idnits 2.17.1 draft-ietf-v6ops-happy-eyeballs-03.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (July 8, 2011) is 4677 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) ** Obsolete normative reference: RFC 3484 (Obsoleted by RFC 6724) == Outdated reference: A later version (-13) exists of draft-ietf-6man-addr-select-opt-01 -- Obsolete informational reference (is this intentional?): RFC 5245 (Obsoleted by RFC 8445, RFC 8839) Summary: 1 error (**), 0 flaws (~~), 2 warnings (==), 2 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 v6ops D. Wing 3 Internet-Draft A. Yourtchenko 4 Intended status: Standards Track Cisco 5 Expires: January 9, 2012 July 8, 2011 7 Happy Eyeballs: Success with Dual-Stack Hosts 8 draft-ietf-v6ops-happy-eyeballs-03 10 Abstract 12 When the IPv4 server and path is working but the IPv6 server or IPv6 13 path is down, a dual-stack client application experiences significant 14 connection delay compared to an IPv4-only client. This is 15 undesirable because it causes the dual-stack client to have a worse 16 user experience. This document specifies requirements for algorithms 17 that reduce this delay, and provides an example algorithm. 19 Status of this Memo 21 This Internet-Draft is submitted in full conformance with the 22 provisions of BCP 78 and BCP 79. 24 Internet-Drafts are working documents of the Internet Engineering 25 Task Force (IETF). Note that other groups may also distribute 26 working documents as Internet-Drafts. The list of current Internet- 27 Drafts is at http://datatracker.ietf.org/drafts/current/. 29 Internet-Drafts are draft documents valid for a maximum of six months 30 and may be updated, replaced, or obsoleted by other documents at any 31 time. It is inappropriate to use Internet-Drafts as reference 32 material or to cite them other than as "work in progress." 34 This Internet-Draft will expire on January 9, 2012. 36 Copyright Notice 38 Copyright (c) 2011 IETF Trust and the persons identified as the 39 document authors. All rights reserved. 41 This document is subject to BCP 78 and the IETF Trust's Legal 42 Provisions Relating to IETF Documents 43 (http://trustee.ietf.org/license-info) in effect on the date of 44 publication of this document. Please review these documents 45 carefully, as they describe your rights and restrictions with respect 46 to this document. Code Components extracted from this document must 47 include Simplified BSD License text as described in Section 4.e of 48 the Trust Legal Provisions and are provided without warranty as 49 described in the Simplified BSD License. 51 Table of Contents 53 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 54 2. Notational Conventions . . . . . . . . . . . . . . . . . . . . 3 55 3. Problem Statement . . . . . . . . . . . . . . . . . . . . . . 3 56 3.1. URIs and hostnames . . . . . . . . . . . . . . . . . . . . 4 57 3.2. IPv6 connectivity . . . . . . . . . . . . . . . . . . . . 4 58 4. Algorithm Requirements . . . . . . . . . . . . . . . . . . . . 5 59 4.1. Adhere to Address Preference Policy . . . . . . . . . . . 6 60 4.2. Behavior when Preferred Address Family has Failed . . . . 7 61 4.3. Reset on Network (re-)Initialization . . . . . . . . . . . 7 62 4.4. Abandon Non-Winning Connections . . . . . . . . . . . . . 7 63 5. Additional Considerations . . . . . . . . . . . . . . . . . . 8 64 5.1. Additional Network and Host Traffic . . . . . . . . . . . 8 65 5.2. Determining Address Type . . . . . . . . . . . . . . . . . 8 66 5.3. Debugging and Troubleshooting . . . . . . . . . . . . . . 8 67 5.4. Multiple Interfaces . . . . . . . . . . . . . . . . . . . 9 68 5.5. Interaction with Same Origin Policy . . . . . . . . . . . 9 69 5.6. Happy Eyeballs in an Operating System . . . . . . . . . . 9 70 6. Example Algorithm . . . . . . . . . . . . . . . . . . . . . . 9 71 7. Security Considerations . . . . . . . . . . . . . . . . . . . 10 72 8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 10 73 9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 10 74 10. References . . . . . . . . . . . . . . . . . . . . . . . . . . 11 75 10.1. Normative References . . . . . . . . . . . . . . . . . . . 11 76 10.2. Informational References . . . . . . . . . . . . . . . . . 11 77 Appendix A. Changes . . . . . . . . . . . . . . . . . . . . . . . 12 78 A.1. changes from -02 to -03 . . . . . . . . . . . . . . . . . 12 79 A.2. changes from -01 to -02 . . . . . . . . . . . . . . . . . 12 80 A.3. changes from -00 to -01 . . . . . . . . . . . . . . . . . 13 81 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 13 83 1. Introduction 85 In order to use applications over IPv6, it is necessary that users 86 enjoy nearly identical performance as compared to IPv4. A 87 combination of today's applications, IPv6 tunneling, IPv6 service 88 providers, and some of today's content providers all cause the user 89 experience to suffer (Section 3). For IPv6, a content provider may 90 ensure a positive user experience by using a DNS white list of IPv6 91 service providers who peer directly with them (e.g., [whitelist]). 92 However, this does not scale well (to the number of DNS servers 93 worldwide or the number of content providers worldwide), and does not 94 react to intermittent network path outages. 96 Instead, applications can improve the user experience themselves, by 97 more aggressively making connections on IPv6 and IPv4. There are a 98 variety of algorithms that can be envisioned. This document 99 specifies requirements for any such algorithm, with the goals that 100 the network and servers are not inordinately harmed with a simple 101 doubling of traffic on IPv6 and IPv4, and the host's address 102 preference is honored (e.g., [RFC3484]). 104 2. Notational Conventions 106 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 107 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 108 document are to be interpreted as described in [RFC2119]. 110 3. Problem Statement 112 The basis of the IPv6/IPv4 selection problem was first described in 113 1994 in [RFC1671], 115 "The dual-stack code may get two addresses back from DNS; which 116 does it use? During the many years of transition the Internet 117 will contain black holes. For example, somewhere on the way from 118 IPng host A to IPng host B there will sometimes (unpredictably) be 119 IPv4-only routers which discard IPng packets. Also, the state of 120 the DNS does not necessarily correspond to reality. A host for 121 which DNS claims to know an IPng address may in fact not be 122 running IPng at a particular moment; thus an IPng packet to that 123 host will be discarded on delivery. Knowing that a host has both 124 IPv4 and IPng addresses gives no information about black holes. A 125 solution to this must be proposed and it must not depend on 126 manually maintained information. (If this is not solved, the dual 127 stack approach is no better than the packet translation 128 approach.)" 130 As discussed in more detail in Section 3.1, it is important that the 131 same URI and hostname be used for IPv4 and IPv6. Using separate 132 namespaces (e.g., "ipv6.example.com") causes namespace fragmentation 133 and reduces the ability for users to share URIs and hostnames, and 134 complicates printed material that includes the URI or hostname. 136 As discussed in more detail in Section 3.2, IPv6 connectivity is 137 broken to specific prefixes or specific hosts, or slower than native 138 IPv4 connectivity. 140 3.1. URIs and hostnames 142 URIs are often used between users to exchange pointers to content -- 143 such as on social networks, email, instant messaging, or other 144 systems. Thus, production URIs and production hostnames containing 145 references to IPv4 or IPv6 will only function if the other party is 146 also using an application, OS, and a network that can access the URI 147 or the hostname. 149 3.2. IPv6 connectivity 151 When IPv6 connectivity is impaired, today's IPv6-capable web browsers 152 incur many seconds of delay before falling back to IPv4. This harms 153 the user's experience with IPv6, which will slow the acceptance of 154 IPv6, because IPv6 is frequently disabled in its entirety on the end 155 systems to improve the user experience. 157 Reasons for such failure include no connection to the IPv6 Internet, 158 broken 6to4 or Teredo tunnels, and broken IPv6 peering. 160 DNS Server Client Server 161 | | | 162 1. |<--www.example.com A?-----| | 163 2. |<--www.example.com AAAA?--| | 164 3. |---192.0.2.1------------->| | 165 4. |---2001:db8::1----------->| | 166 5. | | | 167 6. | |--TCP SYN, IPv6--->X | 168 7. | |--TCP SYN, IPv6--->X | 169 8. | |--TCP SYN, IPv6--->X | 170 9. | | | 171 10. | |--TCP SYN, IPv4------->| 172 11. | |<-TCP SYN+ACK, IPv4----| 173 12. | |--TCP ACK, IPv4------->| 175 Figure 1: Existing behavior message flow 177 The client obtains the IPv4 and IPv6 records for the server (1-4). 179 The client attempts to connect using IPv6 to the server, but the IPv6 180 path is broken (6-8), which consumes several seconds of time. 181 Eventually, the client attempts to connect using IPv4 (10) which 182 succeeds. 184 Delays experienced by users of various browser and operating system 185 combinations have been studied [Experiences]. 187 4. Algorithm Requirements 189 A Happy Eyeballs algorithm has two primary goals: 191 1. Provides fast connection for users, by quickly attempting to 192 connect using IPv6 and IPv4. 194 2. Avoids thrashing the network, by not always making simultaneous 195 IPv6 and IPv4 connection attempts. 197 The basic idea is depicted in the following diagram: 199 DNS Server Client Server 200 | | | 201 1. |<--www.example.com A?-----| | 202 2. |<--www.example.com AAAA?--| | 203 3. |---192.0.2.1------------->| | 204 4. |---2001:db8::1----------->| | 205 5. | | | 206 6. | |==TCP SYN, IPv6===>X | 207 7. | |--TCP SYN, IPv4------->| 208 8. | |<-TCP SYN+ACK, IPv4----| 209 9. | |--TCP ACK, IPv4------->| 210 10. | |==TCP SYN, IPv6===>X | 212 Figure 2: Happy Eyeballs flow 1, IPv6 broken 214 In the diagram above, the client sends two TCP SYNs at the same time 215 over IPv6 (6) and IPv4 (7). In the diagram, the IPv6 path is broken 216 but has little impact to the user because there is no long delay 217 before using IPv4. The IPv6 path is retried until the application 218 gives up (10). 220 After performing the above procedure, the client learns if 221 connections to the host's IPv6 or IPv4 address were successful. The 222 client MUST cache that information to avoid thrashing the network 223 with excessive subsequent connection attempts. For example, in the 224 diagram above, the client has noticed that IPv6 to that address 225 failed, and it should provide a greater preference to using IPv4 226 instead. 228 DNS Server Client Server 229 | | | 230 1. |<--www.example.com A?-----| | 231 2. |<--www.example.com AAAA?--| | 232 3. |---192.0.2.1------------->| | 233 4. |---2001:db8::1----------->| | 234 5. | | | 235 6. | |==TCP SYN, IPv6=======>| 236 7. | |--TCP SYN, IPv4------->| 237 8. | |<=TCP SYN+ACK, IPv6====| 238 9. | |<-TCP SYN+ACK, IPv4----| 239 10. | |==TCP ACK, IPv6=======>| 240 11. | |--TCP ACK, IPv4------->| 241 12. | |--TCP RST, IPv4------->| 243 Figure 3: Happy Eyeballs flow 2, IPv6 working 245 The diagram above shows a case where both IPv6 and IPv4 are working, 246 and IPv4 is abandoned (12). 248 Any Happy Eyeballs algorithm will persist in products for as long as 249 the client host is dual-stacked, which will persist as long as there 250 are IPv4-only servers on the Internet -- the so-called "long tail". 251 Over time, as most content is available via IPv6, the amount of IPv4 252 traffic will decrease. This means that the IPv4 infrastructure will, 253 over time, be sized to accomodate that decreased (and decreasing) 254 amount of traffic. It is critical that a Happy Eyeballs algorithm 255 not cause a surge of unnecessary traffic on that IPv4 infrastructure. 256 To meet that goal, compliant Happy Eyeballs algorithms must adhere to 257 the requirements in this section. 259 4.1. Adhere to Address Preference Policy 261 All hosts have an address selection policy. IPv6-capable hosts 262 usually implement [RFC3484] and may allow the user (via configuration 263 commands) or the network to modify that address selection policy 264 (e.g., [I-D.ietf-6man-addr-select-opt]). In most cases, the 265 preferred address family is IPv6. 267 Happy Eyeballs implementations MUST follow the host's address 268 preference policy or, if that policy is unknown, implementations MUST 269 prefer IPv6 over IPv4. 271 Justification: This reduces load on stateful IPv4 middleboxes 272 (NAT and firewalls) and reduces IPv4 address sharing contention. 274 4.2. Behavior when Preferred Address Family has Failed 276 After making a connection attempt on a certain address family (e.g., 277 IPv6), a Happy Eyeballs implementation will decide to initiate a 278 second connection attempt using the other address family (e.g., 279 IPv4). 281 After doing so and noticing that connections using the other address 282 family (e.g., IPv4) are successful, a Happy Eyeballs implementation 283 MAY make subsequent connection attempts on the successful address 284 family (e.g., IPv4). Such an implementationMUST occasionally make 285 connection attempts using the host's preferred address family, as it 286 may have become functional. It is RECOMMENDED that implementations 287 try the preferred address family at least every 10 minutes. Note: 288 this can be achieved by connecting to both address families at the 289 same time, which does not significantly harm the application's 290 connection setup time for the successful address family. If 291 connections using the preferred address family are successful, the 292 preferred address family SHOULD be used for subsequent connections. 294 Justification: Once the IPv6 path becomes usable again, this 295 reduces load on stateful IPv4 middleboxes (NAT and firewalls) and 296 reduces IPv4 address sharing contention. 298 4.3. Reset on Network (re-)Initialization 300 Because every network has different characteristics (e.g., working or 301 broken IPv6 or IPv4 connectivity), a Happy Eyeballs algorithm SHOULD 302 re-initialize when the host is connected to a new network. Hosts can 303 determine network (re-)initialization by a variety of mechanisms 304 including DNAv4 [RFC4436], DNAv6 [RFC6059], [cx-osx], [cx-win]. 306 Justification: This provides the best chance that IPv6 will be 307 attempted over the new interface. 309 If the client application is a web browser, see also Section 5.5. 311 4.4. Abandon Non-Winning Connections 313 It is RECOMMENDED that the non-winning connections be abandoned, even 314 though they could -- in some cases -- be put to reasonable use. 316 Justification: This reduces the load on the server (file 317 descriptors, TCP control blocks), stateful middleboxes (NAT and 318 firewalls) and, if the abandoned connection is IPv4, reduces IPv4 319 address sharing contention. 321 HTTP: The design of some sites can break because of HTTP cookies 322 that incorporate the client's IP address and require all 323 connections be from the same IP address. If some connections from 324 the same client are arriving from different IP addresses (or 325 worse, different IP address families), such applications will 326 break. Additionally for HTTP, using the non-winning connection 327 can interfere with the browser's Same Origin Policy (see 328 Section 5.5). 330 5. Additional Considerations 332 This section discusses considerations and requirements that are 333 common to new technology deployment. 335 5.1. Additional Network and Host Traffic 337 Additional network traffic and additional server load is created due 338 to the recommendations in this document, especially when connections 339 to the perferred address family (usually IPv6) are not completing 340 quickly. 342 The procedures described in this document retain a quality user 343 experience while transitioning from IPv4-only to dual stack, while 344 still giving IPv6 a slight preference over IPv4 (in order to remove 345 load from IPv4 networks, most importantly to reduce the load on IPv4 346 network address translators). The improvement in the user experience 347 benefits the user to only a small detriment of the network, DNS 348 server, and server that are serving the user. 350 5.2. Determining Address Type 352 For some transitional technologies such as a dual-stack host, it is 353 easy for the application to recognize the native IPv6 address 354 (learned via a AAAA query) and the native IPv4 address (learned via 355 an A query). While IPv6/IPv4 translation makes that difficult, 356 fortunately IPv6/IPv4 translators are not deployed on networks with 357 dual stack clients. 359 5.3. Debugging and Troubleshooting 361 This mechanism is aimed at ensuring a reliable user experience 362 regardless of connectivity problems affecting any single transport. 363 However, this naturally means that applications employing these 364 techniques are by default less useful for diagnosing issues with a 365 particular address family. To assist in that regard, the 366 implementions MAY also provide a mechanism to disable their Happy 367 Eyeballs behavior via a user setting. 369 5.4. Multiple Interfaces 371 Interaction of the suggestions in this document with multiple 372 interfaces, and interaction with the MIF working group, is for 373 further study. 375 5.5. Interaction with Same Origin Policy 377 Web browsers implement same origin policy (SOP, [sop], 378 [I-D.abarth-origin]), which causes subsequent connections to the same 379 hostname to go to the same IPv4 (or IPv6) address as the previous 380 successful connection. This is done to prevent certain types of 381 attacks. 383 The same-origin policy harms user-visible responsiveness if a new 384 connection fails (e.g., due to a transient event such as router 385 failure or load balancer failure). While it is tempting to use Happy 386 Eyeballs to maintain responsiveness, web browsers MUST NOT change 387 their same origin policy because of Happy Eyeballs 389 5.6. Happy Eyeballs in an Operating System 391 Applications would have to change in order to use the mechanism 392 described in this document, by either implementing the mechanism 393 directly, or by calling APIs made available to them. To improve IPv6 394 connectivity experience for legacy applications (e.g., applications 395 which simply rely on the operating system's address preference 396 order), operating systems may consider more sophisticated approaches. 397 These can include changing address sorting based on configuration 398 received from the network, or observing connection failures to IPv6 399 and IPV4 destinations. 401 6. Example Algorithm 403 What follows is the algorithm implemented in Google Chrome and 404 Mozilla Firefox. 406 1. Call getaddinfo(), which returns a list of IP addresses sorted by 407 the host's address preference policy. 409 2. Initiate a connection attempt with the first address in that list 410 (e.g., IPv6). 412 3. If that connection does not complete within a short period of 413 time (e.g., 200-300ms), initiate a connection attempt with the 414 first address belonging to the other address family (e.g., IPv4) 416 4. The first connection that is established is used. The other 417 connection is discarded. 419 Other example algorithms include [Perreault] and [Andrews]. 421 7. Security Considerations 423 See Section 4.4 and Section 5.5. 425 8. Acknowledgements 427 The mechanism described in this paper was inspired by Stuart 428 Cheshire's discussion at the IAB Plenary at IETF72, the author's 429 understanding of Safari's operation with SRV records, Interactive 430 Connectivity Establishment (ICE [RFC5245]), the current IPv4/IPv6 431 behavior of SMTP mail transfer agents, and the implementation of 432 Happy Eyeballs in Google Chrome and Mozilla Firefox. 434 Thanks to Fred Baker, Jeff Kinzli, Christian Kuhtz, and Iljitsch van 435 Beijnum for fostering the creation of this document. 437 Thanks to Scott Brim, Rick Jones, Stig Venaas, Erik Kline, Bjoern 438 Zeeb, Matt Miller, Dave Thaler, and Dmitry Anipko for providing 439 feedback on the document. 441 Thanks to Javier Ubillos, Simon Perreault and Mark Andrews for the 442 active feedback and the experimental work on the independent 443 practical implementations that they created. 445 Also the authors would like to thank the following individuals who 446 participated in various email discussions on this topic: Mohacsi 447 Janos, Pekka Savola, Ted Lemon, Carlos Martinez-Cagnazzo, Simon 448 Perreault, Jack Bates, Jeroen Massar, Fred Baker, Javier Ubillos, 449 Teemu Savolainen, Scott Brim, Erik Kline, Cameron Byrne, Daniel 450 Roesen, Guillaume Leclanche, Mark Smith, Gert Doering, Martin 451 Millnert, Tim Durack, Matthew Palmer. 453 9. IANA Considerations 455 This document has no IANA actions. 457 10. References 458 10.1. Normative References 460 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 461 Requirement Levels", BCP 14, RFC 2119, March 1997. 463 [RFC3484] Draves, R., "Default Address Selection for Internet 464 Protocol version 6 (IPv6)", RFC 3484, February 2003. 466 10.2. Informational References 468 [Andrews] Andrews, M., "How to connect to a multi-homed server over 469 TCP", January 2011, . 472 [Experiences] 473 Savolainen, T., Miettinen, N., Veikkolainen, S., Chown, 474 T., and J. Morse, "Experiences of host behavior in broken 475 IPv6 networks", March 2011, 476 . 478 [I-D.abarth-origin] 479 Barth, A., "The Web Origin Concept", 480 draft-abarth-origin-09 (work in progress), November 2010. 482 [I-D.ietf-6man-addr-select-opt] 483 Matsumoto, A., Fujisaki, T., Kato, J., and T. Chown, 484 "Distributing Address Selection Policy using DHCPv6", 485 draft-ietf-6man-addr-select-opt-01 (work in progress), 486 June 2011. 488 [Perreault] 489 Perreault, S., "Happy Eyeballs in Erlang", February 2011, 490 . 493 [RFC1671] Carpenter, B., "IPng White Paper on Transition and Other 494 Considerations", RFC 1671, August 1994. 496 [RFC4436] Aboba, B., Carlson, J., and S. Cheshire, "Detecting 497 Network Attachment in IPv4 (DNAv4)", RFC 4436, March 2006. 499 [RFC5245] Rosenberg, J., "Interactive Connectivity Establishment 500 (ICE): A Protocol for Network Address Translator (NAT) 501 Traversal for Offer/Answer Protocols", RFC 5245, 502 April 2010. 504 [RFC6059] Krishnan, S. and G. Daley, "Simple Procedures for 505 Detecting Network Attachment in IPv6", RFC 6059, 506 November 2010. 508 [cx-osx] Adium, "AIHostReachabilityMonitor", June 2009, 509 . 511 [cx-win] Microsoft, "NetworkChange.NetworkAvailabilityChanged 512 Event", June 2009, . 517 [sop] W3C, "Same Origin Policy", January 2010, 518 . 520 [whitelist] 521 Google, "Google IPv6 DNS Whitelist", January 2009, 522 . 524 Appendix A. Changes 526 A.1. changes from -02 to -03 528 o Re-casted this specification as a list of requirements for a 529 compliant algorithm, rather than trying to dictate a One True 530 algorithm. 532 A.2. changes from -01 to -02 534 o Now honors host's address preference (RFC3484 and friends) 536 o No longer requires thread-safe DNS library. It uses getaddrinfo() 538 o No longer describes threading. 540 o IPv6 is given a 200ms head start (Initial Headstart variable). 542 o If the IPv6 and IPv4 connection attempts were made at nearly the 543 same time, wait Tolerance Interval milliseconds for both to 544 complete before deciding which one wins. 546 o Renamed "global P" to "Smoothed P", and better described how it is 547 calculated. 549 o introduced the exception cache. This contains the set of networks 550 that only work with IPv4 (or only with IPv6), so that subsequent 551 connection attempts use that address family without them causing 552 serious affect to Smoothed P. 554 o encourages that every 10 minutes the exception cache and Smoothed 555 P be reset. This allows IPv6 to be attempted again, so we don't 556 get 'stuck' on IPv4. 558 o If we didn't get both A and AAAA, abandon all Happy Eyeballs 559 processing (thanks to Simon Perreault). 561 o added discussion of Same Origin Policy 563 o Removed discussion of NAT-PT and address learning; those are only 564 used with IPv6-only hosts whereas this document is about dual- 565 stack hosts contacting dual-stack servers. 567 A.3. changes from -00 to -01 569 o added SRV section (thanks to Matt Miller) 571 Authors' Addresses 573 Dan Wing 574 Cisco Systems, Inc. 575 170 West Tasman Drive 576 San Jose, CA 95134 577 USA 579 Email: dwing@cisco.com 581 Andrew Yourtchenko 582 Cisco Systems, Inc. 583 De Kleetlaan, 7 584 Diegem B-1831 585 Belgium 587 Email: ayourtch@cisco.com