlIHRoZSB0ZWxlY2hhdCwgYnV0IG5vdCB3 b3J0aCBkZWZlcnJpbmcgKHRoZXJlIGFyZTxiciBjbGFzcz0iIj4NCmVub3VnaCBESVNDVVNTJyku IEZZSSwgSSBhcnJpdmVkIGF0IHNlY3Rpb24gNS48YnIgY2xhc3M9IiI+DQo8YnIgY2xhc3M9IiI+ DQo8YnIgY2xhc3M9IiI+DQpfX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f X19fX19fXzxiciBjbGFzcz0iIj4NCnNmYyBtYWlsaW5nIGxpc3Q8YnIgY2xhc3M9IiI+DQo8YSBo cmVmPSJtYWlsdG86c2ZjQGlldGYub3JnIiBjbGFzcz0iIj5zZmNAaWV0Zi5vcmc8L2E+PGJyIGNs YXNzPSIiPg0KPGEgaHJlZj0iaHR0cHM6Ly93d3cuaWV0Zi5vcmcvbWFpbG1hbi9saXN0aW5mby9z ZmMiIGNsYXNzPSIiPmh0dHBzOi8vd3d3LmlldGYub3JnL21haWxtYW4vbGlzdGluZm8vc2ZjPC9h PjxiciBjbGFzcz0iIj4NCjwvYmxvY2txdW90ZT4NCjwvZGl2Pg0KPC9kaXY+DQo8L2Jsb2NrcXVv dGU+DQo8YnIgY2xhc3M9IiI+DQo8L2Rpdj4NCjxkaXY+VGhhbmtzITwvZGl2Pg0KPGRpdj48YnIg Y2xhc3M9IiI+DQo8L2Rpdj4NCjxkaXY+Q2FybG9zLjwvZGl2Pg0KPGJyIGNsYXNzPSIiPg0KPC9k aXY+DQo8L2JvZHk+DQo8L2h0bWw+DQo= --_000_A090BB19ECCE40F9AFF3F152F3AB2909ciscocom_-- From nobody Thu Sep 28 12:42:46 2017 Return-Path: X-Original-To: sfc@ietf.org Delivered-To: sfc@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 4CE571348BF; Thu, 28 Sep 2017 12:42:44 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: Christian Huitema To: Cc: ietf@ietf.org, sfc@ietf.org, draft-ietf-sfc-nsh.all@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 6.63.0 Auto-Submitted: auto-generated Precedence: bulk Message-ID: <150662776428.27730.5006539542253170142@ietfa.amsl.com> Date: Thu, 28 Sep 2017 12:42:44 -0700 Archived-At: Subject: [sfc] Secdir telechat review of draft-ietf-sfc-nsh-25 X-BeenThere: sfc@ietf.org X-Mailman-Version: 2.1.22 List-Id: Network Service Chaining List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 Sep 2017 19:42:44 -0000 Reviewer: Christian Huitema Review result: Serious Issues I have already reviewed previous iterations of this draft (18) and sent comments on the mailing lists about revisions 20 to 24. The draft has significantly improved through the revisions, but I still have concerns. First, it should be clear that standardizing addition of metadata to packet headers is, from a privacy standpoint, playing with fire. I understand that many ISP believe that they need to accumulate and use metadata in order to compete with the large scale tracking performed by some web companies. This existing competition may well be driving a race to the privacy bottom. Regardless, the minimum these ISP can do is ensure that the privacy sensitive metadata that they collect is well protected. Collecting metadata is bad enough; letting hackers access it would be disastrous, as shown in the Equifax breach. I would like to see a stronger recognition in the security consideration that this is indeed playing with fire. I am also concerned that when writing the security considerations the authors may be playing with words. Frankly, I do not believe that the data will be magically protected because they are only transported in a single administrative domain. As Randy Bush pointed out in an email comment, some of the service functions are already provided "in the cloud" by third party contractors to the ISP. This means that in practice, the data will probably not be confined to a single provider domain. In the email, I listed three threats: * Whether ISP believe it or not, their links will be snooped by third parties. We have to assume that adversaries will have access to some of the transmission equipment, even inside the perimeter. * We also have to assume that persistent attackers will be able to compromise some of the devices hosting some of the functions. * And we have to assume that some third party providers will re-purpose the metadata that they obtain through various contracts. What worries me is not so much the inadequacies of the defenses proposed in the security section as the absence of emphasis on the need to actually deploy these defenses. Everything seems to be optional, left to the good will of the ISP. Experience shows that in these conditions deployments use the most convenient setup, clear text transmission with little defense in depth. The security section ends up being so much empty talk designed to placate security reviewers, playing with words for security without recognizing that standardizing metadata collection is playing with fire. From nobody Thu Sep 28 12:54:28 2017 Return-Path: X-Original-To: sfc@ietfa.amsl.com Delivered-To: sfc@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A70A81348D8; Thu, 28 Sep 2017 12:54:11 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.701 X-Spam-Level: X-Spam-Status: No, score=-2.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=joelhalpern.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4G9PRwxz4VZ0; Thu, 28 Sep 2017 12:54:10 -0700 (PDT) Received: from maila2.tigertech.net (maila2.tigertech.net [208.80.4.152]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 957E71348DA; Thu, 28 Sep 2017 12:54:10 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by maila2.tigertech.net (Postfix) with ESMTP id 774972403A9; Thu, 28 Sep 2017 12:54:10 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=joelhalpern.com; s=1.tigertech; t=1506628450; bh=vM0VH/6ZxZ+gham858MgDJ0vtgKj7XvG9Fzv1fIatgU=; h=Subject:To:Cc:References:From:Date:In-Reply-To:From; b=DM340mx04j9aoOeIqdWORugDjUp0BJECypCXISgLsKI320f0eUspaiQEXUsIvZHfX 9gATpjx56mtQFW39gYi1juatY8YzwxzeglfeI/ncP8DW7CCSufcj07Wu5/UQXANrd9 EdR7t80gRvo7mXu/zkg82Z++9Lmf6vfmjgiHcufI= X-Virus-Scanned: Debian amavisd-new at maila2.tigertech.net Received: from Joels-MacBook-Pro.local (unknown [50.225.209.67]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by maila2.tigertech.net (Postfix) with ESMTPSA id A8A87240E7D; Thu, 28 Sep 2017 12:54:09 -0700 (PDT) To: Christian Huitema , secdir@ietf.org Cc: ietf@ietf.org, sfc@ietf.org, draft-ietf-sfc-nsh.all@ietf.org References: <150662776428.27730.5006539542253170142@ietfa.amsl.com> From: "Joel M. Halpern" Message-ID: Date: Thu, 28 Sep 2017 15:54:08 -0400 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:52.0) Gecko/20100101 Thunderbird/52.3.0 MIME-Version: 1.0 In-Reply-To: <150662776428.27730.5006539542253170142@ietfa.amsl.com> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit Archived-At: Subject: Re: [sfc] Secdir telechat review of draft-ietf-sfc-nsh-25 - motivation X-BeenThere: sfc@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Network Service Chaining List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 Sep 2017 19:54:12 -0000 We really need to separate issues here. The first part of your note talks about the need for metadata. You assert that this is related to a need to compete with large scale tracking. While I can not prohibit that use, that is NOT the problem that drives this work. Rather, the whole point is to support separating the currently monolithic service platofrms into component services that can be combined both to deliver existing services, and to deliver new service combinations. To do that, the existing internal methods for passing data within a service delivery monolith have to be replaced with an external, interoperable, method for doing this. My employer would be very happy if the operators would give up on this and go back to buying our nice, high reliability, high price, intgrated service platforms. But that is not what the operators are asking us to provide. Yours, Joel On 9/28/17 3:42 PM, Christian Huitema wrote: > Reviewer: Christian Huitema > Review result: Serious Issues > > I have already reviewed previous iterations of this draft (18) and sent > comments on the mailing lists about revisions 20 to 24. The draft has > significantly improved through the revisions, but I still have concerns. > > First, it should be clear that standardizing addition of metadata to packet > headers is, from a privacy standpoint, playing with fire. I understand that > many ISP believe that they need to accumulate and use metadata in order to > compete with the large scale tracking performed by some web companies. This > existing competition may well be driving a race to the privacy bottom. > Regardless, the minimum these ISP can do is ensure that the privacy sensitive > metadata that they collect is well protected. Collecting metadata is bad > enough; letting hackers access it would be disastrous, as shown in the Equifax > breach. I would like to see a stronger recognition in the security > consideration that this is indeed playing with fire. > > I am also concerned that when writing the security considerations the authors > may be playing with words. Frankly, I do not believe that the data will be > magically protected because they are only transported in a single > administrative domain. As Randy Bush pointed out in an email comment, some of > the service functions are already provided "in the cloud" by third party > contractors to the ISP. This means that in practice, the data will probably not > be confined to a single provider domain. In the email, I listed three threats: > > * Whether ISP believe it or not, their links will be snooped by third parties. > We have to assume that adversaries will have access to some of the transmission > equipment, even inside the perimeter. > > * We also have to assume that persistent attackers will be able to compromise > some of the devices hosting some of the functions. > > * And we have to assume that some third party providers will re-purpose the > metadata that they obtain through various contracts. > > What worries me is not so much the inadequacies of the defenses proposed in the > security section as the absence of emphasis on the need to actually deploy > these defenses. Everything seems to be optional, left to the good will of the > ISP. Experience shows that in these conditions deployments use the most > convenient setup, clear text transmission with little defense in depth. The > security section ends up being so much empty talk designed to placate security > reviewers, playing with words for security without recognizing that > standardizing metadata collection is playing with fire. > > From nobody Fri Sep 29 03:27:00 2017 Return-Path: X-Original-To: sfc@ietfa.amsl.com Delivered-To: sfc@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8FB2C132320; Fri, 29 Sep 2017 03:26:42 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.62 X-Spam-Level: X-Spam-Status: No, score=-2.62 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XpHMNCkR2xRf; Fri, 29 Sep 2017 03:26:40 -0700 (PDT) Received: from asmtp5.iomartmail.com (asmtp5.iomartmail.com [62.128.201.176]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DF3E81321AC; Fri, 29 Sep 2017 03:26:39 -0700 (PDT) Received: from asmtp5.iomartmail.com (localhost.localdomain [127.0.0.1]) by asmtp5.iomartmail.com (8.13.8/8.13.8) with ESMTP id v8TAQVxC016263; Fri, 29 Sep 2017 11:26:31 +0100 Received: from 950129200 (218.122.115.87.dyn.plus.net [87.115.122.218]) (authenticated bits=0) by asmtp5.iomartmail.com (8.13.8/8.13.8) with ESMTP id v8TAQTC7016179 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 29 Sep 2017 11:26:30 +0100 Reply-To: From: "Adrian Farrel" To: "'Joel M. Halpern'" , "'Christian Huitema'" , Cc: , , References: <150662776428.27730.5006539542253170142@ietfa.amsl.com> In-Reply-To: Date: Fri, 29 Sep 2017 11:26:28 +0100 Message-ID: <033901d3390d$6a2cb7f0$3e8627d0$@olddog.co.uk> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-Mailer: Microsoft Outlook 14.0 Thread-Index: AQEliXjbI2Or5xvxRW3pzDGXGuSGJQJ/HwKupBMHgCA= Content-Language: en-gb X-TM-AS-MML: disable X-TM-AS-Product-Ver: IMSS-7.1.0.1679-8.1.0.1062-23358.006 X-TM-AS-Result: No--25.503-10.0-31-10 X-imss-scan-details: No--25.503-10.0-31-10 X-TMASE-MatchedRID: yebcs53SkkDMy6K24fisq0hEDfw/93BuYY0tNGdvli0ok+CLr2yyHGWg neUNsDqfl9FGugbqhB+zgMdZAMYlv08M9+aj5+3H+nWmWoRu6rEgzzoB6jqxgm3D6f6IpbLIq62 QoUap3IzoZBOhqhwyeEpO4zY8xTkRDMsCHReYlpBMcRwauwQkhIEcpMn6x9cZsVuGFxbE1A6W2J /NBggRJ5al1tG82W7b+wwsO0n+qSdpWmHn0ExnMuw8wbnnSw8blWXxvHK+rV7AOWCpvHcDOllBc zgblE9g2uR6RTfmd0El9+c89RK6DXMDoDWfAPKp1x307doliZsdo1DHlpWEea2/0wkFK1ccwdw0 ue2zGY2DywicQlwuFvuAJw2mWvNG8M+w5/vTMr3x5KZMlKYS/VHewY36PuY0ZutDqLozDshhXhA zuI3Nbt1LKh2WUgi4DZA4FyFICjp6ONMGRUQaGdjko+KiQPUGGSqdEmeD/nUPDqagyTbYYiVk0L E6h2m8CcoPHfTHqMK92pmHMjx8cQ9cNo8YWq5F7VfaTNztInId7wYwkPJ/mmeFbHzvVjbCMnadw j0BvkXTHbRm0pa0Vf1rZRkAcw2A1rPLmbp+RdYmtTGirqG/D34yToAKzDgm0mrr/YUV0CRHL8s9 F1wPzSoLoTJhxWiGu8diuhZv0fmLCOzKtNU0/gRH1Nr7oERdMaP9SSz/VBl5DaK0/x3HRgudF+v yDezAj7tE2dXz/ucCNjoa5H5Ln6Yy2qfD59i7MN+B8zdlz9F+S5m2/8VLmoKwF4K/wIz9fgzZAg JekePARBQVz0Nb6jU0orL4znuBo+y/iI95Xc2eAiCmPx4NwFkMvWAuahr8+gD2vYtOFhgqtq5d3 cxkNQP90fJP9eHt Archived-At: Subject: Re: [sfc] Secdir telechat review of draft-ietf-sfc-nsh-25 - motivation X-BeenThere: sfc@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Network Service Chaining List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 29 Sep 2017 10:26:43 -0000 Maybe to expand on Joel's point about "metadata". There has (of course) been a lot of discussion of metadata in the = context of end-user privacy. I think that has left many people with a = specific understanding of "metadata", but as Joel says this is not the = intention in this case. That said, the description of metadata in this document and in RFC 7665 = is perhaps a little vague. 7665 has... Metadata: Provides the ability to exchange context information between classifiers and SFs, and among SFs. ...from which we might deduce that metadata does two things: 1. Provide a channel for communication between SFC entities for them to = synchronize state/actions related to traffic that follows a specific = service function chain. 2. Carry information related to a specific packet that has been = extracted or derived from that packet (for example, a hash) by an SFC = entity that save subsequent SFC entities from having to derive the same = information (thus allowing the subsequent SFC entities to be dumber or = less CPU-rich). 7665 also says... One use of metadata is to provide and share the result of classification (that occurs within the SFC-enabled domain, or external to it) along an SFP. For example, an external repository might provide user/subscriber information to a service chain classifier. This classifier could in turn impose that information in the SFC encapsulation for delivery to the requisite SFs. The SFs could in turn utilize the user/subscriber information for local policy decisions. Metadata can also share SF output along the SFP. ...which may help explaining the intention. Personally, I think that tightening the description and scope of = metadata might be a way to help address Christian's concerns. At the = moment the scope seems to be left wilfully open to allow freedom of = choice for future use cases: that seems to me to be dangerously = open-ended. Cheers, Adrian > -----Original Message----- > From: ietf [mailto:ietf-bounces@ietf.org] On Behalf Of Joel M. Halpern > Sent: 28 September 2017 20:54 > To: Christian Huitema; secdir@ietf.org > Cc: ietf@ietf.org; sfc@ietf.org; draft-ietf-sfc-nsh.all@ietf.org > Subject: Re: Secdir telechat review of draft-ietf-sfc-nsh-25 - = motivation >=20 > We really need to separate issues here. >=20 > The first part of your note talks about the need for metadata. You > assert that this is related to a need to compete with large scale > tracking. While I can not prohibit that use, that is NOT the problem > that drives this work. > Rather, the whole point is to support separating the currently > monolithic service platofrms into component services that can be > combined both to deliver existing services, and to deliver new service > combinations. To do that, the existing internal methods for passing > data within a service delivery monolith have to be replaced with an > external, interoperable, method for doing this. > My employer would be very happy if the operators would give up on this > and go back to buying our nice, high reliability, high price, = intgrated > service platforms. But that is not what the operators are asking us > to provide. >=20 > Yours, > Joel >=20 > On 9/28/17 3:42 PM, Christian Huitema wrote: > > Reviewer: Christian Huitema > > Review result: Serious Issues > > > > I have already reviewed previous iterations of this draft (18) and = sent > > comments on the mailing lists about revisions 20 to 24. The draft = has > > significantly improved through the revisions, but I still have = concerns. > > > > First, it should be clear that standardizing addition of metadata to = packet > > headers is, from a privacy standpoint, playing with fire. I = understand that > > many ISP believe that they need to accumulate and use metadata in = order to > > compete with the large scale tracking performed by some web = companies. This > > existing competition may well be driving a race to the privacy = bottom. > > Regardless, the minimum these ISP can do is ensure that the privacy = sensitive > > metadata that they collect is well protected. Collecting metadata is = bad > > enough; letting hackers access it would be disastrous, as shown in = the Equifax > > breach. I would like to see a stronger recognition in the security > > consideration that this is indeed playing with fire. > > > > I am also concerned that when writing the security considerations = the authors > > may be playing with words. Frankly, I do not believe that the data = will be > > magically protected because they are only transported in a single > > administrative domain. As Randy Bush pointed out in an email = comment, some > of > > the service functions are already provided "in the cloud" by third = party > > contractors to the ISP. This means that in practice, the data will = probably not > > be confined to a single provider domain. In the email, I listed = three threats: > > > > * Whether ISP believe it or not, their links will be snooped by = third parties. > > We have to assume that adversaries will have access to some of the > transmission > > equipment, even inside the perimeter. > > > > * We also have to assume that persistent attackers will be able to = compromise > > some of the devices hosting some of the functions. > > > > * And we have to assume that some third party providers will = re-purpose the > > metadata that they obtain through various contracts. > > > > What worries me is not so much the inadequacies of the defenses = proposed in > the > > security section as the absence of emphasis on the need to actually = deploy > > these defenses. Everything seems to be optional, left to the good = will of the > > ISP. Experience shows that in these conditions deployments use the = most > > convenient setup, clear text transmission with little defense in = depth. The > > security section ends up being so much empty talk designed to = placate security > > reviewers, playing with words for security without recognizing that > > standardizing metadata collection is playing with fire. > > > > From nobody Fri Sep 29 13:43:33 2017 Return-Path: X-Original-To: sfc@ietfa.amsl.com Delivered-To: sfc@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 61B981342ED; Fri, 29 Sep 2017 13:43:27 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.88 X-Spam-Level: X-Spam-Status: No, score=-1.88 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, T_SPF_HELO_PERMERROR=0.01, T_SPF_PERMERROR=0.01] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id StxGiAEuZJrv; Fri, 29 Sep 2017 13:43:19 -0700 (PDT) Received: from nostrum.com (raven-v6.nostrum.com [IPv6:2001:470:d:1130::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8B6CF124B18; Fri, 29 Sep 2017 13:43:19 -0700 (PDT) Received: from [10.0.1.82] (cpe-66-25-7-22.tx.res.rr.com [66.25.7.22]) (authenticated bits=0) by nostrum.com (8.15.2/8.15.2) with ESMTPSA id v8TKhGfF049400 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO); Fri, 29 Sep 2017 15:43:17 -0500 (CDT) (envelope-from ben@nostrum.com) X-Authentication-Warning: raven.nostrum.com: Host cpe-66-25-7-22.tx.res.rr.com [66.25.7.22] claimed to be [10.0.1.82] From: Ben Campbell Message-Id: <2D7C2C05-161E-40AC-8029-E04552B4B07C@nostrum.com> Content-Type: multipart/signed; boundary="Apple-Mail=_E1CD68D3-D509-4A50-A106-1AE90BE5A2C3"; protocol="application/pgp-signature"; micalg=pgp-sha512 Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\)) Date: Fri, 29 Sep 2017 15:43:17 -0500 In-Reply-To: <787AE7BB302AE849A7480A190F8B93300A04B418@OPEXCLILMA3.corporate.adroot.infra.ftgroup> Cc: "Joel M. Halpern" , "draft-ietf-sfc-nsh@ietf.org" , "sfc-chairs@ietf.org" , The IESG , "sfc@ietf.org" To: mohamed.boucadair@orange.com References: <150656415366.13695.13637551894724173929.idtracker@ietfa.amsl.com> <393cb3d3-687f-f092-435c-b95f207236cd@joelhalpern.com> <787AE7BB302AE849A7480A190F8B93300A04B418@OPEXCLILMA3.corporate.adroot.infra.ftgroup> X-Mailer: Apple Mail (2.3273) Archived-At: Subject: Re: [sfc] Ben Campbell's No Objection on draft-ietf-sfc-nsh-24: (with COMMENT) - Encrypted content X-BeenThere: sfc@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Network Service Chaining List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 29 Sep 2017 20:43:27 -0000 --Apple-Mail=_E1CD68D3-D509-4A50-A106-1AE90BE5A2C3 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 To be clear, I am not asking for the NSH to comply with the advice in = 8165. I am asking it to acknowledge that advice, and say how that advice = applies. If the answer is =E2=80=9Cit doesn=E2=80=99t apply = because...=E2=80=9D, that=E2=80=99s fine. But I think it=E2=80=99s a = problem for this draft to ignore that advice entirely. Here=E2=80=99s an example of some potential text to add to the security = considerations section, or even better, a privacy considerations = section. (I=E2=80=99m not saying this is correct=E2=80=94it=E2=80=99s = just an example of what I have in mind.) =E2=80=9C The NSH provides a mechanism for network elements to attach = metadata to user data flows. [RFC 8165] describes some risks and advice = related to metadata insertion by middleboxes. The advice to limit such = metadata to that included by the end-system is not feasible for SFC = because [reasons]. The impact of the metadata is somewhat mitigated by = the limitation of the NSH to a single operator environment, since such = an operator can be assumed to already have access to the inserted = information. However, implementors and operators should be aware that metadata often = has privacy implications, and those implications are sometimes hard to = predict. Therefore attached metadata should be limited to that necessary = for correct operation of the SFP. =E2=80=9C Thanks! Ben. > On Sep 28, 2017, at 1:24 AM, mohamed.boucadair@orange.com wrote: >=20 > Dear Ben, >=20 > With regards to your comments vs. RFC8165, I don't see how the advice = in 8165 can be followed here. >=20 > I have raised the specifics of service chaining during the IETF LC of = draft-hardie (8165): you can check at = https://www.ietf.org/mail-archive/web/ietf/current/msg100909.html = (search for "service function chaining"). >=20 > Cheers, > Med >=20 >> -----Message d'origine----- >> De : sfc [mailto:sfc-bounces@ietf.org] De la part de Ben Campbell >> Envoy=C3=A9 : jeudi 28 septembre 2017 06:15 >> =C3=80 : Joel M. Halpern >> Cc : draft-ietf-sfc-nsh@ietf.org; sfc-chairs@ietf.org; The IESG; >> sfc@ietf.org >> Objet : Re: [sfc] Ben Campbell's No Objection on = draft-ietf-sfc-nsh-24: >> (with COMMENT) - Encrypted content >>=20 >> Hi Joel, >>=20 >> On reflection, the =E2=80=9Cencrypted payload=E2=80=9D part may be a = red herring. Let me >> generalize that to =E2=80=9Cwithheld information=E2=80=9D. As you = mention, the metadata >> marks what the operator wants to know about a packet, but that may >> sometimes conflict with what the user doesn=E2=80=99t want to them to = know. Here=E2=80=99s >> an example: >>=20 >> Lets consider an end user that doesn't want to be tracked for = advertising >> purposes. They block certain tracking cookies and anything else that = shows >> continuity of identity to web servers. But as you mention, the = operator >> needs or wants to know the subscriber ID, so the classifier adds that = to >> the NSH.. The terminal element in the chain happens to be a web = service >> that uses the NSH contents to track the user for advertising = purposes. You >> may recall a controversy a while back about a major operator doing >> something similar using HTTP header enrichment. >>=20 >> I think the answer to this for this particular case is that the NSH = is >> assumed not to go outside a single administrative domain, and that = all >> elements in the same domain can be assumed to have access to the same >> information. That is, the NSH is just a convenient way to transfer >> metadata they could pass in other ways. While the user may not be = consoled >> by the fact that the web service tracking them belongs to the same = company >> as their access network, the use of the NSH doesn=E2=80=99t add an = issue that >> couldn=E2=80=99t already exist. (This suggests that the idea of a = single operator >> environment may be considerably more complex that the draft makes it >> sound, but I don=E2=80=99t see much to do about that.) >>=20 >> So I guess what I am asking for is some text that recognizes that = users >> have an interest in metadata minimization, and some suggestion that >> operators keep that in mind, and not add metadata beyond the minimum >> needed to make the SFP function correctly. >>=20 >> (To bring encryption back into the picture, one can probably = construct >> similar cases involving VPNs=E2=80=94for example services that add = the original >> source IP address as metadata to a VPN flow.) >>=20 >> Thanks! >>=20 >> Ben. >>=20 >>> On Sep 27, 2017, at 9:45 PM, Joel M. Halpern >> wrote: >>>=20 >>> Ben, I am really not clear on what to do with your comment about >> encrypted content. >>>=20 >>> Nothing in this work enables or promotes operators breaking = encryption >> (an earlier version had a line that incorrectly suggested such.) >>> The metadata is used to mark what the operator wants to know about = the >> packet. Even for encrypted content, the operator may need to knwo = the >> ssubscriber ID. For encrypted content, the operator might (or might = not) >> choose to put metadata indicating the the content is uninterpretable = (if >> he decides it is uninterpretable.) Clearly, he can not put on = infomration >> about the encrypted information, as he does not see that. >>> I can not figure out where we would say something like that, or why = we >> would say it. >>>=20 >>> Yours, >>> Joel >>>=20 >>> On 9/27/17 10:02 PM, Ben Campbell wrote: >>>> Ben Campbell has entered the following ballot position for >>>> draft-ietf-sfc-nsh-24: No Objection >>>> When responding, please keep the subject line intact and reply to = all >>>> email addresses included in the To and CC lines. (Feel free to cut = this >>>> introductory paragraph, however.) >>>> Please refer to https://www.ietf.org/iesg/statement/discuss- >> criteria.html >>>> for more information about IESG DISCUSS and COMMENT positions. >>>> The document, along with other ballot positions, can be found here: >>>> https://datatracker.ietf.org/doc/draft-ietf-sfc-nsh/ >>>> = ---------------------------------------------------------------------- >>>> COMMENT: >>>> = ---------------------------------------------------------------------- >>>> Substantive: >>>> - General: This is a mechanism to add metadata to user flows. There = is >> very >>>> little discussion about how that metadata may relate to the = application >> layer >>>> payloads. It's likely that some of those payloads will be encrypted = by >> the user >>>> in an attempt to control what information is shared with = middleboxes. >> I'd like >>>> to see some discussion about how this relates to the guidance in = RFC >> 8165. >>>> (Note: I am on the fence about whether this should be a DISCUSS. = But >> since "on >>>> the fence" is probably insufficient grounds for a DISCUSS, I'm = leaving >> it as a >>>> comment.) >>>> - General: I support Kathleen's DISCUSS points concerning integrity >> protection. >>>> The document leaves that up to the transporting protocol. I think = it's >>>> reasonable to recommend that that protocol at least default to >> providing >>>> integrity protection unless there's a good reason not to. >>>> -2.2, "version": How is the version field to be used by consumers? = That >> is, >>>> what should a recipient do if the field contains a version number = it >> doesn't >>>> support/recognize? >>>> -2.2, MD type 0x0: "Implementations SHOULD silently >>>> discard packets with MD Type 0x0." >>>> Why not MUST? >>>> -- MD type 0xF: "Implementations not explicitly configured to be = part >> of >>>> an experiment SHOULD silently discard packets with MD Type 0xF." >>>> Why not MUST? >>>> -2.2, Next Protocol Values: >>>> Why are there 2 experimental values? (as opposed to 1, or, well, = 3). >>>> -2.3, last paragraph (and several other places): >>>> This draft seems to take a position that a failed SFP means the = service >> level >>>> flow fails. Are there no use cases where delivery of the service = flow >> is >>>> critical and should happen even if the chain of middleboxes fails? >>>> -2.4, paragraph starting with "An SFC-aware SF MUST receive the = data >>>> semantics..." I'm not sure what the intent of this paragraph is. Is >> that MUST >>>> really a statement of fact? Or is there really and expectation of = an >>>> out-of-band delivery of some semantic definition? >>>> -3, list item 1: "A service classifier MUST insert an NSH at the = start >> of an >>>> SFP." What if an initial classifier receives a packet that already = has >> an NSH? >>>> Can multiple NSHs be stacked? >>>> -7.1, last paragraph: "Depending on the information carried in the >> metadata, >>>> data privacy >>>> considerations may need to be considered. " >>>> "may need to be considered" is weak sauce. Data privacy always = needs to >> be >>>> considered, even if the _output_ of that consideration is that = there is >> nothing >>>> sensitive being carried. Please consider dropping the "may". >>>> Also, this seems like an odd place to bury a privacy discussion. = Please >>>> consider moving this to a "Privacy Considerations" section. >>>> -8, first paragraph: >>>> It seems like insider attacks are worth at least a mention when >> discussing a >>>> single operator environment as a mitigator against attacks. >>>> -8.1, 2nd paragraph: >>>> This doesn't seem like a single operator scenario, in the sense = that >> part of >>>> the flow crosses a network that is not controlled by that operator. >>>> -8.3, 4th paragraph: Please elaborate on what is meant by = "obfuscating" >>>> subscriber identifying information (as opposed to "encrypting" or >> "leaving it >>>> out in the first place".) >>>> Editorial: >>>> -2.2, "O bit", last paragraph: "The configurable parameter MUST be >>>> disabled by default." >>>> Does "disabled" mean "unset" (or "set to zero")? >>>> -2.2, "unassigned bits": "At reception, all >>>> elements MUST NOT modify their actions based on these unknown = bits." >>>> Isn't that MUST NOT just a restatement of the "MUST ignore" from = the >> previous >>>> sentence? There's no problem with reinforcing a point, but there >> shouldn't be >>>> multiple instances of the same 2119 requirement. Also, would = logging a >> warning >>>> violate the "MUST NOT modify their actions/MUST ignore" = requirement? >>>> -8, first paragraph: "NSH is designed for use within operator >> environments." >>>> Is there a missing "single" before "operator"? >=20 --Apple-Mail=_E1CD68D3-D509-4A50-A106-1AE90BE5A2C3 Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQIcBAEBCgAGBQJZzrBlAAoJEIBWSmyV89QNeUAP/2tCl2LQNPVQO+rmcp79nbGU I5RABvBSMy13bM4do1ZatHgNlJfwvoRv6DnJiJOPXPlMrDL07Y8LnASH+z4Xwx/a e+OFQtL0xoJFXYCqzbxrRIyf8q+L45dsxCW9NcCIPapfyng10+9wjAN4jPMDCtPP krzgENyjPRqeJLPvbhAC35iZU6Os1JHKVDPqWZEpmUy30NVpLWSWovit0ejgDRQ+ xtvD/KOv6cZkgiEoYHvSxUDFe6rNci2E8x+2QiqfNo/zJQ4Ep49Zv9bYLjka5V/j WTN23X5791ME20X1sjjPuMtxKS3TQBzLFrtoApsLarfWLtOejlKdljMIfrtUxS4o FWyuHdpCLZeigetuDNpcqZdc8Rnwe5iaQAnakCOWmyV5zaduqOUDXRY3fAoNhEGU /Jj0IdQN5RwPKK+jKCaoSlMu7PPSeTHHZJjOs9W1+SF6/x7g7caJaK9qp+ULD2wq wF13u27KG9mZm33sq2MMPMpbF6Lj9YCZP02a/hbgfP0JzX+r7k/1viZmzNKLEDWV WyjGX9J20u+O2Oy8lV7+FnecRrMdwZDy7Uk6eXu3fahkWAumDmmEquPzC8NuHGle lmH72lRTSpVAXy2ypM36fuv1pYVnEREJLW+c9d7i+JPj08LDm8h5146L4gFMFd8N VCWVEFrqArdDiD/gVp4I =eNUi -----END PGP SIGNATURE----- --Apple-Mail=_E1CD68D3-D509-4A50-A106-1AE90BE5A2C3-- From nobody Fri Sep 29 14:02:58 2017 Return-Path: X-Original-To: sfc@ietfa.amsl.com Delivered-To: sfc@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A5F6A1342F1; Fri, 29 Sep 2017 14:02:56 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.88 X-Spam-Level: X-Spam-Status: No, score=-1.88 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, T_SPF_HELO_PERMERROR=0.01, T_SPF_PERMERROR=0.01] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rSCD8F7P5v4s; Fri, 29 Sep 2017 14:02:55 -0700 (PDT) Received: from nostrum.com (raven-v6.nostrum.com [IPv6:2001:470:d:1130::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5A6BF1331F5; Fri, 29 Sep 2017 14:02:55 -0700 (PDT) Received: from [10.0.1.82] (cpe-66-25-7-22.tx.res.rr.com [66.25.7.22]) (authenticated bits=0) by nostrum.com (8.15.2/8.15.2) with ESMTPSA id v8TL2qux052864 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO); Fri, 29 Sep 2017 16:02:53 -0500 (CDT) (envelope-from ben@nostrum.com) X-Authentication-Warning: raven.nostrum.com: Host cpe-66-25-7-22.tx.res.rr.com [66.25.7.22] claimed to be [10.0.1.82] From: Ben Campbell Message-Id: Content-Type: multipart/signed; boundary="Apple-Mail=_58D268B9-2254-4690-8064-23F97936BD71"; protocol="application/pgp-signature"; micalg=pgp-sha512 Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\)) Date: Fri, 29 Sep 2017 16:02:48 -0500 In-Reply-To: <41E4256A-C77E-4693-AB3C-798ADE7346EC@cisco.com> Cc: The IESG , "draft-ietf-sfc-nsh@ietf.org" , "Joel M. Halpern" , "sfc-chairs@ietf.org" , "sfc@ietf.org" To: "Carlos Pignataro (cpignata)" References: <150656415366.13695.13637551894724173929.idtracker@ietfa.amsl.com> <41E4256A-C77E-4693-AB3C-798ADE7346EC@cisco.com> X-Mailer: Apple Mail (2.3273) Archived-At: Subject: Re: [sfc] Ben Campbell's No Objection on draft-ietf-sfc-nsh-24: (with COMMENT) X-BeenThere: sfc@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Network Service Chaining List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 29 Sep 2017 21:02:57 -0000 --Apple-Mail=_58D268B9-2254-4690-8064-23F97936BD71 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 Thanks for the response. Comments inline, with sections that do not seem = to need further discussion deleted. Ben. > On Sep 28, 2017, at 8:35 AM, Carlos Pignataro (cpignata) = wrote: >>=20 [=E2=80=A6] >=20 >>=20 >> -2.2, MD type 0x0: "Implementations SHOULD silently >> discard packets with MD Type 0x0." >> Why not MUST? >=20 > Because we do not want a hammer larger than needed. SHOULD achieves = our goal without locking the door for good, should valid reasons be = found. >=20 Do you envision situations where it might make sense to _not_ drop such = packets? If so, it would be helpful to mention that in the text. >>=20 >> -- MD type 0xF: "Implementations not explicitly configured to be part = of >> an experiment SHOULD silently discard packets with MD Type 0xF." >> Why not MUST? >=20 > Ditto. Also ditto :-) >=20 >>=20 >> -2.2, Next Protocol Values: >> Why are there 2 experimental values? (as opposed to 1, or, well, 3). >=20 > No particular reason. One seems not enough potentially for creative = experimentation. >=20 > My favorite number is 27, but we felt that was too many :-) Okay :-) >=20 >>=20 >> -2.3, last paragraph (and several other places): >> This draft seems to take a position that a failed SFP means the = service level >> flow fails. Are there no use cases where delivery of the service flow = is >> critical and should happen even if the chain of middleboxes fails? >=20 > The issue is that with SI=3D0 there is no next SF to deliver. Maybe there=E2=80=99s no next SF, but one assumes the encapsulated = packet is addressed to an end-system of some sort, which may or may not = be part of the SFP? Are there never situations where it would make sense = to give up on the SFP but still route the content to its destination? >=20 >>=20 >> -2.4, paragraph starting with "An SFC-aware SF MUST receive the data >> semantics..." I'm not sure what the intent of this paragraph is. Is = that MUST >> really a statement of fact? Or is there really and expectation of an >> out-of-band delivery of some semantic definition? >>=20 >=20 > There is the expectation of control plane download of it upon SFP = programming. I guess my question is, are you stating a normative requirement, or just = acknowledging the fact that the receiving SF must know the semantics to = do anything useful with the NSH? [=E2=80=A6] >> -7.1, last paragraph: "Depending on the information carried in the = metadata, >> data privacy >> considerations may need to be considered. " >> "may need to be considered" is weak sauce. Data privacy always needs = to be >> considered, even if the _output_ of that consideration is that there = is nothing >> sensitive being carried. Please consider dropping the "may=E2=80=9D. >=20 > We could drop it. However, there are very valid cases of SFC with NO = metadata, and then the consideration is NULL. That=E2=80=99s the reason, = no MD, no consideration. =46rom the first sentence, it doesn=E2=80=99t seem like this text is = talking about a null metadata case. But I think perhaps we are = conflating the ideas =E2=80=9Cprivacy consideration=E2=80=9D and = =E2=80=9Cprivacy impact=E2=80=9D. A =E2=80=9Cconsideration=E2=80=9D is = something that implementors/operators needs to think about. The results = of such thought might be that the specific metadata has no impact on = privacy. [=E2=80=A6] >=20 >> -8.1, 2nd paragraph: >> This doesn't seem like a single operator scenario, in the sense that = part of >> the flow crosses a network that is not controlled by that operator. >>=20 >=20 > Why not? It is very common to connect two parts of an operation with = tunnels of various kinds. Yes, but those tunnels cross outside of the administrative domain. I = recognize that it is common to do that. Maybe it is worth mentioning = that crossing a third party network _without_ such encapsulation is out = of scope? [=E2=80=A6] >=20 >>=20 >> Editorial: >>=20 >> -2.2, "O bit", last paragraph: "The configurable parameter MUST be >> disabled by default." >> Does "disabled" mean "unset" (or "set to zero=E2=80=9D)? >=20 > No. It means disabled. I don=E2=80=99t understand how you disable a bit. The bit is still there = and readable either way, right? >=20 >>=20 >> -2.2, "unassigned bits": "At reception, all >> elements MUST NOT modify their actions based on these unknown bits." >> Isn't that MUST NOT just a restatement of the "MUST ignore" from the = previous >> sentence? There's no problem with reinforcing a point, but there = shouldn't be >> multiple instances of the same 2119 requirement. Also, would logging = a warning >> violate the "MUST NOT modify their actions/MUST ignore" requirement? >=20 > It is slightly different. How is it different? Any comment on whether logging violate the "MUST NOT modify actions" = requirement?? [=E2=80=A6] --Apple-Mail=_58D268B9-2254-4690-8064-23F97936BD71 Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQIcBAEBCgAGBQJZzrT5AAoJEIBWSmyV89QNSykP/2QrWTXB5KYs9lXRisC7WxbY dEKsmdT6hkgksEHVuYe0H3/exLTh7VJ/4dSXPUKJwN+vTydQczUUFT8pmCCz22ax cWL1V6EFCnuie2GsmCYOqbm14dXP88I3KA6zTypt8LuW6OesNhfnyreEj7/fxhM6 5XjTKiC7b+WEmBrCLRznG0wnlAm5yxiWtMEiMHkKj1ibUBL61OKY7+AwYonJKLE/ 7Bnooo/m9QjZA57TX1h2DhWqc0/6380cwzbv3Lahoa5KnsyhMX6I0okb2Oul40Q9 mi6LjcKULgBISA+nLdH+gyrfFpoUkei0/MEoN8AhNqyB9iNndDab7Hts20V5dD70 3BTP3ooy755yTyXTZZo5OkRmiXwXMRd3Moam6v1IUewygQkP/Pc8PZ1qdUawP4cz ehzTHprkUheRA9mqkbOfTcV78uAdoPF8fX0PiaXhFGC4/JxflHC1u8p7KLVxArFo f/cmn4pWyajaCgDHvZekU2+BG6V8TGFZ7W1NT4Pnf0DLvpY7YOMGgz8GIgjwxI0h 01NHBmrSu9EnOnz04LUQaTQvbi/sy2El/hTXTznrShH1tLsVLQR1/+5ptySfos+n E0UszeKlFmtLjsK05dewqNu3Rc8sdkUnGJFkeo1mqObrJjjSRtbV7F9/hJDhmMpD sMKDuJCrDR7s4antt8BP =dQ65 -----END PGP SIGNATURE----- --Apple-Mail=_58D268B9-2254-4690-8064-23F97936BD71--