Diameter Maintenance and J. Korhonen, Ed. Extensions (DIME) TeliaSonera Internet-Draft H. Tschofenig Intended status: Standards Track Nokia Siemens Networks Expires: January 3, 2008 M. Arumaithurai University of Goettingen July 2, 2007 Quality of Service Attributes for Diameter and RADIUS draft-ietf-dime-qos-attributes-00.txt Status of this Memo By submitting this Internet-Draft, each author represents that any applicable patent or other IPR claims of which he or she is aware have been or will be disclosed, and any of which he or she becomes aware will be disclosed, in accordance with Section 6 of BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet- Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt. The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. This Internet-Draft will expire on January 3, 2008. Copyright Notice Copyright (C) The IETF Trust (2007). Abstract This document extends the functionality of the Diameter Base protocol and other Diameter applications with respect to their ability to convey Quality of Service information. The AVPs defined in this document are also available for Remote Authentication Dial In User Service (RADIUS). Korhonen, et al. Expires January 3, 2008 [Page 1] Internet-Draft QoS attributes for Diameter July 2007 Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 3. Commands, AVPs and Advertising Application Support . . . . . . 3 3.1. Command Codes . . . . . . . . . . . . . . . . . . . . . . 3 3.2. Diameter-EAP-Request (DER) . . . . . . . . . . . . . . . . 4 3.3. Diameter-EAP-Answer (DEA) . . . . . . . . . . . . . . . . 4 3.4. Credit-Control-Request (CCR) . . . . . . . . . . . . . . . 5 3.5. Credit-Control-Answer (CCA) . . . . . . . . . . . . . . . 6 3.6. AA-Request (AAR) . . . . . . . . . . . . . . . . . . . . . 7 3.7. AA-Answer (AAA) . . . . . . . . . . . . . . . . . . . . . 8 4. Diameter QoS Defined AVPs . . . . . . . . . . . . . . . . . . 9 4.1. QoS-ID AVP . . . . . . . . . . . . . . . . . . . . . . . . 9 4.2. QoS-Flow-State AVP . . . . . . . . . . . . . . . . . . . . 9 4.3. QSPEC AVP . . . . . . . . . . . . . . . . . . . . . . . . 9 4.4. QoS-Resources AVP . . . . . . . . . . . . . . . . . . . . 10 4.5. QoS-Parameter AVP . . . . . . . . . . . . . . . . . . . . 10 4.6. Extended-QoS-Filter-Rule AVP . . . . . . . . . . . . . . . 10 4.7. QoS-Capability AVP . . . . . . . . . . . . . . . . . . . . 10 4.8. QSPEC-Type AVP . . . . . . . . . . . . . . . . . . . . . . 11 5. Example . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 6. AVP Occurrence Tables . . . . . . . . . . . . . . . . . . . . 12 6.1. DER and DEA Commands AVP Table . . . . . . . . . . . . . . 12 6.2. CCR and CCA Commands AVP Table . . . . . . . . . . . . . . 13 6.3. AAR and AAA Commands AVP Table . . . . . . . . . . . . . . 13 7. Diameter RADIUS Interoperability . . . . . . . . . . . . . . . 14 8. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 14 9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 14 10. Security Considerations . . . . . . . . . . . . . . . . . . . 14 11. References . . . . . . . . . . . . . . . . . . . . . . . . . . 14 11.1. Normative References . . . . . . . . . . . . . . . . . . . 14 11.2. Informative References . . . . . . . . . . . . . . . . . . 15 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 15 Intellectual Property and Copyright Statements . . . . . . . . . . 17 Korhonen, et al. Expires January 3, 2008 [Page 2] Internet-Draft QoS attributes for Diameter July 2007 1. Introduction This document defines a number of Diameter Quality of Service (QoS) related AVPs that can be used with the Diameter Base protocol, and Diameter Credit Control, Diameter EAP and Diameter NASREQ applications to convey Quality of Service information. The Extended- QoS-Filter-Rule AVP thereby replaces the QoSFilterRule, defined in RFC 3588 [RFC3588], and the QoS-Filter-Rule, defined in RFC 4005 [RFC4005]. The AVPs defined in this document are also available for Remote Authentication Dial In User Service (RADIUS). 2. Terminology The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119 [RFC2119]. 3. Commands, AVPs and Advertising Application Support 3.1. Command Codes This document re-uses the Diameter Base protocol [RFC3588], and Diameter Credit-Control [RFC4006], Diameter NASREQ [RFC4072] and Diameter EAP [RFC4005] application commands. The following commands are re-used to carry QoS related AVPs: Command-Name Abbrev. Code Reference Diameter-EAP-Request DER 268 RFC 4072 Diameter-EAP-Answer DEA 268 RFC 4072 Credit-Control-Request CCR 272 RFC 4006 Credit-Control-Answer CCA 272 RFC 4006 AA-Request AAR 265 RFC 4005 AA-Answer AAA 265 RFC 4005 Figure 1: Command Codes When the Re-Auth-Request (RAR), Re-Auth-Answer (RAA), Session- Termination-Request (STR), Session-Termination-Answer (STA), Abort- Korhonen, et al. Expires January 3, 2008 [Page 3] Internet-Draft QoS attributes for Diameter July 2007 Session-Request (ASR), Abort-Session-Answer (ASA), Accounting-Request (ACR), and Accounting-Answer (ACA) commands are used together with this specification they follow the rules in Diameter NASREQ [RFC4005], Diameter EAP [RFC4072], Credit-Control [RFC4006] and Diameter Base Protocol [RFC3588]. The accounting commands use the Application Identifier value of the respective application. 3.2. Diameter-EAP-Request (DER) The Diameter-EAP-Request (DER) command [RFC4072], indicated by the Command-Code field set to 268 and the 'R' bit set in the Command Flags field, may be sent by the NAS to the Diameter server providing network access authentication and authorization services. At the same time as the network access authentication and authorization, the NAS MAY request the Diameter server to authorize provisioning of QoS resources. The message format is the same as defined in [RFC4072] with an addition of Diameter QoS specific AVPs. Figure 2 shows the DER message used with the Diameter QoS AVPs: ::= < Diameter Header: 268, REQ, PXY > < Session-Id > { Auth-Application-Id } { Origin-Host } { Origin-Realm } { Destination-Realm } { Auth-Request-Type } [ Destination-Host ] [ User-Name ] [ QoS-Capability ] * [ QoS-Resources ] ... * [ AVP ] Figure 2: Diameter EAP Request Command 3.3. Diameter-EAP-Answer (DEA) The Diameter-EAP-Answer (DEA) message defined in [RFC4072], indicated by the Command- Code field set to 268 and 'R' bit cleared in the Command Flags field is sent in response to the Diameter-EAP-Request message (DER). If the QoS service is successfully authorized and the Korhonen, et al. Expires January 3, 2008 [Page 4] Internet-Draft QoS attributes for Diameter July 2007 Diameter server was able to fulfill the QoS Authorization request (if needed) then the response MAY include the QoS-Resources AVPs. The message format is the same as defined in [RFC4072] with an addition of Diameter QoS specific AVPs. Figure 3 shows the DEA message used with the Diameter QoS AVPs: ::= < Diameter Header: 268, PXY > < Session-Id > { Auth-Application-Id } { Auth-Request-Type } { Result-Code } { Origin-Host } { Origin-Realm } * [ QoS-Resources ] [ Session-Timeout ] [ User-Name ] ... * [ AVP ] Figure 3: Diameter EAP Answer Command 3.4. Credit-Control-Request (CCR) The Credit-Control-Request (CCR) command [RFC4006], indicated by the Command-Code field set to 272 and the 'R' bit set in the Command Flags field, may be sent by the NAS to the Diameter-QoS server to request QoS credit authorization for a given QoS provisioning request. In that case the CCR command MAY also carry the QoS- Resources AVPs. The message format is the same as defined in [RFC4006] with an addition of Diameter QoS specific AVPs. Figure 4 shows the CCR message used with the Diameter QoS AVPs: Korhonen, et al. Expires January 3, 2008 [Page 5] Internet-Draft QoS attributes for Diameter July 2007 ::= < Diameter Header: 272, REQ, PXY > < Session-Id > { Auth-Application-Id } { Origin-Host } { Origin-Realm } { Destination-Realm } { Auth-Request-Type } { Service-Context-Id } { CC-Request-Type } { CC-Request-Number } [ Destination-Host ] [ User-Name ] [ QoS-Capability ] * [ QoS-Resources ] ... * [ AVP ] Figure 4: Credit Control Request Command 3.5. Credit-Control-Answer (CCA) The Credit-Control-Answer (CCA) command [RFC4006], indicated by the Command-Code field set to 272 and the 'R' bit set in the Command Flags field is sent in response to the CC-Request (CCR) message to acknowledge a CC-Request command. If the Diameter QoS server was able to fulfill the QoS request (if needed) then the response MAY include the QoS-Resources AVPs. The message format is the same as defined in [RFC4006] with an addition of Diameter QoS specific AVPs. Figure 5 shows the CCA message used with the Diameter QoS AVPs: Korhonen, et al. Expires January 3, 2008 [Page 6] Internet-Draft QoS attributes for Diameter July 2007 ::= < Diameter Header: 272, PXY > < Session-Id > { Result-Code } { Origin-Host } { Origin-Realm } { Auth-Application-Id } { CC-Request-Type } { CC-Request-Number } [ User-Name ] [ CC-Session-Failover ] [ CC-Sub-Session-Id ] [ Acct-Multi-Session-Id ] [ Origin-State-Id ] [ Event-Timestamp ] * [ QoS-Resources ] ... * [ AVP ] Figure 5: Credit Control Answer Command 3.6. AA-Request (AAR) The AA-Request (AAR) message, indicated by the Command-Code field set to 265 and 'R' bit set in the Command Flags field, may be sent by the NAS to the Diameter server providing network access configuration services. At the same time as the network access authentication and authorization, the NAS MAY request the Diameter server to authorize provisioning of QoS resources. The message format is the same as defined in [RFC4005] with an addition of Diameter QoS specific AVPs. Figure 6 shows the AAR message used with the Diameter QoS AVPs: Korhonen, et al. Expires January 3, 2008 [Page 7] Internet-Draft QoS attributes for Diameter July 2007 ::= < Diameter Header: 265, REQ, PXY > < Session-Id > { Auth-Application-Id } { Origin-Host } { Origin-Realm } { Destination-Realm } { Auth-Request-Type } [ QoS-Capability ] * [ QoS-Resources ] [ Destination-Host ] ... * [ AVP ] Figure 6: AA Request Command 3.7. AA-Answer (AAA) The AA-Answer (AAA) message, indicated by the Command-Code field set to 265 and 'R' bit cleared in the Command Flags field is sent in response to the AA-Request (AAR) message for confirmation of the result of QoS provisioning. If the QoS service is successfully authorized and the Diameter server was able to fulfill the QoS provisioning request (if needed) then the response MAY include the QoS-Resources AVPs. The message format is the same as defined in [RFC4005] with an addition of Diameter QoS specific AVPs. Figure 7 shows the AAA message used with the Diameter QoS AVPs: ::= < Diameter Header: 265, PXY > < Session-Id > { Auth-Application-Id } { Auth-Request-Type } { Result-Code } { Origin-Host } { Origin-Realm } * [ QoS-Resources ] [ User-Name ] [ Session-Timeout ] ... * [ AVP ] Korhonen, et al. Expires January 3, 2008 [Page 8] Internet-Draft QoS attributes for Diameter July 2007 Figure 7: AA Answer Command 4. Diameter QoS Defined AVPs The following table lists the Diameter AVPs used by this document, their AVP code values, types, possible flag values, and whether the AVP may be encrypted. +------------------+ | AVP Flag Rules | +-------------------------------------------------|----+---+----+----+ | AVP Section |MUST|MAY|SHLD|MUST| | Attribute Name Code Defined Data Type | | | NOT| NOT| +-------------------------------------------------+----+---+----+----+ |QoS-Flow-State TBD 4.2 Enumerated | |M,P| | V | |QSPEC TBD 4.3 OctetSTring| |M,P| | V | |QoS-ID TBD 4.1 Unsigned32 | |M,P| | V | |Extended-QoS-Filter-Rule TBD 4.6 Grouped | |M,P| | V | |QoS-Resources TBD 4.4 Grouped | |M,P| | V | |QoS-Parameter TBD 4.5 Grouped | |M,P| | V | |QoS-Capability TBD 4.7 Grouped | |M,P| | V | |QSPEC-Type TBD 4.8 Unsigned32 | |M,P| | V | +-------------------------------------------------+----+---+----+----+ 4.1. QoS-ID AVP The QoS-ID AVP (AVP Code TBD) is of type Unsigned32 and references the QSPEC. 4.2. QoS-Flow-State AVP The QoS-Flow-State AVP (AVP Code TBD) is of type Enumerated. It gives an indication as to how the flow MUST be treated. The Extended-QoS-Filter-Rule already provides an indicate whether a flow is permitted or denied. This optional AVP provides additional information about the treatment. Currently a single value is defined; further values are available via IANA registration. 0 Pending: The filter rules are not installed but kept pending. Subsequent signaling is necessary to active them. 4.3. QSPEC AVP The QSPEC AVP (AVP Code TBD) is of type OctetString and contains Quality of Service parameters. These parameters are defined in a separate document, see [I-D.ietf-dime-qos-parameters]. Korhonen, et al. Expires January 3, 2008 [Page 9] Internet-Draft QoS attributes for Diameter July 2007 4.4. QoS-Resources AVP The QoS-Resources AVP (AVP Code TBD) is of type Grouped and includes description of the resources that have been authorized or requested. More than one QoS-Resources AVP MAY be included in a single message. QoS-Resources ::= < AVP Header: XXX > 1* [ Extended-QoS-Filter-Rule ] 1* [ QoS-Parameter ] [ QoS-Flow-State ] * [ AVP ] 4.5. QoS-Parameter AVP The QoS-Parameter AVP (AVP Code TBD) is of type Grouped and ties the QoS-ID AVP together to the QSPEC AVP. All parameters followed by the QSPEC-Type AVP refer to the same QoS model/profile. QoS-Parameter ::= < AVP Header: XXX > { QoS-ID } { QSPEC-Type } 1* [ QSPEC ] * [ AVP ] 4.6. Extended-QoS-Filter-Rule AVP TheExtended-QoS-Filter-Rule AVP (AVP Code TBD) is of type Grouped. The QoS filter rule associated with the QoS-ID re-uses the RADIUS NAS-Traffic-Rule AVP [I-D.ietf-radext-filter-rules]. This AVP ties a specific filter to a QoS-ID that in turn refers to a specific QoS- Parameter. Extended-QoS-Filter-Rule ::= < AVP Header: XXX > { QoS-ID } { NAS-Traffic-Rule } * [ AVP ] 4.7. QoS-Capability AVP The QoS-Capability AVP (AVP Code TBD) is of type Grouped and contains a list of supported QSPEC-Types and respective AVPs. The NAS SHOULD include this AVP from the NAS to the Diameter server to indicate the support for this specification and for the specific Korhonen, et al. Expires January 3, 2008 [Page 10] Internet-Draft QoS attributes for Diameter July 2007 QoS models. QoS-Capability ::= < AVP Header: XXX > 1* { QSPEC-Type } * [ AVP ] 4.8. QSPEC-Type AVP The QSPEC-Type AVP (AVP Code TBD) is of type Unsigned32 and contains the supported QoS model or QoS profile. The value of 0 refers to the QoS parameters described in [I-D.ietf-dime-qos-parameters]. The values are taken from the registry defined in [I-D.ietf-nsis-qspec]. 5. Example Korhonen, et al. Expires January 3, 2008 [Page 11] Internet-Draft QoS attributes for Diameter July 2007 User AAA Client AAA server | | | | (initiate EAP) | | |<------------------------------>| | | | Diameter-EAP-Request | | | EAP-Payload(EAP Start) | | | QoS-Capability | | |------------------------------->| | | | | | Diameter-EAP-Answer | | Result-Code=DIAMETER_MULTI_ROUND_AUTH | | | EAP-Payload(EAP Request #1) | | |<-------------------------------| | EAP Request(Identity) | | |<-------------------------------| | | | | | EAP Response #N | | |------------------------------->| | | | Diameter-EAP-Request | | | EAP-Payload(EAP Response #N) | | |------------------------------->| | | | | | Diameter-EAP-Answer | | | Result-Code=DIAMETER_SUCCESS | | | EAP-Payload(EAP Success) | | | [EAP-Master-Session-Key] | | | (authorization AVPs) | | | QoS-Resources | | |<-------------------------------| | | | | EAP Success | | |<-------------------------------| | | | | Figure 8: Example of AAA Server providing QoS Information to AAA Client 6. AVP Occurrence Tables 6.1. DER and DEA Commands AVP Table The following table lists the Quality of Service specific AVPs defined in this document that may be present in the DER and DEA Commands, as defined in this document and in [RFC4072]. Korhonen, et al. Expires January 3, 2008 [Page 12] Internet-Draft QoS attributes for Diameter July 2007 +---------------+ | Command-Code | |-------+-------+ Attribute Name | DER | DEA | -------------------------------+-------+-------+ QoS-Capability | 0-1 | 0 | QoS-Resources | 0+ | 0+ | +-------+-------+ Figure 9: DER and DEA Commands AVP table 6.2. CCR and CCA Commands AVP Table The following table lists the Quality of Service specific AVPs defined in this document that may be present in the CCR and CCA Commands, as defined in this document and in [RFC4006]. +---------------+ | Command-Code | |-------+-------+ Attribute Name | CCR | CCA | -------------------------------+-------+-------+ QoS-Capability | 0-1 | 0 | QoS-Resources | 0+ | 0+ | +-------+-------+ Figure 10: CCR and CCA Commands AVP table 6.3. AAR and AAA Commands AVP Table The following table lists the Quality of Service specific AVPs defined in this document that may be present in the AAR and AAA Commands, as defined in this document and in [RFC4005]. +---------------+ | Command-Code | |-------+-------+ Attribute Name | AAR | AAA | -------------------------------+-------+-------+ QoS-Capability | 0-1 | 0 | QoS-Resources | 0+ | 0+ | +-------+-------+ Figure 11: AAR and AAA Commands AVP table Korhonen, et al. Expires January 3, 2008 [Page 13] Internet-Draft QoS attributes for Diameter July 2007 7. Diameter RADIUS Interoperability [Editor's Note: Text will be provided in a future version of this document.] 8. Acknowledgments We would like to thank Victor Fajardo for his comments. 9. IANA Considerations Diameter reserves the AVP Codes 0 - 255 for RADIUS functions that are implemented in Diameter. AVPs new to Diameter have code values of 256 and greater. This specification assigns the values TBD-1 to TBD-2 from the AVP Code namespace defined in RFC 3588 [RFC3588]. See Section 4 for the newly defined AVPs. This specification also specifies the use of AVPs in the 0 - 255 range, which are defined in 'RADIUS Types', see http://www.iana.org/assignments/radius-types. These values are assigned by the policy in Section 6 of RFC 2865 [RFC2865] and are amended by RFC 3575 [RFC3575]. 10. Security Considerations This document describes the extension of Diameter for conveying Quality of Service information. The security considerations of the Diameter protocol itself have been discussed in RFC 3588 [RFC3588]. Use of the AVPs defined in this document MUST take into consideration the security issues and requirements of the Diameter Base protocol. 11. References 11.1. Normative References [I-D.ietf-dime-qos-parameters] Korhonen, J. and H. Tschofenig, "Quality of Service Parameters for Usage with the AAA Framework", draft-ietf-dime-qos-parameters-00 (work in progress), June 2007. [I-D.ietf-radext-filter-rules] Korhonen, et al. Expires January 3, 2008 [Page 14] Internet-Draft QoS attributes for Diameter July 2007 Congdon, P., "RADIUS Attributes for Filtering and Redirection", draft-ietf-radext-filter-rules-02 (work in progress), March 2007. [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. [RFC3575] Aboba, B., "IANA Considerations for RADIUS (Remote Authentication Dial In User Service)", RFC 3575, July 2003. [RFC3588] Calhoun, P., Loughney, J., Guttman, E., Zorn, G., and J. Arkko, "Diameter Base Protocol", RFC 3588, September 2003. [RFC4005] Calhoun, P., Zorn, G., Spence, D., and D. Mitton, "Diameter Network Access Server Application", RFC 4005, August 2005. [RFC4006] Hakala, H., Mattila, L., Koskinen, J-P., Stura, M., and J. Loughney, "Diameter Credit-Control Application", RFC 4006, August 2005. 11.2. Informative References [I-D.ietf-nsis-qspec] Ash, J., "QoS NSLP QSPEC Template", draft-ietf-nsis-qspec-16 (work in progress), March 2007. [RFC2865] Rigney, C., Willens, S., Rubens, A., and W. Simpson, "Remote Authentication Dial In User Service (RADIUS)", RFC 2865, June 2000. [RFC4072] Eronen, P., Hiller, T., and G. Zorn, "Diameter Extensible Authentication Protocol (EAP) Application", RFC 4072, August 2005. Authors' Addresses Jouni Korhonen (editor) TeliaSonera Teollisuuskatu 13 Sonera FIN-00051 Finland Email: jouni.korhonen@teliasonera.com Korhonen, et al. Expires January 3, 2008 [Page 15] Internet-Draft QoS attributes for Diameter July 2007 Hannes Tschofenig Nokia Siemens Networks Otto-Hahn-Ring 6 Munich, Bavaria 81739 Germany Email: Hannes.Tschofenig@nsn.com URI: http://www.tschofenig.com Mayutan Arumaithurai University of Goettingen Email: mayutan.arumaithurai@gmail.com Korhonen, et al. Expires January 3, 2008 [Page 16] Internet-Draft QoS attributes for Diameter July 2007 Full Copyright Statement Copyright (C) The IETF Trust (2007). This document is subject to the rights, licenses and restrictions contained in BCP 78, and except as set forth therein, the authors retain all their rights. This document and the information contained herein are provided on an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Intellectual Property The IETF takes no position regarding the validity or scope of any Intellectual Property Rights or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; nor does it represent that it has made any independent effort to identify any such rights. Information on the procedures with respect to rights in RFC documents can be found in BCP 78 and BCP 79. Copies of IPR disclosures made to the IETF Secretariat and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementers or users of this specification can be obtained from the IETF on-line IPR repository at http://www.ietf.org/ipr. The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights that may cover technology that may be required to implement this standard. Please address the information to the IETF at ietf-ipr@ietf.org. Acknowledgment Funding for the RFC Editor function is provided by the IETF Administrative Support Activity (IASA). Korhonen, et al. Expires January 3, 2008 [Page 17]