RFC

A Request for Comments (RFC) is a memorandum published by the Internet Engineering Task Force (IETF) describing methods, behaviors, research, or innovations applicable to the working of the Internet and Internet-connected systems.

This is a collection of RFCs related to ipv6:

RFC 3232 – Assigned Numbers: RFC 1700 is Replaced by an On-line Database

Network Working Group                                J. Reynolds, Editor
Request for Comments: 3232                                    RFC Editor
Obsoletes: 1700                                             January 2002
Category: Informational


Assigned Numbers: RFC 1700 is Replaced by an On-line Database


Status of this Memo

   This memo provides information for the Internet community.  It does
   not specify an Internet standard of any kind.  Distribution of this
   memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (2002).  All Rights Reserved.

Abstract

   This memo obsoletes RFC 1700 (STD 2) "Assigned Numbers", which
   contained an October 1994 snapshot of assigned Internet protocol
   parameters.

Description

   From November 1977 through October 1994, the Internet Assigned
   Numbers Authority (IANA) periodically published tables of the
   Internet protocol parameter assignments in RFCs entitled, "Assigned
   Numbers".  The most current of these Assigned Numbers RFCs had
   Standard status and carried the designation: STD 2.  At this time,
   the latest STD 2 is RFC 1700.

   Since 1994, this sequence of RFCs have been replaced by an online
   database accessible through a web page (currently, www.iana.org).
   The purpose of the present RFC is to note this fact and to officially
   obsolete RFC 1700, whose status changes to Historic.  RFC 1700 is
   obsolete, and its values are incomplete and in some cases may be
   wrong.

   We expect this series to be revived in the future by the new IANA
   organization.

Security Considerations

   This memo does not affect the technical security of the Internet.





Reynolds                     Informational                      [Page 1]

RFC 3232         RFC 1700 Replaced by On-line Database      January 2002


Author's Address

   Joyce K. Reynolds
   RFC Editor
   4676 Admiralty Way
   Marina del Rey, CA  90292
   USA

   EMail: rfc-editor@rfc-editor.org

RFC 2464 – Transmission of IPv6 Packets over Ethernet Networks

Network Working Group M. Crawford
Request for Comments: 2464 Fermilab
Obsoletes: 1972 December 1998
Category: Standards Track

Transmission of IPv6 Packets over Ethernet Networks

Status of this Memo

This document specifies an Internet standards track protocol for the
Internet community, and requests discussion and suggestions for
improvements. Please refer to the current edition of the "Internet
Official Protocol Standards" (STD 1) for the standardization state
and status of this protocol. Distribution of this memo is unlimited.

Copyright Notice

Copyright (C) The Internet Society (1998). All Rights Reserved.

1. Introduction

This document specifies the frame format for transmission of IPv6
packets and the method of forming IPv6 link-local addresses and
statelessly autoconfigured addresses on Ethernet networks. It also
specifies the content of the Source/Target Link-layer Address option
used in Router Solicitation, Router Advertisement, Neighbor
Solicitation, Neighbor Advertisement and Redirect messages when those
messages are transmitted on an Ethernet.

This document replaces RFC 1972, "A Method for the Transmission of
IPv6 Packets over Ethernet Networks", which will become historic.

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC 2119].

2. Maximum Transmission Unit

The default MTU size for IPv6 [IPV6] packets on an Ethernet is 1500
octets. This size may be reduced by a Router Advertisement [DISC]
containing an MTU option which specifies a smaller MTU, or by manual
configuration of each node. If a Router Advertisement received on an
Ethernet interface has an MTU option specifying an MTU larger than
1500, or larger than a manually configured value, that MTU option may
be logged to system management but must be otherwise ignored.

For purposes of this document, information received from DHCP is
considered "manually configured" and the term Ethernet includes
CSMA/CD and full-duplex subnetworks based on ISO/IEC 8802-3, with
various data rates.

3. Frame Format

IPv6 packets are transmitted in standard Ethernet frames. The
Ethernet header contains the Destination and Source Ethernet
addresses and the Ethernet type code, which must contain the value
86DD hexadecimal. The data field contains the IPv6 header followed
immediately by the payload, and possibly padding octets to meet the
minimum frame size for the Ethernet link.

0 1
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Destination |
+- -+
| Ethernet |
+- -+
| Address |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Source |
+- -+
| Ethernet |
+- -+
| Address |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|1 0 0 0 0 1 1 0 1 1 0 1 1 1 0 1|
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| IPv6 |
+- -+
| header |
+- -+
| and |
+- -+
/ payload ... /
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

(Each tic mark represents one bit.)

4. Stateless Autoconfiguration

The Interface Identifier [AARCH] for an Ethernet interface is based
on the EUI-64 identifier [EUI64] derived from the interface's built-
in 48-bit IEEE 802 address. The EUI-64 is formed as follows.
(Canonical bit order is assumed throughout.)

The OUI of the Ethernet address (the first three octets) becomes the
company_id of the EUI-64 (the first three octets). The fourth and
fifth octets of the EUI are set to the fixed value FFFE hexadecimal.
The last three octets of the Ethernet address become the last three
octets of the EUI-64.

The Interface Identifier is then formed from the EUI-64 by
complementing the "Universal/Local" (U/L) bit, which is the next-to-
lowest order bit of the first octet of the EUI-64. Complementing
this bit will generally change a 0 value to a 1, since an interface's
built-in address is expected to be from a universally administered
address space and hence have a globally unique value. A universally
administered IEEE 802 address or an EUI-64 is signified by a 0 in the
U/L bit position, while a globally unique IPv6 Interface Identifier
is signified by a 1 in the corresponding position. For further
discussion on this point, see [AARCH].

For example, the Interface Identifier for an Ethernet interface whose
built-in address is, in hexadecimal,

34-56-78-9A-BC-DE

would be

36-56-78-FF-FE-9A-BC-DE.

A different MAC address set manually or by software should not be
used to derive the Interface Identifier. If such a MAC address must
be used, its global uniqueness property should be reflected in the
value of the U/L bit.

An IPv6 address prefix used for stateless autoconfiguration [ACONF]
of an Ethernet interface must have a length of 64 bits.

5. Link-Local Addresses

The IPv6 link-local address [AARCH] for an Ethernet interface is
formed by appending the Interface Identifier, as defined above, to
the prefix FE80::/64.

10 bits 54 bits 64 bits
+----------+-----------------------+----------------------------+
|1111111010| (zeros) | Interface Identifier |
+----------+-----------------------+----------------------------+

6. Address Mapping -- Unicast

The procedure for mapping IPv6 unicast addresses into Ethernet link-
layer addresses is described in [DISC]. The Source/Target Link-layer
Address option has the following form when the link layer is
Ethernet.

0 1
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
+- Ethernet -+
| |
+- Address -+
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

Option fields:

Type 1 for Source Link-layer address.
2 for Target Link-layer address.

Length 1 (in units of 8 octets).

Ethernet Address
The 48 bit Ethernet IEEE 802 address, in canonical bit
order. This is the address the interface currently
responds to, and may be different from the built-in
address used to derive the Interface Identifier.

7. Address Mapping -- Multicast

An IPv6 packet with a multicast destination address DST, consisting
of the sixteen octets DST[1] through DST[16], is transmitted to the
Ethernet multicast address whose first two octets are the value 3333
hexadecimal and whose last four octets are the last four octets of
DST.

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|0 0 1 1 0 0 1 1|0 0 1 1 0 0 1 1|
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| DST[13] | DST[14] |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| DST[15] | DST[16] |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

8. Differences From RFC 1972

The following are the functional differences between this
specification and RFC 1972.

The Address Token, which was a node's 48-bit MAC address, is
replaced with the Interface Identifier, which is 64 bits in
length and based on the EUI-64 format [EUI64]. An IEEE-defined
mapping exists from 48-bit MAC addresses to EUI-64 form.

A prefix used for stateless autoconfiguration must now be 64 bits
long rather than 80. The link-local prefix is also shortened to
64 bits.

9. Security Considerations

The method of derivation of Interface Identifiers from MAC addresses
is intended to preserve global uniqueness when possible. However,
there is no protection from duplication through accident or forgery.

10. References

[AARCH] Hinden, R. and S. Deering "IP Version 6 Addressing
Architecture", RFC 2373, July 1998.

[ACONF] Thomson, S. and T. Narten, "IPv6 Stateless Address
Autoconfiguration", RFC 2462, December 1998.

[DISC] Narten, T., Nordmark, E. and W. Simpson, "Neighbor Discovery
for IP Version 6 (IPv6)", RFC 2461, December 1998.

[EUI64] "Guidelines For 64-bit Global Identifier (EUI-64)",
http://standards.ieee.org/db/oui/tutorials/EUI64.html

[IPV6] Deering, S. and R. Hinden, "Internet Protocol, Version 6
(IPv6) Specification", RFC 2460, December 1998.

[RFC 2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997.

11. Author's Address

Matt Crawford
Fermilab MS 368
PO Box 500
Batavia, IL 60510
USA

Phone: +1 630 840-3461
EMail: crawdad@fnal.gov

12. Full Copyright Statement

Copyright (C) The Internet Society (1998). All Rights Reserved.

This document and translations of it may be copied and furnished to
others, and derivative works that comment on or otherwise explain it
or assist in its implementation may be prepared, copied, published
and distributed, in whole or in part, without restriction of any
kind, provided that the above copyright notice and this paragraph are
included on all such copies and derivative works. However, this
document itself may not be modified in any way, such as by removing
the copyright notice or references to the Internet Society or other
Internet organizations, except as needed for the purpose of
developing Internet standards in which case the procedures for
copyrights defined in the Internet Standards process must be
followed, or as required to translate it into languages other than
English.

The limited permissions granted above are perpetual and will not be
revoked by the Internet Society or its successors or assigns.

This document and the information contained herein is provided on an
"AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.


RFC 1885 – Internet Control Message Protocol (ICMPv6) for IPv6 (OBSOLETE)

 
Network Working Group             A. Conta, Digital Equipment Corporation
Request for Comments: 1885 S. Deering, Xerox PARC
Category: Standards Track December 1995

Internet Control Message Protocol (ICMPv6)
for the Internet Protocol Version 6 (IPv6)
Specification

Status of this Memo

This document specifies an Internet standards track protocol for the
Internet community, and requests discussion and suggestions for
improvements. Please refer to the current edition of the "Internet
Official Protocol Standards" (STD 1) for the standardization state
and status of this protocol. Distribution of this memo is unlimited.

Abstract

This document specifies a set of Internet Control Message Protocol
(ICMP) messages for use with version 6 of the Internet Protocol
(IPv6). The Internet Group Management Protocol (IGMP) messages
specified in STD 5, RFC 1112 have been merged into ICMP, for IPv6,
and are included in this document.

Table of Contents

1. Introduction........................................3

2. ICMPv6 (ICMP for IPv6)..............................3

2.1 Message General Format.......................3

2.2 Message Source Address Determination.........4

2.3 Message Checksum Calculation.................5

2.4 Message Processing Rules.....................5

3. ICMPv6 Error Messages...............................8

3.1 Destination Unreachable Message..............8

3.2 Packet Too Big Message......................10

3.3 Time Exceeded Message.......................11

3.4 Parameter Problem Message...................12

4. ICMPv6 Informational Messages......................14

4.1 Echo Request Message........................14

4.2 Echo Reply Message..........................15

4.3 Group Membership Messages...................17

5. References.........................................19

6. Acknowledgements...................................19

7. Security Considerations............................19

Authors' Addresses....................................20

1. Introduction

The Internet Protocol, version 6 (IPv6) is a new version of IP. IPv6
uses the Internet Control Message Protocol (ICMP) as defined for IPv4
[RFC-792], with a number of changes. The Internet Group Membership
Protocol (IGMP) specified for IPv4 [RFC-1112] has also been revised
and has been absorbed into ICMP for IPv6. The resulting protocol is
called ICMPv6, and has an IPv6 Next Header value of 58.

This document describes the format of a set of control messages used
in ICMPv6. It does not describe the procedures for using these
messages to achieve functions like Path MTU discovery or multicast
group membership maintenance; such procedures are described in other
documents (e.g., [RFC-1112, RFC-1191]). Other documents may also
introduce additional ICMPv6 message types, such as Neighbor Discovery
messages [IPv6-DISC], subject to the general rules for ICMPv6
messages given in section 2 of this document.

Terminology defined in the IPv6 specification [IPv6] and the IPv6
Routing and Addressing specification [IPv6-ADDR] applies to this
document as well.

2. ICMPv6 (ICMP for IPv6)

ICMPv6 is used by IPv6 nodes to report errors encountered in
processing packets, and to perform other internet-layer functions,
such as diagnostics (ICMPv6 "ping") and multicast membership
reporting. ICMPv6 is an integral part of IPv6 and MUST be fully
implemented by every IPv6 node.

2.1 Message General Format

ICMPv6 messages are grouped into two classes: error messages and
informational messages. Error messages are identified as such by
having a zero in the high-order bit of their message Type field
values. Thus, error messages have message Types from 0 to 127;
informational messages have message Types from 128 to 255.

This document defines the message formats for the following ICMPv6
messages:

ICMPv6 error messages:

1 Destination Unreachable (see section 3.1)
2 Packet Too Big (see section 3.2)
3 Time Exceeded (see section 3.3)
4 Parameter Problem (see section 3.4)

ICMPv6 informational messages:

128 Echo Request (see section 4.1)
129 Echo Reply (see section 4.2)
130 Group Membership Query (see section 4.3)
131 Group Membership Report (see section 4.3)
132 Group Membership Reduction (see section 4.3)

Every ICMPv6 message is preceded by an IPv6 header and zero or more
IPv6 extension headers. The ICMPv6 header is identified by a Next
Header value of 58 in the immediately preceding header. (NOTE: this
is different than the value used to identify ICMP for IPv4.)

The ICMPv6 messages have the following general format:

0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Code | Checksum |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
+ Message Body +
| |

The type field indicates the type of the message. Its value
determines the format of the remaining data.

The code field depends on the message type. It is used to create an
additional level of message granularity.

The checksum field is used to detect data corruption in the ICMPv6
message and parts of the IPv6 header.

2.2 Message Source Address Determination

A node that sends an ICMPv6 message has to determine both the Source
and Destination IPv6 Addresses in the IPv6 header before calculating
the checksum. If the node has more than one unicast address, it must
choose the Source Address of the message as follows:

(a) If the message is a response to a message sent to one of the
node's unicast addresses, the Source Address of the reply must
be that same address.

(b) If the message is a response to a message sent to a multicast or
anycast group in which the node is a member, the Source Address
of the reply must be a unicast address belonging to the
interface on which the multicast or anycast packet was received.

(c) If the message is a response to a message sent to an address
that does not belong to the node, the Source Address should be
that unicast address belonging to the node that will be most
helpful in diagnosing the error. For example, if the message is
a response to a packet forwarding action that cannot complete
successfully, the Source Address should be a unicast address
belonging to the interface on which the packet forwarding
failed.

(d) Otherwise, the node's routing table must be examined to
determine which interface will be used to transmit the message
to its destination, and a unicast address belonging to that
interface must be used as the Source Address of the message.

2.3 Message Checksum Calculation

The checksum is the 16-bit one's complement of the one's complement
sum of the entire ICMPv6 message starting with the ICMPv6 message
type field, prepended with a "pseudo-header" of IPv6 header fields,
as specified in [IPv6, section 8.1]. The Next Header value used in
the pseudo-header is 58. (NOTE: the inclusion of a pseudo-header in
the ICMPv6 checksum is a change from IPv4; see [IPv6] for the
rationale for this change.)

For computing the checksum, the checksum field is set to zero.

2.4 Message Processing Rules

Implementations MUST observe the following rules when processing
ICMPv6 messages (from [RFC-1122]):

(a) If an ICMPv6 error message of unknown type is received, it MUST
be passed to the upper layer.

(b) If an ICMPv6 informational message of unknown type is received,
it MUST be silently discarded.

(c) Every ICMPv6 error message (type < 128) includes as much of the
IPv6 offending (invoking) packet (the packet that caused the
error) as will fit without making the error message packet
exceed 576 octets.

(d) In those cases where the internet-layer protocol is required to
pass an ICMPv6 error message to the upper-layer protocol, the
upper-layer protocol type is extracted from the original packet
(contained in the body of the ICMPv6 error message) and used to
select the appropriate upper-layer protocol entity to handle the
error.

If the original packet had an unusually large amount of
extension headers, it is possible that the upper-layer protocol
type may not be present in the ICMPv6 message, due to truncation
of the original packet to meet the 576-octet limit. In that
case, the error message is silently dropped after any IPv6-layer
processing.

(e) An ICMPv6 error message MUST NOT be sent as a result of
receiving:

(e.1) an ICMPv6 error message, or

(e.2) a packet destined to an IPv6 multicast address (there are
two exceptions to this rule: (1) the Packet Too Big
Message - Section 3.2 - to allow Path MTU discovery to
work for IPv6 multicast, and (2) the Parameter Problem
Message, Code 2 - Section 3.4 - reporting an unrecognized
IPv6 option that has the Option Type highest-order two
bits set to 10), or

(e.3) a packet sent as a link-layer multicast, (the exception
from e.2 applies to this case too), or

(e.4) a packet sent as a link-layer broadcast, (the exception
from e.2 applies to this case too), or

(e.5) a packet whose source address does not uniquely identify
a single node -- e.g., the IPv6 Unspecified Address, an
IPv6 multicast address, or an address known by the ICMP
message sender to be an IPv6 anycast address.

(f) Finally, to each sender of an erroneous data packet, an IPv6
node MUST limit the rate of ICMPv6 error messages sent, in order
to limit the bandwidth and forwarding costs incurred by the
error messages when a generator of erroneous packets does not
respond to those error messages by ceasing its transmissions.

There are a variety of ways of implementing the rate-limiting
function, for example:

(f.1) Timer-based - for example, limiting the rate of
transmission of error messages to a given source, or to
any source, to at most once every T milliseconds.

(f.2) Bandwidth-based - for example, limiting the rate at
which error messages are sent from a particular interface
to some fraction F of the attached link's bandwidth.

The limit parameters (e.g., T or F in the above examples) MUST
be configurable for the node, with a conservative default value
(e.g., T = 1 second, NOT 0 seconds, or F = 2 percent, NOT 100
percent).

The following sections describe the message formats for the above
ICMPv6 messages.

3. ICMPv6 Error Messages

3.1 Destination Unreachable Message

0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Code | Checksum |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Unused |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| As much of invoking packet |
+ as will fit without the ICMPv6 packet +
| exceeding 576 octets |

IPv6 Fields:

Destination Address

Copied from the Source Address field of the invoking
packet.

ICMPv6 Fields:

Type 1

Code 0 - no route to destination
1 - communication with destination
administratively prohibited
2 - not a neighbor
3 - address unreachable
4 - port unreachable

Unused This field is unused for all code values.
It must be initialized to zero by the sender
and ignored by the receiver.
Description

A Destination Unreachable message SHOULD be generated by a router, or
by the IPv6 layer in the originating node, in response to a packet
that cannot be delivered to its destination address for reasons other
than congestion. (An ICMPv6 message MUST NOT be generated if a
packet is dropped due to congestion.)

If the reason for the failure to deliver is lack of a matching entry
in the forwarding node's routing table, the Code field is set to 0
(NOTE: this error can occur only in nodes that do not hold a "default
route" in their routing tables).

If the reason for the failure to deliver is administrative
prohibition, e.g., a "firewall filter", the Code field is set to 1.

If the reason for the failure to deliver is that the next destination
address in the Routing header is not a neighbor of the processing
node but the "strict" bit is set for that address, then the Code
field is set to 2.

If there is any other reason for the failure to deliver, e.g.,
inability to resolve the IPv6 destination address into a
corresponding link address, or a link-specific problem of some sort,
then the Code field is set to 3.

A destination node SHOULD send a Destination Unreachable message with
Code 4 in response to a packet for which the transport protocol
(e.g., UDP) has no listener, if that transport protocol has no
alternative means to inform the sender.

Upper layer notification

A node receiving the ICMPv6 Destination Unreachable message MUST
notify the upper-layer protocol.

3.2 Packet Too Big Message

0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Code | Checksum |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| MTU |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| As much of invoking packet |
+ as will fit without the ICMPv6 packet +
| exceeding 576 octets |

IPv6 Fields:

Destination Address

Copied from the Source Address field of the invoking
packet.

ICMPv6 Fields:

Type 2

Code 0

MTU The Maximum Transmission Unit of the next-hop link.

Description

A Packet Too Big MUST be sent by a router in response to a packet
that it cannot forward because the packet is larger than the MTU of
the outgoing link. The information in this message is used as part
of the Path MTU Discovery process [RFC-1191].

Sending a Packet Too Big Message makes an exception to one of the
rules of when to send an ICMPv6 error message, in that unlike other
messages, it is sent in response to a packet received with an IPv6
multicast destination address, or a link-layer multicast or link-
layer broadcast address.

Upper layer notification

An incoming Packet Too Big message MUST be passed to the upper-layer
protocol.

3.3 Time Exceeded Message

0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Code | Checksum |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Unused |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| As much of invoking packet |
+ as will fit without the ICMPv6 packet +
| exceeding 576 octets |

IPv6 Fields:

Destination Address
Copied from the Source Address field of the invoking
packet.

ICMPv6 Fields:

Type 3

Code 0 - hop limit exceeded in transit

1 - fragment reassembly time exceeded

Unused This field is unused for all code values.
It must be initialized to zero by the sender
and ignored by the receiver.

Description

If a router receives a packet with a Hop Limit of zero, or a router
decrements a packet's Hop Limit to zero, it MUST discard the packet
and send an ICMPv6 Time Exceeded message with Code 0 to the source of
the packet. This indicates either a routing loop or too small an
initial Hop Limit value.

The router sending an ICMPv6 Time Exceeded message with Code 0 SHOULD
consider the receiving interface of the packet as the interface on
which the packet forwarding failed in following rule (d) for
selecting the Source Address of the message.

Upper layer notification

An incoming Time Exceeded message MUST be passed to the upper-layer
protocol.

3.4 Parameter Problem Message

0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Code | Checksum |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Pointer |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| As much of invoking packet |
+ as will fit without the ICMPv6 packet +
| exceeding 576 octets |

IPv6 Fields:

Destination Address

Copied from the Source Address field of the invoking
packet.

ICMPv6 Fields:

Type 4

Code 0 - erroneous header field encountered

1 - unrecognized Next Header type encountered

2 - unrecognized IPv6 option encountered

Pointer Identifies the octet offset within the
invoking packet where the error was detected.

The pointer will point beyond the end of the ICMPv6
packet if the field in error is beyond what can fit
in the 576-byte limit of an ICMPv6 error message.

Description

If an IPv6 node processing a packet finds a problem with a field in
the IPv6 header or extension headers such that it cannot complete
processing the packet, it MUST discard the packet and SHOULD send an
ICMPv6 Parameter Problem message to the packet's source, indicating
the type and location of the problem.

The pointer identifies the octet of the original packet's header
where the error was detected. For example, an ICMPv6 message with
Type field = 4, Code field = 1, and Pointer field = 40 would indicate

that the IPv6 extension header following the IPv6 header of the
original packet holds an unrecognized Next Header field value.

Upper layer notification

A node receiving this ICMPv6 message MUST notify the upper-layer
protocol.

4. ICMPv6 Informational Messages

4.1 Echo Request Message

0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Code | Checksum |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Identifier | Sequence Number |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Data ...
+-+-+-+-+-

IPv6 Fields:

Destination Address

Any legal IPv6 address.

ICMPv6 Fields:

Type 128

Code 0

Identifier An identifier to aid in matching Echo Replies
to this Echo Request. May be zero.

Sequence Number

A sequence number to aid in matching Echo Replies
to this Echo Request. May be zero.

Data Zero or more octets of arbitrary data.

Description

Every node MUST implement an ICMPv6 Echo responder function that
receives Echo Requests and sends corresponding Echo Replies. A node
SHOULD also implement an application-layer interface for sending Echo
Requests and receiving Echo Replies, for diagnostic purposes.

Upper layer notification

A node receiving this ICMPv6 message MAY notify the upper-layer
protocol.

4.2 Echo Reply Message

0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Code | Checksum |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Identifier | Sequence Number |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Data ...
+-+-+-+-+-

IPv6 Fields:

Destination Address

Copied from the Source Address field of the invoking
Echo Request packet.

ICMPv6 Fields:

Type 129

Code 0

Identifier The identifier from the invoking Echo Request message.

Sequence The sequence number from the invoking Echo Request
Number message.

Data The data from the invoking Echo Request message.

Description

Every node MUST implement an ICMPv6 Echo responder function that
receives Echo Requests and sends corresponding Echo Replies. A node
SHOULD also implement an application-layer interface for sending Echo
Requests and receiving Echo Replies, for diagnostic purposes.

The source address of an Echo Reply sent in response to a unicast
Echo Request message MUST be the same as the destination address of
that Echo Request message.

An Echo Reply SHOULD be sent in response to an Echo Request message
sent to an IPv6 multicast address. The source address of the reply
MUST be a unicast address belonging to the interface on which the
multicast Echo Request message was received.

The data received in the ICMPv6 Echo Request message MUST be returned
entirely and unmodified in the ICMPv6 Echo Reply message, unless the
Echo Reply would exceed the MTU of the path back to the Echo
requester, in which case the data is truncated to fit that path MTU.

Upper layer notification

Echo Reply messages MUST be passed to the ICMPv6 user interface,
unless the corresponding Echo Request originated in the IP layer.

4.3 Group Membership Messages

The ICMPv6 Group Membership Messages have the following format:

0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Code | Checksum |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Maximum Response Delay | Unused |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
+ +
| Multicast |
+ +
| Address |
+ +
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

IPv6 Fields:

Destination Address

In a Group Membership Query message, the multicast
address of the group being queried, or the Link-Local
All-Nodes multicast address.

In a Group Membership Report or a Group Membership
Reduction message, the multicast address of the
group being reported or terminated.

Hop Limit 1

ICMPv6 Fields:

Type 130 - Group Membership Query
131 - Group Membership Report
132 - Group Membership Reduction

Code 0

Maximum Response Delay

In Query messages, the maximum time that responding
Report messages may be delayed, in milliseconds.

In Report and Reduction messages, this field is
is initialized to zero by the sender and ignored by
receivers.

Unused Initialized to zero by the sender; ignored by receivers.

Multicast Address

The address of the multicast group about which the
message is being sent. In Query messages, the Multicast
Address field may be zero, implying a query for all
groups.

Description

The ICMPv6 Group Membership messages are used to convey information
about multicast group membership from nodes to their neighboring
routers. The details of their usage is given in [RFC-1112].

5. References

[IPv6] Deering, S., and R. Hinden, "Internet Protocol, Version
6, Specification", RFC 1883, Xerox PARC, Ipsilon
Networks, December 1995.

[IPv6-ADDR] Hinden, R., and S. Deering, Editors, "IP Version 6
Addressing Architecture", RFC 1884, Ipsilon Networks,
Xerox PARC, December 1995.

[IPv6-DISC] Narten, T., Nordmark, E., and W. Simpson, "Neighbor
Discovery for IP Version 6 (IPv6)", Work in Progress.

[RFC-792] Postel, J., "Internet Control Message Protocol", STD 5,
RFC 792, USC/Information Sciences Institute, September
1981.

[RFC-1112] Deering, S., "Host Extensions for IP Multicasting", STD
5, RFC 1112, Stanford University, August 1989.

[RFC-1122] Braden, R., "Requirements for Internet Hosts -
Communication Layers", STD 3, RFC 1122, USC/Information
Sciences Institute, October 1989.

[RFC-1191] Mogul, J., and S. Deering, "Path MTU Discovery", RFC
1191, DECWRL, Stanford University, November 1990.

6. Acknowledgements

The document is derived from previous ICMP drafts of the SIPP and
IPng working group.

The IPng working group and particularly Robert Elz, Jim Bound, Bill
Simpson, Thomas Narten, Charlie Lynn, Bill Fink, and Scott Bradner
(in chronological order) provided extensive review information and
feedback.

7. Security Considerations

Security issues are not discussed in this memo.

Authors' Addresses:

Alex Conta Stephen Deering
Digital Equipment Corporation Xerox Palo Alto Research Center
110 Spitbrook Rd 3333 Coyote Hill Road
Nashua, NH 03062 Palo Alto, CA 94304

Phone: +1-603-881-0744 Phone: +1-415-812-4839
EMail: conta@zk3.dec.com EMail: deering@parc.xerox.com


RFC 792 – Internet Control Message Protocol


Network Working Group                                          J. Postel
Request for Comments:  792                                           ISI
                                                          September 1981
Updates:  RFCs 777, 760
Updates:  IENs 109, 128

                   INTERNET CONTROL MESSAGE PROTOCOL

                         DARPA INTERNET PROGRAM
                         PROTOCOL SPECIFICATION

Introduction

   The Internet Protocol (IP) [1] is used for host-to-host datagram
   service in a system of interconnected networks called the
   Catenet [2].  The network connecting devices are called Gateways.
   These gateways communicate between themselves for control purposes
   via a Gateway to Gateway Protocol (GGP) [3,4].  Occasionally a
   gateway or destination host will communicate with a source host, for
   example, to report an error in datagram processing.  For such
   purposes this protocol, the Internet Control Message Protocol (ICMP),
   is used.  ICMP, uses the basic support of IP as if it were a higher
   level protocol, however, ICMP is actually an integral part of IP, and
   must be implemented by every IP module.

   ICMP messages are sent in several situations:  for example, when a
   datagram cannot reach its destination, when the gateway does not have
   the buffering capacity to forward a datagram, and when the gateway
   can direct the host to send traffic on a shorter route.

   The Internet Protocol is not designed to be absolutely reliable.  The
   purpose of these control messages is to provide feedback about
   problems in the communication environment, not to make IP reliable.
   There are still no guarantees that a datagram will be delivered or a
   control message will be returned.  Some datagrams may still be
   undelivered without any report of their loss.  The higher level
   protocols that use IP must implement their own reliability procedures
   if reliable communication is required.

   The ICMP messages typically report errors in the processing of
   datagrams.  To avoid the infinite regress of messages about messages
   etc., no ICMP messages are sent about ICMP messages.  Also ICMP
   messages are only sent about errors in handling fragment zero of
   fragemented datagrams.  (Fragment zero has the fragment offeset equal
   zero).

                                                                [Page 1]

                                                          September 1981
RFC 792

Message Formats

   ICMP messages are sent using the basic IP header.  The first octet of
   the data portion of the datagram is a ICMP type field; the value of
   this field determines the format of the remaining data.  Any field
   labeled "unused" is reserved for later extensions and must be zero
   when sent, but receivers should not use these fields (except to
   include them in the checksum).  Unless otherwise noted under the
   individual format descriptions, the values of the internet header
   fields are as follows:

   Version

      4

   IHL

      Internet header length in 32-bit words.

   Type of Service

      0

   Total Length

      Length of internet header and data in octets.

   Identification, Flags, Fragment Offset

      Used in fragmentation, see [1].

   Time to Live

      Time to live in seconds; as this field is decremented at each
      machine in which the datagram is processed, the value in this
      field should be at least as great as the number of gateways which
      this datagram will traverse.

   Protocol

      ICMP = 1

   Header Checksum

      The 16 bit one's complement of the one's complement sum of all 16
      bit words in the header.  For computing the checksum, the checksum
      field should be zero.  This checksum may be replaced in the
      future.

[Page 2]                                                                

September 1981                                                          
RFC 792

   Source Address

      The address of the gateway or host that composes the ICMP message.
      Unless otherwise noted, this can be any of a gateway's addresses.

   Destination Address

      The address of the gateway or host to which the message should be
      sent.

                                                                [Page 3]

                                                          September 1981
RFC 792

Destination Unreachable Message

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Type      |     Code      |          Checksum             |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                             unused                            |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |      Internet Header + 64 bits of Original Data Datagram      |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   IP Fields:

   Destination Address

      The source network and address from the original datagram's data.

   ICMP Fields:

   Type

      3

   Code

      0 = net unreachable;

      1 = host unreachable;

      2 = protocol unreachable;

      3 = port unreachable;

      4 = fragmentation needed and DF set;

      5 = source route failed.

   Checksum

      The checksum is the 16-bit ones's complement of the one's
      complement sum of the ICMP message starting with the ICMP Type.
      For computing the checksum , the checksum field should be zero.
      This checksum may be replaced in the future.

   Internet Header + 64 bits of Data Datagram

      The internet header plus the first 64 bits of the original

[Page 4]                                                                

September 1981                                                          
RFC 792

      datagram's data.  This data is used by the host to match the
      message to the appropriate process.  If a higher level protocol
      uses port numbers, they are assumed to be in the first 64 data
      bits of the original datagram's data.

   Description

      If, according to the information in the gateway's routing tables,
      the network specified in the internet destination field of a
      datagram is unreachable, e.g., the distance to the network is
      infinity, the gateway may send a destination unreachable message
      to the internet source host of the datagram.  In addition, in some
      networks, the gateway may be able to determine if the internet
      destination host is unreachable.  Gateways in these networks may
      send destination unreachable messages to the source host when the
      destination host is unreachable.

      If, in the destination host, the IP module cannot deliver the
      datagram  because the indicated protocol module or process port is
      not active, the destination host may send a destination
      unreachable message to the source host.

      Another case is when a datagram must be fragmented to be forwarded
      by a gateway yet the Don't Fragment flag is on.  In this case the
      gateway must discard the datagram and may return a destination
      unreachable message.

      Codes 0, 1, 4, and 5 may be received from a gateway.  Codes 2 and
      3 may be received from a host.

                                                                [Page 5]

                                                          September 1981
RFC 792

Time Exceeded Message

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Type      |     Code      |          Checksum             |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                             unused                            |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |      Internet Header + 64 bits of Original Data Datagram      |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   IP Fields:

   Destination Address

      The source network and address from the original datagram's data.

   ICMP Fields:

   Type

      11

   Code

      0 = time to live exceeded in transit;

      1 = fragment reassembly time exceeded.

   Checksum

      The checksum is the 16-bit ones's complement of the one's
      complement sum of the ICMP message starting with the ICMP Type.
      For computing the checksum , the checksum field should be zero.
      This checksum may be replaced in the future.

   Internet Header + 64 bits of Data Datagram

      The internet header plus the first 64 bits of the original
      datagram's data.  This data is used by the host to match the
      message to the appropriate process.  If a higher level protocol
      uses port numbers, they are assumed to be in the first 64 data
      bits of the original datagram's data.

   Description

      If the gateway processing a datagram finds the time to live field

[Page 6]                                                                

September 1981                                                          
RFC 792

      is zero it must discard the datagram.  The gateway may also notify
      the source host via the time exceeded message.

      If a host reassembling a fragmented datagram cannot complete the
      reassembly due to missing fragments within its time limit it
      discards the datagram, and it may send a time exceeded message.

      If fragment zero is not available then no time exceeded need be
      sent at all.

      Code 0 may be received from a gateway.  Code 1 may be received
      from a host.

                                                                [Page 7]

                                                          September 1981
RFC 792

Parameter Problem Message

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Type      |     Code      |          Checksum             |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |    Pointer    |                   unused                      |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |      Internet Header + 64 bits of Original Data Datagram      |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   IP Fields:

   Destination Address

      The source network and address from the original datagram's data.

   ICMP Fields:

   Type

      12

   Code

      0 = pointer indicates the error.

   Checksum

      The checksum is the 16-bit ones's complement of the one's
      complement sum of the ICMP message starting with the ICMP Type.
      For computing the checksum , the checksum field should be zero.
      This checksum may be replaced in the future.

   Pointer

      If code = 0, identifies the octet where an error was detected.

   Internet Header + 64 bits of Data Datagram

      The internet header plus the first 64 bits of the original
      datagram's data.  This data is used by the host to match the
      message to the appropriate process.  If a higher level protocol
      uses port numbers, they are assumed to be in the first 64 data
      bits of the original datagram's data.

[Page 8]                                                                

September 1981                                                          
RFC 792

   Description

      If the gateway or host processing a datagram finds a problem with
      the header parameters such that it cannot complete processing the
      datagram it must discard the datagram.  One potential source of
      such a problem is with incorrect arguments in an option.  The
      gateway or host may also notify the source host via the parameter
      problem message.  This message is only sent if the error caused
      the datagram to be discarded.

      The pointer identifies the octet of the original datagram's header
      where the error was detected (it may be in the middle of an
      option).  For example, 1 indicates something is wrong with the
      Type of Service, and (if there are options present) 20 indicates
      something is wrong with the type code of the first option.

      Code 0 may be received from a gateway or a host.

                                                                [Page 9]

                                                          September 1981
RFC 792

Source Quench Message

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Type      |     Code      |          Checksum             |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                             unused                            |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |      Internet Header + 64 bits of Original Data Datagram      |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   IP Fields:

   Destination Address

      The source network and address of the original datagram's data.

   ICMP Fields:

   Type

      4

   Code

      0

   Checksum

      The checksum is the 16-bit ones's complement of the one's
      complement sum of the ICMP message starting with the ICMP Type.
      For computing the checksum , the checksum field should be zero.
      This checksum may be replaced in the future.

   Internet Header + 64 bits of Data Datagram

      The internet header plus the first 64 bits of the original
      datagram's data.  This data is used by the host to match the
      message to the appropriate process.  If a higher level protocol
      uses port numbers, they are assumed to be in the first 64 data
      bits of the original datagram's data.

   Description

      A gateway may discard internet datagrams if it does not have the
      buffer space needed to queue the datagrams for output to the next
      network on the route to the destination network.  If a gateway

[Page 10]                                                               

September 1981                                                          
RFC 792

      discards a datagram, it may send a source quench message to the
      internet source host of the datagram.  A destination host may also
      send a source quench message if datagrams arrive too fast to be
      processed.  The source quench message is a request to the host to
      cut back the rate at which it is sending traffic to the internet
      destination.  The gateway may send a source quench message for
      every message that it discards.  On receipt of a source quench
      message, the source host should cut back the rate at which it is
      sending traffic to the specified destination until it no longer
      receives source quench messages from the gateway.  The source host
      can then gradually increase the rate at which it sends traffic to
      the destination until it again receives source quench messages.

      The gateway or host may send the source quench message when it
      approaches its capacity limit rather than waiting until the
      capacity is exceeded.  This means that the data datagram which
      triggered the source quench message may be delivered.

      Code 0 may be received from a gateway or a host.

                                                               [Page 11]

                                                          September 1981
RFC 792

Redirect Message

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Type      |     Code      |          Checksum             |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                 Gateway Internet Address                      |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |      Internet Header + 64 bits of Original Data Datagram      |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   IP Fields:

   Destination Address

      The source network and address of the original datagram's data.

   ICMP Fields:

   Type

      5

   Code

      0 = Redirect datagrams for the Network.

      1 = Redirect datagrams for the Host.

      2 = Redirect datagrams for the Type of Service and Network.

      3 = Redirect datagrams for the Type of Service and Host.

   Checksum

      The checksum is the 16-bit ones's complement of the one's
      complement sum of the ICMP message starting with the ICMP Type.
      For computing the checksum , the checksum field should be zero.
      This checksum may be replaced in the future.

   Gateway Internet Address

      Address of the gateway to which traffic for the network specified
      in the internet destination network field of the original
      datagram's data should be sent.

[Page 12]                                                               

September 1981                                                          
RFC 792

   Internet Header + 64 bits of Data Datagram

      The internet header plus the first 64 bits of the original
      datagram's data.  This data is used by the host to match the
      message to the appropriate process.  If a higher level protocol
      uses port numbers, they are assumed to be in the first 64 data
      bits of the original datagram's data.

   Description

      The gateway sends a redirect message to a host in the following
      situation.  A gateway, G1, receives an internet datagram from a
      host on a network to which the gateway is attached.  The gateway,
      G1, checks its routing table and obtains the address of the next
      gateway, G2, on the route to the datagram's internet destination
      network, X.  If G2 and the host identified by the internet source
      address of the datagram are on the same network, a redirect
      message is sent to the host.  The redirect message advises the
      host to send its traffic for network X directly to gateway G2 as
      this is a shorter path to the destination.  The gateway forwards
      the original datagram's data to its internet destination.

      For datagrams with the IP source route options and the gateway
      address in the destination address field, a redirect message is
      not sent even if there is a better route to the ultimate
      destination than the next address in the source route.

      Codes 0, 1, 2, and 3 may be received from a gateway.

                                                               [Page 13]

                                                          September 1981
RFC 792

Echo or Echo Reply Message

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Type      |     Code      |          Checksum             |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |           Identifier          |        Sequence Number        |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Data ...
   +-+-+-+-+-

   IP Fields:

   Addresses

      The address of the source in an echo message will be the
      destination of the echo reply message.  To form an echo reply
      message, the source and destination addresses are simply reversed,
      the type code changed to 0, and the checksum recomputed.

   IP Fields:

   Type

      8 for echo message;

      0 for echo reply message.

   Code

      0

   Checksum

      The checksum is the 16-bit ones's complement of the one's
      complement sum of the ICMP message starting with the ICMP Type.
      For computing the checksum , the checksum field should be zero.
      If the total length is odd, the received data is padded with one
      octet of zeros for computing the checksum.  This checksum may be
      replaced in the future.

   Identifier

      If code = 0, an identifier to aid in matching echos and replies,
      may be zero.

   Sequence Number

[Page 14]                                                               

September 1981                                                          
RFC 792

      If code = 0, a sequence number to aid in matching echos and
      replies, may be zero.

   Description

      The data received in the echo message must be returned in the echo
      reply message.

      The identifier and sequence number may be used by the echo sender
      to aid in matching the replies with the echo requests.  For
      example, the identifier might be used like a port in TCP or UDP to
      identify a session, and the sequence number might be incremented
      on each echo request sent.  The echoer returns these same values
      in the echo reply.

      Code 0 may be received from a gateway or a host.

                                                               [Page 15]

                                                          September 1981
RFC 792

Timestamp or Timestamp Reply Message

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Type      |      Code     |          Checksum             |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |           Identifier          |        Sequence Number        |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Originate Timestamp                                       |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Receive Timestamp                                         |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Transmit Timestamp                                        |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   IP Fields:

   Addresses

      The address of the source in a timestamp message will be the
      destination of the timestamp reply message.  To form a timestamp
      reply message, the source and destination addresses are simply
      reversed, the type code changed to 14, and the checksum
      recomputed.

   IP Fields:

   Type

      13 for timestamp message;

      14 for timestamp reply message.

   Code

      0

   Checksum

      The checksum is the 16-bit ones's complement of the one's
      complement sum of the ICMP message starting with the ICMP Type.
      For computing the checksum , the checksum field should be zero.
      This checksum may be replaced in the future.

   Identifier

[Page 16]                                                               

September 1981                                                          
RFC 792

      If code = 0, an identifier to aid in matching timestamp and
      replies, may be zero.

   Sequence Number

      If code = 0, a sequence number to aid in matching timestamp and
      replies, may be zero.

   Description

      The data received (a timestamp) in the message is returned in the
      reply together with an additional timestamp.  The timestamp is 32
      bits of milliseconds since midnight UT.  One use of these
      timestamps is described by Mills [5].

      The Originate Timestamp is the time the sender last touched the
      message before sending it, the Receive Timestamp is the time the
      echoer first touched it on receipt, and the Transmit Timestamp is
      the time the echoer last touched the message on sending it.

      If the time is not available in miliseconds or cannot be provided
      with respect to midnight UT then any time can be inserted in a
      timestamp provided the high order bit of the timestamp is also set
      to indicate this non-standard value.

      The identifier and sequence number may be used by the echo sender
      to aid in matching the replies with the requests.  For example,
      the identifier might be used like a port in TCP or UDP to identify
      a session, and the sequence number might be incremented on each
      request sent.  The destination returns these same values in the
      reply.

      Code 0 may be received from a gateway or a host.

                                                               [Page 17]

                                                          September 1981
RFC 792

Information Request or Information Reply Message

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Type      |      Code     |          Checksum             |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |           Identifier          |        Sequence Number        |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   IP Fields:

   Addresses

      The address of the source in a information request message will be
      the destination of the information reply message.  To form a
      information reply message, the source and destination addresses
      are simply reversed, the type code changed to 16, and the checksum
      recomputed.

   IP Fields:

   Type

      15 for information request message;

      16 for information reply message.

   Code

      0

   Checksum

      The checksum is the 16-bit ones's complement of the one's
      complement sum of the ICMP message starting with the ICMP Type.
      For computing the checksum , the checksum field should be zero.
      This checksum may be replaced in the future.

   Identifier

      If code = 0, an identifier to aid in matching request and replies,
      may be zero.

   Sequence Number

      If code = 0, a sequence number to aid in matching request and
      replies, may be zero.

[Page 18]                                                               

September 1981                                                          
RFC 792

   Description

      This message may be sent with the source network in the IP header
      source and destination address fields zero (which means "this"
      network).  The replying IP module should send the reply with the
      addresses fully specified.  This message is a way for a host to
      find out the number of the network it is on.

      The identifier and sequence number may be used by the echo sender
      to aid in matching the replies with the requests.  For example,
      the identifier might be used like a port in TCP or UDP to identify
      a session, and the sequence number might be incremented on each
      request sent.  The destination returns these same values in the
      reply.

      Code 0 may be received from a gateway or a host.

                                                               [Page 19]

                                                          September 1981
RFC 792

Summary of Message Types

    0  Echo Reply

    3  Destination Unreachable

    4  Source Quench

    5  Redirect

    8  Echo

   11  Time Exceeded

   12  Parameter Problem

   13  Timestamp

   14  Timestamp Reply

   15  Information Request

   16  Information Reply

[Page 20]                                                               

September 1981                                                          
RFC 792

References

   [1]  Postel, J. (ed.), "Internet Protocol - DARPA Internet Program
         Protocol Specification," RFC 791, USC/Information Sciences
         Institute, September 1981.

   [2]   Cerf, V., "The Catenet Model for Internetworking," IEN 48,
         Information Processing Techniques Office, Defense Advanced
         Research Projects Agency, July 1978.

   [3]   Strazisar, V., "Gateway Routing:  An Implementation
         Specification", IEN 30, Bolt Beranek and Newman, April 1979.

   [4]   Strazisar, V., "How to Build a Gateway", IEN 109, Bolt Beranek
         and Newman, August 1979.

   [5]   Mills, D., "DCNET Internet Clock Service," RFC 778, COMSAT
         Laboratories, April 1981.

RFC 2373 – IP Version 6 Addressing Architecture

 
Network Working Group                                        R. Hinden
Request for Comments: 2373 Nokia
Obsoletes: 1884 S. Deering
Category: Standards Track Cisco Systems
July 1998

IP Version 6 Addressing Architecture

Status of this Memo

This document specifies an Internet standards track protocol for the
Internet community, and requests discussion and suggestions for
improvements. Please refer to the current edition of the "Internet
Official Protocol Standards" (STD 1) for the standardization state
and status of this protocol. Distribution of this memo is unlimited.

Copyright Notice

Copyright (C) The Internet Society (1998). All Rights Reserved.

Abstract

This specification defines the addressing architecture of the IP
Version 6 protocol [IPV6]. The document includes the IPv6 addressing
model, text representations of IPv6 addresses, definition of IPv6
unicast addresses, anycast addresses, and multicast addresses, and an
IPv6 node's required addresses.

Table of Contents

1. Introduction.................................................2
2. IPv6 Addressing..............................................2
2.1 Addressing Model.........................................3
2.2 Text Representation of Addresses.........................3
2.3 Text Representation of Address Prefixes..................5
2.4 Address Type Representation..............................6
2.5 Unicast Addresses........................................7
2.5.1 Interface Identifiers................................8
2.5.2 The Unspecified Address..............................9
2.5.3 The Loopback Address.................................9
2.5.4 IPv6 Addresses with Embedded IPv4 Addresses.........10
2.5.5 NSAP Addresses......................................10
2.5.6 IPX Addresses.......................................10
2.5.7 Aggregatable Global Unicast Addresses...............11
2.5.8 Local-use IPv6 Unicast Addresses....................11
2.6 Anycast Addresses.......................................12
2.6.1 Required Anycast Address............................13
2.7 Multicast Addresses.....................................14

2.7.1 Pre-Defined Multicast Addresses.....................15
2.7.2 Assignment of New IPv6 Multicast Addresses..........17
2.8 A Node's Required Addresses.............................17
3. Security Considerations.....................................18
APPENDIX A: Creating EUI-64 based Interface Identifiers........19
APPENDIX B: ABNF Description of Text Representations...........22
APPENDIX C: CHANGES FROM RFC-1884..............................23
REFERENCES.....................................................24
AUTHORS' ADDRESSES.............................................25
FULL COPYRIGHT STATEMENT.......................................26

1.0 INTRODUCTION

This specification defines the addressing architecture of the IP
Version 6 protocol. It includes a detailed description of the
currently defined address formats for IPv6 [IPV6].

The authors would like to acknowledge the contributions of Paul
Francis, Scott Bradner, Jim Bound, Brian Carpenter, Matt Crawford,
Deborah Estrin, Roger Fajman, Bob Fink, Peter Ford, Bob Gilligan,
Dimitry Haskin, Tom Harsch, Christian Huitema, Tony Li, Greg
Minshall, Thomas Narten, Erik Nordmark, Yakov Rekhter, Bill Simpson,
and Sue Thomson.

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC 2119].

2.0 IPv6 ADDRESSING

IPv6 addresses are 128-bit identifiers for interfaces and sets of
interfaces. There are three types of addresses:

Unicast: An identifier for a single interface. A packet sent to
a unicast address is delivered to the interface
identified by that address.

Anycast: An identifier for a set of interfaces (typically
belonging to different nodes). A packet sent to an
anycast address is delivered to one of the interfaces
identified by that address (the "nearest" one, according
to the routing protocols' measure of distance).

Multicast: An identifier for a set of interfaces (typically
belonging to different nodes). A packet sent to a
multicast address is delivered to all interfaces
identified by that address.

There are no broadcast addresses in IPv6, their function being
superseded by multicast addresses.

In this document, fields in addresses are given a specific name, for
example "subscriber". When this name is used with the term "ID" for
identifier after the name (e.g., "subscriber ID"), it refers to the
contents of the named field. When it is used with the term "prefix"
(e.g. "subscriber prefix") it refers to all of the address up to and
including this field.

In IPv6, all zeros and all ones are legal values for any field,
unless specifically excluded. Specifically, prefixes may contain
zero-valued fields or end in zeros.

2.1 Addressing Model

IPv6 addresses of all types are assigned to interfaces, not nodes.
An IPv6 unicast address refers to a single interface. Since each
interface belongs to a single node, any of that node's interfaces'
unicast addresses may be used as an identifier for the node.

All interfaces are required to have at least one link-local unicast
address (see section 2.8 for additional required addresses). A
single interface may also be assigned multiple IPv6 addresses of any
type (unicast, anycast, and multicast) or scope. Unicast addresses
with scope greater than link-scope are not needed for interfaces that
are not used as the origin or destination of any IPv6 packets to or
from non-neighbors. This is sometimes convenient for point-to-point
interfaces. There is one exception to this addressing model:

An unicast address or a set of unicast addresses may be assigned to
multiple physical interfaces if the implementation treats the
multiple physical interfaces as one interface when presenting it to
the internet layer. This is useful for load-sharing over multiple
physical interfaces.

Currently IPv6 continues the IPv4 model that a subnet prefix is
associated with one link. Multiple subnet prefixes may be assigned
to the same link.

2.2 Text Representation of Addresses

There are three conventional forms for representing IPv6 addresses as
text strings:

1. The preferred form is x:x:x:x:x:x:x:x, where the 'x's are the
hexadecimal values of the eight 16-bit pieces of the address.
Examples:

FEDC:BA98:7654:3210:FEDC:BA98:7654:3210

1080:0:0:0:8:800:200C:417A

Note that it is not necessary to write the leading zeros in an
individual field, but there must be at least one numeral in every
field (except for the case described in 2.).

2. Due to some methods of allocating certain styles of IPv6
addresses, it will be common for addresses to contain long strings
of zero bits. In order to make writing addresses containing zero
bits easier a special syntax is available to compress the zeros.
The use of "::" indicates multiple groups of 16-bits of zeros.
The "::" can only appear once in an address. The "::" can also be
used to compress the leading and/or trailing zeros in an address.

For example the following addresses:

1080:0:0:0:8:800:200C:417A a unicast address
FF01:0:0:0:0:0:0:101 a multicast address
0:0:0:0:0:0:0:1 the loopback address
0:0:0:0:0:0:0:0 the unspecified addresses

may be represented as:

1080::8:800:200C:417A a unicast address
FF01::101 a multicast address
::1 the loopback address
:: the unspecified addresses

3. An alternative form that is sometimes more convenient when dealing
with a mixed environment of IPv4 and IPv6 nodes is
x:x:x:x:x:x:d.d.d.d, where the 'x's are the hexadecimal values of
the six high-order 16-bit pieces of the address, and the 'd's are
the decimal values of the four low-order 8-bit pieces of the
address (standard IPv4 representation). Examples:

0:0:0:0:0:0:13.1.68.3

0:0:0:0:0:FFFF:129.144.52.38

or in compressed form:

::13.1.68.3

::FFFF:129.144.52.38

2.3 Text Representation of Address Prefixes

The text representation of IPv6 address prefixes is similar to the
way IPv4 addresses prefixes are written in CIDR notation. An IPv6
address prefix is represented by the notation:

ipv6-address/prefix-length

where

ipv6-address is an IPv6 address in any of the notations listed
in section 2.2.

prefix-length is a decimal value specifying how many of the
leftmost contiguous bits of the address comprise
the prefix.

For example, the following are legal representations of the 60-bit
prefix 12AB00000000CD3 (hexadecimal):

12AB:0000:0000:CD30:0000:0000:0000:0000/60
12AB::CD30:0:0:0:0/60
12AB:0:0:CD30::/60

The following are NOT legal representations of the above prefix:

12AB:0:0:CD3/60 may drop leading zeros, but not trailing zeros,
within any 16-bit chunk of the address

12AB::CD30/60 address to left of "/" expands to
12AB:0000:0000:0000:0000:000:0000:CD30

12AB::CD3/60 address to left of "/" expands to
12AB:0000:0000:0000:0000:000:0000:0CD3

When writing both a node address and a prefix of that node address
(e.g., the node's subnet prefix), the two can combined as follows:

the node address 12AB:0:0:CD30:123:4567:89AB:CDEF
and its subnet number 12AB:0:0:CD30::/60

can be abbreviated as 12AB:0:0:CD30:123:4567:89AB:CDEF/60

2.4 Address Type Representation

The specific type of an IPv6 address is indicated by the leading bits
in the address. The variable-length field comprising these leading
bits is called the Format Prefix (FP). The initial allocation of
these prefixes is as follows:

Allocation Prefix Fraction of
(binary) Address Space
----------------------------------- -------- -------------
Reserved 0000 0000 1/256
Unassigned 0000 0001 1/256

Reserved for NSAP Allocation 0000 001 1/128
Reserved for IPX Allocation 0000 010 1/128

Unassigned 0000 011 1/128
Unassigned 0000 1 1/32
Unassigned 0001 1/16

Aggregatable Global Unicast Addresses 001 1/8
Unassigned 010 1/8
Unassigned 011 1/8
Unassigned 100 1/8
Unassigned 101 1/8
Unassigned 110 1/8

Unassigned 1110 1/16
Unassigned 1111 0 1/32
Unassigned 1111 10 1/64
Unassigned 1111 110 1/128
Unassigned 1111 1110 0 1/512

Link-Local Unicast Addresses 1111 1110 10 1/1024
Site-Local Unicast Addresses 1111 1110 11 1/1024

Multicast Addresses 1111 1111 1/256

Notes:

(1) The "unspecified address" (see section 2.5.2), the loopback
address (see section 2.5.3), and the IPv6 Addresses with
Embedded IPv4 Addresses (see section 2.5.4), are assigned out
of the 0000 0000 format prefix space.

(2) The format prefixes 001 through 111, except for Multicast
Addresses (1111 1111), are all required to have to have 64-bit
interface identifiers in EUI-64 format. See section 2.5.1 for
definitions.

This allocation supports the direct allocation of aggregation
addresses, local use addresses, and multicast addresses. Space is
reserved for NSAP addresses and IPX addresses. The remainder of the
address space is unassigned for future use. This can be used for
expansion of existing use (e.g., additional aggregatable addresses,
etc.) or new uses (e.g., separate locators and identifiers). Fifteen
percent of the address space is initially allocated. The remaining
85% is reserved for future use.

Unicast addresses are distinguished from multicast addresses by the
value of the high-order octet of the addresses: a value of FF
(11111111) identifies an address as a multicast address; any other
value identifies an address as a unicast address. Anycast addresses
are taken from the unicast address space, and are not syntactically
distinguishable from unicast addresses.

2.5 Unicast Addresses

IPv6 unicast addresses are aggregatable with contiguous bit-wise
masks similar to IPv4 addresses under Class-less Interdomain Routing
[CIDR].

There are several forms of unicast address assignment in IPv6,
including the global aggregatable global unicast address, the NSAP
address, the IPX hierarchical address, the site-local address, the
link-local address, and the IPv4-capable host address. Additional
address types can be defined in the future.

IPv6 nodes may have considerable or little knowledge of the internal
structure of the IPv6 address, depending on the role the node plays
(for instance, host versus router). At a minimum, a node may
consider that unicast addresses (including its own) have no internal
structure:

| 128 bits |
+-----------------------------------------------------------------+
| node address |
+-----------------------------------------------------------------+

A slightly sophisticated host (but still rather simple) may
additionally be aware of subnet prefix(es) for the link(s) it is
attached to, where different addresses may have different values for
n:

| n bits | 128-n bits |
+------------------------------------------------+----------------+
| subnet prefix | interface ID |
+------------------------------------------------+----------------+

Still more sophisticated hosts may be aware of other hierarchical
boundaries in the unicast address. Though a very simple router may
have no knowledge of the internal structure of IPv6 unicast
addresses, routers will more generally have knowledge of one or more
of the hierarchical boundaries for the operation of routing
protocols. The known boundaries will differ from router to router,
depending on what positions the router holds in the routing
hierarchy.

2.5.1 Interface Identifiers

Interface identifiers in IPv6 unicast addresses are used to identify
interfaces on a link. They are required to be unique on that link.
They may also be unique over a broader scope. In many cases an
interface's identifier will be the same as that interface's link-
layer address. The same interface identifier may be used on multiple
interfaces on a single node.

Note that the use of the same interface identifier on multiple
interfaces of a single node does not affect the interface
identifier's global uniqueness or each IPv6 addresses global
uniqueness created using that interface identifier.

In a number of the format prefixes (see section 2.4) Interface IDs
are required to be 64 bits long and to be constructed in IEEE EUI-64
format [EUI64]. EUI-64 based Interface identifiers may have global
scope when a global token is available (e.g., IEEE 48bit MAC) or may
have local scope where a global token is not available (e.g., serial
links, tunnel end-points, etc.). It is required that the "u" bit
(universal/local bit in IEEE EUI-64 terminology) be inverted when
forming the interface identifier from the EUI-64. The "u" bit is set
to one (1) to indicate global scope, and it is set to zero (0) to
indicate local scope. The first three octets in binary of an EUI-64
identifier are as follows:

0 0 0 1 1 2
|0 7 8 5 6 3|
+----+----+----+----+----+----+
|cccc|ccug|cccc|cccc|cccc|cccc|
+----+----+----+----+----+----+

written in Internet standard bit-order , where "u" is the
universal/local bit, "g" is the individual/group bit, and "c" are the
bits of the company_id. Appendix A: "Creating EUI-64 based Interface
Identifiers" provides examples on the creation of different EUI-64
based interface identifiers.

The motivation for inverting the "u" bit when forming the interface
identifier is to make it easy for system administrators to hand
configure local scope identifiers when hardware tokens are not
available. This is expected to be case for serial links, tunnel end-
points, etc. The alternative would have been for these to be of the
form 0200:0:0:1, 0200:0:0:2, etc., instead of the much simpler ::1,
::2, etc.

The use of the universal/local bit in the IEEE EUI-64 identifier is
to allow development of future technology that can take advantage of
interface identifiers with global scope.

The details of forming interface identifiers are defined in the
appropriate "IPv6 over <link>" specification such as "IPv6 over
Ethernet" [ETHER], "IPv6 over FDDI" [FDDI], etc.

2.5.2 The Unspecified Address

The address 0:0:0:0:0:0:0:0 is called the unspecified address. It
must never be assigned to any node. It indicates the absence of an
address. One example of its use is in the Source Address field of
any IPv6 packets sent by an initializing host before it has learned
its own address.

The unspecified address must not be used as the destination address
of IPv6 packets or in IPv6 Routing Headers.

2.5.3 The Loopback Address

The unicast address 0:0:0:0:0:0:0:1 is called the loopback address.
It may be used by a node to send an IPv6 packet to itself. It may
never be assigned to any physical interface. It may be thought of as
being associated with a virtual interface (e.g., the loopback
interface).

The loopback address must not be used as the source address in IPv6
packets that are sent outside of a single node. An IPv6 packet with
a destination address of loopback must never be sent outside of a
single node and must never be forwarded by an IPv6 router.

2.5.4 IPv6 Addresses with Embedded IPv4 Addresses

The IPv6 transition mechanisms [TRAN] include a technique for hosts
and routers to dynamically tunnel IPv6 packets over IPv4 routing
infrastructure. IPv6 nodes that utilize this technique are assigned
special IPv6 unicast addresses that carry an IPv4 address in the low-
order 32-bits. This type of address is termed an "IPv4-compatible
IPv6 address" and has the format:

| 80 bits | 16 | 32 bits |
+--------------------------------------+--------------------------+
|0000..............................0000|0000| IPv4 address |
+--------------------------------------+----+---------------------+

A second type of IPv6 address which holds an embedded IPv4 address is
also defined. This address is used to represent the addresses of
IPv4-only nodes (those that *do not* support IPv6) as IPv6 addresses.
This type of address is termed an "IPv4-mapped IPv6 address" and has
the format:

| 80 bits | 16 | 32 bits |
+--------------------------------------+--------------------------+
|0000..............................0000|FFFF| IPv4 address |
+--------------------------------------+----+---------------------+

2.5.5 NSAP Addresses

This mapping of NSAP address into IPv6 addresses is defined in
[NSAP]. This document recommends that network implementors who have
planned or deployed an OSI NSAP addressing plan, and who wish to
deploy or transition to IPv6, should redesign a native IPv6
addressing plan to meet their needs. However, it also defines a set
of mechanisms for the support of OSI NSAP addressing in an IPv6
network. These mechanisms are the ones that must be used if such
support is required. This document also defines a mapping of IPv6
addresses within the OSI address format, should this be required.

2.5.6 IPX Addresses

This mapping of IPX address into IPv6 addresses is as follows:

| 7 | 121 bits |
+-------+---------------------------------------------------------+
|0000010| to be defined |
+-------+---------------------------------------------------------+

The draft definition, motivation, and usage are under study.

2.5.7 Aggregatable Global Unicast Addresses

The global aggregatable global unicast address is defined in [AGGR].
This address format is designed to support both the current provider
based aggregation and a new type of aggregation called exchanges.
The combination will allow efficient routing aggregation for both
sites which connect directly to providers and who connect to
exchanges. Sites will have the choice to connect to either type of
aggregation point.

The IPv6 aggregatable global unicast address format is as follows:

| 3| 13 | 8 | 24 | 16 | 64 bits |
+--+-----+---+--------+--------+--------------------------------+
|FP| TLA |RES| NLA | SLA | Interface ID |
| | ID | | ID | ID | |
+--+-----+---+--------+--------+--------------------------------+

Where

001 Format Prefix (3 bit) for Aggregatable Global
Unicast Addresses
TLA ID Top-Level Aggregation Identifier
RES Reserved for future use
NLA ID Next-Level Aggregation Identifier
SLA ID Site-Level Aggregation Identifier
INTERFACE ID Interface Identifier

The contents, field sizes, and assignment rules are defined in
[AGGR].

2.5.8 Local-Use IPv6 Unicast Addresses

There are two types of local-use unicast addresses defined. These
are Link-Local and Site-Local. The Link-Local is for use on a single
link and the Site-Local is for use in a single site. Link-Local
addresses have the following format:

| 10 |
| bits | 54 bits | 64 bits |
+----------+-------------------------+----------------------------+
|1111111010| 0 | interface ID |
+----------+-------------------------+----------------------------+

Link-Local addresses are designed to be used for addressing on a
single link for purposes such as auto-address configuration, neighbor
discovery, or when no routers are present.

Routers must not forward any packets with link-local source or
destination addresses to other links.

Site-Local addresses have the following format:

| 10 |
| bits | 38 bits | 16 bits | 64 bits |
+----------+-------------+-----------+----------------------------+
|1111111011| 0 | subnet ID | interface ID |
+----------+-------------+-----------+----------------------------+

Site-Local addresses are designed to be used for addressing inside of
a site without the need for a global prefix.

Routers must not forward any packets with site-local source or
destination addresses outside of the site.

2.6 Anycast Addresses

An IPv6 anycast address is an address that is assigned to more than
one interface (typically belonging to different nodes), with the
property that a packet sent to an anycast address is routed to the
"nearest" interface having that address, according to the routing
protocols' measure of distance.

Anycast addresses are allocated from the unicast address space, using
any of the defined unicast address formats. Thus, anycast addresses
are syntactically indistinguishable from unicast addresses. When a
unicast address is assigned to more than one interface, thus turning
it into an anycast address, the nodes to which the address is
assigned must be explicitly configured to know that it is an anycast
address.

For any assigned anycast address, there is a longest address prefix P
that identifies the topological region in which all interfaces
belonging to that anycast address reside. Within the region
identified by P, each member of the anycast set must be advertised as
a separate entry in the routing system (commonly referred to as a
"host route"); outside the region identified by P, the anycast
address may be aggregated into the routing advertisement for prefix
P.

Note that in, the worst case, the prefix P of an anycast set may be
the null prefix, i.e., the members of the set may have no topological
locality. In that case, the anycast address must be advertised as a
separate routing entry throughout the entire internet, which presents

a severe scaling limit on how many such "global" anycast sets may be
supported. Therefore, it is expected that support for global anycast
sets may be unavailable or very restricted.

One expected use of anycast addresses is to identify the set of
routers belonging to an organization providing internet service.
Such addresses could be used as intermediate addresses in an IPv6
Routing header, to cause a packet to be delivered via a particular
aggregation or sequence of aggregations. Some other possible uses
are to identify the set of routers attached to a particular subnet,
or the set of routers providing entry into a particular routing
domain.

There is little experience with widespread, arbitrary use of internet
anycast addresses, and some known complications and hazards when
using them in their full generality [ANYCST]. Until more experience
has been gained and solutions agreed upon for those problems, the
following restrictions are imposed on IPv6 anycast addresses:

o An anycast address must not be used as the source address of an
IPv6 packet.

o An anycast address must not be assigned to an IPv6 host, that
is, it may be assigned to an IPv6 router only.

2.6.1 Required Anycast Address

The Subnet-Router anycast address is predefined. Its format is as
follows:

| n bits | 128-n bits |
+------------------------------------------------+----------------+
| subnet prefix | 00000000000000 |
+------------------------------------------------+----------------+

The "subnet prefix" in an anycast address is the prefix which
identifies a specific link. This anycast address is syntactically
the same as a unicast address for an interface on the link with the
interface identifier set to zero.

Packets sent to the Subnet-Router anycast address will be delivered
to one router on the subnet. All routers are required to support the
Subnet-Router anycast addresses for the subnets which they have
interfaces.

The subnet-router anycast address is intended to be used for
applications where a node needs to communicate with one of a set of
routers on a remote subnet. For example when a mobile host needs to
communicate with one of the mobile agents on its "home" subnet.

2.7 Multicast Addresses

An IPv6 multicast address is an identifier for a group of nodes. A
node may belong to any number of multicast groups. Multicast
addresses have the following format:

| 8 | 4 | 4 | 112 bits |
+------ -+----+----+---------------------------------------------+
|11111111|flgs|scop| group ID |
+--------+----+----+---------------------------------------------+

11111111 at the start of the address identifies the address as
being a multicast address.

+-+-+-+-+
flgs is a set of 4 flags: |0|0|0|T|
+-+-+-+-+

The high-order 3 flags are reserved, and must be initialized to
0.

T = 0 indicates a permanently-assigned ("well-known") multicast
address, assigned by the global internet numbering authority.

T = 1 indicates a non-permanently-assigned ("transient")
multicast address.

scop is a 4-bit multicast scope value used to limit the scope of
the multicast group. The values are:

0 reserved
1 node-local scope
2 link-local scope
3 (unassigned)
4 (unassigned)
5 site-local scope
6 (unassigned)
7 (unassigned)
8 organization-local scope
9 (unassigned)
A (unassigned)
B (unassigned)
C (unassigned)

D (unassigned)
E global scope
F reserved

group ID identifies the multicast group, either permanent or
transient, within the given scope.

The "meaning" of a permanently-assigned multicast address is
independent of the scope value. For example, if the "NTP servers
group" is assigned a permanent multicast address with a group ID of
101 (hex), then:

FF01:0:0:0:0:0:0:101 means all NTP servers on the same node as the
sender.

FF02:0:0:0:0:0:0:101 means all NTP servers on the same link as the
sender.

FF05:0:0:0:0:0:0:101 means all NTP servers at the same site as the
sender.

FF0E:0:0:0:0:0:0:101 means all NTP servers in the internet.

Non-permanently-assigned multicast addresses are meaningful only
within a given scope. For example, a group identified by the non-
permanent, site-local multicast address FF15:0:0:0:0:0:0:101 at one
site bears no relationship to a group using the same address at a
different site, nor to a non-permanent group using the same group ID
with different scope, nor to a permanent group with the same group
ID.

Multicast addresses must not be used as source addresses in IPv6
packets or appear in any routing header.

2.7.1 Pre-Defined Multicast Addresses

The following well-known multicast addresses are pre-defined:

Reserved Multicast Addresses: FF00:0:0:0:0:0:0:0
FF01:0:0:0:0:0:0:0
FF02:0:0:0:0:0:0:0
FF03:0:0:0:0:0:0:0
FF04:0:0:0:0:0:0:0
FF05:0:0:0:0:0:0:0
FF06:0:0:0:0:0:0:0
FF07:0:0:0:0:0:0:0
FF08:0:0:0:0:0:0:0
FF09:0:0:0:0:0:0:0

FF0A:0:0:0:0:0:0:0
FF0B:0:0:0:0:0:0:0
FF0C:0:0:0:0:0:0:0
FF0D:0:0:0:0:0:0:0
FF0E:0:0:0:0:0:0:0
FF0F:0:0:0:0:0:0:0

The above multicast addresses are reserved and shall never be
assigned to any multicast group.

All Nodes Addresses: FF01:0:0:0:0:0:0:1
FF02:0:0:0:0:0:0:1

The above multicast addresses identify the group of all IPv6 nodes,
within scope 1 (node-local) or 2 (link-local).

All Routers Addresses: FF01:0:0:0:0:0:0:2
FF02:0:0:0:0:0:0:2
FF05:0:0:0:0:0:0:2

The above multicast addresses identify the group of all IPv6 routers,
within scope 1 (node-local), 2 (link-local), or 5 (site-local).

Solicited-Node Address: FF02:0:0:0:0:1:FFXX:XXXX

The above multicast address is computed as a function of a node's
unicast and anycast addresses. The solicited-node multicast address
is formed by taking the low-order 24 bits of the address (unicast or
anycast) and appending those bits to the prefix
FF02:0:0:0:0:1:FF00::/104 resulting in a multicast address in the
range

FF02:0:0:0:0:1:FF00:0000

to

FF02:0:0:0:0:1:FFFF:FFFF

For example, the solicited node multicast address corresponding to
the IPv6 address 4037::01:800:200E:8C6C is FF02::1:FF0E:8C6C. IPv6
addresses that differ only in the high-order bits, e.g. due to
multiple high-order prefixes associated with different aggregations,
will map to the same solicited-node address thereby reducing the
number of multicast addresses a node must join.

A node is required to compute and join the associated Solicited-Node
multicast addresses for every unicast and anycast address it is
assigned.

2.7.2 Assignment of New IPv6 Multicast Addresses

The current approach [ETHER] to map IPv6 multicast addresses into
IEEE 802 MAC addresses takes the low order 32 bits of the IPv6
multicast address and uses it to create a MAC address. Note that
Token Ring networks are handled differently. This is defined in
[TOKEN]. Group ID's less than or equal to 32 bits will generate
unique MAC addresses. Due to this new IPv6 multicast addresses
should be assigned so that the group identifier is always in the low
order 32 bits as shown in the following:

| 8 | 4 | 4 | 80 bits | 32 bits |
+------ -+----+----+---------------------------+-----------------+
|11111111|flgs|scop| reserved must be zero | group ID |
+--------+----+----+---------------------------+-----------------+

While this limits the number of permanent IPv6 multicast groups to
2^32 this is unlikely to be a limitation in the future. If it
becomes necessary to exceed this limit in the future multicast will
still work but the processing will be sightly slower.

Additional IPv6 multicast addresses are defined and registered by the
IANA [MASGN].

2.8 A Node's Required Addresses

A host is required to recognize the following addresses as
identifying itself:

o Its Link-Local Address for each interface
o Assigned Unicast Addresses
o Loopback Address
o All-Nodes Multicast Addresses
o Solicited-Node Multicast Address for each of its assigned
unicast and anycast addresses
o Multicast Addresses of all other groups to which the host
belongs.

A router is required to recognize all addresses that a host is
required to recognize, plus the following addresses as identifying
itself:

o The Subnet-Router anycast addresses for the interfaces it is
configured to act as a router on.
o All other Anycast addresses with which the router has been
configured.
o All-Routers Multicast Addresses

o Multicast Addresses of all other groups to which the router
belongs.

The only address prefixes which should be predefined in an
implementation are the:

o Unspecified Address
o Loopback Address
o Multicast Prefix (FF)
o Local-Use Prefixes (Link-Local and Site-Local)
o Pre-Defined Multicast Addresses
o IPv4-Compatible Prefixes

Implementations should assume all other addresses are unicast unless
specifically configured (e.g., anycast addresses).

3. Security Considerations

IPv6 addressing documents do not have any direct impact on Internet
infrastructure security. Authentication of IPv6 packets is defined
in [AUTH].

APPENDIX A : Creating EUI-64 based Interface Identifiers
--------------------------------------------------------

Depending on the characteristics of a specific link or node there are
a number of approaches for creating EUI-64 based interface
identifiers. This appendix describes some of these approaches.

Links or Nodes with EUI-64 Identifiers

The only change needed to transform an EUI-64 identifier to an
interface identifier is to invert the "u" (universal/local) bit. For
example, a globally unique EUI-64 identifier of the form:

|0 1|1 3|3 4|4 6|
|0 5|6 1|2 7|8 3|
+----------------+----------------+----------------+----------------+
|cccccc0gcccccccc|ccccccccmmmmmmmm|mmmmmmmmmmmmmmmm|mmmmmmmmmmmmmmmm|
+----------------+----------------+----------------+----------------+

where "c" are the bits of the assigned company_id, "0" is the value
of the universal/local bit to indicate global scope, "g" is
individual/group bit, and "m" are the bits of the manufacturer-
selected extension identifier. The IPv6 interface identifier would
be of the form:

|0 1|1 3|3 4|4 6|
|0 5|6 1|2 7|8 3|
+----------------+----------------+----------------+----------------+
|cccccc1gcccccccc|ccccccccmmmmmmmm|mmmmmmmmmmmmmmmm|mmmmmmmmmmmmmmmm|
+----------------+----------------+----------------+----------------+

The only change is inverting the value of the universal/local bit.

Links or Nodes with IEEE 802 48 bit MAC's

[EUI64] defines a method to create a EUI-64 identifier from an IEEE
48bit MAC identifier. This is to insert two octets, with hexadecimal
values of 0xFF and 0xFE, in the middle of the 48 bit MAC (between the
company_id and vendor supplied id). For example the 48 bit MAC with
global scope:

|0 1|1 3|3 4|
|0 5|6 1|2 7|
+----------------+----------------+----------------+
|cccccc0gcccccccc|ccccccccmmmmmmmm|mmmmmmmmmmmmmmmm|
+----------------+----------------+----------------+

where "c" are the bits of the assigned company_id, "0" is the value
of the universal/local bit to indicate global scope, "g" is
individual/group bit, and "m" are the bits of the manufacturer-
selected extension identifier. The interface identifier would be of
the form:

|0 1|1 3|3 4|4 6|
|0 5|6 1|2 7|8 3|
+----------------+----------------+----------------+----------------+
|cccccc1gcccccccc|cccccccc11111111|11111110mmmmmmmm|mmmmmmmmmmmmmmmm|
+----------------+----------------+----------------+----------------+

When IEEE 802 48bit MAC addresses are available (on an interface or a
node), an implementation should use them to create interface
identifiers due to their availability and uniqueness properties.

Links with Non-Global Identifiers

There are a number of types of links that, while multi-access, do not
have globally unique link identifiers. Examples include LocalTalk
and Arcnet. The method to create an EUI-64 formatted identifier is
to take the link identifier (e.g., the LocalTalk 8 bit node
identifier) and zero fill it to the left. For example a LocalTalk 8
bit node identifier of hexadecimal value 0x4F results in the
following interface identifier:

|0 1|1 3|3 4|4 6|
|0 5|6 1|2 7|8 3|
+----------------+----------------+----------------+----------------+
|0000000000000000|0000000000000000|0000000000000000|0000000001001111|
+----------------+----------------+----------------+----------------+

Note that this results in the universal/local bit set to "0" to
indicate local scope.

Links without Identifiers

There are a number of links that do not have any type of built-in
identifier. The most common of these are serial links and configured
tunnels. Interface identifiers must be chosen that are unique for
the link.

When no built-in identifier is available on a link the preferred
approach is to use a global interface identifier from another
interface or one which is assigned to the node itself. To use this
approach no other interface connecting the same node to the same link
may use the same identifier.

If there is no global interface identifier available for use on the
link the implementation needs to create a local scope interface
identifier. The only requirement is that it be unique on the link.
There are many possible approaches to select a link-unique interface
identifier. They include:

Manual Configuration
Generated Random Number
Node Serial Number (or other node-specific token)

The link-unique interface identifier should be generated in a manner
that it does not change after a reboot of a node or if interfaces are
added or deleted from the node.

The selection of the appropriate algorithm is link and implementation
dependent. The details on forming interface identifiers are defined
in the appropriate "IPv6 over <link>" specification. It is strongly
recommended that a collision detection algorithm be implemented as
part of any automatic algorithm.

APPENDIX B: ABNF Description of Text Representations
----------------------------------------------------

This appendix defines the text representation of IPv6 addresses and
prefixes in Augmented BNF [ABNF] for reference purposes.

IPv6address = hexpart [ ":" IPv4address ]
IPv4address = 1*3DIGIT "." 1*3DIGIT "." 1*3DIGIT "." 1*3DIGIT

IPv6prefix = hexpart "/" 1*2DIGIT

hexpart = hexseq | hexseq "::" [ hexseq ] | "::" [ hexseq ]
hexseq = hex4 *( ":" hex4)
hex4 = 1*4HEXDIG

APPENDIX C: CHANGES FROM RFC-1884
---------------------------------

The following changes were made from RFC-1884 "IP Version 6
Addressing Architecture":

- Added an appendix providing a ABNF description of text
representations.
- Clarification that link unique identifiers not change after
reboot or other interface reconfigurations.
- Clarification of Address Model based on comments.
- Changed aggregation format terminology to be consistent with
aggregation draft.
- Added text to allow interface identifier to be used on more than
one interface on same node.
- Added rules for defining new multicast addresses.
- Added appendix describing procedures for creating EUI-64 based
interface ID's.
- Added notation for defining IPv6 prefixes.
- Changed solicited node multicast definition to use a longer
prefix.
- Added site scope all routers multicast address.
- Defined Aggregatable Global Unicast Addresses to use "001" Format
Prefix.
- Changed "010" (Provider-Based Unicast) and "100" (Reserved for
Geographic) Format Prefixes to Unassigned.
- Added section on Interface ID definition for unicast addresses.
Requires use of EUI-64 in range of format prefixes and rules for
setting global/local scope bit in EUI-64.
- Updated NSAP text to reflect working in RFC1888.
- Removed protocol specific IPv6 multicast addresses (e.g., DHCP)
and referenced the IANA definitions.
- Removed section "Unicast Address Example". Had become OBE.
- Added new and updated references.
- Minor text clarifications and improvements.

REFERENCES

[ABNF] Crocker, D., and P. Overell, "Augmented BNF for
Syntax Specifications: ABNF", RFC 2234, November 1997.

[AGGR] Hinden, R., O'Dell, M., and S. Deering, "An
Aggregatable Global Unicast Address Format", RFC 2374, July
1998.

[AUTH] Atkinson, R., "IP Authentication Header", RFC 1826, August
1995.

[ANYCST] Partridge, C., Mendez, T., and W. Milliken, "Host
Anycasting Service", RFC 1546, November 1993.

[CIDR] Fuller, V., Li, T., Yu, J., and K. Varadhan, "Classless
Inter-Domain Routing (CIDR): An Address Assignment and
Aggregation Strategy", RFC 1519, September 1993.

[ETHER] Crawford, M., "Transmission of IPv6 Pacekts over Ethernet
Networks", Work in Progress.

[EUI64] IEEE, "Guidelines for 64-bit Global Identifier (EUI-64)
Registration Authority",
http://standards.ieee.org/db/oui/tutorials/EUI64.html,
March 1997.

[FDDI] Crawford, M., "Transmission of IPv6 Packets over FDDI
Networks", Work in Progress.

[IPV6] Deering, S., and R. Hinden, Editors, "Internet Protocol,
Version 6 (IPv6) Specification", RFC 1883, December 1995.

[MASGN] Hinden, R., and S. Deering, "IPv6 Multicast Address
Assignments", RFC 2375, July 1998.

[NSAP] Bound, J., Carpenter, B., Harrington, D., Houldsworth, J.,
and A. Lloyd, "OSI NSAPs and IPv6", RFC 1888, August 1996.

[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997.

[TOKEN] Thomas, S., "Transmission of IPv6 Packets over Token Ring
Networks", Work in Progress.

[TRAN] Gilligan, R., and E. Nordmark, "Transition Mechanisms for
IPv6 Hosts and Routers", RFC 1993, April 1996.

AUTHORS' ADDRESSES

Robert M. Hinden
Nokia
232 Java Drive
Sunnyvale, CA 94089
USA

Phone: +1 408 990-2004
Fax: +1 408 743-5677
EMail: hinden@iprg.nokia.com

Stephen E. Deering
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134-1706
USA

Phone: +1 408 527-8213
Fax: +1 408 527-8254
EMail: deering@cisco.com

Full Copyright Statement

Copyright (C) The Internet Society (1998). All Rights Reserved.

This document and translations of it may be copied and furnished to
others, and derivative works that comment on or otherwise explain it
or assist in its implementation may be prepared, copied, published
and distributed, in whole or in part, without restriction of any
kind, provided that the above copyright notice and this paragraph are
included on all such copies and derivative works. However, this
document itself may not be modified in any way, such as by removing
the copyright notice or references to the Internet Society or other
Internet organizations, except as needed for the purpose of
developing Internet standards in which case the procedures for
copyrights defined in the Internet Standards process must be
followed, or as required to translate it into languages other than
English.

The limited permissions granted above are perpetual and will not be
revoked by the Internet Society or its successors or assigns.

This document and the information contained herein is provided on an
"AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.

RFC 2463 – Internet Control Message Protocol (ICMPv6)

 
Network Working Group                                           A. Conta
Request for Comments: 2463 Lucent
Obsoletes: 1885 S. Deering
Category: Standards Track Cisco Systems
December 1998

Internet Control Message Protocol (ICMPv6)
for the Internet Protocol Version 6 (IPv6)
Specification

Status of this Memo

This document specifies an Internet standards track protocol for the
Internet community, and requests discussion and suggestions for
improvements. Please refer to the current edition of the "Internet
Official Protocol Standards" (STD 1) for the standardization state
and status of this protocol. Distribution of this memo is unlimited.

Copyright Notice

Copyright (C) The Internet Society (1998). All Rights Reserved.

Abstract

This document specifies a set of Internet Control Message Protocol
(ICMP) messages for use with version 6 of the Internet Protocol
(IPv6).

Table of Contents

1. Introduction........................................2
2. ICMPv6 (ICMP for IPv6)..............................2
2.1 Message General Format.......................2
2.2 Message Source Address Determination.........3
2.3 Message Checksum Calculation.................4
2.4 Message Processing Rules.....................4
3. ICMPv6 Error Messages...............................6
3.1 Destination Unreachable Message..............6
3.2 Packet Too Big Message...................... 8
3.3 Time Exceeded Message....................... 9
3.4 Parameter Problem Message...................10
4. ICMPv6 Informational Messages......................11
4.1 Echo Request Message........................11
4.2 Echo Reply Message..........................12
5. Security Considerations............................13
6. References.........................................14
7. Acknowledgments....................................15
8. Authors' Addresses.................................16
Appendix A - Changes since RFC 1885...................17
Full Copyright Statement..............................18

1. Introduction


The Internet Protocol, version 6 (IPv6) is a new version of IP. IPv6
uses the Internet Control Message Protocol (ICMP) as defined for IPv4
[RFC-792], with a number of changes. The resulting protocol is
called ICMPv6, and has an IPv6 Next Header value of 58.

This document describes the format of a set of control messages used
in ICMPv6. It does not describe the procedures for using these
messages to achieve functions like Path MTU discovery; such
procedures are described in other documents (e.g., [PMTU]). Other
documents may also introduce additional ICMPv6 message types, such as
Neighbor Discovery messages [IPv6-DISC], subject to the general rules
for ICMPv6 messages given in section 2 of this document.

Terminology defined in the IPv6 specification [IPv6] and the IPv6
Routing and Addressing specification [IPv6-ADDR] applies to this
document as well.

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC-2119].

2. ICMPv6 (ICMP for IPv6)


ICMPv6 is used by IPv6 nodes to report errors encountered in
processing packets, and to perform other internet-layer functions,
such as diagnostics (ICMPv6 "ping"). ICMPv6 is an integral part of
IPv6 and MUST be fully implemented by every IPv6 node.

2.1 Message General Format


ICMPv6 messages are grouped into two classes: error messages and
informational messages. Error messages are identified as such by
having a zero in the high-order bit of their message Type field
values. Thus, error messages have message Types from 0 to 127;
informational messages have message Types from 128 to 255.

This document defines the message formats for the following ICMPv6
messages:

ICMPv6 error messages:

1 Destination Unreachable (see section 3.1)
2 Packet Too Big (see section 3.2)
3 Time Exceeded (see section 3.3)
4 Parameter Problem (see section 3.4)

ICMPv6 informational messages:

128 Echo Request (see section 4.1)
129 Echo Reply (see section 4.2)

Every ICMPv6 message is preceded by an IPv6 header and zero or more
IPv6 extension headers. The ICMPv6 header is identified by a Next
Header value of 58 in the immediately preceding header. (NOTE: this
is different than the value used to identify ICMP for IPv4.)

The ICMPv6 messages have the following general format:

0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Code | Checksum |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
+ Message Body +
| |

The type field indicates the type of the message. Its value
determines the format of the remaining data.

The code field depends on the message type. It is used to create an
additional level of message granularity.

The checksum field is used to detect data corruption in the ICMPv6
message and parts of the IPv6 header.

2.2 Message Source Address Determination


A node that sends an ICMPv6 message has to determine both the Source
and Destination IPv6 Addresses in the IPv6 header before calculating
the checksum. If the node has more than one unicast address, it must
choose the Source Address of the message as follows:

(a) If the message is a response to a message sent to one of the
node's unicast addresses, the Source Address of the reply must
be that same address.

(b) If the message is a response to a message sent to a multicast or
anycast group in which the node is a member, the Source Address
of the reply must be a unicast address belonging to the
interface on which the multicast or anycast packet was received.

(c) If the message is a response to a message sent to an address
that does not belong to the node, the Source Address should be
that unicast address belonging to the node that will be most
helpful in diagnosing the error. For example, if the message is
a response to a packet forwarding action that cannot complete
successfully, the Source Address should be a unicast address
belonging to the interface on which the packet forwarding
failed.

(d) Otherwise, the node's routing table must be examined to
determine which interface will be used to transmit the message
to its destination, and a unicast address belonging to that
interface must be used as the Source Address of the message.

2.3 Message Checksum Calculation


The checksum is the 16-bit one's complement of the one's complement
sum of the entire ICMPv6 message starting with the ICMPv6 message
type field, prepended with a "pseudo-header" of IPv6 header fields,
as specified in [IPv6, section 8.1]. The Next Header value used in
the pseudo-header is 58. (NOTE: the inclusion of a pseudo-header in
the ICMPv6 checksum is a change from IPv4; see [IPv6] for the
rationale for this change.)

For computing the checksum, the checksum field is set to zero.

2.4 Message Processing Rules


Implementations MUST observe the following rules when processing
ICMPv6 messages (from [RFC-1122]):

(a) If an ICMPv6 error message of unknown type is received, it MUST
be passed to the upper layer.

(b) If an ICMPv6 informational message of unknown type is received,
it MUST be silently discarded.

(c) Every ICMPv6 error message (type < 128) includes as much of the
IPv6 offending (invoking) packet (the packet that caused the
error) as will fit without making the error message packet
exceed the minimum IPv6 MTU [IPv6].

(d) In those cases where the internet-layer protocol is required to
pass an ICMPv6 error message to the upper-layer process, the
upper-layer protocol type is extracted from the original packet
(contained in the body of the ICMPv6 error message) and used to
select the appropriate upper-layer process to handle the error.

If the original packet had an unusually large amount of
extension headers, it is possible that the upper-layer protocol
type may not be present in the ICMPv6 message, due to truncation
of the original packet to meet the minimum IPv6 MTU [IPv6]
limit. In that case, the error message is silently dropped
after any IPv6-layer processing.

(e) An ICMPv6 error message MUST NOT be sent as a result of
receiving:

(e.1) an ICMPv6 error message, or

(e.2) a packet destined to an IPv6 multicast address (there are
two exceptions to this rule: (1) the Packet Too Big
Message - Section 3.2 - to allow Path MTU discovery to
work for IPv6 multicast, and (2) the Parameter Problem
Message, Code 2 - Section 3.4 - reporting an unrecognized
IPv6 option that has the Option Type highest-order two
bits set to 10), or

(e.3) a packet sent as a link-layer multicast, (the exception
from e.2 applies to this case too), or

(e.4) a packet sent as a link-layer broadcast, (the exception
from e.2 applies to this case too), or

(e.5) a packet whose source address does not uniquely identify
a single node -- e.g., the IPv6 Unspecified Address, an
IPv6 multicast address, or an address known by the ICMP
message sender to be an IPv6 anycast address.

(f) Finally, in order to limit the bandwidth and forwarding costs
incurred sending ICMPv6 error messages, an IPv6 node MUST limit
the rate of ICMPv6 error messages it sends. This situation may
occur when a source sending a stream of erroneous packets fails
to heed the resulting ICMPv6 error messages. There are a
variety of ways of implementing the rate-limiting function, for
example:

(f.1) Timer-based - for example, limiting the rate of
transmission of error messages to a given source, or to
any source, to at most once every T milliseconds.

(f.2) Bandwidth-based - for example, limiting the rate at which
error messages are sent from a particular interface to
some fraction F of the attached link's bandwidth.

The limit parameters (e.g., T or F in the above examples) MUST
be configurable for the node, with a conservative default value
(e.g., T = 1 second, NOT 0 seconds, or F = 2 percent, NOT 100
percent).

The following sections describe the message formats for the above
ICMPv6 messages.

3. ICMPv6 Error Messages


3.1 Destination Unreachable Message


0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Code | Checksum |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Unused |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| As much of invoking packet |
+ as will fit without the ICMPv6 packet +
| exceeding the minimum IPv6 MTU [IPv6] |

IPv6 Fields:

Destination Address

Copied from the Source Address field of the invoking
packet.

ICMPv6 Fields:

Type 1

Code 0 - no route to destination
1 - communication with destination
administratively prohibited
2 - (not assigned)
3 - address unreachable
4 - port unreachable

Unused This field is unused for all code values.
It must be initialized to zero by the sender
and ignored by the receiver.

Description

A Destination Unreachable message SHOULD be generated by a router, or
by the IPv6 layer in the originating node, in response to a packet
that cannot be delivered to its destination address for reasons other
than congestion. (An ICMPv6 message MUST NOT be generated if a
packet is dropped due to congestion.)

If the reason for the failure to deliver is lack of a matching entry
in the forwarding node's routing table, the Code field is set to 0
(NOTE: this error can occur only in nodes that do not hold a "default
route" in their routing tables).

If the reason for the failure to deliver is administrative
prohibition, e.g., a "firewall filter", the Code field is set to 1.

If there is any other reason for the failure to deliver, e.g.,
inability to resolve the IPv6 destination address into a
corresponding link address, or a link-specific problem of some sort,
then the Code field is set to 3.

A destination node SHOULD send a Destination Unreachable message with
Code 4 in response to a packet for which the transport protocol
(e.g., UDP) has no listener, if that transport protocol has no
alternative means to inform the sender.

Upper layer notification

A node receiving the ICMPv6 Destination Unreachable message MUST
notify the upper-layer process.

3.2 Packet Too Big Message


0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Code | Checksum |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| MTU |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| As much of invoking packet |
+ as will fit without the ICMPv6 packet +
| exceeding the minimum IPv6 MTU [IPv6] |

IPv6 Fields:

Destination Address

Copied from the Source Address field of the invoking
packet.

ICMPv6 Fields:

Type 2

Code Set to 0 (zero) by the sender and ignored by the
receiver

MTU The Maximum Transmission Unit of the next-hop link.

Description

A Packet Too Big MUST be sent by a router in response to a packet
that it cannot forward because the packet is larger than the MTU of
the outgoing link. The information in this message is used as part
of the Path MTU Discovery process [PMTU].

Sending a Packet Too Big Message makes an exception to one of the
rules of when to send an ICMPv6 error message, in that unlike other
messages, it is sent in response to a packet received with an IPv6
multicast destination address, or a link-layer multicast or link-
layer broadcast address.

Upper layer notification

An incoming Packet Too Big message MUST be passed to the upper-layer
process.

3.3 Time Exceeded Message


0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Code | Checksum |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Unused |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| As much of invoking packet |
+ as will fit without the ICMPv6 packet +
| exceeding the minimum IPv6 MTU [IPv6] |

IPv6 Fields:

Destination Address
Copied from the Source Address field of the invoking
packet.

ICMPv6 Fields:

Type 3

Code 0 - hop limit exceeded in transit

1 - fragment reassembly time exceeded

Unused This field is unused for all code values.
It must be initialized to zero by the sender
and ignored by the receiver.

Description

If a router receives a packet with a Hop Limit of zero, or a router
decrements a packet's Hop Limit to zero, it MUST discard the packet
and send an ICMPv6 Time Exceeded message with Code 0 to the source of
the packet. This indicates either a routing loop or too small an
initial Hop Limit value.

The rules for selecting the Source Address of this message are
defined in section 2.2.

Upper layer notification

An incoming Time Exceeded message MUST be passed to the upper-layer
process.

3.4 Parameter Problem Message


0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Code | Checksum |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Pointer |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| As much of invoking packet |
+ as will fit without the ICMPv6 packet +
| exceeding the minimum IPv6 MTU [IPv6] |

IPv6 Fields:

Destination Address

Copied from the Source Address field of the invoking
packet.

ICMPv6 Fields:

Type 4

Code 0 - erroneous header field encountered

1 - unrecognized Next Header type encountered

2 - unrecognized IPv6 option encountered

Pointer Identifies the octet offset within the
invoking packet where the error was detected.

The pointer will point beyond the end of the ICMPv6
packet if the field in error is beyond what can fit
in the maximum size of an ICMPv6 error message.

Description

If an IPv6 node processing a packet finds a problem with a field in
the IPv6 header or extension headers such that it cannot complete
processing the packet, it MUST discard the packet and SHOULD send an
ICMPv6 Parameter Problem message to the packet's source, indicating
the type and location of the problem.

The pointer identifies the octet of the original packet's header
where the error was detected. For example, an ICMPv6 message with
Type field = 4, Code field = 1, and Pointer field = 40 would indicate

that the IPv6 extension header following the IPv6 header of the
original packet holds an unrecognized Next Header field value.

Upper layer notification

A node receiving this ICMPv6 message MUST notify the upper-layer
process.

4. ICMPv6 Informational Messages


4.1 Echo Request Message


0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Code | Checksum |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Identifier | Sequence Number |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Data ...
+-+-+-+-+-

IPv6 Fields:

Destination Address

Any legal IPv6 address.

ICMPv6 Fields:

Type 128

Code 0

Identifier An identifier to aid in matching Echo Replies
to this Echo Request. May be zero.

Sequence Number

A sequence number to aid in matching Echo Replies
to this Echo Request. May be zero.

Data Zero or more octets of arbitrary data.

Description

Every node MUST implement an ICMPv6 Echo responder function that
receives Echo Requests and sends corresponding Echo Replies. A node
SHOULD also implement an application-layer interface for sending Echo
Requests and receiving Echo Replies, for diagnostic purposes.

Upper layer notification

Echo Request messages MAY be passed to processes receiving ICMP
messages.

4.2 Echo Reply Message


0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Code | Checksum |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Identifier | Sequence Number |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Data ...
+-+-+-+-+-

IPv6 Fields:

Destination Address

Copied from the Source Address field of the invoking
Echo Request packet.

ICMPv6 Fields:

Type 129

Code 0

Identifier The identifier from the invoking Echo Request message.

Sequence The sequence number from the invoking Echo Request
Number message.

Data The data from the invoking Echo Request message.

Description

Every node MUST implement an ICMPv6 Echo responder function that
receives Echo Requests and sends corresponding Echo Replies. A node
SHOULD also implement an application-layer interface for sending Echo
Requests and receiving Echo Replies, for diagnostic purposes.

The source address of an Echo Reply sent in response to a unicast
Echo Request message MUST be the same as the destination address of
that Echo Request message.

An Echo Reply SHOULD be sent in response to an Echo Request message
sent to an IPv6 multicast address. The source address of the reply
MUST be a unicast address belonging to the interface on which the
multicast Echo Request message was received.

The data received in the ICMPv6 Echo Request message MUST be returned
entirely and unmodified in the ICMPv6 Echo Reply message.

Upper layer notification

Echo Reply messages MUST be passed to the process that originated an
Echo Request message. It may be passed to processes that did not
originate the Echo Request message.

5. Security Considerations


5.1 Authentication and Encryption of ICMP messages


ICMP protocol packet exchanges can be authenticated using the IP
Authentication Header [IPv6-AUTH]. A node SHOULD include an
Authentication Header when sending ICMP messages if a security
association for use with the IP Authentication Header exists for the
destination address. The security associations may have been created
through manual configuration or through the operation of some key
management protocol.

Received Authentication Headers in ICMP packets MUST be verified for
correctness and packets with incorrect authentication MUST be ignored
and discarded.

It SHOULD be possible for the system administrator to configure a
node to ignore any ICMP messages that are not authenticated using
either the Authentication Header or Encapsulating Security Payload.
Such a switch SHOULD default to allowing unauthenticated messages.

Confidentiality issues are addressed by the IP Security Architecture
and the IP Encapsulating Security Payload documents [IPv6-SA, IPv6-
ESP].

5.2 ICMP Attacks


ICMP messages may be subject to various attacks. A complete
discussion can be found in the IP Security Architecture [IPv6-SA]. A
brief discussion of such attacks and their prevention is as follows:

1. ICMP messages may be subject to actions intended to cause the
receiver believe the message came from a different source than the
message originator. The protection against this attack can be
achieved by applying the IPv6 Authentication mechanism [IPv6-Auth]
to the ICMP message.

2. ICMP messages may be subject to actions intended to cause the
message or the reply to it go to a destination different than the
message originator's intention. The ICMP checksum calculation
provides a protection mechanism against changes by a malicious
interceptor in the destination and source address of the IP packet
carrying that message, provided the ICMP checksum field is
protected against change by authentication [IPv6-Auth] or
encryption [IPv6-ESP] of the ICMP message.

3. ICMP messages may be subject to changes in the message fields, or
payload. The authentication [IPv6-Auth] or encryption [IPv6-ESP]
of the ICMP message is a protection against such actions.

4. ICMP messages may be used as attempts to perform denial of service
attacks by sending back to back erroneous IP packets. An
implementation that correctly followed section 2.4, paragraph (f)
of this specifications, would be protected by the ICMP error rate
limiting mechanism.

6. References


[IPv6] Deering, S. and R. Hinden, "Internet Protocol, Version
6, (IPv6) Specification", RFC 2460, December 1998.

[IPv6-ADDR] Hinden, R. and S. Deering, "IP Version 6 Addressing
Architecture", RFC 2373, July 1998.

[IPv6-DISC] Narten, T., Nordmark, E. and W. Simpson, "Neighbor
Discovery for IP Version 6 (IPv6)", RFC 2461, December
1998.

[RFC-792] Postel, J., "Internet Control Message Protocol", STD 5,
RFC 792, September 1981.

[RFC-1122] Braden, R., "Requirements for Internet Hosts -
Communication Layers", STD 5, RFC 1122, August 1989.

[PMTU] McCann, J., Deering, S. and J. Mogul, "Path MTU
Discovery for IP version 6", RFC 1981, August 1996.

[RFC-2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997.

[IPv6-SA] Kent, S. and R. Atkinson, "Security Architecture for the
Internet Protocol", RFC 2401, November 1998.

[IPv6-Auth] Kent, S. and R. Atkinson, "IP Authentication Header",
RFC 2402, November 1998.

[IPv6-ESP] Kent, S. and R. Atkinson, "IP Encapsulating Security
Protocol (ESP)", RFC 2406, November 1998.

7. Acknowledgments


The document is derived from previous ICMP drafts of the SIPP and
IPng working group.

The IPng working group and particularly Robert Elz, Jim Bound, Bill
Simpson, Thomas Narten, Charlie Lynn, Bill Fink, Scott Bradner,
Dimitri Haskin, and Bob Hinden (in chronological order) provided
extensive review information and feedback.

8. Authors' Addresses


Alex Conta
Lucent Technologies Inc.
300 Baker Ave, Suite 100
Concord, MA 01742
USA

Phone: +1 978 287-2842
EMail: aconta@lucent.com

Stephen Deering
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134-1706
USA

Phone: +1 408 527-8213
EMail: deering@cisco.com

Appendix A - Changes from RFC 1885


Version 2-02

- Excluded mentioning informational replies from paragraph (f.2) of
section 2.4.
- In "Upper layer notification" sections changed "upper-layer
protocol" and "User Interface" to "process".
- Changed section 5.2, item 2 and 3 to also refer to AH
authentication.
- Removed item 5. from section 5.2 on denial of service attacks.
- Updated phone numbers and Email addresses in the "Authors'
Addresses" section.

Version 2-01

- Replaced all references to "576 octets" as the maximum for an ICMP
message size with "minimum IPv6 MTU" as defined by the base IPv6
specification.
- Removed rate control from informational messages.
- Added requirement that receivers ignore Code value in Packet Too
Big message.
- Removed "Not a Neighbor" (code 2) from destination unreachable
message.
- Fixed typos and update references.

Version 2-00

- Applied rate control to informational messages
- Removed section 2.4 on Group Management ICMP messages
- Removed references to IGMP in Abstract and Section 1.
- Updated references to other IPv6 documents
- Removed references to RFC-1112 in Abstract, and Section 1, and to
RFC-1191 in section 1, and section 3.2
- Added security section
- Added Appendix A - changes

Full Copyright Statement


Copyright (C) The Internet Society (1998). All Rights Reserved.

This document and translations of it may be copied and furnished to
others, and derivative works that comment on or otherwise explain it
or assist in its implementation may be prepared, copied, published
and distributed, in whole or in part, without restriction of any
kind, provided that the above copyright notice and this paragraph are
included on all such copies and derivative works. However, this
document itself may not be modified in any way, such as by removing
the copyright notice or references to the Internet Society or other
Internet organizations, except as needed for the purpose of
developing Internet standards in which case the procedures for
copyrights defined in the Internet Standards process must be
followed, or as required to translate it into languages other than
English.

The limited permissions granted above are perpetual and will not be
revoked by the Internet Society or its successors or assigns.

This document and the information contained herein is provided on an
"AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.


RFC 2401 – Security Architecture for the Internet Protocol

 
Network Working Group                                            S. Kent
Request for Comments: 2401 BBN Corp
Obsoletes: 1825 R. Atkinson
Category: Standards Track @Home Network
November 1998

Security Architecture for the Internet Protocol

Status of this Memo

This document specifies an Internet standards track protocol for the
Internet community, and requests discussion and suggestions for
improvements. Please refer to the current edition of the "Internet
Official Protocol Standards" (STD 1) for the standardization state
and status of this protocol. Distribution of this memo is unlimited.

Copyright Notice

Copyright (C) The Internet Society (1998). All Rights Reserved.

Table of Contents

1. Introduction........................................................3
1.1 Summary of Contents of Document..................................3
1.2 Audience.........................................................3
1.3 Related Documents................................................4
2. Design Objectives...................................................4
2.1 Goals/Objectives/Requirements/Problem Description................4
2.2 Caveats and Assumptions..........................................5
3. System Overview.....................................................5
3.1 What IPsec Does..................................................6
3.2 How IPsec Works..................................................6
3.3 Where IPsec May Be Implemented...................................7
4. Security Associations...............................................8
4.1 Definition and Scope.............................................8
4.2 Security Association Functionality..............................10
4.3 Combining Security Associations.................................11
4.4 Security Association Databases..................................13
4.4.1 The Security Policy Database (SPD).........................14
4.4.2 Selectors..................................................17
4.4.3 Security Association Database (SAD)........................21
4.5 Basic Combinations of Security Associations.....................24
4.6 SA and Key Management...........................................26
4.6.1 Manual Techniques..........................................27
4.6.2 Automated SA and Key Management............................27
4.6.3 Locating a Security Gateway................................28
4.7 Security Associations and Multicast.............................29

5. IP Traffic Processing..............................................30
5.1 Outbound IP Traffic Processing..................................30
5.1.1 Selecting and Using an SA or SA Bundle.....................30
5.1.2 Header Construction for Tunnel Mode........................31
5.1.2.1 IPv4 -- Header Construction for Tunnel Mode...........31
5.1.2.2 IPv6 -- Header Construction for Tunnel Mode...........32
5.2 Processing Inbound IP Traffic...................................33
5.2.1 Selecting and Using an SA or SA Bundle.....................33
5.2.2 Handling of AH and ESP tunnels.............................34
6. ICMP Processing (relevant to IPsec)................................35
6.1 PMTU/DF Processing..............................................36
6.1.1 DF Bit.....................................................36
6.1.2 Path MTU Discovery (PMTU)..................................36
6.1.2.1 Propagation of PMTU...................................36
6.1.2.2 Calculation of PMTU...................................37
6.1.2.3 Granularity of PMTU Processing........................37
6.1.2.4 PMTU Aging............................................38
7. Auditing...........................................................39
8. Use in Systems Supporting Information Flow Security................39
8.1 Relationship Between Security Associations and Data Sensitivity.40
8.2 Sensitivity Consistency Checking................................40
8.3 Additional MLS Attributes for Security Association Databases....41
8.4 Additional Inbound Processing Steps for MLS Networking..........41
8.5 Additional Outbound Processing Steps for MLS Networking.........41
8.6 Additional MLS Processing for Security Gateways.................42
9. Performance Issues.................................................42
10. Conformance Requirements..........................................43
11. Security Considerations...........................................43
12. Differences from RFC 1825.........................................43
Acknowledgements......................................................44
Appendix A -- Glossary................................................45
Appendix B -- Analysis/Discussion of PMTU/DF/Fragmentation Issues.....48
B.1 DF bit..........................................................48
B.2 Fragmentation...................................................48
B.3 Path MTU Discovery..............................................52
B.3.1 Identifying the Originating Host(s)........................53
B.3.2 Calculation of PMTU........................................55
B.3.3 Granularity of Maintaining PMTU Data.......................56
B.3.4 Per Socket Maintenance of PMTU Data........................57
B.3.5 Delivery of PMTU Data to the Transport Layer...............57
B.3.6 Aging of PMTU Data.........................................57
Appendix C -- Sequence Space Window Code Example......................58
Appendix D -- Categorization of ICMP messages.........................60
References............................................................63
Disclaimer............................................................64
Author Information....................................................65
Full Copyright Statement..............................................66

1. Introduction

1.1 Summary of Contents of Document

This memo specifies the base architecture for IPsec compliant
systems. The goal of the architecture is to provide various security
services for traffic at the IP layer, in both the IPv4 and IPv6
environments. This document describes the goals of such systems,
their components and how they fit together with each other and into
the IP environment. It also describes the security services offered
by the IPsec protocols, and how these services can be employed in the
IP environment. This document does not address all aspects of IPsec
architecture. Subsequent documents will address additional
architectural details of a more advanced nature, e.g., use of IPsec
in NAT environments and more complete support for IP multicast. The
following fundamental components of the IPsec security architecture
are discussed in terms of their underlying, required functionality.
Additional RFCs (see Section 1.3 for pointers to other documents)
define the protocols in (a), (c), and (d).

a. Security Protocols -- Authentication Header (AH) and
Encapsulating Security Payload (ESP)
b. Security Associations -- what they are and how they work,
how they are managed, associated processing
c. Key Management -- manual and automatic (The Internet Key
Exchange (IKE))
d. Algorithms for authentication and encryption

This document is not an overall Security Architecture for the
Internet; it addresses security only at the IP layer, provided
through the use of a combination of cryptographic and protocol
security mechanisms.

The keywords MUST, MUST NOT, REQUIRED, SHALL, SHALL NOT, SHOULD,
SHOULD NOT, RECOMMENDED, MAY, and OPTIONAL, when they appear in this
document, are to be interpreted as described in RFC 2119 [Bra97].

1.2 Audience

The target audience for this document includes implementers of this
IP security technology and others interested in gaining a general
background understanding of this system. In particular, prospective
users of this technology (end users or system administrators) are
part of the target audience. A glossary is provided as an appendix

to help fill in gaps in background/vocabulary. This document assumes
that the reader is familiar with the Internet Protocol, related
networking technology, and general security terms and concepts.

1.3 Related Documents

As mentioned above, other documents provide detailed definitions of
some of the components of IPsec and of their inter-relationship.
They include RFCs on the following topics:

a. "IP Security Document Roadmap" [TDG97] -- a document
providing guidelines for specifications describing encryption
and authentication algorithms used in this system.
b. security protocols -- RFCs describing the Authentication
Header (AH) [KA98a] and Encapsulating Security Payload (ESP)
[KA98b] protocols.
c. algorithms for authentication and encryption -- a separate
RFC for each algorithm.
d. automatic key management -- RFCs on "The Internet Key
Exchange (IKE)" [HC98], "Internet Security Association and
Key Management Protocol (ISAKMP)" [MSST97],"The OAKLEY Key
Determination Protocol" [Orm97], and "The Internet IP
Security Domain of Interpretation for ISAKMP" [Pip98].

2. Design Objectives

2.1 Goals/Objectives/Requirements/Problem Description

IPsec is designed to provide interoperable, high quality,
cryptographically-based security for IPv4 and IPv6. The set of
security services offered includes access control, connectionless
integrity, data origin authentication, protection against replays (a
form of partial sequence integrity), confidentiality (encryption),
and limited traffic flow confidentiality. These services are
provided at the IP layer, offering protection for IP and/or upper
layer protocols.

These objectives are met through the use of two traffic security
protocols, the Authentication Header (AH) and the Encapsulating
Security Payload (ESP), and through the use of cryptographic key
management procedures and protocols. The set of IPsec protocols
employed in any context, and the ways in which they are employed,
will be determined by the security and system requirements of users,
applications, and/or sites/organizations.

When these mechanisms are correctly implemented and deployed, they
ought not to adversely affect users, hosts, and other Internet
components that do not employ these security mechanisms for

protection of their traffic. These mechanisms also are designed to
be algorithm-independent. This modularity permits selection of
different sets of algorithms without affecting the other parts of the
implementation. For example, different user communities may select
different sets of algorithms (creating cliques) if required.

A standard set of default algorithms is specified to facilitate
interoperability in the global Internet. The use of these
algorithms, in conjunction with IPsec traffic protection and key
management protocols, is intended to permit system and application
developers to deploy high quality, Internet layer, cryptographic
security technology.

2.2 Caveats and Assumptions

The suite of IPsec protocols and associated default algorithms are
designed to provide high quality security for Internet traffic.
However, the security offered by use of these protocols ultimately
depends on the quality of the their implementation, which is outside
the scope of this set of standards. Moreover, the security of a
computer system or network is a function of many factors, including
personnel, physical, procedural, compromising emanations, and
computer security practices. Thus IPsec is only one part of an
overall system security architecture.

Finally, the security afforded by the use of IPsec is critically
dependent on many aspects of the operating environment in which the
IPsec implementation executes. For example, defects in OS security,
poor quality of random number sources, sloppy system management
protocols and practices, etc. can all degrade the security provided
by IPsec. As above, none of these environmental attributes are
within the scope of this or other IPsec standards.

3. System Overview

This section provides a high level description of how IPsec works,
the components of the system, and how they fit together to provide
the security services noted above. The goal of this description is
to enable the reader to "picture" the overall process/system, see how
it fits into the IP environment, and to provide context for later
sections of this document, which describe each of the components in
more detail.

An IPsec implementation operates in a host or a security gateway
environment, affording protection to IP traffic. The protection
offered is based on requirements defined by a Security Policy
Database (SPD) established and maintained by a user or system
administrator, or by an application operating within constraints

established by either of the above. In general, packets are selected
for one of three processing modes based on IP and transport layer
header information (Selectors, Section 4.4.2) matched against entries
in the database (SPD). Each packet is either afforded IPsec security
services, discarded, or allowed to bypass IPsec, based on the
applicable database policies identified by the Selectors.

3.1 What IPsec Does

IPsec provides security services at the IP layer by enabling a system
to select required security protocols, determine the algorithm(s) to
use for the service(s), and put in place any cryptographic keys
required to provide the requested services. IPsec can be used to
protect one or more "paths" between a pair of hosts, between a pair
of security gateways, or between a security gateway and a host. (The
term "security gateway" is used throughout the IPsec documents to
refer to an intermediate system that implements IPsec protocols. For
example, a router or a firewall implementing IPsec is a security
gateway.)

The set of security services that IPsec can provide includes access
control, connectionless integrity, data origin authentication,
rejection of replayed packets (a form of partial sequence integrity),
confidentiality (encryption), and limited traffic flow
confidentiality. Because these services are provided at the IP
layer, they can be used by any higher layer protocol, e.g., TCP, UDP,
ICMP, BGP, etc.

The IPsec DOI also supports negotiation of IP compression [SMPT98],
motivated in part by the observation that when encryption is employed
within IPsec, it prevents effective compression by lower protocol
layers.

3.2 How IPsec Works

IPsec uses two protocols to provide traffic security --
Authentication Header (AH) and Encapsulating Security Payload (ESP).
Both protocols are described in more detail in their respective RFCs
[KA98a, KA98b].

o The IP Authentication Header (AH) [KA98a] provides
connectionless integrity, data origin authentication, and an
optional anti-replay service.
o The Encapsulating Security Payload (ESP) protocol [KA98b] may
provide confidentiality (encryption), and limited traffic flow
confidentiality. It also may provide connectionless

integrity, data origin authentication, and an anti-replay
service. (One or the other set of these security services
must be applied whenever ESP is invoked.)
o Both AH and ESP are vehicles for access control, based on the
distribution of cryptographic keys and the management of
traffic flows relative to these security protocols.

These protocols may be applied alone or in combination with each
other to provide a desired set of security services in IPv4 and IPv6.
Each protocol supports two modes of use: transport mode and tunnel
mode. In transport mode the protocols provide protection primarily
for upper layer protocols; in tunnel mode, the protocols are applied
to tunneled IP packets. The differences between the two modes are
discussed in Section 4.

IPsec allows the user (or system administrator) to control the
granularity at which a security service is offered. For example, one
can create a single encrypted tunnel to carry all the traffic between
two security gateways or a separate encrypted tunnel can be created
for each TCP connection between each pair of hosts communicating
across these gateways. IPsec management must incorporate facilities
for specifying:

o which security services to use and in what combinations
o the granularity at which a given security protection should be
applied
o the algorithms used to effect cryptographic-based security

Because these security services use shared secret values
(cryptographic keys), IPsec relies on a separate set of mechanisms
for putting these keys in place. (The keys are used for
authentication/integrity and encryption services.) This document
requires support for both manual and automatic distribution of keys.
It specifies a specific public-key based approach (IKE -- [MSST97,
Orm97, HC98]) for automatic key management, but other automated key
distribution techniques MAY be used. For example, KDC-based systems
such as Kerberos and other public-key systems such as SKIP could be
employed.

3.3 Where IPsec May Be Implemented

There are several ways in which IPsec may be implemented in a host or
in conjunction with a router or firewall (to create a security
gateway). Several common examples are provided below:

a. Integration of IPsec into the native IP implementation. This
requires access to the IP source code and is applicable to
both hosts and security gateways.

b. "Bump-in-the-stack" (BITS) implementations, where IPsec is
implemented "underneath" an existing implementation of an IP
protocol stack, between the native IP and the local network
drivers. Source code access for the IP stack is not required
in this context, making this implementation approach
appropriate for use with legacy systems. This approach, when
it is adopted, is usually employed in hosts.

c. The use of an outboard crypto processor is a common design
feature of network security systems used by the military, and
of some commercial systems as well. It is sometimes referred
to as a "Bump-in-the-wire" (BITW) implementation. Such
implementations may be designed to serve either a host or a
gateway (or both). Usually the BITW device is IP
addressable. When supporting a single host, it may be quite
analogous to a BITS implementation, but in supporting a
router or firewall, it must operate like a security gateway.

4. Security Associations

This section defines Security Association management requirements for
all IPv6 implementations and for those IPv4 implementations that
implement AH, ESP, or both. The concept of a "Security Association"
(SA) is fundamental to IPsec. Both AH and ESP make use of SAs and a
major function of IKE is the establishment and maintenance of
Security Associations. All implementations of AH or ESP MUST support
the concept of a Security Association as described below. The
remainder of this section describes various aspects of Security
Association management, defining required characteristics for SA
policy management, traffic processing, and SA management techniques.

4.1 Definition and Scope

A Security Association (SA) is a simplex "connection" that affords
security services to the traffic carried by it. Security services
are afforded to an SA by the use of AH, or ESP, but not both. If
both AH and ESP protection is applied to a traffic stream, then two
(or more) SAs are created to afford protection to the traffic stream.
To secure typical, bi-directional communication between two hosts, or
between two security gateways, two Security Associations (one in each
direction) are required.

A security association is uniquely identified by a triple consisting
of a Security Parameter Index (SPI), an IP Destination Address, and a
security protocol (AH or ESP) identifier. In principle, the
Destination Address may be a unicast address, an IP broadcast
address, or a multicast group address. However, IPsec SA management
mechanisms currently are defined only for unicast SAs. Hence, in the

discussions that follow, SAs will be described in the context of
point-to-point communication, even though the concept is applicable
in the point-to-multipoint case as well.

As noted above, two types of SAs are defined: transport mode and
tunnel mode. A transport mode SA is a security association between
two hosts. In IPv4, a transport mode security protocol header
appears immediately after the IP header and any options, and before
any higher layer protocols (e.g., TCP or UDP). In IPv6, the security
protocol header appears after the base IP header and extensions, but
may appear before or after destination options, and before higher
layer protocols. In the case of ESP, a transport mode SA provides
security services only for these higher layer protocols, not for the
IP header or any extension headers preceding the ESP header. In the
case of AH, the protection is also extended to selected portions of
the IP header, selected portions of extension headers, and selected
options (contained in the IPv4 header, IPv6 Hop-by-Hop extension
header, or IPv6 Destination extension headers). For more details on
the coverage afforded by AH, see the AH specification [KA98a].

A tunnel mode SA is essentially an SA applied to an IP tunnel.
Whenever either end of a security association is a security gateway,
the SA MUST be tunnel mode. Thus an SA between two security gateways
is always a tunnel mode SA, as is an SA between a host and a security
gateway. Note that for the case where traffic is destined for a
security gateway, e.g., SNMP commands, the security gateway is acting
as a host and transport mode is allowed. But in that case, the
security gateway is not acting as a gateway, i.e., not transiting
traffic. Two hosts MAY establish a tunnel mode SA between
themselves. The requirement for any (transit traffic) SA involving a
security gateway to be a tunnel SA arises due to the need to avoid
potential problems with regard to fragmentation and reassembly of
IPsec packets, and in circumstances where multiple paths (e.g., via
different security gateways) exist to the same destination behind the
security gateways.

For a tunnel mode SA, there is an "outer" IP header that specifies
the IPsec processing destination, plus an "inner" IP header that
specifies the (apparently) ultimate destination for the packet. The
security protocol header appears after the outer IP header, and
before the inner IP header. If AH is employed in tunnel mode,
portions of the outer IP header are afforded protection (as above),
as well as all of the tunneled IP packet (i.e., all of the inner IP
header is protected, as well as higher layer protocols). If ESP is
employed, the protection is afforded only to the tunneled packet, not
to the outer header.

In summary,
a) A host MUST support both transport and tunnel mode.
b) A security gateway is required to support only tunnel
mode. If it supports transport mode, that should be used
only when the security gateway is acting as a host, e.g.,
for network management.

4.2 Security Association Functionality

The set of security services offered by an SA depends on the security
protocol selected, the SA mode, the endpoints of the SA, and on the
election of optional services within the protocol. For example, AH
provides data origin authentication and connectionless integrity for
IP datagrams (hereafter referred to as just "authentication"). The
"precision" of the authentication service is a function of the
granularity of the security association with which AH is employed, as
discussed in Section 4.4.2, "Selectors".

AH also offers an anti-replay (partial sequence integrity) service at
the discretion of the receiver, to help counter denial of service
attacks. AH is an appropriate protocol to employ when
confidentiality is not required (or is not permitted, e.g , due to
government restrictions on use of encryption). AH also provides
authentication for selected portions of the IP header, which may be
necessary in some contexts. For example, if the integrity of an IPv4
option or IPv6 extension header must be protected en route between
sender and receiver, AH can provide this service (except for the
non-predictable but mutable parts of the IP header.)

ESP optionally provides confidentiality for traffic. (The strength
of the confidentiality service depends in part, on the encryption
algorithm employed.) ESP also may optionally provide authentication
(as defined above). If authentication is negotiated for an ESP SA,
the receiver also may elect to enforce an anti-replay service with
the same features as the AH anti-replay service. The scope of the
authentication offered by ESP is narrower than for AH, i.e., the IP
header(s) "outside" the ESP header is(are) not protected. If only
the upper layer protocols need to be authenticated, then ESP
authentication is an appropriate choice and is more space efficient
than use of AH encapsulating ESP. Note that although both
confidentiality and authentication are optional, they cannot both be
omitted. At least one of them MUST be selected.

If confidentiality service is selected, then an ESP (tunnel mode) SA
between two security gateways can offer partial traffic flow
confidentiality. The use of tunnel mode allows the inner IP headers
to be encrypted, concealing the identities of the (ultimate) traffic
source and destination. Moreover, ESP payload padding also can be

invoked to hide the size of the packets, further concealing the
external characteristics of the traffic. Similar traffic flow
confidentiality services may be offered when a mobile user is
assigned a dynamic IP address in a dialup context, and establishes a
(tunnel mode) ESP SA to a corporate firewall (acting as a security
gateway). Note that fine granularity SAs generally are more
vulnerable to traffic analysis than coarse granularity ones which are
carrying traffic from many subscribers.

4.3 Combining Security Associations

The IP datagrams transmitted over an individual SA are afforded
protection by exactly one security protocol, either AH or ESP, but
not both. Sometimes a security policy may call for a combination of
services for a particular traffic flow that is not achievable with a
single SA. In such instances it will be necessary to employ multiple
SAs to implement the required security policy. The term "security
association bundle" or "SA bundle" is applied to a sequence of SAs
through which traffic must be processed to satisfy a security policy.
The order of the sequence is defined by the policy. (Note that the
SAs that comprise a bundle may terminate at different endpoints. For
example, one SA may extend between a mobile host and a security
gateway and a second, nested SA may extend to a host behind the
gateway.)

Security associations may be combined into bundles in two ways:
transport adjacency and iterated tunneling.

o Transport adjacency refers to applying more than one
security protocol to the same IP datagram, without invoking
tunneling. This approach to combining AH and ESP allows
for only one level of combination; further nesting yields
no added benefit (assuming use of adequately strong
algorithms in each protocol) since the processing is
performed at one IPsec instance at the (ultimate)
destination.

Host 1 --- Security ---- Internet -- Security --- Host 2
| | Gwy 1 Gwy 2 | |
| | | |
| -----Security Association 1 (ESP transport)------- |
| |
-------Security Association 2 (AH transport)----------

o Iterated tunneling refers to the application of multiple
layers of security protocols effected through IP tunneling.
This approach allows for multiple levels of nesting, since
each tunnel can originate or terminate at a different IPsec

site along the path. No special treatment is expected for
ISAKMP traffic at intermediate security gateways other than
what can be specified through appropriate SPD entries (See
Case 3 in Section 4.5)

There are 3 basic cases of iterated tunneling -- support is
required only for cases 2 and 3.:

1. both endpoints for the SAs are the same -- The inner and
outer tunnels could each be either AH or ESP, though it
is unlikely that Host 1 would specify both to be the
same, i.e., AH inside of AH or ESP inside of ESP.

Host 1 --- Security ---- Internet -- Security --- Host 2
| | Gwy 1 Gwy 2 | |
| | | |
| -------Security Association 1 (tunnel)---------- | |
| |
---------Security Association 2 (tunnel)--------------

2. one endpoint of the SAs is the same -- The inner and
uter tunnels could each be either AH or ESP.

Host 1 --- Security ---- Internet -- Security --- Host 2
| | Gwy 1 Gwy 2 |
| | | |
| ----Security Association 1 (tunnel)---- |
| |
---------Security Association 2 (tunnel)-------------

3. neither endpoint is the same -- The inner and outer
tunnels could each be either AH or ESP.

Host 1 --- Security ---- Internet -- Security --- Host 2
| Gwy 1 Gwy 2 |
| | | |
| --Security Assoc 1 (tunnel)- |
| |
-----------Security Association 2 (tunnel)-----------

These two approaches also can be combined, e.g., an SA bundle could
be constructed from one tunnel mode SA and one or two transport mode
SAs, applied in sequence. (See Section 4.5 "Basic Combinations of
Security Associations.") Note that nested tunnels can also occur
where neither the source nor the destination endpoints of any of the
tunnels are the same. In that case, there would be no host or
security gateway with a bundle corresponding to the nested tunnels.

For transport mode SAs, only one ordering of security protocols seems
appropriate. AH is applied to both the upper layer protocols and
(parts of) the IP header. Thus if AH is used in a transport mode, in
conjunction with ESP, AH SHOULD appear as the first header after IP,
prior to the appearance of ESP. In that context, AH is applied to
the ciphertext output of ESP. In contrast, for tunnel mode SAs, one
can imagine uses for various orderings of AH and ESP. The required
set of SA bundle types that MUST be supported by a compliant IPsec
implementation is described in Section 4.5.

4.4 Security Association Databases

Many of the details associated with processing IP traffic in an IPsec
implementation are largely a local matter, not subject to
standardization. However, some external aspects of the processing
must be standardized, to ensure interoperability and to provide a
minimum management capability that is essential for productive use of
IPsec. This section describes a general model for processing IP
traffic relative to security associations, in support of these
interoperability and functionality goals. The model described below
is nominal; compliant implementations need not match details of this
model as presented, but the external behavior of such implementations
must be mappable to the externally observable characteristics of this
model.

There are two nominal databases in this model: the Security Policy
Database and the Security Association Database. The former specifies
the policies that determine the disposition of all IP traffic inbound
or outbound from a host, security gateway, or BITS or BITW IPsec
implementation. The latter database contains parameters that are
associated with each (active) security association. This section
also defines the concept of a Selector, a set of IP and upper layer
protocol field values that is used by the Security Policy Database to
map traffic to a policy, i.e., an SA (or SA bundle).

Each interface for which IPsec is enabled requires nominally separate
inbound vs. outbound databases (SAD and SPD), because of the
directionality of many of the fields that are used as selectors.
Typically there is just one such interface, for a host or security
gateway (SG). Note that an SG would always have at least 2
interfaces, but the "internal" one to the corporate net, usually
would not have IPsec enabled and so only one pair of SADs and one
pair of SPDs would be needed. On the other hand, if a host had
multiple interfaces or an SG had multiple external interfaces, it
might be necessary to have separate SAD and SPD pairs for each
interface.

4.4.1 The Security Policy Database (SPD)

Ultimately, a security association is a management construct used to
enforce a security policy in the IPsec environment. Thus an
essential element of SA processing is an underlying Security Policy
Database (SPD) that specifies what services are to be offered to IP
datagrams and in what fashion. The form of the database and its
interface are outside the scope of this specification. However, this
section does specify certain minimum management functionality that
must be provided, to allow a user or system administrator to control
how IPsec is applied to traffic transmitted or received by a host or
transiting a security gateway.

The SPD must be consulted during the processing of all traffic
(INBOUND and OUTBOUND), including non-IPsec traffic. In order to
support this, the SPD requires distinct entries for inbound and
outbound traffic. One can think of this as separate SPDs (inbound
vs. outbound). In addition, a nominally separate SPD must be
provided for each IPsec-enabled interface.

An SPD must discriminate among traffic that is afforded IPsec
protection and traffic that is allowed to bypass IPsec. This applies
to the IPsec protection to be applied by a sender and to the IPsec
protection that must be present at the receiver. For any outbound or
inbound datagram, three processing choices are possible: discard,
bypass IPsec, or apply IPsec. The first choice refers to traffic
that is not allowed to exit the host, traverse the security gateway,
or be delivered to an application at all. The second choice refers
to traffic that is allowed to pass without additional IPsec
protection. The third choice refers to traffic that is afforded
IPsec protection, and for such traffic the SPD must specify the
security services to be provided, protocols to be employed,
algorithms to be used, etc.

For every IPsec implementation, there MUST be an administrative
interface that allows a user or system administrator to manage the
SPD. Specifically, every inbound or outbound packet is subject to
processing by IPsec and the SPD must specify what action will be
taken in each case. Thus the administrative interface must allow the
user (or system administrator) to specify the security processing to
be applied to any packet entering or exiting the system, on a packet
by packet basis. (In a host IPsec implementation making use of a
socket interface, the SPD may not need to be consulted on a per
packet basis, but the effect is still the same.) The management
interface for the SPD MUST allow creation of entries consistent with
the selectors defined in Section 4.4.2, and MUST support (total)
ordering of these entries. It is expected that through the use of
wildcards in various selector fields, and because all packets on a

single UDP or TCP connection will tend to match a single SPD entry,
this requirement will not impose an unreasonably detailed level of
SPD specification. The selectors are analogous to what are found in
a stateless firewall or filtering router and which are currently
manageable this way.

In host systems, applications MAY be allowed to select what security
processing is to be applied to the traffic they generate and consume.
(Means of signalling such requests to the IPsec implementation are
outside the scope of this standard.) However, the system
administrator MUST be able to specify whether or not a user or
application can override (default) system policies. Note that
application specified policies may satisfy system requirements, so
that the system may not need to do additional IPsec processing beyond
that needed to meet an application's requirements. The form of the
management interface is not specified by this document and may differ
for hosts vs. security gateways, and within hosts the interface may
differ for socket-based vs. BITS implementations. However, this
document does specify a standard set of SPD elements that all IPsec
implementations MUST support.

The SPD contains an ordered list of policy entries. Each policy
entry is keyed by one or more selectors that define the set of IP
traffic encompassed by this policy entry. (The required selector
types are defined in Section 4.4.2.) These define the granularity of
policies or SAs. Each entry includes an indication of whether
traffic matching this policy will be bypassed, discarded, or subject
to IPsec processing. If IPsec processing is to be applied, the entry
includes an SA (or SA bundle) specification, listing the IPsec
protocols, modes, and algorithms to be employed, including any
nesting requirements. For example, an entry may call for all
matching traffic to be protected by ESP in transport mode using
3DES-CBC with an explicit IV, nested inside of AH in tunnel mode
using HMAC/SHA-1. For each selector, the policy entry specifies how
to derive the corresponding values for a new Security Association
Database (SAD, see Section 4.4.3) entry from those in the SPD and the
packet (Note that at present, ranges are only supported for IP
addresses; but wildcarding can be expressed for all selectors):

a. use the value in the packet itself -- This will limit use
of the SA to those packets which have this packet's value
for the selector even if the selector for the policy entry
has a range of allowed values or a wildcard for this
selector.
b. use the value associated with the policy entry -- If this
were to be just a single value, then there would be no
difference between (b) and (a). However, if the allowed
values for the selector are a range (for IP addresses) or

wildcard, then in the case of a range,(b) would enable use
of the SA by any packet with a selector value within the
range not just by packets with the selector value of the
packet that triggered the creation of the SA. In the case
of a wildcard, (b) would allow use of the SA by packets
with any value for this selector.

For example, suppose there is an SPD entry where the allowed value
for source address is any of a range of hosts (192.168.2.1 to
192.168.2.10). And suppose that a packet is to be sent that has a
source address of 192.168.2.3. The value to be used for the SA could
be any of the sample values below depending on what the policy entry
for this selector says is the source of the selector value:

source for the example of
value to be new SAD
used in the SA selector value
--------------- ------------
a. packet 192.168.2.3 (one host)
b. SPD entry 192.168.2.1 to 192.168.2.10 (range of hosts)

Note that if the SPD entry had an allowed value of wildcard for the
source address, then the SAD selector value could be wildcard (any
host). Case (a) can be used to prohibit sharing, even among packets
that match the same SPD entry.

As described below in Section 4.4.3, selectors may include "wildcard"
entries and hence the selectors for two entries may overlap. (This
is analogous to the overlap that arises with ACLs or filter entries
in routers or packet filtering firewalls.) Thus, to ensure
consistent, predictable processing, SPD entries MUST be ordered and
the SPD MUST always be searched in the same order, so that the first
matching entry is consistently selected. (This requirement is
necessary as the effect of processing traffic against SPD entries
must be deterministic, but there is no way to canonicalize SPD
entries given the use of wildcards for some selectors.) More detail
on matching of packets against SPD entries is provided in Section 5.

Note that if ESP is specified, either (but not both) authentication
or encryption can be omitted. So it MUST be possible to configure
the SPD value for the authentication or encryption algorithms to be
"NULL". However, at least one of these services MUST be selected,
i.e., it MUST NOT be possible to configure both of them as "NULL".

The SPD can be used to map traffic to specific SAs or SA bundles.
Thus it can function both as the reference database for security
policy and as the map to existing SAs (or SA bundles). (To
accommodate the bypass and discard policies cited above, the SPD also

MUST provide a means of mapping traffic to these functions, even
though they are not, per se, IPsec processing.) The way in which the
SPD operates is different for inbound vs. outbound traffic and it
also may differ for host vs. security gateway, BITS, and BITW
implementations. Sections 5.1 and 5.2 describe the use of the SPD
for outbound and inbound processing, respectively.

Because a security policy may require that more than one SA be
applied to a specified set of traffic, in a specific order, the
policy entry in the SPD must preserve these ordering requirements,
when present. Thus, it must be possible for an IPsec implementation
to determine that an outbound or inbound packet must be processed
thorough a sequence of SAs. Conceptually, for outbound processing,
one might imagine links (to the SAD) from an SPD entry for which
there are active SAs, and each entry would consist of either a single
SA or an ordered list of SAs that comprise an SA bundle. When a
packet is matched against an SPD entry and there is an existing SA or
SA bundle that can be used to carry the traffic, the processing of
the packet is controlled by the SA or SA bundle entry on the list.
For an inbound IPsec packet for which multiple IPsec SAs are to be
applied, the lookup based on destination address, IPsec protocol, and
SPI should identify a single SA.

The SPD is used to control the flow of ALL traffic through an IPsec
system, including security and key management traffic (e.g., ISAKMP)
from/to entities behind a security gateway. This means that ISAKMP
traffic must be explicitly accounted for in the SPD, else it will be
discarded. Note that a security gateway could prohibit traversal of
encrypted packets in various ways, e.g., having a DISCARD entry in
the SPD for ESP packets or providing proxy key exchange. In the
latter case, the traffic would be internally routed to the key
management module in the security gateway.

4.4.2 Selectors

An SA (or SA bundle) may be fine-grained or coarse-grained, depending
on the selectors used to define the set of traffic for the SA. For
example, all traffic between two hosts may be carried via a single
SA, and afforded a uniform set of security services. Alternatively,
traffic between a pair of hosts might be spread over multiple SAs,
depending on the applications being used (as defined by the Next
Protocol and Port fields), with different security services offered
by different SAs. Similarly, all traffic between a pair of security
gateways could be carried on a single SA, or one SA could be assigned
for each communicating host pair. The following selector parameters
MUST be supported for SA management to facilitate control of SA
granularity. Note that in the case of receipt of a packet with an
ESP header, e.g., at an encapsulating security gateway or BITW

implementation, the transport layer protocol, source/destination
ports, and Name (if present) may be "OPAQUE", i.e., inaccessible
because of encryption or fragmentation. Note also that both Source
and Destination addresses should either be IPv4 or IPv6.

- Destination IP Address (IPv4 or IPv6): this may be a single IP
address (unicast, anycast, broadcast (IPv4 only), or multicast
group), a range of addresses (high and low values (inclusive),
address + mask, or a wildcard address. The last three are used
to support more than one destination system sharing the same SA
(e.g., behind a security gateway). Note that this selector is
conceptually different from the "Destination IP Address" field
in the <Destination IP Address, IPsec Protocol, SPI> tuple used
to uniquely identify an SA. When a tunneled packet arrives at
the tunnel endpoint, its SPI/Destination address/Protocol are
used to look up the SA for this packet in the SAD. This
destination address comes from the encapsulating IP header.
Once the packet has been processed according to the tunnel SA
and has come out of the tunnel, its selectors are "looked up" in
the Inbound SPD. The Inbound SPD has a selector called
destination address. This IP destination address is the one in
the inner (encapsulated) IP header. In the case of a
transport'd packet, there will be only one IP header and this
ambiguity does not exist. [REQUIRED for all implementations]

- Source IP Address(es) (IPv4 or IPv6): this may be a single IP
address (unicast, anycast, broadcast (IPv4 only), or multicast
group), range of addresses (high and low values inclusive),
address + mask, or a wildcard address. The last three are used
to support more than one source system sharing the same SA
(e.g., behind a security gateway or in a multihomed host).
[REQUIRED for all implementations]

- Name: There are 2 cases (Note that these name forms are
supported in the IPsec DOI.)
1. User ID
a. a fully qualified user name string (DNS), e.g.,
mozart@foo.bar.com
b. X.500 distinguished name, e.g., C = US, SP = MA,
O = GTE Internetworking, CN = Stephen T. Kent.
2. System name (host, security gateway, etc.)
a. a fully qualified DNS name, e.g., foo.bar.com
b. X.500 distinguished name
c. X.500 general name

NOTE: One of the possible values of this selector is "OPAQUE".

[REQUIRED for the following cases. Note that support for name
forms other than addresses is not required for manually keyed
SAs.
o User ID
- native host implementations
- BITW and BITS implementations acting as HOSTS
with only one user
- security gateway implementations for INBOUND
processing.
o System names -- all implementations]

- Data sensitivity level: (IPSO/CIPSO labels)
[REQUIRED for all systems providing information flow security as
per Section 8, OPTIONAL for all other systems.]

- Transport Layer Protocol: Obtained from the IPv4 "Protocol" or
the IPv6 "Next Header" fields. This may be an individual
protocol number. These packet fields may not contain the
Transport Protocol due to the presence of IP extension headers,
e.g., a Routing Header, AH, ESP, Fragmentation Header,
Destination Options, Hop-by-hop options, etc. Note that the
Transport Protocol may not be available in the case of receipt
of a packet with an ESP header, thus a value of "OPAQUE" SHOULD
be supported.
[REQUIRED for all implementations]

NOTE: To locate the transport protocol, a system has to chain
through the packet headers checking the "Protocol" or "Next
Header" field until it encounters either one it recognizes as a
transport protocol, or until it reaches one that isn't on its
list of extension headers, or until it encounters an ESP header
that renders the transport protocol opaque.

- Source and Destination (e.g., TCP/UDP) Ports: These may be
individual UDP or TCP port values or a wildcard port. (The use
of the Next Protocol field and the Source and/or Destination
Port fields (in conjunction with the Source and/or Destination
Address fields), as an SA selector is sometimes referred to as
"session-oriented keying."). Note that the source and
destination ports may not be available in the case of receipt of
a packet with an ESP header, thus a value of "OPAQUE" SHOULD be
supported.

The following table summarizes the relationship between the
"Next Header" value in the packet and SPD and the derived Port
Selector value for the SPD and SAD.

Next Hdr Transport Layer Derived Port Selector Field
in Packet Protocol in SPD Value in SPD and SAD
-------- --------------- ---------------------------
ESP ESP or ANY ANY (i.e., don't look at it)
-don't care- ANY ANY (i.e., don't look at it)
specific value specific value NOT ANY (i.e., drop packet)
fragment
specific value specific value actual port selector field
not fragment

If the packet has been fragmented, then the port information may
not be available in the current fragment. If so, discard the
fragment. An ICMP PMTU should be sent for the first fragment,
which will have the port information. [MAY be supported]

The IPsec implementation context determines how selectors are used.
For example, a host implementation integrated into the stack may make
use of a socket interface. When a new connection is established the
SPD can be consulted and an SA (or SA bundle) bound to the socket.
Thus traffic sent via that socket need not result in additional
lookups to the SPD/SAD. In contrast, a BITS, BITW, or security
gateway implementation needs to look at each packet and perform an
SPD/SAD lookup based on the selectors. The allowable values for the
selector fields differ between the traffic flow, the security
association, and the security policy.

The following table summarizes the kinds of entries that one needs to
be able to express in the SPD and SAD. It shows how they relate to
the fields in data traffic being subjected to IPsec screening.
(Note: the "wild" or "wildcard" entry for src and dst addresses
includes a mask, range, etc.)

Field Traffic Value SAD Entry SPD Entry
-------- ------------- ---------------- --------------------
src addr single IP addr single,range,wild single,range,wildcard
dst addr single IP addr single,range,wild single,range,wildcard
xpt protocol* xpt protocol single,wildcard single,wildcard
src port* single src port single,wildcard single,wildcard
dst port* single dst port single,wildcard single,wildcard
user id* single user id single,wildcard single,wildcard
sec. labels single value single,wildcard single,wildcard

* The SAD and SPD entries for these fields could be "OPAQUE"
because the traffic value is encrypted.

NOTE: In principle, one could have selectors and/or selector values
in the SPD which cannot be negotiated for an SA or SA bundle.
Examples might include selector values used to select traffic for

discarding or enumerated lists which cause a separate SA to be
created for each item on the list. For now, this is left for future
versions of this document and the list of required selectors and
selector values is the same for the SPD and the SAD. However, it is
acceptable to have an administrative interface that supports use of
selector values which cannot be negotiated provided that it does not
mislead the user into believing it is creating an SA with these
selector values. For example, the interface may allow the user to
specify an enumerated list of values but would result in the creation
of a separate policy and SA for each item on the list. A vendor
might support such an interface to make it easier for its customers
to specify clear and concise policy specifications.

4.4.3 Security Association Database (SAD)

In each IPsec implementation there is a nominal Security Association
Database, in which each entry defines the parameters associated with
one SA. Each SA has an entry in the SAD. For outbound processing,
entries are pointed to by entries in the SPD. Note that if an SPD
entry does not currently point to an SA that is appropriate for the
packet, the implementation creates an appropriate SA (or SA Bundle)
and links the SPD entry to the SAD entry (see Section 5.1.1). For
inbound processing, each entry in the SAD is indexed by a destination
IP address, IPsec protocol type, and SPI. The following parameters
are associated with each entry in the SAD. This description does not
purport to be a MIB, but only a specification of the minimal data
items required to support an SA in an IPsec implementation.

For inbound processing: The following packet fields are used to look
up the SA in the SAD:

o Outer Header's Destination IP address: the IPv4 or IPv6
Destination address.
[REQUIRED for all implementations]
o IPsec Protocol: AH or ESP, used as an index for SA lookup
in this database. Specifies the IPsec protocol to be
applied to the traffic on this SA.
[REQUIRED for all implementations]
o SPI: the 32-bit value used to distinguish among different
SAs terminating at the same destination and using the same
IPsec protocol.
[REQUIRED for all implementations]

For each of the selectors defined in Section 4.4.2, the SA entry in
the SAD MUST contain the value or values which were negotiated at the
time the SA was created. For the sender, these values are used to
decide whether a given SA is appropriate for use with an outbound
packet. This is part of checking to see if there is an existing SA

that can be used. For the receiver, these values are used to check
that the selector values in an inbound packet match those for the SA
(and thus indirectly those for the matching policy). For the
receiver, this is part of verifying that the SA was appropriate for
this packet. (See Section 6 for rules for ICMP messages.) These
fields can have the form of specific values, ranges, wildcards, or
"OPAQUE" as described in section 4.4.2, "Selectors". Note that for
an ESP SA, the encryption algorithm or the authentication algorithm
could be "NULL". However they MUST not both be "NULL".

The following SAD fields are used in doing IPsec processing:

o Sequence Number Counter: a 32-bit value used to generate the
Sequence Number field in AH or ESP headers.
[REQUIRED for all implementations, but used only for outbound
traffic.]
o Sequence Counter Overflow: a flag indicating whether overflow
of the Sequence Number Counter should generate an auditable
event and prevent transmission of additional packets on the
SA.
[REQUIRED for all implementations, but used only for outbound
traffic.]
o Anti-Replay Window: a 32-bit counter and a bit-map (or
equivalent) used to determine whether an inbound AH or ESP
packet is a replay.
[REQUIRED for all implementations but used only for inbound
traffic. NOTE: If anti-replay has been disabled by the
receiver, e.g., in the case of a manually keyed SA, then the
Anti-Replay Window is not used.]
o AH Authentication algorithm, keys, etc.
[REQUIRED for AH implementations]
o ESP Encryption algorithm, keys, IV mode, IV, etc.
[REQUIRED for ESP implementations]
o ESP authentication algorithm, keys, etc. If the
authentication service is not selected, this field will be
null.
[REQUIRED for ESP implementations]
o Lifetime of this Security Association: a time interval after
which an SA must be replaced with a new SA (and new SPI) or
terminated, plus an indication of which of these actions
should occur. This may be expressed as a time or byte count,
or a simultaneous use of both, the first lifetime to expire
taking precedence. A compliant implementation MUST support
both types of lifetimes, and must support a simultaneous use
of both. If time is employed, and if IKE employs X.509
certificates for SA establishment, the SA lifetime must be
constrained by the validity intervals of the certificates,
and the NextIssueDate of the CRLs used in the IKE exchange

for the SA. Both initiator and responder are responsible for
constraining SA lifetime in this fashion.
[REQUIRED for all implementations]

NOTE: The details of how to handle the refreshing of keys
when SAs expire is a local matter. However, one reasonable
approach is:
(a) If byte count is used, then the implementation
SHOULD count the number of bytes to which the IPsec
algorithm is applied. For ESP, this is the encryption
algorithm (including Null encryption) and for AH,
this is the authentication algorithm. This includes
pad bytes, etc. Note that implementations SHOULD be
able to handle having the counters at the ends of an
SA get out of synch, e.g., because of packet loss or
because the implementations at each end of the SA
aren't doing things the same way.
(b) There SHOULD be two kinds of lifetime -- a soft
lifetime which warns the implementation to initiate
action such as setting up a replacement SA and a
hard lifetime when the current SA ends.
(c) If the entire packet does not get delivered during
the SAs lifetime, the packet SHOULD be discarded.

o IPsec protocol mode: tunnel, transport or wildcard.
Indicates which mode of AH or ESP is applied to traffic on
this SA. Note that if this field is "wildcard" at the
sending end of the SA, then the application has to specify
the mode to the IPsec implementation. This use of wildcard
allows the same SA to be used for either tunnel or transport
mode traffic on a per packet basis, e.g., by different
sockets. The receiver does not need to know the mode in
order to properly process the packet's IPsec headers.

[REQUIRED as follows, unless implicitly defined by context:
- host implementations must support all modes
- gateway implementations must support tunnel mode]

NOTE: The use of wildcard for the protocol mode of an inbound
SA may add complexity to the situation in the receiver (host
only). Since the packets on such an SA could be delivered in
either tunnel or transport mode, the security of an incoming
packet could depend in part on which mode had been used to
deliver it. If, as a result, an application cared about the
SA mode of a given packet, then the application would need a
mechanism to obtain this mode information.

o Path MTU: any observed path MTU and aging variables. See
Section 6.1.2.4
[REQUIRED for all implementations but used only for outbound
traffic]

4.5 Basic Combinations of Security Associations

This section describes four examples of combinations of security
associations that MUST be supported by compliant IPsec hosts or
security gateways. Additional combinations of AH and/or ESP in
tunnel and/or transport modes MAY be supported at the discretion of
the implementor. Compliant implementations MUST be capable of
generating these four combinations and on receipt, of processing
them, but SHOULD be able to receive and process any combination. The
diagrams and text below describe the basic cases. The legend for the
diagrams is:

==== = one or more security associations (AH or ESP, transport
or tunnel)
---- = connectivity (or if so labelled, administrative boundary)
Hx = host x
SGx = security gateway x
X* = X supports IPsec

NOTE: The security associations below can be either AH or ESP. The
mode (tunnel vs transport) is determined by the nature of the
endpoints. For host-to-host SAs, the mode can be either transport or
tunnel.

Case 1. The case of providing end-to-end security between 2 hosts
across the Internet (or an Intranet).

====================================
| |
H1* ------ (Inter/Intranet) ------ H2*

Note that either transport or tunnel mode can be selected by the
hosts. So the headers in a packet between H1 and H2 could look
like any of the following:

Transport Tunnel
----------------- ---------------------
1. [IP1][AH][upper] 4. [IP2][AH][IP1][upper]
2. [IP1][ESP][upper] 5. [IP2][ESP][IP1][upper]
3. [IP1][AH][ESP][upper]

Note that there is no requirement to support general nesting,
but in transport mode, both AH and ESP can be applied to the
packet. In this event, the SA establishment procedure MUST
ensure that first ESP, then AH are applied to the packet.

Case 2. This case illustrates simple virtual private networks
support.

===========================
| |
---------------------|---- ---|-----------------------
| | | | | |
| H1 -- (Local --- SG1* |--- (Internet) ---| SG2* --- (Local --- H2 |
| Intranet) | | Intranet) |
-------------------------- ---------------------------
admin. boundary admin. boundary

Only tunnel mode is required here. So the headers in a packet
between SG1 and SG2 could look like either of the following:

Tunnel
---------------------
4. [IP2][AH][IP1][upper]
5. [IP2][ESP][IP1][upper]

Case 3. This case combines cases 1 and 2, adding end-to-end security
between the sending and receiving hosts. It imposes no new
requirements on the hosts or security gateways, other than a
requirement for a security gateway to be configurable to pass
IPsec traffic (including ISAKMP traffic) for hosts behind it.

===============================================================
| |
| ========================= |
| | | |
---|-----------------|---- ---|-------------------|---
| | | | | | | |
| H1* -- (Local --- SG1* |-- (Internet) --| SG2* --- (Local --- H2* |
| Intranet) | | Intranet) |
-------------------------- ---------------------------
admin. boundary admin. boundary

Case 4. This covers the situation where a remote host (H1) uses the
Internet to reach an organization's firewall (SG2) and to then
gain access to some server or other machine (H2). The remote
host could be a mobile host (H1) dialing up to a local PPP/ARA
server (not shown) on the Internet and then crossing the
Internet to the home organization's firewall (SG2), etc. The

details of support for this case, (how H1 locates SG2,
authenticates it, and verifies its authorization to represent
H2) are discussed in Section 4.6.3, "Locating a Security
Gateway".

======================================================
| |
|============================== |
|| | |
|| ---|----------------------|---
|| | | | |
H1* ----- (Internet) ------| SG2* ---- (Local ----- H2* |
^ | Intranet) |
| ------------------------------
could be dialup admin. boundary (optional)
to PPP/ARA server

Only tunnel mode is required between H1 and SG2. So the choices
for the SA between H1 and SG2 would be one of the ones in case
2. The choices for the SA between H1 and H2 would be one of the
ones in case 1.

Note that in this case, the sender MUST apply the transport
header before the tunnel header. Therefore the management
interface to the IPsec implementation MUST support configuration
of the SPD and SAD to ensure this ordering of IPsec header
application.

As noted above, support for additional combinations of AH and ESP is
optional. Use of other, optional combinations may adversely affect
interoperability.

4.6 SA and Key Management

IPsec mandates support for both manual and automated SA and
cryptographic key management. The IPsec protocols, AH and ESP, are
largely independent of the associated SA management techniques,
although the techniques involved do affect some of the security
services offered by the protocols. For example, the optional anti-
replay services available for AH and ESP require automated SA
management. Moreover, the granularity of key distribution employed
with IPsec determines the granularity of authentication provided.
(See also a discussion of this issue in Section 4.7.) In general,
data origin authentication in AH and ESP is limited by the extent to
which secrets used with the authentication algorithm (or with a key
management protocol that creates such secrets) are shared among
multiple possible sources.

The following text describes the minimum requirements for both types
of SA management.

4.6.1 Manual Techniques

The simplest form of management is manual management, in which a
person manually configures each system with keying material and
security association management data relevant to secure communication
with other systems. Manual techniques are practical in small, static
environments but they do not scale well. For example, a company
could create a Virtual Private Network (VPN) using IPsec in security
gateways at several sites. If the number of sites is small, and
since all the sites come under the purview of a single administrative
domain, this is likely to be a feasible context for manual management
techniques. In this case, the security gateway might selectively
protect traffic to and from other sites within the organization using
a manually configured key, while not protecting traffic for other
destinations. It also might be appropriate when only selected
communications need to be secured. A similar argument might apply to
use of IPsec entirely within an organization for a small number of
hosts and/or gateways. Manual management techniques often employ
statically configured, symmetric keys, though other options also
exist.

4.6.2 Automated SA and Key Management

Widespread deployment and use of IPsec requires an Internet-standard,
scalable, automated, SA management protocol. Such support is
required to facilitate use of the anti-replay features of AH and ESP,
and to accommodate on-demand creation of SAs, e.g., for user- and
session-oriented keying. (Note that the notion of "rekeying" an SA
actually implies creation of a new SA with a new SPI, a process that
generally implies use of an automated SA/key management protocol.)

The default automated key management protocol selected for use with
IPsec is IKE [MSST97, Orm97, HC98] under the IPsec domain of
interpretation [Pip98]. Other automated SA management protocols MAY
be employed.

When an automated SA/key management protocol is employed, the output
from this protocol may be used to generate multiple keys, e.g., for a
single ESP SA. This may arise because:

o the encryption algorithm uses multiple keys (e.g., triple DES)
o the authentication algorithm uses multiple keys
o both encryption and authentication algorithms are employed

The Key Management System may provide a separate string of bits for
each key or it may generate one string of bits from which all of them
are extracted. If a single string of bits is provided, care needs to
be taken to ensure that the parts of the system that map the string
of bits to the required keys do so in the same fashion at both ends
of the SA. To ensure that the IPsec implementations at each end of
the SA use the same bits for the same keys, and irrespective of which
part of the system divides the string of bits into individual keys,
the encryption key(s) MUST be taken from the first (left-most, high-
order) bits and the authentication key(s) MUST be taken from the
remaining bits. The number of bits for each key is defined in the
relevant algorithm specification RFC. In the case of multiple
encryption keys or multiple authentication keys, the specification
for the algorithm must specify the order in which they are to be
selected from a single string of bits provided to the algorithm.

4.6.3 Locating a Security Gateway

This section discusses issues relating to how a host learns about the
existence of relevant security gateways and once a host has contacted
these security gateways, how it knows that these are the correct
security gateways. The details of where the required information is
stored is a local matter.

Consider a situation in which a remote host (H1) is using the
Internet to gain access to a server or other machine (H2) and there
is a security gateway (SG2), e.g., a firewall, through which H1's
traffic must pass. An example of this situation would be a mobile
host (Road Warrior) crossing the Internet to the home organization's
firewall (SG2). (See Case 4 in the section 4.5 Basic Combinations of
Security Associations.) This situation raises several issues:

1. How does H1 know/learn about the existence of the security
gateway SG2?
2. How does it authenticate SG2, and once it has authenticated
SG2, how does it confirm that SG2 has been authorized to
represent H2?
3. How does SG2 authenticate H1 and verify that H1 is authorized
to contact H2?
4. How does H1 know/learn about backup gateways which provide
alternate paths to H2?

To address these problems, a host or security gateway MUST have an
administrative interface that allows the user/administrator to
configure the address of a security gateway for any sets of
destination addresses that require its use. This includes the ability
to configure:

o the requisite information for locating and authenticating the
security gateway and verifying its authorization to represent
the destination host.
o the requisite information for locating and authenticating any
backup gateways and verifying their authorization to represent
the destination host.

It is assumed that the SPD is also configured with policy information
that covers any other IPsec requirements for the path to the security
gateway and the destination host.

This document does not address the issue of how to automate the
discovery/verification of security gateways.

4.7 Security Associations and Multicast

The receiver-orientation of the Security Association implies that, in
the case of unicast traffic, the destination system will normally
select the SPI value. By having the destination select the SPI
value, there is no potential for manually configured Security
Associations to conflict with automatically configured (e.g., via a
key management protocol) Security Associations or for Security
Associations from multiple sources to conflict with each other. For
multicast traffic, there are multiple destination systems per
multicast group. So some system or person will need to coordinate
among all multicast groups to select an SPI or SPIs on behalf of each
multicast group and then communicate the group's IPsec information to
all of the legitimate members of that multicast group via mechanisms
not defined here.

Multiple senders to a multicast group SHOULD use a single Security
Association (and hence Security Parameter Index) for all traffic to
that group when a symmetric key encryption or authentication
algorithm is employed. In such circumstances, the receiver knows only
that the message came from a system possessing the key for that
multicast group. In such circumstances, a receiver generally will
not be able to authenticate which system sent the multicast traffic.
Specifications for other, more general multicast cases are deferred
to later IPsec documents.

At the time this specification was published, automated protocols for
multicast key distribution were not considered adequately mature for
standardization. For multicast groups having relatively few members,
manual key distribution or multiple use of existing unicast key
distribution algorithms such as modified Diffie-Hellman appears
feasible. For very large groups, new scalable techniques will be
needed. An example of current work in this area is the Group Key
Management Protocol (GKMP) [HM97].

5. IP Traffic Processing

As mentioned in Section 4.4.1 "The Security Policy Database (SPD)",
the SPD must be consulted during the processing of all traffic
(INBOUND and OUTBOUND), including non-IPsec traffic. If no policy is
found in the SPD that matches the packet (for either inbound or
outbound traffic), the packet MUST be discarded.

NOTE: All of the cryptographic algorithms used in IPsec expect their
input in canonical network byte order (see Appendix in RFC 791) and
generate their output in canonical network byte order. IP packets
are also transmitted in network byte order.

5.1 Outbound IP Traffic Processing

5.1.1 Selecting and Using an SA or SA Bundle

In a security gateway or BITW implementation (and in many BITS
implementations), each outbound packet is compared against the SPD to
determine what processing is required for the packet. If the packet
is to be discarded, this is an auditable event. If the traffic is
allowed to bypass IPsec processing, the packet continues through
"normal" processing for the environment in which the IPsec processing
is taking place. If IPsec processing is required, the packet is
either mapped to an existing SA (or SA bundle), or a new SA (or SA
bundle) is created for the packet. Since a packet's selectors might
match multiple policies or multiple extant SAs and since the SPD is
ordered, but the SAD is not, IPsec MUST:

1. Match the packet's selector fields against the outbound
policies in the SPD to locate the first appropriate
policy, which will point to zero or more SA bundles in the
SAD.

2. Match the packet's selector fields against those in the SA
bundles found in (1) to locate the first SA bundle that
matches. If no SAs were found or none match, create an
appropriate SA bundle and link the SPD entry to the SAD
entry. If no key management entity is found, drop the
packet.

3. Use the SA bundle found/created in (2) to do the required
IPsec processing, e.g., authenticate and encrypt.

In a host IPsec implementation based on sockets, the SPD will be
consulted whenever a new socket is created, to determine what, if
any, IPsec processing will be applied to the traffic that will flow
on that socket.

NOTE: A compliant implementation MUST not allow instantiation of an
ESP SA that employs both a NULL encryption and a NULL authentication
algorithm. An attempt to negotiate such an SA is an auditable event.

5.1.2 Header Construction for Tunnel Mode

This section describes the handling of the inner and outer IP
headers, extension headers, and options for AH and ESP tunnels. This
includes how to construct the encapsulating (outer) IP header, how to
handle fields in the inner IP header, and what other actions should
be taken. The general idea is modeled after the one used in RFC
2003, "IP Encapsulation with IP":

o The outer IP header Source Address and Destination Address
identify the "endpoints" of the tunnel (the encapsulator and
decapsulator). The inner IP header Source Address and
Destination Addresses identify the original sender and
recipient of the datagram, (from the perspective of this
tunnel), respectively. (see footnote 3 after the table in
5.1.2.1 for more details on the encapsulating source IP
address.)
o The inner IP header is not changed except to decrement the TTL
as noted below, and remains unchanged during its delivery to
the tunnel exit point.
o No change to IP options or extension headers in the inner
header occurs during delivery of the encapsulated datagram
through the tunnel.
o If need be, other protocol headers such as the IP
Authentication header may be inserted between the outer IP
header and the inner IP header.

The tables in the following sub-sections show the handling for the
different header/option fields (constructed = the value in the outer
field is constructed independently of the value in the inner).

5.1.2.1 IPv4 -- Header Construction for Tunnel Mode

<-- How Outer Hdr Relates to Inner Hdr -->
Outer Hdr at Inner Hdr at
IPv4 Encapsulator Decapsulator
Header fields: -------------------- ------------
version 4 (1) no change
header length constructed no change
TOS copied from inner hdr (5) no change
total length constructed no change
ID constructed no change
flags (DF,MF) constructed, DF (4) no change
fragmt offset constructed no change

TTL constructed (2) decrement (2)
protocol AH, ESP, routing hdr no change
checksum constructed constructed (2)
src address constructed (3) no change
dest address constructed (3) no change
Options never copied no change

1. The IP version in the encapsulating header can be different
from the value in the inner header.

2. The TTL in the inner header is decremented by the
encapsulator prior to forwarding and by the decapsulator if
it forwards the packet. (The checksum changes when the TTL
changes.)

Note: The decrementing of the TTL is one of the usual actions
that takes place when forwarding a packet. Packets
originating from the same node as the encapsulator do not
have their TTL's decremented, as the sending node is
originating the packet rather than forwarding it.

3. src and dest addresses depend on the SA, which is used to
determine the dest address which in turn determines which src
address (net interface) is used to forward the packet.

NOTE: In principle, the encapsulating IP source address can
be any of the encapsulator's interface addresses or even an
address different from any of the encapsulator's IP
addresses, (e.g., if it's acting as a NAT box) so long as the
address is reachable through the encapsulator from the
environment into which the packet is sent. This does not
cause a problem because IPsec does not currently have any
INBOUND processing requirement that involves the Source
Address of the encapsulating IP header. So while the
receiving tunnel endpoint looks at the Destination Address in
the encapsulating IP header, it only looks at the Source
Address in the inner (encapsulated) IP header.

4. configuration determines whether to copy from the inner
header (IPv4 only), clear or set the DF.

5. If Inner Hdr is IPv4 (Protocol = 4), copy the TOS. If Inner
Hdr is IPv6 (Protocol = 41), map the Class to TOS.

5.1.2.2 IPv6 -- Header Construction for Tunnel Mode

See previous section 5.1.2 for notes 1-5 indicated by (footnote
number).

<-- How Outer Hdr Relates Inner Hdr --->
Outer Hdr at Inner Hdr at
IPv6 Encapsulator Decapsulator
Header fields: -------------------- ------------
version 6 (1) no change
class copied or configured (6) no change
flow id copied or configured no change
len constructed no change
next header AH,ESP,routing hdr no change
hop limit constructed (2) decrement (2)
src address constructed (3) no change
dest address constructed (3) no change
Extension headers never copied no change

6. If Inner Hdr is IPv6 (Next Header = 41), copy the Class. If
Inner Hdr is IPv4 (Next Header = 4), map the TOS to Class.

5.2 Processing Inbound IP Traffic

Prior to performing AH or ESP processing, any IP fragments are
reassembled. Each inbound IP datagram to which IPsec processing will
be applied is identified by the appearance of the AH or ESP values in
the IP Next Protocol field (or of AH or ESP as an extension header in
the IPv6 context).

Note: Appendix C contains sample code for a bitmask check for a 32
packet window that can be used for implementing anti-replay service.

5.2.1 Selecting and Using an SA or SA Bundle

Mapping the IP datagram to the appropriate SA is simplified because
of the presence of the SPI in the AH or ESP header. Note that the
selector checks are made on the inner headers not the outer (tunnel)
headers. The steps followed are:

1. Use the packet's destination address (outer IP header),
IPsec protocol, and SPI to look up the SA in the SAD. If
the SA lookup fails, drop the packet and log/report the
error.

2. Use the SA found in (1) to do the IPsec processing, e.g.,
authenticate and decrypt. This step includes matching the
packet's (Inner Header if tunneled) selectors to the
selectors in the SA. Local policy determines the
specificity of the SA selectors (single value, list,
range, wildcard). In general, a packet's source address
MUST match the SA selector value. However, an ICMP packet
received on a tunnel mode SA may have a source address

other than that bound to the SA and thus such packets
should be permitted as exceptions to this check. For an
ICMP packet, the selectors from the enclosed problem
packet (the source and destination addresses and ports
should be swapped) should be checked against the selectors
for the SA. Note that some or all of these selectors may
be inaccessible because of limitations on how many bits of
the problem packet the ICMP packet is allowed to carry or
due to encryption. See Section 6.

Do (1) and (2) for every IPsec header until a Transport
Protocol Header or an IP header that is NOT for this
system is encountered. Keep track of what SAs have been
used and their order of application.

3. Find an incoming policy in the SPD that matches the
packet. This could be done, for example, by use of
backpointers from the SAs to the SPD or by matching the
packet's selectors (Inner Header if tunneled) against
those of the policy entries in the SPD.

4. Check whether the required IPsec processing has been
applied, i.e., verify that the SA's found in (1) and (2)
match the kind and order of SAs required by the policy
found in (3).

NOTE: The correct "matching" policy will not necessarily
be the first inbound policy found. If the check in (4)
fails, steps (3) and (4) are repeated until all policy
entries have been checked or until the check succeeds.

At the end of these steps, pass the resulting packet to the Transport
Layer or forward the packet. Note that any IPsec headers processed
in these steps may have been removed, but that this information,
i.e., what SAs were used and the order of their application, may be
needed for subsequent IPsec or firewall processing.

Note that in the case of a security gateway, if forwarding causes a
packet to exit via an IPsec-enabled interface, then additional IPsec
processing may be applied.

5.2.2 Handling of AH and ESP tunnels

The handling of the inner and outer IP headers, extension headers,
and options for AH and ESP tunnels should be performed as described
in the tables in Section 5.1.

6. ICMP Processing (relevant to IPsec)

The focus of this section is on the handling of ICMP error messages.
Other ICMP traffic, e.g., Echo/Reply, should be treated like other
traffic and can be protected on an end-to-end basis using SAs in the
usual fashion.

An ICMP error message protected by AH or ESP and generated by a
router SHOULD be processed and forwarded in a tunnel mode SA. Local
policy determines whether or not it is subjected to source address
checks by the router at the destination end of the tunnel. Note that
if the router at the originating end of the tunnel is forwarding an
ICMP error message from another router, the source address check
would fail. An ICMP message protected by AH or ESP and generated by
a router MUST NOT be forwarded on a transport mode SA (unless the SA
has been established to the router acting as a host, e.g., a Telnet
connection used to manage a router). An ICMP message generated by a
host SHOULD be checked against the source IP address selectors bound
to the SA in which the message arrives. Note that even if the source
of an ICMP error message is authenticated, the returned IP header
could be invalid. Accordingly, the selector values in the IP header
SHOULD also be checked to be sure that they are consistent with the
selectors for the SA over which the ICMP message was received.

The table in Appendix D characterize ICMP messages as being either
host generated, router generated, both, unknown/unassigned. ICMP
messages falling into the last two categories should be handled as
determined by the receiver's policy.

An ICMP message not protected by AH or ESP is unauthenticated and its
processing and/or forwarding may result in denial of service. This
suggests that, in general, it would be desirable to ignore such
messages. However, it is expected that many routers (vs. security
gateways) will not implement IPsec for transit traffic and thus
strict adherence to this rule would cause many ICMP messages to be
discarded. The result is that some critical IP functions would be
lost, e.g., redirection and PMTU processing. Thus it MUST be
possible to configure an IPsec implementation to accept or reject
(router) ICMP traffic as per local security policy.

The remainder of this section addresses how PMTU processing MUST be
performed at hosts and security gateways. It addresses processing of
both authenticated and unauthenticated ICMP PMTU messages. However,
as noted above, unauthenticated ICMP messages MAY be discarded based
on local policy.

6.1 PMTU/DF Processing

6.1.1 DF Bit

In cases where a system (host or gateway) adds an encapsulating
header (ESP tunnel or AH tunnel), it MUST support the option of
copying the DF bit from the original packet to the encapsulating
header (and processing ICMP PMTU messages). This means that it MUST
be possible to configure the system's treatment of the DF bit (set,
clear, copy from encapsulated header) for each interface. (See
Appendix B for rationale.)

6.1.2 Path MTU Discovery (PMTU)

This section discusses IPsec handling for Path MTU Discovery
messages. ICMP PMTU is used here to refer to an ICMP message for:

IPv4 (RFC 792):
- Type = 3 (Destination Unreachable)
- Code = 4 (Fragmentation needed and DF set)
- Next-Hop MTU in the low-order 16 bits of the second
word of the ICMP header (labelled "unused" in RFC
792), with high-order 16 bits set to zero

IPv6 (RFC 1885):
- Type = 2 (Packet Too Big)
- Code = 0 (Fragmentation needed)
- Next-Hop MTU in the 32 bit MTU field of the ICMP6
message

6.1.2.1 Propagation of PMTU

The amount of information returned with the ICMP PMTU message (IPv4
or IPv6) is limited and this affects what selectors are available for
use in further propagating the PMTU information. (See Appendix B for
more detailed discussion of this topic.)

o PMTU message with 64 bits of IPsec header -- If the ICMP PMTU
message contains only 64 bits of the IPsec header (minimum for
IPv4), then a security gateway MUST support the following options
on a per SPI/SA basis:

a. if the originating host can be determined (or the possible
sources narrowed down to a manageable number), send the PM
information to all the possible originating hosts.
b. if the originating host cannot be determined, store the PMTU
with the SA and wait until the next packet(s) arrive from the
originating host for the relevant security association. If

the packet(s) are bigger than the PMTU, drop the packet(s),
and compose ICMP PMTU message(s) with the new packet(s) and
the updated PMTU, and send the ICMP message(s) about the
problem to the originating host. Retain the PMTU information
for any message that might arrive subsequently (see Section
6.1.2.4, "PMTU Aging").

o PMTU message with >64 bits of IPsec header -- If the ICMP message
contains more information from the original packet then there may
be enough non-opaque information to immediately determine to which
host to propagate the ICMP/PMTU message and to provide that system
with the 5 fields (source address, destination address, source
port, destination port, transport protocol) needed to determine
where to store/update the PMTU. Under such circumstances, a
security gateway MUST generate an ICMP PMTU message immediately
upon receipt of an ICMP PMTU from further down the path.

o Distributing the PMTU to the Transport Layer -- The host mechanism
for getting the updated PMTU to the transport layer is unchanged,
as specified in RFC 1191 (Path MTU Discovery).

6.1.2.2 Calculation of PMTU

The calculation of PMTU from an ICMP PMTU MUST take into account the
addition of any IPsec header -- AH transport, ESP transport, AH/ESP
transport, ESP tunnel, AH tunnel. (See Appendix B for discussion of
implementation issues.)

Note: In some situations the addition of IPsec headers could result
in an effective PMTU (as seen by the host or application) that is
unacceptably small. To avoid this problem, the implementation may
establish a threshold below which it will not report a reduced PMTU.
In such cases, the implementation would apply IPsec and then fragment
the resulting packet according to the PMTU. This would result in a
more efficient use of the available bandwidth.

6.1.2.3 Granularity of PMTU Processing

In hosts, the granularity with which ICMP PMTU processing can be done
differs depending on the implementation situation. Looking at a
host, there are 3 situations that are of interest with respect to
PMTU issues (See Appendix B for additional details on this topic.):

a. Integration of IPsec into the native IP implementation
b. Bump-in-the-stack implementations, where IPsec is implemented
"underneath" an existing implementation of a TCP/IP protocol
stack, between the native IP and the local network drivers

c. No IPsec implementation -- This case is included because it
is relevant in cases where a security gateway is sending PMTU
information back to a host.

Only in case (a) can the PMTU data be maintained at the same
granularity as communication associations. In (b) and (c), the IP
layer will only be able to maintain PMTU data at the granularity of
source and destination IP addresses (and optionally TOS), as
described in RFC 1191. This is an important difference, because more
than one communication association may map to the same source and
destination IP addresses, and each communication association may have
a different amount of IPsec header overhead (e.g., due to use of
different transforms or different algorithms).

Implementation of the calculation of PMTU and support for PMTUs at
the granularity of individual communication associations is a local
matter. However, a socket-based implementation of IPsec in a host
SHOULD maintain the information on a per socket basis. Bump in the
stack systems MUST pass an ICMP PMTU to the host IP implementation,
after adjusting it for any IPsec header overhead added by these
systems. The calculation of the overhead SHOULD be determined by
analysis of the SPI and any other selector information present in a
returned ICMP PMTU message.

6.1.2.4 PMTU Aging

In all systems (host or gateway) implementing IPsec and maintaining
PMTU information, the PMTU associated with a security association
(transport or tunnel) MUST be "aged" and some mechanism put in place
for updating the PMTU in a timely manner, especially for discovering
if the PMTU is smaller than it needs to be. A given PMTU has to
remain in place long enough for a packet to get from the source end
of the security association to the system at the other end of the
security association and propagate back an ICMP error message if the
current PMTU is too big. Note that if there are nested tunnels,
multiple packets and round trip times might be required to get an
ICMP message back to an encapsulator or originating host.

Systems SHOULD use the approach described in the Path MTU Discovery
document (RFC 1191, Section 6.3), which suggests periodically
resetting the PMTU to the first-hop data-link MTU and then letting
the normal PMTU Discovery processes update the PMTU as necessary.
The period SHOULD be configurable.

7. Auditing

Not all systems that implement IPsec will implement auditing. For
the most part, the granularity of auditing is a local matter.
However, several auditable events are identified in the AH and ESP
specifications and for each of these events a minimum set of
information that SHOULD be included in an audit log is defined.
Additional information also MAY be included in the audit log for each
of these events, and additional events, not explicitly called out in
this specification, also MAY result in audit log entries. There is
no requirement for the receiver to transmit any message to the
purported transmitter in response to the detection of an auditable
event, because of the potential to induce denial of service via such
action.

8. Use in Systems Supporting Information Flow Security

Information of various sensitivity levels may be carried over a
single network. Information labels (e.g., Unclassified, Company
Proprietary, Secret) [DoD85, DoD87] are often employed to distinguish
such information. The use of labels facilitates segregation of
information, in support of information flow security models, e.g.,
the Bell-LaPadula model [BL73]. Such models, and corresponding
supporting technology, are designed to prevent the unauthorized flow
of sensitive information, even in the face of Trojan Horse attacks.
Conventional, discretionary access control (DAC) mechanisms, e.g.,
based on access control lists, generally are not sufficient to
support such policies, and thus facilities such as the SPD do not
suffice in such environments.

In the military context, technology that supports such models is
often referred to as multi-level security (MLS). Computers and
networks often are designated "multi-level secure" if they support
the separation of labelled data in conjunction with information flow
security policies. Although such technology is more broadly
applicable than just military applications, this document uses the
acronym "MLS" to designate the technology, consistent with much
extant literature.

IPsec mechanisms can easily support MLS networking. MLS networking
requires the use of strong Mandatory Access Controls (MAC), which
unprivileged users or unprivileged processes are incapable of
controlling or violating. This section pertains only to the use of
these IP security mechanisms in MLS (information flow security
policy) environments. Nothing in this section applies to systems not
claiming to provide MLS.

As used in this section, "sensitivity information" might include
implementation-defined hierarchic levels, categories, and/or
releasability information.

AH can be used to provide strong authentication in support of
mandatory access control decisions in MLS environments. If explicit
IP sensitivity information (e.g., IPSO [Ken91]) is used and
confidentiality is not considered necessary within the particular
operational environment, AH can be used to authenticate the binding
between sensitivity labels in the IP header and the IP payload
(including user data). This is a significant improvement over
labeled IPv4 networks where the sensitivity information is trusted
even though there is no authentication or cryptographic binding of
the information to the IP header and user data. IPv4 networks might
or might not use explicit labelling. IPv6 will normally use implicit
sensitivity information that is part of the IPsec Security
Association but not transmitted with each packet instead of using
explicit sensitivity information. All explicit IP sensitivity
information MUST be authenticated using either ESP, AH, or both.

Encryption is useful and can be desirable even when all of the hosts
are within a protected environment, for example, behind a firewall or
disjoint from any external connectivity. ESP can be used, in
conjunction with appropriate key management and encryption
algorithms, in support of both DAC and MAC. (The choice of
encryption and authentication algorithms, and the assurance level of
an IPsec implementation will determine the environments in which an
implementation may be deemed sufficient to satisfy MLS requirements.)
Key management can make use of sensitivity information to provide
MAC. IPsec implementations on systems claiming to provide MLS SHOULD
be capable of using IPsec to provide MAC for IP-based communications.

8.1 Relationship Between Security Associations and Data Sensitivity

Both the Encapsulating Security Payload and the Authentication Header
can be combined with appropriate Security Association policies to
provide multi-level secure networking. In this case each SA (or SA
bundle) is normally used for only a single instance of sensitivity
information. For example, "PROPRIETARY - Internet Engineering" must
be associated with a different SA (or SA bundle) from "PROPRIETARY -
Finance".

8.2 Sensitivity Consistency Checking

An MLS implementation (both host and router) MAY associate
sensitivity information, or a range of sensitivity information with
an interface, or a configured IP address with its associated prefix
(the latter is sometimes referred to as a logical interface, or an

interface alias). If such properties exist, an implementation SHOULD
compare the sensitivity information associated with the packet
against the sensitivity information associated with the interface or
address/prefix from which the packet arrived, or through which the
packet will depart. This check will either verify that the
sensitivities match, or that the packet's sensitivity falls within
the range of the interface or address/prefix.

The checking SHOULD be done on both inbound and outbound processing.

8.3 Additional MLS Attributes for Security Association Databases

Section 4.4 discussed two Security Association databases (the
Security Policy Database (SPD) and the Security Association Database
(SAD)) and the associated policy selectors and SA attributes. MLS
networking introduces an additional selector/attribute:

- Sensitivity information.

The Sensitivity information aids in selecting the appropriate
algorithms and key strength, so that the traffic gets a level of
protection appropriate to its importance or sensitivity as described
in section 8.1. The exact syntax of the sensitivity information is
implementation defined.

8.4 Additional Inbound Processing Steps for MLS Networking

After an inbound packet has passed through IPsec processing, an MLS
implementation SHOULD first check the packet's sensitivity (as
defined by the SA (or SA bundle) used for the packet) with the
interface or address/prefix as described in section 8.2 before
delivering the datagram to an upper-layer protocol or forwarding it.

The MLS system MUST retain the binding between the data received in
an IPsec protected packet and the sensitivity information in the SA
or SAs used for processing, so appropriate policy decisions can be
made when delivering the datagram to an application or forwarding
engine. The means for maintaining this binding are implementation
specific.

8.5 Additional Outbound Processing Steps for MLS Networking

An MLS implementation of IPsec MUST perform two additional checks
besides the normal steps detailed in section 5.1.1. When consulting
the SPD or the SAD to find an outbound security association, the MLS
implementation MUST use the sensitivity of the data to select an

appropriate outbound SA or SA bundle. The second check comes before
forwarding the packet out to its destination, and is the sensitivity
consistency checking described in section 8.2.

8.6 Additional MLS Processing for Security Gateways

An MLS security gateway MUST follow the previously mentioned inbound
and outbound processing rules as well as perform some additional
processing specific to the intermediate protection of packets in an
MLS environment.

A security gateway MAY act as an outbound proxy, creating SAs for MLS
systems that originate packets forwarded by the gateway. These MLS
systems may explicitly label the packets to be forwarded, or the
whole originating network may have sensitivity characteristics
associated with it. The security gateway MUST create and use
appropriate SAs for AH, ESP, or both, to protect such traffic it
forwards.

Similarly such a gateway SHOULD accept and process inbound AH and/or
ESP packets and forward appropriately, using explicit packet
labeling, or relying on the sensitivity characteristics of the
destination network.

9. Performance Issues

The use of IPsec imposes computational performance costs on the hosts
or security gateways that implement these protocols. These costs are
associated with the memory needed for IPsec code and data structures,
and the computation of integrity check values, encryption and
decryption, and added per-packet handling. The per-packet
computational costs will be manifested by increased latency and,
possibly, reduced throughout. Use of SA/key management protocols,
especially ones that employ public key cryptography, also adds
computational performance costs to use of IPsec. These per-
association computational costs will be manifested in terms of
increased latency in association establishment. For many hosts, it
is anticipated that software-based cryptography will not appreciably
reduce throughput, but hardware may be required for security gateways
(since they represent aggregation points), and for some hosts.

The use of IPsec also imposes bandwidth utilization costs on
transmission, switching, and routing components of the Internet
infrastructure, components not implementing IPsec. This is due to
the increase in the packet size resulting from the addition of AH
and/or ESP headers, AH and ESP tunneling (which adds a second IP
header), and the increased packet traffic associated with key
management protocols. It is anticipated that, in most instances,

this increased bandwidth demand will not noticeably affect the
Internet infrastructure. However, in some instances, the effects may
be significant, e.g., transmission of ESP encrypted traffic over a
dialup link that otherwise would have compressed the traffic.

Note: The initial SA establishment overhead will be felt in the first
packet. This delay could impact the transport layer and application.
For example, it could cause TCP to retransmit the SYN before the
ISAKMP exchange is done. The effect of the delay would be different
on UDP than TCP because TCP shouldn't transmit anything other than
the SYN until the connection is set up whereas UDP will go ahead and
transmit data beyond the first packet.

Note: As discussed earlier, compression can still be employed at
layers above IP. There is an IETF working group (IP Payload
Compression Protocol (ippcp)) working on "protocol specifications
that make it possible to perform lossless compression on individual
payloads before the payload is processed by a protocol that encrypts
it. These specifications will allow for compression operations to be
performed prior to the encryption of a payload by IPsec protocols."

10. Conformance Requirements

All IPv4 systems that claim to implement IPsec MUST comply with all
requirements of the Security Architecture document. All IPv6 systems
MUST comply with all requirements of the Security Architecture
document.

11. Security Considerations

The focus of this document is security; hence security considerations
permeate this specification.

12. Differences from RFC 1825

This architecture document differs substantially from RFC 1825 in
detail and in organization, but the fundamental notions are
unchanged. This document provides considerable additional detail in
terms of compliance specifications. It introduces the SPD and SAD,
and the notion of SA selectors. It is aligned with the new versions
of AH and ESP, which also differ from their predecessors. Specific
requirements for supported combinations of AH and ESP are newly
added, as are details of PMTU management.

Acknowledgements

Many of the concepts embodied in this specification were derived from
or influenced by the US Government's SP3 security protocol, ISO/IEC's
NLSP, the proposed swIPe security protocol [SDNS, ISO, IB93, IBK93],
and the work done for SNMP Security and SNMPv2 Security.

For over 3 years (although it sometimes seems *much* longer), this
document has evolved through multiple versions and iterations.
During this time, many people have contributed significant ideas and
energy to the process and the documents themselves. The authors
would like to thank Karen Seo for providing extensive help in the
review, editing, background research, and coordination for this
version of the specification. The authors would also like to thank
the members of the IPsec and IPng working groups, with special
mention of the efforts of (in alphabetic order): Steve Bellovin,
Steve Deering, James Hughes, Phil Karn, Frank Kastenholz, Perry
Metzger, David Mihelcic, Hilarie Orman, Norman Shulman, William
Simpson, Harry Varnis, and Nina Yuan.

Appendix A -- Glossary

This section provides definitions for several key terms that are
employed in this document. Other documents provide additional
definitions and background information relevant to this technology,
e.g., [VK83, HA94]. Included in this glossary are generic security
service and security mechanism terms, plus IPsec-specific terms.

Access Control
Access control is a security service that prevents unauthorized
use of a resource, including the prevention of use of a resource
in an unauthorized manner. In the IPsec context, the resource
to which access is being controlled is often:
o for a host, computing cycles or data
o for a security gateway, a network behind the gateway
or
bandwidth on that network.

Anti-replay
[See "Integrity" below]

Authentication
This term is used informally to refer to the combination of two
nominally distinct security services, data origin authentication
and connectionless integrity. See the definitions below for
each of these services.

Availability
Availability, when viewed as a security service, addresses the
security concerns engendered by attacks against networks that
deny or degrade service. For example, in the IPsec context, the
use of anti-replay mechanisms in AH and ESP support
availability.

Confidentiality
Confidentiality is the security service that protects data from
unauthorized disclosure. The primary confidentiality concern in
most instances is unauthorized disclosure of application level
data, but disclosure of the external characteristics of
communication also can be a concern in some circumstances.
Traffic flow confidentiality is the service that addresses this
latter concern by concealing source and destination addresses,
message length, or frequency of communication. In the IPsec
context, using ESP in tunnel mode, especially at a security
gateway, can provide some level of traffic flow confidentiality.
(See also traffic analysis, below.)

Encryption
Encryption is a security mechanism used to transform data from
an intelligible form (plaintext) into an unintelligible form
(ciphertext), to provide confidentiality. The inverse
transformation process is designated "decryption". Oftimes the
term "encryption" is used to generically refer to both
processes.

Data Origin Authentication
Data origin authentication is a security service that verifies
the identity of the claimed source of data. This service is
usually bundled with connectionless integrity service.

Integrity
Integrity is a security service that ensures that modifications
to data are detectable. Integrity comes in various flavors to
match application requirements. IPsec supports two forms of
integrity: connectionless and a form of partial sequence
integrity. Connectionless integrity is a service that detects
modification of an individual IP datagram, without regard to the
ordering of the datagram in a stream of traffic. The form of
partial sequence integrity offered in IPsec is referred to as
anti-replay integrity, and it detects arrival of duplicate IP
datagrams (within a constrained window). This is in contrast to
connection-oriented integrity, which imposes more stringent
sequencing requirements on traffic, e.g., to be able to detect
lost or re-ordered messages. Although authentication and
integrity services often are cited separately, in practice they
are intimately connected and almost always offered in tandem.

Security Association (SA)
A simplex (uni-directional) logical connection, created for
security purposes. All traffic traversing an SA is provided the
same security processing. In IPsec, an SA is an internet layer
abstraction implemented through the use of AH or ESP.

Security Gateway
A security gateway is an intermediate system that acts as the
communications interface between two networks. The set of hosts
(and networks) on the external side of the security gateway is
viewed as untrusted (or less trusted), while the networks and
hosts and on the internal side are viewed as trusted (or more
trusted). The internal subnets and hosts served by a security
gateway are presumed to be trusted by virtue of sharing a
common, local, security administration. (See "Trusted
Subnetwork" below.) In the IPsec context, a security gateway is
a point at which AH and/or ESP is implemented in order to serve

a set of internal hosts, providing security services for these
hosts when they communicate with external hosts also employing
IPsec (either directly or via another security gateway).

SPI
Acronym for "Security Parameters Index". The combination of a
destination address, a security protocol, and an SPI uniquely
identifies a security association (SA, see above). The SPI is
carried in AH and ESP protocols to enable the receiving system
to select the SA under which a received packet will be
processed. An SPI has only local significance, as defined by
the creator of the SA (usually the receiver of the packet
carrying the SPI); thus an SPI is generally viewed as an opaque
bit string. However, the creator of an SA may choose to
interpret the bits in an SPI to facilitate local processing.

Traffic Analysis
The analysis of network traffic flow for the purpose of deducing
information that is useful to an adversary. Examples of such
information are frequency of transmission, the identities of the
conversing parties, sizes of packets, flow identifiers, etc.
[Sch94]

Trusted Subnetwork
A subnetwork containing hosts and routers that trust each other
not to engage in active or passive attacks. There also is an
assumption that the underlying communications channel (e.g., a
LAN or CAN) isn't being attacked by other means.

Appendix B -- Analysis/Discussion of PMTU/DF/Fragmentation Issues

B.1 DF bit

In cases where a system (host or gateway) adds an encapsulating
header (e.g., ESP tunnel), should/must the DF bit in the original
packet be copied to the encapsulating header?

Fragmenting seems correct for some situations, e.g., it might be
appropriate to fragment packets over a network with a very small MTU,
e.g., a packet radio network, or a cellular phone hop to mobile node,
rather than propagate back a very small PMTU for use over the rest of
the path. In other situations, it might be appropriate to set the DF
bit in order to get feedback from later routers about PMTU
constraints which require fragmentation. The existence of both of
these situations argues for enabling a system to decide whether or
not to fragment over a particular network "link", i.e., for requiring
an implementation to be able to copy the DF bit (and to process ICMP
PMTU messages), but making it an option to be selected on a per
interface basis. In other words, an administrator should be able to
configure the router's treatment of the DF bit (set, clear, copy from
encapsulated header) for each interface.

Note: If a bump-in-the-stack implementation of IPsec attempts to
apply different IPsec algorithms based on source/destination ports,
it will be difficult to apply Path MTU adjustments.

B.2 Fragmentation

If required, IP fragmentation occurs after IPsec processing within an
IPsec implementation. Thus, transport mode AH or ESP is applied only
to whole IP datagrams (not to IP fragments). An IP packet to which
AH or ESP has been applied may itself be fragmented by routers en
route, and such fragments MUST be reassembled prior to IPsec
processing at a receiver. In tunnel mode, AH or ESP is applied to an
IP packet, the payload of which may be a fragmented IP packet. For
example, a security gateway, "bump-in-the-stack" (BITS), or "bump-
in-the-wire" (BITW) IPsec implementation may apply tunnel mode AH to
such fragments. Note that BITS or BITW implementations are examples
of where a host IPsec implementation might receive fragments to which
tunnel mode is to be applied. However, if transport mode is to be
applied, then these implementations MUST reassemble the fragments
prior to applying IPsec.

NOTE: IPsec always has to figure out what the encapsulating IP header
fields are. This is independent of where you insert IPsec and is
intrinsic to the definition of IPsec. Therefore any IPsec
implementation that is not integrated into an IP implementation must
include code to construct the necessary IP headers (e.g., IP2):

o AH-tunnel --> IP2-AH-IP1-Transport-Data
o ESP-tunnel --> IP2-ESP_hdr-IP1-Transport-Data-ESP_trailer

*********************************************************************

Overall, the fragmentation/reassembly approach described above works
for all cases examined.

AH Xport AH Tunnel ESP Xport ESP Tunnel
Implementation approach IPv4 IPv6 IPv4 IPv6 IPv4 IPv6 IPv4 IPv6
----------------------- ---- ---- ---- ---- ---- ---- ---- ----
Hosts (integr w/ IP stack) Y Y Y Y Y Y Y Y
Hosts (betw/ IP and drivers) Y Y Y Y Y Y Y Y
S. Gwy (integr w/ IP stack) Y Y Y Y
Outboard crypto processor *

* If the crypto processor system has its own IP address, then it
is covered by the security gateway case. This box receives
the packet from the host and performs IPsec processing. It
has to be able to handle the same AH, ESP, and related
IPv4/IPv6 tunnel processing that a security gateway would have
to handle. If it doesn't have it's own address, then it is
similar to the bump-in-the stack implementation between IP and
the network drivers.

The following analysis assumes that:

1. There is only one IPsec module in a given system's stack.
There isn't an IPsec module A (adding ESP/encryption and
thus) hiding the transport protocol, SRC port, and DEST port
from IPsec module B.
2. There are several places where IPsec could be implemented (as
shown in the table above).
a. Hosts with integration of IPsec into the native IP
implementation. Implementer has access to the source
for the stack.
b. Hosts with bump-in-the-stack implementations, where
IPsec is implemented between IP and the local network
drivers. Source access for stack is not available;
but there are well-defined interfaces that allows the
IPsec code to be incorporated into the system.

c. Security gateways and outboard crypto processors with
integration of IPsec into the stack.
3. Not all of the above approaches are feasible in all hosts.
But it was assumed that for each approach, there are some
hosts for whom the approach is feasible.

For each of the above 3 categories, there are IPv4 and IPv6, AH
transport and tunnel modes, and ESP transport and tunnel modes -- for
a total of 24 cases (3 x 2 x 4).

Some header fields and interface fields are listed here for ease of
reference -- they're not in the header order, but instead listed to
allow comparison between the columns. (* = not covered by AH
authentication. ESP authentication doesn't cover any headers that
precede it.)

IP/Transport Interface
IPv4 IPv6 (RFC 1122 -- Sec 3.4)
---- ---- ----------------------
Version = 4 Version = 6
Header Len
*TOS Class,Flow Lbl TOS
Packet Len Payload Len Len
ID ID (optional)
*Flags DF
*Offset
*TTL *Hop Limit TTL
Protocol Next Header
*Checksum
Src Address Src Address Src Address
Dst Address Dst Address Dst Address
Options? Options? Opt

? = AH covers Option-Type and Option-Length, but
might not cover Option-Data.

The results for each of the 20 cases is shown below ("works" = will
work if system fragments after outbound IPsec processing, reassembles
before inbound IPsec processing). Notes indicate implementation
issues.

a. Hosts (integrated into IP stack)
o AH-transport --> (IP1-AH-Transport-Data)
- IPv4 -- works
- IPv6 -- works
o AH-tunnel --> (IP2-AH-IP1-Transport-Data)
- IPv4 -- works
- IPv6 -- works

o ESP-transport --> (IP1-ESP_hdr-Transport-Data-ESP_trailer)
- IPv4 -- works
- IPv6 -- works
o ESP-tunnel --> (IP2-ESP_hdr-IP1-Transport-Data-ESP_trailer)
- IPv4 -- works
- IPv6 -- works

b. Hosts (Bump-in-the-stack) -- put IPsec between IP layer and
network drivers. In this case, the IPsec module would have to do
something like one of the following for fragmentation and
reassembly.
- do the fragmentation/reassembly work itself and
send/receive the packet directly to/from the network
layer. In AH or ESP transport mode, this is fine. In AH
or ESP tunnel mode where the tunnel end is at the ultimate
destination, this is fine. But in AH or ESP tunnel modes
where the tunnel end is different from the ultimate
destination and where the source host is multi-homed, this
approach could result in sub-optimal routing because the
IPsec module may be unable to obtain the information
needed (LAN interface and next-hop gateway) to direct the
packet to the appropriate network interface. This is not
a problem if the interface and next-hop gateway are the
same for the ultimate destination and for the tunnel end.
But if they are different, then IPsec would need to know
the LAN interface and the next-hop gateway for the tunnel
end. (Note: The tunnel end (security gateway) is highly
likely to be on the regular path to the ultimate
destination. But there could also be more than one path
to the destination, e.g., the host could be at an
organization with 2 firewalls. And the path being used
could involve the less commonly chosen firewall.) OR
- pass the IPsec'd packet back to the IP layer where an
extra IP header would end up being pre-pended and the
IPsec module would have to check and let IPsec'd fragments
go by.
OR
- pass the packet contents to the IP layer in a form such
that the IP layer recreates an appropriate IP header

At the network layer, the IPsec module will have access to the
following selectors from the packet -- SRC address, DST address,
Next Protocol, and if there's a transport layer header --> SRC
port and DST port. One cannot assume IPsec has access to the
Name. It is assumed that the available selector information is
sufficient to figure out the relevant Security Policy entry and
Security Association(s).

o AH-transport --> (IP1-AH-Transport-Data)
- IPv4 -- works
- IPv6 -- works
o AH-tunnel --> (IP2-AH-IP1-Transport-Data)
- IPv4 -- works
- IPv6 -- works
o ESP-transport --> (IP1-ESP_hdr-Transport-Data-ESP_trailer)
- IPv4 -- works
- IPv6 -- works
o ESP-tunnel --> (IP2-ESP_hdr-IP1-Transport-Data-ESP_trailer)
- IPv4 -- works
- IPv6 -- works

c. Security gateways -- integrate IPsec into the IP stack

NOTE: The IPsec module will have access to the following
selectors from the packet -- SRC address, DST address, Next
Protocol, and if there's a transport layer header --> SRC port
and DST port. It won't have access to the User ID (only Hosts
have access to User ID information.) Unlike some Bump-in-the-
stack implementations, security gateways may be able to look up
the Source Address in the DNS to provide a System Name, e.g., in
situations involving use of dynamically assigned IP addresses in
conjunction with dynamically updated DNS entries. It also won't
have access to the transport layer information if there is an ESP
header, or if it's not the first fragment of a fragmented
message. It is assumed that the available selector information
is sufficient to figure out the relevant Security Policy entry
and Security Association(s).

o AH-tunnel --> (IP2-AH-IP1-Transport-Data)
- IPv4 -- works
- IPv6 -- works
o ESP-tunnel --> (IP2-ESP_hdr-IP1-Transport-Data-ESP_trailer)
- IPv4 -- works
- IPv6 -- works

**********************************************************************

B.3 Path MTU Discovery

As mentioned earlier, "ICMP PMTU" refers to an ICMP message used for
Path MTU Discovery.

The legend for the diagrams below in B.3.1 and B.3.3 (but not B.3.2)
is:

==== = security association (AH or ESP, transport or tunnel)

---- = connectivity (or if so labelled, administrative boundary)
.... = ICMP message (hereafter referred to as ICMP PMTU) for

IPv4:
- Type = 3 (Destination Unreachable)
- Code = 4 (Fragmentation needed and DF set)
- Next-Hop MTU in the low-order 16 bits of the second
word of the ICMP header (labelled unused in RFC 792),
with high-order 16 bits set to zero

IPv6 (RFC 1885):
- Type = 2 (Packet Too Big)
- Code = 0 (Fragmentation needed and DF set)
- Next-Hop MTU in the 32 bit MTU field of the ICMP6

Hx = host x
Rx = router x
SGx = security gateway x
X* = X supports IPsec

B.3.1 Identifying the Originating Host(s)

The amount of information returned with the ICMP message is limited
and this affects what selectors are available to identify security
associations, originating hosts, etc. for use in further propagating
the PMTU information.

In brief... An ICMP message must contain the following information
from the "offending" packet:
- IPv4 (RFC 792) -- IP header plus a minimum of 64 bits

Accordingly, in the IPv4 context, an ICMP PMTU may identify only the
first (outermost) security association. This is because the ICMP
PMTU may contain only 64 bits of the "offending" packet beyond the IP
header, which would capture only the first SPI from AH or ESP. In
the IPv6 context, an ICMP PMTU will probably provide all the SPIs and
the selectors in the IP header, but maybe not the SRC/DST ports (in
the transport header) or the encapsulated (TCP, UDP, etc.) protocol.
Moreover, if ESP is used, the transport ports and protocol selectors
may be encrypted.

Looking at the diagram below of a security gateway tunnel (as
mentioned elsewhere, security gateways do not use transport mode)...

H1 =================== H3
\ | | /
H0 -- SG1* ---- R1 ---- SG2* ---- R2 -- H5
/ ^ | \
H2 |........| H4

Suppose that the security policy for SG1 is to use a single SA to SG2
for all the traffic between hosts H0, H1, and H2 and hosts H3, H4,
and H5. And suppose H0 sends a data packet to H5 which causes R1 to
send an ICMP PMTU message to SG1. If the PMTU message has only the
SPI, SG1 will be able to look up the SA and find the list of possible
hosts (H0, H1, H2, wildcard); but SG1 will have no way to figure out
that H0 sent the traffic that triggered the ICMP PMTU message.

original after IPsec ICMP
packet processing packet
-------- ----------- ------
IP-3 header (S = R1, D = SG1)
ICMP header (includes PMTU)
IP-2 header IP-2 header (S = SG1, D = SG2)
ESP header minimum of 64 bits of ESP hdr (*)
IP-1 header IP-1 header
TCP header TCP header
TCP data TCP data
ESP trailer

(*) The 64 bits will include enough of the ESP (or AH) header to
include the SPI.
- ESP -- SPI (32 bits), Seq number (32 bits)
- AH -- Next header (8 bits), Payload Len (8 bits),
Reserved (16 bits), SPI (32 bits)

This limitation on the amount of information returned with an ICMP
message creates a problem in identifying the originating hosts for
the packet (so as to know where to further propagate the ICMP PMTU
information). If the ICMP message contains only 64 bits of the IPsec
header (minimum for IPv4), then the IPsec selectors (e.g., Source and
Destination addresses, Next Protocol, Source and Destination ports,
etc.) will have been lost. But the ICMP error message will still
provide SG1 with the SPI, the PMTU information and the source and
destination gateways for the relevant security association.

The destination security gateway and SPI uniquely define a security
association which in turn defines a set of possible originating
hosts. At this point, SG1 could:

a. send the PMTU information to all the possible originating hosts.
This would not work well if the host list is a wild card or if
many/most of the hosts weren't sending to SG1; but it might work
if the SPI/destination/etc mapped to just one or a small number of
hosts.
b. store the PMTU with the SPI/etc and wait until the next packet(s)
arrive from the originating host(s) for the relevant security
association. If it/they are bigger than the PMTU, drop the
packet(s), and compose ICMP PMTU message(s) with the new packet(s)
and the updated PMTU, and send the originating host(s) the ICMP
message(s) about the problem. This involves a delay in notifying
the originating host(s), but avoids the problems of (a).

Since only the latter approach is feasible in all instances, a
security gateway MUST provide such support, as an option. However,
if the ICMP message contains more information from the original
packet, then there may be enough information to immediately determine
to which host to propagate the ICMP/PMTU message and to provide that
system with the 5 fields (source address, destination address, source
port, destination port, and transport protocol) needed to determine
where to store/update the PMTU. Under such circumstances, a security
gateway MUST generate an ICMP PMTU message immediately upon receipt
of an ICMP PMTU from further down the path. NOTE: The Next Protocol
field may not be contained in the ICMP message and the use of ESP
encryption may hide the selector fields that have been encrypted.

B.3.2 Calculation of PMTU

The calculation of PMTU from an ICMP PMTU has to take into account
the addition of any IPsec header by H1 -- AH and/or ESP transport, or
ESP or AH tunnel. Within a single host, multiple applications may
share an SPI and nesting of security associations may occur. (See
Section 4.5 Basic Combinations of Security Associations for
description of the combinations that MUST be supported). The diagram
below illustrates an example of security associations between a pair
of hosts (as viewed from the perspective of one of the hosts.) (ESPx
or AHx = transport mode)

Socket 1 -------------------------|
|
Socket 2 (ESPx/SPI-A) ---------- AHx (SPI-B) -- Internet

In order to figure out the PMTU for each socket that maps to SPI-B,
it will be necessary to have backpointers from SPI-B to each of the 2
paths that lead to it -- Socket 1 and Socket 2/SPI-A.

B.3.3 Granularity of Maintaining PMTU Data

In hosts, the granularity with which PMTU ICMP processing can be done
differs depending on the implementation situation. Looking at a
host, there are three situations that are of interest with respect to
PMTU issues:

a. Integration of IPsec into the native IP implementation
b. Bump-in-the-stack implementations, where IPsec is implemented
"underneath" an existing implementation of a TCP/IP protocol
stack, between the native IP and the local network drivers
c. No IPsec implementation -- This case is included because it is
relevant in cases where a security gateway is sending PMTU
information back to a host.

Only in case (a) can the PMTU data be maintained at the same
granularity as communication associations. In the other cases, the
IP layer will maintain PMTU data at the granularity of Source and
Destination IP addresses (and optionally TOS/Class), as described in
RFC 1191. This is an important difference, because more than one
communication association may map to the same source and destination
IP addresses, and each communication association may have a different
amount of IPsec header overhead (e.g., due to use of different
transforms or different algorithms). The examples below illustrate
this.

In cases (a) and (b)... Suppose you have the following situation.
H1 is sending to H2 and the packet to be sent from R1 to R2 exceeds
the PMTU of the network hop between them.

==================================
| |
H1* --- R1 ----- R2 ---- R3 ---- H2*
^ |
|.......|

If R1 is configured to not fragment subscriber traffic, then R1 sends
an ICMP PMTU message with the appropriate PMTU to H1. H1's
processing would vary with the nature of the implementation. In case
(a) (native IP), the security services are bound to sockets or the
equivalent. Here the IP/IPsec implementation in H1 can store/update
the PMTU for the associated socket. In case (b), the IP layer in H1
can store/update the PMTU but only at the granularity of Source and
Destination addresses and possibly TOS/Class, as noted above. So the
result may be sub-optimal, since the PMTU for a given
SRC/DST/TOS/Class will be the subtraction of the largest amount of
IPsec header used for any communication association between a given
source and destination.

In case (c), there has to be a security gateway to have any IPsec
processing. So suppose you have the following situation. H1 is
sending to H2 and the packet to be sent from SG1 to R exceeds the
PMTU of the network hop between them.

================
| |
H1 ---- SG1* --- R --- SG2* ---- H2
^ |
|.......|

As described above for case (b), the IP layer in H1 can store/update
the PMTU but only at the granularity of Source and Destination
addresses, and possibly TOS/Class. So the result may be sub-optimal,
since the PMTU for a given SRC/DST/TOS/Class will be the subtraction
of the largest amount of IPsec header used for any communication
association between a given source and destination.

B.3.4 Per Socket Maintenance of PMTU Data

Implementation of the calculation of PMTU (Section B.3.2) and support
for PMTUs at the granularity of individual "communication
associations" (Section B.3.3) is a local matter. However, a socket-
based implementation of IPsec in a host SHOULD maintain the
information on a per socket basis. Bump in the stack systems MUST
pass an ICMP PMTU to the host IP implementation, after adjusting it
for any IPsec header overhead added by these systems. The
determination of the overhead SHOULD be determined by analysis of the
SPI and any other selector information present in a returned ICMP
PMTU message.

B.3.5 Delivery of PMTU Data to the Transport Layer

The host mechanism for getting the updated PMTU to the transport
layer is unchanged, as specified in RFC 1191 (Path MTU Discovery).

B.3.6 Aging of PMTU Data

This topic is covered in Section 6.1.2.4.

Appendix C -- Sequence Space Window Code Example

This appendix contains a routine that implements a bitmask check for
a 32 packet window. It was provided by James Hughes
(jim_hughes@stortek.com) and Harry Varnis (hgv@anubis.network.com)
and is intended as an implementation example. Note that this code
both checks for a replay and updates the window. Thus the algorithm,
as shown, should only be called AFTER the packet has been
authenticated. Implementers might wish to consider splitting the
code to do the check for replays before computing the ICV. If the
packet is not a replay, the code would then compute the ICV, (discard
any bad packets), and if the packet is OK, update the window.

#include <stdio.h>
#include <stdlib.h>
typedef unsigned long u_long;

enum {
ReplayWindowSize = 32
};

u_long bitmap = 0; /* session state - must be 32 bits */
u_long lastSeq = 0; /* session state */

/* Returns 0 if packet disallowed, 1 if packet permitted */
int ChkReplayWindow(u_long seq);

int ChkReplayWindow(u_long seq) {
u_long diff;

if (seq == 0) return 0; /* first == 0 or wrapped */
if (seq > lastSeq) { /* new larger sequence number */
diff = seq - lastSeq;
if (diff < ReplayWindowSize) { /* In window */
bitmap <<= diff;
bitmap |= 1; /* set bit for this packet */
} else bitmap = 1; /* This packet has a "way larger" */
lastSeq = seq;
return 1; /* larger is good */
}
diff = lastSeq - seq;
if (diff >= ReplayWindowSize) return 0; /* too old or wrapped */
if (bitmap & ((u_long)1 << diff)) return 0; /* already seen */
bitmap |= ((u_long)1 << diff); /* mark as seen */
return 1; /* out of order but good */
}

char string_buffer[512];

#define STRING_BUFFER_SIZE sizeof(string_buffer)

int main() {
int result;
u_long last, current, bits;

printf("Input initial state (bits in hex, last msgnum):\n");
if (!fgets(string_buffer, STRING_BUFFER_SIZE, stdin)) exit(0);
sscanf(string_buffer, "%lx %lu", &bits, &last);
if (last != 0)
bits |= 1;
bitmap = bits;
lastSeq = last;
printf("bits:%08lx last:%lu\n", bitmap, lastSeq);
printf("Input value to test (current):\n");

while (1) {
if (!fgets(string_buffer, STRING_BUFFER_SIZE, stdin)) break;
sscanf(string_buffer, "%lu", ¤t);
result = ChkReplayWindow(current);
printf("%-3s", result ? "OK" : "BAD");
printf(" bits:%08lx last:%lu\n", bitmap, lastSeq);
}
return 0;
}

Appendix D -- Categorization of ICMP messages

The tables below characterize ICMP messages as being either host
generated, router generated, both, unassigned/unknown. The first set
are IPv4. The second set are IPv6.

IPv4

Type Name/Codes Reference
========================================================================
HOST GENERATED:
3 Destination Unreachable
2 Protocol Unreachable [RFC792]
3 Port Unreachable [RFC792]
8 Source Host Isolated [RFC792]
14 Host Precedence Violation [RFC1812]
10 Router Selection [RFC1256]

Type Name/Codes Reference
========================================================================
ROUTER GENERATED:
3 Destination Unreachable
0 Net Unreachable [RFC792]
4 Fragmentation Needed, Don't Fragment was Set [RFC792]
5 Source Route Failed [RFC792]
6 Destination Network Unknown [RFC792]
7 Destination Host Unknown [RFC792]
9 Comm. w/Dest. Net. is Administratively Prohibited [RFC792]
11 Destination Network Unreachable for Type of Service[RFC792]
5 Redirect
0 Redirect Datagram for the Network (or subnet) [RFC792]
2 Redirect Datagram for the Type of Service & Network[RFC792]
9 Router Advertisement [RFC1256]
18 Address Mask Reply [RFC950]

IPv4
Type Name/Codes Reference
========================================================================
BOTH ROUTER AND HOST GENERATED:
0 Echo Reply [RFC792]
3 Destination Unreachable
1 Host Unreachable [RFC792]
10 Comm. w/Dest. Host is Administratively Prohibited [RFC792]
12 Destination Host Unreachable for Type of Service [RFC792]
13 Communication Administratively Prohibited [RFC1812]
15 Precedence cutoff in effect [RFC1812]
4 Source Quench [RFC792]
5 Redirect
1 Redirect Datagram for the Host [RFC792]
3 Redirect Datagram for the Type of Service and Host [RFC792]
6 Alternate Host Address [JBP]
8 Echo [RFC792]
11 Time Exceeded [RFC792]
12 Parameter Problem [RFC792,RFC1108]
13 Timestamp [RFC792]
14 Timestamp Reply [RFC792]
15 Information Request [RFC792]
16 Information Reply [RFC792]
17 Address Mask Request [RFC950]
30 Traceroute [RFC1393]
31 Datagram Conversion Error [RFC1475]
32 Mobile Host Redirect [Johnson]
39 SKIP [Markson]
40 Photuris [Simpson]

Type Name/Codes Reference
========================================================================
UNASSIGNED TYPE OR UNKNOWN GENERATOR:
1 Unassigned [JBP]
2 Unassigned [JBP]
7 Unassigned [JBP]
19 Reserved (for Security) [Solo]
20-29 Reserved (for Robustness Experiment) [ZSu]
33 IPv6 Where-Are-You [Simpson]
34 IPv6 I-Am-Here [Simpson]
35 Mobile Registration Request [Simpson]
36 Mobile Registration Reply [Simpson]
37 Domain Name Request [Simpson]
38 Domain Name Reply [Simpson]
41-255 Reserved [JBP]

IPv6

Type Name/Codes Reference
========================================================================
HOST GENERATED:
1 Destination Unreachable [RFC 1885]
4 Port Unreachable

Type Name/Codes Reference
========================================================================
ROUTER GENERATED:
1 Destination Unreachable [RFC1885]
0 No Route to Destination
1 Comm. w/Destination is Administratively Prohibited
2 Not a Neighbor
3 Address Unreachable
2 Packet Too Big [RFC1885]
0
3 Time Exceeded [RFC1885]
0 Hop Limit Exceeded in Transit
1 Fragment reassembly time exceeded

Type Name/Codes Reference
========================================================================
BOTH ROUTER AND HOST GENERATED:
4 Parameter Problem [RFC1885]
0 Erroneous Header Field Encountered
1 Unrecognized Next Header Type Encountered
2 Unrecognized IPv6 Option Encountered

References

[BL73] Bell, D.E. & LaPadula, L.J., "Secure Computer Systems:
Mathematical Foundations and Model", Technical Report M74-
244, The MITRE Corporation, Bedford, MA, May 1973.

[Bra97] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Level", BCP 14, RFC 2119, March 1997.

[DoD85] US National Computer Security Center, "Department of
Defense Trusted Computer System Evaluation Criteria", DoD
5200.28-STD, US Department of Defense, Ft. Meade, MD.,
December 1985.

[DoD87] US National Computer Security Center, "Trusted Network
Interpretation of the Trusted Computer System Evaluation
Criteria", NCSC-TG-005, Version 1, US Department of
Defense, Ft. Meade, MD., 31 July 1987.

[HA94] Haller, N., and R. Atkinson, "On Internet Authentication",
RFC 1704, October 1994.

[HC98] Harkins, D., and D. Carrel, "The Internet Key Exchange
(IKE)", RFC 2409, November 1998.

[HM97] Harney, H., and C. Muckenhirn, "Group Key Management
Protocol (GKMP) Architecture", RFC 2094, July 1997.

[ISO] ISO/IEC JTC1/SC6, Network Layer Security Protocol, ISO-IEC
DIS 11577, International Standards Organisation, Geneva,
Switzerland, 29 November 1992.

[IB93] John Ioannidis and Matt Blaze, "Architecture and
Implementation of Network-layer Security Under Unix",
Proceedings of USENIX Security Symposium, Santa Clara, CA,
October 1993.

[IBK93] John Ioannidis, Matt Blaze, & Phil Karn, "swIPe: Network-
Layer Security for IP", presentation at the Spring 1993
IETF Meeting, Columbus, Ohio

[KA98a] Kent, S., and R. Atkinson, "IP Authentication Header", RFC
2402, November 1998.

[KA98b] Kent, S., and R. Atkinson, "IP Encapsulating Security
Payload (ESP)", RFC 2406, November 1998.

[Ken91] Kent, S., "US DoD Security Options for the Internet
Protocol", RFC 1108, November 1991.

[MSST97] Maughan, D., Schertler, M., Schneider, M., and J. Turner,
"Internet Security Association and Key Management Protocol
(ISAKMP)", RFC 2408, November 1998.

[Orm97] Orman, H., "The OAKLEY Key Determination Protocol", RFC
2412, November 1998.

[Pip98] Piper, D., "The Internet IP Security Domain of
Interpretation for ISAKMP", RFC 2407, November 1998.

[Sch94] Bruce Schneier, Applied Cryptography, Section 8.6, John
Wiley & Sons, New York, NY, 1994.

[SDNS] SDNS Secure Data Network System, Security Protocol 3, SP3,
Document SDN.301, Revision 1.5, 15 May 1989, published in
NIST Publication NIST-IR-90-4250, February 1990.

[SMPT98] Shacham, A., Monsour, R., Pereira, R., and M. Thomas, "IP
Payload Compression Protocol (IPComp)", RFC 2393, August
1998.

[TDG97] Thayer, R., Doraswamy, N., and R. Glenn, "IP Security
Document Roadmap", RFC 2411, November 1998.

[VK83] V.L. Voydock & S.T. Kent, "Security Mechanisms in High-
level Networks", ACM Computing Surveys, Vol. 15, No. 2,
June 1983.

Disclaimer

The views and specification expressed in this document are those of
the authors and are not necessarily those of their employers. The
authors and their employers specifically disclaim responsibility for
any problems arising from correct or incorrect implementation or use
of this design.

Author Information

Stephen Kent
BBN Corporation
70 Fawcett Street
Cambridge, MA 02140
USA

Phone: +1 (617) 873-3988
EMail: kent@bbn.com

Randall Atkinson
@Home Network
425 Broadway
Redwood City, CA 94063
USA

Phone: +1 (415) 569-5000
EMail: rja@corp.home.net

Copyright (C) The Internet Society (1998). All Rights Reserved.

This document and translations of it may be copied and furnished to
others, and derivative works that comment on or otherwise explain it
or assist in its implementation may be prepared, copied, published
and distributed, in whole or in part, without restriction of any
kind, provided that the above copyright notice and this paragraph are
included on all such copies and derivative works. However, this
document itself may not be modified in any way, such as by removing
the copyright notice or references to the Internet Society or other
Internet organizations, except as needed for the purpose of
developing Internet standards in which case the procedures for
copyrights defined in the Internet Standards process must be
followed, or as required to translate it into languages other than
English.

The limited permissions granted above are perpetual and will not be
revoked by the Internet Society or its successors or assigns.

This document and the information contained herein is provided on an
"AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.


RFC 1981 – Path MTU Discovery for IP version 6

 
Network Working Group                                          J. McCann
Request for Comments: 1981 Digital Equipment Corporation
Category: Standards Track S. Deering
Xerox PARC
J. Mogul
Digital Equipment Corporation
August 1996

Path MTU Discovery for IP version 6

Status of this Memo

This document specifies an Internet standards track protocol for the
Internet community, and requests discussion and suggestions for
improvements. Please refer to the current edition of the "Internet
Official Protocol Standards" (STD 1) for the standardization state
and status of this protocol. Distribution of this memo is unlimited.

Abstract

This document describes Path MTU Discovery for IP version 6. It is
largely derived from RFC 1191, which describes Path MTU Discovery for
IP version 4.

Table of Contents

1. Introduction.................................................2
2. Terminology..................................................2
3. Protocol overview............................................3
4. Protocol Requirements........................................4
5. Implementation Issues........................................5
5.1. Layering...................................................5
5.2. Storing PMTU information...................................6
5.3. Purging stale PMTU information.............................8
5.4. TCP layer actions..........................................9
5.5. Issues for other transport protocols......................11
5.6. Management interface......................................12
6. Security Considerations.....................................12
Acknowledgements...............................................13
Appendix A - Comparison to RFC 1191............................14
References.....................................................14
Authors' Addresses.............................................15

1. Introduction

When one IPv6 node has a large amount of data to send to another
node, the data is transmitted in a series of IPv6 packets. It is
usually preferable that these packets be of the largest size that can
successfully traverse the path from the source node to the
destination node. This packet size is referred to as the Path MTU
(PMTU), and it is equal to the minimum link MTU of all the links in a
path. IPv6 defines a standard mechanism for a node to discover the
PMTU of an arbitrary path.

IPv6 nodes SHOULD implement Path MTU Discovery in order to discover
and take advantage of paths with PMTU greater than the IPv6 minimum
link MTU [IPv6-SPEC]. A minimal IPv6 implementation (e.g., in a boot
ROM) may choose to omit implementation of Path MTU Discovery.

Nodes not implementing Path MTU Discovery use the IPv6 minimum link
MTU defined in [IPv6-SPEC] as the maximum packet size. In most
cases, this will result in the use of smaller packets than necessary,
because most paths have a PMTU greater than the IPv6 minimum link
MTU. A node sending packets much smaller than the Path MTU allows is
wasting network resources and probably getting suboptimal throughput.

2. Terminology

node - a device that implements IPv6.

router - a node that forwards IPv6 packets not explicitly
addressed to itself.

host - any node that is not a router.

upper layer - a protocol layer immediately above IPv6. Examples are
transport protocols such as TCP and UDP, control
protocols such as ICMP, routing protocols such as OSPF,
and internet or lower-layer protocols being "tunneled"
over (i.e., encapsulated in) IPv6 such as IPX,
AppleTalk, or IPv6 itself.

link - a communication facility or medium over which nodes can
communicate at the link layer, i.e., the layer
immediately below IPv6. Examples are Ethernets (simple
or bridged); PPP links; X.25, Frame Relay, or ATM
networks; and internet (or higher) layer "tunnels",
such as tunnels over IPv4 or IPv6 itself.

interface - a node's attachment to a link.

address - an IPv6-layer identifier for an interface or a set of
interfaces.

packet - an IPv6 header plus payload.

link MTU - the maximum transmission unit, i.e., maximum packet
size in octets, that can be conveyed in one piece over
a link.

path - the set of links traversed by a packet between a source
node and a destination node

path MTU - the minimum link MTU of all the links in a path between
a source node and a destination node.

PMTU - path MTU

Path MTU
Discovery - process by which a node learns the PMTU of a path

flow - a sequence of packets sent from a particular source
to a particular (unicast or multicast) destination for
which the source desires special handling by the
intervening routers.

flow id - a combination of a source address and a non-zero
flow label.

3. Protocol overview

This memo describes a technique to dynamically discover the PMTU of a
path. The basic idea is that a source node initially assumes that
the PMTU of a path is the (known) MTU of the first hop in the path.
If any of the packets sent on that path are too large to be forwarded
by some node along the path, that node will discard them and return
ICMPv6 Packet Too Big messages [ICMPv6]. Upon receipt of such a
message, the source node reduces its assumed PMTU for the path based
on the MTU of the constricting hop as reported in the Packet Too Big
message.

The Path MTU Discovery process ends when the node's estimate of the
PMTU is less than or equal to the actual PMTU. Note that several
iterations of the packet-sent/Packet-Too-Big-message-received cycle
may occur before the Path MTU Discovery process ends, as there may be
links with smaller MTUs further along the path.

Alternatively, the node may elect to end the discovery process by
ceasing to send packets larger than the IPv6 minimum link MTU.

The PMTU of a path may change over time, due to changes in the
routing topology. Reductions of the PMTU are detected by Packet Too
Big messages. To detect increases in a path's PMTU, a node
periodically increases its assumed PMTU. This will almost always
result in packets being discarded and Packet Too Big messages being
generated, because in most cases the PMTU of the path will not have
changed. Therefore, attempts to detect increases in a path's PMTU
should be done infrequently.

Path MTU Discovery supports multicast as well as unicast
destinations. In the case of a multicast destination, copies of a
packet may traverse many different paths to many different nodes.
Each path may have a different PMTU, and a single multicast packet
may result in multiple Packet Too Big messages, each reporting a
different next-hop MTU. The minimum PMTU value across the set of
paths in use determines the size of subsequent packets sent to the
multicast destination.

Note that Path MTU Discovery must be performed even in cases where a
node "thinks" a destination is attached to the same link as itself.
In a situation such as when a neighboring router acts as proxy [ND]
for some destination, the destination can to appear to be directly
connected but is in fact more than one hop away.

4. Protocol Requirements

As discussed in section 1, IPv6 nodes are not required to implement
Path MTU Discovery. The requirements in this section apply only to
those implementations that include Path MTU Discovery.

When a node receives a Packet Too Big message, it MUST reduce its
estimate of the PMTU for the relevant path, based on the value of the
MTU field in the message. The precise behavior of a node in this
circumstance is not specified, since different applications may have
different requirements, and since different implementation
architectures may favor different strategies.

After receiving a Packet Too Big message, a node MUST attempt to
avoid eliciting more such messages in the near future. The node MUST
reduce the size of the packets it is sending along the path. Using a
PMTU estimate larger than the IPv6 minimum link MTU may continue to
elicit Packet Too Big messages. Since each of these messages (and
the dropped packets they respond to) consume network resources, the
node MUST force the Path MTU Discovery process to end.

Nodes using Path MTU Discovery MUST detect decreases in PMTU as fast
as possible. Nodes MAY detect increases in PMTU, but because doing
so requires sending packets larger than the current estimated PMTU,

and because the likelihood is that the PMTU will not have increased,
this MUST be done at infrequent intervals. An attempt to detect an
increase (by sending a packet larger than the current estimate) MUST
NOT be done less than 5 minutes after a Packet Too Big message has
been received for the given path. The recommended setting for this
timer is twice its minimum value (10 minutes).

A node MUST NOT reduce its estimate of the Path MTU below the IPv6
minimum link MTU.

Note: A node may receive a Packet Too Big message reporting a
next-hop MTU that is less than the IPv6 minimum link MTU. In that
case, the node is not required to reduce the size of subsequent
packets sent on the path to less than the IPv6 minimun link MTU,
but rather must include a Fragment header in those packets [IPv6-
SPEC].

A node MUST NOT increase its estimate of the Path MTU in response to
the contents of a Packet Too Big message. A message purporting to
announce an increase in the Path MTU might be a stale packet that has
been floating around in the network, a false packet injected as part
of a denial-of-service attack, or the result of having multiple paths
to the destination, each with a different PMTU.

5. Implementation Issues

This section discusses a number of issues related to the
implementation of Path MTU Discovery. This is not a specification,
but rather a set of notes provided as an aid for implementors.

The issues include:

- What layer or layers implement Path MTU Discovery?

- How is the PMTU information cached?

- How is stale PMTU information removed?

- What must transport and higher layers do?

5.1. Layering

In the IP architecture, the choice of what size packet to send is
made by a protocol at a layer above IP. This memo refers to such a
protocol as a "packetization protocol". Packetization protocols are
usually transport protocols (for example, TCP) but can also be
higher-layer protocols (for example, protocols built on top of UDP).

Implementing Path MTU Discovery in the packetization layers
simplifies some of the inter-layer issues, but has several drawbacks:
the implementation may have to be redone for each packetization
protocol, it becomes hard to share PMTU information between different
packetization layers, and the connection-oriented state maintained by
some packetization layers may not easily extend to save PMTU
information for long periods.

It is therefore suggested that the IP layer store PMTU information
and that the ICMP layer process received Packet Too Big messages.
The packetization layers may respond to changes in the PMTU, by
changing the size of the messages they send. To support this
layering, packetization layers require a way to learn of changes in
the value of MMS_S, the "maximum send transport-message size". The
MMS_S is derived from the Path MTU by subtracting the size of the
IPv6 header plus space reserved by the IP layer for additional
headers (if any).

It is possible that a packetization layer, perhaps a UDP application
outside the kernel, is unable to change the size of messages it
sends. This may result in a packet size that exceeds the Path MTU.
To accommodate such situations, IPv6 defines a mechanism that allows
large payloads to be divided into fragments, with each fragment sent
in a separate packet (see [IPv6-SPEC] section "Fragment Header").
However, packetization layers are encouraged to avoid sending
messages that will require fragmentation (for the case against
fragmentation, see [FRAG]).

5.2. Storing PMTU information

Ideally, a PMTU value should be associated with a specific path
traversed by packets exchanged between the source and destination
nodes. However, in most cases a node will not have enough
information to completely and accurately identify such a path.
Rather, a node must associate a PMTU value with some local
representation of a path. It is left to the implementation to select
the local representation of a path.

In the case of a multicast destination address, copies of a packet
may traverse many different paths to reach many different nodes. The
local representation of the "path" to a multicast destination must in
fact represent a potentially large set of paths.

Minimally, an implementation could maintain a single PMTU value to be
used for all packets originated from the node. This PMTU value would
be the minimum PMTU learned across the set of all paths in use by the
node. This approach is likely to result in the use of smaller
packets than is necessary for many paths.

An implementation could use the destination address as the local
representation of a path. The PMTU value associated with a
destination would be the minimum PMTU learned across the set of all
paths in use to that destination. The set of paths in use to a
particular destination is expected to be small, in many cases
consisting of a single path. This approach will result in the use of
optimally sized packets on a per-destination basis. This approach
integrates nicely with the conceptual model of a host as described in
[ND]: a PMTU value could be stored with the corresponding entry in
the destination cache.

If flows [IPv6-SPEC] are in use, an implementation could use the flow
id as the local representation of a path. Packets sent to a
particular destination but belonging to different flows may use
different paths, with the choice of path depending on the flow id.
This approach will result in the use of optimally sized packets on a
per-flow basis, providing finer granularity than PMTU values
maintained on a per-destination basis.

For source routed packets (i.e. packets containing an IPv6 Routing
header [IPv6-SPEC]), the source route may further qualify the local
representation of a path. In particular, a packet containing a type
0 Routing header in which all bits in the Strict/Loose Bit Map are
equal to 1 contains a complete path specification. An implementation
could use source route information in the local representation of a
path.

Note: Some paths may be further distinguished by different
security classifications. The details of such classifications are
beyond the scope of this memo.

Initially, the PMTU value for a path is assumed to be the (known) MTU
of the first-hop link.

When a Packet Too Big message is received, the node determines which
path the message applies to based on the contents of the Packet Too
Big message. For example, if the destination address is used as the
local representation of a path, the destination address from the
original packet would be used to determine which path the message
applies to.

Note: if the original packet contained a Routing header, the
Routing header should be used to determine the location of the
destination address within the original packet. If Segments Left
is equal to zero, the destination address is in the Destination
Address field in the IPv6 header. If Segments Left is greater
than zero, the destination address is the last address
(Address[n]) in the Routing header.

The node then uses the value in the MTU field in the Packet Too Big
message as a tentative PMTU value, and compares the tentative PMTU to
the existing PMTU. If the tentative PMTU is less than the existing
PMTU estimate, the tentative PMTU replaces the existing PMTU as the
PMTU value for the path.

The packetization layers must be notified about decreases in the
PMTU. Any packetization layer instance (for example, a TCP
connection) that is actively using the path must be notified if the
PMTU estimate is decreased.

Note: even if the Packet Too Big message contains an Original
Packet Header that refers to a UDP packet, the TCP layer must be
notified if any of its connections use the given path.

Also, the instance that sent the packet that elicited the Packet Too
Big message should be notified that its packet has been dropped, even
if the PMTU estimate has not changed, so that it may retransmit the
dropped data.

Note: An implementation can avoid the use of an asynchronous
notification mechanism for PMTU decreases by postponing
notification until the next attempt to send a packet larger than
the PMTU estimate. In this approach, when an attempt is made to
SEND a packet that is larger than the PMTU estimate, the SEND
function should fail and return a suitable error indication. This
approach may be more suitable to a connectionless packetization
layer (such as one using UDP), which (in some implementations) may
be hard to "notify" from the ICMP layer. In this case, the normal
timeout-based retransmission mechanisms would be used to recover
from the dropped packets.

It is important to understand that the notification of the
packetization layer instances using the path about the change in the
PMTU is distinct from the notification of a specific instance that a
packet has been dropped. The latter should be done as soon as
practical (i.e., asynchronously from the point of view of the
packetization layer instance), while the former may be delayed until
a packetization layer instance wants to create a packet.
Retransmission should be done for only for those packets that are
known to be dropped, as indicated by a Packet Too Big message.

5.3. Purging stale PMTU information

Internetwork topology is dynamic; routes change over time. While the
local representation of a path may remain constant, the actual
path(s) in use may change. Thus, PMTU information cached by a node
can become stale.

If the stale PMTU value is too large, this will be discovered almost
immediately once a large enough packet is sent on the path. No such
mechanism exists for realizing that a stale PMTU value is too small,
so an implementation should "age" cached values. When a PMTU value
has not been decreased for a while (on the order of 10 minutes), the
PMTU estimate should be set to the MTU of the first-hop link, and the
packetization layers should be notified of the change. This will
cause the complete Path MTU Discovery process to take place again.

Note: an implementation should provide a means for changing the
timeout duration, including setting it to "infinity". For
example, nodes attached to an FDDI link which is then attached to
the rest of the Internet via a small MTU serial line are never
going to discover a new non-local PMTU, so they should not have to
put up with dropped packets every 10 minutes.

An upper layer must not retransmit data in response to an increase in
the PMTU estimate, since this increase never comes in response to an
indication of a dropped packet.

One approach to implementing PMTU aging is to associate a timestamp
field with a PMTU value. This field is initialized to a "reserved"
value, indicating that the PMTU is equal to the MTU of the first hop
link. Whenever the PMTU is decreased in response to a Packet Too Big
message, the timestamp is set to the current time.

Once a minute, a timer-driven procedure runs through all cached PMTU
values, and for each PMTU whose timestamp is not "reserved" and is
older than the timeout interval:

- The PMTU estimate is set to the MTU of the first hop link.

- The timestamp is set to the "reserved" value.

- Packetization layers using this path are notified of the increase.

5.4. TCP layer actions

The TCP layer must track the PMTU for the path(s) in use by a
connection; it should not send segments that would result in packets
larger than the PMTU. A simple implementation could ask the IP layer
for this value each time it created a new segment, but this could be
inefficient. Moreover, TCP implementations that follow the "slow-
start" congestion-avoidance algorithm [CONG] typically calculate and
cache several other values derived from the PMTU. It may be simpler
to receive asynchronous notification when the PMTU changes, so that
these variables may be updated.

A TCP implementation must also store the MSS value received from its
peer, and must not send any segment larger than this MSS, regardless
of the PMTU. In 4.xBSD-derived implementations, this may require
adding an additional field to the TCP state record.

The value sent in the TCP MSS option is independent of the PMTU.
This MSS option value is used by the other end of the connection,
which may be using an unrelated PMTU value. See [IPv6-SPEC] sections
"Packet Size Issues" and "Maximum Upper-Layer Payload Size" for
information on selecting a value for the TCP MSS option.

When a Packet Too Big message is received, it implies that a packet
was dropped by the node that sent the ICMP message. It is sufficient
to treat this as any other dropped segment, and wait until the
retransmission timer expires to cause retransmission of the segment.
If the Path MTU Discovery process requires several steps to find the
PMTU of the full path, this could delay the connection by many
round-trip times.

Alternatively, the retransmission could be done in immediate response
to a notification that the Path MTU has changed, but only for the
specific connection specified by the Packet Too Big message. The
packet size used in the retransmission should be no larger than the
new PMTU.

Note: A packetization layer must not retransmit in response to
every Packet Too Big message, since a burst of several oversized
segments will give rise to several such messages and hence several
retransmissions of the same data. If the new estimated PMTU is
still wrong, the process repeats, and there is an exponential
growth in the number of superfluous segments sent.

This means that the TCP layer must be able to recognize when a
Packet Too Big notification actually decreases the PMTU that it
has already used to send a packet on the given connection, and
should ignore any other notifications.

Many TCP implementations incorporate "congestion avoidance" and
"slow-start" algorithms to improve performance [CONG]. Unlike a
retransmission caused by a TCP retransmission timeout, a
retransmission caused by a Packet Too Big message should not change
the congestion window. It should, however, trigger the slow-start
mechanism (i.e., only one segment should be retransmitted until
acknowledgements begin to arrive again).

TCP performance can be reduced if the sender's maximum window size is
not an exact multiple of the segment size in use (this is not the
congestion window size, which is always a multiple of the segment

size). In many systems (such as those derived from 4.2BSD), the
segment size is often set to 1024 octets, and the maximum window size
(the "send space") is usually a multiple of 1024 octets, so the
proper relationship holds by default. If Path MTU Discovery is used,
however, the segment size may not be a submultiple of the send space,
and it may change during a connection; this means that the TCP layer
may need to change the transmission window size when Path MTU
Discovery changes the PMTU value. The maximum window size should be
set to the greatest multiple of the segment size that is less than or
equal to the sender's buffer space size.

5.5. Issues for other transport protocols

Some transport protocols (such as ISO TP4 [ISOTP]) are not allowed to
repacketize when doing a retransmission. That is, once an attempt is
made to transmit a segment of a certain size, the transport cannot
split the contents of the segment into smaller segments for
retransmission. In such a case, the original segment can be
fragmented by the IP layer during retransmission. Subsequent
segments, when transmitted for the first time, should be no larger
than allowed by the Path MTU.

The Sun Network File System (NFS) uses a Remote Procedure Call (RPC)
protocol [RPC] that, when used over UDP, in many cases will generate
payloads that must be fragmented even for the first-hop link. This
might improve performance in certain cases, but it is known to cause
reliability and performance problems, especially when the client and
server are separated by routers.

It is recommended that NFS implementations use Path MTU Discovery
whenever routers are involved. Most NFS implementations allow the
RPC datagram size to be changed at mount-time (indirectly, by
changing the effective file system block size), but might require
some modification to support changes later on.

Also, since a single NFS operation cannot be split across several UDP
datagrams, certain operations (primarily, those operating on file
names and directories) require a minimum payload size that if sent in
a single packet would exceed the PMTU. NFS implementations should
not reduce the payload size below this threshold, even if Path MTU
Discovery suggests a lower value. In this case the payload will be
fragmented by the IP layer.

5.6. Management interface

It is suggested that an implementation provide a way for a system
utility program to:

- Specify that Path MTU Discovery not be done on a given path.

- Change the PMTU value associated with a given path.

The former can be accomplished by associating a flag with the path;
when a packet is sent on a path with this flag set, the IP layer does
not send packets larger than the IPv6 minimum link MTU.

These features might be used to work around an anomalous situation,
or by a routing protocol implementation that is able to obtain Path
MTU values.

The implementation should also provide a way to change the timeout
period for aging stale PMTU information.

6. Security Considerations

This Path MTU Discovery mechanism makes possible two denial-of-
service attacks, both based on a malicious party sending false Packet
Too Big messages to a node.

In the first attack, the false message indicates a PMTU much smaller
than reality. This should not entirely stop data flow, since the
victim node should never set its PMTU estimate below the IPv6 minimum
link MTU. It will, however, result in suboptimal performance.

In the second attack, the false message indicates a PMTU larger than
reality. If believed, this could cause temporary blockage as the
victim sends packets that will be dropped by some router. Within one
round-trip time, the node would discover its mistake (receiving
Packet Too Big messages from that router), but frequent repetition of
this attack could cause lots of packets to be dropped. A node,
however, should never raise its estimate of the PMTU based on a
Packet Too Big message, so should not be vulnerable to this attack.

A malicious party could also cause problems if it could stop a victim
from receiving legitimate Packet Too Big messages, but in this case
there are simpler denial-of-service attacks available.

Acknowledgements

We would like to acknowledge the authors of and contributors to
[RFC-1191], from which the majority of this document was derived. We
would also like to acknowledge the members of the IPng working group
for their careful review and constructive criticisms.

Appendix A - Comparison to RFC 1191

This document is based in large part on RFC 1191, which describes
Path MTU Discovery for IPv4. Certain portions of RFC 1191 were not
needed in this document:

router specification - Packet Too Big messages and corresponding
router behavior are defined in [ICMPv6]

Don't Fragment bit - there is no DF bit in IPv6 packets

TCP MSS discussion - selecting a value to send in the TCP MSS
option is discussed in [IPv6-SPEC]

old-style messages - all Packet Too Big messages report the
MTU of the constricting link

MTU plateau tables - not needed because there are no old-style
messages

References

[CONG] Van Jacobson. Congestion Avoidance and Control. Proc.
SIGCOMM '88 Symposium on Communications Architectures and
Protocols, pages 314-329. Stanford, CA, August, 1988.

[FRAG] C. Kent and J. Mogul. Fragmentation Considered Harmful.
In Proc. SIGCOMM '87 Workshop on Frontiers in Computer
Communications Technology. August, 1987.

[ICMPv6] Conta, A., and S. Deering, "Internet Control Message
Protocol (ICMPv6) for the Internet Protocol Version 6
(IPv6) Specification", RFC 1885, December 1995.

[IPv6-SPEC] Deering, S., and R. Hinden, "Internet Protocol, Version
6 (IPv6) Specification", RFC 1883, December 1995.

[ISOTP] ISO. ISO Transport Protocol Specification: ISO DP 8073.
RFC 905, SRI Network Information Center, April, 1984.

[ND] Narten, T., Nordmark, E., and W. Simpson, "Neighbor
Discovery for IP Version 6 (IPv6)", Work in Progress.

[RFC-1191] Mogul, J., and S. Deering, "Path MTU Discovery",
RFC 1191, November 1990.

[RPC] Sun Microsystems, Inc., "RPC: Remote Procedure Call
Protocol", RFC 1057, SRI Network Information Center,
June, 1988.

Authors' Addresses

Jack McCann
Digital Equipment Corporation
110 Spitbrook Road, ZKO3-3/U14
Nashua, NH 03062
Phone: +1 603 881 2608

Fax: +1 603 881 0120
Email: mccann@zk3.dec.com

Stephen E. Deering
Xerox Palo Alto Research Center
3333 Coyote Hill Road
Palo Alto, CA 94304
Phone: +1 415 812 4839

Fax: +1 415 812 4471
EMail: deering@parc.xerox.com

Jeffrey Mogul
Digital Equipment Corporation Western Research Laboratory
250 University Avenue
Palo Alto, CA 94301
Phone: +1 415 617 3304

EMail: mogul@pa.dec.com


RFC 1661 – The Point-to-Point Protocol (PPP)

 
Network Working Group                                 W. Simpson, Editor
Request for Comments: 1661 Daydreamer
STD: 51 July 1994
Obsoletes: 1548
Category: Standards Track

The Point-to-Point Protocol (PPP)

Status of this Memo

This document specifies an Internet standards track protocol for the
Internet community, and requests discussion and suggestions for
improvements. Please refer to the current edition of the "Internet
Official Protocol Standards" (STD 1) for the standardization state
and status of this protocol. Distribution of this memo is unlimited.

Abstract

The Point-to-Point Protocol (PPP) provides a standard method for
transporting multi-protocol datagrams over point-to-point links. PPP
is comprised of three main components:

1. A method for encapsulating multi-protocol datagrams.

2. A Link Control Protocol (LCP) for establishing, configuring,
and testing the data-link connection.

3. A family of Network Control Protocols (NCPs) for establishing
and configuring different network-layer protocols.

This document defines the PPP organization and methodology, and the
PPP encapsulation, together with an extensible option negotiation
mechanism which is able to negotiate a rich assortment of
configuration parameters and provides additional management
functions. The PPP Link Control Protocol (LCP) is described in terms
of this mechanism.

Table of Contents

1. Introduction .......................................... 1
1.1 Specification of Requirements ................... 2
1.2 Terminology ..................................... 3

2. PPP Encapsulation ..................................... 4

3. PPP Link Operation .................................... 6
3.1 Overview ........................................ 6
3.2 Phase Diagram ................................... 6
3.3 Link Dead (physical-layer not ready) ............ 7
3.4 Link Establishment Phase ........................ 7
3.5 Authentication Phase ............................ 8
3.6 Network-Layer Protocol Phase .................... 8
3.7 Link Termination Phase .......................... 9

4. The Option Negotiation Automaton ...................... 11
4.1 State Transition Table .......................... 12
4.2 States .......................................... 14
4.3 Events .......................................... 16
4.4 Actions ......................................... 21
4.5 Loop Avoidance .................................. 23
4.6 Counters and Timers ............................. 24

5. LCP Packet Formats .................................... 26
5.1 Configure-Request ............................... 28
5.2 Configure-Ack ................................... 29
5.3 Configure-Nak ................................... 30
5.4 Configure-Reject ................................ 31
5.5 Terminate-Request and Terminate-Ack ............. 33
5.6 Code-Reject ..................................... 34
5.7 Protocol-Reject ................................. 35
5.8 Echo-Request and Echo-Reply ..................... 36
5.9 Discard-Request ................................. 37

6. LCP Configuration Options ............................. 39
6.1 Maximum-Receive-Unit (MRU) ...................... 41
6.2 Authentication-Protocol ......................... 42
6.3 Quality-Protocol ................................ 43
6.4 Magic-Number .................................... 45
6.5 Protocol-Field-Compression (PFC) ................ 48
6.6 Address-and-Control-Field-Compression (ACFC)

SECURITY CONSIDERATIONS ...................................... 51
REFERENCES ................................................... 51
ACKNOWLEDGEMENTS ............................................. 51
CHAIR'S ADDRESS .............................................. 52
EDITOR'S ADDRESS ............................................. 52

1. Introduction

The Point-to-Point Protocol is designed for simple links which
transport packets between two peers. These links provide full-duplex
simultaneous bi-directional operation, and are assumed to deliver
packets in order. It is intended that PPP provide a common solution
for easy connection of a wide variety of hosts, bridges and routers
[1].

Encapsulation

The PPP encapsulation provides for multiplexing of different
network-layer protocols simultaneously over the same link. The
PPP encapsulation has been carefully designed to retain
compatibility with most commonly used supporting hardware.

Only 8 additional octets are necessary to form the encapsulation
when used within the default HDLC-like framing. In environments
where bandwidth is at a premium, the encapsulation and framing may
be shortened to 2 or 4 octets.

To support high speed implementations, the default encapsulation
uses only simple fields, only one of which needs to be examined
for demultiplexing. The default header and information fields
fall on 32-bit boundaries, and the trailer may be padded to an
arbitrary boundary.

Link Control Protocol

In order to be sufficiently versatile to be portable to a wide
variety of environments, PPP provides a Link Control Protocol
(LCP). The LCP is used to automatically agree upon the
encapsulation format options, handle varying limits on sizes of
packets, detect a looped-back link and other common
misconfiguration errors, and terminate the link. Other optional
facilities provided are authentication of the identity of its peer
on the link, and determination when a link is functioning properly
and when it is failing.

Network Control Protocols

Point-to-Point links tend to exacerbate many problems with the
current family of network protocols. For instance, assignment and
management of IP addresses, which is a problem even in LAN
environments, is especially difficult over circuit-switched
point-to-point links (such as dial-up modem servers). These
problems are handled by a family of Network Control Protocols
(NCPs), which each manage the specific needs required by their

respective network-layer protocols. These NCPs are defined in
companion documents.

Configuration

It is intended that PPP links be easy to configure. By design,
the standard defaults handle all common configurations. The
implementor can specify improvements to the default configuration,
which are automatically communicated to the peer without operator
intervention. Finally, the operator may explicitly configure
options for the link which enable the link to operate in
environments where it would otherwise be impossible.

This self-configuration is implemented through an extensible
option negotiation mechanism, wherein each end of the link
describes to the other its capabilities and requirements.
Although the option negotiation mechanism described in this
document is specified in terms of the Link Control Protocol (LCP),
the same facilities are designed to be used by other control
protocols, especially the family of NCPs.

1.1. Specification of Requirements

In this document, several words are used to signify the requirements
of the specification. These words are often capitalized.

MUST This word, or the adjective "required", means that the
definition is an absolute requirement of the specification.

MUST NOT This phrase means that the definition is an absolute
prohibition of the specification.

SHOULD This word, or the adjective "recommended", means that there
may exist valid reasons in particular circumstances to
ignore this item, but the full implications must be
understood and carefully weighed before choosing a
different course.

MAY This word, or the adjective "optional", means that this
item is one of an allowed set of alternatives. An
implementation which does not include this option MUST be
prepared to interoperate with another implementation which
does include the option.

1.2. Terminology

This document frequently uses the following terms:

datagram The unit of transmission in the network layer (such as IP).
A datagram may be encapsulated in one or more packets
passed to the data link layer.

frame The unit of transmission at the data link layer. A frame
may include a header and/or a trailer, along with some
number of units of data.

packet The basic unit of encapsulation, which is passed across the
interface between the network layer and the data link
layer. A packet is usually mapped to a frame; the
exceptions are when data link layer fragmentation is being
performed, or when multiple packets are incorporated into a
single frame.

peer The other end of the point-to-point link.

silently discard
The implementation discards the packet without further
processing. The implementation SHOULD provide the
capability of logging the error, including the contents of
the silently discarded packet, and SHOULD record the event
in a statistics counter.

2. PPP Encapsulation

The PPP encapsulation is used to disambiguate multiprotocol
datagrams. This encapsulation requires framing to indicate the
beginning and end of the encapsulation. Methods of providing framing
are specified in companion documents.

A summary of the PPP encapsulation is shown below. The fields are
transmitted from left to right.

+----------+-------------+---------+
| Protocol | Information | Padding |
| 8/16 bits| * | * |
+----------+-------------+---------+

Protocol Field

The Protocol field is one or two octets, and its value identifies
the datagram encapsulated in the Information field of the packet.
The field is transmitted and received most significant octet
first.

The structure of this field is consistent with the ISO 3309
extension mechanism for address fields. All Protocols MUST be
odd; the least significant bit of the least significant octet MUST
equal "1". Also, all Protocols MUST be assigned such that the
least significant bit of the most significant octet equals "0".
Frames received which don't comply with these rules MUST be
treated as having an unrecognized Protocol.

Protocol field values in the "0***" to "3***" range identify the
network-layer protocol of specific packets, and values in the
"8***" to "b***" range identify packets belonging to the
associated Network Control Protocols (NCPs), if any.

Protocol field values in the "4***" to "7***" range are used for
protocols with low volume traffic which have no associated NCP.
Protocol field values in the "c***" to "f***" range identify
packets as link-layer Control Protocols (such as LCP).

Up-to-date values of the Protocol field are specified in the most
recent "Assigned Numbers" RFC [2]. This specification reserves
the following values:

Value (in hex) Protocol Name

0001 Padding Protocol
0003 to 001f reserved (transparency inefficient)
007d reserved (Control Escape)
00cf reserved (PPP NLPID)
00ff reserved (compression inefficient)

8001 to 801f unused
807d unused
80cf unused
80ff unused

c021 Link Control Protocol
c023 Password Authentication Protocol
c025 Link Quality Report
c223 Challenge Handshake Authentication Protocol

Developers of new protocols MUST obtain a number from the Internet
Assigned Numbers Authority (IANA), at IANA@isi.edu.

Information Field

The Information field is zero or more octets. The Information
field contains the datagram for the protocol specified in the
Protocol field.

The maximum length for the Information field, including Padding,
but not including the Protocol field, is termed the Maximum
Receive Unit (MRU), which defaults to 1500 octets. By
negotiation, consenting PPP implementations may use other values
for the MRU.

Padding

On transmission, the Information field MAY be padded with an
arbitrary number of octets up to the MRU. It is the
responsibility of each protocol to distinguish padding octets from
real information.

3. PPP Link Operation

3.1. Overview

In order to establish communications over a point-to-point link, each
end of the PPP link MUST first send LCP packets to configure and test
the data link. After the link has been established, the peer MAY be
authenticated.

Then, PPP MUST send NCP packets to choose and configure one or more
network-layer protocols. Once each of the chosen network-layer
protocols has been configured, datagrams from each network-layer
protocol can be sent over the link.

The link will remain configured for communications until explicit LCP
or NCP packets close the link down, or until some external event
occurs (an inactivity timer expires or network administrator
intervention).

3.2. Phase Diagram

In the process of configuring, maintaining and terminating the
point-to-point link, the PPP link goes through several distinct
phases which are specified in the following simplified state diagram:

+------+ +-----------+ +--------------+
| | UP | | OPENED | | SUCCESS/NONE
| Dead |------->| Establish |---------->| Authenticate |--+
| | | | | | |
+------+ +-----------+ +--------------+ |
^ | | |
| FAIL | FAIL | |
+<--------------+ +----------+ |
| | |
| +-----------+ | +---------+ |
| DOWN | | | CLOSING | | |
+------------| Terminate |<---+<----------| Network |<-+
| | | |
+-----------+ +---------+

Not all transitions are specified in this diagram. The following
semantics MUST be followed.

3.3. Link Dead (physical-layer not ready)

The link necessarily begins and ends with this phase. When an
external event (such as carrier detection or network administrator
configuration) indicates that the physical-layer is ready to be used,
PPP will proceed to the Link Establishment phase.

During this phase, the LCP automaton (described later) will be in the
Initial or Starting states. The transition to the Link Establishment
phase will signal an Up event to the LCP automaton.

Implementation Note:

Typically, a link will return to this phase automatically after
the disconnection of a modem. In the case of a hard-wired link,
this phase may be extremely short -- merely long enough to detect
the presence of the device.

3.4. Link Establishment Phase

The Link Control Protocol (LCP) is used to establish the connection
through an exchange of Configure packets. This exchange is complete,
and the LCP Opened state entered, once a Configure-Ack packet
(described later) has been both sent and received.

All Configuration Options are assumed to be at default values unless
altered by the configuration exchange. See the chapter on LCP
Configuration Options for further discussion.

It is important to note that only Configuration Options which are
independent of particular network-layer protocols are configured by
LCP. Configuration of individual network-layer protocols is handled
by separate Network Control Protocols (NCPs) during the Network-Layer
Protocol phase.

Any non-LCP packets received during this phase MUST be silently
discarded.

The receipt of the LCP Configure-Request causes a return to the Link
Establishment phase from the Network-Layer Protocol phase or
Authentication phase.

3.5. Authentication Phase

On some links it may be desirable to require a peer to authenticate
itself before allowing network-layer protocol packets to be
exchanged.

By default, authentication is not mandatory. If an implementation
desires that the peer authenticate with some specific authentication
protocol, then it MUST request the use of that authentication
protocol during Link Establishment phase.

Authentication SHOULD take place as soon as possible after link
establishment. However, link quality determination MAY occur
concurrently. An implementation MUST NOT allow the exchange of link
quality determination packets to delay authentication indefinitely.

Advancement from the Authentication phase to the Network-Layer
Protocol phase MUST NOT occur until authentication has completed. If
authentication fails, the authenticator SHOULD proceed instead to the
Link Termination phase.

Only Link Control Protocol, authentication protocol, and link quality
monitoring packets are allowed during this phase. All other packets
received during this phase MUST be silently discarded.

Implementation Notes:

An implementation SHOULD NOT fail authentication simply due to
timeout or lack of response. The authentication SHOULD allow some
method of retransmission, and proceed to the Link Termination
phase only after a number of authentication attempts has been
exceeded.

The implementation responsible for commencing Link Termination
phase is the implementation which has refused authentication to
its peer.

3.6. Network-Layer Protocol Phase

Once PPP has finished the previous phases, each network-layer
protocol (such as IP, IPX, or AppleTalk) MUST be separately
configured by the appropriate Network Control Protocol (NCP).

Each NCP MAY be Opened and Closed at any time.

Implementation Note:

Because an implementation may initially use a significant amount
of time for link quality determination, implementations SHOULD
avoid fixed timeouts when waiting for their peers to configure a
NCP.

After a NCP has reached the Opened state, PPP will carry the
corresponding network-layer protocol packets. Any supported
network-layer protocol packets received when the corresponding NCP is
not in the Opened state MUST be silently discarded.

Implementation Note:

While LCP is in the Opened state, any protocol packet which is
unsupported by the implementation MUST be returned in a Protocol-
Reject (described later). Only protocols which are supported are
silently discarded.

During this phase, link traffic consists of any possible combination
of LCP, NCP, and network-layer protocol packets.

3.7. Link Termination Phase

PPP can terminate the link at any time. This might happen because of
the loss of carrier, authentication failure, link quality failure,
the expiration of an idle-period timer, or the administrative closing
of the link.

LCP is used to close the link through an exchange of Terminate
packets. When the link is closing, PPP informs the network-layer
protocols so that they may take appropriate action.

After the exchange of Terminate packets, the implementation SHOULD
signal the physical-layer to disconnect in order to enforce the
termination of the link, particularly in the case of an
authentication failure. The sender of the Terminate-Request SHOULD
disconnect after receiving a Terminate-Ack, or after the Restart
counter expires. The receiver of a Terminate-Request SHOULD wait for
the peer to disconnect, and MUST NOT disconnect until at least one
Restart time has passed after sending a Terminate-Ack. PPP SHOULD
proceed to the Link Dead phase.

Any non-LCP packets received during this phase MUST be silently
discarded.

Implementation Note:

The closing of the link by LCP is sufficient. There is no need
for each NCP to send a flurry of Terminate packets. Conversely,
the fact that one NCP has Closed is not sufficient reason to cause
the termination of the PPP link, even if that NCP was the only NCP
currently in the Opened state.

4. The Option Negotiation Automaton

The finite-state automaton is defined by events, actions and state
transitions. Events include reception of external commands such as
Open and Close, expiration of the Restart timer, and reception of
packets from a peer. Actions include the starting of the Restart
timer and transmission of packets to the peer.

Some types of packets -- Configure-Naks and Configure-Rejects, or
Code-Rejects and Protocol-Rejects, or Echo-Requests, Echo-Replies and
Discard-Requests -- are not differentiated in the automaton
descriptions. As will be described later, these packets do indeed
serve different functions. However, they always cause the same
transitions.

Events Actions

Up = lower layer is Up tlu = This-Layer-Up
Down = lower layer is Down tld = This-Layer-Down
Open = administrative Open tls = This-Layer-Started
Close= administrative Close tlf = This-Layer-Finished

TO+ = Timeout with counter > 0 irc = Initialize-Restart-Count
TO- = Timeout with counter expired zrc = Zero-Restart-Count

RCR+ = Receive-Configure-Request (Good) scr = Send-Configure-Request
RCR- = Receive-Configure-Request (Bad)
RCA = Receive-Configure-Ack sca = Send-Configure-Ack
RCN = Receive-Configure-Nak/Rej scn = Send-Configure-Nak/Rej

RTR = Receive-Terminate-Request str = Send-Terminate-Request
RTA = Receive-Terminate-Ack sta = Send-Terminate-Ack

RUC = Receive-Unknown-Code scj = Send-Code-Reject
RXJ+ = Receive-Code-Reject (permitted)
or Receive-Protocol-Reject
RXJ- = Receive-Code-Reject (catastrophic)
or Receive-Protocol-Reject
RXR = Receive-Echo-Request ser = Send-Echo-Reply
or Receive-Echo-Reply
or Receive-Discard-Request

4.1. State Transition Table

The complete state transition table follows. States are indicated
horizontally, and events are read vertically. State transitions and
actions are represented in the form action/new-state. Multiple
actions are separated by commas, and may continue on succeeding lines
as space requires; multiple actions may be implemented in any
convenient order. The state may be followed by a letter, which
indicates an explanatory footnote. The dash ('-') indicates an
illegal transition.

| State
| 0 1 2 3 4 5
Events| Initial Starting Closed Stopped Closing Stopping
------+-----------------------------------------------------------
Up | 2 irc,scr/6 - - - -
Down | - - 0 tls/1 0 1
Open | tls/1 1 irc,scr/6 3r 5r 5r
Close| 0 tlf/0 2 2 4 4
|
TO+ | - - - - str/4 str/5
TO- | - - - - tlf/2 tlf/3
|
RCR+ | - - sta/2 irc,scr,sca/8 4 5
RCR- | - - sta/2 irc,scr,scn/6 4 5
RCA | - - sta/2 sta/3 4 5
RCN | - - sta/2 sta/3 4 5
|
RTR | - - sta/2 sta/3 sta/4 sta/5
RTA | - - 2 3 tlf/2 tlf/3
|
RUC | - - scj/2 scj/3 scj/4 scj/5
RXJ+ | - - 2 3 4 5
RXJ- | - - tlf/2 tlf/3 tlf/2 tlf/3
|
RXR | - - 2 3 4 5

| State
| 6 7 8 9
Events| Req-Sent Ack-Rcvd Ack-Sent Opened
------+-----------------------------------------
Up | - - - -
Down | 1 1 1 tld/1
Open | 6 7 8 9r
Close|irc,str/4 irc,str/4 irc,str/4 tld,irc,str/4
|
TO+ | scr/6 scr/6 scr/8 -
TO- | tlf/3p tlf/3p tlf/3p -
|
RCR+ | sca/8 sca,tlu/9 sca/8 tld,scr,sca/8
RCR- | scn/6 scn/7 scn/6 tld,scr,scn/6
RCA | irc/7 scr/6x irc,tlu/9 tld,scr/6x
RCN |irc,scr/6 scr/6x irc,scr/8 tld,scr/6x
|
RTR | sta/6 sta/6 sta/6 tld,zrc,sta/5
RTA | 6 6 8 tld,scr/6
|
RUC | scj/6 scj/7 scj/8 scj/9
RXJ+ | 6 6 8 9
RXJ- | tlf/3 tlf/3 tlf/3 tld,irc,str/5
|
RXR | 6 7 8 ser/9

The states in which the Restart timer is running are identifiable by
the presence of TO events. Only the Send-Configure-Request, Send-
Terminate-Request and Zero-Restart-Count actions start or re-start
the Restart timer. The Restart timer is stopped when transitioning
from any state where the timer is running to a state where the timer
is not running.

The events and actions are defined according to a message passing
architecture, rather than a signalling architecture. If an action is
desired to control specific signals (such as DTR), additional actions
are likely to be required.

[p] Passive option; see Stopped state discussion.

[r] Restart option; see Open event discussion.

[x] Crossed connection; see RCA event discussion.

4.2. States

Following is a more detailed description of each automaton state.

Initial

In the Initial state, the lower layer is unavailable (Down), and
no Open has occurred. The Restart timer is not running in the
Initial state.

Starting

The Starting state is the Open counterpart to the Initial state.
An administrative Open has been initiated, but the lower layer is
still unavailable (Down). The Restart timer is not running in the
Starting state.

When the lower layer becomes available (Up), a Configure-Request
is sent.

Closed

In the Closed state, the link is available (Up), but no Open has
occurred. The Restart timer is not running in the Closed state.

Upon reception of Configure-Request packets, a Terminate-Ack is
sent. Terminate-Acks are silently discarded to avoid creating a
loop.

Stopped

The Stopped state is the Open counterpart to the Closed state. It
is entered when the automaton is waiting for a Down event after
the This-Layer-Finished action, or after sending a Terminate-Ack.
The Restart timer is not running in the Stopped state.

Upon reception of Configure-Request packets, an appropriate
response is sent. Upon reception of other packets, a Terminate-
Ack is sent. Terminate-Acks are silently discarded to avoid
creating a loop.

Rationale:

The Stopped state is a junction state for link termination,
link configuration failure, and other automaton failure modes.
These potentially separate states have been combined.

There is a race condition between the Down event response (from

the This-Layer-Finished action) and the Receive-Configure-
Request event. When a Configure-Request arrives before the
Down event, the Down event will supercede by returning the
automaton to the Starting state. This prevents attack by
repetition.

Implementation Option:

After the peer fails to respond to Configure-Requests, an
implementation MAY wait passively for the peer to send
Configure-Requests. In this case, the This-Layer-Finished
action is not used for the TO- event in states Req-Sent, Ack-
Rcvd and Ack-Sent.

This option is useful for dedicated circuits, or circuits which
have no status signals available, but SHOULD NOT be used for
switched circuits.

Closing

In the Closing state, an attempt is made to terminate the
connection. A Terminate-Request has been sent and the Restart
timer is running, but a Terminate-Ack has not yet been received.

Upon reception of a Terminate-Ack, the Closed state is entered.
Upon the expiration of the Restart timer, a new Terminate-Request
is transmitted, and the Restart timer is restarted. After the
Restart timer has expired Max-Terminate times, the Closed state is
entered.

Stopping

The Stopping state is the Open counterpart to the Closing state.
A Terminate-Request has been sent and the Restart timer is
running, but a Terminate-Ack has not yet been received.

Rationale:

The Stopping state provides a well defined opportunity to
terminate a link before allowing new traffic. After the link
has terminated, a new configuration may occur via the Stopped
or Starting states.

Request-Sent

In the Request-Sent state an attempt is made to configure the
connection. A Configure-Request has been sent and the Restart
timer is running, but a Configure-Ack has not yet been received

nor has one been sent.

Ack-Received

In the Ack-Received state, a Configure-Request has been sent and a
Configure-Ack has been received. The Restart timer is still
running, since a Configure-Ack has not yet been sent.

Ack-Sent

In the Ack-Sent state, a Configure-Request and a Configure-Ack
have both been sent, but a Configure-Ack has not yet been
received. The Restart timer is running, since a Configure-Ack has
not yet been received.

Opened

In the Opened state, a Configure-Ack has been both sent and
received. The Restart timer is not running.

When entering the Opened state, the implementation SHOULD signal
the upper layers that it is now Up. Conversely, when leaving the
Opened state, the implementation SHOULD signal the upper layers
that it is now Down.

4.3. Events

Transitions and actions in the automaton are caused by events.

Up

This event occurs when a lower layer indicates that it is ready to
carry packets.

Typically, this event is used by a modem handling or calling
process, or by some other coupling of the PPP link to the physical
media, to signal LCP that the link is entering Link Establishment
phase.

It also can be used by LCP to signal each NCP that the link is
entering Network-Layer Protocol phase. That is, the This-Layer-Up
action from LCP triggers the Up event in the NCP.

Down

This event occurs when a lower layer indicates that it is no

longer ready to carry packets.

Typically, this event is used by a modem handling or calling
process, or by some other coupling of the PPP link to the physical
media, to signal LCP that the link is entering Link Dead phase.

It also can be used by LCP to signal each NCP that the link is
leaving Network-Layer Protocol phase. That is, the This-Layer-
Down action from LCP triggers the Down event in the NCP.

Open

This event indicates that the link is administratively available
for traffic; that is, the network administrator (human or program)
has indicated that the link is allowed to be Opened. When this
event occurs, and the link is not in the Opened state, the
automaton attempts to send configuration packets to the peer.

If the automaton is not able to begin configuration (the lower
layer is Down, or a previous Close event has not completed), the
establishment of the link is automatically delayed.

When a Terminate-Request is received, or other events occur which
cause the link to become unavailable, the automaton will progress
to a state where the link is ready to re-open. No additional
administrative intervention is necessary.

Implementation Option:

Experience has shown that users will execute an additional Open
command when they want to renegotiate the link. This might
indicate that new values are to be negotiated.

Since this is not the meaning of the Open event, it is
suggested that when an Open user command is executed in the
Opened, Closing, Stopping, or Stopped states, the
implementation issue a Down event, immediately followed by an
Up event. Care must be taken that an intervening Down event
cannot occur from another source.

The Down followed by an Up will cause an orderly renegotiation
of the link, by progressing through the Starting to the
Request-Sent state. This will cause the renegotiation of the
link, without any harmful side effects.

Close

This event indicates that the link is not available for traffic;

that is, the network administrator (human or program) has
indicated that the link is not allowed to be Opened. When this
event occurs, and the link is not in the Closed state, the
automaton attempts to terminate the connection. Futher attempts
to re-configure the link are denied until a new Open event occurs.

Implementation Note:

When authentication fails, the link SHOULD be terminated, to
prevent attack by repetition and denial of service to other
users. Since the link is administratively available (by
definition), this can be accomplished by simulating a Close
event to the LCP, immediately followed by an Open event. Care
must be taken that an intervening Close event cannot occur from
another source.

The Close followed by an Open will cause an orderly termination
of the link, by progressing through the Closing to the Stopping
state, and the This-Layer-Finished action can disconnect the
link. The automaton waits in the Stopped or Starting states
for the next connection attempt.

Timeout (TO+,TO-)

This event indicates the expiration of the Restart timer. The
Restart timer is used to time responses to Configure-Request and
Terminate-Request packets.

The TO+ event indicates that the Restart counter continues to be
greater than zero, which triggers the corresponding Configure-
Request or Terminate-Request packet to be retransmitted.

The TO- event indicates that the Restart counter is not greater
than zero, and no more packets need to be retransmitted.

Receive-Configure-Request (RCR+,RCR-)

This event occurs when a Configure-Request packet is received from
the peer. The Configure-Request packet indicates the desire to
open a connection and may specify Configuration Options. The
Configure-Request packet is more fully described in a later
section.

The RCR+ event indicates that the Configure-Request was
acceptable, and triggers the transmission of a corresponding
Configure-Ack.

The RCR- event indicates that the Configure-Request was

unacceptable, and triggers the transmission of a corresponding
Configure-Nak or Configure-Reject.

Implementation Note:

These events may occur on a connection which is already in the
Opened state. The implementation MUST be prepared to
immediately renegotiate the Configuration Options.

Receive-Configure-Ack (RCA)

This event occurs when a valid Configure-Ack packet is received
from the peer. The Configure-Ack packet is a positive response to
a Configure-Request packet. An out of sequence or otherwise
invalid packet is silently discarded.

Implementation Note:

Since the correct packet has already been received before
reaching the Ack-Rcvd or Opened states, it is extremely
unlikely that another such packet will arrive. As specified,
all invalid Ack/Nak/Rej packets are silently discarded, and do
not affect the transitions of the automaton.

However, it is not impossible that a correctly formed packet
will arrive through a coincidentally-timed cross-connection.
It is more likely to be the result of an implementation error.
At the very least, this occurance SHOULD be logged.

Receive-Configure-Nak/Rej (RCN)

This event occurs when a valid Configure-Nak or Configure-Reject
packet is received from the peer. The Configure-Nak and
Configure-Reject packets are negative responses to a Configure-
Request packet. An out of sequence or otherwise invalid packet is
silently discarded.

Implementation Note:

Although the Configure-Nak and Configure-Reject cause the same
state transition in the automaton, these packets have
significantly different effects on the Configuration Options
sent in the resulting Configure-Request packet.

Receive-Terminate-Request (RTR)

This event occurs when a Terminate-Request packet is received.
The Terminate-Request packet indicates the desire of the peer to

close the connection.

Implementation Note:

This event is not identical to the Close event (see above), and
does not override the Open commands of the local network
administrator. The implementation MUST be prepared to receive
a new Configure-Request without network administrator
intervention.

Receive-Terminate-Ack (RTA)

This event occurs when a Terminate-Ack packet is received from the
peer. The Terminate-Ack packet is usually a response to a
Terminate-Request packet. The Terminate-Ack packet may also
indicate that the peer is in Closed or Stopped states, and serves
to re-synchronize the link configuration.

Receive-Unknown-Code (RUC)

This event occurs when an un-interpretable packet is received from
the peer. A Code-Reject packet is sent in response.

Receive-Code-Reject, Receive-Protocol-Reject (RXJ+,RXJ-)

This event occurs when a Code-Reject or a Protocol-Reject packet
is received from the peer.

The RXJ+ event arises when the rejected value is acceptable, such
as a Code-Reject of an extended code, or a Protocol-Reject of a
NCP. These are within the scope of normal operation. The
implementation MUST stop sending the offending packet type.

The RXJ- event arises when the rejected value is catastrophic,
such as a Code-Reject of Configure-Request, or a Protocol-Reject
of LCP! This event communicates an unrecoverable error that
terminates the connection.

Receive-Echo-Request, Receive-Echo-Reply, Receive-Discard-Request
(RXR)

This event occurs when an Echo-Request, Echo-Reply or Discard-
Request packet is received from the peer. The Echo-Reply packet
is a response to an Echo-Request packet. There is no reply to an
Echo-Reply or Discard-Request packet.

4.4. Actions

Actions in the automaton are caused by events and typically indicate
the transmission of packets and/or the starting or stopping of the
Restart timer.

Illegal-Event (-)

This indicates an event that cannot occur in a properly
implemented automaton. The implementation has an internal error,
which should be reported and logged. No transition is taken, and
the implementation SHOULD NOT reset or freeze.

This-Layer-Up (tlu)

This action indicates to the upper layers that the automaton is
entering the Opened state.

Typically, this action is used by the LCP to signal the Up event
to a NCP, Authentication Protocol, or Link Quality Protocol, or
MAY be used by a NCP to indicate that the link is available for
its network layer traffic.

This-Layer-Down (tld)

This action indicates to the upper layers that the automaton is
leaving the Opened state.

Typically, this action is used by the LCP to signal the Down event
to a NCP, Authentication Protocol, or Link Quality Protocol, or
MAY be used by a NCP to indicate that the link is no longer
available for its network layer traffic.

This-Layer-Started (tls)

This action indicates to the lower layers that the automaton is
entering the Starting state, and the lower layer is needed for the
link. The lower layer SHOULD respond with an Up event when the
lower layer is available.

This results of this action are highly implementation dependent.

This-Layer-Finished (tlf)

This action indicates to the lower layers that the automaton is
entering the Initial, Closed or Stopped states, and the lower
layer is no longer needed for the link. The lower layer SHOULD
respond with a Down event when the lower layer has terminated.

Typically, this action MAY be used by the LCP to advance to the
Link Dead phase, or MAY be used by a NCP to indicate to the LCP
that the link may terminate when there are no other NCPs open.

This results of this action are highly implementation dependent.

Initialize-Restart-Count (irc)

This action sets the Restart counter to the appropriate value
(Max-Terminate or Max-Configure). The counter is decremented for
each transmission, including the first.

Implementation Note:

In addition to setting the Restart counter, the implementation
MUST set the timeout period to the initial value when Restart
timer backoff is used.

Zero-Restart-Count (zrc)

This action sets the Restart counter to zero.

Implementation Note:

This action enables the FSA to pause before proceeding to the
desired final state, allowing traffic to be processed by the
peer. In addition to zeroing the Restart counter, the
implementation MUST set the timeout period to an appropriate
value.

Send-Configure-Request (scr)

A Configure-Request packet is transmitted. This indicates the
desire to open a connection with a specified set of Configuration
Options. The Restart timer is started when the Configure-Request
packet is transmitted, to guard against packet loss. The Restart
counter is decremented each time a Configure-Request is sent.

Send-Configure-Ack (sca)

A Configure-Ack packet is transmitted. This acknowledges the
reception of a Configure-Request packet with an acceptable set of
Configuration Options.

Send-Configure-Nak (scn)

A Configure-Nak or Configure-Reject packet is transmitted, as
appropriate. This negative response reports the reception of a

Configure-Request packet with an unacceptable set of Configuration
Options.

Configure-Nak packets are used to refuse a Configuration Option
value, and to suggest a new, acceptable value. Configure-Reject
packets are used to refuse all negotiation about a Configuration
Option, typically because it is not recognized or implemented.
The use of Configure-Nak versus Configure-Reject is more fully
described in the chapter on LCP Packet Formats.

Send-Terminate-Request (str)

A Terminate-Request packet is transmitted. This indicates the
desire to close a connection. The Restart timer is started when
the Terminate-Request packet is transmitted, to guard against
packet loss. The Restart counter is decremented each time a
Terminate-Request is sent.

Send-Terminate-Ack (sta)

A Terminate-Ack packet is transmitted. This acknowledges the
reception of a Terminate-Request packet or otherwise serves to
synchronize the automatons.

Send-Code-Reject (scj)

A Code-Reject packet is transmitted. This indicates the reception
of an unknown type of packet.

Send-Echo-Reply (ser)

An Echo-Reply packet is transmitted. This acknowledges the
reception of an Echo-Request packet.

4.5. Loop Avoidance

The protocol makes a reasonable attempt at avoiding Configuration
Option negotiation loops. However, the protocol does NOT guarantee
that loops will not happen. As with any negotiation, it is possible
to configure two PPP implementations with conflicting policies that
will never converge. It is also possible to configure policies which
do converge, but which take significant time to do so. Implementors
should keep this in mind and SHOULD implement loop detection
mechanisms or higher level timeouts.

4.6. Counters and Timers

Restart Timer

There is one special timer used by the automaton. The Restart
timer is used to time transmissions of Configure-Request and
Terminate-Request packets. Expiration of the Restart timer causes
a Timeout event, and retransmission of the corresponding
Configure-Request or Terminate-Request packet. The Restart timer
MUST be configurable, but SHOULD default to three (3) seconds.

Implementation Note:

The Restart timer SHOULD be based on the speed of the link.
The default value is designed for low speed (2,400 to 9,600
bps), high switching latency links (typical telephone lines).
Higher speed links, or links with low switching latency, SHOULD
have correspondingly faster retransmission times.

Instead of a constant value, the Restart timer MAY begin at an
initial small value and increase to the configured final value.
Each successive value less than the final value SHOULD be at
least twice the previous value. The initial value SHOULD be
large enough to account for the size of the packets, twice the
round trip time for transmission at the link speed, and at
least an additional 100 milliseconds to allow the peer to
process the packets before responding. Some circuits add
another 200 milliseconds of satellite delay. Round trip times
for modems operating at 14,400 bps have been measured in the
range of 160 to more than 600 milliseconds.

Max-Terminate

There is one required restart counter for Terminate-Requests.
Max-Terminate indicates the number of Terminate-Request packets
sent without receiving a Terminate-Ack before assuming that the
peer is unable to respond. Max-Terminate MUST be configurable,
but SHOULD default to two (2) transmissions.

Max-Configure

A similar counter is recommended for Configure-Requests. Max-
Configure indicates the number of Configure-Request packets sent
without receiving a valid Configure-Ack, Configure-Nak or
Configure-Reject before assuming that the peer is unable to
respond. Max-Configure MUST be configurable, but SHOULD default
to ten (10) transmissions.

Max-Failure

A related counter is recommended for Configure-Nak. Max-Failure
indicates the number of Configure-Nak packets sent without sending
a Configure-Ack before assuming that configuration is not
converging. Any further Configure-Nak packets for peer requested
options are converted to Configure-Reject packets, and locally
desired options are no longer appended. Max-Failure MUST be
configurable, but SHOULD default to five (5) transmissions.

5. LCP Packet Formats

There are three classes of LCP packets:

1. Link Configuration packets used to establish and configure a
link (Configure-Request, Configure-Ack, Configure-Nak and
Configure-Reject).

2. Link Termination packets used to terminate a link (Terminate-
Request and Terminate-Ack).

3. Link Maintenance packets used to manage and debug a link
(Code-Reject, Protocol-Reject, Echo-Request, Echo-Reply, and
Discard-Request).

In the interest of simplicity, there is no version field in the LCP
packet. A correctly functioning LCP implementation will always
respond to unknown Protocols and Codes with an easily recognizable
LCP packet, thus providing a deterministic fallback mechanism for
implementations of other versions.

Regardless of which Configuration Options are enabled, all LCP Link
Configuration, Link Termination, and Code-Reject packets (codes 1
through 7) are always sent as if no Configuration Options were
negotiated. In particular, each Configuration Option specifies a
default value. This ensures that such LCP packets are always
recognizable, even when one end of the link mistakenly believes the
link to be open.

Exactly one LCP packet is encapsulated in the PPP Information field,
where the PPP Protocol field indicates type hex c021 (Link Control
Protocol).

A summary of the Link Control Protocol packet format is shown below.
The fields are transmitted from left to right.

0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Code | Identifier | Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Data ...
+-+-+-+-+

Code

The Code field is one octet, and identifies the kind of LCP

packet. When a packet is received with an unknown Code field, a
Code-Reject packet is transmitted.

Up-to-date values of the LCP Code field are specified in the most
recent "Assigned Numbers" RFC [2]. This document concerns the
following values:

1 Configure-Request
2 Configure-Ack
3 Configure-Nak
4 Configure-Reject
5 Terminate-Request
6 Terminate-Ack
7 Code-Reject
8 Protocol-Reject
9 Echo-Request
10 Echo-Reply
11 Discard-Request

Identifier

The Identifier field is one octet, and aids in matching requests
and replies. When a packet is received with an invalid Identifier
field, the packet is silently discarded without affecting the
automaton.

Length

The Length field is two octets, and indicates the length of the
LCP packet, including the Code, Identifier, Length and Data
fields. The Length MUST NOT exceed the MRU of the link.

Octets outside the range of the Length field are treated as
padding and are ignored on reception. When a packet is received
with an invalid Length field, the packet is silently discarded
without affecting the automaton.

Data

The Data field is zero or more octets, as indicated by the Length
field. The format of the Data field is determined by the Code
field.

5.1. Configure-Request

Description

An implementation wishing to open a connection MUST transmit a
Configure-Request. The Options field is filled with any desired
changes to the link defaults. Configuration Options SHOULD NOT be
included with default values.

Upon reception of a Configure-Request, an appropriate reply MUST
be transmitted.

A summary of the Configure-Request packet format is shown below. The
fields are transmitted from left to right.

0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Code | Identifier | Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Options ...
+-+-+-+-+

Code

1 for Configure-Request.

Identifier

The Identifier field MUST be changed whenever the contents of the
Options field changes, and whenever a valid reply has been
received for a previous request. For retransmissions, the
Identifier MAY remain unchanged.

Options

The options field is variable in length, and contains the list of
zero or more Configuration Options that the sender desires to
negotiate. All Configuration Options are always negotiated
simultaneously. The format of Configuration Options is further
described in a later chapter.

5.2. Configure-Ack

Description

If every Configuration Option received in a Configure-Request is
recognizable and all values are acceptable, then the
implementation MUST transmit a Configure-Ack. The acknowledged
Configuration Options MUST NOT be reordered or modified in any
way.

On reception of a Configure-Ack, the Identifier field MUST match
that of the last transmitted Configure-Request. Additionally, the
Configuration Options in a Configure-Ack MUST exactly match those
of the last transmitted Configure-Request. Invalid packets are
silently discarded.

A summary of the Configure-Ack packet format is shown below. The
fields are transmitted from left to right.

0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Code | Identifier | Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Options ...
+-+-+-+-+

Code

2 for Configure-Ack.

Identifier

The Identifier field is a copy of the Identifier field of the
Configure-Request which caused this Configure-Ack.

Options

The Options field is variable in length, and contains the list of
zero or more Configuration Options that the sender is
acknowledging. All Configuration Options are always acknowledged
simultaneously.

5.3. Configure-Nak

Description

If every instance of the received Configuration Options is
recognizable, but some values are not acceptable, then the
implementation MUST transmit a Configure-Nak. The Options field
is filled with only the unacceptable Configuration Options from
the Configure-Request. All acceptable Configuration Options are
filtered out of the Configure-Nak, but otherwise the Configuration
Options from the Configure-Request MUST NOT be reordered.

Options which have no value fields (boolean options) MUST use the
Configure-Reject reply instead.

Each Configuration Option which is allowed only a single instance
MUST be modified to a value acceptable to the Configure-Nak
sender. The default value MAY be used, when this differs from the
requested value.

When a particular type of Configuration Option can be listed more
than once with different values, the Configure-Nak MUST include a
list of all values for that option which are acceptable to the
Configure-Nak sender. This includes acceptable values that were
present in the Configure-Request.

Finally, an implementation may be configured to request the
negotiation of a specific Configuration Option. If that option is
not listed, then that option MAY be appended to the list of Nak'd
Configuration Options, in order to prompt the peer to include that
option in its next Configure-Request packet. Any value fields for
the option MUST indicate values acceptable to the Configure-Nak
sender.

On reception of a Configure-Nak, the Identifier field MUST match
that of the last transmitted Configure-Request. Invalid packets
are silently discarded.

Reception of a valid Configure-Nak indicates that when a new
Configure-Request is sent, the Configuration Options MAY be
modified as specified in the Configure-Nak. When multiple
instances of a Configuration Option are present, the peer SHOULD
select a single value to include in its next Configure-Request
packet.

Some Configuration Options have a variable length. Since the
Nak'd Option has been modified by the peer, the implementation
MUST be able to handle an Option length which is different from

the original Configure-Request.

A summary of the Configure-Nak packet format is shown below. The
fields are transmitted from left to right.

0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Code | Identifier | Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Options ...
+-+-+-+-+

Code

3 for Configure-Nak.

Identifier

The Identifier field is a copy of the Identifier field of the
Configure-Request which caused this Configure-Nak.

Options

The Options field is variable in length, and contains the list of
zero or more Configuration Options that the sender is Nak'ing.
All Configuration Options are always Nak'd simultaneously.

5.4. Configure-Reject

Description

If some Configuration Options received in a Configure-Request are
not recognizable or are not acceptable for negotiation (as
configured by a network administrator), then the implementation
MUST transmit a Configure-Reject. The Options field is filled
with only the unacceptable Configuration Options from the
Configure-Request. All recognizable and negotiable Configuration
Options are filtered out of the Configure-Reject, but otherwise
the Configuration Options MUST NOT be reordered or modified in any
way.

On reception of a Configure-Reject, the Identifier field MUST
match that of the last transmitted Configure-Request.
Additionally, the Configuration Options in a Configure-Reject MUST

be a proper subset of those in the last transmitted Configure-
Request. Invalid packets are silently discarded.

Reception of a valid Configure-Reject indicates that when a new
Configure-Request is sent, it MUST NOT include any of the
Configuration Options listed in the Configure-Reject.

A summary of the Configure-Reject packet format is shown below. The
fields are transmitted from left to right.

0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Code | Identifier | Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Options ...
+-+-+-+-+

Code

4 for Configure-Reject.

Identifier

The Identifier field is a copy of the Identifier field of the
Configure-Request which caused this Configure-Reject.

Options

The Options field is variable in length, and contains the list of
zero or more Configuration Options that the sender is rejecting.
All Configuration Options are always rejected simultaneously.

5.5. Terminate-Request and Terminate-Ack

Description

LCP includes Terminate-Request and Terminate-Ack Codes in order to
provide a mechanism for closing a connection.

An implementation wishing to close a connection SHOULD transmit a
Terminate-Request. Terminate-Request packets SHOULD continue to
be sent until Terminate-Ack is received, the lower layer indicates
that it has gone down, or a sufficiently large number have been
transmitted such that the peer is down with reasonable certainty.

Upon reception of a Terminate-Request, a Terminate-Ack MUST be
transmitted.

Reception of an unelicited Terminate-Ack indicates that the peer
is in the Closed or Stopped states, or is otherwise in need of
re-negotiation.

A summary of the Terminate-Request and Terminate-Ack packet formats
is shown below. The fields are transmitted from left to right.

0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Code | Identifier | Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Data ...
+-+-+-+-+

Code

5 for Terminate-Request;

6 for Terminate-Ack.

Identifier

On transmission, the Identifier field MUST be changed whenever the
content of the Data field changes, and whenever a valid reply has
been received for a previous request. For retransmissions, the
Identifier MAY remain unchanged.

On reception, the Identifier field of the Terminate-Request is
copied into the Identifier field of the Terminate-Ack packet.

Data

The Data field is zero or more octets, and contains uninterpreted
data for use by the sender. The data may consist of any binary
value. The end of the field is indicated by the Length.

5.6. Code-Reject

Description

Reception of a LCP packet with an unknown Code indicates that the
peer is operating with a different version. This MUST be reported
back to the sender of the unknown Code by transmitting a Code-
Reject.

Upon reception of the Code-Reject of a code which is fundamental
to this version of the protocol, the implementation SHOULD report
the problem and drop the connection, since it is unlikely that the
situation can be rectified automatically.

A summary of the Code-Reject packet format is shown below. The
fields are transmitted from left to right.

0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Code | Identifier | Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Rejected-Packet ...
+-+-+-+-+-+-+-+-+

Code

7 for Code-Reject.

Identifier

The Identifier field MUST be changed for each Code-Reject sent.

Rejected-Packet

The Rejected-Packet field contains a copy of the LCP packet which
is being rejected. It begins with the Information field, and does
not include any Data Link Layer headers nor an FCS. The
Rejected-Packet MUST be truncated to comply with the peer's

established MRU.

5.7. Protocol-Reject

Description

Reception of a PPP packet with an unknown Protocol field indicates
that the peer is attempting to use a protocol which is
unsupported. This usually occurs when the peer attempts to
configure a new protocol. If the LCP automaton is in the Opened
state, then this MUST be reported back to the peer by transmitting
a Protocol-Reject.

Upon reception of a Protocol-Reject, the implementation MUST stop
sending packets of the indicated protocol at the earliest
opportunity.

Protocol-Reject packets can only be sent in the LCP Opened state.
Protocol-Reject packets received in any state other than the LCP
Opened state SHOULD be silently discarded.

A summary of the Protocol-Reject packet format is shown below. The
fields are transmitted from left to right.

0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Code | Identifier | Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Rejected-Protocol | Rejected-Information ...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

Code

8 for Protocol-Reject.

Identifier

The Identifier field MUST be changed for each Protocol-Reject
sent.

Rejected-Protocol

The Rejected-Protocol field is two octets, and contains the PPP
Protocol field of the packet which is being rejected.

Rejected-Information

The Rejected-Information field contains a copy of the packet which
is being rejected. It begins with the Information field, and does
not include any Data Link Layer headers nor an FCS. The
Rejected-Information MUST be truncated to comply with the peer's
established MRU.

5.8. Echo-Request and Echo-Reply

Description

LCP includes Echo-Request and Echo-Reply Codes in order to provide
a Data Link Layer loopback mechanism for use in exercising both
directions of the link. This is useful as an aid in debugging,
link quality determination, performance testing, and for numerous
other functions.

Upon reception of an Echo-Request in the LCP Opened state, an
Echo-Reply MUST be transmitted.

Echo-Request and Echo-Reply packets MUST only be sent in the LCP
Opened state. Echo-Request and Echo-Reply packets received in any
state other than the LCP Opened state SHOULD be silently
discarded.

A summary of the Echo-Request and Echo-Reply packet formats is shown
below. The fields are transmitted from left to right.

0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Code | Identifier | Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Magic-Number |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Data ...
+-+-+-+-+

Code

9 for Echo-Request;

10 for Echo-Reply.

Identifier

On transmission, the Identifier field MUST be changed whenever the
content of the Data field changes, and whenever a valid reply has
been received for a previous request. For retransmissions, the
Identifier MAY remain unchanged.

On reception, the Identifier field of the Echo-Request is copied
into the Identifier field of the Echo-Reply packet.

Magic-Number

The Magic-Number field is four octets, and aids in detecting links
which are in the looped-back condition. Until the Magic-Number
Configuration Option has been successfully negotiated, the Magic-
Number MUST be transmitted as zero. See the Magic-Number
Configuration Option for further explanation.

Data

The Data field is zero or more octets, and contains uninterpreted
data for use by the sender. The data may consist of any binary
value. The end of the field is indicated by the Length.

5.9. Discard-Request

Description

LCP includes a Discard-Request Code in order to provide a Data
Link Layer sink mechanism for use in exercising the local to
remote direction of the link. This is useful as an aid in
debugging, performance testing, and for numerous other functions.

Discard-Request packets MUST only be sent in the LCP Opened state.
On reception, the receiver MUST silently discard any Discard-
Request that it receives.

A summary of the Discard-Request packet format is shown below. The
fields are transmitted from left to right.

0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Code | Identifier | Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Magic-Number |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Data ...
+-+-+-+-+

Code

11 for Discard-Request.

Identifier

The Identifier field MUST be changed for each Discard-Request
sent.

Magic-Number

The Magic-Number field is four octets, and aids in detecting links
which are in the looped-back condition. Until the Magic-Number
Configuration Option has been successfully negotiated, the Magic-
Number MUST be transmitted as zero. See the Magic-Number
Configuration Option for further explanation.

Data

The Data field is zero or more octets, and contains uninterpreted
data for use by the sender. The data may consist of any binary
value. The end of the field is indicated by the Length.

6. LCP Configuration Options

LCP Configuration Options allow negotiation of modifications to the
default characteristics of a point-to-point link. If a Configuration
Option is not included in a Configure-Request packet, the default
value for that Configuration Option is assumed.

Some Configuration Options MAY be listed more than once. The effect
of this is Configuration Option specific, and is specified by each
such Configuration Option description. (None of the Configuration
Options in this specification can be listed more than once.)

The end of the list of Configuration Options is indicated by the
Length field of the LCP packet.

Unless otherwise specified, all Configuration Options apply in a
half-duplex fashion; typically, in the receive direction of the link
from the point of view of the Configure-Request sender.

Design Philosophy

The options indicate additional capabilities or requirements of
the implementation that is requesting the option. An
implementation which does not understand any option SHOULD
interoperate with one which implements every option.

A default is specified for each option which allows the link to
correctly function without negotiation of the option, although
perhaps with less than optimal performance.

Except where explicitly specified, acknowledgement of an option
does not require the peer to take any additional action other than
the default.

It is not necessary to send the default values for the options in
a Configure-Request.

A summary of the Configuration Option format is shown below. The
fields are transmitted from left to right.

0 1
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | Data ...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

Type

The Type field is one octet, and indicates the type of
Configuration Option. Up-to-date values of the LCP Option Type
field are specified in the most recent "Assigned Numbers" RFC [2].
This document concerns the following values:

0 RESERVED
1 Maximum-Receive-Unit
3 Authentication-Protocol
4 Quality-Protocol
5 Magic-Number
7 Protocol-Field-Compression
8 Address-and-Control-Field-Compression

Length

The Length field is one octet, and indicates the length of this
Configuration Option including the Type, Length and Data fields.

If a negotiable Configuration Option is received in a Configure-
Request, but with an invalid or unrecognized Length, a Configure-
Nak SHOULD be transmitted which includes the desired Configuration
Option with an appropriate Length and Data.

Data

The Data field is zero or more octets, and contains information
specific to the Configuration Option. The format and length of
the Data field is determined by the Type and Length fields.

When the Data field is indicated by the Length to extend beyond
the end of the Information field, the entire packet is silently
discarded without affecting the automaton.

6.1. Maximum-Receive-Unit (MRU)

Description

This Configuration Option may be sent to inform the peer that the
implementation can receive larger packets, or to request that the
peer send smaller packets.

The default value is 1500 octets. If smaller packets are
requested, an implementation MUST still be able to receive the
full 1500 octet information field in case link synchronization is
lost.

Implementation Note:

This option is used to indicate an implementation capability.
The peer is not required to maximize the use of the capacity.
For example, when a MRU is indicated which is 2048 octets, the
peer is not required to send any packet with 2048 octets. The
peer need not Configure-Nak to indicate that it will only send
smaller packets, since the implementation will always require
support for at least 1500 octets.

A summary of the Maximum-Receive-Unit Configuration Option format is
shown below. The fields are transmitted from left to right.

0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | Maximum-Receive-Unit |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

Type

1

Length

4

Maximum-Receive-Unit

The Maximum-Receive-Unit field is two octets, and specifies the
maximum number of octets in the Information and Padding fields.
It does not include the framing, Protocol field, FCS, nor any
transparency bits or bytes.

6.2. Authentication-Protocol

Description

On some links it may be desirable to require a peer to
authenticate itself before allowing network-layer protocol packets
to be exchanged.

This Configuration Option provides a method to negotiate the use
of a specific protocol for authentication. By default,
authentication is not required.

An implementation MUST NOT include multiple Authentication-
Protocol Configuration Options in its Configure-Request packets.
Instead, it SHOULD attempt to configure the most desirable
protocol first. If that protocol is Configure-Nak'd, then the
implementation SHOULD attempt the next most desirable protocol in
the next Configure-Request.

The implementation sending the Configure-Request is indicating
that it expects authentication from its peer. If an
implementation sends a Configure-Ack, then it is agreeing to
authenticate with the specified protocol. An implementation
receiving a Configure-Ack SHOULD expect the peer to authenticate
with the acknowledged protocol.

There is no requirement that authentication be full-duplex or that
the same protocol be used in both directions. It is perfectly
acceptable for different protocols to be used in each direction.
This will, of course, depend on the specific protocols negotiated.

A summary of the Authentication-Protocol Configuration Option format
is shown below. The fields are transmitted from left to right.

0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | Authentication-Protocol |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Data ...
+-+-+-+-+

Type

3

Length

>= 4

Authentication-Protocol

The Authentication-Protocol field is two octets, and indicates the
authentication protocol desired. Values for this field are always
the same as the PPP Protocol field values for that same
authentication protocol.

Up-to-date values of the Authentication-Protocol field are
specified in the most recent "Assigned Numbers" RFC [2]. Current
values are assigned as follows:

Value (in hex) Protocol

c023 Password Authentication Protocol
c223 Challenge Handshake Authentication Protocol

Data

The Data field is zero or more octets, and contains additional
data as determined by the particular protocol.

6.3. Quality-Protocol

Description

On some links it may be desirable to determine when, and how
often, the link is dropping data. This process is called link
quality monitoring.

This Configuration Option provides a method to negotiate the use
of a specific protocol for link quality monitoring. By default,
link quality monitoring is disabled.

The implementation sending the Configure-Request is indicating
that it expects to receive monitoring information from its peer.
If an implementation sends a Configure-Ack, then it is agreeing to
send the specified protocol. An implementation receiving a
Configure-Ack SHOULD expect the peer to send the acknowledged
protocol.

There is no requirement that quality monitoring be full-duplex or

that the same protocol be used in both directions. It is
perfectly acceptable for different protocols to be used in each
direction. This will, of course, depend on the specific protocols
negotiated.

A summary of the Quality-Protocol Configuration Option format is
shown below. The fields are transmitted from left to right.

0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | Quality-Protocol |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Data ...
+-+-+-+-+

Type

4

Length

>= 4

Quality-Protocol

The Quality-Protocol field is two octets, and indicates the link
quality monitoring protocol desired. Values for this field are
always the same as the PPP Protocol field values for that same
monitoring protocol.

Up-to-date values of the Quality-Protocol field are specified in
the most recent "Assigned Numbers" RFC [2]. Current values are
assigned as follows:

Value (in hex) Protocol

c025 Link Quality Report

Data

The Data field is zero or more octets, and contains additional
data as determined by the particular protocol.

6.4. Magic-Number

Description

This Configuration Option provides a method to detect looped-back
links and other Data Link Layer anomalies. This Configuration
Option MAY be required by some other Configuration Options such as
the Quality-Protocol Configuration Option. By default, the
Magic-Number is not negotiated, and zero is inserted where a
Magic-Number might otherwise be used.

Before this Configuration Option is requested, an implementation
MUST choose its Magic-Number. It is recommended that the Magic-
Number be chosen in the most random manner possible in order to
guarantee with very high probability that an implementation will
arrive at a unique number. A good way to choose a unique random
number is to start with a unique seed. Suggested sources of
uniqueness include machine serial numbers, other network hardware
addresses, time-of-day clocks, etc. Particularly good random
number seeds are precise measurements of the inter-arrival time of
physical events such as packet reception on other connected
networks, server response time, or the typing rate of a human
user. It is also suggested that as many sources as possible be
used simultaneously.

When a Configure-Request is received with a Magic-Number
Configuration Option, the received Magic-Number is compared with
the Magic-Number of the last Configure-Request sent to the peer.
If the two Magic-Numbers are different, then the link is not
looped-back, and the Magic-Number SHOULD be acknowledged. If the
two Magic-Numbers are equal, then it is possible, but not certain,
that the link is looped-back and that this Configure-Request is
actually the one last sent. To determine this, a Configure-Nak
MUST be sent specifying a different Magic-Number value. A new
Configure-Request SHOULD NOT be sent to the peer until normal
processing would cause it to be sent (that is, until a Configure-
Nak is received or the Restart timer runs out).

Reception of a Configure-Nak with a Magic-Number different from
that of the last Configure-Nak sent to the peer proves that a link
is not looped-back, and indicates a unique Magic-Number. If the
Magic-Number is equal to the one sent in the last Configure-Nak,
the possibility of a looped-back link is increased, and a new
Magic-Number MUST be chosen. In either case, a new Configure-
Request SHOULD be sent with the new Magic-Number.

If the link is indeed looped-back, this sequence (transmit
Configure-Request, receive Configure-Request, transmit Configure-

Nak, receive Configure-Nak) will repeat over and over again. If
the link is not looped-back, this sequence might occur a few
times, but it is extremely unlikely to occur repeatedly. More
likely, the Magic-Numbers chosen at either end will quickly
diverge, terminating the sequence. The following table shows the
probability of collisions assuming that both ends of the link
select Magic-Numbers with a perfectly uniform distribution:

Number of Collisions Probability
-------------------- ---------------------
1 1/2**32 = 2.3 E-10
2 1/2**32**2 = 5.4 E-20
3 1/2**32**3 = 1.3 E-29

Good sources of uniqueness or randomness are required for this
divergence to occur. If a good source of uniqueness cannot be
found, it is recommended that this Configuration Option not be
enabled; Configure-Requests with the option SHOULD NOT be
transmitted and any Magic-Number Configuration Options which the
peer sends SHOULD be either acknowledged or rejected. In this
case, looped-back links cannot be reliably detected by the
implementation, although they may still be detectable by the peer.

If an implementation does transmit a Configure-Request with a
Magic-Number Configuration Option, then it MUST NOT respond with a
Configure-Reject when it receives a Configure-Request with a
Magic-Number Configuration Option. That is, if an implementation
desires to use Magic Numbers, then it MUST also allow its peer to
do so. If an implementation does receive a Configure-Reject in
response to a Configure-Request, it can only mean that the link is
not looped-back, and that its peer will not be using Magic-
Numbers. In this case, an implementation SHOULD act as if the
negotiation had been successful (as if it had instead received a
Configure-Ack).

The Magic-Number also may be used to detect looped-back links
during normal operation, as well as during Configuration Option
negotiation. All LCP Echo-Request, Echo-Reply, and Discard-
Request packets have a Magic-Number field. If Magic-Number has
been successfully negotiated, an implementation MUST transmit
these packets with the Magic-Number field set to its negotiated
Magic-Number.

The Magic-Number field of these packets SHOULD be inspected on
reception. All received Magic-Number fields MUST be equal to
either zero or the peer's unique Magic-Number, depending on
whether or not the peer negotiated a Magic-Number.

Reception of a Magic-Number field equal to the negotiated local
Magic-Number indicates a looped-back link. Reception of a Magic-
Number other than the negotiated local Magic-Number, the peer's
negotiated Magic-Number, or zero if the peer didn't negotiate one,
indicates a link which has been (mis)configured for communications
with a different peer.

Procedures for recovery from either case are unspecified, and may
vary from implementation to implementation. A somewhat
pessimistic procedure is to assume a LCP Down event. A further
Open event will begin the process of re-establishing the link,
which can't complete until the looped-back condition is
terminated, and Magic-Numbers are successfully negotiated. A more
optimistic procedure (in the case of a looped-back link) is to
begin transmitting LCP Echo-Request packets until an appropriate
Echo-Reply is received, indicating a termination of the looped-
back condition.

A summary of the Magic-Number Configuration Option format is shown
below. The fields are transmitted from left to right.

0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | Magic-Number
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Magic-Number (cont) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

Type

5

Length

6

Magic-Number

The Magic-Number field is four octets, and indicates a number
which is very likely to be unique to one end of the link. A
Magic-Number of zero is illegal and MUST always be Nak'd, if it is
not Rejected outright.

6.5. Protocol-Field-Compression (PFC)

Description

This Configuration Option provides a method to negotiate the
compression of the PPP Protocol field. By default, all
implementations MUST transmit packets with two octet PPP Protocol
fields.

PPP Protocol field numbers are chosen such that some values may be
compressed into a single octet form which is clearly
distinguishable from the two octet form. This Configuration
Option is sent to inform the peer that the implementation can
receive such single octet Protocol fields.

As previously mentioned, the Protocol field uses an extension
mechanism consistent with the ISO 3309 extension mechanism for the
Address field; the Least Significant Bit (LSB) of each octet is
used to indicate extension of the Protocol field. A binary "0" as
the LSB indicates that the Protocol field continues with the
following octet. The presence of a binary "1" as the LSB marks
the last octet of the Protocol field. Notice that any number of
"0" octets may be prepended to the field, and will still indicate
the same value (consider the two binary representations for 3,
00000011 and 00000000 00000011).

When using low speed links, it is desirable to conserve bandwidth
by sending as little redundant data as possible. The Protocol-
Field-Compression Configuration Option allows a trade-off between
implementation simplicity and bandwidth efficiency. If
successfully negotiated, the ISO 3309 extension mechanism may be
used to compress the Protocol field to one octet instead of two.
The large majority of packets are compressible since data
protocols are typically assigned with Protocol field values less
than 256.

Compressed Protocol fields MUST NOT be transmitted unless this
Configuration Option has been negotiated. When negotiated, PPP
implementations MUST accept PPP packets with either double-octet
or single-octet Protocol fields, and MUST NOT distinguish between
them.

The Protocol field is never compressed when sending any LCP
packet. This rule guarantees unambiguous recognition of LCP
packets.

When a Protocol field is compressed, the Data Link Layer FCS field
is calculated on the compressed frame, not the original

uncompressed frame.

A summary of the Protocol-Field-Compression Configuration Option
format is shown below. The fields are transmitted from left to
right.

0 1
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

Type

7

Length

2

6.6. Address-and-Control-Field-Compression (ACFC)

Description

This Configuration Option provides a method to negotiate the
compression of the Data Link Layer Address and Control fields. By
default, all implementations MUST transmit frames with Address and
Control fields appropriate to the link framing.

Since these fields usually have constant values for point-to-point
links, they are easily compressed. This Configuration Option is
sent to inform the peer that the implementation can receive
compressed Address and Control fields.

If a compressed frame is received when Address-and-Control-Field-
Compression has not been negotiated, the implementation MAY
silently discard the frame.

The Address and Control fields MUST NOT be compressed when sending
any LCP packet. This rule guarantees unambiguous recognition of
LCP packets.

When the Address and Control fields are compressed, the Data Link
Layer FCS field is calculated on the compressed frame, not the
original uncompressed frame.

A summary of the Address-and-Control-Field-Compression configuration
option format is shown below. The fields are transmitted from left
to right.

0 1
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

Type

8

Length

2

Security Considerations

Security issues are briefly discussed in sections concerning the
Authentication Phase, the Close event, and the Authentication-
Protocol Configuration Option.

References

[1] Perkins, D., "Requirements for an Internet Standard Point-to-
Point Protocol", RFC 1547, Carnegie Mellon University,
December 1993.

[2] Reynolds, J., and Postel, J., "Assigned Numbers", STD 2, RFC
1340, USC/Information Sciences Institute, July 1992.

Acknowledgements

This document is the product of the Point-to-Point Protocol Working
Group of the Internet Engineering Task Force (IETF). Comments should
be submitted to the ietf-ppp@merit.edu mailing list.

Much of the text in this document is taken from the working group
requirements [1]; and RFCs 1171 & 1172, by Drew Perkins while at
Carnegie Mellon University, and by Russ Hobby of the University of
California at Davis.

William Simpson was principally responsible for introducing
consistent terminology and philosophy, and the re-design of the phase
and negotiation state machines.

Many people spent significant time helping to develop the Point-to-
Point Protocol. The complete list of people is too numerous to list,
but the following people deserve special thanks: Rick Adams, Ken
Adelman, Fred Baker, Mike Ballard, Craig Fox, Karl Fox, Phill Gross,
Kory Hamzeh, former WG chair Russ Hobby, David Kaufman, former WG
chair Steve Knowles, Mark Lewis, former WG chair Brian Lloyd, John
LoVerso, Bill Melohn, Mike Patton, former WG chair Drew Perkins, Greg
Satz, John Shriver, Vernon Schryver, and Asher Waldfogel.

Special thanks to Morning Star Technologies for providing computing
resources and network access support for writing this specification.

Chair's Address

The working group can be contacted via the current chair:

Fred Baker
Advanced Computer Communications
315 Bollay Drive
Santa Barbara, California 93117

fbaker@acc.com

Editor's Address

Questions about this memo can also be directed to:

William Allen Simpson
Daydreamer
Computer Systems Consulting Services
1384 Fontaine
Madison Heights, Michigan 48071

Bill.Simpson@um.cc.umich.edu
bsimpson@MorningStar.com

Simpson [Page 52]

RFC 1700 – Assigned Numbers


Network Working Group                                        J. Reynolds
Request for Comments: 1700 J. Postel
STD: 2 ISI
Obsoletes RFCs: 1340, 1060, 1010, 990, 960, October 1994
943, 923, 900, 870, 820, 790, 776, 770,
762, 758,755, 750, 739, 604, 503, 433, 349
Obsoletes IENs: 127, 117, 93
Category: Standards Track

ASSIGNED NUMBERS

Status of this Memo

This memo is a status report on the parameters (i.e., numbers and
keywords) used in protocols in the Internet community. Distribution
of this memo is unlimited.

OVERVIEW

This RFC is a snapshot of the ongoing process of the assignment of
protocol parameters for the Internet protocol suite. To make the
current information readily available the assignments are kept up-to-
date in a set of online text files. This RFC has been assembled by
catinating these files together with a minimum of formatting "glue".
The authors appologize for the somewhat rougher formatting and style
than is typical of most RFCs.

We expect that various readers will notice specific items that should be
corrected. Please send any specific corrections via email to
<iana@isi.edu>.

INTRODUCTION

The files in this directory document the currently assigned values for
several series of numbers used in network protocol implementations.

ftp://ftp.isi.edu/in-notes/iana/assignments

The Internet Assigned Numbers Authority (IANA) is the central
coordinator for the assignment of unique parameter values for Internet
protocols. The IANA is chartered by the Internet Society (ISOC) and
the Federal Network Council (FNC) to act as the clearinghouse to
assign and coordinate the use of numerous Internet protocol
parameters.

The Internet protocol suite, as defined by the Internet Engineering
Task Force (IETF) and its steering group (the IESG), contains numerous
parameters, such as internet addresses, domain names, autonomous
system numbers (used in some routing protocols), protocol numbers,
port numbers, management information base object identifiers,
including private enterprise numbers, and many others.

The common use of the Internet protocols by the Internet community
requires that the particular values used in these parameter fields be
assigned uniquely. It is the task of the IANA to make those unique
assignments as requested and to maintain a registry of the currently
assigned values.

Requests for parameter assignments (protocols, ports, etc.) should be
sent to <iana@isi.edu>.

Requests for SNMP network management private enterprise number
assignments should be sent to <iana-mib@isi.edu>.

The IANA is located at and operated by the Information Sciences
Institute (ISI) of the University of Southern California (USC).

If you are developing a protocol or application that will require the
use of a link, socket, port, protocol, etc., please contact the IANA
to receive a number assignment.

Joyce K. Reynolds
Internet Assigned Numbers Authority
USC - Information Sciences Institute
4676 Admiralty Way
Marina del Rey, California 90292-6695

Electronic mail: IANA@ISI.EDU
Phone: +1 310-822-1511

Most of the protocols are documented in the RFC series of notes. Some
of the items listed are undocumented. Further information on
protocols can be found in the memo, "Internet Official Protocol
Standards" (STD 1).

Data Notations

The convention in the documentation of Internet Protocols is to
express numbers in decimal and to picture data in "big-endian" order
[COHEN]. That is, fields are described left to right, with the most
significant octet on the left and the least significant octet on the
right.

The order of transmission of the header and data described in this
document is resolved to the octet level. Whenever a diagram shows a
group of octets, the order of transmission of those octets is the
normal order in which they are read in English. For example, in the
following diagram the octets are transmitted in the order they are
numbered.

0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| 1 | 2 | 3 | 4 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| 5 | 6 | 7 | 8 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| 9 | 10 | 11 | 12 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

Transmission Order of Bytes

Whenever an octet represents a numeric quantity the left most bit in the
diagram is the high order or most significant bit. That is, the bit
labeled 0 is the most significant bit. For example, the following
diagram represents the value 170 (decimal).

0 1 2 3 4 5 6 7
+-+-+-+-+-+-+-+-+
|1 0 1 0 1 0 1 0|
+-+-+-+-+-+-+-+-+

Significance of Bits

Similarly, whenever a multi-octet field represents a numeric quantity
the left most bit of the whole field is the most significant bit. When

a multi-octet quantity is transmitted the most significant octet is
transmitted first.

Special Addresses

There are five classes of IP addresses: Class A through Class E. Of
these, Classes A, B, and C are used for unicast addresses, Class D is
used for multicast addresses, and Class E addresses are reserved for
future use.

With the advent of classless addressing [CIDR1, CIDR2], the
network-number part of an address may be of any length, and the whole
notion of address classes becomes less important.

There are certain special cases for IP addresses. These special cases
can be concisely summarized using the earlier notation for an IP
address:

IP-address ::= { <Network-number>, <Host-number> }

or

IP-address ::= { <Network-number>, <Subnet-number>,
<Host-number> }

if we also use the notation "-1" to mean the field contains all 1
bits. Some common special cases are as follows:

(a) {0, 0}

This host on this network. Can only be used as a source
address (see note later).

(b) {0, <Host-number>}

Specified host on this network. Can only be used as a
source address.

(c) { -1, -1}

Limited broadcast. Can only be used as a destination
address, and a datagram with this address must never be
forwarded outside the (sub-)net of the source.

(d) {<Network-number>, -1}

Directed broadcast to specified network. Can only be used
as a destination address.

(e) {<Network-number>, <Subnet-number>, -1}

Directed broadcast to specified subnet. Can only be used as
a destination address.

(f) {<Network-number>, -1, -1}

Directed broadcast to all subnets of specified subnetted
network. Can only be used as a destination address.

(g) {127, <any>}

Internal host loopback address. Should never appear outside
a host.

REFERENCES

[COHEN] Cohen, D., "On Holy Wars and a Plea for Peace", IEEE Computer
Magazine, October 1981.

[CIDR1] Fuller, V., T. Li, J. Yu, and K. Varadhan, "Classless
Inter-Domain Routing (CIDR): an Address Assignment and
Aggregation Strategy", RFC 1519, September 1993.

[CIDR2] Rekhter, Y., and T. Li, "An Architecture for IP Address
Allocation with CIDR", RFC 1518, September 1993.

[]

URL = ftp://ftp.isi.edu/in-notes/iana/assignments/introduction

VERSION NUMBERS

In the Internet Protocol (IP) [RFC791] there is a field to identify
the version of the internetwork general protocol. This field is 4
bits in size.

Assigned Internet Version Numbers

Decimal Keyword Version References
------- ------- ------- ----------
0 Reserved [JBP]
1-3 Unassigned [JBP]
4 IP Internet Protocol [RFC791,JBP]
5 ST ST Datagram Mode [RFC1190,JWF]
6 SIP Simple Internet Protocol [RH6]
7 TP/IX TP/IX: The Next Internet [RXU]
8 PIP The P Internet Protocol [PXF]
9 TUBA TUBA [RXC]
10-14 Unassigned [JBP]
15 Reserved [JBP]

REFERENCES

[RFC791] Postel, J., ed., "Internet Protocol - DARPA Internet Program
Protocol Specification", STD 5, RFC 791, USC/Information
Sciences Institute, September 1981.

[RFC1190] Topolcic, C., Editor, "Experimental Internet Stream
Protocol, Version 2 (ST-II)", RFC 1190, CIP Working Group,
October 1990.

PEOPLE

[JPB] Jon Postel <postel@isi.edu>

[JWF] Jim Forgie <FORGIE@XN.LL.MIT.ED>

[RH6] Robert Hinden <Hinden@ENG.SUN.COM>

[RXU] Robert Ullmann <ariel@world.std.com>

[PXF] Paul Francis <francis@cactus.ntt.jp>

[RXC] Ross Callon <callon@wellfleet.com>

[]

URL = ftp://ftp.isi.edu/in-notes/iana/assignments/version-numbers

PROTOCOL NUMBERS

In the Internet Protocol (IP) [DDN], [RFC791] there is a field, called
Protocol, to identify the next level protocol. This is an 8 bit
field.

Assigned Internet Protocol Numbers

Decimal Keyword Protocol References
------- ------- -------- ----------
0 Reserved [JBP]
1 ICMP Internet Control Message [RFC792,JBP]
2 IGMP Internet Group Management [RFC1112,JBP]
3 GGP Gateway-to-Gateway [RFC823,MB]
4 IP IP in IP (encasulation) [JBP]
5 ST Stream [RFC1190,IEN119,JWF]
6 TCP Transmission Control [RFC793,JBP]
7 UCL UCL [PK]
8 EGP Exterior Gateway Protocol [RFC888,DLM1]
9 IGP any private interior gateway [JBP]
10 BBN-RCC-MON BBN RCC Monitoring [SGC]
11 NVP-II Network Voice Protocol [RFC741,SC3]
12 PUP PUP [PUP,XEROX]
13 ARGUS ARGUS [RWS4]
14 EMCON EMCON [BN7]
15 XNET Cross Net Debugger [IEN158,JFH2]
16 CHAOS Chaos [NC3]
17 UDP User Datagram [RFC768,JBP]
18 MUX Multiplexing [IEN90,JBP]
19 DCN-MEAS DCN Measurement Subsystems [DLM1]
20 HMP Host Monitoring [RFC869,RH6]
21 PRM Packet Radio Measurement [ZSU]
22 XNS-IDP XEROX NS IDP [ETHERNET,XEROX]
23 TRUNK-1 Trunk-1 [BWB6]
24 TRUNK-2 Trunk-2 [BWB6]
25 LEAF-1 Leaf-1 [BWB6]
26 LEAF-2 Leaf-2 [BWB6]
27 RDP Reliable Data Protocol [RFC908,RH6]
28 IRTP Internet Reliable Transaction [RFC938,TXM]
29 ISO-TP4 ISO Transport Protocol Class 4 [RFC905,RC77]
30 NETBLT Bulk Data Transfer Protocol [RFC969,DDC1]
31 MFE-NSP MFE Network Services Protocol [MFENET,BCH2]
32 MERIT-INP MERIT Internodal Protocol [HWB]
33 SEP Sequential Exchange Protocol [JC120]
34 3PC Third Party Connect Protocol [SAF3]
35 IDPR Inter-Domain Policy Routing Protocol [MXS1]

36 XTP XTP [GXC]
37 DDP Datagram Delivery Protocol [WXC]
38 IDPR-CMTP IDPR Control Message Transport Proto [MXS1]
39 TP++ TP++ Transport Protocol [DXF]
40 IL IL Transport Protocol [DXP2]
41 SIP Simple Internet Protocol [SXD]
42 SDRP Source Demand Routing Protocol [DXE1]
43 SIP-SR SIP Source Route [SXD]
44 SIP-FRAG SIP Fragment [SXD]
45 IDRP Inter-Domain Routing Protocol [Sue Hares]
46 RSVP Reservation Protocol [Bob Braden]
47 GRE General Routing Encapsulation [Tony Li]
48 MHRP Mobile Host Routing Protocol[David Johnson]
49 BNA BNA [Gary Salamon]
50 SIPP-ESP SIPP Encap Security Payload [Steve Deering]
51 SIPP-AH SIPP Authentication Header [Steve Deering]
52 I-NLSP Integrated Net Layer Security TUBA [GLENN]
53 SWIPE IP with Encryption [JI6]
54 NHRP NBMA Next Hop Resolution Protocol
55-60 Unassigned [JBP]
61 any host internal protocol [JBP]
62 CFTP CFTP [CFTP,HCF2]
63 any local network [JBP]
64 SAT-EXPAK SATNET and Backroom EXPAK [SHB]
65 KRYPTOLAN Kryptolan [PXL1]
66 RVD MIT Remote Virtual Disk Protocol [MBG]
67 IPPC Internet Pluribus Packet Core [SHB]
68 any distributed file system [JBP]
69 SAT-MON SATNET Monitoring [SHB]
70 VISA VISA Protocol [GXT1]
71 IPCV Internet Packet Core Utility [SHB]
72 CPNX Computer Protocol Network Executive [DXM2]
73 CPHB Computer Protocol Heart Beat [DXM2]
74 WSN Wang Span Network [VXD]
75 PVP Packet Video Protocol [SC3]
76 BR-SAT-MON Backroom SATNET Monitoring [SHB]
77 SUN-ND SUN ND PROTOCOL-Temporary [WM3]
78 WB-MON WIDEBAND Monitoring [SHB]
79 WB-EXPAK WIDEBAND EXPAK [SHB]
80 ISO-IP ISO Internet Protocol [MTR]
81 VMTP VMTP [DRC3]
82 SECURE-VMTP SECURE-VMTP [DRC3]
83 VINES VINES [BXH]
84 TTP TTP [JXS]
85 NSFNET-IGP NSFNET-IGP [HWB]
86 DGP Dissimilar Gateway Protocol [DGP,ML109]
87 TCF TCF [GAL5]
88 IGRP IGRP [CISCO,GXS]

89 OSPFIGP OSPFIGP [RFC1583,JTM4]
90 Sprite-RPC Sprite RPC Protocol [SPRITE,BXW]
91 LARP Locus Address Resolution Protocol [BXH]
92 MTP Multicast Transport Protocol [SXA]
93 AX.25 AX.25 Frames [BK29]
94 IPIP IP-within-IP Encapsulation Protocol [JI6]
95 MICP Mobile Internetworking Control Pro. [JI6]
96 SCC-SP Semaphore Communications Sec. Pro. [HXH]
97 ETHERIP Ethernet-within-IP Encapsulation [RXH1]
98 ENCAP Encapsulation Header [RFC1241,RXB3]
99 any private encryption scheme [JBP]
100 GMTP GMTP [RXB5]
101-254 Unassigned [JBP]
255 Reserved [JBP]

REFERENCES

[CFTP] Forsdick, H., "CFTP", Network Message, Bolt Beranek and
Newman, January 1982.

[CISCO] Cisco Systems, "Gateway Server Reference Manual", Manual
Revision B, January 10, 1988.

[DDN] Feinler, E., Editor, "DDN Protocol Handbook", Network
Information Center, SRI International, December 1985.

[DGP] M/A-COM Government Systems, "Dissimilar Gateway Protocol
Specification, Draft Version", Contract no. CS901145,
November 16, 1987.

[ETHERNET] "The Ethernet, A Local Area Network: Data Link Layer and
Physical Layer Specification", AA-K759B-TK, Digital
Equipment Corporation, Maynard, MA. Also as: "The
Ethernet - A Local Area Network", Version 1.0, Digital
Equipment Corporation, Intel Corporation, Xerox
Corporation, September 1980. And: "The Ethernet, A Local
Area Network: Data Link Layer and Physical Layer
Specifications", Digital, Intel and Xerox, November 1982.
And: XEROX, "The Ethernet, A Local Area Network: Data Link
Layer and Physical Layer Specification", X3T51/80-50,
Xerox Corporation, Stamford, CT., October 1980.

[IEN90] Cohen, D. and J. Postel, "Multiplexing Protocol", IEN 90,
USC/Information Sciences Institute, May 1979.

[IEN119] Forgie, J., "ST - A Proposed Internet Stream Protocol",
IEN 119, MIT Lincoln Laboratory, September 1979.

[IEN158] Haverty, J., "XNET Formats for Internet Protocol Version 4",
IEN 158, October 1980.

[MFENET] Shuttleworth, B., "A Documentary of MFENet, a National
Computer Network", UCRL-52317, Lawrence Livermore Labs,
Livermore, California, June 1977.

[PUP] Boggs, D., J. Shoch, E. Taft, and R. Metcalfe, "PUP: An
Internetwork Architecture", XEROX Palo Alto Research Center,
CSL-79-10, July 1979; also in IEEE Transactions on
Communication, Volume COM-28, Number 4, April 1980.

[SPRITE] Welch, B., "The Sprite Remote Procedure Call System",
Technical Report, UCB/Computer Science Dept., 86/302,
University of California at Berkeley, June 1986.

[RFC741] Cohen, D., "Specifications for the Network Voice Protocol",
RFC 741, ISI/RR 7539, USC/Information Sciences Institute,
March 1976.

[RFC768] Postel, J., "User Datagram Protocol", STD 6, RFC 768,
USC/Information Sciences Institute, August 1980.

[RFC791] Postel, J., "Internet Protocol - DARPA Internet Program
Protocol Specification", STD 5, RFC 791, DARPA, September
1981.

[RFC792] Postel, J., "Internet Control Message Protocol - DARPA
Internet Program Protocol Specification", STD 5, RFC 792,
USC/Information Sciences Institute, September 1981.

[RFC793] Postel, J., "Transmission Control Protocol - DARPA
Internet Program Protocol Specification", STD 7, RFC 793,
USC/Information Sciences Institute, September 1981.

[RFC823] Hinden, R., and A. Sheltzer, "The DARPA Internet Gateway",
RFC 823, BBN, September 1982.

[RFC869] Hinden, R., "A Host Monitoring Protocol", RFC 869,
Bolt Beranek and Newman, December 1983.

[RFC888] Seamonson, L., and E. Rosen, "STUB" Exterior Gateway
Protocol", RFC 888, BBN Communications Corporation,
January 1984.

[RFC905] International Standards Organization, "ISO Transport Protocol
Specification - ISO DP 8073", RFC 905, April 1984.

[RFC908] Velten, D., R. Hinden, and J. Sax, "Reliable Data Protocol",
RFC 908, BBN Communications Corporation, July 1984.

[RFC938] Miller, T., "Internet Reliable Transaction Protocol", RFC 938,
ACC, February 1985.

[RFC969] Clark, D., M. Lambert, and L. Zhang, "NETBLT: A Bulk Data
Transfer Protocol", RFC 969, MIT Laboratory for Computer
Science, December 1985.

[RFC1112] Deering, S., "Host Extensions for IP Multicasting",
STD 5, RFC 1112, Stanford University, August 1989.

[RFC1190] Topolcic, C., Editor, "Experimental Internet Stream
Protocol, Version 2 (ST-II)", RFC 1190, CIP Working Group,
October 1990.

[RFC1241] Woodburn, W., and D. Mills, " A Scheme for an Internet
Encapsulation Protocol: Version 1", RFC 1241, SAIC,
University of Delaware, July 1991.

[RFC1583] Moy, J., "The OSPF Specification", RFC 1583, Proteon,
March 1994.

PEOPLE

[BCH2] Barry Howard <Howard@NMFECC.LLNL.GOV>

[BK29] Brian Kantor <brian@UCSD.EDU>

[BN7] <mystery contact>

[BWB6] Barry Boehm <boehm@ARPA.MIL>

[BXH] Brian Horn <---none--->

[BXW] Bruce Willins <---none--->

[DDC1] David Clark <ddc@LCS.MIT.EDU>

[DLM1] David Mills <Mills@HUEY.UDEL.EDU>

[DRC3] Dave Cheriton <cheriton@PESCADERO.STANFORD.EDU>

[DXE1] Deborah Estrin <estrin@usc.edu>

[DXF] Dirk Fromhein <df@watershed.com>

[DXM2] David Mittnacht <---none--->

[DXP2] Dave Presotto <presotto@reseach.att.co

[David Johnson] <mystery contact>

[GAL5] Guillermo A. Loyola <LOYOLA@IBM.COM>

[GLENN] K. Robert Glenn <glenn@osi.ncsl.nist.gov>

[GXC] Greg Chesson <Greg@SGI.COM>

[GXS] Guenther Schreiner <snmp-admin@ira.uka.de>

[GXT1] Gene Tsudik <tsudik@USC.EDU>

[HCF2] Harry Forsdick <Forsdick@BBN.COM>

[HWB] Hans-Werner Braun <HWB@MCR.UMICH.EDU>

[HXH] Howard Hart <hch@hybrid.com>

[JBP] Jon Postel <postel@isi.edu>

[JC120] <mystery contact>

[JFH2] Jack Haverty <jhaverty@ORACLE.COM>

[JI6] John Ioannidis <ji@CS.COLUMBIA.EDU>

[JTM4] John Moy <jmoy@PROTEON.COM>

[JWF] Jim Forgie <FORGIE@XN.LL.MIT.EDU>

[JXS] Jim Stevens <Stevens@ISI.EDU>

[KATZ] Dave Katz <dkatz@cisco.com>

[MB] Mike Brescia <Brescia@CCV.BBN.COM>

[MBG] Michael Greenwald <Greenwald@SCRC-STONY-BROOK.SYMBOLICS.COM>

[ML109] Mike Little <little@MACOM4.ARPA>

[MTR] Marshall T. Rose <mrose@dbc.mtview.ca.us>

[MXS1] Martha Steenstrup <MSteenst@BBN.COM>

[NC3] J. Noel Chiappa <JNC@XX.LCS.MIT.EDU>

[PK] Peter Kirstein <Kirstein@NSS.CS.UCL.AC.UK>

[PXL1] Paul Liu <---none--->

[RH6] Robert Hinden <Hinden@ENG.SUN.COM>

[RTB3] Bob Braden <braden@isi.edu>

[RC77] <mystery contact>

[RWS4] Robert W. Scheifler <RWS@XX.LCS.MIT.EDU>

[RXB3] Robert Woodburn <woody@cseic.saic.com>

[RXH1] Russ Housley <Russ_Housley.McLean_CSD@xerox.com>

[SAF3] Stuart A. Friedberg <stuart@CS.WISC.EDU>

[SC3] Steve Casner <casner@isi.edu

[SGC] Steve Chipman <Chipman@F.BBN.COM>

[SHB] Steven Blumenthal <BLUMENTHAL@VAX.BBN.COM>

[Sue Hares] Sue Hares <skh@merit.edu>

[SXA] Susie Armstrong <Armstrong.wbst128@XEROX.COM>

[SXD] Steve Deering <deering@PARC.XEROX.COM>

[Tony Li] Tony Li <tli@cisco.com>

[TXM] Trudy Miller <Trudy@ACC.COM>

[VXD] Victor Dafoulas <---none--->

[WM3] William Melohn <Melohn@SUN.COM>

[WXC] Wesley Craig <Wesley.Craig@terminator.cc.umich.edu>

[ZSU] Zaw-Sing Su <ZSu@TSCA.ISTC.SRI.>

[]

URL = ftp://ftp.isi.edu/in-notes/iana/assignments/protocol-numbers

WELL KNOWN PORT NUMBERS

The Well Known Ports are controlled and assigned by the IANA and on
most systems can only be used by system (or root) processes or by
programs executed by privileged users.

Ports are used in the TCP [RFC793] to name the ends of logical
connections which carry long term conversations. For the purpose of
providing services to unknown callers, a service contact port is
defined. This list specifies the port used by the server process as
its contact port. The contact port is sometimes called the
"well-known port".

To the extent possible, these same port assignments are used with the
UDP [RFC768].

The assigned ports use a small portion of the possible port numbers.
For many years the assigned ports were in the range 0-255. Recently,
the range for assigned ports managed by the IANA has been expanded to
the range 0-1023.

Port Assignments:

Keyword Decimal Description References
------- ------- ----------- ----------
0/tcp Reserved
0/udp Reserved
# Jon Postel <postel@isi.edu>
tcpmux 1/tcp TCP Port Service Multiplexer
tcpmux 1/udp TCP Port Service Multiplexer
# Mark Lottor <MKL@nisc.sri.com>
compressnet 2/tcp Management Utility
compressnet 2/udp Management Utility
compressnet 3/tcp Compression Process
compressnet 3/udp Compression Process
# Bernie Volz <VOLZ@PROCESS.COM>
# 4/tcp Unassigned
# 4/udp Unassigned
rje 5/tcp Remote Job Entry
rje 5/udp Remote Job Entry
# Jon Postel <postel@isi.edu>
# 6/tcp Unassigned
# 6/udp Unassigned
echo 7/tcp Echo
echo 7/udp Echo
# Jon Postel <postel@isi.edu>
# 8/tcp Unassigned

# 8/udp Unassigned
discard 9/tcp Discard
discard 9/udp Discard
# Jon Postel <postel@isi.edu>
# 10/tcp Unassigned
# 10/udp Unassigned
systat 11/tcp Active Users
systat 11/udp Active Users
# Jon Postel <postel@isi.edu>
# 12/tcp Unassigned
# 12/udp Unassigned
daytime 13/tcp Daytime
daytime 13/udp Daytime
# Jon Postel <postel@isi.edu>
# 14/tcp Unassigned
# 14/udp Unassigned
# 15/tcp Unassigned [was netstat]
# 15/udp Unassigned
# 16/tcp Unassigned
# 16/udp Unassigned
qotd 17/tcp Quote of the Day
qotd 17/udp Quote of the Day
# Jon Postel <postel@isi.edu>
msp 18/tcp Message Send Protocol
msp 18/udp Message Send Protocol
# Rina Nethaniel <---none--->
chargen 19/tcp Character Generator
chargen 19/udp Character Generator
ftp-data 20/tcp File Transfer [Default Data]
ftp-data 20/udp File Transfer [Default Data]
ftp 21/tcp File Transfer [Control]
ftp 21/udp File Transfer [Control]
# Jon Postel <postel@isi.edu>
# 22/tcp Unassigned
# 22/udp Unassigned
telnet 23/tcp Telnet
telnet 23/udp Telnet
# Jon Postel <postel@isi.edu>
24/tcp any private mail system
24/udp any private mail system
# Rick Adam <rick@UUNET.UU.NET>
smtp 25/tcp Simple Mail Transfer
smtp 25/udp Simple Mail Transfer
# Jon Postel <postel@isi.edu>
# 26/tcp Unassigned
# 26/udp Unassigned
nsw-fe 27/tcp NSW User System FE
nsw-fe 27/udp NSW User System FE

# Robert Thomas <BThomas@F.BBN.COM>
# 28/tcp Unassigned
# 28/udp Unassigned
msg-icp 29/tcp MSG ICP
msg-icp 29/udp MSG ICP
# Robert Thomas <BThomas@F.BBN.COM>
# 30/tcp Unassigned
# 30/udp Unassigned
msg-auth 31/tcp MSG Authentication
msg-auth 31/udp MSG Authentication
# Robert Thomas <BThomas@F.BBN.COM>
# 32/tcp Unassigned
# 32/udp Unassigned
dsp 33/tcp Display Support Protocol
dsp 33/udp Display Support Protocol
# Ed Cain <cain@edn-unix.dca.mil>
# 34/tcp Unassigned
# 34/udp Unassigned
35/tcp any private printer server
35/udp any private printer server
# Jon Postel <postel@isi.edu>
# 36/tcp Unassigned
# 36/udp Unassigned
time 37/tcp Time
time 37/udp Time
# Jon Postel <postel@isi.edu>
rap 38/tcp Route Access Protocol
rap 38/udp Route Access Protocol
# Robert Ullmann <ariel@world.std.com>
rlp 39/tcp Resource Location Protocol
rlp 39/udp Resource Location Protocol
# Mike Accetta <MIKE.ACCETTA@CMU-CS-A.EDU>
# 40/tcp Unassigned
# 40/udp Unassigned
graphics 41/tcp Graphics
graphics 41/udp Graphics
nameserver 42/tcp Host Name Server
nameserver 42/udp Host Name Server
nicname 43/tcp Who Is
nicname 43/udp Who Is
mpm-flags 44/tcp MPM FLAGS Protocol
mpm-flags 44/udp MPM FLAGS Protocol
mpm 45/tcp Message Processing Module [recv]
mpm 45/udp Message Processing Module [recv]
mpm-snd 46/tcp MPM [default send]
mpm-snd 46/udp MPM [default send]
# Jon Postel <postel@isi.edu>
ni-ftp 47/tcp NI FTP

ni-ftp 47/udp NI FTP
# Steve Kille <S.Kille@isode.com>
auditd 48/tcp Digital Audit Daemon
auditd 48/udp Digital Audit Daemon
# Larry Scott <scott@zk3.dec.com>
login 49/tcp Login Host Protocol
login 49/udp Login Host Protocol
# Pieter Ditmars <pditmars@BBN.COM>
re-mail-ck 50/tcp Remote Mail Checking Protocol
re-mail-ck 50/udp Remote Mail Checking Protocol
# Steve Dorner <s-dorner@UIUC.EDU>
la-maint 51/tcp IMP Logical Address Maintenance
la-maint 51/udp IMP Logical Address Maintenance
# Andy Malis <malis_a@timeplex.com>
xns-time 52/tcp XNS Time Protocol
xns-time 52/udp XNS Time Protocol
# Susie Armstrong <Armstrong.wbst128@XEROX>
domain 53/tcp Domain Name Server
domain 53/udp Domain Name Server
# Paul Mockapetris <PVM@ISI.EDU>
xns-ch 54/tcp XNS Clearinghouse
xns-ch 54/udp XNS Clearinghouse
# Susie Armstrong <Armstrong.wbst128@XEROX>
isi-gl 55/tcp ISI Graphics Language
isi-gl 55/udp ISI Graphics Language
xns-auth 56/tcp XNS Authentication
xns-auth 56/udp XNS Authentication
# Susie Armstrong <Armstrong.wbst128@XEROX>
57/tcp any private terminal access
57/udp any private terminal access
# Jon Postel <postel@isi.edu>
xns-mail 58/tcp XNS Mail
xns-mail 58/udp XNS Mail
# Susie Armstrong <Armstrong.wbst128@XEROX>
59/tcp any private file service
59/udp any private file service
# Jon Postel <postel@isi.edu>
60/tcp Unassigned
60/udp Unassigned
ni-mail 61/tcp NI MAIL
ni-mail 61/udp NI MAIL
# Steve Kille <S.Kille@isode.com>
acas 62/tcp ACA Services
acas 62/udp ACA Services
# E. Wald <ewald@via.enet.dec.com>
# 63/tcp Unassigned
# 63/udp Unassigned
covia 64/tcp Communications Integrator (CI)

covia 64/udp Communications Integrator (CI)
# "Tundra" Tim Daneliuk
# <tundraix!tundra@clout.chi.il.us>
tacacs-ds 65/tcp TACACS-Database Service
tacacs-ds 65/udp TACACS-Database Service
# Kathy Huber <khuber@bbn.com>
sql*net 66/tcp Oracle SQL*NET
sql*net 66/udp Oracle SQL*NET
# Jack Haverty <jhaverty@ORACLE.COM>
bootps 67/tcp Bootstrap Protocol Server
bootps 67/udp Bootstrap Protocol Server
bootpc 68/tcp Bootstrap Protocol Client
bootpc 68/udp Bootstrap Protocol Client
# Bill Croft <Croft@SUMEX-AIM.STANFORD.EDU>
tftp 69/tcp Trivial File Transfer
tftp 69/udp Trivial File Transfer
# David Clark <ddc@LCS.MIT.EDU>
gopher 70/tcp Gopher
gopher 70/udp Gopher
# Mark McCahill <mpm@boombox.micro.umn.edu>
netrjs-1 71/tcp Remote Job Service
netrjs-1 71/udp Remote Job Service
netrjs-2 72/tcp Remote Job Service
netrjs-2 72/udp Remote Job Service
netrjs-3 73/tcp Remote Job Service
netrjs-3 73/udp Remote Job Service
netrjs-4 74/tcp Remote Job Service
netrjs-4 74/udp Remote Job Service
# Bob Braden <Braden@ISI.EDU>
75/tcp any private dial out service
75/udp any private dial out service
# Jon Postel <postel@isi.edu>
deos 76/tcp Distributed External Object Store
deos 76/udp Distributed External Object Store
# Robert Ullmann <ariel@world.std.com>
77/tcp any private RJE service
77/udp any private RJE service
# Jon Postel <postel@isi.edu>
vettcp 78/tcp vettcp
vettcp 78/udp vettcp
# Christopher Leong <leong@kolmod.mlo.dec.com>
finger 79/tcp Finger
finger 79/udp Finger
# David Zimmerman <dpz@RUTGERS.EDU>
www-http 80/tcp World Wide Web HTTP
www-http 80/udp World Wide Web HTTP
# Tim Berners-Lee <timbl@nxoc01.cern.ch>
hosts2-ns 81/tcp HOSTS2 Name Server

hosts2-ns 81/udp HOSTS2 Name Server
# Earl Killian <EAK@MORDOR.S1.GOV>
xfer 82/tcp XFER Utility
xfer 82/udp XFER Utility
# Thomas M. Smith <tmsmith@esc.syr.ge.com>
mit-ml-dev 83/tcp MIT ML Device
mit-ml-dev 83/udp MIT ML Device
# David Reed <--none--->
ctf 84/tcp Common Trace Facility
ctf 84/udp Common Trace Facility
# Hugh Thomas <thomas@oils.enet.dec.com>
mit-ml-dev 85/tcp MIT ML Device
mit-ml-dev 85/udp MIT ML Device
# David Reed <--none--->
mfcobol 86/tcp Micro Focus Cobol
mfcobol 86/udp Micro Focus Cobol
# Simon Edwards <--none--->
87/tcp any private terminal link
87/udp any private terminal link
# Jon Postel <postel@isi.edu>
kerberos 88/tcp Kerberos
kerberos 88/udp Kerberos
# B. Clifford Neuman <bcn@isi.edu>
su-mit-tg 89/tcp SU/MIT Telnet Gateway
su-mit-tg 89/udp SU/MIT Telnet Gateway
# Mark Crispin <MRC@PANDA.COM>
dnsix 90/tcp DNSIX Securit Attribute Token Map
dnsix 90/udp DNSIX Securit Attribute Token Map
# Charles Watt <watt@sware.com>
mit-dov 91/tcp MIT Dover Spooler
mit-dov 91/udp MIT Dover Spooler
# Eliot Moss <EBM@XX.LCS.MIT.EDU>
npp 92/tcp Network Printing Protocol
npp 92/udp Network Printing Protocol
# Louis Mamakos <louie@sayshell.umd.edu>
dcp 93/tcp Device Control Protocol
dcp 93/udp Device Control Protocol
# Daniel Tappan <Tappan@BBN.COM>
objcall 94/tcp Tivoli Object Dispatcher
objcall 94/udp Tivoli Object Dispatcher
# Tom Bereiter <--none--->
supdup 95/tcp SUPDUP
supdup 95/udp SUPDUP
# Mark Crispin <MRC@PANDA.COM>
dixie 96/tcp DIXIE Protocol Specification
dixie 96/udp DIXIE Protocol Specification
# Tim Howes <Tim.Howes@terminator.cc.umich.edu>
swift-rvf 97/tcp Swift Remote Vitural File Protocol

swift-rvf 97/udp Swift Remote Vitural File Protocol
# Maurice R. Turcotte
# <mailrus!uflorida!rm1!dnmrt%rmatl@uunet.UU.NET>
tacnews 98/tcp TAC News
tacnews 98/udp TAC News
# Jon Postel <postel@isi.edu>
metagram 99/tcp Metagram Relay
metagram 99/udp Metagram Relay
# Geoff Goodfellow <Geoff@FERNWOOD.MPK.CA.U>
newacct 100/tcp [unauthorized use]
hostname 101/tcp NIC Host Name Server
hostname 101/udp NIC Host Name Server
# Jon Postel <postel@isi.edu>
iso-tsap 102/tcp ISO-TSAP
iso-tsap 102/udp ISO-TSAP
# Marshall Rose <mrose@dbc.mtview.ca.us>
gppitnp 103/tcp Genesis Point-to-Point Trans Net
gppitnp 103/udp Genesis Point-to-Point Trans Net
acr-nema 104/tcp ACR-NEMA Digital Imag. & Comm. 300
acr-nema 104/udp ACR-NEMA Digital Imag. & Comm. 300
# Patrick McNamee <--none--->
csnet-ns 105/tcp Mailbox Name Nameserver
csnet-ns 105/udp Mailbox Name Nameserver
# Marvin Solomon <solomon@CS.WISC.EDU>
3com-tsmux 106/tcp 3COM-TSMUX
3com-tsmux 106/udp 3COM-TSMUX
# Jeremy Siegel <jzs@NSD.3Com.COM>
rtelnet 107/tcp Remote Telnet Service
rtelnet 107/udp Remote Telnet Service
# Jon Postel <postel@isi.edu>
snagas 108/tcp SNA Gateway Access Server
snagas 108/udp SNA Gateway Access Server
# Kevin Murphy <murphy@sevens.lkg.dec.com>
pop2 109/tcp Post Office Protocol - Version 2
pop2 109/udp Post Office Protocol - Version 2
# Joyce K. Reynolds <jkrey@isi.edu>
pop3 110/tcp Post Office Protocol - Version 3
pop3 110/udp Post Office Protocol - Version 3
# Marshall Rose <mrose@dbc.mtview.ca.us>
sunrpc 111/tcp SUN Remote Procedure Call
sunrpc 111/udp SUN Remote Procedure Call
# Chuck McManis <cmcmanis@sun.com>
mcidas 112/tcp McIDAS Data Transmission Protocol
mcidas 112/udp McIDAS Data Transmission Protocol
# Glenn Davis <davis@unidata.ucar.edu>
auth 113/tcp Authentication Service
auth 113/udp Authentication Service
# Mike St. Johns <stjohns@arpa.mil>

audionews 114/tcp Audio News Multicast
audionews 114/udp Audio News Multicast
# Martin Forssen <maf@dtek.chalmers.se>
sftp 115/tcp Simple File Transfer Protocol
sftp 115/udp Simple File Transfer Protocol
# Mark Lottor <MKL@nisc.sri.com>
ansanotify 116/tcp ANSA REX Notify
ansanotify 116/udp ANSA REX Notify
# Nicola J. Howarth <njh@ansa.co.uk>
uucp-path 117/tcp UUCP Path Service
uucp-path 117/udp UUCP Path Service
sqlserv 118/tcp SQL Services
sqlserv 118/udp SQL Services
# Larry Barnes <barnes@broke.enet.dec.com>
nntp 119/tcp Network News Transfer Protocol
nntp 119/udp Network News Transfer Protocol
# Phil Lapsley <phil@UCBARPA.BERKELEY.EDU>
cfdptkt 120/tcp CFDPTKT
cfdptkt 120/udp CFDPTKT
# John Ioannidis <ji@close.cs.columbia.ed>
erpc 121/tcp Encore Expedited Remote Pro.Call
erpc 121/udp Encore Expedited Remote Pro.Call
# Jack O'Neil <---none--->
smakynet 122/tcp SMAKYNET
smakynet 122/udp SMAKYNET
# Mike O'Dowd <odowd@ltisun8.epfl.ch>
ntp 123/tcp Network Time Protocol
ntp 123/udp Network Time Protocol
# Dave Mills <Mills@HUEY.UDEL.EDU>
ansatrader 124/tcp ANSA REX Trader
ansatrader 124/udp ANSA REX Trader
# Nicola J. Howarth <njh@ansa.co.uk>
locus-map 125/tcp Locus PC-Interface Net Map Ser
locus-map 125/udp Locus PC-Interface Net Map Ser
# Eric Peterson <lcc.eric@SEAS.UCLA.EDU>
unitary 126/tcp Unisys Unitary Login
unitary 126/udp Unisys Unitary Login
# <feil@kronos.nisd.cam.unisys.com>
locus-con 127/tcp Locus PC-Interface Conn Server
locus-con 127/udp Locus PC-Interface Conn Server
# Eric Peterson <lcc.eric@SEAS.UCLA.EDU>
gss-xlicen 128/tcp GSS X License Verification
gss-xlicen 128/udp GSS X License Verification
# John Light <johnl@gssc.gss.com>
pwdgen 129/tcp Password Generator Protocol
pwdgen 129/udp Password Generator Protocol
# Frank J. Wacho <WANCHO@WSMR-SIMTEL20.ARMY.MIL>
cisco-fna 130/tcp cisco FNATIVE

cisco-fna 130/udp cisco FNATIVE
cisco-tna 131/tcp cisco TNATIVE
cisco-tna 131/udp cisco TNATIVE
cisco-sys 132/tcp cisco SYSMAINT
cisco-sys 132/udp cisco SYSMAINT
statsrv 133/tcp Statistics Service
statsrv 133/udp Statistics Service
# Dave Mills <Mills@HUEY.UDEL.EDU>
ingres-net 134/tcp INGRES-NET Service
ingres-net 134/udp INGRES-NET Service
# Mike Berrow <---none--->
loc-srv 135/tcp Location Service
loc-srv 135/udp Location Service
# Joe Pato <apollo!pato@EDDIE.MIT.EDU>
profile 136/tcp PROFILE Naming System
profile 136/udp PROFILE Naming System
# Larry Peterson <llp@ARIZONA.EDU>
netbios-ns 137/tcp NETBIOS Name Service
netbios-ns 137/udp NETBIOS Name Service
netbios-dgm 138/tcp NETBIOS Datagram Service
netbios-dgm 138/udp NETBIOS Datagram Service
netbios-ssn 139/tcp NETBIOS Session Service
netbios-ssn 139/udp NETBIOS Session Service
# Jon Postel <postel@isi.edu>
emfis-data 140/tcp EMFIS Data Service
emfis-data 140/udp EMFIS Data Service
emfis-cntl 141/tcp EMFIS Control Service
emfis-cntl 141/udp EMFIS Control Service
# Gerd Beling <GBELING@ISI.EDU>
bl-idm 142/tcp Britton-Lee IDM
bl-idm 142/udp Britton-Lee IDM
# Susie Snitzer <---none--->
imap2 143/tcp Interim Mail Access Protocol v2
imap2 143/udp Interim Mail Access Protocol v2
# Mark Crispin <MRC@PANDA.COM>
news 144/tcp NewS
news 144/udp NewS
# James Gosling <JAG@SUN.COM>
uaac 145/tcp UAAC Protocol
uaac 145/udp UAAC Protocol
# David A. Gomberg <gomberg@GATEWAY.MITRE.ORG>
iso-tp0 146/tcp ISO-IP0
iso-tp0 146/udp ISO-IP0
iso-ip 147/tcp ISO-IP
iso-ip 147/udp ISO-IP
# Marshall Rose <mrose@dbc.mtview.ca.us>
cronus 148/tcp CRONUS-SUPPORT
cronus 148/udp CRONUS-SUPPORT

# Jeffrey Buffun <jbuffum@APOLLO.COM>
aed-512 149/tcp AED 512 Emulation Service
aed-512 149/udp AED 512 Emulation Service
# Albert G. Broscius <broscius@DSL.CIS.UPENN.EDU>
sql-net 150/tcp SQL-NET
sql-net 150/udp SQL-NET
# Martin Picard <<---none--->
hems 151/tcp HEMS
hems 151/udp HEMS
# Christopher Tengi <tengi@Princeton.EDU>
bftp 152/tcp Background File Transfer Program
bftp 152/udp Background File Transfer Program
# Annette DeSchon <DESCHON@ISI.EDU>
sgmp 153/tcp SGMP
sgmp 153/udp SGMP
# Marty Schoffstahl <schoff@NISC.NYSER.NET>
netsc-prod 154/tcp NETSC
netsc-prod 154/udp NETSC
netsc-dev 155/tcp NETSC
netsc-dev 155/udp NETSC
# Sergio Heker <heker@JVNCC.CSC.ORG>
sqlsrv 156/tcp SQL Service
sqlsrv 156/udp SQL Service
# Craig Rogers <Rogers@ISI.EDU>
knet-cmp 157/tcp KNET/VM Command/Message Protocol
knet-cmp 157/udp KNET/VM Command/Message Protocol
# Gary S. Malkin <GMALKIN@XYLOGICS.COM>
pcmail-srv 158/tcp PCMail Server
pcmail-srv 158/udp PCMail Server
# Mark L. Lambert <markl@PTT.LCS.MIT.EDU>
nss-routing 159/tcp NSS-Routing
nss-routing 159/udp NSS-Routing
# Yakov Rekhter <Yakov@IBM.COM>
sgmp-traps 160/tcp SGMP-TRAPS
sgmp-traps 160/udp SGMP-TRAPS
# Marty Schoffstahl <schoff@NISC.NYSER.NET>
snmp 161/tcp SNMP
snmp 161/udp SNMP
snmptrap 162/tcp SNMPTRAP
snmptrap 162/udp SNMPTRAP
# Marshall Rose <mrose@dbc.mtview.ca.us>
cmip-man 163/tcp CMIP/TCP Manager
cmip-man 163/udp CMIP/TCP Manager
cmip-agent 164/tcp CMIP/TCP Agent
smip-agent 164/udp CMIP/TCP Agent
# Amatzia Ben-Artzi <---none--->
xns-courier 165/tcp Xerox
xns-courier 165/udp Xerox

# Susie Armstrong <Armstrong.wbst128@XEROX.COM>
s-net 166/tcp Sirius Systems
s-net 166/udp Sirius Systems
# Brian Lloyd <---none--->
namp 167/tcp NAMP
namp 167/udp NAMP
# Marty Schoffstahl <schoff@NISC.NYSER.NET>
rsvd 168/tcp RSVD
rsvd 168/udp RSVD
# Neil Todd <mcvax!ist.co.uk!neil@UUNET.UU.NET>
send 169/tcp SEND
send 169/udp SEND
# William D. Wisner <wisner@HAYES.FAI.ALASKA.EDU>
print-srv 170/tcp Network PostScript
print-srv 170/udp Network PostScript
# Brian Reid <reid@DECWRL.DEC.COM>
multiplex 171/tcp Network Innovations Multiplex
multiplex 171/udp Network Innovations Multiplex
cl/1 172/tcp Network Innovations CL/1
cl/1 172/udp Network Innovations CL/1
# Kevin DeVault <<---none--->
xyplex-mux 173/tcp Xyplex
xyplex-mux 173/udp Xyplex
# Bob Stewart <STEWART@XYPLEX.COM>
mailq 174/tcp MAILQ
mailq 174/udp MAILQ
# Rayan Zachariassen <rayan@AI.TORONTO.EDU>
vmnet 175/tcp VMNET
vmnet 175/udp VMNET
# Christopher Tengi <tengi@Princeton.EDU>
genrad-mux 176/tcp GENRAD-MUX
genrad-mux 176/udp GENRAD-MUX
# Ron Thornton <thornton@qm7501.genrad.com>
xdmcp 177/tcp X Display Manager Control Protocol
xdmcp 177/udp X Display Manager Control Protocol
# Robert W. Scheifler <RWS@XX.LCS.MIT.EDU>
nextstep 178/tcp NextStep Window Server
NextStep 178/udp NextStep Window Server
# Leo Hourvitz <leo@NEXT.COM>
bgp 179/tcp Border Gateway Protocol
bgp 179/udp Border Gateway Protocol
# Kirk Lougheed <LOUGHEED@MATHOM.CISCO.COM>
ris 180/tcp Intergraph
ris 180/udp Intergraph
# Dave Buehmann <ingr!daveb@UUNET.UU.NET>
unify 181/tcp Unify
unify 181/udp Unify
# Vinod Singh <--none--->

audit 182/tcp Unisys Audit SITP
audit 182/udp Unisys Audit SITP
# Gil Greenbaum <gcole@nisd.cam.unisys.com>
ocbinder 183/tcp OCBinder
ocbinder 183/udp OCBinder
ocserver 184/tcp OCServer
ocserver 184/udp OCServer
# Jerrilynn Okamura <--none--->
remote-kis 185/tcp Remote-KIS
remote-kis 185/udp Remote-KIS
kis 186/tcp KIS Protocol
kis 186/udp KIS Protocol
# Ralph Droms <rdroms@NRI.RESTON.VA.US>
aci 187/tcp Application Communication Interface
aci 187/udp Application Communication Interface
# Rick Carlos <rick.ticipa.csc.ti.com>
mumps 188/tcp Plus Five's MUMPS
mumps 188/udp Plus Five's MUMPS
# Hokey Stenn <hokey@PLUS5.COM>
qft 189/tcp Queued File Transport
qft 189/udp Queued File Transport
# Wayne Schroeder <schroeder@SDS.SDSC.EDU>
gacp 190/tcp Gateway Access Control Protocol
cacp 190/udp Gateway Access Control Protocol
# C. Philip Wood <cpw@LANL.GOV>
prospero 191/tcp Prospero Directory Service
prospero 191/udp Prospero Directory Service
# B. Clifford Neuman <bcn@isi.edu>
osu-nms 192/tcp OSU Network Monitoring System
osu-nms 192/udp OSU Network Monitoring System
# Doug Karl <KARL-D@OSU-20.IRCC.OHIO-STATE.EDU>
srmp 193/tcp Spider Remote Monitoring Protocol
srmp 193/udp Spider Remote Monitoring Protocol
# Ted J. Socolofsky <Teds@SPIDER.CO.UK>
irc 194/tcp Internet Relay Chat Protocol
irc 194/udp Internet Relay Chat Protocol
# Jarkko Oikarinen <jto@TOLSUN.OULU.FI>
dn6-nlm-aud 195/tcp DNSIX Network Level Module Audit
dn6-nlm-aud 195/udp DNSIX Network Level Module Audit
dn6-smm-red 196/tcp DNSIX Session Mgt Module Audit Redir
dn6-smm-red 196/udp DNSIX Session Mgt Module Audit Redir
# Lawrence Lebahn <DIA3@PAXRV-NES.NAVY.MIL>
dls 197/tcp Directory Location Service
dls 197/udp Directory Location Service
dls-mon 198/tcp Directory Location Service Monitor
dls-mon 198/udp Directory Location Service Monitor
# Scott Bellew <smb@cs.purdue.edu>
smux 199/tcp SMUX

smux 199/udp SMUX
# Marshall Rose <mrose@dbc.mtview.ca.us>
src 200/tcp IBM System Resource Controller
src 200/udp IBM System Resource Controller
# Gerald McBrearty <---none--->
at-rtmp 201/tcp AppleTalk Routing Maintenance
at-rtmp 201/udp AppleTalk Routing Maintenance
at-nbp 202/tcp AppleTalk Name Binding
at-nbp 202/udp AppleTalk Name Binding
at-3 203/tcp AppleTalk Unused
at-3 203/udp AppleTalk Unused
at-echo 204/tcp AppleTalk Echo
at-echo 204/udp AppleTalk Echo
at-5 205/tcp AppleTalk Unused
at-5 205/udp AppleTalk Unused
at-zis 206/tcp AppleTalk Zone Information
at-zis 206/udp AppleTalk Zone Information
at-7 207/tcp AppleTalk Unused
at-7 207/udp AppleTalk Unused
at-8 208/tcp AppleTalk Unused
at-8 208/udp AppleTalk Unused
# Rob Chandhok <chandhok@gnome.cs.cmu.edu>
tam 209/tcp Trivial Authenticated Mail Protocol
tam 209/udp Trivial Authenticated Mail Protocol
# Dan Bernstein <brnstnd@stealth.acf.nyu.edu>
z39.50 210/tcp ANSI Z39.50
z39.50 210/udp ANSI Z39.50
# Mark Needleman
# <mhnur%uccmvsa.bitnet@cornell.cit.cornell.edu>
914c/g 211/tcp Texas Instruments 914C/G Terminal
914c/g 211/udp Texas Instruments 914C/G Terminal
# Bill Harrell <---none--->
anet 212/tcp ATEXSSTR
anet 212/udp ATEXSSTR
# Jim Taylor <taylor@heart.epps.kodak.com>
ipx 213/tcp IPX
ipx 213/udp IPX
# Don Provan <donp@xlnvax.novell.com>
vmpwscs 214/tcp VM PWSCS
vmpwscs 214/udp VM PWSCS
# Dan Shia <dset!shia@uunet.UU.NET>
softpc 215/tcp Insignia Solutions
softpc 215/udp Insignia Solutions
# Martyn Thomas <---none--->
atls 216/tcp Access Technology License Server
atls 216/udp Access Technology License Server
# Larry DeLuca <henrik@EDDIE.MIT.EDU>
dbase 217/tcp dBASE Unix

dbase 217/udp dBASE Unix
# Don Gibson
# <sequent!aero!twinsun!ashtate.A-T.COM!dong@uunet.UU.NET>
mpp 218/tcp Netix Message Posting Protocol
mpp 218/udp Netix Message Posting Protocol
# Shannon Yeh <yeh@netix.com>
uarps 219/tcp Unisys ARPs
uarps 219/udp Unisys ARPs
# Ashok Marwaha <---none--->
imap3 220/tcp Interactive Mail Access Protocol v3
imap3 220/udp Interactive Mail Access Protocol v3
# James Rice <RICE@SUMEX-AIM.STANFORD.EDU>
fln-spx 221/tcp Berkeley rlogind with SPX auth
fln-spx 221/udp Berkeley rlogind with SPX auth
rsh-spx 222/tcp Berkeley rshd with SPX auth
rsh-spx 222/udp Berkeley rshd with SPX auth
cdc 223/tcp Certificate Distribution Center
cdc 223/udp Certificate Distribution Center
# Kannan Alagappan <kannan@sejour.enet.dec.com>
# 224-241 Reserved
# Jon Postel <postel@isi.edu>
# 242/tcp Unassigned
# 242/udp Unassigned
sur-meas 243/tcp Survey Measurement
sur-meas 243/udp Survey Measurement
# Dave Clark <ddc@LCS.MIT.EDU>
# 244/tcp Unassigned
# 244/udp Unassigned
link 245/tcp LINK
link 245/udp LINK
dsp3270 246/tcp Display Systems Protocol
dsp3270 246/udp Display Systems Protocol
# Weldon J. Showalter <Gamma@MINTAKA.DCA.MIL>
# 247-255 Reserved
# Jon Postel <postel@isi.edu>
# 256-343 Unassigned
pdap 344/tcp Prospero Data Access Protocol
pdap 344/udp Prospero Data Access Protocol
# B. Clifford Neuman <bcn@isi.edu>
pawserv 345/tcp Perf Analysis Workbench
pawserv 345/udp Perf Analysis Workbench
zserv 346/tcp Zebra server
zserv 346/udp Zebra server
fatserv 347/tcp Fatmen Server
fatserv 347/udp Fatmen Server
csi-sgwp 348/tcp Cabletron Management Protocol
csi-sgwp 348/udp Cabletron Management Protocol
# 349-370 Unassigned

clearcase 371/tcp Clearcase
clearcase 371/udp Clearcase
# Dave LeBlang <leglang@atria.com>
ulistserv 372/tcp Unix Listserv
ulistserv 372/udp Unix Listserv
# Anastasios Kotsikonas <tasos@cs.bu.edu>
legent-1 373/tcp Legent Corporation
legent-1 373/udp Legent Corporation
legent-2 374/tcp Legent Corporation
legent-2 374/udp Legent Corporation
# Keith Boyce <---none--->
hassle 375/tcp Hassle
hassle 375/udp Hassle
# Reinhard Doelz <doelz@comp.bioz.unibas.ch>
nip 376/tcp Amiga Envoy Network Inquiry Proto
nip 376/udp Amiga Envoy Network Inquiry Proto
# Kenneth Dyke <kcd@cbmvax.cbm.commodore.com>
tnETOS 377/tcp NEC Corporation
tnETOS 377/udp NEC Corporation
dsETOS 378/tcp NEC Corporation
dsETOS 378/udp NEC Corporation
# Tomoo Fujita <tf@arc.bs1.fc.nec.co.jp>
is99c 379/tcp TIA/EIA/IS-99 modem client
is99c 379/udp TIA/EIA/IS-99 modem client
is99s 380/tcp TIA/EIA/IS-99 modem server
is99s 380/udp TIA/EIA/IS-99 modem server
# Frank Quick <fquick@qualcomm.com>
hp-collector 381/tcp hp performance data collector
hp-collector 381/udp hp performance data collector
hp-managed-node 382/tcp hp performance data managed node
hp-managed-node 382/udp hp performance data managed node
hp-alarm-mgr 383/tcp hp performance data alarm manager
hp-alarm-mgr 383/udp hp performance data alarm manager
# Frank Blakely <frankb@hpptc16.rose.hp.com>
arns 384/tcp A Remote Network Server System
arns 384/udp A Remote Network Server System
# David Hornsby <djh@munnari.OZ.AU>
ibm-app 385/tcp IBM Application
ibm-app 385/tcp IBM Application
# Lisa Tomita <---none--->
asa 386/tcp ASA Message Router Object Def.
asa 386/udp ASA Message Router Object Def.
# Steve Laitinen <laitinen@brutus.aa.ab.com>
aurp 387/tcp Appletalk Update-Based Routing Pro.
aurp 387/udp Appletalk Update-Based Routing Pro.
# Chris Ranch <cranch@novell.com>
unidata-ldm 388/tcp Unidata LDM Version 4
unidata-ldm 388/udp Unidata LDM Version 4

# Glenn Davis <davis@unidata.ucar.edu>
ldap 389/tcp Lightweight Directory Access Protocol
ldap 389/udp Lightweight Directory Access Protocol
# Tim Howes <Tim.Howes@terminator.cc.umich.edu>
uis 390/tcp UIS
uis 390/udp UIS
# Ed Barron <---none--->
synotics-relay 391/tcp SynOptics SNMP Relay Port
synotics-relay 391/udp SynOptics SNMP Relay Port
synotics-broker 392/tcp SynOptics Port Broker Port
synotics-broker 392/udp SynOptics Port Broker Port
# Illan Raab <iraab@synoptics.com>
dis 393/tcp Data Interpretation System
dis 393/udp Data Interpretation System
# Paul Stevens <pstevens@chinacat.Metaphor.COM>
embl-ndt 394/tcp EMBL Nucleic Data Transfer
embl-ndt 394/udp EMBL Nucleic Data Transfer
# Peter Gad <peter@bmc.uu.se>
netcp 395/tcp NETscout Control Protocol
netcp 395/udp NETscout Control Protocol
# Anil Singhal <---none--->
netware-ip 396/tcp Novell Netware over IP
netware-ip 396/udp Novell Netware over IP
mptn 397/tcp Multi Protocol Trans. Net.
mptn 397/udp Multi Protocol Trans. Net.
# Soumitra Sarkar <sarkar@vnet.ibm.com>
kryptolan 398/tcp Kryptolan
kryptolan 398/udp Kryptolan
# Peter de Laval <pdl@sectra.se>
# 399/tcp Unassigned
# 399/udp Unassigned
work-sol 400/tcp Workstation Solutions
work-sol 400/udp Workstation Solutions
# Jim Ward <jimw@worksta.com>
ups 401/tcp Uninterruptible Power Supply
ups 401/udp Uninterruptible Power Supply
# Guenther Seybold <gs@hrz.th-darmstadt.de>
genie 402/tcp Genie Protocol
genie 402/udp Genie Protocol
# Mark Hankin <---none--->
decap 403/tcp decap
decap 403/udp decap
nced 404/tcp nced
nced 404/udp nced
ncld 405/tcp ncld
ncld 405/udp ncld
# Richard Jones <---none--->
imsp 406/tcp Interactive Mail Support Protocol

imsp 406/udp Interactive Mail Support Protocol
# John Myers <jgm+@cmu.edu>
timbuktu 407/tcp Timbuktu
timbuktu 407/udp Timbuktu
# Marc Epard <marc@waygate.farallon.com>
prm-sm 408/tcp Prospero Resource Manager Sys. Man.
prm-sm 408/udp Prospero Resource Manager Sys. Man.
prm-nm 409/tcp Prospero Resource Manager Node Man.
prm-nm 409/udp Prospero Resource Manager Node Man.
# B. Clifford Neuman <bcn@isi.edu>
decladebug 410/tcp DECLadebug Remote Debug Protocol
decladebug 410/udp DECLadebug Remote Debug Protocol
# Anthony Berent <berent@rdgeng.enet.dec.com>
rmt 411/tcp Remote MT Protocol
rmt 411/udp Remote MT Protocol
# Peter Eriksson <pen@lysator.liu.se>
synoptics-trap 412/tcp Trap Convention Port
synoptics-trap 412/udp Trap Convention Port
# Illan Raab <iraab@synoptics.com>
smsp 413/tcp SMSP
smsp 413/udp SMSP
infoseek 414/tcp InfoSeek
infoseek 414/udp InfoSeek
# Steve Kirsch <stk@frame.com>
bnet 415/tcp BNet
bnet 415/udp BNet
# Jim Mertz <JMertz+RV09@rvdc.unisys.com>
silverplatter 416/tcp Silverplatter
silverplatter 416/udp Silverplatter
# Peter Ciuffetti <petec@silverplatter.com>
onmux 417/tcp Onmux
onmux 417/udp Onmux
# Stephen Hanna <hanna@world.std.com>
hyper-g 418/tcp Hyper-G
hyper-g 418/udp Hyper-G
# Frank Kappe <fkappe@iicm.tu-graz.ac.at>
ariel1 419/tcp Ariel
ariel1 419/udp Ariel
# Jonathan Lavigne <BL.JPL@RLG.Stanford.EDU>
smpte 420/tcp SMPTE
smpte 420/udp SMPTE
# Si Becker <71362.22@CompuServe.COM>
ariel2 421/tcp Ariel
ariel2 421/udp Ariel
ariel3 422/tcp Ariel
ariel3 422/udp Ariel
# Jonathan Lavigne <BL.JPL@RLG.Stanford.EDU>
opc-job-start 423/tcp IBM Operations Planning and Control Start

opc-job-start 423/udp IBM Operations Planning and Control Start
opc-job-track 424/tcp IBM Operations Planning and Control Track
opc-job-track 424/udp IBM Operations Planning and Control Track
# Conny Larsson <cocke@VNET.IBM.COM>
icad-el 425/tcp ICAD
icad-el 425/udp ICAD
# Larry Stone <lcs@icad.com>
smartsdp 426/tcp smartsdp
smartsdp 426/udp smartsdp
# Alexander Dupuy <dupuy@smarts.com>
svrloc 427/tcp Server Location
svrloc 427/udp Server Location
# <veizades@ftp.com>
ocs_cmu 428/tcp OCS_CMU
ocs_cmu 428/udp OCS_CMU
ocs_amu 429/tcp OCS_AMU
ocs_amu 429/udp OCS_AMU
# Florence Wyman <wyman@peabody.plk.af.mil>
utmpsd 430/tcp UTMPSD
utmpsd 430/udp UTMPSD
utmpcd 431/tcp UTMPCD
utmpcd 431/udp UTMPCD
iasd 432/tcp IASD
iasd 432/udp IASD
# Nir Baroz <nbaroz@encore.com>
nnsp 433/tcp NNSP
nnsp 433/udp NNSP
# Rob Robertson <rob@gangrene.berkeley.edu>
mobileip-agent 434/tcp MobileIP-Agent
mobileip-agent 434/udp MobileIP-Agent
mobilip-mn 435/tcp MobilIP-MN
mobilip-mn 435/udp MobilIP-MN
# Kannan Alagappan <kannan@sejour.lkg.dec.com>
dna-cml 436/tcp DNA-CML
dna-cml 436/udp DNA-CML
# Dan Flowers <flowers@smaug.lkg.dec.com>
comscm 437/tcp comscm
comscm 437/udp comscm
# Jim Teague <teague@zso.dec.com>
dsfgw 438/tcp dsfgw
dsfgw 438/udp dsfgw
# Andy McKeen <mckeen@osf.org>
dasp 439/tcp dasp Thomas Obermair
dasp 439/udp dasp tommy@inlab.m.eunet.de
# Thomas Obermair <tommy@inlab.m.eunet.de>
sgcp 440/tcp sgcp
sgcp 440/udp sgcp
# Marshall Rose <mrose@dbc.mtview.ca.us>

decvms-sysmgt 441/tcp decvms-sysmgt
decvms-sysmgt 441/udp decvms-sysmgt
# Lee Barton <barton@star.enet.dec.com>
cvc_hostd 442/tcp cvc_hostd
cvc_hostd 442/udp cvc_hostd
# Bill Davidson <billd@equalizer.cray.com>
https 443/tcp https MCom
https 443/udp https MCom
# Kipp E.B. Hickman <kipp@mcom.com>
snpp 444/tcp Simple Network Paging Protocol
snpp 444/udp Simple Network Paging Protocol
# [RFC1568]
microsoft-ds 445/tcp Microsoft-DS
microsoft-ds 445/udp Microsoft-DS
# Arnold Miller <arnoldm@microsoft.com>
ddm-rdb 446/tcp DDM-RDB
ddm-rdb 446/udp DDM-RDB
ddm-dfm 447/tcp DDM-RFM
ddm-dfm 447/udp DDM-RFM
ddm-byte 448/tcp DDM-BYTE
ddm-byte 448/udp DDM-BYTE
# Jan David Fisher <jdfisher@VNET.IBM.COM>
as-servermap 449/tcp AS Server Mapper
as-servermap 449/udp AS Server Mapper
# Barbara Foss <BGFOSS@rchvmv.vnet.ibm.com>
tserver 450/tcp TServer
tserver 450/udp TServer
# Harvey S. Schultz <hss@mtgzfs3.mt.att.com>
# 451-511 Unassigned
exec 512/tcp remote process execution;
# authentication performed using
# passwords and UNIX loppgin names
biff 512/udp used by mail system to notify users
# of new mail received; currently
# receives messages only from
# processes on the same machine
login 513/tcp remote login a la telnet;
# automatic authentication performed
# based on priviledged port numbers
# and distributed data bases which
# identify "authentication domains"
who 513/udp maintains data bases showing who's
# logged in to machines on a local
# net and the load average of the
# machine
cmd 514/tcp like exec, but automatic
# authentication is performed as for
# login server

syslog 514/udp
printer 515/tcp spooler
printer 515/udp spooler
# 516/tcp Unassigned
# 516/udp Unassigned
talk 517/tcp like tenex link, but across
# machine - unfortunately, doesn't
# use link protocol (this is actually
# just a rendezvous port from which a
# tcp connection is established)
talk 517/udp like tenex link, but across
# machine - unfortunately, doesn't
# use link protocol (this is actually
# just a rendezvous port from which a
tcp connection is established)
ntalk 518/tcp
ntalk 518/udp
utime 519/tcp unixtime
utime 519/udp unixtime
efs 520/tcp extended file name server
router 520/udp local routing process (on site);
# uses variant of Xerox NS routing
# information protocol
# 521-524 Unassigned
timed 525/tcp timeserver
timed 525/udp timeserver
tempo 526/tcp newdate
tempo 526/udp newdate
# 527-529 Unassigned
courier 530/tcp rpc
courier 530/udp rpc
conference 531/tcp chat
conference 531/udp chat
netnews 532/tcp readnews
netnews 532/udp readnews
netwall 533/tcp for emergency broadcasts
netwall 533/udp for emergency broadcasts
# 534-538 Unassigned
apertus-ldp 539/tcp Apertus Technologies Load Determination
apertus-ldp 539/udp Apertus Technologies Load Determination
uucp 540/tcp uucpd
uucp 540/udp uucpd
uucp-rlogin 541/tcp uucp-rlogin Stuart Lynne
uucp-rlogin 541/udp uucp-rlogin sl@wimsey.com
# 542/tcp Unassigned
# 542/udp Unassigned
klogin 543/tcp
klogin 543/udp

kshell 544/tcp krcmd
kshell 544/udp krcmd
# 545-549 Unassigned
new-rwho 550/tcp new-who
new-rwho 550/udp new-who
# 551-555 Unassigned
dsf 555/tcp
dsf 555/udp
remotefs 556/tcp rfs server
remotefs 556/udp rfs server
# 557-559 Unassigned
rmonitor 560/tcp rmonitord
rmonitor 560/udp rmonitord
monitor 561/tcp
monitor 561/udp
chshell 562/tcp chcmd
chshell 562/udp chcmd
# 563/tcp Unassigned
# 563/udp Unassigned
9pfs 564/tcp plan 9 file service
9pfs 564/udp plan 9 file service
whoami 565/tcp whoami
whoami 565/udp whoami
# 566-569 Unassigned
meter 570/tcp demon
meter 570/udp demon
meter 571/tcp udemon
meter 571/udp udemon
# 572-599 Unassigned
ipcserver 600/tcp Sun IPC server
ipcserver 600/udp Sun IPC server
nqs 607/tcp nqs
nqs 607/udp nqs
urm 606/tcp Cray Unified Resource Manager
urm 606/udp Cray Unified Resource Manager
# Bill Schiefelbein <schief@aspen.cray.com>
sift-uft 608/tcp Sender-Initiated/Unsolicited File Transfer
sift-uft 608/udp Sender-Initiated/Unsolicited File Transfer
# Rick Troth <troth@rice.edu>
npmp-trap 609/tcp npmp-trap
npmp-trap 609/udp npmp-trap
npmp-local 610/tcp npmp-local
npmp-local 610/udp npmp-local
npmp-gui 611/tcp npmp-gui
npmp-gui 611/udp npmp-gui
# John Barnes <jbarnes@crl.com>
ginad 634/tcp ginad
ginad 634/udp ginad

# Mark Crother <mark@eis.calstate.edu>
mdqs 666/tcp
mdqs 666/udp
doom 666/tcp doom Id Software
doom 666/tcp doom Id Software
# <ddt@idcube.idsoftware.com>
elcsd 704/tcp errlog copy/server daemon
elcsd 704/udp errlog copy/server daemon

entrustmanager 709/tcp EntrustManager
entrustmanager 709/udp EntrustManager
# Peter Whittaker <pww@bnr.ca>
netviewdm1 729/tcp IBM NetView DM/6000 Server/Client
netviewdm1 729/udp IBM NetView DM/6000 Server/Client
netviewdm2 730/tcp IBM NetView DM/6000 send/tcp
netviewdm2 730/udp IBM NetView DM/6000 send/tcp
netviewdm3 731/tcp IBM NetView DM/6000 receive/tcp
netviewdm3 731/udp IBM NetView DM/6000 receive/tcp
# Philippe Binet (phbinet@vnet.IBM.COM)
netgw 741/tcp netGW
netgw 741/udp netGW
netrcs 742/tcp Network based Rev. Cont. Sys.
netrcs 742/udp Network based Rev. Cont. Sys.
# Gordon C. Galligher <gorpong@ping.chi.il.us>
flexlm 744/tcp Flexible License Manager
flexlm 744/udp Flexible License Manager
# Matt Christiano
# <globes@matt@oliveb.atc.olivetti.com>
fujitsu-dev 747/tcp Fujitsu Device Control
fujitsu-dev 747/udp Fujitsu Device Control
ris-cm 748/tcp Russell Info Sci Calendar Manager
ris-cm 748/udp Russell Info Sci Calendar Manager
kerberos-adm 749/tcp kerberos administration
kerberos-adm 749/udp kerberos administration
rfile 750/tcp
loadav 750/udp
pump 751/tcp
pump 751/udp
qrh 752/tcp
qrh 752/udp
rrh 753/tcp
rrh 753/udp
tell 754/tcp send
tell 754/udp send
nlogin 758/tcp
nlogin 758/udp
con 759/tcp
con 759/udp

ns 760/tcp
ns 760/udp
rxe 761/tcp
rxe 761/udp
quotad 762/tcp
quotad 762/udp
cycleserv 763/tcp
cycleserv 763/udp
omserv 764/tcp
omserv 764/udp
webster 765/tcp
webster 765/udp
phonebook 767/tcp phone
phonebook 767/udp phone
vid 769/tcp
vid 769/udp
cadlock 770/tcp
cadlock 770/udp
rtip 771/tcp
rtip 771/udp
cycleserv2 772/tcp
cycleserv2 772/udp
submit 773/tcp
notify 773/udp
rpasswd 774/tcp
acmaint_dbd 774/udp
entomb 775/tcp
acmaint_transd 775/udp
wpages 776/tcp
wpages 776/udp
wpgs 780/tcp
wpgs 780/udp
concert 786/tcp Concert
concert 786/udp Concert
# Josyula R. Rao <jrrao@watson.ibm.com>
mdbs_daemon 800/tcp
mdbs_daemon 800/udp
device 801/tcp
device 801/udp
xtreelic 996/tcp Central Point Software
xtreelic 996/udp Central Point Software
# Dale Cabell <dacabell@smtp.xtree.com>
maitrd 997/tcp
maitrd 997/udp
busboy 998/tcp
puparp 998/udp
garcon 999/tcp
applix 999/udp Applix ac

puprouter 999/tcp
puprouter 999/udp
cadlock 1000/tcp
ock 1000/udp
1023/tcp Reserved
1024/udp Reserved
# IANA <iana@isi.edu>

REGISTERED PORT NUMBERS

The Registered Ports are not controlled by the IANA and on most
systems can be used by ordinary user processes or programs executed by
ordinary users.

Ports are used in the TCP [RFC793] to name the ends of logical
connections which carry long term conversations. For the purpose of
providing services to unknown callers, a service contact port is
defined. This list specifies the port used by the server process as
its contact port. While the IANA can not control uses of these ports
it does register or list uses of these ports as a convienence to the
community.

To the extent possible, these same port assignments are used with the
UDP [RFC768].

The Registered Ports are in the range 1024-65535.

Port Assignments:

Keyword Decimal Description References
------- ------- ----------- ----------
1024/tcp Reserved
1024/udp Reserved
# IANA <iana@isi.edu>
blackjack 1025/tcp network blackjack
blackjack 1025/udp network blackjack
iad1 1030/tcp BBN IAD
iad1 1030/udp BBN IAD
iad2 1031/tcp BBN IAD
iad2 1031/udp BBN IAD
iad3 1032/tcp BBN IAD
iad3 1032/udp BBN IAD
# Andy Malis <malis_a@timeplex.com>
instl_boots 1067/tcp Installation Bootstrap Proto. Serv.
instl_boots 1067/udp Installation Bootstrap Proto. Serv.
instl_bootc 1068/tcp Installation Bootstrap Proto. Cli.

instl_bootc 1068/udp Installation Bootstrap Proto. Cli.
# David Arko <<darko@hpfcrn.fc.hp.com>
socks 1080/tcp Socks
socks 1080/udp Socks
# Ying-Da Lee <ylee@syl.dl.nec.com
ansoft-lm-1 1083/tcp Anasoft License Manager
ansoft-lm-1 1083/udp Anasoft License Manager
ansoft-lm-2 1084/tcp Anasoft License Manager
ansoft-lm-2 1084/udp Anasoft License Manager
nfa 1155/tcp Network File Access
nfa 1155/udp Network File Access
# James Powell <james@mailhost.unidata.com>
nerv 1222/tcp SNI R&D network
nerv 1222/udp SNI R&D network
# Martin Freiss <freiss.pad@sni.de>
hermes 1248/tcp
hermes 1248/udp
alta-ana-lm 1346/tcp Alta Analytics License Manager
alta-ana-lm 1346/udp Alta Analytics License Manager
bbn-mmc 1347/tcp multi media conferencing
bbn-mmc 1347/udp multi media conferencing
bbn-mmx 1348/tcp multi media conferencing
bbn-mmx 1348/udp multi media conferencing
sbook 1349/tcp Registration Network Protocol
sbook 1349/udp Registration Network Protocol
editbench 1350/tcp Registration Network Protocol
editbench 1350/udp Registration Network Protocol
# Simson L. Garfinkel <simsong@next.cambridge.ma.us>
equationbuilder 1351/tcp Digital Tool Works (MIT)
equationbuilder 1351/udp Digital Tool Works (MIT)
# Terrence J. Talbot <lexcube!tjt@bu.edu>
lotusnote 1352/tcp Lotus Note
lotusnote 1352/udp Lotus Note
# Greg Pflaum <iris.com!Greg_Pflaum@uunet.uu.net>
relief 1353/tcp Relief Consulting
relief 1353/udp Relief Consulting
# John Feiler <relief!jjfeiler@uu2.psi.com>
rightbrain 1354/tcp RightBrain Software
rightbrain 1354/udp RightBrain Software
# Glenn Reid <glann@rightbrain.com>
intuitive edge 1355/tcp Intuitive Edge
intuitive edge 1355/udp Intuitive Edge
# Montgomery Zukowski
# <monty@nextnorth.acs.ohio-state.edu>
cuillamartin 1356/tcp CuillaMartin Company
cuillamartin 1356/udp CuillaMartin Company
pegboard 1357/tcp Electronic PegBoard
pegboard 1357/udp Electronic PegBoard

# Chris Cuilla
# <balr!vpnet!cuilla!chris@clout.chi.il.us>
connlcli 1358/tcp CONNLCLI
connlcli 1358/udp CONNLCLI
ftsrv 1359/tcp FTSRV
ftsrv 1359/udp FTSRV
# Ines Homem de Melo <sidinf@brfapesp.bitnet>
mimer 1360/tcp MIMER
mimer 1360/udp MIMER
# Per Schroeder <Per.Schroder@mimer.se>
linx 1361/tcp LinX
linx 1361/udp LinX
# Steffen Schilke <---none--->
timeflies 1362/tcp TimeFlies
timeflies 1362/udp TimeFlies
# Doug Kent <mouthers@slugg@nwnexus.wa.com>
ndm-requester 1363/tcp Network DataMover Requester
ndm-requester 1363/udp Network DataMover Requester
ndm-server 1364/tcp Network DataMover Server
ndm-server 1364/udp Network DataMover Server
# Toshio Watanabe
# <watanabe@godzilla.rsc.spdd.ricoh.co.j>
adapt-sna 1365/tcp Network Software Associates
adapt-sna 1365/udp Network Software Associates
# Jeffery Chiao <714-768-401>
netware-csp 1366/tcp Novell NetWare Comm Service Platform
netware-csp 1366/udp Novell NetWare Comm Service Platform
# Laurie Lindsey <llindsey@novell.com>
dcs 1367/tcp DCS
dcs 1367/udp DCS
# Stefan Siebert <ssiebert@dcs.de>
screencast 1368/tcp ScreenCast
screencast 1368/udp ScreenCast
# Bill Tschumy <other!bill@uunet.UU.NET>
gv-us 1369/tcp GlobalView to Unix Shell
gv-us 1369/udp GlobalView to Unix Shell
us-gv 1370/tcp Unix Shell to GlobalView
us-gv 1370/udp Unix Shell to GlobalView
# Makoto Mita <mita@ssdev.ksp.fujixerox.co.jp>
fc-cli 1371/tcp Fujitsu Config Protocol
fc-cli 1371/udp Fujitsu Config Protocol
fc-ser 1372/tcp Fujitsu Config Protocol
fc-ser 1372/udp Fujitsu Config Protocol
# Ryuichi Horie <horie@spad.sysrap.cs.fujitsu.co.jp>
chromagrafx 1373/tcp Chromagrafx
chromagrafx 1373/udp Chromagrafx
# Mike Barthelemy <msb@chromagrafx.com>
molly 1374/tcp EPI Software Systems

molly 1374/udp EPI Software Systems
# Jim Vlcek <vlcek@epimbe.com>
bytex 1375/tcp Bytex
bytex 1375/udp Bytex
# Mary Ann Burt <bytex!ws054!maryann@uunet.UU.NET>
ibm-pps 1376/tcp IBM Person to Person Software
ibm-pps 1376/udp IBM Person to Person Software
# Simon Phipps <sphipps@vnet.ibm.com>
cichlid 1377/tcp Cichlid License Manager
cichlid 1377/udp Cichlid License Manager
# Andy Burgess <aab@cichlid.com>
elan 1378/tcp Elan License Manager
elan 1378/udp Elan License Manager
# Ken Greer <kg@elan.com>
dbreporter 1379/tcp Integrity Solutions
dbreporter 1379/udp Integrity Solutions
# Tim Dawson <tdawson%mspboss@uunet.UU.NET>
telesis-licman 1380/tcp Telesis Network License Manager
telesis-licman 1380/udp Telesis Network License Manager
# Karl Schendel, Jr. <wiz@telesis.com>
apple-licman 1381/tcp Apple Network License Manager
apple-licman 1381/udp Apple Network License Manager
# Earl Wallace <earlw@apple.com>
udt_os 1382/tcp
udt_os 1382/udp
gwha 1383/tcp GW Hannaway Network License Manager
gwha 1383/udp GW Hannaway Network License Manager
# J. Gabriel Foster <fop@gwha.com>
os-licman 1384/tcp Objective Solutions License Manager
os-licman 1384/udp Objective Solutions License Manager
# Donald Cornwell <don.cornwell@objective.com>
atex_elmd 1385/tcp Atex Publishing License Manager
atex_elmd 1385/udp Atex Publishing License Manager
# Brett Sorenson <bcs@atex.com>
checksum 1386/tcp CheckSum License Manager
checksum 1386/udp CheckSum License Manager
# Andreas Glocker <glocker@sirius.com>
cadsi-lm 1387/tcp Computer Aided Design Software Inc LM
cadsi-lm 1387/udp Computer Aided Design Software Inc LM
# Sulistio Muljadi
objective-dbc 1388/tcp Objective Solutions DataBase Cache
objective-dbc 1388/udp Objective Solutions DataBase Cache
# Donald Cornwell
iclpv-dm 1389/tcp Document Manager
iclpv-dm 1389/udp Document Manager
iclpv-sc 1390/tcp Storage Controller
iclpv-sc 1390/udp Storage Controller
iclpv-sas 1391/tcp Storage Access Server

iclpv-sas 1391/udp Storage Access Server
iclpv-pm 1392/tcp Print Manager
iclpv-pm 1392/udp Print Manager
iclpv-nls 1393/tcp Network Log Server
iclpv-nls 1393/udp Network Log Server
iclpv-nlc 1394/tcp Network Log Client
iclpv-nlc 1394/udp Network Log Client
iclpv-wsm 1395/tcp PC Workstation Manager software
iclpv-wsm 1395/udp PC Workstation Manager software
# A.P. Hobson <A.P.Hobson@bra0112.wins.icl.co.uk>
dvl-activemail 1396/tcp DVL Active Mail
dvl-activemail 1396/udp DVL Active Mail
audio-activmail 1397/tcp Audio Active Mail
audio-activmail 1397/udp Audio Active Mail
video-activmail 1398/tcp Video Active Mail
video-activmail 1398/udp Video Active Mail
# Ehud Shapiro <udi@wisdon.weizmann.ac.il>
cadkey-licman 1399/tcp Cadkey License Manager
cadkey-licman 1399/udp Cadkey License Manager
cadkey-tablet 1400/tcp Cadkey Tablet Daemon
cadkey-tablet 1400/udp Cadkey Tablet Daemon
# Joe McCollough <joe@cadkey.com>
goldleaf-licman 1401/tcp Goldleaf License Manager
goldleaf-licman 1401/udp Goldleaf License Manager
# John Fox <---none--->
prm-sm-np 1402/tcp Prospero Resource Manager
prm-sm-np 1402/udp Prospero Resource Manager
prm-nm-np 1403/tcp Prospero Resource Manager
prm-nm-np 1403/udp Prospero Resource Manager
# B. Clifford Neuman <bcn@isi.edu>
igi-lm 1404/tcp Infinite Graphics License Manager
igi-lm 1404/udp Infinite Graphics License Manager
ibm-res 1405/tcp IBM Remote Execution Starter
ibm-res 1405/udp IBM Remote Execution Starter
netlabs-lm 1406/tcp NetLabs License Manager
netlabs-lm 1406/udp NetLabs License Manager
dbsa-lm 1407/tcp DBSA License Manager
dbsa-lm 1407/udp DBSA License Manager
# Scott Shattuck <ss@dbsa.com>
sophia-lm 1408/tcp Sophia License Manager
sophia-lm 1408/udp Sophia License Manager
# Eric Brown <sst!emerald!eric@uunet.UU.net>
here-lm 1409/tcp Here License Manager
here-lm 1409/udp Here License Manager
# David Ison <here@dialup.oar.net>
hiq 1410/tcp HiQ License Manager
hiq 1410/udp HiQ License Manager
# Rick Pugh <rick@bilmillennium.com>

af 1411/tcp AudioFile
af 1411/udp AudioFile
# Jim Gettys <jg@crl.dec.com>
innosys 1412/tcp InnoSys
innosys 1412/udp InnoSys
innosys-acl 1413/tcp Innosys-ACL
innosys-acl 1413/udp Innosys-ACL
# Eric Welch <--none--->
ibm-mqseries 1414/tcp IBM MQSeries
ibm-mqseries 1414/udp IBM MQSeries
# Roger Meli <rmmeli%winvmd@vnet.ibm.com>
dbstar 1415/tcp DBStar
dbstar 1415/udp DBStar
# Jeffrey Millman <jcm@dbstar.com>
novell-lu6.2 1416/tcp Novell LU6.2
novell-lu6.2 1416/udp Novell LU6.2
# Peter Liu <--none--->
timbuktu-srv1 1417/tcp Timbuktu Service 1 Port
timbuktu-srv1 1417/tcp Timbuktu Service 1 Port
timbuktu-srv2 1418/tcp Timbuktu Service 2 Port
timbuktu-srv2 1418/udp Timbuktu Service 2 Port
timbuktu-srv3 1419/tcp Timbuktu Service 3 Port
timbuktu-srv3 1419/udp Timbuktu Service 3 Port
timbuktu-srv4 1420/tcp Timbuktu Service 4 Port
timbuktu-srv4 1420/udp Timbuktu Service 4 Port
# Marc Epard <marc@waygate.farallon.com>
gandalf-lm 1421/tcp Gandalf License Manager
gandalf-lm 1421/udp Gandalf License Manager
# gilmer@gandalf.ca
autodesk-lm 1422/tcp Autodesk License Manager
autodesk-lm 1422/udp Autodesk License Manager
# David Ko <dko@autodesk.com>
essbase 1423/tcp Essbase Arbor Software
essbase 1423/udp Essbase Arbor Software
hybrid 1424/tcp Hybrid Encryption Protocol
hybrid 1424/udp Hybrid Encryption Protocol
# Howard Hart <hch@hybrid.com>
zion-lm 1425/tcp Zion Software License Manager
zion-lm 1425/udp Zion Software License Manager
# David Ferrero <david@zion.com>
sas-1 1426/tcp Satellite-data Acquisition System 1
sas-1 1426/udp Satellite-data Acquisition System 1
# Bill Taylor <sais@ssec.wisc.edu>
mloadd 1427/tcp mloadd monitoring tool
mloadd 1427/udp mloadd monitoring tool
# Bob Braden <braden@isi.edu>
informatik-lm 1428/tcp Informatik License Manager
informatik-lm 1428/udp Informatik License Manager

# Harald Schlangmann
# <schlangm@informatik.uni-muenchen.de>
nms 1429/tcp Hypercom NMS
nms 1429/udp Hypercom NMS
tpdu 1430/tcp Hypercom TPDU
tpdu 1430/udp Hypercom TPDU
# Noor Chowdhury <noor@hypercom.com>
rgtp 1431/tcp Reverse Gosip Transport
rgtp 1431/udp Reverse Gosip Transport
# <iwj10@cl.cam-orl.co.uk>
blueberry-lm 1432/tcp Blueberry Software License Manager
blueberry-lm 1432/udp Blueberry Software License Manager
# Steve Beigel <ublueb!steve@uunet.uu.net>
ms-sql-s 1433/tcp Microsoft-SQL-Server
ms-sql-s 1433/udp Microsoft-SQL-Server
ms-sql-m 1434/tcp Microsoft-SQL-Monitor
ms-sql-m 1434/udp Microsoft-SQL-Monitor
# Peter Hussey <peterhus@microsoft.com>
ibm-cics 1435/tcp IBM CISC
ibm-cics 1435/udp IBM CISC
# Geoff Meacock <gbibmswl@ibmmail.COM>
sas-2 1436/tcp Satellite-data Acquisition System 2
sas-2 1436/udp Satellite-data Acquisition System 2
# Bill Taylor <sais@ssec.wisc.edu>
tabula 1437/tcp Tabula
tabula 1437/udp Tabula
# Marcelo Einhorn
# <KGUNE%HUJIVM1.bitnet@taunivm.tau.ac.il>
eicon-server 1438/tcp Eicon Security Agent/Server
eicon-server 1438/udp Eicon Security Agent/Server
eicon-x25 1439/tcp Eicon X25/SNA Gateway
eicon-x25 1439/udp Eicon X25/SNA Gateway
eicon-slp 1440/tcp Eicon Service Location Protocol
eicon-slp 1440/udp Eicon Service Location Protocol
# Pat Calhoun <CALHOUN@admin.eicon.qc.ca>
cadis-1 1441/tcp Cadis License Management
cadis-1 1441/udp Cadis License Management
cadis-2 1442/tcp Cadis License Management
cadis-2 1442/udp Cadis License Management
# Todd Wichers <twichers@csn.org>
ies-lm 1443/tcp Integrated Engineering Software
ies-lm 1443/udp Integrated Engineering Software
# David Tong <David_Tong@integrated.mb.ca>
marcam-lm 1444/tcp Marcam License Management
marcam-lm 1444/udp Marcam License Management
# Therese Hunt <hunt@marcam.com>
proxima-lm 1445/tcp Proxima License Manager
proxima-lm 1445/udp Proxima License Manager

ora-lm 1446/tcp Optical Research Associates License Manager
ora-lm 1446/udp Optical Research Associates License Manager
apri-lm 1447/tcp Applied Parallel Research LM
apri-lm 1447/udp Applied Parallel Research LM
# Jim Dillon <jed@apri.com>
oc-lm 1448/tcp OpenConnect License Manager
oc-lm 1448/udp OpenConnect License Manager
# Sue Barnhill <snb@oc.com>
peport 1449/tcp PEport
peport 1449/udp PEport
# Qentin Neill <quentin@ColumbiaSC.NCR.COM>
dwf 1450/tcp Tandem Distributed Workbench Facility
dwf 1450/udp Tandem Distributed Workbench Facility
# Mike Bert <BERG_MIKE@tandem.com>
infoman 1451/tcp IBM Information Management
infoman 1451/udp IBM Information Management
# Karen Burns <---none--->
gtegsc-lm 1452/tcp GTE Government Systems License Man
gtegsc-lm 1452/udp GTE Government Systems License Man
# Mike Gregory <Gregory_Mike@msmail.iipo.gtegsc.com>
genie-lm 1453/tcp Genie License Manager
genie-lm 1453/udp Genie License Manager
# Paul Applegate <p.applegate2@genie.geis.com>
interhdl_elmd 1454/tcp interHDL License Manager
interhdl_elmd 1454/tcp interHDL License Manager
# Eli Sternheim eli@interhdl.com
esl-lm 1455/tcp ESL License Manager
esl-lm 1455/udp ESL License Manager
# Abel Chou <abel@willy.esl.com>
dca 1456/tcp DCA
dca 1456/udp DCA
# Jeff Garbers <jgarbers@netcom.com>
valisys-lm 1457/tcp Valisys License Manager
valisys-lm 1457/udp Valisys License Manager
# Leslie Lincoln <leslie_lincoln@valisys.com>
nrcabq-lm 1458/tcp Nichols Research Corp.
nrcabq-lm 1458/udp Nichols Research Corp.
# Howard Cole <hcole@tumbleweed.nrcabq.com>
proshare1 1459/tcp Proshare Notebook Application
proshare1 1459/udp Proshare Notebook Application
proshare2 1460/tcp Proshare Notebook Application
proshare2 1460/udp Proshare Notebook Application
# Robin Kar <Robin_Kar@ccm.hf.intel.com>
ibm_wrless_lan 1461/tcp IBM Wireless LAN
ibm_wrless_lan 1461/udp IBM Wireless LAN
# <flanne@vnet.IBM.COM>
world-lm 1462/tcp World License Manager
world-lm 1462/udp World License Manager

# Michael S Amirault <ambi@world.std.com>
nucleus 1463/tcp Nucleus
nucleus 1463/udp Nucleus
# Venky Nagar <venky@fafner.Stanford.EDU>
msl_lmd 1464/tcp MSL License Manager
msl_lmd 1464/udp MSL License Manager
# Matt Timmermans
pipes 1465/tcp Pipes Platform
pipes 1465/udp Pipes Platform mfarlin@peerlogic.com
# Mark Farlin <mfarlin@peerlogic.com>
oceansoft-lm 1466/tcp Ocean Software License Manager
oceansoft-lm 1466/udp Ocean Software License Manager
# Randy Leonard <randy@oceansoft.com>
csdmbase 1467/tcp CSDMBASE
csdmbase 1467/udp CSDMBASE
csdm 1468/tcp CSDM
csdm 1468/udp CSDM
# Robert Stabl <stabl@informatik.uni-muenchen.de>
aal-lm 1469/tcp Active Analysis Limited License Manager
aal-lm 1469/udp Active Analysis Limited License Manager
# David Snocken +44 (71)437-7009
uaiact 1470/tcp Universal Analytics
uaiact 1470/udp Universal Analytics
# Mark R. Ludwig <Mark-Ludwig@uai.com>
csdmbase 1471/tcp csdmbase
csdmbase 1471/udp csdmbase
csdm 1472/tcp csdm
csdm 1472/udp csdm
# Robert Stabl <stabl@informatik.uni-muenchen.de>
openmath 1473/tcp OpenMath
openmath 1473/udp OpenMath
# Garth Mayville <mayville@maplesoft.on.ca>
telefinder 1474/tcp Telefinder
telefinder 1474/udp Telefinder
# Jim White <Jim_White@spiderisland.com>
taligent-lm 1475/tcp Taligent License Manager
taligent-lm 1475/udp Taligent License Manager
# Mark Sapsford <Mark_Sapsford@@taligent.com>
clvm-cfg 1476/tcp clvm-cfg
clvm-cfg 1476/udp clvm-cfg
# Eric Soderberg <seric@cup.hp.com>
ms-sna-server 1477/tcp ms-sna-server
ms-sna-server 1477/udp ms-sna-server
ms-sna-base 1478/tcp ms-sna-base
ms-sna-base 1478/udp ms-sna-base
# Gordon Mangione <gordm@microsoft.com>
dberegister 1479/tcp dberegister
dberegister 1479/udp dberegister

# Brian Griswold <brian@dancingbear.com>
pacerforum 1480/tcp PacerForum
pacerforum 1480/udp PacerForum
# Peter Caswell <pfc@pacvax.pacersoft.com>
airs 1481/tcp AIRS
airs 1481/udp AIRS
# Bruce Wilson, 905-771-6161
miteksys-lm 1482/tcp Miteksys License Manager
miteksys-lm 1482/udp Miteksys License Manager
# Shane McRoberts <mcroberts@miteksys.com>
afs 1483/tcp AFS License Manager
afs 1483/udp AFS License Manager
# Michael R. Pizolato <michael@afs.com>
confluent 1484/tcp Confluent License Manager
confluent 1484/udp Confluent License Manager
# James Greenfiel <jim@pa.confluent.com>
lansource 1485/tcp LANSource
lansource 1485/udp LANSource
# Doug Scott <lansourc@hookup.net>
nms_topo_serv 1486/tcp nms_topo_serv
nms_topo_serv 1486/udp nms_topo_serv
# Sylvia Siu <Sylvia_Siu@Novell.CO>
localinfosrvr 1487/tcp LocalInfoSrvr
localinfosrvr 1487/udp LocalInfoSrvr
# Brian Matthews <brian_matthews@ibist.ibis.com>
docstor 1488/tcp DocStor
docstor 1488/udp DocStor
# Brian Spears <bspears@salix.com>
dmdocbroker 1489/tcp dmdocbroker
dmdocbroker 1489/udp dmdocbroker
# Razmik Abnous <abnous@documentum.com>
insitu-conf 1490/tcp insitu-conf
insitu-conf 1490/udp insitu-conf
# Paul Blacknell <paul@insitu.com>
anynetgateway 1491/tcp anynetgateway
anynetgateway 1491/udp anynetgateway
# Dan Poirier <poirier@VNET.IBM.COM>
stone-design-1 1492/tcp stone-design-1
stone-design-1 1492/udp stone-design-1
# Andrew Stone <andrew@stone.com>
netmap_lm 1493/tcp netmap_lm
netmap_lm 1493/udp netmap_lm
# Phillip Magson <philm@extro.ucc.su.OZ.AU>
ica 1494/tcp ica
ica 1494/udp ica
# John Richardson, Citrix Systems
cvc 1495/tcp cvc
cvc 1495/udp cvc

# Bill Davidson <billd@equalizer.cray.com>
liberty-lm 1496/tcp liberty-lm
liberty-lm 1496/udp liberty-lm
# Jim Rogers <trane!jimbo@pacbell.com>
rfx-lm 1497/tcp rfx-lm
rfx-lm 1497/udp rfx-lm
# Bill Bishop <bil@rfx.rfx.com>
watcom-sql 1498/tcp Watcom-SQL
watcom-sql 1498/udp Watcom-SQL
# Rog Skubowius <rwskubow@ccnga.uwaterloo.ca>
fhc 1499/tcp Federico Heinz Consultora
fhc 1499/udp Federico Heinz Consultora
# Federico Heinz <federico@heinz.com>
vlsi-lm 1500/tcp VLSI License Manager
vlsi-lm 1500/udp VLSI License Manager
# Shue-Lin Kuo <shuelin@mdk.sanjose.vlsi.com>
sas-3 1501/tcp Satellite-data Acquisition System 3
sas-3 1501/udp Satellite-data Acquisition System 3
# Bill Taylor <sais@ssec.wisc.edu>
shivadiscovery 1502/tcp Shiva
shivadiscovery 1502/udp Shiva
# Jonathan Wenocur <jhw@Shiva.COM>
imtc-mcs 1503/tcp Databeam
imtc-mcs 1503/udp Databeam
# Jim Johnstone <jjohnstone@databeam.com>
evb-elm 1504/tcp EVB Software Engineering License Manager
evb-elm 1504/udp EVB Software Engineering License Manager
# B.G. Mahesh < mahesh@sett.com>
funkproxy 1505/tcp Funk Software, Inc.
funkproxy 1505/udp Funk Software, Inc.
# Robert D. Vincent <bert@willowpond.com>
# 1506-1523 Unassigned
ingreslock 1524/tcp ingres
ingreslock 1524/udp ingres
orasrv 1525/tcp oracle
orasrv 1525/udp oracle
prospero-np 1525/tcp Prospero Directory Service non-priv
prospero-np 1525/udp Prospero Directory Service non-priv
pdap-np 1526/tcp Prospero Data Access Prot non-priv
pdap-np 1526/udp Prospero Data Access Prot non-priv
# B. Clifford Neuman <bcn@isi.edu>
tlisrv 1527/tcp oracle
tlisrv 1527/udp oracle
coauthor 1529/tcp oracle
coauthor 1529/udp oracle
issd 1600/tcp
issd 1600/udp
nkd 1650/tcp

nkd 1650/udp
proshareaudio 1651/tcp proshare conf audio
proshareaudio 1651/udp proshare conf audio
prosharevideo 1652/tcp proshare conf video
prosharevideo 1652/udp proshare conf video
prosharedata 1653/tcp proshare conf data
prosharedata 1653/udp proshare conf data
prosharerequest 1654/tcp proshare conf request
prosharerequest 1654/udp proshare conf request
prosharenotify 1655/tcp proshare conf notify
prosharenotify 1655/udp proshare conf notify
# <gunner@ibeam.intel.com>
netview-aix-1 1661/tcp netview-aix-1
netview-aix-1 1661/udp netview-aix-1
netview-aix-2 1662/tcp netview-aix-2
netview-aix-2 1662/udp netview-aix-2
netview-aix-3 1663/tcp netview-aix-3
netview-aix-3 1663/udp netview-aix-3
netview-aix-4 1664/tcp netview-aix-4
netview-aix-4 1664/udp netview-aix-4
netview-aix-5 1665/tcp netview-aix-5
netview-aix-5 1665/udp netview-aix-5
netview-aix-6 1666/tcp netview-aix-6
netview-aix-6 1666/udp netview-aix-6
# Martha Crisson <CRISSON@ralvm12.vnet.ibm.com>
licensedaemon 1986/tcp cisco license management
licensedaemon 1986/udp cisco license management
tr-rsrb-p1 1987/tcp cisco RSRB Priority 1 port
tr-rsrb-p1 1987/udp cisco RSRB Priority 1 port
tr-rsrb-p2 1988/tcp cisco RSRB Priority 2 port
tr-rsrb-p2 1988/udp cisco RSRB Priority 2 port
tr-rsrb-p3 1989/tcp cisco RSRB Priority 3 port
tr-rsrb-p3 1989/udp cisco RSRB Priority 3 port
#PROBLEMS!===================================================
mshnet 1989/tcp MHSnet system
mshnet 1989/udp MHSnet system
# Bob Kummerfeld <bob@sarad.cs.su.oz.au>
#PROBLEMS!===================================================
stun-p1 1990/tcp cisco STUN Priority 1 port
stun-p1 1990/udp cisco STUN Priority 1 port
stun-p2 1991/tcp cisco STUN Priority 2 port
stun-p2 1991/udp cisco STUN Priority 2 port
stun-p3 1992/tcp cisco STUN Priority 3 port
stun-p3 1992/udp cisco STUN Priority 3 port
#PROBLEMS!===================================================
ipsendmsg 1992/tcp IPsendmsg
ipsendmsg 1992/udp IPsendmsg
# Bob Kummerfeld <bob@sarad.cs.su.oz.au>

#PROBLEMS!===================================================
snmp-tcp-port 1993/tcp cisco SNMP TCP port
snmp-tcp-port 1993/udp cisco SNMP TCP port
stun-port 1994/tcp cisco serial tunnel port
stun-port 1994/udp cisco serial tunnel port
perf-port 1995/tcp cisco perf port
perf-port 1995/udp cisco perf port
tr-rsrb-port 1996/tcp cisco Remote SRB port
tr-rsrb-port 1996/udp cisco Remote SRB port
gdp-port 1997/tcp cisco Gateway Discovery Protocol
gdp-port 1997/udp cisco Gateway Discovery Protocol
x25-svc-port 1998/tcp cisco X.25 service (XOT)
x25-svc-port 1998/udp cisco X.25 service (XOT)
tcp-id-port 1999/tcp cisco identification port
tcp-id-port 1999/udp cisco identification port
callbook 2000/tcp
callbook 2000/udp
dc 2001/tcp
wizard 2001/udp curry
globe 2002/tcp
globe 2002/udp
mailbox 2004/tcp
emce 2004/udp CCWS mm conf
berknet 2005/tcp
oracle 2005/udp
invokator 2006/tcp
raid-cc 2006/udp raid
dectalk 2007/tcp
raid-am 2007/udp
conf 2008/tcp
terminaldb 2008/udp
news 2009/tcp
whosockami 2009/udp
search 2010/tcp
pipe_server 2010/udp
raid-cc 2011/tcp raid
servserv 2011/udp
ttyinfo 2012/tcp
raid-ac 2012/udp
raid-am 2013/tcp
raid-cd 2013/udp
troff 2014/tcp
raid-sf 2014/udp
cypress 2015/tcp
raid-cs 2015/udp
bootserver 2016/tcp
bootserver 2016/udp
cypress-stat 2017/tcp

bootclient 2017/udp
terminaldb 2018/tcp
rellpack 2018/udp
whosockami 2019/tcp
about 2019/udp
xinupageserver 2020/tcp
xinupageserver 2020/udp
servexec 2021/tcp
xinuexpansion1 2021/udp
down 2022/tcp
xinuexpansion2 2022/udp
xinuexpansion3 2023/tcp
xinuexpansion3 2023/udp
xinuexpansion4 2024/tcp
xinuexpansion4 2024/udp
ellpack 2025/tcp
xribs 2025/udp
scrabble 2026/tcp
scrabble 2026/udp
shadowserver 2027/tcp
shadowserver 2027/udp
submitserver 2028/tcp
submitserver 2028/udp
device2 2030/tcp
device2 2030/udp
blackboard 2032/tcp
blackboard 2032/udp
glogger 2033/tcp
glogger 2033/udp
scoremgr 2034/tcp
scoremgr 2034/udp
imsldoc 2035/tcp
imsldoc 2035/udp
objectmanager 2038/tcp
objectmanager 2038/udp
lam 2040/tcp
lam 2040/udp
interbase 2041/tcp
interbase 2041/udp
isis 2042/tcp
isis 2042/udp
isis-bcast 2043/tcp
isis-bcast 2043/udp
rimsl 2044/tcp
rimsl 2044/udp
cdfunc 2045/tcp
cdfunc 2045/udp
sdfunc 2046/tcp

sdfunc 2046/udp
dls 2047/tcp
dls 2047/udp
dls-monitor 2048/tcp
dls-monitor 2048/udp
shilp 2049/tcp
shilp 2049/udp
dlsrpn 2065/tcp Data Link Switch Read Port Number
dlsrpn 2065/udp Data Link Switch Read Port Number
dlswpn 2067/tcp Data Link Switch Write Port Number
dlswpn 2067/udp Data Link Switch Write Port Number
ats 2201/tcp Advanced Training System Program
ats 2201/udp Advanced Training System Program
rtsserv 2500/tcp Resource Tracking system server
rtsserv 2500/udp Resource Tracking system server
rtsclient 2501/tcp Resource Tracking system client
rtsclient 2501/udp Resource Tracking system client
# Aubrey Turner
# <S95525ta%etsuacad.bitnet@ETSUADMN.ETSU.EDU>
hp-3000-telnet 2564/tcp HP 3000 NS/VT block mode telnet
www-dev 2784/tcp world wide web - development
www-dev 2784/udp world wide web - development
NSWS 3049/tcp
NSWS 3049/udp
ccmail 3264/tcp cc:mail/lotus
ccmail 3264/udp cc:mail/lotus
dec-notes 3333/tcp DEC Notes
dec-notes 3333/udp DEC Notes
# Kim Moraros <moraros@via.enet.dec.com>
mapper-nodemgr 3984/tcp MAPPER network node manager
mapper-nodemgr 3984/udp MAPPER network node manager
mapper-mapethd 3985/tcp MAPPER TCP/IP server
mapper-mapethd 3985/udp MAPPER TCP/IP server
mapper-ws_ethd 3986/tcp MAPPER workstation server
mapper-ws_ethd 3986/udp MAPPER workstation server
# John C. Horton <jch@unirsvl.rsvl.unisys.com>
bmap 3421/tcp Bull Apprise portmapper
bmap 3421/udp Bull Apprise portmapper
# Jeremy Gilbert <J.Gilbert@ma30.bull.com>
udt_os 3900/tcp Unidata UDT OS
udt_os 3900/udp Unidata UDT OS
# James Powell <james@mailhost.unidata.com>
nuts_dem 4132/tcp NUTS Daemon
nuts_dem 4132/udp NUTS Daemon
nuts_bootp 4133/tcp NUTS Bootp Server
nuts_bootp 4133/udp NUTS Bootp Server
# Martin Freiss <freiss.pad@sni.>
unicall 4343/tcp UNICALL

unicall 4343/udp UNICALL
# James Powell <james@enghp.unidata.comp>
krb524 4444/tcp KRB524
krb524 4444/udp KRB524
# B. Clifford Neuman <bcn@isi.edu>
rfa 4672/tcp remote file access server
rfa 4672/udp remote file access server
commplex-main 5000/tcp
commplex-main 5000/udp
commplex-link 5001/tcp
commplex-link 5001/udp
rfe 5002/tcp radio free ethernet
rfe 5002/udp radio free ethernet
telelpathstart 5010/tcp TelepathStart
telelpathstart 5010/udp TelepathStart
telelpathattack 5011/tcp TelepathAttack
telelpathattack 5011/udp TelepathAttack
# Helmuth Breitenfellner <hbreitenf@vnet.imb.com>
mmcc 5050/tcp multimedia conference control tool
mmcc 5050/udp multimedia conference control tool
rmonitor_secure 5145/tcp
rmonitor_secure 5145/udp
aol 5190/tcp America-Online
aol 5190/udp America-Online
# Marty Lyons <marty@aol.com>
padl2sim 5236/tcp
padl2sim 5236/udp
hacl-hb 5300/tcp # HA cluster heartbeat
hacl-hb 5300/udp # HA cluster heartbeat
hacl-gs 5301/tcp # HA cluster general services
hacl-gs 5301/udp # HA cluster general services
hacl-cfg 5302/tcp # HA cluster configuration
hacl-cfg 5302/udp # HA cluster configuration
hacl-probe 5303/tcp # HA cluster probing
hacl-probe 5303/udp # HA cluster probing
hacl-local 5304/tcp
hacl-local 5304/udp
hacl-test 5305/tcp
hacl-test 5305/udp
# Eric Soderberg <seric@hposl102.cup.hp>
x11 6000-6063/tcp X Window System
x11 6000-6063/udp X Window System
# Stephen Gildea <gildea@expo.lcs.mit.edu>
sub-process 6111/tcp HP SoftBench Sub-Process Control
sub-process 6111/udp HP SoftBench Sub-Process Control
meta-corp 6141/tcp Meta Corporation License Manager
meta-corp 6141/udp Meta Corporation License Manager
# Osamu Masuda <--none--->

aspentec-lm 6142/tcp Aspen Technology License Manager
aspentec-lm 6142/udp Aspen Technology License Manager
# Kevin Massey <massey@aspentec.com>
watershed-lm 6143/tcp Watershed License Manager
watershed-lm 6143/udp Watershed License Manager
# David Ferrero <david@zion.com>
statsci1-lm 6144/tcp StatSci License Manager - 1
statsci1-lm 6144/udp StatSci License Manager - 1
statsci2-lm 6145/tcp StatSci License Manager - 2
statsci2-lm 6145/udp StatSci License Manager - 2
# Scott Blachowicz <scott@statsci.com>
lonewolf-lm 6146/tcp Lone Wolf Systems License Manager
lonewolf-lm 6146/udp Lone Wolf Systems License Manager
# Dan Klein <dvk@lonewolf.com>
montage-lm 6147/tcp Montage License Manager
montage-lm 6147/udp Montage License Manager
# Michael Ubell <michael@montage.com>
xdsxdm 6558/udp
xdsxdm 6558/tcp
afs3-fileserver 7000/tcp file server itself
afs3-fileserver 7000/udp file server itself
afs3-callback 7001/tcp callbacks to cache managers
afs3-callback 7001/udp callbacks to cache managers
afs3-prserver 7002/tcp users & groups database
afs3-prserver 7002/udp users & groups database
afs3-vlserver 7003/tcp volume location database
afs3-vlserver 7003/udp volume location database
afs3-kaserver 7004/tcp AFS/Kerberos authentication service
afs3-kaserver 7004/udp AFS/Kerberos authentication service
afs3-volser 7005/tcp volume managment server
afs3-volser 7005/udp volume managment server
afs3-errors 7006/tcp error interpretation service
afs3-errors 7006/udp error interpretation service
afs3-bos 7007/tcp basic overseer process
afs3-bos 7007/udp basic overseer process
afs3-update 7008/tcp server-to-server updater
afs3-update 7008/udp server-to-server updater
afs3-rmtsys 7009/tcp remote cache manager service
afs3-rmtsys 7009/udp remote cache manager service
ups-onlinet 7010/tcp onlinet uninterruptable power supplies
ups-onlinet 7010/udp onlinet uninterruptable power supplies
# Brian Hammill <hamill@dolphin.exide.com>
font-service 7100/tcp X Font Service
font-service 7100/udp X Font Service
# Stephen Gildea <gildea@expo.lcs.mit.edu>
fodms 7200/tcp FODMS FLIP
fodms 7200/udp FODMS FLIP
# David Anthony <anthony@power.amasd.anatcp.rockwell.com>

man 9535/tcp
man 9535/udp
isode-dua 17007/tcp
isode-dua 17007/udp

REFERENCES

[RFC768] Postel, J., "User Datagram Protocol", STD 6, RFC 768,
USC/Information Sciences Institute, August 1980.

[RFC793] Postel, J., ed., "Transmission Control Protocol - DARPA
Internet Program Protocol Specification", STD 7, RFC 793,
USC/Information Sciences Institute, September 1981.

[]

URL = ftp://ftp.isi.edu/in-notes/iana/assignments/port-numbers

INTERNET MULTICAST ADDRESSES

Host Extensions for IP Multicasting [RFC1112] specifies the
extensions required of a host implementation of the Internet Protocol
(IP) to support multicasting. Current addresses are listed below.

224.0.0.0 Base Address (Reserved) [RFC1112,JBP]
224.0.0.1 All Systems on this Subnet [RFC1112,JBP]
224.0.0.2 All Routers on this Subnet [JBP]
224.0.0.3 Unassigned [JBP]
224.0.0.4 DVMRP Routers [RFC1075,JBP]
224.0.0.5 OSPFIGP OSPFIGP All Routers [RFC1583,JXM1]
224.0.0.6 OSPFIGP OSPFIGP Designated Routers [RFC1583,JXM1]
224.0.0.7 ST Routers [RFC1190,KS14]
224.0.0.8 ST Hosts [RFC1190,KS14]
224.0.0.9 RIP2 Routers [GSM11]
224.0.0.10 IGRP Routers [Dino Farinacci]
224.0.0.11 Mobile-Agents [Bill Simpson]
224.0.0.12-224.0.0.255 Unassigned [JBP]

224.0.1.0 VMTP Managers Group [RFC1045,DRC3]
224.0.1.1 NTP Network Time Protocol [RFC1119,DLM1]
224.0.1.2 SGI-Dogfight [AXC]
224.0.1.3 Rwhod [SXD]
224.0.1.4 VNP [DRC3]
224.0.1.5 Artificial Horizons - Aviator [BXF]
224.0.1.6 NSS - Name Service Server [BXS2]
224.0.1.7 AUDIONEWS - Audio News Multicast [MXF2]
224.0.1.8 SUN NIS+ Information Service [CXM3]
224.0.1.9 MTP Multicast Transport Protocol [SXA]
224.0.1.10 IETF-1-LOW-AUDIO [SC3]
224.0.1.11 IETF-1-AUDIO [SC3]
224.0.1.12 IETF-1-VIDEO [SC3]
224.0.1.13 IETF-2-LOW-AUDIO [SC3]
224.0.1.14 IETF-2-AUDIO [SC3]
224.0.1.15 IETF-2-VIDEO [SC3]
224.0.1.16 MUSIC-SERVICE [Guido van Rossum]
224.0.1.17 SEANET-TELEMETRY [Andrew Maffei]
224.0.1.18 SEANET-IMAGE [Andrew Maffei]
224.0.1.19 MLOADD [Braden]
224.0.1.20 any private experiment [JBP]
224.0.1.21 DVMRP on MOSPF [John Moy]
224.0.1.22 SVRLOC <veizades@ftp.com>
224.0.1.23 XINGTV <hgxing@aol.com>
224.0.1.24 microsoft-ds <arnoldm@microsoft.com>
224.0.1.25 nbc-pro <bloomer@birch.crd.ge.com>
224.0.1.26 nbc-pfn <bloomer@birch.crd.ge.com>
224.0.1.27-224.0.1.255 Unassigned [JBP]

224.0.2.1 "rwho" Group (BSD) (unofficial) [JBP]
224.0.2.2 SUN RPC PMAPPROC_CALLIT [BXE1]

224.0.3.000-224.0.3.255 RFE Generic Service [DXS3]
224.0.4.000-224.0.4.255 RFE Individual Conferences [DXS3]
224.0.5.000-224.0.5.127 CDPD Groups [Bob Brenner]
224.0.5.128-224.0.5.255 Unassigned [IANA]
224.0.6.000-224.0.6.127 Cornell ISIS Project [Tim Clark]
224.0.6.128-224.0.6.255 Unassigned [IANA]

224.1.0.0-224.1.255.255 ST Multicast Groups [RFC1190,KS14]
224.2.0.0-224.2.255.255 Multimedia Conference Calls [SC3]

224.252.0.0-224.255.255.255 DIS transient groups [Joel Snyder]

232.0.0.0-232.255.255.255 VMTP transient groups [RFC1045,DRC3]

These addresses are listed in the Domain Name Service under MCAST.NET
and 224.IN-ADDR.ARPA.

Note that when used on an Ethernet or IEEE 802 network, the 23
low-order bits of the IP Multicast address are placed in the low-order
23 bits of the Ethernet or IEEE 802 net multicast address
1.0.94.0.0.0. See the next section on "IANA ETHERNET ADDRESS BLOCK".

REFERENCES

[RFC1045] Cheriton, D., "VMTP: Versatile Message Transaction
Protocol Specification", RFC 1045, Stanford University,
February 1988.

[RFC1075] Waitzman, D., C. Partridge, and S. Deering "Distance Vector
Multicast Routing Protocol", RFC-1075, BBN STC, Stanford
University, November 1988.

[RFC1112] Deering, S., "Host Extensions for IP Multicasting",
STD 5, RFC 1112, Stanford University, August 1989.

[RFC1119] Mills, D., "Network Time Protocol (Version 1), Specification
and Implementation", STD 12, RFC 1119, University of
Delaware, July 1988.

[RFC1190] Topolcic, C., Editor, "Experimental Internet Stream
Protocol, Version 2 (ST-II)", RFC 1190, CIP Working Group,
October 1990.

[RFC1583] Moy, J., "The OSPF Specification", RFC 1583, Proteon,
March 1994.

PEOPLE

<arnoldm@microsoft.com>

[AXC] Andrew Cherenson <arc@SGI.COM>

[Bob Brenner]

<bloomer@birch.crd.ge.com>

[Braden] Bob Braden <braden@isi.edu

[BXE1] Brendan Eic <brendan@illyria.wpd.sgi.com>

[BXF] Bruce Factor <ahi!bigapple!bruce@uunet.UU.NET>

[BXS2] Bill Schilit <schilit@parc.xerox.com>

[CXM3] Chuck McManis <cmcmanis@sun.com>

[Tim Clark]

[DLM1] David Mills <Mills@HUEY.UDEL.EDU>

[DRC3] Dave Cheriton <cheriton@PESCADERO.STANFORD.EDU>

[DXS3] Daniel Steinber <Daniel.Steinberg@Eng.Sun.COM>

[Dino Farinacci]

[GSM11] Gary S. Malkin <GMALKIN@XYLOGICS.COM>

<hgxing@aol.com>

[IANA] IANA <iana@isi.edu>

[JBP] Jon Postel <postel@isi.edu>

[JXM1] Jim Miner <miner@star.com>

[KS14] <mystery contact>

[Andrew Maffei]

[John Moy] John Moy <jmoy@PROTEON.COM>

[MXF2] Martin Forssen <maf@dtek.chalmers.se>

[Guido van Rossum]

[SC3] Steve Casner <casner@isi.edu>

[Joel Snyder]

[SXA] Susie Armstrong <Armstrong.wbst128@XEROX.COM>

[SXD] Steve Deering <deering@PARC.XEROX.COM>

<veizades@ftp.com>

[]

URL = ftp://ftp.isi.edu/in-notes/iana/assignments/multicast-addresses

SUN RPC NUMBERS

To obtain SUN Remote Procedure Call (RPC) numbers send an e-mail
request to "rpc@sun.com".

The RPC port management service ('portmap' in SunOS versions less than
5.0 and 'rpcbind' in SunOS versions greater than 5.0) "registers" the
IP port number that is allocated to a particular service when that
service is created. It does not allocate ports on behalf of those
services.

For an exact specification of the semantics refer to the source code
of svcudp_create() and svctcp_create() in the archives. In short
however is that these interfaces, and svc_tli_create their Transport
Independent RPC equivalent, take either a user specified port number
or RPC_ANY (-1) which effectively means "I don't care." In the "I
don't care" case the create code simply calls socket(2) or t_open(3n)
which allocates an IP port based on the rules:

if euid of the requesting process is 0 (i.e., root)
allocate the next available port number in the
reserved port range.
else
allocate the next available port in the non-reserved
range.

Port numbers count up sequentially.

Can a port that is "assigned" can be used when the assignee's service
is not present? Say port 501 is assigned to the "jeans" service. On
a machine that does not have the "jeans" service, nor has any clients
that might be expecting to use it, is port 501 available for other
uses? Any dynamic allocation process, like the portmapper, that
chooses the next unused port might allocate port 501 dynamically to a
process that asked for a "I don't care" port. So any dynamic
allocation scheme may pick an unused port that happened to correspond
to a port number that had been "assigned" but was currently unused.

While it might be desirable, it is impossible to guarantee that any
unused port, even though officially assigned to a service, is not
picked by a dynamic allocator since such an assignment might occur
long after the delivery of the system into a site that doesn't watch
for the latest list.

There is the restriction that only "superuser" on BSD derived systems
such as SunOS can bind to a port number that is less than 1024. So
programs have used this information in the past to identify whether or

not the service they were talking to was started by the superuser on
the remote system. Making this assumption is dangerous because not
all system enforce this restriction.

Sun RPC services use ports that are currently unused. If someone
noted that an RPC service was using port 781, it would be just as
happy using port 891, or 951. The service doesn't care what port it
gets, remote clients will query the portmapper to ask it what port
number was assigned to the service when it was started. The key is
that the port was not currently in use. The only port that ONC/RPC
must have is 111 its assigned port for the portmap service.

The most common complaint comes when people put a new service on their
system. When they configure their systems they put the new service
configuration commands at the end of their system startup scripts.
During startup, several network services may be started. Those
services that are ONC/RPC based just pick the next available port,
those that have pre-assigned ports bind to their pre-assigned port.
Clearly the correct sequence is to have all services that need a
particular port to be started first (or if they are "latent" services
that are started by inetd, to have inetd started). Finally, the RPC
services should be started as they will be assigned unused ports. (In
the BSD networking code (which we use) the algorithm for picking
ports is in the file in_pcb.c, function in_pcbbind().)

Services should be started in this order:

a) Services that will "run" continuously and have an assigned
port. Note that this includes rpcbind (nee portmap) that has
port 111 assigned to it.

b) inetd - which will automatically create sockets for those
services that have reserved ports but only run on demand
(like finger)

c) RPC services - which will automatically pick unused ports and
maximize efficiency of the "IP Port" namespace.

The include file /usr/include/netinet/in.h defines a constant
IPPORT_RESERVED to be 1024. The relevant text is:

/*
* Ports < IPPORT_RESERVED are reserved for
* privileged processes (e.g. root).
* Ports > IPPORT_USERRESERVED are reserved
* for servers, not necessarily privileged.
*/
#define IPPORT_RESERVED 1024

#define IPPORT_USERRESERVED 5000

Portmap does not allocate ports, the kernel allocates ports. The code
that does this is part of nearly every UNIX system in the world (and
since the BSD code is 'free' it is often the same code). RPC services
ask the kernel to allocate them a port by calling the "bind()" system
call. The parameter they pass is "INADDR_ANY" which means "allocate
me any IP port you want". The kernel does that by looking at all of
the ports that are currently in use and picking one that is not
currently used. The number picked is either less that 1024 if the
process is privledged, or greater than 1024 if the process is not
privledged. After the kernel has allocated a port, the service
registers this allocation with portmap. The portmapper is merely a
registry of previously allocated ports. Note "allocated" here is
being used in the sense that they are used by an open socket, not
assigned a well known name.

The role of /etc/services is to provide an idea to people who are
looking at network traffic as to where a packet may have originated
from or is headed to. For services like finger that have assigned
ports, they can just hard code the port they want into their
executable. (it isn't like it will change, and if they read it from
/etc/services and someone had mistyped the port number it won't
interoperate with clients anyway!)

It is not practical to read the /etc/services file into the kernel to
prevent it from giving out port numbers that are "pre-assigned", nor
is it generally desirable since with the correct ordering of startup
it is completely unneccesary.

Editors Note: This information was supplied by Chuck McManis of Sun.

[]

URL = ftp://ftp.isi.edu/in-notes/iana/assignments/sun-rpc-numbers

IP OPTION NUMBERS

The Internet Protocol (IP) has provision for optional header fields
identified by an option type field. Options 0 and 1 are exactly one
octet which is their type field. All other options have their one
octet type field, followed by a one octet length field, followed by
length-2 octets of option data. The option type field is sub-divided
into a one bit copied flag, a two bit class field, and a five bit
option number. These taken together form an eight bit value for the
option type field. IP options are commonly refered to by this value.

Copy Class Number Value Name Reference
---- ----- ------ ----- ------------------------------- ---------
0 0 0 0 EOOL - End of Options List [RFC791,JBP]
0 0 1 1 NOP - No Operation [RFC791,JBP]
1 0 2 130 SEC - Security [RFC1108]
1 0 3 131 LSR - Loose Source Route [RFC791,JBP]
0 2 4 68 TS - Time Stamp [RFC791,JBP]
1 0 5 133 E-SEC - Extended Security [RFC1108]
1 0 6 134 CIPSO - Commercial Security [???]
0 0 7 7 RR - Record Route [RFC791,JBP]
1 0 8 136 SID - Stream ID [RFC791,JBP]
1 0 9 137 SSR - Strict Source Route [RFC791,JBP]
0 0 10 10 ZSU - Experimental Measurement [ZSu]
0 0 11 11 MTUP - MTU Probe [RFC1191]
0 0 12 12 MTUR - MTU Reply [RFC1191]
1 2 13 205 FINN - Experimental Flow Control [Finn]
1 0 14 142 VISA - Expermental Access Control [Estrin]
0 0 15 15 ENCODE - ??? [VerSteeg]
1 0 16 144 IMITD - IMI Traffic Descriptor [Lee]
1 0 17 145 EIP - ??? [RFC1358]
0 2 18 82 TR - Traceroute [RFC1393]
1 0 19 147 ADDEXT - Address Extension [Ullmann IPv7]

IP TIME TO LIVE PARAMETER

The current recommended default time to live (TTL) for the
Internet Protocol (IP) [45,105] is 64.

IP TOS PARAMETERS

This documents the default Type-of-Service values that are currently
recommended for the most important Internet protocols.

TOS Value Description Reference
--------- -------------------------- ---------
0000 Default [RFC1349]
0001 Minimize Monetary Cost [RFC1349]
0010 Maximize Reliability [RFC1349]
0100 Maximize Throughput [RFC1349]
1000 Minimize Delay [RFC1349]
1111 Maximize Security [RFC1455]

The TOS value is used to indicate "better". Only one TOS value or
property can be requested in any one IP datagram.

Generally, protocols which are involved in direct interaction with a
human should select low delay, while data transfers which may involve
large blocks of data are need high throughput. Finally, high reliability
is most important for datagram-based Internet management functions.

Application protocols not included in these tables should be able to
make appropriate choice of low delay (8 decimal, 1000 binary) or high
throughput (4 decimal, 0100 binary).

The following are recommended values for TOS:

----- Type-of-Service Value -----

Protocol TOS Value

TELNET (1) 1000 (minimize delay)

FTP
Control 1000 (minimize delay)
Data (2) 0100 (maximize throughput)

TFTP 1000 (minimize delay)

SMTP (3)
Command phase 1000 (minimize delay)
DATA phase 0100 (maximize throughput)

Domain Name Service
UDP Query 1000 (minimize delay)
TCP Query 0000
Zone Transfer 0100 (maximize throughput)

NNTP 0001 (minimize monetary cost)

ICMP

Errors 0000
Requests 0000 (4)
Responses <same as request> (4)

Any IGP 0010 (maximize reliability)

EGP 0000

SNMP 0010 (maximize reliability)

BOOTP 0000

Notes:

(1) Includes all interactive user protocols (e.g., rlogin).

(2) Includes all bulk data transfer protocols (e.g., rcp).

(3) If the implementation does not support changing the TOS
during the lifetime of the connection, then the
recommended TOS on opening the connection is the default
TOS (0000).

(4) Although ICMP request messages are normally sent with
the default TOS, there are sometimes good reasons why they
would be sent with some other TOS value. An ICMP
response always uses the same TOS value as was used in the
corresponding ICMP request message.

An application may (at the request of the user) substitute
0001 (minimize monetary cost) for any of the above values.

REFERENCES

[RFC791] Postel, J., "Internet Protocol - DARPA Internet Program
Protocol Specification", STD 5, RFC 791, DARPA, September
1981.

[RFC1108] Kent, S., "U.S. Department of Defense Security Options for
the Internet Protocol", RFC 1108, BBN Communications,
November 1991.

[RFC1191] Mogul, J., and S. Deering, "Path MTU Discovery", RFC 1191,
DECWRL, Stanford University, November 1990.

[RFC1349] Almquist, P., "Type of Service in the Internet Protocol
Suite", RFC 1349, Consultant, July 1992.

[RFC1358] Chapin, L., Chair, "Charter of the Internet Architecture
Board (IAB)", RFC 1358, Internet Architecture Board, August
1992.

[RFC1393] Malkin, G., "Traceroute Using an IP Option", RFC 1393,
Xylogics, Inc., January 1993.

[RFC1455] Eastlake, D., "Physical Link Security Type of Service",
RFC 1455, Digital Equipment Corporation, May 1993.

[Ullmann IPv7]

PEOPLE

[Estrin] Deborah Estrin <Estrin@usc.edu>

[Finn] Greg Finn <Finn@isi.edu>

[JBP] Jon Postel <postel@isi.edu>

[Ullmann] Robert Ullmann <ariel@world.std.com>

[]

URL = ftp://ftp.isi.edu/in-notes/iana/assignments/ip-parameters

ICMP TYPE NUMBERS

The Internet Control Message Protocol (ICMP) has many messages that
are identified by a "type" field.

Type Name Reference
---- ------------------------- ---------
0 Echo Reply [RFC792]
1 Unassigned [JBP]
2 Unassigned [JBP]
3 Destination Unreachable [RFC792]
4 Source Quench [RFC792]
5 Redirect [RFC792]
6 Alternate Host Address [JBP]
7 Unassigned [JBP]
8 Echo [RFC792]
9 Router Advertisement [RFC1256]
10 Router Selection [RFC1256]
11 Time Exceeded [RFC792]
12 Parameter Problem [RFC792]
13 Timestamp [RFC792]
14 Timestamp Reply [RFC792]
15 Information Request [RFC792]
16 Information Reply [RFC792]
17 Address Mask Request [RFC950]
18 Address Mask Reply [RFC950]
19 Reserved (for Security) [Solo]
20-29 Reserved (for Robustness Experiment) [ZSu]
30 Traceroute [RFC1393]
31 Datagram Conversion Error [RFC1475]
32 Mobile Host Redirect [David Johnson]
33 IPv6 Where-Are-You [Bill Simpson]
34 IPv6 I-Am-Here [Bill Simpson]
35 Mobile Registration Request [Bill Simpson]
36 Mobile Registration Reply [Bill Simpson]
37-255 Reserved [JBP]

Many of these ICMP types have a "code" field. Here we list the types
again with their assigned code fields.

Type Name Reference
---- ------------------------- ---------
0 Echo Reply [RFC792]

Codes
0 No Code

1 Unassigned [JBP]

2 Unassigned [JBP]

3 Destination Unreachable [RFC792]

Codes
0 Net Unreachable
1 Host Unreachable
2 Protocol Unreachable
3 Port Unreachable
4 Fragmentation Needed and Don't Fragment was Set
5 Source Route Failed
6 Destination Network Unknown
7 Destination Host Unknown
8 Source Host Isolated
9 Communication with Destination Network is
Administratively Prohibited
10 Communication with Destination Host is
Administratively Prohibited
11 Destination Network Unreachable for Type of Service
12 Destination Host Unreachable for Type of Service

4 Source Quench [RFC792]
Codes
0 No Code

5 Redirect [RFC792]

Codes
0 Redirect Datagram for the Network (or subnet)
1 Redirect Datagram for the Host
2 Redirect Datagram for the Type of Service and Network
3 Redirect Datagram for the Type of Service and Host

6 Alternate Host Address [JBP]

Codes
0 Alternate Address for Host

7 Unassigned [JBP]

8 Echo [RFC792]

Codes
0 No Code

9 Router Advertisement [RFC1256]

Codes

0 No Code

10 Router Selection [RFC1256]

Codes
0 No Code

11 Time Exceeded [RFC792]

Codes
0 Time to Live exceeded in Transit
1 Fragment Reassembly Time Exceeded

12 Parameter Problem [RFC792]

Codes
0 Pointer indicates the error
1 Missing a Required Option [RFC1108]
2 Bad Length

13 Timestamp [RFC792]

Codes
0 No Code

14 Timestamp Reply [RFC792]

Codes
0 No Code

15 Information Request [RFC792]

Codes
0 No Code

16 Information Reply [RFC792]

Codes
0 No Code

17 Address Mask Request [RFC950]

Codes
0 No Code

18 Address Mask Reply [RFC950]

Codes
0 No Code

19 Reserved (for Security) [Solo]

20-29 Reserved (for Robustness Experiment) [ZSu]

30 Traceroute [RFC1393]

31 Datagram Conversion Error [RFC1475]

32 Mobile Host Redirect [David Johnson]

33 IPv6 Where-Are-You [Bill Simpson]

34 IPv6 I-Am-Here [Bill Simpson]

35 Mobile Registration Request [Bill Simpson]

36 Mobile Registration Reply [Bill Simpson]

REFERENCES

[RFC792] Postel, J., "Internet Control Message Protocol", STD 5,
RFC 792, USC/Information Sciences Institute, September 1981.

[RFC950] Mogul, J., and J. Postel, "Internet Standard Subnetting
Procedure", STD 5, RFC 950, Stanford, USC/Information
Sciences Institute, August 1985.

[RFC1108] Kent, S., "U.S. Department of Defense Security Options for
the Internet Protocol", RFC 1108, November 1991.

[RFC1256] Deering, S., Editor, "ICMP Router Discovery Messages", RFC
1256, Xerox PARC, September 1991.

[RFC1393] Malkin, G., "Traceroute Using an IP Option", RFC 1393,
Xylogics, Inc., January 1993.

[RFC1475] Ullmann, R., "TP/IX: The Next Internet", RFC 1475, Process
Software Corporation, June 1993.

PEOPLE

[JBP] Jon Postel <postel@isi.edu>

[David Johnson]

[Bill Simpson] <Bill.Simpson@um.cc.umich.edu> September, 1994.

[Solo]

[ZSu] Zaw-Sing Su <ZSu@TSCA.ISTC.SRI.COM>

[]

URL = ftp://ftp.isi.edu/in-notes/iana/assignments/icmp-parameters

TCP OPTION NUMBERS

The Transmission Control Protocol (TCP) has provision for optional
header fields identified by an option kind field. Options 0 and 1 are
exactly one octet which is their kind field. All other options have
their one octet kind field, followed by a one octet length field,
followed by length-2 octets of option data.

Kind Length Meaning Reference
---- ------ ------------------------------- ---------
0 - End of Option List [RFC793]
1 - No-Operation [RFC793]
2 4 Maximum Segment Lifetime [RFC793]
3 3 WSOPT - Window Scale [RFC1323]
4 2 SACK Permitted [RFC1072]
5 N SACK [RFC1072]
6 6 Echo (obsoleted by option 8) [RFC1072]
7 6 Echo Reply (obsoleted by option 8)[RFC1072]
8 10 TSOPT - Time Stamp Option [RFC1323]
9 2 Partial Order Connection Permitted[RFC1693]
10 5 Partial Order Service Profile [RFC1693]
11 CC [Braden]
12 CC.NEW [Braden]
13 CC.ECHO [Braden]
14 3 TCP Alternate Checksum Request [RFC1146]
15 N TCP Alternate Checksum Data [RFC1146]
16 Skeeter [Knowles]
17 Bubba [Knowles]
18 3 Trailer Checksum Option [Subbu & Monroe]

TCP ALTERNATE CHECKSUM NUMBERS

Number Description Reference
------- ------------------------------- ----------
0 TCP Checksum [RFC-1146]
1 8-bit Fletchers's algorithm [RFC-1146]
2 16-bit Fletchers's algorithm [RFC-1146]
3 Redundant Checksum Avoidance [Kay]

REFERENCES

[KAY] Kay, J. and Pasquale, J., "Measurement, Analysis, and
Improvement of UDP/IP Throughput for the DECstation 5000,"
Proceedings of the Winter 1993 Usenix Conference, January 1993
(available for anonymous FTP in

ucsd.edu:/pub/csl/fastnet/fastnet.tar.Z). <jkay@ucsd.edu>

[RFC793] Postel, J., "Transmission Control Protocol - DARPA Internet
Program Protocol Specification", STD 7, RFC 793, DARPA,
September 1981.

[RFC1323] Jacobson, V., Braden, R., and D. Borman, "TCP Extensions for
High Performance", RFC 1323, LBL, ISI, Cray Research, May
1992.

[RFC1072] Jacobson, V., and R. Braden, "TCP Extensions for Long-Delay
Paths", RFC 1072, LBL, ISI, October 1988.

[RFC1693] ?????

[RFC1146] Zweig, J., and C. Partridge, "TCP Alternate Checksum
Options", RFC 1146, UIUC, BBN, March 1990.

PEOPLE

[Braden] Bob Braden <braden@isi.edu>

[Knowles] Stev Knowles <stev@ftp.com>

[Kay] J. Kay <jkay@ucsd.edu>

[Subbu & Monroe] <mystery contact>

[]

URL = ftp://ftp.isi.edu/in-notes/iana/assignments/tcp-parameters

TELNET OPTIONS

The Telnet Protocol has a number of options that may be negotiated.
These options are listed here. "Internet Official Protocol Standards"
(STD 1) provides more detailed information.

Options Name References
------- ----------------------- ----------
0 Binary Transmission [RFC856,JBP]
1 Echo [RFC857,JBP]
2 Reconnection [NIC50005,JBP]
3 Suppress Go Ahead [RFC858,JBP]
4 Approx Message Size Negotiation [ETHERNET,JBP]
5 Status [RFC859,JBP]
6 Timing Mark [RFC860,JBP]
7 Remote Controlled Trans and Echo [RFC726,JBP]
8 Output Line Width [NIC50005,JBP]
9 Output Page Size [NIC50005,JBP]
10 Output Carriage-Return Disposition [RFC652,JBP]
11 Output Horizontal Tab Stops [RFC653,JBP]
12 Output Horizontal Tab Disposition [RFC654,JBP]
13 Output Formfeed Disposition [RFC655,JBP]
14 Output Vertical Tabstops [RFC656,JBP]
15 Output Vertical Tab Disposition [RFC657,JBP]
16 Output Linefeed Disposition [RFC657,JBP]
17 Extended ASCII [RFC698,JBP]
18 Logout [RFC727,MRC]
19 Byte Macro [RFC735,JBP]
20 Data Entry Terminal [RFC1043,RFC732,JBP]
22 SUPDUP [RFC736,RFC734,MRC]
22 SUPDUP Output [RFC749,MRC]
23 Send Location [RFC779,EAK1]
24 Terminal Type [RFC1091,MS56]
25 End of Record [RFC885,JBP]
26 TACACS User Identification [RFC927,BA4]
27 Output Marking [RFC933,SXS]
28 Terminal Location Number [RFC946,RN6]
29 Telnet 3270 Regime [RFC1041,JXR]
30 X.3 PAD [RFC1053,SL70]
31 Negotiate About Window Size [RFC1073,DW183]
32 Terminal Speed [RFC1079,CLH3]
33 Remote Flow Control [RFC1372,CLH3]
34 Linemode [RFC1184,DB14]
35 X Display Location [RFC1096,GM23]
36 Environment Option [RFC1408,DB14]
37 Authentication Option [RFC1409,DB14]
38 Encryption Option [DB14]
39 New Environment Option [RFC1572,DB14]

40 TN3270E [RFC1647]
255 Extended-Options-List [RFC861,JBP]

Telnet Authentication Types

In [RFC1409], a list of authentication types is introduced. Additions
to the list are registerd by the IANA and documented here.

Type Description Reference
0 NULL [RFC1409]
1 KERBEROS_V4 [RFC1409]
2 KERBEROS_V5 [RFC1409]
3 SPX [RFC1409]
4-5 Unassigned
6 RSA [RFC1409]
7-9 Unassigned
10 LOKI [RFC1409]
11 SSA [Schoch]

REFERENCES

[ETHERNET] "The Ethernet, A Local Area Network: Data Link Layer and
Physical Layer Specification", AA-K759B-TK, Digital
Equipment Corporation, Maynard, MA. Also as: "The
Ethernet - A Local Area Network", Version 1.0, Digital
Equipment Corporation, Intel Corporation, Xerox
Corporation, September 1980. And: "The Ethernet, A Local
Area Network: Data Link Layer and Physical Layer
Specifications", Digital, Intel and Xerox, November 1982.
And: XEROX, "The Ethernet, A Local Area Network: Data Link
Layer and Physical Layer Specification", X3T51/80-50, Xerox
Corporation, Stamford, CT., October 1980.

[NIC50005] DDN Protocol Handbook, "Telnet Reconnection Option",
"Telnet Output Line Width Option", "Telnet Output Page Size
Option", NIC 50005, December 1985.

[RFC652] Crocker, D., "Telnet Output Carriage-Return Disposition
Option", RFC 652, UCLA-NMC, October 1974.

[RFC653] Crocker, D., "Telnet Output Horizontal Tabstops Option",
RFC 653, UCLA-NMC, October 1974.

[RFC654] Crocker, D., "Telnet Output Horizontal Tab Disposition
Option", RFC 654, UCLA-NMC, October 1974.

[RFC655] Crocker, D., "Telnet Output Formfeed Disposition Option",
RFC 655, UCLA-NMC, October 1974.

[RFC656] Crocker, D., "Telnet Output Vertical Tabstops Option",
RFC 656, UCLA-NMC, October 1974.

[RFC657] Crocker, D., "Telnet Output Vertical Tab Disposition Option",
RFC 657, UCLA-NMC, October 1974.

[RFC658] Crocker, D., "Telnet Output Linefeed Disposition", RFC 658,
UCLA-NMC, October 1974.

[RFC698] Tovar, "Telnet Extended ASCII Option", RFC 698, Stanford
University-AI, July 1975.

[RFC726] Postel, J. and D. Crocker, "Remote Controlled Transmission
and Echoing Telnet Option", RFC 726, SRI-ARC, UC Irvine,
March 1977.

[RFC727] Crispin, M., "Telnet Logout Option", RFC 727, Stanford
University-AI, April 1977.

[RFC734] Crispin, M., "SUPDUP Protocol", RFC 734, Stanford,
October 1977.

[RFC735] Crocker, D. and R. Gumpertz, "Revised Telnet Byte Marco
Option", RFC 735, Rand, CMU, November 1977.

[RFC736] Crispin, M., "Telnet SUPDUP Option", Stanford University-AI,
RFC 736, Stanford, October 1977.

[RFC749] Greenberg, B., "Telnet SUPDUP-OUTPUT Option", RFC 749,
MIT-Multics, September 1978.

[RFC779] Killian, E., "Telnet Send-Location Option", RFC 779,
LLL, April 1981.

[RFC856] Postel, J. and J. Reynolds, "Telnet Binary Transmission",
STD 27, RFC 856, USC/Information Sciences Institute, May
1983.

[RFC857] Postel, J. and J. Reynolds, "Telnet Echo Option", STD 28, RFC
857, USC/Information Sciences Institute, May 1983.

[RFC858] Postel, J. and J. Reynolds, "Telnet Suppress Go Ahead
Option", STD 29, RFC 858, USC/Information Sciences Institute,
May 1983.

[RFC859] Postel, J. and J. Reynolds, "Telnet Status Option", STD 30,
RFC 859, USC/Information Sciences Institute, May 1983.

[RFC860] Postel, J. and J. Reynolds, "Telnet Timing Mark Option",
STD 31, RFC 860, USC/Information Sciences Institute, May
1983.

[RFC861] Postel, J. and J. Reynolds, "Telnet Extended Options - List
Option", STD 32, RFC 861, USC/Information Sciences Institute,
May 1983.

[RFC885] Postel, J., "Telnet End of Record Option", RFC 885,
USC/Information Sciences Institute, December 1983.

[RFC927] Anderson, B., "TACACS User Identification Telnet Option",
RFC 927, BBN, December 1984.

[RFC933] Silverman, S., "Output Marking Telnet Option", RFC 933,
MITRE, January 1985.

[RFC946] Nedved, R., "Telnet Terminal Location Number Option",
RFC 946, Carnegie-Mellon University, May 1985.

[RDC1041] Rekhter, J., "Telnet 3270 Regime Option", RFC 1041,
IBM, January 1988.

[RFC1043] Yasuda, A., and T. Thompson, "TELNET Data Entry Terminal
Option DODIIS Implementation", RFC 1043, DIA, February 1988.

[RFC1053] Levy, S., and T. Jacobson, "Telnet X.3 PAD Option",
RFC 1053, Minnesota Supercomputer Center, April 1988.

[RFC1073] Waitzman, D., "Telnet Window Size Option", RFC 1073,
BBN STC, October, 1988.

[RFC1079] Hedrick, C., "Telnet Terminal Speed Option", RFC 1079,
Rutgers University, December 1988.

[RFC1091] VanBokkelen, J., "Telnet Terminal Type Option",
RFC 1091, FTP Software, Inc., February 1989.

[RFC1096] Marcy, G., "Telnet X Display Location Option", RFC 1096,
Carnegie Mellon University, March 1989.

[RFC1184] Borman, D., Editor, "Telnet Linemode Option",
RFC 1184, Cray Research, Inc., October 1990.

[RFC1372] Hedrick, C., and D. Borman, "Telnet Remote Flow Control
Option", RFC 1372, Rutgers University, Cray Research, Inc.,
October 1992.

[RFC1408] Borman, D., Editor, "Telnet Environment Option", RFC 1408,
Cray Research, Inc., January 1993.

[RFC1409] Borman, D., Editor, "Telnet Authentication Option", RFC
1409, Cray Research, Inc., January 1993.

[RFC1572] Alexander, S., Editor, "Telnet Environment Option", RFC1572,
Lachman Technology, Inc., January 1994.

[RFC1647] Kelly, B., "TN3270 Enhancements", RFC1647, Auburn
University, July 1994.

PEOPLE

[BA4] Brian Anderson <baanders@CCQ.BBN.CO>

[CLH3] Charles Hedrick <HEDRICK@ARAMIS.RUTGERS.EDU>

[DB14] Dave Borman <dab@CRAY.COM>

[DW183] David Waitzman <dwaitzman@BBN.COM>

[EAK4] Earl Kill <EAK@MORDOR.S1.GOV>

[GM23] Glenn Marcy <Glenn.Marcy@A.CS.CMU.EDU>

[JBP] Jon Postel <postel@isi.edu>

[MRC] Mark Crispin <MRC@WSMR-SIMTEL20.ARMY.MIL>

[MS56] Marvin Solomon <solomon@CS.WISC.EDU>

[RN6] Rudy Nedved <Rudy.Nedved@CMU-CS-A.>

[Schoch] Steven Schoch <schoch@sheba.arc.nasa.gov>

[SL70] Stuart Levy <slevy@UC.MSC.UMN.EDU>

[SXS] Steve Silverman <Blankert@MITRE-GATEWAY.ORG>

[YXR] Yakov Rekhter <Yakov@IBM.COM>

[]

URL = ftp://ftp.isi.edu/in-notes/iana/assignments/telnet-options

DOMAIN NAME SYSTEM PARAMETERS

The Internet Domain Naming System (DOMAIN) includes several
parameters. These are documented in [RFC1034] and [RFC1035]. The
CLASS parameter is listed here. The per CLASS parameters are defined
in separate RFCs as indicated.

Domain System Parameters:

Decimal Name References
-------- ---- ----------
0 Reserved [PM1]
1 Internet (IN) [RFC1034,PM1]
2 Unassigned [PM1]
3 Chaos (CH) [PM1]
4 Hessoid (HS) [PM1]
5-65534 Unassigned [PM1]
65535 Reserved [PM1]

In the Internet (IN) class the following TYPEs and QTYPEs are defined:

TYPE value and meaning

A 1 a host address [RFC1035]
NS 2 an authoritative name server [RFC1035]
MD 3 a mail destination (Obsolete - use MX) [RFC1035]
MF 4 a mail forwarder (Obsolete - use MX) [RFC1035]
CNAME 5 the canonical name for an alias [RFC1035]
SOA 6 marks the start of a zone of authority [RFC1035]
MB 7 a mailbox domain name (EXPERIMENTAL) [RFC1035]
MG 8 a mail group member (EXPERIMENTAL) [RFC1035]
MR 9 a mail rename domain name (EXPERIMENTAL)[RFC1035]
NULL 10 a null RR (EXPERIMENTAL) [RFC1035]
WKS 11 a well known service description [RFC1035]
PTR 12 a domain name pointer [RFC1035]
HINFO 13 host information [RFC1035]
MINFO 14 mailbox or mail list information [RFC1035]
MX 15 mail exchange [RFC1035]
TXT 16 text strings [RFC1035]

RP 17 for Responsible Person [RFC1183]
AFSDB 18 for AFS Data Base location [RFC1183]
X25 19 for X.25 PSDN address [RFC1183]
ISDN 20 for ISDN address [RFC1183]
RT 21 for Route Through [RFC1183]

NSAP 22 for NSAP address, NSAP style A record [RFC1348]
NSAP-PTR 23 for domain name pointer, NSAP style [RFC1348]

SIG 24 for security signature [Donald Eastlake]
KEY 25 for security key [Donald Eastlake]

PX 26 X.400 mail mapping information [RFC1664]

GPOS 27 Geographical Position [Craig Farrell]

AAAA 28 IP6 Address [Susan Thomson]

AXFR 252 transfer of an entire zone [RFC1035]
MAILB 253 mailbox-related RRs (MB, MG or MR) [RFC1035]
MAILA 254 mail agent RRs (Obsolete - see MX) [RFC1035]
* 255 A request for all records [RFC1035]

REFERENCES

[RFC1034] Mockapetris, P., "Domain Names - Concepts and
Facilities", STD 13, RFC 1034, USC/Information Sciences
Institute, November 1987.

[RFC1035] Mockapetris, P., "Domain Names - Implementation and
Specification", STD 13, RFC 1035, USC/Information Sciences
Institute, November 1987.

[RFC1183] Everhart, C., Mamakos, L., Ullmann, R., and P. Mockapetris,
Editors, "New DNS RR Definitions", RFC 1183, Transarc,
University of Maryland, Prime Computer, USC/Information
Sciences Institute, October 1990.

[RFC1348] Manning, B., "DNS NSAP RRs", RFC 1348, Rice University,
July 1992.

[RFC1664] Allocchio, C., Bonito, A., Cole, B., Giordano, S., and R.
Hagens, "Using the Internet DNS to Distribute RFC1327 Mail
Address Mapping Tables", GARR-Italy, Cisco Systems Inc.,
Centro Svizzero Calcolo Scientifico, Advanced Network &
Services, August 1994.

PEOPLE

[Susan Thomson] Susan Thomson <set@swift.bellcore.com>

[PM1] Paul Mockapetris <pvm@isi.edu>

[Donald Eastlake] Donald E. Eastlake, III <dee@ranger.enet.dec.com>

[Craig Farrell]

[]

URL = ftp://ftp.isi.edu/in-notes/iana/assignments/dns-parameters

MAIL ENCODING HEADER FIELD KEYWORDS

[RFC1505] specifies an initial list of keywords for the experimental
encoding header field (EHF-MAIL), and provides that additional
keywords may be registered with the IANA.

Keyword Description Reference
_______ ___________ ____________

EDIFACT EDIFACT format [RFC1505]
EDI-X12 EDI X12 format [ANSI-X12]
EVFU FORTRAN format [RFC1505]
FS File System format [RFC1505]
Hex Hex binary format [RFC1505]
LZJU90 LZJU90 format [RFC1505]
LZW LZW format [RFC1505]
Message Encapsulated Message [RFC822]
PEM, PEM-Clear Privacy Enhanced Mail [RFC1421]
PGP Pretty Good Privacy [RFC1505]
Postscript Postscript format [POSTSCRIPT]
Shar Shell Archive format [RFC1505]
Signature Signature [RFC1505]
Tar Tar format [RFC1505]
Text Text [IS-10646]
uuencode uuencode format [RFC1505]
URL external URL-reference [RFC1505]

MAIL ENCRYPTION TYPES

[RFC822] specifies that Encryption Types for mail may be assigned.
There are currently no RFC 822 encryption types assigned. Please use
instead the Mail Privacy procedures defined in [RFC1421, RFC1422,
RFC1423].

ESMTP MAIL KEYWORDS

[RFC1651] specifies that extension to SMTP can be identified with
keywords.

Keywords Description Reference

------------ -------------------------------- ---------
SEND Send as mail [RFC821]
SOML Send as mail or terminal [RFC821]
SAML Send as mail and terminal [RFC821]
EXPN Expand the mailing list [RFC821]
HELP Supply helpful information [RFC821]
TURN Turn the operation around [RFC821]
8BITMIME Use 8-bit data [RFC1652]
SIZE Message size declaration [RFC1653]
VERB Verbose [Eric Allman]
ONEX One message transaction only [Eric Allman]

MAIL EXTENSION TYPES

The Simple Mail Transfer Protocol [RFC821] specifies a set of
commands or services for mail transfer. A general procedure for
extending the set of services is defined in [RFC1651]. The set of
service extensions is listed here.

Service Ext EHLO Keyword Parameters Verb Reference
----------- ------------ ---------- ---------- ---------
Send SEND none SEND [RFC821]
Send or Mail SOML none SOML [RFC821]
Send and Mail SAML none SAML [RFC821]
Expand EXPN none EXPN [RFC821]
Help HELP none HELP [RFC821]
Turn TURN none TURN [RFC821]
8 Bit MIME 8BITMIME none none [RFC1652]
Size SIZE number none [RFC1653]

MAIL SYSTEM NAMES

In some places, an identification of other mail systems is used.

One of these is in "The COSINE and Internet X.500 Schema" (section
9.3.18) [RFC1274]. The mail system names listed here are used as the
legal values in that schema under the "otherMailbox" attribute
"mailboxType" type (which must be a PrintableString).

Another place is in "Mapping between X.400(1988) / ISO 10021 and RFC
822" (section 4.2.2) [RFC1327]. The names listed here are used as

the legal values in that schema under the "std-or-address" attribute
"registered-dd-type" type (which must be a "key-string").

Note that key-string = <a-z, A-Z, 0-9, and "-" >.

Mail System Name Description Reference
---------------- ------------------------------- ---------
mcimail MCI Mail

MAIL TRANSMISSION TYPES

The Simple Mail Transfer Protocol [RFC821] and the Standard for the
Format of ARPA Internet Text Messages [RFC822] specify that a set of
"Received" lines will be prepended to the headers of electronic mail
messages as they are transported through the Internet. These received
line may optionally include either or both a "via" phrase and/or a
"with" phrase. The legal values for the phrases are listed here. The
via phrase is intended to indicate the link or physical medium over
which the message was transferred. The with phrase is intended to
indicate the protocol or logical process that was used to transfer the
message.

VIA link types Description Reference
-------------- ---------------------------- ---------
UUCP Unix-to-Unix Copy Program [???]

WITH protocol types Description Reference
------------------- ---------------------------- ---------
SMTP Simple Mail Transfer Protocol [RFC821]
ESMTP SMTP with Service Extensions [RFC1651]

REFERENCES

[ANSI-X12]

[POSTSCRIPT] Adobe Systems Inc., "PostScript Langpuage Reference
Manual", 2nd Edition, 2nd Printing, January 1991.

[IS-10646]

[RFC821] Postel, J., "Simple Mail Transfer Protocol", STD 10, RFC 821,
USC/Information Sciences Institute, August 1982.

[RFC822] Crocker, D., "Standard for the Format of ARPA-Internet Text
Messages", STD 11, RFC 822, UDEL, August 1982.

[RFC1274] Barker, P., and S. Kille, "The COSINE and Internet X.500
Schema", RFC 1274, University College London, November 1991.

[RFC1327] Hardcastle-Kille, S., "Mapping between X.400(1988) / ISO
10021 and RFC 822", RFC 1327, University College London,
May 1992.

[RFC1421] Linn, J., "Privacy Enhancement for Internet Electronic
Mail: Part I: Message Encipherment and Authentication
Procedures", RFC 1421, IAB IRTF PSRG, IETF PEM WG,
February 1993.

[RFC1422] Kent, S., "Privacy Enhancement for Internet
Electronic Mail: Part II -- Certificate-Based Key
Management", BBN, IAB IRTF PSRG, IETF PEM, February 1993.

[RFC1423] Balenson, D., "Privacy Enhancement for Internet Electronic
Mail: Part III -- Algorithms, Modes, and Identifiers",
RFC 1423, TIS, IAB IRTF PSRG, IETF PEM WG, February 1993.

[RFC1505] Costanzo, A., Robinson, D., and R. Ullmann, "Encoding Header
Field for Internet Messages", RFC 1505, AKC Consulting,
Computervision Corporation, August 1993.

[RFC1651] Klensin, J., Freed, N., Rose, M., Stefferud, E., and D.
Crocker, "SMTP Service Extensions", RFC 1651, MCI, Innosoft,
Dover Beach Consulting, Inc., Network Management Associates,
Inc., Silicon Graphics, Inc., July 1994.

[RFC1652] Klensin, J., Freed, N., Rose, M., Stefferud, E., and D.
Crocker, "SMTP Service Extension for 8bit-MIMEtransport",
RFC 1652, MCI, Innosoft, Dover Beach Consulting, Inc.,
Network Management Associates, Inc., Silicon Graphics, Inc.,
July 1994.

[RFC1653] Klensin, J., Freed, N., and K. Moore, "SMTP Service
Extension for Message Size Declaration", RFC 1653,
MCI, Innosoft, University of Tennessee, July 1994.

PEOPLE

[Eric Allman]

[]

URL = ftp://ftp.isi.edu/in-notes/iana/assignments/mail-parameters

BOOTP AND DHCP PARAMETERS

The Bootstrap Protocol (BOOTP) [RFC951] describes an IP/UDP
bootstrap protocol (BOOTP) which allows a diskless client machine to
discover its own IP address, the address of a server host, and the
name of a file to be loaded into memory and executed. The Dynamic
Host Configuration Protocol (DHCP) [RFC1531] provides a framework for
automatic configuration of IP hosts. The "DHCP Options and BOOTP
Vendor Information Extensions" [RFC1533] describes the additions to the
Bootstrap Protocol (BOOTP) which can also be used as options with the
Dynamic Host Configuration Protocol (DHCP).

BOOTP Vendor Extensions and DHCP Options are listed below:

Tag Name Data Length Meaning
--- ---- ----------- -------
0 Pad 0 None
1 Subnet Mask 4 Subnet Mask Value
2 Time Offset 4 Time Offset in
Seconds from UTC
3 Gateways N N/4 Gateway addresses
4 Time Server N N/4 Timeserver addresses
5 Name Server N N/4 IEN-116 Server addresses
6 Domain Server N N/4 DNS Server addresses
7 Log Server N N/4 Logging Server addresses
8 Quotes Server N N/4 Quotes Server addresses
9 LPR Server N N/4 Printer Server addresses
10 Impress Server N N/4 Impress Server addresses
11 RLP Server N N/4 RLP Server addresses
12 Hostname N Hostname string
13 Boot File Size 2 Size of boot file in 512 byte
chunks
14 Merit Dump File Client to dump and name
the file to dump it to
15 Domain Name N The DNS domain name of the
client
16 Swap Server N Swap Server addeess
17 Root Path N Path name for root disk
18 Extension File N Path name for more BOOTP info

19 Forward On/Off 1 Enable/Disable IP Forwarding
20 SrcRte On/Off 1 Enable/Disable Source Routing
21 Policy Filter N Routing Policy Filters
22 Max DG Assembly 2 Max Datagram Reassembly Size
23 Default IP TTL 1 Default IP Time to Live
24 MTU Timeout 4 Path MTU Aging Timeout
25 MTU Plateau N Path MTU Plateau Table

26 MTU Interface 2 Interface MTU Size
27 MTU Subnet 1 All Subnets are Local
28 Broadcast Address 4 Broadcast Address
29 Mask Discovery 1 Perform Mask Discovery
30 Mask Supplier 1 Provide Mask to Others
31 Router Discovery 1 Perform Router Discovery
32 Router Request 4 Router Solicitation Address
33 Static Route N Static Routing Table
34 Trailers 1 Trailer Encapsulation
35 ARP Timeout 4 ARP Cache Timeout
36 Ethernet 1 Ethernet Encapsulation
37 Default TCP TTL 1 Default TCP Time to Live
38 Keepalive Time 4 TCP Keepalive Interval
39 Keepalive Data 1 TCP Keepalive Garbage
40 NIS Domain N NIS Domain Name
41 NIS Servers N NIS Server Addresses
42 NTP Servers N NTP Server Addresses
43 Vendor Specific N Vendor Specific Information
44 NETBIOS Name Srv N NETBIOS Name Servers
45 NETBIOS Dist Srv N NETBIOS Datagram Distribution
46 NETBIOS Note Type 1 NETBIOS Note Type
47 NETBIOS Scope N NETBIOS Scope
48 X Window Font N X Window Font Server
49 X Window Manmager N X Window Display Manager
50 Address Request 4 Requested IP Address
51 Address Time 4 IP Address Lease Time
52 Overload 1 Overloaf "sname" or "file"
53 DHCP Msg Type 1 DHCP Message Type
54 DHCP Server Id 4 DHCP Server Identification
55 Parameter List N Parameter Request List
56 DHCP Message N DHCP Error Message
57 DHCP Max Msg Size 2 DHCP Maximum Message Size
58 Renewal Time 4 DHCP Renewal (T1) Time
59 Rebinding Time 4 DHCP Rebinding (T2) Time
60 Class Id N Class Identifier
61 Client Id N Client Identifier
62 Netware/IP Domain N Netware/IP Domain Name
63 Netware/IP Option N Netware/IP sub Options

64-127 Unassigned
128-154 Reserved

255 End 0 None

REFERENCES

[RFC951] Croft, B., and J. Gilmore, "BOOTSTRAP Protocol (BOOTP)",
RFC-951, Stanford and SUN Microsytems, September 1985.

[RFC1531] Droms, R., "Dynamic Host Configuration Protocol", Bucknell
University, October 1993.

[RFC1533] Alexander, S., and R. Droms, "DHCP Options and BOOTP Vendor
Extensions", Lachman Technology, Inc., Bucknell University,
October 1993.

[]

URL = ftp://ftp.isi.edu/in-notes/iana/assignments/bootp-and-dhcp-
parameters

ADDRESS FAMILY NUMBERS

Several protocols deal with multiple address families. The 16-bit
assignments are listed here.

Number Description Reference
------ ---------------------------------------------------- ---------
0 Reserved
1 IP (IP version 4)
2 IP6 (IP version 6)
3 NSAP
4 HDLC (8-bit multidrop)
5 BBN 1822
6 802 (includes all 802 media plus Ethernet "canonical format")
7 E.163
8 E.164 (SMDS, Frame Relay, ATM)
9 F.69 (Telex)
10 X.121 (X.25, Frame Relay)
11 IPX
12 Appletalk
13 Decnet IV
14 Banyan Vines
65535 Reserved

[]

URL = ftp://ftp.isi.edu/in-notes/iana/assignments/address-family-numbers

FOOBAR AF NUMBERS

In the FTP Operation Over Big Address Records (FOOBAR) Protocol
[RFC1639] there is a field, called "address family" or "af", to
identify the lower level protocol addresses in use. This is an 8 bit
field. The first 16 assignments (0-15) of the af value are exactly
the same as the IP Version number. The assignment for values 16-255
are listed here.

Assigned FOOBAR Address Families

Decimal Keyword Address Family References
------- ------- -------------- ----------
16 IPX Novell IPX
17-254 Unassigned
255 Reserved

REFERENCES

[RFC1639] Piscitello, D., "FTP Operation Over Big Address Records
(FOOBAR)", Core Competence, Inc., June 1994.

[]

URL = ftp://ftp.isi.edu/in-notes/iana/assignments/foobar-af-numbers

DIRECTORY SYSTEM NAMES

In the representation of distinquished names (and possibly other
contexts) of the X.500 Directory system, several unique keywords may
be necessary. For example, in the string representation of
distinguished names [RFC1485].

Keyword Attribute (X.520 keys)
------- ---------------------------------
CN CommonName
L LocalityName
ST StateOrProvinceName
O OrganizationName
OU OrganizationalUnitName
C CountryName

REFERENCES

[RFC1485] Hardcastle-Kille, S., "A String Representation of
Distinguished Names (OSI-DS 23 (v5))", RFC1485, ISODE
Consortium, July 1993.

[]

URL = ftp://ftp.isi.edu/in-notes/iana/assignments/directory-system-names

PUBLISHER IDENTIFICATION CODE

The RFC "A Format for E-Mailing Bibliographic Records" [RFC1357]
establishs a "publisher-ID" code. The IANA registry of these codes is
listed here.

Code Publisher Reference
------ ------------------------------------------------------- ---------
DUMMY for testing only [RFC1357]
TEST for testing only [RFC1357]
ISI Information Sciences Institute [JBP]
of the University of Southern California
UMCS University of Manchester Computer Science Department [TXC]

REFERENCES

[RFC1357] Cohen, D., Editor, "A Format for E-mailing Bibliographic
Records", RFC 1357, USC/Information Sciences Institute,
July 1992.

PEOPLE

[JBP] Jon Postel <postel@isi.edu>

[TXC] Tim Clement <timc@cs.man.ac.uk>

[]

URL = ftp://ftp.isi.edu/in-notes/iana/assignments/publisher-id

OSPF AUTHENTICATION CODES

The Open Shotrest Path First (OSPF) protocols has a provision for
authentication, and the type of authentication can me indicated by a
code number. The following are the registered authentication codes.

Code Authentication Method Reference
---- --------------------- ---------
0 No Authentication [RFC1583]
1 Simple Password Authentication [RFC1583]
2-65535 Reserved

REFERENCES

[RFC1583] Moy, J., "OSPF Version 2", RFC 1583, Proteon, Inc., March
1994.

[RFC1584] Moy, J., "Multicast Extensions to OSPF", RFC 1584, Proteon,
Inc., March 1994.

[RFC1585] Moy, J., "MOSPF: Analysis and Experience", RFC 1585,
Proteon, Inc., March 1994.

[RFC1586] deSouza, O., and M. Rodrigues, "Guidelines for Running OSPF
Over Frame Relay Networks", RFC 1586, AT&T Bell
Laboratories, March 1994.

[RFC1587] Coltun, R., and V. Fuller, "The OSPF NSSA Option", RFC 1587,
RainbowBridge Communications, BARRNet, March 1994.

[]

URL = ftp://ftp.isi.edu/in-notes/iana/assignments/ospf-authentication-
codes

MEDIA TYPES

[RFC1521] specifies that Content Types, Content Subtypes, Character
Sets, Access Types, and Conversion values for MIME mail will be
assigned and listed by the IANA.

Content Types and Subtypes
--------------------------

Type Subtype Description Reference
---- ------- ----------- ---------
text plain [RFC1521,NSB]
richtext [RFC1521,NSB]
tab-separated-values [Paul Lindner]

multipart mixed [RFC1521,NSB]
alternative [RFC1521,NSB]
digest [RFC1521,NSB]
parallel [RFC1521,NSB]
appledouble [MacMime,Patrik Faltstrom]
header-set [Dave Crocker]

message rfc822 [RFC1521,NSB]
partial [RFC1521,NSB]
external-body [RFC1521,NSB]
news [RFC 1036, Henry Spencer]

application octet-stream [RFC1521,NSB]
postscript [RFC1521,NSB]
oda [RFC1521,NSB]
atomicmail [atomicmail,NSB]
andrew-inset [andrew-inset,NSB]
slate [slate,terry crowley]
wita [Wang Info Transfer,Larry Campbell]
dec-dx [Digital Doc Trans, Larry Campbell]
dca-rft [IBM Doc Content Arch, Larry Campbell]
activemessage [Ehud Shapiro]
rtf [Paul Lindner]
applefile [MacMime,Patrik Faltstrom]
mac-binhex40 [MacMime,Patrik Faltstrom]
news-message-id [RFC1036, Henry Spencer]
news-transmission [RFC1036, Henry Spencer]
wordperfect5.1 [Paul Lindner]
pdf [Paul Lindner]
zip [Paul Lindner]
macwriteii [Paul Lindner]

msword [Paul Lindner]
remote-printing [RFC1486,MTR]

image jpeg [RFC1521,NSB]
gif [RFC1521,NSB]
ief Image Exchange Format [RFC1314]
tiff Tag Image File Format [MTR]

audio basic [RFC1521,NSB]

video mpeg [RFC1521,NSB]
quicktime [Paul Lindner]

The "media-types" directory contains a subdirectory for each content
type and each of those directories contains a file for each content
subtype.

|-application-
|-audio-------
|-image-------
|-media-types-|-message-----
|-multipart---
|-text--------
|-video-------

URL = ftp://ftp.isi.edu/in-notes/iana/assignments/media-types

Character Sets
--------------

All of the character sets listed the section on Character Sets are
registered for use with MIME as MIME Character Sets. The
correspondance between the few character sets listed in the MIME
specification [RFC1521] and the list in that section are:

Type Description Reference
---- ----------- ---------
US-ASCII see ANSI_X3.4-1968 below [RFC1521,NSB]
ISO-8859-1 see ISO_8859-1:1987 below [RFC1521,NSB]
ISO-8859-2 see ISO_8859-2:1987 below [RFC1521,NSB]
ISO-8859-3 see ISO_8859-3:1988 below [RFC1521,NSB]
ISO-8859-4 see ISO_8859-4:1988 below [RFC1521,NSB]
ISO-8859-5 see ISO_8859-5:1988 below [RFC1521,NSB]
ISO-8859-6 see ISO_8859-6:1987 below [RFC1521,NSB]
ISO-8859-7 see ISO_8859-7:1987 below [RFC1521,NSB]
ISO-8859-8 see ISO_8859-8:1988 below [RFC1521,NSB]
ISO-8859-9 see ISO_8859-9:1989 below [RFC1521,NSB]

Access Types
------------

Type Description Reference
---- ----------- ---------
FTP [RFC1521,NSB]
ANON-FTP [RFC1521,NSB]
TFTP [RFC1521,NSB]
AFS [RFC1521,NSB]
LOCAL-FILE [RFC1521,NSB]
MAIL-SERVER [RFC1521,NSB]

Conversion Values
-----------------

Conversion values or Content Transfer Encodings.

Type Description Reference
---- ----------- ---------
7BIT [RFC1521,NSB]
8BIT [RFC1521,NSB]
BASE64 [RFC1521,NSB]
BINARY [RFC1521,NSB]
QUOTED-PRINTABLE [RFC1521,NSB]

MIME / X.400 MAPPING TABLES

MIME to X.400 Table

MIME content-type X.400 Body Part Reference
----------------- ------------------ ---------
text/plain
charset=us-ascii ia5-text [RFC1494]
charset=iso-8859-x EBP - GeneralText [RFC1494]
text/richtext no mapping defined [RFC1494]
application/oda EBP - ODA [RFC1494]
application/octet-stream bilaterally-defined [RFC1494]
application/postscript EBP - mime-postscript-body [RFC1494]
image/g3fax g3-facsimile [RFC1494]
image/jpeg EBP - mime-jpeg-body [RFC1494]
image/gif EBP - mime-gif-body [RFC1494]
audio/basic no mapping defined [RFC1494]
video/mpeg no mapping defined [RFC1494]

Abbreviation: EBP - Extended Body Part

X.400 to MIME Table

Basic Body Parts

X.400 Basic Body Part MIME content-type Reference
--------------------- -------------------- ---------
ia5-text text/plain;charset=us-ascii [RFC1494]
voice No Mapping Defined [RFC1494]
g3-facsimile image/g3fax [RFC1494]
g4-class1 no mapping defined [RFC1494]
teletex no mapping defined [RFC1494]
videotex no mapping defined [RFC1494]
encrypted no mapping defined [RFC1494]
bilaterally-defined application/octet-stream [RFC1494]
nationally-defined no mapping defined [RFC1494]
externally-defined See Extended Body Parts [RFC1494]

X.400 Extended Body Part MIME content-type Reference
------------------------- -------------------- ---------
GeneralText text/plain;charset=iso-8859-x[RFC1494]
ODA application/oda [RFC1494]
mime-postscript-body application/postscript [RFC1494]
mime-jpeg-body image/jpeg [RFC1494]
mime-gif-body image/gif [RFC1494]

REFERENCES

[MacMime] Work in Progress.

[RFC1036] Horton, M., and R. Adams, "Standard for Interchange of
USENET Messages", RFC 1036, AT&T Bell Laboratories,
Center for Seismic Studies, December 1987.

[RFC1494] Alvestrand, H., and S. Thompson, "Equivalences between 1988
X.400 and RFC-822 Message Bodies", RFC 1494, SINTEF DELAB,
Soft*Switch, Inc., August 1993.

[RFC1521] Borenstien, N., and N. Freed, "MIME (Multipurpose Internet
Mail Extensions) Part One: Mechanisms for Specifying and
Describing the Format of Internet Message Bodies", RFC 1521,
Bellcore, Innosoft, September 1993.

PEOPLE

[Larry Campbell]

[Dave Crocker] Dave Crocker <dcrocker@mordor.stanford.edu>

[Terry Crowley]

[NSB] Nathaniel Borenstein <nsb@bellcore.com>

[MTR] Marshall Rose <mrose@dbc.mtview.ca.us>

[Paul Lindner]

[PXF] Patrik Faltstrom <paf@nada.kth.se>

[Ehud Shapiro]

[Henry Spencer]

[]

URL = ftp://ftp.isi.edu/in-notes/iana/assignments/media-types/media-
types

CHARACTER SETS

These are the official names for character sets that may be used in
the Internet and may be referred to in Internet documentation. These
names are expressed in ANSI_X3.4-1968 which is commonly called
US-ASCII or simply ASCII. The character set most commonly use in the
Internet and used especially in protocol standards is US-ASCII, this
is strongly encouraged. The use of the name US-ASCII is also
encouraged.

The character set names may be up to 40 characters taken from the
printable characters of US-ASCII. However, no distinction is made
between use of upper and lower case letters.

Character Set Reference
------------- ---------

Name: ANSI_X3.4-1968 [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-6
Alias: ANSI_X3.4-1986
Alias: ISO_646.irv:1991
Alias: ASCII
Alias: ISO646-US
Alias: US-ASCII
Alias: us
Alias: IBM367
Alias: cp367

Name: ISO-10646-UCS-2
Source: the 2-octet Basic Multilingual Plane, aka Unicode
this needs to specify network byte order: the standard
does not specify (it is a 16-bit integer space)

Name: ISO-10646-UCS-4
Source: the full code space. (same comment about byte order,
these are 31-bit numbers.

Name: ISO-10646-UTF-1
Source: Universal Transfer Format (1), this is the multibyte
encoding, that subsets ASCII-7. It does not have byte
ordering issues.

Name: ISO_646.basic:1983 [RFC1345,KXS2]
Source: ECMA registry
Alias: ref

Name: INVARIANT [RFC1345,KXS2]

Name: ISO_646.irv:1983 [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-2
Alias: irv

Name: BS_4730 [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-4
Alias: ISO646-GB
Alias: gb
Alias: uk

Name: NATS-SEFI [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-8-1

Name: NATS-SEFI-ADD [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-8-2

Name: NATS-DANO [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-9-1

Name: NATS-DANO-ADD [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-9-2

Name: SEN_850200_B [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-10
Alias: FI
Alias: ISO646-FI
Alias: ISO646-SE
Alias: se

Name: SEN_850200_C [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-11
Alias: ISO646-SE2
Alias: se2

Name: KS_C_5601-1987 [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-149
Alias: KS_C_5601-1989

Alias: KSC_5601
Alias: korean

Name: ISO-2022-KR [RFC1557,Choi]
Source: RFC-1557 (see also KS_C_5601-1987)

Name: EUC-KR [RFC1557,Choi]
Source: RFC-1557 (see also KS_C_5861-1992)

Name: ISO-2022-JP [RFC1468,Murai]
Source: RFC-1468

Name: ISO-2022-JP-2 [RFC1554,Ohta]
Source: RFC-1554

Name: JIS_C6220-1969-jp [RFC1345,KXS2]
Source: ECMA registry
Alias: JIS_C6220-1969
Alias: iso-ir-13
Alias: katakana
Alias: x0201-7

Name: JIS_C6220-1969-ro [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-14
Alias: jp
Alias: ISO646-JP

Name: IT [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-15
Alias: ISO646-IT

Name: PT [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-16
Alias: ISO646-PT

Name: ES [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-17
Alias: ISO646-ES

Name: greek7-old [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-18

Name: latin-greek [RFC1345,KXS2]

Source: ECMA registry
Alias: iso-ir-19

Name: DIN_66003 [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-21
Alias: de
Alias: ISO646-DE

Name: NF_Z_62-010_(1973) [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-25
Alias: ISO646-FR1

Name: Latin-greek-1 [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-27

Name: ISO_5427 [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-37

Name: JIS_C6226-1978 [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-42

Name: BS_viewdata [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-47

Name: INIS [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-49

Name: INIS-8 [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-50

Name: INIS-cyrillic [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-51

Name: ISO_5427:1981 [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-54

Name: ISO_5428:1980 [RFC1345,KXS2]
Source: ECMA registry

Alias: iso-ir-55

Name: GB_1988-80 [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-57
Alias: cn
Alias: ISO646-CN

Name: GB_2312-80 [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-58
Alias: chinese

Name: NS_4551-1 [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-60
Alias: ISO646-NO
Alias: no

Name: NS_4551-2 [RFC1345,KXS2]
Source: ECMA registry
Alias: ISO646-NO2
Alias: iso-ir-61
Alias: no2

Name: NF_Z_62-010 [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-69
Alias: ISO646-FR
Alias: fr

Name: videotex-suppl [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-70

Name: PT2 [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-84
Alias: ISO646-PT2

Name: ES2 [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-85
Alias: ISO646-ES2

Name: MSZ_7795.3 [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-86

Alias: ISO646-HU
Alias: hu

Name: JIS_C6226-1983 [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-87
Alias: x0208
Alias: JIS_X0208-1983

Name: greek7 [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-88

Name: ASMO_449 [RFC1345,KXS2]
Source: ECMA registry
Alias: ISO_9036
Alias: arabic7
Alias: iso-ir-89

Name: iso-ir-90 [RFC1345,KXS2]
Source: ECMA registry

Name: JIS_C6229-1984-a [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-91
Alias: jp-ocr-a

Name: JIS_C6229-1984-b [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-92
Alias: ISO646-JP-OCR-B
Alias: jp-ocr-b

Name: JIS_C6229-1984-b-add [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-93
Alias: jp-ocr-b-add

Name: JIS_C6229-1984-hand [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-94
Alias: jp-ocr-hand

Name: JIS_C6229-1984-hand-add [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-95
Alias: jp-ocr-hand-add

Name: JIS_C6229-1984-kana [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-96

Name: ISO_2033-1983 [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-98
Alias: e13b

Name: ANSI_X3.110-1983 [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-99
Alias: CSA_T500-1983
Alias: NAPLPS

Name: ISO_8859-1:1987 [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-100
Alias: ISO_8859-1
Alias: ISO-8859-1
Alias: latin1
Alias: l1
Alias: IBM819
Alias: CP819

Name: ISO_8859-2:1987 [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-101
Alias: ISO_8859-2
Alias: ISO-8859-2
Alias: latin2
Alias: l2

Name: T.61-7bit [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-102

Name: T.61-8bit [RFC1345,KXS2]
Alias: T.61
Source: ECMA registry
Alias: iso-ir-103

Name: ISO_8859-3:1988 [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-109
Alias: ISO_8859-3
Alias: ISO-8859-3
Alias: latin3

Alias: l3

Name: ISO_8859-4:1988 [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-110
Alias: ISO_8859-4
Alias: ISO-8859-4
Alias: latin4
Alias: l4

Name: ECMA-cyrillic [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-111

Name: CSA_Z243.4-1985-1 [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-121
Alias: ISO646-CA
Alias: csa7-1
Alias: ca

Name: CSA_Z243.4-1985-2 [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-122
Alias: ISO646-CA2
Alias: csa7-2

Name: CSA_Z243.4-1985-gr [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-123

Name: ISO_8859-6:1987 [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-127
Alias: ISO_8859-6
Alias: ISO-8859-6
Alias: ECMA-114
Alias: ASMO-708
Alias: arabic

Name: ISO_8859-6-E [RFC1556,IANA]
Source: RFC-1556

Name: ISO_8859-6-I [RFC1556,IANA]
Source: RFC-1556

Name: ISO_8859-7:1987 [RFC1345,KXS2]
Source: ECMA registry

Alias: iso-ir-126
Alias: ISO_8859-7
Alias: ISO-8859-7
Alias: ELOT_928
Alias: ECMA-118
Alias: greek
Alias: greek8

Name: T.101-G2 [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-128

Name: ISO_8859-8:1988 [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-138
Alias: ISO_8859-8
Alias: ISO-8859-8
Alias: hebrew

Name: ISO_8859-8-E [RFC1556,Nussbacher]
Source: RFC-1556

Name: ISO_8859-8-I [RFC1556,Nussbacher]
Source: RFC-1556

Name: CSN_369103 [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-139

Name: JUS_I.B1.002 [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-141
Alias: ISO646-YU
Alias: js
Alias: yu

Name: ISO_6937-2-add [RFC1345,KXS2]
Source: ECMA registry and ISO 6937-2:1983
Alias: iso-ir-142

Name: IEC_P27-1 [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-143

Name: ISO_8859-5:1988 [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-144
Alias: ISO_8859-5

Alias: ISO-8859-5
Alias: cyrillic

Name: JUS_I.B1.003-serb [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-146
Alias: serbian

Name: JUS_I.B1.003-mac [RFC1345,KXS2]
Source: ECMA registry
Alias: macedonian
Alias: iso-ir-147

Name: ISO_8859-9:1989 [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-148
Alias: ISO_8859-9
Alias: ISO-8859-9
Alias: latin5
Alias: l5

Name: greek-ccitt [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-150

Name: NC_NC00-10:81 [RFC1345,KXS2]
Source: ECMA registry
Alias: cuba
Alias: iso-ir-151
Alias: ISO646-CU

Name: ISO_6937-2-25 [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-152

Name: GOST_19768-74 [RFC1345,KXS2]
Source: ECMA registry
Alias: ST_SEV_358-88
Alias: iso-ir-153

Name: ISO_8859-supp [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-154
Alias: latin1-2-5

Name: ISO_10367-box [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-155

Name: latin6 [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-157
Alias: l6

Name: latin-lap [RFC1345,KXS2]
Source: ECMA registry
Alias: lap
Alias: iso-ir-158

Name: JIS_X0212-1990 [RFC1345,KXS2]
Source: ECMA registry
Alias: x0212
Alias: iso-ir-159

Name: DS_2089 [RFC1345,KXS2]
Source: Danish Standard, DS 2089, February 1974
Alias: DS2089
Alias: ISO646-DK
Alias: dk

Name: us-dk [RFC1345,KXS2]

Name: dk-us [RFC1345,KXS2]

Name: JIS_X0201 [RFC1345,KXS2]
Alias: X0201

Name: KSC5636 [RFC1345,KXS2]
Alias: ISO646-KR

Name: DEC-MCS [RFC1345,KXS2]
Source: VAX/VMS User's Manual,
Order Number: AI-Y517A-TE, April 1986.
Alias: dec

Name: hp-roman8 [RFC1345,KXS2]
Source: LaserJet IIP Printer User's Manual,
HP part no 33471-90901, Hewlet-Packard, June 1989.
Alias: roman8
Alias: r8

Name: macintosh [RFC1345,KXS2]
Source: The Unicode Standard ver1.0, ISBN 0-201-56788-1, Oct 1991
Alias: mac

Name: IBM037 [RFC1345,KXS2]
Source: IBM NLS RM Vol2 SE09-8002-01, March 1990

Alias: cp037
Alias: ebcdic-cp-us
Alias: ebcdic-cp-ca
Alias: ebcdic-cp-wt
Alias: ebcdic-cp-nl

Name: IBM038 [RFC1345,KXS2]
Source: IBM 3174 Character Set Ref, GA27-3831-02, March 1990
Alias: EBCDIC-INT
Alias: cp038

Name: IBM273 [RFC1345,KXS2]
Source: IBM NLS RM Vol2 SE09-8002-01, March 1990
Alias: CP273

Name: IBM274 [RFC1345,KXS2]
Source: IBM 3174 Character Set Ref, GA27-3831-02, March 1990
Alias: EBCDIC-BE
Alias: CP274

Name: IBM275 [RFC1345,KXS2]
Source: IBM NLS RM Vol2 SE09-8002-01, March 1990
Alias: EBCDIC-BR
Alias: cp275

Name: IBM277 [RFC1345,KXS2]
Source: IBM NLS RM Vol2 SE09-8002-01, March 1990
Alias: EBCDIC-CP-DK
Alias: EBCDIC-CP-NO

Name: IBM278 [RFC1345,KXS2]
Source: IBM NLS RM Vol2 SE09-8002-01, March 1990
Alias: CP278
Alias: ebcdic-cp-fi
Alias: ebcdic-cp-se

Name: IBM280 [RFC1345,KXS2]
Source: IBM NLS RM Vol2 SE09-8002-01, March 1990
Alias: CP280
Alias: ebcdic-cp-it

Name: IBM281 [RFC1345,KXS2]
Source: IBM 3174 Character Set Ref, GA27-3831-02, March 1990
Alias: EBCDIC-JP-E
Alias: cp281

Name: IBM284 [RFC1345,KXS2]
Source: IBM NLS RM Vol2 SE09-8002-01, March 1990

Alias: CP284
Alias: ebcdic-cp-es

Name: IBM285 [RFC1345,KXS2]
Source: IBM NLS RM Vol2 SE09-8002-01, March 1990
Alias: CP285
Alias: ebcdic-cp-gb

Name: IBM290 [RFC1345,KXS2]
Source: IBM 3174 Character Set Ref, GA27-3831-02, March 1990
Alias: cp290
Alias: EBCDIC-JP-kana

Name: IBM297 [RFC1345,KXS2]
Source: IBM NLS RM Vol2 SE09-8002-01, March 1990
Alias: cp297
Alias: ebcdic-cp-fr

Name: IBM420 [RFC1345,KXS2]
Source: IBM NLS RM Vol2 SE09-8002-01, March 1990,
IBM NLS RM p 11-11
Alias: cp420
Alias: ebcdic-cp-ar1

Name: IBM423 [RFC1345,KXS2]
Source: IBM NLS RM Vol2 SE09-8002-01, March 1990
Alias: cp423
Alias: ebcdic-cp-gr

Name: IBM424 [RFC1345,KXS2]
Source: IBM NLS RM Vol2 SE09-8002-01, March 1990
Alias: cp424
Alias: ebcdic-cp-he

Name: IBM437 [RFC1345,KXS2]
Source: IBM NLS RM Vol2 SE09-8002-01, March 1990
Alias: cp437
Alias: 437

Name: IBM500 [RFC1345,KXS2]
Source: IBM NLS RM Vol2 SE09-8002-01, March 1990
Alias: CP500
Alias: ebcdic-cp-be
Alias: ebcdic-cp-ch

Name: IBM850 [RFC1345,KXS2]
Source: IBM NLS RM Vol2 SE09-8002-01, March 1990
Alias: cp850

Alias: 850

Name: IBM851 [RFC1345,KXS2]
Source: IBM NLS RM Vol2 SE09-8002-01, March 1990
Alias: cp851
Alias: 851

Name: IBM852 [RFC1345,KXS2]
Source: IBM NLS RM Vol2 SE09-8002-01, March 1990
Alias: cp852
Alias: 852

Name: IBM855 [RFC1345,KXS2]
Source: IBM NLS RM Vol2 SE09-8002-01, March 1990
Alias: cp855
Alias: 855

Name: IBM857 [RFC1345,KXS2]
Source: IBM NLS RM Vol2 SE09-8002-01, March 1990
Alias: cp857
Alias: 857

Name: IBM860 [RFC1345,KXS2]
Source: IBM NLS RM Vol2 SE09-8002-01, March 1990
Alias: cp860
Alias: 860

Name: IBM861 [RFC1345,KXS2]
Source: IBM NLS RM Vol2 SE09-8002-01, March 1990
Alias: cp861
Alias: 861
Alias: cp-is

Name: IBM862 [RFC1345,KXS2]
Source: IBM NLS RM Vol2 SE09-8002-01, March 1990
Alias: cp862
Alias: 862

Name: IBM863 [RFC1345,KXS2]
Source: IBM Keyboard layouts and code pages, PN 07G4586 June 1991
Alias: cp863
Alias: 863

Name: IBM864 [RFC1345,KXS2]
Source: IBM Keyboard layouts and code pages, PN 07G4586 June 1991
Alias: cp864

Name: IBM865 [RFC1345,KXS2]

Source: IBM DOS 3.3 Ref (Abridged), 94X9575 (Feb 1987)
Alias: cp865
Alias: 865

Name: IBM868 [RFC1345,KXS2]
Source: IBM NLS RM Vol2 SE09-8002-01, March 1990
Alias: CP868
Alias: cp-ar

Name: IBM869 [RFC1345,KXS2]
Source: IBM Keyboard layouts and code pages, PN 07G4586 June 1991
Alias: cp869
Alias: 869
Alias: cp-gr

Name: IBM870 [RFC1345,KXS2]
Source: IBM NLS RM Vol2 SE09-8002-01, March 1990
Alias: CP870
Alias: ebcdic-cp-roece
Alias: ebcdic-cp-yu

Name: IBM871 [RFC1345,KXS2]
Source: IBM NLS RM Vol2 SE09-8002-01, March 1990
Alias: CP871
Alias: ebcdic-cp-is

Name: IBM880 [RFC1345,KXS2]
Source: IBM NLS RM Vol2 SE09-8002-01, March 1990
Alias: cp880
Alias: EBCDIC-Cyrillic

Name: IBM891 [RFC1345,KXS2]
Source: IBM NLS RM Vol2 SE09-8002-01, March 1990
Alias: cp891

Name: IBM903 [RFC1345,KXS2]
Source: IBM NLS RM Vol2 SE09-8002-01, March 1990
Alias: cp903

Name: IBM904 [RFC1345,KXS2]
Source: IBM NLS RM Vol2 SE09-8002-01, March 1990
Alias: cp904
Alias: 904

Name: IBM905 [RFC1345,KXS2]
Source: IBM 3174 Character Set Ref, GA27-3831-02, March 1990
Alias: CP905
Alias: ebcdic-cp-tr

Name: IBM918 [RFC1345,KXS2]
Source: IBM NLS RM Vol2 SE09-8002-01, March 1990
Alias: CP918
Alias: ebcdic-cp-ar2

Name: IBM1026 [RFC1345,KXS2]
Source: IBM NLS RM Vol2 SE09-8002-01, March 1990
Alias: CP1026

Name: EBCDIC-AT-DE [RFC1345,KXS2]
Source: IBM 3270 Char Set Ref Ch 10, GA27-2837-9, April 1987

Name: EBCDIC-AT-DE-A [RFC1345,KXS2]
Source: IBM 3270 Char Set Ref Ch 10, GA27-2837-9, April 1987

Name: EBCDIC-CA-FR [RFC1345,KXS2]
Source: IBM 3270 Char Set Ref Ch 10, GA27-2837-9, April 1987

Name: EBCDIC-DK-NO [RFC1345,KXS2]
Source: IBM 3270 Char Set Ref Ch 10, GA27-2837-9, April 1987

Name: EBCDIC-DK-NO-A [RFC1345,KXS2]
Source: IBM 3270 Char Set Ref Ch 10, GA27-2837-9, April 1987

Name: EBCDIC-FI-SE [RFC1345,KXS2]
Source: IBM 3270 Char Set Ref Ch 10, GA27-2837-9, April 1987

Name: EBCDIC-FI-SE-A [RFC1345,KXS2]
Source: IBM 3270 Char Set Ref Ch 10, GA27-2837-9, April 1987

Name: EBCDIC-FR [RFC1345,KXS2]
Source: IBM 3270 Char Set Ref Ch 10, GA27-2837-9, April 1987

Name: EBCDIC-IT [RFC1345,KXS2]
Source: IBM 3270 Char Set Ref Ch 10, GA27-2837-9, April 1987

Name: EBCDIC-PT [RFC1345,KXS2]
Source: IBM 3270 Char Set Ref Ch 10, GA27-2837-9, April 1987

Name: EBCDIC-ES [RFC1345,KXS2]
Source: IBM 3270 Char Set Ref Ch 10, GA27-2837-9, April 1987

Name: EBCDIC-ES-A [RFC1345,KXS2]
Source: IBM 3270 Char Set Ref Ch 10, GA27-2837-9, April 1987

Name: EBCDIC-ES-S [RFC1345,KXS2]
Source: IBM 3270 Char Set Ref Ch 10, GA27-2837-9, April 1987

Name: EBCDIC-UK [RFC1345,KXS2]
Source: IBM 3270 Char Set Ref Ch 10, GA27-2837-9, April 1987

Name: EBCDIC-US [RFC1345,KXS2]
Source: IBM 3270 Char Set Ref Ch 10, GA27-2837-9, April 1987

Name: UNKNOWN-8BIT [RFC1428]

Name: MNEMONIC [RFC1345,KXS2]
Source: RFC 1345, also known as "mnemonic+ascii+38"

Name: MNEM [RFC1345,KXS2]
Source: RFC 1345, also known as "mnemonic+ascii+8200"

Name: VISCII [RFC1456]
Source: RFC 1456

Name: VIQR [RFC1456]
Source: RFC 1456

Name: KOI8-R [RFC1489]
Source: RFC 1489, based on GOST-19768-74, ISO-6937/8,
INIS-Cyrillic, ISO-5427.

Name: UNICODE-1-1 [RFC1641]
Source: RFC 1641

Name: UNICODE-1-1-UTF-7 [RFC1642]
Source: RFC 1642

REFERENCES

[RFC1345] Simonsen, K., "Character Mnemonics & Character Sets",
RFC 1345, Rationel Almen Planlaegning, Rationel Almen
Planlaegning, June 1992.

[RFC1428] Vaudreuil, G., "Transition of Internet Mail from
Just-Send-8 to 8bit-SMTP/MIME", RFC1428, CNRI, February
1993.

[RFC1456] Vietnamese Standardization Working Group, "Conventions for
Encoding the Vietnamese Language VISCII: VIetnamese
Standard Code for Information Interchange VIQR: VIetnamese
Quoted-Readable Specification Revision 1.1", RFC 1456, May
1993.

[RFC1468] Murai, J., Crispin, M., and E. van der Poel, "Japanese
Character Encoding for Internet Messages", RFC 1468,

Keio University, Panda Programming, June 1993.

[RFC1489] Chernov, A., "Registration of a Cyrillic Character Set",
RFC1489, RELCOM Development Team, July 1993.

[RFC1554] Ohta, M., and K. Handa, "ISO-2022-JP-2: Multilingual
Extension of ISO-2022-JP", RFC1554, Tokyo Institute of
Technology, ETL, December 1993.

[RFC1556] Nussbacher, H., "Handling of Bi-directional Texts in MIME",
RFC1556, Israeli Inter-University, December 1993.

[RFC1557] Choi, U., Chon, K., and H. Park, "Korean Character Encoding
for Internet Messages", KAIST, Solvit Chosun Media,
December 1993.

[RFC1641] Goldsmith, D., and M. Davis, "Using Unicode with MIME",
RFC1641, Taligent, Inc., July 1994.

[RFC1642] Goldsmith, D., and M. Davis, "UTF-7", RFC1642, Taligent,
Inc., July 1994.

PEOPLE

[KXS2] Keld Simonsen <Keld.Simonsen@dkuug.dk>

[Choi] Uhhyung Choi <uhhyung@kaist.ac.kr>

[Murai] Jun Murai <jun@wide.ad.jp>

[Ohta] Masataka Ohta <mohta@cc.titech.ac.jp>

[Nussbacher] Hank Nussbacher <hank@vm.tau.ac.il>

[]

URL = ftp://ftp.isi.edu/in-notes/iana/assignments/character-sets

NETWORK MANAGEMENT PARAMETERS

For the management of hosts and gateways on the Internet a data
structure for the information has been defined. This data structure
should be used with any of several possible management protocols, such
as the "Simple Network Management Protocol" (SNMP) [RFC1157], or the
"Common Management Information Protocol over TCP" (CMOT) [RFC1095].

The data structure is the "Structure and Indentification of Management
Information for TCP/IP-based Internets" (SMI) [RFC1155], and the
"Management Information Base for Network Management of TCP/IP-based
Internets" (MIB-II) [RFC1213].

The SMI includes the provision for panrameters or codes to indicate
experimental or private data structures. These parameter assignments
are listed here.

The older "Simple Gateway Monitoring Protocol" (SGMP) [RFC1028] also
defined a data structure. The parameter assignments used with SGMP
are included here for historical completeness.

The network management object identifiers are under the iso (1), org
(3), dod (6), internet (1), or 1.3.6.1, branch of the name space.

The major branches are:

1 iso
1.3 org
1.3.6 dod
1.3.6.1 internet
1.3.6.1.1 directory
1.3.6.1.2 mgmt
1.3.6.1.2.1 mib-2
1.3.6.1.2.1.2.2.1.3 ifType
1.3.6.1.2.1.10 transmission
1.3.6.1.2.1.10.23 transmission.ppp
1.3.6.1.2.1.27 application
1.3.6.1.2.1.28 mta
1.3.6.1.3 experimental
1.3.6.1.4 private
1.3.6.1.4.1 enterprise
1.3.6.1.5 security
1.3.6.1.6 SNMPv2
1.3.6.1.7 mail

SMI Network Management Directory Codes:

Prefix: iso.org.dod.internet.directory (1.3.6.1.1.)

Decimal Name Description References
------- ---- ----------- ----------
all Reserved Reserved for future use [IANA]

SMI Network Management MGMT Codes:

Prefix: iso.org.dod.internet.mgmt (1.3.6.1.2.)

Decimal Name Description References
------- ---- ----------- ----------
0 Reserved [IANA]
1 MIB [KZM]

Prefix: iso.org.dod.internet.mgmt.mib-2 (1.3.6.1.2.1)

Decimal Name Description References
------- ---- ----------- ----------
0 Reserved Reserved [IANA]
1 system System [RFC1213,KZM]
2 interfaces Interfaces [RFC1213,KZM]
3 at Address Translation [RFC1213,KZM]
4 ip Internet Protocol [RFC1213,KZM]
5 icmp Internet Control Message [RFC1213,KZM]
6 tcp Transmission Control Protocol[RFC1213,KZM]
7 udp User Datagram Protocol [RFC1213,KZM]
8 egp Exterior Gateway Protocol [RFC1213,KZM]
9 cmot CMIP over TCP [RFC1213,KZM]
10 transmission Transmission [RFC1213,KZM]
11 snmp Simple Network Management [RFC1213,KZM]
12 GenericIF Generic Interface Extensions
-- [RFC1229,RFC1239,KZM]
13 Appletalk Appletalk Networking [RFC1243,SXW]
14 ospf Open Shortest Path First [RFC1253,FB77]
15 bgp Border Gateway Protocol [RFC1657]
16 rmon Remote Network Monitoring [RFC1271,SXW]
17 bridge Bridge Objects [RFC1286,EXD]
18 DecnetP4 Decnet Phase 4 [RFC1559, Saperia]
19 Character Character Streams [RFC1658]
20 snmpParties SNMP Parties [RFC1353,KZM]
21 snmpSecrets SNMP Secrets [RFC1353,KZM]
22 snmpDot3RptrMgt [RFC1516]
23 rip-2 Routing Information Protocol [RFC1389]
24 ident Identification Protocol [RFC1414]
25 host Host Resources [RFC1514]
26 snmpDot3MauMgt 802.3 Medium Attachment Units [RFC1515]
27 application Network Services Monitoring [RFC1565]
28 mta Mail Monitoring [RFC1566]
29 dsa X.500 Directory Monitoring [RFC1567]

30 IANAifType Interface Types [RFC1573]
31 ifMIB Interface Types [RFC1573]
32 dns Domain Name System [RFC1611]
33 upsMIB Uninterruptible Power Supplies [RFC1628]
34 sannauMIB SNA NAU MIB [RFC1665]
35 etherMIB Ethernet-like generic objects [RFC1650]
36 sipMIB SMDS inteface objects [RFC1694]
37 atmMIB ATM objects [RFC1695]
38 mdmMIB Dial-up modem objects [RFC1696]
39 rdbmsMIB relational database objects [RFC1697]

Prefix: iso.org.dod.internet.mgmt.mib-2.interface (1.3.6.1.2.1.2)

(1.3.6.1.2.1.2.2.1.3)

ifType definitions

Decimal Name Description
------- ---- -----------
1 other none of the following [RFC1213]
2 regular1822 BBN Report 1822 [RFC1213]
3 hdh1822 BBN Report 1822 [RFC1213]
4 ddn-x25 BBN Report 1822 [RFC1213]
5 x25 X.25 [RFC1382]
6 ethernet-csmacd [RFC1213]
7 IEEE802.3 CSMACD--like Objects [RF1284,JXC]
8 IEEE802.4 Token Bus-like Objects
-- [RFC1230,RFC1239,KZM]
9 IEEE802.5 Token Ring-like Objects
-- [RFC1231,RFC1239,KZM]
10 iso88026-man [RFC1213]
11 starLan [RFC1213]
12 proteon-10Mbit [RFC1213]
13 proteon-80Mbit [RFC1213]
14 hyperchannel [RFC1213]
15 FDDI FDDI Objects [RFC1285,JDC20]
16 lapb LAP B [RFC1381]
17 sdlc [RFC1213]
18 ds1 T1/E1 Carrier Objects [RFC1406]
19 e1 obsolete
20 basicISDN [RFC1213]
21 primaryISDN [RFC1213]
22 propPointToPointSerial [RFC1213]
23 ppp Point-to-Point Protocol [RFC1471]
24 softwareLoopback [RFC1213]
25 eon [RFC1213]
26 ethernet-3Mbit [RFC1213]
27 nsip [RFC1213]

28 slip [RFC1213]
29 ultra [RFC1213]
30 ds3 DS3/E3 Interface Objects [RFC1407]
31 sip SMDS Interface Objects [RFC1304,TXC]
32 frame-relay Frame Relay Objects [RFC1315,CXB]
33 RS-232 RS-232 Objects [RFC1659]
34 Parallel Parallel Printer Objects [RFC1660]
35 arcnet ARC network
36 arcnet-plus ARC network plus
37 atm ATM
38 MIOX25 MIOX25 [RFC1461]
39 SONET SONET or SDH
40 x25ple X.25 packet level [RFC1382]
41 iso88022llc 802.2 LLC
42 localTalk
43 smds-dxi SMDS DXI
44 frameRelayService Frame Relay DCE
45 v35 V.35
46 hssi HSSI
47 hippi HIPPI
48 modem generic modem
49 aal5 AAL5 over ATM
50 sonetPath
51 sonetVT
52 smds-icip SMDS Inter-Carrier Interface Protocol
53 propVirtual proprietary vitural/internal interface
54 propMultiLink proprietary multi-link multiplexing
55 IEEE802.12 100BaseVG
56 fibre-channel Fibre Channel

Prefix: iso.org.dod.internet.mgmt.mib-2.transmission (1.3.6.1.2.1.10)

Decimal Name Description
------- ---- -----------
5 x25 X.25 [RFC1382]
7 IEEE802.3 CSMACD--like Objects [RFC1650]
8 IEEE802.4 Token Bus-like Objects
-- [RFC1230,RFC1239,KZM]
9 IEEE802.5 Token Ring-like Objects
-- [RFC1231,RFC1239,KZM]
15 FDDI FDDI Objects [RFC1285,JDC20]
16 lapb LAP B [RFC1381]
18 ds1 T1 Carrier Objects [RFC1406]
19 e1 E1 Carrier Objects [RFC1406]
23 ppp Point-to-Point Protocol [RFC1471]
30 ds3 DS3/E3 Interface Objects [RFC1407]
31 sip SMDS Interface Objects [RFC1694]
32 frame-relay Frame Relay Objects [RFC1315,CXB]

33 RS-232 RS-232 Objects [RFC1659]
34 Parallel Parallel Printer Objects [RFC1660]
35 arcnet ARC network
36 arcnet-plus ARC network plus
37 atm ATM
38 MIOX25 MIOX25 [RFC1461]
39 sonetMIB SONET MIB [RFC1595]
44 frnetservMIB Frame Relay Service MIB for DCE [RFC1596]

Prefix: iso.org.dod.internet.mgmt.mib-2.transmission (1.3.6.1.2.1.10)

(1.3.6.1.2.1.10.23)

Decimal Name Description References
------- ---- ----------- ----------
1 pppLcp ppp link control [RFC1471]
2 pppSecurity ppp security [RFC1472]
3 pppIp ppp IP network control [RFC1473]
4 pppBridge ppp bridge networl control [RFC1474]

Prefix: iso.org.dod.internet.mgmt.mib-2.application (1.3.6.1.2.1.27)

(1.3.6.1.2.1.27.2.1.3)

assocApplicationProtocol OBJECT-TYPE
SYNTAX OBJECT IDENTIFIER
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"An identification of the protocol being used for the
application. For an OSI Application, this will be the
Application Context. For Internet applications, the IANA
maintains a registry of the OIDs which correspond to
well-known applications. If the application protocol is
not listed in the registry, an OID value of the form
{applTCPProtoID port} or {applUDProtoID port} are used for
TCP-based and UDP-based protocols, respectively. In either
case 'port' corresponds to the primary port number being
used by the protocol."
::= {assocEntry 3}

Decimal Name Description
------- ---- -----------
0 Reserved

(1.3.6.1.2.1.27.3)

(1.3.6.1.2.1.27.4)

-- OIDs of the form {applTCPProtoID port} are intended to be used
-- for TCP-based protocols that don't have OIDs assigned by other
-- means. {applUDPProtoID port} serves the same purpose for
-- UDP-based protocols. In either case 'port' corresponds to
-- the primary port number being used by the protocol. For example,
-- assuming no other OID is assigned for SMTP, an OID of
-- {applTCPProtoID 25} could be used, since SMTP is a TCP-based
-- protocol that uses port 25 as its primary port.

Prefix: iso.org.dod.internet.mgmt.mib-2.mta (1.3.6.1.2.1.28)

(1.3.6.1.2.1.28.2.1.24)

mtaGroupMailProtocol OBJECT-TYPE
SYNTAX OBJECT IDENTIFIER
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"An identification of the protocol being used by this group.
For an group employing OSI protocols, this will be the
Application Context. For Internet applications, the IANA
maintains a registry of the OIDs which correspond to
well-known message transfer protocols. If the application
protocol is not listed in the registry, an OID value of the
form {applTCPProtoID port} or {applUDProtoID port} are used
for TCP-based and UDP-based protocols, respectively. In
either case 'port' corresponds to the primary port number
being used by the group. applTCPProtoID and applUDPProtoID
are defined in [5]."
::= {mtaGroupEntry 24}

Decimal Name Description
------- ---- -----------
0 Reserved

SMI Network Management Experimental Codes:

Prefix: iso.org.dod.internet.experimental (1.3.6.1.3.)

Decimal Name Description References
------- ---- ----------- ----------
0 Reserved [JKR1]
1 CLNS ISO CLNS Objects [GS2]
* 2 T1-Carrier T1 Carrier Objects [FB77]
* 3 IEEE802.3 Ethernet-like Objects [JXC]
* 4 IEEE802.5 Token Ring-like Objects [EXD]
* 5 DECNet-PHIV DECNet Phase IV [JXS2]
* 6 Interface Generic Interface Objects [KZM]

* 7 IEEE802.4 Token Bus-like Objects [KZM]
* 8 FDDI FDDI Objects [JDC20]
9 LANMGR-1 LAN Manager V1 Objects [JXG1]
10 LANMGR-TRAPS LAN Manager Trap Objects [JXG1]
11 Views SNMP View Objects [CXD]
12 SNMP-AUTH SNMP Authentication Objects [KZM]
* 13 BGP Border Gateway Protocol [SW159]
* 14 Bridge Bridge MIB [FB77]
* 15 DS3 DS3 Interface Type [TXB]
* 16 SIP SMDS Interface Protocol [TXB]
* 17 Appletalk Appletalk Networking [SXW]
* 18 PPP PPP Objects [FJK2]
* 19 Character MIB Character MIB [BS221]
* 20 RS-232 MIB RS-232 MIB [BS221]
* 21 Parallel MIB Parallel MIB [BS221]
22 atsign-proxy Proxy via Community [RXF]
* 23 OSPF OSPF MIB [FB77]
24 Alert-Man Alert-Man [LS8]
25 FDDI-Synoptics FDDI-Synoptics [DXP1]
* 26 Frame Relay Frame Relay MIB [CXB]
* 27 rmon Remote Network Management MIB [SXW]
28 IDPR IDPR MIB [RAW44]
29 HUBMIB IEEE 802.3 Hub MIB [DXM5]
30 IPFWDTBLMIB IP Forwarding Table MIB [FB77]
31 LATM MIB [TXB]
32 SONET MIB [TXB]
33 IDENT [MTR]
34 MIME-MHS [MTR]
35 MAUMIB IEEE 802.3 Mau MIB [DXM5]
36 Host Resources Host Resources MIB [SXW]
37 ISIS-MIB Integrated ISIS protocol MIB [CXG]
38 Chassis Chassis MIB [JDC20]
39 ups ups [JDC20]
40 App-Mon Application Monitoring MIB [TXK]
41 ATM UNI ATM [MXA1]
42 FC Fibre Channel [JXC4]
* 43 DNS Domain Name Service [Rob Austein]
44 X.25 X.25 MIB [Dean Throop]
45 Frame Relay Serv. Frame Relay Service MIB [Tracy Cox]
46 Madman-Applications [Ned Freed]
47 Madman-MTA [Ned Freed]
48 Madman-DSA [Ned Freed]
49 Modem [Steve Waldbusser]
50 SNA NAU [Deirdre Kostick]
51 SDLC SDLC [Jeff Hilgeman]
52 DNS Domain Name Service [Jon Saperia]
53 network-objects IP info ix X.500 [Johannsen]
54 printmib [Joel Gyllenskog]

55 rdbmsmib [Robert Purvey]
56 sipMIB [Tracy Brown]
57 stIImib ST-II protocol MIB [Hartmut Wittig]
58 802.5 SSR MIB 802.5 Station Source Routing MIB [KZM]

* = obsoleted

SMI Private Codes:

Prefix: iso.org.dod.internet.private (1.3.6.1.4)

Decimal Name Description References
------- ---- ----------- ----------
0 Reserved [JKR1]
1 enterprise private enterprises [JKR1]

SMI Private Enterprise Codes:

Prefix: iso.org.dod.internet.private.enterprise (1.3.6.1.4.1)

See the file "enterprise-numbers".

SMI Security Codes:

Prefix: iso.org.dod.internet.security (1.3.6.1.5)

Decimal Name Description References
------- ---- ----------- ----------
0 Reserved [JKR1]
1 kerberosV4 Kerberos version 4 objects [1,BCN]
2 kerberosV5 Kerberos version 5 objects [2,BCN]

SMI SNMPv2 Codes:

Prefix: iso.org.dod.internet.snmpv2 (1.3.6.1.6)

SMI mail Codes:

Prefix: iso.org.dod.internet.mail (1.3.6.1.7)

1 mime-mhs

REFERENCES

[1] Miller, S.P., B.C. Neuman, J.I. Schiller, and J.H. Saltzer,
"Project Athena Technical Plan Section E.2.1: Kerberos
Authentication and Authorization System", Project Athena,

MIT, December 1987.

[2] Kohl, J., and B.C. Neuman, "The Kerberos Network
Authentication Service (V5)" work in progress, September
1992.

[RFC1028] Davin, J., J. Case, M. Fedor, and M. Schoffstall, "A Simple
Gateway Monitoring Protocol", RFC 1028, Proteon, Inc.,
University of Tennessee at Knoxville, Cornell University,
Rensselaer Polytechnic Institute, November 1987.

[RFC1095] Warrier, U., and L. Besaw, "The Common Management
Information Services and Protocol over TCP/IP (CMOT)",
RFC 1095, Unisys Corp., Hewlett-Packard, April 1989.

[RFC1155] Rose, M., and K. McCloghrie, "Structure and Identification
of Management Information for TCP/IP-based internets",
STD 16, RFC 1155, Performance Systems International, Hughes
LAN Systems, May 1990.

[RFC1157] Case, J., M. Fedor, M. Schoffstall, and J. Davin,
"A Simple Network Management Protocol", STD 15, RFC 1157,
SNMP Research, Performance Systems International,
Performance Systems International, MIT Laboratory for
Computer Science, May 1990.

[RFC1213] McCloghrie, K., and M. Rose, "Management Information Base
for Network Management of TCP/IP-based internets: MIB-II",
STD 17, RFC 1213, Hughes LAN Systems, Performance Systems
International, March 1991.

[RFC1229] McCloghrie, K., Editor, "Extensions to the Generic-Interface
MIB", RFC 1229, Hughes LAN Systems, Inc., May 1991.

[RFC1230] McCloghrie, K., and R. Fox, "IEEE 802.4 Token Bus MIB",
RFC 1230, Hughes LAN Systems, Inc., Synoptics, Inc.,
May 1991.

[RFC1231] McCloghrie, K., Fox, R., and E. Decker, "IEEE 802.5 Token
Ring MIB", RFC 1231, Hughes LAN Systems, Inc., Synoptics,
Inc., cisco Systems, Inc., May 1991.

[RFC1239] Reynolds, J., "Reassignment of Experimental MIBs to
Standard MIBs", RFC 1239, USC/Information Sciences
Institute, ISI, June 1991.

[RFC1243] Waldbusser, S., Editor, "AppleTalk Management Information
Base", RFC 1243, Carnegie Mellon University, July 1991.

[RFC1253] Baker, F., and R. Coltun, "OSPF Version 2 Management
Information Base", RFC 1253, ACC, Computer Science Center,
August 1991.

[RFC1271] Waldbusser, S., "Remote Network Monitoring Management
Information Base", RFC 1271, Carnegie Mellon University,
November 1991.

[RFC1284] Cook, J., Editor, "Definitions of Managed Objects
for the Ethernet-like Interface Types", RFC 1284, Chipcom
Corporation, December 1991.

[RFC1285] Case, J., "FDDI Management Information Base", RFC 1285,
SNMP Research, Incorporated, January 1992.

[RFC1286] Decker, E., Langille, P., Rijsinghani, A., and K.
McCloghrie, "Definitions of Managed Objects for Bridges",
RFC 1286, cisco Systems, Inc., DEC, Hughes LAN Systems,
Inc., December 1991.

[RFC1304] Cox, T., and K. Tesnik, Editors, "Definitions of Managed
Objects for the SIP Interface Type", RFC 1304, Bell
Communications Research, February 1992.

[RFC1315] Brown, C., Baker, F., and C. Carvalho, "Management
Information Base for Frame Relay DTEs", RFC 1315, Wellfleet
Communications, Inc., Advanced Computer Communications,
April 1992.

[RFC1353] McCloghrie, K., Davin, J., and J. Galvin, "Definitions of
Managed Objects for Administration of SNMP Parties",
RFC 1353, Hughes LAN Systems, Inc., MIT Laboratory for
Computer Science, Trusted Information Systems, Inc.,
July 1992.

[RFC1381] Throop, D., and F. Baker, "SNMP MIB Extension for X.25
LAPB", RFC 1381, Data General Corporation, Advanced Computer
Communications, November 1992.

[RFC1382] Throop, D., Editor, "SNMP MIB Extension for the X.25 Packet
Layer", RFC 1382, Data General Corporation, November 1992.

[RFC1389] Malkin, G., and F. Baker, "RIP Version 2 MIB Extension", RFC
1389, Xylogics, Inc., Advanced Computer Communications,
January 1993.

[RFC1406] Baker, F., and J. Watt, Editors, "Definitions of Managed
Objects for the DS1 and E1 Interface Types", RFC 1406,

Advanced Computer Communications, Newbridge Networks
Corporation, January 1993.

[RFC1407] Cox, T., and K. Tesink, "Definitions of Managed Objects
for the DS3/E3 Interface Type", RFC 1407, Bell
Communications Research, January 1993.

[RFC1414] St. Johns, M., and M. Rose, "Identification MIB", RFC 1414,
US Department of Defense, Dover Beach Consulting, Inc.,
February 1993.

[RFC1461] Throop, D., "SNMP MIB extension for Multiprotocol
Interconnect over X.25", RFC 1461, Data General Corporation,
May 1993.

[RFC1471] Kastenholz, F., "The Definitions of Managed Objects for
the Link Control Protocol of the Point-to-Point Protocol",
RFC 1471, FTP Software, Inc., June 1993.

[RFC1472] Kastenholz, F., "The Definitions of Managed Objects for
the Security Protocols of the Point-to-Point Protocol", RFC
1472, FTP Software, Inc., June 1993.

[RFC1473] Kastenholz, F., "The Definitions of Managed Objects for
the IP Network Control Protocol of the Point-to-Point
Protocol", RFC 1473, FTP Software, Inc., June 1993.

[RFC1474] Kastenholz, F., "The Definitions of Managed Objects for
the Bridge Network Control Protocol of the Point-to-Point
Protocol" RFC 1474, FTP Software, Inc., June 1993.

[RFC1514] Grillo, P., and S. Waldbusser, "Host Resources MIB", RFC
1514, Network Innovations, Intel Corporation, Carnegie
Mellon University, September 1993.

[RFC1515] McMaster, D., McCloghrie, K., and S. Roberts, "Definitions
of Managed Objects for IEEE 802.3 Medium Attachment Units
(MAUs)", RFC 1515, SynOptics Communications, Inc., Hughes
LAN Systems, Inc., Farallon Computing, Inc., September 1993.

[RFC1516] McMaster, D., and K. McCloghrie, "Definitions of Managed
Objects for IEEE 802.3 Repeater Devices", RFC 1516,
SynOptics Communications, Inc., Hughes LAN Systems, Inc.,
September 1993.

[RFC1559] Saperia, J., "DECnet Phase IV MIB Extensions", RFC 1559,
Digital Equipment Corporation, December 1993.

[RFC1565] Kille, S., WG Chair, and N. Freed, Editor, "Network Services
Monitoring MIB", RFC 1565, ISODE Consortium and Innosoft,
January 1994.

[RFC1566] Kille, S., WG Chair, and N. Freed, Editor, "Mail Monitoring
MIB", RFC 1566, ISODE Consortium, Innosoft, January 1994.

[RFC1567] Mansfield, G., and S. Kille, "X.500 Directory Monitoring
MIB", RFC 1567, AIC Systems Laboratory, ISODE Consortium,
January 1994.

[RFC1573] McCloghrie, K., and F. Kastenholz, "Evolution of the
Interfaces Group of MIB-II", RFC 1573, Hughes LAN Systems,
FTP Software, January 1994.

[RFC1595] Brown, T., and K. Tesink, Editors, "Definitions of Managed
Objects for the SONET/SDH Interface Type", RFC 1595,
Bell Communications Research, March 1994.

[RFC1596] Brown, T., Editor, Definitions of Managed Objects for Frame
Relay Service", RFC 1596, Bell Communications Research,
March 1994.

[RFC1611] Austein, R., and J. Saperia, "DNS Server MIB Extensions",
RFC 1611, Epilogue Technology Corporation, Digital Equipment
Corporation, May 1994.

[RFC1628] Case, J., Editor, "UPS Management Information Base", RFC
1628, SNMP Research, Incorporated, May 1994.

[RFC1650] Kastenholz, F., "Definitions of Managed Objects for
the Ethernet-like Interface Types using SMIv2", RFC 1650,
FTP Software, Inc., August 1994.

[RFC1657] Willis, S., Burruss, J., and J. Chu, Editor, "Definitions of
Managed Objects for the Fourth Version of the Border Gateway
Protocol (BGP-4) using SMIv2", RFC 1657, Wellfleet
Communications Inc., IBM Corp., July 1994.

[RFC1658] Stewart, B., "Definitions of Managed Objects for Character
Stream Devices using SMIv2", RFC 1658, Xyplex, Inc., July
1994.

[RFC1659] Stewart, B., "Definitions of Managed Objects for RS-232-like
Hardware Devices using SMIv2", RFC 1659, Xyplex, Inc., July
1994.

[RFC1660] Stewart, B., "Definitions of Managed Objects for

Parallel-printer-like Hardware Devices using SMIv2", RFC
1660, Xyplex, Inc., July
1994.

[RFC1665] Kielczewski, Z., Kostick, D., and K. Shih, Editors,
"Definitions of Managed Objects for SNA NAUs using SMIv2",
RFC 1665, Eicon Technology Corporation, Bell Communications
Research, Novell, July 1994.

[RFC1694] Brown, T., and K. Tesink, Editors, "Definitions of Managed
Objects for SMDS Interfaces using SMIv2", RFC 1694, Bell
Communications Research, August 1994.

[RFC1695] Ahmed, M., and K. Tesink, Editors, "Definitions of Managed
Objects for ATM Management Version 8.0 using SMIv2", RFC
1695, Bell Communications Research, August 1994.

[RFC1696] Barnes, J., Brown, L., Royston, R., and S. Waldbusser,
"Modem Management Information Base (MIB) using SMIv2", RFC
1696, Xylogics, Inc., Motorola, US Robotics, Inc., Carnegie
Mellon University, August 1994.

[RFC1697] Brower, D., Editor, Purvy, B., RDBMSMIB Working Group Chair,
Daniel, A., Sinykin, M., and J. Smith, "Relational Database
Management System (RDBMS) Management Information Base (MIB)
using SMIv2", RFC 1697, The ASK Group, INGRES DBMS
Development, Oracle Corporation, Informix Software, Inc.,
Oracle Corporation, August 1994.

PEOPLE

[Rob Austein]

[BCN] B. Clifford Neuman <bcn@isi.edu>

[BS221] Bob Stewart <STEWART@XYPLEX.COM>

[CXB] Caralyn Brown <cbrown%wellfleet.com@talcott.harvard.edu>

[CXD] Chuck Davin <jrd@ptt.lcs.mit.edu>

[CXG] Chris Gunner <gunner@dsmail.lkg.dec.com>

[Dean Throop]

[DXM5] Donna McMaster <mcmaster@synoptics.com>

[DXP1] David Perkins <dperkins@synoptics.com>

[EXD] Eric Decker <cire@cisco.com>

[FB77] Fred Baker <fbaker@acc.com>

[FJK2]

[GS2] Greg Satz <satz@CISCO.COM>

[IANA] IANA <iana@isi.edu>

[JDC20] Jeffrey Case <case@UTKUX1.UTK.EDU>

[JKR1] Joyce K. Reynolds <jkrey@isi.edu>

[JXC] John Cook <cook@chipcom.com>

[JXG1] Jim Greuel <jimg%hpcndpc@hplabs.hp.com>

[JXS2] Jon Saperia <saperia@tcpjon.enet.dec.com>

[Jeff Hilgeman]

[Johannsen]

[KZM] Keith McCloghrie <KZM@HLS.COM>

[LS8] Louis Steinberg <lou@ARAMIS.RUTGERS.EDU>

[MXA1] Masuma Ahmed <mxa@mail.bellcore.com>

[MTR] Marshall Rose <mrose@dbc.mtview.ca.us>

[RAW44] Robert A. Woodburn <WOODY@SPARTA.COM>

[JXC4] John Chu <jychu@watson.ibm.com>

[Ned Freed]

[Deirdre Kostick]

[Joel Gyllenskog] Joel Gyllenskog <jgyllens@hpdmd48.boi.hp.com>

[Robert Purvey] Robert Purvey <bpurvy@us.oracle.com>

[RXF] Richard Fox <rfox@synoptics.com>

[Jon Saperia] Jon Saperia <saperia@tcpjon.enet.dec.com>

[SW159] Steven Willis <swillis@WELLFLEET.COM>

[SXW] Steve Waldbusser <sw01+@andrew.cmu.edu>

[TXB] Tracy Brown <tacox@mail.bellcore.com>

[TXK] Teemu Kurki <grus@funet.fi>

[Hartmut Wittig]

[]

URL = ftp://ftp.isi.edu/in-notes/iana/assignments/smi-numbers

PRIVATE ENTERPRISE NUMBERS

SMI Network Management Private Enterprise Codes:

Prefix: iso.org.dod.internet.private.enterprise (1.3.6.1.4.1)

This file is

ftp://ftp.isi.edu/in-notes/iana/assignments/enterprise-numbers

Decimal Name References
------- ---- ----------
0 Reserved Joyce K. Reynolds <jkrey@isi.edu>
1 Proteon John A. Shriver <jas@PROTEON.COM>
2 IBM Vik Chandra <vc@ralvm6.vnet.ibm.com>
3 CMU Steve Waldbusser <sw01+@andrew.cmu.edu>
4 Unix Keith Sklower <sklower@okeeffe.berkeley.edu>
5 ACC Art Berggreen <art@SALT.ACC.COM>
6 TWG John Lunny <jlunny@eco.twg.com> (703) 847-4500
7 CAYMAN Beth Miaoulis beth@cayman.com
8 PSI Marty Schoffstahl schoff@NISC.NYSER.NET
9 cisco Greg Satz satz@CISCO.COM
10 NSC Geof Stone geof@NETWORK.COM
11 HP R. Dwight Schettler rds%hpcndm@HPLABS.HP.COM
12 Epilogue Karl Auerbac karl@empirical.com
13 U of Tennessee Jeffrey Case case@UTKUX1.UTK.EDU
14 BBN Robert Hinden <hinden@ENG.SUN.COM>
15 Xylogics, Inc. John R. LoVerso loverso@westford.ccur.com
16 Timeplex Laura Bridge laura@uunet.UU.NET
17 Canstar Sanand Patel sanand@HUB.TORONTO.EDU
18 Wellfleet Caralyn Brown cbrown@wellfleet.com
19 TRW Jay Frederking jayf@blackhole.ind.TRW.COM
20 MIT Jon Rochlis jon@ATHENA.MIT.EDU
21 EON Michael Waters ---none---
22 Spartacus Yoav Kluger ykluger@HAWK.ULOWELL.EDU
23 Novell Steve Bostock steveb@novell.com
24 Spider Systems Peter Reid peter@spider.co.uk
25 NSFNET Hans-Werner Braun HWB@MCR.UMICH.EDU
26 Hughes LAN Systems Keith McCloghrie KZM@HLS.COM
27 Intergraph Guy Streeter guy@guy.bll.ingr.com
28 Interlan Bruce Taber taber@europa.InterLan.COM
29 Vitalink Communications
30 Ulana Bill Anderson wda@MITRE-BEDFORD.ORG
31 NSWC Stephen Northcutt SNORTHC@RELAY-NSWC.NAVY.MIL
32 Santa Cruz Operation Keith Reynolds keithr@SCO.COM
33 Xyplex Bob Stewart STEWART@XYPLEX.COM
34 Cray Hunaid Engineer hunaid@OPUS.CRAY.COM
35 Bell Northern Research Glenn Waters gwaters@BNR.CA

36 DEC Ron Bhanukitsiri rbhank@DECVAX.DEC.COM
37 Touch Brad Benson ---none---
38 Network Research Corp. Bill Versteeg bvs@NCR.COM
39 Baylor College of Medicine Stan Barber SOB@BCM.TMC.EDU
40 NMFECC-LLNL Steven Hunter hunter@CCC.MFECC.LLNL.GOV
41 SRI David Wolfe ctabka@TSCA.ISTC.SRI.COM
42 Sun Microsystems Dennis Yaro yaro@SUN.COM
43 3Com Jeremy Siegel jzs@NSD.3Com.COM
44 CMC Dave Preston ---none---
45 SynOptics David Perkins dperkins@synoptics.com
46 Cheyenne Software Reijane Huai sibal@CSD2.NYU.EDU
47 Prime Computer Mike Spina WIZARD%enr.prime.com@RELAY.CS.NET
48 MCNC/North Carolina Data Network Ken Whitfield ken@MCNC.ORG
49 Chipcom John Cook cook@chipcom.com
50 Optical Data Systems Josh Fielk ---none---
51 gated Jeffrey C. Honig jch@gated.cornell.edu
52 Cabletron Systems Roger Dev ---none---
53 Apollo Computers Jeffrey Buffun jbuffum@APOLLO.COM
54 DeskTalk Systems, Inc. David Kaufman ---none---
55 SSDS Ron Strich ---none---
56 Castle Rock Computing John Sancho ---none---
57 MIPS Computer Systems Charles Marker II marker@MIPS.COM
58 TGV, Inc. Ken Adelman Adelman@TGV.COM
59 Silicon Graphics, Inc. Ronald Jacoby rj@SGI.COM
60 University of British Columbia Don McWilliam mcwillm@CC.UBC.CA
61 Merit Bill Norton wbn@MERIT.EDU
62 FiberCom Eric Rubin err@FIBERCOM.COM
63 Apple Computer Inc Jim Hayes Hayes@APPLE.COM
64 Gandalf Henry Kaijak ---none---
65 Dartmouth Philip Koch Philip.Koch@DARTMOUTH.EDU
66 David Systems Kathryn de Graaf degraaf@davidsys.com
67 Reuter Bob Zaniolo ---none---
68 Cornell Laurie Collinsworth ljc1@cornell.edu
69 LMS L. Michael Sabo Sabo@DOCKMASTER.NCSC.MIL
70 Locus Computing Corp. Arthur Salazar lcc.arthur@SEAS.UCLA.EDU
71 NASA Steve Schoch SCHOCH@AMES.ARC.NASA.GOV
72 Retix Alex Martin ---none---
73 Boeing Jerry Geisler ---none---
74 AT&T Rich Bantel rgb@mtung.att.com
75 Ungermann-Bass Didier Moretti ---none---
76 Digital Analysis Corporation
Skip Koppenhaver stubby!skip@uunet.UU.NET
77 LAN Manager Doug Karl KARL-D@OSU-20.IRCC.OHIO-STATE.EDU
78 Netlabs Jonathan Biggar jon@netlabs.com
79 ICL Jon Infante ---none---
80 Auspex Systems Brian A. Ehrmantraut bae@auspex.com
81 Lannet Company Efrat Ramati ---none---
82 Network Computing Devices Dave Mackie lupine!djm@UUNET.UU.NET

83 Raycom Systems Bruce Willins ---none---
84 Pirelli Focom Ltd. Sam Lau ---none---
85 Datability Software Systems Larry Fischer lfischer@dss.com
86 Network Application Technology Y.C. Wang ---none---
87 LINK (Lokales Informatik-Netz Karlsruhe)
Guenther Schreiner snmp-admin@ira.uka.de
88 NYU Bill Russell russell@cmcl2.NYU.EDU
89 RND Rina Nethaniel ---none---
90 InterCon Systems Corporation Amanda Walker AMANDA@INTERCON.COM
91 Coral Network Corporation Jason Perreault jason@coral.com
92 Webster Computer Corporation Robert R. Elz kre@munnari.oz.au
93 Frontier Technologies Corporation
Prakash Ambegaonkar ---none---
94 Nokia Data Communications Douglas Egan ---none---
95 Allen-Bradely Company
Bill King abvax!calvin.icd.ab.com!wrk@uunet.UU.NET
96 CERN
Jens T. Rasmussen jenst%cernvax.cern.ch@CUNYVM.CUNY.EDU
97 Sigma Network Systems, Inc.
Ken Virgile signet!ken@xylogics.COM
98 Emerging Technologies, Inc.
Dennis E. Baasch etinc!dennis@uu.psi.com
99 SNMP Research Jeffrey Case case@UTKUX1.UTK.EDU
100 Ohio State University
Shamim Ahmed ahmed@nisca.ircc.ohio-state.edu
101 Ultra Network Technologies Julie Dmytryk
Julie_Dmytryk.MKT@usun.ultra.com
102 Microcom Annmarie Freitas ---none---
103 Martin Marietta Astronautic Group David Rageth DAVE@MMC.COM
104 Micro Technology Mike Erlinger mike@lexcel.com
105 Process Software Corporation Bernie Volz VOLZ@PROCESS.COM
106 Data General Corporation
Joanna Karwowska karwowska@dg-rtp.dg.com
107 Bull Company Anthony Berent berent@rdgeng.enet.dec.com
108 Emulex Corporation Jeff Freeman ---none---
109 Warwick University Computing Services
Israel Drori raanan@techunix.technion.ac.il
110 Network General Corporation
James Davidson ngc!james@uunet.UU.NET
111 Oracle John Hanley jhanley@oracle.com
112 Control Data Corporation Nelluri L. Reddy reddy@uc.msc.umn.edu
113 Hughes Aircraft Company Keith McCloghrie KZM@HLS.COM
114 Synernetics, Inc. Jas Parmar jas@synnet.com
115 Mitre Bede McCall bede@mitre.org
116 Hitachi, Ltd. Hirotaka Usuda ---none---
117 Telebit Mark S. Lewis mlewis@telebit.com
118 Salomon Technology Services Paul Maurer II ---none---
119 NEC Corporation Yoshiyuki Akiyama

kddlab!ccs.mt.nec.co.jp!y-akiyam@uunet.uu.net
120 Fibermux Michael Sung msung@ccrelay.fibermux.com
121 FTP Software Inc. Stev Knowles stev@vax.ftp.com
122 Sony Takashi Hagiwara Hagiwara@Sm.Sony.Co.Jp
123 Newbridge Networks Corporation James Watt ---none---
124 Racal-Milgo Information Systems Maurice R. Turcotte
mailrus!uflorida!rm1!dnmrt%rmatl@uunet.UU.NET
125 CR SYSTEMS Soren H. Sorensen ---none---
126 DSET Corporation Dan Shia dset!shia@uunet.UU.NET
127 Computone Bill Versteeg bvs@NCR.COM
128 Tektronix, Inc. Dennis Thomas dennist@tektronix.TEK.COM
129 Interactive Systems Corporation
Steve Alexander stevea@i88.isc.com
130 Banyan Systems Inc.
Deepak Taneja eepak=Taneja%Eng%Banyan@Thing.banyan.com
131 Sintrom Datanet Limited
132 Bell Canada Mark Fabbi markf@gpu.utcs.utoronto.ca
133 Crosscomm Corporation Reuben Sivan crossc!rsivan@uunet.UU.NET
134 Rice University Catherine Foulston cathyf@rice.edu
135 T3Plus Networking, Inc. Harley Frazee harley@io.t3plus.com
136 Concurrent Computer Corporation
John R. LoVerso loverso@westford.ccur.com
137 Basser Paul O'Donnell paulod@cs.su.oz.au
138 Luxcom
139 Artel Jon Ziegler Ziegler@Artel.com
140 Independence Technologies, Inc. (ITI)
Gerard Berthet gerard@indetech.com
141 Frontier Software Development Narendra Popat ---none---
142 Digital Computer Limited Osamu Fujiki ---none---
143 Eyring, Inc. Ron Holt ron@Eyring.COM
144 Case Communications Peter Kumik ---none---
145 Penril DataComm, Inc. Keith Hogan keith%penril@uunet.uu.net
146 American Airlines Bill Keatley ---none---
147 Sequent Computer Systems Scott Hahn sdh@sequent.com
148 Bellcore Kaj Tesink kaj@nvuxr.cc.bellcore.com
149 Konkord Communications Ken Jones konkord!ksj@uunet.uu.net
150 University of Washington
Christopher Wheeler cwheeler@cac.washignton.edu
151 Develcon Sheri Mayhew zaphod!sherim@herald.usask.ca
152 Solarix Systems Paul Afshar paul@solar1.portal.com
153 Unifi Communications Corp. Yigal Hochberg yigal@unifi.com
154 Roadnet Dale Shelton ---none---
155 Network Systems Corp.
Nadya K. El-Afandi nadya@khara.network.com
156 ENE (European Network Engineering) Peter Cox ---none---
157 Dansk Data Elektronik A/S Per Bech Hansen pbh@dde.dk
158 Morning Star Technologies Karl Fox karl@MorningStar.Com
159 Dupont EOP Oscar Rodriguez ---none---

160 Legato Systems, Inc. Jon Kepecs kepecs@Legato.COM
161 Motorola SPS Vince Enriquez enriquez@sps.mot.com
162 European Space Agency (ESA)
Eduardo EDUATO%ESOC.BITNET@CUNYVM.CUNY.EDU
163 BIM Bernard Lemercier bl@sunbim.be
164 Rad Data Communications Ltd. Oft Israel ---none---
165 Intellicom Paul Singh ---none---
166 Shiva Corporation Phil Budne phil@Shiva.COM
167 Fujikura America Debbie Reed ---none---
168 Xlnt Designs INC (XDI) Mike Anello mike@xlnt.com
169 Tandem Computers Rex Davis ---none---
170 BICC David A. Brown fzbicdb@uk.ac.ucl
171 D-Link Systems, Inc. Henry P. Nagai ---none---
172 AMP, Inc. Rick Downs ---none---
173 Netlink Mauro Zallocco ---none---
174 C. Itoh Electronics Larry Davis ---none---
175 Sumitomo Electric Industries (SEI)
Kent Tsuno tsuno@sumitomo.com
176 DHL Systems, Inc.
David B. Gurevich dgurevic@rhubarb.ssf-sys.dhl.com
177 Network Equipment Technologies Mark Tom marktom@tom.net.com
178 APTEC Computer Systems Larry Burton ssds!larryb@uunet.UU.NET
179 Schneider & Koch & Co, Datensysteme GmbH Thomas Ruf tom@rsp.de
180 Hill Air Force Base Russell G. Wilson rwilson@oodis01.af.mil
181 ADC Kentrox Bruce Kropp ktxc8!bruce@uunet.UU.NET
182 Japan Radio Co. Nagayuki Kojima nkojima@lab.nihonmusen.co.jp
183 Versitron Matt Harris ---none---
184 Telecommunication Systems Hugh Lockhart ---none---
185 Interphase Gil Widdowson ---none---
186 Toshiba Corporation Mike Asagami toshiba@mothra.nts.uci.edu
187 Clearpoint Research Corp.
188 Ascom Andrew Smith andrew@hasler.ascom.ch
189 Fujitsu America Chung Lam ---none---
190 NetCom Solutions, Inc. Dale Cabell---none---
191 NCR Cheryl Krupczak clefor@secola.columbia.ncr.com
192 Dr. Materna GmbH Torsten Beyer tb@Materna.de
193 Ericsson Business Communications Gunnar Nilsson ---none---
194 Metaphor Computer Systems Paul Rodwick ---none---
195 Patriot Partners Paul Rodwick ---none---
196 The Software Group Limited (TSG)
Ragnar Paulson tsgfred!ragnar@uunet.UU.NET
197 Kalpana, Inc. Anil Bhavnani ---none---
198 University of Waterloo
R. J. White snmp-tech@watmath.waterloo.edu
199 CCL/ITRI
Ming-Perng Chen N100CMP0%TWNITRI1.BITNET@CUNYVM.CUNY.EDU
200 Coeur Postel Professor Kynikos Special Consultant
201 Mitsubish Cable Industries, Ltd. Masahiko Hori ---none---

202 SMC Lance Sprung ---none---
203 Crescendo Communication, Inc. Prem Jain prem@cres.com
204 Goodall Software Engineering Doug Goodall goodall@crl.com
205 Intecom Brad Parke ---none---
206 Victoria University of Wellington
Jonathan Stone jonathan@isor.vuw.ac.nz
207 Allied Telesis, Inc.
Scott Holley SCOTT_CLINTON_HOLLEY@cup.portal.com
208 Dowty Network Systems A/S Hartvig Ekner hj@dowtyns.dk
209 Protools Glen Arp ---none---
210 Nippon Telegraph and Telephone Corp.
Toshiharu Sugawara sugawara%wink.ntt.jp@RELAY.CS.NET
211 Fujitsu Limited Ippei Hayashi hayashi@sysrap.cs.fujitsu.co.jp
212 Network Peripherals Inc. Creighton Chong cchong@fastnet.com
213 Netronix, Inc. Jacques Roth ---none---
214 University of Wisconsin - Madison
Dave Windorski DAVID.WINDORSKI@MAIL.ADMIN.WISC.EDU
215 NetWorth, Inc. Craig Scott ---none---
216 Tandberg Data A/S Harald Hoeg haho%huldra.uucp@nac.no
217 Technically Elite Concepts, Inc.
Russell S. Dietz Russell_Dietz@Mcimail.com
218 Labtam Australia Pty. Ltd.
Michael Podhorodecki michael@labtam.oz.au
219 Republic Telcom Systems, Inc.
Steve Harris rtsc!harris@boulder.Colorado.edu
220 ADI Systems, Inc. Paul Liu ---none---
221 Microwave Bypass Systems, Inc. Tad Artis ---none---
222 Pyramid Technology Corp. Richard Rein rein@pyramid.com
223 Unisys_Corp Lawrence Brow ---none---
224 LANOPTICS LTD., Israel
Israel Drori raanan@techunix.technion.ac.il
225 NKK Corporation J. Yoshida ---none---
226 MTrade UK Ltd. Peter Delchiappo ---none---
227 Acals Patrick Cheng pcheng@dill.ind.trw.com
228 ASTEC, Inc. Hiroshi Fujii fujii@astec.co.jp
229 Delmarva Power John K. Scoggin, Jr. scoggin@delmarva.com
230 Telematics International, Inc. Kevin Smith ---none---
231 Siemens Nixdorf Informations Syteme AG
Gunther Kroenert ---none---
232 Compaq
233 NetManage, Inc. William Dunn netmanage@cup.portal.com
234 NCSU Computing Center David Joyner david@unity.ncsu.edu
235 Empirical Tools and Technologies
Karl Auerbach karl@empirical.com
236 Samsung Group Hong K. Paik paik@samsung.com
237 Takaoka Electric Mfg. Co., Ltd.
Hidekazu Hagiwara hagiwara@takaoka.takaoka-electric.co.jp
238 Netrix Systems Corporation Eldon S. Mast esm@netrix.com

239 WINDATA Bob Rosenbaum ---none---
240 RC International A/S Carl H. Dreyer chd@rci.dk
241 Netexp Research Henk Boetzkes ---none---
242 Internode Systems Pty Ltd
Simon Hackett simon@ucs.adelaide.edu.au
243 netCS Informationstechnik GmbH
Oliver Korfmacher okorf@bunt.netcs.com
244 Lantronix Rich Lyman rich@alecto.gordian.com
245 Avatar Consultants
Kory Hamzeh ames!avatar.com!kory@harvard.harvard.edu
246 Furukawa Electoric Co. Ltd.
Shoji Fukutomi kddlab!polo.furukawa.co.jp!fuku@uunet.UU.NET
247 AEG Electrcom R. Nurnberg ---none---
248 Richard Hirschmann GmbH & Co.
Heinz Nisi mia@intsun.rus.uni-stuttgart.de
249 G2R Inc. Khalid Hireche ---none---
250 University of Michigan
Tim Howes Tim.Howes@terminator.cc.umich.edu
251 Netcomm, Ltd. W.R. Maynard-Smith ---none---
252 Sable Technology Corporation Rodney Thayer ---none---
253 Xerox Edwards E. Reed ipcontact.cin_ops@xerox.com
254 Conware Computer Consulting GmbH
Michael Sapich sapich@conware.de
255 Compatible Systems Corp. John Gawf gawf@compatible.com
256 Scitec Communications Systems Ltd. Stephen Lewis ---none---
257 Transarc Corporation Pat Barron Pat_Barron@TRANSARC.COM
258 Matsushita Electric Industrial Co., Ltd.
Nob Mizuno mizuno@isl.mei.co.jp
259 ACCTON Technology Don Rooney ---none---
260 Star-Tek, Inc. Carl Madison carl@startek.com
261 Codenoll Tech. Corp. Dan Willie ---none---
262 Formation, Inc. Carl Marcinik ---none---
263 Seiko Instruments, Inc. (SII) Yasuyoshi Watanabe ---none---
264 RCE (Reseaux de Communication d'Entreprise S.A.)
Etienne Baudras-Chardigny ---none---
265 Xenocom, Inc. Sean Welch welch@raven.ulowell.edu
266 KABELRHEYDT Hubert Theissen ---none---
267 Systech Computer Corporation
Brian Petry systech!bpetry@uunet.UU.NET
268 Visual Brian O'Shea bos@visual.com
269 SDD (Scandinavian Airlines Data Denmark A/S)
Per Futtrup ---none---
270 Zenith Electronics Corporation David Lin ---none---
271 TELECOM FINLAND Petri Jokela ---none---
272 BinTec Computersystems Marc Sheldon ms@BinTec.DE
273 EUnet Germany Marc Sheldon ms@Germany.EU.net
274 PictureTel Corporation Oliver Jones oj@pictel.com
275 Michigan State University Lih-Er Wey WEYLE@msu.edu

276 GTE Telecom Incorporated Grant Gifford ---none---
277 Cascade Communications Corp.
Chikong Shue alpo!chi@uunet.uu.net
278 Hitachi Cable, Ltd. Takahiro Asai ---none---
279 Olivetti Marco Framba framba@orc.olivetti.com
280 Vitacom Corporation Parag Rastogi parag@cup.portal.com
281 INMOS Graham Hudspith gwh@inmos.co.uk
282 AIC Systems Laboratories Ltd. Glenn Mansfield glenn@aic.co.jp
283 Cameo Communications, Inc. Alan Brind ---none---
284 Diab Data AB Mats Lindstrom mli@diab.se
285 Olicom A/S Lars Povlsen krus@olicom.dk
286 Digital-Kienzle Computersystems Hans Jurgen Dorr ---none---
287 CSELT(Centro Studi E Laboratori Telecomunicazioni)
Paolo Coppo coppo@cz8700.cselt.stet.it
288 Electronic Data Systems Mark Holobach holobach@tis.eds.com
289 McData Corporation Glenn Levitt gpl0363@mcmail.mcdata.com
290 Harris Corporation David Rhein davidr@ssd.csd.harris.com
291 Technology Dynamics, Inc. Chip Standifer TDYNAMICS@MCIMAIL.COM
292 DATAHOUSE Information Systems Ltd. Kim Le ---none---
293 DSIR Network Group Tony van der Peet srghtvp@grv.dsir.govt.nz
294 Texas Instruments Blair Sanders Blair_Sanders@mcimail.com
295 PlainTree Systems Inc. Paul Chefurka chefurka@plntree.UUCP
296 Hedemann Software Development
Stefan Hedemann 100015.2504@compuserve.com
297 Fuji Xerox Co., Ltd. Hiroshi Kume
Kume%KSPB%Fuji_Xerox@tcpgw.netg.ksp.fujixerox.co.jp
298 Asante Technology Hsiang Ming Ma ---none---
299 Stanford University
RL "Bob" Morgan morgan@jessica.stanford.edu
300 Digital Link Jimmy Tu jimmy@dl.com
301 Raylan Corporation Mark S. Lewis mlewis@telebit.com
302 Datacraft Alan Lloyd alan@datacraft.oz
303 Hughes Keith McCloghrie KZM@HLS.COM
304 Farallon Computing, Inc. Steven Sweeney ---none---
305 GE Information Services Steve Bush sfb@ncoast.org
306 Gambit Computer Communications Zohar Seigal ---none---
307 Livingston Enterprises, Inc.
Steve Willens steve@livingston.com
308 Star Technologies Jim Miner miner@star.com
309 Micronics Computers Inc. Darren Croke dc@micronics.com
310 Basis, Inc. Heidi Stettner heidi@mtxinu.COM
311 Microsoft John M. Ballard jballard@microsoft.com
312 US West Advance Technologies
Donna Hopkins dmhopki@uswat.uswest.com
313 University College London Shaw C. Chuang S.Chuang@cs.ucl.ac.uk
314 Eastman Kodak Company W. James Colosky wjc@tornado.kodak.com
315 Network Resources Corporation Kathy Weninger ---none---
316 Atlas Telecom Bruce Kropp ktxc8!bruce@uunet.UU.NET

317 Bridgeway Umberto Vizcaino ---none---
318 American Power Conversion Corp.
Peter C. Yoest apc!yoest@uunet.uu.net
319 DOE Atmospheric Radiation Measurement Project
Paul Krystosek krystosk@eid.anl.gov
320 VerSteeg CodeWorks Bill Versteeg bvs@NCR.COM
321 Verilink Corp Bill Versteeg bvs@NCR.COM
322 Sybus Corportation Mark T. Dauscher mdauscher@sybus.com
323 Tekelec Bob Grady ---none---
324 NASA Ames Research Cente Nick Cuccia cuccia@nas.nasa.gov
325 Simon Fraser University Robert Urquhart quipu@sfu.ca
326 Fore Systems, Inc. Eric Cooper ecc@fore.com
327 Centrum Communications, Inc. Vince Liu ---none---
328 NeXT Computer, Inc.
Lennart Lovstrand Lennart_Lovstrand@NeXT.COM
329 Netcore, Inc. Skip Morton ---none---
330 Northwest Digital Systems Brian Dockter ---none---
331 Andrew Corporation Ted Tran ---none---
332 DigiBoard Dror Kessler dror@digibd.com
333 Computer Network Technology Corp. Bob Meierhofer ---none---
334 Lotus Development Corp. Bill Flanagan bflanagan@lotus.com
335 MICOM Communication Corporation
Donna Beatty SYSAD@prime.micom.com
336 ASCII Corporation Toshiharu Ohno tony-o@ascii.co.jp
337 PUREDATA Research Tony Baxter tony@puredata.com
338 NTT DATA Yasuhiro Kohata kohata@rd.nttdata.jp
339 Empros Systems International David Taylor dtaylor@ems.cdc.ca
340 Kendall Square Research (KSR) Dave Hudson tdh@uunet.UU.NET
341 Martin Marietta Energy Systems Gary Haney haneyg@ornl.gov
342 Network Innovations Pete Grillo pl0143@mail.psi.net
343 Intel Corporation Brady Orand borand@pcocd2.intel.com
344 Proxar Ching-Fa Hwang cfh@proxar.com
345 Epson Research Center Richard Schneider rschneid@epson.com
346 Fibernet George Sandoval ---none---
347 Box Hill Systems Corporation Tim Jones tim@boxhill.com
348 American Express Travel Related Services
Jeff Carton jcarton@amex-trs.com
349 Compu-Shack Tomas Vocetka OPLER%CSEARN.bitnet@CUNYVM.CUNY.EDU
350 Parallan Computer, Inc. Charles Dulin ---none---
351 Stratacom Clyde Iwamoto cki@strata.com
352 Open Networks Engineering, Inc. Russ Blaesing rrb@one.com
353 ATM Forum Keith McCloghrie KZM@HLS.COM
354 SSD Management, Inc. Bill Rose ---none---
355 Automated Network Management, Inc. Carl Vanderbeek ---none--
356 Magnalink Communications Corporation
David E. Kaufman ---none---
357 TIL Systems, Ltd. Garry McCracken ---none---
358 Skyline Technology, Inc. Don Weir ---none---

359 Nu-Mega Technologies, Inc. Dirk Smith ---none---
360 Morgan Stanley & Co. Inc.
Victor Kazdoba vsk@katana.is.morgan.com
361 Integrated Business Network Michael Bell ---none---
362 L & N Technologies, Ltd. Steve Loring ---none---
363 Cincinnati Bell Information Systems, Inc.
Deron Meranda dmeranda@cbis.COM
364 OSCOM International
Farhad Fozdar f_fozdar@fennel.cc.uwa.edu.au
365 MICROGNOSIS Paul Andon pandon@micrognosis.co.uk
366 Datapoint Corporation Lee Ziegenhals lcz@sat.datapoint.com
367 RICOH Co. Ltd.
Toshio Watanabe watanabe@godzilla.rsc.spdd.ricoh.co.jp
368 Axis Communications AB Martin Gren martin@axis.se
369 Pacer Software Wayne Tackabury wft@pacersoft.com
370 Axon Networks Inc. Robin Iddon axon@cix.clink.co.uk
371 Brixton Systems, Inc. Peter S. Easton easton@brixton.com
372 GSI Etienne Demailly etienne.demailly@gsi.fr
373 Tatung Co., Ltd.
Chih-Yi Chen TCCISM1%TWNTTIT.BITNET@pucc.Princeton.EDU
374 DIS Research LTD. Ray Compton rayc@command.com
375 Quotron Systems, Inc.
Richard P. Stubbs richard@atd.quotron.com
376 Dassault Electronique
Olivier J. Caleff caleff@dassault-elec.fr
377 Corollary, Inc. James L. Gula gula@corollary.com
378 SEEL, Ltd. Ken Ritchie ---none---
379 Lexcel Mike Erlinger mike@lexcel.com
380 Sophisticated Technologies, Inc.
Bill Parducci 70262.1267@compuserve.com
381 OST A. Pele ---none---
382 Megadata Pty Ltd. Andrew McRae andrew@megadata.mega.oz.au
383 LLNL Livermore Computer Center
Dan Nessett nessett@ocfmail.ocf.llnl.gov
384 Dynatech Communications Graham Welling s8000!gcw@uunet.uu.net
385 Symplex Communications Corp. Cyrus Azar ---none---
386 Tribe Computer Works Ken Fujimoto fuji@tribe.com
387 Taligent, Inc. Lorenzo Aguilar lorenzo@taligent.com
388 Symbol Technologies, Inc.
John Kramer +1-408-369-2679 jkramer@psd.symbol.com
389 Lancert Mark Hankin ---none---
390 Alantec Paul V. Fries pvf@alantec.com
391 Ridgeback Solutions
Errol Ginsberg bacchus!zulu!errol@uu2.psi.com
392 Metrix, Inc. D. Venkatrangan venkat@metrix.com
393 Excutive Systems/XTree Company
Dale Cabell cabell@smtp.xtree.com
394 NRL Communication Systems Branch

R. K. Nair nair@itd.nrl.navy.mil
395 I.D.E. Corporation Rob Spade ---none---
396 Matsushita Electric Works, Ltd.
Claude Huss claude@trc.mew.mei.co.jp
397 MegaPAC Ian George ---none---
398 Pilkington Communication Systems Dave Atkinson ---none---
399 Hitachi Computer Products (America), Inc.
Masha Golosovker masha@hicomb.hi.com
400 METEO FRANCE Remy Giraud Remy.Giraud@meteo.fr
401 PRC Inc. Jim Noble noble_jim@prc.com
402 Wal*Mart Stores, Inc. Mike Fitzgerel mlfitzg@wal-mart.com
403 Nissin Electric Company, Ltd. Aki Komatsuzaki (408) 737-0274
404 Distributed Support Information Standard
Mike Migliano <mike@uwm.edu>
405 SMDS Interest Group (SIG)
Elysia C. Tan <ecmt1@sword.bellcore.com>
406 SolCom Systems Ltd. Hugh Evans 0506 873855
407 Bell Atlantic Colin deSa socrates!bm5ld15@bagout.BELL-ATL.COM
408 Advanced Multiuser Technologies Corporation
409 Mitsubishi Electric Corporation
Yoshitaka Ogawa <ogawa@nkai.cow.melco.co.jp>
410 C.O.L. Systems, Inc. Frank Castellucci (914) 277-4312
411 University of Auckland
Nevil Brownlee < n.brownlee@aukuni.ac.nz>
412 Desktop Management Task Force (DMTF)
Dave Perkins <dperkins@synoptics.com>
413 Klever Computers, Inc. Tom Su 408-735-7723 kci@netcom.com
414 Amdahl Corporation Steve Young sy@uts.admahl.com
415 JTEC Pty, Ltd. Jan Bartel (02) 809 6933
416 Matra Communcation Hong-Loc Nguyen (33.1) 34.60.85.25
417 HAL Computer Systems Michael A. Petonic petonic@hal.com
418 Lawrence Berkeley Laboratory Russ Wright wright@lbl.gov
419 Dale Computer Corporation Dean Craven 1-800-336-7483
420 IPTC, Universitaet of Tuebingen
Andreas J. Haug <ahaug@mailserv.zdv.uni-tuebingen.de>
421 Bytex Corporation
Mary Ann Burt <bytex!ws054!maryann@uunet.UU.NET>
422 Cogwheel, Inc. Brian Ellis bri@Cogwheel.COM
423 Lanwan Technologies Thomas Liu (408) 986-8899
424 Thomas-Conrad Corporation Karen Boyd 512-836-1935
425 TxPort Bill VerSteeg bvs@ver.com
426 Compex, Inc. Andrew Corlett BDA@ORION.OAC.UCI.EDU
427 Evergreen Systems, Inc. Bill Grace (415) 897-8888
428 HNV, Inc. James R. Simons jrs@denver.ssds.COM
429 U.S. Robotics, Inc. Chris Rozman chrisr@usr.com
430 Canada Post Corporation Walter Brown +1 613 722-8843
431 Open Systems Solutions, Inc. David Ko davidk@ossi.com
432 Toronto Stock Exchange Paul Kwan (416) 947-4284

433 MamakosTransSys Consulting
Louis A. Mamakos louie@transsys.com
434 EICON Vartan Narikian vartan@eicon.qc.ca
435 Jupiter Systems Russell Leefer rml@jupiter.com
436 SSTI Philip Calas (33) 61 44 19 51
437 Grand Junction Networks Randy Ryals randyr@grandjunction.com
438 Anasazi, Inc. Chad Larson (chad@anasazi.com)
439 Edward D. Jones and Company John Caruso (314) 851-3422
440 Amnet, Inc. Richard Mak mak@amnet.COM
441 Chase Research Kevin Gage ---none---
442 PEER Networks Randy Presuhn randy@peer.com
443 Gateway Communications, Inc. Ed Fudurich ---none---
444 Peregrine Systems Eric Olinger eric@peregrine.com
445 Daewoo Telecom SeeYoung Oh oco@scorpio.dwt.co.kr
446 Norwegian Telecom Research Paul Hoff paalh@brage.nta.no
447 WilTel Anil Prasad anil_prasad@wiltel.com
448 Ericsson-Camtec Satish Popat ---none---
449 Codex Thomas McGinty ---none---
450 Basis Heidi Stettner heidi@mtxinu.COM
451 AGE Logic Syd Logan syd@age.com
452 INDE Electronics Gordon Day gday@inde.ubc.ca
453 ISODE Consortium Steve Kille S.Kille@isode.com
454 J.I. Case Mike Oswald mike@helios.uwsp.edu
455 Trillium Jeff Lawrence j_lawrence@trillium.com
456 Bacchus Inc. Errol Ginsberg bacchus!zulu!errol@uu2.psi.com
457 MCC Doug Rosenthal rosenthal@mcc.com
458 Stratus Computer Dave Snay dks@sw.stratus.com
459 Quotron Richard P. Stubbs richard@atd.quotron.com
460 Beame & Whiteside Carl Beame beame@ns.bws.com
461 Cellular Technical Services Greg Hummel ---none---
462 Shore Microsystems, Inc. Gordon Elam (309) 229-3009
463 Telecommunications Techniques Corp. Tom Nisbet nisbet@tt.com
464 DNPAP (Technical University Delft)
Jan van Oorschot <bJan.vOorschot@dnpap.et.tudelft.nl>
465 Plexcom, Inc. Bruce Miller (805) 522-3333
466 Tylink Stavros Mohlulis (508) 285-0033
467 Brookhaven National Laboratory
Dave Stampf drs@bach.ccd.bnl.gov
468 Computer Communication Systems
Gerard Laborde <Gerard.Laborde@sp1.y-net.fr>
469 Norand Corp. Rose Gorrell 319-269-3100
470 MUX-LAP Philippe Labrosse 514-735-2741
471 Premisys Communications, Inc
Mike MacFaden <premisys!mike@fernwood.mpk.ca.us>
472 Bell South Telecommunications Johnny Walker 205-988-7105
473 J. Stainsbury PLC Steve Parker 44-71-921-7550
474 Ki Research Inc Toni Barckley 410-290-0355x220
475 Wandel and Goltermann Technologies

David Walters 919-941-5730x4203 <walter@wg.com>
476 Emerson Computer Power
Roger Draper 714-457-3638 rdraper@cerf.net
477 Network Software Associates Jeffery Chiao 714-768-4013
478 Procter and Gamble Peter Marshall 513-983-1100x5988
479 Meridian Technology Corporation
Kenneth B. Denson <kdenson@magic.meridiantc.com>
480 QMS, Inc. Bill Lott lott@imagen.com
481 Network Express Tom Jarema 313-761-5051 ITOH@MSEN.COM
482 LANcity Corporation Pam Yassini pam@lancity.com
483 Dayna Communications, Inc.
Sanchaita Datta datta@signus.utah.edu
484 kn-X Ltd. Sam Lau 44 943 467007
485 Sync Research, Inc. Alan Bartky (714) 588-2070
486 PremNet Ken Huang HuangK@rimail.interlan.com
487 SIAC Peter Ripp (212) 383-9061
488 New York Stock Exchange Peter Ripp (212) 383-9061
489 American Stock Exchange Peter Ripp (212) 383-9061
490 FCR Software, Inc. Brad Parker brad@fcr.com
491 National Medical Care, Inc. Robert Phelan (617) 466-9850
492 Dialogue Communication Systemes, S.A.
Klaus Handke +(49) 30 802 24 97
493 NorTele Bjorn Kvile +47 2 48 89 90
494 Madge Networks, Inc.
Duncan Greatwood dgreatwo@madge.mhs.compuserve.com
495 Memotec Communications Graham Higgins ghiggins@teleglobe.com
496 CTON Nick Hennenfent nicholas@cton.com
497 Leap Technology, Inc. George Economou george@leap.com
498 General DataComm, Inc. William Meltzer meltzer@gdc.com
499 ACE Communications, Ltd. Danny On 972-3-570-1423
500 Automatic Data Processing (ADP) Alex Rosin (201) 714-3982
501 Programa SPRITEL Alberto Martinez
Martinez_Alberto_SPRITEL@euskom.spritel.es
502 Adacom Aial Haorch 972-4-899-899
503 Metrodata Ltd Nick Brown 100022.767@compuserve.com
504 Ellemtel Telecommunication Systems Laboratories
Richard G Bruvik Richard.Bruvik@eua.ericsson.se
505 Arizona Public Service Duane Booher DBOOHER@APSC.COM
506 NETWIZ, Ltd., Emanuel Wind eumzvir@techunix.technion.ac.il
507 Science and Engineering Research Council (SERC) Paul Kummer
P.Kummer@daresbury.ac.uk
508 The First Boston Corporation Kevin Chou
csfb1!dbadmin4!kchou@uunet.UU.NET
509 Hadax Electronics Inc. Marian Kramarczyk
73477.2731@compuserve.com
510 VTKK Markku Lamminluoto lamminluoto@vtkes1.vtkk.fi
511 North Hills Israel Ltd. Carmi Cohen carmi@north.hellnet.org
512 TECSIEL R. Burlon sr@teculx.tecsiel.it

513 Bayerische Motoren Werke (BMW) AG Michael Connolly
mconnolly@net.bmw.de
514 CNET Technologies Nelson Su 408-954-8000
515 MCI Kurt Robohm krobohm@mcimail.com
516 Human Engineering AG (HEAG) Urs Brunner
ubrunner@clients.switch.ch
517 FileNet Corporation Joe Raby raby@filenet.com
518 NFT-Ericsson Kjetil Donasen +47 2 84 24 00
519 Dun & Bradstreet Vic Smagovic 908-464-2079
520 Intercomputer Communications Brian Kean 513-745-0500x244
521 Defense Intelligence Agency
Barry Atkinson DIA-DMS@DDN-CONUS.DDN.MIL
522 Telesystems SLW Inc. Joe Magony 416-441-9966
523 APT Communications David Kloper 301-831-1182
524 Delta Airlines Jim Guy 404-715-2948
525 California Microwave Kevin Braun 408-720-6520
526 Avid Technology Inc Steve Olynyk 508-640-3328
527 Integro Advanced Computer Systems
Pascal Turbiez +33-20-08-00-40
528 RPTI Chris Shin 886-2-918-3006
529 Ascend Communications Inc. Marc Hyman 510-769-6001
530 Eden Computer Systems Inc. Louis Brando 305-591-7752
531 Kawasaki-Steel Corp
Tomoo Watanabe nrd@info.kawasaki-steel.co.jp
532 Barclays Malcolm Houghton +44 202 671 212
533 B.U.G., Inc. Isao Tateishi tateishi@bug.co.jp
534 Exide Electronics Brian Hammill hamill@dolphin.exide.com
535 Superconducting Supercollider Lab.
Carl W. Kalbfleisch cwk@irrational.ssc.gov
536 Triticom Jim Bales (612) 937-0772
537 Universal Instruments Corp.
Tom Dinnel BA06791%BINGVAXA.bitnet@CUNYVM.CUNY.EDU
538 Information Resources, Inc. Jeff Gear jjg@infores.com
539 Applied Innovation, Inc. Dean Dayton dean@aicorp.cmhnet.org
540 Crypto AG Roland Luthi luthi@iis.ethz.ch
541 Infinite Networks, Ltd. Sean Harding +44 923 710 277
542 Rabbit Software Bill Kwan kwan@rabbit.com
543 Apertus Technologies Stuart Stanley stuarts@apertus.com
544 Equinox Systems, Inc. Monty Norwood 1-800-275-3500 x293
545 Hayes Microcomputer Products
Chris Roussel hayes!hayes.com!croussel@uunet.UU.NET
546 Empire Technologies Inc. Cheryl Krupczak cheryl@cc.gatech.edu
547 Glaxochem, Ltd. Andy Wilson 0229 52261547
548 KPY Network Partners, Corp.
Gordon Vickers sccs@pizza.netcom.com
549 Agent Technology, Inc. Ibi Dhilla idhilla@genesis.nred.ma.us
550 Dornier GMBH Arens Heinrech 49-7545-8 ext 9337
551 Telxon Corporation Frank Ciotti frankc@teleng.telxon.com

552 Entergy Corporation Louis Cureau 504-364-7630
553 Garrett Communications Inc. Igor Khasin (408) 980-9752
554 Agile Networks, Inc. Dave Donegan ddonegan@agile.com
555 Larscom Sameer Jayakar 415-969-7572
556 Stock Equipment Karl Klebenow 216-543-6000
557 ITT Corporation Kevin M. McCauley kmm@vaxf.acdnj.itt.com
558 Universal Data Systems, Inc.
Howard Cunningham 70400.3671@compuserve.com
559 Sonix Communications, Ltd. David Webster +44 285 641 651
560 Paul Freeman Associates, Inc.
Pete Wilson pwilson@world.std.com
561 John S. Barnes, Corp. Michael Lynch 704-878-4107
562 Northern Telecom, Ltd.
Glenn Waters 613-763-3933 <gwaters@bnr.ca>
563 CAP Debris Patrick Preuss ppr@lfs.hamburg.cap-debris.de
564 Telco Systems NAC Harry Hirani Harry@telco-nac.com
565 Tosco Refining Co Fred Sanderson 510-602-4358
566 Russell Info Sys Atul Desai 714-362-4040
567 University of Salford Richard Letts R.J.Letts@salford.ac.uk
568 NetQuest Corp. Jerry Jacobus netquest@tigger.jvnc.net
569 Armon Networking Ltd. Yigal Jacoby yigal@armon.hellnet.org
570 IA Corporation Didier Fort Didier.Fort@lia.com
571 AU-System Communicaton AB Torbjorn Ryding 8-7267572
572 GoldStar Information & Communications, Ltd.
Soo N. Kim ksn@giconet.gsic.co.kr
573 SECTRA AB Tommy Pedersen tcp@sectra.se
574 ONEAC Corporation Bill Elliot ONEACWRE@AOL.COM
575 Tree Technologies Michael Demjanenko (716) 688-4640
576 GTE Government Systems Henry Hernandez (617) 455-2942
577 Denmac Systems, Inc. Andy Denenberg (708) 291-7760
578 Interlink Computer Sciences, Inc.
Mike Mazurek mfm@interlink.com
579 Bridge Information Systems, Inc. Stephen Harvey (314) 567-8482
580 Leeds and Northrup Australia (LNA) Nigel Cook nigelc@lna.oz.au
581 BHA Computer David Hislop rob@bha.oz.au
582 Newport Systems Solutions, Inc.
Pauline Chen paulinec@netcom.com
583 Atrium Technologies Narender Reddy Vangati vnr@atrium.com
584 ROBOTIKER Maribel Narganes maribel@teletek.es
585 PeerLogic Inc. Ratinder Ahuja ratinder@peerlogic.com
586 Digital Transmittion Systems Bill VerSteeg bvs@ver.com
587 Far Point Communications Bill VerSteeg bvs@ver.com
588 Xircom Bill VerSteeg bvs@ver.com
589 Mead Data Central Stephanie Bowman steph@meaddata.com
590 Royal Bank of Canada N. Lim (416) 348-5197
591 Advantis, Inc. Janet Brehm 813 878-4298
592 Chemical Banking Corp. Paul McDonnell pmcdonnl@world.std.com
593 Eagle Technology Ted Haynes (408) 441-4043

594 British Telecom Ray Smyth rsmyth@bfsec.bt.co.uk
595 Radix BV P. Groenendaal project2@radix.nl
596 TAINET Communication System Corp.
Joseph Chen +886-2-6583000 (R.O.C.)
597 Comtek Services Inc. Steve Harris (703) 506-9556
598 Fair Issac Steve Pasadis apple.com!fico!sxp (415) 472-2211
599 AST Research Inc. Bob Beard bobb@ast.com
600 Soft*Star s.r.l. Ing. Enrico Badella softstar@pol88a.polito.it
601 Bancomm Joe Fontes jwf@bancomm.com
602 Trusted Information Systems, Inc.
James M. Galvin galvin@tis.com
603 Harris & Jeffries, Inc. Deepak Shahane hjinc@CERF.NET
604 Axel Technology Corp. Henry Ngai (714) 455-1688
605 GN Navtel, Inc. Joe Magony 416-479-8090
606 CAP debis Patrick Preuss +49 40 527 28 366
607 Lachman Technology, Inc. Steve Alexander stevea@lachman.com
608 Galcom Networking Ltd.
Zeev Greenblatt galnet@vax.trendline.co.il
609 BAZIS M. van Luijt martin@bazis.nl
610 SYNAPTEL Eric Remond remond@synaptel.fr
611 Investment Management Services, Inc.
J. Laurens Troost rens@stimpys.imsi.com
612 Taiwan Telecommunication Lab
Dennis Tseng LOUIS%TWNMOCTL.BITNET@pucc.Princeton.EDU
613 Anagram Corporation Michael Demjanenko (716) 688-4640
614 Univel John Nunneley jnunnele@univel.com
615 University of California, San Diego
Arthur Bierer abierer@ucsd.edu
616 CompuServe Ed Isaacs, Brian Biggs SYSADM@csi.compuserve.com
617 Telstra - OTC Australia
Peter Hanselmann peterhan@turin.research.otc.com.au
618 Westinghouse Electric Corp.
Ananth Kupanna ananth@access.digex.com
619 DGA Ltd. Tom L. Willis twillis@pintu.demon.co.uk
620 Elegant Communications Inc.
Robert Story Robert.Story@Elegant.COM
621 Experdata Claude Lubin clubin@expdat.gna.org
622 Unisource Business Networks Sweden AB
Goran Sterner gsr@tip.net
623 Molex, Inc. Steven Joffe molex@mcimail.com
624 Quay Financial Software Mick Fleming mickf@quay.ie
625 VMX Inc. Joga Ryali joga@vmxi.cerfnet.com
626 Hypercom, Inc. Noor Chowdhury (602) 548-2113
627 University of Guelph Kent Percival Percival@CCS.UoGuelph.CA
628 DIaLOGIKa Juergen Jungfleisch 0 68 97 9 35-0
629 NBASE Switch Communication
Sergiu Rotenstein 75250.1477@compuserve.com
630 Anchor Datacomm B.V. Erik Snoek sdrierik@diamond.sara.nl

631 PACDATA John Reed johnr@hagar.pacdata.com
632 University of Colorado Evi Nemeth evi@cs.colorado.edu
633 Tricom Communications Limited
Robert Barrett 0005114429@mcimail.com
634 Santix Software GmbH
Michael Santifaller santi%mozart@santix.guug.de
635 FastComm Communications Corp.
Bill Flanagan 70632.1446@compuserve.com
636 The Georgia Institute of Technology
Michael Mealling michael.mealling@oit.gatech.edu
637 Alcatel Data Networks
Douglas E. Johnson doug.e.johnson@adn.sprint.com
638 GTECH Brian Ruptash bar@gtech.com
639 UNOCAL Corporation Peter Ho ho@unocal.com
640 First Pacific Network Randy Hamilton 408-703-2763
641 Lexmark International Don Wright don@lexmark.com
642 Qnix Computer Sang Weon, Yoo swyoo@qns.qnix.co.kr
643 Jigsaw Software Concepts (Pty) Ltd.
Willem van Biljon wvb@itu2.sun.ac.za
644 VIR, Inc. Mark Cotton (215) 364-7955
645 SFA Datacomm Inc. Don Lechthaler lech@world.std.com
646 SEIKO Telecommunication Systems, Inc.
Lyn T. Robertson (503) 526-5638
647 Unified Management Andy Barnhouse (612) 561-4944
648 RADLINX Ltd. Ady Lifshes ady%rndi@uunet.uu.net
649 Microplex Systems Ltd. Henry Lee hyl@microplex.com
650 Objecta Elektronik & Data AB Johan Finnved jf@objecta.se
651 Phoenix Microsystems Bill VerSteeg bvs@ver.com
652 Distributed Systems International, Inc.
Ron Mackey rem@dsiinc.com
653 Evolving Systems, Inc. Judith C. Bettinger judy@evolving.com
654 SAT GmbH Walter Eichelburg 100063.74@compuserve.com
655 CeLAN Technology, Inc. Mark Liu 886--35-772780
656 Landmark Systems Corp.
Steve Sonnenberg steves@socrates.umd.edu
657 Netone Systems Co., Ltd.
YongKui Shao syk@new-news.netone.co.jp
658 Loral Data Systems Jeff Price jprice@cps070.lds.loral.com
659 Cellware Broadband Technology Michael Roth mike@cellware.de
660 Mu-Systems Gaylord Miyata miyata@world.std.com
661 IMC Networks Corp. Jerry Roby (714) 724-1070
662 Octel Communications Corp. Alan Newman (408) 321-5182
663 RIT Technologies LTD. Ghiora Drori drori@dcl.hellnet.org
664 Adtran Jeff Wells 205-971-8000
665 PowerPlay Technologies, Inc. Ray Caruso rayman@csn.org
666 Oki Electric Industry Co., Ltd.
Shigeru Urushibara uru@cs1.cs.oki.co.jp
667 Specialix International Jeremy Rolls jeremyr@specialix.co.uk

668 INESC (Instituto de Engenharia de Sistemas e Computadores)
Pedro Ramalho Carlos prc@inesc.pt
669 Globalnet Communications Real Barriere (514) 651-6164
670 Product Line Engineer SVEC Computer Corp.
Rich Huang msumgr@enya.cc.fcu.edu.tw
671 Printer Systems Corp. Bill Babson bill@prsys.com
672 Contec Micro Electronics USA David Sheih (408) 434-6767
673 Unix Integration Services Chris Howard chris@uis.com
674 Dell Computer Corporation Steven Blair sblair@dell.com
675 Whittaker Electronic Systems Michael McCune mccune@cerf.net
676 QPSX Communications David Pascoe davidp@qpsx.oz.au
677 Loral WDl Mike Aronson Mike_Aronson@msgate.wdl.loral.com
678 Federal Express Corp. Randy Hale (901) 369-2152
679 E-COMMS Inc. Harvey Teale (206) 857-3399
680 Software Clearing House Tom Caris ca@sch.com
681 Antlow Computers LTD. C. R. Bates 44-635-871829
682 Emcom Corp. Mike Swartz emcom@cerf.net
683 Extended Systems, Inc.
Al Youngwerth alberty@tommy.extendsys.com
684 Sola Electric Mike Paulsen (708) 439-2800
685 Esix Systems, Inc. Anthony Chung esix@esix.tony.com
686 3M/MMM Chris Amley ccamley@mmm.com
687 Cylink Corp. Ed Chou ed@cylink.com
688 Znyx Advanced Systems Division, Inc.
Alan Deikman aland@netcom.com
689 Texaco, Inc. Jeff Lin linj@Texaco.com
690 McCaw Cellular Communication Corp. Tri Phan tri.phan@mccaw.com
691 ASP Computer Product Inc. Elise Moss 71053.1066@compuserve.com
692 HiPerformance Systems Mike Brien +27-11-806-1000
693 Regionales Rechenzentrum
Sibylle Schweizer unrz54@daphne.rrze.uni-erlangen.de
694 SAP AG Dr. Uwe Hommel +49 62 27 34 0
695 ElectroSpace System Inc.
Dr. Joseph Cleveland e03353@esitx.esi.org
696 ( Unassigned )
697 MultiPort Software Reuben Sivan 72302.3262@compuserve.com
698 Combinet, Inc. Samir Sawhney samir@combinet.com
699 TSCC Carl Wist carlw@tscc.com
700 Teleos Communications Inc. Bill Nayavich wln@teleoscom.com
701 Alta Research Amy Saperstein (305) 428-8535
702 Independence Blue Cross Bill Eshbach esh@ibx.com
703 ADACOM Station Interconnectivity LTD.
Itay Kariv +9 72 48 99 89 9
704 MIROR Systems Frank Kloes +27 12 911 0003
705 Merlin Gerin Adam Stolinski (714) 557-1637 x249
706 Owen-Corning Fiberglas Tom Mann mann.td@ocf.compuserve.com
707 Talking Networks Inc. Terry Braun tab@lwt.mtxinu.com
708 Cubix Corporation Rebekah Marshall (702) 883-7611

709 Formation Inc. Bob Millis bobm@formail.formation.com
710 Lannair Ltd. Pablo Brenner pablo@lannet.com
711 LightStream Corp. Chris Chiotasso chris@lightstream.com
712 LANart Corp. Doron I. Gartner doron@lanart.com
713 University of Stellenbosch Graham Phillips phil@cs.sun.ac.za
714 Wyse Technology Bill Rainey bill@wyse.com
715 DSC Communications Corp. Colm Bergin cbergin@cpdsc.com
716 NetEc Thomas Krichel netec@uts.mcc.ac.uk
717 Breltenbach Software Engineering Hilmar Tuneke +02 92 49 70 00
718 Victor Company of Japan,Limited
Atsushi Sakamoto 101176.2703@compuserve.com
719 Japan Direx Corporation Teruo Tomiyama +81 3 3498 5050
720 NECSY Network Control Systems S.p.A. Piero Fiozzo fip@necsy.it
721 ISDN Systems Corp. Jeff Milloy p00633@psilink.com
722 Zero-One Technologies, LTD. Curt Chen + 88 62 56 52 32 33
723 Radix Technologies, Inc. Steve Giles giless@delphi.com
724 National Institute of Standards and Technology
Jim West west@mgmt3.ncsl.nist.gov
725 Digital Technology Inc. Chris Gianattasio gto@lanhawk.com
726 Castelle Corp. Waiming Mok wmm@castelle.com
727 Presticom Inc. Martin Dube 76270.2672@compuserve.com
728 Showa Electric Wire & Cable Co., Ltd.
Robert O'Grady kfn@tanuki.twics.co.jp
729 SpectraGraphics Jack Hinkle hinkle@spectra.com
730 Connectware Inc. Rick Downs rxd4@acsysinc.com
731 Wind River Systems Emily Hipp hipp@wrs.com
732 RADWAY International Ltd. Doron Kolton 0005367977@mcimail.com
733 System Management ARTS, Inc. Alexander Dupuy dupuy@smarts.com
734 Persoft, Inc. Steven M. Entine entine@pervax.persoft.com
735 Xnet Technology Inc. Esther Chung estchung@xnet-tech.com
736 Unison-Tymlabs Dean Andrews ada@unison.com
737 Micro-Matic Research Patrick Lemli 73677.2373@compuserve.com
738 B.A.T.M. Advance Technologies
Nahum Killim bcrystal@actcom.co.il
739 University of Copenhagen Kim H|glund shotokan@diku.dk
740 Network Security Systems, Inc.
Carleton Smith rpitt@nic.cerf.net
741 JNA Telecommunications Sean Cody seanc@jna.com.au
742 Encore Computer Corporation Tony Shafer tshafer@encore.com
743 Central Intelligent Agency Carol Jobusch 703 242-2485
744 ISC (GB) Limited Mike Townsend miket@cix.compulink.co.uk
745 Digital Communication Associates Ravi Shankar shankarr@dca.com
746 CyberMedia Inc. Unni Warrier unni@cs.ucla.edu
747 Distributed Systems International, Inc.
Ron Mackey rem@dsiinc.com
748 Peter Radig EDP-Consulting Peter Radig +49 69 9757 6100
749 Vicorp Interactive Systems Phil Romine phil@vis.com
750 Inet Inc. Bennie Lopez brl@inetinc.com

751 Argonne National Laboratory Michael Shaffer mashaffer@anl.gov
752 Tek Logix Peter Palsall 905 625-4121
753 North Western University Phil Draughon jpd@nwu.edu
754 Astarte Fiber Networks James Garnett garnett@catbelly.com
755 Diederich & Associates, Inc.
Douglas Capitano dlcapitano@delphi.com
756 Florida Power Corporation Bob England rengland@fpc.com
757 ASK/INGRES Howard Dernehl howard@ingres.com
758 Open Network Enterprise Spada Stefano +39 39 245-8101
759 The Home Depot Keith Porter ktp01@homedepot.com
760 Pan Dacom Telekommunikations Jens Andresen +49 40 644 09 71
761 NetTek Steve Kennedy steve@gbnet.com
762 Karlnet Corp. Doug Kall kbridge@osu.edu
763 Efficient Networks, Inc. Thirl Johnson (214) 991-3884
764 Fiberdata Jan Fernquist +46 828 8383
765 Lanser Emil Smilovici (514) 485-7104
766 Telebit Communications A/S Peder Chr. Norgaard pcn@tbit.dk
767 HILAN GmbH Markus Pestinger markus@lahar.ka.sub.org
768 Network Computing Inc.
Fredrik Noon fnoon@ncimail.mhs.compuserve.com
769 Walgreens Company Denis Renaud (708) 818-4662
770 Internet Initiative Japan Inc. Toshiharu Ohno tony-o@iij.ad.jp
771 GP van Niekerk Ondernemings
Gerrit van Niekerk gvanniek@dos-lan.cs.up.ac.za
772 DSP & Telecoms Research Group
Patrick McGleenon p.mcgleenon@ee.queens-belfast.ac.uk
773 Securities Industry Automation Corporation
Chiu Szeto cszeto@prism.poly.edu
774 SYNaPTICS David Gray david@synaptics.ie
775 Data Switch Corporation Joe Welfeld jwelfeld@dasw.com
776 Telindus Distribution Karel Van den Bogaert kava@telindus.be
777 MAXM Systems Corporation Gary Greathouse ggreathouse@maxm.com
778 Fraunhofer Gesellschaft
Jan Gottschick jan.gottschick@isst.fhg.de
779 EQS Business Services Ken Roberts kroberts@esq.com
780 CNet Technology Inc. Repus Hsiung idps17@shts.seed.net.tw
781 Datentechnik GmbH Thomas Pischinger +43 1 50100 266
782 Network Solutions Inc. Dave Putman davep@netsol.com
783 Viaman Software Vikram Duvvoori info@viman.com
784 Schweizerische Bankgesellschaft Zuerich
Roland Bernet Roland.Bernet@zh014.ubs.ubs.ch
785 University of Twente - TIOS Aiko Pras pras@cs.utwente.nl
786 Simplesoft Inc. Sudhir Pendse sudhir@netcom.com
787 Stony Brook, Inc. Ken Packert p01006@psilink.com
788 Unified Systems Solutions, Inc.
Steven Morgenthal smorgenthal@attmail.com
789 Network Appliance Corporation
Varun Mehta varun@butch.netapp.com

790 Ornet Data Communication Technologies Ltd.
Haim Kurz haim@ornet.co.il
791 Computer Associates International
Glenn Gianino giagl01@usildaca.cai.com
792 Multipoint Network Inc. Michael Nguyen mike@multipoint.com
793 NYNEX Science & Technology Lily Lau llau@nynexst.com
794 Commercial Link Systems Wiljo Heinen wiljo@freeside.cls.de
795 Adaptec Inc. Tom Battle tab@lwt.mtxinu.com
796 Softswitch Charles Springer cjs@ssw.com
797 Link Technologies, Inc. Roy Chu royc@wyse.com
798 IIS Olry Rappaport iishaifa@attmail.com
799 Mobile Solutions Inc. Dale Shelton dshelton@srg.srg.af.mil
800 Xylan Corp. Burt Cyr burt@xylan.com
801 Airtech Software Forge Limited
Callum Paterson tsf@cix.compulink.co.uk
802 National Semiconductor Maurice Turcotte mturc@atlanta.nsc.com
803 Video Lottery Technologies Angelo Lovisa ange@awd.cdc.com
804 National Semiconductor Corp Waychi Doo wcd@berlioz.nsc.com
805 Applications Management Corp
Terril (Terry) Steichen tjs@washington.ssds.com
806 Travelers Insurance Company Eric Miner ustrv67v@ibmmail.com
807 Taiwan International Standard Electronics Ltd.
B. J. Chen bjchen@taisel.com.tw
808 US Patent and Trademark Office Rick Randall randall@uspto.gov
809 Hynet, LTD. Amir Fuhrmann amf@teleop.co.il
810 Aydin, Corp. Rick Veher (215) 657-8600
811 ADDTRON Technology Co., LTD. Tommy Tasi +8 86-2-4514507
812 Fannie Mae David King s4ujdk@fnma.com
813 MultiNET Services Hubert Martens martens@multinet.de
814 GECKO mbH Holger Dopp hdo@gecko.de
815 Memorex Telex Mike Hill hill@raleng.mtc.com
816 Advanced Communications Networks (ACN) SA
Antoine Boss +41 38 247434
817 Telekurs AG Jeremy Brookfield bkj@iris.F2.telekurs.ch
818 Victron bv Jack Stiekema jack@victron.nl
819 CF6 Company Francois Caron +331 4696 0060
820 Walker Richer and Quinn Inc.
Rebecca Higgins rebecca@elmer.wrq.com
821 Saturn Systems Paul Parker paul_parker@parker.fac.cs.cmu.edu
822 Mitsui Marine and Fire Insurance Co. LTD.
Kijuro Ikeda +813 5389 8111
823 Loop Telecommunication International, Inc.
Charng-Show Li +886 35 787 696
824 Telenex Corporation James Krug (609) 866-1100
825 Bus-Tech, Inc. Charlie Zhang chun@eecs.cory.berkley.edu
826 ATRIE Fred B.R. Tuang cmp@fddi3.ccl.itri.org.tw
827 Gallagher & Robertson A/S Arild Braathen arild@gar.no
828 Networks Northwest, Inc. John J. Hansen jhansen@networksnw.com

829 Conner Peripherials Richard Boyd rboyd@mailserver.conner.com
830 Elf Antar France P. Noblanc +33 1 47 44 45 46
831 Lloyd Internetworking Glenn McGregor glenn@lloyd.com
832 Datatec Industries, Inc. Chris Wiener cwiener@datatec.com
833 TAICOM Scott Tseng cmp@fddi3.ccl.itri.org.tw
834 Brown's Operating System Services Ltd.
Alistair Bell alistair@ichthya.demon.co.uk
835 MiLAN Technology Corp. Gopal Hegde gopal@milan.com
836 NetEdge Systems, Inc. Dave Minnich Dave_Minnich@netedge.com
837 NetFrame Systems George Mathew george_mathew@netframe.com
838 Xedia Corporation Colin Kincaid colin%madway.uucp@dmc.com
839 Pepsi Niraj Katwala niraj@netcom.com
840 Tricord Systems, Inc. Mark Dillon mdillon@tricord.mn.org
841 Proxim Inc. Russ Reynolds proxim@netcom.com
842 Applications Plus, Inc. Joel Estes joele@hp827.applus.com
843 Pacific Bell Aijaz Asif saasif@srv.PacBell.COM
844 Supernet Sharon Barkai sharon@supernet.com
845 TPS-Teleprocessing Systems Manfred Gorr gorr@tpscad.tps.de
846 Technology Solutions Company Niraj Katwala niraj@netcom.com
847 Computer Site Technologies Tim Hayes (805) 967-3494
848 NetPort Software John Bartas jbartas@sunlight.com
849 Alon Systems Menachem Szus 70571.1350@compuserve.com
850 Tripp Lite Lawren Markle 72170.460@compuserve.com
851 NetComm Limited
Paul Ripamonti paulri@msmail.netcomm.pronet.com
852 Precision Systems, Inc. (PSI)
Fred Griffin cheryl@empiretech.com
853 Objective Systems Integrators Ed Reeder Ed.Reeder@osi.com
854 Simpact Associates Inc.
Robert Patterson bpatterson@dcs.simpact.com
855 Systems Enhancement Corporation
Steve Held 71165.2156@compuserve.com
856 Information Integration, Inc. Gina Sun iiii@netcom.com
857 CETREL S.C. Louis Reinard ssc-re@cetrel.lu
858 ViaTech Development
Theodore J. Collins III ted.collins@vtdev.mn.org
859 Olivetti North America Tom Purcell tomp@mail.spk.olivetti.com
860 WILMA Nikolaus Schaller hns@ldv.e-technik.tu-muenchen.de
861 ILX Systems Inc. Peter Mezey peterm@ilx.com
862 Total Peripherals Inc. Mark Ustik (508) 393-1777
863 SunNetworks Consultant John Brady jbrady@fedeast.east.sun.com
864 Arkhon Technologies, Inc. Joe Wang rkhon@nic.cerf.net
865 Computer Sciences Corporation
George M. Dands dands@sed.csc.com
866 Philips.TRT Thibault Muchery +33 14128 7000
867 Katron Technologies Inc. Robert Kao +88 627 991 064
868 Transition Engineering Inc.
Hemant Trivedi hemant@transition.com

869 Altos Engineering Applications, Inc.
Wes Weber or Dave Erhart altoseng@netcom.com
870 Nicecom Ltd. Arik Ramon arik@nicecom.nice.com
871 Fiskars/Deltec Carl Smith (619) 291-2973
872 AVM GmbH Andreas Stockmeier stocki@avm-berlin.de
873 Comm Vision Richard Havens (408) 923 0301 x22
874 Institute for Information Industry
Peter Pan peterpan@pdd.iii.org.tw
875 Legent Corporation Gary Strohm gstrohm@legent.com
876 Network Automation Doug Jackson +64 6 285 1711
877 NetTech Marshall Sprague marshall@nettech.com
878 Coman Data Communications Ltd.
Zvi Sasson coman@nms.cc.huji.ac.il
879 Skattedirektoratet Karl Olav Wroldsen +47 2207 7162
880 Client-Server Technologies Timo Metsaportti timo@itf.fi
881 Societe Internationale de Telecommunications Aeronautiques
Chuck Noren chuck.noren@es.atl.sita.int
882 Maximum Strategy Inc. Paul Stolle pstolle@maxstrat.com
883 Integrated Systems, Inc. Michael Zheng mz@isi.com
884 E-Systems, Melpar Rick Silton rsilton@melpar.esys.com
885 Reliance Comm/Tec Mark Scott 73422.1740@compuserve.com
886 Summa Four Inc. Paul Nelson (603) 625-4050
887 J & L Information Systems Rex Jackson (818) 709-1778
888 Forest Computer Inc. Dave Black dave@forest.com
889 Palindrome Corp. Jim Gast jgast@palindro.mhs.compuserve.com
890 ZyXEL Communications Corp. Harry Chou howie@csie.nctu.edu.tw
891 Network Managers (UK) Ltd, Mark D Dooley mark@netmgrs.co.uk
892 Sensible Office Systems Inc. Pat Townsend (712) 276-0034
893 Informix Software Anthony Daniel anthony@informix.com
894 Dynatek Communications Howard Linton (703) 490-7205
895 Versalynx Corp. Dave Fisler (619) 536-8023
896 Potomac Scheduling Communications Company
David Labovitz del@access.digex.net
897 Sybase Inc. Dave Meldrum meldrum@sybase.com
898 DiviCom Inc. Eyal Opher eyal@divi.com
899 Datus elektronische Informationssysteme GmbH
Hubert Mertens marcus@datus.uucp
900 Matrox Electronic Systems Limited
Marc-Andre Joyal marc-andre.joyal@matrox.com
901 Digital Products, Inc. Ross Dreyer rdreyer@digprod.com
902 Scitex Corp. Ltd. Yoav Chalfon yoav_h@ird.scitex.com
903 RAD Vision Oleg Pogorelik radvis@vax.trendline.co.il
904 Tran Network Systems Paul Winkeler paulw@revco.com
905 Scorpion Logic Sean Harding +09 2324 5672
906 Inotech Inc. Eric Jacobs (703) 641-0469
907 Controlled Power Co. Yu Chin 76500,3160@compuserve.com
908 Elsag Bailey Incorporate Derek McKearney mckearney@bailey.com
909 J.P. Morgan Chung Szeto szeto_chung@jpmorgan.com

910 Clear Communications Corp. Kurt Hall khall@clear.com
911 General Technology Inc. Perry Rockwell (407) 242-2733
912 Adax Inc. Jory Gessow jory@adax.com
913 Mtel Technologies, Inc. Jon Robinson 552-3355@mcimail.com
914 Underscore, Inc. Jeff Schnitzer jds@underscore.com
915 SerComm Corp. Ben Lin +8 862-577-5400
916 Baxter Healthcare Corporation
Joseph Sturonas sturonaj@mpg.mcgawpark.baxter.com
917 Tellus Technology Ron Cimorelli (510) 498-8500
918 Continuous Electron Beam Accelerator Facility
Paul Banta banta@cebaf.gov
919 Canoga Perkins Margret Siska (818) 718-6300
920 R.I.S Technologies Fabrice Lacroix +33 7884 6400
921 INFONEX Corp. Kazuhiro Watanabe kazu@infonex.co.jp
922 WordPerfect Corp. Douglas Eddy eddy@wordperfect.com
923 NRaD Russ Carleton roccor@netcom.com
924 Hong Kong Telecommunications Ltd. K. S. Luk +8 52 883 3183
925 Signature Systems Doug Goodall goodall@crl.com
926 Alpha Technologies LTD. Guy Pothiboon (604) 430-8908
927 PairGain Technologies, Inc. Ken Huang kenh@pairgain.com
928 Sonic Systems Sudhakar Ravi sudhakar@sonicsys.com
929 Steinbrecher Corp. Kary Robertson krobertson@delphi.com
930 Centillion Networks, Inc. Derek Pitcher derek@lanspd.com
931 Network Communication Corp.
Tracy Clark ncc!central!tracyc@netcomm.attmail.com
932 Sysnet A.S. Carstein Seeberg case@sysnet.no
933 Telecommunication Systems Lab Gerald Maguire maguire@it.kth.se
934 QMI Scott Brickner (410) 573-0013
935 Phoenixtec Power Co., LTD. An-Hsiang Tu +8 862 646 3311
936 Hirakawa Hewtech Corp. H. Ukaji lde02513@niftyserve.or.jp
937 No Wires Needed B.V. Arnoud Zwemmer roana@cs.utwente.nl
938 Primary Access Kerstin Lodman lodman@priacc.com
939 Enterprises.FDSW Dag Framstad dag.framstad@fdsw.no
940 Grabner & Kapfer GnbR Vinzenz Grabner zen@wsr.ac.att
941 Nemesys Research Ltd. Michael Dixon mjd@nemesys.co.uk
942 Pacific Communication Sciences, Inc. (PSCI)
Yvonne Kammer mib-contact@pcsi.com
943 Level One Communications, Inc.
Moshe Kochinski moshek@level1.com
944 Fast Track, Inc. Andrew H. Dimmick adimmick@world.std.com
945 Andersen Consulting, OM/NI Practice
Greg Tilford p00919@psilink.com
946 Bay Technologies Pty Ltd. Paul Simpson pauls@baytech.com.au
947 Integrated Network Corp. Daniel Joffe wandan@integnet.com
948 Epoch, Inc. David Haskell deh@epoch.com
949 Wang Laboratories Inc. Pete Reilley pvr@wiis.wang.com
950 Polaroid Corp. Sari Germanos sari@temerity.polaroid.com
951 Sunrise Sierra Gerald Olson (510) 443-1133

952 Silcon Group Bjarne Bonvang +45 75 54 22 55
953 Coastcom Donald Pickerel dpickere@netcom.com
954 4th DIMENSION SOFTWARE LTD.
Thomas Segev/Ely Hofner autumn@zeus.datasrv.co.il
955 SEIKO SYSTEMS Inc. Kiyoshi Ishida ishi@ssi.co.jp
956 PERFORM Jean-Hugues Robert +33 42 27 29 32
957 TV/COM International Jean Tellier (619) 675-1376
958 Network Integration, Inc.
Scott C. Lemon slemon@nii.mhs.compuserve.com
959 Sola Electric, A Unit of General Signal
Bruce Rhodes 72360,2436@compuserve.com
960 Gradient Technologies, Inc. Geoff Charron geoff@gradient.com
961 Tokyo Electric Co., Ltd. A. Akiyama +81 558 76 9606
962 Codonics, Inc. Joe Kulig jjk@codonics.com
963 Delft Technical University Mark Schenk m.schenk@ced.tudelft.nl
964 Carrier Access Corp. Roger Koenig tomquick@carrier.com
965 eoncorp Barb Wilson wilsonb@eon.com
966 Naval Undersea Warfare Center
Mark Lovelace lovelace@mp34.nl.nuwc.navy.mil
967 AWA Limited Mike Williams +61 28 87 71 11
968 Distinct Corp. Tarcisio Pedrotti tarci@distinct.com
969 National Technical University of Athens
Theodoros Karounos karounos@phgasos.ntua.gr
970 BGS Systems, Inc. Amr Hafez amr@bgs.com
971 McCaw Wireless Data Inc. Brian Bailey bbailey@airdata.com
972 Bekaert Koen De Vleeschauwer kdv@bekaert.com
973 Epic Data Inc. Vincent Lim vincent_lim@epic.wimsey.com
974 Prodigy Services Co. Ed Ravin elr@wp.prodigy.com
975 First Pacific Networks (FPN) Randy Hamilton randy@fpn.com
976 Xylink Ltd. Bahman Rafatjoo 100117.665@compuserve.com
977 Relia Technologies Corp. Fred Chen fredc@relia1.relia.com.tw
978 Legacy Storage Systems Inc.
James Hayes james@lss-chq.mhs.compuserve.com
979 Digicom, SPA Claudio Biotti +39 3312 0 0122
980 Ark Telecom Alan DeMars alan@arktel.com
981 National Security Agency (NSA)
Cynthia Stewart maedeen@romulus.ncsc.mil
982 Southwestern Bell Corporation
Brian Bearden bb8840@swuts.sbc.com
983 Virtual Design Group, Inc.
Chip Standifer 70650.3316@compuserve.com
984 Rhone Poulenc Olivier Pignault +33 1348 2 4053
985 Swiss Bank Corporation Neil Todd toddn@gb.swissbank.com
986 ATEA N.V. Walter van Brussel p81710@banyan.atea.be
987 Computer Communications Specialists, Inc.
Carolyn Zimmer cczimmer@crl.com
988 Object Quest, Inc. Michael L. Kornegay mlk@bir.com
989 DCL System International, Ltd. Gady Amit gady-a@dcl-see.co.il

990 SOLITON SYSTEMS K.K. Masayuki Yamai +81 33356 6091
991 U S Software Don Dunstan ussw@netcom.com
992 Systems Research and Applications Corporation
Todd Herr herrt@smtplink.sra.com
993 University of Florida Todd Hester todd@circa.ufl.edu
994 Dantel, Inc. John Litster (209) 292-1111
995 Multi-Tech Systems, Inc. Dale Martenson (612) 785-3500 x519
996 Softlink Ltd. Moshe Leibovitch softlink@zeus.datasrv.co.il
997 ProSum Christian Bucari +33.1.4590.6231
998 March Systems Consultancy, Ltd.
Ross Wakelin r.wakelin@march.co.uk
999 Hong Technology, Inc. Walt Milnor brent@oceania.com
1000 Internet Assigned Numbers Authority iana@isi.edu
1001 PECO Energy Co. Rick Rioboli u002rdr@peco.com
1002 United Parcel Service Steve Pollini nrd1sjp@nrd.ups.com
1003 Storage Dimensions, Inc. Michael Torhan miketorh@xstor.com
1004 ITV Technologies, Inc. Jacob Chen itv@netcom.com
1005 TCPSI Victor San Jose Victor.Sanjose@sp1.y-net.es
1006 Promptus Communications, Inc. Paul Fredette (401) 683-6100
1007 Norman Data Defense Systems
Kristian A. Bognaes norman@norman.no
1008 Pilot Network Services, Inc. Rob Carrade carrade@pilot.net
1009 Integrated Systems Solutions Corporation
Chris Cowan cc@austin.ibm.com
1010 SISRO Kamp Alexandre 100074.344@compuserve.com
1011 NetVantage Kevin Bailey speed@kaiwan.com
1012 Marconi S.p.A. Giuseppe Grasso gg@relay.marconi.it
1013 SURECOM Mike S. T. Hsieh +886.25.92232
1014 Royal Hong Kong Jockey Club
Edmond Lee 100267.3660@compuserve.com
1015 Gupta Howard Cohen hcohen@gupta.com
1016 Tone Software Corporation Neil P. Harkins (714) 991-9460
1017 Opus Telecom Pace Willisson pace@blitz.com
1018 Cogsys Ltd. Niall Teasdale niall@hedgehog.demon.co.uk
1019 Komatsu, Ltd. Akifumi Katsushima +81 463.22.84.30
1020 ROI Systems, Inc Michael Wong (801) 942-1752
1021 Lightning Instrumentation SA Mike O'Dowd odowd@lightning.ch
1022 TimeStep Corp. Stephane Lacelle slacelle@newbridge.com
1023 INTELSAT Ivan Giron i.giron@intelsat.int
1024 Network Research Corporation Japan, Ltd.
Tsukasa Ueda 100156.2712@compuserve.com
1025 Relational Development, Inc. Steven Smith rdi@ins.infonet.net
1026 Emerald Systems, Corp. Robert A. Evans Jr. (619) 673-2161 x5120
1027 Mitel, Corp. Tom Quan tq@software.mitel.com
1028 Software AG Peter Cohen sagpc@sagus.com
1029 MillenNet, Inc. Manh Do (510) 770-9390
1030 NK-EXA Corp. Ken'ichi Hayami hayami@dst.nk-exa.co.jp
1031 BMC Software Chris Sharp csharp@patrol.com

1032 StarFire Enterprises, Inc. Lew Gaiter lg@starfire.com
1033 Hybrid Networks, Inc. Doug Muirhead dougm@hybrid.com
1034 Quantum Software GmbH Thomas Omerzu omerzu@quantum.de
1035 Openvision Technologies Limited
Andrew Lockhart alockhart@openvision.co.uk
1036 Healthcare Communications, Inc. (HCI)
Larry Streepy streepy@healthcare.com
1037 SAIT Systems Hai Dotu +3223.7053.11
1038 SAT Mleczko Alain +33.1.4077.1156
1039 CompuSci Inc., Bob Berry bberry@compusci.com
1040 Aim Technology Ganesh Rajappan ganeshr@aim.com
1041 CIESIN Kalpesh Unadkat kalpesh@ciesin.org
1042 Systems & Technologies International
Howard Smith ghamex@aol.com
1043 Israeli Electric Company (IEC) Yoram Harlev yoram@yor.iec.co.il
1044 Phoenix Wireless Group, Inc.
Gregory M. Buchanan buchanan@pwgi.com
1045 SWL Bill Kight wkightgrci.com (410) 290.7245
1046 nCUBE Greg Thompson gregt@ncube.com
1047 Cerner, Corp. Dennis Avondet (816) 221.1024 X2432
1048 Andersen Consulting Mark Lindberg mlindber@andersen.com
1049 Lincoln Telephone Company Bob Morrill root@si6000.ltec.com
1050 Acer Jay Tao jtao@Altos.COM
1051 Cedros Juergen Haakert +49.2241.9701.80
1052 AirAccess Ido Ophir 100274.365@compuserve.com
1053 Expersoft Corporation David Curtis curtis@expersoft.com
1054 Eskom Sanjay Lakhani h00161@duvi.eskom.co.za
1055 SBE, Inc. Vimal Vaidya vimal@sbei.com
1056 EBS, Inc. Emre Gundogan baroque@ebs.com
1057 American Computer and Electronics, Corp.
Tom Abraham tha@acec.com
1058 Syndesis Limited Wil Macaulay wil@syndesis.com
1059 Isis Distributed Systems, Inc. Ken Chapman kchapman@isis.com
1060 Priority Call Management Greg Schumacher gregs@world.std.com
1061 Koelsch & Altmann GmbH
Christian Schreyer 100142.154@compuserve.com
1062 WIPRO INFOTECH LTD. Chandrashekar Kapse kapse@wipinfo.soft.net
1063 Controlware Uli Blatz ublatz@cware.de
1064 Mosaic Software W.van Biljon willem@mosaic.co.za
1065 Canon Information Systems
Victor Villalpando vvillalp@cisoc.canon.com
1066 AmericaOnline Andrew R. Scholnick andrew@aol.net
1067 Whitetree Network Technologies, Inc.
Carl Yang cyang@whitetree.com
1068 Xetron Corp. Dave Alverson davea@xetron.com
1069 Target Concepts, Inc. Bill Price bprice@tamu.edu
1070 DMH Software Yigal Hochberg 72144.3704@compuserve.com
1071 Innosoft International, Inc. Jeff Allison jeff@innosoft.com

1072 Controlware GmbH Uli Blatz ublatz@cware.de
1073 Telecommunications Industry Association (TIA)
Mike Youngberg mikey@synacom.com
1074 Boole & Babbage Rami Rubin rami@boole.com
1075 System Engineering Support, Ltd. Vince Taylor +44 454.614.638
1076 SURFnet Ton Verschuren Ton.Verschuren@surfnet.nl
1077 OpenConnect Systems, Inc. Mark Rensmeyer mrensme@oc.com
1078 PDTS (Process Data Technology and Systems)
Martin Gutenbrunner GUT@pdts.mhs.compuserve.com
1079 Cornet, Inc. Nat Kumar (703) 658-3400
1080 NetStar, Inc. John K. Renwick jkr@netstar.com
1081 Semaphore Communications, Corp. Jimmy Soetarman (408) 980-7766
1082 Casio Computer Co., Ltd. Shouzo Ohdate ohdate@casio.co.jp
1083 CSIR Frikkie Strecker fstreck@marge.mikom.csir.co.za
1084 APOGEE Communications Olivier Caleff caleff@apogee-com.fr
1085 Information Management Company Michael D. Liss mliss@imc.com
1086 Wordlink, Inc. Mike Aleckson (314) 878-1422
1087 PEER Avinash S. Rao arao@cranel.com
1088 Telstra Corp. Michael Scollay michaels@ind.tansu.com.au
1089 Net X, Inc. Sridhar Kodela techsupp@netx.unicomp.net
1090 PNC PLC Gordon Tees +44 716.061.200

To request an assignment of an Enterprise Number send the complete
company name, address, and phone number; and the contact's person
complete name, address, phone number, and email mailbox in an email
message to <iana-mib@isi.edu>.

[]

URL = ftp://ftp.isi.edu/in-notes/iana/assignments/enterprise-numbers

SGMP Vendor Specific Codes: [obsolete]

Prefix: 1,255,

Decimal Name References
------- ---- ----------
0 Reserved [JKR1]
1 Proteon [JS18]
2 IBM [JXR]
3 CMU [SXW]
4 Unix [MS9]
5 ACC [AB20]
6 TWG [MTR]
7 CAYMAN [BXM2]
8 NYSERNET [MS9]
9 cisco [GS2]
10 BBN [RH6]
11 Unassigned [JKR1]
12 MIT [JR35]
13-254 Unassigned [JKR1]
255 Reserved [JKR1]

[]

URL = ftp://ftp.isi.edu/in-notes/iana/assignments/sgmp-vendor-specific-
codes

ADDRESS RESOLUTION PROTOCOL PARAMETERS

The Address Resolution Protocol (ARP) specified in [RFC826] has
several parameters. The assigned values for these parameters are
listed here.

REVERSE ADDRESS RESOLUTION PROTOCOL OPERATION CODES

The Reverse Address Resolution Protocol (RARP) specified in [RFC903]
uses the "Reverse" codes below.

DYNAMIC REVERSE ARP

The Dynamic Reverse Address Resolution Protocol (DRARP) uses the
"DRARP" codes below. For further information, contact: David Brownell
(suneast!helium!db@Sun.COM).

INVERSE ADDRESS RESOULUTION PROTOCOL

The Inverse Address Resolution Protocol (IARP) specified in [RFC1293]
uses the "InARP" codes below.

Assignments:

Number Operation Code (op) Reference
------ -------------------------- ---------
1 REQUEST [RFC826]
2 REPLY [RFC826]
3 request Reverse [RFC903]
4 reply Reverse [RFC903]
5 DRARP-Request [David Brownell]
6 DRARP-Reply [David Brownell]
7 DRARP-Error [David Brownell]
8 InARP-Request [RFC1293]
9 InARP-Reply [RFC1293]
10 ARP-NAK [Mark Laubach]

Number Hardware Type (hrd) References
------ ----------------------------------- ----------
1 Ethernet (10Mb) [JBP]
2 Experimental Ethernet (3Mb) [JBP]
3 Amateur Radio AX.25 [PXK]
4 Proteon ProNET Token Ring [JBP]
5 Chaos [GXP]
6 IEEE 802 Networks [JBP]
7 ARCNET [JBP]
8 Hyperchannel [JBP]
9 Lanstar [TU]

10 Autonet Short Address [MXB1]
11 LocalTalk [JKR1]
12 LocalNet (IBM PCNet or SYTEK LocalNET) [JXM]
13 Ultra link [RXD2]
14 SMDS [GXC1]
15 Frame Relay [AGM]
16 Asynchronous Transmission Mode (ATM) [JXB2]
17 HDLC [JBP]
18 Fibre Channel [Yakov Rekhter]
19 Asynchronous Transmission Mode (ATM) [Mark Laubach]
20 Serial Line [JBP]
21 Asynchronous Transmission Mode (ATM) [MXB1]

Protocol Type (pro)

Use the same codes as listed in the section called "Ethernet Numbers
of Interest" (all hardware types use this code set for the protocol
type).

REFERENCES

[RFC826] Plummer, D., "An Ethernet Address Resolution Protocol or
Converting Network Protocol Addresses to 48-bit Ethernet
Addresses for Transmission on Ethernet Hardware", STD 37, RFC
826, MIT-LCS, November 1982.

[RFC903] Finlayson, R., Mann, T., Mogul, J., and M. Theimer, "A
Reverse Address Resolution Protocol", STD 38, RFC 903,
Stanford University, June 1984.

[RFC1293] Bradley, T., and C. Brown, "Inverse Address Resolution
Protocol", RFC 1293, Wellfleet Communications, Inc.,
January 1992.

PEOPLE

[AGM] Andy Malis <malis_a@timeplex.com>

[GXC1] George Clapp <meritec!clapp@bellcore.bellcore.com>

[GXP] Gill Pratt <gill%mit-ccc@MC.LCS.MIT.EDU>

[JBP] Jon Postel <postel@isi.edu>

[JKR1] Joyce K. Reynolds <jkrey@isi.edu>

[JXM] Joseph Murdock <---none--->

[MXB1] Mike Burrows <burrows@SRC.DEC.COM>

[PXK] Philip Koch <Philip.Koch@DARTMOUTH.EDU>

[RXD2] Rajiv Dhingra <rajiv@ULTRA.COM>

[TU] Tom Unger <tom@CITI.UMICH>

[David Brownell]

[Mark Laubach]

[Yakov Rekhter] <Yakov@IBM.COM>

[]

URL = ftp://ftp.isi.edu/in-notes/iana/assignments/arp-parameters

IEEE 802 NUMBERS OF INTEREST

Some of the networks of all classes are IEEE 802 Networks. These
systems may use a Link Service Access Point (LSAP) field in much the
same way the MILNET uses the "link" field. Further, there is an
extension of the LSAP header called the Sub-Network Access Protocol
(SNAP).

The IEEE likes to describe numbers in binary in bit transmission
order, which is the opposite of the big-endian order used throughout
the Internet protocol documentation.

Assignments:

Link Service Access Point Description References
------------------------- ----------- ----------
IEEE Internet
binary binary decimal
00000000 00000000 0 Null LSAP [IEEE]
01000000 00000010 2 Indiv LLC Sublayer Mgt [IEEE]
11000000 00000011 3 Group LLC Sublayer Mgt [IEEE]
00100000 00000100 4 SNA Path Control [IEEE]
01100000 00000110 6 Reserved (DOD IP) [RFC768,JBP]
01110000 00001110 14 PROWAY-LAN [IEEE]
01110010 01001110 78 EIA-RS 511 [IEEE]
01111010 01011110 94 ISI IP [JBP]
01110001 10001110 142 PROWAY-LAN [IEEE]
01010101 10101010 170 SNAP [IEEE]
01111111 11111110 254 ISO CLNS IS 8473 [RFC926,JXJ]
11111111 11111111 255 Global DSAP [IEEE]

These numbers (and others) are assigned by the IEEE Standards Office.
The address is:

IEEE Registration Authority
c/o Iris Ringel
IEEE Standards Dept
445 Hoes Lane, P.O. Box 1331
Piscataway, NJ 08855-1331
Phone +1 908 562 3813
Fax: +1 908 562 1571

The fee is $1000 and it takes 10 working days after receipt of the
request form and fee. They will not do anything via fax or phone.

At an ad hoc special session on "IEEE 802 Networks and ARP", held
during the TCP Vendors Workshop (August 1986), an approach to a

consistent way to send DoD-IP datagrams and other IP related protocols
(such as the Address Resolution Protocol (ARP)) on 802 networks was
developed, using the SNAP extension (see [RFC1042]).

REFERENCES

[RFC768] Postel, J., "User Datagram Protocol", STD 6, RFC 768,
USC/Information Sciences Institute, August 1980.

[RFC926] International Standards Organization, "Protocol for Providing
the Connectionless-Mode Network Services", RFC 926, ISO,
December 1984.

[RFC1042] Postel, J., and J. Reynolds, "A Standard for the
Transmission of IP Datagrams over IEEE 802 Networks", STD
43, RFC 1042, USC/Information Sciences Institute, February
1988.

PEOPLE

[JBP] Jon Postel <postel@isi.edu>

[JXJ] <mystery contact>

[]

URL = ftp://ftp.isi.edu/in-notes/iana/assignments/ieee-802-numbers

ETHER TYPES

Many of the networks of all classes are Ethernets (10Mb) or
Experimental Ethernets (3Mb). These systems use a message "type"
field in much the same way the ARPANET uses the "link" field.

If you need an Ether Type, contact:

Xerox Systems Institute
3400 Hillview Ave.
PO BOX 10034
Palo Alto, CA 94303

Phone: 415-813-7164
Contact: Fonda Lix Pallone

The following list of EtherTypes is contributed unverified information
from various sources.

Assignments:

Ethernet Exp. Ethernet Description References
------------- ------------- ----------- ----------
decimal Hex decimal octal
000 0000-05DC - - IEEE802.3 Length Field [XEROX]
257 0101-01FF - - Experimental [XEROX]
512 0200 512 1000 XEROX PUP (see 0A00) [8,XEROX]
513 0201 - - PUP Addr Trans (see 0A01)[XEROX]
0400 Nixdorf [XEROX]
1536 0600 1536 3000 XEROX NS IDP [133,XEROX]
0660 DLOG [XEROX]
0661 DLOG [XEROX]
2048 0800 513 1001 Internet IP (IPv4) [105,JBP]
2049 0801 - - X.75 Internet [XEROX]
2050 0802 - - NBS Internet [XEROX]
2051 0803 - - ECMA Internet [XEROX]
2052 0804 - - Chaosnet [XEROX]
2053 0805 - - X.25 Level 3 [XEROX]
2054 0806 - - ARP [88,JBP]
2055 0807 - - XNS Compatability [XEROX]
2076 081C - - Symbolics Private [DCP1]
2184 0888-088A - - Xyplex [XEROX]
2304 0900 - - Ungermann-Bass net debugr[XEROX]
2560 0A00 - - Xerox IEEE802.3 PUP [XEROX]
2561 0A01 - - PUP Addr Trans [XEROX]
2989 0BAD - - Banyan Systems [XEROX]
4096 1000 - - Berkeley Trailer nego [XEROX]
4097 1001-100F - - Berkeley Trailer encap/IP[XEROX]

5632 1600 - - Valid Systems [XEROX]
16962 4242 - - PCS Basic Block Protocol [XEROX]
21000 5208 - - BBN Simnet [XEROX]
24576 6000 - - DEC Unassigned (Exp.) [XEROX]
24577 6001 - - DEC MOP Dump/Load [XEROX]
24578 6002 - - DEC MOP Remote Console [XEROX]
24579 6003 - - DEC DECNET Phase IV Route[XEROX]
24580 6004 - - DEC LAT [XEROX]
24581 6005 - - DEC Diagnostic Protocol [XEROX]
24582 6006 - - DEC Customer Protocol [XEROX]
24583 6007 - - DEC LAVC, SCA [XEROX]
24584 6008-6009 - - DEC Unassigned [XEROX]
24586 6010-6014 - - 3Com Corporation [XEROX]
28672 7000 - - Ungermann-Bass download [XEROX]
28674 7002 - - Ungermann-Bass dia/loop [XEROX]
28704 7020-7029 - - LRT [XEROX]
28720 7030 - - Proteon [XEROX]
28724 7034 - - Cabletron [XEROX]
32771 8003 - - Cronus VLN [131,DT15]
32772 8004 - - Cronus Direct [131,DT15]
32773 8005 - - HP Probe [XEROX]
32774 8006 - - Nestar [XEROX]
32776 8008 - - AT&T [XEROX]
32784 8010 - - Excelan [XEROX]
32787 8013 - - SGI diagnostics [AXC]
32788 8014 - - SGI network games [AXC]
32789 8015 - - SGI reserved [AXC]
32790 8016 - - SGI bounce server [AXC]
32793 8019 - - Apollo Computers [XEROX]
32815 802E - - Tymshare [XEROX]
32816 802F - - Tigan, Inc. [XEROX]
32821 8035 - - Reverse ARP [48,JXM]
32822 8036 - - Aeonic Systems [XEROX]
32824 8038 - - DEC LANBridge [XEROX]
32825 8039-803C - - DEC Unassigned [XEROX]
32829 803D - - DEC Ethernet Encryption [XEROX]
32830 803E - - DEC Unassigned [XEROX]
32831 803F - - DEC LAN Traffic Monitor [XEROX]
32832 8040-8042 - - DEC Unassigned [XEROX]
32836 8044 - - Planning Research Corp. [XEROX]
32838 8046 - - AT&T [XEROX]
32839 8047 - - AT&T [XEROX]
32841 8049 - - ExperData [XEROX]
32859 805B - - Stanford V Kernel exp. [XEROX]
32860 805C - - Stanford V Kernel prod. [XEROX]
32861 805D - - Evans & Sutherland [XEROX]
32864 8060 - - Little Machines [XEROX]
32866 8062 - - Counterpoint Computers [XEROX]

32869 8065 - - Univ. of Mass. @ Amherst [XEROX]
32870 8066 - - Univ. of Mass. @ Amherst [XEROX]
32871 8067 - - Veeco Integrated Auto. [XEROX]
32872 8068 - - General Dynamics [XEROX]
32873 8069 - - AT&T [XEROX]
32874 806A - - Autophon [XEROX]
32876 806C - - ComDesign [XEROX]
32877 806D - - Computgraphic Corp. [XEROX]
32878 806E-8077 - - Landmark Graphics Corp. [XEROX]
32890 807A - - Matra [XEROX]
32891 807B - - Dansk Data Elektronik [XEROX]
32892 807C - - Merit Internodal [HWB]
32893 807D-807F - - Vitalink Communications [XEROX]
32896 8080 - - Vitalink TransLAN III [XEROX]
32897 8081-8083 - - Counterpoint Computers [XEROX]
32923 809B - - Appletalk [XEROX]
32924 809C-809E - - Datability [XEROX]
32927 809F - - Spider Systems Ltd. [XEROX]
32931 80A3 - - Nixdorf Computers [XEROX]
32932 80A4-80B3 - - Siemens Gammasonics Inc. [XEROX]
32960 80C0-80C3 - - DCA Data Exchange Cluster[XEROX]
80C4 Banyan Systems [XEROX]
80C5 Banyan Systems [XEROX]
32966 80C6 - - Pacer Software [XEROX]
32967 80C7 - - Applitek Corporation [XEROX]
32968 80C8-80CC - - Intergraph Corporation [XEROX]
32973 80CD-80CE - - Harris Corporation [XEROX]
32975 80CF-80D2 - - Taylor Instrument [XEROX]
32979 80D3-80D4 - - Rosemount Corporation [XEROX]
32981 80D5 - - IBM SNA Service on Ether [XEROX]
32989 80DD - - Varian Associates [XEROX]
32990 80DE-80DF - - Integrated Solutions TRFS[XEROX]
32992 80E0-80E3 - - Allen-Bradley [XEROX]
32996 80E4-80F0 - - Datability [XEROX]
33010 80F2 - - Retix [XEROX]
33011 80F3 - - AppleTalk AARP (Kinetics)[XEROX]
33012 80F4-80F5 - - Kinetics [XEROX]
33015 80F7 - - Apollo Computer [XEROX]
33023 80FF-8103 - - Wellfleet Communications [XEROX]
33031 8107-8109 - - Symbolics Private [XEROX]
33072 8130 - - Hayes Microcomputers [XEROX]
33073 8131 - - VG Laboratory Systems [XEROX]
8132-8136 Bridge Communications [XEROX]
33079 8137-8138 - - Novell, Inc. [XEROX]
33081 8139-813D - - KTI [XEROX]
8148 Logicraft [XEROX]
8149 Network Computing Devices[XEROX]
814A Alpha Micro [XEROX]

33100 814C - - SNMP [JKR1]
814D BIIN [XEROX]
814E BIIN [XEROX]
814F Technically Elite Concept[XEROX]
8150 Rational Corp [XEROX]
8151-8153 Qualcomm [XEROX]
815C-815E Computer Protocol Pty Ltd[XEROX]
8164-8166 Charles River Data System[XEROX]
817D-818C Protocol Engines [XEROX]
818D Motorola Computer [XEROX]
819A-81A3 Qualcomm [XEROX]
81A4 ARAI Bunkichi [XEROX]
81A5-81AE RAD Network Devices [XEROX]
81B7-81B9 Xyplex [XEROX]
81CC-81D5 Apricot Computers [XEROX]
81D6-81DD Artisoft [XEROX]
81E6-81EF Polygon [XEROX]
81F0-81F2 Comsat Labs [XEROX]
81F3-81F5 SAIC [XEROX]
81F6-81F8 VG Analytical [XEROX]
8203-8205 Quantum Software [XEROX]
8221-8222 Ascom Banking Systems [XEROX]
823E-8240 Advanced Encryption Syste[XEROX]
827F-8282 Athena Programming [XEROX]
8263-826A Charles River Data System[XEROX]
829A-829B Inst Ind Info Tech [XEROX]
829C-82AB Taurus Controls [XEROX]
82AC-8693 Walker Richer & Quinn [XEROX]
8694-869D Idea Courier [XEROX]
869E-86A1 Computer Network Tech [XEROX]
86A3-86AC Gateway Communications [XEROX]
86DB SECTRA [XEROX]
86DE Delta Controls [XEROX]
34543 86DF - - ATOMIC [JBP]
86E0-86EF Landis & Gyr Powers [XEROX]
8700-8710 Motorola [XEROX]
8A96-8A97 Invisible Software [XEROX]
36864 9000 - - Loopback [XEROX]
36865 9001 - - 3Com(Bridge) XNS Sys Mgmt[XEROX]
36866 9002 - - 3Com(Bridge) TCP-IP Sys [XEROX]
36867 9003 - - 3Com(Bridge) loop detect [XEROX]
65280 FF00 - - BBN VITAL-LanBridge cache[XEROX]
FF00-FF0F ISC Bunker Ramo [XEROX]

The standard for transmission of IP datagrams over Ethernets and
Experimental Ethernets is specified in [RFC894] and [RFC895]
respectively.

NOTE: Ethernet 48-bit address blocks are assigned by the IEEE.

IEEE Registration Authority
c/o Iris Ringel
IEEE Standards Department
445 Hoes Lane, P.O. Box 1331
Piscataway, NJ 08855-1331
Phone +1 908 562 3813
Fax: +1 908 562 1571

IANA ETHERNET ADDRESS BLOCK

The IANA owns an Ethernet address block which may be used for
multicast address asignments or other special purposes.

The address block in IEEE binary is: 0000 0000 0000 0000 0111 1010

In the normal Internet dotted decimal notation this is 0.0.94 since
the bytes are transmitted higher order first and bits within bytes are
transmitted lower order first (see "Data Notation" in the
Introduction).

IEEE CSMA/CD and Token Bus bit transmission order: 00 00 5E

IEEE Token Ring bit transmission order: 00 00 7A

Appearance on the wire (bits transmitted from left to right):

0 23 47
| | |
1000 0000 0000 0000 0111 1010 xxxx xxx0 xxxx xxxx xxxx xxxx
| |
Multicast Bit 0 = Internet Multicast
1 = Assigned by IANA for
other uses

Appearance in memory (bits transmitted right-to-left within octets,
octets transmitted left-to-right):

0 23 47
| | |
0000 0001 0000 0000 0101 1110 0xxx xxxx xxxx xxxx xxxx xxxx
| |
Multicast Bit 0 = Internet Multicast

1 = Assigned by IANA for other uses

The latter representation corresponds to the Internet standard
bit-order, and is the format that most programmers have to deal with.
Using this representation, the range of Internet Multicast addresses
is:

01-00-5E-00-00-00 to 01-00-5E-7F-FF-FF in hex, or

1.0.94.0.0.0 to 1.0.94.127.255.255 in dotted decimal

ETHERNET VENDOR ADDRESS COMPONENTS

Ethernet hardware addresses are 48 bits, expressed as 12 hexadecimal
digits (0-9, plus A-F, capitalized). These 12 hex digits consist of
the first/left 6 digits (which should match the vendor of the Ethernet
interface within the station) and the last/right 6 digits which
specify the interface serial number for that interface vendor.

Ethernet addresses might be written unhyphenated (e.g., 123456789ABC),
or with one hyphen (e.g., 123456-789ABC), but should be written
hyphenated by octets (e.g., 12-34-56-78-9A-BC).

These addresses are physical station addresses, not multicast nor
broadcast, so the second hex digit (reading from the left) will be
even, not odd.

At present, it is not clear how the IEEE assigns Ethernet block
addresses. Whether in blocks of 2**24 or 2**25, and whether
multicasts are assigned with that block or separately. A portion of
the vendor block address is reportedly assigned serially, with the
other portion intentionally assigned randomly. If there is a global
algorithm for which addresses are designated to be physical (in a
chipset) versus logical (assigned in software), or globally-assigned
versus locally-assigned addresses, some of the known addresses do not
follow the scheme (e.g., AA0003; 02xxxx).

00000C Cisco
00000E Fujitsu
00000F NeXT
000010 Sytek
00001D Cabletron
000020 DIAB (Data Intdustrier AB)
000022 Visual Technology
00002A TRW

000032 GPT Limited (reassigned from GEC Computers Ltd)
00005A S & Koch
00005E IANA
000065 Network General
00006B MIPS
000077 MIPS
00007A Ardent
000089 Cayman Systems Gatorbox
000093 Proteon
00009F Ameristar Technology
0000A2 Wellfleet
0000A3 Network Application Technology
0000A6 Network General (internal assignment, not for products)
0000A7 NCD X-terminals
0000A9 Network Systems
0000AA Xerox Xerox machines
0000B3 CIMLinc
0000B7 Dove Fastnet
0000BC Allen-Bradley
0000C0 Western Digital
0000C5 Farallon phone net card
0000C6 HP Intelligent Networks Operation (formerly Eon Systems)
0000C8 Altos
0000C9 Emulex Terminal Servers
0000D7 Dartmouth College (NED Router)
0000D8 3Com? Novell? PS/2
0000DD Gould
0000DE Unigraph
0000E2 Acer Counterpoint
0000EF Alantec
0000FD High Level Hardvare (Orion, UK)
000102 BBN BBN internal usage (not registered)
0020AF 3COM ???
001700 Kabel
008064 Wyse Technology / Link Technologies
00802B IMAC ???
00802D Xylogics, Inc. Annex terminal servers
00808C Frontier Software Development
0080C2 IEEE 802.1 Committee
0080D3 Shiva
00AA00 Intel
00DD00 Ungermann-Bass
00DD01 Ungermann-Bass
020701 Racal InterLan
020406 BBN BBN internal usage (not registered)
026086 Satelcom MegaPac (UK)
02608C 3Com IBM PC; Imagen; Valid; Cisco
02CF1F CMC Masscomp; Silicon Graphics; Prime EXL

080002 3Com (Formerly Bridge)
080003 ACC (Advanced Computer Communications)
080005 Symbolics Symbolics LISP machines
080008 BBN
080009 Hewlett-Packard
08000A Nestar Systems
08000B Unisys
080011 Tektronix, Inc.
080014 Excelan BBN Butterfly, Masscomp, Silicon Graphics
080017 NSC
08001A Data General
08001B Data General
08001E Apollo
080020 Sun Sun machines
080022 NBI
080025 CDC
080026 Norsk Data (Nord)
080027 PCS Computer Systems GmbH
080028 TI Explorer
08002B DEC
08002E Metaphor
08002F Prime Computer Prime 50-Series LHC300
080036 Intergraph CAE stations
080037 Fujitsu-Xerox
080038 Bull
080039 Spider Systems
080041 DCA Digital Comm. Assoc.
080045 ???? (maybe Xylogics, but they claim not to know this number)
080046 Sony
080047 Sequent
080049 Univation
08004C Encore
08004E BICC
080056 Stanford University
080058 ??? DECsystem-20
08005A IBM
080067 Comdesign
080068 Ridge
080069 Silicon Graphics
08006E Concurrent Masscomp
080075 DDE (Danish Data Elektronik A/S)
08007C Vitalink TransLAN III
080080 XIOS
080086 Imagen/QMS
080087 Xyplex terminal servers
080089 Kinetics AppleTalk-Ethernet interface
08008B Pyramid
08008D XyVision XyVision machines

080090 Retix Inc Bridges
484453 HDS ???
800010 AT&T
AA0000 DEC obsolete
AA0001 DEC obsolete
AA0002 DEC obsolete
AA0003 DEC Global physical address for some DEC machines
AA0004 DEC Local logical address for systems running
DECNET

ETHERNET MULTICAST ADDRESSES

An Ethernet multicast address consists of the multicast bit, the
23-bit vendor component, and the 24-bit group identifier assigned by
the vendor. For example, DEC is assigned the vendor component
08-00-2B, so multicast addresses assigned by DEC have the first
24-bits 09-00-2B (since the multicast bit is the low-order bit of the
first byte, which is "the first bit on the wire").

Ethernet Type
Address Field Usage

Multicast Addresses:

01-00-5E-00-00-00- 0800 Internet Multicast [RFC1112]
01-00-5E-7F-FF-FF
01-00-5E-80-00-00- ???? Internet reserved by IANA
01-00-5E-FF-FF-FF
01-80-C2-00-00-00 -802- Spanning tree (for bridges)
09-00-02-04-00-01? 8080? Vitalink printer
09-00-02-04-00-02? 8080? Vitalink management
09-00-09-00-00-01 8005 HP Probe
09-00-09-00-00-01 -802- HP Probe
09-00-09-00-00-04 8005? HP DTC
09-00-1E-00-00-00 8019? Apollo DOMAIN
09-00-2B-00-00-00 6009? DEC MUMPS?
09-00-2B-00-00-01 8039? DEC DSM/DTP?
09-00-2B-00-00-02 803B? DEC VAXELN?
09-00-2B-00-00-03 8038 DEC Lanbridge Traffic Monitor (LTM)
09-00-2B-00-00-04 ???? DEC MAP End System Hello
09-00-2B-00-00-05 ???? DEC MAP Intermediate System Hello
09-00-2B-00-00-06 803D? DEC CSMA/CD Encryption?
09-00-2B-00-00-07 8040? DEC NetBios Emulator?
09-00-2B-00-00-0F 6004 DEC Local Area Transport (LAT)
09-00-2B-00-00-1x ???? DEC Experimental
09-00-2B-01-00-00 8038 DEC LanBridge Copy packets

(All bridges)
09-00-2B-01-00-01 8038 DEC LanBridge Hello packets
(All local bridges)
1 packet per second, sent by the
designated LanBridge
09-00-2B-02-00-00 ???? DEC DNA Lev. 2 Routing Layer routers?
09-00-2B-02-01-00 803C? DEC DNA Naming Service Advertisement?
09-00-2B-02-01-01 803C? DEC DNA Naming Service Solicitation?
09-00-2B-02-01-02 803E? DEC DNA Time Service?
09-00-2B-03-xx-xx ???? DEC default filtering by bridges?
09-00-2B-04-00-00 8041? DEC Local Area Sys. Transport (LAST)?
09-00-2B-23-00-00 803A? DEC Argonaut Console?
09-00-4E-00-00-02? 8137? Novell IPX
09-00-56-00-00-00- ???? Stanford reserved
09-00-56-FE-FF-FF
09-00-56-FF-00-00- 805C Stanford V Kernel, version 6.0
09-00-56-FF-FF-FF
09-00-77-00-00-01 ???? Retix spanning tree bridges
09-00-7C-02-00-05 8080? Vitalink diagnostics
09-00-7C-05-00-01 8080? Vitalink gateway?
0D-1E-15-BA-DD-06 ???? HP
AB-00-00-01-00-00 6001 DEC Maintenance Operation Protocol
(MOP) Dump/Load Assistance
AB-00-00-02-00-00 6002 DEC Maintenance Operation Protocol
(MOP) Remote Console
1 System ID packet every 8-10 minutes,
by every:
DEC LanBridge
DEC DEUNA interface
DEC DELUA interface
DEC DEQNA interface
(in a certain mode)
AB-00-00-03-00-00 6003 DECNET Phase IV end node Hello
packets 1 packet every 15 seconds,
sent by each DECNET host
AB-00-00-04-00-00 6003 DECNET Phase IV Router Hello packets
1 packet every 15 seconds, sent by
the DECNET router
AB-00-00-05-00-00 ???? Reserved DEC through
AB-00-03-FF-FF-FF
AB-00-03-00-00-00 6004 DEC Local Area Transport (LAT) - old
AB-00-04-00-xx-xx ???? Reserved DEC customer private use
AB-00-04-01-xx-yy 6007 DEC Local Area VAX Cluster groups
Sys. Communication Architecture (SCA)
CF-00-00-00-00-00 9000 Ethernet Configuration Test protocol
(Loopback)

Broadcast Address:

FF-FF-FF-FF-FF-FF 0600 XNS packets, Hello or gateway search?
6 packets every 15 seconds, per XNS
station
FF-FF-FF-FF-FF-FF 0800 IP (e.g. RWHOD via UDP) as needed
FF-FF-FF-FF-FF-FF 0804 CHAOS
FF-FF-FF-FF-FF-FF 0806 ARP (for IP and CHAOS) as needed
FF-FF-FF-FF-FF-FF 0BAD Banyan
FF-FF-FF-FF-FF-FF 1600 VALID packets, Hello or gateway
search?
1 packets every 30 seconds, per VALID
station
FF-FF-FF-FF-FF-FF 8035 Reverse ARP
FF-FF-FF-FF-FF-FF 807C Merit Internodal (INP)
FF-FF-FF-FF-FF-FF 809B EtherTalk

REFERENCES

[RFC894] Hornig, C., "A Standard for the Transmission of IP Datagrams
over Ethernet Networks, STD 41, RFC 894, Symbolics,
April 1984.

[RFC895] Postel, J., "A Standard for the Transmission of IP Datagrams
over Experimental Ethernet Networks, STD 42, RFC 895,
USC/Information Sciences Institute, April 1984.

[RFC1112] Deeering, S., "Host Extensions for IP Multicasting",
STD 5, RFC 1112, Stanford University, August 1989.

PEOPLE

[AXC] Andrew Cherenson <arc@SGI.COM>

[DCP1] David Plummer <DCP@SCRC-QUABBIN.ARPA>

[DT15] Daniel Tappan <Tappan@BBN.COM>

[HWB] Hans-Werner Braun <HWB@MCR.UMICH.EDU>

[JBP] Jon Postel <postel@isi.edu>

[JKR1] Joyce K. Reynolds <jkrey@isi.edu>

[JXM] Joseph Murdock <---none--->

[XEROX] Fonda Pallone (415-813-7164)

[]

URL = ftp://ftp.isi.edu/in-notes/iana/assignments/ethernet-numbers

X.25 TYPE NUMBERS

CCITT defines the high order two bits of the first octet of call user
data as follows:

00 - Used for other CCITT recomendations (such as X.29)
01 - Reserved for use by "national" administrative
authorities
10 - Reserved for use by international administrative authoorities
11 - Reserved for arbitrary use between consenting DTEs

Call User Data (hex) Protocol Reference
------------------- -------- ---------

01 PAD [GS2]
C5 Blacker front-end descr dev [AGM]
CC IP [RFC877,AGM]*
CD ISO-IP [AGM]
CF PPP [RFC1598]
DD Network Monitoring [AGM]

*NOTE: ISO SC6/WG2 approved assignment in ISO 9577 (January 1990).

REFERENCES

[RFC877] Korb, J., "A Standard for the Transmission of IP Datagrams
Over Public Data Networks", RFC 877, Purdue University,
September 1983.

[RFC1598] Simpson, W., "PPPin X.25", RFC 1598, Daydreamer, March 1994.

PEOPLE

[AGM] Andy Malis <malis_a@timeplex.com>

[GS2] Greg Satz <satz@CISCO.COM>

[]

URL = ftp://ftp.isi.edu/in-notes/iana/assignments/x25-type-numbers

PUBLIC DATA NETWORK NUMBERS

One of the Internet Class A Networks is the international system of
Public Data Networks. This section lists the mapping between the
Internet Addresses and the Public Data Network Addresses (X.121).

Assignments:

Internet Public Data Net Description References
-------------- ----------------- ----------- ----------
014.000.000.000 Reserved [JBP]
014.000.000.001 3110-317-00035 00 PURDUE-TN [TN]
014.000.000.002 3110-608-00027 00 UWISC-TN [TN]
014.000.000.003 3110-302-00024 00 UDEL-TN [TN]
014.000.000.004 2342-192-00149 23 UCL-VTEST [PK]
014.000.000.005 2342-192-00300 23 UCL-TG [PK]
014.000.000.006 2342-192-00300 25 UK-SATNET [PK]
014.000.000.007 3110-608-00024 00 UWISC-IBM [MS56]
014.000.000.008 3110-213-00045 00 RAND-TN [MO2]
014.000.000.009 2342-192-00300 23 UCL-CS [PK]
014.000.000.010 3110-617-00025 00 BBN-VAN-GW [JD21]
014.000.000.011 2405-015-50300 00 CHALMERS [UXB]
014.000.000.012 3110-713-00165 00 RICE [PAM6]
014.000.000.013 3110-415-00261 00 DECWRL [PAM6]
014.000.000.014 3110-408-00051 00 IBM-SJ [SXA3]
014.000.000.015 2041-117-01000 00 SHAPE [JFW]
014.000.000.016 2628-153-90075 00 DFVLR4-X25 [GB7]
014.000.000.017 3110-213-00032 00 ISI-VAN-GW [JD21]
014.000.000.018 2624-522-80900 52 FGAN-SIEMENS-X25 [GB7]
014.000.000.019 2041-170-10000 00 SHAPE-X25 [JFW]
014.000.000.020 5052-737-20000 50 UQNET [AXH]
014.000.000.021 3020-801-00057 50 DMC-CRC1 [VXT]
014.000.000.022 2624-522-80329 02 FGAN-FGANFFMVAX-X25 [GB7]
014.000.000.023 2624-589-00908 01 ECRC-X25 [PXD]
014.000.000.024 2342-905-24242 83 UK-MOD-RSRE [JXE2]
014.000.000.025 2342-905-24242 82 UK-VAN-RSRE [AXM]
014.000.000.026 2624-522-80329 05 DFVLRSUN-X25 [GB7]
014.000.000.027 2624-457-11015 90 SELETFMSUN-X25 [BXD]
014.000.000.028 3110-408-00146 00 CDC-SVL [RAM57]
014.000.000.029 2222-551-04400 00 SUN-CNUCE [ABB2]
014.000.000.030 2222-551-04500 00 ICNUCEVM-CNUCE [ABB2]
014.000.000.031 2222-551-04600 00 SPARE-CNUCE [ABB2]
014.000.000.032 2222-551-04700 00 ICNUCEVX-CNUCE [ABB2]
014.000.000.033 2222-551-04524 00 CISCO-CNUCE [ABB2]
014.000.000.034 2342-313-00260 90 SPIDER-GW [AD67]

014.000.000.035 2342-313-00260 91 SPIDER-EXP [AD67]
014.000.000.036 2342-225-00101 22 PRAXIS-X25A [TXR]
014.000.000.037 2342-225-00101 23 PRAXIS-X25B [TXR]
014.000.000.038 2403-712-30250 00 DIAB-TABY-GW [FXB]
014.000.000.039 2403-715-30100 00 DIAB-LKP-GW [FXB]
014.000.000.040 2401-881-24038 00 DIAB-TABY1-GW [FXB]
014.000.000.041 2041-170-10060 00 STC [TC27]
014.000.000.042 2222-551-00652 60 CNUCE [TC27]
014.000.000.043 2422-510-05900 00 Tollpost-Globe AS [OXG]
014.000.000.044 2422-670-08900 00 Tollpost-Globe AS [OXG]
014.000.000.045 2422-516-01000 00 Tollpost-Globe AS [OXG]
014.000.000.046 2422-450-00800 00 Tollpost-Globe AS [OXG]
014.000.000.047 2422-610-00200 00 Tollpost-Globe AS [OXG]
014.000.000.048 2422-310-00300 00 Tollpost-Globe AS [OXG]
014.000.000.049 2422-470-08800 00 Tollpost-Globe AS [OXG]
014.000.000.050 2422-210-04600 00 Tollpost-Globe AS [OXG]
014.000.000.051 2422-130-28900 00 Tollpost-Globe AS [OXG]
014.000.000.052 2422-310-27200 00 Tollpost-Globe AS [OXG]
014.000.000.053 2422-250-05800 00 Tollpost-Globe AS [OXG]
014.000.000.054 2422-634-05900 00 Tollpost-Globe AS [OXG]
014.000.000.055 2422-670-08800 00 Tollpost-Globe AS [OXG]
014.000.000.056 2422-430-07400 00 Tollpost-Globe AS [OXG]
014.000.000.057 2422-674-07800 00 Tollpost-Globe AS [OXG]
014.000.000.058 2422-230-16900 00 Tollpost-Globe AS [OXG]
014.000.000.059 2422-518-02900 00 Tollpost-Globe AS [OXG]
014.000.000.060 2422-370-03100 00 Tollpost-Globe AS [OXG]
014.000.000.061 2422-516-03400 00 Tollpost-Globe AS [OXG]
014.000.000.062 2422-616-04400 00 Tollpost-Globe AS [OXG]
014.000.000.063 2422-650-23500 00 Tollpost-Globe AS [OXG]
014.000.000.064 2422-330-02500 00 Tollpost-Globe AS [OXG]
014.000.000.065 2422-350-01900 00 Tollpost-Globe AS [OXG]
014.000.000.066 2422-410-00700 00 Tollpost-Globe AS [OXG]
014.000.000.067 2422-539-06200 00 Tollpost-Globe AS [OXG]
014.000.000.068 2422-630-07200 00 Tollpost-Globe AS [OXG]
014.000.000.069 2422-470-12300 00 Tollpost-Globe AS [OXG]
014.000.000.070 2422-470-13000 00 Tollpost-Globe AS [OXG]
014.000.000.071 2422-170-04600 00 Tollpost-Globe AS [OXG]
014.000.000.072 2422-516-04300 00 Tollpost-Globe AS [OXG]
014.000.000.073 2422-530-00700 00 Tollpost-Globe AS [OXG]
014.000.000.074 2422-650-18800 00 Tollpost-Globe AS [OXG]
014.000.000.075 2422-450-24500 00 Tollpost-Globe AS [OXG]
014.000.000.076 2062-243-15631 00 DPT-BXL-DDC [LZ15]
014.000.000.077 2062-243-15651 00 DPT-BXL-DDC2 [LZ15]
014.000.000.078 3110-312-00431 00 DPT-CHI [LZ15]
014.000.000.079 3110-512-00135 00 DPT-SAT-ENG [LZ15]
014.000.000.080 2080-941-90550 00 DPT-PAR [LZ15]
014.000.000.081 4545-511-30600 00 DPT-PBSC [LZ15]
014.000.000.082 4545-513-30900 00 DPT-HONGKONG [LZ15]

014.000.000.083 4872-203-55000 00 UECI-TAIPEI [LZ15]
014.000.000.084 2624-551-10400 20 DPT-HANOVR [LZ15]
014.000.000.085 2624-569-00401 99 DPT-FNKFRT [LZ15]
014.000.000.086 3110-512-00134 00 DPT-SAT-SUPT [LZ15]
014.000.000.087 4602-3010-0103 20 DU-X25A [JK64]
014.000.000.088 4602-3010-0103 21 FDU-X25B [JK64]
014.000.000.089 2422-150-33700 00 Tollpost-Globe AS [OXG]
014.000.000.090 2422-271-07100 00 Tollpost-Globe AS [OXG]
014.000.000.091 2422-516-00100 00 Tollpost-Globe AS [OXG]
014.000.000.092 2422-650-18800 00 Norsk Informas. [OXG]
014.000.000.093 2422-250-30400 00 Tollpost-Globe AS [OXG]
014.000.000.094 Leissner Data AB [PXF1]
014.000.000.095 Leissner Data AB [PXF1]
014.000.000.096 Leissner Data AB [PXF1]
014.000.000.097 Leissner Data AB [PXF1]
014.000.000.098 Leissner Data AB [PXF1]
014.000.000.099 Leissner Data AB [PXF1]
014.000.000.100 Leissner Data AB [PXF1]
014.000.000.101 Leissner Data AB [PXF1]
014.000.000.102 Leissner Data AB [PXF1]
014.000.000.103 Leissner Data AB [PXF1]
014.000.000.104 Leissner Data AB [PXF1]
014.000.000.105 Leissner Data AB [PXF1]
014.000.000.106 Leissner Data AB [PXF1]
014.000.000.107 Leissner Data AB [PXF1]
014.000.000.108 Leissner Data AB [PXF1]
014.000.000.109 Leissner Data AB [PXF1]
014.000.000.110 Leissner Data AB [PXF1]
014.000.000.111 Leissner Data AB [PXF1]
014.000.000.112 Leissner Data AB [PXF1]
014.000.000.113 Leissner Data AB [PXF1]
014.000.000.114 Leissner Data AB [PXF1]
014.000.000.115 Leissner Data AB [PXF1]
014.000.000.116 Leissner Data AB [PXF1]
014.000.000.117 Leissner Data AB [PXF1]
014.000.000.118 Leissner Data AB [PXF1]
014.000.000.119 Leissner Data AB [PXF1]
014.000.000.120 Leissner Data AB [PXF1]
014.000.000.121 Leissner Data AB [PXF1]
014.000.000.122 Leissner Data AB [PXF1]
014.000.000.123 Leissner Data AB [PXF1]
014.000.000.124 Leissner Data AB [PXF1]
014.000.000.125 Leissner Data AB [PXF1]
014.000.000.126 Leissner Data AB [PXF1]
014.000.000.127 Leissner Data AB [PXF1]
014.000.000.128 Leissner Data AB [PXF1]
014.000.000.129 2422-150-17900 00 Tollpost-Globe AS [OXG]
014.000.000.130 2422-150-42700 00 Tollpost-Globe AS [OXG]

014.000.000.131 2422-190-41900 00 T-G Airfreight AS [OXG]
014.000.000.132 2422-616-16100 00 Tollpost-Globe AS [OXG]
014.000.000.133 2422-150-50700-00 Tollpost-Globe Int. [OXG]
014.000.000.134 2422-190-28100-00 Intersped AS [OXG]

014.000.000.135-014.255.255.254 Unassigned [JBP]
014.255.255.255 Reserved [JBP]

The standard for transmission of IP datagrams over the Public Data
Network is specified in RFC-1356 [69].

REFERENCES

[RFC877] Korb, J., "A Standard for the Transmission of IP Datagrams
Over Public Data Networks", RFC 877, Purdue University,
September 1983.

PEOPLE

[ABB2] A. Blasco Bonito <blasco@ICNUCEVM.CNUCE.CNR.IT>

[AD67] Andy Davis <andy@SPIDER.CO.UK>

[AXH] Arthur Harvey <harvey@gah.enet.dec.com>

[AXM] Alex Martin <---none--->

[BXD] Brian Dockter <---none--->

[FXB] <mystery contact>

[GB7] Gerd Beling <GBELING@ISI.EDU>

[JBP] Jon Postel <postel@isi.edu.

[JD21] Jonathan Dreyer <Dreyer@CCV.BBN.COM>

[JFW] Jon F. Wilkes <Wilkes@CCINT1.RSRE.MOD.UK>

[JK64] mystery contact!

[JXE2] Jeanne Evans <JME%RSRE.MOD.UK@CS.UCL.AC.UK>

[LZ15] Lee Ziegenhals <lcz@sat.datapoint.com>

[MS56] Marvin Solomon <solomon@CS.WISC.EDU>

[MO2] Michael O'Brien <obrien@AEROSPACE.AERO.ORG>

[OXG] Oyvind Gjerstad <ogj%tglobe2.UUCP@nac.no>

[PAM6] Paul McNabb <pam@PURDUE.EDU>

[PK] Peter Kirstein <Kirstein@NSS.CS.UCL.AC.UK>

[PXD] Peter Delchiappo <---none--->

[PXF1] Per Futtrup <---none--->

[RAM57] Rex Mann <---none--->

[SXA3] Sten Andler <---none--->

[TN] Thomas Narten <narten@PURDUE.EDU>

[TC27] Thomas Calderwood <TCALDERW@BBN.COM>

[TXR] Tim Rylance <praxis!tkr@UUNET.UU.NET>

[UXB] <mystery contact>

[VXT] V. Taylor <vktaylor@NCS.DND.CA>

[]

URL = ftp://ftp.isi.edu/in-notes/iana/assignments/public-data-network-
numbers

MILNET LINK NUMBERS

The word "link" here refers to a field in the original MILNET Host/IMP
interface leader. The link was originally defined as an 8-bit field.
Later specifications defined this field as the "message-id" with a
length of 12 bits. The name link now refers to the high order 8 bits of
this 12-bit message-id field. The Host/IMP interface is defined in BBN
Report 1822 [BBN1822].

The low-order 4 bits of the message-id field are called the sub-link.
Unless explicitly specified otherwise for a particular protocol, there
is no sender to receiver significance to the sub-link. The sender may
use the sub-link in any way he chooses (it is returned in the RFNM by
the destination IMP), the receiver should ignore the sub-link.

Link Assignments:

Decimal Description References
------- ----------- ----------
0-63 BBNCC Monitoring [MB]
64-149 Unassigned [JBP]
150 Xerox NS IDP [ETHERNET,XEROX]
151 Unassigned [JBP]
152 PARC Universal Protocol [PUP,XEROX]
153 TIP Status Reporting [JGH]
154 TIP Accounting [JGH]
155 Internet Protocol [regular] [RFC791,JBP]
156-158 Internet Protocol [experimental] [RFC791,JBP]
159 Figleaf Link [JBW1]
160 Blacker Local Network Protocol [DM28]
161-194 Unassigned [JBP]
195 ISO-IP [RFC926,RXM]
196-247 Experimental Protocols [JBP]
248-255 Network Maintenance [JGH]

MILNET LOGICAL ADDRESSES

The MILNET facility for "logical addressing" is described in [RFC878]
and [RFC1005]. A portion of the possible logical addresses are
reserved for standard uses.

There are 49,152 possible logical host addresses. Of these, 256 are
reserved for assignment to well-known functions. Assignments for
well-known functions are made by the IANA. Assignments for other

logical host addresses are made by the NIC.

Logical Address Assignments:

Decimal Description References
------- ----------- ----------
0 Reserved [JBP]
1 The BBN Core Gateways [MB]
2-254 Unassigned [JBP]
255 Reserved [JBP]

MILNET X.25 ADDRESS MAPPINGS

All MILNET hosts are assigned addresses by the Defense Data Network
(DDN). The address of a MILNET host may be obtained from the Network
Information Center (NIC), represented as an ASCII text string in what
is called "host table format". This section describes the process by
which MILNET X.25 addresses may be derived from addresses in the NIC
host table format.

A NIC host table address consists of the ASCII text string
representations of four decimal numbers separated by periods,
corresponding to the four octeted of a thirty-two bit Internet
address. The four decimal numbers are referred to in this section as
"n", "h' "l", and "i". Thus, a host table address may be represented
as: "n.h.l.i". Each of these four numbers will have either one, two,
or three decimal digits and will never have a value greater than 255.
For example, in the host table, address: "10.2.0.124", n=10, h=2, l=0,
and i=124. To convert a host table address to a MILNET X.25 address:

1. If h < 64, the host table address corresponds to the X.25
physical address:

ZZZZ F IIIHHZZ (SS)

where:

ZZZZ = 0000 as required

F = 0 because the address is a physical address;

III is a three decimal digit respresentation of
"i", right-adjusted and padded with leading

zeros if required;

HH is a two decimal digit representation of "h",
right-adjusted and padded with leading zeros
if required;

ZZ = 00 and

(SS) is optional

In the example given above, the host table address 10.2.0.124
corresponds to the X.25 physical address 000001240200.

2. If h > 64 or h = 64, the host table address corresponds to the
X.25 logical address

ZZZZ F RRRRRZZ (SS)

where:

ZZZZ = 0000 as required

F = 1 because the address is a logical address;

RRRRR is a five decimal digit representation of
the result "r" of the calculation

r = h * 256 + i

(Note that the decimal representation of
"r" will always require five digits);

ZZ = 00 and

(SS) is optional

Thus, the host table address 10.83.0.207 corresponds to the X.25
logical address 000012145500.

In both cases, the "n" and "l" fields of the host table address are
not used.

REFERENCES

[BBN1822] BBN, "Specifications for the Interconnection of a Host and

an IMP", Report 1822, Bolt Beranek and Newman, Cambridge,
Massachusetts, revised, December 1981.

[ETHERNET] "The Ethernet, A Local Area Network: Data Link Layer and
Physical Layer Specification", AA-K759B-TK, Digital
Equipment Corporation, Maynard, MA. Also as: "The Ethernet
- A Local Area Network", Version 1.0, Digital Equipment
Corporation, Intel Corporation, Xerox Corporation,
September 1980. And: "The Ethernet, A Local Area Network:
Data Link Layer and Physical Layer Specifications",
Digital, Intel and Xerox, November 1982. And: XEROX, "The
Ethernet, A Local Area Network: Data Link Layer and
Physical Layer Specification", X3T51/80-50, Xerox
Corporation, Stamford, CT., October 1980.

[PUP] Boggs, D., J. Shoch, E. Taft, and R. Metcalfe, "PUP: An
Internetwork Architecture", XEROX Palo Alto Research Center,
CSL-79-10, July 1979; also in IEEE Transactions on
Communication, Volume COM-28, Number 4, April 1980.

[RFC791] Postel, J., ed., "Internet Protocol - DARPA Internet Program
Protocol Specification", STD 5, RFC 791, USC/Information
Sciences Institute, September 1981.

[RFC878] Malis, Andrew, "The ARPANET 1822L Host Access Protocol",
RFC 878, BBN Communications Corp., December 1983.

[RFC926] International Standards Organization, "Protocol for Providing
the Connectionless-Mode Network Services", RFC 926, ISO,
December 1984.

[RFC1005] Khanna, A., and A. Malis, "The ARPANET AHIP-E Host Access
Protocol (Enhanced AHIP)", RFC 1005, BBN Communications
Corp., May 1987.

PEOPLE

[DM28] Dennis Morris <Morrisd@IMO-UVAX.DCA.MIL>

[JBP] Jon Postel <postel@isi.edu>

[JBW1] Joseph Walters, Jr. <JWalters@BBN.COM>

[JGH] Jim Herman <Herman@CCJ.BBN.COM>

[MB] Michael Brescia <Brescia@CCV.BBN.COM>

[RXM] Robert Myhill <Myhill@CCS.BBN.COM>

[XEROX] Fonda Pallone <---none--->

[]

URL = ftp://ftp.isi.edu/in-notes/iana/assignments/milnet-parameters

XNS PROTOCOL TYPES

Assigned well-known socket numbers

Routing Information 1
Echo 2
Router Error 3
Experimental 40-77

Assigned internet packet types

Routing Information 1
Echo 2
Error 3
Packet Exchange 4
Sequenced Packet 5
PUP 12
DoD IP 13
Experimental 20-37

[]

URL = ftp://ftp.isi.edu/in-notes/iana/assignments/xns-protocol-types

INTERNET / XNS PROTOCOL MAPPINGS

Below are two tables describing the arrangement of protocol fields or
type field assignments so that one could send XNS Datagrams on the
MILNET or Internet Datagrams on 10Mb Ethernet, and also protocol and
type fields so one could encapsulate each kind of Datagram in the
other.

upper| DoD IP | PUP | NS IP |
lower | | | |
--------------|--------|--------|--------|
| Type | Type | Type |
3Mb Ethernet | 1001 | 1000 | 3000 |
| octal | octal | octal |
--------------|--------|--------|--------|
| Type | Type | Type |
10 Mb Ethernet| 0800 | 0200 | 0600 |
| hex | hex | hex |
--------------|--------|--------|--------|
| Link | Link | Link |
MILNET | 155 | 152 | 150 |
| decimal| decimal| decimal|
--------------|--------|--------|--------|

upper| DoD IP | PUP | NS IP |
lower | | | |
--------------|--------|--------|--------|
| |Protocol|Protocol|
DoD IP | X | 12 | 22 |
| | decimal| decimal|
--------------|--------|--------|--------|
| | | |
PUP | ? | X | ? |
| | | |
--------------|--------|--------|--------|
| Type | Type | |
NS IP | 13 | 12 | X |
| decimal| decimal| |
--------------|--------|--------|--------|

[]

URL = ftp://ftp.isi.edu/in-notes/iana/assignments/ip-xns-mapping

PRONET 80 TYPE NUMBERS

Below is the current list of PRONET 80 Type Numbers. Note: a protocol
that is on this list does not necessarily mean that there is any
implementation of it on ProNET.

Of these, protocols 1, 14, and 20 are the only ones that have ever
been seen in ARP packets.

For reference, the header is (one byte/line):

destination hardware address
source hardware address
data link header version (2)
data link header protocol number
data link header reserved (0)
data link header reserved (0)

Some protocols have been known to tuck stuff in the reserved fields.

Those who need a protocol number on ProNET-10/80 should contact John
Shriver (jas@proteon.com).

1 IP
2 IP with trailing headers
3 Address Resolution Protocol
4 Proteon HDLC
5 VAX Debugging Protocol (MIT)
10 Novell NetWare (IPX and pre-IPX) (old format,
3 byte trailer)
11 Vianetix
12 PUP
13 Watstar protocol (University of Waterloo)
14 XNS
15 Diganostics
16 Echo protocol (link level)
17 Banyan Vines
20 DECnet (DEUNA Emulation)
21 Chaosnet
23 IEEE 802.2 or ISO 8802/2 Data Link
24 Reverse Address Resolution Protocol
29 TokenVIEW-10
31 AppleTalk LAP Data Packet
33 Cornell Boot Server Location Protocol
34 Novell NetWare IPX (new format, no trailer,
new XOR checksum)

[]

URL = ftp://ftp.isi.edu/in-notes/iana/assignments/pronet80-type-numbers

NOVELL SAP NUMBERS OF INTEREST

For the convenience of the Internet community the IANA maitains a list
of Novell Service Access Point (SAP) numbers. This list is kept
up-to-date- by contributions from the community. Please send
corrections and additions to IANA@ISI.EDU.

Novell SAPs
====== ====

Decimal Hex SAP Description
======= ==== ===============

0 0000 Unknown
1 0001 User
2 0002 User Group
3 0003 Print Queue or Print Group
4 0004 File Server (SLIST source)
5 0005 Job Server
6 0006 Gateway
7 0007 Print Server or Silent Print Server
8 0008 Archive Queue
9 0009 Archive Server
10 000a Job Queue
11 000b Administration
15 000F Novell TI-RPC
23 0017 Diagnostics
32 0020 NetBIOS
33 0021 NAS SNA Gateway
35 0023 NACS Async Gateway or Asynchronous Gateway
36 0024 Remote Bridge or Routing Service
38 0026 Bridge Server or Asynchronous Bridge Server
39 0027 TCP/IP Gateway Server
40 0028 Point to Point (Eicon) X.25 Bridge Server
41 0029 Eicon 3270 Gateway
42 002a CHI Corp ???
44 002c PC Chalkboard
45 002d Time Synchronization Server or Asynchronous Timer
46 002e SAP Archive Server or SMS Target Service Agent
69 0045 DI3270 Gateway
71 0047 Advertising Print Server
75 004b Btrieve VAP/NLM 5.0
76 004c Netware SQL VAP/NLM Server
77 004d Xtree Network Version Netware XTree
80 0050 Btrieve VAP 4.11
82 0052 QuickLink (Cubix)
83 0053 Print Queue User
88 0058 Multipoint X.25 Eicon Router

96 0060 STLB/NLM ???
100 0064 ARCserve
102 0066 ARCserve 3.0
114 0072 WAN Copy Utility
122 007a TES-Netware for VMS
146 0092 WATCOM Debugger or Emerald Tape Backup Server
149 0095 DDA OBGYN ???
152 0098 Netware Access Server (Asynchronous gateway)
154 009a Netware for VMS II or Named Pipe Server
155 009b Netware Access Server
158 009e Portable Netware Server or SunLink NVT
161 00a1 Powerchute APC UPS NLM
170 00aa LAWserve ???
172 00ac Compaq IDA Status Monitor
256 0100 PIPE STAIL ???
258 0102 LAN Protect Bindery
259 0103 Oracle DataBase Server
263 0107 Netware 386 or RSPX Remote Console
271 010f Novell SNA Gateway
274 0112 Print Server (HP)
276 0114 CSA MUX (f/Communications Executive)
277 0115 CSA LCA (f/Communications Executive)
278 0116 CSA CM (f/Communications Executive)
279 0117 CSA SMA (f/Communications Executive)
280 0118 CSA DBA (f/Communications Executive)
281 0119 CSA NMA (f/Communications Executive)
282 011a CSA SSA (f/Communications Executive)
283 011b CSA STATUS (f/Communications Executive)
286 011e CSA APPC (f/Communications Executive)
294 0126 SNA TEST SSA Profile
298 012a CSA TRACE (f/Communications Executive)
304 0130 Communications Executive
307 0133 NNS Domain Server or Netware Naming Services Domain
309 0135 Netware Naming Services Profile
311 0137 Netware 386 Print Queue or NNS Print Queue
321 0141 LAN Spool Server (Vap, Intel)
338 0152 IRMALAN Gateway
340 0154 Named Pipe Server
360 0168 Intel PICKIT Comm Server or Intel CAS Talk Server
369 171 UNKNOWN???
371 0173 Compaq
372 0174 Compaq SNMP Agent
373 0175 Compaq
384 0180 XTree Server or XTree Tools
394 18A UNKNOWN??? Running on a Novell Server
432 01b0 GARP Gateway (net research)
433 01b1 Binfview (Lan Support Group)
447 01bf Intel LanDesk Manager

458 01ca AXTEC ???
459 01cb Netmode ???
460 1CC UNKNOWN??? Sheva netmodem???
472 01d8 Castelle FAXPress Server
474 01da Castelle LANPress Print Server
476 1DC Castille FAX/Xerox 7033 Fax Server/Excel Lan Fax
496 01f0 LEGATO ???
501 01f5 LEGATO ???
563 0233 NMS Agent or Netware Management Agent
567 0237 NMS IPX Discovery or LANtern Read/Write Channel
568 0238 NMS IP Discovery or LANtern Trap/Alarm Channel
570 023a LABtern
572 023c MAVERICK ???
574 23E UNKNOWN??? Running on a Novell Server
575 023f Used by eleven various Novell Servers
590 024e Remote Something ???
618 026a Network Management (NMS) Service Console
619 026b Time Synchronization Server (Netware 4.x)
632 0278 Directory Server (Netware 4.x)
772 0304 Novell SAA Gateway
776 0308 COM or VERMED 1 ???
778 030a Gallacticom BBS
780 030c Intel Netport 2 or HP JetDirect or HP Quicksilver
800 0320 Attachmate Gateway
807 0327 Microsoft Diagnostiocs ???
821 0335 MultiTech Systems Multisynch Comm Server
853 0355 Arcada Backup Exec
858 0358 MSLCD1 ???
865 0361 NETINELO ???
894 037e Twelve Novell file servers in the PC3M family
895 037f ViruSafe Notify
902 0386 HP Bridge
903 0387 HP Hub
916 0394 NetWare SAA Gateway
923 039b Lotus Notes
951 03b7 Certus Anti Virus NLM
964 03c4 ARCserve 4.0 (Cheyenne)
967 03c7 LANspool 3.5 (Intel)
990 03de Gupta Sequel Base Server or NetWare SQL
993 03e1 Univel Unixware
996 03e4 Univel Unixware
1020 03fc Intel Netport
1021 03fd Print SErver Queue ???
1034 40A ipnServer??? Running on a Novell Server
1035 40B UNKNOWN???
1037 40D LVERRMAN??? Running on a Novell Server
1038 40E LVLIC??? Running on a Novell Server
1040 410 UNKNOWN??? Running on a Novell Server

1044 0414 Kyocera
1065 0429 Site Lock Virus (Brightworks)
1074 0432 UFHELP R ???
1075 433 Sunoptics SNMP Agent???
1100 044c Backup ???
1111 457 Canon GP55??? Running on a Canon GP55 network printer
1115 045b Dell SCSI Array (DSA) Monitor
1200 04b0 CD-Net (Meridian)
1217 4C1 UNKNOWN???
1299 513 Emulux NQA??? Something from Emulex
1312 0520 Site Lock Checks
1321 0529 Site Lock Checks (Brightworks)
1325 052d Citrix OS/2 App Server
1344 536 Milan ???
1408 0580 McAfee's NetShield anti-virus
1569 621 ?? Something from Emulex
1571 623 UNKNOWN??? Running on a Novell Server
1900 076C Xerox
2857 0b29 Site Lock
3113 0c29 Site Lock Applications
3116 0c2c Licensing Server
9088 2380 LAI Site Lock
9100 238c Meeting Maker
18440 4808 Site Lock Server or Site Lock Metering VAP/NLM
21845 5555 Site Lock User
25362 6312 Tapeware
28416 6f00 Rabbit Gateway (3270)
30467 7703 MODEM??
32770 8002 NetPort Printers (Intel) or LANport
32776 8008 WordPerfect Network Version
34238 85BE Cisco Enhanced Interior Routing Protocol (EIGRP)
34952 8888 WordPerfect Network Version or Quick Network Management
36864 9000 McAfee's NetShield anti-virus
38404 9604 ?? CSA-NT_MON
61727 f11f Site Lock Metering VAP/NLM
61951 f1ff Site Lock
62723 F503 ?? SCA-NT
65535 ffff Any Service or Wildcard

This file is

ftp://ftp.isi.edu/in-notes/iana/assignments/novell-sap-numbers

[]

URL = ftp://ftp.isi.edu/in-notes/iana/assignments/novell-sap-numbers

POINT-TO-POINT PROTOCOL FIELD ASSIGNMENTS

PPP DLL PROTOCOL NUMBERS

The Point-to-Point Protocol (PPP) Data Link Layer [146,147,175]
contains a 16 bit Protocol field to identify the the encapsulated
protocol. The Protocol field is consistent with the ISO 3309 (HDLC)
extension mechanism for Address fields. All Protocols MUST be
assigned such that the least significant bit of the most significant
octet equals "0", and the least significant bit of the least
significant octet equals "1".

Assigned PPP DLL Protocol Numbers

Value (in hex) Protocol Name

0001 Padding Protocol
0003 to 001f reserved (transparency inefficient)
0021 Internet Protocol
0023 OSI Network Layer
0025 Xerox NS IDP
0027 DECnet Phase IV
0029 Appletalk
002b Novell IPX
002d Van Jacobson Compressed TCP/IP
002f Van Jacobson Uncompressed TCP/IP
0031 Bridging PDU
0033 Stream Protocol (ST-II)
0035 Banyan Vines
0037 reserved (until 1993)
0039 AppleTalk EDDP
003b AppleTalk SmartBuffered
003d Multi-Link
003f NETBIOS Framing
0041 Cisco Systems
0043 Ascom Timeplex
0045 Fujitsu Link Backup and Load Balancing (LBLB)
0047 DCA Remote Lan
0049 Serial Data Transport Protocol (PPP-SDTP)
004b SNA over 802.2
004d SNA
004f IP6 Header Compression
006f Stampede Bridging
007d reserved (Control Escape) [RFC1661]
007f reserved (compression inefficient) [RFC1662]
00cf reserved (PPP NLPID)
00fb compression on single link in multilink group
00fd 1st choice compression

00ff reserved (compression inefficient)

0201 802.1d Hello Packets
0203 IBM Source Routing BPDU
0205 DEC LANBridge100 Spanning Tree
0231 Luxcom
0233 Sigma Network Systems

8001-801f Not Used - reserved [RFC1661]
8021 Internet Protocol Control Protocol
8023 OSI Network Layer Control Protocol
8025 Xerox NS IDP Control Protocol
8027 DECnet Phase IV Control Protocol
8029 Appletalk Control Protocol
802b Novell IPX Control Protocol
802d reserved
802f reserved
8031 Bridging NCP
8033 Stream Protocol Control Protocol
8035 Banyan Vines Control Protocol
8037 reserved till 1993
8039 reserved
803b reserved
803d Multi-Link Control Protocol
803f NETBIOS Framing Control Protocol
807d Not Used - reserved [RFC1661]
8041 Cisco Systems Control Protocol
8043 Ascom Timeplex
8045 Fujitsu LBLB Control Protocol
8047 DCA Remote Lan Network Control Protocol (RLNCP)
8049 Serial Data Control Protocol (PPP-SDCP)
804b SNA over 802.2 Control Protocol
804d SNA Control Protocol
804f IP6 Header Compression Control Protocol
006f Stampede Bridging Control Protocol
80cf Not Used - reserved [RFC1661]
80fb compression on single link in multilink group control
80fd Compression Control Protocol
80ff Not Used - reserved [RFC1661]

c021 Link Control Protocol
c023 Password Authentication Protocol
c025 Link Quality Report
c027 Shiva Password Authentication Protocol
c029 CallBack Control Protocol (CBCP)
c081 Container Control Protocol [KEN]
c223 Challenge Handshake Authentication Protocol
c281 Proprietary Authentication Protocol [KEN]

c26f Stampede Bridging Authorization Protocol
c481 Proprietary Node ID Authentication Protocol [KEN]

Protocol field values in the "0xxx" to "3xxx" range identify the
network-layer protocol of specific datagrams, and values in the "8xxx"
to "bxxx" range identify datagrams belonging to the associated Network
Control Protocol (NCP), if any.

It is recommended that values in the "02xx" to "1exx" and "xx01" to
"xx1f" ranges not be assigned, as they are compression inefficient.

Protocol field values in the "4xxx" to "7xxx" range are used for
protocols with low volume traffic which have no associated NCP.

Protocol field values in the "cxxx" to "exxx" range identify datagrams
as Control Protocols (such as LCP).

PPP LCP AND IPCP CODES

The Point-to-Point Protocol (PPP) Link Control Protocol (LCP), [146]
the Compression Control Protocol (CCP), Internet Protocol Control
Protocol (IPCP), [147] and other control protocols, contain an 8 bit
Code field which identifies the type of packet. These Codes are
assigned as follows:

Code Packet Type
---- -----------
1 Configure-Request
2 Configure-Ack
3 Configure-Nak
4 Configure-Reject
5 Terminate-Request
6 Terminate-Ack
7 Code-Reject
8 * Protocol-Reject
9 * Echo-Request
10 * Echo-Reply
11 * Discard-Request
12 * Identification
13 * Time-Remaining
14 + Reset-Request
15 + Reset-Reply

* LCP Only
+ CCP Only

PPP LCP CONFIGURATION OPTION TYPES

The Point-to-Point Protocol (PPP) Link Control Protocol (LCP)
specifies a number of Configuration Options [146] which are
distinguished by an 8 bit Type field. These Types are assigned as
follows:

Type Configuration Option
---- --------------------
1 Maximum-Receive-Unit
2 Async-Control-Character-Map
3 Authentication-Protocol
4 Quality-Protocol
5 Magic-Number
6 RESERVED
7 Protocol-Field-Compression
8 Address-and-Control-Field-Compression
9 FCS-Alternatives
10 Self-Describing-Pad
11 Numbered-Mode
12 Multi-Link-Procedure
13 Callback
14 Connect-Time
15 Compound-Frames
16 Nominal-Data-Encapsulation
17 Multilink-MRRU
18 Multilink-Short-Sequence-Number-Header-Format
19 Multilink-Endpoint-Discriminator
20 Proprietary [KEN]
21 DCE-Identifier [SCHNEIDER]

PPP LCP FCS-ALTERNATIVES

The Point-to-Point Protocol (PPP) Link Control Protocol (LCP)
FCS-Alternatives Configuration Option contains an 8-bit Options field
which identifies the FCS used. These are assigned as follows:

Bit FCS
---- ----------
1 Null FCS
2 CCITT 16-Bit FCS
4 CCITT 32-bit FCS

PPP LCP CALLBACK OPERATION FIELDS

The Point-to-Point Protocol (PPP) Link Control Protocol (LCP) Callback
Configuration Option contains an 8-bit Operations field which
identifies the format of the Message. These are assigned as follows:

Operation Description
--------- ---------------------------
0 Location determined by user authentication.
1 Dialing string.
2 Location identifier.
3 E.164 number.
4 X.500 distinguished name.
5 unassigned
6 Location is determined during CBCP negotiation.

PPP IPCP CONFIGURATION OPTION TYPES

The Point-to-Point Protocol (PPP) Internet Protocol Control Protocol
(IPCP) specifies a number of Configuration Options [147] which are
distinguished by an 8 bit Type field. These Types are assigned as
follows:

Type Configuration Option
---- --------------------
1 IP-Addresses (deprecated)
2 IP-Compression-Protocol
3 IP-Address

PPP ATCP CONFIGURATION OPTION TYPES

The Point-to-Point Protocol (PPP) Apple Talk Control Protocol (ATCP)
specifies a number of Configuration Options [RFC-1378] which are
distinguished by an 8 bit Type field. These Types are assigned as
follows:

Type Configuration Option
---- --------------------
1 AppleTalk-Address
2 Routing-Protocol
3 Suppress-Broadcasts
4 AT-Compression-Protocol
5 Reserved
6 Server-information
7 Zone-information
8 Default-Router-Address

PPP OSINLCP CONFIGURATION OPTION TYPES

The Point-to-Point Protocol (PPP) OSI Network Layer Control Protocol
(OSINLCP) specifies a number of Configuration Options [RFC-1377] which
are distinguished by an 8 bit Type field. These Types are assigned as
follows:

Type Configuration Option
---- --------------------
1 Align-NPDU

PPP BRIDGING CONFIGURATION OPTION TYPES

The Point-to-Point Protocol (PPP) Bridging Control Protocol (BCP)
specifies a number of Configuration Options which are distinguished by
an 8 bit Type field. These Types are assigned as follows:

Type Configuration Option
---- --------------------
1 Bridge-Identification
2 Line-Identification
3 MAC-Support
4 Tinygram-Compression
5 LAN-Identification
6 MAC-Address
7 Spanning-Tree-Protocol

PPP BRIDGING MAC TYPES

The Point-to-Point Protocol (PPP) Bridging Control Protocol (BCP)
contains an 8 bit MAC Type field which identifies the MAC
encapsulated. These Types are assigned as follows:

Type MAC
---- -----------
0 Reserved
1 IEEE 802.3/Ethernet with cannonical addresses
2 IEEE 802.4 with cannonical addresses
3 IEEE 802.5 with non-cannonical addresses
4 FDDI with non-cannonical addresses
5-10 reserved
11 IEEE 802.5 with cannonical addresses
12 FDDI with cannonical addresses

PPP BRIDGING SPANNING TREE

The Point-to-Point Protocol (PPP) Bridging Control Protocol (BCP)
Spanning Tree Configuration Option contains an 8-bit Protocol field
which identifies the spanning tree used. These are assigned as
follows:

Protocol Spanning Tree
-------- ---------------
0 Null - no spanning tree protocol supported
1 IEEE 802.1D spanning tree protocol

2 IEEE 802.1G extended spanning tree protocol
3 IBM source route spanning tree protocol
4 DEC LANbridge 100 spanning tree protocol

REFERENCES

[RFC1661] Simpson, W., Editor, "The Point-to-Point Protoco