idnits 2.17.1 draft-templin-v6ops-pdhost-18.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (December 19, 2017) is 2313 days in the past. Is this intentional? Checking references for intended status: Informational ---------------------------------------------------------------------------- == Unused Reference: 'RFC0791' is defined on line 454, but no explicit reference was found in the text == Unused Reference: 'I-D.pioxfolks-6man-pio-exclusive-bit' is defined on line 501, but no explicit reference was found in the text ** Obsolete normative reference: RFC 3315 (Obsoleted by RFC 8415) ** Obsolete normative reference: RFC 3633 (Obsoleted by RFC 8415) == Outdated reference: A later version (-09) exists of draft-ietf-6man-rfc6434-bis-02 == Outdated reference: A later version (-08) exists of draft-templin-6man-rio-redirect-05 Summary: 2 errors (**), 0 flaws (~~), 5 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group F. Templin, Ed. 3 Internet-Draft Boeing Research & Technology 4 Intended status: Informational December 19, 2017 5 Expires: June 22, 2018 7 IPv6 Prefix Delegation Models 8 draft-templin-v6ops-pdhost-18.txt 10 Abstract 12 IPv6 prefixes are typically delegated to requesting routers which 13 assign them to their downstream-attached links and networks. This 14 document considers prefix delegation models according to whether the 15 requesting router acts as a router on behalf of any downstream 16 networks, as a host on behalf of its local applications or as both. 18 Status of This Memo 20 This Internet-Draft is submitted in full conformance with the 21 provisions of BCP 78 and BCP 79. 23 Internet-Drafts are working documents of the Internet Engineering 24 Task Force (IETF). Note that other groups may also distribute 25 working documents as Internet-Drafts. The list of current Internet- 26 Drafts is at https://datatracker.ietf.org/drafts/current/. 28 Internet-Drafts are draft documents valid for a maximum of six months 29 and may be updated, replaced, or obsoleted by other documents at any 30 time. It is inappropriate to use Internet-Drafts as reference 31 material or to cite them other than as "work in progress." 33 This Internet-Draft will expire on June 22, 2018. 35 Copyright Notice 37 Copyright (c) 2017 IETF Trust and the persons identified as the 38 document authors. All rights reserved. 40 This document is subject to BCP 78 and the IETF Trust's Legal 41 Provisions Relating to IETF Documents 42 (https://trustee.ietf.org/license-info) in effect on the date of 43 publication of this document. Please review these documents 44 carefully, as they describe your rights and restrictions with respect 45 to this document. Code Components extracted from this document must 46 include Simplified BSD License text as described in Section 4.e of 47 the Trust Legal Provisions and are provided without warranty as 48 described in the Simplified BSD License. 50 Table of Contents 52 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 53 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 5 54 3. Multi-Addressing Considerations . . . . . . . . . . . . . . . 6 55 4. Multi-Addressing Alternatives for Delegated Prefixes . . . . 6 56 5. Address Autoconfiguration Considerations . . . . . . . . . . 7 57 6. MLD/DAD Implications . . . . . . . . . . . . . . . . . . . . 7 58 7. Dynamic Routing Protocol Implications . . . . . . . . . . . . 8 59 8. IPv6 Neighbor Discovery Implications . . . . . . . . . . . . 8 60 9. ICMPv6 Implications . . . . . . . . . . . . . . . . . . . . . 9 61 10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 9 62 11. Security Considerations . . . . . . . . . . . . . . . . . . . 9 63 12. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 10 64 13. References . . . . . . . . . . . . . . . . . . . . . . . . . 10 65 13.1. Normative References . . . . . . . . . . . . . . . . . . 10 66 13.2. Informative References . . . . . . . . . . . . . . . . . 11 67 Appendix A. Change Log . . . . . . . . . . . . . . . . . . . . . 12 68 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 13 70 1. Introduction 72 IPv6 Prefix Delegation (PD) entails 1) the communication of a prefix 73 from a server to a requesting router, 2) a representation of the 74 prefix in the network's Routing Information Base (RIB) and the first- 75 hop router's forwarding information base (FIB), and 3) a control 76 messaging service to maintain prefix lifetimes. Following 77 delegation, the prefix is available for the requesting router's 78 exclusive use and is not shared with any other nodes. This document 79 considers prefix delegation models where the requesting router acts 80 as a router on behalf of any downstream networks, as a host on behalf 81 of its local applications or as both. 83 For nodes that connect downstream-attached networks (e.g., a 84 cellphone that connects a "tethered" Internet of Things, a host with 85 a complex internal network of virtual machines, etc.), the prefix 86 delegation model is shown in Figure 1: 88 .--. 89 ,-( )-. 90 ( ) 91 ( network 'N' ) +----------+ 92 `-(_______)-' |Server 'S'| 93 +----------+ 94 +---------------------+ 95 | first-hop router 'F'| 96 +----------+----------+ 97 | 98 upstream link | 99 | 100 +----------+----------+ 101 | upstream interface | 102 +---------------------+ 103 | | 104 |requesting router 'R'| 105 | (Prefix 'P') | 106 | | 107 +--+-+--+-+--+-----+--+ 108 |A1| |A2| |A3| ... |Aj| 109 +--+-+--+-+--+-----+--+ 110 | downstream interface| 111 +----------+----------+ 112 | 113 downstream link | 114 | 115 X----+-------------+--------+----+---------------+---X 116 | | | | 117 +---++-+--+ +---++-+--+ +---++-+--+ +---++-+--+ 118 | |Ak| | | |Al| | | |Am| | | |A*| | 119 | +--+ | | +--+ | | +--+ | | +--+ | 120 | host H1 | | host H2 | | host H3 | ... | host Hn | 121 +---------+ +---------+ +---------+ +---------+ 123 <-------------- Downstream Network -------------> 125 Figure 1: Classic Routing Model 127 In this model, when server 'S' delegates prefix 'P', first-hop router 128 'F' configures a FIB entry with requesting router ''R' as the next 129 hop, and the prefix is injected into network 'N's RIB. Meanwhile, 130 'R' distributes 'P' to its downstream external (physical) and/or 131 internal (virtual) networks. 'R' assigns addresses 'A(*)' taken from 132 'P' to downstream interfaces, and hosts 'H(i)' on downstream networks 133 assign addresses 'A(*)' taken from 'P' to their interface attachments 134 to the downstream link. 'R' then acts as a router for hosts 'H(i)' 135 on downstream networks and as a host on behalf of its local 136 applications, i.e., the same as for any router. 138 This document also considers the case when 'R' does not have any 139 downstream interfaces, and can use 'P' solely for its own internal 140 addressing purposes. In that case, requesting node 'R' assigns 'P' 141 to a virtual interface (e.g., a loopback) that serves as a downstream 142 interface. 144 'R' can then function under the weak end system (aka "weak host") 145 model [RFC1122][RFC8028] by assigning addresses taken from 'P' to a 146 virtual interface as shown in Figure 2: 148 x 149 | 150 upstream link | 151 | 152 +----------+----------+ 153 | upstream Interface | 154 +---------------------+ 155 | | 156 | requesting node 'R' | 157 | | 158 +--+-+--+-+--+-----+--+ 159 |A1| |A2| |A3| ... |An| 160 +--+-+--+-+--+-----+--+ 161 | virtual Interface | 162 +---------------------+ 164 Figure 2: Weak End System Model 166 'R' could instead function under the strong end system (aka "strong 167 host") model [RFC1122][RFC8028] by assigning IPv6 addresses taken 168 from 'P' to an upstream interface as shown in Figure 3: 170 x 171 | 172 upstream link | 173 | 174 +----------+----------+ 175 | upstream interface | 176 +--+-+--+-+--+-----+--+ 177 |A1| |A2| |A3| ... |An| 178 +--+-+--+-+--+-----+--+ 179 | | 180 | requesting node 'R' | 181 | | 182 +---------------------+ 183 | virtual interface | 184 +---------------------+ 186 Figure 3: Strong End System Model 188 The major benefit for a node managing a delegated prefix in either 189 the weak or strong end system models is multi-addressing. With IPv6 190 PD-based multi-addressing, the node can configure an unlimited supply 191 of addresses to make them available for local applications without 192 requiring coordination with other nodes on upstream interfaces. 194 The following sections present considerations for nodes that employ 195 IPv6 PD mechanisms. 197 2. Terminology 199 The terminology of the normative references apply, and the terms 200 "node", "host" and "router" are the same as defined in [RFC8200]. 202 The following terms are defined for the purposes of this document: 204 shared prefix 205 an IPv6 prefix that may be advertised to more than one node on the 206 link, e.g., in a Router Advertisement (RA) message Prefix 207 Information Option (PIO) [RFC4861]. The router that advertises 208 the prefix must consider the prefix as on-link so that the IPv6 209 Neighbor Discovery (ND) address resolution function will identify 210 the correct neighbor for each packet. 212 individual prefix 213 an IPv6 prefix that is advertised to exactly one node on the link, 214 where the node may be unaware that the prefix is individual and 215 may not participate in prefix maintenance procedures. The router 216 that advertises the prefix can consider the prefix as on-link or 217 not on-link. In the former case, the router performs address 218 resolution and only forwards those packets that match one of the 219 node's configured addresses so that the node will not receive 220 unwanted packets. In the latter case, the router can simply 221 forward all packets matching the prefix to the node which must 222 then drop any packets that do not match one of its configured 223 addresses. An example individual prefix service is documented in 224 [RFC8273]. 226 delegated prefix 227 an IPv6 prefix that is explicitly conveyed to a node for its own 228 exclusive use, where the node is an active participant in prefix 229 delegation and maintenance procedures. The first-hop router 230 simply forwards all packets matching the prefix to the requesting 231 node. The requesting node associates the prefix with downstream 232 and/or internal virtual interfaces (i.e., and not the upstream 233 interface). An example PD service is the Dynamic Host 234 Configuration Protocol for IPv6 (DHCPv6) [RFC3315][RFC3633]. 236 3. Multi-Addressing Considerations 238 IPv6 allows nodes to assign multiple addresses to a single interface. 239 [RFC7934] discusses options for multi-addressing as well as use cases 240 where multi-addressing may be desirable. Address configuration 241 options for multi-addressing include StateLess Address 242 AutoConfiguration (SLAAC) [RFC4862], DHCPv6 address configuration 243 [RFC3315], manual configuration, etc. 245 Nodes configure addresses from a shared or individual prefix and 246 assign them to the upstream interface over which the prefix was 247 received. When the node assigns the addresses, it is required to use 248 Multicast Listener Discovery (MLD) [RFC3810] to join the appropriate 249 solicited-node multicast group(s) and to use the Duplicate Address 250 Detection (DAD) algorithm [RFC4862] to ensure that no other node 251 configures a duplicate address. 253 In contrast, a node that configures addresses from a delegated prefix 254 can assign them without invoking MLD/DAD on an upstream interface, 255 since the prefix has been delegated to the node for its own exclusive 256 use and is not shared with any other nodes. 258 4. Multi-Addressing Alternatives for Delegated Prefixes 260 When a node receives a delegated prefix, it has many alternatives for 261 provisioning the prefix to its local interfaces and/or downstream 262 networks. [RFC7278] discusses alternatives for provisioning a prefix 263 obtained by a User Equipment (UE) device under the 3rd Generation 264 Partnership Program (3GPP) service model. This document considers 265 the more general case when the node receives a delegated prefix 266 explicitly provided for its own exclusive use. 268 When the node receives the prefix, it can distribute the prefix to 269 downstream networks and configure zero or more addresses for itself 270 on downstream interfaces. The node then acts as a router on behalf 271 of its downstream networks and configures a default route via a 272 neighbor on an upstream interface. 274 The node could instead (or in addition) use portions of the delegated 275 prefix for its own multi-addressing purposes. In a first 276 alternative, the node can assign as many addresses as it wants from 277 the prefix to virtual interfaces. In that case, applications running 278 on the node can use the addresses according to the weak end system 279 model. 281 In a second alternative, the node can assign as many addresses as it 282 wants from the prefix to the upstream interface over which the prefix 283 was received. In that case, applications running on the node can use 284 the addresses according to the strong end system model. 286 In both of these latter two cases, the node assigns the prefix itself 287 to a virtual interface so that unused portions of the prefix are 288 correctly identified as unreachable. The node then acts as a host on 289 behalf of its local applications even though neighbors on the 290 upstream link see it as a router. 292 5. Address Autoconfiguration Considerations 294 Nodes that act according to the weak/strong host models as discussed 295 in the previous section autoconfigure addresses from delegated 296 prefixes according to Section 6 of IPv6 Node Requirements 297 [I-D.ietf-6man-rfc6434-bis]. 299 As a recipient of a delegated prefix, the node is also required to 300 recognize the Subnet Router Anycast address [RFC4291]. Therefore, 301 the node's use of the Subnet Router Anycast address must be 302 indistinguishable from the behavior of an ordinary router when viewed 303 from the outside world. 305 6. MLD/DAD Implications 307 When a node configures addresses for itself from a shared or 308 individual prefix, it performs MLD/DAD by sending multicast messages 309 over upstream interfaces to test whether there is another node on the 310 link that configures a duplicate address. When there are many such 311 addresses and/or many such nodes, this could result in substantial 312 multicast traffic that affects all nodes on the link. 314 When a node configures addresses for itself from a delegated prefix, 315 it can configure as many addresses as it wants but does not perform 316 MLD/DAD for any of the addresses over upstream interfaces. This 317 means that the node can configure arbitrarily many addresses without 318 causing any multicast messaging over the upstream interface that 319 could disturb other nodes. 321 7. Dynamic Routing Protocol Implications 323 Nodes that receive delegated prefixes can be configured to either 324 participate or not participate in a dynamic routing protocol over the 325 upstream interface, according to the deployment model. When there 326 are many nodes on the upstream link, dynamic routing protocol 327 participation might be impractical due to scaling limitations, and 328 may also be exacerbated by factors such as node mobility. 330 Unless it participates in a dynamic routing protocol, the node 331 initially has only a default route pointing to a neighbor via an 332 upstream interface. This means that packets sent by the node over an 333 upstream interface will initially go through a default router even if 334 there is a better first-hop node on the link. 336 8. IPv6 Neighbor Discovery Implications 338 When a node receives a shared or individual prefix with "L=1" and has 339 a packet to send to an IPv6 destination within the prefix, it is 340 required to use the IPv6 ND address resolution function over the 341 upstream interface to resolve the link-layer address of a neighbor 342 that configures the address. When a node receives a shared or 343 individual prefix with "L=0" and has a packet to send to an IPv6 344 destination within the prefix, if the address is not one of the 345 node's own addresses it sends the packet to a default router since 346 "L=0" makes no statement about on-link or off-link properties of the 347 prefix [RFC4861]. 349 When a node receives a delegated prefix, it acts as a simple host to 350 send Router Solicitation (RS) messages over upstream interfaces 351 (i.e., the same as described in Section 4.2 of [RFC7084]) but also 352 sets the "Router" flag to TRUE in its Neighbor Advertisement 353 messages. The node considers the upstream interfaces as non- 354 advertising interfaces [RFC4861], i.e., it does not send RA messages 355 over the upstream interfaces. The node further does not perform the 356 IPv6 ND address resolution function over upstream interfaces, since 357 the delegated prefix is by definition not to be associated with an 358 upstream interface. 360 In all cases, the current first-hop router may send a Redirect 361 message that updates the node's neighbor cache so that future packets 362 can use a better first-hop node on the link. The Redirect can apply 363 either to a singleton destination address, or to an entire 364 destination prefix as described in [I-D.templin-6man-rio-redirect]. 366 9. ICMPv6 Implications 368 The Internet Control Message Protocol for IPv6 (ICMPv6) includes a 369 set of control message types [RFC4443] including Destination 370 Unreachable (DU). 372 According to [RFC4443], routers should return DU messages (subject to 373 rate limiting) with code 0 ("No route to destination") when a packet 374 arrives for which there is no matching entry in the routing table, 375 and with code 3 ("Address unreachable") when the IPv6 destination 376 address cannot be resolved. 378 According to [RFC4443], hosts should return DU messages (subject to 379 rate limiting) with code 3 to internal applications when the IPv6 380 destination address cannot be resolved, and with code 4 ("Port 381 unreachable") if the IPv6 destination address is one of its own 382 addresses but the transport protocol has no listener. 384 Nodes that obtain and manage delegated prefixes per this document 385 observe the same procedures as described for both routers and hosts 386 above. 388 10. IANA Considerations 390 This document introduces no IANA considerations. 392 11. Security Considerations 394 Security considerations for IPv6 Neighbor Discovery [RFC4861] and any 395 applicable PD mechanisms apply to this document. Nodes that receive 396 delegated prefixes do not perform MLD/DAD procedures on their 397 upstream interfaces, meaning that they cannot contribute to multicast 398 messaging congestion on the upstream link. Also, routers that 399 delegate prefixes keep only a single neighbor cache entry for each 400 prefix delegation recipient, meaning that the router's neighbor cache 401 cannot be subject to resource exhaustion attacks. 403 For shared and individual prefixes, if the router that advertises the 404 prefix considers the prefix as on-link the IPv6 ND address resolution 405 function will prevent unwanted IPv6 packets from reaching the node. 406 For delegated prefixes and individual prefixes that are not 407 considered on-link, the router delivers all packets that match the 408 prefix to the unicast link-layer address of the node (i.e., as 409 determined by resolution of the node's link-local address) even if 410 they do not match one of the node's configured addresses. In the 411 latter case, the node may receive unwanted IPv6 packets via an 412 upstream interface that do not match either a configured IPv6 address 413 or a transport listener. The node then drops the packets and 414 observes the "Destination Unreachable - Address/Port unreachable" 415 procedures discussed in Section 9. 417 The node may also receive IPv6 packets via an upstream interface that 418 do not match any of the node's delegated prefixes. In that case, the 419 node drops the packets and observes the "Destination Unreachable - No 420 route to destination" procedures discussed in Section 9. Dropping 421 the packets is necessary to avoid a reflection attack that would 422 cause the node to forward packets received from an upstream interface 423 via the same or a different upstream interface. 425 In all cases, the node must decide whether or not to send DUs 426 according to the specific operational scenario. In trusted networks, 427 the node should send DU messages to provide useful information to 428 potential correspondents. In untrusted networks, the node can 429 refrain from sending DU messages to avoid providing sensitive 430 information to potential attackers. 432 12. Acknowledgements 434 This work was motivated by discussions on the v6ops list. Mark 435 Smith, Ricardo Pelaez-Negro, Edwin Cordeiro, Fred Baker, Naveen 436 Lakshman, Ole Troan, Bob Hinden, Brian Carpenter, Joel Halpern, 437 Albert Manfredi, Dusan Mudric and Paul Marks provided useful comments 438 that have greatly improved the document. 440 This work is aligned with the NASA Safe Autonomous Systems Operation 441 (SASO) program under NASA contract number NNA16BD84C. 443 This work is aligned with the FAA as per the SE2025 contract number 444 DTFAWA-15-D-00030. 446 This work is aligned with the Boeing Information Technology (BIT) 447 MobileNet program and the Boeing Research & Technology (BR&T) 448 enterprise autonomy program. 450 13. References 452 13.1. Normative References 454 [RFC0791] Postel, J., "Internet Protocol", STD 5, RFC 791, 455 DOI 10.17487/RFC0791, September 1981, 456 . 458 [RFC3315] Droms, R., Ed., Bound, J., Volz, B., Lemon, T., Perkins, 459 C., and M. Carney, "Dynamic Host Configuration Protocol 460 for IPv6 (DHCPv6)", RFC 3315, DOI 10.17487/RFC3315, July 461 2003, . 463 [RFC3633] Troan, O. and R. Droms, "IPv6 Prefix Options for Dynamic 464 Host Configuration Protocol (DHCP) version 6", RFC 3633, 465 DOI 10.17487/RFC3633, December 2003, 466 . 468 [RFC3810] Vida, R., Ed. and L. Costa, Ed., "Multicast Listener 469 Discovery Version 2 (MLDv2) for IPv6", RFC 3810, 470 DOI 10.17487/RFC3810, June 2004, 471 . 473 [RFC4443] Conta, A., Deering, S., and M. Gupta, Ed., "Internet 474 Control Message Protocol (ICMPv6) for the Internet 475 Protocol Version 6 (IPv6) Specification", STD 89, 476 RFC 4443, DOI 10.17487/RFC4443, March 2006, 477 . 479 [RFC4861] Narten, T., Nordmark, E., Simpson, W., and H. Soliman, 480 "Neighbor Discovery for IP version 6 (IPv6)", RFC 4861, 481 DOI 10.17487/RFC4861, September 2007, 482 . 484 [RFC4862] Thomson, S., Narten, T., and T. Jinmei, "IPv6 Stateless 485 Address Autoconfiguration", RFC 4862, 486 DOI 10.17487/RFC4862, September 2007, 487 . 489 [RFC8200] Deering, S. and R. Hinden, "Internet Protocol, Version 6 490 (IPv6) Specification", STD 86, RFC 8200, 491 DOI 10.17487/RFC8200, July 2017, 492 . 494 13.2. Informative References 496 [I-D.ietf-6man-rfc6434-bis] 497 Chown, T., Loughney, J., and T. Winters, "IPv6 Node 498 Requirements", draft-ietf-6man-rfc6434-bis-02 (work in 499 progress), October 2017. 501 [I-D.pioxfolks-6man-pio-exclusive-bit] 502 Kline, E. and M. Abrahamsson, "IPv6 Router Advertisement 503 Prefix Information Option eXclusive Flag", draft- 504 pioxfolks-6man-pio-exclusive-bit-02 (work in progress), 505 March 2017. 507 [I-D.templin-6man-rio-redirect] 508 Templin, F. and j. woodyatt, "Route Information Options in 509 IPv6 Neighbor Discovery", draft-templin-6man-rio- 510 redirect-05 (work in progress), October 2017. 512 [RFC1122] Braden, R., Ed., "Requirements for Internet Hosts - 513 Communication Layers", STD 3, RFC 1122, 514 DOI 10.17487/RFC1122, October 1989, 515 . 517 [RFC4291] Hinden, R. and S. Deering, "IP Version 6 Addressing 518 Architecture", RFC 4291, DOI 10.17487/RFC4291, February 519 2006, . 521 [RFC7084] Singh, H., Beebee, W., Donley, C., and B. Stark, "Basic 522 Requirements for IPv6 Customer Edge Routers", RFC 7084, 523 DOI 10.17487/RFC7084, November 2013, 524 . 526 [RFC7278] Byrne, C., Drown, D., and A. Vizdal, "Extending an IPv6 527 /64 Prefix from a Third Generation Partnership Project 528 (3GPP) Mobile Interface to a LAN Link", RFC 7278, 529 DOI 10.17487/RFC7278, June 2014, 530 . 532 [RFC7934] Colitti, L., Cerf, V., Cheshire, S., and D. Schinazi, 533 "Host Address Availability Recommendations", BCP 204, 534 RFC 7934, DOI 10.17487/RFC7934, July 2016, 535 . 537 [RFC8028] Baker, F. and B. Carpenter, "First-Hop Router Selection by 538 Hosts in a Multi-Prefix Network", RFC 8028, 539 DOI 10.17487/RFC8028, November 2016, 540 . 542 [RFC8273] Brzozowski, J. and G. Van de Velde, "Unique IPv6 Prefix 543 per Host", RFC 8273, DOI 10.17487/RFC8273, December 2017, 544 . 546 Appendix A. Change Log 548 Changes from -17 to -18: 550 o re-worked discussion on the prefix delegation service in Section 1 552 o updated figures in Section 1 554 Changes from -16 to -17: 556 o added supporting text in the introduction to discuss the 557 Delegating Router's relationship with the Requesting Router and 558 with supporting intrastructure in the operator's network 560 o updated figures in introduction to include representation of 561 operator's network 563 o added new section on Address Autoconfiguration Considerations 565 Author's Address 567 Fred L. Templin (editor) 568 Boeing Research & Technology 569 P.O. Box 3707 570 Seattle, WA 98124 571 USA 573 Email: fltemplin@acm.org