idnits 2.17.1 draft-ietf-spring-ipv6-use-cases-07.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (July 22, 2016) is 2829 days in the past. Is this intentional? Checking references for intended status: Informational ---------------------------------------------------------------------------- == Outdated reference: A later version (-07) exists of draft-ietf-rtgwg-dst-src-routing-02 == Outdated reference: A later version (-06) exists of draft-ietf-sfc-dc-use-cases-04 == Outdated reference: A later version (-28) exists of draft-ietf-sfc-nsh-05 == Outdated reference: A later version (-15) exists of draft-ietf-spring-segment-routing-09 == Outdated reference: A later version (-22) exists of draft-ietf-spring-segment-routing-mpls-05 Summary: 0 errors (**), 0 flaws (~~), 6 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Spring J. Brzozowski 3 Internet-Draft J. Leddy 4 Intended status: Informational Comcast 5 Expires: January 23, 2017 M. Townsley 6 C. Filsfils 7 R. Maglione, Ed. 8 Cisco Systems 9 July 22, 2016 11 IPv6 SPRING Use Cases 12 draft-ietf-spring-ipv6-use-cases-07 14 Abstract 16 Source Packet Routing in Networking (SPRING) architecture leverages 17 the source routing paradigm. A node steers a packet through a 18 controlled set of instructions, called segments, by prepending the 19 packet with SPRING header. A segment can represent any instruction, 20 topological or service-based. A segment can have a local semantic to 21 the SPRING node or global within the SPRING domain. SPRING allows to 22 enforce a flow through any topological path and service chain while 23 maintaining per-flow state only at the ingress node to the SPRING 24 domain. 26 The objective of this document is to illustrate some use cases that 27 need to be taken into account by the Source Packet Routing in 28 Networking (SPRING) architecture. 30 Status of This Memo 32 This Internet-Draft is submitted in full conformance with the 33 provisions of BCP 78 and BCP 79. 35 Internet-Drafts are working documents of the Internet Engineering 36 Task Force (IETF). Note that other groups may also distribute 37 working documents as Internet-Drafts. The list of current Internet- 38 Drafts is at http://datatracker.ietf.org/drafts/current/. 40 Internet-Drafts are draft documents valid for a maximum of six months 41 and may be updated, replaced, or obsoleted by other documents at any 42 time. It is inappropriate to use Internet-Drafts as reference 43 material or to cite them other than as "work in progress." 45 This Internet-Draft will expire on January 23, 2017. 47 Copyright Notice 49 Copyright (c) 2016 IETF Trust and the persons identified as the 50 document authors. All rights reserved. 52 This document is subject to BCP 78 and the IETF Trust's Legal 53 Provisions Relating to IETF Documents 54 (http://trustee.ietf.org/license-info) in effect on the date of 55 publication of this document. Please review these documents 56 carefully, as they describe your rights and restrictions with respect 57 to this document. Code Components extracted from this document must 58 include Simplified BSD License text as described in Section 4.e of 59 the Trust Legal Provisions and are provided without warranty as 60 described in the Simplified BSD License. 62 Table of Contents 64 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 65 2. IPv6 SPRING use cases . . . . . . . . . . . . . . . . . . . . 3 66 2.1. SPRING in the Home Network . . . . . . . . . . . . . . . 5 67 2.2. SPRING in the Access Network . . . . . . . . . . . . . . 6 68 2.3. SPRING in the Data Center . . . . . . . . . . . . . . . . 7 69 2.3.1. VM isolation in a Data Center . . . . . . . . . . . . 7 70 2.4. SPRING in the Content Delivery Networks . . . . . . . . . 8 71 2.5. SPRING in the Core networks . . . . . . . . . . . . . . . 9 72 3. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 10 73 4. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 11 74 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 11 75 6. Security Considerations . . . . . . . . . . . . . . . . . . . 11 76 7. Informative References . . . . . . . . . . . . . . . . . . . 11 77 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 13 79 1. Introduction 81 Source Packet Routing in Networking (SPRING) architecture leverages 82 the source routing paradigm. An ingress node steers a packet through 83 a controlled set of instructions, called segments, by prepending the 84 packet with SPRING header. A segment can represent any instruction, 85 topological or service-based. A segment can represent a local 86 semantic on the SPRING node, or a global semantic within the SPRING 87 domain. SPRING allows one to enforce a flow through any topological 88 path and service chain while maintaining per-flow state only at the 89 ingress node to the SPRING domain. 91 The SPRING architecture is described in 92 [I-D.ietf-spring-segment-routing]. The SPRING control plane is 93 agnostic to the dataplane, thus it can be applied to both MPLS and 94 IPv6. In case of MPLS the (list of) segment identifiers are carried 95 in the MPLS label stack, while for the IPv6 dataplane, a new type of 96 routing extension header is required. 98 The details of the new routing extension header are described in 99 [I-D.previdi-6man-segment-routing-header] which also covers the 100 security considerations and the aspects related to the deprecation of 101 the IPv6 Type 0 Routing Header described in [RFC5095]. 103 2. IPv6 SPRING use cases 105 In today's networks, source routing is typically accomplished by 106 encapsulating IP packets in MPLS LSPs that are signaled via RSVP-TE. 107 Therefore, there are scenarios where it may be possible to run IPv6 108 on top of MPLS, and as such, the MPLS Segment Routing architecture 109 described in [I-D.ietf-spring-segment-routing-mpls] could be 110 leveraged to provide SPRING capabilities in an IPv6/MPLS environment. 112 However, there are other cases and/or specific network segments (such 113 as for example the Home Network, the Data Center, etc.) where MPLS 114 may not be available or deployable for lack of support on network 115 elements or for an operator's design choice. In such scenarios a 116 non-MPLS based solution would be preferred by the network operators 117 of such infrastructures. 119 In addition there are cases where the operators could have made the 120 design choice to disable IPv4, for ease of management and scale 121 (return to single-stack) or due to an address constraint, for example 122 because they do not possess enough IPv4 addresses resources to number 123 all the endpoints and other network elements on which they desire to 124 run MPLS. 126 In such scenario the support for MPLS operations on an IPv6-only 127 network would be required. However today's IPv6-only networks are 128 not fully capable of supporting MPLS. There is ongoing work in the 129 MPLS Working Group, described in [RFC7439] to identify gaps that must 130 be addressed in order to allow MPLS-related protocols and 131 applications to be used with IPv6-only networks. This is an another 132 example of scenario where an IPv6-only solution could represent a 133 valid option to solve the problem and meet operators' requirements. 135 It is important to clarify that today, it is possible to run IPv6 on 136 top of an IPv4 MPLS network by using the mechanism called 6PE, 137 described in [RFC4798]. However this approach does not fulfill the 138 requirement of removing the need of IPv4 addresses in the network, as 139 requested in the above use case. 141 In addition it is worth to note that in today's MPLS dual-stack 142 networks IPv4 traffic is labeled while IPv6 traffic is usually 143 natively routed, not label-switched. Therefore in order to be able 144 to provide Traffic Engineering "like" capabilities for IPv6 traffic 145 additional/alternative encapsulation mechanisms would be required. 147 In summary there is a class of use cases that motivate an IPv6 data 148 plane. The authors identify some fundamental scenarios that, when 149 recognized in conjunction, strongly indicate an IPv6 data plane: 151 1. There is a need or desire to impose source-routing semantics 152 within an application or at the edge of a network (for example, a 153 CPE or home gateway) 155 2. There is a strict lack of an MPLS dataplane 157 3. There is a need or desire to remove routing state from any node 158 other than the source, such that the source is the only node that 159 knows and will know the path a packet will take, a priori 161 4. There is a need to connect millions of addressable segment 162 endpoints, thus high routing scalability is a requirement. IPv6 163 addresses are inherently summarizable: a very large operator 164 could scale by summarizing IPv6 subnets at various internal 165 boundaries. This is very simple and is a basic property of IP 166 routing. MPLS node segments are not summarizable. To reach the 167 same scale, an operator would need to introduce additional 168 complexity, such as mechanisms known with the industry term 169 Seamless MPLS. 171 In any environment with requirements such as those listed above, an 172 IPv6 data plane provides a powerful combination of capabilities for a 173 network operator to realize benefits in explicit routing, protection 174 and restoration, high routing scalability, traffic engineering, 175 service chaining, service differentiation and application flexibility 176 via programmability. 178 This section will describe some scenarios where MPLS may not be 179 present and it will highlight how the SPRING architecture could be 180 used to address such use cases, particularly, when an MPLS data plane 181 is neither present nor desired. 183 The use cases described in the section do not constitute an 184 exhaustive list of all the possible scenarios; this section only 185 includes some of the most common envisioned deployment models for 186 IPv6 Segment Routing. 188 In addition to the use cases described in this document the SPRING 189 architecture can be applied to all the use cases described in 191 [RFC7855] for the SPRING MPLS data plane, when an IPv6 data plane is 192 present. Here there is a summary of those use cases: 194 1. Traffic Engineering 196 2. Disjoint paths in dual-plane networks 198 3. Fast Reroute: Protecting node and adjacency segments 200 4. OAM/monitoring 202 5. Egress Peering Engineering 204 2.1. SPRING in the Home Network 206 An IPv6-enabled home network provides ample globally routed IP 207 addresses for all devices in the home. An IPv6 home network with 208 multiple egress points and associated provider-assigned prefixes 209 will, in turn, provide multiple IPv6 addresses to hosts. A homenet 210 performing Source and Destination Routing 211 ([I-D.ietf-rtgwg-dst-src-routing]) will ensure that packets exit the 212 home at the appropriate egress based on the associated delegated 213 prefix for that link. 215 A SPRING enabled home provides the possibility for imposition of a 216 Segment List by end-hosts in the home, or a customer edge router in 217 the home. If the Segment List is enabled at the customer edge 218 router, that router is responsible for classifying traffic and 219 inserting the appropriate Segment List. If hosts in the home have 220 explicit source selection rules, classification can be based on 221 source address or associated network egress point, avoiding the need 222 for DPI-based implicit classification techniques. If the Segment 223 List is inserted by the host itself, it is important to know which 224 networks can interpret the SPRING header. This information can be 225 provided as part of host configuration as a property of the 226 configured IP address (see [I-D.ietf-mif-mpvd-dhcp-support]). 228 The ability to steer traffic to an appropriate egress or utilize a 229 specific type of media (e.g., low-power, WIFI, wired, femto-cell, 230 bluetooth, MOCA, HomePlug, etc.) within the home itself are obvious 231 cases which may be of interest to an application running within a 232 home network. 234 Steering to a specific egress point may be useful for a number of 235 reasons, including: 237 o Regulatory 238 o Performance of a particular service associated with a particular 239 link 241 o Cost imposed due to data-caps or per-byte charges 243 o Home vs. work traffic in homes with one or more teleworkers, etc. 245 o Specific services provided by one ISP vs. another 247 Information included in the Segment List, whether imposed by the end- 248 host itself, a customer edge router, or within the access network of 249 the ISP, may be of use at the far ends of the data communication as 250 well. For example, an application running on an end-host with 251 application-support in a data center can utilize the Segment List as 252 a channel to include information that affects its treatment within 253 the data center itself, allowing for application-level steering and 254 load-balancing without relying upon implicit application 255 classification techniques at the data-center edge. Further, as more 256 and more application traffic is encrypted, the ability to extract 257 (and include in the Segment List) just enough information to enable 258 the network and data center to load-balance and steer traffic 259 appropriately becomes more and more important. 261 2.2. SPRING in the Access Network 263 Access networks deliver a variety of types of traffic from the 264 service provider's network to the home environment and from the home 265 towards the service provider's network. 267 For bandwidth management or related purposes, the service provider 268 may want to associate certain types of traffic to specific physical 269 or logical downstream capacity pipes. 271 This mapping is not the same thing as classification and scheduling. 272 In the Cable access network, each of these pipes are represented at 273 the DOCSIS layer as different service flows, which are better 274 identified as differing data links. As such, creating this 275 separation allows an operator to differentiate between different 276 types of content and perform a variety of differing functions on 277 these pipes, such as egress vectoring, byte capping, regulatory 278 compliance functions, and billing. 280 In a cable operator's environment, these downstream pipes could be a 281 specific QAM, a DOCSIS service flow or a service group. 283 Similarly, the operator may want to map traffic from the home sent 284 towards the service provider's network to specific upstream capacity 285 pipes. Information carried in a packet's SPRING header could provide 286 the target pipe for this specific packet. The access device would 287 not need to know specific details about the packet to perform this 288 mapping; instead the access device would only need to know how to map 289 the SR SID value to the target pipe. 291 2.3. SPRING in the Data Center 293 A key use case for SPRING is to cause a packet to follow a specific 294 path through the network. One can think of the service function 295 performed at each SPRING node to be forwarding. More complex service 296 functions could be applied to the packet by a SPRING node including 297 accounting, IDS, load balancing, and fire walling. 299 The term "Service Function Chain", as defined in [RFC7498], it is 300 used to describe an ordered set of service functions that must be 301 applied to packets. 303 A service provider may choose to have these service functions 304 performed external to the routing infrastructure, specifically on 305 either dedicated physical servers or within VMs running on a 306 virtualization platform. 308 [I-D.ietf-sfc-dc-use-cases] describes use cases that demonstrate the 309 applicability of Service Function Chaining (SFC) within a data center 310 environment and provides SFC requirements for data center centric use 311 cases. 313 2.3.1. VM isolation in a Data Center 315 One of the fundamental requirements for Data Center architecture is 316 to provide scalable, isolated tenant networks. Today with OpenStack 317 Networking (Neutron) this can be achieved via L2 segmentation using 318 either a) standard 802.1Q VLANs or b) an overlay approach based on 319 one of several L2 over L3 encapsulation techniques available today 320 such as 802.1ad, VXLAN, NVGRE. However, these approaches still 321 struggle to provide scalable, transparent, manageable, high 322 performance, isolated tenant networks. 324 The 128-bit PE Ingress ID in the Segment Router Header (SRH) policy 325 list defined in [I-D.previdi-6man-segment-routing-header] provides a 326 natural place to encode origin information of VM to VM traffic within 327 the Data Center. The Segment List provides a method to direct 328 traffic to a specific enforcement point based on traffic destination. 329 Together, these allow for a simple tagging and permit/deny comparison 330 performed between twin SR-capable nodes (e.g., the Neutron Virtual 331 Router) among VMs in a Data Center. 333 2.4. SPRING in the Content Delivery Networks 335 The rise of online video applications and new, video-capable IP 336 devices has led to an explosion of video traffic traversing network 337 operator infrastructures. In the drive to reduce the capital and 338 operational impact of the massive influx of online video traffic, as 339 well as to extend traditional TV services to new devices and screens, 340 network operators are increasingly turning to Content Delivery 341 Networks (CDNs). 343 Several studies showed the benefits of connecting caches in a 344 hierarchical structure following the hierarchical nature of the 345 Internet. In a cache hierarchy one cache establishes peering 346 relationships with its neighbor caches. There are two types of 347 relationship: parent and sibling. A parent cache is essentially one 348 level up in a cache hierarchy. A sibling cache is on the same level. 349 Multiple levels of hierarchy are commonly used in order to build 350 efficient caches architecture. 352 In an environment, where each single cache system can be uniquely 353 identified by its own IPv6 address, a Segment List containing a 354 sequence of the caches in a hierarchy can be built. At each node 355 (cache) present in the Segment List a TCP session to port 80 is 356 established and if the requested content is found at the cache (cache 357 hits scenario) the sequence ends, even if there are more nodes in the 358 list. 360 To achieve the behavior described above, in addition to the Segment 361 List, which specifies the path to be followed to explore the 362 hierarchic architecture, a way to instruct the node to take a 363 specific action is required. The function to be performed by a 364 service node can be carried into a new header called Network Service 365 Header (NSH) defined in [I-D.ietf-sfc-nsh]. A Network Service Header 366 (NSH) is metadata added to a packet that is used to create a service 367 plane. The service header is added by a service classification 368 function that determines which packets require servicing, and 369 correspondingly which service path to follow to apply the appropriate 370 service. 372 In the above example the service to be performed by the service node 373 was to establish a TCP session to port 80, but in other scenarios 374 different functions may be required. Another example of action to be 375 taken by the service node is the capability to perform 376 transformations on payload data, like real-time video transcode 377 option (for rate and/or resolution). 379 The use of SPRING together with the NSH allows building flexible 380 service chains where the topological information related to the path 381 to be followed is carried into the Segment List while the "service 382 plane related information" (function/action to be performed) is 383 encoded in the metadata, carried into the NSH. The details about 384 using SPRING together with NSH will be described in a separate 385 document. 387 2.5. SPRING in the Core networks 389 MPLS is a well-known technology widely deployed in many IP core 390 networks. However there are some operators that do not run MPLS 391 everywhere in their core network today, thus moving forward they 392 would prefer to have an IPv6 native infrastructure for the core 393 network. 395 While the overall amount of traffic offered to the network continues 396 to grow and considering that multiple types of traffic with different 397 characteristics and requirements are quickly converging over single 398 network architecture, the network operators are starting to face new 399 challenges. 401 Some operators are looking at the possibility to setup an explicit 402 path based on the IPv6 source address for specific types of traffic 403 in order to efficiently use their network infrastructure. In case of 404 IPv6 some operators are currently assigning or plan to assign IPv6 405 prefix(es) to their IPv6 customers based on regions/geography, thus 406 the subscriber's IPv6 prefix could be used to identify the region 407 where the customer is located. In such environment the IPv6 source 408 address could be used by the Edge nodes of the network to steer 409 traffic and forward it through a specific path other than the optimal 410 path. 412 The need to setup a source-based path, going through some specific 413 middle/intermediate points in the network may be related to different 414 requirements: 416 o The operator may want to be able to use some high bandwidth links 417 for specific type of traffic (like video) avoiding the need for 418 over-dimensioning all the links of the network; 420 o The operator may want to be able to setup a specific path for 421 delay sensitive applications; 423 o The operator may have the need to be able to select one (or 424 multiple) specific exit point(s) at peering points when different 425 peering points are available; 427 o The operator may have the need to be able to setup a source based 428 path for specific services in order to be able to reach some 429 servers hosted in some facilities not always reachable through the 430 optimal path; 432 o The operator may have the need to be able to provision guaranteed 433 disjoint paths (so-called dual-plane network) for diversity 434 purposes 436 All these scenarios would require a form of traffic engineering 437 capabilities in IP core networks not running MPLS and not willing to 438 run it. 440 IPv4 protocol does not provide such functionalities today and it is 441 not the intent of this document to address the IPv4 scenario, both 442 because this may create a lot of backward compatibility issues with 443 currently deployed networks and for the security issues that may 444 raise. 446 The described use cases could be addressed with the SPRING 447 architecture by having the Edge nodes of network to impose a Segment 448 List on specific traffic flows, based on certain classification 449 criteria that would include source IPv6 address. 451 3. Contributors 453 Many people contributed to this document. The authors of this 454 document would like to thank and recognize them and their 455 contributions. These contributors provided invaluable concepts and 456 content for this document's creation. 458 Ida Leung 459 Rogers Communications 460 8200 Dixie Road 461 Brampton, ON L6T 0C1 462 CANADA 464 Email: Ida.Leung@rci.rogers.com 466 Stefano Previdi 467 Cisco Systems 468 Via Del Serafico, 200 469 Rome 00142 470 Italy 472 Email: sprevidi@cisco.com 474 Christian Martin 475 Cisco Systems 477 Email: martincj@cisco.com 479 4. Acknowledgements 481 The authors would like to thank Brian Field, Robert Raszuk, Wes 482 George, Eric Vyncke, Fred Baker, John G. Scudder and Yakov Rekhter 483 for their valuable comments and inputs to this document. 485 5. IANA Considerations 487 This document does not require any action from IANA. 489 6. Security Considerations 491 There are a number of security concerns with source routing at the IP 492 layer [RFC5095]. Security mechanisms applied to Segment Routing over 493 IPv6 networks are detailed in section 9 of 494 [I-D.previdi-6man-segment-routing-header] 496 7. Informative References 498 [I-D.ietf-mif-mpvd-dhcp-support] 499 Krishnan, S., Korhonen, J., and S. Bhandari, "Support for 500 multiple provisioning domains in DHCPv6", draft-ietf-mif- 501 mpvd-dhcp-support-02 (work in progress), October 2015. 503 [I-D.ietf-rtgwg-dst-src-routing] 504 Lamparter, D. and A. Smirnov, "Destination/Source 505 Routing", draft-ietf-rtgwg-dst-src-routing-02 (work in 506 progress), May 2016. 508 [I-D.ietf-sfc-dc-use-cases] 509 Surendra, S., Tufail, M., Majee, S., Captari, C., and S. 510 Homma, "Service Function Chaining Use Cases In Data 511 Centers", draft-ietf-sfc-dc-use-cases-04 (work in 512 progress), January 2016. 514 [I-D.ietf-sfc-nsh] 515 Quinn, P. and U. Elzur, "Network Service Header", draft- 516 ietf-sfc-nsh-05 (work in progress), May 2016. 518 [I-D.ietf-spring-segment-routing] 519 Filsfils, C., Previdi, S., Decraene, B., Litkowski, S., 520 and R. Shakir, "Segment Routing Architecture", draft-ietf- 521 spring-segment-routing-09 (work in progress), July 2016. 523 [I-D.ietf-spring-segment-routing-mpls] 524 Filsfils, C., Previdi, S., Bashandy, A., Decraene, B., 525 Litkowski, S., Horneffer, M., Shakir, R., 526 jefftant@gmail.com, j., and E. Crabbe, "Segment Routing 527 with MPLS data plane", draft-ietf-spring-segment-routing- 528 mpls-05 (work in progress), July 2016. 530 [I-D.previdi-6man-segment-routing-header] 531 Previdi, S., Filsfils, C., Field, B., Leung, I., Linkova, 532 J., Kosugi, T., Vyncke, E., and D. Lebrun, "IPv6 Segment 533 Routing Header (SRH)", draft-previdi-6man-segment-routing- 534 header-08 (work in progress), October 2015. 536 [RFC4798] De Clercq, J., Ooms, D., Prevost, S., and F. Le Faucheur, 537 "Connecting IPv6 Islands over IPv4 MPLS Using IPv6 538 Provider Edge Routers (6PE)", RFC 4798, 539 DOI 10.17487/RFC4798, February 2007, 540 . 542 [RFC5095] Abley, J., Savola, P., and G. Neville-Neil, "Deprecation 543 of Type 0 Routing Headers in IPv6", RFC 5095, 544 DOI 10.17487/RFC5095, December 2007, 545 . 547 [RFC7439] George, W., Ed. and C. Pignataro, Ed., "Gap Analysis for 548 Operating IPv6-Only MPLS Networks", RFC 7439, 549 DOI 10.17487/RFC7439, January 2015, 550 . 552 [RFC7498] Quinn, P., Ed. and T. Nadeau, Ed., "Problem Statement for 553 Service Function Chaining", RFC 7498, 554 DOI 10.17487/RFC7498, April 2015, 555 . 557 [RFC7855] Previdi, S., Ed., Filsfils, C., Ed., Decraene, B., 558 Litkowski, S., Horneffer, M., and R. Shakir, "Source 559 Packet Routing in Networking (SPRING) Problem Statement 560 and Requirements", RFC 7855, DOI 10.17487/RFC7855, May 561 2016, . 563 Authors' Addresses 565 John Brzozowski 566 Comcast 568 Email: john_brzozowski@cable.comcast.com 570 John Leddy 571 Comcast 573 Email: John_Leddy@cable.comcast.com 575 Mark Townsley 576 Cisco Systems 578 Email: townsley@cisco.com 580 Clarence Filsfils 581 Cisco Systems 582 Brussels 583 BE 585 Email: cfilsfil@cisco.com 587 Roberta Maglione (editor) 588 Cisco Systems 589 Via Torri Bianche 8 590 Vimercate 20871 591 Italy 593 Email: robmgl@cisco.com