idnits 2.17.1 draft-hildebrand-spud-prototype-02.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == Line 139 has weird spacing: '...unknown no in...' == Line 142 has weird spacing: '...opening the i...' == Line 145 has weird spacing: '...running the t...' == Line 147 has weird spacing: '...esuming an ou...' == The document seems to lack the recommended RFC 2119 boilerplate, even if it appears to use RFC 2119 keywords. (The document does seem to have the reference to RFC 2119 which the ID-Checklist requires). -- The document date (March 03, 2015) is 3342 days in the past. Is this intentional? Checking references for intended status: Informational ---------------------------------------------------------------------------- == Unused Reference: 'RFC3168' is defined on line 609, but no explicit reference was found in the text ** Obsolete normative reference: RFC 7049 (Obsoleted by RFC 8949) Summary: 1 error (**), 0 flaws (~~), 7 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group J. Hildebrand 3 Internet-Draft Cisco Systems 4 Intended status: Informational B. Trammell 5 Expires: September 4, 2015 ETH Zurich 6 March 03, 2015 8 Substrate Protocol for User Datagrams (SPUD) Prototype 9 draft-hildebrand-spud-prototype-02 11 Abstract 13 SPUD is a prototype for grouping UDP packets together in a "tube", 14 also allowing network devices on the path between endpoints to 15 participate explicitly in the tube outside the end-to-end context. 17 Status of This Memo 19 This Internet-Draft is submitted in full conformance with the 20 provisions of BCP 78 and BCP 79. 22 Internet-Drafts are working documents of the Internet Engineering 23 Task Force (IETF). Note that other groups may also distribute 24 working documents as Internet-Drafts. The list of current Internet- 25 Drafts is at http://datatracker.ietf.org/drafts/current/. 27 Internet-Drafts are draft documents valid for a maximum of six months 28 and may be updated, replaced, or obsoleted by other documents at any 29 time. It is inappropriate to use Internet-Drafts as reference 30 material or to cite them other than as "work in progress." 32 This Internet-Draft will expire on September 4, 2015. 34 Copyright Notice 36 Copyright (c) 2015 IETF Trust and the persons identified as the 37 document authors. All rights reserved. 39 This document is subject to BCP 78 and the IETF Trust's Legal 40 Provisions Relating to IETF Documents 41 (http://trustee.ietf.org/license-info) in effect on the date of 42 publication of this document. Please review these documents 43 carefully, as they describe your rights and restrictions with respect 44 to this document. Code Components extracted from this document must 45 include Simplified BSD License text as described in Section 4.e of 46 the Trust Legal Provisions and are provided without warranty as 47 described in the Simplified BSD License. 49 1. Introduction 51 The goal of SPUD (Substrate Protocol for User Datagrams) is to 52 provide a mechanism for grouping UDP packets together into a "tube" 53 with a defined beginning and end in time. Devices on the network 54 path between the endpoints speaking SPUD may communicate explicitly 55 with the endpoints outside the context of the end-to-end 56 conversation. 58 The SPUD protocol is a prototype, intended to promote further 59 discussion of potential use cases within the framework of a concrete 60 approach. To move forward, ideas explored in this protocol might be 61 implemented inside another protocol such as DTLS. 63 1.1. Terminology 65 In this document, the key words "MUST", "MUST NOT", "REQUIRED", 66 "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", 67 and "OPTIONAL" are to be interpreted as described in BCP 14, RFC 2119 68 [RFC2119]. 70 2. Requirements, Assumptions and Rationale 72 The prototype described in this document is designed to provide an 73 encapsulation for transport protocols which allows minimal and 74 selective exposure of transport semantics, and other transport- and 75 higher-layer information; and explicit discovery of selected 76 information about devices along the path by the transport and higher 77 layers. 79 The encryption of transport- and higher-layer content encapsulated 80 within SPUD is not mandatory; however, the eventual intention is that 81 explicit communication between endpoints and the path can largely 82 replace the implicit endpoint-to-path communication presently derived 83 by middleboxes through deep packet inspection (DPI). 85 SPUD is not a transport protocol; rather, we envision it as the 86 lowest layer of a "transport construction kit". Using SPUD as a 87 common encapsulation, such that new transports have a common 88 appearance to middleboxes, applications, platforms, and operating 89 systems can provide a variety of transport protocols or transport 90 protocol modules. This construction kit is out of scope for this 91 prototype, and left to future work, though we note it could be an 92 alternate implementation of an eventual TAPS interface. 94 The design is based on the following requirements and assumptions: 96 o Transport semantics and many properties of communication that 97 endpoints may want to expose to middleboxes are bound to flows or 98 groups of flows. SPUD must therefore provide a basic facility for 99 associating packets together (into what we call a "tube" for lack 100 of a better term). 102 o SPUD and transports above SPUD must be implementable without 103 requiring kernel replacements or modules on the endpoints, and 104 without having special privilege (root or "jailbreak") on the 105 endpoints. Eventually, we envision that SPUD will be implemented 106 in operating system kernels as part of the IP stack. However, we 107 also assume that there will be a (very) long transition to this 108 state, and SPUD must be useful and deployable during this 109 transition. In addition, userspace implementations of SPUD can be 110 used for rapid deployment of SPUD itself and new transport 111 protocols over SPUD, e.g. in web browsers. 113 o SPUD must operate in the present Internet. In order to ensure 114 deployment, it must also be useful as an encapsulation between 115 endpoints even before the deployment of middleboxes that 116 understand it. 118 o SPUD must be low-overhead, specifically requiring very little 119 effort to recognize that a packet is a SPUD packet and to 120 determine the tube it is associated with. 122 o SPUD must impose minimal restrictions on the transport protocols 123 it encapsulates. SPUD must work in multipath, multicast, and 124 mobile environments. 126 o SPUD must provide incentives for development and deployment by 127 multiple communities. These communities and incentives will be 128 defined through the prototyping process. 130 3. Lifetime of a tube 132 A tube is a grouping of packets between two endpoints on the network. 133 Tubes are started by the "initiator" expressing an interest in 134 comminicating with the "responder". A tube may be closed by either 135 endpoint. 137 A tube may be in one of the following states: 139 unknown no information is currently known about the tube. All tubes 140 implicitly start in the unknown state. 142 opening the initiator has requested a tube that the responder has 143 not yet acknowledged. 145 running the tube is set up and will allow data to flow 147 resuming an out-of-sequence SPUD packet has been received for this 148 tube. Policy will need to be developed describing how (or if) 149 this state can be exploited for quicker tube resumption by higher- 150 level protocols. 152 This leads to the following state transitions (see Section 4.3 for 153 details on the commands that cause transitions): 155 +---------------------+ +-----+ 156 | | |close| 157 | v | v 158 | +---sopen--- +-------+ <--close----+ 159 | | |unknown| | 160 | | +-----> +-------+ -ack,--+ | 161 | | | \ data | | 162 | | close open | | 163 | v | \ v | 164 | +-------+ ------data-------> +--------+ 165 | +-----|opening| ) |resuming|----+ 166 | | +-------+ <-----open-------- +--------+ | 167 | | ^ | / | ^ | 168 | | | | v | | | 169 | +-sopen-+ +-ack-> +-------+ <-ack,-+ +-data-+ 170 | |running| open 171 +---------close------ +-------+ 172 ^ | 173 | | open,ack,data 174 +----+ 176 Figure 1: State transitions 178 All of the state transitions happen when a command is received, 179 except for the "sopen" transition which occurs when an open command 180 is sent. 182 4. Packet layout 184 SPUD packets are sent inside UDP packets, with the SPUD header 185 directly after the UDP header. 187 0 1 2 3 188 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 189 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 190 | magic = 0xd80000d8 | 191 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 192 | tube ID | 193 + + 194 | | 195 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 196 |cmd|a|p| resv | CBOR map... | 197 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 199 Figure 2: SPUD packets 201 The fields in the packet are: 203 o 32-bit constant magic number (see Section 4.1) 205 o 64 bits defining the id of this tube 207 o 2 bits of command (see Section 4.3) 209 o 1 bit marking this packet as an application declaration (adec) 211 o 1 bit marking this packet as a path declaration (pdec) 213 o 4 reserved bits that MUST be set to 0 for this version of the 214 protocol 216 o If more bytes are present, they contain a CBOR map 218 4.1. Detecting usage 220 The first 32 bits of every SPUD packet is the constant bit pattern 221 d80000d8 (hex), or 1101 1000 0000 0000 1101 1000 (binary). This 222 pattern was selected to be invalid UTF-8, UTF-16 (both big- and 223 little-endian), and UTF-32 (both big- and little-endian). The intent 224 is to ensure that text-based non-SPUD protocols would not use this 225 pattern by mistake. A survey of other protocols will be done to see 226 if this pattern occurs often in existing traffic. 228 The intent of this magic number is not to provide conclusive evidence 229 that SPUD is being used in this packet, but instead to allow a very 230 fast (i.e., trivially implementable in hardware) way to decide that 231 SPUD is not in use on packets that do not include the magic number. 233 4.2. TUBE ID 235 The 64-bit tube ID uniquely identifies a given tube. All commands 236 (see Section 4.3) are scoped to a single tube. 238 [EDITOR'S NOTE: Does a Tube ID have to be bound to a single source 239 address or not? This would be for mobility, not multipath.] 241 4.3. Commands 243 The next 2 bits of a SPUD packet encode a command: 245 Data (00) Normal data in a running tube 247 Open (01) A request to begin a tube 249 Close (10) A request to end a tube 251 Ack (11) An acknowledgement to an open request 253 4.4. Declaration bits 255 The adec bit is set when the application is making a declaration to 256 the path. The pdec bit is set when the path is making a declaration 257 to the application. 259 4.5. Reserved bits 261 The final required four bits of SPUD packet MUST all be set to zero 262 in this version of the protocol. These bits could be used for 263 extensions in future versions. 265 4.6. Additional information 267 The information after the SPUD header (if it exists) is a CBOR 268 [RFC7049] map (major type 5). Each key in the map may be an integer 269 (major type 0 or 1) or a text string (major type 3). Integer keys 270 are reserved for standardized protocols, with a registry defining 271 their meaning. This convention can save several bytes per packet, 272 since small integers only take a single byte in the CBOR encoding, 273 and a single-character string takes at least two bytes (more when 274 useful-length strings are used). 276 The only integer keys reserved by this version of the document are: 278 0 (anything) Application Data. Any CBOR data type, used as 279 application-specific data. Often this will be a byte string 280 (major type 2), particularly for protocols that encrypt data. 282 The 0 key MUST NOT be used when the adec or pdec bit is set. Path 283 elements MUST NOT inspect or modify the contents of the 0 key. 285 The overhead for always using CBOR is therefore effectively three or 286 more bytes: 0xA1 (map with one element), 0x00 (integer 0 as the key), 287 and 0x41 (byte string containing one byte). [EDITOR'S NOTE: It may 288 be that the simplicity and extensibility of this approach is worth 289 the three bytes of overhead.] 291 5. Initiating a tube 293 To begin a tube, the initiator sends a SPUD packet with the "open" 294 command (bits 01). 296 Future versions of this specification may contain CBOR in the open 297 packet. One example might be requesting proof of implementation from 298 the receiving endpoint, 300 6. Acknowledging tube creation 302 To acknowledge the creation of a tube, the responder sends a SPUD 303 packet with the "ack" command (bits 11). The current thought is that 304 the security provided by the TCP three-way handshake would be left to 305 transport protocols inside of SPUD. Further exploration of this 306 prototype will help decide how much of this handshake needs to be 307 made visible to path elements that _only_ process SPUD. 309 Future versions of this specification may contain CBOR in the ack 310 packet. One example might be answering an implementation proof 311 request from the initiator. 313 7. Closing a tube 315 To close a tube, either side sends a packet with the "close" command 316 (bits 10). Whenever a path element sees a close packet for a tube, 317 it MAY drop all stored state for that tube. Further exploration of 318 this prototype will determine when close packets are sent, what CBOR 319 they contain, and how they interact with transport protocols inside 320 of SPUD. 322 What is likely at this time is that SPUD close packets MAY contain 323 error information in the following CBOR keys (and associated values): 325 "error" (map, major type 5) a map from text string (major type 3) to 326 text string. The keys are [RFC5646] language tags, and the values 327 are strings that can be presented to a user that understands that 328 language. The key "*" can be used as the default. 330 "url" (text string, major type 3) a URL identifying some information 331 about the path or its relationship with the tube. The URL 332 represents some path condition, and retrieval of content at the 333 URL should include a human-readable description. 335 8. Path declarations 337 SPUD can be used for path declarations: information delivered to the 338 endpoints from devices along the path. Path declarations can be 339 thought of as enhanced ICMP for transports using SPUD, allowing 340 information about the condition or state of the path or the tube to 341 be communicated directly to a sender. 343 Path declarations may be sent in either direction (toward the 344 initiator or responder) at any time. The scope of a path declaration 345 is the tube (identified by tube ID) to which it is associated. 346 Devices along the path cannot make declarations to endpoints without 347 a tube to associate them with. Path declarations are sent to one 348 endpoint in a SPUD conversation by the path device sending SPUD 349 packets with the source IP address and UDP port from the other 350 endpoint in the conversation. These "spoofed" packets are required 351 to allow existing network elements that pass traffic for a given 352 5-tuple to continue to work. To ensure that the context for these 353 declarations is correct, path declaration packets MUST have the pdec 354 bit set. Path declarations MUST use the "data" command (bits 00). 356 Path declarations do not imply specific required actions on the part 357 of receivers. Any path declaration MAY be ignored by a receiving 358 application. When using a path declaration as input to an algorithm, 359 the application will make decisions about the trustworthiness of the 360 declaration before using the data in the declaration. 362 The data associated with a path declaration may always have the 363 following keys (and associated values), regardless of what other 364 information is included: 366 "ipaddr" (byte string, major type 2) the IPv4 address or IPv6 367 address of the sender, as a string of 4 or 16 bytes in network 368 order. This is necessary as the source IP address of the packet 369 is spoofed 371 "cookie" (byte string, major type 2) data that identifies the 372 sending path element unambiguously 374 "url" (text string, major type 3) a URL identifying some information 375 about the path or its relationship with the tube. The URL 376 represents some path condition, and retrieval of content at the 377 URL should include a human-readable description. 379 "warning" (map, major type 5) a map from text string (major type 3) 380 to text string. The keys are [RFC5646] language tags, and the 381 values are strings that can be presented to a user that 382 understands that language. The key "*" can be used as the 383 default. 385 The SPUD mechanism is defined to be completely extensible in terms of 386 the types of path declarations that can be made. However, in order 387 for this mechanism to be of use, endpoints and devices along the path 388 must share a relatively limited vocabulary of path declarations. The 389 following subsections briefly explore declarations we believe may be 390 useful, and which will be further developed on the background of 391 concrete use cases to be defined as part of the SPUD effort. 393 Terms in this vocabulary considered universally useful may be added 394 to the SPUD path declaration map keys, which in this case would then 395 be defined as an IANA registry. 397 8.1. ICMP 399 ICMP [RFC4443] (e.g.) messages are sometimes blocked by path elements 400 attempting to provide security. Even when they are delivered to the 401 host, many ICMP messages are not made available to applications 402 through portable socket interfaces. As such, a path element might 403 decide to copy the ICMP message into a path declaration, using the 404 following key/value pairs: 406 "icmp" (byte string, major type 2) the full ICMP payload. This is 407 intended to allow ICMP messages (which may be blocked by the path, 408 or not made available to the receiving application) to be bound to 409 a tube. Note that sending a path declaration ICMP message is not 410 a substitute for sending a required ICMP or ICMPv6 message. 412 "icmp-type" (unsigned, major type 0) the ICMP type 414 "icmp-code" (unsigned, major type 0) the ICMP code 416 Other information from particular ICMP codes may be parsed out into 417 key/value pairs. 419 8.2. Address translation 421 SPUD-aware path elements that perform Network Address Translation 422 MUST send a path declaration describing the translation that was 423 done, using the following key/value pairs: 425 "translated-external-address" (byte string, major type 2) The 426 translated external IPv4 address or IPv6 address for this 427 endpoint, as a string of 4 or 16 bytes in network order 429 "translated-external-port" (unsigned, major type 0) The translated 430 external UDP port number for this endpoint 432 "internal-address" (byte string, major type 2) The pre-translation 433 (internal) IPv4 address or IPv6 address for this endpoint, as a 434 string of 4 or 16 bytes in network order 436 "internal-port" (unsigned, major type 0) The pre-translation 437 (internal) UDP port number for this endpoint 439 The internal addresses are useful when multiple address translations 440 take place on the same path. 442 8.3. Tube lifetime 444 SPUD-aware path elements that are maintaining state MAY drop state 445 using inactivity timers, however if they use a timer they MUST send a 446 path declaration in both directions with the length of that timer, 447 using the following key/value pairs: 449 "inactivity-timer" (unsigned, major type 0) The length of the 450 inactivity timer (in microseconds). A value of 0 means no timeout 451 is being enforced by this path element, which might be useful if 452 the timeout changes over the lifetime of a tube. 454 8.4. Path element identity 456 Path elements can describe themselves using the following key/value 457 pairs: 459 "description" (text string, major type 3) the name of the software, 460 hardware, product, etc. that generated the declaration 462 "version" (text string, major type 3) the version of the software, 463 hardware, product, etc. that generated the declaration 465 "caps" (byte string, major type 2) a hash of the capabilities of the 466 software, hardware, product, etc. that generated the declaration 467 [TO BE DESCRIBED] 469 "ttl" (unisigned integer, major type 0) IP time to live / IPv6 Hop 470 Limit of associated device [EDITOR'S NOTE: more detail is required 471 on how this is calculated] 473 8.5. Maximum Datagram Size 475 A path element may tell the endpoint the maximum size of a datagram 476 it is willing or able to forward for a tube, to augment various path 477 MTU discovery mechanisms. This declaration uses the following key/ 478 value pairs: 480 "mtu" (unsigned, major type 0) the maximum transmission unit (in 481 bytes) 483 8.6. Rate Limit 485 A path element may tell the endpoint the maximum data rate (in octets 486 or packets) that it is willing or able to forward for a tube. As all 487 path declarations are advisory, the device along the path must not 488 rely on the endpoint to set its sending rate at or below the declared 489 rate limit, and reduction of rate is not a guarantee to the endpoint 490 of zero queueing delay. This mechanism is intended for "gross" rate 491 limitation, i.e. to declare that the output interface is connected to 492 a limited or congested link, not as a substitute for loss-based or 493 explicit congestion notification on the RTT timescale. This 494 declaration uses the following key/value pairs: 496 "max-byte-rate" (unsigned, major type 0) the maximum bandwidth (in 497 bytes per second) 499 "max-packet-rate" (unsigned, major type 0) the maximum bandwidth (in 500 packets per second) 502 8.7. Latency Advisory 504 A path element may tell the endpoint the latency attributable to 505 traversing that path element. This mechanism is intended for "gross" 506 latency advisories, for instance to declare the output interface is 507 connected to a satellite or [RFC1149] link. This declaration uses 508 the following key/value pairs: 510 "latency" (unsigned, major type 0) the latency (in microseconds) 512 8.8. Prohibition Report 514 A path element which refuses to forward a packet may declare why the 515 packet was not forwarded, similar to the various Destination 516 Unreachable codes of ICMP. 518 [EDITOR'S NOTE: Further thought will be given to how these reports 519 interact with the ICMP support from Section 8.1.] 521 9. Declaration reflection 523 In some cases, a device along the path may wish to send a path 524 declaration but may not be able to send packets ont he reverse path. 525 It may ask the endpoint in the forward direction to reflect a SPUD 526 packet back along the reverse path in this case. 528 [EDITOR'S NOTE: Bob Briscoe raised this issue during the SEMI 529 workshop, which has largely to do with tunnels. It is not clear to 530 the authors yet how a point along the path would know that it must 531 reflect a declaration, but this approach is included for 532 completeness.] 534 A reflected declaration is a SPUD packet with both the pdec and adec 535 flags set, and contains the same content as a path declaration would. 536 However the packet has the same source address and port and 537 destination address and port as the SPUD packet which triggered it. 539 When a SPUD endpoint receives a declaration reflection, it SHOULD 540 reflect it: swapping the source and destination addresses IP 541 addresses and ports. The reflecting endpoint MUST unset the adec 542 bit, sending the packet it as if it were a path declaration. 544 [EDITOR's NOTE: this facility will need careful security analysis 545 before it makes it into any final specification.] 547 10. Application declarations 549 Applications may also use the SPUD mechanism to describe the traffic 550 in the tube to the application on the other side, and/or to any point 551 along the path. As with path declarations, the scope of an 552 application declaration is the tube (identified by tube ID) to which 553 it is associated. 555 An application declaration is a SPUD packet with the adec flag set, 556 and contains an application declaration formatted in CBOR in its 557 payload. As with path declarations, an application declaration is a 558 CBOR map, which may always have the following keys: 560 o cookie (byte string, major type 2): an identifier for this 561 application declaration, used to address a particular path element 563 Unless the cookie matches one sent by the path element for this tube, 564 every device along the path MUST forward application declarations on 565 towards the destination endpoint. 567 The definition of an application declaration vocabulary is left as 568 future work; we note only at this point that the mechanism supports 569 such declarations. 571 11. CBOR Profile 573 Moving forward, we will likely specify a subset of CBOR that can be 574 used in SPUD, including the avoidance of floating point numbers, 575 indefinite-length arrays, and indefinite-length maps. This will 576 allow a significantly less complicated CBOR implementation to be 577 used, which would be particularly nice on constrained devices. 579 12. Security Considerations 581 This gives endpoints the ability to expose information about 582 conversations to elements on path. As such, there are going to be 583 very strict security requirements about what can be exposed, how it 584 can be exposed, etc. This prototype DOES NOT tackle these issues 585 yet. 587 The goal is to ensure that this layer is better than TCP from a 588 security perspective. The prototype is clearly not yet to that 589 point. 591 13. IANA Considerations 593 If this protocol progresses beyond prototype in some way, a registry 594 will be needed for well-known CBOR map keys. 596 14. Acknowledgements 598 Thanks to Ted Hardie for suggesting the change from "Session" to 599 "Substrate" in the title, and to Joel Halpern for suggesting the 600 change from "session" to "tube" in the protocol description. 602 15. References 604 15.1. Normative References 606 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 607 Requirement Levels", BCP 14, RFC 2119, March 1997. 609 [RFC3168] Ramakrishnan, K., Floyd, S., and D. Black, "The Addition 610 of Explicit Congestion Notification (ECN) to IP", RFC 611 3168, September 2001. 613 [RFC4443] Conta, A., Deering, S., and M. Gupta, "Internet Control 614 Message Protocol (ICMPv6) for the Internet Protocol 615 Version 6 (IPv6) Specification", RFC 4443, March 2006. 617 [RFC5646] Phillips, A. and M. Davis, "Tags for Identifying 618 Languages", BCP 47, RFC 5646, September 2009. 620 [RFC7049] Bormann, C. and P. Hoffman, "Concise Binary Object 621 Representation (CBOR)", RFC 7049, October 2013. 623 15.2. Informative References 625 [RFC1149] Waitzman, D., "Standard for the transmission of IP 626 datagrams on avian carriers", RFC 1149, April 1990. 628 Authors' Addresses 630 Joe Hildebrand 631 Cisco Systems 633 Email: jhildebr@cisco.com 635 Brian Trammell 636 ETH Zurich 638 Email: ietf@trammell.ch