idnits 2.17.1 draft-ietf-tcpm-urgent-data-01.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** You're using the IETF Trust Provisions' Section 6.b License Notice from 12 Sep 2009 rather than the newer Notice from 28 Dec 2009. (See https://trustee.ietf.org/license-info/) Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- == There are 1 instance of lines with non-RFC2606-compliant FQDNs in the document. == There are 1 instance of lines with non-RFC6890-compliant IPv4 addresses in the document. If these are example addresses, they should be changed. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (November 10, 2009) is 5280 days in the past. Is this intentional? -- Found something which looks like a code comment -- if you have code sections in the document, please surround them with '' and '' lines. Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Unused Reference: 'UNPv1' is defined on line 369, but no explicit reference was found in the text ** Obsolete normative reference: RFC 793 (Obsoleted by RFC 9293) -- Obsolete informational reference (is this intentional?): RFC 961 (Obsoleted by RFC 991) Summary: 2 errors (**), 0 flaws (~~), 4 warnings (==), 3 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 TCP Maintenance and Minor F. Gont 3 Extensions (tcpm) UTN/FRH 4 Internet-Draft A. Yourtchenko 5 Intended status: Standards Track Cisco 6 Expires: May 14, 2010 November 10, 2009 8 On the implementation of the TCP urgent mechanism 9 draft-ietf-tcpm-urgent-data-01.txt 11 Abstract 13 This document analyzes how current TCP implementations process TCP 14 urgent indications, and how the behavior of some widely-deployed 15 middle-boxes affect how urgent indications are processed by end 16 systems. This document updates the relevant specifications such that 17 they accommodate current practice in processing TCP urgent 18 indications, provides advice to applications that make use of the 19 urgent mechanism, and raises awareness about the reliability of TCP 20 urgent indications in the current Internet. 22 Status of this Memo 24 This Internet-Draft is submitted to IETF in full conformance with the 25 provisions of BCP 78 and BCP 79. 27 Internet-Drafts are working documents of the Internet Engineering 28 Task Force (IETF), its areas, and its working groups. Note that 29 other groups may also distribute working documents as Internet- 30 Drafts. 32 Internet-Drafts are draft documents valid for a maximum of six months 33 and may be updated, replaced, or obsoleted by other documents at any 34 time. It is inappropriate to use Internet-Drafts as reference 35 material or to cite them other than as "work in progress." 37 The list of current Internet-Drafts can be accessed at 38 http://www.ietf.org/ietf/1id-abstracts.txt. 40 The list of Internet-Draft Shadow Directories can be accessed at 41 http://www.ietf.org/shadow.html. 43 This Internet-Draft will expire on May 14, 2010. 45 Copyright Notice 47 Copyright (c) 2009 IETF Trust and the persons identified as the 48 document authors. All rights reserved. 50 This document is subject to BCP 78 and the IETF Trust's Legal 51 Provisions Relating to IETF Documents 52 (http://trustee.ietf.org/license-info) in effect on the date of 53 publication of this document. Please review these documents 54 carefully, as they describe your rights and restrictions with respect 55 to this document. Code Components extracted from this document must 56 include Simplified BSD License text as described in Section 4.e of 57 the Trust Legal Provisions and are provided without warranty as 58 described in the BSD License. 60 Table of Contents 62 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 63 2. Specification of the TCP urgent mechanism . . . . . . . . . . 3 64 2.1. Semantics of urgent inications . . . . . . . . . . . . . . 3 65 2.2. Semantics of the Urgent Pointer . . . . . . . . . . . . . 4 66 2.3. Allowed length of urgent data . . . . . . . . . . . . . . 4 67 3. Current implementation practice of TCP urgent data . . . . . . 4 68 3.1. Semantics of urgent indications . . . . . . . . . . . . . 4 69 3.2. Semantics of the Urgent Pointer . . . . . . . . . . . . . 5 70 3.3. Allowed length of urgent data . . . . . . . . . . . . . . 5 71 3.4. Interaction of middle-boxes with TCP urgent indications . 6 72 4. Updating RFC 1122 . . . . . . . . . . . . . . . . . . . . . . 6 73 5. Advice to new applications employing TCP . . . . . . . . . . . 7 74 6. Advice to applications that make use of the urgent 75 mechanism . . . . . . . . . . . . . . . . . . . . . . . . . . 7 76 7. Security Considerations . . . . . . . . . . . . . . . . . . . 7 77 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 7 78 9. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 7 79 10. References . . . . . . . . . . . . . . . . . . . . . . . . . . 8 80 10.1. Normative References . . . . . . . . . . . . . . . . . . . 8 81 10.2. Informative References . . . . . . . . . . . . . . . . . . 8 82 Appendix A. Survey of the processing of TCP urgent 83 indications by some popular TCP implementations . . . 9 84 A.1. FreeBSD . . . . . . . . . . . . . . . . . . . . . . . . . 9 85 A.2. Linux . . . . . . . . . . . . . . . . . . . . . . . . . . 9 86 A.3. NetBSD . . . . . . . . . . . . . . . . . . . . . . . . . . 10 87 A.4. OpenBSD . . . . . . . . . . . . . . . . . . . . . . . . . 10 88 A.5. Cisco IOS, versions 12.2(18)SXF7, 12.4(15)T7 . . . . . . . 10 89 A.6. Microsoft Windows 2000, Service Pack 4 . . . . . . . . . . 10 90 A.7. Microsoft Windows 2008 . . . . . . . . . . . . . . . . . . 11 91 A.8. Microsoft Windows 95 . . . . . . . . . . . . . . . . . . . 11 92 Appendix B. Changes from previous versions of the draft (to 93 be removed by the RFC Editor before publishing 94 this document as an RFC) . . . . . . . . . . . . . . 11 95 B.1. Changes from draft-ietf-tcpm-urgent-data-00 . . . . . . . 11 96 B.2. Changes from draft-gont-tcpm-urgent-data-01 . . . . . . . 11 98 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 11 100 1. Introduction 102 TCP incorporates an "urgent mechanism" that allows the sending user 103 to stimulate the receiving user to accept some "urgent data" and to 104 permit the receiving TCP to indicate to the receiving user when all 105 the currently known urgent data has been received by the user. This 106 mechanism permits a point in the data stream to be designated as the 107 end of urgent information. Whenever this point is in advance of the 108 receive sequence number (RCV.NXT) at the receiving TCP, that TCP must 109 tell the user to go into "urgent mode"; when the receive sequence 110 number catches up to the urgent pointer, the TCP must tell user to go 111 into "normal mode" [RFC0793]. 113 The URG control flag indicates that the "Urgent Pointer" field is 114 meaningful and must be added to the segment sequence number to yield 115 the urgent pointer. The absence of this flag indicates that there is 116 no urgent data outstanding [RFC0793]. 118 This document analyzes how current TCP implementations process TCP 119 urgent indications, and how the behavior of some widely-deployed 120 middle-boxes affect the processing of urgent indications by hosts. 121 This document updates RFC 1122 [RFC1122] such that IT accommodates 122 current practice in processing TCP urgent indications, provides 123 advice to applications using urgent the urgent mechanism, and raises 124 awareness about the reliability of TCP urgent indications in the 125 current Internet. 127 Section 2 describes what the current IETF secifications state with 128 respect to TCP urgent indications. Section 3 describes how current 129 TCP implementations actually process TCP urgent indications. 130 Section 4 updates RFC 1122 [RFC1122] such that it accommodates 131 current practice in processing TCP urgent indications. Section 5 132 provides advice to to new applications employing TCP, with respect to 133 the TCP urgent mechanism. Section 6 provides advice to existing 134 applications that use or rely on the the TCP urgent mechanism. 136 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 137 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 138 document are to be interpreted as described in RFC 2119 [RFC2119]. 140 2. Specification of the TCP urgent mechanism 142 2.1. Semantics of urgent inications 144 As discussed in Section 1, the TCP urgent mechanism permits a point 145 in the data stream to be designated as the end of urgent information. 146 Whenever this point is in advance of the receive sequence number 147 (RCV.NXT) at the receiving TCP, that TCP must tell the user to go 148 into "urgent mode"; when the receive sequence number catches up to 149 the urgent pointer, the TCP must tell user to go into "normal mode". 150 This means, for example, that data that were received as "normal 151 data" might become "urgent data" if an urgent indication is received 152 in some successive TCP segment before those data are consumed by the 153 TCP user. 155 The TCP urgent mechanism is NOT a mechanism for sending "out-of-band" 156 data: the so-called "urgent data" should be delivered "in-line" to 157 the TCP user. 159 2.2. Semantics of the Urgent Pointer 161 There is some ambiguity in RFC 793 [RFC0793] with respect to the 162 semantics of the Urgent Pointer. Section 3.1 (page 17) of RFC 793 163 [RFC0793] states that the Urgent Pointer "communicates the current 164 value of the urgent pointer as a positive offset from the sequence 165 number in this segment. The urgent pointer points to the sequence 166 number of the octet following the urgent data. This field is only be 167 interpreted in segments with the URG control bit set". However, 168 Section 3.9 (page 56) of RFC 793 [RFC0793] states, when describing 169 the processing of the SEND call in the ESTABLISHED and CLOSE-WAIT 170 states, that "If the urgent flag is set, then SND.UP <- SND.NXT-1 and 171 set the urgent pointer in the outgoing segments". 173 RFC 961 [RFC0961] clarified this ambiguity in RFC 793 stating that 174 "Page 17 is wrong. The urgent pointer points to the last octet of 175 urgent data (not to the first octet of non-urgent data)". RFC 1122 176 [RFC1122] formally updated RFC 793 by stating, in Section 4.2.2.4 177 (page 84), that "the urgent pointer points to the sequence number of 178 the LAST octet (not LAST+1) in a sequence of urgent data." 180 2.3. Allowed length of urgent data 182 RFC 793 [RFC0793] allows TCP peers to send urgent data of any length, 183 as the TCP urgent mechanism simply provides a pointer to an 184 interesting point in the data stream. In this respect, Section 185 4.2.2.4 (page 84) of RFC 1122 explicitly states that "A TCP MUST 186 support a sequence of urgent data of any length". 188 3. Current implementation practice of TCP urgent data 190 3.1. Semantics of urgent indications 192 As discussed in Section 1, the TCP urgent mechanism simply permits a 193 point in the data stream to be designated as the end of urgent 194 information, but does NOT provide a mechanism for sending out of band 195 data. 197 Unfortunately, virtually all TCP implementations process TCP urgent 198 data differently. By default, the last byte of #urgent data" is 199 delivered "out of band" to the application. That is, it is not 200 delivered as part of the normal data stream. For example, the "out 201 of band" byte is read by an application when a recv(2) system call 202 with the MSG_OOB flag set is issued. 204 Most implementations provide a socket option (SO_OOBINLINE) that 205 allows an application to override the (broken) default processing of 206 urgent data, so that they are delivered "in band" to the application, 207 thus providing the semantics intended by the IETF specifications. 209 3.2. Semantics of the Urgent Pointer 211 All the popular implementations that the authors of this document 212 have been able to test interpret the semantics of the TCP Urgent 213 Pointer as specified in Section 3.1 of RFC 793. This means that even 214 when RFC 1122 officially updated RFC 793 to clarify the ambiguity in 215 the semantics of the Urgent Pointer, this clarification never 216 reflected into actual implementations (i.e., virtually all 217 implementations default to the semantics of the urgent pointer 218 specified in Section 3.1 of RFC 793). 220 Some operating systems provide a system-wide toggle to override this 221 behavior, and interpret the semantics of the Urgent Pointer as 222 clarified in RFC 1122. However, this system-wide toggle has been 223 found to be inconsistent. For example, Linux provides the sysctl 224 "tcp_stdurg" (i.e., net.ivp4.tcp_stdurg) that, when set, supposedly 225 changes the system behavior to interpret the semantics of the TCP 226 Urgent Pointer as specified in RFC 1122. However, this sysctl 227 changes the semantics of the Urgent Pointer only for incoming 228 segments, but not for outgoing segments. This means that if this 229 sysctl is set, an application might be unable to interoperate with 230 itself if both the TCP sender and the TCP receiver are running on the 231 same host. 233 3.3. Allowed length of urgent data 235 While Section 4.2.2.4 (page 84) of RFC 1122 explicitly states that "A 236 TCP MUST support a sequence of urgent data of any length", in 237 practice all those implementations that interpret TCP urgent 238 indications as a mechanism for sending out-of-band data keep a buffer 239 of a single byte for storing the "last byte of urgent data". Thus, 240 if successive indications of urgent data are received before the 241 application reads the pending "out of band" byte, that pending byte 242 will be discarded (i.e., overwritten by the new byte of urgent data). 244 In order to avoid urgent data from being discarded, some 245 implementations queue each of the received "urgent bytes", so that 246 even if another urgent indication is received before the pending 247 urgent data are consumed by the application, those bytes do not need 248 to be discarded. Some of these implementations have been known to 249 fail to enforce any limits on the amount of urgent data that they 250 queue, thus resulting vulnerable to trivial resource exhaustion 251 attacks [CPNI-TCP]. 253 It should be reinforced that the aforementioned implementations are 254 broken. The TCP urgent mechanism is not a mechanism for delivering 255 out-of-band data. 257 3.4. Interaction of middle-boxes with TCP urgent indications 259 As a result of the publication of Network Intrusion Detection (NIDs) 260 evasion techniques based on TCP urgent indications [phrack], some 261 middle-boxes clear the urgent indications by clearing the URG flag 262 and setting the Urgent Pointer to zero. This causes the "urgent 263 data" to become "in line" (that is, accessible by the read(2) call or 264 the recv(2) call without the MSG_OOB flag) in the case of those TCP 265 implementations that implement the urgent mechanism as out-of-band 266 data (as described in Section 3.1). Examples of such middle-boxes 267 are Cisco PIX firewall [Cisco-PIX]. This should discourage 268 applications to depend on urgent indications for their correct 269 operation, as urgent indications may not be not reliable in the 270 current Internet. 272 4. Updating RFC 1122 274 Considering that as long as both the TCP sender and the TCP receiver 275 implement the same semantics for the Urgent Pointer there is no 276 functional difference in having the Urgent Pointer point to "the 277 sequence number of the octet following the urgent data" vs. "the last 278 octet of urgent data", and since all known implementations interpret 279 the semantics of the Urgent Pointer as pointing to "the sequence 280 number of the octet following the urgent data", hereby we update RFC 281 1122 [RFC1122] such that "the urgent pointer points to the sequence 282 number of the octet following the urgent data" (in segments with the 283 URG control bit set), thus accommodating virtually all existing TCP 284 implementations. 286 5. Advice to new applications employing TCP 288 As a result of the issues discussed in Section 3.4, new applications 289 SHOULD NOT employ the TCP urgent mechanism. However, TCP 290 implementations MUST still include support for the urgent mechanism 291 such that existing applications can still use it. 293 6. Advice to applications that make use of the urgent mechanism 295 Applications that employ the Sockets API MUST set the SO_OOBINLINE 296 socket option, such that "urgent data" are delivered inline, as 297 intended by the IETF specifications. 299 7. Security Considerations 301 Given that there are two different interpretations of the semantics 302 of the Urgent Pointer in current implementations (e.g., depnding on 303 the value of the tcp_stdurg sysctl), and that middle-boxes (such as 304 packet scrubbers) or the end-systems themselves could cause the 305 urgent data to be processed "in band", there exists ambiguity in how 306 "urgent data" sent by a TCP will be processed by the intended 307 recipient. This might make it difficult for a Network Intrusion 308 Detection System (NIDS) to track the application-layer data 309 transferred to the destination system, and thus lead to false 310 negatives or false positives in the NIDS [CPNI-TCP]. 312 Probably the best way to avoid the security implications of TCP 313 urgent data is to avoid having applications use the TCP urgent 314 mechanism altogether. Packet scrubbers could probably be configured 315 to clear the URG bit, and set the Urgent Pointer to zero. This would 316 basically cause the urgent data to be put "in band". However, this 317 might cause interoperability problems or undesired behavior in the 318 applications running on top of TCP. 320 8. IANA Considerations 322 This document has no actions for IANA. 324 9. Acknowledgements 326 The authors of this document would like to thank (in alphabetical 327 order) David Borman, Alfred Hoenes, Carlos Pignataro, Anantha 328 Ramaiah, Joe Touch, and Dan Wing for providing valuable feedback on 329 earlier versions of this document. 331 Additionally, Fernando would like to thank David Borman and Joe Touch 332 for a fruitful discussion about TCP urgent mode at IETF 73 333 (Minneapolis). 335 10. References 337 10.1. Normative References 339 [RFC0793] Postel, J., "Transmission Control Protocol", STD 7, 340 RFC 793, September 1981. 342 [RFC1122] Braden, R., "Requirements for Internet Hosts - 343 Communication Layers", STD 3, RFC 1122, October 1989. 345 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 346 Requirement Levels", BCP 14, RFC 2119, March 1997. 348 10.2. Informative References 350 [CPNI-TCP] 351 CPNI, "Security Assessment of the Transmission Control 352 Protocol (TCP)", (to be published) . 354 [Cisco-PIX] 355 Cisco PIX, "http://www.cisco.com/en/US/docs/security/asa/ 356 asa70/command/reference/tz.html#wp1288756". 358 [FreeBSD] The FreeBSD project, "http://www.freebsd.org". 360 [Linux] The Linux Project, "http://www.kernel.org". 362 [NetBSD] The NetBSD project, "http://www.netbsd.org". 364 [OpenBSD] The OpenBSD project, "http://www.openbsd.org". 366 [RFC0961] Reynolds, J. and J. Postel, "Official ARPA-Internet 367 protocols", RFC 961, December 1985. 369 [UNPv1] Stevens, W., "UNIX Network Programming, Volume 1. 370 Networking APIs: Sockets and XTI", Prentice Hall PTR , 371 1997. 373 [Windows2000] 374 Microsoft Windows 2000, "http://technet.microsoft.com/ 375 en-us/library/bb726981(printer).aspx". 377 [Windows95] 378 Microsoft Windows 95, 379 "ftp://ftp.demon.co.uk/pub/mirrors/win95netfaq/ 380 faq-c.html". 382 [phrack] Ko, Y., Ko, S., and M. Ko, "NIDS Evasion Method named 383 "SeolMa"", Phrack Magazine, Volume 0x0b, Issue 0x39, Phile 384 #0x03 of 0x12 http://www.phrack.org/ 385 issues.html?issue=57&id=3#article, 2001. 387 Appendix A. Survey of the processing of TCP urgent indications by some 388 popular TCP implementations 390 A.1. FreeBSD 392 FreeBSD [FreeBSD] interprets the semantics of the urgent pointer as 393 specified in Section 4 of this document. It does not provide any 394 sysctl to override this behavior. 396 FreeBSD provides the SO_OOBINLINE socket option that, when set, 397 causes TCP "urgent data" to remain "in band". That is, it will be 398 accessible by the read(2) call or the recv(2) call without the 399 MSG_OOB flag. 401 FreeBSD supports only one byte of urgent data. That is, only the 402 byte preceding the Urgent Pointer is considered as "urgent data". 404 A.2. Linux 406 Linux [Linux] interprets the semantics of the urgent pointer as 407 specified in Section 4 of this document. It provides the 408 net.ipv4.tcp_stdurg sysctl to override this behavior to interpret the 409 Urgent Pointer as specified in RFC 1122 [RFC1122]. However, this 410 sysctl only affects the processing of incoming segments (the Urgent 411 Pointer in outgoing segments will still be set as specified in 412 Section 4 of this document). 414 Linux provides the SO_OOBINLINE socket option that, when set, causes 415 TCP "urgent data" to remain "in band". That is, it will be 416 accessible by the read(2) call or the recv(2) call without the 417 MSG_OOB flag. 419 Linux supports only one byte of urgent data. That is, only the byte 420 preceding the Urgent Pointer is considered as "urgent data". 422 A.3. NetBSD 424 NetBSD [NetBSD] interprets the semantics of the urgent pointer as 425 specified in Section 4 of this document. It does not provide any 426 sysctl to override this behavior. 428 NetBSD provides the SO_OOBINLINE socket option that, when set, causes 429 TCP "urgent data" to remain "in band". That is, they will be 430 accessible by the read(2) call or the recv(2) call without the 431 MSG_OOB flag. 433 NetBSD supports only one byte of urgent data. That is, only the byte 434 preceding the Urgent Pointer is considered as "urgent data". 436 A.4. OpenBSD 438 OpenBSD [OpenBSD] interprets the semantics of the urgent pointer as 439 specified in Section 4 of this document. It does not provide any 440 sysctl to override this behavior. 442 OpenBSD provides the SO_OOBINLINE socket option that, when set, 443 causes TCP urgent data to remain "in band". That is, they will be 444 accessible by the read(2) or recv(2) calls without the MSG_OOB flag. 446 OpenBSD supports only one byte of urgent data. That is, only the 447 byte preceding the Urgent Pointer is considered as "urgent data". 449 A.5. Cisco IOS, versions 12.2(18)SXF7, 12.4(15)T7 451 Cisco IOS, versions 12.2(18)SXF7, 12.4(15)T7 interpret the semantics 452 of the urgent pointer as specified in Section 4 of this document. 454 Tests performed with an HTTP server running on Cisco IOS version 455 12.2(18)SXF7 and 12.4(15)T7 suggest that urgent data is processed "in 456 band". That is, they are accessible together with "normal" data. 457 The TCP debugs on the Cisco IOS device do explicitly mention the 458 presence of urgent data, and thus we infer that the behavior is 459 different depending on the application. 461 A.6. Microsoft Windows 2000, Service Pack 4 463 Microsoft Windows 2000 [Windows2000] interprets the semantics of the 464 urgent pointer as specified in Section 4 of this document. It 465 provides the TcpUseRFC1122UrgentPointer system-wide variable to 466 override this behavior, interpreting the Urgent Pointer as specified 467 in RFC 1122 [RFC1122]. 469 Tests performed with a sample server application compiled using the 470 cygwin environment, has shown that the default behavior is to return 471 the urgent data "in band". 473 A.7. Microsoft Windows 2008 475 Microsoft Windows 2008 interprets the semantics of the urgent pointer 476 as specified in Section 4 of this document. 478 A.8. Microsoft Windows 95 480 Microsoft Windows 95 interprets the semantics of the urgent pointer 481 as specified in Section 4 of this document. It provides the 482 BSDUrgent system-wide variable to override this behavior, 483 interpreting the Urgent Pointer as specified in RFC 1122 [RFC1122]. 484 Windows 95 supports only one byte of urgent data. That is, only the 485 byte preceding the Urgent Pointer is considered as "urgent data". 486 [Windows95] 488 Appendix B. Changes from previous versions of the draft (to be removed 489 by the RFC Editor before publishing this document as an 490 RFC) 492 B.1. Changes from draft-ietf-tcpm-urgent-data-00 494 o Minor editorial changes. 496 o Incorporated the specific changes/advice stated in 497 http://www.ietf.org/mail-archive/web/tcpm/current/msg04548.html in 498 different sections (Section 4, Section 5, Section 6). 500 B.2. Changes from draft-gont-tcpm-urgent-data-01 502 o Draft resubmitted as draft-ietf, as a result of wg consensus on 503 adopting the document as a tcpm wg item. 505 Authors' Addresses 507 Fernando Gont 508 Universidad Tecnologica Nacional / Facultad Regional Haedo 509 Evaristo Carriego 2644 510 Haedo, Provincia de Buenos Aires 1706 511 Argentina 513 Phone: +54 11 4650 8472 514 Email: fernando@gont.com.ar 515 URI: http://www.gont.com.ar 517 Andrew Yourtchenko 518 Cisco 519 De Kleetlaan, 7 520 Diegem B-1831 521 Belgium 523 Phone: +32 2 704 5494 524 Email: ayourtch@cisco.com