all about ipv6 Archives - IPv6.net

How to configure the Kerlink IoT Station for GPRS/3G uplink connectivity

IPv6 & IoT editor — Tue, 12 Feb 2019 13:34:37 +0000

I have been working on getting a Kerlink IoT Station to work with GPRS/3G as its primary uplink path.

A client asked me to do this configuration because they did not have the resources to it themselves. No problem. I have been working with LoRa and Kerlinks for a while now doing a consultancy job for another client (a big telco). They did not want to connect the Kerlink to their local network for security reasons. They wanted to add their gateway to TheThingsNetwork.org (TTN), a global open crowdsourced Internet of Things data network that started in The Netherlands. Reading the forums, I noticed that many trying to do the same have run into issues. The documentation is sometimes incomplete and scattered so it takes a bit of effort to get it to work.

IoT lab at the home office
[the_ad id=”956129″]

The task at hand:

Configure a Kerlink IoT station to use its GPRS/3G modem as its uplink path and connect it to TheThingsNetwork.org. The SIM provided was a PukData M2M SIM which uses the KPN mobile network in The Netherlands.
Normally, the Kerlink will use its ethernet (eth0) uplink as its default path. The basic idea here is that, if configured correctly, an autoconnect mechanism will trigger the GPRS bearer, establishes a PPP connection and set a default route and DNS.
I had already installed the TTN firmware with the polypacket forwarder on the Kerlink and got it to work using the ethernet uplink. I used a LoRaMote to check if packets actually showed up in the TTN api. For the next step, I basically followed the GPRS/3G guide on the TTN Wiki which boils down to:

Set the GPRS options to match your SIM and telco’s APN settings (i.e. APN name, pincode, username and password).
Configure auto connect in the knet monitor.
Set the bearers priority.
Because no username/password is set for this APN, and empty username/password fields trigger a bug, I also installed the patched GPRS init script.

[the_ad id=”956129″]

I ran into a couple of things so these considerations may be useful:

If your SIM comes with a pin code (usually 0000), set it with ‘GPRSPIN=’.
If your APN username and password are to be left empty, replace the GPRS init script with the patched version as mentioned at the bottom of the guide.
Carefully choose your ip_link address in /knet/knetd.xml depending on your requirements. This address is pinged periodically to determine if the GPRS auto connect needs to be activated. In my case I wanted one that is only reachable over the GPRS APN (e.g. for KPN use their DNS server: 194.151.228.34) to force it to bring up the ppp0 interface whenever possible. If you’re using GPRS as a backup path this should be different (I guess an address only reachable via eth0 but make sure the PPP session is terminated as soon as the primary path becomes available again). Use tcpdump (e.g. tcpdump -i ppp0 -n -v port 1700 or icmp) to check if it is pinging the correct address and if status updates are sent.
I chose not to use peerdns (GPRSDNS=no) because the default DNS servers are not restored in case of a GPRS connection failure, thus breaking eth0 as a fallback path. I used the Google public DNS servers in stead as they work on both paths. This could also be fixed in /etc/ppp/ip-down.
Remember that your default gateway will be set to the ppp0 interface whenever that interface comes up. You may want to be able to connect through eth0 for maintenance…
The (poly) packet forwarder needs to be restarted whenever there is an interface change to make sure it binds to the right source address. If it isn’t you will see packets going out the ppp0 interface with the eth0 source address (or vice versa). I added ‘/usr/bin/killall poly_pkt_fwd’ to /etc/ppp/ip-up and /etc/ppp/ip-down.
The firewall is not enabled by default. Make sure to edit /etc/init.d/firewall to your needs and turn it on in /etc/sysconfig/network (FIREWALL=yes). Don’t forget IPv6 although dropbear for instance does not listen on a v6 socket.

Tests to do to make sure it all works:

Check if the gateway is still active (is sending status updates) and node messages are received in the TTN API after unplugging the ethernet uplink cable. If you’re using an ethernet power injector, make sure to unplug the cable going into the injector rather than the one going out to the Kerlink. Duh! 😉 Remember that you can’t log in to the gateway anymore, assuming access to the GPRS/3G address is blocked.
Plug the ethernet cable back in and see if you can log in again. Then check if updates/messages are still being sent over the ppp0 interface using tcpdump.
Power cycle the Kerlink while leaving the ethernet uplink cable unplugged. This will make sure the Kerlink will boot successfully in stand-alone mode, which was the whole purpose of this exercise.

[the_ad id=”956129″]

Configuration:

/etc/sysconfig/network:

 # Selector operator APN
 GPRSAPN=internet.access.nl
 # Enter pin code if activated
 GPRSPIN=0000
 # Update /etc/resolv.conf to get dns facilities
 GPRSDNS=no
 # PAP authentication
 GPRSUSER=
 GPRSPASSWORD=
 # Bearers priority order
 BEARERS_PRIORITY="ppp0,eth0,eth1"

/knet/knetd.xml:

Questions?

Don’t hesitate to leave a comment below or send a message.

The post How to configure the Kerlink IoT Station for GPRS/3G uplink connectivity appeared first on IPv6.net.

NAT64 and DNS64 in 30 minutes

IPv6 & IoT editor — Sun, 30 May 2010 10:33:20 +0000

NAT64 and DNS64 in 30 minutes from Ivan Pepelnjak

The post NAT64 and DNS64 in 30 minutes appeared first on IPv6.net.

RFC 792 – Internet Control Message Protocol

IPv6 & IoT editor — Sun, 02 Aug 2009 10:06:34 +0000

Network Working Group                                          J. Postel
Request for Comments:  792                                           ISI
                                                          September 1981
Updates:  RFCs 777, 760
Updates:  IENs 109, 128
                   INTERNET CONTROL MESSAGE PROTOCOL
                         DARPA INTERNET PROGRAM
                         PROTOCOL SPECIFICATION
Introduction
   The Internet Protocol (IP) [1] is used for host-to-host datagram
   service in a system of interconnected networks called the
   Catenet [2].  The network connecting devices are called Gateways.
   These gateways communicate between themselves for control purposes
   via a Gateway to Gateway Protocol (GGP) [3,4].  Occasionally a
   gateway or destination host will communicate with a source host, for
   example, to report an error in datagram processing.  For such
   purposes this protocol, the Internet Control Message Protocol (ICMP),
   is used.  ICMP, uses the basic support of IP as if it were a higher
   level protocol, however, ICMP is actually an integral part of IP, and
   must be implemented by every IP module.
   ICMP messages are sent in several situations:  for example, when a
   datagram cannot reach its destination, when the gateway does not have
   the buffering capacity to forward a datagram, and when the gateway
   can direct the host to send traffic on a shorter route.
   The Internet Protocol is not designed to be absolutely reliable.  The
   purpose of these control messages is to provide feedback about
   problems in the communication environment, not to make IP reliable.
   There are still no guarantees that a datagram will be delivered or a
   control message will be returned.  Some datagrams may still be
   undelivered without any report of their loss.  The higher level
   protocols that use IP must implement their own reliability procedures
   if reliable communication is required.
   The ICMP messages typically report errors in the processing of
   datagrams.  To avoid the infinite regress of messages about messages
   etc., no ICMP messages are sent about ICMP messages.  Also ICMP
   messages are only sent about errors in handling fragment zero of
   fragemented datagrams.  (Fragment zero has the fragment offeset equal
   zero).
                                                                [Page 1]
                                                          September 1981
RFC 792
Message Formats
   ICMP messages are sent using the basic IP header.  The first octet of
   the data portion of the datagram is a ICMP type field; the value of
   this field determines the format of the remaining data.  Any field
   labeled "unused" is reserved for later extensions and must be zero
   when sent, but receivers should not use these fields (except to
   include them in the checksum).  Unless otherwise noted under the
   individual format descriptions, the values of the internet header
   fields are as follows:
   Version
      4
   IHL
      Internet header length in 32-bit words.
   Type of Service
      0
   Total Length
      Length of internet header and data in octets.
   Identification, Flags, Fragment Offset
      Used in fragmentation, see [1].
   Time to Live
      Time to live in seconds; as this field is decremented at each
      machine in which the datagram is processed, the value in this
      field should be at least as great as the number of gateways which
      this datagram will traverse.
   Protocol
      ICMP = 1
   Header Checksum
      The 16 bit one's complement of the one's complement sum of all 16
      bit words in the header.  For computing the checksum, the checksum
      field should be zero.  This checksum may be replaced in the
      future.
[Page 2]
September 1981
RFC 792
   Source Address
      The address of the gateway or host that composes the ICMP message.
      Unless otherwise noted, this can be any of a gateway's addresses.
   Destination Address
      The address of the gateway or host to which the message should be
      sent.
                                                                [Page 3]
                                                          September 1981
RFC 792
Destination Unreachable Message
    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Type      |     Code      |          Checksum             |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                             unused                            |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |      Internet Header + 64 bits of Original Data Datagram      |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   IP Fields:
   Destination Address
      The source network and address from the original datagram's data.
   ICMP Fields:
   Type
      3
   Code
      0 = net unreachable;
      1 = host unreachable;
      2 = protocol unreachable;
      3 = port unreachable;
      4 = fragmentation needed and DF set;
      5 = source route failed.
   Checksum
      The checksum is the 16-bit ones's complement of the one's
      complement sum of the ICMP message starting with the ICMP Type.
      For computing the checksum , the checksum field should be zero.
      This checksum may be replaced in the future.
   Internet Header + 64 bits of Data Datagram
      The internet header plus the first 64 bits of the original
[Page 4]
September 1981
RFC 792
      datagram's data.  This data is used by the host to match the
      message to the appropriate process.  If a higher level protocol
      uses port numbers, they are assumed to be in the first 64 data
      bits of the original datagram's data.
   Description
      If, according to the information in the gateway's routing tables,
      the network specified in the internet destination field of a
      datagram is unreachable, e.g., the distance to the network is
      infinity, the gateway may send a destination unreachable message
      to the internet source host of the datagram.  In addition, in some
      networks, the gateway may be able to determine if the internet
      destination host is unreachable.  Gateways in these networks may
      send destination unreachable messages to the source host when the
      destination host is unreachable.
      If, in the destination host, the IP module cannot deliver the
      datagram  because the indicated protocol module or process port is
      not active, the destination host may send a destination
      unreachable message to the source host.
      Another case is when a datagram must be fragmented to be forwarded
      by a gateway yet the Don't Fragment flag is on.  In this case the
      gateway must discard the datagram and may return a destination
      unreachable message.
      Codes 0, 1, 4, and 5 may be received from a gateway.  Codes 2 and
      3 may be received from a host.
                                                                [Page 5]
                                                          September 1981
RFC 792
Time Exceeded Message
    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Type      |     Code      |          Checksum             |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                             unused                            |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |      Internet Header + 64 bits of Original Data Datagram      |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   IP Fields:
   Destination Address
      The source network and address from the original datagram's data.
   ICMP Fields:
   Type
      11
   Code
      0 = time to live exceeded in transit;
      1 = fragment reassembly time exceeded.
   Checksum
      The checksum is the 16-bit ones's complement of the one's
      complement sum of the ICMP message starting with the ICMP Type.
      For computing the checksum , the checksum field should be zero.
      This checksum may be replaced in the future.
   Internet Header + 64 bits of Data Datagram
      The internet header plus the first 64 bits of the original
      datagram's data.  This data is used by the host to match the
      message to the appropriate process.  If a higher level protocol
      uses port numbers, they are assumed to be in the first 64 data
      bits of the original datagram's data.
   Description
      If the gateway processing a datagram finds the time to live field
[Page 6]
September 1981
RFC 792
      is zero it must discard the datagram.  The gateway may also notify
      the source host via the time exceeded message.
      If a host reassembling a fragmented datagram cannot complete the
      reassembly due to missing fragments within its time limit it
      discards the datagram, and it may send a time exceeded message.
      If fragment zero is not available then no time exceeded need be
      sent at all.
      Code 0 may be received from a gateway.  Code 1 may be received
      from a host.
                                                                [Page 7]
                                                          September 1981
RFC 792
Parameter Problem Message
    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Type      |     Code      |          Checksum             |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |    Pointer    |                   unused                      |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |      Internet Header + 64 bits of Original Data Datagram      |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   IP Fields:
   Destination Address
      The source network and address from the original datagram's data.
   ICMP Fields:
   Type
      12
   Code
      0 = pointer indicates the error.
   Checksum
      The checksum is the 16-bit ones's complement of the one's
      complement sum of the ICMP message starting with the ICMP Type.
      For computing the checksum , the checksum field should be zero.
      This checksum may be replaced in the future.
   Pointer
      If code = 0, identifies the octet where an error was detected.
   Internet Header + 64 bits of Data Datagram
      The internet header plus the first 64 bits of the original
      datagram's data.  This data is used by the host to match the
      message to the appropriate process.  If a higher level protocol
      uses port numbers, they are assumed to be in the first 64 data
      bits of the original datagram's data.
[Page 8]
September 1981
RFC 792
   Description
      If the gateway or host processing a datagram finds a problem with
      the header parameters such that it cannot complete processing the
      datagram it must discard the datagram.  One potential source of
      such a problem is with incorrect arguments in an option.  The
      gateway or host may also notify the source host via the parameter
      problem message.  This message is only sent if the error caused
      the datagram to be discarded.
      The pointer identifies the octet of the original datagram's header
      where the error was detected (it may be in the middle of an
      option).  For example, 1 indicates something is wrong with the
      Type of Service, and (if there are options present) 20 indicates
      something is wrong with the type code of the first option.
      Code 0 may be received from a gateway or a host.
                                                                [Page 9]
                                                          September 1981
RFC 792
Source Quench Message
    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Type      |     Code      |          Checksum             |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                             unused                            |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |      Internet Header + 64 bits of Original Data Datagram      |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   IP Fields:
   Destination Address
      The source network and address of the original datagram's data.
   ICMP Fields:
   Type
      4
   Code
      0
   Checksum
      The checksum is the 16-bit ones's complement of the one's
      complement sum of the ICMP message starting with the ICMP Type.
      For computing the checksum , the checksum field should be zero.
      This checksum may be replaced in the future.
   Internet Header + 64 bits of Data Datagram
      The internet header plus the first 64 bits of the original
      datagram's data.  This data is used by the host to match the
      message to the appropriate process.  If a higher level protocol
      uses port numbers, they are assumed to be in the first 64 data
      bits of the original datagram's data.
   Description
      A gateway may discard internet datagrams if it does not have the
      buffer space needed to queue the datagrams for output to the next
      network on the route to the destination network.  If a gateway
[Page 10]
September 1981
RFC 792
      discards a datagram, it may send a source quench message to the
      internet source host of the datagram.  A destination host may also
      send a source quench message if datagrams arrive too fast to be
      processed.  The source quench message is a request to the host to
      cut back the rate at which it is sending traffic to the internet
      destination.  The gateway may send a source quench message for
      every message that it discards.  On receipt of a source quench
      message, the source host should cut back the rate at which it is
      sending traffic to the specified destination until it no longer
      receives source quench messages from the gateway.  The source host
      can then gradually increase the rate at which it sends traffic to
      the destination until it again receives source quench messages.
      The gateway or host may send the source quench message when it
      approaches its capacity limit rather than waiting until the
      capacity is exceeded.  This means that the data datagram which
      triggered the source quench message may be delivered.
      Code 0 may be received from a gateway or a host.
                                                               [Page 11]
                                                          September 1981
RFC 792
Redirect Message
    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Type      |     Code      |          Checksum             |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                 Gateway Internet Address                      |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |      Internet Header + 64 bits of Original Data Datagram      |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   IP Fields:
   Destination Address
      The source network and address of the original datagram's data.
   ICMP Fields:
   Type
      5
   Code
      0 = Redirect datagrams for the Network.
      1 = Redirect datagrams for the Host.
      2 = Redirect datagrams for the Type of Service and Network.
      3 = Redirect datagrams for the Type of Service and Host.
   Checksum
      The checksum is the 16-bit ones's complement of the one's
      complement sum of the ICMP message starting with the ICMP Type.
      For computing the checksum , the checksum field should be zero.
      This checksum may be replaced in the future.
   Gateway Internet Address
      Address of the gateway to which traffic for the network specified
      in the internet destination network field of the original
      datagram's data should be sent.
[Page 12]
September 1981
RFC 792
   Internet Header + 64 bits of Data Datagram
      The internet header plus the first 64 bits of the original
      datagram's data.  This data is used by the host to match the
      message to the appropriate process.  If a higher level protocol
      uses port numbers, they are assumed to be in the first 64 data
      bits of the original datagram's data.
   Description
      The gateway sends a redirect message to a host in the following
      situation.  A gateway, G1, receives an internet datagram from a
      host on a network to which the gateway is attached.  The gateway,
      G1, checks its routing table and obtains the address of the next
      gateway, G2, on the route to the datagram's internet destination
      network, X.  If G2 and the host identified by the internet source
      address of the datagram are on the same network, a redirect
      message is sent to the host.  The redirect message advises the
      host to send its traffic for network X directly to gateway G2 as
      this is a shorter path to the destination.  The gateway forwards
      the original datagram's data to its internet destination.
      For datagrams with the IP source route options and the gateway
      address in the destination address field, a redirect message is
      not sent even if there is a better route to the ultimate
      destination than the next address in the source route.
      Codes 0, 1, 2, and 3 may be received from a gateway.
                                                               [Page 13]
                                                          September 1981
RFC 792
Echo or Echo Reply Message
    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Type      |     Code      |          Checksum             |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |           Identifier          |        Sequence Number        |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Data ...
   +-+-+-+-+-
   IP Fields:
   Addresses
      The address of the source in an echo message will be the
      destination of the echo reply message.  To form an echo reply
      message, the source and destination addresses are simply reversed,
      the type code changed to 0, and the checksum recomputed.
   IP Fields:
   Type
      8 for echo message;
      0 for echo reply message.
   Code
      0
   Checksum
      The checksum is the 16-bit ones's complement of the one's
      complement sum of the ICMP message starting with the ICMP Type.
      For computing the checksum , the checksum field should be zero.
      If the total length is odd, the received data is padded with one
      octet of zeros for computing the checksum.  This checksum may be
      replaced in the future.
   Identifier
      If code = 0, an identifier to aid in matching echos and replies,
      may be zero.
   Sequence Number
[Page 14]
September 1981
RFC 792
      If code = 0, a sequence number to aid in matching echos and
      replies, may be zero.
   Description
      The data received in the echo message must be returned in the echo
      reply message.
      The identifier and sequence number may be used by the echo sender
      to aid in matching the replies with the echo requests.  For
      example, the identifier might be used like a port in TCP or UDP to
      identify a session, and the sequence number might be incremented
      on each echo request sent.  The echoer returns these same values
      in the echo reply.
      Code 0 may be received from a gateway or a host.
                                                               [Page 15]
                                                          September 1981
RFC 792
Timestamp or Timestamp Reply Message
    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Type      |      Code     |          Checksum             |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |           Identifier          |        Sequence Number        |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Originate Timestamp                                       |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Receive Timestamp                                         |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Transmit Timestamp                                        |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   IP Fields:
   Addresses
      The address of the source in a timestamp message will be the
      destination of the timestamp reply message.  To form a timestamp
      reply message, the source and destination addresses are simply
      reversed, the type code changed to 14, and the checksum
      recomputed.
   IP Fields:
   Type
      13 for timestamp message;
      14 for timestamp reply message.
   Code
      0
   Checksum
      The checksum is the 16-bit ones's complement of the one's
      complement sum of the ICMP message starting with the ICMP Type.
      For computing the checksum , the checksum field should be zero.
      This checksum may be replaced in the future.
   Identifier
[Page 16]
September 1981
RFC 792
      If code = 0, an identifier to aid in matching timestamp and
      replies, may be zero.
   Sequence Number
      If code = 0, a sequence number to aid in matching timestamp and
      replies, may be zero.
   Description
      The data received (a timestamp) in the message is returned in the
      reply together with an additional timestamp.  The timestamp is 32
      bits of milliseconds since midnight UT.  One use of these
      timestamps is described by Mills [5].
      The Originate Timestamp is the time the sender last touched the
      message before sending it, the Receive Timestamp is the time the
      echoer first touched it on receipt, and the Transmit Timestamp is
      the time the echoer last touched the message on sending it.
      If the time is not available in miliseconds or cannot be provided
      with respect to midnight UT then any time can be inserted in a
      timestamp provided the high order bit of the timestamp is also set
      to indicate this non-standard value.
      The identifier and sequence number may be used by the echo sender
      to aid in matching the replies with the requests.  For example,
      the identifier might be used like a port in TCP or UDP to identify
      a session, and the sequence number might be incremented on each
      request sent.  The destination returns these same values in the
      reply.
      Code 0 may be received from a gateway or a host.
                                                               [Page 17]
                                                          September 1981
RFC 792
Information Request or Information Reply Message
    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Type      |      Code     |          Checksum             |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |           Identifier          |        Sequence Number        |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   IP Fields:
   Addresses
      The address of the source in a information request message will be
      the destination of the information reply message.  To form a
      information reply message, the source and destination addresses
      are simply reversed, the type code changed to 16, and the checksum
      recomputed.
   IP Fields:
   Type
      15 for information request message;
      16 for information reply message.
   Code
      0
   Checksum
      The checksum is the 16-bit ones's complement of the one's
      complement sum of the ICMP message starting with the ICMP Type.
      For computing the checksum , the checksum field should be zero.
      This checksum may be replaced in the future.
   Identifier
      If code = 0, an identifier to aid in matching request and replies,
      may be zero.
   Sequence Number
      If code = 0, a sequence number to aid in matching request and
      replies, may be zero.
[Page 18]
September 1981
RFC 792
   Description
      This message may be sent with the source network in the IP header
      source and destination address fields zero (which means "this"
      network).  The replying IP module should send the reply with the
      addresses fully specified.  This message is a way for a host to
      find out the number of the network it is on.
      The identifier and sequence number may be used by the echo sender
      to aid in matching the replies with the requests.  For example,
      the identifier might be used like a port in TCP or UDP to identify
      a session, and the sequence number might be incremented on each
      request sent.  The destination returns these same values in the
      reply.
      Code 0 may be received from a gateway or a host.
                                                               [Page 19]
                                                          September 1981
RFC 792
Summary of Message Types
    0  Echo Reply
    3  Destination Unreachable
    4  Source Quench
    5  Redirect
    8  Echo
   11  Time Exceeded
   12  Parameter Problem
   13  Timestamp
   14  Timestamp Reply
   15  Information Request
   16  Information Reply
[Page 20]
September 1981
RFC 792
References
   [1]  Postel, J. (ed.), "Internet Protocol - DARPA Internet Program
         Protocol Specification," RFC 791, USC/Information Sciences
         Institute, September 1981.
   [2]   Cerf, V., "The Catenet Model for Internetworking," IEN 48,
         Information Processing Techniques Office, Defense Advanced
         Research Projects Agency, July 1978.
   [3]   Strazisar, V., "Gateway Routing:  An Implementation
         Specification", IEN 30, Bolt Beranek and Newman, April 1979.
   [4]   Strazisar, V., "How to Build a Gateway", IEN 109, Bolt Beranek
         and Newman, August 1979.
   [5]   Mills, D., "DCNET Internet Clock Service," RFC 778, COMSAT
         Laboratories, April 1981.

The post RFC 792 – Internet Control Message Protocol appeared first on IPv6.net.

RFC 2401 – Security Architecture for the Internet Protocol

IPv6 & IoT editor — Sat, 01 Aug 2009 18:05:27 +0000

Network Working Group                                            S. Kent
Request for Comments: 2401                                      BBN Corp
Obsoletes: 1825                                              R. Atkinson
Category: Standards Track                                  @Home Network
                                                           November 1998

            Security Architecture for the Internet Protocol

Status of this Memo

   This document specifies an Internet standards track protocol for the
   Internet community, and requests discussion and suggestions for
   improvements.  Please refer to the current edition of the "Internet
   Official Protocol Standards" (STD 1) for the standardization state
   and status of this protocol.  Distribution of this memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (1998).  All Rights Reserved.

Table of Contents

1. Introduction........................................................3
  1.1 Summary of Contents of Document..................................3
  1.2 Audience.........................................................3
  1.3 Related Documents................................................4
2. Design Objectives...................................................4
  2.1 Goals/Objectives/Requirements/Problem Description................4
  2.2 Caveats and Assumptions..........................................5
3. System Overview.....................................................5
  3.1 What IPsec Does..................................................6
  3.2 How IPsec Works..................................................6
  3.3 Where IPsec May Be Implemented...................................7
4. Security Associations...............................................8
  4.1 Definition and Scope.............................................8
  4.2 Security Association Functionality..............................10
  4.3 Combining Security Associations.................................11
  4.4 Security Association Databases..................................13
     4.4.1 The Security Policy Database (SPD).........................14
     4.4.2 Selectors..................................................17
     4.4.3 Security Association Database (SAD)........................21
  4.5 Basic Combinations of Security Associations.....................24
  4.6 SA and Key Management...........................................26
     4.6.1 Manual Techniques..........................................27
     4.6.2 Automated SA and Key Management............................27
     4.6.3 Locating a Security Gateway................................28
  4.7 Security Associations and Multicast.............................29

5. IP Traffic Processing..............................................30
  5.1 Outbound IP Traffic Processing..................................30
     5.1.1 Selecting and Using an SA or SA Bundle.....................30
     5.1.2 Header Construction for Tunnel Mode........................31
        5.1.2.1 IPv4 -- Header Construction for Tunnel Mode...........31
        5.1.2.2 IPv6 -- Header Construction for Tunnel Mode...........32
  5.2 Processing Inbound IP Traffic...................................33
     5.2.1 Selecting and Using an SA or SA Bundle.....................33
     5.2.2 Handling of AH and ESP tunnels.............................34
6. ICMP Processing (relevant to IPsec)................................35
  6.1 PMTU/DF Processing..............................................36
     6.1.1 DF Bit.....................................................36
     6.1.2 Path MTU Discovery (PMTU)..................................36
        6.1.2.1 Propagation of PMTU...................................36
        6.1.2.2 Calculation of PMTU...................................37
        6.1.2.3 Granularity of PMTU Processing........................37
        6.1.2.4 PMTU Aging............................................38
7. Auditing...........................................................39
8. Use in Systems Supporting Information Flow Security................39
  8.1 Relationship Between Security Associations and Data Sensitivity.40
  8.2 Sensitivity Consistency Checking................................40
  8.3 Additional MLS Attributes for Security Association Databases....41
  8.4 Additional Inbound Processing Steps for MLS Networking..........41
  8.5 Additional Outbound Processing Steps for MLS Networking.........41
  8.6 Additional MLS Processing for Security Gateways.................42
9. Performance Issues.................................................42
10. Conformance Requirements..........................................43
11. Security Considerations...........................................43
12. Differences from RFC 1825.........................................43
Acknowledgements......................................................44
Appendix A -- Glossary................................................45
Appendix B -- Analysis/Discussion of PMTU/DF/Fragmentation Issues.....48
  B.1 DF bit..........................................................48
  B.2 Fragmentation...................................................48
  B.3 Path MTU Discovery..............................................52
     B.3.1 Identifying the Originating Host(s)........................53
     B.3.2 Calculation of PMTU........................................55
     B.3.3 Granularity of Maintaining PMTU Data.......................56
     B.3.4 Per Socket Maintenance of PMTU Data........................57
     B.3.5 Delivery of PMTU Data to the Transport Layer...............57
     B.3.6 Aging of PMTU Data.........................................57
Appendix C -- Sequence Space Window Code Example......................58
Appendix D -- Categorization of ICMP messages.........................60
References............................................................63
Disclaimer............................................................64
Author Information....................................................65
Full Copyright Statement..............................................66

1. Introduction

1.1 Summary of Contents of Document

   This memo specifies the base architecture for IPsec compliant
   systems.  The goal of the architecture is to provide various security
   services for traffic at the IP layer, in both the IPv4 and IPv6
   environments.  This document describes the goals of such systems,
   their components and how they fit together with each other and into
   the IP environment.  It also describes the security services offered
   by the IPsec protocols, and how these services can be employed in the
   IP environment.  This document does not address all aspects of IPsec
   architecture.  Subsequent documents will address additional
   architectural details of a more advanced nature, e.g., use of IPsec
   in NAT environments and more complete support for IP multicast.  The
   following fundamental components of the IPsec security architecture
   are discussed in terms of their underlying, required functionality.
   Additional RFCs (see Section 1.3 for pointers to other documents)
   define the protocols in (a), (c), and (d).

        a. Security Protocols -- Authentication Header (AH) and
           Encapsulating Security Payload (ESP)
        b. Security Associations -- what they are and how they work,
           how they are managed, associated proces
sing
        c. Key Management -- manual and automatic (The Internet Key
           Exchange (IKE))
        d. Algorithms for authentication and encryption

   This document is not an overall Security Architecture for the
   Internet; it addresses security only at the IP layer, provided
   through the use of a combination of cryptographic and protocol
   security mechanisms.

   The keywords MUST, MUST NOT, REQUIRED, SHALL, SHALL NOT, SHOULD,
   SHOULD NOT, RECOMMENDED, MAY, and OPTIONAL, when they appear in this
   document, are to be interpreted as described in RFC 2119 [Bra97].

1.2 Audience

   The target audience for this document includes implementers of this
   IP security technology and others interested in gaining a general
   background understanding of this system.  In particular, prospective
   users of this technology (end users or system administrators) are
   part of the target audience.  A glossary is provided as an appendix

   to help fill in gaps in background/vocabulary.  This document assumes
   that the reader is familiar with the Internet Protocol, related
   networking technology, and general security terms and concepts.

1.3 Related Documents

   As mentioned above, other documents provide detailed definitions of
   some of the components of IPsec and of their inter-relationship.
   They include RFCs on the following topics:

        a. "IP Security Document Roadmap" [TDG97] -- a document
           providing guidelines for specifications describing encryption
           and authentication algorithms used in this system.
        b. security protocols -- RFCs describing the Authentication
           Header (AH) [KA98a] and Encapsulating Security Payload (ESP)
           [KA98b] protocols.
        c. algorithms for authentication and encryption -- a separate
           RFC for each algorithm.
        d. automatic key management -- RFCs on "The Internet Key
           Exchange (IKE)" [HC98], "Internet Security Association and
           Key Management Protocol (ISAKMP)" [MSST97],"The OAKLEY Key
           Determination Protocol" [Orm97], and "The Internet IP
           Security Domain of Interpretation for ISAKMP" [Pip98].

2. Design Objectives

2.1 Goals/Objectives/Requirements/Problem Description

   IPsec is designed to provide interoperable, high quality,
   cryptographically-based security for IPv4 and IPv6.  The set of
   security services offered includes access control, connectionless
   integrity, data origin authentication, protection against replays (a
   form of partial sequence integrity), confidentiality (encryption),
   and limited traffic flow confidentiality.  These services are
   provided at the IP layer, offering protection for IP and/or upper
   layer protocols.

   These objectives are met through the use of two traffic security
   protocols, the Authentication Header (AH) and the Encapsulating
   Security Payload (ESP), and through the use of cryptographic key
   management procedures and protocols.  The set of IPsec protocols
   employed in any context, and the ways in which they are employed,
   will be determined by the security and system requirements of users,
   applications, and/or sites/organizations.

   When these mechanisms are correctly implemented and deployed, they
   ought not to adversely affect users, hosts, and other Internet
   components that do not employ these security mechanisms for

   protection of their traffic.  These mechanisms also are designed to
   be algorithm-independent.  This modularity permits selection of
   different sets of algorithms without affecting the other parts of the
   implementation.  For example, different user communities may select
   different sets of algorithms (creating cliques) if required.

   A standard set of default algorithms is specified to facilitate
   interoperability in the global Internet.  The use of these
   algorithms, in conjunction with IPsec traffic protection and key
   management protocols, is intended to permit system and application
   developers to deploy high quality, Internet layer, cryptographic
   security technology.

2.2 Caveats and Assumptions

   The suite of IPsec protocols and associated default algorithms are
   designed to provide high quality security for Internet traffic.
   However, the security offered by use of these protocols ultimately
   depends on the quality of the their implementation, which is outside
   the scope of this set of standards.  Moreover, the security of a
   computer system or network is a function of many factors, including
   personnel, physical, procedural, compromising emanations, and
   computer security practices.  Thus IPsec is only one part of an
   overall system security architecture.

   Finally, the security afforded by the use of IPsec is critically
   dependent on many aspects of the operating environment in which the
   IPsec implementation executes.  For example, defects in OS security,
   poor quality of random number sources, sloppy system management
   protocols and practices, etc. can all degrade the security provided
   by IPsec.  As above, none of these environmental attributes are
   within the scope of this or other IPsec standards.

3. System Overview

   This section provides a high level description of how IPsec works,
   the components of the system, and how they fit together to provide
   the security services noted above.  The goal of this description is
   to enable the reader to "picture" the overall process/system, see how
   it fits into the IP environment, and to provide context for later
   sections of this document, which describe each of the components in
   more detail.

   An IPsec implementation operates in a host or a security gateway
   environment, affording protection to IP traffic.  The protection
   offered is based on requirements defined by a Security Policy
   Database (SPD) established and maintained by a user or system
   administrator, or by an application operating within constraints

   established by either of the above.  In general, packets are selected
   for one of three processing modes based on IP and transport layer
   header information (Selectors, Section 4.4.2) matched against entries
   in the database (SPD).  Each packet is either afforded IPsec security
   services, discarded, or allowed to bypass IPsec, based on the
   applicable database policies identified by the Selectors.

3.1 What IPsec Does

   IPsec provides security services at the IP layer by enabling a system
   to select required security protocols, determine the algorithm(s) to
   use for the service(s), and put in place any cryptographic keys
   required to provide the requested services.  IPsec can be used to
   protect one or more "paths" between a pair of hosts, between a pair
   of security gateways, or between a security gateway and a host.  (The
   term "security gateway" is used throughout the IPsec documents to
   refer to an intermediate system that implements IPsec protocols.  For
   example, a router or a firewall implementing IPsec is a security
   gateway.)

   The set of security services that IPsec can provide includes access
   control, connectionless integrity, data origin authentication,
   rejection of replayed packets (a form of partial sequence integrity),
   confidentiality (encryption), and limited traffic flow
   confidentiality.  Because these services are provided at the IP
   layer, they can be used by any high
er layer protocol, e.g., TCP, UDP,
   ICMP, BGP, etc.

   The IPsec DOI also supports negotiation of IP compression [SMPT98],
   motivated in part by the observation that when encryption is employed
   within IPsec, it prevents effective compression by lower protocol
   layers.

3.2 How IPsec Works

   IPsec uses two protocols to provide traffic security --
   Authentication Header (AH) and Encapsulating Security Payload (ESP).
   Both protocols are described in more detail in their respective RFCs
   [KA98a, KA98b].

        o The IP Authentication Header (AH) [KA98a] provides
          connectionless integrity, data origin authentication, and an
          optional anti-replay service.
        o The Encapsulating Security Payload (ESP) protocol [KA98b] may
          provide confidentiality (encryption), and limited traffic flow
          confidentiality.  It also may provide connectionless

          integrity, data origin authentication, and an anti-replay
          service.  (One or the other set of these security services
          must be applied whenever ESP is invoked.)
        o Both AH and ESP are vehicles for access control, based on the
          distribution of cryptographic keys and the management of
          traffic flows relative to these security protocols.

   These protocols may be applied alone or in combination with each
   other to provide a desired set of security services in IPv4 and IPv6.
   Each protocol supports two modes of use: transport mode and tunnel
   mode.  In transport mode the protocols provide protection primarily
   for upper layer protocols; in tunnel mode, the protocols are applied
   to tunneled IP packets.  The differences between the two modes are
   discussed in Section 4.

   IPsec allows the user (or system administrator) to control the
   granularity at which a security service is offered.  For example, one
   can create a single encrypted tunnel to carry all the traffic between
   two security gateways or a separate encrypted tunnel can be created
   for each TCP connection between each pair of hosts communicating
   across these gateways.  IPsec management must incorporate facilities
   for specifying:

        o which security services to use and in what combinations
        o the granularity at which a given security protection should be
          applied
        o the algorithms used to effect cryptographic-based security

   Because these security services use shared secret values
   (cryptographic keys), IPsec relies on a separate set of mechanisms
   for putting these keys in place. (The keys are used for
   authentication/integrity and encryption services.)  This document
   requires support for both manual and automatic distribution of keys.
   It specifies a specific public-key based approach (IKE -- [MSST97,
   Orm97, HC98]) for automatic key management, but other automated key
   distribution techniques MAY be used.  For example, KDC-based systems
   such as Kerberos and other public-key systems such as SKIP could be
   employed.

3.3 Where IPsec May Be Implemented

   There are several ways in which IPsec may be implemented in a host or
   in conjunction with a router or firewall (to create a security
   gateway).  Several common examples are provided below:

        a. Integration of IPsec into the native IP implementation.  This
           requires access to the IP source code and is applicable to
           both hosts and security gateways.

        b. "Bump-in-the-stack" (BITS) implementations, where IPsec is
           implemented "underneath" an existing implementation of an IP
           protocol stack, between the native IP and the local network
           drivers.  Source code access for the IP stack is not required
           in this context, making this implementation approach
           appropriate for use with legacy systems.  This approach, when
           it is adopted, is usually employed in hosts.

        c. The use of an outboard crypto processor is a common design
           feature of network security systems used by the military, and
           of some commercial systems as well.  It is sometimes referred
           to as a "Bump-in-the-wire" (BITW) implementation.  Such
           implementations may be designed to serve either a host or a
           gateway (or both).  Usually the BITW device is IP
           addressable.  When supporting a single host, it may be quite
           analogous to a BITS implementation, but in supporting a
           router or firewall, it must operate like a security gateway.

4. Security Associations

   This section defines Security Association management requirements for
   all IPv6 implementations and for those IPv4 implementations that
   implement AH, ESP, or both.  The concept of a "Security Association"
   (SA) is fundamental to IPsec.  Both AH and ESP make use of SAs and a
   major function of IKE is the establishment and maintenance of
   Security Associations.  All implementations of AH or ESP MUST support
   the concept of a Security Association as described below.  The
   remainder of this section describes various aspects of Security
   Association management, defining required characteristics for SA
   policy management, traffic processing, and SA management techniques.

4.1 Definition and Scope

   A Security Association (SA) is a simplex "connection" that affords
   security services to the traffic carried by it.  Security services
   are afforded to an SA by the use of AH, or ESP, but not both.  If
   both AH and ESP protection is applied to a traffic stream, then two
   (or more) SAs are created to afford protection to the traffic stream.
   To secure typical, bi-directional communication between two hosts, or
   between two security gateways, two Security Associations (one in each
   direction) are required.

   A security association is uniquely identified by a triple consisting
   of a Security Parameter Index (SPI), an IP Destination Address, and a
   security protocol (AH or ESP) identifier.  In principle, the
   Destination Address may be a unicast address, an IP broadcast
   address, or a multicast group address.  However, IPsec SA management
   mechanisms currently are defined only for unicast SAs.  Hence, in the

   discussions that follow, SAs will be described in the context of
   point-to-point communication, even though the concept is applicable
   in the point-to-multipoint case as well.

   As noted above, two types of SAs are defined: transport mode and
   tunnel mode.  A transport mode SA is a security association between
   two hosts.  In IPv4, a transport mode security protocol header
   appears immediately after the IP header and any options, and before
   any higher layer protocols (e.g., TCP or UDP).  In IPv6, the security
   protocol header appears after the base IP header and extensions, but
   may appear before or after destination options, and before higher
   layer protocols.  In the case of ESP, a transport mode SA provides
   security services only for these higher layer protocols, not for the
   IP header or any extension headers preceding the ESP header.  In the
   case of AH, the protection is also extended to selected portions of
   the IP header, selected portions of extension headers, and selected
   options (contained in the IPv4 header, IPv6 Hop-by-Hop extension
   header, or IPv6 Destination extension headers).  For more details on
   the coverage afforded by AH, see the AH specification [
KA98a].

   A tunnel mode SA is essentially an SA applied to an IP tunnel.
   Whenever either end of a security association is a security gateway,
   the SA MUST be tunnel mode.  Thus an SA between two security gateways
   is always a tunnel mode SA, as is an SA between a host and a security
   gateway.  Note that for the case where traffic is destined for a
   security gateway, e.g., SNMP commands, the security gateway is acting
   as a host and transport mode is allowed.  But in that case, the
   security gateway is not acting as a gateway, i.e., not transiting
   traffic.  Two hosts MAY establish a tunnel mode SA between
   themselves.  The requirement for any (transit traffic) SA involving a
   security gateway to be a tunnel SA arises due to the need to avoid
   potential problems with regard to fragmentation and reassembly of
   IPsec packets, and in circumstances where multiple paths (e.g., via
   different security gateways) exist to the same destination behind the
   security gateways.

   For a tunnel mode SA, there is an "outer" IP header that specifies
   the IPsec processing destination, plus an "inner" IP header that
   specifies the (apparently) ultimate destination for the packet.  The
   security protocol header appears after the outer IP header, and
   before the inner IP header.  If AH is employed in tunnel mode,
   portions of the outer IP header are afforded protection (as above),
   as well as all of the tunneled IP packet (i.e., all of the inner IP
   header is protected, as well as higher layer protocols).  If ESP is
   employed, the protection is afforded only to the tunneled packet, not
   to the outer header.

   In summary,
           a) A host MUST support both transport and tunnel mode.
           b) A security gateway is required to support only tunnel
              mode.  If it supports transport mode, that should be used
              only when the security gateway is acting as a host, e.g.,
              for network management.

4.2 Security Association Functionality

   The set of security services offered by an SA depends on the security
   protocol selected, the SA mode, the endpoints of the SA, and on the
   election of optional services within the protocol.  For example, AH
   provides data origin authentication and connectionless integrity for
   IP datagrams (hereafter referred to as just "authentication").  The
   "precision" of the authentication service is a function of the
   granularity of the security association with which AH is employed, as
   discussed in Section 4.4.2, "Selectors".

   AH also offers an anti-replay (partial sequence integrity) service at
   the discretion of the receiver, to help counter denial of service
   attacks.  AH is an appropriate protocol to employ when
   confidentiality is not required (or is not permitted, e.g , due to
   government restrictions on use of encryption).  AH also provides
   authentication for selected portions of the IP header, which may be
   necessary in some contexts.  For example, if the integrity of an IPv4
   option or IPv6 extension header must be protected en route between
   sender and receiver, AH can provide this service (except for the
   non-predictable but mutable parts of the IP header.)

   ESP optionally provides confidentiality for traffic.  (The strength
   of the confidentiality service depends in part, on the encryption
   algorithm employed.)  ESP also may optionally provide authentication
   (as defined above).  If authentication is negotiated for an ESP SA,
   the receiver also may elect to enforce an anti-replay service with
   the same features as the AH anti-replay service.  The scope of the
   authentication offered by ESP is narrower than for AH, i.e., the IP
   header(s) "outside" the ESP header is(are) not protected.  If only
   the upper layer protocols need to be authenticated, then ESP
   authentication is an appropriate choice and is more space efficient
   than use of AH encapsulating ESP.  Note that although both
   confidentiality and authentication are optional, they cannot both be
   omitted. At least one of them MUST be selected.

   If confidentiality service is selected, then an ESP (tunnel mode) SA
   between two security gateways can offer partial traffic flow
   confidentiality.  The use of tunnel mode allows the inner IP headers
   to be encrypted, concealing the identities of the (ultimate) traffic
   source and destination.  Moreover, ESP payload padding also can be

   invoked to hide the size of the packets, further concealing the
   external characteristics of the traffic.  Similar traffic flow
   confidentiality services may be offered when a mobile user is
   assigned a dynamic IP address in a dialup context, and establishes a
   (tunnel mode) ESP SA to a corporate firewall (acting as a security
   gateway).  Note that fine granularity SAs generally are more
   vulnerable to traffic analysis than coarse granularity ones which are
   carrying traffic from many subscribers.

4.3 Combining Security Associations

   The IP datagrams transmitted over an individual SA are afforded
   protection by exactly one security protocol, either AH or ESP, but
   not both.  Sometimes a security policy may call for a combination of
   services for a particular traffic flow that is not achievable with a
   single SA.  In such instances it will be necessary to employ multiple
   SAs to implement the required security policy.  The term "security
   association bundle" or "SA bundle" is applied to a sequence of SAs
   through which traffic must be processed to satisfy a security policy.
   The order of the sequence is defined by the policy.  (Note that the
   SAs that comprise a bundle may terminate at different endpoints. For
   example, one SA may extend between a mobile host and a security
   gateway and a second, nested SA may extend to a host behind the
   gateway.)

   Security associations may be combined into bundles in two ways:
   transport adjacency and iterated tunneling.

           o Transport adjacency refers to applying more than one
             security protocol to the same IP datagram, without invoking
             tunneling.  This approach to combining AH and ESP allows
             for only one level of combination; further nesting yields
             no added benefit (assuming use of adequately strong
             algorithms in each protocol) since the processing is
             performed at one IPsec instance at the (ultimate)
             destination.

             Host 1 --- Security ---- Internet -- Security --- Host 2
              | |        Gwy 1                      Gwy 2        | |
              | |                                                | |
              | -----Security Association 1 (ESP transport)------- |
              |                                                    |
              -------Security Association 2 (AH transport)----------

           o Iterated tunneling refers to the application of multiple
             layers of security protocols effected through IP tunneling.
             This approach allows for multiple levels of nesting, since
             each tunnel can originate or terminate at a different IPsec

             site along the path.  No special treatment is expected for
             ISAKMP traffic at intermediate security gateways other than
             what can be specified through appropriate SPD entries (See
             Case 3 in Section 4.5)

             There are 3 basic cases of iterated
 tunneling -- support is
             required only for cases 2 and 3.:

             1. both endpoints for the SAs are the same -- The inner and
                outer tunnels could each be either AH or ESP, though it
                is unlikely that Host 1 would specify both to be the
                same, i.e., AH inside of AH or ESP inside of ESP.

                Host 1 --- Security ---- Internet -- Security --- Host 2
                 | |        Gwy 1                      Gwy 2        | |
                 | |                                                | |
                 | -------Security Association 1 (tunnel)---------- | |
                 |                                                    |
                 ---------Security Association 2 (tunnel)--------------

             2. one endpoint of the SAs is the same -- The inner and
                uter tunnels could each be either AH or ESP.

                Host 1 --- Security ---- Internet -- Security --- Host 2
                 | |        Gwy 1                      Gwy 2         |
                 | |                                     |           |
                 | ----Security Association 1 (tunnel)----           |
                 |                                                   |
                 ---------Security Association 2 (tunnel)-------------

             3. neither endpoint is the same -- The inner and outer
                tunnels could each be either AH or ESP.

                Host 1 --- Security ---- Internet -- Security --- Host 2
                 |          Gwy 1                      Gwy 2         |
                 |            |                          |           |
                 |            --Security Assoc 1 (tunnel)-           |
                 |                                                   |
                 -----------Security Association 2 (tunnel)-----------

   These two approaches also can be combined, e.g., an SA bundle could
   be constructed from one tunnel mode SA and one or two transport mode
   SAs, applied in sequence.  (See Section 4.5 "Basic Combinations of
   Security Associations.") Note that nested tunnels can also occur
   where neither the source nor the destination endpoints of any of the
   tunnels are the same.  In that case, there would be no host or
   security gateway with a bundle corresponding to the nested tunnels.

   For transport mode SAs, only one ordering of security protocols seems
   appropriate.  AH is applied to both the upper layer protocols and
   (parts of) the IP header.  Thus if AH is used in a transport mode, in
   conjunction with ESP, AH SHOULD appear as the first header after IP,
   prior to the appearance of ESP.  In that context, AH is applied to
   the ciphertext output of ESP.  In contrast, for tunnel mode SAs, one
   can imagine uses for various orderings of AH and ESP.  The required
   set of SA bundle types that MUST be supported by a compliant IPsec
   implementation is described in Section 4.5.

4.4 Security Association Databases

   Many of the details associated with processing IP traffic in an IPsec
   implementation are largely a local matter, not subject to
   standardization.  However, some external aspects of the processing
   must be standardized, to ensure interoperability and to provide a
   minimum management capability that is essential for productive use of
   IPsec.  This section describes a general model for processing IP
   traffic relative to security associations, in support of these
   interoperability and functionality goals.  The model described below
   is nominal; compliant implementations need not match details of this
   model as presented, but the external behavior of such implementations
   must be mappable to the externally observable characteristics of this
   model.

   There are two nominal databases in this model: the Security Policy
   Database and the Security Association Database.  The former specifies
   the policies that determine the disposition of all IP traffic inbound
   or outbound from a host, security gateway, or BITS or BITW IPsec
   implementation.  The latter database contains parameters that are
   associated with each (active) security association.  This section
   also defines the concept of a Selector, a set of IP and upper layer
   protocol field values that is used by the Security Policy Database to
   map traffic to a policy, i.e., an SA (or SA bundle).

   Each interface for which IPsec is enabled requires nominally separate
   inbound vs. outbound databases (SAD and SPD), because of the
   directionality of many of the fields that are used as selectors.
   Typically there is just one such interface, for a host or security
   gateway (SG).  Note that an SG would always have at least 2
   interfaces, but the "internal" one to the corporate net, usually
   would not have IPsec enabled and so only one pair of SADs and one
   pair of SPDs would be needed.  On the other hand, if a host had
   multiple interfaces or an SG had multiple external interfaces, it
   might be necessary to have separate SAD and SPD pairs for each
   interface.

4.4.1 The Security Policy Database (SPD)

   Ultimately, a security association is a management construct used to
   enforce a security policy in the IPsec environment.  Thus an
   essential element of SA processing is an underlying Security Policy
   Database (SPD) that specifies what services are to be offered to IP
   datagrams and in what fashion.  The form of the database and its
   interface are outside the scope of this specification.  However, this
   section does specify certain minimum management functionality that
   must be provided, to allow a user or system administrator to control
   how IPsec is applied to traffic transmitted or received by a host or
   transiting a security gateway.

   The SPD must be consulted during the processing of all traffic
   (INBOUND and OUTBOUND), including non-IPsec traffic.  In order to
   support this, the SPD requires distinct entries for inbound and
   outbound traffic.  One can think of this as separate SPDs (inbound
   vs.  outbound).  In addition, a nominally separate SPD must be
   provided for each IPsec-enabled interface.

   An SPD must discriminate among traffic that is afforded IPsec
   protection and traffic that is allowed to bypass IPsec.  This applies
   to the IPsec protection to be applied by a sender and to the IPsec
   protection that must be present at the receiver.  For any outbound or
   inbound datagram, three processing choices are possible: discard,
   bypass IPsec, or apply IPsec.  The first choice refers to traffic
   that is not allowed to exit the host, traverse the security gateway,
   or be delivered to an application at all.  The second choice refers
   to traffic that is allowed to pass without additional IPsec
   protection.  The third choice refers to traffic that is afforded
   IPsec protection, and for such traffic the SPD must specify the
   security services to be provided, protocols to be employed,
   algorithms to be used, etc.

   For every IPsec implementation, there MUST be an administrative
   interface that allows a user or system administrator to manage the
   SPD.  Specifically, every inbound or outbound packet is subject to
   processing by IPsec and the SPD must specify what action will be
   taken in each case.  Thus the administrative interface must allow the
   user (or system administrator) to specify the security processing to
   be applied to any packet
entering or exiting the system, on a packet
   by packet basis.  (In a host IPsec implementation making use of a
   socket interface, the SPD may not need to be consulted on a per
   packet basis, but the effect is still the same.)  The management
   interface for the SPD MUST allow creation of entries consistent with
   the selectors defined in Section 4.4.2, and MUST support (total)
   ordering of these entries.  It is expected that through the use of
   wildcards in various selector fields, and because all packets on a

   single UDP or TCP connection will tend to match a single SPD entry,
   this requirement will not impose an unreasonably detailed level of
   SPD specification.  The selectors are analogous to what are found in
   a stateless firewall or filtering router and which are currently
   manageable this way.

   In host systems, applications MAY be allowed to select what security
   processing is to be applied to the traffic they generate and consume.
   (Means of signalling such requests to the IPsec implementation are
   outside the scope of this standard.)  However, the system
   administrator MUST be able to specify whether or not a user or
   application can override (default) system policies.  Note that
   application specified policies may satisfy system requirements, so
   that the system may not need to do additional IPsec processing beyond
   that needed to meet an application's requirements.  The form of the
   management interface is not specified by this document and may differ
   for hosts vs. security gateways, and within hosts the interface may
   differ for socket-based vs.  BITS implementations.  However, this
   document does specify a standard set of SPD elements that all IPsec
   implementations MUST support.

   The SPD contains an ordered list of policy entries.  Each policy
   entry is keyed by one or more selectors that define the set of IP
   traffic encompassed by this policy entry.  (The required selector
   types are defined in Section 4.4.2.)  These define the granularity of
   policies or SAs.  Each entry includes an indication of whether
   traffic matching this policy will be bypassed, discarded, or subject
   to IPsec processing.  If IPsec processing is to be applied, the entry
   includes an SA (or SA bundle) specification, listing the IPsec
   protocols, modes, and algorithms to be employed, including any
   nesting requirements.  For example, an entry may call for all
   matching traffic to be protected by ESP in transport mode using
   3DES-CBC with an explicit IV, nested inside of AH in tunnel mode
   using HMAC/SHA-1.  For each selector, the policy entry specifies how
   to derive the corresponding values for a new Security Association
   Database (SAD, see Section 4.4.3) entry from those in the SPD and the
   packet (Note that at present, ranges are only supported for IP
   addresses; but wildcarding can be expressed for all selectors):

           a. use the value in the packet itself -- This will limit use
              of the SA to those packets which have this packet's value
              for the selector even if the selector for the policy entry
              has a range of allowed values or a wildcard for this
              selector.
           b. use the value associated with the policy entry -- If this
              were to be just a single value, then there would be no
              difference between (b) and (a).  However, if the allowed
              values for the selector are a range (for IP addresses) or

              wildcard, then in the case of a range,(b) would enable use
              of the SA by any packet with a selector value within the
              range not just by packets with the selector value of the
              packet that triggered the creation of the SA.  In the case
              of a wildcard, (b) would allow use of the SA by packets
              with any value for this selector.

   For example, suppose there is an SPD entry where the allowed value
   for source address is any of a range of hosts (192.168.2.1 to
   192.168.2.10).  And suppose that a packet is to be sent that has a
   source address of 192.168.2.3.  The value to be used for the SA could
   be any of the sample values below depending on what the policy entry
   for this selector says is the source of the selector value:

           source for the  example of
           value to be     new SAD
           used in the SA  selector value
           --------------- ------------
           a. packet       192.168.2.3 (one host)
           b. SPD entry    192.168.2.1 to 192.168.2.10 (range of hosts)

   Note that if the SPD entry had an allowed value of wildcard for the
   source address, then the SAD selector value could be wildcard (any
   host).  Case (a) can be used to prohibit sharing, even among packets
   that match the same SPD entry.

   As described below in Section 4.4.3, selectors may include "wildcard"
   entries and hence the selectors for two entries may overlap.  (This
   is analogous to the overlap that arises with ACLs or filter entries
   in routers or packet filtering firewalls.)  Thus, to ensure
   consistent, predictable processing, SPD entries MUST be ordered and
   the SPD MUST always be searched in the same order, so that the first
   matching entry is consistently selected.  (This requirement is
   necessary as the effect of processing traffic against SPD entries
   must be deterministic, but there is no way to canonicalize SPD
   entries given the use of wildcards for some selectors.)  More detail
   on matching of packets against SPD entries is provided in Section 5.

   Note that if ESP is specified, either (but not both) authentication
   or encryption can be omitted.  So it MUST be possible to configure
   the SPD value for the authentication or encryption algorithms to be
   "NULL".  However, at least one of these services MUST be selected,
   i.e., it MUST NOT be possible to configure both of them as "NULL".

   The SPD can be used to map traffic to specific SAs or SA bundles.
   Thus it can function both as the reference database for security
   policy and as the map to existing SAs (or SA bundles).  (To
   accommodate the bypass and discard policies cited above, the SPD also

   MUST provide a means of mapping traffic to these functions, even
   though they are not, per se, IPsec processing.)  The way in which the
   SPD operates is different for inbound vs. outbound traffic and it
   also may differ for host vs.  security gateway, BITS, and BITW
   implementations.  Sections 5.1 and 5.2 describe the use of the SPD
   for outbound and inbound processing, respectively.

   Because a security policy may require that more than one SA be
   applied to a specified set of traffic, in a specific order, the
   policy entry in the SPD must preserve these ordering requirements,
   when present.  Thus, it must be possible for an IPsec implementation
   to determine that an outbound or inbound packet must be processed
   thorough a sequence of SAs.  Conceptually, for outbound processing,
   one might imagine links (to the SAD) from an SPD entry for which
   there are active SAs, and each entry would consist of either a single
   SA or an ordered list of SAs that comprise an SA bundle.  When a
   packet is matched against an SPD entry and there is an existing SA or
   SA bundle that can be used to carry the traffic, the processing of
   the packet is controlled by the SA or SA bundle entry on the list.
   For an inbound IPsec packet for which mul
tiple IPsec SAs are to be
   applied, the lookup based on destination address, IPsec protocol, and
   SPI should identify a single SA.

   The SPD is used to control the flow of ALL traffic through an IPsec
   system, including security and key management traffic (e.g., ISAKMP)
   from/to entities behind a security gateway.  This means that ISAKMP
   traffic must be explicitly accounted for in the SPD, else it will be
   discarded.  Note that a security gateway could prohibit traversal of
   encrypted packets in various ways, e.g., having a DISCARD entry in
   the SPD for ESP packets or providing proxy key exchange.  In the
   latter case, the traffic would be internally routed to the key
   management module in the security gateway.

4.4.2  Selectors

   An SA (or SA bundle) may be fine-grained or coarse-grained, depending
   on the selectors used to define the set of traffic for the SA.  For
   example, all traffic between two hosts may be carried via a single
   SA, and afforded a uniform set of security services.  Alternatively,
   traffic between a pair of hosts might be spread over multiple SAs,
   depending on the applications being used (as defined by the Next
   Protocol and Port fields), with different security services offered
   by different SAs.  Similarly, all traffic between a pair of security
   gateways could be carried on a single SA, or one SA could be assigned
   for each communicating host pair.  The following selector parameters
   MUST be supported for SA management to facilitate control of SA
   granularity.  Note that in the case of receipt of a packet with an
   ESP header, e.g., at an encapsulating security gateway or BITW

   implementation, the transport layer protocol, source/destination
   ports, and Name (if present) may be "OPAQUE", i.e., inaccessible
   because of encryption or fragmentation.  Note also that both Source
   and Destination addresses should either be IPv4 or IPv6.

      - Destination IP Address (IPv4 or IPv6): this may be a single IP
        address (unicast, anycast, broadcast (IPv4 only), or multicast
        group), a range of addresses (high and low values (inclusive),
        address + mask, or a wildcard address.  The last three are used
        to support more than one destination system sharing the same SA
        (e.g., behind a security gateway). Note that this selector is
        conceptually different from the "Destination IP Address" field
        in the  tuple used
        to uniquely identify an SA.  When a tunneled packet arrives at
        the tunnel endpoint, its SPI/Destination address/Protocol are
        used to look up the SA for this packet in the SAD.  This
        destination address comes from the encapsulating IP header.
        Once the packet has been processed according to the tunnel SA
        and has come out of the tunnel, its selectors are "looked up" in
        the Inbound SPD.  The Inbound SPD has a selector called
        destination address.  This IP destination address is the one in
        the inner (encapsulated) IP header.  In the case of a
        transport'd packet, there will be only one IP header and this
        ambiguity does not exist.  [REQUIRED for all implementations]

      - Source IP Address(es) (IPv4 or IPv6): this may be a single IP
        address (unicast, anycast, broadcast (IPv4 only), or multicast
        group), range of addresses (high and low values inclusive),
        address + mask, or a wildcard address.  The last three are used
        to support more than one source system sharing the same SA
        (e.g., behind a security gateway or in a multihomed host).
        [REQUIRED for all implementations]

      - Name: There are 2 cases (Note that these name forms are
        supported in the IPsec DOI.)
                1. User ID
                    a. a fully qualified user name string (DNS), e.g.,
                       mozart@foo.bar.com
                    b. X.500 distinguished name, e.g., C = US, SP = MA,
                       O = GTE Internetworking, CN = Stephen T. Kent.
                2. System name (host, security gateway, etc.)
                    a. a fully qualified DNS name, e.g., foo.bar.com
                    b. X.500 distinguished name
                    c. X.500 general name

        NOTE: One of the possible values of this selector is "OPAQUE".

        [REQUIRED for the following cases.  Note that support for name
        forms other than addresses is not required for manually keyed
        SAs.
                o User ID
                    - native host implementations
                    - BITW and BITS implementations acting as HOSTS
                      with only one user
                    - security gateway implementations for INBOUND
                      processing.
                o System names -- all implementations]

      - Data sensitivity level: (IPSO/CIPSO labels)
        [REQUIRED for all systems providing information flow security as
        per Section 8, OPTIONAL for all other systems.]

      - Transport Layer Protocol: Obtained from the IPv4 "Protocol" or
        the IPv6 "Next Header" fields.  This may be an individual
        protocol number.  These packet fields may not contain the
        Transport Protocol due to the presence of IP extension headers,
        e.g., a Routing Header, AH, ESP, Fragmentation Header,
        Destination Options, Hop-by-hop options, etc.  Note that the
        Transport Protocol may not be available in the case of receipt
        of a packet with an ESP header, thus a value of "OPAQUE" SHOULD
        be supported.
        [REQUIRED for all implementations]

        NOTE: To locate the transport protocol, a system has to chain
        through the packet headers checking the "Protocol" or "Next
        Header" field until it encounters either one it recognizes as a
        transport protocol, or until it reaches one that isn't on its
        list of extension headers, or until it encounters an ESP header
        that renders the transport protocol opaque.

      - Source and Destination (e.g., TCP/UDP) Ports: These may be
        individual UDP or TCP port values or a wildcard port.  (The use
        of the Next Protocol field and the Source and/or Destination
        Port fields (in conjunction with the Source and/or Destination
        Address fields), as an SA selector is sometimes referred to as
        "session-oriented keying.").  Note that the source and
        destination ports may not be available in the case of receipt of
        a packet with an ESP header, thus a value of "OPAQUE" SHOULD be
        supported.

        The following table summarizes the relationship between the
        "Next Header" value in the packet and SPD and the derived Port
        Selector value for the SPD and SAD.

          Next Hdr        Transport Layer   Derived Port Selector Field
          in Packet       Protocol in SPD   Value in SPD and SAD
          --------        ---------------   ---------------------------
          ESP             ESP or ANY        ANY (i.e., don't look at it)
          -don't care-    ANY               ANY (i.e., don't look at it)
          specific value  specific value    NOT ANY (i.e., drop packet)
             fragment
          specific value  specific value    actual port selector field
             not fragment

        If the packet has been fragmented, then the port information may
        not be avail
able in the current fragment.  If so, discard the
        fragment.  An ICMP PMTU should be sent for the first fragment,
        which will have the port information.  [MAY be supported]

   The IPsec implementation context determines how selectors are used.
   For example, a host implementation integrated into the stack may make
   use of a socket interface.  When a new connection is established the
   SPD can be consulted and an SA (or SA bundle) bound to the socket.
   Thus traffic sent via that socket need not result in additional
   lookups to the SPD/SAD.  In contrast, a BITS, BITW, or security
   gateway implementation needs to look at each packet and perform an
   SPD/SAD lookup based on the selectors. The allowable values for the
   selector fields differ between the traffic flow, the security
   association, and the security policy.

   The following table summarizes the kinds of entries that one needs to
   be able to express in the SPD and SAD.  It shows how they relate to
   the fields in data traffic being subjected to IPsec screening.
   (Note: the "wild" or "wildcard" entry for src and dst addresses
   includes a mask, range, etc.)

 Field         Traffic Value       SAD Entry            SPD Entry
 --------      -------------   ----------------   --------------------
 src addr      single IP addr  single,range,wild  single,range,wildcard
 dst addr      single IP addr  single,range,wild  single,range,wildcard
 xpt protocol* xpt protocol    single,wildcard    single,wildcard
 src port*     single src port single,wildcard    single,wildcard
 dst port*     single dst port single,wildcard    single,wildcard
 user id*      single user id  single,wildcard    single,wildcard
 sec. labels   single value    single,wildcard    single,wildcard

       * The SAD and SPD entries for these fields could be "OPAQUE"
         because the traffic value is encrypted.

   NOTE: In principle, one could have selectors and/or selector values
   in the SPD which cannot be negotiated for an SA or SA bundle.
   Examples might include selector values used to select traffic for

   discarding or enumerated lists which cause a separate SA to be
   created for each item on the list.  For now, this is left for future
   versions of this document and the list of required selectors and
   selector values is the same for the SPD and the SAD.  However, it is
   acceptable to have an administrative interface that supports use of
   selector values which cannot be negotiated provided that it does not
   mislead the user into believing it is creating an SA with these
   selector values.  For example, the interface may allow the user to
   specify an enumerated list of values but would result in the creation
   of a separate policy and SA for each item on the list.  A vendor
   might support such an interface to make it easier for its customers
   to specify clear and concise policy specifications.

4.4.3 Security Association Database (SAD)

   In each IPsec implementation there is a nominal Security Association
   Database, in which each entry defines the parameters associated with
   one SA.  Each SA has an entry in the SAD.  For outbound processing,
   entries are pointed to by entries in the SPD.  Note that if an SPD
   entry does not currently point to an SA that is appropriate for the
   packet, the implementation creates an appropriate SA (or SA Bundle)
   and links the SPD entry to the SAD entry (see Section 5.1.1).  For
   inbound processing, each entry in the SAD is indexed by a destination
   IP address, IPsec protocol type, and SPI.  The following parameters
   are associated with each entry in the SAD.  This description does not
   purport to be a MIB, but only a specification of the minimal data
   items required to support an SA in an IPsec implementation.

   For inbound processing: The following packet fields are used to look
   up the SA in the SAD:

         o Outer Header's Destination IP address: the IPv4 or IPv6
           Destination address.
           [REQUIRED for all implementations]
         o IPsec Protocol: AH or ESP, used as an index for SA lookup
           in this database.  Specifies the IPsec protocol to be
           applied to the traffic on this SA.
           [REQUIRED for all implementations]
         o SPI: the 32-bit value used to distinguish among different
           SAs terminating at the same destination and using the same
           IPsec protocol.
           [REQUIRED for all implementations]

   For each of the selectors defined in Section 4.4.2, the SA entry in
   the SAD MUST contain the value or values which were negotiated at the
   time the SA was created.  For the sender, these values are used to
   decide whether a given SA is appropriate for use with an outbound
   packet.  This is part of checking to see if there is an existing SA

   that can be used.  For the receiver, these values are used to check
   that the selector values in an inbound packet match those for the SA
   (and thus indirectly those for the matching policy).  For the
   receiver, this is part of verifying that the SA was appropriate for
   this packet.  (See Section 6 for rules for ICMP messages.)  These
   fields can have the form of specific values, ranges, wildcards, or
   "OPAQUE" as described in section 4.4.2, "Selectors".  Note that for
   an ESP SA, the encryption algorithm or the authentication algorithm
   could be "NULL".  However they MUST not both be "NULL".

   The following SAD fields are used in doing IPsec processing:

         o Sequence Number Counter: a 32-bit value used to generate the
           Sequence Number field in AH or ESP headers.
           [REQUIRED for all implementations, but used only for outbound
           traffic.]
         o Sequence Counter Overflow: a flag indicating whether overflow
           of the Sequence Number Counter should generate an auditable
           event and prevent transmission of additional packets on the
           SA.
           [REQUIRED for all implementations, but used only for outbound
           traffic.]
         o Anti-Replay Window: a 32-bit counter and a bit-map (or
           equivalent) used to determine whether an inbound AH or ESP
           packet is a replay.
           [REQUIRED for all implementations but used only for inbound
           traffic. NOTE: If anti-replay has been disabled by the
           receiver, e.g., in the case of a manually keyed SA, then the
           Anti-Replay Window is not used.]
         o AH Authentication algorithm, keys, etc.
           [REQUIRED for AH implementations]
         o ESP Encryption algorithm, keys, IV mode, IV, etc.
           [REQUIRED for ESP implementations]
         o ESP authentication algorithm, keys, etc. If the
           authentication service is not selected, this field will be
           null.
           [REQUIRED for ESP implementations]
         o Lifetime of this Security Association: a time interval after
           which an SA must be replaced with a new SA (and new SPI) or
           terminated, plus an indication of which of these actions
           should occur.  This may be expressed as a time or byte count,
           or a simultaneous use of both, the first lifetime to expire
           taking precedence. A compliant implementation MUST support
           both types of lifetimes, and must support a simultaneous use
           of both.  If time is employed, and if IKE employs X.509
           certificates for SA establishment, the SA lifetime must
 be
           constrained by the validity intervals of the certificates,
           and the NextIssueDate of the CRLs used in the IKE exchange

           for the SA.  Both initiator and responder are responsible for
           constraining SA lifetime in this fashion.
           [REQUIRED for all implementations]

           NOTE: The details of how to handle the refreshing of keys
           when SAs expire is a local matter.  However, one reasonable
           approach is:
             (a) If byte count is used, then the implementation
                 SHOULD count the number of bytes to which the IPsec
                 algorithm is applied.  For ESP, this is the encryption
                 algorithm (including Null encryption) and for AH,
                 this is the authentication algorithm.  This includes
                 pad bytes, etc.  Note that implementations SHOULD be
                 able to handle having the counters at the ends of an
                 SA get out of synch, e.g., because of packet loss or
                 because the implementations at each end of the SA
                 aren't doing things the same way.
             (b) There SHOULD be two kinds of lifetime -- a soft
                 lifetime which warns the implementation to initiate
                 action such as setting up a replacement SA and a
                 hard lifetime when the current SA ends.
             (c) If the entire packet does not get delivered during
                 the SAs lifetime, the packet SHOULD be discarded.

         o IPsec protocol mode: tunnel, transport or wildcard.
           Indicates which mode of AH or ESP is applied to traffic on
           this SA.  Note that if this field is "wildcard" at the
           sending end of the SA, then the application has to specify
           the mode to the IPsec implementation.  This use of wildcard
           allows the same SA to be used for either tunnel or transport
           mode traffic on a per packet basis, e.g., by different
           sockets.  The receiver does not need to know the mode in
           order to properly process the packet's IPsec headers.

           [REQUIRED as follows, unless implicitly defined by context:
                   - host implementations must support all modes
                   - gateway implementations must support tunnel mode]

           NOTE: The use of wildcard for the protocol mode of an inbound
           SA may add complexity to the situation in the receiver (host
           only).  Since the packets on such an SA could be delivered in
           either tunnel or transport mode, the security of an incoming
           packet could depend in part on which mode had been used to
           deliver it.  If, as a result, an application cared about the
           SA mode of a given packet, then the application would need a
           mechanism to obtain this mode information.

         o Path MTU: any observed path MTU and aging variables.  See
           Section 6.1.2.4
           [REQUIRED for all implementations but used only for outbound
           traffic]

4.5 Basic Combinations of Security Associations

   This section describes four examples of combinations of security
   associations that MUST be supported by compliant IPsec hosts or
   security gateways.  Additional combinations of AH and/or ESP in
   tunnel and/or transport modes MAY be supported at the discretion of
   the implementor.  Compliant implementations MUST be capable of
   generating these four combinations and on receipt, of processing
   them, but SHOULD be able to receive and process any combination.  The
   diagrams and text below describe the basic cases.  The legend for the
   diagrams is:

        ==== = one or more security associations (AH or ESP, transport
               or tunnel)
        ---- = connectivity (or if so labelled, administrative boundary)
        Hx   = host x
        SGx  = security gateway x
        X*   = X supports IPsec

   NOTE: The security associations below can be either AH or ESP.  The
   mode (tunnel vs transport) is determined by the nature of the
   endpoints.  For host-to-host SAs, the mode can be either transport or
   tunnel.

   Case 1.  The case of providing end-to-end security between 2 hosts
        across the Internet (or an Intranet).

                 ====================================
                 |                                  |
                H1* ------ (Inter/Intranet) ------ H2*

        Note that either transport or tunnel mode can be selected by the
        hosts.  So the headers in a packet between H1 and H2 could look
        like any of the following:

                  Transport                  Tunnel
             -----------------          ---------------------
             1. [IP1][AH][upper]        4. [IP2][AH][IP1][upper]
             2. [IP1][ESP][upper]       5. [IP2][ESP][IP1][upper]
             3. [IP1][AH][ESP][upper]

        Note that there is no requirement to support general nesting,
        but in transport mode, both AH and ESP can be applied to the
        packet.  In this event, the SA establishment procedure MUST
        ensure that first ESP, then AH are applied to the packet.

   Case 2.  This case illustrates simple virtual private networks
        support.

                       ===========================
                       |                         |
  ---------------------|----                  ---|-----------------------
  |                    |   |                  |  |                      |
  |  H1 -- (Local --- SG1* |--- (Internet) ---| SG2* --- (Local --- H2  |
  |        Intranet)       |                  |          Intranet)      |
  --------------------------                  ---------------------------
      admin. boundary                               admin. boundary

        Only tunnel mode is required here.  So the headers in a packet
        between SG1 and SG2 could look like either of the following:

                        Tunnel
                ---------------------
                4. [IP2][AH][IP1][upper]
                5. [IP2][ESP][IP1][upper]

   Case 3.  This case combines cases 1 and 2, adding end-to-end security
        between the sending and receiving hosts.  It imposes no new
        requirements on the hosts or security gateways, other than a
        requirement for a security gateway to be configurable to pass
        IPsec traffic (including ISAKMP traffic) for hosts behind it.

     ===============================================================
     |                                                             |
     |                 =========================                   |
     |                 |                       |                   |
  ---|-----------------|----                ---|-------------------|---
  |  |                 |   |                |  |                   |  |
  | H1* -- (Local --- SG1* |-- (Internet) --| SG2* --- (Local --- H2* |
  |        Intranet)       |                |          Intranet)      |
  --------------------------                ---------------------------
       admin. boundary                            admin. boundary

   Case 4.  This covers the situation where a remote host (H1) uses the
        Internet to reach an organization's firewall (SG2) and to then
        gain access to some server or other machine (H2).  The remote
        host could be a mobile host (H1) dialing up to a local
PPP/ARA
        server (not shown) on the Internet and then crossing the
        Internet to the home organization's firewall (SG2), etc.  The

        details of support for this case, (how H1 locates SG2,
        authenticates it, and verifies its authorization to represent
        H2) are discussed in Section 4.6.3, "Locating a Security
        Gateway".

        ======================================================
        |                                                    |
        |==============================                      |
        ||                            |                      |
        ||                         ---|----------------------|---
        ||                         |  |                      |  |
        H1* ----- (Internet) ------| SG2* ---- (Local ----- H2* |
              ^                    |           Intranet)        |
              |                    ------------------------------
        could be dialup              admin. boundary (optional)
        to PPP/ARA server

        Only tunnel mode is required between H1 and SG2.  So the choices
        for the SA between H1 and SG2 would be one of the ones in case
        2.  The choices for the SA between H1 and H2 would be one of the
        ones in case 1.

        Note that in this case, the sender MUST apply the transport
        header before the tunnel header.  Therefore the management
        interface to the IPsec implementation MUST support configuration
        of the SPD and SAD to ensure this ordering of IPsec header
        application.

   As noted above, support for additional combinations of AH and ESP is
   optional.  Use of other, optional combinations may adversely affect
   interoperability.

4.6 SA and Key Management

   IPsec mandates support for both manual and automated SA and
   cryptographic key management.  The IPsec protocols, AH and ESP, are
   largely independent of the associated SA management techniques,
   although the techniques involved do affect some of the security
   services offered by the protocols.  For example, the optional anti-
   replay services available for AH and ESP require automated SA
   management.  Moreover, the granularity of key distribution employed
   with IPsec determines the granularity of authentication provided.
   (See also a discussion of this issue in Section 4.7.)  In general,
   data origin authentication in AH and ESP is limited by the extent to
   which secrets used with the authentication algorithm (or with a key
   management protocol that creates such secrets) are shared among
   multiple possible sources.

   The following text describes the minimum requirements for both types
   of SA management.

4.6.1 Manual Techniques

   The simplest form of management is manual management, in which a
   person manually configures each system with keying material and
   security association management data relevant to secure communication
   with other systems.  Manual techniques are practical in small, static
   environments but they do not scale well.  For example, a company
   could create a Virtual Private Network (VPN) using IPsec in security
   gateways at several sites.  If the number of sites is small, and
   since all the sites come under the purview of a single administrative
   domain, this is likely to be a feasible context for manual management
   techniques.  In this case, the security gateway might selectively
   protect traffic to and from other sites within the organization using
   a manually configured key, while not protecting traffic for other
   destinations.  It also might be appropriate when only selected
   communications need to be secured.  A similar argument might apply to
   use of IPsec entirely within an organization for a small number of
   hosts and/or gateways.  Manual management techniques often employ
   statically configured, symmetric keys, though other options also
   exist.

4.6.2 Automated SA and Key Management

   Widespread deployment and use of IPsec requires an Internet-standard,
   scalable, automated, SA management protocol.  Such support is
   required to facilitate use of the anti-replay features of AH and ESP,
   and to accommodate on-demand creation of SAs, e.g., for user- and
   session-oriented keying.  (Note that the notion of "rekeying" an SA
   actually implies creation of a new SA with a new SPI, a process that
   generally implies use of an automated SA/key management protocol.)

   The default automated key management protocol selected for use with
   IPsec is IKE [MSST97, Orm97, HC98] under the IPsec domain of
   interpretation [Pip98].  Other automated SA management protocols MAY
   be employed.

   When an automated SA/key management protocol is employed, the output
   from this protocol may be used to generate multiple keys, e.g., for a
   single ESP SA.  This may arise because:

       o the encryption algorithm uses multiple keys (e.g., triple DES)
       o the authentication algorithm uses multiple keys
       o both encryption and authentication algorithms are employed

   The Key Management System may provide a separate string of bits for
   each key or it may generate one string of bits from which all of them
   are extracted.  If a single string of bits is provided, care needs to
   be taken to ensure that the parts of the system that map the string
   of bits to the required keys do so in the same fashion at both ends
   of the SA.  To ensure that the IPsec implementations at each end of
   the SA use the same bits for the same keys, and irrespective of which
   part of the system divides the string of bits into individual keys,
   the encryption key(s) MUST be taken from the first (left-most, high-
   order) bits and the authentication key(s) MUST be taken from the
   remaining bits.  The number of bits for each key is defined in the
   relevant algorithm specification RFC.  In the case of multiple
   encryption keys or multiple authentication keys, the specification
   for the algorithm must specify the order in which they are to be
   selected from a single string of bits provided to the algorithm.

4.6.3 Locating a Security Gateway

   This section discusses issues relating to how a host learns about the
   existence of relevant security gateways and once a host has contacted
   these security gateways, how it knows that these are the correct
   security gateways.  The details of where the required information is
   stored is a local matter.

   Consider a situation in which a remote host (H1) is using the
   Internet to gain access to a server or other machine (H2) and there
   is a security gateway (SG2), e.g., a firewall, through which H1's
   traffic must pass.  An example of this situation would be a mobile
   host (Road Warrior) crossing the Internet to the home organization's
   firewall (SG2).  (See Case 4 in the section 4.5 Basic Combinations of
   Security Associations.) This situation raises several issues:

        1. How does H1 know/learn about the existence of the security
           gateway SG2?
        2. How does it authenticate SG2, and once it has authenticated
           SG2, how does it confirm that SG2 has been authorized to
           represent H2?
        3. How does SG2 authenticate H1 and verify that H1 is authorized
           to contact H2?
        4. How does H1 know/learn about backup gateways which provide
           alternate paths to H2?

   To address these problems, a host or secu
rity gateway MUST have an
   administrative interface that allows the user/administrator to
   configure the address of a security gateway for any sets of
   destination addresses that require its use. This includes the ability
   to configure:

        o the requisite information for locating and authenticating the
          security gateway and verifying its authorization to represent
          the destination host.
        o the requisite information for locating and authenticating any
          backup gateways and verifying their authorization to represent
          the destination host.

   It is assumed that the SPD is also configured with policy information
   that covers any other IPsec requirements for the path to the security
   gateway and the destination host.

   This document does not address the issue of how to automate the
   discovery/verification of security gateways.

4.7 Security Associations and Multicast

   The receiver-orientation of the Security Association implies that, in
   the case of unicast traffic, the destination system will normally
   select the SPI value.  By having the destination select the SPI
   value, there is no potential for manually configured Security
   Associations to conflict with automatically configured (e.g., via a
   key management protocol) Security Associations or for Security
   Associations from multiple sources to conflict with each other.  For
   multicast traffic, there are multiple destination systems per
   multicast group.  So some system or person will need to coordinate
   among all multicast groups to select an SPI or SPIs on behalf of each
   multicast group and then communicate the group's IPsec information to
   all of the legitimate members of that multicast group via mechanisms
   not defined here.

   Multiple senders to a multicast group SHOULD use a single Security
   Association (and hence Security Parameter Index) for all traffic to
   that group when a symmetric key encryption or authentication
   algorithm is employed. In such circumstances, the receiver knows only
   that the message came from a system possessing the key for that
   multicast group.  In such circumstances, a receiver generally will
   not be able to authenticate which system sent the multicast traffic.
   Specifications for other, more general multicast cases are deferred
   to later IPsec documents.

   At the time this specification was published, automated protocols for
   multicast key distribution were not considered adequately mature for
   standardization.  For multicast groups having relatively few members,
   manual key distribution or multiple use of existing unicast key
   distribution algorithms such as modified Diffie-Hellman appears
   feasible.  For very large groups, new scalable techniques will be
   needed.  An example of current work in this area is the Group Key
   Management Protocol (GKMP) [HM97].

5. IP Traffic Processing

   As mentioned in Section 4.4.1 "The Security Policy Database (SPD)",
   the SPD must be consulted during the processing of all traffic
   (INBOUND and OUTBOUND), including non-IPsec traffic.  If no policy is
   found in the SPD that matches the packet (for either inbound or
   outbound traffic), the packet MUST be discarded.

   NOTE: All of the cryptographic algorithms used in IPsec expect their
   input in canonical network byte order (see Appendix in RFC 791) and
   generate their output in canonical network byte order.  IP packets
   are also transmitted in network byte order.

5.1 Outbound IP Traffic Processing

5.1.1 Selecting and Using an SA or SA Bundle

   In a security gateway or BITW implementation (and in many BITS
   implementations), each outbound packet is compared against the SPD to
   determine what processing is required for the packet.  If the packet
   is to be discarded, this is an auditable event.  If the traffic is
   allowed to bypass IPsec processing, the packet continues through
   "normal" processing for the environment in which the IPsec processing
   is taking place.  If IPsec processing is required, the packet is
   either mapped to an existing SA (or SA bundle), or a new SA (or SA
   bundle) is created for the packet.  Since a packet's selectors might
   match multiple policies or multiple extant SAs and since the SPD is
   ordered, but the SAD is not, IPsec MUST:

           1. Match the packet's selector fields against the outbound
              policies in the SPD to locate the first appropriate
              policy, which will point to zero or more SA bundles in the
              SAD.

           2. Match the packet's selector fields against those in the SA
              bundles found in (1) to locate the first SA bundle that
              matches.  If no SAs were found or none match, create an
              appropriate SA bundle and link the SPD entry to the SAD
              entry.  If no key management entity is found, drop the
              packet.

           3. Use the SA bundle found/created in (2) to do the required
              IPsec processing, e.g., authenticate and encrypt.

   In a host IPsec implementation based on sockets, the SPD will be
   consulted whenever a new socket is created, to determine what, if
   any, IPsec processing will be applied to the traffic that will flow
   on that socket.

   NOTE: A compliant implementation MUST not allow instantiation of an
   ESP SA that employs both a NULL encryption and a NULL authentication
   algorithm.  An attempt to negotiate such an SA is an auditable event.

5.1.2 Header Construction for Tunnel Mode

   This section describes the handling of the inner and outer IP
   headers, extension headers, and options for AH and ESP tunnels.  This
   includes how to construct the encapsulating (outer) IP header, how to
   handle fields in the inner IP header, and what other actions should
   be taken.  The general idea is modeled after the one used in RFC
   2003, "IP Encapsulation with IP":

        o The outer IP header Source Address and Destination Address
          identify the "endpoints" of the tunnel (the encapsulator and
          decapsulator).  The inner IP header Source Address and
          Destination Addresses identify the original sender and
          recipient of the datagram, (from the perspective of this
          tunnel), respectively.  (see footnote 3 after the table in
          5.1.2.1 for more details on the encapsulating source IP
          address.)
        o The inner IP header is not changed except to decrement the TTL
          as noted below, and remains unchanged during its delivery to
          the tunnel exit point.
        o No change to IP options or extension headers in the inner
          header occurs during delivery of the encapsulated datagram
          through the tunnel.
        o If need be, other protocol headers such as the IP
          Authentication header may be inserted between the outer IP
          header and the inner IP header.

   The tables in the following sub-sections show the handling for the
   different header/option fields (constructed = the value in the outer
   field is constructed independently of the value in the inner).

5.1.2.1 IPv4 -- Header Construction for Tunnel Mode

                        <-- How Outer Hdr Relates to Inner Hdr -->
                        Outer Hdr at                 Inner Hdr at
   IPv4                 Encapsulator                 Decapsulator
     Header fiel
ds:     --------------------         ------------
       version          4 (1)                        no change
       header length    constructed                  no change
       TOS              copied from inner hdr (5)    no change
       total length     constructed                  no change
       ID               constructed                  no change
       flags (DF,MF)    constructed, DF (4)          no change
       fragmt offset    constructed                  no change

       TTL              constructed (2)              decrement (2)
       protocol         AH, ESP, routing hdr         no change
       checksum         constructed                  constructed (2)
       src address      constructed (3)              no change
       dest address     constructed (3)              no change
   Options            never copied                 no change

        1. The IP version in the encapsulating header can be different
           from the value in the inner header.

        2. The TTL in the inner header is decremented by the
           encapsulator prior to forwarding and by the decapsulator if
           it forwards the packet.  (The checksum changes when the TTL
           changes.)

           Note: The decrementing of the TTL is one of the usual actions
           that takes place when forwarding a packet.  Packets
           originating from the same node as the encapsulator do not
           have their TTL's decremented, as the sending node is
           originating the packet rather than forwarding it.

        3. src and dest addresses depend on the SA, which is used to
           determine the dest address which in turn determines which src
           address (net interface) is used to forward the packet.

           NOTE: In principle, the encapsulating IP source address can
           be any of the encapsulator's interface addresses or even an
           address different from any of the encapsulator's IP
           addresses, (e.g., if it's acting as a NAT box) so long as the
           address is reachable through the encapsulator from the
           environment into which the packet is sent.  This does not
           cause a problem because IPsec does not currently have any
           INBOUND processing requirement that involves the Source
           Address of the encapsulating IP header.  So while the
           receiving tunnel endpoint looks at the Destination Address in
           the encapsulating IP header, it only looks at the Source
           Address in the inner (encapsulated) IP header.

        4. configuration determines whether to copy from the inner
           header (IPv4 only), clear or set the DF.

        5. If Inner Hdr is IPv4 (Protocol = 4), copy the TOS.  If Inner
           Hdr is IPv6 (Protocol = 41), map the Class to TOS.

5.1.2.2 IPv6 -- Header Construction for Tunnel Mode

   See previous section 5.1.2 for notes 1-5 indicated by (footnote
   number).

                        <-- How Outer Hdr  Relates Inner Hdr --->
                        Outer Hdr at                 Inner Hdr at
   IPv6                 Encapsulator                 Decapsulator
     Header fields:     --------------------         ------------
       version          6 (1)                        no change
       class            copied or configured (6)     no change
       flow id          copied or configured         no change
       len              constructed                  no change
       next header      AH,ESP,routing hdr           no change
       hop limit        constructed (2)              decrement (2)
       src address      constructed (3)              no change
       dest address     constructed (3)              no change
     Extension headers  never copied                 no change

        6. If Inner Hdr is IPv6 (Next Header = 41), copy the Class.  If
           Inner Hdr is IPv4 (Next Header = 4), map the TOS to Class.

5.2 Processing Inbound IP Traffic

   Prior to performing AH or ESP processing, any IP fragments are
   reassembled.  Each inbound IP datagram to which IPsec processing will
   be applied is identified by the appearance of the AH or ESP values in
   the IP Next Protocol field (or of AH or ESP as an extension header in
   the IPv6 context).

   Note: Appendix C contains sample code for a bitmask check for a 32
   packet window that can be used for implementing anti-replay service.

5.2.1 Selecting and Using an SA or SA Bundle

   Mapping the IP datagram to the appropriate SA is simplified because
   of the presence of the SPI in the AH or ESP header.  Note that the
   selector checks are made on the inner headers not the outer (tunnel)
   headers.  The steps followed are:

           1. Use the packet's destination address (outer IP header),
              IPsec protocol, and SPI to look up the SA in the SAD.  If
              the SA lookup fails, drop the packet and log/report the
              error.

           2. Use the SA found in (1) to do the IPsec processing, e.g.,
              authenticate and decrypt.  This step includes matching the
              packet's (Inner Header if tunneled) selectors to the
              selectors in the SA.  Local policy determines the
              specificity of the SA selectors (single value, list,
              range, wildcard).  In general, a packet's source address
              MUST match the SA selector value.  However, an ICMP packet
              received on a tunnel mode SA may have a source address

              other than that bound to the SA and thus such packets
              should be permitted as exceptions to this check.  For an
              ICMP packet, the selectors from the enclosed problem
              packet (the source and destination addresses and ports
              should be swapped) should be checked against the selectors
              for the SA.  Note that some or all of these selectors may
              be inaccessible because of limitations on how many bits of
              the problem packet the ICMP packet is allowed to carry or
              due to encryption.  See Section 6.

              Do (1) and (2) for every IPsec header until a Transport
              Protocol Header or an IP header that is NOT for this
              system is encountered.  Keep track of what SAs have been
              used and their order of application.

           3. Find an incoming policy in the SPD that matches the
              packet.  This could be done, for example, by use of
              backpointers from the SAs to the SPD or by matching the
              packet's selectors (Inner Header if tunneled) against
              those of the policy entries in the SPD.

           4. Check whether the required IPsec processing has been
              applied, i.e., verify that the SA's found in (1) and (2)
              match the kind and order of SAs required by the policy
              found in (3).

              NOTE: The correct "matching" policy will not necessarily
              be the first inbound policy found.  If the check in (4)
              fails, steps (3) and (4) are repeated until all policy
              entries have been checked or until the check succeeds.

   At the end of these steps, pass the resulting packet to the Transport
   Layer or forward the packet.  Note that any IPsec headers processed
   in these steps may have been removed, but that this information,
   i.e., what SAs were used and th
e order of their application, may be
   needed for subsequent IPsec or firewall processing.

   Note that in the case of a security gateway, if forwarding causes a
   packet to exit via an IPsec-enabled interface, then additional IPsec
   processing may be applied.

5.2.2 Handling of AH and ESP tunnels

   The handling of the inner and outer IP headers, extension headers,
   and options for AH and ESP tunnels should be performed as described
   in the tables in Section 5.1.

6. ICMP Processing (relevant to IPsec)

   The focus of this section is on the handling of ICMP error messages.
   Other ICMP traffic, e.g., Echo/Reply, should be treated like other
   traffic and can be protected on an end-to-end basis using SAs in the
   usual fashion.

   An ICMP error message protected by AH or ESP and generated by a
   router SHOULD be processed and forwarded in a tunnel mode SA.  Local
   policy determines whether or not it is subjected to source address
   checks by the router at the destination end of the tunnel.  Note that
   if the router at the originating end of the tunnel is forwarding an
   ICMP error message from another router, the source address check
   would fail.  An ICMP message protected by AH or ESP and generated by
   a router MUST NOT be forwarded on a transport mode SA (unless the SA
   has been established to the router acting as a host, e.g., a Telnet
   connection used to manage a router).  An ICMP message generated by a
   host SHOULD be checked against the source IP address selectors bound
   to the SA in which the message arrives.  Note that even if the source
   of an ICMP error message is authenticated, the returned IP header
   could be invalid. Accordingly, the selector values in the IP header
   SHOULD also be checked to be sure that they are consistent with the
   selectors for the SA over which the ICMP message was received.

   The table in Appendix D characterize ICMP messages as being either
   host generated, router generated, both, unknown/unassigned.  ICMP
   messages falling into the last two categories should be handled as
   determined by the receiver's policy.

   An ICMP message not protected by AH or ESP is unauthenticated and its
   processing and/or forwarding may result in denial of service.  This
   suggests that, in general, it would be desirable to ignore such
   messages.  However, it is expected that many routers (vs. security
   gateways) will not implement IPsec for transit traffic and thus
   strict adherence to this rule would cause many ICMP messages to be
   discarded.  The result is that some critical IP functions would be
   lost, e.g., redirection and PMTU processing.  Thus it MUST be
   possible to configure an IPsec implementation to accept or reject
   (router) ICMP traffic as per local security policy.

   The remainder of this section addresses how PMTU processing MUST be
   performed at hosts and security gateways.  It addresses processing of
   both authenticated and unauthenticated ICMP PMTU messages.  However,
   as noted above, unauthenticated ICMP messages MAY be discarded based
   on local policy.

6.1 PMTU/DF Processing

6.1.1 DF Bit

   In cases where a system (host or gateway) adds an encapsulating
   header (ESP tunnel or AH tunnel), it MUST support the option of
   copying the DF bit from the original packet to the encapsulating
   header (and processing ICMP PMTU messages).  This means that it MUST
   be possible to configure the system's treatment of the DF bit (set,
   clear, copy from encapsulated header) for each interface.  (See
   Appendix B for rationale.)

6.1.2 Path MTU Discovery (PMTU)

   This section discusses IPsec handling for Path MTU Discovery
   messages.  ICMP PMTU is used here to refer to an ICMP message for:

           IPv4 (RFC 792):
                   - Type = 3 (Destination Unreachable)
                   - Code = 4 (Fragmentation needed and DF set)
                   - Next-Hop MTU in the low-order 16 bits of the second
                     word of the ICMP header (labelled "unused" in RFC
                     792), with high-order 16 bits set to zero

           IPv6 (RFC 1885):
                   - Type = 2 (Packet Too Big)
                   - Code = 0 (Fragmentation needed)
                   - Next-Hop MTU in the 32 bit MTU field of the ICMP6
                     message

6.1.2.1 Propagation of PMTU

   The amount of information returned with the ICMP PMTU message (IPv4
   or IPv6) is limited and this affects what selectors are available for
   use in further propagating the PMTU information.  (See Appendix B for
   more detailed discussion of this topic.)

   o PMTU message with 64 bits of IPsec header -- If the ICMP PMTU
     message contains only 64 bits of the IPsec header (minimum for
     IPv4), then a security gateway MUST support the following options
     on a per SPI/SA basis:

        a. if the originating host can be determined (or the possible
           sources narrowed down to a manageable number), send the PM
           information to all the possible originating hosts.
        b. if the originating host cannot be determined, store the PMTU
           with the SA and wait until the next packet(s) arrive from the
           originating host for the relevant security association.  If

           the packet(s) are bigger than the PMTU, drop the packet(s),
           and compose ICMP PMTU message(s) with the new packet(s) and
           the updated PMTU, and send the ICMP message(s) about the
           problem to the originating host. Retain the PMTU information
           for any message that might arrive subsequently (see Section
           6.1.2.4, "PMTU Aging").

   o PMTU message with >64 bits of IPsec header -- If the ICMP message
     contains more information from the original packet then there may
     be enough non-opaque information to immediately determine to which
     host to propagate the ICMP/PMTU message and to provide that system
     with the 5 fields (source address, destination address, source
     port, destination port, transport protocol) needed to determine
     where to store/update the PMTU.  Under such circumstances, a
     security gateway MUST generate an ICMP PMTU message immediately
     upon receipt of an ICMP PMTU from further down the path.

   o Distributing the PMTU to the Transport Layer -- The host mechanism
     for getting the updated PMTU to the transport layer is unchanged,
     as specified in RFC 1191 (Path MTU Discovery).

6.1.2.2 Calculation of PMTU

   The calculation of PMTU from an ICMP PMTU MUST take into account the
   addition of any IPsec header -- AH transport, ESP transport, AH/ESP
   transport, ESP tunnel, AH tunnel.  (See Appendix B for discussion of
   implementation issues.)

   Note: In some situations the addition of IPsec headers could result
   in an effective PMTU (as seen by the host or application) that is
   unacceptably small.  To avoid this problem, the implementation may
   establish a threshold below which it will not report a reduced PMTU.
   In such cases, the implementation would apply IPsec and then fragment
   the resulting packet according to the PMTU.  This would result in a
   more efficient use of the available bandwidth.

6.1.2.3 Granularity of PMTU Processing

   In hosts, the granularity with which ICMP PMTU processing can be done
   differs depending on the implementation situation.  Looking at a
   host, ther
e are 3 situations that are of interest with respect to
   PMTU issues (See Appendix B for additional details on this topic.):

        a. Integration of IPsec into the native IP implementation
        b. Bump-in-the-stack implementations, where IPsec is implemented
           "underneath" an existing implementation of a TCP/IP protocol
           stack, between the native IP and the local network drivers

        c. No IPsec implementation -- This case is included because it
           is relevant in cases where a security gateway is sending PMTU
           information back to a host.

   Only in case (a) can the PMTU data be maintained at the same
   granularity as communication associations.  In (b) and (c), the IP
   layer will only be able to maintain PMTU data at the granularity of
   source and destination IP addresses (and optionally TOS), as
   described in RFC 1191.  This is an important difference, because more
   than one communication association may map to the same source and
   destination IP addresses, and each communication association may have
   a different amount of IPsec header overhead (e.g., due to use of
   different transforms or different algorithms).

   Implementation of the calculation of PMTU and support for PMTUs at
   the granularity of individual communication associations is a local
   matter.  However, a socket-based implementation of IPsec in a host
   SHOULD maintain the information on a per socket basis.  Bump in the
   stack systems MUST pass an ICMP PMTU to the host IP implementation,
   after adjusting it for any IPsec header overhead added by these
   systems.  The calculation of the overhead SHOULD be determined by
   analysis of the SPI and any other selector information present in a
   returned ICMP PMTU message.

6.1.2.4 PMTU Aging

   In all systems (host or gateway) implementing IPsec and maintaining
   PMTU information, the PMTU associated with a security association
   (transport or tunnel) MUST be "aged" and some mechanism put in place
   for updating the PMTU in a timely manner, especially for discovering
   if the PMTU is smaller than it needs to be.  A given PMTU has to
   remain in place long enough for a packet to get from the source end
   of the security association to the system at the other end of the
   security association and propagate back an ICMP error message if the
   current PMTU is too big.  Note that if there are nested tunnels,
   multiple packets and round trip times might be required to get an
   ICMP message back to an encapsulator or originating host.

   Systems SHOULD use the approach described in the Path MTU Discovery
   document (RFC 1191, Section 6.3), which suggests periodically
   resetting the PMTU to the first-hop data-link MTU and then letting
   the normal PMTU Discovery processes update the PMTU as necessary.
   The period SHOULD be configurable.

7. Auditing

   Not all systems that implement IPsec will implement auditing.  For
   the most part, the granularity of auditing is a local matter.
   However, several auditable events are identified in the AH and ESP
   specifications and for each of these events a minimum set of
   information that SHOULD be included in an audit log is defined.
   Additional information also MAY be included in the audit log for each
   of these events, and additional events, not explicitly called out in
   this specification, also MAY result in audit log entries.  There is
   no requirement for the receiver to transmit any message to the
   purported transmitter in response to the detection of an auditable
   event, because of the potential to induce denial of service via such
   action.

8. Use in Systems Supporting Information Flow Security

   Information of various sensitivity levels may be carried over a
   single network.  Information labels (e.g., Unclassified, Company
   Proprietary, Secret) [DoD85, DoD87] are often employed to distinguish
   such information.  The use of labels facilitates segregation of
   information, in support of information flow security models, e.g.,
   the Bell-LaPadula model [BL73].  Such models, and corresponding
   supporting technology, are designed to prevent the unauthorized flow
   of sensitive information, even in the face of Trojan Horse attacks.
   Conventional, discretionary access control (DAC) mechanisms, e.g.,
   based on access control lists, generally are not sufficient to
   support such policies, and thus facilities such as the SPD do not
   suffice in such environments.

   In the military context, technology that supports such models is
   often referred to as multi-level security (MLS).  Computers and
   networks often are designated "multi-level secure" if they support
   the separation of labelled data in conjunction with information flow
   security policies.  Although such technology is more broadly
   applicable than just military applications, this document uses the
   acronym "MLS" to designate the technology, consistent with much
   extant literature.

   IPsec mechanisms can easily support MLS networking.  MLS networking
   requires the use of strong Mandatory Access Controls (MAC), which
   unprivileged users or unprivileged processes are incapable of
   controlling or violating.  This section pertains only to the use of
   these IP security mechanisms in MLS (information flow security
   policy) environments.  Nothing in this section applies to systems not
   claiming to provide MLS.

   As used in this section, "sensitivity information" might include
   implementation-defined hierarchic levels, categories, and/or
   releasability information.

   AH can be used to provide strong authentication in support of
   mandatory access control decisions in MLS environments.  If explicit
   IP sensitivity information (e.g., IPSO [Ken91]) is used and
   confidentiality is not considered necessary within the particular
   operational environment, AH can be used to authenticate the binding
   between sensitivity labels in the IP header and the IP payload
   (including user data).  This is a significant improvement over
   labeled IPv4 networks where the sensitivity information is trusted
   even though there is no authentication or cryptographic binding of
   the information to the IP header and user data.  IPv4 networks might
   or might not use explicit labelling.  IPv6 will normally use implicit
   sensitivity information that is part of the IPsec Security
   Association but not transmitted with each packet instead of using
   explicit sensitivity information.  All explicit IP sensitivity
   information MUST be authenticated using either ESP, AH, or both.

   Encryption is useful and can be desirable even when all of the hosts
   are within a protected environment, for example, behind a firewall or
   disjoint from any external connectivity.  ESP can be used, in
   conjunction with appropriate key management and encryption
   algorithms, in support of both DAC and MAC.  (The choice of
   encryption and authentication algorithms, and the assurance level of
   an IPsec implementation will determine the environments in which an
   implementation may be deemed sufficient to satisfy MLS requirements.)
   Key management can make use of sensitivity information to provide
   MAC.  IPsec implementations on systems claiming to provide MLS SHOULD
   be capable of using IPsec to provide MAC for IP-based communications.

8.1 Relationship Between Security Associations and Data Sensitivity

   Both the Encapsulating Security Pay
load and the Authentication Header
   can be combined with appropriate Security Association policies to
   provide multi-level secure networking.  In this case each SA (or SA
   bundle) is normally used for only a single instance of sensitivity
   information.  For example, "PROPRIETARY - Internet Engineering" must
   be associated with a different SA (or SA bundle) from "PROPRIETARY -
   Finance".

8.2 Sensitivity Consistency Checking

   An MLS implementation (both host and router) MAY associate
   sensitivity information, or a range of sensitivity information with
   an interface, or a configured IP address with its associated prefix
   (the latter is sometimes referred to as a logical interface, or an

   interface alias).  If such properties exist, an implementation SHOULD
   compare the sensitivity information associated with the packet
   against the sensitivity information associated with the interface or
   address/prefix from which the packet arrived, or through which the
   packet will depart.  This check will either verify that the
   sensitivities match, or that the packet's sensitivity falls within
   the range of the interface or address/prefix.

   The checking SHOULD be done on both inbound and outbound processing.

8.3 Additional MLS Attributes for Security Association Databases

   Section 4.4 discussed two Security Association databases (the
   Security Policy Database (SPD) and the Security Association Database
   (SAD)) and the associated policy selectors and SA attributes.  MLS
   networking introduces an additional selector/attribute:

           - Sensitivity information.

   The Sensitivity information aids in selecting the appropriate
   algorithms and key strength, so that the traffic gets a level of
   protection appropriate to its importance or sensitivity as described
   in section 8.1.  The exact syntax of the sensitivity information is
   implementation defined.

8.4 Additional Inbound Processing Steps for MLS Networking

   After an inbound packet has passed through IPsec processing, an MLS
   implementation SHOULD first check the packet's sensitivity (as
   defined by the SA (or SA bundle) used for the packet) with the
   interface or address/prefix as described in section 8.2 before
   delivering the datagram to an upper-layer protocol or forwarding it.

   The MLS system MUST retain the binding between the data received in
   an IPsec protected packet and the sensitivity information in the SA
   or SAs used for processing, so appropriate policy decisions can be
   made when delivering the datagram to an application or forwarding
   engine.  The means for maintaining this binding are implementation
   specific.

8.5 Additional Outbound Processing Steps for MLS Networking

   An MLS implementation of IPsec MUST perform two additional checks
   besides the normal steps detailed in section 5.1.1.  When consulting
   the SPD or the SAD to find an outbound security association, the MLS
   implementation MUST use the sensitivity of the data to select an

   appropriate outbound SA or SA bundle.  The second check comes before
   forwarding the packet out to its destination, and is the sensitivity
   consistency checking described in section 8.2.

8.6 Additional MLS Processing for Security Gateways

   An MLS security gateway MUST follow the previously mentioned inbound
   and outbound processing rules as well as perform some additional
   processing specific to the intermediate protection of packets in an
   MLS environment.

   A security gateway MAY act as an outbound proxy, creating SAs for MLS
   systems that originate packets forwarded by the gateway.  These MLS
   systems may explicitly label the packets to be forwarded, or the
   whole originating network may have sensitivity characteristics
   associated with it.  The security gateway MUST create and use
   appropriate SAs for AH, ESP, or both, to protect such traffic it
   forwards.

   Similarly such a gateway SHOULD accept and process inbound AH and/or
   ESP packets and forward appropriately, using explicit packet
   labeling, or relying on the sensitivity characteristics of the
   destination network.

9. Performance Issues

   The use of IPsec imposes computational performance costs on the hosts
   or security gateways that implement these protocols.  These costs are
   associated with the memory needed for IPsec code and data structures,
   and the computation of integrity check values, encryption and
   decryption, and added per-packet handling.  The per-packet
   computational costs will be manifested by increased latency and,
   possibly, reduced throughout.  Use of SA/key management protocols,
   especially ones that employ public key cryptography, also adds
   computational performance costs to use of IPsec.  These per-
   association computational costs will be manifested in terms of
   increased latency in association establishment.  For many hosts, it
   is anticipated that software-based cryptography will not appreciably
   reduce throughput, but hardware may be required for security gateways
   (since they represent aggregation points), and for some hosts.

   The use of IPsec also imposes bandwidth utilization costs on
   transmission, switching, and routing components of the Internet
   infrastructure, components not implementing IPsec.  This is due to
   the increase in the packet size resulting from the addition of AH
   and/or ESP headers, AH and ESP tunneling (which adds a second IP
   header), and the increased packet traffic associated with key
   management protocols.  It is anticipated that, in most instances,

   this increased bandwidth demand will not noticeably affect the
   Internet infrastructure.  However, in some instances, the effects may
   be significant, e.g., transmission of ESP encrypted traffic over a
   dialup link that otherwise would have compressed the traffic.

   Note: The initial SA establishment overhead will be felt in the first
   packet.  This delay could impact the transport layer and application.
   For example, it could cause TCP to retransmit the SYN before the
   ISAKMP exchange is done.  The effect of the delay would be different
   on UDP than TCP because TCP shouldn't transmit anything other than
   the SYN until the connection is set up whereas UDP will go ahead and
   transmit data beyond the first packet.

   Note: As discussed earlier, compression can still be employed at
   layers above IP.  There is an IETF working group (IP Payload
   Compression Protocol (ippcp)) working on "protocol specifications
   that make it possible to perform lossless compression on individual
   payloads before the payload is processed by a protocol that encrypts
   it. These specifications will allow for compression operations to be
   performed prior to the encryption of a payload by IPsec protocols."

10. Conformance Requirements

   All IPv4 systems that claim to implement IPsec MUST comply with all
   requirements of the Security Architecture document.  All IPv6 systems
   MUST comply with all requirements of the Security Architecture
   document.

11. Security Considerations

   The focus of this document is security; hence security considerations
   permeate this specification.

12. Differences from RFC 1825

   This architecture document differs substantially from RFC 1825 in
   detail and in organization, but the fundamental notions are
   unchanged.  This document provid
es considerable additional detail in
   terms of compliance specifications.  It introduces the SPD and SAD,
   and the notion of SA selectors.  It is aligned with the new versions
   of AH and ESP, which also differ from their predecessors.  Specific
   requirements for supported combinations of AH and ESP are newly
   added, as are details of PMTU management.

Acknowledgements

   Many of the concepts embodied in this specification were derived from
   or influenced by the US Government's SP3 security protocol, ISO/IEC's
   NLSP, the proposed swIPe security protocol [SDNS, ISO, IB93, IBK93],
   and the work done for SNMP Security and SNMPv2 Security.

   For over 3 years (although it sometimes seems *much* longer), this
   document has evolved through multiple versions and iterations.
   During this time, many people have contributed significant ideas and
   energy to the process and the documents themselves.  The authors
   would like to thank Karen Seo for providing extensive help in the
   review, editing, background research, and coordination for this
   version of the specification.  The authors would also like to thank
   the members of the IPsec and IPng working groups, with special
   mention of the efforts of (in alphabetic order): Steve Bellovin,
   Steve Deering, James Hughes, Phil Karn, Frank Kastenholz, Perry
   Metzger, David Mihelcic, Hilarie Orman, Norman Shulman, William
   Simpson, Harry Varnis, and Nina Yuan.

Appendix A -- Glossary

   This section provides definitions for several key terms that are
   employed in this document.  Other documents provide additional
   definitions and background information relevant to this technology,
   e.g., [VK83, HA94].  Included in this glossary are generic security
   service and security mechanism terms, plus IPsec-specific terms.

     Access Control
        Access control is a security service that prevents unauthorized
        use of a resource, including the prevention of use of a resource
        in an unauthorized manner.  In the IPsec context, the resource
        to which access is being controlled is often:
                o for a host, computing cycles or data
                o for a security gateway, a network behind the gateway
        or
                  bandwidth on that network.

     Anti-replay
        [See "Integrity" below]

     Authentication
        This term is used informally to refer to the combination of two
        nominally distinct security services, data origin authentication
        and connectionless integrity.  See the definitions below for
        each of these services.

     Availability
        Availability, when viewed as a security service, addresses the
        security concerns engendered by attacks against networks that
        deny or degrade service.  For example, in the IPsec context, the
        use of anti-replay mechanisms in AH and ESP support
        availability.

     Confidentiality
        Confidentiality is the security service that protects data from
        unauthorized disclosure.  The primary confidentiality concern in
        most instances is unauthorized disclosure of application level
        data, but disclosure of the external characteristics of
        communication also can be a concern in some circumstances.
        Traffic flow confidentiality is the service that addresses this
        latter concern by concealing source and destination addresses,
        message length, or frequency of communication.  In the IPsec
        context, using ESP in tunnel mode, especially at a security
        gateway, can provide some level of traffic flow confidentiality.
        (See also traffic analysis, below.)

     Encryption
        Encryption is a security mechanism used to transform data from
        an intelligible form (plaintext) into an unintelligible form
        (ciphertext), to provide confidentiality.  The inverse
        transformation process is designated "decryption".  Oftimes the
        term "encryption" is used to generically refer to both
        processes.

     Data Origin Authentication
        Data origin authentication is a security service that verifies
        the identity of the claimed source of data.  This service is
        usually bundled with connectionless integrity service.

     Integrity
        Integrity is a security service that ensures that modifications
        to data are detectable.  Integrity comes in various flavors to
        match application requirements.  IPsec supports two forms of
        integrity: connectionless and a form of partial sequence
        integrity.  Connectionless integrity is a service that detects
        modification of an individual IP datagram, without regard to the
        ordering of the datagram in a stream of traffic.  The form of
        partial sequence integrity offered in IPsec is referred to as
        anti-replay integrity, and it detects arrival of duplicate IP
        datagrams (within a constrained window).  This is in contrast to
        connection-oriented integrity, which imposes more stringent
        sequencing requirements on traffic, e.g., to be able to detect
        lost or re-ordered messages.  Although authentication and
        integrity services often are cited separately, in practice they
        are intimately connected and almost always offered in tandem.

     Security Association (SA)
        A simplex (uni-directional) logical connection, created for
        security purposes.  All traffic traversing an SA is provided the
        same security processing.  In IPsec, an SA is an internet layer
        abstraction implemented through the use of AH or ESP.

     Security Gateway
        A security gateway is an intermediate system that acts as the
        communications interface between two networks.  The set of hosts
        (and networks) on the external side of the security gateway is
        viewed as untrusted (or less trusted), while the networks and
        hosts and on the internal side are viewed as trusted (or more
        trusted).  The internal subnets and hosts served by a security
        gateway are presumed to be trusted by virtue of sharing a
        common, local, security administration.  (See "Trusted
        Subnetwork" below.) In the IPsec context, a security gateway is
        a point at which AH and/or ESP is implemented in order to serve

        a set of internal hosts, providing security services for these
        hosts when they communicate with external hosts also employing
        IPsec (either directly or via another security gateway).

     SPI
        Acronym for "Security Parameters Index".  The combination of a
        destination address, a security protocol, and an SPI uniquely
        identifies a security association (SA, see above).  The SPI is
        carried in AH and ESP protocols to enable the receiving system
        to select the SA under which a received packet will be
        processed.  An SPI has only local significance, as defined by
        the creator of the SA (usually the receiver of the packet
        carrying the SPI); thus an SPI is generally viewed as an opaque
        bit string.  However, the creator of an SA may choose to
        interpret the bits in an SPI to facilitate local processing.

     Traffic Analysis
        The analysis of network traffic flow for the purpose of deducing
        information that is useful to an adversary.  Examples of such
        informat
ion are frequency of transmission, the identities of the
        conversing parties, sizes of packets, flow identifiers, etc.
        [Sch94]

     Trusted Subnetwork
        A subnetwork containing hosts and routers that trust each other
        not to engage in active or passive attacks.  There also is an
        assumption that the underlying communications channel (e.g., a
        LAN or CAN) isn't being attacked by other means.

Appendix B -- Analysis/Discussion of PMTU/DF/Fragmentation Issues

B.1 DF bit

   In cases where a system (host or gateway) adds an encapsulating
   header (e.g., ESP tunnel), should/must the DF bit in the original
   packet be copied to the encapsulating header?

   Fragmenting seems correct for some situations, e.g., it might be
   appropriate to fragment packets over a network with a very small MTU,
   e.g., a packet radio network, or a cellular phone hop to mobile node,
   rather than propagate back a very small PMTU for use over the rest of
   the path.  In other situations, it might be appropriate to set the DF
   bit in order to get feedback from later routers about PMTU
   constraints which require fragmentation.  The existence of both of
   these situations argues for enabling a system to decide whether or
   not to fragment over a particular network "link", i.e., for requiring
   an implementation to be able to copy the DF bit (and to process ICMP
   PMTU messages), but making it an option to be selected on a per
   interface basis.  In other words, an administrator should be able to
   configure the router's treatment of the DF bit (set, clear, copy from
   encapsulated header) for each interface.

   Note: If a bump-in-the-stack implementation of IPsec attempts to
   apply different IPsec algorithms based on source/destination ports,
   it will be difficult to apply Path MTU adjustments.

B.2 Fragmentation

   If required, IP fragmentation occurs after IPsec processing within an
   IPsec implementation.  Thus, transport mode AH or ESP is applied only
   to whole IP datagrams (not to IP fragments).  An IP packet to which
   AH or ESP has been applied may itself be fragmented by routers en
   route, and such fragments MUST be reassembled prior to IPsec
   processing at a receiver.  In tunnel mode, AH or ESP is applied to an
   IP packet, the payload of which may be a fragmented IP packet.  For
   example, a security gateway, "bump-in-the-stack" (BITS), or "bump-
   in-the-wire" (BITW) IPsec implementation may apply tunnel mode AH to
   such fragments.  Note that BITS or BITW implementations are examples
   of where a host IPsec implementation might receive fragments to which
   tunnel mode is to be applied.  However, if transport mode is to be
   applied, then these implementations MUST reassemble the fragments
   prior to applying IPsec.

   NOTE: IPsec always has to figure out what the encapsulating IP header
   fields are.  This is independent of where you insert IPsec and is
   intrinsic to the definition of IPsec.  Therefore any IPsec
   implementation that is not integrated into an IP implementation must
   include code to construct the necessary IP headers (e.g., IP2):

        o AH-tunnel --> IP2-AH-IP1-Transport-Data
        o ESP-tunnel -->  IP2-ESP_hdr-IP1-Transport-Data-ESP_trailer

   *********************************************************************

   Overall, the fragmentation/reassembly approach described above works
   for all cases examined.

                              AH Xport   AH Tunnel  ESP Xport  ESP Tunnel
 Implementation approach      IPv4 IPv6  IPv4 IPv6  IPv4 IPv6  IPv4 IPv6
 -----------------------      ---- ----  ---- ----  ---- ----  ---- ----
 Hosts (integr w/ IP stack)     Y    Y     Y    Y     Y    Y     Y    Y
 Hosts (betw/ IP and drivers)   Y    Y     Y    Y     Y    Y     Y    Y
 S. Gwy (integr w/ IP stack)               Y    Y                Y    Y
 Outboard crypto processor *

        * If the crypto processor system has its own IP address, then it
          is covered by the security gateway case.  This box receives
          the packet from the host and performs IPsec processing.  It
          has to be able to handle the same AH, ESP, and related
          IPv4/IPv6 tunnel processing that a security gateway would have
          to handle.  If it doesn't have it's own address, then it is
          similar to the bump-in-the stack implementation between IP and
          the network drivers.

   The following analysis assumes that:

        1. There is only one IPsec module in a given system's stack.
           There isn't an IPsec module A (adding ESP/encryption and
           thus) hiding the transport protocol, SRC port, and DEST port
           from IPsec module B.
        2. There are several places where IPsec could be implemented (as
           shown in the table above).
                a. Hosts with integration of IPsec into the native IP
                   implementation.  Implementer has access to the source
                   for the stack.
                b. Hosts with bump-in-the-stack implementations, where
                   IPsec is implemented between IP and the local network
                   drivers.  Source access for stack is not available;
                   but there are well-defined interfaces that allows the
                   IPsec code to be incorporated into the system.

                c. Security gateways and outboard crypto processors with
                   integration of IPsec into the stack.
        3. Not all of the above approaches are feasible in all hosts.
           But it was assumed that for each approach, there are some
           hosts for whom the approach is feasible.

   For each of the above 3 categories, there are IPv4 and IPv6, AH
   transport and tunnel modes, and ESP transport and tunnel modes -- for
   a total of 24 cases (3 x 2 x 4).

   Some header fields and interface fields are listed here for ease of
   reference -- they're not in the header order, but instead listed to
   allow comparison between the columns.  (* = not covered by AH
   authentication.  ESP authentication doesn't cover any headers that
   precede it.)

                                             IP/Transport Interface
             IPv4            IPv6            (RFC 1122 -- Sec 3.4)
             ----            ----            ----------------------
             Version = 4     Version = 6
             Header Len
             *TOS            Class,Flow Lbl  TOS
             Packet Len      Payload Len     Len
             ID                              ID (optional)
             *Flags                          DF
             *Offset
             *TTL            *Hop Limit      TTL
             Protocol        Next Header
             *Checksum
             Src Address     Src Address     Src Address
             Dst Address     Dst Address     Dst Address
             Options?        Options?        Opt

             ? = AH covers Option-Type and Option-Length, but
                 might not cover Option-Data.

   The results for each of the 20 cases is shown below ("works" = will
   work if system fragments after outbound IPsec processing, reassembles
   before inbound IPsec processing).  Notes indicate implementation
   issues.

    a. Hosts (integrated into IP stack)
          o AH-transport  --> (IP1-AH-Transport-Data)
                    - IPv4 -- works
                    - IPv6 -- works

          o AH-tunnel --> (IP2-AH-IP1-Transport-Data)
                    - IPv4 -- works
                    - IPv6 -- works

          o ESP-transport --> (IP1-ESP_hdr-Transport-Data-ESP_trailer)
                    - IPv4 -- works
                    - IPv6 -- works
          o ESP-tunnel -->  (IP2-ESP_hdr-IP1-Transport-Data-ESP_trailer)
                    - IPv4 -- works
                    - IPv6 -- works

    b. Hosts (Bump-in-the-stack) -- put IPsec between IP layer and
       network drivers.  In this case, the IPsec module would have to do
       something like one of the following for fragmentation and
       reassembly.
            - do the fragmentation/reassembly work itself and
              send/receive the packet directly to/from the network
              layer.  In AH or ESP transport mode, this is fine.  In AH
              or ESP tunnel mode where the tunnel end is at the ultimate
              destination, this is fine.  But in AH or ESP tunnel modes
              where the tunnel end is different from the ultimate
              destination and where the source host is multi-homed, this
              approach could result in sub-optimal routing because the
              IPsec module may be unable to obtain the information
              needed (LAN interface and next-hop gateway) to direct the
              packet to the appropriate network interface.  This is not
              a problem if the interface and next-hop gateway are the
              same for the ultimate destination and for the tunnel end.
              But if they are different, then IPsec would need to know
              the LAN interface and the next-hop gateway for the tunnel
              end.  (Note: The tunnel end (security gateway) is highly
              likely to be on the regular path to the ultimate
              destination.  But there could also be more than one path
              to the destination, e.g., the host could be at an
              organization with 2 firewalls.  And the path being used
              could involve the less commonly chosen firewall.)  OR
            - pass the IPsec'd packet back to the IP layer where an
              extra IP header would end up being pre-pended and the
              IPsec module would have to check and let IPsec'd fragments
              go by.
                                    OR
            - pass the packet contents to the IP layer in a form such
              that the IP layer recreates an appropriate IP header

       At the network layer, the IPsec module will have access to the
       following selectors from the packet -- SRC address, DST address,
       Next Protocol, and if there's a transport layer header --> SRC
       port and DST port.  One cannot assume IPsec has access to the
       Name.  It is assumed that the available selector information is
       sufficient to figure out the relevant Security Policy entry and
       Security Association(s).

          o AH-transport  --> (IP1-AH-Transport-Data)
                    - IPv4 -- works
                    - IPv6 -- works
          o AH-tunnel --> (IP2-AH-IP1-Transport-Data)
                    - IPv4 -- works
                    - IPv6 -- works
          o ESP-transport --> (IP1-ESP_hdr-Transport-Data-ESP_trailer)
                    - IPv4 -- works
                    - IPv6 -- works
          o ESP-tunnel -->  (IP2-ESP_hdr-IP1-Transport-Data-ESP_trailer)
                    - IPv4 -- works
                    - IPv6 -- works

    c. Security gateways -- integrate IPsec into the IP stack

       NOTE: The IPsec module will have access to the following
       selectors from the packet -- SRC address, DST address, Next
       Protocol, and if there's a transport layer header --> SRC port
       and DST port.  It won't have access to the User ID (only Hosts
       have access to User ID information.)  Unlike some Bump-in-the-
       stack implementations, security gateways may be able to look up
       the Source Address in the DNS to provide a System Name, e.g., in
       situations involving use of dynamically assigned IP addresses in
       conjunction with dynamically updated DNS entries.  It also won't
       have access to the transport layer information if there is an ESP
       header, or if it's not the first fragment of a fragmented
       message.  It is assumed that the available selector information
       is sufficient to figure out the relevant Security Policy entry
       and Security Association(s).

          o AH-tunnel --> (IP2-AH-IP1-Transport-Data)
                    - IPv4 -- works
                    - IPv6 -- works
          o ESP-tunnel -->  (IP2-ESP_hdr-IP1-Transport-Data-ESP_trailer)
                    - IPv4 -- works
                    - IPv6 -- works

   **********************************************************************

B.3 Path MTU Discovery

   As mentioned earlier, "ICMP PMTU" refers to an ICMP message used for
   Path MTU Discovery.

   The legend for the diagrams below in B.3.1 and B.3.3 (but not B.3.2)
   is:

        ==== = security association (AH or ESP, transport or tunnel)

        ---- = connectivity (or if so labelled, administrative boundary)
        .... = ICMP message (hereafter referred to as ICMP PMTU) for

                IPv4:
                - Type = 3 (Destination Unreachable)
                - Code = 4 (Fragmentation needed and DF set)
                - Next-Hop MTU in the low-order 16 bits of the second
                  word of the ICMP header (labelled unused in RFC 792),
                  with high-order 16 bits set to zero

                IPv6 (RFC 1885):
                - Type = 2 (Packet Too Big)
                - Code = 0 (Fragmentation needed and DF set)
                - Next-Hop MTU in the 32 bit MTU field of the ICMP6

        Hx   = host x
        Rx   = router x
        SGx  = security gateway x
        X*   = X supports IPsec

B.3.1 Identifying the Originating Host(s)

The amount of information returned with the ICMP message is limited
and this affects what selectors are available to identify security
associations, originating hosts, etc. for use in further propagating
the PMTU information.

In brief...  An ICMP message must contain the following information
from the "offending" packet:
        - IPv4 (RFC 792) --  IP header plus a minimum of 64 bits

Accordingly, in the IPv4 context, an ICMP PMTU may identify only the
first (outermost) security association.  This is because the ICMP
PMTU may contain only 64 bits of the "offending" packet beyond the IP
header, which would capture only the first SPI from AH or ESP.  In
the IPv6 context, an ICMP PMTU will probably provide all the SPIs and
the selectors in the IP header, but maybe not the SRC/DST ports (in
the transport header) or the encapsulated (TCP, UDP, etc.) protocol.
Moreover, if ESP is used, the transport ports and protocol selectors
may be encrypted.

Looking at the diagram below of a security gateway tunnel (as
mentioned elsewhere, security gateways do not use transport mode)...

     H1   ===================           H3
       \  |                 |          /
   H0 -- SG1* ---- R1 ---- SG2* ---- R2 -- H5
       /  ^        |                   \
     H2   |........|                    H4

   Suppose that the security policy for SG1 is to use a single SA to SG2
   for all the traffic between hosts H0, H1, and H2 and
 hosts H3, H4,
   and H5.  And suppose H0 sends a data packet to H5 which causes R1 to
   send an ICMP PMTU message to SG1.  If the PMTU message has only the
   SPI, SG1 will be able to look up the SA and find the list of possible
   hosts (H0, H1, H2, wildcard); but SG1 will have no way to figure out
   that H0 sent the traffic that triggered the ICMP PMTU message.

      original        after IPsec     ICMP
      packet          processing      packet
      --------        -----------     ------
                                      IP-3 header (S = R1, D = SG1)
                                      ICMP header (includes PMTU)
                      IP-2 header     IP-2 header (S = SG1, D = SG2)
                      ESP header      minimum of 64 bits of ESP hdr (*)
      IP-1 header     IP-1 header
      TCP header      TCP header
      TCP data        TCP data
                      ESP trailer

      (*) The 64 bits will include enough of the ESP (or AH) header to
          include the SPI.
              - ESP -- SPI (32 bits), Seq number (32 bits)
              - AH -- Next header (8 bits), Payload Len (8 bits),
                Reserved (16 bits), SPI (32 bits)

   This limitation on the amount of information returned with an ICMP
   message creates a problem in identifying the originating hosts for
   the packet (so as to know where to further propagate the ICMP PMTU
   information).  If the ICMP message contains only 64 bits of the IPsec
   header (minimum for IPv4), then the IPsec selectors (e.g., Source and
   Destination addresses, Next Protocol, Source and Destination ports,
   etc.) will have been lost.  But the ICMP error message will still
   provide SG1 with the SPI, the PMTU information and the source and
   destination gateways for the relevant security association.

   The destination security gateway and SPI uniquely define a security
   association which in turn defines a set of possible originating
   hosts.  At this point, SG1 could:

   a. send the PMTU information to all the possible originating hosts.
      This would not work well if the host list is a wild card or if
      many/most of the hosts weren't sending to SG1; but it might work
      if the SPI/destination/etc mapped to just one or a small number of
      hosts.
   b. store the PMTU with the SPI/etc and wait until the next packet(s)
      arrive from the originating host(s) for the relevant security
      association.  If it/they are bigger than the PMTU, drop the
      packet(s), and compose ICMP PMTU message(s) with the new packet(s)
      and the updated PMTU, and send the originating host(s) the ICMP
      message(s) about the problem.  This involves a delay in notifying
      the originating host(s), but avoids the problems of (a).

   Since only the latter approach is feasible in all instances, a
   security gateway MUST provide such support, as an option.  However,
   if the ICMP message contains more information from the original
   packet, then there may be enough information to immediately determine
   to which host to propagate the ICMP/PMTU message and to provide that
   system with the 5 fields (source address, destination address, source
   port, destination port, and transport protocol) needed to determine
   where to store/update the PMTU.  Under such circumstances, a security
   gateway MUST generate an ICMP PMTU message immediately upon receipt
   of an ICMP PMTU from further down the path.  NOTE: The Next Protocol
   field may not be contained in the ICMP message and the use of ESP
   encryption may hide the selector fields that have been encrypted.

B.3.2 Calculation of PMTU

   The calculation of PMTU from an ICMP PMTU has to take into account
   the addition of any IPsec header by H1 -- AH and/or ESP transport, or
   ESP or AH tunnel.  Within a single host, multiple applications may
   share an SPI and nesting of security associations may occur.  (See
   Section 4.5 Basic Combinations of Security Associations for
   description of the combinations that MUST be supported).  The diagram
   below illustrates an example of security associations between a pair
   of hosts (as viewed from the perspective of one of the hosts.)  (ESPx
   or AHx = transport mode)

           Socket 1 -------------------------|
                                             |
           Socket 2 (ESPx/SPI-A) ---------- AHx (SPI-B) -- Internet

   In order to figure out the PMTU for each socket that maps to SPI-B,
   it will be necessary to have backpointers from SPI-B to each of the 2
   paths that lead to it -- Socket 1 and Socket 2/SPI-A.

B.3.3 Granularity of Maintaining PMTU Data

   In hosts, the granularity with which PMTU ICMP processing can be done
   differs depending on the implementation situation.  Looking at a
   host, there are three situations that are of interest with respect to
   PMTU issues:

   a. Integration of IPsec into the native IP implementation
   b. Bump-in-the-stack implementations, where IPsec is implemented
      "underneath" an existing implementation of a TCP/IP protocol
      stack, between the native IP and the local network drivers
   c. No IPsec implementation -- This case is included because it is
      relevant in cases where a security gateway is sending PMTU
      information back to a host.

   Only in case (a) can the PMTU data be maintained at the same
   granularity as communication associations.  In the other cases, the
   IP layer will maintain PMTU data at the granularity of Source and
   Destination IP addresses (and optionally TOS/Class), as described in
   RFC 1191.  This is an important difference, because more than one
   communication association may map to the same source and destination
   IP addresses, and each communication association may have a different
   amount of IPsec header overhead (e.g., due to use of different
   transforms or different algorithms).  The examples below illustrate
   this.

   In cases (a) and (b)...  Suppose you have the following situation.
   H1 is sending to H2 and the packet to be sent from R1 to R2 exceeds
   the PMTU of the network hop between them.

                 ==================================
                 |                                |
                H1* --- R1 ----- R2 ---- R3 ---- H2*
                 ^       |
                 |.......|

   If R1 is configured to not fragment subscriber traffic, then R1 sends
   an ICMP PMTU message with the appropriate PMTU to H1.  H1's
   processing would vary with the nature of the implementation.  In case
   (a) (native IP), the security services are bound to sockets or the
   equivalent.  Here the IP/IPsec implementation in H1 can store/update
   the PMTU for the associated socket.  In case (b), the IP layer in H1
   can store/update the PMTU but only at the granularity of Source and
   Destination addresses and possibly TOS/Class, as noted above.  So the
   result may be sub-optimal, since the PMTU for a given
   SRC/DST/TOS/Class will be the subtraction of the largest amount of
   IPsec header used for any communication association between a given
   source and destination.

   In case (c), there has to be a security gateway to have any IPsec
   processing.  So suppose you have the following situation.  H1 is
   sending to H2 and the packet to be sent from SG1 to R exceeds the
   PMTU of the network hop between them.

                         ================
                         |              |

 H1 ---- SG1* --- R --- SG2* ---- H2
                 ^       |
                 |.......|

   As described above for case (b), the IP layer in H1 can store/update
   the PMTU but only at the granularity of Source and Destination
   addresses, and possibly TOS/Class.  So the result may be sub-optimal,
   since the PMTU for a given SRC/DST/TOS/Class will be the subtraction
   of the largest amount of IPsec header used for any communication
   association between a given source and destination.

B.3.4 Per Socket Maintenance of PMTU Data

   Implementation of the calculation of PMTU (Section B.3.2) and support
   for PMTUs at the granularity of individual "communication
   associations" (Section B.3.3) is a local matter.  However, a socket-
   based implementation of IPsec in a host SHOULD maintain the
   information on a per socket basis.  Bump in the stack systems MUST
   pass an ICMP PMTU to the host IP implementation, after adjusting it
   for any IPsec header overhead added by these systems.  The
   determination of the overhead SHOULD be determined by analysis of the
   SPI and any other selector information present in a returned ICMP
   PMTU message.

B.3.5 Delivery of PMTU Data to the Transport Layer

   The host mechanism for getting the updated PMTU to the transport
   layer is unchanged, as specified in RFC 1191 (Path MTU Discovery).

B.3.6 Aging of PMTU Data

   This topic is covered in Section 6.1.2.4.

Appendix C -- Sequence Space Window Code Example

   This appendix contains a routine that implements a bitmask check for
   a 32 packet window.  It was provided by James Hughes
   (jim_hughes@stortek.com) and Harry Varnis (hgv@anubis.network.com)
   and is intended as an implementation example.  Note that this code
   both checks for a replay and updates the window.  Thus the algorithm,
   as shown, should only be called AFTER the packet has been
   authenticated.  Implementers might wish to consider splitting the
   code to do the check for replays before computing the ICV.  If the
   packet is not a replay, the code would then compute the ICV, (discard
   any bad packets), and if the packet is OK, update the window.

#include 
#include 
typedef unsigned long u_long;

enum {
    ReplayWindowSize = 32
};

u_long bitmap = 0;                 /* session state - must be 32 bits */
u_long lastSeq = 0;                     /* session state */

/* Returns 0 if packet disallowed, 1 if packet permitted */
int ChkReplayWindow(u_long seq);

int ChkReplayWindow(u_long seq) {
    u_long diff;

    if (seq == 0) return 0;             /* first == 0 or wrapped */
    if (seq > lastSeq) {                /* new larger sequence number */
        diff = seq - lastSeq;
        if (diff < ReplayWindowSize) {  /* In window */
            bitmap <<= diff;
            bitmap |= 1;                /* set bit for this packet */
        } else bitmap = 1;          /* This packet has a "way larger" */
        lastSeq = seq;
        return 1;                       /* larger is good */
    }
    diff = lastSeq - seq;
    if (diff >= ReplayWindowSize) return 0; /* too old or wrapped */
    if (bitmap & ((u_long)1 << diff)) return 0; /* already seen */
    bitmap |= ((u_long)1 << diff);              /* mark as seen */
    return 1;                           /* out of order but good */
}

char string_buffer[512];

#define STRING_BUFFER_SIZE sizeof(string_buffer)

int main() {
    int result;
    u_long last, current, bits;

    printf("Input initial state (bits in hex, last msgnum):\n");
    if (!fgets(string_buffer, STRING_BUFFER_SIZE, stdin)) exit(0);
    sscanf(string_buffer, "%lx %lu", &bits, &last);
    if (last != 0)
    bits |= 1;
    bitmap = bits;
    lastSeq = last;
    printf("bits:%08lx last:%lu\n", bitmap, lastSeq);
    printf("Input value to test (current):\n");

    while (1) {
        if (!fgets(string_buffer, STRING_BUFFER_SIZE, stdin)) break;
        sscanf(string_buffer, "%lu", ¤t);
        result = ChkReplayWindow(current);
        printf("%-3s", result ? "OK" : "BAD");
        printf(" bits:%08lx last:%lu\n", bitmap, lastSeq);
    }
    return 0;
}

Appendix D -- Categorization of ICMP messages

The tables below characterize ICMP messages as being either host
generated, router generated, both, unassigned/unknown.  The first set
are IPv4.  The second set are IPv6.

                                IPv4

Type    Name/Codes                                             Reference
========================================================================
HOST GENERATED:
  3     Destination Unreachable
         2  Protocol Unreachable                               [RFC792]
         3  Port Unreachable                                   [RFC792]
         8  Source Host Isolated                               [RFC792]
        14  Host Precedence Violation                          [RFC1812]
 10     Router Selection                                       [RFC1256]

Type    Name/Codes                                             Reference
========================================================================
ROUTER GENERATED:
  3     Destination Unreachable
         0  Net Unreachable                                    [RFC792]
         4  Fragmentation Needed, Don't Fragment was Set       [RFC792]
         5  Source Route Failed                                [RFC792]
         6  Destination Network Unknown                        [RFC792]
         7  Destination Host Unknown                           [RFC792]
         9  Comm. w/Dest. Net. is Administratively Prohibited  [RFC792]
        11  Destination Network Unreachable for Type of Service[RFC792]
  5     Redirect
         0  Redirect Datagram for the Network (or subnet)      [RFC792]
         2  Redirect Datagram for the Type of Service & Network[RFC792]
  9     Router Advertisement                                   [RFC1256]
 18     Address Mask Reply                                     [RFC950]

                                IPv4
Type    Name/Codes                                             Reference
========================================================================
BOTH ROUTER AND HOST GENERATED:
  0     Echo Reply                                             [RFC792]
  3     Destination Unreachable
         1  Host Unreachable                                   [RFC792]
        10  Comm. w/Dest. Host is Administratively Prohibited  [RFC792]
        12  Destination Host Unreachable for Type of Service   [RFC792]
        13  Communication Administratively Prohibited          [RFC1812]
        15  Precedence cutoff in effect                        [RFC1812]
  4     Source Quench                                          [RFC792]
  5     Redirect
         1  Redirect Datagram for the Host                     [RFC792]
         3  Redirect Datagram for the Type of Service and Host [RFC792]
  6     Alternate Host Address                                 [JBP]
  8     Echo                                                   [RFC792]
 11     Time Exceeded                                          [RFC792]
 12     Parameter Problem                              [RFC792,RFC1108]
 13     Timestamp                                              [RFC792]
 14     Timestamp Reply                                        [RFC792]
 15     Information Re
quest                                    [RFC792]
 16     Information Reply                                      [RFC792]
 17     Address Mask Request                                   [RFC950]
 30     Traceroute                                             [RFC1393]
 31     Datagram Conversion Error                              [RFC1475]
 32     Mobile Host Redirect                                   [Johnson]
 39     SKIP                                                   [Markson]
 40     Photuris                                               [Simpson]

Type    Name/Codes                                             Reference
========================================================================
UNASSIGNED TYPE OR UNKNOWN GENERATOR:
  1     Unassigned                                             [JBP]
  2     Unassigned                                             [JBP]
  7     Unassigned                                             [JBP]
 19     Reserved (for Security)                                [Solo]
 20-29  Reserved (for Robustness Experiment)                   [ZSu]
 33     IPv6 Where-Are-You                                     [Simpson]
 34     IPv6 I-Am-Here                                         [Simpson]
 35     Mobile Registration Request                            [Simpson]
 36     Mobile Registration Reply                              [Simpson]
 37     Domain Name Request                                    [Simpson]
 38     Domain Name Reply                                      [Simpson]
 41-255 Reserved                                               [JBP]

                                IPv6

Type    Name/Codes                                             Reference
========================================================================
HOST GENERATED:
  1     Destination Unreachable                                [RFC 1885]
         4  Port Unreachable

Type    Name/Codes                                             Reference
========================================================================
ROUTER GENERATED:
  1     Destination Unreachable                                [RFC1885]
         0  No Route to Destination
         1  Comm. w/Destination is Administratively Prohibited
         2  Not a Neighbor
         3  Address Unreachable
  2     Packet Too Big                                         [RFC1885]
         0
  3     Time Exceeded                                          [RFC1885]
         0  Hop Limit Exceeded in Transit
         1  Fragment reassembly time exceeded

Type    Name/Codes                                             Reference
========================================================================
BOTH ROUTER AND HOST GENERATED:
  4     Parameter Problem                                      [RFC1885]
         0  Erroneous Header Field Encountered
         1  Unrecognized Next Header Type Encountered
         2  Unrecognized IPv6 Option Encountered

References

   [BL73]    Bell, D.E. & LaPadula, L.J., "Secure Computer Systems:
             Mathematical Foundations and Model", Technical Report M74-
             244, The MITRE Corporation, Bedford, MA, May 1973.

   [Bra97]   Bradner, S., "Key words for use in RFCs to Indicate
             Requirement Level", BCP 14, RFC 2119, March 1997.

   [DoD85]   US National Computer Security Center, "Department of
             Defense Trusted Computer System Evaluation Criteria", DoD
             5200.28-STD, US Department of Defense, Ft. Meade, MD.,
             December 1985.

   [DoD87]   US National Computer Security Center, "Trusted Network
             Interpretation of the Trusted Computer System Evaluation
             Criteria", NCSC-TG-005, Version 1, US Department of
             Defense, Ft. Meade, MD., 31 July 1987.

   [HA94]    Haller, N., and R. Atkinson, "On Internet Authentication",
             RFC 1704, October 1994.

   [HC98]    Harkins, D., and D. Carrel, "The Internet Key Exchange
             (IKE)", RFC 2409, November 1998.

   [HM97]    Harney, H., and C.  Muckenhirn, "Group Key Management
             Protocol (GKMP) Architecture", RFC 2094, July 1997.

   [ISO]     ISO/IEC JTC1/SC6, Network Layer Security Protocol, ISO-IEC
             DIS 11577, International Standards Organisation, Geneva,
             Switzerland, 29 November 1992.

   [IB93]    John Ioannidis and Matt Blaze, "Architecture and
             Implementation of Network-layer Security Under Unix",
             Proceedings of USENIX Security Symposium, Santa Clara, CA,
             October 1993.

   [IBK93]   John Ioannidis, Matt Blaze, & Phil Karn, "swIPe: Network-
             Layer Security for IP", presentation at the Spring 1993
             IETF Meeting, Columbus, Ohio

   [KA98a]   Kent, S., and R. Atkinson, "IP Authentication Header", RFC
             2402, November 1998.

   [KA98b]   Kent, S., and R. Atkinson, "IP Encapsulating Security
             Payload (ESP)", RFC 2406, November 1998.

   [Ken91]   Kent, S., "US DoD Security Options for the Internet
             Protocol", RFC 1108, November 1991.

   [MSST97]  Maughan, D., Schertler, M., Schneider, M., and J. Turner,
             "Internet Security Association and Key Management Protocol
             (ISAKMP)", RFC 2408, November 1998.

   [Orm97]   Orman, H., "The OAKLEY Key Determination Protocol", RFC
             2412, November 1998.

   [Pip98]   Piper, D., "The Internet IP Security Domain of
             Interpretation for ISAKMP", RFC 2407, November 1998.

   [Sch94]   Bruce Schneier, Applied Cryptography, Section 8.6, John
             Wiley & Sons, New York, NY, 1994.

   [SDNS]    SDNS Secure Data Network System, Security Protocol 3, SP3,
             Document SDN.301, Revision 1.5, 15 May 1989, published in
             NIST Publication NIST-IR-90-4250, February 1990.

   [SMPT98]  Shacham, A., Monsour, R., Pereira, R., and M. Thomas, "IP
             Payload Compression Protocol (IPComp)", RFC 2393, August
             1998.

   [TDG97]   Thayer, R., Doraswamy, N., and R. Glenn, "IP Security
             Document Roadmap", RFC 2411, November 1998.

   [VK83]    V.L. Voydock & S.T. Kent, "Security Mechanisms in High-
             level Networks", ACM Computing Surveys, Vol. 15, No. 2,
             June 1983.

Disclaimer

   The views and specification expressed in this document are those of
   the authors and are not necessarily those of their employers.  The
   authors and their employers specifically disclaim responsibility for
   any problems arising from correct or incorrect implementation or use
   of this design.

Author Information

   Stephen Kent
   BBN Corporation
   70 Fawcett Street
   Cambridge, MA  02140
   USA

   Phone: +1 (617) 873-3988
   EMail: kent@bbn.com

   Randall Atkinson
   @Home Network
   425 Broadway
   Redwood City, CA 94063
   USA

   Phone: +1 (415) 569-5000
   EMail: rja@corp.home.net

Copyright (C) The Internet Society (1998).  All Rights Reserved.

   This document and translations of it may be copied and furnished to
   others, and derivative works that comment on or otherwise explain it
   or assist in its implementation may be prepared, copied, published
   and distributed, in whole or in part, without restriction of any
   kind, provided that the above copyright notice and this paragraph are
   included on all such copies a
nd derivative works.  However, this
   document itself may not be modified in any way, such as by removing
   the copyright notice or references to the Internet Society or other
   Internet organizations, except as needed for the purpose of
   developing Internet standards in which case the procedures for
   copyrights defined in the Internet Standards process must be
   followed, or as required to translate it into languages other than
   English.

   The limited permissions granted above are perpetual and will not be
   revoked by the Internet Society or its successors or assigns.

   This document and the information contained herein is provided on an
   "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
   TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
   BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
   HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
   MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.

The post RFC 2401 – Security Architecture for the Internet Protocol appeared first on IPv6.net.

RFC 1661 – The Point-to-Point Protocol (PPP)

IPv6 & IoT editor — Sat, 01 Aug 2009 17:56:20 +0000

Network Working Group                                 W. Simpson, Editor
Request for Comments: 1661                                    Daydreamer
STD: 51                                                        July 1994
Obsoletes: 1548
Category: Standards Track

                   The Point-to-Point Protocol (PPP)

Status of this Memo

   This document specifies an Internet standards track protocol for the
   Internet community, and requests discussion and suggestions for
   improvements.  Please refer to the current edition of the "Internet
   Official Protocol Standards" (STD 1) for the standardization state
   and status of this protocol.  Distribution of this memo is unlimited.

Abstract

   The Point-to-Point Protocol (PPP) provides a standard method for
   transporting multi-protocol datagrams over point-to-point links.  PPP
   is comprised of three main components:

      1. A method for encapsulating multi-protocol datagrams.

      2. A Link Control Protocol (LCP) for establishing, configuring,
         and testing the data-link connection.

      3. A family of Network Control Protocols (NCPs) for establishing
         and configuring different network-layer protocols.

   This document defines the PPP organization and methodology, and the
   PPP encapsulation, together with an extensible option negotiation
   mechanism which is able to negotiate a rich assortment of
   configuration parameters and provides additional management
   functions.  The PPP Link Control Protocol (LCP) is described in terms
   of this mechanism.

Table of Contents

     1.     Introduction ..........................................    1
        1.1       Specification of Requirements ...................    2
        1.2       Terminology .....................................    3

     2.     PPP Encapsulation .....................................    4

     3.     PPP Link Operation ....................................    6
        3.1       Overview ........................................    6
        3.2       Phase Diagram ...................................    6
        3.3       Link Dead (physical-layer not ready) ............    7
        3.4       Link Establishment Phase ........................    7
        3.5       Authentication Phase ............................    8
        3.6       Network-Layer Protocol Phase ....................    8
        3.7       Link Termination Phase ..........................    9

     4.     The Option Negotiation Automaton ......................   11
        4.1       State Transition Table ..........................   12
        4.2       States ..........................................   14
        4.3       Events ..........................................   16
        4.4       Actions .........................................   21
        4.5       Loop Avoidance ..................................   23
        4.6       Counters and Timers .............................   24

     5.     LCP Packet Formats ....................................   26
        5.1       Configure-Request ...............................   28
        5.2       Configure-Ack ...................................   29
        5.3       Configure-Nak ...................................   30
        5.4       Configure-Reject ................................   31
        5.5       Terminate-Request and Terminate-Ack .............   33
        5.6       Code-Reject .....................................   34
        5.7       Protocol-Reject .................................   35
        5.8       Echo-Request and Echo-Reply .....................   36
        5.9       Discard-Request .................................   37

     6.     LCP Configuration Options .............................   39
        6.1       Maximum-Receive-Unit (MRU) ......................   41
        6.2       Authentication-Protocol .........................   42
        6.3       Quality-Protocol ................................   43
        6.4       Magic-Number ....................................   45
        6.5       Protocol-Field-Compression (PFC) ................   48
        6.6       Address-and-Control-Field-Compression (ACFC)

     SECURITY CONSIDERATIONS ......................................   51
     REFERENCES ...................................................   51
     ACKNOWLEDGEMENTS .............................................   51
     CHAIR'S ADDRESS ..............................................   52
     EDITOR'S ADDRESS .............................................   52

1.  Introduction

   The Point-to-Point Protocol is designed for simple links which
   transport packets between two peers.  These links provide full-duplex
   simultaneous bi-directional operation, and are assumed to deliver
   packets in order.  It is intended that PPP provide a common solution
   for easy connection of a wide variety of hosts, bridges and routers
   [1].

   Encapsulation

      The PPP encapsulation provides for multiplexing of different
      network-layer protocols simultaneously over the same link.  The
      PPP encapsulation has been carefully designed to retain
      compatibility with most commonly used supporting hardware.

      Only 8 additional octets are necessary to form the encapsulation
      when used within the default HDLC-like framing.  In environments
      where bandwidth is at a premium, the encapsulation and framing may
      be shortened to 2 or 4 octets.

      To support high speed implementations, the default encapsulation
      uses only simple fields, only one of which needs to be examined
      for demultiplexing.  The default header and information fields
      fall on 32-bit boundaries, and the trailer may be padded to an
      arbitrary boundary.

   Link Control Protocol

      In order to be sufficiently versatile to be portable to a wide
      variety of environments, PPP provides a Link Control Protocol
      (LCP).  The LCP is used to automatically agree upon the
      encapsulation format options, handle varying limits on sizes of
      packets, detect a looped-back link and other common
      misconfiguration errors, and terminate the link.  Other optional
      facilities provided are authentication of the identity of its peer
      on the link, and determination when a link is functioning properly
      and when it is failing.

   Network Control Protocols

      Point-to-Point links tend to exacerbate many problems with the
      current family of network protocols.  For instance, assignment and
      management of IP addresses, which is a problem even in LAN
      environments, is especially difficult over circuit-switched
      point-to-point links (such as dial-up modem servers).  These
      problems are handled by a family of Network Control Protocols
      (NCPs), which each manage the specific needs required by their

      respective network-layer protocols.  These NCPs are defined in
      companion documents.

   Configuration

      It is intended that PPP links be easy to configure.  By design,
      the standard defaults handle all common configurations.  The
      implementor can specify improvements to the default configuration,
      which are automatically communicated to the peer without operator
      intervention.  Finally, the operator may explicitly configure
      options for the link which enable the link to op
erate in
      environments where it would otherwise be impossible.

      This self-configuration is implemented through an extensible
      option negotiation mechanism, wherein each end of the link
      describes to the other its capabilities and requirements.
      Although the option negotiation mechanism described in this
      document is specified in terms of the Link Control Protocol (LCP),
      the same facilities are designed to be used by other control
      protocols, especially the family of NCPs.

1.1.  Specification of Requirements

   In this document, several words are used to signify the requirements
   of the specification.  These words are often capitalized.

   MUST      This word, or the adjective "required", means that the
             definition is an absolute requirement of the specification.

   MUST NOT  This phrase means that the definition is an absolute
             prohibition of the specification.

   SHOULD    This word, or the adjective "recommended", means that there
             may exist valid reasons in particular circumstances to
             ignore this item, but the full implications must be
             understood and carefully weighed before choosing a
             different course.

   MAY       This word, or the adjective "optional", means that this
             item is one of an allowed set of alternatives.  An
             implementation which does not include this option MUST be
             prepared to interoperate with another implementation which
             does include the option.

1.2.  Terminology

   This document frequently uses the following terms:

   datagram  The unit of transmission in the network layer (such as IP).
             A datagram may be encapsulated in one or more packets
             passed to the data link layer.

   frame     The unit of transmission at the data link layer.  A frame
             may include a header and/or a trailer, along with some
             number of units of data.

   packet    The basic unit of encapsulation, which is passed across the
             interface between the network layer and the data link
             layer.  A packet is usually mapped to a frame; the
             exceptions are when data link layer fragmentation is being
             performed, or when multiple packets are incorporated into a
             single frame.

   peer      The other end of the point-to-point link.

   silently discard
             The implementation discards the packet without further
             processing.  The implementation SHOULD provide the
             capability of logging the error, including the contents of
             the silently discarded packet, and SHOULD record the event
             in a statistics counter.

2.  PPP Encapsulation

   The PPP encapsulation is used to disambiguate multiprotocol
   datagrams.  This encapsulation requires framing to indicate the
   beginning and end of the encapsulation.  Methods of providing framing
   are specified in companion documents.

   A summary of the PPP encapsulation is shown below.  The fields are
   transmitted from left to right.

           +----------+-------------+---------+
           | Protocol | Information | Padding |
           | 8/16 bits|      *      |    *    |
           +----------+-------------+---------+

   Protocol Field

      The Protocol field is one or two octets, and its value identifies
      the datagram encapsulated in the Information field of the packet.
      The field is transmitted and received most significant octet
      first.

      The structure of this field is consistent with the ISO 3309
      extension mechanism for address fields.  All Protocols MUST be
      odd; the least significant bit of the least significant octet MUST
      equal "1".  Also, all Protocols MUST be assigned such that the
      least significant bit of the most significant octet equals "0".
      Frames received which don't comply with these rules MUST be
      treated as having an unrecognized Protocol.

      Protocol field values in the "0***" to "3***" range identify the
      network-layer protocol of specific packets, and values in the
      "8***" to "b***" range identify packets belonging to the
      associated Network Control Protocols (NCPs), if any.

      Protocol field values in the "4***" to "7***" range are used for
      protocols with low volume traffic which have no associated NCP.
      Protocol field values in the "c***" to "f***" range identify
      packets as link-layer Control Protocols (such as LCP).

      Up-to-date values of the Protocol field are specified in the most
      recent "Assigned Numbers" RFC [2].  This specification reserves
      the following values:

      Value (in hex)  Protocol Name

      0001            Padding Protocol
      0003 to 001f    reserved (transparency inefficient)
      007d            reserved (Control Escape)
      00cf            reserved (PPP NLPID)
      00ff            reserved (compression inefficient)

      8001 to 801f    unused
      807d            unused
      80cf            unused
      80ff            unused

      c021            Link Control Protocol
      c023            Password Authentication Protocol
      c025            Link Quality Report
      c223            Challenge Handshake Authentication Protocol

      Developers of new protocols MUST obtain a number from the Internet
      Assigned Numbers Authority (IANA), at IANA@isi.edu.

   Information Field

      The Information field is zero or more octets.  The Information
      field contains the datagram for the protocol specified in the
      Protocol field.

      The maximum length for the Information field, including Padding,
      but not including the Protocol field, is termed the Maximum
      Receive Unit (MRU), which defaults to 1500 octets.  By
      negotiation, consenting PPP implementations may use other values
      for the MRU.

   Padding

      On transmission, the Information field MAY be padded with an
      arbitrary number of octets up to the MRU.  It is the
      responsibility of each protocol to distinguish padding octets from
      real information.

3.  PPP Link Operation

3.1.  Overview

   In order to establish communications over a point-to-point link, each
   end of the PPP link MUST first send LCP packets to configure and test
   the data link.  After the link has been established, the peer MAY be
   authenticated.

   Then, PPP MUST send NCP packets to choose and configure one or more
   network-layer protocols.  Once each of the chosen network-layer
   protocols has been configured, datagrams from each network-layer
   protocol can be sent over the link.

   The link will remain configured for communications until explicit LCP
   or NCP packets close the link down, or until some external event
   occurs (an inactivity timer expires or network administrator
   intervention).

3.2.  Phase Diagram

   In the process of configuring, maintaining and terminating the
   point-to-point link, the PPP link goes through several distinct
   phases which are specified in the following simplified state diagram:

   +------+        +-----------+           +--------------+
   |      | UP     |           | OPENED    |              | SUCCESS/NONE
   | Dead |------->|
Establish |---------->| Authenticate |--+
   |      |        |           |           |              |  |
   +------+        +-----------+           +--------------+  |
      ^               |                        |             |
      |          FAIL |                   FAIL |             |
      +<--------------+             +----------+             |
      |                             |                        |
      |            +-----------+    |           +---------+  |
      |       DOWN |           |    |   CLOSING |         |  |
      +------------| Terminate |<---+<----------| Network |<-+
                   |           |                |         |
                   +-----------+                +---------+

   Not all transitions are specified in this diagram.  The following
   semantics MUST be followed.

3.3.  Link Dead (physical-layer not ready)

   The link necessarily begins and ends with this phase.  When an
   external event (such as carrier detection or network administrator
   configuration) indicates that the physical-layer is ready to be used,
   PPP will proceed to the Link Establishment phase.

   During this phase, the LCP automaton (described later) will be in the
   Initial or Starting states.  The transition to the Link Establishment
   phase will signal an Up event to the LCP automaton.

   Implementation Note:

      Typically, a link will return to this phase automatically after
      the disconnection of a modem.  In the case of a hard-wired link,
      this phase may be extremely short -- merely long enough to detect
      the presence of the device.

3.4.  Link Establishment Phase

   The Link Control Protocol (LCP) is used to establish the connection
   through an exchange of Configure packets.  This exchange is complete,
   and the LCP Opened state entered, once a Configure-Ack packet
   (described later) has been both sent and received.

   All Configuration Options are assumed to be at default values unless
   altered by the configuration exchange.  See the chapter on LCP
   Configuration Options for further discussion.

   It is important to note that only Configuration Options which are
   independent of particular network-layer protocols are configured by
   LCP.  Configuration of individual network-layer protocols is handled
   by separate Network Control Protocols (NCPs) during the Network-Layer
   Protocol phase.

   Any non-LCP packets received during this phase MUST be silently
   discarded.

   The receipt of the LCP Configure-Request causes a return to the Link
   Establishment phase from the Network-Layer Protocol phase or
   Authentication phase.

3.5.  Authentication Phase

   On some links it may be desirable to require a peer to authenticate
   itself before allowing network-layer protocol packets to be
   exchanged.

   By default, authentication is not mandatory.  If an implementation
   desires that the peer authenticate with some specific authentication
   protocol, then it MUST request the use of that authentication
   protocol during Link Establishment phase.

   Authentication SHOULD take place as soon as possible after link
   establishment.  However, link quality determination MAY occur
   concurrently.  An implementation MUST NOT allow the exchange of link
   quality determination packets to delay authentication indefinitely.

   Advancement from the Authentication phase to the Network-Layer
   Protocol phase MUST NOT occur until authentication has completed.  If
   authentication fails, the authenticator SHOULD proceed instead to the
   Link Termination phase.

   Only Link Control Protocol, authentication protocol, and link quality
   monitoring packets are allowed during this phase.  All other packets
   received during this phase MUST be silently discarded.

   Implementation Notes:

      An implementation SHOULD NOT fail authentication simply due to
      timeout or lack of response.  The authentication SHOULD allow some
      method of retransmission, and proceed to the Link Termination
      phase only after a number of authentication attempts has been
      exceeded.

      The implementation responsible for commencing Link Termination
      phase is the implementation which has refused authentication to
      its peer.

3.6.  Network-Layer Protocol Phase

   Once PPP has finished the previous phases, each network-layer
   protocol (such as IP, IPX, or AppleTalk) MUST be separately
   configured by the appropriate Network Control Protocol (NCP).

   Each NCP MAY be Opened and Closed at any time.

   Implementation Note:

      Because an implementation may initially use a significant amount
      of time for link quality determination, implementations SHOULD
      avoid fixed timeouts when waiting for their peers to configure a
      NCP.

   After a NCP has reached the Opened state, PPP will carry the
   corresponding network-layer protocol packets.  Any supported
   network-layer protocol packets received when the corresponding NCP is
   not in the Opened state MUST be silently discarded.

   Implementation Note:

      While LCP is in the Opened state, any protocol packet which is
      unsupported by the implementation MUST be returned in a Protocol-
      Reject (described later).  Only protocols which are supported are
      silently discarded.

   During this phase, link traffic consists of any possible combination
   of LCP, NCP, and network-layer protocol packets.

3.7.  Link Termination Phase

   PPP can terminate the link at any time.  This might happen because of
   the loss of carrier, authentication failure, link quality failure,
   the expiration of an idle-period timer, or the administrative closing
   of the link.

   LCP is used to close the link through an exchange of Terminate
   packets.  When the link is closing, PPP informs the network-layer
   protocols so that they may take appropriate action.

   After the exchange of Terminate packets, the implementation SHOULD
   signal the physical-layer to disconnect in order to enforce the
   termination of the link, particularly in the case of an
   authentication failure.  The sender of the Terminate-Request SHOULD
   disconnect after receiving a Terminate-Ack, or after the Restart
   counter expires.  The receiver of a Terminate-Request SHOULD wait for
   the peer to disconnect, and MUST NOT disconnect until at least one
   Restart time has passed after sending a Terminate-Ack.  PPP SHOULD
   proceed to the Link Dead phase.

   Any non-LCP packets received during this phase MUST be silently
   discarded.

   Implementation Note:

      The closing of the link by LCP is sufficient.  There is no need
      for each NCP to send a flurry of Terminate packets.  Conversely,
      the fact that one NCP has Closed is not sufficient reason to cause
      the termination of the PPP link, even if that NCP was the only NCP
      currently in the Opened state.

4.  The Option Negotiation Automaton

   The finite-state automaton is defined by events, actions and state
   transitions.  Events include reception of external commands such as
   Open and Close, expiration of the Restart timer, and reception of
   packets from a peer.  Actions include the starting of the Restart
   timer and transmission of packets to the peer.

   Some types of packets -- Configure-Naks and Configure-Rejects
, or
   Code-Rejects and Protocol-Rejects, or Echo-Requests, Echo-Replies and
   Discard-Requests -- are not differentiated in the automaton
   descriptions.  As will be described later, these packets do indeed
   serve different functions.  However, they always cause the same
   transitions.

   Events                                   Actions

   Up   = lower layer is Up                 tlu = This-Layer-Up
   Down = lower layer is Down               tld = This-Layer-Down
   Open = administrative Open               tls = This-Layer-Started
   Close= administrative Close              tlf = This-Layer-Finished

   TO+  = Timeout with counter > 0          irc = Initialize-Restart-Count
   TO-  = Timeout with counter expired      zrc = Zero-Restart-Count

   RCR+ = Receive-Configure-Request (Good)  scr = Send-Configure-Request
   RCR- = Receive-Configure-Request (Bad)
   RCA  = Receive-Configure-Ack             sca = Send-Configure-Ack
   RCN  = Receive-Configure-Nak/Rej         scn = Send-Configure-Nak/Rej

   RTR  = Receive-Terminate-Request         str = Send-Terminate-Request
   RTA  = Receive-Terminate-Ack             sta = Send-Terminate-Ack

   RUC  = Receive-Unknown-Code              scj = Send-Code-Reject
   RXJ+ = Receive-Code-Reject (permitted)
       or Receive-Protocol-Reject
   RXJ- = Receive-Code-Reject (catastrophic)
       or Receive-Protocol-Reject
   RXR  = Receive-Echo-Request              ser = Send-Echo-Reply
       or Receive-Echo-Reply
       or Receive-Discard-Request

4.1.  State Transition Table

   The complete state transition table follows.  States are indicated
   horizontally, and events are read vertically.  State transitions and
   actions are represented in the form action/new-state.  Multiple
   actions are separated by commas, and may continue on succeeding lines
   as space requires; multiple actions may be implemented in any
   convenient order.  The state may be followed by a letter, which
   indicates an explanatory footnote.  The dash ('-') indicates an
   illegal transition.

      | State
      |    0         1         2         3         4         5
Events| Initial   Starting  Closed    Stopped   Closing   Stopping
------+-----------------------------------------------------------
 Up   |    2     irc,scr/6     -         -         -         -
 Down |    -         -         0       tls/1       0         1
 Open |  tls/1       1     irc,scr/6     3r        5r        5r
 Close|    0       tlf/0       2         2         4         4
      |
  TO+ |    -         -         -         -       str/4     str/5
  TO- |    -         -         -         -       tlf/2     tlf/3
      |
 RCR+ |    -         -       sta/2 irc,scr,sca/8   4         5
 RCR- |    -         -       sta/2 irc,scr,scn/6   4         5
 RCA  |    -         -       sta/2     sta/3       4         5
 RCN  |    -         -       sta/2     sta/3       4         5
      |
 RTR  |    -         -       sta/2     sta/3     sta/4     sta/5
 RTA  |    -         -         2         3       tlf/2     tlf/3
      |
 RUC  |    -         -       scj/2     scj/3     scj/4     scj/5
 RXJ+ |    -         -         2         3         4         5
 RXJ- |    -         -       tlf/2     tlf/3     tlf/2     tlf/3
      |
 RXR  |    -         -         2         3         4         5

      | State
      |    6         7         8           9
Events| Req-Sent  Ack-Rcvd  Ack-Sent    Opened
------+-----------------------------------------
 Up   |    -         -         -           -
 Down |    1         1         1         tld/1
 Open |    6         7         8           9r
 Close|irc,str/4 irc,str/4 irc,str/4 tld,irc,str/4
      |
  TO+ |  scr/6     scr/6     scr/8         -
  TO- |  tlf/3p    tlf/3p    tlf/3p        -
      |
 RCR+ |  sca/8   sca,tlu/9   sca/8   tld,scr,sca/8
 RCR- |  scn/6     scn/7     scn/6   tld,scr,scn/6
 RCA  |  irc/7     scr/6x  irc,tlu/9   tld,scr/6x
 RCN  |irc,scr/6   scr/6x  irc,scr/8   tld,scr/6x
      |
 RTR  |  sta/6     sta/6     sta/6   tld,zrc,sta/5
 RTA  |    6         6         8       tld,scr/6
      |
 RUC  |  scj/6     scj/7     scj/8       scj/9
 RXJ+ |    6         6         8           9
 RXJ- |  tlf/3     tlf/3     tlf/3   tld,irc,str/5
      |
 RXR  |    6         7         8         ser/9

   The states in which the Restart timer is running are identifiable by
   the presence of TO events.  Only the Send-Configure-Request, Send-
   Terminate-Request and Zero-Restart-Count actions start or re-start
   the Restart timer.  The Restart timer is stopped when transitioning
   from any state where the timer is running to a state where the timer
   is not running.

   The events and actions are defined according to a message passing
   architecture, rather than a signalling architecture.  If an action is
   desired to control specific signals (such as DTR), additional actions
   are likely to be required.

   [p]   Passive option; see Stopped state discussion.

   [r]   Restart option; see Open event discussion.

   [x]   Crossed connection; see RCA event discussion.

4.2.  States

   Following is a more detailed description of each automaton state.

   Initial

      In the Initial state, the lower layer is unavailable (Down), and
      no Open has occurred.  The Restart timer is not running in the
      Initial state.

   Starting

      The Starting state is the Open counterpart to the Initial state.
      An administrative Open has been initiated, but the lower layer is
      still unavailable (Down).  The Restart timer is not running in the
      Starting state.

      When the lower layer becomes available (Up), a Configure-Request
      is sent.

   Closed

      In the Closed state, the link is available (Up), but no Open has
      occurred.  The Restart timer is not running in the Closed state.

      Upon reception of Configure-Request packets, a Terminate-Ack is
      sent.  Terminate-Acks are silently discarded to avoid creating a
      loop.

   Stopped

      The Stopped state is the Open counterpart to the Closed state.  It
      is entered when the automaton is waiting for a Down event after
      the This-Layer-Finished action, or after sending a Terminate-Ack.
      The Restart timer is not running in the Stopped state.

      Upon reception of Configure-Request packets, an appropriate
      response is sent.  Upon reception of other packets, a Terminate-
      Ack is sent.  Terminate-Acks are silently discarded to avoid
      creating a loop.

      Rationale:

         The Stopped state is a junction state for link termination,
         link configuration failure, and other automaton failure modes.
         These potentially separate states have been combined.

         There is a race condition between the Down event response (from

         the This-Layer-Finished action) and the Receive-Configure-
         Request event.  When a Configure-Request arrives before the
         Down event, the Down event will supercede by returning the
         automaton to the Starting state.  This prevents attack by
         repetition.

      Implementation Option:

         After the peer fails to respond to Configure-Requests, an
         implementation MAY wait passively for the peer to send
         Configure-Requests.  In this case, the This-Layer-Finished

         action is not used for the TO- event in states Req-Sent, Ack-
         Rcvd and Ack-Sent.

         This option is useful for dedicated circuits, or circuits which
         have no status signals available, but SHOULD NOT be used for
         switched circuits.

   Closing

      In the Closing state, an attempt is made to terminate the
      connection.  A Terminate-Request has been sent and the Restart
      timer is running, but a Terminate-Ack has not yet been received.

      Upon reception of a Terminate-Ack, the Closed state is entered.
      Upon the expiration of the Restart timer, a new Terminate-Request
      is transmitted, and the Restart timer is restarted.  After the
      Restart timer has expired Max-Terminate times, the Closed state is
      entered.

   Stopping

      The Stopping state is the Open counterpart to the Closing state.
      A Terminate-Request has been sent and the Restart timer is
      running, but a Terminate-Ack has not yet been received.

      Rationale:

         The Stopping state provides a well defined opportunity to
         terminate a link before allowing new traffic.  After the link
         has terminated, a new configuration may occur via the Stopped
         or Starting states.

   Request-Sent

      In the Request-Sent state an attempt is made to configure the
      connection.  A Configure-Request has been sent and the Restart
      timer is running, but a Configure-Ack has not yet been received

      nor has one been sent.

   Ack-Received

      In the Ack-Received state, a Configure-Request has been sent and a
      Configure-Ack has been received.  The Restart timer is still
      running, since a Configure-Ack has not yet been sent.

   Ack-Sent

      In the Ack-Sent state, a Configure-Request and a Configure-Ack
      have both been sent, but a Configure-Ack has not yet been
      received.  The Restart timer is running, since a Configure-Ack has
      not yet been received.

   Opened

      In the Opened state, a Configure-Ack has been both sent and
      received.  The Restart timer is not running.

      When entering the Opened state, the implementation SHOULD signal
      the upper layers that it is now Up.  Conversely, when leaving the
      Opened state, the implementation SHOULD signal the upper layers
      that it is now Down.

4.3.  Events

   Transitions and actions in the automaton are caused by events.

   Up

      This event occurs when a lower layer indicates that it is ready to
      carry packets.

      Typically, this event is used by a modem handling or calling
      process, or by some other coupling of the PPP link to the physical
      media, to signal LCP that the link is entering Link Establishment
      phase.

      It also can be used by LCP to signal each NCP that the link is
      entering Network-Layer Protocol phase.  That is, the This-Layer-Up
      action from LCP triggers the Up event in the NCP.

   Down

      This event occurs when a lower layer indicates that it is no

      longer ready to carry packets.

      Typically, this event is used by a modem handling or calling
      process, or by some other coupling of the PPP link to the physical
      media, to signal LCP that the link is entering Link Dead phase.

      It also can be used by LCP to signal each NCP that the link is
      leaving Network-Layer Protocol phase.  That is, the This-Layer-
      Down action from LCP triggers the Down event in the NCP.

   Open

      This event indicates that the link is administratively available
      for traffic; that is, the network administrator (human or program)
      has indicated that the link is allowed to be Opened.  When this
      event occurs, and the link is not in the Opened state, the
      automaton attempts to send configuration packets to the peer.

      If the automaton is not able to begin configuration (the lower
      layer is Down, or a previous Close event has not completed), the
      establishment of the link is automatically delayed.

      When a Terminate-Request is received, or other events occur which
      cause the link to become unavailable, the automaton will progress
      to a state where the link is ready to re-open.  No additional
      administrative intervention is necessary.

      Implementation Option:

         Experience has shown that users will execute an additional Open
         command when they want to renegotiate the link.  This might
         indicate that new values are to be negotiated.

         Since this is not the meaning of the Open event, it is
         suggested that when an Open user command is executed in the
         Opened, Closing, Stopping, or Stopped states, the
         implementation issue a Down event, immediately followed by an
         Up event.  Care must be taken that an intervening Down event
         cannot occur from another source.

         The Down followed by an Up will cause an orderly renegotiation
         of the link, by progressing through the Starting to the
         Request-Sent state.  This will cause the renegotiation of the
         link, without any harmful side effects.

   Close

      This event indicates that the link is not available for traffic;

      that is, the network administrator (human or program) has
      indicated that the link is not allowed to be Opened.  When this
      event occurs, and the link is not in the Closed state, the
      automaton attempts to terminate the connection.  Futher attempts
      to re-configure the link are denied until a new Open event occurs.

      Implementation Note:

         When authentication fails, the link SHOULD be terminated, to
         prevent attack by repetition and denial of service to other
         users.  Since the link is administratively available (by
         definition), this can be accomplished by simulating a Close
         event to the LCP, immediately followed by an Open event.  Care
         must be taken that an intervening Close event cannot occur from
         another source.

         The Close followed by an Open will cause an orderly termination
         of the link, by progressing through the Closing to the Stopping
         state, and the This-Layer-Finished action can disconnect the
         link.  The automaton waits in the Stopped or Starting states
         for the next connection attempt.

   Timeout (TO+,TO-)

      This event indicates the expiration of the Restart timer.  The
      Restart timer is used to time responses to Configure-Request and
      Terminate-Request packets.

      The TO+ event indicates that the Restart counter continues to be
      greater than zero, which triggers the corresponding Configure-
      Request or Terminate-Request packet to be retransmitted.

      The TO- event indicates that the Restart counter is not greater
      than zero, and no more packets need to be retransmitted.

   Receive-Configure-Request (RCR+,RCR-)

      This event occurs when a Configure-Request packet is received from
      the peer.  The Configure-Request packet indicates the desire to
      open a connection and may specify Configuration Options.  The
      Configure-Request packet is more fully described in a later
      section.

      The RCR+ event indicates that
 the Configure-Request was
      acceptable, and triggers the transmission of a corresponding
      Configure-Ack.

      The RCR- event indicates that the Configure-Request was

      unacceptable, and triggers the transmission of a corresponding
      Configure-Nak or Configure-Reject.

      Implementation Note:

         These events may occur on a connection which is already in the
         Opened state.  The implementation MUST be prepared to
         immediately renegotiate the Configuration Options.

   Receive-Configure-Ack (RCA)

      This event occurs when a valid Configure-Ack packet is received
      from the peer.  The Configure-Ack packet is a positive response to
      a Configure-Request packet.  An out of sequence or otherwise
      invalid packet is silently discarded.

      Implementation Note:

         Since the correct packet has already been received before
         reaching the Ack-Rcvd or Opened states, it is extremely
         unlikely that another such packet will arrive.  As specified,
         all invalid Ack/Nak/Rej packets are silently discarded, and do
         not affect the transitions of the automaton.

         However, it is not impossible that a correctly formed packet
         will arrive through a coincidentally-timed cross-connection.
         It is more likely to be the result of an implementation error.
         At the very least, this occurance SHOULD be logged.

   Receive-Configure-Nak/Rej (RCN)

      This event occurs when a valid Configure-Nak or Configure-Reject
      packet is received from the peer.  The Configure-Nak and
      Configure-Reject packets are negative responses to a Configure-
      Request packet.  An out of sequence or otherwise invalid packet is
      silently discarded.

      Implementation Note:

         Although the Configure-Nak and Configure-Reject cause the same
         state transition in the automaton, these packets have
         significantly different effects on the Configuration Options
         sent in the resulting Configure-Request packet.

   Receive-Terminate-Request (RTR)

      This event occurs when a Terminate-Request packet is received.
      The Terminate-Request packet indicates the desire of the peer to

      close the connection.

      Implementation Note:

         This event is not identical to the Close event (see above), and
         does not override the Open commands of the local network
         administrator.  The implementation MUST be prepared to receive
         a new Configure-Request without network administrator
         intervention.

   Receive-Terminate-Ack (RTA)

      This event occurs when a Terminate-Ack packet is received from the
      peer.  The Terminate-Ack packet is usually a response to a
      Terminate-Request packet.  The Terminate-Ack packet may also
      indicate that the peer is in Closed or Stopped states, and serves
      to re-synchronize the link configuration.

   Receive-Unknown-Code (RUC)

      This event occurs when an un-interpretable packet is received from
      the peer.  A Code-Reject packet is sent in response.

   Receive-Code-Reject, Receive-Protocol-Reject (RXJ+,RXJ-)

      This event occurs when a Code-Reject or a Protocol-Reject packet
      is received from the peer.

      The RXJ+ event arises when the rejected value is acceptable, such
      as a Code-Reject of an extended code, or a Protocol-Reject of a
      NCP.  These are within the scope of normal operation.  The
      implementation MUST stop sending the offending packet type.

      The RXJ- event arises when the rejected value is catastrophic,
      such as a Code-Reject of Configure-Request, or a Protocol-Reject
      of LCP!  This event communicates an unrecoverable error that
      terminates the connection.

   Receive-Echo-Request, Receive-Echo-Reply, Receive-Discard-Request
   (RXR)

      This event occurs when an Echo-Request, Echo-Reply or Discard-
      Request packet is received from the peer.  The Echo-Reply packet
      is a response to an Echo-Request packet.  There is no reply to an
      Echo-Reply or Discard-Request packet.

4.4.  Actions

   Actions in the automaton are caused by events and typically indicate
   the transmission of packets and/or the starting or stopping of the
   Restart timer.

   Illegal-Event (-)

      This indicates an event that cannot occur in a properly
      implemented automaton.  The implementation has an internal error,
      which should be reported and logged.  No transition is taken, and
      the implementation SHOULD NOT reset or freeze.

   This-Layer-Up (tlu)

      This action indicates to the upper layers that the automaton is
      entering the Opened state.

      Typically, this action is used by the LCP to signal the Up event
      to a NCP, Authentication Protocol, or Link Quality Protocol, or
      MAY be used by a NCP to indicate that the link is available for
      its network layer traffic.

   This-Layer-Down (tld)

      This action indicates to the upper layers that the automaton is
      leaving the Opened state.

      Typically, this action is used by the LCP to signal the Down event
      to a NCP, Authentication Protocol, or Link Quality Protocol, or
      MAY be used by a NCP to indicate that the link is no longer
      available for its network layer traffic.

   This-Layer-Started (tls)

      This action indicates to the lower layers that the automaton is
      entering the Starting state, and the lower layer is needed for the
      link.  The lower layer SHOULD respond with an Up event when the
      lower layer is available.

      This results of this action are highly implementation dependent.

   This-Layer-Finished (tlf)

      This action indicates to the lower layers that the automaton is
      entering the Initial, Closed or Stopped states, and the lower
      layer is no longer needed for the link.  The lower layer SHOULD
      respond with a Down event when the lower layer has terminated.

      Typically, this action MAY be used by the LCP to advance to the
      Link Dead phase, or MAY be used by a NCP to indicate to the LCP
      that the link may terminate when there are no other NCPs open.

      This results of this action are highly implementation dependent.

   Initialize-Restart-Count (irc)

      This action sets the Restart counter to the appropriate value
      (Max-Terminate or Max-Configure).  The counter is decremented for
      each transmission, including the first.

      Implementation Note:

         In addition to setting the Restart counter, the implementation
         MUST set the timeout period to the initial value when Restart
         timer backoff is used.

   Zero-Restart-Count (zrc)

      This action sets the Restart counter to zero.

      Implementation Note:

         This action enables the FSA to pause before proceeding to the
         desired final state, allowing traffic to be processed by the
         peer.  In addition to zeroing the Restart counter, the
         implementation MUST set the timeout period to an appropriate
         value.

   Send-Configure-Request (scr)

      A Configure-Request packet is transmitted.  This indicates the
      desire to open a connection with a specified set of
 Configuration
      Options.  The Restart timer is started when the Configure-Request
      packet is transmitted, to guard against packet loss.  The Restart
      counter is decremented each time a Configure-Request is sent.

   Send-Configure-Ack (sca)

      A Configure-Ack packet is transmitted.  This acknowledges the
      reception of a Configure-Request packet with an acceptable set of
      Configuration Options.

   Send-Configure-Nak (scn)

      A Configure-Nak or Configure-Reject packet is transmitted, as
      appropriate.  This negative response reports the reception of a

      Configure-Request packet with an unacceptable set of Configuration
      Options.

      Configure-Nak packets are used to refuse a Configuration Option
      value, and to suggest a new, acceptable value.  Configure-Reject
      packets are used to refuse all negotiation about a Configuration
      Option, typically because it is not recognized or implemented.
      The use of Configure-Nak versus Configure-Reject is more fully
      described in the chapter on LCP Packet Formats.

   Send-Terminate-Request (str)

      A Terminate-Request packet is transmitted.  This indicates the
      desire to close a connection.  The Restart timer is started when
      the Terminate-Request packet is transmitted, to guard against
      packet loss.  The Restart counter is decremented each time a
      Terminate-Request is sent.

   Send-Terminate-Ack (sta)

      A Terminate-Ack packet is transmitted.  This acknowledges the
      reception of a Terminate-Request packet or otherwise serves to
      synchronize the automatons.

   Send-Code-Reject (scj)

      A Code-Reject packet is transmitted.  This indicates the reception
      of an unknown type of packet.

   Send-Echo-Reply (ser)

      An Echo-Reply packet is transmitted.  This acknowledges the
      reception of an Echo-Request packet.

4.5.  Loop Avoidance

   The protocol makes a reasonable attempt at avoiding Configuration
   Option negotiation loops.  However, the protocol does NOT guarantee
   that loops will not happen.  As with any negotiation, it is possible
   to configure two PPP implementations with conflicting policies that
   will never converge.  It is also possible to configure policies which
   do converge, but which take significant time to do so.  Implementors
   should keep this in mind and SHOULD implement loop detection
   mechanisms or higher level timeouts.

4.6.  Counters and Timers

   Restart Timer

      There is one special timer used by the automaton.  The Restart
      timer is used to time transmissions of Configure-Request and
      Terminate-Request packets.  Expiration of the Restart timer causes
      a Timeout event, and retransmission of the corresponding
      Configure-Request or Terminate-Request packet.  The Restart timer
      MUST be configurable, but SHOULD default to three (3) seconds.

      Implementation Note:

         The Restart timer SHOULD be based on the speed of the link.
         The default value is designed for low speed (2,400 to 9,600
         bps), high switching latency links (typical telephone lines).
         Higher speed links, or links with low switching latency, SHOULD
         have correspondingly faster retransmission times.

         Instead of a constant value, the Restart timer MAY begin at an
         initial small value and increase to the configured final value.
         Each successive value less than the final value SHOULD be at
         least twice the previous value.  The initial value SHOULD be
         large enough to account for the size of the packets, twice the
         round trip time for transmission at the link speed, and at
         least an additional 100 milliseconds to allow the peer to
         process the packets before responding.  Some circuits add
         another 200 milliseconds of satellite delay.  Round trip times
         for modems operating at 14,400 bps have been measured in the
         range of 160 to more than 600 milliseconds.

   Max-Terminate

      There is one required restart counter for Terminate-Requests.
      Max-Terminate indicates the number of Terminate-Request packets
      sent without receiving a Terminate-Ack before assuming that the
      peer is unable to respond.  Max-Terminate MUST be configurable,
      but SHOULD default to two (2) transmissions.

   Max-Configure

      A similar counter is recommended for Configure-Requests.  Max-
      Configure indicates the number of Configure-Request packets sent
      without receiving a valid Configure-Ack, Configure-Nak or
      Configure-Reject before assuming that the peer is unable to
      respond.  Max-Configure MUST be configurable, but SHOULD default
      to ten (10) transmissions.

   Max-Failure

      A related counter is recommended for Configure-Nak.  Max-Failure
      indicates the number of Configure-Nak packets sent without sending
      a Configure-Ack before assuming that configuration is not
      converging.  Any further Configure-Nak packets for peer requested
      options are converted to Configure-Reject packets, and locally
      desired options are no longer appended.  Max-Failure MUST be
      configurable, but SHOULD default to five (5) transmissions.

5.  LCP Packet Formats

   There are three classes of LCP packets:

      1. Link Configuration packets used to establish and configure a
         link (Configure-Request, Configure-Ack, Configure-Nak and
         Configure-Reject).

      2. Link Termination packets used to terminate a link (Terminate-
         Request and Terminate-Ack).

      3. Link Maintenance packets used to manage and debug a link
         (Code-Reject, Protocol-Reject, Echo-Request, Echo-Reply, and
         Discard-Request).

   In the interest of simplicity, there is no version field in the LCP
   packet.  A correctly functioning LCP implementation will always
   respond to unknown Protocols and Codes with an easily recognizable
   LCP packet, thus providing a deterministic fallback mechanism for
   implementations of other versions.

   Regardless of which Configuration Options are enabled, all LCP Link
   Configuration, Link Termination, and Code-Reject packets (codes 1
   through 7) are always sent as if no Configuration Options were
   negotiated.  In particular, each Configuration Option specifies a
   default value.  This ensures that such LCP packets are always
   recognizable, even when one end of the link mistakenly believes the
   link to be open.

   Exactly one LCP packet is encapsulated in the PPP Information field,
   where the PPP Protocol field indicates type hex c021 (Link Control
   Protocol).

   A summary of the Link Control Protocol packet format is shown below.
   The fields are transmitted from left to right.

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Code      |  Identifier   |            Length             |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |    Data ...
   +-+-+-+-+

   Code

      The Code field is one octet, and identifies the kind of LCP

      packet.  When a packet is received with an unknown Code field, a
      Code-Re
ject packet is transmitted.

      Up-to-date values of the LCP Code field are specified in the most
      recent "Assigned Numbers" RFC [2].  This document concerns the
      following values:

         1       Configure-Request
         2       Configure-Ack
         3       Configure-Nak
         4       Configure-Reject
         5       Terminate-Request
         6       Terminate-Ack
         7       Code-Reject
         8       Protocol-Reject
         9       Echo-Request
         10      Echo-Reply
         11      Discard-Request

   Identifier

      The Identifier field is one octet, and aids in matching requests
      and replies.  When a packet is received with an invalid Identifier
      field, the packet is silently discarded without affecting the
      automaton.

   Length

      The Length field is two octets, and indicates the length of the
      LCP packet, including the Code, Identifier, Length and Data
      fields.  The Length MUST NOT exceed the MRU of the link.

      Octets outside the range of the Length field are treated as
      padding and are ignored on reception.  When a packet is received
      with an invalid Length field, the packet is silently discarded
      without affecting the automaton.

   Data

      The Data field is zero or more octets, as indicated by the Length
      field.  The format of the Data field is determined by the Code
      field.

5.1.  Configure-Request

   Description

      An implementation wishing to open a connection MUST transmit a
      Configure-Request.  The Options field is filled with any desired
      changes to the link defaults.  Configuration Options SHOULD NOT be
      included with default values.

      Upon reception of a Configure-Request, an appropriate reply MUST
      be transmitted.

   A summary of the Configure-Request packet format is shown below.  The
   fields are transmitted from left to right.

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Code      |  Identifier   |            Length             |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   | Options ...
   +-+-+-+-+

   Code

      1 for Configure-Request.

   Identifier

      The Identifier field MUST be changed whenever the contents of the
      Options field changes, and whenever a valid reply has been
      received for a previous request.  For retransmissions, the
      Identifier MAY remain unchanged.

   Options

      The options field is variable in length, and contains the list of
      zero or more Configuration Options that the sender desires to
      negotiate.  All Configuration Options are always negotiated
      simultaneously.  The format of Configuration Options is further
      described in a later chapter.

5.2.  Configure-Ack

   Description

      If every Configuration Option received in a Configure-Request is
      recognizable and all values are acceptable, then the
      implementation MUST transmit a Configure-Ack.  The acknowledged
      Configuration Options MUST NOT be reordered or modified in any
      way.

      On reception of a Configure-Ack, the Identifier field MUST match
      that of the last transmitted Configure-Request.  Additionally, the
      Configuration Options in a Configure-Ack MUST exactly match those
      of the last transmitted Configure-Request.  Invalid packets are
      silently discarded.

   A summary of the Configure-Ack packet format is shown below.  The
   fields are transmitted from left to right.

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Code      |  Identifier   |            Length             |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   | Options ...
   +-+-+-+-+

   Code

      2 for Configure-Ack.

   Identifier

      The Identifier field is a copy of the Identifier field of the
      Configure-Request which caused this Configure-Ack.

   Options

      The Options field is variable in length, and contains the list of
      zero or more Configuration Options that the sender is
      acknowledging.  All Configuration Options are always acknowledged
      simultaneously.

5.3.  Configure-Nak

   Description

      If every instance of the received Configuration Options is
      recognizable, but some values are not acceptable, then the
      implementation MUST transmit a Configure-Nak.  The Options field
      is filled with only the unacceptable Configuration Options from
      the Configure-Request.  All acceptable Configuration Options are
      filtered out of the Configure-Nak, but otherwise the Configuration
      Options from the Configure-Request MUST NOT be reordered.

      Options which have no value fields (boolean options) MUST use the
      Configure-Reject reply instead.

      Each Configuration Option which is allowed only a single instance
      MUST be modified to a value acceptable to the Configure-Nak
      sender.  The default value MAY be used, when this differs from the
      requested value.

      When a particular type of Configuration Option can be listed more
      than once with different values, the Configure-Nak MUST include a
      list of all values for that option which are acceptable to the
      Configure-Nak sender.  This includes acceptable values that were
      present in the Configure-Request.

      Finally, an implementation may be configured to request the
      negotiation of a specific Configuration Option.  If that option is
      not listed, then that option MAY be appended to the list of Nak'd
      Configuration Options, in order to prompt the peer to include that
      option in its next Configure-Request packet.  Any value fields for
      the option MUST indicate values acceptable to the Configure-Nak
      sender.

      On reception of a Configure-Nak, the Identifier field MUST match
      that of the last transmitted Configure-Request.  Invalid packets
      are silently discarded.

      Reception of a valid Configure-Nak indicates that when a new
      Configure-Request is sent, the Configuration Options MAY be
      modified as specified in the Configure-Nak.  When multiple
      instances of a Configuration Option are present, the peer SHOULD
      select a single value to include in its next Configure-Request
      packet.

      Some Configuration Options have a variable length.  Since the
      Nak'd Option has been modified by the peer, the implementation
      MUST be able to handle an Option length which is different from

      the original Configure-Request.

   A summary of the Configure-Nak packet format is shown below.  The
   fields are transmitted from left to right.

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Code      |  Identifier   |            Length             |
   +-+-+-+-+-+-+-+-+-+-+-+-
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   | Options ...
   +-+-+-+-+

   Code

      3 for Configure-Nak.

   Identifier

      The Identifier field is a copy of the Identifier field of the
      Configure-Request which caused this Configure-Nak.

   Options

      The Options field is variable in length, and contains the list of
      zero or more Configuration Options that the sender is Nak'ing.
      All Configuration Options are always Nak'd simultaneously.

5.4.  Configure-Reject

   Description

      If some Configuration Options received in a Configure-Request are
      not recognizable or are not acceptable for negotiation (as
      configured by a network administrator), then the implementation
      MUST transmit a Configure-Reject.  The Options field is filled
      with only the unacceptable Configuration Options from the
      Configure-Request.  All recognizable and negotiable Configuration
      Options are filtered out of the Configure-Reject, but otherwise
      the Configuration Options MUST NOT be reordered or modified in any
      way.

      On reception of a Configure-Reject, the Identifier field MUST
      match that of the last transmitted Configure-Request.
      Additionally, the Configuration Options in a Configure-Reject MUST

      be a proper subset of those in the last transmitted Configure-
      Request.  Invalid packets are silently discarded.

      Reception of a valid Configure-Reject indicates that when a new
      Configure-Request is sent, it MUST NOT include any of the
      Configuration Options listed in the Configure-Reject.

   A summary of the Configure-Reject packet format is shown below.  The
   fields are transmitted from left to right.

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Code      |  Identifier   |            Length             |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   | Options ...
   +-+-+-+-+

   Code

      4 for Configure-Reject.

   Identifier

      The Identifier field is a copy of the Identifier field of the
      Configure-Request which caused this Configure-Reject.

   Options

      The Options field is variable in length, and contains the list of
      zero or more Configuration Options that the sender is rejecting.
      All Configuration Options are always rejected simultaneously.

5.5.  Terminate-Request and Terminate-Ack

   Description

      LCP includes Terminate-Request and Terminate-Ack Codes in order to
      provide a mechanism for closing a connection.

      An implementation wishing to close a connection SHOULD transmit a
      Terminate-Request.  Terminate-Request packets SHOULD continue to
      be sent until Terminate-Ack is received, the lower layer indicates
      that it has gone down, or a sufficiently large number have been
      transmitted such that the peer is down with reasonable certainty.

      Upon reception of a Terminate-Request, a Terminate-Ack MUST be
      transmitted.

      Reception of an unelicited Terminate-Ack indicates that the peer
      is in the Closed or Stopped states, or is otherwise in need of
      re-negotiation.

   A summary of the Terminate-Request and Terminate-Ack packet formats
   is shown below.  The fields are transmitted from left to right.

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Code      |  Identifier   |            Length             |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |    Data ...
   +-+-+-+-+

   Code

      5 for Terminate-Request;

      6 for Terminate-Ack.

   Identifier

      On transmission, the Identifier field MUST be changed whenever the
      content of the Data field changes, and whenever a valid reply has
      been received for a previous request.  For retransmissions, the
      Identifier MAY remain unchanged.

      On reception, the Identifier field of the Terminate-Request is
      copied into the Identifier field of the Terminate-Ack packet.

   Data

      The Data field is zero or more octets, and contains uninterpreted
      data for use by the sender.  The data may consist of any binary
      value.  The end of the field is indicated by the Length.

5.6.  Code-Reject

   Description

      Reception of a LCP packet with an unknown Code indicates that the
      peer is operating with a different version.  This MUST be reported
      back to the sender of the unknown Code by transmitting a Code-
      Reject.

      Upon reception of the Code-Reject of a code which is fundamental
      to this version of the protocol, the implementation SHOULD report
      the problem and drop the connection, since it is unlikely that the
      situation can be rectified automatically.

   A summary of the Code-Reject packet format is shown below.  The
   fields are transmitted from left to right.

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Code      |  Identifier   |            Length             |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   | Rejected-Packet ...
   +-+-+-+-+-+-+-+-+

   Code

      7 for Code-Reject.

   Identifier

      The Identifier field MUST be changed for each Code-Reject sent.

   Rejected-Packet

      The Rejected-Packet field contains a copy of the LCP packet which
      is being rejected.  It begins with the Information field, and does
      not include any Data Link Layer headers nor an FCS.  The
      Rejected-Packet MUST be truncated to comply with the peer's

      established MRU.

5.7.  Protocol-Reject

   Description

      Reception of a PPP packet with an unknown Protocol field indicates
      that the peer is attempting to use a protocol which is
      unsupported.  This usually occurs when the peer attempts to
      configure a new protocol.  If the LCP automaton is in the Opened
      state, then this MUST be reported back to the peer by transmitting
      a Protocol-Reject.

      Upon reception of a Protocol-Reject, the implementation MUST stop
      sending packets of the indicated protocol at the earliest
      opportunity.

      Protocol-Reject packets can only be sent in the LCP Opened state.
      Protocol-Reject packets received in any state other than the LCP
      Opened state SHOULD be silently discarded.

   A summary of the Protocol-Reject packet format is shown below.  The
   fields are transmitted from left to right.

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Code      |  Identifier   |            Length             |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |       Rejected-Protocol       |      Rej
ected-Information ...
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   Code

      8 for Protocol-Reject.

   Identifier

      The Identifier field MUST be changed for each Protocol-Reject
      sent.

   Rejected-Protocol

      The Rejected-Protocol field is two octets, and contains the PPP
      Protocol field of the packet which is being rejected.

   Rejected-Information

      The Rejected-Information field contains a copy of the packet which
      is being rejected.  It begins with the Information field, and does
      not include any Data Link Layer headers nor an FCS.  The
      Rejected-Information MUST be truncated to comply with the peer's
      established MRU.

5.8.  Echo-Request and Echo-Reply

   Description

      LCP includes Echo-Request and Echo-Reply Codes in order to provide
      a Data Link Layer loopback mechanism for use in exercising both
      directions of the link.  This is useful as an aid in debugging,
      link quality determination, performance testing, and for numerous
      other functions.

      Upon reception of an Echo-Request in the LCP Opened state, an
      Echo-Reply MUST be transmitted.

      Echo-Request and Echo-Reply packets MUST only be sent in the LCP
      Opened state.  Echo-Request and Echo-Reply packets received in any
      state other than the LCP Opened state SHOULD be silently
      discarded.

   A summary of the Echo-Request and Echo-Reply packet formats is shown
   below.  The fields are transmitted from left to right.

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Code      |  Identifier   |            Length             |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                         Magic-Number                          |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |    Data ...
   +-+-+-+-+

   Code

      9 for Echo-Request;

      10 for Echo-Reply.

   Identifier

      On transmission, the Identifier field MUST be changed whenever the
      content of the Data field changes, and whenever a valid reply has
      been received for a previous request.  For retransmissions, the
      Identifier MAY remain unchanged.

      On reception, the Identifier field of the Echo-Request is copied
      into the Identifier field of the Echo-Reply packet.

   Magic-Number

      The Magic-Number field is four octets, and aids in detecting links
      which are in the looped-back condition.  Until the Magic-Number
      Configuration Option has been successfully negotiated, the Magic-
      Number MUST be transmitted as zero.  See the Magic-Number
      Configuration Option for further explanation.

   Data

      The Data field is zero or more octets, and contains uninterpreted
      data for use by the sender.  The data may consist of any binary
      value.  The end of the field is indicated by the Length.

5.9.  Discard-Request

   Description

      LCP includes a Discard-Request Code in order to provide a Data
      Link Layer sink mechanism for use in exercising the local to
      remote direction of the link.  This is useful as an aid in
      debugging, performance testing, and for numerous other functions.

      Discard-Request packets MUST only be sent in the LCP Opened state.
      On reception, the receiver MUST silently discard any Discard-
      Request that it receives.

   A summary of the Discard-Request packet format is shown below.  The
   fields are transmitted from left to right.

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Code      |  Identifier   |            Length             |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                         Magic-Number                          |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |    Data ...
   +-+-+-+-+

   Code

      11 for Discard-Request.

   Identifier

      The Identifier field MUST be changed for each Discard-Request
      sent.

   Magic-Number

      The Magic-Number field is four octets, and aids in detecting links
      which are in the looped-back condition.  Until the Magic-Number
      Configuration Option has been successfully negotiated, the Magic-
      Number MUST be transmitted as zero.  See the Magic-Number
      Configuration Option for further explanation.

   Data

      The Data field is zero or more octets, and contains uninterpreted
      data for use by the sender.  The data may consist of any binary
      value.  The end of the field is indicated by the Length.

6.  LCP Configuration Options

   LCP Configuration Options allow negotiation of modifications to the
   default characteristics of a point-to-point link.  If a Configuration
   Option is not included in a Configure-Request packet, the default
   value for that Configuration Option is assumed.

   Some Configuration Options MAY be listed more than once.  The effect
   of this is Configuration Option specific, and is specified by each
   such Configuration Option description.  (None of the Configuration
   Options in this specification can be listed more than once.)

   The end of the list of Configuration Options is indicated by the
   Length field of the LCP packet.

   Unless otherwise specified, all Configuration Options apply in a
   half-duplex fashion; typically, in the receive direction of the link
   from the point of view of the Configure-Request sender.

   Design Philosophy

      The options indicate additional capabilities or requirements of
      the implementation that is requesting the option.  An
      implementation which does not understand any option SHOULD
      interoperate with one which implements every option.

      A default is specified for each option which allows the link to
      correctly function without negotiation of the option, although
      perhaps with less than optimal performance.

      Except where explicitly specified, acknowledgement of an option
      does not require the peer to take any additional action other than
      the default.

      It is not necessary to send the default values for the options in
      a Configure-Request.

   A summary of the Configuration Option format is shown below.  The
   fields are transmitted from left to right.

    0                   1
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Type      |    Length     |    Data ...
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   Type

      The Type field is one octet, and indicates the type of
      Configuration Option.  Up-to-date values of the LCP Option Type
      field are specified in the most recent "Assigned Numbers" RFC [2].
      This document concerns the following values:

         0       RESERVED
         1       Maximum-Receive-Unit
         3       Authentication-Protocol
         4       Quality-Protocol
         5
Magic-Number
         7       Protocol-Field-Compression
         8       Address-and-Control-Field-Compression

   Length

      The Length field is one octet, and indicates the length of this
      Configuration Option including the Type, Length and Data fields.

      If a negotiable Configuration Option is received in a Configure-
      Request, but with an invalid or unrecognized Length, a Configure-
      Nak SHOULD be transmitted which includes the desired Configuration
      Option with an appropriate Length and Data.

   Data

      The Data field is zero or more octets, and contains information
      specific to the Configuration Option.  The format and length of
      the Data field is determined by the Type and Length fields.

      When the Data field is indicated by the Length to extend beyond
      the end of the Information field, the entire packet is silently
      discarded without affecting the automaton.

6.1.  Maximum-Receive-Unit (MRU)

   Description

      This Configuration Option may be sent to inform the peer that the
      implementation can receive larger packets, or to request that the
      peer send smaller packets.

      The default value is 1500 octets.  If smaller packets are
      requested, an implementation MUST still be able to receive the
      full 1500 octet information field in case link synchronization is
      lost.

      Implementation Note:

         This option is used to indicate an implementation capability.
         The peer is not required to maximize the use of the capacity.
         For example, when a MRU is indicated which is 2048 octets, the
         peer is not required to send any packet with 2048 octets.  The
         peer need not Configure-Nak to indicate that it will only send
         smaller packets, since the implementation will always require
         support for at least 1500 octets.

   A summary of the Maximum-Receive-Unit Configuration Option format is
   shown below.  The fields are transmitted from left to right.

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Type      |    Length     |      Maximum-Receive-Unit     |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   Type

      1

   Length

      4

   Maximum-Receive-Unit

      The Maximum-Receive-Unit field is two octets, and specifies the
      maximum number of octets in the Information and Padding fields.
      It does not include the framing, Protocol field, FCS, nor any
      transparency bits or bytes.

6.2.  Authentication-Protocol

   Description

      On some links it may be desirable to require a peer to
      authenticate itself before allowing network-layer protocol packets
      to be exchanged.

      This Configuration Option provides a method to negotiate the use
      of a specific protocol for authentication.  By default,
      authentication is not required.

      An implementation MUST NOT include multiple Authentication-
      Protocol Configuration Options in its Configure-Request packets.
      Instead, it SHOULD attempt to configure the most desirable
      protocol first.  If that protocol is Configure-Nak'd, then the
      implementation SHOULD attempt the next most desirable protocol in
      the next Configure-Request.

      The implementation sending the Configure-Request is indicating
      that it expects authentication from its peer.  If an
      implementation sends a Configure-Ack, then it is agreeing to
      authenticate with the specified protocol.  An implementation
      receiving a Configure-Ack SHOULD expect the peer to authenticate
      with the acknowledged protocol.

      There is no requirement that authentication be full-duplex or that
      the same protocol be used in both directions.  It is perfectly
      acceptable for different protocols to be used in each direction.
      This will, of course, depend on the specific protocols negotiated.

   A summary of the Authentication-Protocol Configuration Option format
   is shown below.  The fields are transmitted from left to right.

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Type      |    Length     |     Authentication-Protocol   |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |    Data ...
   +-+-+-+-+

   Type

      3

   Length

      >= 4

   Authentication-Protocol

      The Authentication-Protocol field is two octets, and indicates the
      authentication protocol desired.  Values for this field are always
      the same as the PPP Protocol field values for that same
      authentication protocol.

      Up-to-date values of the Authentication-Protocol field are
      specified in the most recent "Assigned Numbers" RFC [2].  Current
      values are assigned as follows:

      Value (in hex)  Protocol

      c023            Password Authentication Protocol
      c223            Challenge Handshake Authentication Protocol

   Data

      The Data field is zero or more octets, and contains additional
      data as determined by the particular protocol.

6.3.  Quality-Protocol

   Description

      On some links it may be desirable to determine when, and how
      often, the link is dropping data.  This process is called link
      quality monitoring.

      This Configuration Option provides a method to negotiate the use
      of a specific protocol for link quality monitoring.  By default,
      link quality monitoring is disabled.

      The implementation sending the Configure-Request is indicating
      that it expects to receive monitoring information from its peer.
      If an implementation sends a Configure-Ack, then it is agreeing to
      send the specified protocol.  An implementation receiving a
      Configure-Ack SHOULD expect the peer to send the acknowledged
      protocol.

      There is no requirement that quality monitoring be full-duplex or

      that the same protocol be used in both directions.  It is
      perfectly acceptable for different protocols to be used in each
      direction.  This will, of course, depend on the specific protocols
      negotiated.

   A summary of the Quality-Protocol Configuration Option format is
   shown below.  The fields are transmitted from left to right.

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Type      |    Length     |        Quality-Protocol       |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |    Data ...
   +-+-+-+-+

   Type

      4

   Length

      >= 4

   Quality-Protocol

      The Quality-Protocol field is two octets, and indicates the link
      quality monitoring protocol desired.  Values for this field are
      always the same as the PPP Protocol field values for that same
      monitoring protocol.
      Up-to-date values of the Quality-Protocol field are specified in
      the most recent "Assigned Numbers" RFC [2].  Current values are
      assigned as follows:

      Value (in hex)  Protocol

      c025            Link Quality Report

   Data

      The Data field is zero or more octets, and contains additional
      data as determined by the particular protocol.

6.4.  Magic-Number

   Description

      This Configuration Option provides a method to detect looped-back
      links and other Data Link Layer anomalies.  This Configuration
      Option MAY be required by some other Configuration Options such as
      the Quality-Protocol Configuration Option.  By default, the
      Magic-Number is not negotiated, and zero is inserted where a
      Magic-Number might otherwise be used.

      Before this Configuration Option is requested, an implementation
      MUST choose its Magic-Number.  It is recommended that the Magic-
      Number be chosen in the most random manner possible in order to
      guarantee with very high probability that an implementation will
      arrive at a unique number.  A good way to choose a unique random
      number is to start with a unique seed.  Suggested sources of
      uniqueness include machine serial numbers, other network hardware
      addresses, time-of-day clocks, etc.  Particularly good random
      number seeds are precise measurements of the inter-arrival time of
      physical events such as packet reception on other connected
      networks, server response time, or the typing rate of a human
      user.  It is also suggested that as many sources as possible be
      used simultaneously.

      When a Configure-Request is received with a Magic-Number
      Configuration Option, the received Magic-Number is compared with
      the Magic-Number of the last Configure-Request sent to the peer.
      If the two Magic-Numbers are different, then the link is not
      looped-back, and the Magic-Number SHOULD be acknowledged.  If the
      two Magic-Numbers are equal, then it is possible, but not certain,
      that the link is looped-back and that this Configure-Request is
      actually the one last sent.  To determine this, a Configure-Nak
      MUST be sent specifying a different Magic-Number value.  A new
      Configure-Request SHOULD NOT be sent to the peer until normal
      processing would cause it to be sent (that is, until a Configure-
      Nak is received or the Restart timer runs out).

      Reception of a Configure-Nak with a Magic-Number different from
      that of the last Configure-Nak sent to the peer proves that a link
      is not looped-back, and indicates a unique Magic-Number.  If the
      Magic-Number is equal to the one sent in the last Configure-Nak,
      the possibility of a looped-back link is increased, and a new
      Magic-Number MUST be chosen.  In either case, a new Configure-
      Request SHOULD be sent with the new Magic-Number.

      If the link is indeed looped-back, this sequence (transmit
      Configure-Request, receive Configure-Request, transmit Configure-

      Nak, receive Configure-Nak) will repeat over and over again.  If
      the link is not looped-back, this sequence might occur a few
      times, but it is extremely unlikely to occur repeatedly.  More
      likely, the Magic-Numbers chosen at either end will quickly
      diverge, terminating the sequence.  The following table shows the
      probability of collisions assuming that both ends of the link
      select Magic-Numbers with a perfectly uniform distribution:

         Number of Collisions        Probability
         --------------------   ---------------------
                 1              1/2**32    = 2.3 E-10
                 2              1/2**32**2 = 5.4 E-20
                 3              1/2**32**3 = 1.3 E-29

      Good sources of uniqueness or randomness are required for this
      divergence to occur.  If a good source of uniqueness cannot be
      found, it is recommended that this Configuration Option not be
      enabled; Configure-Requests with the option SHOULD NOT be
      transmitted and any Magic-Number Configuration Options which the
      peer sends SHOULD be either acknowledged or rejected.  In this
      case, looped-back links cannot be reliably detected by the
      implementation, although they may still be detectable by the peer.

      If an implementation does transmit a Configure-Request with a
      Magic-Number Configuration Option, then it MUST NOT respond with a
      Configure-Reject when it receives a Configure-Request with a
      Magic-Number Configuration Option.  That is, if an implementation
      desires to use Magic Numbers, then it MUST also allow its peer to
      do so.  If an implementation does receive a Configure-Reject in
      response to a Configure-Request, it can only mean that the link is
      not looped-back, and that its peer will not be using Magic-
      Numbers.  In this case, an implementation SHOULD act as if the
      negotiation had been successful (as if it had instead received a
      Configure-Ack).

      The Magic-Number also may be used to detect looped-back links
      during normal operation, as well as during Configuration Option
      negotiation.  All LCP Echo-Request, Echo-Reply, and Discard-
      Request packets have a Magic-Number field.  If Magic-Number has
      been successfully negotiated, an implementation MUST transmit
      these packets with the Magic-Number field set to its negotiated
      Magic-Number.

      The Magic-Number field of these packets SHOULD be inspected on
      reception.  All received Magic-Number fields MUST be equal to
      either zero or the peer's unique Magic-Number, depending on
      whether or not the peer negotiated a Magic-Number.

      Reception of a Magic-Number field equal to the negotiated local
      Magic-Number indicates a looped-back link.  Reception of a Magic-
      Number other than the negotiated local Magic-Number, the peer's
      negotiated Magic-Number, or zero if the peer didn't negotiate one,
      indicates a link which has been (mis)configured for communications
      with a different peer.

      Procedures for recovery from either case are unspecified, and may
      vary from implementation to implementation.  A somewhat
      pessimistic procedure is to assume a LCP Down event.  A further
      Open event will begin the process of re-establishing the link,
      which can't complete until the looped-back condition is
      terminated, and Magic-Numbers are successfully negotiated.  A more
      optimistic procedure (in the case of a looped-back link) is to
      begin transmitting LCP Echo-Request packets until an appropriate
      Echo-Reply is received, indicating a termination of the looped-
      back condition.

   A summary of the Magic-Number Configuration Option format is shown
   below.  The fields are transmitted from left to right.

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Type      |    Length     |          Magic-Number
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
         Magic-Number (cont)       |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   Type

      5

   Length

      6

   Magic-Number


      The Magic-Number field is four octets, and indicates a number
      which is very likely to be unique to one end of the link.  A
      Magic-Number of zero is illegal and MUST always be Nak'd, if it is
      not Rejected outright.

6.5.  Protocol-Field-Compression (PFC)

   Description

      This Configuration Option provides a method to negotiate the
      compression of the PPP Protocol field.  By default, all
      implementations MUST transmit packets with two octet PPP Protocol
      fields.

      PPP Protocol field numbers are chosen such that some values may be
      compressed into a single octet form which is clearly
      distinguishable from the two octet form.  This Configuration
      Option is sent to inform the peer that the implementation can
      receive such single octet Protocol fields.

      As previously mentioned, the Protocol field uses an extension
      mechanism consistent with the ISO 3309 extension mechanism for the
      Address field; the Least Significant Bit (LSB) of each octet is
      used to indicate extension of the Protocol field.  A binary "0" as
      the LSB indicates that the Protocol field continues with the
      following octet.  The presence of a binary "1" as the LSB marks
      the last octet of the Protocol field.  Notice that any number of
      "0" octets may be prepended to the field, and will still indicate
      the same value (consider the two binary representations for 3,
      00000011 and 00000000 00000011).

      When using low speed links, it is desirable to conserve bandwidth
      by sending as little redundant data as possible.  The Protocol-
      Field-Compression Configuration Option allows a trade-off between
      implementation simplicity and bandwidth efficiency.  If
      successfully negotiated, the ISO 3309 extension mechanism may be
      used to compress the Protocol field to one octet instead of two.
      The large majority of packets are compressible since data
      protocols are typically assigned with Protocol field values less
      than 256.

      Compressed Protocol fields MUST NOT be transmitted unless this
      Configuration Option has been negotiated.  When negotiated, PPP
      implementations MUST accept PPP packets with either double-octet
      or single-octet Protocol fields, and MUST NOT distinguish between
      them.

      The Protocol field is never compressed when sending any LCP
      packet.  This rule guarantees unambiguous recognition of LCP
      packets.

      When a Protocol field is compressed, the Data Link Layer FCS field
      is calculated on the compressed frame, not the original

      uncompressed frame.

   A summary of the Protocol-Field-Compression Configuration Option
   format is shown below.  The fields are transmitted from left to
   right.

    0                   1
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Type      |    Length     |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   Type

      7

   Length

      2

6.6.  Address-and-Control-Field-Compression (ACFC)

   Description

      This Configuration Option provides a method to negotiate the
      compression of the Data Link Layer Address and Control fields.  By
      default, all implementations MUST transmit frames with Address and
      Control fields appropriate to the link framing.

      Since these fields usually have constant values for point-to-point
      links, they are easily compressed.  This Configuration Option is
      sent to inform the peer that the implementation can receive
      compressed Address and Control fields.

      If a compressed frame is received when Address-and-Control-Field-
      Compression has not been negotiated, the implementation MAY
      silently discard the frame.

      The Address and Control fields MUST NOT be compressed when sending
      any LCP packet.  This rule guarantees unambiguous recognition of
      LCP packets.

      When the Address and Control fields are compressed, the Data Link
      Layer FCS field is calculated on the compressed frame, not the
      original uncompressed frame.

   A summary of the Address-and-Control-Field-Compression configuration
   option format is shown below.  The fields are transmitted from left
   to right.

    0                   1
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Type      |    Length     |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   Type

      8

   Length

      2

Security Considerations

   Security issues are briefly discussed in sections concerning the
   Authentication Phase, the Close event, and the Authentication-
   Protocol Configuration Option.

References

   [1]   Perkins, D., "Requirements for an Internet Standard Point-to-
         Point Protocol", RFC 1547, Carnegie Mellon University,
         December 1993.

   [2]   Reynolds, J., and Postel, J., "Assigned Numbers", STD 2, RFC
         1340, USC/Information Sciences Institute, July 1992.

Acknowledgements

   This document is the product of the Point-to-Point Protocol Working
   Group of the Internet Engineering Task Force (IETF).  Comments should
   be submitted to the ietf-ppp@merit.edu mailing list.

   Much of the text in this document is taken from the working group
   requirements [1]; and RFCs 1171 & 1172, by Drew Perkins while at
   Carnegie Mellon University, and by Russ Hobby of the University of
   California at Davis.

   William Simpson was principally responsible for introducing
   consistent terminology and philosophy, and the re-design of the phase
   and negotiation state machines.

   Many people spent significant time helping to develop the Point-to-
   Point Protocol.  The complete list of people is too numerous to list,
   but the following people deserve special thanks: Rick Adams, Ken
   Adelman, Fred Baker, Mike Ballard, Craig Fox, Karl Fox, Phill Gross,
   Kory Hamzeh, former WG chair Russ Hobby, David Kaufman, former WG
   chair Steve Knowles, Mark Lewis, former WG chair Brian Lloyd, John
   LoVerso, Bill Melohn, Mike Patton, former WG chair Drew Perkins, Greg
   Satz, John Shriver, Vernon Schryver, and Asher Waldfogel.

   Special thanks to Morning Star Technologies for providing computing
   resources and network access support for writing this specification.

Chair's Address

   The working group can be contacted via the current chair:

      Fred Baker
      Advanced Computer Communications
      315 Bollay Drive
      Santa Barbara, California  93117

      fbaker@acc.com

Editor's Address

   Questions about this memo can also be directed to:

      William Allen Simpson
      Daydreamer
      Computer Systems Consulting Services
      1384 Fontaine
      Madison Heights, Michigan  48071

      Bill.Simpson@um.cc.umich.edu
          bsimpson@MorningStar.com

Simpson                                                        [Page 52]

The post RFC 1661 – The Point-to-Point Protocol (PPP) appeared first on IPv6.net.

RFC 1700 – Assigned Numbers

IPv6 & IoT editor — Sat, 01 Aug 2009 17:53:35 +0000

Network Working Group J. Reynolds
Request for Comments: 1700 J. Postel
STD: 2 ISI
Obsoletes RFCs: 1340, 1060, 1010, 990, 960, October 1994
943, 923, 900, 870, 820, 790, 776, 770,
762, 758,755, 750, 739, 604, 503, 433, 349
Obsoletes IENs: 127, 117, 93
Category: Standards Track

ASSIGNED NUMBERS

Status of this Memo

This memo is a status report on the parameters (i.e., numbers and
keywords) used in protocols in the Internet community. Distribution
of this memo is unlimited.

OVERVIEW

This RFC is a snapshot of the ongoing process of the assignment of
protocol parameters for the Internet protocol suite. To make the
current information readily available the assignments are kept up-to-
date in a set of online text files. This RFC has been assembled by
catinating these files together with a minimum of formatting "glue".
The authors appologize for the somewhat rougher formatting and style
than is typical of most RFCs.

We expect that various readers will notice specific items that should be
corrected. Please send any specific corrections via email to
.

INTRODUCTION

The files in this directory document the currently assigned values for
several series of numbers used in network protocol implementations.

ftp://ftp.isi.edu/in-notes/iana/assignments

The Internet Assigned Numbers Authority (IANA) is the central
coordinator for the assignment of unique parameter values for Internet
protocols. The IANA is chartered by the Internet Society (ISOC) and
the Federal Network Council (FNC) to act as the clearinghouse to
assign and coordinate the use of numerous Internet protocol
parameters.

The Internet protocol suite, as defined by the Internet Engineering
Task Force (IETF) and its steering group (the IESG), contains numerous
parameters, such as internet addresses, domain names, autonomous
system numbers (used in some routing protocols), protocol numbers,
port numbers, management information base object identifiers,
including private enterprise numbers, and many others.

The common use of the Internet protocols by the Internet community
requires that the particular values used in these parameter fields be
assigned uniquely. It is the task of the IANA to make those unique
assignments as requested and to maintain a registry of the currently
assigned values.

Requests for parameter assignments (protocols, ports, etc.) should be
sent to .

Requests for SNMP network management private enterprise number
assignments should be sent to .

The IANA is located at and operated by the Information Sciences
Institute (ISI) of the University of Southern California (USC).

If you are developing a protocol or application that will require the
use of a link, socket, port, protocol, etc., please contact the IANA
to receive a number assignment.

Joyce K. Reynolds
Internet Assigned Numbers Authority
USC - Information Sciences Institute
4676 Admiralty Way
Marina del Rey, California 90292-6695

Electronic mail: IANA@ISI.EDU
Phone: +1 310-822-1511

Most of the protocols are documented in the RFC series of notes. Some
of the items listed are undocumented. Further information on
protocols can be found in the memo, "Internet Official Protocol
Standards" (STD 1).

Data Notations

The convention in the documentation of Internet Protocols is to
express numbers in decimal and to picture data in "big-endian" order
[COHEN]. That is, fields are described left to right, with the most
significant octet on the left and the least significant octet on the
right.

The order of transmission of the header and data described in this
document is resolved to the octet level. Whenever a diagram shows a
group of octets, the order of transmission of those octets is the
normal order in which they are read in English. For example, in the
following diagram the octets are transmitted in the order they are
numbered.

0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| 1 | 2 | 3 | 4 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| 5 | 6 | 7 | 8 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| 9 | 10 | 11 | 12 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

Transmission Order of Bytes

Whenever an octet represents a numeric quantity the left most bit in the
diagram is the high order or most significant bit. That is, the bit
labeled 0 is the most significant bit. For example, the following
diagram represents the value 170 (decimal).

0 1 2 3 4 5 6 7
+-+-+-+-+-+-+-+-+
|1 0 1 0 1 0 1 0|
+-+-+-+-+-+-+-+-+

Significance of Bits

Similarly, whenever a multi-octet field represents a numeric quantity
the left most bit of the whole field is the most significant bit. When

a multi-octet quantity is transmitted the most significant octet is
transmitted first.

Special Addresses

There are five classes of IP addresses: Class A through Class E. Of
these, Classes A, B, and C are used for unicast addresses, Class D is
used for multicast addresses, and Class E addresses are reserved for
future use.

With the advent of classless addressing [CIDR1, CIDR2], the
network-number part of an address may be of any length, and the whole
notion of address classes becomes less important.

There are certain special cases for IP addresses. These special cases
can be concisely summarized using the earlier notation for an IP
address:

IP-address ::= { , }

or

IP-address ::= { , ,
}

if we also use the notation "-1" to mean the field contains all 1
bits. Some common special cases are as follows:

(a) {0, 0}

This host on this network. Can only be used as a source
address (see note later).

(b) {0, }

Specified host on this network. Can only be used as a
source address.

(c) { -1, -1}

Limited broadcast. Can only be used as a destination
address, and a datagram with this address must never be
forwarded outside the (sub-)net of the source.

(d) {, -1}

Directed broadcast to specified network. Can only be used
as a destination address.

(e) {, , -1}

Directed broadcast to specified subnet. Can only be used as
a destination address.

(f) {, -1, -1}

Directed broadcast to all subnets of specified subnetted
network. Can only be used as a destination address.

(g) {127, }

Internal host loopback address. Should never appear outside
a host.

REFERENCES

[COHEN] Cohen, D., "On Holy Wars and a Plea for Peace", IEEE Computer
Magazine, October 1981.

[CIDR1] Fuller, V., T. Li, J. Yu, and K. Varadhan, "Classless
Inter-Domain Routing (CIDR): an Address Assignment and
Aggregation Strategy", RFC 1519, September 1993.

[CIDR2] Rekhter, Y., and T. Li, "An Architecture for IP Address
Allocation with CIDR", RFC 1518, September 1993.

[]

URL = ftp://ftp.isi.edu/in-notes/iana/assignments/introduction

VERSION NUMBERS

In the Internet Protocol (IP) [RFC791] there is a field to identify
the version of the internetwork general protocol. This field is 4
bits in size.

Assigned Internet Version Numbers

Decimal Keyword Version References
------- ------- ------- ----------
0 Reserved [JBP]
1-3 Unassigned [JBP]
4 IP Internet Protocol [RFC791,JBP]
5 ST ST Datagram Mode [RFC1190,JWF]
6 SIP Simple Internet Protocol [RH6]
7 TP/IX TP/IX: The Next Internet [RXU]
8 PIP The P Internet Protocol [PXF]
9 TUBA TUBA [RXC]
10-14 Unassigned [JBP]
15 Reserved [JBP]

REFERENCES

[RFC791] Postel, J., ed., "Internet Protocol - DARPA Internet Program
Protocol Specification", STD 5, RFC 791, USC/Information
Sciences Institute, September 1981.

[RFC1190] Topolcic, C., Editor, "Experimental Internet Stream
Protocol, Version 2 (ST-II)", RFC 1190, CIP Working Group,
October 1990.

PEOPLE

[JPB] Jon Postel

[JWF] Jim Forgie

[RH6] Robert Hinden

[RXU] Robert Ullmann

[PXF] Paul Francis

[RXC] Ross Callon

[]

URL = ftp://ftp.isi.edu/in-notes/iana/assignments/version-numbers

PROTOCOL NUMBERS

In the Internet Protocol (IP) [DDN], [RFC791] there is a field, called
Protocol, to identify the next level protocol. This is an 8 bit
field.

Assigned Internet Protocol Numbers

Decimal Keyword Protocol References
------- ------- -------- ----------
0 Reserved [JBP]
1 ICMP Internet Control Message [RFC792,JBP]
2 IGMP Internet Group Management [RFC1112,JBP]
3 GGP Gateway-to-Gateway [RFC823,MB]
4 IP IP in IP (encasulation) [JBP]
5 ST Stream [RFC1190,IEN119,JWF]
6 TCP Transmission Control [RFC793,JBP]
7 UCL UCL [PK]
8 EGP Exterior Gateway Protocol [RFC888,DLM1]
9 IGP any private interior gateway [JBP]
10 BBN-RCC-MON BBN RCC Monitoring [SGC]
11 NVP-II Network Voice Protocol [RFC741,SC3]
12 PUP PUP [PUP,XEROX]
13 ARGUS ARGUS [RWS4]
14 EMCON EMCON [BN7]
15 XNET Cross Net Debugger [IEN158,JFH2]
16 CHAOS Chaos [NC3]
17 UDP User Datagram [RFC768,JBP]
18 MUX Multiplexing [IEN90,JBP]
19 DCN-MEAS DCN Measurement Subsystems [DLM1]
20 HMP Host Monitoring [RFC869,RH6]
21 PRM Packet Radio Measurement [ZSU]
22 XNS-IDP XEROX NS IDP [ETHERNET,XEROX]
23 TRUNK-1 Trunk-1 [BWB6]
24 TRUNK-2 Trunk-2 [BWB6]
25 LEAF-1 Leaf-1 [BWB6]
26 LEAF-2 Leaf-2 [BWB6]
27 RDP Reliable Data Protocol [RFC908,RH6]
28 IRTP Internet Reliable Transaction [RFC938,TXM]
29 ISO-TP4 ISO Transport Protocol Class 4 [RFC905,RC77]
30 NETBLT Bulk Data Transfer Protocol [RFC969,DDC1]
31 MFE-NSP MFE Network Services Protocol [MFENET,BCH2]
32 MERIT-INP MERIT Internodal Protocol [HWB]
33 SEP Sequential Exchange Protocol [JC120]
34 3PC Third Party Connect Protocol [SAF3]
35 IDPR Inter-Domain Policy Routing Protocol [MXS1]

36 XTP XTP [GXC]
37 DDP Datagram Delivery Protocol [WXC]
38 IDPR-CMTP IDPR Control Message Transport Proto [MXS1]
39 TP++ TP++ Transport Protocol [DXF]
40 IL IL Transport Protocol [DXP2]
41 SIP Simple Internet Protocol [SXD]
42 SDRP Source Demand Routing Protocol [DXE1]
43 SIP-SR SIP Source Route [SXD]
44 SIP-FRAG SIP Fragment [SXD]
45 IDRP Inter-Domain Routing Protocol [Sue Hares]
46 RSVP Reservation Protocol [Bob Braden]
47 GRE General Routing Encapsulation [Tony Li]
48 MHRP Mobile Host Routing Protocol[David Johnson]
49 BNA BNA [Gary Salamon]
50 SIPP-ESP SIPP Encap Security Payload [Steve Deering]
51 SIPP-AH SIPP Authentication Header [Steve Deering]
52 I-NLSP Integrated Net Layer Security TUBA [GLENN]
53 SWIPE IP with Encryption [JI6]
54 NHRP NBMA Next Hop Resolution Protocol
55-60 Unassigned [JBP]
61 any host internal protocol [JBP]
62 CFTP CFTP [CFTP,HCF2]
63 any local network [JBP]
64 SAT-EXPAK SATNET and Backroom EXPAK [SHB]
65 KRYPTOLAN Kryptolan [PXL1]
66 RVD MIT Remote Virtual Disk Protocol [MBG]
67 IPPC Internet Pluribus Packet Core [SHB]
68 any distributed file system [JBP]
69 SAT-MON SATNET Monitoring [SHB]
70 VISA VISA Protocol [GXT1]
71 IPCV Internet Packet Core Utility [SHB]
72 CPNX Computer Protocol Network Executive [DXM2]
73 CPHB Computer Protocol Heart Beat [DXM2]
74 WSN Wang Span Network [VXD]
75 PVP Packet Video Protocol [SC3]
76 BR-SAT-MON Backroom SATNET Monitoring [SHB]
77 SUN-ND SUN ND PROTOCOL-Temporary [WM3]
78 WB-MON WIDEBAND Monitoring [SHB]
79 WB-EXPAK WIDEBAND EXPAK [SHB]
80 ISO-IP ISO Internet Protocol [MTR]
81 VMTP VMTP [DRC3]
82 SECURE-VMTP SECURE-VMTP [DRC3]
83 VINES VINES [BXH]
84 TTP TTP [JXS]
85 NSFNET-IGP NSFNET-IGP [HWB]
86 DGP Dissimilar Gateway Protocol [DGP,ML109]
87 TCF TCF [GAL5]
88 IGRP IGRP [CISCO,GXS]

89 OSPFIGP OSPFIGP [RFC1583,JTM4]
90 Sprite-RPC Sprite RPC Protocol [SPRITE,BXW]
91 LARP Locus Address Resolution Protocol [BXH]
92 MTP Multicast Transport Protocol [SXA]
93 AX.25 AX.25 Frames [BK29]
94 IPIP IP-within-IP Encapsulation Protocol [JI6]
95 MICP Mobile Internetworking Control Pro. [JI6]
96 SCC-SP Semaphore Communications Sec. Pro. [HXH]
97 ETHERIP Ethernet-within-IP Encapsulation [RXH1]
98 ENCAP Encapsulation Header [RFC1241,RXB3]
99 any private encryption scheme [JBP]
100 GMTP GMTP [RXB5]
101-254 Unassigned [JBP]
255 Reserved [JBP]

REFERENCES

[CFTP] Forsdick, H., "CFTP", Network Message, Bolt Beranek and
Newman, January 1982.

[CISCO] Cisco Systems, "Gateway Server Reference Manual", Manual
Revision B, January 10, 1988.

[DDN] Feinler, E., Editor, "DDN Protocol Handbook", Network
Information Center, SRI International, December 1985.

[DGP] M/A-COM Government Systems, "Dissimilar Gateway Protocol
Specification, Draft Version", Contract no. CS901145,
November 16, 1987.

[ETHERNET] "The Ethernet, A Local Area Network: Data Link Layer and
Physical Layer Specification", AA-K759B-TK, Digital
Equipment Corporation, Maynard, MA. Also as: "The
Ethernet - A Local Area Network", Version 1.0, Digital
Equipment Corporation, Intel Corporation, Xerox
Corporation, September 1980. And: "The Ethernet, A Local
Area Network: Data Link Layer and Physical Layer
Specifications", Digital, Intel and Xerox, November 1982.
And: XEROX, "The Ethernet, A Local Area Network: Data Link
Layer and Physical Layer Specification", X3T51/80-50,
Xerox Corporation, Stamford, CT., October 1980.

[IEN90] Cohen, D. and J. Postel, "Multiplexing Protocol", IEN 90,
USC/Information Sciences Institute, May 1979.

[IEN119] Forgie, J., "ST - A Proposed Internet Stream Protocol",
IEN 119, MIT Lincoln Laboratory, September 1979.

[IEN158] Haverty, J., "XNET Formats for Internet Protocol Version 4",
IEN 158, October 1980.

[MFENET] Shuttleworth, B., "A Documentary of MFENet, a National
Computer Network", UCRL-52317, Lawrence Livermore Labs,
Livermore, California, June 1977.

[PUP] Boggs, D., J. Shoch, E. Taft, and R. Metcalfe, "PUP: An
Internetwork Architecture", XEROX Palo Alto Research Center,
CSL-79-10, July 1979; also in IEEE Transactions on
Communication, Volume COM-28, Number 4, April 1980.

[SPRITE] Welch, B., "The Sprite Remote Procedure Call System",
Technical Report, UCB/Computer Science Dept., 86/302,
University of California at Berkeley, June 1986.

[RFC741] Cohen, D., "Specifications for the Network Voice Protocol",
RFC 741, ISI/RR 7539, USC/Information Sciences Institute,
March 1976.

[RFC768] Postel, J., "User Datagram Protocol", STD 6, RFC 768,
USC/Information Sciences Institute, August 1980.

[RFC791] Postel, J., "Internet Protocol - DARPA Internet Program
Protocol Specification", STD 5, RFC 791, DARPA, September
1981.

[RFC792] Postel, J., "Internet Control Message Protocol - DARPA
Internet Program Protocol Specification", STD 5, RFC 792,
USC/Information Sciences Institute, September 1981.

[RFC793] Postel, J., "Transmission Control Protocol - DARPA
Internet Program Protocol Specification", STD 7, RFC 793,
USC/Information Sciences Institute, September 1981.

[RFC823] Hinden, R., and A. Sheltzer, "The DARPA Internet Gateway",
RFC 823, BBN, September 1982.

[RFC869] Hinden, R., "A Host Monitoring Protocol", RFC 869,
Bolt Beranek and Newman, December 1983.

[RFC888] Seamonson, L., and E. Rosen, "STUB" Exterior Gateway
Protocol", RFC 888, BBN Communications Corporation,
January 1984.

[RFC905] International Standards Organization, "ISO Transport Protocol
Specification - ISO DP 8073", RFC 905, April 1984.

[RFC908] Velten, D., R. Hinden, and J. Sax, "Reliable Data Protocol",
RFC 908, BBN Communications Corporation, July 1984.

[RFC938] Miller, T., "Internet Reliable Transaction Protocol", RFC 938,
ACC, February 1985.

[RFC969] Clark, D., M. Lambert, and L. Zhang, "NETBLT: A Bulk Data
Transfer Protocol", RFC 969, MIT Laboratory for Computer
Science, December 1985.

[RFC1112] Deering, S., "Host Extensions for IP Multicasting",
STD 5, RFC 1112, Stanford University, August 1989.

[RFC1190] Topolcic, C., Editor, "Experimental Internet Stream
Protocol, Version 2 (ST-II)", RFC 1190, CIP Working Group,
October 1990.

[RFC1241] Woodburn, W., and D. Mills, " A Scheme for an Internet
Encapsulation Protocol: Version 1", RFC 1241, SAIC,
University of Delaware, July 1991.

[RFC1583] Moy, J., "The OSPF Specification", RFC 1583, Proteon,
March 1994.

PEOPLE

[BCH2] Barry Howard

[BK29] Brian Kantor

[BN7]

[BWB6] Barry Boehm

[BXH] Brian Horn <---none--->

[BXW] Bruce Willins <---none--->

[DDC1] David Clark

[DLM1] David Mills

[DRC3] Dave Cheriton

[DXE1] Deborah Estrin

[DXF] Dirk Fromhein

[DXM2] David Mittnacht <---none--->

[DXP2] Dave Presotto
[David Johnson]

[GAL5] Guillermo A. Loyola

[GLENN] K. Robert Glenn

[GXC] Greg Chesson

[GXS] Guenther Schreiner

[GXT1] Gene Tsudik

[HCF2] Har ry Forsdick

[HWB] Hans-Werner Braun

[HXH] Howard Hart

[JBP] Jon Postel

[JC120]

[JFH2] Jack Haverty

[JI6] John Ioannidis

[JTM4] John Moy

[JWF] Jim Forgie

[JXS] Jim Stevens

[KATZ] Dave Katz

[MB] Mike Brescia

[MBG] Michael Greenwald

[ML109] Mike Little

[MTR] Marshall T. Rose

[MXS1] Martha Steenstrup

[NC3] J. Noel Chiappa

[PK] Peter Kirstein

[PXL1] Paul Liu <---none--->

[RH6] Robert Hinden

[RTB3] Bob Braden

[RC77]

[RWS4] Robert W. Scheifler

[RXB3] Robert Woodburn

[RXH1] Russ Housley

[SAF3] Stuart A. Friedberg

[SC3] Steve Casner
[SGC] Steve Chipman

[SHB] Steven Blumenthal

[Sue Hares] Sue Hares

[SXA] Susie Armstrong

[SXD] Steve Deering

[Tony Li] Tony Li

[TXM] Trudy Miller

[VXD] Victor Dafoulas <---none--->

[WM3] William Melohn

[WXC] Wesley Craig

[ZSU] Zaw-Sing Su

[]

URL = ftp://ftp.isi.edu/in-notes/iana/assignments/protocol-numbers

WELL KNOWN PORT NUMBERS

The Well Known Ports are controlled and assigned by the IANA and on
most systems can only be used by system (or root) processes or by
programs executed by privileged users.

Ports are used in the TCP [RFC793] to name the ends of logical
connections which carry long term conversations. For the purpose of
providing services to unknown callers, a service contact port is
defined. This list specifies the port used by the server process as
its contact port. The contact port is sometimes called the
"well-known port".

To the extent possible, these same port assignments are used with the
UDP [RFC768].

The assigned ports use a small portion of the possible port numbers.
For many years the assigned ports were in the range 0-255. Recently,
the range for assigned ports managed by the IANA has been expanded to
the range 0-1023.

Port Assignments:

Keyword Decimal Description References
------- ------- ----------- ----------
0/tcp Reserved
0/udp Reserved
# Jon Postel
tcpmux 1/tcp TCP Port Service Multiplexer
tcpmux 1/udp TCP Port Service Multiplexer
# Mark Lottor
compressnet 2/tcp Management Utility
compressnet 2/udp Management Utility
compressnet 3/tcp Compression Process
compressnet 3/udp Compression Process
# Bernie Volz
# 4/tcp Unassigned
# 4/udp Unassigned
rje 5/tcp Remote Job Entry
rje 5/udp Remote Job Entry
# Jon Postel
# 6/tcp Unassigned
# 6/udp Unassigned
echo 7/tcp Echo
echo 7/udp Echo
# Jon Postel
# 8/tcp Unassigned

# 8/udp Unassigned
discard 9/tcp Discard
discard 9/udp Discard
# Jon Postel
# 10/tcp Unassigned
# 10/udp Unassigned
systat 11/tcp Active Users
systat 11/udp Active Users
# Jon Postel
# 12/tcp Unassigned
# 12/udp Unassigned
daytime 13/tcp Daytime
daytime 13/udp Daytime
# Jon Postel
# 14/tcp Unassigned
# 14/udp Unassigned
# 15/tcp Unassigned [was netstat]
# 15/udp Unassigned
# 16/tcp Unassigned
# 16/udp Unassigned
qotd 17/tcp Quote of the Day
qotd 17/udp Quote of the Day
# Jon Postel
msp 18/tcp Message Send Protocol
msp 18/udp Message Send Protocol
# Rina Nethaniel <---none--->
chargen 19/tcp Character Generator
chargen 19/udp Character Generator
ftp-data 20/tcp File Transfer [Default Data]
ftp-data 20/udp File Transfer [Default Data]
ftp 21/tcp File Transfer [Control]
ftp 21/udp File Transfer [Control]
# Jon Postel
# 22/tcp Unassigned
# 22/udp Unassigned
telnet 23/tcp Telnet
telnet 23/udp Telnet
# Jon Postel
24/tcp any private mail system
24/udp any private mail system
# Rick Adam
smtp 25/tcp Simple Mail Transfer
smtp 25/udp Simple Mail Transfer
# Jon Postel
# 26/tcp Unassigned
# 26/udp Unassigned
nsw-fe 27/tcp NSW User System FE
nsw-fe 27/udp NSW User System FE

# Robert Thomas
# 28/tcp Unassigned
# 28/udp Unassigned
msg-icp 29/tcp MSG ICP
msg-icp 29/udp MSG ICP
# Robert Thomas
# 30/tcp Unassigned
# 30/udp Unassigned
msg-auth 31/tcp MSG Authentication
msg-auth 31/udp MSG Authentication
# Robert Thomas
# 32/tcp Unassigned
# 32/udp Unassigned
dsp 33/tcp Display Support Protocol
dsp 33/udp Display Support Protocol
# Ed Cain
# 34/tcp Unassigned
# 34/udp Unassigned
35/tcp any private printer server
35/udp any private printer server
# Jon Postel
# 36/ tcp Unassigned
# 36/udp Unassigned
time 37/tcp Time
time 37/udp Time
# Jon Postel
rap 38/tcp Route Access Protocol
rap 38/udp Route Access Protocol
# Robert Ullmann
rlp 39/tcp Resource Location Protocol
rlp 39/udp Resource Location Protocol
# Mike Accetta
# 40/tcp Unassigned
# 40/udp Unassigned
graphics 41/tcp Graphics
graphics 41/udp Graphics
nameserver 42/tcp Host Name Server
nameserver 42/udp Host Name Server
nicname 43/tcp Who Is
nicname 43/udp Who Is
mpm-flags 44/tcp MPM FLAGS Protocol
mpm-flags 44/udp MPM FLAGS Protocol
mpm 45/tcp Message Processing Module [recv]
mpm 45/udp Message Processing Module [recv]
mpm-snd 46/tcp MPM [default send]
mpm-snd 46/udp MPM [default send]
# Jon Postel
ni-ftp 47/tcp NI FTP

ni-ftp 47/udp NI FTP
# Steve Kille
auditd 48/tcp Digital Audit Daemon
auditd 48/udp Digital Audit Daemon
# Larry Scott
login 49/tcp Login Host Protocol
login 49/udp Login Host Protocol
# Pieter Ditmars
re-mail-ck 50/tcp Remote Mail Checking Protocol
re-mail-ck 50/udp Remote Mail Checking Protocol
# Steve Dorner
la-maint 51/tcp IMP Logical Address Maintenance
la-maint 51/udp IMP Logical Address Maintenance
# Andy Malis
xns-time 52/tcp XNS Time Protocol
xns-time 52/udp XNS Time Protocol
# Susie Armstrong
domain 53/tcp Domain Name Server
domain 53/udp Domain Name Server
# Paul Mockapetris
xns-ch 54/tcp XNS Clearinghouse
xns-ch 54/udp XNS Clearinghouse
# Susie Armstrong
isi-gl 55/tcp ISI Graphics Language
isi-gl 55/udp ISI Graphics Language
xns-auth 56/tcp XNS Authentication
xns-auth 56/udp XNS Authentication
# Susie Armstrong
57/tcp any private terminal access
57/udp any private terminal access
# Jon Postel
xns-mail 58/tcp XNS Mail
xns-mail 58/udp XNS Mail
# Susie Armstrong
59/tcp any private file service
59/udp any private file service
# Jon Postel
60/tcp Unassigned
60/udp Unassigned
ni-mail 61/tcp NI MAIL
ni-mail 61/udp NI MAIL
# Steve Kille
acas 62/tcp ACA Services
acas 62/udp ACA Services
# E. Wald
# 63/tcp Unassigned
# 63/udp Unassigned
covia 64/tcp Communications Integrator (CI)

covia 64/udp Communications Integrator (CI)
# "Tundra" Tim Daneliuk
#
tacacs-ds 65/tcp TACACS-Database Service
tacacs-ds 65/udp TACACS-Database Service
# Kathy Huber
sql*net 66/tcp Oracle SQL*NET
sql*net 66/udp Oracle SQL*NET
# Jack Haverty
bootps 67/tcp Bootstrap Protocol Server
bootps 67/udp Bootstrap Protocol Server
bootpc 68/tcp Bootstrap Protocol Client
bootpc 68/udp Bootstrap Protocol Client
# Bill Croft
tftp 69/tcp Trivial File Transfer
tftp 69/udp Trivial File Transfer
# David Clark
gopher 70/tcp Gopher
gopher 70/udp Gopher
# Mark McCahill
netrjs-1 71/tcp Remote Job Service
netrjs-1 71/udp Remote Job Service
netrjs-2 72/tcp Remote Job Service
netrjs-2 72/udp Remote Job Service
netrjs-3 73/tcp Remote Job Service
netrjs-3 73/udp Remote Job Service
netrjs-4 74/tcp Remote Job Service
netrjs-4 74/udp Remote Job Service
# Bob Braden
75/tcp any private dial out service
75/udp any private dial out service
# Jon Postel
deos 76/tcp Distributed External Object Store
deos 76/udp Distributed External Object Store
# Robert Ullmann
77/tcp any private RJE service
77/udp any private RJE service
# Jon Postel
vettcp 78/tcp vettcp
vettcp 78/udp vettcp
# Christopher Leong
finger 79/tcp Finger
finger 79/udp Finger
# David Zimmerman
www-http 80/tcp World Wide Web HTTP
www-http 80/udp World Wide Web HTTP
# Tim Berners-Lee
hosts2-ns 81/tcp HOSTS2 Name Server

hosts2-ns 81/udp HOSTS2 Name Server
# Earl Killian
xfer 82/tcp XFER Utility
xfer 82/udp XFER Utility
# Thomas M. Smith
mit-ml-dev 83/tcp MIT ML Device
mit-ml-dev 83/udp MIT ML Device
# David Reed <--none--->
ctf 84/tcp Common Trace Facility
ctf 84/udp Common Trace Facility
# Hugh Thomas
mit-ml-dev 85/tcp MIT ML Device
mit-ml-dev 85/udp MIT ML Device
# David Reed <--none--->
mfcobol 86/tcp Micro Focus Cobol
mfcobol 86/udp Micro Focus Cobol
# Simon Edwards <--none--->
87/tcp any private terminal link
87/udp any private terminal link
# Jon Postel
kerberos 88/tcp Kerberos
kerberos 88/udp Kerberos
# B. Clifford Neuman
s u-mit-tg 89/tcp SU/MIT Telnet Gateway
su-mit-tg 89/udp SU/MIT Telnet Gateway
# Mark Crispin
dnsix 90/tcp DNSIX Securit Attribute Token Map
dnsix 90/udp DNSIX Securit Attribute Token Map
# Charles Watt
mit-dov 91/tcp MIT Dover Spooler
mit-dov 91/udp MIT Dover Spooler
# Eliot Moss
npp 92/tcp Network Printing Protocol
npp 92/udp Network Printing Protocol
# Louis Mamakos
dcp 93/tcp Device Control Protocol
dcp 93/udp Device Control Protocol
# Daniel Tappan
objcall 94/tcp Tivoli Object Dispatcher
objcall 94/udp Tivoli Object Dispatcher
# Tom Bereiter <--none--->
supdup 95/tcp SUPDUP
supdup 95/udp SUPDUP
# Mark Crispin
dixie 96/tcp DIXIE Protocol Specification
dixie 96/udp DIXIE Protocol Specification
# Tim Howes
swift-rvf 97/tcp Swift Remote Vitural File Protocol

swift-rvf 97/udp Swift Remote Vitural File Protocol
# Maurice R. Turcotte
#
tacnews 98/tcp TAC News
tacnews 98/udp TAC News
# Jon Postel
metagram 99/tcp Metagram Relay
metagram 99/udp Metagram Relay
# Geoff Goodfellow
newacct 100/tcp [unauthorized use]
hostname 101/tcp NIC Host Name Server
hostname 101/udp NIC Host Name Server
# Jon Postel
iso-tsap 102/tcp ISO-TSAP
iso-tsap 102/udp ISO-TSAP
# Marshall Rose
gppitnp 103/tcp Genesis Point-to-Point Trans Net
gppitnp 103/udp Genesis Point-to-Point Trans Net
acr-nema 104/tcp ACR-NEMA Digital Imag. & Comm. 300
acr-nema 104/udp ACR-NEMA Digital Imag. & Comm. 300
# Patrick McNamee <--none--->
csnet-ns 105/tcp Mailbox Name Nameserver
csnet-ns 105/udp Mailbox Name Nameserver
# Marvin Solomon
3com-tsmux 106/tcp 3COM-TSMUX
3com-tsmux 106/udp 3COM-TSMUX
# Jeremy Siegel
rtelnet 107/tcp Remote Telnet Service
rtelnet 107/udp Remote Telnet Service
# Jon Postel
snagas 108/tcp SNA Gateway Access Server
snagas 108/udp SNA Gateway Access Server
# Kevin Murphy
pop2 109/tcp Post Office Protocol - Version 2
pop2 109/udp Post Office Protocol - Version 2
# Joyce K. Reynolds
pop3 110/tcp Post Office Protocol - Version 3
pop3 110/udp Post Office Protocol - Version 3
# Marshall Rose
sunrpc 111/tcp SUN Remote Procedure Call
sunrpc 111/udp SUN Remote Procedure Call
# Chuck McManis
mcidas 112/tcp McIDAS Data Transmission Protocol
mcidas 112/udp McIDAS Data Transmission Protocol
# Glenn Davis
auth 113/tcp Authentication Service
auth 113/udp Authentication Service
# Mike St. Johns

audionews 114/tcp Audio News Multicast
audionews 114/udp Audio News Multicast
# Martin Forssen
sftp 115/tcp Simple File Transfer Protocol
sftp 115/udp Simple File Transfer Protocol
# Mark Lottor
ansanotify 116/tcp ANSA REX Notify
ansanotify 116/udp ANSA REX Notify
# Nicola J. Howarth
uucp-path 117/tcp UUCP Path Service
uucp-path 117/udp UUCP Path Service
sqlserv 118/tcp SQL Services
sqlserv 118/udp SQL Services
# Larry Barnes
nntp 119/tcp Network News Transfer Protocol
nntp 119/udp Network News Transfer Protocol
# Phil Lapsley
cfdptkt 120/tcp CFDPTKT
cfdptkt 120/udp CFDPTKT
# John Ioannidis
erpc 121/tcp Encore Expedited Remote Pro.Call
erpc 121/udp Encore Expedited Remote Pro.Call
# Jack O'Neil <---none--->
smakynet 122/tcp SMAKYNET
smakynet 122/udp SMAKYNET
# Mike O'Dowd
ntp 123/tcp Network Time Protocol
ntp 123/udp Network Time Protocol
# Dave Mills
ansatrader 124/tcp ANSA REX Trader
ansatrader 124/udp ANSA REX Trader
# Nicola J. Howarth
locus-map 125/tcp Locus PC-Interface Net Map Ser
locus-map 125/udp Locus PC-Interface Net Map Ser
# Eric Peterson
unitary 126/tcp Unisys Unitary Login
unitary 126/udp Unisys Unitary Login
#
locus-con 127/tcp Locus PC-Interface Conn Server
locus-con 127/udp Locus PC-Interface Conn Server
# Eric Peterson
gss-xlicen 128/tcp GSS X License Verification
gss-xlicen 128/udp GSS X License Verification
# John Light
pwdgen 129/tcp Password Generator Protocol
pwdgen 129/udp Password Generator Protocol
# Frank J. Wacho
cisco-fna 130/tcp cisco FNATIVE

cisco-fna 130/udp cisco FNATIVE
cisco-tna 131/tcp cisco TNATIVE
cisco-tna 131/udp cisco TNATIVE
cisco-sys 132/tcp cisco SYSMAINT
cisco-sys 132/udp cisco SYSMAINT
statsrv 133/tcp Statistics Service
statsrv 133/udp Statistics Service
# Dave Mills
ingres-net 134/tcp INGRES-NET Service
ingres-net 134/udp INGRES-NET Service
# Mike Berrow <---none--->
loc-srv 135/tcp Location Service
loc-srv 135/udp Location Service
# Joe Pato
profile 136/tcp PROFILE Naming System
profile 136/udp PROFILE Naming System
# Larry Peterson
netbios-ns 137/tcp NETBIOS Name Service
netbios-ns 137/udp NETBIOS Name Service
netbios-dgm 138/tcp NETBIOS Datagram Service
netbios-dgm 138/udp NETBIOS Datagram Service
netbios-ssn 139/tcp NETBIOS Session Service
netbios-ssn 139/udp NETBIOS Session Service
# Jon Postel
emfis-data 140/tcp EMFIS Data Service
emfis-data 140/udp EMFIS Data Service
emfis-cntl 141/tcp EMFIS Control Service
emfis-cntl 141/udp EMFIS Control Service
# Gerd Beling
bl-idm 142/tcp Britton-Lee IDM
bl-idm 142/udp Britton-Lee IDM
# Susie Snitzer <---none--->
imap2 143/tcp Interim Mail Access Protocol v2
imap2 143/udp Interim Mail Access Protocol v2
# Mark Crispin
news 144/tcp NewS
news 144/udp NewS
# James Gosling
uaac 145/tcp UAAC Protocol
uaac 145/udp UAAC Protocol
# David A. Gomberg
iso-tp0 146/tcp ISO-IP0
iso-tp0 146/udp ISO-IP0
iso-ip 147/tcp ISO-IP
iso-ip 147/udp ISO-IP
# Marshall Rose
cronus 148/tcp CRONUS-SUPPORT
cronus 148/udp CRONUS-SUPPORT

# Jeffrey Buffun
aed-512 149/tcp AED 512 Emulation Service
aed-512 149/udp AED 512 Emulation Service
# Albert G. Broscius
sql-net 150/tcp SQL-NET
sql-net 150/udp SQL-NET
# Martin Picard <<---none--->
hems 151/tcp HEMS
hems 151/udp HEMS
# Christopher Tengi
bftp 152/tcp Background File Transfer Program
bftp 152/udp Background File Transfer Program
# Annette DeSchon
sgmp 153/tcp SGMP
sgmp 153/udp SGMP
# Marty Schoffstahl
netsc-prod 154/tcp NETSC
netsc-prod 154/udp NETSC
netsc-dev 155/tcp NETSC
netsc-dev 155/udp NETSC
# Sergio Heker
sqlsrv 156/tcp SQL Service
sqlsrv 156/udp SQL Service
# Craig Rogers
knet-cmp 157/tcp KNET/VM Command/Message Protocol
knet-cmp 157/udp KNET/VM Command/Message Protocol
# Gary S. Malkin
pcmail-srv 158/tcp PCMail Server
pcmail-srv 158/udp PCMail Server
# Mark L. Lambert
nss-routing 159/tcp NSS-Routing
nss-routing 159/udp NSS-Routing
# Yakov Rekhter
sgmp-traps 160/tcp SGMP-TRAPS
sgmp-traps 160/udp SGMP-TRAPS
# Marty Schoffstahl
snmp 161/tcp SNMP
snmp 161/udp SNMP
snmptrap 162/tcp SNMPTRAP
snmptrap 162/udp SNMPTRAP
# Marshall Rose
cmip-man 163/tcp CMIP/TCP Manager
cmip-man 163/udp CMIP/TCP Manager
cmip-agent 164/tcp CMIP/TCP Agent
smip-agent 164/udp CMIP/TCP Agent
# Amatzia Ben-Artzi <---none--->
xns-courier 165/tcp Xerox
xns-courier 165/udp Xerox

# Susie Armstrong
s-net 166/tcp Sirius Systems
s-net 166/udp Sirius Systems
# Brian Lloyd <---none--->
namp 167/tcp NAMP
namp 167/udp NAMP
# Marty Schoffstahl
rsvd 168/tcp RSVD
rsvd 168/udp RSVD
# Neil Todd
send 169/tcp SEND
send 169/udp SEND
# William D. Wisner
print-srv 170/tcp Network PostScript
print-srv 170/udp Network PostScript
# Brian Reid
multiplex 171/tcp Network Innovations Multiplex
multiplex 171/udp Network Innovations Multiplex
cl/1 172/tcp Network Innovations CL/1
cl/1 172/udp Network Innovations CL/1
# Kevin DeVault <<---none--->
xyplex-mux 173/tcp Xyplex
xyplex-mux 173/udp Xyplex
# Bob Stewart
mailq 174/tcp MAILQ
mailq 174/udp MAILQ
# Rayan Zachariassen
vmnet 175/tcp VMNET
vmnet 175/udp VMNET
# Christopher Tengi
genrad-mux 176/tcp GENRAD-MUX
genrad-mux 176/udp GENRAD-MUX
# Ron Thornton
xdmcp 177/tcp X Display Manager Control Protocol
xdmcp 177/udp X Display Manager Control Protocol
# Robert W. Scheifler
nextstep 178/tcp NextStep Window Server
NextStep 178/udp NextStep Window Server
# Leo Hourvitz
bgp 179/tcp Border Gateway Protocol
bgp 179/udp Border Gateway Protocol
# Kirk Lougheed
ris 180/tcp Intergraph
ris 180/udp Intergraph
# Dave Buehmann
unify 181/tcp Unify
unify 181/udp Unify
# Vinod Singh <--none--->

audit 182/tcp Unisys Audit SITP
audit 182/udp Unisys Audit SITP
# Gil Greenbaum
ocbinder 183/tcp OCBinder
ocbinder 183/udp OCBinder
ocserver 184/tcp OCServer
ocserver 184/udp OCServer
# Jerrilynn Okamura <--none--->
remote-kis 185/tcp Remote-KIS
remote-kis 185/udp Remote-KIS
kis 186/tcp KIS Protocol
kis 186/udp KIS Protocol
# Ralph Droms
aci 187/tcp Application Communication Interface
aci 187/udp Application Communication Interface
# Rick Carlos
mumps 188/tcp Plus Five's MUMPS
mumps 188/udp Plus Five's MUMPS
# Hokey Stenn
qft 189/tcp Queued File Transport
qft 189/udp Queued File Transport
# Way ne Schroeder
gacp 190/tcp Gateway Access Control Protocol
cacp 190/udp Gateway Access Control Protocol
# C. Philip Wood
prospero 191/tcp Prospero Directory Service
prospero 191/udp Prospero Directory Service
# B. Clifford Neuman
osu-nms 192/tcp OSU Network Monitoring System
osu-nms 192/udp OSU Network Monitoring System
# Doug Karl
srmp 193/tcp Spider Remote Monitoring Protocol
srmp 193/udp Spider Remote Monitoring Protocol
# Ted J. Socolofsky
irc 194/tcp Internet Relay Chat Protocol
irc 194/udp Internet Relay Chat Protocol
# Jarkko Oikarinen
dn6-nlm-aud 195/tcp DNSIX Network Level Module Audit
dn6-nlm-aud 195/udp DNSIX Network Level Module Audit
dn6-smm-red 196/tcp DNSIX Session Mgt Module Audit Redir
dn6-smm-red 196/udp DNSIX Session Mgt Module Audit Redir
# Lawrence Lebahn
dls 197/tcp Directory Location Service
dls 197/udp Directory Location Service
dls-mon 198/tcp Directory Location Service Monitor
dls-mon 198/udp Directory Location Service Monitor
# Scott Bellew
smux 199/tcp SMUX

smux 199/udp SMUX
# Marshall Rose
src 200/tcp IBM System Resource Controller
src 200/udp IBM System Resource Controller
# Gerald McBrearty <---none--->
at-rtmp 201/tcp AppleTalk Routing Maintenance
at-rtmp 201/udp AppleTalk Routing Maintenance
at-nbp 202/tcp AppleTalk Name Binding
at-nbp 202/udp AppleTalk Name Binding
at-3 203/tcp AppleTalk Unused
at-3 203/udp AppleTalk Unused
at-echo 204/tcp AppleTalk Echo
at-echo 204/udp AppleTalk Echo
at-5 205/tcp AppleTalk Unused
at-5 205/udp AppleTalk Unused
at-zis 206/tcp AppleTalk Zone Information
at-zis 206/udp AppleTalk Zone Information
at-7 207/tcp AppleTalk Unused
at-7 207/udp AppleTalk Unused
at-8 208/tcp AppleTalk Unused
at-8 208/udp AppleTalk Unused
# Rob Chandhok
tam 209/tcp Trivial Authenticated Mail Protocol
tam 209/udp Trivial Authenticated Mail Protocol
# Dan Bernstein
z39.50 210/tcp ANSI Z39.50
z39.50 210/udp ANSI Z39.50
# Mark Needleman
#
914c/g 211/tcp Texas Instruments 914C/G Terminal
914c/g 211/udp Texas Instruments 914C/G Terminal
# Bill Harrell <---none--->
anet 212/tcp ATEXSSTR
anet 212/udp ATEXSSTR
# Jim Taylor
ipx 213/tcp IPX
ipx 213/udp IPX
# Don Provan
vmpwscs 214/tcp VM PWSCS
vmpwscs 214/udp VM PWSCS
# Dan Shia
softpc 215/tcp Insignia Solutions
softpc 215/udp Insignia Solutions
# Martyn Thomas <---none--->
atls 216/tcp Access Technology License Server
atls 216/udp Access Technology License Server
# Larry DeLuca
dbase 217/tcp dBASE Unix

dbase 217/udp dBASE Unix
# Don Gibson
#
mpp 218/tcp Netix Message Posting Protocol
mpp 218/udp Netix Message Posting Protocol
# Shannon Yeh
uarps 219/tcp Unisys ARPs
uarps 219/udp Unisys ARPs
# Ashok Marwaha <---none--->
imap3 220/tcp Interactive Mail Access Protocol v3
imap3 220/udp Interactive Mail Access Protocol v3
# James Rice
fln-spx 221/tcp Berkeley rlogind with SPX auth
fln-spx 221/udp Berkeley rlogind with SPX auth
rsh-spx 222/tcp Berkeley rshd with SPX auth
rsh-spx 222/udp Berkeley rshd with SPX auth
cdc 223/tcp Certificate Distribution Center
cdc 223/udp Certificate Distribution Center
# Kannan Alagappan
# 224-241 Reserved
# Jon Postel
# 242/tcp Unassigned
# 242/udp Unassigned
sur-meas 243/tcp Survey Measurement
sur-meas 243/udp Survey Measurement
# Dave Clark
# 244/tcp Unassigned
# 244/udp Unassigned
link 245/tcp LINK
link 245/udp LINK
dsp3270 246/tcp Display Systems Protocol
dsp3270 246/udp Display Systems Protocol
# Weldon J. Showalter
# 247-255 Reserved
# Jon Postel
# 256-343 Unassigned
pdap 344/tcp Prospero Data Access Protocol
pdap 344/udp Prospero Data Access Protocol
# B. Clifford Neuman
pawserv 345/tcp Perf Analysis Workbench
pawserv 345/udp Perf Analysis Workbench
zserv 346/tcp Zebra server
zserv 346/udp Zebra server
fatserv 347/tcp Fatmen Server
fatserv 347/udp Fatmen Server
csi-sgwp 348/tcp Cabletron Management Protocol
csi-sgwp 348/udp Cabletron Management Protocol
# 349-370 Unassigned

clearcase 371/tcp Clearcase
clearcase 371/udp Clearcase
# Dave LeBlang
ulistserv 372/tcp Unix Listserv
ulistserv 372/udp Unix Listserv
# Anastasios Kotsikonas
legent-1 373/tcp Legent Corporation
legent-1 373/udp Legent Corporation
legent-2 374/tcp Legent Corporation
legent-2 374/udp Legent Corporation
# Keith Boyce <---none--->
hassle 375/tcp Hassle
hassle 375/udp Hassle
# Reinhard Doelz
nip 376/tcp Amiga Envoy Network Inquiry Proto
nip 376/udp Amiga Envoy Network Inquiry Proto
# Kenneth Dyke
tnETOS 377/tcp NEC C orporation
tnETOS 377/udp NEC Corporation
dsETOS 378/tcp NEC Corporation
dsETOS 378/udp NEC Corporation
# Tomoo Fujita
is99c 379/tcp TIA/EIA/IS-99 modem client
is99c 379/udp TIA/EIA/IS-99 modem client
is99s 380/tcp TIA/EIA/IS-99 modem server
is99s 380/udp TIA/EIA/IS-99 modem server
# Frank Quick
hp-collector 381/tcp hp performance data collector
hp-collector 381/udp hp performance data collector
hp-managed-node 382/tcp hp performance data managed node
hp-managed-node 382/udp hp performance data managed node
hp-alarm-mgr 383/tcp hp performance data alarm manager
hp-alarm-mgr 383/udp hp performance data alarm manager
# Frank Blakely
arns 384/tcp A Remote Network Server System
arns 384/udp A Remote Network Server System
# David Hornsby
ibm-app 385/tcp IBM Application
ibm-app 385/tcp IBM Application
# Lisa Tomita <---none--->
asa 386/tcp ASA Message Router Object Def.
asa 386/udp ASA Message Router Object Def.
# Steve Laitinen
aurp 387/tcp Appletalk Update-Based Routing Pro.
aurp 387/udp Appletalk Update-Based Routing Pro.
# Chris Ranch
unidata-ldm 388/tcp Unidata LDM Version 4
unidata-ldm 388/udp Unidata LDM Version 4

# Glenn Davis
ldap 389/tcp Lightweight Directory Access Protocol
ldap 389/udp Lightweight Directory Access Protocol
# Tim Howes
uis 390/tcp UIS
uis 390/udp UIS
# Ed Barron <---none--->
synotics-relay 391/tcp SynOptics SNMP Relay Port
synotics-relay 391/udp SynOptics SNMP Relay Port
synotics-broker 392/tcp SynOptics Port Broker Port
synotics-broker 392/udp SynOptics Port Broker Port
# Illan Raab
dis 393/tcp Data Interpretation System
dis 393/udp Data Interpretation System
# Paul Stevens
embl-ndt 394/tcp EMBL Nucleic Data Transfer
embl-ndt 394/udp EMBL Nucleic Data Transfer
# Peter Gad
netcp 395/tcp NETscout Control Protocol
netcp 395/udp NETscout Control Protocol
# Anil Singhal <---none--->
netware-ip 396/tcp Novell Netware over IP
netware-ip 396/udp Novell Netware over IP
mptn 397/tcp Multi Protocol Trans. Net.
mptn 397/udp Multi Protocol Trans. Net.
# Soumitra Sarkar
kryptolan 398/tcp Kryptolan
kryptolan 398/udp Kryptolan
# Peter de Laval
# 399/tcp Unassigned
# 399/udp Unassigned
work-sol 400/tcp Workstation Solutions
work-sol 400/udp Workstation Solutions
# Jim Ward
ups 401/tcp Uninterruptible Power Supply
ups 401/udp Uninterruptible Power Supply
# Guenther Seybold
genie 402/tcp Genie Protocol
genie 402/udp Genie Protocol
# Mark Hankin <---none--->
decap 403/tcp decap
decap 403/udp decap
nced 404/tcp nced
nced 404/udp nced
ncld 405/tcp ncld
ncld 405/udp ncld
# Richard Jones <---none--->
imsp 406/tcp Interactive Mail Support Protocol

imsp 406/udp Interactive Mail Support Protocol
# John Myers
timbuktu 407/tcp Timbuktu
timbuktu 407/udp Timbuktu
# Marc Epard
prm-sm 408/tcp Prospero Resource Manager Sys. Man.
prm-sm 408/udp Prospero Resource Manager Sys. Man.
prm-nm 409/tcp Prospero Resource Manager Node Man.
prm-nm 409/udp Prospero Resource Manager Node Man.
# B. Clifford Neuman
decladebug 410/tcp DECLadebug Remote Debug Protocol
decladebug 410/udp DECLadebug Remote Debug Protocol
# Anthony Berent
rmt 411/tcp Remote MT Protocol
rmt 411/udp Remote MT Protocol
# Peter Eriksson
synoptics-trap 412/tcp Trap Convention Port
synoptics-trap 412/udp Trap Convention Port
# Illan Raab
smsp 413/tcp SMSP
smsp 413/udp SMSP
infoseek 414/tcp InfoSeek
infoseek 414/udp InfoSeek
# Steve Kirsch
bnet 415/tcp BNet
bnet 415/udp BNet
# Jim Mertz
silverplatter 416/tcp Silverplatter
silverplatter 416/udp Silverplatter
# Peter Ciuffetti
onmux 417/tcp Onmux
onmux 417/udp Onmux
# Stephen Hanna
hyper-g 418/tcp Hyper-G
hyper-g 418/udp Hyper-G
# Frank Kappe
ariel1 419/tcp Ariel
ariel1 419/udp Ariel
# Jonathan Lavigne
smpte 420/tcp SMPTE
smpte 420/udp SMPTE
# Si Becker <71362.22@CompuServe.COM>
ariel2 421/tcp Ariel
ariel2 421/udp Ariel
ariel3 422/tcp Ariel
ariel3 422/udp Ariel
# Jonathan Lavigne
opc-job-start 423/tcp IBM Operations Planning and Control Start

opc-job-start 423/udp IBM Operations Planning and Control Start
opc-job-track 424/tcp IBM Operations Planning and Control Track
opc-job-track 424/udp IBM Operations Planning and Control Track
# Conny Larsson
icad-el 425/tcp ICAD
icad-el 425/udp ICAD
# Larry Stone
smartsdp 426/tcp smartsdp
smartsdp 426/udp smartsdp
# Alexander Dupuy
svrloc 427/tcp Server Location
svrloc 427/udp Server Location
#
ocs_cmu 428/tcp OCS_CMU
ocs_cmu 428/udp OCS_CMU
ocs_amu 429/tcp OCS_AMU
ocs_amu 42 9/udp OCS_AMU
# Florence Wyman
utmpsd 430/tcp UTMPSD
utmpsd 430/udp UTMPSD
utmpcd 431/tcp UTMPCD
utmpcd 431/udp UTMPCD
iasd 432/tcp IASD
iasd 432/udp IASD
# Nir Baroz
nnsp 433/tcp NNSP
nnsp 433/udp NNSP
# Rob Robertson
mobileip-agent 434/tcp MobileIP-Agent
mobileip-agent 434/udp MobileIP-Agent
mobilip-mn 435/tcp MobilIP-MN
mobilip-mn 435/udp MobilIP-MN
# Kannan Alagappan
dna-cml 436/tcp DNA-CML
dna-cml 436/udp DNA-CML
# Dan Flowers
comscm 437/tcp comscm
comscm 437/udp comscm
# Jim Teague
dsfgw 438/tcp dsfgw
dsfgw 438/udp dsfgw
# Andy McKeen
dasp 439/tcp dasp Thomas Obermair
dasp 439/udp dasp tommy@inlab.m.eunet.de
# Thomas Obermair
sgcp 440/tcp sgcp
sgcp 440/udp sgcp
# Marshall Rose

decvms-sysmgt 441/tcp decvms-sysmgt
decvms-sysmgt 441/udp decvms-sysmgt
# Lee Barton
cvc_hostd 442/tcp cvc_hostd
cvc_hostd 442/udp cvc_hostd
# Bill Davidson
https 443/tcp https MCom
https 443/udp https MCom
# Kipp E.B. Hickman
snpp 444/tcp Simple Network Paging Protocol
snpp 444/udp Simple Network Paging Protocol
# [RFC1568]
microsoft-ds 445/tcp Microsoft-DS
microsoft-ds 445/udp Microsoft-DS
# Arnold Miller
ddm-rdb 446/tcp DDM-RDB
ddm-rdb 446/udp DDM-RDB
ddm-dfm 447/tcp DDM-RFM
ddm-dfm 447/udp DDM-RFM
ddm-byte 448/tcp DDM-BYTE
ddm-byte 448/udp DDM-BYTE
# Jan David Fisher
as-servermap 449/tcp AS Server Mapper
as-servermap 449/udp AS Server Mapper
# Barbara Foss
tserver 450/tcp TServer
tserver 450/udp TServer
# Harvey S. Schultz
# 451-511 Unassigned
exec 512/tcp remote process execution;
# authentication performed using
# passwords and UNIX loppgin names
biff 512/udp used by mail system to notify users
# of new mail received; currently
# receives messages only from
# processes on the same machine
login 513/tcp remote login a la telnet;
# automatic authentication performed
# based on priviledged port numbers
# and distributed data bases which
# identify "authentication domains"
who 513/udp maintains data bases showing who's
# logged in to machines on a local
# net and the load average of the
# machine
cmd 514/tcp like exec, but automatic
# authentication is performed as for
# login server

syslog 514/udp
printer 515/tcp spooler
printer 515/udp spooler
# 516/tcp Unassigned
# 516/udp Unassigned
talk 517/tcp like tenex link, but across
# machine - unfortunately, doesn't
# use link protocol (this is actually
# just a rendezvous port from which a
# tcp connection is established)
talk 517/udp like tenex link, but across
# machine - unfortunately, doesn't
# use link protocol (this is actually
# just a rendezvous port from which a
tcp connection is established)
ntalk 518/tcp
ntalk 518/udp
utime 519/tcp unixtime
utime 519/udp unixtime
efs 520/tcp extended file name server
router 520/udp local routing process (on site);
# uses variant of Xerox NS routing
# information protocol
# 521-524 Unassigned
timed 525/tcp timeserver
timed 525/udp timeserver
tempo 526/tcp newdate
tempo 526/udp newdate
# 527-529 Unassigned
courier 530/tcp rpc
courier 530/udp rpc
conference 531/tcp chat
conference 531/udp chat
netnews 532/tcp readnews
netnews 532/udp readnews
netwall 533/tcp for emergency broadcasts
netwall 533/udp for emergency broadcasts
# 534-538 Unassigned
apertus-ldp 539/tcp Apertus Technologies Load Determination
apertus-ldp 539/udp Apertus Technologies Load Determination
uucp 540/tcp uucpd
uucp 540/udp uucpd
uucp-rlogin 541/tcp uucp-rlogin Stuart Lynne
uucp-rlogin 541/udp uucp-rlogin sl@wimsey.com
# 542/tcp Unassigned
# 542/udp Unassigned
klogin 543/tcp
klogin 543/udp

kshell 544/tcp krcmd
kshell 544/udp krcmd
# 545-549 Unassigned
new-rwho 550/tcp new-who
new-rwho 550/udp new-who
# 551-555 Unassigned
dsf 555/tcp
dsf 555/udp
remotefs 556/tcp rfs server
remotefs 556/udp rfs server
# 557-559 Unassigned
rmonitor 560/tcp rmonitord
rmonitor 560/udp rmonitord
monitor 561/tcp
monitor 561/udp
chshell 562/tcp chcmd
chshell 562/udp chcmd
# 563/tcp Unassigned
# 563/udp Unassigned
9pfs 564/tcp plan 9 file service
9pfs 564/udp plan 9 file service
whoami 565/tcp whoami
whoami 565/udp whoami
# 566-569 Unassigned
meter 570/tcp demon
meter 570/udp demon
meter 571/tcp udemon
meter 571/udp udemon
# 572-599 Unassigned
ipcserver 600/tcp Sun IPC server
ipcserver 600/udp Sun IPC server
nqs 607/tcp nqs
nqs 607/udp nqs
urm 606/tcp Cray Unified Resource Manager
urm 606/udp Cray Unified Resource Manager
# Bill Schiefelbein sift-uft 608/tcp Sender-Initiated/Unsolicited File Transfer
sift-uft 608/udp Sender-Initiated/Unsolicited File Transfer
# Rick Troth
npmp-trap 609/tcp npmp-trap
npmp-trap 609/udp npmp-trap
npmp-local 610/tcp npmp-local
npmp-local 610/udp npmp-local
npmp-gui 611/tcp npmp-gui
npmp-gui 611/udp npmp-gui
# John Barnes
ginad 634/tcp ginad
ginad 634/udp ginad

# Mark Crother
mdqs 666/tcp
mdqs 666/udp
doom 666/tcp doom Id Software
doom 666/tcp doom Id Software
#
elcsd 704/tcp errlog copy/server daemon
elcsd 704/udp errlog copy/server daemon

entrustmanager 709/tcp EntrustManager
entrustmanager 709/udp EntrustManager
# Peter Whittaker
netviewdm1 729/tcp IBM NetView DM/6000 Server/Client
netviewdm1 729/udp IBM NetView DM/6000 Server/Client
netviewdm2 730/tcp IBM NetView DM/6000 send/tcp
netviewdm2 730/udp IBM NetView DM/6000 send/tcp
netviewdm3 731/tcp IBM NetView DM/6000 receive/tcp
netviewdm3 731/udp IBM NetView DM/6000 receive/tcp
# Philippe Binet (phbinet@vnet.IBM.COM)
netgw 741/tcp netGW
netgw 741/udp netGW
netrcs 742/tcp Network based Rev. Cont. Sys.
netrcs 742/udp Network based Rev. Cont. Sys.
# Gordon C. Galligher
flexlm 744/tcp Flexible License Manager
flexlm 744/udp Flexible License Manager
# Matt Christiano
#
fujitsu-dev 747/tcp Fujitsu Device Control
fujitsu-dev 747/udp Fujitsu Device Control
ris-cm 748/tcp Russell Info Sci Calendar Manager
ris-cm 748/udp Russell Info Sci Calendar Manager
kerberos-adm 749/tcp kerberos administration
kerberos-adm 749/udp kerberos administration
rfile 750/tcp
loadav 750/udp
pump 751/tcp
pump 751/udp
qrh 752/tcp
qrh 752/udp
rrh 753/tcp
rrh 753/udp
tell 754/tcp send
tell 754/udp send
nlogin 758/tcp
nlogin 758/udp
con 759/tcp
con 759/udp

ns 760/tcp
ns 760/udp
rxe 761/tcp
rxe 761/udp
quotad 762/tcp
quotad 762/udp
cycleserv 763/tcp
cycleserv 763/udp
omserv 764/tcp
omserv 764/udp
webster 765/tcp
webster 765/udp
phonebook 767/tcp phone
phonebook 767/udp phone
vid 769/tcp
vid 769/udp
cadlock 770/tcp
cadlock 770/udp
rtip 771/tcp
rtip 771/udp
cycleserv2 772/tcp
cycleserv2 772/udp
submit 773/tcp
notify 773/udp
rpasswd 774/tcp
acmaint_dbd 774/udp
entomb 775/tcp
acmaint_transd 775/udp
wpages 776/tcp
wpages 776/udp
wpgs 780/tcp
wpgs 780/udp
concert 786/tcp Concert
concert 786/udp Concert
# Josyula R. Rao
mdbs_daemon 800/tcp
mdbs_daemon 800/udp
device 801/tcp
device 801/udp
xtreelic 996/tcp Central Point Software
xtreelic 996/udp Central Point Software
# Dale Cabell
maitrd 997/tcp
maitrd 997/udp
busboy 998/tcp
puparp 998/udp
garcon 999/tcp
applix 999/udp Applix ac

puprouter 999/tcp
puprouter 999/udp
cadlock 1000/tcp
ock 1000/udp
1023/tcp Reserved
1024/udp Reserved
# IANA

REGISTERED PORT NUMBERS

The Registered Ports are not controlled by the IANA and on most
systems can be used by ordinary user processes or programs executed by
ordinary users.

Ports are used in the TCP [RFC793] to name the ends of logical
connections which carry long term conversations. For the purpose of
providing services to unknown callers, a service contact port is
defined. This list specifies the port used by the server process as
its contact port. While the IANA can not control uses of these ports
it does register or list uses of these ports as a convienence to the
community.

To the extent possible, these same port assignments are used with the
UDP [RFC768].

The Registered Ports are in the range 1024-65535.

Port Assignments:

Keyword Decimal Description References
------- ------- ----------- ----------
1024/tcp Reserved
1024/udp Reserved
# IANA
blackjack 1025/tcp network blackjack
blackjack 1025/udp network blackjack
iad1 1030/tcp BBN IAD
iad1 1030/udp BBN IAD
iad2 1031/tcp BBN IAD
iad2 1031/udp BBN IAD
iad3 1032/tcp BBN IAD
iad3 1032/udp BBN IAD
# Andy Malis
instl_boots 1067/tcp Installation Bootstrap Proto. Serv.
instl_boots 1067/udp Installation Bootstrap Proto. Serv.
instl_bootc 1068/tcp Installation Bootstrap Proto. Cli.

instl_bootc 1068/udp Installation Bootstrap Proto. Cli.
# David Arko <
socks 1080/tcp Socks
socks 1080/udp Socks
# Ying-Da Lee ansoft-lm-1 1083/tcp Anasoft License Manager
ansoft-lm-1 1083/udp Anasoft License Manager
ansoft-lm-2 1084/tcp Anasoft License Manager
ansoft-lm-2 1084/udp Anasoft License Manager
nfa 1155/tcp Network File Access
nfa 1155/udp Network File Access
# James Powell
nerv 1222/tcp SNI R&D network
nerv 1222/udp SNI R&D network
# Martin Freiss
hermes 1248/tcp
hermes 1248/udp
alta-ana-lm 1346/tcp Alta Analytics License Manager
alta-ana-lm 1346/udp Alta Analytics License Manager
bbn-mmc 1347/tcp multi media conferencing
bbn-mmc 1347/udp multi media conferencing
bbn-mmx 1348/tcp multi media conferencing
bbn-mmx 1348/udp multi media conferencing
sbook 1349/tcp Registration Network Protocol
sbook 1349/udp Registration Network Protocol
editbench 1350/tcp Registration Network Protocol
editbench 1350/udp Registration Network Protocol
# Simson L. Garfinkel & lt;simsong@next.cambridge.ma.us>
equationbuilder 1351/tcp Digital Tool Works (MIT)
equationbuilder 1351/udp Digital Tool Works (MIT)
# Terrence J. Talbot
lotusnote 1352/tcp Lotus Note
lotusnote 1352/udp Lotus Note
# Greg Pflaum
relief 1353/tcp Relief Consulting
relief 1353/udp Relief Consulting
# John Feiler
rightbrain 1354/tcp RightBrain Software
rightbrain 1354/udp RightBrain Software
# Glenn Reid
intuitive edge 1355/tcp Intuitive Edge
intuitive edge 1355/udp Intuitive Edge
# Montgomery Zukowski
#
cuillamartin 1356/tcp CuillaMartin Company
cuillamartin 1356/udp CuillaMartin Company
pegboard 1357/tcp Electronic PegBoard
pegboard 1357/udp Electronic PegBoard

# Chris Cuilla
#
connlcli 1358/tcp CONNLCLI
connlcli 1358/udp CONNLCLI
ftsrv 1359/tcp FTSRV
ftsrv 1359/udp FTSRV
# Ines Homem de Melo
mimer 1360/tcp MIMER
mimer 1360/udp MIMER
# Per Schroeder
linx 1361/tcp LinX
linx 1361/udp LinX
# Steffen Schilke <---none--->
timeflies 1362/tcp TimeFlies
timeflies 1362/udp TimeFlies
# Doug Kent
ndm-requester 1363/tcp Network DataMover Requester
ndm-requester 1363/udp Network DataMover Requester
ndm-server 1364/tcp Network DataMover Server
ndm-server 1364/udp Network DataMover Server
# Toshio Watanabe
#
adapt-sna 1365/tcp Network Software Associates
adapt-sna 1365/udp Network Software Associates
# Jeffery Chiao <714-768-401>
netware-csp 1366/tcp Novell NetWare Comm Service Platform
netware-csp 1366/udp Novell NetWare Comm Service Platform
# Laurie Lindsey
dcs 1367/tcp DCS
dcs 1367/udp DCS
# Stefan Siebert
screencast 1368/tcp ScreenCast
screencast 1368/udp ScreenCast
# Bill Tschumy
gv-us 1369/tcp GlobalView to Unix Shell
gv-us 1369/udp GlobalView to Unix Shell
us-gv 1370/tcp Unix Shell to GlobalView
us-gv 1370/udp Unix Shell to GlobalView
# Makoto Mita
fc-cli 1371/tcp Fujitsu Config Protocol
fc-cli 1371/udp Fujitsu Config Protocol
fc-ser 1372/tcp Fujitsu Config Protocol
fc-ser 1372/udp Fujitsu Config Protocol
# Ryuichi Horie
chromagrafx 1373/tcp Chromagrafx
chromagrafx 1373/udp Chromagrafx
# Mike Barthelemy
molly 1374/tcp EPI Software Systems

molly 1374/udp EPI Software Systems
# Jim Vlcek
bytex 1375/tcp Bytex
bytex 1375/udp Bytex
# Mary Ann Burt
ibm-pps 1376/tcp IBM Person to Person Software
ibm-pps 1376/udp IBM Person to Person Software
# Simon Phipps
cichlid 1377/tcp Cichlid License Manager
cichlid 1377/udp Cichlid License Manager
# Andy Burgess
elan 1378/tcp Elan License Manager
elan 1378/udp Elan License Manager
# Ken Greer
dbreporter 1379/tcp Integrity Solutions
dbreporter 1379/udp Integrity Solutions
# Tim Dawson
telesis-licman 1380/tcp Telesis Network License Manager
telesis-licman 1380/udp Telesis Network License Manager
# Karl Schendel, Jr.
apple-licman 1381/tcp Apple Network License Manager
apple-licman 1381/udp Apple Network License Manager
# Earl Wallace
udt_os 1382/tcp
udt_os 1382/udp
gwha 1383/tcp GW Hannaway Network License Manager
gwha 1383/udp GW Hannaway Network License Manager
# J. Gabriel Foster
os-licman 1384/tcp Objective Solutions License Manager
os-licman 1384/udp Objective Solutions License Manager
# Donald Cornwell
atex_elmd 1385/tcp Atex Publishing License Manager
atex_elmd 1385/udp Atex Publishing License Manager
# Brett Sorenson
checksum 1386/tcp CheckSum License Manager
checksum 1386/udp CheckSum License Manager
# Andreas Glocker
cadsi-lm 1387/tcp Computer Aided Design Software Inc LM
cadsi-lm 1387/udp Computer Aided Design Software Inc LM
# Sulistio Muljadi
objective-dbc 1388/tcp Objective Solutions DataBase Cache
objective-dbc 1388/udp Objective Solutions DataBase Cache
# Donald Cornwell
iclpv-dm 1389/tcp Document Manager
iclpv-dm 1389/udp Document Manager
iclpv-sc 1390/tcp Storage Controller
iclpv-sc 1390/udp Storage Controller
iclpv-sas 1391/tcp Storage Access Server

iclpv-sas 1391/udp Storage Access Server
iclpv-pm 1392/tcp Print Manager
iclpv-pm 1392/udp Print Manager
iclpv-nls 1393/tcp Network Log Server
iclpv-nls 1393/udp Network Log Server
iclpv-nlc 1394/tcp Network Log Client
iclpv-nlc 1394/udp Network Log Client
iclpv-wsm 1395/tcp PC Workstation Manager software
iclpv-wsm 1395/udp PC Workstation Manager software
# A.P. Hobson
dvl-activemail 1396/tcp DVL Active Mail
dvl-activemail 1396/udp DVL Active Mail
audio-activmail 1397/tcp Audio Active Mail
audio-activmail 1397/udp Audio Active Mail
video-activmail 1398/tcp Video Active Mail
video-activmail 1398/udp Video Active Mail
# Ehud Shapiro
cadkey-licman 1399/tcp Cadkey License Manager
cadkey-licman 1399/udp Cadkey License Manager
cadkey-tablet 1400/tcp Cadkey Tablet Daemon
cadkey-tablet 1400/udp Cadkey Tablet Daemon
# Joe McCollough
goldleaf-licman 1401/tcp Goldleaf License Manager
goldleaf-licman 1401/udp Goldleaf License Manager
# John Fox <---none--->
prm-sm-np 1402/tcp Prospero Resource Manager
prm-sm-np 1402/udp Prospero Resource Manager
prm-nm-np 1403/tcp Prospero Resource Manager
prm-nm-np 1403/udp Prospero Resource Manager
# B. Clifford Neuman
igi-lm 1404/tcp Infinite Graphics License Manager
igi-lm 1404/udp Infinite Graphics License Manager
ibm-res 1405/tcp IBM Remote Execution Starter
ibm-res 1405/udp IBM Remote Execution Starter
netlabs-lm 1406/tcp NetLabs License Manager
netlabs-lm 1406/udp NetLabs License Manager
dbsa-lm 1407/tcp DBSA License Manager
dbsa-lm 1407/udp DBSA License Manager
# Scott Shattuck
sophia-lm 1408/tcp Sophia License Manager
sophia-lm 1408/udp Sophia License Manager
# Eric Brown
here-lm 1409/tcp Here License Manager
here-lm 1409/udp Here License Manager
# David Ison
hiq 1410/tcp HiQ License Manager
hiq 1410/udp HiQ License Manager
# Rick Pugh

af 1411/tcp AudioFile
af 1411/udp AudioFile
# Jim Gettys
innosys 1412/tcp InnoSys
innosys 1412/udp InnoSys
innosys-acl 1413/tcp Innosys-ACL
innosys-acl 1413/udp Innosys-ACL
# Eric Welch <--none--->
ibm-mqseries 1414/tcp IBM MQSeries
ibm-mqseries 1414/udp IBM MQSeries
# Roger Meli
dbstar 1415/tcp DBStar
dbstar 1415/udp DBStar
# Jeffrey Millman
novell-lu6.2 1416/tcp Novell LU6.2
novell-lu6.2 1416/udp Novell LU6.2
# Peter Liu <--none--->
timbuktu-srv1 1417/tcp Timbuktu Service 1 Port
timbuktu-srv1 1417/tcp Timbuktu Service 1 Port
timbuktu-srv2 1418/tcp Timbuktu Service 2 Port
timbuktu-srv2 1418/udp Timbuktu Service 2 Port
timbuktu-srv3 1419/tcp Timbuktu Service 3 Port
timbuktu-srv3 1419/udp Timbuktu Service 3 Port
timbuktu-srv4 1420/tcp Timbuktu Service 4 Port
timbuktu-srv4 1420/udp Timbuktu Service 4 Port
# Marc Epard
gandalf-lm 1421/tcp Gandalf License Manager
gandalf-lm 1421/udp Gandalf License Manager
# gilmer@gandalf.ca
autodesk-lm 1422/tcp Autodesk License Manager
autodesk-lm 1422/udp Autodesk License Manager
# David Ko
essbase 1423/tcp Essbase Arbor Software
essbase 1423/udp Essbase Arbor Software
hybrid 1424/tcp Hybrid Encryption Protocol
hybrid 1424/udp Hybrid Encryption Protocol
# Howard Hart
zion-lm 1425/tcp Zion Software License Manager
zion-lm 1425/udp Zion Software License Manager
# David Ferrero
sas-1 1426/tcp Satellite-data Acquisition System 1
sas-1 1426/udp Satellite-data Acquisition System 1
# Bill Taylor
mloadd 1427/tcp mloadd monitoring tool
mloadd 1427/udp mloadd monitoring tool
# Bob Braden
informatik-lm 1428/tcp Informatik License Manager
informatik-lm 1428/udp Informatik License Manager

# Harald Schlangmann
#
nms 1429/tcp Hypercom NMS
nms 1429/udp Hypercom NMS
tpdu 1430/tcp Hypercom TPDU
tpdu 1430/udp Hypercom TPDU
# Noor Chowdhury
rgtp 1431/tcp Reverse Gosip Transport
rgtp 1431/udp Reverse Gosip Transport
#
blueberry-lm 1432/tcp Blueberry Software License Manager
blueberry-lm 1432/udp Blueberry Software License Manager
# Steve Beigel
ms-sql-s 1433/tcp Microsoft-SQL-Server
ms-sql-s 1433/udp Microsoft-SQL-Server
ms-sql-m 1434/tcp Microsoft-SQL-Monitor
ms-sql-m 1434/udp Microsoft-SQL-Monitor
# Peter Hussey
ibm-cics 1435/tcp IBM CISC
ibm-cics 1435/udp IBM CISC
# Geoff Meacock
sas-2 1436/tcp Satellite-data Acquisition System 2
sas-2 1436/udp Satellite-data Acquisition System 2
# Bill Taylor
tabula 1437/tcp Tabula
tabula 1437/udp Tabula
# Marcelo Einhorn
#
eicon-server 1438/tcp Eicon Security Agent/Server
eicon-server 1438/udp Eicon Security Agent/Server
eicon-x25 1439/tcp Eicon X25/SNA Gateway
eicon-x25 1439/udp Eicon X25/SNA Gateway
eicon-slp 1440/tcp Eicon Service Location Protocol
eicon-slp 1440/udp Eicon Service Location Protocol
# Pat Calhoun
cadis-1 1441/tcp Cadis License Management
cadis-1 1441/udp Cadis License Management
cadis-2 1442/tcp Cadis License Management
cadis-2 1442/udp Cadis License Management
# Todd Wichers
ies-lm 1443/tcp Integrated Engineering Software
ies-lm 1443/udp Integrated Engineering Software
# David Tong
marcam-lm 1444/tcp Marcam License Management
marcam-lm 1444/udp Marcam License Management
# Therese Hunt
proxima-lm 1445/tcp Proxima License Manager
proxima-lm 1445/udp Proxima License Manager

ora-lm 1446/tcp Optical Research Associates License Manager
ora-lm 1446/udp Optical Research Associates License Manager
apri-lm 1447/tcp Applied Parallel Research LM
apri-lm 1447/udp Applied Parallel Research LM
# Jim Dillon
oc-lm 1448/tcp OpenConnect License Manager
oc-lm 1448/udp OpenConnect License Manager
# Sue Barnhill
peport 1449/tcp PEport
peport 1449/udp PEport
# Qentin Neill
dwf 1450/tcp Tandem Distributed Workbench Facility
dwf 1450/udp Tandem Distributed Workbench Facility
# Mike Bert
infoman 1451/tcp IBM Information Management
infoman 1451/udp IBM Information Management
# Karen Burns <---none--->
gtegsc-lm 1452/tcp GTE Government Systems License Man
gtegsc-lm 1452/udp GTE Government Systems License Man
# Mike Gr egory
genie-lm 1453/tcp Genie License Manager
genie-lm 1453/udp Genie License Manager
# Paul Applegate
interhdl_elmd 1454/tcp interHDL License Manager
interhdl_elmd 1454/tcp interHDL License Manager
# Eli Sternheim eli@interhdl.com
esl-lm 1455/tcp ESL License Manager
esl-lm 1455/udp ESL License Manager
# Abel Chou
dca 1456/tcp DCA
dca 1456/udp DCA
# Jeff Garbers
valisys-lm 1457/tcp Valisys License Manager
valisys-lm 1457/udp Valisys License Manager
# Leslie Lincoln
nrcabq-lm 1458/tcp Nichols Research Corp.
nrcabq-lm 1458/udp Nichols Research Corp.
# Howard Cole
proshare1 1459/tcp Proshare Notebook Application
proshare1 1459/udp Proshare Notebook Application
proshare2 1460/tcp Proshare Notebook Application
proshare2 1460/udp Proshare Notebook Application
# Robin Kar
ibm_wrless_lan 1461/tcp IBM Wireless LAN
ibm_wrless_lan 1461/udp IBM Wireless LAN
#
world-lm 1462/tcp World License Manager
world-lm 1462/udp World License Manager

# Michael S Amirault
nucleus 1463/tcp Nucleus
nucleus 1463/udp Nucleus
# Venky Nagar
msl_lmd 1464/tcp MSL License Manager
msl_lmd 1464/udp MSL License Manager
# Matt Timmermans
pipes 1465/tcp Pipes Platform
pipes 1465/udp Pipes Platform mfarlin@peerlogic.com
# Mark Farlin
oceansoft-lm 1466/tcp Ocean Software License Manager
oceansoft-lm 1466/udp Ocean Software License Manager
# Randy Leonard
csdmbase 1467/tcp CSDMBASE
csdmbase 1467/udp CSDMBASE
csdm 1468/tcp CSDM
csdm 1468/udp CSDM
# Robert Stabl
aal-lm 1469/tcp Active Analysis Limited License Manager
aal-lm 1469/udp Active Analysis Limited License Manager
# David Snocken +44 (71)437-7009
uaiact 1470/tcp Universal Analytics
uaiact 1470/udp Universal Analytics
# Mark R. Ludwig
csdmbase 1471/tcp csdmbase
csdmbase 1471/udp csdmbase
csdm 1472/tcp csdm
csdm 1472/udp csdm
# Robert Stabl
openmath 1473/tcp OpenMath
openmath 1473/udp OpenMath
# Garth Mayville
telefinder 1474/tcp Telefinder
telefinder 1474/udp Telefinder
# Jim White
taligent-lm 1475/tcp Taligent License Manager
taligent-lm 1475/udp Taligent License Manager
# Mark Sapsford
clvm-cfg 1476/tcp clvm-cfg
clvm-cfg 1476/udp clvm-cfg
# Eric Soderberg
ms-sna-server 1477/tcp ms-sna-server
ms-sna-server 1477/udp ms-sna-server
ms-sna-base 1478/tcp ms-sna-base
ms-sna-base 1478/udp ms-sna-base
# Gordon Mangione
dberegister 1479/tcp dberegister
dberegister 1479/udp dberegister

# Brian Griswold
pacerforum 1480/tcp PacerForum
pacerforum 1480/udp PacerForum
# Peter Caswell
airs 1481/tcp AIRS
airs 1481/udp AIRS
# Bruce Wilson, 905-771-6161
miteksys-lm 1482/tcp Miteksys License Manager
miteksys-lm 1482/udp Miteksys License Manager
# Shane McRoberts
afs 1483/tcp AFS License Manager
afs 1483/udp AFS License Manager
# Michael R. Pizolato
confluent 1484/tcp Confluent License Manager
confluent 1484/udp Confluent License Manager
# James Greenfiel
lansource 1485/tcp LANSource
lansource 1485/udp LANSource
# Doug Scott
nms_topo_serv 1486/tcp nms_topo_serv
nms_topo_serv 1486/udp nms_topo_serv
# Sylvia Siu
localinfosrvr 1487/tcp LocalInfoSrvr
localinfosrvr 1487/udp LocalInfoSrvr
# Brian Matthews
docstor 1488/tcp DocStor
docstor 1488/udp DocStor
# Brian Spears
dmdocbroker 1489/tcp dmdocbroker
dmdocbroker 1489/udp dmdocbroker
# Razmik Abnous
insitu-conf 1490/tcp insitu-conf
insitu-conf 1490/udp insitu-conf
# Paul Blacknell
anynetgateway 1491/tcp anynetgateway
anynetgateway 1491/udp anynetgateway
# Dan Poirier
stone-design-1 1492/tcp stone-design-1
stone-design-1 1492/udp stone-design-1
# Andrew Stone
netmap_lm 1493/tcp netmap_lm
netmap_lm 1493/udp netmap_lm
# Phillip Magson
ica 1494/tcp ica
ica 1494/udp ica
# John Richardson, Citrix Systems
cvc 1495/tcp cvc
cvc 1495/udp cvc

# Bill Davidson
liberty-lm 1496/tcp liberty-lm
liberty-lm 1496/udp liberty-lm
# Jim Rogers
rfx-lm 1497/tcp rfx-lm
rfx-lm 1497/udp rfx-lm
# Bill Bishop
watcom-sql 1498/tcp Watcom-SQL
watcom-sql 1498/udp Watcom-SQL
# Rog Skubowius
fhc 1499/tcp Federico Heinz Consultora
fhc 1499/udp Federico Heinz Consultora
# Federico Heinz
vlsi-lm 1500/tcp VLSI License Manager
vlsi-lm 1500/udp VLSI License Manager
# Shue-Lin Kuo
sas-3 1501/tcp Satellite-data Acquisition System 3
sas-3 1501/udp Satellite-data Acquisition System 3
# Bill Taylo r
shivadiscovery 1502/tcp Shiva
shivadiscovery 1502/udp Shiva
# Jonathan Wenocur
imtc-mcs 1503/tcp Databeam
imtc-mcs 1503/udp Databeam
# Jim Johnstone
evb-elm 1504/tcp EVB Software Engineering License Manager
evb-elm 1504/udp EVB Software Engineering License Manager
# B.G. Mahesh < mahesh@sett.com>
funkproxy 1505/tcp Funk Software, Inc.
funkproxy 1505/udp Funk Software, Inc.
# Robert D. Vincent
# 1506-1523 Unassigned
ingreslock 1524/tcp ingres
ingreslock 1524/udp ingres
orasrv 1525/tcp oracle
orasrv 1525/udp oracle
prospero-np 1525/tcp Prospero Directory Service non-priv
prospero-np 1525/udp Prospero Directory Service non-priv
pdap-np 1526/tcp Prospero Data Access Prot non-priv
pdap-np 1526/udp Prospero Data Access Prot non-priv
# B. Clifford Neuman
tlisrv 1527/tcp oracle
tlisrv 1527/udp oracle
coauthor 1529/tcp oracle
coauthor 1529/udp oracle
issd 1600/tcp
issd 1600/udp
nkd 1650/tcp

nkd 1650/udp
proshareaudio 1651/tcp proshare conf audio
proshareaudio 1651/udp proshare conf audio
prosharevideo 1652/tcp proshare conf video
prosharevideo 1652/udp proshare conf video
prosharedata 1653/tcp proshare conf data
prosharedata 1653/udp proshare conf data
prosharerequest 1654/tcp proshare conf request
prosharerequest 1654/udp proshare conf request
prosharenotify 1655/tcp proshare conf notify
prosharenotify 1655/udp proshare conf notify
#
netview-aix-1 1661/tcp netview-aix-1
netview-aix-1 1661/udp netview-aix-1
netview-aix-2 1662/tcp netview-aix-2
netview-aix-2 1662/udp netview-aix-2
netview-aix-3 1663/tcp netview-aix-3
netview-aix-3 1663/udp netview-aix-3
netview-aix-4 1664/tcp netview-aix-4
netview-aix-4 1664/udp netview-aix-4
netview-aix-5 1665/tcp netview-aix-5
netview-aix-5 1665/udp netview-aix-5
netview-aix-6 1666/tcp netview-aix-6
netview-aix-6 1666/udp netview-aix-6
# Martha Crisson
licensedaemon 1986/tcp cisco license management
licensedaemon 1986/udp cisco license management
tr-rsrb-p1 1987/tcp cisco RSRB Priority 1 port
tr-rsrb-p1 1987/udp cisco RSRB Priority 1 port
tr-rsrb-p2 1988/tcp cisco RSRB Priority 2 port
tr-rsrb-p2 1988/udp cisco RSRB Priority 2 port
tr-rsrb-p3 1989/tcp cisco RSRB Priority 3 port
tr-rsrb-p3 1989/udp cisco RSRB Priority 3 port
#PROBLEMS!===================================================
mshnet 1989/tcp MHSnet system
mshnet 1989/udp MHSnet system
# Bob Kummerfeld
#PROBLEMS!===================================================
stun-p1 1990/tcp cisco STUN Priority 1 port
stun-p1 1990/udp cisco STUN Priority 1 port
stun-p2 1991/tcp cisco STUN Priority 2 port
stun-p2 1991/udp cisco STUN Priority 2 port
stun-p3 1992/tcp cisco STUN Priority 3 port
stun-p3 1992/udp cisco STUN Priority 3 port
#PROBLEMS!===================================================
ipsendmsg 1992/tcp IPsendmsg
ipsendmsg 1992/udp IPsendmsg
# Bob Kummerfeld

#PROBLEMS!===================================================
snmp-tcp-port 1993/tcp cisco SNMP TCP port
snmp-tcp-port 1993/udp cisco SNMP TCP port
stun-port 1994/tcp cisco serial tunnel port
stun-port 1994/udp cisco serial tunnel port
perf-port 1995/tcp cisco perf port
perf-port 1995/udp cisco perf port
tr-rsrb-port 1996/tcp cisco Remote SRB port
tr-rsrb-port 1996/udp cisco Remote SRB port
gdp-port 1997/tcp cisco Gateway Discovery Protocol
gdp-port 1997/udp cisco Gateway Discovery Protocol
x25-svc-port 1998/tcp cisco X.25 service (XOT)
x25-svc-port 1998/udp cisco X.25 service (XOT)
tcp-id-port 1999/tcp cisco identification port
tcp-id-port 1999/udp cisco identification port
callbook 2000/tcp
callbook 2000/udp
dc 2001/tcp
wizard 2001/udp curry
globe 2002/tcp
globe 2002/udp
mailbox 2004/tcp
emce 2004/udp CCWS mm conf
berknet 2005/tcp
oracle 2005/udp
invokator 2006/tcp
raid-cc 2006/udp raid
dectalk 2007/tcp
raid-am 2007/udp
conf 2008/tcp
terminaldb 2008/udp
news 2009/tcp
whosockami 2009/udp
search 2010/tcp
pipe_server 2010/udp
raid-cc 2011/tcp raid
servserv 2011/udp
ttyinfo 2012/tcp
raid-ac 2012/udp
raid-am 2013/tcp
raid-cd 2013/udp
troff 2014/tcp
raid-sf 2014/udp
cypress 2015/tcp
raid-cs 2015/udp
bootserver 2016/tcp
bootserver 2016/udp
cypress-stat 2017/tcp

bootclient 2017/udp
terminaldb 2018/tcp
rellpack 2018/udp
whosockami 2019/tcp
about 2019/udp
xinupageserver 2020/tcp
xinupageserver 2020/udp
servexec 2021/tcp
xinuexpansion1 2021/udp
down 2022/tcp
xinuexpansion2 2022/udp
xinuexpansion3 2023/tcp
xinuexpansion3 2023/udp
xinuexpansion4 2024/tcp
xinuexpansion4 2024/udp
ellpack 2025/tcp
xribs 2025/udp
scrabble 2026/tcp
scrabble 2026/udp
shadowserver 2027/tcp
shadowserver 2027/udp
submitserver 2028/tcp
submitserver 2028/udp
device2 2030/tcp
device2 2030/udp
blackboard 2032/tcp
blackboard 2032/udp
glogger 2033/tcp
glogger 2033/udp
scoremgr 2034/tcp
scoremgr 2034/udp
imsldoc 2035/tcp
imsldoc 2035/udp
objectmanager 2038/tcp
objectmanager 2038/udp
lam 2040/tcp
lam 2040/udp
interbase 2041/tcp
interbase 2041/udp
isis 2042/tcp
isis 2042/udp
isis-bcast 2043/tcp
isis-bcast 2043/udp
rimsl 2044/tcp
rimsl 2044/udp
cdfunc 2045/tcp
cdfunc 2045/udp
sdfunc 2046/tcp

sdfunc 2046/udp
dls 2047/tcp
dls 2047/udp
dls-monitor 2048/tcp
dls-monitor 2048/udp
shilp 2049/tcp
shilp 2049/udp
dlsrpn 2065/tcp Data Link Switch Read Port Number
dlsrpn 2065/udp Data Link Switch Read Port Number
dlswpn 2067/tcp Data Link Switch Write Port Number
dlswpn 2067/udp Data Link Switch Write Port Number
ats 2201/tcp Advanced Training System Program
ats 2201/udp Advanced Training System Program
rtsserv 2500/tcp Resource Tracking system server
rtsserv 2500/udp Resource Tracking system se rver
rtsclient 2501/tcp Resource Tracking system client
rtsclient 2501/udp Resource Tracking system client
# Aubrey Turner
#
hp-3000-telnet 2564/tcp HP 3000 NS/VT block mode telnet
www-dev 2784/tcp world wide web - development
www-dev 2784/udp world wide web - development
NSWS 3049/tcp
NSWS 3049/udp
ccmail 3264/tcp cc:mail/lotus
ccmail 3264/udp cc:mail/lotus
dec-notes 3333/tcp DEC Notes
dec-notes 3333/udp DEC Notes
# Kim Moraros
mapper-nodemgr 3984/tcp MAPPER network node manager
mapper-nodemgr 3984/udp MAPPER network node manager
mapper-mapethd 3985/tcp MAPPER TCP/IP server
mapper-mapethd 3985/udp MAPPER TCP/IP server
mapper-ws_ethd 3986/tcp MAPPER workstation server
mapper-ws_ethd 3986/udp MAPPER workstation server
# John C. Horton
bmap 3421/tcp Bull Apprise portmapper
bmap 3421/udp Bull Apprise portmapper
# Jeremy Gilbert
udt_os 3900/tcp Unidata UDT OS
udt_os 3900/udp Unidata UDT OS
# James Powell
nuts_dem 4132/tcp NUTS Daemon
nuts_dem 4132/udp NUTS Daemon
nuts_bootp 4133/tcp NUTS Bootp Server
nuts_bootp 4133/udp NUTS Bootp Server
# Martin Freiss
unicall 4343/tcp UNICALL

unicall 4343/udp UNICALL
# James Powell
krb524 4444/tcp KRB524
krb524 4444/udp KRB524
# B. Clifford Neuman
rfa 4672/tcp remote file access server
rfa 4672/udp remote file access server
commplex-main 5000/tcp
commplex-main 5000/udp
commplex-link 5001/tcp
commplex-link 5001/udp
rfe 5002/tcp radio free ethernet
rfe 5002/udp radio free ethernet
telelpathstart 5010/tcp TelepathStart
telelpathstart 5010/udp TelepathStart
telelpathattack 5011/tcp TelepathAttack
telelpathattack 5011/udp TelepathAttack
# Helmuth Breitenfellner
mmcc 5050/tcp multimedia conference control tool
mmcc 5050/udp multimedia conference control tool
rmonitor_secure 5145/tcp
rmonitor_secure 5145/udp
aol 5190/tcp America-Online
aol 5190/udp America-Online
# Marty Lyons
padl2sim 5236/tcp
padl2sim 5236/udp
hacl-hb 5300/tcp # HA cluster heartbeat
hacl-hb 5300/udp # HA cluster heartbeat
hacl-gs 5301/tcp # HA cluster general services
hacl-gs 5301/udp # HA cluster general services
hacl-cfg 5302/tcp # HA cluster configuration
hacl-cfg 5302/udp # HA cluster configuration
hacl-probe 5303/tcp # HA cluster probing
hacl-probe 5303/udp # HA cluster probing
hacl-local 5304/tcp
hacl-local 5304/udp
hacl-test 5305/tcp
hacl-test 5305/udp
# Eric Soderberg
x11 6000-6063/tcp X Window System
x11 6000-6063/udp X Window System
# Stephen Gildea
sub-process 6111/tcp HP SoftBench Sub-Process Control
sub-process 6111/udp HP SoftBench Sub-Process Control
meta-corp 6141/tcp Meta Corporation License Manager
meta-corp 6141/udp Meta Corporation License Manager
# Osamu Masuda <--none--->

aspentec-lm 6142/tcp Aspen Technology License Manager
aspentec-lm 6142/udp Aspen Technology License Manager
# Kevin Massey
watershed-lm 6143/tcp Watershed License Manager
watershed-lm 6143/udp Watershed License Manager
# David Ferrero
statsci1-lm 6144/tcp StatSci License Manager - 1
statsci1-lm 6144/udp StatSci License Manager - 1
statsci2-lm 6145/tcp StatSci License Manager - 2
statsci2-lm 6145/udp StatSci License Manager - 2
# Scott Blachowicz
lonewolf-lm 6146/tcp Lone Wolf Systems License Manager
lonewolf-lm 6146/udp Lone Wolf Systems License Manager
# Dan Klein
montage-lm 6147/tcp Montage License Manager
montage-lm 6147/udp Montage License Manager
# Michael Ubell
xdsxdm 6558/udp
xdsxdm 6558/tcp
afs3-fileserver 7000/tcp file server itself
afs3-fileserver 7000/udp file server itself
afs3-callback 7001/tcp callbacks to cache managers
afs3-callback 7001/udp callbacks to cache managers
afs3-prserver 7002/tcp users & groups database
afs3-prserver 7002/udp users & groups database
afs3-vlserver 7003/tcp volume location database
afs3-vlserver 7003/udp volume location database
afs3-kaserver 7004/tcp AFS/Kerberos authentication service
afs3-kaserver 7004/udp AFS/Kerberos authentication service
afs3-volser 7005/tcp volume managment server
afs3-volser 7005/udp volume managment server
afs3-errors 7006/tcp error interpretation service
afs3-errors 7006/udp error interpretation service
afs3-bos 7007/tcp basic overseer process
afs3-bos 7007/udp basic overseer process
afs3-update 7008/tcp server-to-server updater
afs3-update 7008/udp server-to-server updater
afs3-rmtsys 7009/tcp remote cache manager service
afs3-rmtsys 7009/udp remote cache manager service
ups-onlinet 7010/tcp onlinet uninterruptable power supplies
ups-onlinet 7010/udp onlinet uninterruptable power supplies
# Brian Hammill
font-service 7100/tcp X Font Service
font-service 7100/udp X Font Service
# Stephen Gildea
fodms 7200/tcp FODMS FLIP
fodms 7200/udp FODMS FLIP
# David Anthony

man 9535/tcp
man 9535/udp
isode-dua 17007/tcp
isode-dua 17007/udp

REFERENCES

[RFC768] Postel, J., "User Datagram Protocol", STD 6, RFC 768,
USC/Information Sciences Institute, August 1980.

[RFC793] Postel, J., ed., "Transmission Control Protocol - DARPA
Internet Program Protocol Specification", STD 7, RFC 793,
USC/Information Sciences Institute, September 1981.

[]

URL = ftp://ftp.isi.edu/in-notes/iana/assignments/port-numbers

INTERNET MULTICAST ADDRESSES

Host Extensions for IP Multicasting [RFC1112] specifies the
extensions required of a host implementation of the Internet Protocol
(IP) to support multicasting. Current addresses are listed below.

224.0.0.0 Base Address (Reserved) [RFC1112,JBP]
224.0.0.1 All Systems on this Subnet [RFC1112,JBP]
224.0.0.2 All Routers on this Subnet [JBP]
224.0.0.3 Unassigned [JBP]
224.0.0.4 DVMRP Routers [RFC1075,JBP]
224.0.0.5 OSPFIGP OSPFIGP All Routers [RFC1583,JXM1]
224.0.0.6 OSPFIGP OSPFIGP Designated Routers [RFC1583,JXM1]
224.0.0.7 ST Routers [RFC1190,KS14]
224.0.0.8 ST Hosts [RFC1190,KS14]
224.0.0.9 RIP2 Routers [GSM11]
224.0.0.10 IGRP Routers [Dino Farinacci]
224.0.0.11 Mobile-Agents [Bill Simpson]
224.0.0.12-224.0.0.255 Unassigned [JBP]

224.0.1.0 VMTP Managers Group [RFC1045,DRC3]
224.0.1.1 NTP Network Time Protocol [RFC1119,DLM1]
224.0.1.2 SGI-Dogfight [AXC]
224.0.1.3 Rwhod [SXD]
224.0.1.4 VNP [DRC3]
224.0.1.5 Artificial Horizons - Aviator [BXF]
224.0.1.6 NSS - Name Service Server [BXS2]
224.0.1.7 AUDIONEWS - Audio News Multicast [MXF2]
224.0.1.8 SUN NIS+ Information Service [CXM3]
224.0.1.9 MTP Multicast Transport Protocol [SXA]
224.0.1.10 IETF-1-LOW-AUDIO [SC3]
224.0.1.11 IETF-1-AUDIO [SC3]
224.0.1.12 IETF-1-VIDEO [SC3]
224.0.1.13 IETF-2-LOW-AUDIO [SC3]
224.0.1.14 IETF-2-AUDIO [SC3]
224.0.1.15 IETF-2-VIDEO [SC3]
224.0.1.16 MUSIC-SERVICE [Guido van Rossum]
224.0.1.17 SEANET-TELEMETRY [Andrew Maffei]
224.0.1.18 SEANET-IMAGE [Andrew Maffei]
224.0.1.19 MLOADD [Braden]
224.0.1.20 any private experiment [JBP]
224.0.1.21 DVMRP on MOSPF [John Moy]
224.0.1.22 SVRLOC
224.0.1.23 XINGTV
224.0.1.24 microsoft-ds
224.0.1.25 nbc-pro
224.0.1.26 nbc-pfn
224.0.1.27-224.0.1.255 Unassigned [JBP]

224.0.2.1 "rwho" Group (BSD) (unofficial) [JBP]
224.0.2.2 SUN RPC PMAPPROC_CALLIT [BXE1]

224.0.3.000-224.0.3.255 RFE Generic Service [DXS3]
224.0.4.000-224.0.4.255 RFE Individual Conferences [DXS3]
224.0.5.000-224.0.5.127 CDPD Groups [Bob Brenner]
224.0.5.128-224.0.5.255 Unassigned [IANA]
224.0.6.000-224.0.6.127 Cornell ISIS Project [Tim Clark]
224.0.6.128-224.0.6.255 Unassigned [IANA]

224.1.0.0-224.1.255.255 ST Multicast Groups [RFC1190,KS14]
224.2.0.0-224.2.255.255 Multimedia Conference Calls [SC3]

224.252.0.0-224.255.255.255 DIS transient groups [Joel Snyder]

232.0.0.0-232.255.255.255 VMTP transient groups [RFC1045,DRC3]

These addresses are listed in the Domain Name Service under MCAST.NET
and 224.IN-ADDR.ARPA.

Note that when used on an Ethernet or IEEE 802 network, the 23
low-order bits of the IP Multicast address are placed in the low-order
23 bits of the Ethernet or IEEE 802 net multicast address
1.0.94.0.0.0. See the next section on "IANA ETHERNET ADDRESS BLOCK".

REFERENCES

[RFC1045] Cheriton, D., "VMTP: Versatile Message Transaction
Protocol Specification", RFC 1045, Stanford University,
February 1988.

[RFC1075] Waitzman, D., C. Partridge, and S. Deering "Distance Vector
Multicast Routing Protocol", RFC-1075, BBN STC, Stanford
University, November 1988.

[RFC1112] Deering, S., "Host Extensions for IP Multicasting",
STD 5, RFC 1112, Stanford University, August 1989.

[RFC1119] Mills, D., "Network Time Protocol (Version 1), Specification
and Implementation", STD 12, RFC 1119, University of
Delaware, July 1988.

[RFC1190] Topolcic, C., Editor, "Experimental Internet Stream
Protocol, Version 2 (ST-II)", RFC 1190, CIP Working Group,
October 1990.

[RFC1583] Moy, J., "The OSPF Specification", RFC 1583, Proteon,
March 1994.

PEOPLE

[AXC] Andrew Cherenson

[Bob Brenner]

[Braden] Bob Braden
[BXE1] Brendan Eic

[BXF] Bruce Factor

[BXS2] Bill Schilit

[CXM3] Chuck McManis

[Tim Clark]

[DLM1] David Mills

[DRC3] Dave Cheriton

[DXS3] Daniel Steinber

[Dino Farinacci]

[GSM11] Gary S. Malkin

[IANA] IANA

[JBP] Jon Postel

[JXM1] Jim Miner

[KS14]

[Andrew Maffei]

[John Moy] John Moy

[MXF2] Martin Forssen

[Guido van Rossum]

[SC3] Steve Casner

[Joel Snyder]

[SXA] Susie Armstrong

[SXD] Steve Deering

[]

URL = ftp://ftp.isi.edu/in-notes/iana/assignments/multicast-addresses

SUN RPC NUMBERS

To obtain SUN Remote Procedure Call (RPC) numbers send an e-mail
request to "rpc@sun.com".

The RPC port management service ('portmap' in SunOS versions less than
5.0 and 'rpcbind' in SunOS versions greater than 5.0) "registers" the
IP port number that is allocated to a particular service when that
service is created. It does not allocate ports on behalf of those
services.

For an exact specification of the semantics refer to the source code
of svcudp_create() and svctcp_create() in the archives. In short
however is that these interfaces, and svc_tli_create their Transport
Independent RPC equivalent, take either a user specified port number
or RPC_ANY (-1) which effectively means "I don't care." In the "I
don't care" case the create code simply calls socket(2) or t_open(3n)
which allocates an IP port based on the rules:

if euid of the requesting process is 0 (i.e., root)
allocate the next available port number in the
reserved port range.
else
allocate the next available port in the non-reserved
range.

Port numbers count up sequentially.

Can a port that is "assigned" can be used when the assignee's service
is not present? Say port 501 is assigned to the "jeans" service. On
a machine that does not have the "jeans" service , nor has any clients
that might be expecting to use it, is port 501 available for other
uses? Any dynamic allocation process, like the portmapper, that
chooses the next unused port might allocate port 501 dynamically to a
process that asked for a "I don't care" port. So any dynamic
allocation scheme may pick an unused port that happened to correspond
to a port number that had been "assigned" but was currently unused.

While it might be desirable, it is impossible to guarantee that any
unused port, even though officially assigned to a service, is not
picked by a dynamic allocator since such an assignment might occur
long after the delivery of the system into a site that doesn't watch
for the latest list.

There is the restriction that only "superuser" on BSD derived systems
such as SunOS can bind to a port number that is less than 1024. So
programs have used this information in the past to identify whether or

not the service they were talking to was started by the superuser on
the remote system. Making this assumption is dangerous because not
all system enforce this restriction.

Sun RPC services use ports that are currently unused. If someone
noted that an RPC service was using port 781, it would be just as
happy using port 891, or 951. The service doesn't care what port it
gets, remote clients will query the portmapper to ask it what port
number was assigned to the service when it was started. The key is
that the port was not currently in use. The only port that ONC/RPC
must have is 111 its assigned port for the portmap service.

The most common complaint comes when people put a new service on their
system. When they configure their systems they put the new service
configuration commands at the end of their system startup scripts.
During startup, several network services may be started. Those
services that are ONC/RPC based just pick the next available port,
those that have pre-assigned ports bind to their pre-assigned port.
Clearly the correct sequence is to have all services that need a
particular port to be started first (or if they are "latent" services
that are started by inetd, to have inetd started). Finally, the RPC
services should be started as they will be assigned unused ports. (In
the BSD networking code (which we use) the algorithm for picking
ports is in the file in_pcb.c, function in_pcbbind().)

Services should be started in this order:

a) Services that will "run" continuously and have an assigned
port. Note that this includes rpcbind (nee portmap) that has
port 111 assigned to it.

b) inetd - which will automatically create sockets for those
services that have reserved ports but only run on demand
(like finger)

c) RPC services - which will automatically pick unused ports and
maximize efficiency of the "IP Port" namespace.

The include file /usr/include/netinet/in.h defines a constant
IPPORT_RESERVED to be 1024. The relevant text is:

/*
* Ports < IPPORT_RESERVED are reserved for
* privileged processes (e.g. root).
* Ports > IPPORT_USERRESERVED are reserved
* for servers, not necessarily privileged.
*/
#define IPPORT_RESERVED 1024

#define IPPORT_USERRESERVED 5000

Portmap does not allocate ports, the kernel allocates ports. The code
that does this is part of nearly every UNIX system in the world (and
since the BSD code is 'free' it is often the same code). RPC services
ask the kernel to allocate them a port by calling the "bind()" system
call. The parameter they pass is "INADDR_ANY" which means "allocate
me any IP port you want". The kernel does that by looking at all of
the ports that are currently in use and picking one that is not
currently used. The number picked is either less that 1024 if the
process is privledged, or greater than 1024 if the process is not
privledged. After the kernel has allocated a port, the service
registers this allocation with portmap. The portmapper is merely a
registry of previously allocated ports. Note "allocated" here is
being used in the sense that they are used by an open socket, not
assigned a well known name.

The role of /etc/services is to provide an idea to people who are
looking at network traffic as to where a packet may have originated
from or is headed to. For services like finger that have assigned
ports, they can just hard code the port they want into their
executable. (it isn't like it will change, and if they read it from
/etc/services and someone had mistyped the port number it won't
interoperate with clients anyway!)

It is not practical to read the /etc/services file into the kernel to
prevent it from giving out port numbers that are "pre-assigned", nor
is it generally desirable since with the correct ordering of startup
it is completely unneccesary.

Editors Note: This information was supplied by Chuck McManis of Sun.

[]

URL = ftp://ftp.isi.edu/in-notes/iana/assignments/sun-rpc-numbers

IP OPTION NUMBERS

The Internet Protocol (IP) has provision for optional header fields
identified by an option type field. Options 0 and 1 are exactly one
octet which is their type field. All other options have their one
octet type field, followed by a one octet length field, followed by
length-2 octets of option data. The option type field is sub-divided
into a one bit copied flag, a two bit class field, and a five bit
option number. These taken together form an eight bit value for the
option type field. IP options are commonly refered to by this value.

Copy Class Number Value Name Reference
---- ----- ------ ----- ------------------------------- ---------
0 0 0 0 EOOL - End of Options List [RFC791,JBP]
0 0 1 1 NOP - No Operation [RFC791,JBP]
1 0 2 130 SEC - Security [RFC1108]
1 0 3 131 LSR - Loose Source Route [RFC791,JBP]
0 2 4 68 TS - Time Stamp [RFC791,JBP]
1 0 5 133 E-SEC - Extended Security [RFC1108]
1 0 6 134 CIPSO - Commercial Security [???]
0 0 7 7 RR - Record Route [RFC791,JBP]
1 0 8 136 SID - Stream ID [RFC791,JBP]
1 0 9 137 SSR - Strict Source Route [RFC791,JBP]
0 0 10 10 ZSU - Experimental Measurement [ZSu]
0 0 11 11 MTUP - MTU Probe [RFC1191]
0 0 12 12 MTUR - MTU Reply [RFC1191]
1 2 13 205 FINN - Experimental Flow Control [Finn]
1 0 14 142 VISA - Expermental Access Control [Estrin]
0 0 15 15 ENCODE - ??? [VerSteeg]
1 0 16 144 IMITD - IMI Traffic Descriptor [Lee]
1 0 17 145 EIP - ??? [RFC1358]
0 2 18 82 TR - Traceroute [RFC1393]
1 0 19 147 ADDEXT - Address Extension [Ullmann IPv7]

IP TIME TO LIVE PARAMETER

The current recommended default time to live (TTL) for the
Internet Protocol (IP) [45,105] is 64.

IP TOS PARAMETERS

This documents the default Type-of-Service values that are currently
recommended for the most important Internet protocols.

TOS Value Description Reference
--------- -------------------------- ---------
000 0 Default [RFC1349]
0001 Minimize Monetary Cost [RFC1349]
0010 Maximize Reliability [RFC1349]
0100 Maximize Throughput [RFC1349]
1000 Minimize Delay [RFC1349]
1111 Maximize Security [RFC1455]

The TOS value is used to indicate "better". Only one TOS value or
property can be requested in any one IP datagram.

Generally, protocols which are involved in direct interaction with a
human should select low delay, while data transfers which may involve
large blocks of data are need high throughput. Finally, high reliability
is most important for datagram-based Internet management functions.

Application protocols not included in these tables should be able to
make appropriate choice of low delay (8 decimal, 1000 binary) or high
throughput (4 decimal, 0100 binary).

The following are recommended values for TOS:

----- Type-of-Service Value -----

Protocol TOS Value

TELNET (1) 1000 (minimize delay)

FTP
Control 1000 (minimize delay)
Data (2) 0100 (maximize throughput)

TFTP 1000 (minimize delay)

SMTP (3)
Command phase 1000 (minimize delay)
DATA phase 0100 (maximize throughput)

Domain Name Service
UDP Query 1000 (minimize delay)
TCP Query 0000
Zone Transfer 0100 (maximize throughput)

NNTP 0001 (minimize monetary cost)

ICMP

Errors 0000
Requests 0000 (4)
Responses (4)

Any IGP 0010 (maximize reliability)

EGP 0000

SNMP 0010 (maximize reliability)

BOOTP 0000

Notes:

(1) Includes all interactive user protocols (e.g., rlogin).

(2) Includes all bulk data transfer protocols (e.g., rcp).

(3) If the implementation does not support changing the TOS
during the lifetime of the connection, then the
recommended TOS on opening the connection is the default
TOS (0000).

(4) Although ICMP request messages are normally sent with
the default TOS, there are sometimes good reasons why they
would be sent with some other TOS value. An ICMP
response always uses the same TOS value as was used in the
corresponding ICMP request message.

An application may (at the request of the user) substitute
0001 (minimize monetary cost) for any of the above values.

REFERENCES

[RFC791] Postel, J., "Internet Protocol - DARPA Internet Program
Protocol Specification", STD 5, RFC 791, DARPA, September
1981.

[RFC1108] Kent, S., "U.S. Department of Defense Security Options for
the Internet Protocol", RFC 1108, BBN Communications,
November 1991.

[RFC1191] Mogul, J., and S. Deering, "Path MTU Discovery", RFC 1191,
DECWRL, Stanford University, November 1990.

[RFC1349] Almquist, P., "Type of Service in the Internet Protocol
Suite", RFC 1349, Consultant, July 1992.

[RFC1358] Chapin, L., Chair, "Charter of the Internet Architecture
Board (IAB)", RFC 1358, Internet Architecture Board, August
1992.

[RFC1393] Malkin, G., "Traceroute Using an IP Option", RFC 1393,
Xylogics, Inc., January 1993.

[RFC1455] Eastlake, D., "Physical Link Security Type of Service",
RFC 1455, Digital Equipment Corporation, May 1993.

[Ullmann IPv7]

PEOPLE

[Estrin] Deborah Estrin

[Finn] Greg Finn

[JBP] Jon Postel

[Ullmann] Robert Ullmann

[]

URL = ftp://ftp.isi.edu/in-notes/iana/assignments/ip-parameters

ICMP TYPE NUMBERS

The Internet Control Message Protocol (ICMP) has many messages that
are identified by a "type" field.

Type Name Reference
---- ------------------------- ---------
0 Echo Reply [RFC792]
1 Unassigned [JBP]
2 Unassigned [JBP]
3 Destination Unreachable [RFC792]
4 Source Quench [RFC792]
5 Redirect [RFC792]
6 Alternate Host Address [JBP]
7 Unassigned [JBP]
8 Echo [RFC792]
9 Router Advertisement [RFC1256]
10 Router Selection [RFC1256]
11 Time Exceeded [RFC792]
12 Parameter Problem [RFC792]
13 Timestamp [RFC792]
14 Timestamp Reply [RFC792]
15 Information Request [RFC792]
16 Information Reply [RFC792]
17 Address Mask Request [RFC950]
18 Address Mask Reply [RFC950]
19 Reserved (for Security) [Solo]
20-29 Reserved (for Robustness Experiment) [ZSu]
30 Traceroute [RFC1393]
31 Datagram Conversion Error [RFC1475]
32 Mobile Host Redirect [David Johnson]
33 IPv6 Where-Are-You [Bill Simpson]
34 IPv6 I-Am-Here [Bill Simpson]
35 Mobile Registration Request [Bill Simpson]
36 Mobile Registration Reply [Bill Simpson]
37-255 Reserved [JBP]

Many of these ICMP types have a "code" field. Here we list the types
again with their assigned code fields.

Type Name Reference
---- ------------------------- ---------
0 Echo Reply [RFC792]

Codes
0 No Code

1 Unassigned [JBP]

2 Unassigned [JBP]

3 Destination Unreachable [RFC792]

Codes
0 Net Unreachable
1 Host Unreachable
2 Protocol Unreachable
3 Port Unreachable
4 Fragmentation Needed and Don't Fragment was Set
5 Source Route Failed
6 Destination Network Unknown
7 Destination Host Unknown
8 Source Host Isolated
9 Communication with Destination Network is
Administratively Prohibited
10 Communication with Destination Host is
Administratively Prohibited
11 Destination Network Unreachable for Type of Service
12 Destination Host Unreachable for Type of Service

4 Source Quench [RFC792]
Codes
0 No Code

5 Redirect [RFC792]

Codes
0 Redirect Datagram for the Network (or subnet)
1 Redirect Datagram for the Host
2 Redirect Datagram for the Type of Service and Network
3 Redirect Datagram for the Type of Service and Host

6 Alternate Host Address [JBP]

Codes
0 Alternate Address for Host

7 Unassigned [JBP]

8 Echo [RFC792]

Codes
0 No Code

9 Router Advertisement [RFC1256]

Codes

0 No Code

10 Router Selection [RFC1256]

Codes
0 No Code

11 Time Exceeded [RFC792]

Codes
0 Time to Live exceeded in Transit
1 Fragment Reassembly Time Exceeded

12 Parameter Problem [RFC792]

Codes
0 Pointer indicates the error
1 Missing a Required Option [RFC1108]
2 Bad Length

13 Timestamp [RFC792]

Codes
0 No Code

14 Timestamp Reply [RFC792]

Codes
0 No Code

15 Information Request [RFC792]

Codes
0 No Code

16 Information Reply [RFC792]

Codes
0 No Code

17 Address Mask Request [RFC950]

Codes
0 No Code

18 Address Mask Reply [RFC950]

Codes
0 No Code

19 Reserved (for Security) [Solo]

20-29 Reserved (for Robustness Experiment) [ZSu]

30 Traceroute [RFC1393]

31 Datagram Conversion Error [RFC1475]

32 Mobile Host Redirect [David Johnson]

33 IPv6 Where-Are-You [Bill Simpson]

34 IPv6 I-Am-Here [Bill Simpson]

35 Mobile Registration Request [Bill Simpson]

36 Mobile Registration Reply [Bill Simpson]

REFERENCES

[RFC792] Postel, J., "Internet Control Message Protocol", STD 5,
RFC 792, USC/Information Sciences Institute, September 1981.

[RFC950] Mogul, J., and J. Postel, "Internet Standard Subnetting
Procedure", STD 5, RFC 950, Stanford, USC/Information
Sciences Institute, August 1985.

[RFC1108] Kent, S., "U.S. Department of Defense Security Options for
the Internet Protocol", RFC 1108, November 1991.

[RFC1256] Deering, S., Editor, "ICMP Router Discovery Messages", RFC
1256, Xerox PARC, September 1991.

[RFC1393] Malkin, G., "Traceroute Using an IP Option", RFC 1393,
Xylogics, Inc., January 1993.

[RFC1475] Ullmann, R., "TP/IX: The Next Internet", RFC 1475, Process
Software Corporation, June 1993.

PEOPLE

[JBP] Jon Postel

[David Johnson]

[Bill Simpson] September, 1994.

[Solo]

[ZSu] Zaw-Sing Su

[]

URL = ftp://ftp.isi.edu/in-notes/iana/assignments/icmp-parameters

TCP OPTION NUMBERS

The Transmission Control Protocol (TCP) has provision for optional
header fields identified by an option kind field. Options 0 and 1 are
exactly one octet which is their kind field. All other options have
their one octet kind field, followed by a one octet length field,
followed by length-2 octets of option data.

Kind Length Meaning Reference
---- ------ ------------------------------- ---------
0 - End of Option List [RFC793]
1 - No-Operation [RFC793]
2 4 Maximum Segment Lifetime [RFC793]
3 3 WSOPT - Window Scale [RFC1323]
4 2 SACK Permitted [RFC1072]
5 N SACK [RFC1072]
6 6 Echo (obsoleted by option 8) [RFC1072]
7 6 Echo Reply (obsoleted by option 8)[RFC1072]
8 10 TSOPT - Time Stamp Option [RFC1323]
9 2 Partial Order Connection Permitted[RFC1693]
10 5 Partial Order Service Profile [RFC1693]
11 CC [Braden]
12 CC.NEW [Braden]
13 CC.ECHO [Braden]
14 3 TCP Alternate Checksum Request [RFC1146]
15 N TCP Alternate Checksum Data [RFC1146]
16 Skeeter [Knowles]
17 Bubba [Knowles]
18 3 Trailer Checksum Option [Subbu & Monroe]

TCP ALTERNATE CHECKSUM NUMBERS

Number Description Reference
------- ------------------------------- ----------
0 TCP Checksum [RFC-1146]
1 8-bit Fletchers's algorithm [RFC-1146]
2 16-bit Fletchers's algorithm [RFC-1146]
3 Redundant Checksum Avoidance [Kay]

REFERENCES

[KAY] Kay, J. and Pasquale, J., "Measurement, Analysis, and
Improvement of UDP/IP Throughput for the DECstation 5000,"
Proceedings of the Winter 1993 Usenix Conference, January 1993
(available for anonymous FTP in

ucsd.edu:/pub/csl/fastnet/fastnet.tar.Z).

[RFC793] Postel, J., "Transmission Control Protocol - DARPA Internet
Program Protocol Specification", STD 7, RFC 793, DARPA,
September 1981.

[RFC1323] Jacobson, V., Braden, R., and D. Borman, "TCP Extensions for
High Performance", RFC 1323, LBL, ISI, Cray Research, May
1992.

[RFC1072] Jacobson, V., and R. Braden, "TCP Extensions for Long-Delay
Paths", RFC 1072, LBL, ISI, October 1988.

[RFC1693] ?????

[RFC1146] Zweig, J., and C. Partridge, "TCP Alternate Checksum
Options", RFC 1146, UIUC, BBN, March 1990.

PEOPLE

[Braden] Bob Braden

[Knowles] Stev Knowles

[Kay] J. Kay

[Subbu & Monroe]

[]

URL = ftp://ftp.isi.edu/in-notes/iana/assignments/tcp-parameters

TELNET OPTIONS

The Telnet Protocol has a number of options that may be negotiated.
These options are listed here. "Internet Official Protocol Standards"
(STD 1) provides more detailed information.

Options Name References
------- ----------------------- ----------
0 Binary Transmission [RFC856,JBP]
1 Echo [RFC857,JBP]
2 Reconnection [NIC50005,JBP]
3 Suppress Go Ahead [RFC858,JBP]
4 Approx Message Size Negotiation [ETHERNET,JBP]
5 Status [RFC859,JBP]
6 Timing Mark [RFC860,JBP ]
7 Remote Controlled Trans and Echo [RFC726,JBP]
8 Output Line Width [NIC50005,JBP]
9 Output Page Size [NIC50005,JBP]
10 Output Carriage-Return Disposition [RFC652,JBP]
11 Output Horizontal Tab Stops [RFC653,JBP]
12 Output Horizontal Tab Disposition [RFC654,JBP]
13 Output Formfeed Disposition [RFC655,JBP]
14 Output Vertical Tabstops [RFC656,JBP]
15 Output Vertical Tab Disposition [RFC657,JBP]
16 Output Linefeed Disposition [RFC657,JBP]
17 Extended ASCII [RFC698,JBP]
18 Logout [RFC727,MRC]
19 Byte Macro [RFC735,JBP]
20 Data Entry Terminal [RFC1043,RFC732,JBP]
22 SUPDUP [RFC736,RFC734,MRC]
22 SUPDUP Output [RFC749,MRC]
23 Send Location [RFC779,EAK1]
24 Terminal Type [RFC1091,MS56]
25 End of Record [RFC885,JBP]
26 TACACS User Identification [RFC927,BA4]
27 Output Marking [RFC933,SXS]
28 Terminal Location Number [RFC946,RN6]
29 Telnet 3270 Regime [RFC1041,JXR]
30 X.3 PAD [RFC1053,SL70]
31 Negotiate About Window Size [RFC1073,DW183]
32 Terminal Speed [RFC1079,CLH3]
33 Remote Flow Control [RFC1372,CLH3]
34 Linemode [RFC1184,DB14]
35 X Display Location [RFC1096,GM23]
36 Environment Option [RFC1408,DB14]
37 Authentication Option [RFC1409,DB14]
38 Encryption Option [DB14]
39 New Environment Option [RFC1572,DB14]

40 TN3270E [RFC1647]
255 Extended-Options-List [RFC861,JBP]

Telnet Authentication Types

In [RFC1409], a list of authentication types is introduced. Additions
to the list are registerd by the IANA and documented here.

Type Description Reference
0 NULL [RFC1409]
1 KERBEROS_V4 [RFC1409]
2 KERBEROS_V5 [RFC1409]
3 SPX [RFC1409]
4-5 Unassigned
6 RSA [RFC1409]
7-9 Unassigned
10 LOKI [RFC1409]
11 SSA [Schoch]

REFERENCES

[ETHERNET] "The Ethernet, A Local Area Network: Data Link Layer and
Physical Layer Specification", AA-K759B-TK, Digital
Equipment Corporation, Maynard, MA. Also as: "The
Ethernet - A Local Area Network", Version 1.0, Digital
Equipment Corporation, Intel Corporation, Xerox
Corporation, September 1980. And: "The Ethernet, A Local
Area Network: Data Link Layer and Physical Layer
Specifications", Digital, Intel and Xerox, November 1982.
And: XEROX, "The Ethernet, A Local Area Network: Data Link
Layer and Physical Layer Specification", X3T51/80-50, Xerox
Corporation, Stamford, CT., October 1980.

[NIC50005] DDN Protocol Handbook, "Telnet Reconnection Option",
"Telnet Output Line Width Option", "Telnet Output Page Size
Option", NIC 50005, December 1985.

[RFC652] Crocker, D., "Telnet Output Carriage-Return Disposition
Option", RFC 652, UCLA-NMC, October 1974.

[RFC653] Crocker, D., "Telnet Output Horizontal Tabstops Option",
RFC 653, UCLA-NMC, October 1974.

[RFC654] Crocker, D., "Telnet Output Horizontal Tab Disposition
Option", RFC 654, UCLA-NMC, October 1974.

[RFC655] Crocker, D., "Telnet Output Formfeed Disposition Option",
RFC 655, UCLA-NMC, October 1974.

[RFC656] Crocker, D., "Telnet Output Vertical Tabstops Option",
RFC 656, UCLA-NMC, October 1974.

[RFC657] Crocker, D., "Telnet Output Vertical Tab Disposition Option",
RFC 657, UCLA-NMC, October 1974.

[RFC658] Crocker, D., "Telnet Output Linefeed Disposition", RFC 658,
UCLA-NMC, October 1974.

[RFC698] Tovar, "Telnet Extended ASCII Option", RFC 698, Stanford
University-AI, July 1975.

[RFC726] Postel, J. and D. Crocker, "Remote Controlled Transmission
and Echoing Telnet Option", RFC 726, SRI-ARC, UC Irvine,
March 1977.

[RFC727] Crispin, M., "Telnet Logout Option", RFC 727, Stanford
University-AI, April 1977.

[RFC734] Crispin, M., "SUPDUP Protocol", RFC 734, Stanford,
October 1977.

[RFC735] Crocker, D. and R. Gumpertz, "Revised Telnet Byte Marco
Option", RFC 735, Rand, CMU, November 1977.

[RFC736] Crispin, M., "Telnet SUPDUP Option", Stanford University-AI,
RFC 736, Stanford, October 1977.

[RFC749] Greenberg, B., "Telnet SUPDUP-OUTPUT Option", RFC 749,
MIT-Multics, September 1978.

[RFC779] Killian, E., "Telnet Send-Location Option", RFC 779,
LLL, April 1981.

[RFC856] Postel, J. and J. Reynolds, "Telnet Binary Transmission",
STD 27, RFC 856, USC/Information Sciences Institute, May
1983.

[RFC857] Postel, J. and J. Reynolds, "Telnet Echo Option", STD 28, RFC
857, USC/Information Sciences Institute, May 1983.

[RFC858] Postel, J. and J. Reynolds, "Telnet Suppress Go Ahead
Option", STD 29, RFC 858, USC/Information Sciences Institute,
May 1983.

[RFC859] Postel, J. and J. Reynolds, "Telnet Status Option", STD 30,
RFC 859, USC/Information Sciences Institute, May 1983.

[RFC860] Postel, J. and J. Reynolds, "Telnet Timing Mark Option",
STD 31, RFC 860, USC/Information Sciences Institute, May
1983.

[RFC861] Postel, J. and J. Reynolds, "Telnet Extended Options - List
Option", STD 32, RFC 861, USC/Information Sciences Institute,
May 1983.

[RFC885] Postel, J., "Telnet End of Record Option", RFC 885,
USC/Information Sciences Institute, December 1983.

[RFC927] Anderson, B., "TACACS User Identification Telnet Option",
RFC 927, BBN, December 1984.

[RFC933] Silverman, S., "Output Marking Telnet Option", RFC 933,
MITRE, January 1985.

[RFC946] Nedved, R., "Telnet Terminal Location Number Option",
RFC 946, Carnegie-Mellon University, May 1985.

[RDC1041] Rekhter, J., "Telnet 3270 Regime Option", RFC 1041,
IBM, January 1988.

[RFC1043] Yasuda, A., and T. Thompson, "TELNET Data Entry Terminal
Option DODIIS Implementation", RFC 1043, DIA, February 1988.

[RFC1053] Levy, S., and T. Jacobson, "Telnet X.3 PAD Option",
RFC 1053, Minnesota Supercomputer Center, April 1988.

[RFC1073] Waitzman, D., "Telnet Window Size Option", RFC 1073,
BBN STC, October, 1988.

[RFC1079] Hedrick, C., "Telnet Terminal Speed Option", RFC 1079,
Rutgers University, December 1988.

[RFC1091] VanBokkelen, J., "Telnet Terminal Type Option",
RFC 1091, FTP Software, Inc., February 1989.

[RFC1096] Marcy, G., "Telnet X Display Location Option", RFC 1096,
Carnegie Mellon University, March 1989.

[RFC1184] Borman, D., Editor, "Telnet Linemode Option",
RFC 1184, Cray Research, Inc., October 1990.

[RFC1372] Hedrick, C., and D. Borman, "Telnet Remote Flow Control
Option", RFC 1372, Rutgers University, Cray Research, Inc.,
October 1992.

[RFC1408] Borman, D., Editor, "Telnet Environment Option", RFC 1408,
Cray Research, Inc., January 1993.

[RFC1409] Borman, D., Editor, "Telnet Authentication Option", RFC
1409, Cray Research, Inc., January 1993.

[RFC1572] Alexander, S., Editor, "Telnet Environment Option", RFC1572,
Lachman Technology, Inc., January 1994.

[RFC1647] Kelly, B., "TN3270 Enhancements", RFC1647, Auburn
University, July 1994.

PEOPLE

[BA4] Brian Anderson

[CLH3] Charles Hedrick

[DB14] Dave Borman

[DW183] David Waitzman

[EAK4] Earl Kill

[GM23] Glenn Marcy

[JBP] Jon Postel

[MRC] Mark Crispin

[MS56] Marvin Solomon

[RN6] Rudy Nedved

[Schoch] Steven Schoch

[SL70] Stuart Levy

[SXS] Steve Silverman

[YXR] Yakov Rekhter

[]

URL = ftp://ftp.isi.edu/in-notes/iana/assignments/telnet-options

DOMAIN NAME SYSTEM PARAMETERS

The Internet Domain Naming System (DOMAIN) includes several
parameters. These are documented in [RFC1034] and [RFC1035]. The
CLASS parameter is listed here. The per CLASS parameters are defined
in separate RFCs as indicated.

Domain System Parameters:

Decimal Name References
-------- ---- ----------
0 Reserved [PM1]
1 Internet (IN) [RFC1034,PM1]
2 Unassigned [PM1]
3 Chaos (CH) [PM1]
4 Hessoid (HS) [PM1]
5-65534 Unassigned [PM1]
65535 Reserved [PM1]

In the Internet (IN) class the following TYPEs and QTYPEs are defined:

TYPE value and meaning

A 1 a host address [RFC1035]
NS 2 an authoritative name server [RFC1035]
MD 3 a mail destination (Obsolete - use MX) [RFC1035]
MF 4 a mail forwarder (Obsolete - use MX) [RFC1035]
CNAME 5 the canonical name for an alias [RFC1035]
SOA 6 marks the start of a zone of authority [RFC1035]
MB 7 a mailbox domain name (EXPERIMENTAL) [RFC1035]
MG 8 a mail group member (EXPERIMENTAL) [RFC1035]
MR 9 a mail rename domain name (EXPERIMENTAL)[RFC1035]
NULL 10 a null RR (EXPERIMENTAL) [RFC1035]
WKS 11 a well known service description [RFC1035]
PTR 12 a domain name pointer [RFC1035]
HINFO 13 host information [RFC1035]
MINFO 14 mailbox or mail list information [RFC1035]
MX 15 mail exchange [RFC1035]
TXT 16 text strings [RFC1035]

RP 17 for Responsible Person [RFC1183]
AFSDB 18 for AFS Data Base location [RFC1183]
X25 19 for X.25 PSDN address [RFC1183]
ISDN 20 for ISDN address [RFC1183]
RT 21 for Route Through [RFC1183]

NSAP 22 for NSAP address, NSAP style A record [RFC1348]
NSAP-PTR 23 for domain name pointer, NSAP style [RFC1348]

SIG 24 for security signature [Donald Eastlake]
KEY 25 for security key [Donald Eastlake]

PX 26 X.400 mail mapping information [RFC1664]

GPOS 27 Geographical Position [Craig Farrell]

AAAA 28 IP6 Address [Susan Thomson]

AXFR 252 transfer of an entire zone [RFC1035]
MAILB 253 mailbox-related RRs (MB, MG or MR) [RFC1035]
MAILA 254 mail agent RRs (Obsolete - see MX) [RFC1035]
* 255 A request for all records [RFC1035]

REFERENCES

[RFC1034] Mockapetris, P., "Domain Names - Concepts and
Facilities", STD 13, RFC 1034, USC/Information Sciences
Institute, November 1987.

[RFC1035] Mockapetris, P., "Domain Names - Implementation and
Specification", STD 13, RFC 1035, USC/Information Sciences
Institute, November 1987.

[RFC1183] Everhart, C., Mamakos, L., Ullmann, R., and P. Mockapetris,
Editors, "New DNS RR Definitions", RFC 1183, Transarc,
University of Maryland, Prime Computer, USC/Information
Sciences Institute, October 1990.

[RFC1348] Manning, B., "DNS NSAP RRs", RFC 1348, Rice University,
July 1992.

[RFC1664] Allocchio, C., Bonito, A., Cole, B., Giordano, S., and R.
Hagens, "Using the Internet DNS to Distribute RFC1327 Mail
Address Mapping Tables", GARR-Italy, Cisco Systems Inc.,
Centro Svizzero Calcolo Scientifico, Advanced Network &
Services, August 1994.

PEOPLE

[Susan Thomson] Susan Thomson

[PM1] Paul Mockapetris

[Donald Eastlake] Donald E. Eastlake, III

[Craig Farrell]

[]

URL = ftp://ftp.isi.edu/in-notes/iana/assignments/dns-parameters

MAIL ENCODING HEADER FIELD KEYWORDS

[RFC1505] specifies an initial list of keywords for the experimental
encoding header field (EHF-MAIL), and provides that additional
keywords may be registered with the IANA.

Keyword Description Reference
_______ ___________ ____________

EDIFACT EDIFACT format [RFC1505]
EDI-X12 EDI X12 format [ANSI-X12]
EVFU FORTRAN format [RFC1505]
FS File System format [RFC1505]
Hex Hex binary format [RFC1505]
LZJU90 LZJU90 format [RFC1505]
LZW LZW format [RFC1505]
Message Encapsulated Message [RFC822]
PEM, PEM-Clear Privacy Enhanced Mail [RFC1421]
PGP Pretty Good Privacy [RFC1505]
Postscript Postscript format [POSTSCRIPT]
Shar Shell Archive format [RFC1505]
Signature Signature [RFC1505]
Tar Tar format [RFC1505]
Text Text [IS-10646]
uuencode uuencode format [RFC1505]
URL external URL-reference [RFC1505]

MAIL ENCRYPTION TYPES

[RFC822] specifies that Encryption Types for mail may be assigned.
There are currently no RFC 822 encryption types assigned. Please use
instead the Mail Privacy procedures defined in [RFC1421, RFC1422,
RFC1423].

ESMTP MAIL KEYWORDS

[RFC1651] specifies that extension to SMTP can be identified with
keywords.

Keywords Description Reference

------------ -------------------------------- ---------
SEND Send as mail [RFC821]
SOML Send as mail or terminal [RFC821]
SAML Send as mail and terminal [RFC821]
EXPN Expand the mailing list [RFC821]
HELP Supply helpful information [RFC821]
TURN Turn the operation around [RFC821]
8BITMIME Use 8-bit data [RFC1652]
SIZE Message size declaration [RFC1653]
VERB Verbose [Eric Allman]
ONEX One message transaction only [Eric Allman]

MAIL EXTENSION TYPES

The Simple Mail Transfer Protocol [RFC821] specifies a set of
commands or services for mail transfer. A general procedure for
extending the set of services is defined in [RFC1651]. The set of
service extensions is listed here.

Service Ext EHLO Keyword Parameters Verb Reference
----------- ------------ ---------- ---------- ---------
Send SEND none SEND [RFC821]
Send or Mail SOML none SOML [RFC821]
Send and Mail SAML none SAML [RFC821]
Expand EXPN none EXPN [RFC821]
Help HELP none HELP [RFC821]
Turn TURN none TURN [RFC821]
8 Bit MIME 8BITMIME none none [RFC1652]
Size SIZE number none [RFC1653]

MAIL SYSTEM NAMES

In some places, an identification of other mail systems is used.

One of these is in "The COSINE and Internet X.500 Schema" (section
9.3.18) [RFC1274]. The mail system names listed here are used as the
legal values in that schema under the "otherMailbox" attribute
"mailboxType" type (which must be a PrintableString).

Another place is in "Mapping between X.400(1988) / ISO 10021 and RFC
822" (section 4.2.2) [RFC1327]. The names listed here are used as

the legal values in that schema under the "std-or-address" attribute
"registered-dd-type" type (which must be a "key-string").

Note that key-string = .

Mail System Name Description Reference
---------------- ------------------------------- ---------
mcimail MCI Mail

MAIL TRANSMISSION TYPES

The Simple Mail Transfer Protocol [RFC821] and the Standard for the
Format of ARPA Internet Text Messages [RFC822] specify that a set of
"Received" lines will be prepended to the headers of electronic mail
messages as they are transported through the Internet. These received
line may optionally include either or both a "via" phrase and/or a
"with" phrase. The legal values for the phrases are listed here. The
via phrase is intended to indicate the link or physical medium over
which the message was transferred. The with phrase is intended to
indicate the protocol or logical process that was used to transfer the
message.

VIA link types Description Reference
-------------- ---------------------------- ---------
UUCP Unix-to-Unix Copy Program [???]

WITH protocol types Description Reference
------------------- ---------------------------- ---------
SMTP Simple Mail Transfer Protocol [RFC821]
ESMTP SMTP with Service Extensions [RFC1651]

REFERENCES

[ANSI-X12]

[POSTSCRIPT] Adobe Systems Inc., "PostScript Langpuage Reference
Manual", 2nd Edition, 2nd Printing, January 1991.

[IS-10646]

[RFC821] Postel, J., "Simple Mail Transfer Protocol", STD 10, RFC 821,
USC/Information Sciences Institute, August 1982.

[RFC822] Crocker, D., "Standard for the Format of ARPA-Internet Text
Messages", STD 11, RFC 822, UDEL, August 1982.

[RFC1274] Barker, P., and S. Kille, "The COSINE and Internet X.500
Schema", RFC 1274, University College London, November 1991.

[RFC1327] Hardcastle-Kille, S., "Mapping between X.400(1988) / ISO
10021 and RFC 822", RFC 1327, University College London,
May 1992.

[RFC1421] Linn, J., "Privacy Enhancement for Internet Electronic
Mail: Part I: Message Encipherment and Authentication
Procedures", RFC 1421, IAB IRTF PSRG, IETF PEM WG,
February 1993.

[RFC1422] Kent, S., "Privacy Enhancement for Internet
Electronic Mail: Part II -- Certificate-Based Key
Management", BBN, IAB IRTF PSRG, IETF PEM, February 1993.

[RFC1423] Balenson, D., "Privacy Enhancement for Internet Electronic
Mail: Part III -- Algorithms, Modes, and Identifiers",
RFC 1423, TIS, IAB IRTF PSRG, IETF PEM WG, February 1993.

[RFC1505] Costanzo, A., Robinson, D., and R. Ullmann, "Encoding Header
Field for Internet Messages", RFC 1505, AKC Consulting,
Computervision Corporation, August 1993.

[RFC1651] Klensin, J., Freed, N., Rose, M., Stefferud, E., and D.
Crocker, "SMTP Service Extensions", RFC 1651, MCI, Innosoft,
Dover Beach Consulting, Inc., Network Management Associates,
Inc., Silicon Graphics, Inc., July 1994.

[RFC1652] Klensin, J., Freed, N., Rose, M., Stefferud, E., and D.
Crocker, "SMTP Service Extension for 8bit-MIMEtransport",
RFC 1652, MCI, Innosoft, Dover Beach Consulting, Inc.,
Network Management Associates, Inc., Silicon Graphics, Inc.,
July 1994.

[RFC1653] Klensin, J., Freed, N., and K. Moore, "SMTP Service
Extension for Message Size Declaration", RFC 1653,
MCI, Innosoft, University of Tennessee, July 1994.

PEOPLE

[Eric Allman]

[]

URL = ftp://ftp.isi.edu/in-notes/iana/assignments/mail-parameters

BOOTP AND DHCP PARAMETERS

The Bootstrap Protocol (BOOTP) [RFC951] describes an IP/UDP
bootstrap protocol (BOOTP) which allows a diskless client machine to
discover its own IP address, the address of a server host, and the
name of a file to be loaded into memory and executed. The Dynamic
Host Configuration Protocol (DHCP) [RFC1531] provides a framework for
automatic configuration of IP hosts. The "DHCP Options and BOOTP
Vendor Information Extensions" [RFC1533] describes the additions to the
Bootstrap Protocol (BOOTP) which can also be used as options with the
Dynamic Host Configuration Protocol (DHCP).

BOOTP Vendor Extensions and DHCP Options are listed below:

Tag Name Data Length Meaning
--- ---- ----------- -------
0 Pad 0 None
1 Subnet Mask 4 Subnet Mask Value
2 Time Offset 4 Time Offset in
Seconds from UTC
3 Gateways N N/4 Gateway addresses
4 Time Server N N/4 Timeserver addresses
5 Name Server N N/4 IEN-116 Server addresses
6 Domain Server N N/4 DNS Server addresses
7 Log Server N N/4 Logging Server addresses
8 Quotes Server N N/4 Quotes Server addresses
9 LPR Server N N/4 Printer Server addresses
10 Impress Server N N/4 Impress Server addresses
11 RLP Server N N/4 RLP Server addresses
12 Hostname N Hostname string
13 Boot File Size 2 Size of boot file in 512 byte
chunks
14 Merit Dump File Client to dump and name
the file to dump it to
15 Domain Name N The DNS domain name of the
client
16 Swap Server N Swap Server addeess
17 Root Path N Path name for root disk
18 Extension File N Path name for more BOOTP info

19 Forward On/Off 1 Enable/Disable IP Forwarding
20 SrcRte On/Off 1 Enable/Disable Source Routing
21 Policy Filter N Routing Policy Filters
22 Max DG Assembly 2 Max Datagram Reassembly Size
23 Default IP TTL 1 Default IP Time to Live
24 MTU Timeout 4 Path MTU Aging Timeout
25 MTU Plateau N Path MTU Plateau Table

26 MTU Interface 2 Interface MTU Size
27 MTU Subnet 1 All Subnets are Local
28 Broadcast Address 4 Broadcast Address
29 Mask Discovery 1 Perform Mask Discovery
30 Mask Supplier 1 Provide Mask to Others
31 Router Discovery 1 Perform Router Discovery
32 Router Request 4 Router Solicitation Address
33 Static Route N Static Routing Table
34 Trailers 1 Trailer Encapsulation
35 ARP Timeout 4 ARP Cache Timeout
36 Ethernet 1 Ethernet Encapsulation
37 Default TCP TTL 1 Default TCP Time to Live
38 Keepalive Time 4 TCP Keepalive Interval
39 Keepalive Data 1 TCP Keepalive Garbage
40 NIS Domain N NIS Domain Name
41 NIS Servers N NIS Server Addresses
42 NTP Servers N NTP Server Addresses
43 Vendor Specific N Vendor Specific Information
44 NETBIOS Name Srv N NETBIOS Name Servers
45 NETBIOS Dist Srv N NETBIOS Datagram Distribution
46 NETBIOS Note Type 1 NETBIOS Note Type
47 NETBIOS Scope N NETBIOS Scope
48 X Window Font N X Window Font Server
49 X Window Manmager N X Window Display Manager
50 Address Request 4 Requested IP Address
51 Address Time 4 IP Address Lease Time
52 Overload 1 Overloaf "sname" or "file"
53 DHCP Msg Type 1 DHCP Message Type
54 DHCP Server Id 4 DHCP Server Identification
55 Parameter List N Parameter Request List
56 DHCP Message N DHCP Error Message
57 DHCP Max Msg Size 2 DHCP Maximum Message Size
58 Renewal Time 4 DHCP Renewal (T1) Time
59 Rebinding Time 4 DHCP Rebinding (T2) Time
60 Class Id N Class Identifier
61 Client Id N Client Identifier
62 Netware/IP Domain N Netware/IP Domain Name
63 Netware/IP Option N Netware/IP sub Options

64-127 Unassigned
128-154 Reserved

255 End 0 None

REFERENCES

[RFC951] Croft, B., and J. Gilmore, "BOOTSTRAP Protocol (BOOTP)",
RFC-951, Stanford and SUN Microsytems, September 1985.

[RFC1531] Droms, R., "Dynamic Host Configuration Protocol", Bucknell
University, October 1993.

[RFC1533] Alexander, S., and R. Droms, "DHCP Options and BOOTP Vendor
Extensions", Lachman Technology, Inc., Bucknell University,
October 1993.

[]

URL = ftp://ftp.isi.edu/in-notes/iana/assignments/bootp-and-dhcp-
parameters

ADDRESS FAMILY NUMBERS

Several protocols deal with multiple address families. The 16-bit
assignments are listed here.

Number Description Reference
------ ---------------------------------------------------- ---------
0 Reserved
1 IP (IP version 4)
2 IP6 (IP version 6)
3 NSAP
4 HDLC (8-bit multidrop)
5 BBN 1822
6 802 (includes all 802 media plus Ethernet "canonical format")
7 E.163
8 E.164 (SMDS, Frame Relay, ATM)
9 F.69 (Telex)
10 X.121 (X.25, Frame Relay)
11 IPX
12 Appletalk
13 Decnet IV
14 Banyan Vines
65535 Reserved

[]

URL = ftp://ftp.isi.edu/in-notes/iana/assignments/address-family-numbers

FOOBAR AF NUMBERS

In the FTP Operation Over Big Address Records (FOOBAR) Protocol
[RFC1639] there is a field, called "address family" or "af", to
identify the lower level protocol addresses in use. This is an 8 bit
field. The first 16 assignments (0-15) of the af value are exactly
the same as the IP Version number. The assignment for values 16-255
are listed here.

Assigned FOOBAR Address Families

Decimal Keyword Address Family References
------- ------- -------------- ----------
16 IPX Novell IPX
17-254 Unassigned
255 Reserved

REFERENCES

[RFC1639] Piscitello, D., "FTP Operation Over Big Address Records
(FOOBAR)", Core Competence, Inc., June 1994.

[]

URL = ftp://ftp.isi.edu/in-notes/iana/assignments/foobar-af-numbers

DIRECTORY SYSTEM NAMES

In the representation of distinquished names (and possibly other
contexts) of the X.500 Directory system, several unique keywords may
be necessary. For example, in the string representation of
distinguished names [RFC1485].

Keyword Attribute (X.520 keys)
------- ---------------------------------
CN CommonName
L LocalityName
ST StateOrProvinceName
O OrganizationName
OU OrganizationalUnitName
C CountryName

REFERENCES

[RFC1485] Hardcastle-Kille, S., "A String Representation of
Distinguished Names (OSI-DS 23 (v5))", RFC1485, ISODE
Consortium, July 1993.

[]

URL = ftp://ftp.isi.edu/in-notes/iana/assignments/directory-system-names
PUBLISHER IDENTIFICATION CODE

The RFC "A Format for E-Mailing Bibliographic Records" [RFC1357]
establishs a "publisher-ID" code. The IANA registry of these codes is
listed here.

Code Publisher Reference
------ ------------------------------------------------------- ---------
DUMMY for testing only [RFC1357]
TEST for testing only [RFC1357]
ISI Information Sciences Institute [JBP]
of the University of Southern California
UMCS University of Manchester Computer Science Department [TXC]

REFERENCES

[RFC1357] Cohen, D., Editor, "A Format for E-mailing Bibliographic
Records", RFC 1357, USC/Information Sciences Institute,
July 1992.

PEOPLE

[JBP] Jon Postel

[TXC] Tim Clement

[]

URL = ftp://ftp.isi.edu/in-notes/iana/assignments/publisher-id

OSPF AUTHENTICATION CODES

The Open Shotrest Path First (OSPF) protocols has a provision for
authentication, and the type of authentication can me indicated by a
code number. The following are the registered authentication codes.

Code Authentication Method Reference
---- --------------------- ---------
0 No Authentication [RFC1583]
1 Simple Password Authentication [RFC1583]
2-65535 Reserved

REFERENCES

[RFC1583] Moy, J., "OSPF Version 2", RFC 1583, Proteon, Inc., March
1994.

[RFC1584] Moy, J., "Multicast Extensions to OSPF", RFC 1584, Proteon,
Inc., March 1994.

[RFC1585] Moy, J., "MOSPF: Analysis and Experience", RFC 1585,
Proteon, Inc., March 1994.

[RFC1586] deSouza, O., and M. Rodrigues, "Guidelines for Running OSPF
Over Frame Relay Networks", RFC 1586, AT&T Bell
Laboratories, March 1994.

[RFC1587] Coltun, R., and V. Fuller, "The OSPF NSSA Option", RFC 1587,
RainbowBridge Communications, BARRNet, March 1994.

[]

URL = ftp://ftp.isi.edu/in-notes/iana/assignments/ospf-authentication-
codes

MEDIA TYPES

[RFC1521] specifies that Content Types, Content Subtypes, Character
Sets, Access Types, and Conversion values for MIME mail will be
assigned and listed by the IANA.

Content Types and Subtypes
--------------------------

Type Subtype Description Reference
---- ------- ----------- ---------
text plain [RFC1521,NSB]
richtext [RFC1521,NSB]
tab-separated-values [Paul Lindner]

multipart mixed [RFC1521,NSB]
alternative [RFC1521,NSB]
digest [RFC1521,NSB]
parallel [RFC1521,NSB]
appledouble [MacMime,Patrik Faltstrom]
header-set [Dave Crocker]

message rfc822 [RFC1521,NSB]
partial [RFC1521,NSB]
external-body [RFC1521,NSB]
news [RFC 1036, Henry Spencer]

application octet-stream [RFC1521,NSB]
postscript [RFC1521,NSB]
oda [RFC1521,NSB]
atomicmail [atomicmail,NSB]
andrew-inset [andrew-inset,NSB]
slate [slate,terry crowley]
wita [Wang Info Transfer,Larry Campbell]
dec-dx [Digital Doc Trans, Larry Campbell]
dca-rft [IBM Doc Content Arch, Larry Campbell]
activemessage [Ehud Shapiro]
rtf [Paul Lindner]
applefile [MacMime,Patrik Faltstrom]
mac-binhex40 [MacMime,Patrik Faltstrom]
news-message-id [RFC1036, Henry Spencer]
news-transmission [RFC1036, Henry Spencer]
wordperfect5.1 [Paul Lindner]
pdf [Paul Lindner]
zip [Paul Lindner]
macwriteii [Paul Lindner]

msword [Paul Lindner]
remote-printing [RFC1486,MTR]

image jpeg [RFC1521,NSB]
gif [RFC1521,NSB]
ief Image Exchange Format [RFC1314]
tiff Tag Image File Format [MTR]

audio basic [RFC1521,NSB]

video mpeg [RFC1521,NSB]
quicktime [Paul Lindner]

The "media-types" directory contains a subdirectory for each content
type and each of those directories contains a file for each content
subtype.

|-application-
|-audio-------
|-image-------
|-media-types-|-message-----
|-multipart---
|-text--------
|-video-------

URL = ftp://ftp.isi.edu/in-notes/iana/assignments/media-types

Character Sets
--------------

All of the character sets listed the section on Character Sets are
registered for use with MIME as MIME Character Sets. The
correspondance between the few character sets listed in the MIME
specification [RFC1521] and the list in that section are:

Type Description Reference
---- ----------- ---------
US-ASCII see ANSI_X3.4-1968 below [RFC1521,NSB]
ISO-8859-1 see ISO_8859-1:1987 below [RFC1521,NSB]
ISO-8859-2 see ISO_8859-2:1987 below [RFC1521,NSB]
ISO-8859-3 see ISO_8859-3:1988 below [RFC1521,NSB]
ISO-8859-4 see ISO_8859-4:1988 below [RFC1521,NSB]
ISO-8859-5 see ISO_8859-5:1988 below [RFC1521,NSB]
ISO-8859-6 see ISO_8859-6:1987 below [RFC1521,NSB]
ISO-8859-7 see ISO_8859-7:1987 below [RFC1521,NSB]
ISO-8859-8 see ISO_8859-8:1988 below [RFC1521,NSB]
ISO-8859-9 see ISO_8859-9:1989 below [RFC1521,NSB]

Access Types
------------

Type Description Reference
---- ----------- ---------
FTP [RFC1521,NSB]
AN ON-FTP [RFC1521,NSB]
TFTP [RFC1521,NSB]
AFS [RFC1521,NSB]
LOCAL-FILE [RFC1521,NSB]
MAIL-SERVER [RFC1521,NSB]

Conversion Values
-----------------

Conversion values or Content Transfer Encodings.

Type Description Reference
---- ----------- ---------
7BIT [RFC1521,NSB]
8BIT [RFC1521,NSB]
BASE64 [RFC1521,NSB]
BINARY [RFC1521,NSB]
QUOTED-PRINTABLE [RFC1521,NSB]

MIME / X.400 MAPPING TABLES

MIME to X.400 Table

MIME content-type X.400 Body Part Reference
----------------- ------------------ ---------
text/plain
charset=us-ascii ia5-text [RFC1494]
charset=iso-8859-x EBP - GeneralText [RFC1494]
text/richtext no mapping defined [RFC1494]
application/oda EBP - ODA [RFC1494]
application/octet-stream bilaterally-defined [RFC1494]
application/postscript EBP - mime-postscript-body [RFC1494]
image/g3fax g3-facsimile [RFC1494]
image/jpeg EBP - mime-jpeg-body [RFC1494]
image/gif EBP - mime-gif-body [RFC1494]
audio/basic no mapping defined [RFC1494]
video/mpeg no mapping defined [RFC1494]

Abbreviation: EBP - Extended Body Part

X.400 to MIME Table

Basic Body Parts

X.400 Basic Body Part MIME content-type Reference
--------------------- -------------------- ---------
ia5-text text/plain;charset=us-ascii [RFC1494]
voice No Mapping Defined [RFC1494]
g3-facsimile image/g3fax [RFC1494]
g4-class1 no mapping defined [RFC1494]
teletex no mapping defined [RFC1494]
videotex no mapping defined [RFC1494]
encrypted no mapping defined [RFC1494]
bilaterally-defined application/octet-stream [RFC1494]
nationally-defined no mapping defined [RFC1494]
externally-defined See Extended Body Parts [RFC1494]

X.400 Extended Body Part MIME content-type Reference
------------------------- -------------------- ---------
GeneralText text/plain;charset=iso-8859-x[RFC1494]
ODA application/oda [RFC1494]
mime-postscript-body application/postscript [RFC1494]
mime-jpeg-body image/jpeg [RFC1494]
mime-gif-body image/gif [RFC1494]

REFERENCES

[MacMime] Work in Progress.

[RFC1036] Horton, M., and R. Adams, "Standard for Interchange of
USENET Messages", RFC 1036, AT&T Bell Laboratories,
Center for Seismic Studies, December 1987.

[RFC1494] Alvestrand, H., and S. Thompson, "Equivalences between 1988
X.400 and RFC-822 Message Bodies", RFC 1494, SINTEF DELAB,
Soft*Switch, Inc., August 1993.

[RFC1521] Borenstien, N., and N. Freed, "MIME (Multipurpose Internet
Mail Extensions) Part One: Mechanisms for Specifying and
Describing the Format of Internet Message Bodies", RFC 1521,
Bellcore, Innosoft, September 1993.

PEOPLE

[Larry Campbell]

[Dave Crocker] Dave Crocker

[Terry Crowley]

[NSB] Nathaniel Borenstein

[MTR] Marshall Rose

[Paul Lindner]

[PXF] Patrik Faltstrom

[Ehud Shapiro]

[Henry Spencer]

[]

URL = ftp://ftp.isi.edu/in-notes/iana/assignments/media-types/media-
types

CHARACTER SETS

These are the official names for character sets that may be used in
the Internet and may be referred to in Internet documentation. These
names are expressed in ANSI_X3.4-1968 which is commonly called
US-ASCII or simply ASCII. The character set most commonly use in the
Internet and used especially in protocol standards is US-ASCII, this
is strongly encouraged. The use of the name US-ASCII is also
encouraged.

The character set names may be up to 40 characters taken from the
printable characters of US-ASCII. However, no distinction is made
between use of upper and lower case letters.

Character Set Reference
------------- ---------

Name: ANSI_X3.4-1968 [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-6
Alias: ANSI_X3.4-1986
Alias: ISO_646.irv:1991
Alias: ASCII
Alias: ISO646-US
Alias: US-ASCII
Alias: us
Alias: IBM367
Alias: cp367

Name: ISO-10646-UCS-2
Source: the 2-octet Basic Multilingual Plane, aka Unicode
this needs to specify network byte order: the standard
does not specify (it is a 16-bit integer space)

Name: ISO-10646-UCS-4
Source: the full code space. (same comment about byte order,
these are 31-bit numbers.

Name: ISO-10646-UTF-1
Source: Universal Transfer Format (1), this is the multibyte
encoding, that subsets ASCII-7. It does not have byte
ordering issues.

Name: ISO_646.basic:1983 [RFC1345,KXS2]
Source: ECMA registry
Alias: ref

Name: INVARIANT [RFC1345,KXS2]

Name: ISO_646.irv:1983 [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-2
Alias: irv

Name: BS_4730 [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-4
Alias: ISO646-GB
Alias: gb
Alias: uk

Name: NATS-SEFI [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-8-1

Name: NATS-SEFI-ADD [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-8-2

Name: NATS-DANO [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-9-1

Name: NATS-DANO-ADD [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-9-2

Name: SEN_850200_B [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-10
Alias: FI
Alias: ISO646-FI
Alias: ISO646-SE
Alias: se

Name: SEN_850200_C [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-11
Alias: ISO646-SE2
Alias: se2

Name: KS_C_5601-1987 [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-149
Alias: KS_C_5601-1989
Alias: KSC_5601
Alias: korean

Name: ISO-2022-KR [RFC1557,Choi]
Source: RFC-1557 (see also KS_C_5601-1987)

Name: EUC-KR [RFC1557,Choi]
Source: RFC-1557 (see also KS_C_5861-1992)

Name: ISO-2022-JP [RFC1468,Murai]
Source: RFC-1468

Name: ISO-2022-JP-2 [RFC1554,Ohta]
Source: RFC-1554

Name: JIS_C6220-1969-jp [RFC1345,KXS2]
Source: ECMA registry
Alias: JIS_C6220-1969
Alias: iso-ir-13
Alias: katakana
Alias: x0201-7

Name: JIS_C6220-1969-ro [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-14
Alias: jp
Alias: ISO646-JP

Name: IT [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-15
Alias: ISO646-IT

Name: PT [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-16
Alias: ISO646-PT

Name: ES [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-17
Alias: ISO646-ES

Name: greek7-old [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-18

Name: latin-greek [RFC1345,KXS2]

Source: ECMA registry
Alias: iso-ir-19

Name: DIN_66003 [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-21
Alias: de
Alias: ISO646-DE

Name: NF_Z_62-010_(1973) [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-25
Alias: ISO646-FR1

Name: Latin-greek-1 [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-27

Name: ISO_5427 [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-37

Name: JIS_C6226-1978 [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-42

Name: BS_viewdata [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-47

Name: INIS [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-49

Name: INIS-8 [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-50

Name: INIS-cyrillic [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-51

Name: ISO_5427:1981 [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-54

Name: ISO_5428:1980 [RFC1345,KXS2]
Source: ECMA registry

Alias: iso-ir-55

Name: GB_1988-80 [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-57
Alias: cn
Alias: ISO646-CN

Name: GB_2312-80 [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-58
Alias: chinese

Name: NS_4551-1 [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-60
Alias: ISO646-NO
Alias: no

Name: NS_4551-2 [RFC1345,KXS2]
Source: ECMA registry
Alias: ISO646-NO2
Alias: iso-ir-61
Alias: no2

Name: NF_Z_62-010 [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-69
Alias: ISO646-FR
Alias: fr

Name: videotex-suppl [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-70

Name: PT2 [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-84
Alias: ISO646-PT2

Name: ES2 [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-85
Alias: ISO646-ES2

Name: MSZ_7795.3 [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-86

Alias: ISO646-HU
Alias: hu

Name: JIS_C6226-1983 [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-87
Alias: x0208
Alias: JIS_X0208-1983

Name: greek7 [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-88

Name: ASMO_449 [RFC1345,KXS2]
Source: ECMA registry
Alias: ISO_9036
Alias: arabic7
Alias: iso-ir-89

Name: iso-ir-90 [RFC1345,KXS2]
Source: ECMA registry

Name: JIS_C6229-1984-a [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-91
Alias: jp-ocr-a

Name: JIS_C6229-1984-b [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-92
Alias: ISO646-JP-OCR-B
Alias: jp-ocr-b

Name: JIS_C6229-1984-b-add [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-93
Alias: jp-ocr-b-add

Name: JIS_C6229-1984-hand [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-94
Alias: jp-ocr-hand

Name: JIS_C6229-1984-hand-add [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-95
Alias: jp-ocr-hand-add

Name: JIS_C6229-1984-kana [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-96

Name: ISO_2033-1983 [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-98
Alias: e13b

Name: ANSI_X3.110-1983 [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-99
Alias: CSA_T500-1983
Alias: NAPLPS

Name: ISO_8859-1:1987 [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-100
Alias: ISO_8859-1
Alias: ISO-8859-1
Alias: latin1
Alias: l1
Alias: IBM819
Alias: CP819

Name: ISO_8859-2:1987 [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-101
Alias: ISO_8859-2
Alias: ISO-8859-2
Alias: latin2
Alias: l2

Name: T.61-7bit [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-102

Name: T.61-8bit [RFC1345,KXS2]
Alias: T.61
Source: ECMA registry
Alias: iso-ir-103

Name: ISO_8859-3:1988 [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-109
Alias: ISO_8859-3
Alias: ISO-8859-3
Alias: latin3

Alias: l3

Name: ISO_8859-4:1988 [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-110
Alias: ISO_8859-4
Alias: ISO-8859-4
Alias: latin4
Alias: l4

Name: ECMA-cyrillic [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-111

Name: CSA_Z243.4-1985-1 [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-121
Alias: ISO646-CA
Alias: csa7-1
Alias: ca

Name: CSA_Z243.4-1985-2 [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-122
Alias: ISO646-CA2
Alias: csa7-2

Name: CSA_Z243.4-1985-gr [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-123

Name: ISO_8859-6:1987 [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-127
Alias: ISO_8859-6
Alias: ISO-8859-6
Alias: ECMA-114
Alias: ASMO-708
Alias: arabic

Name: ISO_8859-6-E [RFC1556,IANA]
Source: RFC-1556

Name: ISO_8859-6-I [RFC1556,IANA]
Source: RFC-1556

Name: ISO_8859-7:1987 [RFC1345,KXS2]
Source: ECMA registry

Alias: iso-ir-126
Alias: ISO_8859-7
Alias: ISO-8859-7
Alias: ELOT_928
Alias: ECMA-118
Alias: greek
Alias: greek8

Name: T.101-G2 [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-128

Name: ISO_8859-8:1988 [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-138
Alias: ISO_8859-8
Alias: ISO-8859-8
Alias: hebrew

Name: ISO_8859-8-E [RFC1556,Nussbacher]
Source: RFC-1556

Name: ISO_8859-8-I [RFC1556,Nussbacher]
Source: RFC-1556

Name: CSN_369103 [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-139

Name: JUS_I.B1.002 [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-141
Alias: ISO646-YU
Alias: js
Alias: yu

Name: ISO_6937-2-add [RFC1345,KXS2]
Source: ECMA registry and ISO 6937-2:1983
Alias: iso-ir-142

Name: IEC_P27-1 [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-143

Name: ISO_8859-5:1988 [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-144
Alias: ISO_8859-5

Alias: ISO-8859-5
Alias: cyrillic

Name: JUS_I.B1.003-serb [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-146
Alias: serbian

Name: JUS_I.B1.003-mac [RFC1345,KXS2]
Source: ECMA registry
Alias: macedonian
Alias: iso-ir-147

Name: ISO_8859-9:1989 [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-148
Alias: ISO_8859-9
Alias: ISO-8859-9
Alias: latin5
Alias: l5

Name: greek-ccitt [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-150

Name: NC_NC00-10:81 [RFC1345,KXS2]
Source: ECMA registry
Alias: cuba
Alias: iso-ir-151
Alias: ISO646-CU

Name: ISO_6937-2-25 [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-152

Name: GOST_19768-74 [RFC1345,KXS2]
Source: ECMA registry
Alias: ST_SEV_358-88
Alias: iso-ir-153

Name: ISO_8859-supp [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-154
Alias: latin1-2-5

Name: ISO_10367-box [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-155

Name: latin6 [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-157
Alias: l6

Name: latin-lap [RFC1345,KXS2]
Source: ECMA registry
Alias: lap
Alias: iso-ir-158

Name: JIS_X0212-1990 [RFC1345,KXS2]
Source: ECMA registry
Alias: x0212
Alias: iso-ir-159

Name: DS_2089 [RFC1345,KXS2]
Source: Danish Standard, DS 2089, February 1974
Alias: DS2089
Alias: ISO646-DK
Alias: dk

Name: us-dk [RFC1345,KXS2]

Name: dk-us [RFC1345,KXS2]

Name: JIS_X0201 [RFC1345,KXS2]
Alias: X0201

Name: KSC5636 [RFC1345,KXS2]
Alias: ISO646-KR

Name: DEC-MCS [RFC1345,KXS2]
Source: VAX/VMS User's Manual,
Order Number: AI-Y517A-TE, April 1986.
Alias: dec

Name: hp-roman8 [RFC1345,KXS2]
Source: LaserJet IIP Printer User's Manual,
HP part no 33471-90901, Hewlet-Packard, June 1989.
Alias: roman8
Alias: r8

Name: macintosh [RFC1345,KXS2]
Source: The Unicode Standard ver1.0, ISBN 0-201-56788-1, Oct 1991
Alias: mac

Name: IBM037 [RFC1345,KXS2]
Source: IBM NLS RM Vol2 SE09-8002-01, March 1990

Alias: cp037
Alias: ebcdic-cp-us
Alias: ebcdic-cp-ca
Alias: ebcdic-cp-wt
Alias: ebcdic-cp-nl

Name: IBM038 [RFC1345,KXS2]
Source: IBM 3174 Character Set Ref, GA27-3831-02, March 1990
Alias: EBCDIC-INT
Alias: cp038

Name: IBM273 [RFC1345,KXS2]
Source: IBM NLS RM Vol2 SE09-8002-01, March 1990
Alias: CP273

Name: IBM274 [RFC1345,KXS2]
Source: IBM 3174 Character Set Ref, GA27-3831-02, March 1990
Alias: EBCDIC-BE
Alias: CP274

Name: IBM275 [RFC1345,KXS2]
Source: IBM NLS RM Vol2 SE09-8002-01, March 1990
Alias: EBCDIC-BR
Alias: cp275

Name: IBM277 [RFC1345,KXS2]
Source: IBM NLS RM Vol2 SE09-8002-01, March 1990
Alias: EBCDIC-CP-DK
Alias: EBCDIC-CP-NO

Name: IBM278 [RFC1345,KXS2]
Source: IBM NLS RM Vol2 SE09-8002-01, March 1990
Alias: CP278
Alias: ebcdic-cp-fi
Alias: ebcdic-cp-se

Name: IBM280 [RFC1345,KXS2]
Source: IBM NLS RM Vol2 SE09-8002-01, March 1990
Alias: CP280
Alias: ebcdic-cp-it

Name: IBM281 [RFC1345,KXS2]
Source: IBM 3174 Character Set Ref, GA27-3831-02, March 1990
Alias: EBCDIC-JP-E
Alias: cp281

Name: IBM284 [RFC1345,KXS2]
Source: IBM NLS RM Vol2 SE09-8002-01, March 1990

Alias: CP284
Alias: ebcdic-cp-es

Name: IBM285 [RFC1345,KXS2]
Source: IBM NLS RM Vol2 SE09-8002-01, March 1990
Alias: CP285
Alias: ebcdic-cp-gb

Name: IBM290 [RFC1345,KXS2]
Source: IBM 3174 Character Set Ref, GA27-3831-02, March 1990
Alias: cp290
Alias: EBCDIC-JP-kana

Name: IBM297 [RFC1345,KXS2]
Source: IBM NLS RM Vol2 SE09-8002-01, March 1990
Alias: cp297
Alias: ebcdic-cp-fr

Name: IBM420 [RFC1345,KXS2]
Source: IBM NLS RM Vol2 SE09-8002-01, March 1990,
IBM NLS RM p 11-11
Alias: cp420
Alias: ebcdic-cp-ar1

Name: IBM423 [RFC1345,KXS2]
Source: IBM NLS RM Vol2 SE09-8002-01, March 1990
Alias: cp423
Alias: ebcdic-cp-gr

Name: IBM424 [RFC1345,KXS2]
Source: IBM NLS RM Vol2 SE09-8002-01, March 1990
Alias: cp424
Alias: ebcdic -cp-he

Name: IBM437 [RFC1345,KXS2]
Source: IBM NLS RM Vol2 SE09-8002-01, March 1990
Alias: cp437
Alias: 437

Name: IBM500 [RFC1345,KXS2]
Source: IBM NLS RM Vol2 SE09-8002-01, March 1990
Alias: CP500
Alias: ebcdic-cp-be
Alias: ebcdic-cp-ch

Name: IBM850 [RFC1345,KXS2]
Source: IBM NLS RM Vol2 SE09-8002-01, March 1990
Alias: cp850

Alias: 850

Name: IBM851 [RFC1345,KXS2]
Source: IBM NLS RM Vol2 SE09-8002-01, March 1990
Alias: cp851
Alias: 851

Name: IBM852 [RFC1345,KXS2]
Source: IBM NLS RM Vol2 SE09-8002-01, March 1990
Alias: cp852
Alias: 852

Name: IBM855 [RFC1345,KXS2]
Source: IBM NLS RM Vol2 SE09-8002-01, March 1990
Alias: cp855
Alias: 855

Name: IBM857 [RFC1345,KXS2]
Source: IBM NLS RM Vol2 SE09-8002-01, March 1990
Alias: cp857
Alias: 857

Name: IBM860 [RFC1345,KXS2]
Source: IBM NLS RM Vol2 SE09-8002-01, March 1990
Alias: cp860
Alias: 860

Name: IBM861 [RFC1345,KXS2]
Source: IBM NLS RM Vol2 SE09-8002-01, March 1990
Alias: cp861
Alias: 861
Alias: cp-is

Name: IBM862 [RFC1345,KXS2]
Source: IBM NLS RM Vol2 SE09-8002-01, March 1990
Alias: cp862
Alias: 862

Name: IBM863 [RFC1345,KXS2]
Source: IBM Keyboard layouts and code pages, PN 07G4586 June 1991
Alias: cp863
Alias: 863

Name: IBM864 [RFC1345,KXS2]
Source: IBM Keyboard layouts and code pages, PN 07G4586 June 1991
Alias: cp864

Name: IBM865 [RFC1345,KXS2]

Source: IBM DOS 3.3 Ref (Abridged), 94X9575 (Feb 1987)
Alias: cp865
Alias: 865

Name: IBM868 [RFC1345,KXS2]
Source: IBM NLS RM Vol2 SE09-8002-01, March 1990
Alias: CP868
Alias: cp-ar

Name: IBM869 [RFC1345,KXS2]
Source: IBM Keyboard layouts and code pages, PN 07G4586 June 1991
Alias: cp869
Alias: 869
Alias: cp-gr

Name: IBM870 [RFC1345,KXS2]
Source: IBM NLS RM Vol2 SE09-8002-01, March 1990
Alias: CP870
Alias: ebcdic-cp-roece
Alias: ebcdic-cp-yu

Name: IBM871 [RFC1345,KXS2]
Source: IBM NLS RM Vol2 SE09-8002-01, March 1990
Alias: CP871
Alias: ebcdic-cp-is

Name: IBM880 [RFC1345,KXS2]
Source: IBM NLS RM Vol2 SE09-8002-01, March 1990
Alias: cp880
Alias: EBCDIC-Cyrillic

Name: IBM891 [RFC1345,KXS2]
Source: IBM NLS RM Vol2 SE09-8002-01, March 1990
Alias: cp891

Name: IBM903 [RFC1345,KXS2]
Source: IBM NLS RM Vol2 SE09-8002-01, March 1990
Alias: cp903

Name: IBM904 [RFC1345,KXS2]
Source: IBM NLS RM Vol2 SE09-8002-01, March 1990
Alias: cp904
Alias: 904

Name: IBM905 [RFC1345,KXS2]
Source: IBM 3174 Character Set Ref, GA27-3831-02, March 1990
Alias: CP905
Alias: ebcdic-cp-tr

Name: IBM918 [RFC1345,KXS2]
Source: IBM NLS RM Vol2 SE09-8002-01, March 1990
Alias: CP918
Alias: ebcdic-cp-ar2

Name: IBM1026 [RFC1345,KXS2]
Source: IBM NLS RM Vol2 SE09-8002-01, March 1990
Alias: CP1026

Name: EBCDIC-AT-DE [RFC1345,KXS2]
Source: IBM 3270 Char Set Ref Ch 10, GA27-2837-9, April 1987

Name: EBCDIC-AT-DE-A [RFC1345,KXS2]
Source: IBM 3270 Char Set Ref Ch 10, GA27-2837-9, April 1987

Name: EBCDIC-CA-FR [RFC1345,KXS2]
Source: IBM 3270 Char Set Ref Ch 10, GA27-2837-9, April 1987

Name: EBCDIC-DK-NO [RFC1345,KXS2]
Source: IBM 3270 Char Set Ref Ch 10, GA27-2837-9, April 1987

Name: EBCDIC-DK-NO-A [RFC1345,KXS2]
Source: IBM 3270 Char Set Ref Ch 10, GA27-2837-9, April 1987

Name: EBCDIC-FI-SE [RFC1345,KXS2]
Source: IBM 3270 Char Set Ref Ch 10, GA27-2837-9, April 1987

Name: EBCDIC-FI-SE-A [RFC1345,KXS2]
Source: IBM 3270 Char Set Ref Ch 10, GA27-2837-9, April 1987

Name: EBCDIC-FR [RFC1345,KXS2]
Source: IBM 3270 Char Set Ref Ch 10, GA27-2837-9, April 1987

Name: EBCDIC-IT [RFC1345,KXS2]
Source: IBM 3270 Char Set Ref Ch 10, GA27-2837-9, April 1987

Name: EBCDIC-PT [RFC1345,KXS2]
Source: IBM 3270 Char Set Ref Ch 10, GA27-2837-9, April 1987

Name: EBCDIC-ES [RFC1345,KXS2]
Source: IBM 3270 Char Set Ref Ch 10, GA27-2837-9, April 1987

Name: EBCDIC-ES-A [RFC1345,KXS2]
Source: IBM 3270 Char Set Ref Ch 10, GA27-2837-9, April 1987

Name: EBCDIC-ES-S [RFC1345,KXS2]
Source: IBM 3270 Char Set Ref Ch 10, GA27-2837-9, April 1987

Name: EBCDIC-UK [RFC1345,KXS2]
Source: IBM 3270 Char Set Ref Ch 10, GA27-2837-9, April 1987

Name: EBCDIC-US [RFC1345,KXS2]
Source: IBM 3270 Char Set Ref Ch 10, GA27-2837-9, April 1987

Name: UNKNOWN-8BIT [RFC1428]

Name: MNEMONIC [RFC1345,KXS2]
Source: RFC 1345, also known as "mnemonic+ascii+38"

Name: MNEM [RFC1345,KXS2]
Source: RFC 1345, also known as "mnemonic+ascii+8200"

Name: VISCII [RFC1456]
Source: RFC 1456

Name: VIQR [RFC1456]
Source: RFC 1456

Name: KOI8-R [RFC1489]
Source: RFC 1489, based on GOST-19768-74, ISO-6937/8,
INIS-Cyrillic, ISO-5427.

Name: UNICODE-1-1 [RFC1641]
Source: RFC 1641

Name: UNICODE-1-1-UTF-7 [RFC1642]
Source: RFC 1642

REFERENCES

[RFC1345] Simonsen, K., "Character Mnemonics & Character Sets",
RFC 1345, Rationel Almen Planlaegning, Rationel Almen
Planlaegning, June 1992.

[RFC1428] Vaudreuil, G., "Transition of Internet Mail from
Just-Send-8 to 8bit-SMTP/MIME", RFC1428, CNRI, February
1993.

[RFC1456] Vietnamese Standardization Working Group, "Conventions for
Encoding the Vietnamese Language VISCII: VIetnamese
Standard Code for Information Interchange VIQR: VIetnamese
Quoted-Readable Specification Revision 1.1", RFC 145 6, May
1993.

[RFC1468] Murai, J., Crispin, M., and E. van der Poel, "Japanese
Character Encoding for Internet Messages", RFC 1468,

Keio University, Panda Programming, June 1993.

[RFC1489] Chernov, A., "Registration of a Cyrillic Character Set",
RFC1489, RELCOM Development Team, July 1993.

[RFC1554] Ohta, M., and K. Handa, "ISO-2022-JP-2: Multilingual
Extension of ISO-2022-JP", RFC1554, Tokyo Institute of
Technology, ETL, December 1993.

[RFC1556] Nussbacher, H., "Handling of Bi-directional Texts in MIME",
RFC1556, Israeli Inter-University, December 1993.

[RFC1557] Choi, U., Chon, K., and H. Park, "Korean Character Encoding
for Internet Messages", KAIST, Solvit Chosun Media,
December 1993.

[RFC1641] Goldsmith, D., and M. Davis, "Using Unicode with MIME",
RFC1641, Taligent, Inc., July 1994.

[RFC1642] Goldsmith, D., and M. Davis, "UTF-7", RFC1642, Taligent,
Inc., July 1994.

PEOPLE

[KXS2] Keld Simonsen

[Choi] Uhhyung Choi

[Murai] Jun Murai

[Ohta] Masataka Ohta

[Nussbacher] Hank Nussbacher

[]

URL = ftp://ftp.isi.edu/in-notes/iana/assignments/character-sets

NETWORK MANAGEMENT PARAMETERS

For the management of hosts and gateways on the Internet a data
structure for the information has been defined. This data structure
should be used with any of several possible management protocols, such
as the "Simple Network Management Protocol" (SNMP) [RFC1157], or the
"Common Management Information Protocol over TCP" (CMOT) [RFC1095].

The data structure is the "Structure and Indentification of Management
Information for TCP/IP-based Internets" (SMI) [RFC1155], and the
"Management Information Base for Network Management of TCP/IP-based
Internets" (MIB-II) [RFC1213].

The SMI includes the provision for panrameters or codes to indicate
experimental or private data structures. These parameter assignments
are listed here.

The older "Simple Gateway Monitoring Protocol" (SGMP) [RFC1028] also
defined a data structure. The parameter assignments used with SGMP
are included here for historical completeness.

The network management object identifiers are under the iso (1), org
(3), dod (6), internet (1), or 1.3.6.1, branch of the name space.

The major branches are:

1 iso
1.3 org
1.3.6 dod
1.3.6.1 internet
1.3.6.1.1 directory
1.3.6.1.2 mgmt
1.3.6.1.2.1 mib-2
1.3.6.1.2.1.2.2.1.3 ifType
1.3.6.1.2.1.10 transmission
1.3.6.1.2.1.10.23 transmission.ppp
1.3.6.1.2.1.27 application
1.3.6.1.2.1.28 mta
1.3.6.1.3 experimental
1.3.6.1.4 private
1.3.6.1.4.1 enterprise
1.3.6.1.5 security
1.3.6.1.6 SNMPv2
1.3.6.1.7 mail

SMI Network Management Directory Codes:

Prefix: iso.org.dod.internet.directory (1.3.6.1.1.)

Decimal Name Description References
------- ---- ----------- ----------
all Reserved Reserved for future use [IANA]

SMI Network Management MGMT Codes:

Prefix: iso.org.dod.internet.mgmt (1.3.6.1.2.)

Decimal Name Description References
------- ---- ----------- ----------
0 Reserved [IANA]
1 MIB [KZM]

Prefix: iso.org.dod.internet.mgmt.mib-2 (1.3.6.1.2.1)

Decimal Name Description References
------- ---- ----------- ----------
0 Reserved Reserved [IANA]
1 system System [RFC1213,KZM]
2 interfaces Interfaces [RFC1213,KZM]
3 at Address Translation [RFC1213,KZM]
4 ip Internet Protocol [RFC1213,KZM]
5 icmp Internet Control Message [RFC1213,KZM]
6 tcp Transmission Control Protocol[RFC1213,KZM]
7 udp User Datagram Protocol [RFC1213,KZM]
8 egp Exterior Gateway Protocol [RFC1213,KZM]
9 cmot CMIP over TCP [RFC1213,KZM]
10 transmission Transmission [RFC1213,KZM]
11 snmp Simple Network Management [RFC1213,KZM]
12 GenericIF Generic Interface Extensions
-- [RFC1229,RFC1239,KZM]
13 Appletalk Appletalk Networking [RFC1243,SXW]
14 ospf Open Shortest Path First [RFC1253,FB77]
15 bgp Border Gateway Protocol [RFC1657]
16 rmon Remote Network Monitoring [RFC1271,SXW]
17 bridge Bridge Objects [RFC1286,EXD]
18 DecnetP4 Decnet Phase 4 [RFC1559, Saperia]
19 Character Character Streams [RFC1658]
20 snmpParties SNMP Parties [RFC1353,KZM]
21 snmpSecrets SNMP Secrets [RFC1353,KZM]
22 snmpDot3RptrMgt [RFC1516]
23 rip-2 Routing Information Protocol [RFC1389]
24 ident Identification Protocol [RFC1414]
25 host Host Resources [RFC1514]
26 snmpDot3MauMgt 802.3 Medium Attachment Units [RFC1515]
27 application Network Services Monitoring [RFC1565]
28 mta Mail Monitoring [RFC1566]
29 dsa X.500 Directory Monitoring [RFC1567]

30 IANAifType Interface Types [RFC1573]
31 ifMIB Interface Types [RFC1573]
32 dns Domain Name System [RFC1611]
33 upsMIB Uninterruptible Power Supplies [RFC1628]
34 sannauMIB SNA NAU MIB [RFC1665]
35 etherMIB Ethernet-like generic objects [RFC1650]
36 sipMIB SMDS inteface objects [RFC1694]
37 atmMIB ATM objects [RFC1695]
38 mdmMIB Dial-up modem objects [RFC1696]
39 rdbmsMIB relational database objects [RFC1697]

Prefix: iso.org.dod.internet.mgmt.mib-2.interface (1.3.6.1.2.1.2)

(1.3.6.1.2.1.2.2.1.3)

ifType definitions

Decimal Name Description
------- ---- -----------
1 other none of the following [RFC1213]
2 regular1822 BBN Report 1822 [RFC1213]
3 hdh1822 BBN Report 1822 [RFC1213]
4 ddn-x25 BBN Report 1822 [RFC1213]
5 x25 X.25 [RFC1382]
6 ethernet-csmacd [RFC1213]
7 IEEE802.3 CSMACD--like Objects [RF1284,JXC]
8 IEEE802.4 Token Bus-like Objects
-- [RFC1230,RFC1239,KZM]
9 IEEE802.5 Token Rin g-like Objects
-- [RFC1231,RFC1239,KZM]
10 iso88026-man [RFC1213]
11 starLan [RFC1213]
12 proteon-10Mbit [RFC1213]
13 proteon-80Mbit [RFC1213]
14 hyperchannel [RFC1213]
15 FDDI FDDI Objects [RFC1285,JDC20]
16 lapb LAP B [RFC1381]
17 sdlc [RFC1213]
18 ds1 T1/E1 Carrier Objects [RFC1406]
19 e1 obsolete
20 basicISDN [RFC1213]
21 primaryISDN [RFC1213]
22 propPointToPointSerial [RFC1213]
23 ppp Point-to-Point Protocol [RFC1471]
24 softwareLoopback [RFC1213]
25 eon [RFC1213]
26 ethernet-3Mbit [RFC1213]
27 nsip [RFC1213]

28 slip [RFC1213]
29 ultra [RFC1213]
30 ds3 DS3/E3 Interface Objects [RFC1407]
31 sip SMDS Interface Objects [RFC1304,TXC]
32 frame-relay Frame Relay Objects [RFC1315,CXB]
33 RS-232 RS-232 Objects [RFC1659]
34 Parallel Parallel Printer Objects [RFC1660]
35 arcnet ARC network
36 arcnet-plus ARC network plus
37 atm ATM
38 MIOX25 MIOX25 [RFC1461]
39 SONET SONET or SDH
40 x25ple X.25 packet level [RFC1382]
41 iso88022llc 802.2 LLC
42 localTalk
43 smds-dxi SMDS DXI
44 frameRelayService Frame Relay DCE
45 v35 V.35
46 hssi HSSI
47 hippi HIPPI
48 modem generic modem
49 aal5 AAL5 over ATM
50 sonetPath
51 sonetVT
52 smds-icip SMDS Inter-Carrier Interface Protocol
53 propVirtual proprietary vitural/internal interface
54 propMultiLink proprietary multi-link multiplexing
55 IEEE802.12 100BaseVG
56 fibre-channel Fibre Channel

Prefix: iso.org.dod.internet.mgmt.mib-2.transmission (1.3.6.1.2.1.10)

Decimal Name Description
------- ---- -----------
5 x25 X.25 [RFC1382]
7 IEEE802.3 CSMACD--like Objects [RFC1650]
8 IEEE802.4 Token Bus-like Objects
-- [RFC1230,RFC1239,KZM]
9 IEEE802.5 Token Ring-like Objects
-- [RFC1231,RFC1239,KZM]
15 FDDI FDDI Objects [RFC1285,JDC20]
16 lapb LAP B [RFC1381]
18 ds1 T1 Carrier Objects [RFC1406]
19 e1 E1 Carrier Objects [RFC1406]
23 ppp Point-to-Point Protocol [RFC1471]
30 ds3 DS3/E3 Interface Objects [RFC1407]
31 sip SMDS Interface Objects [RFC1694]
32 frame-relay Frame Relay Objects [RFC1315,CXB]

33 RS-232 RS-232 Objects [RFC1659]
34 Parallel Parallel Printer Objects [RFC1660]
35 arcnet ARC network
36 arcnet-plus ARC network plus
37 atm ATM
38 MIOX25 MIOX25 [RFC1461]
39 sonetMIB SONET MIB [RFC1595]
44 frnetservMIB Frame Relay Service MIB for DCE [RFC1596]

Prefix: iso.org.dod.internet.mgmt.mib-2.transmission (1.3.6.1.2.1.10)

(1.3.6.1.2.1.10.23)

Decimal Name Description References
------- ---- ----------- ----------
1 pppLcp ppp link control [RFC1471]
2 pppSecurity ppp security [RFC1472]
3 pppIp ppp IP network control [RFC1473]
4 pppBridge ppp bridge networl control [RFC1474]

Prefix: iso.org.dod.internet.mgmt.mib-2.application (1.3.6.1.2.1.27)

(1.3.6.1.2.1.27.2.1.3)

assocApplicationProtocol OBJECT-TYPE
SYNTAX OBJECT IDENTIFIER
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"An identification of the protocol being used for the
application. For an OSI Application, this will be the
Application Context. For Internet applications, the IANA
maintains a registry of the OIDs which correspond to
well-known applications. If the application protocol is
not listed in the registry, an OID value of the form
{applTCPProtoID port} or {applUDProtoID port} are used for
TCP-based and UDP-based protocols, respectively. In either
case 'port' corresponds to the primary port number being
used by the protocol."
::= {assocEntry 3}

Decimal Name Description
------- ---- -----------
0 Reserved

(1.3.6.1.2.1.27.3)

(1.3.6.1.2.1.27.4)

-- OIDs of the form {applTCPProtoID port} are intended to be used
-- for TCP-based protocols that don't have OIDs assigned by other
-- means. {applUDPProtoID port} serves the same purpose for
-- UDP-based protocols. In either case 'port' corresponds to
-- the primary port number being used by the protocol. For example,
-- assuming no other OID is assigned for SMTP, an OID of
-- {applTCPProtoID 25} could be used, since SMTP is a TCP-based
-- protocol that uses port 25 as its primary port.

Prefix: iso.org.dod.internet.mgmt.mib-2.mta (1.3.6.1.2.1.28)

(1.3.6.1.2.1.28.2.1.24)

mtaGroupMailProtocol OBJECT-TYPE
SYNTAX OBJECT IDENTIFIER
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"An identification of the protocol being used by this group.
For an group employing OSI protocols, this will be the
Application Context. For Internet applications, the IANA
maintains a registry of the OIDs which correspond to
well-known message transfer protocols. If the application
protocol is not listed in the registry, an OID value of the
form {applTCPProtoID port} or {applUDProtoID port} are used
for TCP-based and UDP-based protocols, respectively. In
either case 'port' corresponds to the primary port number
being used by the group. applTCPProtoID and applUDPProtoID
are defined in [5]."
::= {mtaGroupEntry 24}

Decimal Name Description
------- ---- -----------
0 Reserved

SMI Network Management Experimental Codes:

Prefix: iso.org.dod.internet.experimental (1.3.6.1.3.)

Decimal Name Description References
------- ---- ----------- ----------
0 Reserved [JKR1]
1 CLNS ISO CLNS Objects [GS2]
* 2 T1-Carrier T1 Carrier Objects [FB77]
* 3 IEEE802.3 Ethernet-like Objects [JXC]
* 4 IEEE802.5 Token Ring-like Objects [EXD]
* 5 DECNet-PHIV DECNet Phase IV [JXS2]
* 6 Interface Generic Interface Objects [KZM]

* 7 IEEE802.4 Token Bus-like Objects [KZM]
* 8 FDDI FDDI Objects [JDC20]
9 LANMGR-1 LAN Manager V1 Objects [JXG1]
10 LANMGR-TRAPS LAN Manager Trap Objects [JXG1]
11 Views SNMP View Objects [CXD]
12 SNMP-AUTH SNMP Authentication Objects [KZM]
* 13 BGP Border Gateway Protocol [SW159]
* 14 Bridge Bridge MIB [FB77]
* 15 DS3 DS3 Interface Type [TXB]
* 16 SIP SMDS Interface Protocol [TXB]
* 17 Appletalk Appletalk Networking [SXW]
* 18 PPP PPP Objects [FJK2]
* 19 Character MIB Character MIB [BS221]
* 20 RS-232 MIB RS-232 MIB [BS221]
* 21 Parallel MIB Parallel MIB [BS221]
22 atsign-proxy Proxy via Community [RXF]
* 23 OSPF OSPF MIB [FB77]
24 Alert-Man Alert-Man [LS8]
25 FDDI-Synoptics FDDI-Synoptics [DXP1]
* 26 Frame Relay Frame Relay MIB [CXB]
* 27 rmon Remote Network Management MIB [SXW]
28 IDPR IDPR MIB [RAW44]
29 HUBMIB IEEE 802.3 Hub MIB [DXM5]
30 IPFWDTBLMIB IP Forwarding Table MIB [FB77]
31 LATM MIB [TXB]
32 SONET MIB [TXB]
33 IDENT [MTR]
34 MIME-MHS [MTR]
35 MAUMIB IEEE 802.3 Mau MIB [DXM5]
36 Host Resources Host Resources MIB [SXW]
37 ISIS-MIB Integrated ISIS protocol MIB [CXG]
38 Chassis Chassis MIB [JDC20]
39 ups ups [JDC20]
40 App-Mon Application Monitoring MIB [TXK]
41 ATM UNI ATM [MXA1]
42 FC Fibre Channel [JXC4]
* 43 DNS Domain Name Service [Rob Austein]
44 X.25 X.25 MIB [Dean Throop]
45 Frame Relay Serv. Frame Relay Service MIB [Tracy Cox]
46 Madman-Applications [Ned Freed]
47 Madman-MTA [Ned Freed]
48 Madman-DSA [Ned Freed]
49 Modem [Steve Waldbusser]
50 SNA NAU [Deirdre Kostick]
51 SDLC SDLC [Jeff Hilgeman]
52 DNS Domain Name Service [Jon Saperia]
53 network-objects IP info ix X.500 [Johannsen]
54 printmib [Joel Gyllenskog]

55 rdbmsmib [Robert Purvey]
56 sipMIB [Tracy Brown]
57 stIImib ST-II protocol MIB [Hartmut Wittig]
58 802.5 SSR MIB 802.5 Station Source Routing MIB [KZM]

* = obsoleted

SMI Private Codes:

Prefix: iso.org.dod.internet.private (1.3.6.1.4)

Decimal Name Description References
------- ---- ----------- ----------
0 Reserved [JKR1]
1 enterprise private enterprises [JKR1]

SMI Private Enterprise Codes:

Prefix: iso.org.dod.internet.private.enterprise (1.3.6.1.4.1)

See the file "enterprise-numbers".

SMI Security Codes:

Prefix: iso.org.dod.internet.security (1.3.6.1.5)

Decimal Name Description References
------- ---- ----------- ----------
0 Reserved [JKR1]
1 kerberosV4 Kerberos version 4 objects [1,BCN]
2 kerberosV5 Kerberos version 5 objects [2,BCN]

SMI SNMPv2 Codes:

Prefix: iso.org.dod.internet.snmpv2 (1.3.6.1.6)

SMI mail Codes:

Prefix: iso.org.dod.internet.mail (1.3.6.1.7)

1 mime-mhs

REFERENCES

[1] Miller, S.P., B.C. Neuman, J.I. Schiller, and J.H. Saltzer,
"Project Athena Technical Plan Section E.2.1: Kerberos
Authentication and Authorization System", Project Athena,

MIT, December 1987.

[2] Kohl, J., and B.C. Neuman, "The Kerberos Network
Authentication Service (V5)" work in progress, September
1992.

[RFC1028] Davin, J., J. Case, M. Fedor, and M. Schoffstall, "A Simple
Gateway Monitoring Protocol", RFC 1028, Proteon, Inc.,
University of Tennessee at Knoxville, Cornell University,
Rensselaer Polytechnic Institute, November 1987.

[RFC1095] Warrier, U., and L. Besaw, "The Common Management
Information Services and Protocol over TCP/IP (CMOT)",
RFC 1095, Unisys Corp., Hewlett-Packard, April 1989.

[RFC1155] Rose, M., and K. McCloghrie, "Structure and Identification
of Management Information for TCP/IP-based internets",
STD 16, RFC 1155, Performance Systems International, Hughes
LAN Systems, May 1990.

[RFC1157] Case, J., M. Fedor, M. Schoffstall, and J. Davin,
"A Simple Network Management Protocol", STD 15, RFC 1157,
SNMP Research, Performance Systems International,
Performance Systems International, MIT Laboratory for
Computer Science, May 1990.

[RFC1213] McCloghrie, K., and M. Rose, "Management Information Base
for Network Management of TCP/IP-based internets: MIB-II",
STD 17, RFC 1213, Hughes LAN Systems, Performance Systems
International, March 1991.

[RFC1229] McCloghrie, K., Editor, "Extensions to the Generic-Interface
MIB", RFC 1229, Hughes LAN Systems, Inc., May 1991.

[RFC1230] McCloghrie, K., and R. Fox, "IEEE 802.4 Token Bus MIB",
RFC 1230, Hughes LAN Systems, Inc., Synoptics, Inc.,
May 1991.

[RFC1231] McCloghrie, K., Fox, R., and E. Decker, "IEEE 802.5 Token
Ring MIB", RFC 1231, Hughes LAN Systems, Inc., Synoptics,
Inc., cisco Systems, Inc., May 1991.

[RFC1239] Reynolds, J., "Reassignment of Experimental MIBs to
Standard MIBs", RFC 1239, USC/Information Sciences
Institute, ISI, June 1991.

[RFC1243] Waldbusser, S., Editor, "AppleTalk Management Information
Base", RFC 1243, Carnegie Mellon University, July 1991.

[RFC1253] Baker, F., and R. Coltun, "OSPF Vers ion 2 Management
Information Base", RFC 1253, ACC, Computer Science Center,
August 1991.

[RFC1271] Waldbusser, S., "Remote Network Monitoring Management
Information Base", RFC 1271, Carnegie Mellon University,
November 1991.

[RFC1284] Cook, J., Editor, "Definitions of Managed Objects
for the Ethernet-like Interface Types", RFC 1284, Chipcom
Corporation, December 1991.

[RFC1285] Case, J., "FDDI Management Information Base", RFC 1285,
SNMP Research, Incorporated, January 1992.

[RFC1286] Decker, E., Langille, P., Rijsinghani, A., and K.
McCloghrie, "Definitions of Managed Objects for Bridges",
RFC 1286, cisco Systems, Inc., DEC, Hughes LAN Systems,
Inc., December 1991.

[RFC1304] Cox, T., and K. Tesnik, Editors, "Definitions of Managed
Objects for the SIP Interface Type", RFC 1304, Bell
Communications Research, February 1992.

[RFC1315] Brown, C., Baker, F., and C. Carvalho, "Management
Information Base for Frame Relay DTEs", RFC 1315, Wellfleet
Communications, Inc., Advanced Computer Communications,
April 1992.

[RFC1353] McCloghrie, K., Davin, J., and J. Galvin, "Definitions of
Managed Objects for Administration of SNMP Parties",
RFC 1353, Hughes LAN Systems, Inc., MIT Laboratory for
Computer Science, Trusted Information Systems, Inc.,
July 1992.

[RFC1381] Throop, D., and F. Baker, "SNMP MIB Extension for X.25
LAPB", RFC 1381, Data General Corporation, Advanced Computer
Communications, November 1992.

[RFC1382] Throop, D., Editor, "SNMP MIB Extension for the X.25 Packet
Layer", RFC 1382, Data General Corporation, November 1992.

[RFC1389] Malkin, G., and F. Baker, "RIP Version 2 MIB Extension", RFC
1389, Xylogics, Inc., Advanced Computer Communications,
January 1993.

[RFC1406] Baker, F., and J. Watt, Editors, "Definitions of Managed
Objects for the DS1 and E1 Interface Types", RFC 1406,

Advanced Computer Communications, Newbridge Networks
Corporation, January 1993.

[RFC1407] Cox, T., and K. Tesink, "Definitions of Managed Objects
for the DS3/E3 Interface Type", RFC 1407, Bell
Communications Research, January 1993.

[RFC1414] St. Johns, M., and M. Rose, "Identification MIB", RFC 1414,
US Department of Defense, Dover Beach Consulting, Inc.,
February 1993.

[RFC1461] Throop, D., "SNMP MIB extension for Multiprotocol
Interconnect over X.25", RFC 1461, Data General Corporation,
May 1993.

[RFC1471] Kastenholz, F., "The Definitions of Managed Objects for
the Link Control Protocol of the Point-to-Point Protocol",
RFC 1471, FTP Software, Inc., June 1993.

[RFC1472] Kastenholz, F., "The Definitions of Managed Objects for
the Security Protocols of the Point-to-Point Protocol", RFC
1472, FTP Software, Inc., June 1993.

[RFC1473] Kastenholz, F., "The Definitions of Managed Objects for
the IP Network Control Protocol of the Point-to-Point
Protocol", RFC 1473, FTP Software, Inc., June 1993.

[RFC1474] Kastenholz, F., "The Definitions of Managed Objects for
the Bridge Network Control Protocol of the Point-to-Point
Protocol" RFC 1474, FTP Software, Inc., June 1993.

[RFC1514] Grillo, P., and S. Waldbusser, "Host Resources MIB", RFC
1514, Network Innovations, Intel Corporation, Carnegie
Mellon University, September 1993.

[RFC1515] McMaster, D., McCloghrie, K., and S. Roberts, "Definitions
of Managed Objects for IEEE 802.3 Medium Attachment Units
(MAUs)", RFC 1515, SynOptics Communications, Inc., Hughes
LAN Systems, Inc., Farallon Computing, Inc., September 1993.

[RFC1516] McMaster, D., and K. McCloghrie, "Definitions of Managed
Objects for IEEE 802.3 Repeater Devices", RFC 1516,
SynOptics Communications, Inc., Hughes LAN Systems, Inc.,
September 1993.

[RFC1559] Saperia, J., "DECnet Phase IV MIB Extensions", RFC 1559,
Digital Equipment Corporation, December 1993.

[RFC1565] Kille, S., WG Chair, and N. Freed, Editor, "Network Services
Monitoring MIB", RFC 1565, ISODE Consortium and Innosoft,
January 1994.

[RFC1566] Kille, S., WG Chair, and N. Freed, Editor, "Mail Monitoring
MIB", RFC 1566, ISODE Consortium, Innosoft, January 1994.

[RFC1567] Mansfield, G., and S. Kille, "X.500 Directory Monitoring
MIB", RFC 1567, AIC Systems Laboratory, ISODE Consortium,
January 1994.

[RFC1573] McCloghrie, K., and F. Kastenholz, "Evolution of the
Interfaces Group of MIB-II", RFC 1573, Hughes LAN Systems,
FTP Software, January 1994.

[RFC1595] Brown, T., and K. Tesink, Editors, "Definitions of Managed
Objects for the SONET/SDH Interface Type", RFC 1595,
Bell Communications Research, March 1994.

[RFC1596] Brown, T., Editor, Definitions of Managed Objects for Frame
Relay Service", RFC 1596, Bell Communications Research,
March 1994.

[RFC1611] Austein, R., and J. Saperia, "DNS Server MIB Extensions",
RFC 1611, Epilogue Technology Corporation, Digital Equipment
Corporation, May 1994.

[RFC1628] Case, J., Editor, "UPS Management Information Base", RFC
1628, SNMP Research, Incorporated, May 1994.

[RFC1650] Kastenholz, F., "Definitions of Managed Objects for
the Ethernet-like Interface Types using SMIv2", RFC 1650,
FTP Software, Inc., August 1994.

[RFC1657] Willis, S., Burruss, J., and J. Chu, Editor, "Definitions of
Managed Objects for the Fourth Version of the Border Gateway
Protocol (BGP-4) using SMIv2", RFC 1657, Wellfleet
Communications Inc., IBM Corp., July 1994.

[RFC1658] Stewart, B., "Definitions of Managed Objects for Character
Stream Devices using SMIv2", RFC 1658, Xyplex, Inc., July
1994.

[RFC1659] Stewart, B., "Definitions of Managed Objects for RS-232-like
Hardware Devices using SMIv2", RFC 1659, Xyplex, Inc., July
1994.

[RFC1660] Stewart, B., "Definitions of Managed Objects for

Parallel-printer-like Hardware Devices using SMIv2", RFC
1660, Xyplex, Inc., July
1994.

[RFC1665] Kielczewski, Z., Kostick, D., and K. Shih, Editors,
"Definitions of Managed Objects for SNA NAUs using SMIv2",
RFC 1665, Eicon Technology Corporation, Bell Communications
Research, Novell, July 1994.

[RFC1694] Brown, T., and K. Tesink, Editors, "Definitions of Managed
Objects for SMDS Interfaces using SMIv2", RFC 1694, Bell
Communications Research, August 1994.

[RFC1695] Ahmed, M., and K. Tesink, Editors, "Definitions of Managed
Objects for ATM Management Version 8.0 using SMIv2", RFC
1695, Bell Communications Research, August 1994.

[RFC1696] Barnes, J., Brown, L., Royston, R., and S. Waldbusser,
"Modem Management Information Base (MIB) using SMIv2", RFC
1696, Xylogics, Inc., Motorola, US Robotics, Inc., Carnegie
Mellon University, August 1994.

[RFC1697] Brower, D., Editor, Purvy, B., RDBMSMIB Working Gro up Chair,
Daniel, A., Sinykin, M., and J. Smith, "Relational Database
Management System (RDBMS) Management Information Base (MIB)
using SMIv2", RFC 1697, The ASK Group, INGRES DBMS
Development, Oracle Corporation, Informix Software, Inc.,
Oracle Corporation, August 1994.

PEOPLE

[Rob Austein]

[BCN] B. Clifford Neuman

[BS221] Bob Stewart

[CXB] Caralyn Brown

[CXD] Chuck Davin

[CXG] Chris Gunner

[Dean Throop]

[DXM5] Donna McMaster

[DXP1] David Perkins

[EXD] Eric Decker

[FB77] Fred Baker

[FJK2]

[GS2] Greg Satz

[IANA] IANA

[JDC20] Jeffrey Case

[JKR1] Joyce K. Reynolds

[JXC] John Cook

[JXG1] Jim Greuel

[JXS2] Jon Saperia

[Jeff Hilgeman]

[Johannsen]

[KZM] Keith McCloghrie

[LS8] Louis Steinberg

[MXA1] Masuma Ahmed

[MTR] Marshall Rose

[RAW44] Robert A. Woodburn

[JXC4] John Chu

[Ned Freed]

[Deirdre Kostick]

[Joel Gyllenskog] Joel Gyllenskog

[Robert Purvey] Robert Purvey

[RXF] Richard Fox

[Jon Saperia] Jon Saperia

[SW159] Steven Willis

[SXW] Steve Waldbusser

[TXB] Tracy Brown

[TXK] Teemu Kurki

[Hartmut Wittig]

[]

URL = ftp://ftp.isi.edu/in-notes/iana/assignments/smi-numbers

PRIVATE ENTERPRISE NUMBERS

SMI Network Management Private Enterprise Codes:

Prefix: iso.org.dod.internet.private.enterprise (1.3.6.1.4.1)

This file is

ftp://ftp.isi.edu/in-notes/iana/assignments/enterprise-numbers

Decimal Name References
------- ---- ----------
0 Reserved Joyce K. Reynolds
1 Proteon John A. Shriver
2 IBM Vik Chandra
3 CMU Steve Waldbusser
4 Unix Keith Sklower
5 ACC Art Berggreen
6 TWG John Lunny (703) 847-4500
7 CAYMAN Beth Miaoulis beth@cayman.com
8 PSI Marty Schoffstahl schoff@NISC.NYSER.NET
9 cisco Greg Satz satz@CISCO.COM
10 NSC Geof Stone geof@NETWORK.COM
11 HP R. Dwight Schettler rds%hpcndm@HPLABS.HP.COM
12 Epilogue Karl Auerbac karl@empirical.com
13 U of Tennessee Jeffrey Case case@UTKUX1.UTK.EDU
14 BBN Robert Hinden
15 Xylogics, Inc. John R. LoVerso loverso@westford.ccur.com
16 Timeplex Laura Bridge laura@uunet.UU.NET
17 Canstar Sanand Patel sanand@HUB.TORONTO.EDU
18 Wellfleet Caralyn Brown cbrown@wellfleet.com
19 TRW Jay Frederking jayf@blackhole.ind.TRW.COM
20 MIT Jon Rochlis jon@ATHENA.MIT.EDU
21 EON Michael Waters ---none---
22 Spartacus Yoav Kluger ykluger@HAWK.ULOWELL.EDU
23 Novell Steve Bostock steveb@novell.com
24 Spider Systems Peter Reid peter@spider.co.uk
25 NSFNET Hans-Werner Braun HWB@MCR.UMICH.EDU
26 Hughes LAN Systems Keith McCloghrie KZM@HLS.COM
27 Intergraph Guy Streeter guy@guy.bll.ingr.com
28 Interlan Bruce Taber taber@europa.InterLan.COM
29 Vitalink Communications
30 Ulana Bill Anderson wda@MITRE-BEDFORD.ORG
31 NSWC Stephen Northcutt SNORTHC@RELAY-NSWC.NAVY.MIL
32 Santa Cruz Operation Keith Reynolds keithr@SCO.COM
33 Xyplex Bob Stewart STEWART@XYPLEX.COM
34 Cray Hunaid Engineer hunaid@OPUS.CRAY.COM
35 Bell Northern Research Glenn Waters gwaters@BNR.CA

36 DEC Ron Bhanukitsiri rbhank@DECVAX.DEC.COM
37 Touch Brad Benson ---none---
38 Network Research Corp. Bill Versteeg bvs@NCR.COM
39 Baylor College of Medicine Stan Barber SOB@BCM.TMC.EDU
40 NMFECC-LLNL Steven Hunter hunter@CCC.MFECC.LLNL.GOV
41 SRI David Wolfe ctabka@TSCA.ISTC.SRI.COM
42 Sun Microsystems Dennis Yaro yaro@SUN.COM
43 3Com Jeremy Siegel jzs@NSD.3Com.COM
44 CMC Dave Preston ---none---
45 SynOptics David Perkins dperkins@synoptics.com
46 Cheyenne Software Reijane Huai sibal@CSD2.NYU.EDU
47 Prime Computer Mike Spina WIZARD%enr.prime.com@RELAY.CS.NET
48 MCNC/North Carolina Data Network Ken Whitfield ken@MCNC.ORG
49 Chipcom John Cook cook@chipcom.com
50 Optical Data Systems Josh Fielk ---none---
51 gated Jeffrey C. Honig jch@gated.cornell.edu
52 Cabletron Systems Roger Dev ---none---
53 Apollo Computers Jeffrey Buffun jbuffum@APOLLO.COM
54 DeskTalk Systems, Inc. David Kaufman ---none---
55 SSDS Ron Strich ---none---
56 Castle Rock Computing John Sancho ---none---
57 MIPS Computer Systems Charles Marker II marker@MIPS.COM
58 TGV, Inc. Ken Adelman Adelman@TGV.COM
59 Silicon Graphics, Inc. Ronald Jacoby rj@SGI.COM
60 University of British Columbia Don McWilliam mcwillm@CC.UBC.CA
61 Merit Bill Norton wbn@MERIT.EDU
62 FiberCom Eric Rubin err@FIBERCOM.COM
63 Apple Computer Inc Jim Hayes Hayes@APPLE.COM
64 Gandalf Henry Kaijak ---none---
65 Dartmouth Philip Koch Philip.Koch@DARTMOUTH.EDU
66 David Systems Kathryn de Graaf degraaf@davidsys.com
67 Reuter Bob Zaniolo ---none---
68 Cornell Laurie Collinsworth ljc1@cornell.edu
69 LMS L. Michael Sabo Sabo@DOCKMASTER.NCSC.MIL
70 Locus Computing Corp. Arthur Salazar lcc.arthur@SEAS.UCLA.EDU
71 NASA Steve Schoch SCHOCH@AMES.ARC.NASA.GOV
72 Retix Alex Martin ---none---
73 Boeing Jerry Geisler ---none---
74 AT&T Rich Bantel rgb@mtung.att.com
75 Ungermann-Bass Didier Moretti ---none---
76 Digital Analysis Corporation
Skip Koppenhaver stubby!skip@uunet.UU.NET
77 LAN Manager Doug Karl KARL-D@OSU-20.IRCC.OHIO-STATE.EDU
78 Netlabs Jonathan Biggar jon@netlabs.com
79 ICL Jon Infante ---none---
80 Auspex Systems Brian A. Ehrmantraut bae@auspex.com
81 Lannet Company Efrat Ramati ---none---
82 Network Computing Devices Dave Mackie lupine!djm@UUNET.UU.NET

83 Raycom Systems Bruce Willins ---none---
84 Pirelli Focom Ltd. Sam Lau ---none---
85 Datability Software Systems Larry Fischer lfischer@dss.com
86 Network Application Technology Y.C. Wang ---none---
87 LINK (Lokales Informatik-Netz Karlsruhe)
Guenther Schreiner snmp-admin@ira.uka.de
88 NYU Bill Russell russell@cmcl2.NYU.EDU
89 RND Rina Nethaniel ---none---
90 InterCon Systems Corporation Amanda Walker AMANDA@INTERCON.COM
91 Coral Network Corporation Jason Perreault jason@coral.com
92 Webster Computer Corporation Robert R. Elz kre@munnari.oz.au
93 Frontier Technologies Corporation
Prakash Ambegaonkar ---none---
94 Nokia Data Communications Douglas Egan ---none---
95 Allen-Bradely Company
Bill King abvax!calvin.icd.ab.com!wrk@uunet.UU.NET
96 CERN
Jens T. Rasmussen jenst%cernvax.cern.ch@CUNYVM.CUNY.EDU
97 Sigma Network Systems, Inc.
Ken Virgile signet!ken@xylogics.COM
98 Emerging Technologies, Inc.
Dennis E. Baasch etinc!dennis@uu.psi.com
99 SNMP Research Jeffrey Case case@UTKUX1.UTK.EDU
100 Ohio State University
Shamim Ahmed ahmed@nisca.ircc.ohio-state.edu
101 Ultra Network Technologies Julie Dmytryk
Julie_Dmytryk.MKT@usun.ultra.com
102 Microcom Annmarie Freitas ---none---
103 Martin Marietta Astronautic Group David Rageth DAVE@MMC.COM
104 Micro Technology Mike Erlinger mike@lexcel.com
105 Process Software Corporation Bernie Volz VOLZ@PROCESS.COM
106 Data General Corporation
Joanna Karwowska karwowska@dg-rtp.dg.com
107 Bull Company Anthony Berent berent@rdgeng.enet.dec.com
108 Emulex Corporation Jeff Freeman ---none---
109 Warwick University Computing Services
Israel Drori raanan@techunix.technion.ac.il
110 Network General Corporation
James Davidson ngc!james@uunet.UU.NET
111 Oracle John Hanley jhanley@oracle.com
112 Control Data Corporation Nelluri L. Reddy reddy@uc.msc.umn.edu
113 Hughes Aircraft Company Keith McCloghrie KZM@HLS.COM
114 Synernetics, Inc. Jas Parmar jas@synnet.com
115 Mitre Bede McCall bede@mitre.org
116 Hitachi, Ltd. Hirotaka Usuda ---none---
117 Telebit Mark S. Lewis mlewis@telebit.com
118 Salomon Technology Services Paul Maurer II ---none---
119 NEC Corporation Yoshiyuki Akiyama

kddlab!ccs.mt.nec.co.jp!y-akiyam@uunet.uu.net
120 Fibermux Michael Sung msung@ccrelay.fibermux.com
121 FTP Software Inc. Stev Knowles stev@vax.ftp.com
122 Sony Takashi Hagiwara Hagiwara@Sm.Sony.Co.Jp
123 Newbridge Networks Corporation James Watt ---none---
124 Racal-Milgo Information Systems Maurice R. Turcotte
mailrus!uflorida!rm1!dnmrt%rmatl@uunet.UU.NET
125 CR SYSTEMS Soren H. Sorensen ---none---
126 DSET Corporation Dan Shia dset!shia@uunet.UU.NET
127 Computone Bill Versteeg bvs@NCR.COM
128 Tektronix, Inc. Dennis Thomas dennist@tektronix.TEK.COM
129 Interactive Systems Corporation
Steve Alexander stevea@i88.isc.com
130 Banyan Systems Inc.
Deepak Taneja eepak=Taneja%Eng%Banyan@Thing.banyan.com
131 Sintrom Datanet Limited
132 Bell Canada Mark Fabbi markf@gpu.utcs.utoronto.ca
133 Crosscomm Corporation Reuben Sivan crossc!rsivan@uunet.UU.NET
134 Rice University Catherine Foulston cathyf@rice.edu
135 T3Plus Networking, Inc. Harley Frazee harley@io.t3plus.com
136 Concurrent Computer Corporation
John R. LoVerso loverso@westford.ccur.com
137 Basser Paul O'Donnell paulod@cs.su.oz.au
138 Luxcom
139 Artel Jon Ziegler Ziegler@Artel.com
140 Independence Technologies, Inc. (ITI)
Gerard Berthet gerard@indetech.com
141 Frontier Software Development Narendra Popat ---none---
142 Digital Computer Limited Osamu Fujiki ---none---
143 Eyring, Inc. Ron Holt ron@Eyring.COM
144 Case Communications Peter Kumik ---none---
145 Penril DataComm, Inc. Keith Hogan keith%penril@uunet.uu.net
146 American Airlines Bill Keatley ---none---
147 Sequent Computer Systems Scott Hahn sdh@sequent.com
148 Bellcore Kaj Tesink kaj@nvuxr.cc.bellcore.com
149 Konkord Communications Ken Jones konkord!ksj@uunet.uu.net
150 University of Washington
Christopher Wheeler cwheeler@cac.washignton.edu
151 Develcon Sheri Mayhew zaphod!sherim@herald.usask.ca
152 Solarix Systems Paul Afshar paul@solar1.portal.com
153 Unifi Communications Corp. Yigal Hochberg yigal@unifi.com
154 Roadnet Dale Shelton ---none---
155 Network Systems Corp.
Nadya K. El-Afandi nadya@khara.network.com
156 ENE (European Network Engineering) Peter Cox ---none---
157 Dansk Data Elektronik A/S Per Bech Hansen pbh@dde.dk
158 Morning Star Technologies Karl Fox karl@MorningStar.Com
159 Dupont EOP Oscar Rodriguez ---none---

160 Legato Systems, Inc. Jon Kepecs kepecs@Legato.COM
161 Motorola SPS Vin ce Enriquez enriquez@sps.mot.com
162 European Space Agency (ESA)
Eduardo EDUATO%ESOC.BITNET@CUNYVM.CUNY.EDU
163 BIM Bernard Lemercier bl@sunbim.be
164 Rad Data Communications Ltd. Oft Israel ---none---
165 Intellicom Paul Singh ---none---
166 Shiva Corporation Phil Budne phil@Shiva.COM
167 Fujikura America Debbie Reed ---none---
168 Xlnt Designs INC (XDI) Mike Anello mike@xlnt.com
169 Tandem Computers Rex Davis ---none---
170 BICC David A. Brown fzbicdb@uk.ac.ucl
171 D-Link Systems, Inc. Henry P. Nagai ---none---
172 AMP, Inc. Rick Downs ---none---
173 Netlink Mauro Zallocco ---none---
174 C. Itoh Electronics Larry Davis ---none---
175 Sumitomo Electric Industries (SEI)
Kent Tsuno tsuno@sumitomo.com
176 DHL Systems, Inc.
David B. Gurevich dgurevic@rhubarb.ssf-sys.dhl.com
177 Network Equipment Technologies Mark Tom marktom@tom.net.com
178 APTEC Computer Systems Larry Burton ssds!larryb@uunet.UU.NET
179 Schneider & Koch & Co, Datensysteme GmbH Thomas Ruf tom@rsp.de
180 Hill Air Force Base Russell G. Wilson rwilson@oodis01.af.mil
181 ADC Kentrox Bruce Kropp ktxc8!bruce@uunet.UU.NET
182 Japan Radio Co. Nagayuki Kojima nkojima@lab.nihonmusen.co.jp
183 Versitron Matt Harris ---none---
184 Telecommunication Systems Hugh Lockhart ---none---
185 Interphase Gil Widdowson ---none---
186 Toshiba Corporation Mike Asagami toshiba@mothra.nts.uci.edu
187 Clearpoint Research Corp.
188 Ascom Andrew Smith andrew@hasler.ascom.ch
189 Fujitsu America Chung Lam ---none---
190 NetCom Solutions, Inc. Dale Cabell---none---
191 NCR Cheryl Krupczak clefor@secola.columbia.ncr.com
192 Dr. Materna GmbH Torsten Beyer tb@Materna.de
193 Ericsson Business Communications Gunnar Nilsson ---none---
194 Metaphor Computer Systems Paul Rodwick ---none---
195 Patriot Partners Paul Rodwick ---none---
196 The Software Group Limited (TSG)
Ragnar Paulson tsgfred!ragnar@uunet.UU.NET
197 Kalpana, Inc. Anil Bhavnani ---none---
198 University of Waterloo
R. J. White snmp-tech@watmath.waterloo.edu
199 CCL/ITRI
Ming-Perng Chen N100CMP0%TWNITRI1.BITNET@CUNYVM.CUNY.EDU
200 Coeur Postel Professor Kynikos Special Consultant
201 Mitsubish Cable Industries, Ltd. Masahiko Hori ---none---

202 SMC Lance Sprung ---none---
203 Crescendo Communication, Inc. Prem Jain prem@cres.com
204 Goodall Software Engineering Doug Goodall goodall@crl.com
205 Intecom Brad Parke ---none---
206 Victoria University of Wellington
Jonathan Stone jonathan@isor.vuw.ac.nz
207 Allied Telesis, Inc.
Scott Holley SCOTT_CLINTON_HOLLEY@cup.portal.com
208 Dowty Network Systems A/S Hartvig Ekner hj@dowtyns.dk
209 Protools Glen Arp ---none---
210 Nippon Telegraph and Telephone Corp.
Toshiharu Sugawara sugawara%wink.ntt.jp@RELAY.CS.NET
211 Fujitsu Limited Ippei Hayashi hayashi@sysrap.cs.fujitsu.co.jp
212 Network Peripherals Inc. Creighton Chong cchong@fastnet.com
213 Netronix, Inc. Jacques Roth ---none---
214 University of Wisconsin - Madison
Dave Windorski DAVID.WINDORSKI@MAIL.ADMIN.WISC.EDU
215 NetWorth, Inc. Craig Scott ---none---
216 Tandberg Data A/S Harald Hoeg haho%huldra.uucp@nac.no
217 Technically Elite Concepts, Inc.
Russell S. Dietz Russell_Dietz@Mcimail.com
218 Labtam Australia Pty. Ltd.
Michael Podhorodecki michael@labtam.oz.au
219 Republic Telcom Systems, Inc.
Steve Harris rtsc!harris@boulder.Colorado.edu
220 ADI Systems, Inc. Paul Liu ---none---
221 Microwave Bypass Systems, Inc. Tad Artis ---none---
222 Pyramid Technology Corp. Richard Rein rein@pyramid.com
223 Unisys_Corp Lawrence Brow ---none---
224 LANOPTICS LTD., Israel
Israel Drori raanan@techunix.technion.ac.il
225 NKK Corporation J. Yoshida ---none---
226 MTrade UK Ltd. Peter Delchiappo ---none---
227 Acals Patrick Cheng pcheng@dill.ind.trw.com
228 ASTEC, Inc. Hiroshi Fujii fujii@astec.co.jp
229 Delmarva Power John K. Scoggin, Jr. scoggin@delmarva.com
230 Telematics International, Inc. Kevin Smith ---none---
231 Siemens Nixdorf Informations Syteme AG
Gunther Kroenert ---none---
232 Compaq
233 NetManage, Inc. William Dunn netmanage@cup.portal.com
234 NCSU Computing Center David Joyner david@unity.ncsu.edu
235 Empirical Tools and Technologies
Karl Auerbach karl@empirical.com
236 Samsung Group Hong K. Paik paik@samsung.com
237 Takaoka Electric Mfg. Co., Ltd.
Hidekazu Hagiwara hagiwara@takaoka.takaoka-electric.co.jp
238 Netrix Systems Corporation Eldon S. Mast esm@netrix.com

239 WINDATA Bob Rosenbaum ---none---
240 RC International A/S Carl H. Dreyer chd@rci.dk
241 Netexp Research Henk Boetzkes ---none---
242 Internode Systems Pty Ltd
Simon Hackett simon@ucs.adelaide.edu.au
243 netCS Informationstechnik GmbH
Oliver Korfmacher okorf@bunt.netcs.com
244 Lantronix Rich Lyman rich@alecto.gordian.com
245 Avatar Consultants
Kory Hamzeh ames!avatar.com!kory@harvard.harvard.edu
246 Furukawa Electoric Co. Ltd.
Shoji Fukutomi kddlab!polo.furukawa.co.jp!fuku@uunet.UU.NET
247 AEG Electrcom R. Nurnberg ---none---
248 Richard Hirschmann GmbH & Co.
Heinz Nisi mia@intsun.rus.uni-stuttgart.de
249 G2R Inc. Khalid Hireche ---none---
250 University of Michigan
Tim Howes Tim.Howes@terminator.cc.umich.edu
251 Netcomm, Ltd. W.R. Maynard-Smith ---none---
252 Sable Technology Corporation Rodney Thayer ---none---
253 Xerox Edwards E. Reed ipcontact.cin_ops@xerox.com
254 Conware Computer Consulting GmbH
Michael Sapich sapich@conware.de
255 Compatible Systems Corp. John Gawf gawf@compatible.com
256 Scitec Communications Systems Ltd. Stephen Lewis ---none---
257 Transarc Corporation Pat Barron Pat_Barron@TRANSARC.COM
258 Matsushita Electric Industrial Co., Ltd.
Nob Mizuno mizuno@isl.mei.co.jp
259 ACCTON Technology Don Rooney ---none---
260 Star-Tek, Inc. Carl Madison carl@startek.com
261 Codenoll Tech. Corp. Dan Willie ---none---
262 Formation, Inc. Carl Marcinik ---none---
263 Seiko Instruments, Inc. (SII) Yasuyoshi Watanabe ---none---
264 RCE (Reseaux de Communication d'Entreprise S.A.)
Etienne Baudras-Chardigny ---none---
265 Xenocom, Inc. Sean Welch welch@raven.ulowell.edu
266 KABELRHEYDT Hubert Theissen ---none---
267 Systech Computer Corporation
Brian Petry systech!bpetry@uunet.UU.NET
268 Visual Brian O'Shea bos@visual.com
269 SDD (Scandinavian Airlines Data Denmark A/S)
Per Futtrup ---none---
270 Zenith Electronics Corporation David Lin ---none---
271 TELECOM FINLAND Petri Jokela ---none---
272 BinTec Computersystems Marc Sheldon ms@BinTec.DE
273 EUnet Germany Marc Sheldon ms@Germany.EU.net
274 PictureTel Corporation Oliver Jones oj@pictel.com
275 Michigan State University Lih-Er Wey WEYLE@msu.edu

276 GTE Telecom Incorporated Grant Gifford ---none---
277 Cascade Communications Corp.
Chikong Shue alpo!chi@uunet.uu.net
278 Hitachi Cable, Ltd. Takahiro Asai ---none---
279 Olivetti Marco Framba framba@orc.olivetti.com
280 Vitacom Corporation Parag Rastogi parag@cup.portal.com
281 INMOS Graham Hudspith gwh@inmos.co.uk
282 AIC Systems Laboratories Ltd. Glenn Mansfield glenn@aic.co.jp
283 Cameo Communications, Inc. Alan Brind ---none---
284 Diab Data AB Mats Lindstrom mli@diab.se
285 Olicom A/S Lars Povlsen krus@olicom.dk
286 Digital-Kienzle Computersystems Hans Jurgen Dorr ---none---
287 CSELT(Centro Studi E Laboratori Telecomunicazioni)
Paolo Coppo coppo@cz8700.cselt.stet.it
288 Electronic Data Systems Mark Holobach holobach@tis.eds.com
289 McData Corporation Glenn Levitt gpl0363@mcmail.mcdata.com
290 Harris Corporation David Rhein davidr@ssd.csd.harris.com
291 Technology Dynamics, Inc. Chip Standifer TDYNAMICS@MCIMAIL.COM
292 DATAHOUSE Information Systems Ltd. Kim Le ---none---
293 DSIR Network Group Tony van der Peet srghtvp@grv.dsir.govt.nz
294 Texas Instruments Blair Sanders Blair_Sanders@mcimail.com
295 PlainTree Systems Inc. Paul Chefurka chefurka@plntree.UUCP
296 Hedemann Software Development
Stefan Hedemann 100015.2504@compuserve.com
297 Fuji Xerox Co., Ltd. Hiroshi Kume
Kume%KSPB%Fuji_Xerox@tcpgw.netg.ksp.fujixerox.co.jp
298 Asante Technology Hsiang Ming Ma ---none---
299 Stanford University
RL "Bob" Morgan morgan@jessica.stanford.edu
300 Digital Link Jimmy Tu jimmy@dl.com
301 Raylan Corporation Mark S. Lewis mlewis@telebit.com
302 Datacraft Alan Lloyd alan@datacraft.oz
303 Hughes Keith McCloghrie KZM@HLS.COM
304 Farallon Computing, Inc. Steven Sweeney ---none---
305 GE Information Services Steve Bush sfb@ncoast.org
306 Gambit Computer Communications Zohar Seigal ---none---
307 Livingston Enterprises, Inc.
Steve Willens steve@livingston.com
308 Star Technologies Jim Miner miner@star.com
309 Micronics Computers Inc. Darren Croke dc@micronics.com
310 Basis, Inc. Heidi Stettner heidi@mtxinu.COM
311 Microsoft John M. Ballard jballard@microsoft.com
312 US West Advance Technologies
Donna Hopkins dmhopki@uswat.uswest.com
313 University College London Shaw C. Chuang S.Chuang@cs.ucl.ac.uk
314 Eastman Kodak Company W. James Colosky wjc@tornado.kodak.com
315 Network Resources Corporation Kathy Weninger ---none---
316 Atlas Telecom Bruce Kropp ktxc8!bruce@uunet.UU.NET

317 Bridgeway Umberto Vizcaino ---none---
318 American Power Conversion Corp.
Peter C. Yoest apc!yoest@uunet.uu.net
319 DOE Atmospheric Radiation Measurement Project
Paul Krystosek krystosk@eid.anl.gov
320 VerSteeg CodeWorks Bill Versteeg bvs@NCR.COM
321 Verilink Corp Bill Versteeg bvs@NCR.COM
322 Sybus Corportation Mark T. Dauscher mdauscher@sybus.com
323 Tekelec Bob Grady ---none---
324 NASA Ames Research Cente Nick Cuccia cuccia@nas.nasa.gov
325 Simon Fraser University Robert Urquhart quipu@sfu.ca
326 Fore Systems, Inc. Eric Cooper ecc@fore.com
327 Centrum Communications, Inc. Vince Liu ---none---
328 NeXT Computer, Inc.
Lennart Lovstrand Lennart_Lovstrand@NeXT.COM
329 Netcore, Inc. Skip Morton ---none---
330 Northwest Digital Systems Brian Dockter ---none---
331 Andrew Corporation Ted Tran ---none---
332 DigiBoard Dror Kessler dror@digibd.com
333 Computer Network Technology Corp. Bob Meierhofer ---none---
334 Lotus Development Corp. Bill Flanagan bflanagan@lotus.com
335 MICOM Communication Corporation
Donna Beatty SYSAD@prime.micom.com
336 ASCII Corporation Toshiharu Ohno tony-o@ascii.co.jp
337 PUREDATA Research Tony Baxter tony@puredata.com
338 NTT DATA Yasuhiro Kohata kohata@rd.nttdata.jp
339 Empros Systems International David Taylor dtaylor@ems.cdc.ca
340 Kendall Square Research (KSR) Dave Hudson tdh@uunet.UU.NET
341 Martin Marietta Energy Systems Gary Haney haneyg@ornl.gov
342 Network Innovations Pete Grillo pl0143@mail.psi.net
343 Intel Corporation Brady Orand borand@pcocd2.intel.com
344 Proxar Ching-Fa Hwang cfh@proxar.com
345 Epson Research Center Richard Schneider rschneid@epson.com
346 Fibernet George Sandoval ---none---
347 Box Hill Systems Corporation Tim Jones tim@boxhill.com
348 American Express Travel Related Services
Jeff Carton jcarton@amex-trs.com
349 Compu-Shack Tomas Vocetka OPLER%CSEARN.bitnet@CUNYVM.CUNY.EDU
350 Parallan Computer, Inc. Charles Dulin ---none---
351 Stratacom Clyde Iwamoto cki@strata.com
352 Open Networks Engineering, Inc. Russ Blaesing rrb@one.com
353 ATM Forum Keith McCloghrie KZM@HLS.COM
354 SSD Management, Inc. Bill Rose ---none---
355 Automated Network Management, Inc. Carl Vanderbeek ---none--
356 Magnalink Communications Corporation
David E. Kaufman ---none---
357 TIL Systems, Ltd. Garry McCracken ---none---
358 Skyline Technology, Inc. Don Weir ---none---

359 Nu-Mega Technologies, Inc. Dirk Smith ---none---
360 Morgan Stanley & Co. Inc.
Victor Kazdoba vsk@katana.is.morgan.com
361 Integrated Business Network Michael Bell ---none---
362 L & N Technologies, Ltd. Steve Loring ---none---
363 Cincinnati Bell Information Systems, Inc.
Deron Meranda dmeranda@cbis.COM
364 OSCOM International
Farhad Fozdar f_fozdar@fennel.cc.uwa.edu.au
365 MICROGNOSIS Paul Andon pandon@micrognosis.co.uk
366 Datapoint Corporation Lee Ziegenhals lcz@sat.datapoint.com
367 RICOH Co. Ltd.
Toshio Watanabe watanabe@godzilla.rsc.spdd.ricoh.co.jp
368 Axis Communications AB Martin Gren martin@axis.se
369 Pacer Software Wayne Tackabury wft@pacersoft.com
370 Axon Networks Inc. Robin Iddon axon@cix.clink.co.uk
371 Brixton Systems, Inc. Peter S. Easton easton@brixton.com
372 GSI Etienne Demailly etienne.demailly@gsi.fr
373 Tatung Co., Ltd.
Chih-Yi Chen TCCISM1%TWNTTIT.BITNET@pucc.Princeton.EDU
374 DIS Research LTD. Ray Compton rayc@command.com
375 Quotron Systems, Inc.
Richard P. Stubbs richard@atd.quotron.com
376 Dassault Electronique
Olivier J. Caleff caleff@dassault-elec.fr
377 Corollary, Inc. James L. Gula gula@corollary.com
378 SEEL, Ltd. Ken Ritchie ---none---
379 Lexcel Mike Erlinger mike@lexcel.com
380 Sophisticated Technologies, Inc.
Bill Parducci 70262.1267@compuserve.com
381 OST A. Pele ---none---
382 Megadata Pty Ltd. Andrew McRae andrew@megadata.mega.oz.au
383 LLNL Livermore Computer Center
Dan Nessett nessett@ocfmail.ocf.llnl.gov
384 Dynatech Communications Graham Welling s8000!gcw@uunet.uu.net
385 Symplex Communications Corp. Cyrus Azar ---none---
386 Tribe Computer Works Ken Fujimoto fuji@tribe.com
387 Taligent, Inc. Lorenzo Aguilar lorenzo@taligent.com
388 Symbol Technologies, Inc.
John Kramer +1-408-369-2679 jkramer@psd.symbol.com
389 Lancert Mark Hankin ---none---
390 Alantec Paul V. Fries pvf@alantec.com
391 Ridgeback Solutions
Errol Ginsberg bacchus!zulu!errol@uu2.psi.com
392 Metrix, Inc. D. Venkatrangan venkat@metrix.com
393 Excutive Systems/XTree Company
Dale Cabell cabell@smtp.xtree.com
394 NRL Communication Systems Branch

R. K. Nair nair@itd.nrl.navy.mil
395 I.D.E. Corporation Rob Spade ---none---
396 Matsushita Electric Works, Ltd.
Claude Huss claude@trc.mew.mei.co.jp
397 MegaPAC Ian George ---none---
398 Pilkington Communication Systems Dave Atkinson ---none---
399 Hitachi Computer Products (America), Inc.
Masha Golosovker masha@hicomb.hi.com
400 METEO FRANCE Remy Giraud Remy.Giraud@meteo.fr
401 PRC Inc. Jim Noble noble_jim@prc.com
402 Wal*Mart Stores, Inc. Mike Fitzgerel mlfitzg@wal-mart.com
403 Nissin Electric Company, Ltd. Aki Komatsuzaki (408) 737-0274
404 Distributed Support Information Standard
Mike Migliano
405 SMDS Interest Group (SIG)
Elysia C. Tan
406 SolCom Systems Ltd. Hugh Evans 0506 873855
407 Bell Atlantic Colin deSa socrates!bm5ld15@bagout.BELL-ATL.COM
408 Advanced Multiuser Technologies Corporation
409 Mitsubishi Electric Corporation
Yoshitaka Ogawa
410 C.O.L. Systems, Inc. Frank Castellucci (914) 277-4312
411 University of Auckland
Nevil Brownlee < n.brownlee@aukuni.ac.nz>
412 Desktop Management Task Force (DMTF)
Dave Perkins
413 Klever Computers, Inc. Tom Su 408-735-7723 kci@netcom.com
414 Amdahl Corporation Steve Young sy@uts.admahl.com
415 JTEC Pty, Ltd. Jan Bartel (02) 809 6933
416 Matra Communcation Hong-Loc Nguyen (33.1) 34.60.85.25
417 HAL Computer Systems Michael A. Petonic petonic@hal.com
418 Lawrence Berkeley Laboratory Russ Wright wright@lbl.gov
419 Dale Computer Corporation Dean Craven 1-800-336-7483
420 IPTC, Universitaet of Tuebingen
Andreas J. Haug
421 Bytex Corporation
Mary Ann Burt
422 Cogwheel, Inc. Brian Ellis bri@Cogwheel.COM
423 Lanwan Technologies Thomas Liu (408) 986-8899
424 Thomas-Conrad Corporation Karen Boyd 512-836-1935
425 TxPort Bill VerSteeg bvs@ver.com
426 Compex, Inc. Andrew Corlett BDA@ORION.OAC.UCI.EDU
427 Evergreen Systems, Inc. Bill Grace (415) 897-8888
428 HNV, Inc. James R. Simons jrs@denver.ssds.COM
429 U.S. Robotics, Inc. Chris Rozman chrisr@usr.com
430 Canada Post Corporation Walter Brown +1 613 722-8843
431 Open Systems Solutions, Inc. David Ko davidk@ossi.com
432 Toronto Stock Exchange Paul Kwan (416) 947-4284

433 MamakosTransSys Consulting
Louis A. Mamakos louie@transsys.com
434 EICON Vartan Narikian vartan@eicon.qc.ca
435 Jupiter Systems Russell Leefer rml@jupiter.com
436 SSTI Philip Calas (33) 61 44 19 51
437 Grand Junction Networks Randy Ryals randyr@grandjunction.com
438 Anasazi, Inc. Chad Larson (chad@anasazi.com)
439 Edward D. Jones and Company John Caruso (314) 851-3422
440 Amnet, Inc. Richard Mak mak@amnet.COM
441 Chase Research Kevin Gage ---none---
442 PEER Networks Randy Presuhn randy@peer.com
443 Gateway Communications, Inc. Ed Fudurich ---none---
444 Peregrine Systems Eric Olinger eric@peregrine.com
445 Daewoo Telecom SeeYoung Oh oco@scorpio.dwt.co.kr
446 Norwegian Telecom Research Paul Hoff paalh@brage.nta.no
447 WilTel Anil Prasad anil_prasad@wiltel.com
448 Ericsson-Camtec Satish Popat ---none---
449 Codex Thomas McGinty ---none---
450 Basis Heidi Stettner heidi@mtxinu.COM
451 AGE Logic Syd Logan syd@age.com
452 INDE Electronics Gordon Day gday@inde.ubc.ca
453 ISODE Consortium Steve Kille S.Kille@isode.com
454 J.I. Case Mike Oswald mike@helios.uwsp.edu
455 Trillium Jeff Lawrence j_lawrence@trillium.com
456 Bacchus Inc. Errol Ginsberg bacchus!zulu!errol@uu2.psi.com
457 MCC Doug Rosenthal rosenthal@mcc.com
458 Stratus Computer Dave Snay dks@sw.stratus.com
459 Quotron Richard P. Stubbs richard@atd.quotron.com
460 Beame & Whiteside Carl Beame beame@ns.bws.com
461 Cellular Technical Services Greg Hummel ---none---
462 Shore Microsystems, Inc. Gordon Elam (309) 229-3009
463 Telecommunications Techniques Corp. Tom Nisbet nisbet@tt.com
464 DNPAP (Technical University Delft)
Jan van Oorschot
465 Plexcom, Inc. Bruce Miller (805) 522-3333
466 Tylink Stavros Mohlulis (508) 285-0033
467 Brookhaven National Laboratory
Dave Stampf drs@bach.ccd.bnl.gov
468 Computer Communication Systems
Gerard Laborde
469 Norand Corp. Rose Gorrell 319-269-3100
470 MUX-LAP Philippe Labrosse 514-735-2741
471 Premisys Communications, Inc
Mike MacFaden
472 Bell South Telecommunications Johnny Walker 205-988-7105
473 J. Stainsbury PLC Steve Parker 44-71-921-7550
474 Ki Research Inc Toni Barckley 410-290-0355x220
475 Wandel and Goltermann Technologies

David Walters 919-941-5730x4203
476 Emerson Computer Power
Roger Draper 714-457-3638 rdraper@cerf.net
477 Network Software Associates Jeffery Chiao 714-768-4013
478 Procter and Gamble Peter Marshall 513-983-1100x5988
479 Meridian Technology Corporation
Kenneth B. Denson
480 QMS, Inc. Bill Lott lott@imagen.com
481 Network Express Tom Jarema 313-761-5051 ITOH@MSEN.COM
482 LANcity Corporation Pam Yassini pam@lancity.com
483 Dayna Communications, Inc.
Sanchaita Datta datta@signus.utah.edu
484 kn-X Ltd. Sam Lau 44 943 467007
485 Sync Research, Inc. Alan Bartky (714) 588-2070
486 PremNet Ken Huang HuangK@rimail.interlan.com
487 SIAC Peter Ripp (212) 383-9061
488 New York Stock Exchange Peter Ripp (212) 383-9061
489 American Stock Exchange Peter Ripp (212) 383-9061
490 FCR Software, Inc. Brad Parker brad@fcr.com
491 National Medical Care, Inc. Robert Phelan (617) 466-9850
492 Dialogue Communication Systemes, S.A.
Klaus Handke +(49) 30 802 24 97
493 NorTele Bjorn Kvile +47 2 48 89 90
494 Madge Networks, Inc.
Duncan Greatwood dgreatwo@madge.mhs.compuserve.com
495 Memotec Communications Graham Higgins ghiggins@teleglobe.com
496 CTON Nick Hennenfent nicholas@cton.com
497 Leap Technology, Inc. George Economou george@leap.com
498 General DataComm, Inc. William Meltzer meltzer@gdc.com
499 ACE Communications, Ltd. Danny On 972-3-570-1423
500 Automatic Data Processing (ADP) Alex Rosin (201) 714-3982
501 Programa SPRITEL Alberto Martinez
Martinez_Alberto_SPRITEL@euskom.spritel.es
502 Adacom Aial Haorch 972-4-899-899
503 Metrodata Ltd Nick Brown 100022.767@compuserve.com
504 Ellemtel Telecommunication Systems Laboratories
Richard G Bruvik Richard.Bruvik@eua.ericsson.se
505 Arizona Public Service Duane Booher DBOOHER@APSC.COM
506 NETWIZ, Ltd., Emanuel Wind eumzvir@techunix.technion.ac.il
507 Science and Engineering Research Council (SERC) Paul Kummer
P.Kummer@daresbury.ac.uk
508 The First Boston Corporation Kevin Chou
csfb1!dbadmin4!kchou@uunet.UU.NET
509 Hadax Electronics Inc. Marian Kramarczyk
73477.2731@compuserve.com
510 VTKK Markku Lamminluoto lamminluoto@vtkes1.vtkk.fi
511 North Hills Israel Ltd. Carmi Cohen carmi@north.hellnet.org
512 TECSIEL R. Burlon sr@teculx.tecsiel.it

513 Bayerische Motoren Werke (BMW) AG Michael Connolly
mconnolly@net.bmw.de
514 CNET Technologies Nelson Su 408-954-8000
515 MCI Kurt Robohm krobohm@mcimail.com
516 Human Engineering AG (HEAG) Urs Brunner
ubrunner@clients.switch.ch
517 FileNet Corporation Joe Raby raby@filenet.com
518 NFT-Ericsson Kjetil Donasen +47 2 84 24 00
519 Dun & Bradstreet Vic Smagovic 908-464-2079
520 Intercomputer Communications Brian Kean 513-745-0500x244
521 Defense Intelligence Agency
Barry Atkinson DIA-DMS@DDN-CONUS.DDN.MIL
522 Telesystems SLW Inc. Joe Magony 416-441-9966
523 APT Communications David Kloper 301-831-1182
524 Delta Airlines Jim Guy 404-715-2948
525 California Microwave Kevin Braun 408-720-6520
526 Avid Technology Inc Steve Olynyk 508-640-3328
527 Integro Advanced Computer Systems
Pascal Turbiez +33-20-08-00-40
528 RPTI Chris Shin 886-2-918-3006
529 Ascend Communications Inc. Marc Hyman 510-769-6001
530 Eden Computer Syste ms Inc. Louis Brando 305-591-7752
531 Kawasaki-Steel Corp
Tomoo Watanabe nrd@info.kawasaki-steel.co.jp
532 Barclays Malcolm Houghton +44 202 671 212
533 B.U.G., Inc. Isao Tateishi tateishi@bug.co.jp
534 Exide Electronics Brian Hammill hamill@dolphin.exide.com
535 Superconducting Supercollider Lab.
Carl W. Kalbfleisch cwk@irrational.ssc.gov
536 Triticom Jim Bales (612) 937-0772
537 Universal Instruments Corp.
Tom Dinnel BA06791%BINGVAXA.bitnet@CUNYVM.CUNY.EDU
538 Information Resources, Inc. Jeff Gear jjg@infores.com
539 Applied Innovation, Inc. Dean Dayton dean@aicorp.cmhnet.org
540 Crypto AG Roland Luthi luthi@iis.ethz.ch
541 Infinite Networks, Ltd. Sean Harding +44 923 710 277
542 Rabbit Software Bill Kwan kwan@rabbit.com
543 Apertus Technologies Stuart Stanley stuarts@apertus.com
544 Equinox Systems, Inc. Monty Norwood 1-800-275-3500 x293
545 Hayes Microcomputer Products
Chris Roussel hayes!hayes.com!croussel@uunet.UU.NET
546 Empire Technologies Inc. Cheryl Krupczak cheryl@cc.gatech.edu
547 Glaxochem, Ltd. Andy Wilson 0229 52261547
548 KPY Network Partners, Corp.
Gordon Vickers sccs@pizza.netcom.com
549 Agent Technology, Inc. Ibi Dhilla idhilla@genesis.nred.ma.us
550 Dornier GMBH Arens Heinrech 49-7545-8 ext 9337
551 Telxon Corporation Frank Ciotti frankc@teleng.telxon.com

552 Entergy Corporation Louis Cureau 504-364-7630
553 Garrett Communications Inc. Igor Khasin (408) 980-9752
554 Agile Networks, Inc. Dave Donegan ddonegan@agile.com
555 Larscom Sameer Jayakar 415-969-7572
556 Stock Equipment Karl Klebenow 216-543-6000
557 ITT Corporation Kevin M. McCauley kmm@vaxf.acdnj.itt.com
558 Universal Data Systems, Inc.
Howard Cunningham 70400.3671@compuserve.com
559 Sonix Communications, Ltd. David Webster +44 285 641 651
560 Paul Freeman Associates, Inc.
Pete Wilson pwilson@world.std.com
561 John S. Barnes, Corp. Michael Lynch 704-878-4107
562 Northern Telecom, Ltd.
Glenn Waters 613-763-3933
563 CAP Debris Patrick Preuss ppr@lfs.hamburg.cap-debris.de
564 Telco Systems NAC Harry Hirani Harry@telco-nac.com
565 Tosco Refining Co Fred Sanderson 510-602-4358
566 Russell Info Sys Atul Desai 714-362-4040
567 University of Salford Richard Letts R.J.Letts@salford.ac.uk
568 NetQuest Corp. Jerry Jacobus netquest@tigger.jvnc.net
569 Armon Networking Ltd. Yigal Jacoby yigal@armon.hellnet.org
570 IA Corporation Didier Fort Didier.Fort@lia.com
571 AU-System Communicaton AB Torbjorn Ryding 8-7267572
572 GoldStar Information & Communications, Ltd.
Soo N. Kim ksn@giconet.gsic.co.kr
573 SECTRA AB Tommy Pedersen tcp@sectra.se
574 ONEAC Corporation Bill Elliot ONEACWRE@AOL.COM
575 Tree Technologies Michael Demjanenko (716) 688-4640
576 GTE Government Systems Henry Hernandez (617) 455-2942
577 Denmac Systems, Inc. Andy Denenberg (708) 291-7760
578 Interlink Computer Sciences, Inc.
Mike Mazurek mfm@interlink.com
579 Bridge Information Systems, Inc. Stephen Harvey (314) 567-8482
580 Leeds and Northrup Australia (LNA) Nigel Cook nigelc@lna.oz.au
581 BHA Computer David Hislop rob@bha.oz.au
582 Newport Systems Solutions, Inc.
Pauline Chen paulinec@netcom.com
583 Atrium Technologies Narender Reddy Vangati vnr@atrium.com
584 ROBOTIKER Maribel Narganes maribel@teletek.es
585 PeerLogic Inc. Ratinder Ahuja ratinder@peerlogic.com
586 Digital Transmittion Systems Bill VerSteeg bvs@ver.com
587 Far Point Communications Bill VerSteeg bvs@ver.com
588 Xircom Bill VerSteeg bvs@ver.com
589 Mead Data Central Stephanie Bowman steph@meaddata.com
590 Royal Bank of Canada N. Lim (416) 348-5197
591 Advantis, Inc. Janet Brehm 813 878-4298
592 Chemical Banking Corp. Paul McDonnell pmcdonnl@world.std.com
593 Eagle Technology Ted Haynes (408) 441-4043

594 British Telecom Ray Smyth rsmyth@bfsec.bt.co.uk
595 Radix BV P. Groenendaal project2@radix.nl
596 TAINET Communication System Corp.
Joseph Chen +886-2-6583000 (R.O.C.)
597 Comtek Services Inc. Steve Harris (703) 506-9556
598 Fair Issac Steve Pasadis apple.com!fico!sxp (415) 472-2211
599 AST Research Inc. Bob Beard bobb@ast.com
600 Soft*Star s.r.l. Ing. Enrico Badella softstar@pol88a.polito.it
601 Bancomm Joe Fontes jwf@bancomm.com
602 Trusted Information Systems, Inc.
James M. Galvin galvin@tis.com
603 Harris & Jeffries, Inc. Deepak Shahane hjinc@CERF.NET
604 Axel Technology Corp. Henry Ngai (714) 455-1688
605 GN Navtel, Inc. Joe Magony 416-479-8090
606 CAP debis Patrick Preuss +49 40 527 28 366
607 Lachman Technology, Inc. Steve Alexander stevea@lachman.com
608 Galcom Networking Ltd.
Zeev Greenblatt galnet@vax.trendline.co.il
609 BAZIS M. van Luijt martin@bazis.nl
610 SYNAPTEL Eric Remond remond@synaptel.fr
611 Investment Management Services, Inc.
J. Laurens Troost rens@stimpys.imsi.com
612 Taiwan Telecommunication Lab
Dennis Tseng LOUIS%TWNMOCTL.BITNET@pucc.Princeton.EDU
613 Anagram Corporation Michael Demjanenko (716) 688-4640
614 Univel John Nunneley jnunnele@univel.com
615 University of California, San Diego
Arthur Bierer abierer@ucsd.edu
616 CompuServe Ed Isaacs, Brian Biggs SYSADM@csi.compuserve.com
617 Telstra - OTC Australia
Peter Hanselmann peterhan@turin.research.otc.com.au
618 Westinghouse Electric Corp.
Ananth Kupanna ananth@access.digex.com
619 DGA Ltd. Tom L. Willis twillis@pintu.demon.co.uk
620 Elegant Communications Inc.
Robert Story Robert.Story@Elegant.COM
621 Experdata Claude Lubin clubin@expdat.gna.org
622 Unisource Business Networks Sweden AB
Goran Sterner gsr@tip .net
623 Molex, Inc. Steven Joffe molex@mcimail.com
624 Quay Financial Software Mick Fleming mickf@quay.ie
625 VMX Inc. Joga Ryali joga@vmxi.cerfnet.com
626 Hypercom, Inc. Noor Chowdhury (602) 548-2113
627 University of Guelph Kent Percival Percival@CCS.UoGuelph.CA
628 DIaLOGIKa Juergen Jungfleisch 0 68 97 9 35-0
629 NBASE Switch Communication
Sergiu Rotenstein 75250.1477@compuserve.com
630 Anchor Datacomm B.V. Erik Snoek sdrierik@diamond.sara.nl

631 PACDATA John Reed johnr@hagar.pacdata.com
632 University of Colorado Evi Nemeth evi@cs.colorado.edu
633 Tricom Communications Limited
Robert Barrett 0005114429@mcimail.com
634 Santix Software GmbH
Michael Santifaller santi%mozart@santix.guug.de
635 FastComm Communications Corp.
Bill Flanagan 70632.1446@compuserve.com
636 The Georgia Institute of Technology
Michael Mealling michael.mealling@oit.gatech.edu
637 Alcatel Data Networks
Douglas E. Johnson doug.e.johnson@adn.sprint.com
638 GTECH Brian Ruptash bar@gtech.com
639 UNOCAL Corporation Peter Ho ho@unocal.com
640 First Pacific Network Randy Hamilton 408-703-2763
641 Lexmark International Don Wright don@lexmark.com
642 Qnix Computer Sang Weon, Yoo swyoo@qns.qnix.co.kr
643 Jigsaw Software Concepts (Pty) Ltd.
Willem van Biljon wvb@itu2.sun.ac.za
644 VIR, Inc. Mark Cotton (215) 364-7955
645 SFA Datacomm Inc. Don Lechthaler lech@world.std.com
646 SEIKO Telecommunication Systems, Inc.
Lyn T. Robertson (503) 526-5638
647 Unified Management Andy Barnhouse (612) 561-4944
648 RADLINX Ltd. Ady Lifshes ady%rndi@uunet.uu.net
649 Microplex Systems Ltd. Henry Lee hyl@microplex.com
650 Objecta Elektronik & Data AB Johan Finnved jf@objecta.se
651 Phoenix Microsystems Bill VerSteeg bvs@ver.com
652 Distributed Systems International, Inc.
Ron Mackey rem@dsiinc.com
653 Evolving Systems, Inc. Judith C. Bettinger judy@evolving.com
654 SAT GmbH Walter Eichelburg 100063.74@compuserve.com
655 CeLAN Technology, Inc. Mark Liu 886--35-772780
656 Landmark Systems Corp.
Steve Sonnenberg steves@socrates.umd.edu
657 Netone Systems Co., Ltd.
YongKui Shao syk@new-news.netone.co.jp
658 Loral Data Systems Jeff Price jprice@cps070.lds.loral.com
659 Cellware Broadband Technology Michael Roth mike@cellware.de
660 Mu-Systems Gaylord Miyata miyata@world.std.com
661 IMC Networks Corp. Jerry Roby (714) 724-1070
662 Octel Communications Corp. Alan Newman (408) 321-5182
663 RIT Technologies LTD. Ghiora Drori drori@dcl.hellnet.org
664 Adtran Jeff Wells 205-971-8000
665 PowerPlay Technologies, Inc. Ray Caruso rayman@csn.org
666 Oki Electric Industry Co., Ltd.
Shigeru Urushibara uru@cs1.cs.oki.co.jp
667 Specialix International Jeremy Rolls jeremyr@specialix.co.uk

668 INESC (Instituto de Engenharia de Sistemas e Computadores)
Pedro Ramalho Carlos prc@inesc.pt
669 Globalnet Communications Real Barriere (514) 651-6164
670 Product Line Engineer SVEC Computer Corp.
Rich Huang msumgr@enya.cc.fcu.edu.tw
671 Printer Systems Corp. Bill Babson bill@prsys.com
672 Contec Micro Electronics USA David Sheih (408) 434-6767
673 Unix Integration Services Chris Howard chris@uis.com
674 Dell Computer Corporation Steven Blair sblair@dell.com
675 Whittaker Electronic Systems Michael McCune mccune@cerf.net
676 QPSX Communications David Pascoe davidp@qpsx.oz.au
677 Loral WDl Mike Aronson Mike_Aronson@msgate.wdl.loral.com
678 Federal Express Corp. Randy Hale (901) 369-2152
679 E-COMMS Inc. Harvey Teale (206) 857-3399
680 Software Clearing House Tom Caris ca@sch.com
681 Antlow Computers LTD. C. R. Bates 44-635-871829
682 Emcom Corp. Mike Swartz emcom@cerf.net
683 Extended Systems, Inc.
Al Youngwerth alberty@tommy.extendsys.com
684 Sola Electric Mike Paulsen (708) 439-2800
685 Esix Systems, Inc. Anthony Chung esix@esix.tony.com
686 3M/MMM Chris Amley ccamley@mmm.com
687 Cylink Corp. Ed Chou ed@cylink.com
688 Znyx Advanced Systems Division, Inc.
Alan Deikman aland@netcom.com
689 Texaco, Inc. Jeff Lin linj@Texaco.com
690 McCaw Cellular Communication Corp. Tri Phan tri.phan@mccaw.com
691 ASP Computer Product Inc. Elise Moss 71053.1066@compuserve.com
692 HiPerformance Systems Mike Brien +27-11-806-1000
693 Regionales Rechenzentrum
Sibylle Schweizer unrz54@daphne.rrze.uni-erlangen.de
694 SAP AG Dr. Uwe Hommel +49 62 27 34 0
695 ElectroSpace System Inc.
Dr. Joseph Cleveland e03353@esitx.esi.org
696 ( Unassigned )
697 MultiPort Software Reuben Sivan 72302.3262@compuserve.com
698 Combinet, Inc. Samir Sawhney samir@combinet.com
699 TSCC Carl Wist carlw@tscc.com
700 Teleos Communications Inc. Bill Nayavich wln@teleoscom.com
701 Alta Research Amy Saperstein (305) 428-8535
702 Independence Blue Cross Bill Eshbach esh@ibx.com
703 ADACOM Station Interconnectivity LTD.
Itay Kariv +9 72 48 99 89 9
704 MIROR Systems Frank Kloes +27 12 911 0003
705 Merlin Gerin Adam Stolinski (714) 557-1637 x249
706 Owen-Corning Fiberglas Tom Mann mann.td@ocf.compuserve.com
707 Talking Networks Inc. Terry Braun tab@lwt.mtxinu.com
708 Cubix Corporation Rebekah Marshall (702) 883-7611

709 Formation Inc. Bob Millis bobm@formail.formation.com
710 Lannair Ltd. Pablo Brenner pablo@lannet.com
711 LightStream Corp. Chris Chiotasso chris@lightstream.com
712 LANart Corp. Doron I. Gartner doron@lanart.com
713 University of Stellenbosch Graham Phillips phil@cs.sun.ac.za
714 Wyse Technology Bill Rainey bill@wyse.com
715 DSC Communications Corp. Colm Bergin cbergin@cpdsc.com
716 NetEc Thomas Krichel netec@uts. mcc.ac.uk
717 Breltenbach Software Engineering Hilmar Tuneke +02 92 49 70 00
718 Victor Company of Japan,Limited
Atsushi Sakamoto 101176.2703@compuserve.com
719 Japan Direx Corporation Teruo Tomiyama +81 3 3498 5050
720 NECSY Network Control Systems S.p.A. Piero Fiozzo fip@necsy.it
721 ISDN Systems Corp. Jeff Milloy p00633@psilink.com
722 Zero-One Technologies, LTD. Curt Chen + 88 62 56 52 32 33
723 Radix Technologies, Inc. Steve Giles giless@delphi.com
724 National Institute of Standards and Technology
Jim West west@mgmt3.ncsl.nist.gov
725 Digital Technology Inc. Chris Gianattasio gto@lanhawk.com
726 Castelle Corp. Waiming Mok wmm@castelle.com
727 Presticom Inc. Martin Dube 76270.2672@compuserve.com
728 Showa Electric Wire & Cable Co., Ltd.
Robert O'Grady kfn@tanuki.twics.co.jp
729 SpectraGraphics Jack Hinkle hinkle@spectra.com
730 Connectware Inc. Rick Downs rxd4@acsysinc.com
731 Wind River Systems Emily Hipp hipp@wrs.com
732 RADWAY International Ltd. Doron Kolton 0005367977@mcimail.com
733 System Management ARTS, Inc. Alexander Dupuy dupuy@smarts.com
734 Persoft, Inc. Steven M. Entine entine@pervax.persoft.com
735 Xnet Technology Inc. Esther Chung estchung@xnet-tech.com
736 Unison-Tymlabs Dean Andrews ada@unison.com
737 Micro-Matic Research Patrick Lemli 73677.2373@compuserve.com
738 B.A.T.M. Advance Technologies
Nahum Killim bcrystal@actcom.co.il
739 University of Copenhagen Kim H|glund shotokan@diku.dk
740 Network Security Systems, Inc.
Carleton Smith rpitt@nic.cerf.net
741 JNA Telecommunications Sean Cody seanc@jna.com.au
742 Encore Computer Corporation Tony Shafer tshafer@encore.com
743 Central Intelligent Agency Carol Jobusch 703 242-2485
744 ISC (GB) Limited Mike Townsend miket@cix.compulink.co.uk
745 Digital Communication Associates Ravi Shankar shankarr@dca.com
746 CyberMedia Inc. Unni Warrier unni@cs.ucla.edu
747 Distributed Systems International, Inc.
Ron Mackey rem@dsiinc.com
748 Peter Radig EDP-Consulting Peter Radig +49 69 9757 6100
749 Vicorp Interactive Systems Phil Romine phil@vis.com
750 Inet Inc. Bennie Lopez brl@inetinc.com

751 Argonne National Laboratory Michael Shaffer mashaffer@anl.gov
752 Tek Logix Peter Palsall 905 625-4121
753 North Western University Phil Draughon jpd@nwu.edu
754 Astarte Fiber Networks James Garnett garnett@catbelly.com
755 Diederich & Associates, Inc.
Douglas Capitano dlcapitano@delphi.com
756 Florida Power Corporation Bob England rengland@fpc.com
757 ASK/INGRES Howard Dernehl howard@ingres.com
758 Open Network Enterprise Spada Stefano +39 39 245-8101
759 The Home Depot Keith Porter ktp01@homedepot.com
760 Pan Dacom Telekommunikations Jens Andresen +49 40 644 09 71
761 NetTek Steve Kennedy steve@gbnet.com
762 Karlnet Corp. Doug Kall kbridge@osu.edu
763 Efficient Networks, Inc. Thirl Johnson (214) 991-3884
764 Fiberdata Jan Fernquist +46 828 8383
765 Lanser Emil Smilovici (514) 485-7104
766 Telebit Communications A/S Peder Chr. Norgaard pcn@tbit.dk
767 HILAN GmbH Markus Pestinger markus@lahar.ka.sub.org
768 Network Computing Inc.
Fredrik Noon fnoon@ncimail.mhs.compuserve.com
769 Walgreens Company Denis Renaud (708) 818-4662
770 Internet Initiative Japan Inc. Toshiharu Ohno tony-o@iij.ad.jp
771 GP van Niekerk Ondernemings
Gerrit van Niekerk gvanniek@dos-lan.cs.up.ac.za
772 DSP & Telecoms Research Group
Patrick McGleenon p.mcgleenon@ee.queens-belfast.ac.uk
773 Securities Industry Automation Corporation
Chiu Szeto cszeto@prism.poly.edu
774 SYNaPTICS David Gray david@synaptics.ie
775 Data Switch Corporation Joe Welfeld jwelfeld@dasw.com
776 Telindus Distribution Karel Van den Bogaert kava@telindus.be
777 MAXM Systems Corporation Gary Greathouse ggreathouse@maxm.com
778 Fraunhofer Gesellschaft
Jan Gottschick jan.gottschick@isst.fhg.de
779 EQS Business Services Ken Roberts kroberts@esq.com
780 CNet Technology Inc. Repus Hsiung idps17@shts.seed.net.tw
781 Datentechnik GmbH Thomas Pischinger +43 1 50100 266
782 Network Solutions Inc. Dave Putman davep@netsol.com
783 Viaman Software Vikram Duvvoori info@viman.com
784 Schweizerische Bankgesellschaft Zuerich
Roland Bernet Roland.Bernet@zh014.ubs.ubs.ch
785 University of Twente - TIOS Aiko Pras pras@cs.utwente.nl
786 Simplesoft Inc. Sudhir Pendse sudhir@netcom.com
787 Stony Brook, Inc. Ken Packert p01006@psilink.com
788 Unified Systems Solutions, Inc.
Steven Morgenthal smorgenthal@attmail.com
789 Network Appliance Corporation
Varun Mehta varun@butch.netapp.com

790 Ornet Data Communication Technologies Ltd.
Haim Kurz haim@ornet.co.il
791 Computer Associates International
Glenn Gianino giagl01@usildaca.cai.com
792 Multipoint Network Inc. Michael Nguyen mike@multipoint.com
793 NYNEX Science & Technology Lily Lau llau@nynexst.com
794 Commercial Link Systems Wiljo Heinen wiljo@freeside.cls.de
795 Adaptec Inc. Tom Battle tab@lwt.mtxinu.com
796 Softswitch Charles Springer cjs@ssw.com
797 Link Technologies, Inc. Roy Chu royc@wyse.com
798 IIS Olry Rappaport iishaifa@attmail.com
799 Mobile Solutions Inc. Dale Shelton dshelton@srg.srg.af.mil
800 Xylan Corp. Burt Cyr burt@xylan.com
801 Airtech Software Forge Limited
Callum Paterson tsf@cix.compulink.co.uk
802 National Semiconductor Maurice Turcotte mturc@atlanta.nsc.com
803 Video Lottery Technologies Angelo Lovisa ange@awd.cdc.com
804 National Semiconductor Corp Waychi Doo wcd@berlioz.nsc.com
805 Applications Management Corp
Terril (Terry) Steichen tjs@washington.ssds.com
806 Travelers Insurance Company Eric Miner ustrv67v@ibmmail.com
807 Taiwan International Standard Electronics Ltd.
B. J. Chen bjchen@taisel.com.tw
808 US Patent and Trademark Office Rick Randall randall@uspto.gov
809 Hynet, LTD. Amir Fuhrmann amf@teleop.co.il
810 Aydin, Corp. Rick Veher (215) 657-8600
811 ADDTRON Technology Co., LTD. Tommy Tasi +8 86-2-4514507
812 Fannie Mae David King s4ujdk@fnma.com
813 MultiNET Services Hubert Martens martens@multinet.de
814 GECKO mbH Holger Dopp hdo@gecko.de
815 Memorex Telex Mike Hill hill@raleng.mtc.com
816 Advanced Communications Networks (ACN) SA
Antoine Boss +41 38 247434
817 Telekurs AG Jeremy Brookfield bkj@iris.F2.telekurs.ch
818 Victron bv Jack Stiekema jack@victron.nl
819 CF6 Company Francois Caron +331 4696 0060
820 Walker Richer and Quinn Inc.
Rebecca Higgins rebecca@elmer.wrq.com
821 Saturn Systems Paul Parker paul_parker@parker.fac.cs.cmu.edu
822 Mitsui Marine and Fire Insurance Co. LTD.
Kijuro Ikeda +813 5389 8111
823 Loop Telecommunication International, Inc.
Charng-Show Li +886 35 787 696
824 Telenex Corporation James Krug (609) 866-1100
825 Bus-Tech, Inc. Charlie Zhang chun@eecs.cory.berkley.edu
826 ATRIE Fred B.R. Tuang cmp@fddi3.ccl.itri.org.tw
827 Gallagher & Robertson A/S Arild Braathen arild@gar.no
828 Networks Northwest, Inc. John J. Hansen jhansen@networksnw.com

829 Conner Peripherials Richard Boyd rboyd@mailserver.conner.com
830 Elf Antar France P. Noblanc +33 1 47 44 45 46
831 Lloyd Internetworking Glenn McGregor glenn@lloyd.com
832 Datatec Industries, Inc. Chris Wiener cwiener@datatec.com
833 TAICOM Scott Tseng cmp@fddi3.ccl.itri.org.tw
834 Brown's Operating System Services Ltd.
Alistair Bell alistair@ichthya.demon.co.uk
835 MiLAN Technology Corp. Gopal Hegde gopal@milan.com
836 NetEdge Systems, Inc. Dave Minnich Dave_Minnich@netedge.com
837 NetFrame Systems George Mathew george_mathew@netframe.com
838 Xedia Corporation Colin Kincaid colin%madway.uucp@dmc.com
839 Pepsi Niraj Katwala niraj@netcom.com
840 Tricord Systems, Inc. Mark Dillon mdillon@tricord.mn.org
841 Proxim Inc. Russ Reynolds proxim@netcom.com
842 Applications Plus, Inc. Joel Estes joele@hp827.applus.com
843 Pacific Bell Aijaz Asif saasif@srv.PacBell.COM
844 Supernet Sharon Barkai sharon@supernet.com
845 TPS-Teleprocessing Systems Manfred Gorr gorr@tpscad.tps.de
846 Technology Solutions Company Niraj Katwala niraj@netcom.com
847 Computer Site Technologies Tim Hayes (805) 967-3494
848 NetPort Software John Bartas jbartas@sunlight.com
849 Alon Systems Menachem Szus 70571.1350@compuserve.com
850 Tripp Lite Lawren Markle 72170.460@compuserve.com
851 NetComm Limited
Paul Ripamonti paulri@msmail.netcomm.pronet.com
852 Precision Systems, Inc. (PSI)
Fred Griffin cheryl@empiretech.com
853 Objective Systems Integrators Ed Reeder Ed.Reeder@osi.com
854 Simpact Associates Inc.
Robert Patterson bpatterson@dcs.simpact.com
855 Systems Enhancement Corporation
Steve Held 71165.2156@compuserve.com
856 Information Integration, Inc. Gina Sun iiii@netcom.com
857 CETREL S.C. Louis Reinard ssc-re@cetrel.lu
858 ViaTech Development
Theodore J. Collins III ted.collins@vtdev.mn.org
859 Olivetti North America Tom Purcell tomp@mail.spk.olivetti.com
860 WILMA Nikolaus Schaller hns@ldv.e-technik.tu-muenchen.de
861 ILX Systems Inc. Peter Mezey peterm@ilx.com
862 Total Peripherals Inc. Mark Ustik (508) 393-1777
863 SunNetworks Consultant John Brady jbrady@fedeast.east.sun.com
864 Arkhon Technologies, Inc. Joe Wang rkhon@nic.cerf.net
865 Computer Sciences Corporation
George M. Dands dands@sed.csc.com
866 Philips.TRT Thibault Muchery +33 14128 7000
867 Katron Technologies Inc. Robert Kao +88 627 991 064
868 Transition Engineering Inc.
Hemant Trivedi hemant@transition.com

869 Altos Engineering Applications, Inc.
Wes Weber or Dave Erhart altoseng@netcom.com
870 Nicecom Ltd. Arik Ramon arik@nicecom.nice.com
871 Fiskars/Deltec Carl Smith (619) 291-2973
872 AVM GmbH Andreas Stockmeier stocki@avm-berlin.de
873 Comm Vision Richard Havens (408) 923 0301 x22
874 Institute for Information Industry
Peter Pan peterpan@pdd.iii.org.tw
875 Legent Corporation Gary Strohm gstrohm@legent.com
876 Network Automation Doug Jackson +64 6 285 1711
877 NetTech Marshall Sprague marshall@nettech.com
878 Coman Data Communications Ltd.
Zvi Sasson coman@nms.cc.huji.ac.il
879 Skattedirektoratet Karl Olav Wroldsen +47 2207 7162
880 Client-Server Technologies Timo Metsaportti timo@itf.fi
881 Societe Internationale de Telecommunications Aeronautiques
Chuck Noren chuck.noren@es.atl.sita.int
882 Maximum Strategy Inc. Paul Stolle pstolle@maxstrat.com
883 Integrated Systems, Inc. Michael Zheng mz@isi.com
884 E-Systems, Melpar Rick Silton rsilton@melpar.esys.com
885 Reliance Comm/Tec Mark Scott 73422.1740@compuserve.com
886 Summa Four Inc. Paul Nelson (603) 625-4050
887 J & L Information Systems Rex Jackson (818) 709-1778
888 Forest Computer Inc. Dave Black dave@forest.com
889 Palindrome Corp. Jim Gast jgast@palindro.mhs.compuserve.com
890 ZyXEL Communications Corp. Harry Chou howie@csie.nctu.edu.tw
891 Network Managers (UK) Ltd, Mark D Dooley mark@netmgrs.co.uk
892 Sensible Office Systems Inc. Pat Townsend (712) 276-0034
893 Informix Software Anthony Daniel anthony@informix.com
894 Dynatek Communications Howard Linton (703) 490-7205
895 Versalynx Corp. Dave Fisler (619) 536-8023
896 Potomac Scheduling Communications Company
David Labovitz del@access.digex.net
897 Sybase Inc. Dave Meldrum meldrum@sybase.com
898 DiviCom Inc. Eyal Opher eyal@divi.com
899 Datus elektronische Informationssysteme GmbH
Hubert Mertens marcus@datus.uucp
900 Matrox Electronic Systems Limited
Marc-Andre Joyal marc-andre.joyal@matrox.com
901 Digital Products, Inc. Ross Dreyer rdreyer@digpro d.com
902 Scitex Corp. Ltd. Yoav Chalfon yoav_h@ird.scitex.com
903 RAD Vision Oleg Pogorelik radvis@vax.trendline.co.il
904 Tran Network Systems Paul Winkeler paulw@revco.com
905 Scorpion Logic Sean Harding +09 2324 5672
906 Inotech Inc. Eric Jacobs (703) 641-0469
907 Controlled Power Co. Yu Chin 76500,3160@compuserve.com
908 Elsag Bailey Incorporate Derek McKearney mckearney@bailey.com
909 J.P. Morgan Chung Szeto szeto_chung@jpmorgan.com

910 Clear Communications Corp. Kurt Hall khall@clear.com
911 General Technology Inc. Perry Rockwell (407) 242-2733
912 Adax Inc. Jory Gessow jory@adax.com
913 Mtel Technologies, Inc. Jon Robinson 552-3355@mcimail.com
914 Underscore, Inc. Jeff Schnitzer jds@underscore.com
915 SerComm Corp. Ben Lin +8 862-577-5400
916 Baxter Healthcare Corporation
Joseph Sturonas sturonaj@mpg.mcgawpark.baxter.com
917 Tellus Technology Ron Cimorelli (510) 498-8500
918 Continuous Electron Beam Accelerator Facility
Paul Banta banta@cebaf.gov
919 Canoga Perkins Margret Siska (818) 718-6300
920 R.I.S Technologies Fabrice Lacroix +33 7884 6400
921 INFONEX Corp. Kazuhiro Watanabe kazu@infonex.co.jp
922 WordPerfect Corp. Douglas Eddy eddy@wordperfect.com
923 NRaD Russ Carleton roccor@netcom.com
924 Hong Kong Telecommunications Ltd. K. S. Luk +8 52 883 3183
925 Signature Systems Doug Goodall goodall@crl.com
926 Alpha Technologies LTD. Guy Pothiboon (604) 430-8908
927 PairGain Technologies, Inc. Ken Huang kenh@pairgain.com
928 Sonic Systems Sudhakar Ravi sudhakar@sonicsys.com
929 Steinbrecher Corp. Kary Robertson krobertson@delphi.com
930 Centillion Networks, Inc. Derek Pitcher derek@lanspd.com
931 Network Communication Corp.
Tracy Clark ncc!central!tracyc@netcomm.attmail.com
932 Sysnet A.S. Carstein Seeberg case@sysnet.no
933 Telecommunication Systems Lab Gerald Maguire maguire@it.kth.se
934 QMI Scott Brickner (410) 573-0013
935 Phoenixtec Power Co., LTD. An-Hsiang Tu +8 862 646 3311
936 Hirakawa Hewtech Corp. H. Ukaji lde02513@niftyserve.or.jp
937 No Wires Needed B.V. Arnoud Zwemmer roana@cs.utwente.nl
938 Primary Access Kerstin Lodman lodman@priacc.com
939 Enterprises.FDSW Dag Framstad dag.framstad@fdsw.no
940 Grabner & Kapfer GnbR Vinzenz Grabner zen@wsr.ac.att
941 Nemesys Research Ltd. Michael Dixon mjd@nemesys.co.uk
942 Pacific Communication Sciences, Inc. (PSCI)
Yvonne Kammer mib-contact@pcsi.com
943 Level One Communications, Inc.
Moshe Kochinski moshek@level1.com
944 Fast Track, Inc. Andrew H. Dimmick adimmick@world.std.com
945 Andersen Consulting, OM/NI Practice
Greg Tilford p00919@psilink.com
946 Bay Technologies Pty Ltd. Paul Simpson pauls@baytech.com.au
947 Integrated Network Corp. Daniel Joffe wandan@integnet.com
948 Epoch, Inc. David Haskell deh@epoch.com
949 Wang Laboratories Inc. Pete Reilley pvr@wiis.wang.com
950 Polaroid Corp. Sari Germanos sari@temerity.polaroid.com
951 Sunrise Sierra Gerald Olson (510) 443-1133

952 Silcon Group Bjarne Bonvang +45 75 54 22 55
953 Coastcom Donald Pickerel dpickere@netcom.com
954 4th DIMENSION SOFTWARE LTD.
Thomas Segev/Ely Hofner autumn@zeus.datasrv.co.il
955 SEIKO SYSTEMS Inc. Kiyoshi Ishida ishi@ssi.co.jp
956 PERFORM Jean-Hugues Robert +33 42 27 29 32
957 TV/COM International Jean Tellier (619) 675-1376
958 Network Integration, Inc.
Scott C. Lemon slemon@nii.mhs.compuserve.com
959 Sola Electric, A Unit of General Signal
Bruce Rhodes 72360,2436@compuserve.com
960 Gradient Technologies, Inc. Geoff Charron geoff@gradient.com
961 Tokyo Electric Co., Ltd. A. Akiyama +81 558 76 9606
962 Codonics, Inc. Joe Kulig jjk@codonics.com
963 Delft Technical University Mark Schenk m.schenk@ced.tudelft.nl
964 Carrier Access Corp. Roger Koenig tomquick@carrier.com
965 eoncorp Barb Wilson wilsonb@eon.com
966 Naval Undersea Warfare Center
Mark Lovelace lovelace@mp34.nl.nuwc.navy.mil
967 AWA Limited Mike Williams +61 28 87 71 11
968 Distinct Corp. Tarcisio Pedrotti tarci@distinct.com
969 National Technical University of Athens
Theodoros Karounos karounos@phgasos.ntua.gr
970 BGS Systems, Inc. Amr Hafez amr@bgs.com
971 McCaw Wireless Data Inc. Brian Bailey bbailey@airdata.com
972 Bekaert Koen De Vleeschauwer kdv@bekaert.com
973 Epic Data Inc. Vincent Lim vincent_lim@epic.wimsey.com
974 Prodigy Services Co. Ed Ravin elr@wp.prodigy.com
975 First Pacific Networks (FPN) Randy Hamilton randy@fpn.com
976 Xylink Ltd. Bahman Rafatjoo 100117.665@compuserve.com
977 Relia Technologies Corp. Fred Chen fredc@relia1.relia.com.tw
978 Legacy Storage Systems Inc.
James Hayes james@lss-chq.mhs.compuserve.com
979 Digicom, SPA Claudio Biotti +39 3312 0 0122
980 Ark Telecom Alan DeMars alan@arktel.com
981 National Security Agency (NSA)
Cynthia Stewart maedeen@romulus.ncsc.mil
982 Southwestern Bell Corporation
Brian Bearden bb8840@swuts.sbc.com
983 Virtual Design Group, Inc.
Chip Standifer 70650.3316@compuserve.com
984 Rhone Poulenc Olivier Pignault +33 1348 2 4053
985 Swiss Bank Corporation Neil Todd toddn@gb.swissbank.com
986 ATEA N.V. Walter van Brussel p81710@banyan.atea.be
987 Computer Communications Specialists, Inc.
Carolyn Zimmer cczimmer@crl.com
988 Object Quest, Inc. Michael L. Kornegay mlk@bir.com
989 DCL System International, Ltd. Gady Amit gady-a@dcl-see.co.il

990 SOLITON SYSTEMS K.K. Masayuki Yamai +81 33356 6091
991 U S Software Don Dunstan ussw@netcom.com
992 Systems Research and Applications Corporation
Todd Herr herrt@smtplink.sra.com
993 University of Florida Todd Hester todd@circa.ufl.edu
994 Dantel, Inc. John Litster (209) 292-1111
995 Multi-Tech Systems, Inc. Dale Martenson (612) 785-3500 x519 996 Softlink Ltd. Moshe Leibovitch softlink@zeus.datasrv.co.il
997 ProSum Christian Bucari +33.1.4590.6231
998 March Systems Consultancy, Ltd.
Ross Wakelin r.wakelin@march.co.uk
999 Hong Technology, Inc. Walt Milnor brent@oceania.com
1000 Internet Assigned Numbers Authority iana@isi.edu
1001 PECO Energy Co. Rick Rioboli u002rdr@peco.com
1002 United Parcel Service Steve Pollini nrd1sjp@nrd.ups.com
1003 Storage Dimensions, Inc. Michael Torhan miketorh@xstor.com
1004 ITV Technologies, Inc. Jacob Chen itv@netcom.com
1005 TCPSI Victor San Jose Victor.Sanjose@sp1.y-net.es
1006 Promptus Communications, Inc. Paul Fredette (401) 683-6100
1007 Norman Data Defense Systems
Kristian A. Bognaes norman@norman.no
1008 Pilot Network Services, Inc. Rob Carrade carrade@pilot.net
1009 Integrated Systems Solutions Corporation
Chris Cowan cc@austin.ibm.com
1010 SISRO Kamp Alexandre 100074.344@compuserve.com
1011 NetVantage Kevin Bailey speed@kaiwan.com
1012 Marconi S.p.A. Giuseppe Grasso gg@relay.marconi.it
1013 SURECOM Mike S. T. Hsieh +886.25.92232
1014 Royal Hong Kong Jockey Club
Edmond Lee 100267.3660@compuserve.com
1015 Gupta Howard Cohen hcohen@gupta.com
1016 Tone Software Corporation Neil P. Harkins (714) 991-9460
1017 Opus Telecom Pace Willisson pace@blitz.com
1018 Cogsys Ltd. Niall Teasdale niall@hedgehog.demon.co.uk
1019 Komatsu, Ltd. Akifumi Katsushima +81 463.22.84.30
1020 ROI Systems, Inc Michael Wong (801) 942-1752
1021 Lightning Instrumentation SA Mike O'Dowd odowd@lightning.ch
1022 TimeStep Corp. Stephane Lacelle slacelle@newbridge.com
1023 INTELSAT Ivan Giron i.giron@intelsat.int
1024 Network Research Corporation Japan, Ltd.
Tsukasa Ueda 100156.2712@compuserve.com
1025 Relational Development, Inc. Steven Smith rdi@ins.infonet.net
1026 Emerald Systems, Corp. Robert A. Evans Jr. (619) 673-2161 x5120
1027 Mitel, Corp. Tom Quan tq@software.mitel.com
1028 Software AG Peter Cohen sagpc@sagus.com
1029 MillenNet, Inc. Manh Do (510) 770-9390
1030 NK-EXA Corp. Ken'ichi Hayami hayami@dst.nk-exa.co.jp
1031 BMC Software Chris Sharp csharp@patrol.com

1032 StarFire Enterprises, Inc. Lew Gaiter lg@starfire.com
1033 Hybrid Networks, Inc. Doug Muirhead dougm@hybrid.com
1034 Quantum Software GmbH Thomas Omerzu omerzu@quantum.de
1035 Openvision Technologies Limited
Andrew Lockhart alockhart@openvision.co.uk
1036 Healthcare Communications, Inc. (HCI)
Larry Streepy streepy@healthcare.com
1037 SAIT Systems Hai Dotu +3223.7053.11
1038 SAT Mleczko Alain +33.1.4077.1156
1039 CompuSci Inc., Bob Berry bberry@compusci.com
1040 Aim Technology Ganesh Rajappan ganeshr@aim.com
1041 CIESIN Kalpesh Unadkat kalpesh@ciesin.org
1042 Systems & Technologies International
Howard Smith ghamex@aol.com
1043 Israeli Electric Company (IEC) Yoram Harlev yoram@yor.iec.co.il
1044 Phoenix Wireless Group, Inc.
Gregory M. Buchanan buchanan@pwgi.com
1045 SWL Bill Kight wkightgrci.com (410) 290.7245
1046 nCUBE Greg Thompson gregt@ncube.com
1047 Cerner, Corp. Dennis Avondet (816) 221.1024 X2432
1048 Andersen Consulting Mark Lindberg mlindber@andersen.com
1049 Lincoln Telephone Company Bob Morrill root@si6000.ltec.com
1050 Acer Jay Tao jtao@Altos.COM
1051 Cedros Juergen Haakert +49.2241.9701.80
1052 AirAccess Ido Ophir 100274.365@compuserve.com
1053 Expersoft Corporation David Curtis curtis@expersoft.com
1054 Eskom Sanjay Lakhani h00161@duvi.eskom.co.za
1055 SBE, Inc. Vimal Vaidya vimal@sbei.com
1056 EBS, Inc. Emre Gundogan baroque@ebs.com
1057 American Computer and Electronics, Corp.
Tom Abraham tha@acec.com
1058 Syndesis Limited Wil Macaulay wil@syndesis.com
1059 Isis Distributed Systems, Inc. Ken Chapman kchapman@isis.com
1060 Priority Call Management Greg Schumacher gregs@world.std.com
1061 Koelsch & Altmann GmbH
Christian Schreyer 100142.154@compuserve.com
1062 WIPRO INFOTECH LTD. Chandrashekar Kapse kapse@wipinfo.soft.net
1063 Controlware Uli Blatz ublatz@cware.de
1064 Mosaic Software W.van Biljon willem@mosaic.co.za
1065 Canon Information Systems
Victor Villalpando vvillalp@cisoc.canon.com
1066 AmericaOnline Andrew R. Scholnick andrew@aol.net
1067 Whitetree Network Technologies, Inc.
Carl Yang cyang@whitetree.com
1068 Xetron Corp. Dave Alverson davea@xetron.com
1069 Target Concepts, Inc. Bill Price bprice@tamu.edu
1070 DMH Software Yigal Hochberg 72144.3704@compuserve.com
1071 Innosoft International, Inc. Jeff Allison jeff@innosoft.com

1072 Controlware GmbH Uli Blatz ublatz@cware.de
1073 Telecommunications Industry Association (TIA)
Mike Youngberg mikey@synacom.com
1074 Boole & Babbage Rami Rubin rami@boole.com
1075 System Engineering Support, Ltd. Vince Taylor +44 454.614.638
1076 SURFnet Ton Verschuren Ton.Verschuren@surfnet.nl
1077 OpenConnect Systems, Inc. Mark Rensmeyer mrensme@oc.com
1078 PDTS (Process Data Technology and Systems)
Martin Gutenbrunner GUT@pdts.mhs.compuserve.com
1079 Cornet, Inc. Nat Kumar (703) 658-3400
1080 NetStar, Inc. John K. Renwick jkr@netstar.com
1081 Semaphore Communications, Corp. Jimmy Soetarman (408) 980-7766
1082 Casio Computer Co., Ltd. Shouzo Ohdate ohdate@casio.co.jp
1083 CSIR Frikkie Strecker fstreck@marge.mikom.csir.co.za
1084 APOGEE Communications Olivier Caleff caleff@apogee-com.fr
1085 Information Management Company Michael D. Liss mliss@imc.com
1086 Wordlink, Inc. Mike Aleckson (314) 878-1422
1087 PEER Avinash S. Rao arao@cranel.com
1088 Telstra Corp. Michael Scollay michaels@ind.tansu.com.au
1089 Net X, Inc. Sridhar Kodela techsupp@netx.unicomp.net
1090 PNC PLC Gordon Tees +44 716.061.200

To request an assignment of an Enterprise Number send the complete
company name, address, and phone number; and the contact's person
complete name, address, phone number, and email mailbox in an email
message to .

[]

URL = ftp://ftp.isi.edu/in-notes/iana/assignments/enterprise-numbers

SGMP Vendor Specific Codes: [obsolete]

Prefix: 1,255,

Decimal Name References
------- ---- ----------
0 Reserved [JKR1]
1 Proteon [JS18]
2 IBM [JXR]
3 CMU [SXW]
4 Unix [MS9]
5 ACC [AB20]
6 TWG [MTR]
7 CAYMAN [BXM2]
8 NYSERNET [MS9]
9 cisco [GS2]
10 BBN [RH6]
11 Unassigned [JKR1]
12 MIT [JR35]
13-254 Unassigned [JKR1]
255 Reserved [JKR1]

[]

URL = ftp://ftp.isi.edu/in-notes/iana/assignments/sgmp-vendor-specific-
codes

ADDRESS RESOLUTION PROTOCOL PARAMETERS

The Address Resolution Protocol (ARP) specified in [RFC826] has
several parameters. The assigned values for these parameters are
listed here.

REVERSE ADDRESS RESOLUTION PROTOCOL OPERATION CODES

The Reverse Address Resolution Protocol (RARP) specified in [RFC903]
uses the "Reverse" codes below.

DYNAMIC REVERSE ARP

The Dynamic Reverse Address Resolution Protocol (DRARP) uses the
"DRARP" codes below. For further information, contact: David Brownell
(suneast!helium!db@Sun.COM).

INVERSE ADDRESS RESOULUTION PROTOCOL

The Inverse Address Resolution Protocol (IARP) specified in [RFC1293]
uses the "InARP" codes below.

Assignments:

Number Operation Code (op) Reference
------ -------------------------- ---------
1 REQUEST [RFC826]
2 REPLY [RFC826]
3 request Reverse [RFC903]
4 reply Reverse [RFC903]
5 DRARP-Request [David Brownell]
6 DRARP-Reply [David Brownell]
7 DRARP-Error [David Brownell]
8 InARP-Request [RFC1293]
9 InARP-Reply [RFC1293]
10 ARP-NAK [Mark Laubach]

Number Hardware Type (hrd) References
------ ----------------------------------- ----------
1 Ethernet (10Mb) [JBP]
2 Experimental Ethernet (3Mb) [JBP]
3 Amateur Radio AX.25 [PXK]
4 Proteon ProNET Token Ring [JBP]
5 Chaos [GXP]
6 IEEE 802 Networks [JBP]
7 ARCNET [JBP]
8 Hyperchannel [JBP]
9 Lanstar [TU]

10 Autonet Short Address [MXB1]
11 LocalTalk [JKR1]
12 LocalNet (IBM PCNet or SYTEK LocalNET) [JXM]
13 Ultra link [RXD2]
14 SMDS [GXC1]
15 Frame Relay [AGM]
16 Asynchronous Transmission Mode (ATM) [JXB2]
17 HDLC [JBP]
18 Fibre Channel [Yakov Rekhter]
19 Asynchronous Transmission Mode (ATM) [Mark Laubach]
20 Serial Line [JBP]
21 Asynchronous Transmission Mode (ATM) [MXB1]

Protocol Type (pro)

Use the same codes as listed in the section called "Ethernet Numbers
of Interest" (all hardware types use this code set for the protocol
type).

REFERENCES

[RFC826] Plummer, D., "An Ethernet Address Resolution Protocol or
Converting Network Protocol Addresses to 48-bit Ethernet
Addresses for Transmission on Ethernet Hardware", STD 37, RFC
826, MIT-LCS, November 1982.

[RFC903] Finlayson, R., Mann, T., Mogul, J., and M. Theimer, "A
Reverse Address Resolution Protocol", STD 38, RFC 903,
Stanford University, June 1984.

[RFC1293] Bradley, T., and C. Brown, "Inverse Address Resolution
Protocol", RFC 1293, Wellfleet Communications, Inc.,
January 1992.

PEOPLE

[AGM] Andy Malis

[GXC1] George Clapp

[GXP] Gill Pratt

[JBP] Jon Postel

[JKR1] Joyce K. Reynolds

[JXM] Joseph Murdock <---none--->

[MXB1] Mike Burrows

[PXK] Philip Koch

[RXD2] Rajiv Dhingra

[TU] Tom Unger

[David Brownell]

[Mark Laubach]

[Yakov Rekhter]

[]

URL = ftp://ftp.isi.edu/in-notes/iana/assignments/arp-parameters

IEEE 802 NUMBERS OF INTEREST

Some of the networks of all classes are IEEE 802 Networks. These
systems may use a Link Service Access Point (LSAP) field in much the
same way the MILNET uses the "link" field. Further, there is an
extension of the LSAP header called the Sub-Network Access Protocol
(SNAP).

The IEEE likes to describe numbers in binary in bit transmission
order, which is the opposite of the big-endian order used throughout
the Internet protocol documentation.

Assignments:

Link Service Access Point Description References
------------------------- ----------- ----------
IEEE Internet
binary binary decimal
00000000 00000000 0 Null LSAP [IEEE]
01000000 00000010 2 Indiv LLC Sublayer Mgt [IEEE]
11000000 00000011 3 Group LLC Sublayer Mgt [IEEE]
00100000 00000100 4 SNA Path Control [IEEE]
01100000 00000110 6 Reserved (DOD IP) [RFC768,JBP]
01110000 00001110 14 PROWAY-LAN [IEEE]
01110010 01001110 78 EIA-RS 511 [IEEE]
01111010 01011110 94 ISI IP [JBP]
01110001 10001110 142 PROWAY-LAN [IEEE]
01010101 10101010 170 SNAP [IEEE]
01111111 11111110 254 ISO CLNS IS 8473 [RFC926,JXJ]
11111111 11111111 255 Global DSAP [IEEE]
These numbers (and others) are assigned by the IEEE Standards Office.
The address is:

IEEE Registration Authority
c/o Iris Ringel
IEEE Standards Dept
445 Hoes Lane, P.O. Box 1331
Piscataway, NJ 08855-1331
Phone +1 908 562 3813
Fax: +1 908 562 1571

The fee is $1000 and it takes 10 working days after receipt of the
request form and fee. They will not do anything via fax or phone.

At an ad hoc special session on "IEEE 802 Networks and ARP", held
during the TCP Vendors Workshop (August 1986), an approach to a

consistent way to send DoD-IP datagrams and other IP related protocols
(such as the Address Resolution Protocol (ARP)) on 802 networks was
developed, using the SNAP extension (see [RFC1042]).

REFERENCES

[RFC768] Postel, J., "User Datagram Protocol", STD 6, RFC 768,
USC/Information Sciences Institute, August 1980.

[RFC926] International Standards Organization, "Protocol for Providing
the Connectionless-Mode Network Services", RFC 926, ISO,
December 1984.

[RFC1042] Postel, J., and J. Reynolds, "A Standard for the
Transmission of IP Datagrams over IEEE 802 Networks", STD
43, RFC 1042, USC/Information Sciences Institute, February
1988.

PEOPLE

[JBP] Jon Postel

[JXJ]

[]

URL = ftp://ftp.isi.edu/in-notes/iana/assignments/ieee-802-numbers

ETHER TYPES

Many of the networks of all classes are Ethernets (10Mb) or
Experimental Ethernets (3Mb). These systems use a message "type"
field in much the same way the ARPANET uses the "link" field.

If you need an Ether Type, contact:

Xerox Systems Institute
3400 Hillview Ave.
PO BOX 10034
Palo Alto, CA 94303

Phone: 415-813-7164
Contact: Fonda Lix Pallone

The following list of EtherTypes is contributed unverified information
from various sources.

Assignments:

Ethernet Exp. Ethernet Description References
------------- ------------- ----------- ----------
decimal Hex decimal octal
000 0000-05DC - - IEEE802.3 Length Field [XEROX]
257 0101-01FF - - Experimental [XEROX]
512 0200 512 1000 XEROX PUP (see 0A00) [8,XEROX]
513 0201 - - PUP Addr Trans (see 0A01)[XEROX]
0400 Nixdorf [XEROX]
1536 0600 1536 3000 XEROX NS IDP [133,XEROX]
0660 DLOG [XEROX]
0661 DLOG [XEROX]
2048 0800 513 1001 Internet IP (IPv4) [105,JBP]
2049 0801 - - X.75 Internet [XEROX]
2050 0802 - - NBS Internet [XEROX]
2051 0803 - - ECMA Internet [XEROX]
2052 0804 - - Chaosnet [XEROX]
2053 0805 - - X.25 Level 3 [XEROX]
2054 0806 - - ARP [88,JBP]
2055 0807 - - XNS Compatability [XEROX]
2076 081C - - Symbolics Private [DCP1]
2184 0888-088A - - Xyplex [XEROX]
2304 0900 - - Ungermann-Bass net debugr[XEROX]
2560 0A00 - - Xerox IEEE802.3 PUP [XEROX]
2561 0A01 - - PUP Addr Trans [XEROX]
2989 0BAD - - Banyan Systems [XEROX]
4096 1000 - - Berkeley Trailer nego [XEROX]
4097 1001-100F - - Berkeley Trailer encap/IP[XEROX]

5632 1600 - - Valid Systems [XEROX]
16962 4242 - - PCS Basic Block Protocol [XEROX]
21000 5208 - - BBN Simnet [XEROX]
24576 6000 - - DEC Unassigned (Exp.) [XEROX]
24577 6001 - - DEC MOP Dump/Load [XEROX]
24578 6002 - - DEC MOP Remote Console [XEROX]
24579 6003 - - DEC DECNET Phase IV Route[XEROX]
24580 6004 - - DEC LAT [XEROX]
24581 6005 - - DEC Diagnostic Protocol [XEROX]
24582 6006 - - DEC Customer Protocol [XEROX]
24583 6007 - - DEC LAVC, SCA [XEROX]
24584 6008-6009 - - DEC Unassigned [XEROX]
24586 6010-6014 - - 3Com Corporation [XEROX]
28672 7000 - - Ungermann-Bass download [XEROX]
28674 7002 - - Ungermann-Bass dia/loop [XEROX]
28704 7020-7029 - - LRT [XEROX]
28720 7030 - - Proteon [XEROX]
28724 7034 - - Cabletron [XEROX]
32771 8003 - - Cronus VLN [131,DT15]
32772 8004 - - Cronus Direct [131,DT15]
32773 8005 - - HP Probe [XEROX]
32774 8006 - - Nestar [XEROX]
32776 8008 - - AT&T [XEROX]
32784 8010 - - Excelan [XEROX]
32787 8013 - - SGI diagnostics [AXC]
32788 8014 - - SGI network games [AXC]
32789 8015 - - SGI reserved [AXC]
32790 8016 - - SGI bounce server [AXC]
32793 8019 - - Apollo Computers [XEROX]
32815 802E - - Tymshare [XEROX]
32816 802F - - Tigan, Inc. [XEROX]
32821 8035 - - Reverse ARP [48,JXM]
32822 8036 - - Aeonic Systems [XEROX]
32824 8038 - - DEC LANBridge [XEROX]
32825 8039-803C - - DEC Unassigned [XEROX]
32829 803D - - DEC Ethernet Encryption [XEROX]
32830 803E - - DEC Unassigned [XEROX]
32831 803F - - DEC LAN Traffic Monitor [XEROX]
32832 8040-8042 - - DEC Unassigned [XEROX]
32836 8044 - - Planning Research Corp. [XEROX]
32838 8046 - - AT&T [XEROX]
32839 8047 - - AT&T [XEROX]
32841 8049 - - ExperData [XEROX]
32859 805B - - Stanford V Kernel exp. [XEROX]
32860 805C - - Stanford V Kernel prod. [XEROX]
32861 805D - - Evans & Sutherland [XEROX]
32864 8060 - - Little Machines [XEROX]
32866 8062 - - Counterpoint Computers [XEROX]

32869 8065 - - Univ. of Mass. @ Amherst [XEROX]
32870 8066 - - Univ. of Mass. @ Amherst [XEROX]
32871 8067 - - Veeco Integrated Auto. [XEROX]
32872 8068 - - General Dynamics [XEROX]
32873 8069 - - AT&T [XEROX]
32874 806A - - Autophon [XEROX]
32876 806C - - ComDesign [XEROX]
32877 806D - - Computgraphic Corp. [XEROX]
32878 806E-8077 - - Landmark Graphics Cor p. [XEROX]
32890 807A - - Matra [XEROX]
32891 807B - - Dansk Data Elektronik [XEROX]
32892 807C - - Merit Internodal [HWB]
32893 807D-807F - - Vitalink Communications [XEROX]
32896 8080 - - Vitalink TransLAN III [XEROX]
32897 8081-8083 - - Counterpoint Computers [XEROX]
32923 809B - - Appletalk [XEROX]
32924 809C-809E - - Datability [XEROX]
32927 809F - - Spider Systems Ltd. [XEROX]
32931 80A3 - - Nixdorf Computers [XEROX]
32932 80A4-80B3 - - Siemens Gammasonics Inc. [XEROX]
32960 80C0-80C3 - - DCA Data Exchange Cluster[XEROX]
80C4 Banyan Systems [XEROX]
80C5 Banyan Systems [XEROX]
32966 80C6 - - Pacer Software [XEROX]
32967 80C7 - - Applitek Corporation [XEROX]
32968 80C8-80CC - - Intergraph Corporation [XEROX]
32973 80CD-80CE - - Harris Corporation [XEROX]
32975 80CF-80D2 - - Taylor Instrument [XEROX]
32979 80D3-80D4 - - Rosemount Corporation [XEROX]
32981 80D5 - - IBM SNA Service on Ether [XEROX]
32989 80DD - - Varian Associates [XEROX]
32990 80DE-80DF - - Integrated Solutions TRFS[XEROX]
32992 80E0-80E3 - - Allen-Bradley [XEROX]
32996 80E4-80F0 - - Datability [XEROX]
33010 80F2 - - Retix [XEROX]
33011 80F3 - - AppleTalk AARP (Kinetics)[XEROX]
33012 80F4-80F5 - - Kinetics [XEROX]
33015 80F7 - - Apollo Computer [XEROX]
33023 80FF-8103 - - Wellfleet Communications [XEROX]
33031 8107-8109 - - Symbolics Private [XEROX]
33072 8130 - - Hayes Microcomputers [XEROX]
33073 8131 - - VG Laboratory Systems [XEROX]
8132-8136 Bridge Communications [XEROX]
33079 8137-8138 - - Novell, Inc. [XEROX]
33081 8139-813D - - KTI [XEROX]
8148 Logicraft [XEROX]
8149 Network Computing Devices[XEROX]
814A Alpha Micro [XEROX]

33100 814C - - SNMP [JKR1]
814D BIIN [XEROX]
814E BIIN [XEROX]
814F Technically Elite Concept[XEROX]
8150 Rational Corp [XEROX]
8151-8153 Qualcomm [XEROX]
815C-815E Computer Protocol Pty Ltd[XEROX]
8164-8166 Charles River Data System[XEROX]
817D-818C Protocol Engines [XEROX]
818D Motorola Computer [XEROX]
819A-81A3 Qualcomm [XEROX]
81A4 ARAI Bunkichi [XEROX]
81A5-81AE RAD Network Devices [XEROX]
81B7-81B9 Xyplex [XEROX]
81CC-81D5 Apricot Computers [XEROX]
81D6-81DD Artisoft [XEROX]
81E6-81EF Polygon [XEROX]
81F0-81F2 Comsat Labs [XEROX]
81F3-81F5 SAIC [XEROX]
81F6-81F8 VG Analytical [XEROX]
8203-8205 Quantum Software [XEROX]
8221-8222 Ascom Banking Systems [XEROX]
823E-8240 Advanced Encryption Syste[XEROX]
827F-8282 Athena Programming [XEROX]
8263-826A Charles River Data System[XEROX]
829A-829B Inst Ind Info Tech [XEROX]
829C-82AB Taurus Controls [XEROX]
82AC-8693 Walker Richer & Quinn [XEROX]
8694-869D Idea Courier [XEROX]
869E-86A1 Computer Network Tech [XEROX]
86A3-86AC Gateway Communications [XEROX]
86DB SECTRA [XEROX]
86DE Delta Controls [XEROX]
34543 86DF - - ATOMIC [JBP]
86E0-86EF Landis & Gyr Powers [XEROX]
8700-8710 Motorola [XEROX]
8A96-8A97 Invisible Software [XEROX]
36864 9000 - - Loopback [XEROX]
36865 9001 - - 3Com(Bridge) XNS Sys Mgmt[XEROX]
36866 9002 - - 3Com(Bridge) TCP-IP Sys [XEROX]
36867 9003 - - 3Com(Bridge) loop detect [XEROX]
65280 FF00 - - BBN VITAL-LanBridge cache[XEROX]
FF00-FF0F ISC Bunker Ramo [XEROX]

The standard for transmission of IP datagrams over Ethernets and
Experimental Ethernets is specified in [RFC894] and [RFC895]
respectively.

NOTE: Ethernet 48-bit address blocks are assigned by the IEEE.

IEEE Registration Authority
c/o Iris Ringel
IEEE Standards Department
445 Hoes Lane, P.O. Box 1331
Piscataway, NJ 08855-1331
Phone +1 908 562 3813
Fax: +1 908 562 1571

IANA ETHERNET ADDRESS BLOCK

The IANA owns an Ethernet address block which may be used for
multicast address asignments or other special purposes.

The address block in IEEE binary is: 0000 0000 0000 0000 0111 1010

In the normal Internet dotted decimal notation this is 0.0.94 since
the bytes are transmitted higher order first and bits within bytes are
transmitted lower order first (see "Data Notation" in the
Introduction).

IEEE CSMA/CD and Token Bus bit transmission order: 00 00 5E

IEEE Token Ring bit transmission order: 00 00 7A

Appearance on the wire (bits transmitted from left to right):

0 23 47
| | |
1000 0000 0000 0000 0111 1010 xxxx xxx0 xxxx xxxx xxxx xxxx
| |
Multicast Bit 0 = Internet Multicast
1 = Assigned by IANA for
other uses

Appearance in memory (bits transmitted right-to-left within octets,
octets transmitted left-to-right):

0 23 47
| | |
0000 0001 0000 0000 0101 1110 0xxx xxxx xxxx xxxx xxxx xxxx
| |
Multicast Bit 0 = Internet Multicast

1 = Assigned by IANA for other uses

The latter representation corresponds to the Internet standard
bit-order, and is the format that most programmers have to deal wit h.
Using this representation, the range of Internet Multicast addresses
is:

01-00-5E-00-00-00 to 01-00-5E-7F-FF-FF in hex, or

1.0.94.0.0.0 to 1.0.94.127.255.255 in dotted decimal

ETHERNET VENDOR ADDRESS COMPONENTS

Ethernet hardware addresses are 48 bits, expressed as 12 hexadecimal
digits (0-9, plus A-F, capitalized). These 12 hex digits consist of
the first/left 6 digits (which should match the vendor of the Ethernet
interface within the station) and the last/right 6 digits which
specify the interface serial number for that interface vendor.

Ethernet addresses might be written unhyphenated (e.g., 123456789ABC),
or with one hyphen (e.g., 123456-789ABC), but should be written
hyphenated by octets (e.g., 12-34-56-78-9A-BC).

These addresses are physical station addresses, not multicast nor
broadcast, so the second hex digit (reading from the left) will be
even, not odd.

At present, it is not clear how the IEEE assigns Ethernet block
addresses. Whether in blocks of 2**24 or 2**25, and whether
multicasts are assigned with that block or separately. A portion of
the vendor block address is reportedly assigned serially, with the
other portion intentionally assigned randomly. If there is a global
algorithm for which addresses are designated to be physical (in a
chipset) versus logical (assigned in software), or globally-assigned
versus locally-assigned addresses, some of the known addresses do not
follow the scheme (e.g., AA0003; 02xxxx).

00000C Cisco
00000E Fujitsu
00000F NeXT
000010 Sytek
00001D Cabletron
000020 DIAB (Data Intdustrier AB)
000022 Visual Technology
00002A TRW

000032 GPT Limited (reassigned from GEC Computers Ltd)
00005A S & Koch
00005E IANA
000065 Network General
00006B MIPS
000077 MIPS
00007A Ardent
000089 Cayman Systems Gatorbox
000093 Proteon
00009F Ameristar Technology
0000A2 Wellfleet
0000A3 Network Application Technology
0000A6 Network General (internal assignment, not for products)
0000A7 NCD X-terminals
0000A9 Network Systems
0000AA Xerox Xerox machines
0000B3 CIMLinc
0000B7 Dove Fastnet
0000BC Allen-Bradley
0000C0 Western Digital
0000C5 Farallon phone net card
0000C6 HP Intelligent Networks Operation (formerly Eon Systems)
0000C8 Altos
0000C9 Emulex Terminal Servers
0000D7 Dartmouth College (NED Router)
0000D8 3Com? Novell? PS/2
0000DD Gould
0000DE Unigraph
0000E2 Acer Counterpoint
0000EF Alantec
0000FD High Level Hardvare (Orion, UK)
000102 BBN BBN internal usage (not registered)
0020AF 3COM ???
001700 Kabel
008064 Wyse Technology / Link Technologies
00802B IMAC ???
00802D Xylogics, Inc. Annex terminal servers
00808C Frontier Software Development
0080C2 IEEE 802.1 Committee
0080D3 Shiva
00AA00 Intel
00DD00 Ungermann-Bass
00DD01 Ungermann-Bass
020701 Racal InterLan
020406 BBN BBN internal usage (not registered)
026086 Satelcom MegaPac (UK)
02608C 3Com IBM PC; Imagen; Valid; Cisco
02CF1F CMC Masscomp; Silicon Graphics; Prime EXL

080002 3Com (Formerly Bridge)
080003 ACC (Advanced Computer Communications)
080005 Symbolics Symbolics LISP machines
080008 BBN
080009 Hewlett-Packard
08000A Nestar Systems
08000B Unisys
080011 Tektronix, Inc.
080014 Excelan BBN Butterfly, Masscomp, Silicon Graphics
080017 NSC
08001A Data General
08001B Data General
08001E Apollo
080020 Sun Sun machines
080022 NBI
080025 CDC
080026 Norsk Data (Nord)
080027 PCS Computer Systems GmbH
080028 TI Explorer
08002B DEC
08002E Metaphor
08002F Prime Computer Prime 50-Series LHC300
080036 Intergraph CAE stations
080037 Fujitsu-Xerox
080038 Bull
080039 Spider Systems
080041 DCA Digital Comm. Assoc.
080045 ???? (maybe Xylogics, but they claim not to know this number)
080046 Sony
080047 Sequent
080049 Univation
08004C Encore
08004E BICC
080056 Stanford University
080058 ??? DECsystem-20
08005A IBM
080067 Comdesign
080068 Ridge
080069 Silicon Graphics
08006E Concurrent Masscomp
080075 DDE (Danish Data Elektronik A/S)
08007C Vitalink TransLAN III
080080 XIOS
080086 Imagen/QMS
080087 Xyplex terminal servers
080089 Kinetics AppleTalk-Ethernet interface
08008B Pyramid
08008D XyVision XyVision machines

080090 Retix Inc Bridges
484453 HDS ???
800010 AT&T
AA0000 DEC obsolete
AA0001 DEC obsolete
AA0002 DEC obsolete
AA0003 DEC Global physical address for some DEC machines
AA0004 DEC Local logical address for systems running
DECNET

ETHERNET MULTICAST ADDRESSES

An Ethernet multicast address consists of the multicast bit, the
23-bit vendor component, and the 24-bit group identifier assigned by
the vendor. For example, DEC is assigned the vendor component
08-00-2B, so multicast addresses assigned by DEC have the first
24-bits 09-00-2B (since the multicast bit is the low-order bit of the
first byte, which is "the first bit on the wire").

Ethernet Type
Address Field Usage

Multicast Addresses:

01-00-5E-00-00-00- 0800 Internet Multicast [RFC1112]
01-00-5E-7F-FF-FF
01-00-5E-80-00-00- ???? Internet reserved by IANA
01-00-5E-FF-FF-FF
01-80-C2-00-00-00 -802- Spanning tree (for bridges)
09-00-02-04-00-01? 8080? Vitalink printer
09-00-02-04-00-02? 8080? Vitalink management
09-00-09-00-00-01 8005 HP Probe
09-00-09-00-00-01 -802- HP Probe
09-00-09-00-00-04 8005? HP DTC
09-00-1E-00-00-00 8019? Apollo DOMAIN
09-00-2B-00-00-00 6009? DEC MUMPS?
09-00-2B-00-00-01 8039? DEC DSM/DTP?
09-00-2B-00-00-02 803B? DEC VAXELN?
09-00-2B-00-00-03 8038 DEC Lanbridge Traffic Monitor (LTM)
09-00-2B-00-00-04 ???? DEC MAP End System Hello
09-00-2B-00-00-05 ???? DEC MAP Intermediate System Hello
09-00-2B-00-00-06 803D? DEC CSMA/CD Encryption?
09-00-2B-00-00-07 8040? DEC NetBios Emulator?
09-00-2B-00-00-0F 6004 DEC Local Area Transport (LAT)
09-00-2B-00-00-1x ???? DEC Experimental
09-00-2B-01-00-00 8038 DEC LanBridge Copy packets

(All bridges)
09-00-2B-01-00-01 8038 DEC LanBridge Hello packets
(All local bridges)
1 packet per second, sent by the
designated LanBridge
09-00-2B-02-00-00 ???? DEC DNA Lev. 2 Routing Layer routers?
09-00-2B-02-01-00 803C? DEC DNA Naming Service Advertisement?
09-00-2B-02-01-01 803C? DEC DNA Naming Service Solicitation?
09-00-2B-02-01-02 803E? DEC DNA Time Service?
09-00-2B-03-xx-xx ???? DEC default filtering by bridges?
09-00-2B-04-00-00 8041? DEC Local Area Sys. Transport (LAST)?
09-00-2B-23-00-00 803A? DEC Argonaut Console?
09-00-4E-00-00-02? 8137? Novell IPX
09-00-56-00-00-00- ???? Stanford reserved
09-00-56-FE-FF-FF
09-00-56-FF-00-00- 805C Stanfo rd V Kernel, version 6.0
09-00-56-FF-FF-FF
09-00-77-00-00-01 ???? Retix spanning tree bridges
09-00-7C-02-00-05 8080? Vitalink diagnostics
09-00-7C-05-00-01 8080? Vitalink gateway?
0D-1E-15-BA-DD-06 ???? HP
AB-00-00-01-00-00 6001 DEC Maintenance Operation Protocol
(MOP) Dump/Load Assistance
AB-00-00-02-00-00 6002 DEC Maintenance Operation Protocol
(MOP) Remote Console
1 System ID packet every 8-10 minutes,
by every:
DEC LanBridge
DEC DEUNA interface
DEC DELUA interface
DEC DEQNA interface
(in a certain mode)
AB-00-00-03-00-00 6003 DECNET Phase IV end node Hello
packets 1 packet every 15 seconds,
sent by each DECNET host
AB-00-00-04-00-00 6003 DECNET Phase IV Router Hello packets
1 packet every 15 seconds, sent by
the DECNET router
AB-00-00-05-00-00 ???? Reserved DEC through
AB-00-03-FF-FF-FF
AB-00-03-00-00-00 6004 DEC Local Area Transport (LAT) - old
AB-00-04-00-xx-xx ???? Reserved DEC customer private use
AB-00-04-01-xx-yy 6007 DEC Local Area VAX Cluster groups
Sys. Communication Architecture (SCA)
CF-00-00-00-00-00 9000 Ethernet Configuration Test protocol
(Loopback)

Broadcast Address:

FF-FF-FF-FF-FF-FF 0600 XNS packets, Hello or gateway search?
6 packets every 15 seconds, per XNS
station
FF-FF-FF-FF-FF-FF 0800 IP (e.g. RWHOD via UDP) as needed
FF-FF-FF-FF-FF-FF 0804 CHAOS
FF-FF-FF-FF-FF-FF 0806 ARP (for IP and CHAOS) as needed
FF-FF-FF-FF-FF-FF 0BAD Banyan
FF-FF-FF-FF-FF-FF 1600 VALID packets, Hello or gateway
search?
1 packets every 30 seconds, per VALID
station
FF-FF-FF-FF-FF-FF 8035 Reverse ARP
FF-FF-FF-FF-FF-FF 807C Merit Internodal (INP)
FF-FF-FF-FF-FF-FF 809B EtherTalk

REFERENCES

[RFC894] Hornig, C., "A Standard for the Transmission of IP Datagrams
over Ethernet Networks, STD 41, RFC 894, Symbolics,
April 1984.

[RFC895] Postel, J., "A Standard for the Transmission of IP Datagrams
over Experimental Ethernet Networks, STD 42, RFC 895,
USC/Information Sciences Institute, April 1984.

[RFC1112] Deeering, S., "Host Extensions for IP Multicasting",
STD 5, RFC 1112, Stanford University, August 1989.

PEOPLE

[AXC] Andrew Cherenson

[DCP1] David Plummer

[DT15] Daniel Tappan

[HWB] Hans-Werner Braun

[JBP] Jon Postel

[JKR1] Joyce K. Reynolds

[JXM] Joseph Murdock <---none--->

[XEROX] Fonda Pallone (415-813-7164)

[]

URL = ftp://ftp.isi.edu/in-notes/iana/assignments/ethernet-numbers

X.25 TYPE NUMBERS

CCITT defines the high order two bits of the first octet of call user
data as follows:

00 - Used for other CCITT recomendations (such as X.29)
01 - Reserved for use by "national" administrative
authorities
10 - Reserved for use by international administrative authoorities
11 - Reserved for arbitrary use between consenting DTEs

Call User Data (hex) Protocol Reference
------------------- -------- ---------

01 PAD [GS2]
C5 Blacker front-end descr dev [AGM]
CC IP [RFC877,AGM]*
CD ISO-IP [AGM]
CF PPP [RFC1598]
DD Network Monitoring [AGM]

*NOTE: ISO SC6/WG2 approved assignment in ISO 9577 (January 1990).

REFERENCES

[RFC877] Korb, J., "A Standard for the Transmission of IP Datagrams
Over Public Data Networks", RFC 877, Purdue University,
September 1983.

[RFC1598] Simpson, W., "PPPin X.25", RFC 1598, Daydreamer, March 1994.

PEOPLE

[AGM] Andy Malis

[GS2] Greg Satz

[]

URL = ftp://ftp.isi.edu/in-notes/iana/assignments/x25-type-numbers

PUBLIC DATA NETWORK NUMBERS

One of the Internet Class A Networks is the international system of
Public Data Networks. This section lists the mapping between the
Internet Addresses and the Public Data Network Addresses (X.121).

Assignments:

Internet Public Data Net Description References
-------------- ----------------- ----------- ----------
014.000.000.000 Reserved [JBP]
014.000.000.001 3110-317-00035 00 PURDUE-TN [TN]
014.000.000.002 3110-608-00027 00 UWISC-TN [TN]
014.000.000.003 3110-302-00024 00 UDEL-TN [TN]
014.000.000.004 2342-192-00149 23 UCL-VTEST [PK]
014.000.000.005 2342-192-00300 23 UCL-TG [PK]
014.000.000.006 2342-192-00300 25 UK-SATNET [PK]
014.000.000.007 3110-608-00024 00 UWISC-IBM [MS56]
014.000.000.008 3110-213-00045 00 RAND-TN [MO2]
014.000.000.009 2342-192-00300 23 UCL-CS [PK]
014.000.000.010 3110-617-00025 00 BBN-VAN-GW [JD21]
014.000.000.011 2405-015-50300 00 CHALMERS [UXB]
014.000.000.012 3110-713-00165 00 RICE [PAM6]
014.000.000.013 3110-415-00261 00 DECWRL [PAM6]
014.000.000.014 3110-408-00051 00 IBM-SJ [SXA3]
014.000.000.015 2041-117-01000 00 SHAPE [JFW]
014.000.000.016 2628-153-90075 00 DFVLR4-X25 [GB7]
014.000.000.017 3110-213-00032 00 ISI-VAN-GW [JD21]
014.000.000.018 2624-522-80900 52 FGAN-SIEMENS-X25 [GB7]
014.000.000.019 2041-170-10000 00 SHAPE-X25 [JFW]
014.000.000.020 5052-737-20000 50 UQNET [AXH]
014.000.000.021 3020-801-00057 50 DMC-CRC1 [VXT]
014.000.000.022 2624-522-80329 02 FGAN-FGANFFMVAX-X25 [GB7]
014.000.000.023 2624-589-00908 01 ECRC-X25 [PXD]
014.000.000.024 2342-905-24242 83 UK-MOD-RSRE [JXE2]
014.000.000.025 2342-905-24242 82 UK-VAN-RSRE [AXM]
014.000.000.026 2624-522-80329 05 DFVLRSUN-X25 [GB7]
014.000.000.027 2624-457-11015 90 SELETFMSUN-X25 [BXD]
014.000.000.028 3110-408-00146 00 CDC-SVL [RAM57]
014.000.000.029 2222-551-04400 00 SUN-CNUCE [ABB2]
014.000.000.030 2222-551-04500 00 ICNUCEVM-CNUCE [ABB2]
014.000.000.031 2222-551-04600 00 SPARE-CNUCE [ABB2]
014.000.000.032 2222-551-04700 00 ICNUCEVX-CNUCE [ABB2]
014.000.000.033 2222- 551-04524 00 CISCO-CNUCE [ABB2]
014.000.000.034 2342-313-00260 90 SPIDER-GW [AD67]

014.000.000.035 2342-313-00260 91 SPIDER-EXP [AD67]
014.000.000.036 2342-225-00101 22 PRAXIS-X25A [TXR]
014.000.000.037 2342-225-00101 23 PRAXIS-X25B [TXR]
014.000.000.038 2403-712-30250 00 DIAB-TABY-GW [FXB]
014.000.000.039 2403-715-30100 00 DIAB-LKP-GW [FXB]
014.000.000.040 2401-881-24038 00 DIAB-TABY1-GW [FXB]
014.000.000.041 2041-170-10060 00 STC [TC27]
014.000.000.042 2222-551-00652 60 CNUCE [TC27]
014.000.000.043 2422-510-05900 00 Tollpost-Globe AS [OXG]
014.000.000.044 2422-670-08900 00 Tollpost-Globe AS [OXG]
014.000.000.045 2422-516-01000 00 Tollpost-Globe AS [OXG]
014.000.000.046 2422-450-00800 00 Tollpost-Globe AS [OXG]
014.000.000.047 2422-610-00200 00 Tollpost-Globe AS [OXG]
014.000.000.048 2422-310-00300 00 Tollpost-Globe AS [OXG]
014.000.000.049 2422-470-08800 00 Tollpost-Globe AS [OXG]
014.000.000.050 2422-210-04600 00 Tollpost-Globe AS [OXG]
014.000.000.051 2422-130-28900 00 Tollpost-Globe AS [OXG]
014.000.000.052 2422-310-27200 00 Tollpost-Globe AS [OXG]
014.000.000.053 2422-250-05800 00 Tollpost-Globe AS [OXG]
014.000.000.054 2422-634-05900 00 Tollpost-Globe AS [OXG]
014.000.000.055 2422-670-08800 00 Tollpost-Globe AS [OXG]
014.000.000.056 2422-430-07400 00 Tollpost-Globe AS [OXG]
014.000.000.057 2422-674-07800 00 Tollpost-Globe AS [OXG]
014.000.000.058 2422-230-16900 00 Tollpost-Globe AS [OXG]
014.000.000.059 2422-518-02900 00 Tollpost-Globe AS [OXG]
014.000.000.060 2422-370-03100 00 Tollpost-Globe AS [OXG]
014.000.000.061 2422-516-03400 00 Tollpost-Globe AS [OXG]
014.000.000.062 2422-616-04400 00 Tollpost-Globe AS [OXG]
014.000.000.063 2422-650-23500 00 Tollpost-Globe AS [OXG]
014.000.000.064 2422-330-02500 00 Tollpost-Globe AS [OXG]
014.000.000.065 2422-350-01900 00 Tollpost-Globe AS [OXG]
014.000.000.066 2422-410-00700 00 Tollpost-Globe AS [OXG]
014.000.000.067 2422-539-06200 00 Tollpost-Globe AS [OXG]
014.000.000.068 2422-630-07200 00 Tollpost-Globe AS [OXG]
014.000.000.069 2422-470-12300 00 Tollpost-Globe AS [OXG]
014.000.000.070 2422-470-13000 00 Tollpost-Globe AS [OXG]
014.000.000.071 2422-170-04600 00 Tollpost-Globe AS [OXG]
014.000.000.072 2422-516-04300 00 Tollpost-Globe AS [OXG]
014.000.000.073 2422-530-00700 00 Tollpost-Globe AS [OXG]
014.000.000.074 2422-650-18800 00 Tollpost-Globe AS [OXG]
014.000.000.075 2422-450-24500 00 Tollpost-Globe AS [OXG]
014.000.000.076 2062-243-15631 00 DPT-BXL-DDC [LZ15]
014.000.000.077 2062-243-15651 00 DPT-BXL-DDC2 [LZ15]
014.000.000.078 3110-312-00431 00 DPT-CHI [LZ15]
014.000.000.079 3110-512-00135 00 DPT-SAT-ENG [LZ15]
014.000.000.080 2080-941-90550 00 DPT-PAR [LZ15]
014.000.000.081 4545-511-30600 00 DPT-PBSC [LZ15]
014.000.000.082 4545-513-30900 00 DPT-HONGKONG [LZ15]

014.000.000.083 4872-203-55000 00 UECI-TAIPEI [LZ15]
014.000.000.084 2624-551-10400 20 DPT-HANOVR [LZ15]
014.000.000.085 2624-569-00401 99 DPT-FNKFRT [LZ15]
014.000.000.086 3110-512-00134 00 DPT-SAT-SUPT [LZ15]
014.000.000.087 4602-3010-0103 20 DU-X25A [JK64]
014.000.000.088 4602-3010-0103 21 FDU-X25B [JK64]
014.000.000.089 2422-150-33700 00 Tollpost-Globe AS [OXG]
014.000.000.090 2422-271-07100 00 Tollpost-Globe AS [OXG]
014.000.000.091 2422-516-00100 00 Tollpost-Globe AS [OXG]
014.000.000.092 2422-650-18800 00 Norsk Informas. [OXG]
014.000.000.093 2422-250-30400 00 Tollpost-Globe AS [OXG]
014.000.000.094 Leissner Data AB [PXF1]
014.000.000.095 Leissner Data AB [PXF1]
014.000.000.096 Leissner Data AB [PXF1]
014.000.000.097 Leissner Data AB [PXF1]
014.000.000.098 Leissner Data AB [PXF1]
014.000.000.099 Leissner Data AB [PXF1]
014.000.000.100 Leissner Data AB [PXF1]
014.000.000.101 Leissner Data AB [PXF1]
014.000.000.102 Leissner Data AB [PXF1]
014.000.000.103 Leissner Data AB [PXF1]
014.000.000.104 Leissner Data AB [PXF1]
014.000.000.105 Leissner Data AB [PXF1]
014.000.000.106 Leissner Data AB [PXF1]
014.000.000.107 Leissner Data AB [PXF1]
014.000.000.108 Leissner Data AB [PXF1]
014.000.000.109 Leissner Data AB [PXF1]
014.000.000.110 Leissner Data AB [PXF1]
014.000.000.111 Leissner Data AB [PXF1]
014.000.000.112 Leissner Data AB [PXF1]
014.000.000.113 Leissner Data AB [PXF1]
014.000.000.114 Leissner Data AB [PXF1]
014.000.000.115 Leissner Data AB [PXF1]
014.000.000.116 Leissner Data AB [PXF1]
014.000.000.117 Leissner Data AB [PXF1]
014.000.000.118 Leissner Data AB [PXF1]
014.000.000.119 Leissner Data AB [PXF1]
014.000.000.120 Leissner Data AB [PXF1]
014.000.000.121 Leissner Data AB [PXF1]
014.000.000.122 Leissner Data AB [PXF1]
014.000.000.123 Leissner Data AB [PXF1]
014.000.000.124 Leissner Data AB [PXF1]
014.000.000.125 Leissner Data AB [PXF1]
014.000.000.126 Leissner Data AB [PXF1]
014.000.000.127 Leissner Data AB [PXF1]
014.000.000.128 Leissner Data AB [PXF1]
014.000.000.129 2422-150-17900 00 Tollpost-Globe AS [OXG]
014.000.000.130 2422-150-42700 00 Tollpost-Globe AS [OXG]

014.000.000.131 2422-190-41900 00 T-G Airfreight AS [OXG]
014.000.000.132 2422-616-16100 00 Tollpost-Globe AS [OXG]
014.000.000.133 2422-150-50700-00 Tollpost-Globe Int. [OXG]
014.000.000.134 2422-190-28100-00 Intersped AS [OXG]

014.000.000.135-014.255.255.254 Unassigned [JBP]
014.255.255.255 Reserved [JBP]

The standard for transmission of IP datagrams over the Public Data
Network is specified in RFC-1356 [69].

REFERENCES

[RFC877] Korb, J., "A Standard for the Transmission of IP Datagrams
Over Public Data Networks", RFC 877, Purdue University,
September 1983.

PEOPLE

[ABB2] A. Blasco Bonito

[AD67] Andy Davis

[AXH] Arthur Harvey

[AXM] Alex Martin <---none--->

[BXD] Brian Dockter <---none--->

[FXB]

[GB7] Gerd Beling

[JBP] Jon Postel
[JD21] Jonathan Dreyer

[JFW] Jon F. Wilkes

[JK64] mystery contact!

[JXE2] Jeanne Evans

[LZ15] Lee Ziegenhals

[MS56] Marvin Solomon

[MO2] Michael O'Brien

[OXG] Oyvind Gjerstad

[PAM6] Paul McNabb

[PK] Peter Kirstein

[PXD] Peter Delchiappo <---none--->

[PXF1] Per Futtrup <---none--->

[RAM57] Rex Mann <---none--->

[SXA3] Sten Andler <---none--->

[TN] Thomas Narten

[TC27] Thomas Calderwood

[TXR] Tim Rylance

[UXB]

[VXT] V. Taylor

[]

URL = ftp://ftp.isi.edu/in-notes/iana/assignments/public-data-network-
numbers

MILNET LINK NUMBERS

The word "link" here refers to a field in the original MILNET Host/IMP
interface leader. The link was originally defined as an 8-bit field.
Later specifications defined this field as the "message-id" with a
length of 12 bits. The name link now refers to the high order 8 bits of
this 12-bit message-id field. The Host/IMP interface is defined in BBN
Report 1822 [BBN1822].

The low-order 4 bits of the message-id field are called the sub-link.
Unless explicitly specified otherwise for a particular protocol, there
is no sender to receiver significance to the sub-link. The sender may
use the sub-link in any way he chooses (it is returned in the RFNM by
the destination IMP), the receiver should ignore the sub-link.

Link Assignments:

Decimal Description References
------- ----------- ----------
0-63 BBNCC Monitoring [MB]
64-149 Unassigned [JBP]
150 Xerox NS IDP [ETHERNET,XEROX]
151 Unassigned [JBP]
152 PARC Universal Protocol [PUP,XEROX]
153 TIP Status Reporting [JGH]
154 TIP Accounting [JGH]
155 Internet Protocol [regular] [RFC791,JBP]
156-158 Internet Protocol [experimental] [RFC791,JBP]
159 Figleaf Link [JBW1]
160 Blacker Local Network Protocol [DM28]
161-194 Unassigned [JBP]
195 ISO-IP [RFC926,RXM]
196-247 Experimental Protocols [JBP]
248-255 Network Maintenance [JGH]

MILNET LOGICAL ADDRESSES

The MILNET facility for "logical addressing" is described in [RFC878]
and [RFC1005]. A portion of the possible logical addresses are
reserved for standard uses.

There are 49,152 possible logical host addresses. Of these, 256 are
reserved for assignment to well-known functions. Assignments for
well-known functions are made by the IANA. Assignments for other

logical host addresses are made by the NIC.

Logical Address Assignments:

Decimal Description References
------- ----------- ----------
0 Reserved [JBP]
1 The BBN Core Gateways [MB]
2-254 Unassigned [JBP]
255 Reserved [JBP]

MILNET X.25 ADDRESS MAPPINGS

All MILNET hosts are assigned addresses by the Defense Data Network
(DDN). The address of a MILNET host may be obtained from the Network
Information Center (NIC), represented as an ASCII text string in what
is called "host table format". This section describes the process by
which MILNET X.25 addresses may be derived from addresses in the NIC
host table format.

A NIC host table address consists of the ASCII text string
representations of four decimal numbers separated by periods,
corresponding to the four octeted of a thirty-two bit Internet
address. The four decimal numbers are referred to in this section as
"n", "h' "l", and "i". Thus, a host table address may be represented
as: "n.h.l.i". Each of these four numbers will have either one, two,
or three decimal digits and will never have a value greater than 255.
For example, in the host table, address: "10.2.0.124", n=10, h=2, l=0,
and i=124. To convert a host table address to a MILNET X.25 address:

1. If h < 64, the host table address corresponds to the X.25
physical address:

ZZZZ F IIIHHZZ (SS)

where:

ZZZZ = 0000 as required

F = 0 because the address is a physical address;

III is a three decimal digit respresentation of
"i", right-adjusted and padded with leading

zeros if required;

HH is a two decimal digit representation of "h",
right-adjusted and padded with leading zeros
if required;

ZZ = 00 and

(SS) is optional

In the example given above, the host table address 10.2.0.124
corresponds to the X.25 physical address 000001240200.

2. If h > 64 or h = 64, the host table address corresponds to the
X.25 logical address

ZZZZ F RRRRRZZ (SS)

where:

ZZZZ = 0000 as required

F = 1 because the address is a logical address;

RRRRR is a five decimal digit representation of
the result "r" of the calculation

r = h * 256 + i

(Note that the decimal representation of
"r" will always require five digits);

ZZ = 00 and

(SS) is optional

Thus, the host table address 10.83.0.207 corresponds to the X.25
logical address 000012145500.

In both cases, the "n" and "l" fields of the host table address are
not used.

REFERENCES

[BBN1822] BBN, "Specifications for the Interconnection of a Host and

an IMP", Report 1822, Bolt Beranek and Newman, Cambridge,
Massachusetts, revised, December 1981.

[ETHERNET] "The Ethernet, A Local Area Network: Data Link Layer and
Physical Layer Specification", AA-K759B-TK, Digital
Equipment Corporation, Maynard, MA. Also as: "The Ethernet
- A Local Area Network", Version 1.0, Digital Equipment
Corporation, Intel Corporation, Xerox Corporation,
September 1980. And: "The Ethernet, A Local Area Network:
Data Link Layer and Physical Layer Specifications",
Digital, Intel and Xerox, November 1982. And: XEROX, "The
Ethernet, A Local Area Network: Data Link Layer and
Physical Layer Specification", X3T51/80-50, Xerox
Corporation, Stamford, CT., October 1980.

[PUP] Boggs, D., J. Shoch, E. Taft, and R. Metcalfe, "PUP: An
Internetwork Architecture", XEROX Palo Alto Research Center,
CSL-79-10, July 1979; also in IEEE Transactions on
Communication, Volume COM-28, Number 4, April 1980.

[RFC791] Postel, J., ed., "Internet Protocol - DARPA Internet Program
Protocol Specification", STD 5, RFC 791, USC/Information
Sciences Institute, September 1981.

[RFC878] Malis, Andrew, "The ARPANET 1822L Host Access Protocol",
RFC 878, BBN Communications Corp., December 1983.

[RFC926] International Standards Organization, "Protocol for Providing
the Connectionless-Mode Network Services", RFC 926, ISO,
December 1984.

[RFC1005] Khanna, A., and A. Malis, "The ARPANET AHIP-E Host Access
Protocol (Enhanced AHIP)", RFC 1005, BBN Communications
Corp., May 1987.

PEOPLE

[DM28] Dennis Morris

[JBP] Jon Postel

[JBW1] Joseph Walters, Jr.

[JGH] Jim Herman

[MB] Michael Brescia

[RXM] Robert Myhill

[XEROX] Fonda Pallone <---none--->

[]

URL = ftp://ftp.isi.edu/in-notes/iana/assignments/milnet-parameters

XNS PROTOCOL TYPES

Assigned well-known socket numbers

Routing Information 1
Echo 2
Router Error 3
Experimental 40-77

Assigned internet packet types

Routing Information 1
Echo 2
Error 3
Packet Exchange 4
Sequenced Packet 5
PUP 12
DoD IP 13
Experimental 20-37

[]

URL = ftp://ftp.isi.edu/in-notes/iana/assignments/xns-protocol-types

INTERNET / XNS PROTOCOL MAPPINGS

Below are two tables describing the arrangement of protocol fields or
type field assignments so that one could send XNS Datagrams on the
MILNET or Internet Datagrams on 10Mb Ethernet, and also protocol and
type fields so one could encapsulate each kind of Datagram in the
other.

upper| DoD IP | PUP | NS IP |
lower | | | |
--------------|--------|--------|--------|
| Type | Type | Type |
3Mb Ethernet | 1001 | 1000 | 3000 |
| octal | octal | octal |
--------------|--------|--------|--------|
| Type | Type | Type |
10 Mb Ethernet| 0800 | 0200 | 0600 |
| hex | hex | hex |
--------------|--------|--------|--------|
| Link | Link | Link |
MILNET | 155 | 152 | 150 |
| decimal| decimal| decimal|
--------------|--------|--------|--------|

upper| DoD IP | PUP | NS IP |
lower | | | |
--------------|--------|--------|--------|
| |Protocol|Protocol|
DoD IP | X | 12 | 22 |
| | decimal| decimal|
--------------|--------|--------|--------|
| | | |
PUP | ? | X | ? |
| | | |
--------------|--------|--------|--------|
| Type | Type | |
NS IP | 13 | 12 | X |
| decimal| decimal| |
--------------|--------|--------|--------|

[]

URL = ftp://ftp.isi.edu/in-notes/iana/assignments/ip-xns-mapping

PRONET 80 TYPE NUMBERS

Below is the current list of PRONET 80 Type Numbers. Note: a protocol
that is on this list does not necessarily mean that there is any
implementation of it on ProNET.

Of these, protocols 1, 14, and 20 are the only ones that have ever
been seen in ARP packets.

For reference, the header is (one byte/line):

destination hardware address
source hardware address
data link header version (2)
data link header protocol number
data link header reserved (0)
data link header reserved (0)

Some protocols have been known to tuck stuff in the reserved fields.

Those who need a protocol number on ProNET-10/80 should contact John
Shriver (jas@proteon.com).

1 IP
2 IP with trailing headers
3 Address Resolution Protocol
4 Proteon HDLC
5 VAX Debugging Protocol (MIT)
10 Novell NetWare (IPX and pre-IPX) (old format,
3 byte trailer)
11 Vianetix
12 PUP
13 Watstar protocol (University of Waterloo)
14 XNS
15 Diganostics
16 Echo protocol (link level)
17 Banyan Vines
20 DECnet (DEUNA Emulation)
21 Chaosnet
23 IEEE 802.2 or ISO 8802/2 Data Link
24 Reverse Address Resolution Protocol
29 TokenVIEW-10
31 AppleTalk LAP Data Packet
33 Cornell Boot Server Location Protocol
34 Novell NetWare IPX (new format, no trailer,
new XOR checksum)

[]

URL = ftp://ftp.isi.edu/in-notes/iana/assignments/pronet80-type-numbers

NOVELL SAP NUMBERS OF INTEREST

For the convenience of the Internet community the IANA maitains a list
of Novell Service Access Point (SAP) numbers. This list is kept
up-to-date- by contributions from the community. Please send
corrections and additions to IANA@ISI.EDU.

Novell SAPs
====== ====

Decimal Hex SAP Description
======= ==== ===============

0 0000 Unknown
1 0001 User
2 0002 User Group
3 0003 Print Queue or Print Group
4 0004 File Server (SLIST source)
5 0005 Job Server
6 0006 Gateway
7 0007 Print Server or Silent Print Server
8 0008 Archive Queue
9 0009 Archive Server
10 000a Job Queue
11 000b Administration
15 000F Novell TI-RPC
23 0017 Diagnostics
32 0020 NetBIOS
33 0021 NAS SNA Gateway
35 0023 NACS Async Gateway or Asynchronous Gateway
36 0024 Remote Bridge or Routing Service
38 0026 Bridge Server or Asynchronous Bridge Server
39 0027 TCP/IP Gateway Server
40 0028 Point to Point (Eicon) X.25 Bridge Server
41 0029 Eicon 3270 Gateway
42 002a CHI Corp ???
44 002c PC Chalkboard
45 002d Time Synchronization Server or Asynchronous Timer
46 002e SAP Archive Server or SMS Target Service Agent
69 0045 DI3270 Gateway
71 0047 Advertising Print Server
75 004b Btrieve VAP/NLM 5.0
76 004c Netware SQL VAP/NLM Server
77 004d Xtree Network Version Netware XTree
80 0050 Btrieve VAP 4.11
82 0052 QuickLink (Cubix)
83 0053 Print Queue User
88 0058 Multipoint X.25 Eicon Router

96 0060 STLB/NLM ???
100 0064 ARCserve
102 0066 ARCserve 3.0
114 0072 WAN Copy Utility
122 007a TES-Netware for VMS
146 0092 WATCOM Debugger or Emerald Tape Backup Server
149 0095 DDA OBGYN ???
152 0098 Netware Access Server (Asynchronous gateway)
154 009a Netwa re for VMS II or Named Pipe Server
155 009b Netware Access Server
158 009e Portable Netware Server or SunLink NVT
161 00a1 Powerchute APC UPS NLM
170 00aa LAWserve ???
172 00ac Compaq IDA Status Monitor
256 0100 PIPE STAIL ???
258 0102 LAN Protect Bindery
259 0103 Oracle DataBase Server
263 0107 Netware 386 or RSPX Remote Console
271 010f Novell SNA Gateway
274 0112 Print Server (HP)
276 0114 CSA MUX (f/Communications Executive)
277 0115 CSA LCA (f/Communications Executive)
278 0116 CSA CM (f/Communications Executive)
279 0117 CSA SMA (f/Communications Executive)
280 0118 CSA DBA (f/Communications Executive)
281 0119 CSA NMA (f/Communications Executive)
282 011a CSA SSA (f/Communications Executive)
283 011b CSA STATUS (f/Communications Executive)
286 011e CSA APPC (f/Communications Executive)
294 0126 SNA TEST SSA Profile
298 012a CSA TRACE (f/Communications Executive)
304 0130 Communications Executive
307 0133 NNS Domain Server or Netware Naming Services Domain
309 0135 Netware Naming Services Profile
311 0137 Netware 386 Print Queue or NNS Print Queue
321 0141 LAN Spool Server (Vap, Intel)
338 0152 IRMALAN Gateway
340 0154 Named Pipe Server
360 0168 Intel PICKIT Comm Server or Intel CAS Talk Server
369 171 UNKNOWN???
371 0173 Compaq
372 0174 Compaq SNMP Agent
373 0175 Compaq
384 0180 XTree Server or XTree Tools
394 18A UNKNOWN??? Running on a Novell Server
432 01b0 GARP Gateway (net research)
433 01b1 Binfview (Lan Support Group)
447 01bf Intel LanDesk Manager

458 01ca AXTEC ???
459 01cb Netmode ???
460 1CC UNKNOWN??? Sheva netmodem???
472 01d8 Castelle FAXPress Server
474 01da Castelle LANPress Print Server
476 1DC Castille FAX/Xerox 7033 Fax Server/Excel Lan Fax
496 01f0 LEGATO ???
501 01f5 LEGATO ???
563 0233 NMS Agent or Netware Management Agent
567 0237 NMS IPX Discovery or LANtern Read/Write Channel
568 0238 NMS IP Discovery or LANtern Trap/Alarm Channel
570 023a LABtern
572 023c MAVERICK ???
574 23E UNKNOWN??? Running on a Novell Server
575 023f Used by eleven various Novell Servers
590 024e Remote Something ???
618 026a Network Management (NMS) Service Console
619 026b Time Synchronization Server (Netware 4.x)
632 0278 Directory Server (Netware 4.x)
772 0304 Novell SAA Gateway
776 0308 COM or VERMED 1 ???
778 030a Gallacticom BBS
780 030c Intel Netport 2 or HP JetDirect or HP Quicksilver
800 0320 Attachmate Gateway
807 0327 Microsoft Diagnostiocs ???
821 0335 MultiTech Systems Multisynch Comm Server
853 0355 Arcada Backup Exec
858 0358 MSLCD1 ???
865 0361 NETINELO ???
894 037e Twelve Novell file servers in the PC3M family
895 037f ViruSafe Notify
902 0386 HP Bridge
903 0387 HP Hub
916 0394 NetWare SAA Gateway
923 039b Lotus Notes
951 03b7 Certus Anti Virus NLM
964 03c4 ARCserve 4.0 (Cheyenne)
967 03c7 LANspool 3.5 (Intel)
990 03de Gupta Sequel Base Server or NetWare SQL
993 03e1 Univel Unixware
996 03e4 Univel Unixware
1020 03fc Intel Netport
1021 03fd Print SErver Queue ???
1034 40A ipnServer??? Running on a Novell Server
1035 40B UNKNOWN???
1037 40D LVERRMAN??? Running on a Novell Server
1038 40E LVLIC??? Running on a Novell Server
1040 410 UNKNOWN??? Running on a Novell Server

1044 0414 Kyocera
1065 0429 Site Lock Virus (Brightworks)
1074 0432 UFHELP R ???
1075 433 Sunoptics SNMP Agent???
1100 044c Backup ???
1111 457 Canon GP55??? Running on a Canon GP55 network printer
1115 045b Dell SCSI Array (DSA) Monitor
1200 04b0 CD-Net (Meridian)
1217 4C1 UNKNOWN???
1299 513 Emulux NQA??? Something from Emulex
1312 0520 Site Lock Checks
1321 0529 Site Lock Checks (Brightworks)
1325 052d Citrix OS/2 App Server
1344 536 Milan ???
1408 0580 McAfee's NetShield anti-virus
1569 621 ?? Something from Emulex
1571 623 UNKNOWN??? Running on a Novell Server
1900 076C Xerox
2857 0b29 Site Lock
3113 0c29 Site Lock Applications
3116 0c2c Licensing Server
9088 2380 LAI Site Lock
9100 238c Meeting Maker
18440 4808 Site Lock Server or Site Lock Metering VAP/NLM
21845 5555 Site Lock User
25362 6312 Tapeware
28416 6f00 Rabbit Gateway (3270)
30467 7703 MODEM??
32770 8002 NetPort Printers (Intel) or LANport
32776 8008 WordPerfect Network Version
34238 85BE Cisco Enhanced Interior Routing Protocol (EIGRP)
34952 8888 WordPerfect Network Version or Quick Network Management
36864 9000 McAfee's NetShield anti-virus
38404 9604 ?? CSA-NT_MON
61727 f11f Site Lock Metering VAP/NLM
61951 f1ff Site Lock
62723 F503 ?? SCA-NT
65535 ffff Any Service or Wildcard

This file is

ftp://ftp.isi.edu/in-notes/iana/assignments/novell-sap-numbers

[]

URL = ftp://ftp.isi.edu/in-notes/iana/assignments/novell-sap-numbers

POINT-TO-POINT PROTOCOL FIELD ASSIGNMENTS

PPP DLL PROTOCOL NUMBERS

The Point-to-Point Protocol (PPP) Data Link Layer [146,147,175]
contains a 16 bit Protocol field to identify the the encapsulated
protocol. The Protocol field is consistent with the ISO 3309 (HDLC)
extension mechanism for Address fields. All Protocols MUST be
assigned such that the least significant bit of the most significant
octet equals "0", and the least significant bit of the least
significant octet equals "1".

Assigned PPP DLL Protocol Numbers

Value (in hex) Protocol Name

0001 Padding Protocol
0003 to 001f reserved (transparency inefficient)
0021 Internet Protocol
0023 OSI Network Layer
0025 Xerox NS IDP
0027 DECnet Phase IV
0029 Appletalk
002b Novell IPX
002d Van Jacobson Compressed TCP/IP
002f Van Jacobson Uncompressed TCP/IP
0031 Bridging PDU
0033 Stream Protocol (ST-II)
0035 Banyan Vines
0037 reserved (until 1993)
0039 AppleTalk EDDP
003b AppleTalk SmartBuffered
003d Multi-Link
003f NETBIOS Framing
0041 Cisco Systems
0043 Ascom Timeplex
0045 Fujitsu Link Backup and Load Balancing (LBLB)
0047 DCA Remote Lan
0049 Serial Data Transport Protocol (PPP-SDTP)
004b SNA over 802.2
004d SNA
004f IP6 Header Compression
006f Stampede Bridging
007d reserved (Control Escape) [RFC1661]
007f reserved (compression inefficient) [RFC1662]
00cf reserved (PPP NLPID)
00fb compression on single link in multilink group
00fd 1st choic e compression

00ff reserved (compression inefficient)

0201 802.1d Hello Packets
0203 IBM Source Routing BPDU
0205 DEC LANBridge100 Spanning Tree
0231 Luxcom
0233 Sigma Network Systems

8001-801f Not Used - reserved [RFC1661]
8021 Internet Protocol Control Protocol
8023 OSI Network Layer Control Protocol
8025 Xerox NS IDP Control Protocol
8027 DECnet Phase IV Control Protocol
8029 Appletalk Control Protocol
802b Novell IPX Control Protocol
802d reserved
802f reserved
8031 Bridging NCP
8033 Stream Protocol Control Protocol
8035 Banyan Vines Control Protocol
8037 reserved till 1993
8039 reserved
803b reserved
803d Multi-Link Control Protocol
803f NETBIOS Framing Control Protocol
807d Not Used - reserved [RFC1661]
8041 Cisco Systems Control Protocol
8043 Ascom Timeplex
8045 Fujitsu LBLB Control Protocol
8047 DCA Remote Lan Network Control Protocol (RLNCP)
8049 Serial Data Control Protocol (PPP-SDCP)
804b SNA over 802.2 Control Protocol
804d SNA Control Protocol
804f IP6 Header Compression Control Protocol
006f Stampede Bridging Control Protocol
80cf Not Used - reserved [RFC1661]
80fb compression on single link in multilink group control
80fd Compression Control Protocol
80ff Not Used - reserved [RFC1661]

c021 Link Control Protocol
c023 Password Authentication Protocol
c025 Link Quality Report
c027 Shiva Password Authentication Protocol
c029 CallBack Control Protocol (CBCP)
c081 Container Control Protocol [KEN]
c223 Challenge Handshake Authentication Protocol
c281 Proprietary Authentication Protocol [KEN]

c26f Stampede Bridging Authorization Protocol
c481 Proprietary Node ID Authentication Protocol [KEN]

Protocol field values in the "0xxx" to "3xxx" range identify the
network-layer protocol of specific datagrams, and values in the "8xxx"
to "bxxx" range identify datagrams belonging to the associated Network
Control Protocol (NCP), if any.

It is recommended that values in the "02xx" to "1exx" and "xx01" to
"xx1f" ranges not be assigned, as they are compression inefficient.

Protocol field values in the "4xxx" to "7xxx" range are used for
protocols with low volume traffic which have no associated NCP.

Protocol field values in the "cxxx" to "exxx" range identify datagrams
as Control Protocols (such as LCP).

PPP LCP AND IPCP CODES

The Point-to-Point Protocol (PPP) Link Control Protocol (LCP), [146]
the Compression Control Protocol (CCP), Internet Protocol Control
Protocol (IPCP), [147] and other control protocols, contain an 8 bit
Code field which identifies the type of packet. These Codes are
assigned as follows:

Code Packet Type
---- -----------
1 Configure-Request
2 Configure-Ack
3 Configure-Nak
4 Configure-Reject
5 Terminate-Request
6 Terminate-Ack
7 Code-Reject
8 * Protocol-Reject
9 * Echo-Request
10 * Echo-Reply
11 * Discard-Request
12 * Identification
13 * Time-Remaining
14 + Reset-Request
15 + Reset-Reply

* LCP Only
+ CCP Only

PPP LCP CONFIGURATION OPTION TYPES

The Point-to-Point Protocol (PPP) Link Control Protocol (LCP)
specifies a number of Configuration Options [146] which are
distinguished by an 8 bit Type field. These Types are assigned as
follows:

Type Configuration Option
---- --------------------
1 Maximum-Receive-Unit
2 Async-Control-Character-Map
3 Authentication-Protocol
4 Quality-Protocol
5 Magic-Number
6 RESERVED
7 Protocol-Field-Compression
8 Address-and-Control-Field-Compression
9 FCS-Alternatives
10 Self-Describing-Pad
11 Numbered-Mode
12 Multi-Link-Procedure
13 Callback
14 Connect-Time
15 Compound-Frames
16 Nominal-Data-Encapsulation
17 Multilink-MRRU
18 Multilink-Short-Sequence-Number-Header-Format
19 Multilink-Endpoint-Discriminator
20 Proprietary [KEN]
21 DCE-Identifier [SCHNEIDER]

PPP LCP FCS-ALTERNATIVES

The Point-to-Point Protocol (PPP) Link Control Protocol (LCP)
FCS-Alternatives Configuration Option contains an 8-bit Options field
which identifies the FCS used. These are assigned as follows:

Bit FCS
---- ----------
1 Null FCS
2 CCITT 16-Bit FCS
4 CCITT 32-bit FCS

PPP LCP CALLBACK OPERATION FIELDS

The Point-to-Point Protocol (PPP) Link Control Protocol (LCP) Callback
Configuration Option contains an 8-bit Operations field which
identifies the format of the Message. These are assigned as follows:

Operation Description
--------- ---------------------------
0 Location determined by user authentication.
1 Dialing string.
2 Location identifier.
3 E.164 number.
4 X.500 distinguished name.
5 unassigned
6 Location is determined during CBCP negotiation.

PPP IPCP CONFIGURATION OPTION TYPES

The Point-to-Point Protocol (PPP) Internet Protocol Control Protocol
(IPCP) specifies a number of Configuration Options [147] which are
distinguished by an 8 bit Type field. These Types are assigned as
follows:

Type Configuration Option
---- --------------------
1 IP-Addresses (deprecated)
2 IP-Compression-Protocol
3 IP-Address

PPP ATCP CONFIGURATION OPTION TYPES

The Point-to-Point Protocol (PPP) Apple Talk Control Protocol (ATCP)
specifies a number of Configuration Options [RFC-1378] which are
distinguished by an 8 bit Type field. These Types are assigned as
follows:

Type Configuration Option
---- --------------------
1 AppleTalk-Address
2 Routing-Protocol
3 Suppress-Broadcasts
4 AT-Compression-Protocol
5 Reserved
6 Server-information
7 Zone-information
8 Default-Router-Address

PPP OSINLCP CONFIGURATION OPTION TYPES

The Point-to-Point Protocol (PPP) OSI Network Layer Control Protocol
(OSINLCP) specifies a number of Configuration Options [RFC-1377] which
are distinguished by an 8 bit Type field. These Types are assigned as
follows:

Type Configuration Option
---- --------------------
1 Align-NPDU

PPP BRIDGING CONFIGURATION OPTION TYPES

The Point-to-Point Protocol (PPP) Bridging Control Protocol (BCP)
specifies a number of Configuration Options which are distinguished by
an 8 bit Type field. These Types are assigned as follows:

Type Configuration Option
---- ------------------- -
1 Bridge-Identification
2 Line-Identification
3 MAC-Support
4 Tinygram-Compression
5 LAN-Identification
6 MAC-Address
7 Spanning-Tree-Protocol

PPP BRIDGING MAC TYPES

The Point-to-Point Protocol (PPP) Bridging Control Protocol (BCP)
contains an 8 bit MAC Type field which identifies the MAC
encapsulated. These Types are assigned as follows:

Type MAC
---- -----------
0 Reserved
1 IEEE 802.3/Ethernet with cannonical addresses
2 IEEE 802.4 with cannonical addresses
3 IEEE 802.5 with non-cannonical addresses
4 FDDI with non-cannonical addresses
5-10 reserved
11 IEEE 802.5 with cannonical addresses
12 FDDI with cannonical addresses

PPP BRIDGING SPANNING TREE

The Point-to-Point Protocol (PPP) Bridging Control Protocol (BCP)
Spanning Tree Configuration Option contains an 8-bit Protocol field
which identifies the spanning tree used. These are assigned as
follows:

Protocol Spanning Tree
-------- ---------------
0 Null - no spanning tree protocol supported
1 IEEE 802.1D spanning tree protocol

2 IEEE 802.1G extended spanning tree protocol
3 IBM source route spanning tree protocol
4 DEC LANbridge 100 spanning tree protocol

REFERENCES

[RFC1661] Simpson, W., Editor, "The Point-to-Point Protocol (PPP)",
STD 51, RFC 1661, Daydreamer, July 1994.

[RFC1662] Simpson, W., Editor, "PPP in HDLC-like Framing", STD 51, RFC
1662, Daydreamer, July 1994.

PEOPLE

[KEN]

[SCHNEIDER] Kevin Schneider

[]

URL = ftp://ftp.isi.edu/in-notes/iana/assignments/ppp-numbers

MACHINE NAMES

These are the Official Machine Names as they appear in the Domain Name
System HINFO records and the NIC Host Table. Their use is described
in [RFC952].

A machine name or CPU type may be up to 40 characters taken from the
set of uppercase letters, digits, and the two punctuation characters
hyphen and slash. It must start with a letter, and end with a letter
or digit.

AMIGA-500
AMIGA-500/010
AMIGA-500/020
AMIGA-500/EC030
AMIGA-500/030
AMIGA-600
AMIGA-1000
AMIGA-1000/010
AMIGA-1000/020
AMIGA-1000/EC030
AMIGA-1000/030
AMIGA-1200
AMIGA-1200/EC030
AMIGA-1200/030
AMIGA-1200/EC040
AMIGA-1200/LC040
AMIGA-1200/040
AMIGA-2000
AMIGA-2000/010
AMIGA-2000/020
AMIGA-2000/EC030
AMIGA-2000/030
AMIGA-2000/LC040
AMIGA-2000/EC040
AMIGA-2000/040
AMIGA-3000
AMIGA-3000/EC040
AMIGA-3000/LC040
AMIGA-3000/040
AMIGA-3000/060
AMIGA-4000/EC030
AMIGA-4000/030
AMIGA-4000/LC040
AMIGA-4000/040
AMIGA-4000/060
ALTO

ALTOS-6800
AMDAHL-V7
APOLLO
APPLE-MACINTOSH
APPLE-POWERBOOK
ATARI-104ST
ATT-3B1
ATT-3B2
ATT-3B20
ATT-7300
AXP
BBN-C/60
BURROUGHS-B/29
BURROUGHS-B/4800
BUTTERFLY
C/30
C/70
CADLINC
CADR
CDC-170
CDC-170/750
CDC-173
CDTV
CDTV/060
CD32
CELERITY-1200
CLUB-386
COMPAQ-386/20
COMTEN-3690
CP8040
CRAY-1
CRAY-X/MP
CRAY-2
CTIWS-117
DANDELION
DEC-10
DEC-1050
DEC-1077
DEC-1080
DEC-1090
DEC-1090B
DEC-1090T
DEC-2020T
DEC-2040
DEC-2040T
DEC-2050T
DEC-2060
DEC-2060T

DEC-2065
DEC-AXP
DEC-FALCON
DEC-KS10
DECSTATION
DEC-VAX
DEC-VAXCLUSTER
DEC-VAXSTATION
DEC-VAX-11730
DORADO
DPS8/70M
ELXSI-6400
EVEREX-386
FOONLY-F2
FOONLY-F3
FOONLY-F4
GOULD
GOULD-6050
GOULD-6080
GOULD-9050
GOULD-9080
H-316
H-60/68
H-68
H-68/80
H-89
HONEYWELL-DPS-6
HONEYWELL-DPS-8/70
HP3000
HP3000/64
IBM-158
IBM-360/67
IBM-370/3033
IBM-3081
IBM-3084QX
IBM-3101
IBM-4331
IBM-4341
IBM-4361
IBM-4381
IBM-4956
IBM-6152
IBM-PC
IBM-PC/AT
IBM-PC/RT
IBM-PC/XT
IBM-RS/6000
IBM-SERIES/1

IMAGEN
IMAGEN-8/300
IMSAI
INTEGRATED-SOLUTIONS
INTEGRATED-SOLUTIONS-68K
INTEGRATED-SOLUTIONS-CREATOR
INTEGRATED-SOLUTIONS-CREATOR-8
INTEL-386
INTEL-IPSC
IS-1
IS-68010
LMI
LSI-11
LSI-11/2
LSI-11/23
LSI-11/73
M68000
MAC-II
MAC-POWERBOOK
MACINTOSH
MASSCOMP
MC500
MC68000
MICROPORT
MICROVAX
MICROVAX-I
MV/8000
NAS3-5
NCR-COMTEN-3690
NEXT/N1000-316
NOW
ONYX-Z8000
PDP-11
PDP-11/3
PDP-11/23
PDP-11/24
PDP-11/34
PDP-11/40
PDP-11/44
PDP-11/45
PDP-11/50
PDP-11/70
PDP-11/73
PE-7/32
PE-3205
PERQ
PLEXUS-P/60
PLI

PLURIBUS
PRIME-2350
PRIME-2450
PRIME-2755
PRIME-9655
PRIME-9755
PRIME-9955II
PRIME-2250
PRIME-2655
PRIME-9955
PRIME-9950
PRIME-9650
PRIME-9750
PRIME-2250
PRIME-750
PRIME-850
PRIME-550II
PYRAMID-90
PYRAMID-90MX
PYRAMID-90X
RIDGE
RIDGE-32
RIDGE-32C
ROLM-1666
RS/6000
S1-MKIIA
SMI
SEQUENT-BALANCE-8000
SIEMENS
SILICON-GRAPHICS
SILICON-GRAPHICS-IRIS
SGI-IRIS-2400
SGI-IRIS-2500
SGI-IRIS-3010
SGI-IRIS-3020
SGI-IRIS-3030
SGI-IRIS-3110
SGI-IRIS-3115
SGI-IRIS-3120
SGI-IRIS-3130
SGI-IRIS-4D/20
SGI-IRIS-4D/20G
SGI-IRIS-4D/25
SGI-IRIS-4D/25G
SGI-IRIS-4D/25S
SGI-IRIS-4D/50
SGI-IRIS-4D/50G
SGI-IRIS-4D/50GT

SGI-IRIS-4D/60
SGI-IRIS-4D/60G
SGI-IRIS-4D/60T
SGI-IRIS-4D/60GT
SGI-IRIS-4D/70
SGI-IRIS-4D/70G
SGI-IRIS-4D/70GT
SGI-IRIS-4D/80GT
SGI-IRIS-4D/80S
SGI-IRIS-4D/120GTX
SGI-IRIS-4D/120S
SGI-IRIS-4D/210GTX
SGI-IRIS-4D/210S
SGI-IRIS-4D/220GTX
SGI-IRIS-4D/220S
SGI-IRIS-4D/240GTX
SGI-IRIS-4D/240S
SGI-IRIS-4D/280GTX
SGI-IRIS-4D/280S
SGI-IRIS-CS/12
SGI-IRIS-4SERVER-8
SPERRY-DCP/10
SUN
SUN-2
SUN-2/50
SUN-2/100
SUN-2/120
SUN-2/130
SUN-2/140
SUN-2/150
SUN-2/160
SUN-2/170
SUN-3/50
SUN-3/60
SUN-3/75
SUN-3/80
SUN-3/110
SUN-3/140
SUN-3/150
SUN-3/160
SUN-3/180
SUN-3/200
SUN-3/260
SUN-3/280
SUN-3/470
SUN-3/480
SUN-4/60
SUN-4/110

SUN-4/150
SUN-4/200
SUN-4/260
SUN-4/280
SUN-4/330
SUN-4/370
SUN-4/390
SUN-50
SUN-100
SUN-120
SUN-130
SUN-150
SUN-170
SUN-386i/250
SUN-68000
SYMBOLICS-3600
SYMBOLICS-3670
SYMMETRIC-375
SYMULT
TANDEM-TXP
TANDY-6000
TEK-6130
TI-EXPLORER
TP-4000
TRS-80
UNIVAC-1100
UNIVAC-1100/60
UNIVAC-1100/62
UNIVAC-1100/63
UNIVAC-1100/64
UNIVAC-1100/70
UNIVAC-1160
UNKNOWN
VAX
VAX-11/725
VAX-11/730
VAX-11/750
VAX-11/780
VAX-11/785
VAX-11/790
VAX-11/8600
VAX-8600
VAXCLUSTER
VAXSTATION
WANG-PC002
WANG-VS100
WANG-VS400
WYSE-386

WYSE-WN5004
WYSE-WN5008
WYSE-WN5104
WYSE-WN5108
WYSE-WX15C
WYSE-WX17C
WYSE-WX17M
WYSE-WX19C
WYSE-WX19M
WYSE-WYX14M
WYSE-WYX5
XEROX-1108
XEROX-8010
ZENITH-148

REFERENCES

[RFC952] Harrenstien, K., Stahl, M., and E. Feinler, " DoD Internet
Host Table Specification", RFC 952, SRI, October 1985.

[]

URL = ftp://ftp.isi.edu/in-notes/iana/assignments/machine-names

OPERATING SYSTEM NAMES

These are the Official System Names as they appear in the Domain Name
System HINFO records and the NIC Host Table. Their use is described in
[RFC952].

A system name may be up to 40 characters taken from the set of
uppercase letters, digits, and the three punctuation characters
hyphen, period, and slash. It must start with a letter, and end with
a letter or digit.

AEGIS
AMIGA-OS-1.2
AMIGA-OS-1.3
AMIGA-OS-2.0
AMIGA-OS-2.1
AMIGA-OS-3.0
AMIGA-OS-3.1
APOLLO
AIX/370
AIX-PS/2
BS-2000
CEDAR
CGW
CHORUS
CHRYSALIS
CMOS
CMS
COS
CPIX
CTOS
CTSS
DCN
DDNOS
DOMAIN
DOS
EDX
ELF
EMBOS
EMMOS
EPOS
FOONEX
FORTH
FUZZ
GCOS
GPOS

HDOS
IMAGEN
INTERCOM
IMPRESS
INTERLISP
IOS
IRIX
ISI-68020
ITS
LISP
LISPM
LOCUS
MACOS
MINOS
MOS
MPE5
MPE/V
MPE/IX
MSDOS
MULTICS
MUSIC
MUSIC/SP
MVS
MVS/SP
NEXUS
NMS
NONSTOP
NOS-2
NTOS
OPENVMS
OS/DDP
OS/2
OS4
OS86
OSX
PCDOS
PERQ/OS
PLI
PSDOS/MIT
PRIMOS
RMX/RDOS
ROS
RSX11M
RTE-A
SATOPS
SCO-OPEN-DESKTOP-1.0
SCO-OPEN-DESKTOP-1.1
SCO-OPEN-DESKTOP-2.0

SCO-OPEN-DESKTOP-3.0
SCO-OPEN-DESKTOP-LITE-3.0
SCO-OPEN-SERVER-3.0
SCO-UNIX-3.2.0
SCO-UNIX-3.2V2.0
SCO-UNIX-3.2V2.1
SCO-UNIX-3.2V4.0
SCO-UNIX-3.2V4.1
SCO-UNIX-3.2V4.2
SCO-XENIX-386-2.3.2
SCO-XENIX-386-2.3.3
SCO-XENIX-386-2.3.4
SCS
SIMP
SUN
SUN-OS-3.5
SUN-OS-4.0
SWIFT
TAC
TANDEM
TENEX
THE-MAJOR-BBS
TOPS10
TOPS20
TOS
TP3010
TRSDOS
ULTRIX
UNIX
UNIX-BSD
UNIX-V1AT
UNIX-V
UNIX-V.1
UNIX-V.2
UNIX-V.3
UNIX-PC
UNKNOWN
UT2D
V
VM
VM/370
VM/CMS
VM/SP
VMS
VMS/EUNICE
VRTX
WAITS
WANG

WIN32
WYSE-WYXWARE
X11R3
XDE
XENIX

REFERENCES

[RFC952] Harrenstien, K., Stahl, M., and E. Feinler, "DoD Internet
Host Table Specification", RFC 952, SRI, October 1985.

[]

URL = ftp://ftp.isi.edu/in-notes/iana/assignments/operating-system-names

TERMINAL TYPE NAMES

These are the Official Terminal Type Names. Their use is described in
[RFC930]. The maximum length of a name is 40 characters.

A terminal names may be up to 40 characters taken from the set of
uppercase letters, digits, and the two punctuation characters hyphen
and slash. It must start with a letter, and end with a letter or
digit.

ADDS-CONSUL-980
ADDS-REGENT-100
ADDS-REGENT-20
ADDS-REGENT-200
ADDS-REGENT-25
ADDS-REGENT-40
ADDS-REGENT-60
ADDS-VIEWPOINT
ADDS-VIEWPOINT-60
AED-512
AMPEX-DIALOGUE-210
AMPEX-DIALOGUE-80
AMPEX-210
AMPEX-230
ANDERSON-JACOBSON-510
ANDERSON-JACOBSON-630
ANDERSON-JACOBSON-832
ANDERSON-JACOBSON-841
ANN-ARBOR-AMBASSADOR
ANSI
ARDS
BITGRAPH
BUSSIPLEXER
CALCOMP-565
CDC-456
CDI-1030
CDI-1203
C-ITOH-101
C-ITOH-50
C-ITOH-80
CLNZ
COMPUCOLOR-II
CONCEPT-100
CONCEPT-104
CONCEPT-108
DATA-100

DATA-GENERAL-6053
DATAGRAPHIX-132A
DATAMEDIA-1520
DATAMEDIA-1521
DATAMEDIA-2500
DATAMEDIA-3025
DATAMEDIA-3025A
DATAMEDIA-3045
DATAMEDIA-3045A
DATAMEDIA-DT80/1
DATAPOINT-2200
DATAPOINT-3000
DATAPOINT-3300
DATAPOINT-3360
DEC-DECWRITER-I
DEC-DECWRITER-II
DEC-GIGI
DEC-GT40
DEC-GT40A
DEC-GT42
DEC-LA120
DEC-LA30
DEC-LA36
DEC-LA38
DEC-VT05
DEC-VT100
DEC-VT101
DEC-VT102
DEC-VT125
DEC-VT131
DEC-VT132
DEC-VT200
DEC-VT220
DEC-VT240
DEC-VT241
DEC-VT300
DEC-VT320
DEC-VT340
DEC-VT50
DEC-VT50H
DEC-VT52
DEC-VT55
DEC-VT61
DEC-VT62
DELTA-DATA-5000
DELTA-DATA-NIH-7000
DELTA-TELTERM-2
DIABLO-1620

DIABLO-1640
DIGILOG-333
DTC-300S
DTC-382
EDT-1200
ETOS52-APL
ETOS52-CRT
ETOS52-FDW
ETOS52-FUP
ETOS52-GFM
ETOS52-SPR
EXECUPORT-4000
EXECUPORT-4080
FACIT-TWIST-4440
FREEDOM-100
FREEDOM-110
FREEDOM-200
GENERAL-TERMINAL-100A
GENERAL-TERMINAL-101
GIPSI-TX-M
GIPSI-TX-ME
GIPSI-TX-C4
GIPSI-TX-C8
GSI
HAZELTINE-1420
HAZELTINE-1500
HAZELTINE-1510
HAZELTINE-1520
HAZELTINE-1552
HAZELTINE-2000
HAZELTINE-ESPRIT
HITACHI-5601
HITACHI-5603
HITACHI-5603E
HITACHI-5603EA
HITACHI-560X
HITACHI-560XE
HITACHI-560XEA
HITACHI-560PR
HITACHI-HOAP1
HITACHI-HOAP2
HITACHI-HOAP3
HITACHI-HOAP4
HP-2392
HP-2621
HP-2621A
HP-2621P
HP-2623

HP-2626
HP-2626A
HP-2626P
HP-2627
HP-2640
HP-2640A
HP-2640B
HP-2645
HP-2645A
HP-2648
HP-2648A
HP-2649
HP-2649A
IBM-1050
IBM-2741
IBM-3101
IBM-3101-10
IBM-3151
IBM-3179-2
IBM-3180-2
IBM-3196-A1
IBM-3275-2
IBM-3276-2
IBM-3276-3
IBM-3276-4
IBM-3277-2
IBM-3278-2
IBM-3278-3
IBM-3278-4
IBM-3278-5
IBM-3279-2
IBM-3279-3
IBM-3477-FC
IBM-3477-FG
IBM-5081
IBM-5151
IBM-5154
IBM-5251-11
IBM-5291-1
IBM-5292-2
IBM-5555-B01
IBM-5555-C01
IBM-6153
IBM-6154
IBM-6155
IBM-AED
IBM-3278-2-E
IBM-3278-3-E

IBM-3278-4-E
IBM-3278-5-E
IBM-3279-2-E
IBM-3279-3-E
IMLAC
INFOTON-100
INFOTON-400
INFOTONKAS
ISC-8001
LSI-ADM-1
LSI-ADM-11
LSI-ADM-12
LSI-ADM-2
LSI-ADM-20
LSI-ADM-22
LSI-ADM-220
LSI-ADM-3
LSI-ADM-31
LSI-ADM-3A
LSI-ADM-42
LSI-ADM-5
MEMOREX-1240
MICROBEE
MICROTERM-ACT-IV
MICROTERM-ACT-V
MICROTERM-ERGO-301
MICROTERM-MIME-1
MICROTERM-MIME-2
MICROTERM-ACT-5A
MICROTERM-TWIST
NEC-5520
NETRONICS
NETWORK-VIRTUAL-TERMINAL
OMRON-8025AG
PERKIN-ELMER-550
PERKIN-ELMER-1100
PERKIN-ELMER-1200
PERQ
PLASMA-PANEL
QUME-SPRINT-5
QUME-101
QUME-102
SOROC
SOROC-120
SOUTHWEST-TECHNICAL-PRODUCTS-CT82
SUN
SUPERBEE
SUPERBEE-III-M

TEC
TEKTRONIX-4006
TEKTRONIX-4010
TEKTRONIX-4012
TEKTRONIX-4013
TEKTRONIX-4014
TEKTRONIX-4023
TEKTRONIX-4024
TEKTRONIX-4025
TEKTRONIX-4027
TEKTRONIX-4105
TEKTRONIX-4107
TEKTRONIX-4110
TEKTRONIX-4112
TEKTRONIX-4113
TEKTRONIX-4114
TEKTRONIX-4115
TEKTRONIX-4125
TEKTRONIX-4404
TELERAY-1061
TELERAY-3700
TELERAY-3800
TELETEC-DATASCREEN
TELETERM-1030
TELETYPE-33
TELETYPE-35
TELETYPE-37
TELETYPE-38
TELETYPE-40
TELETYPE-43
TELEVIDEO-910
TELEVIDEO-912
TELEVIDEO-920
TELEVIDEO-920B
TELEVIDEO-920C
TELEVIDEO-925
TELEVIDEO-955
TELEVIDEO-950
TELEVIDEO-970
TELEVIDEO-975
TERMINET-1200
TERMINET-300
TI-700
TI-733
TI-735
TI-743
TI-745
TI-800

TYCOM
UNIVAC-DCT-500
VIDEO-SYSTEMS-1200
VIDEO-SYSTEMS-5000
VOLKER-CRAIG-303
VOLKER-CRAIG-303A
VOLKER-CRAIG-404
VISUAL-200
VISUAL-55
WYSE-30
WYSE-50
WYSE-60
WYSE-75
WYSE-85
WYSE-99GT
WYSE-100WYSE-120
WYSE-120ES
WYSE-150
WYSE-150ES
WYSE-160
WYSE-160ES
WYSE-185
WYSE-185ES
WYSE-285
WYSE-285ES
WYSE-325
WYSE-325ES
WYSE-350
WYSE-370
XEROX-1720
XTERM
ZENITH-H19
ZENITH-Z29
ZENTEC-30

REFERENCES

[RFC930] Solomon, M., and E. Wimmers, "Telnet Terminal Type Option",
RFC 930, University of Wisconsin, Madison, January 1985.

[]

URL = ftp://ftp.isi.edu/in-notes/iana/assignments/terminal-type-names

PROTOCOL AND SERVICE NAMES

These are the Official Protocol Names as they appear in the Domain
Name System WKS records and the NIC Host Table. Their use is
described in [RFC952].

A protocol or service may be up to 40 characters taken from the set of
uppercase letters, digits, and the punctuation character hyphen. It
must start with a letter, and end with a letter or digit.

ARGUS - ARGUS Protocol
ARP - Address Resolution Protocol
AUTH - Authentication Service
BBN-RCC-MON - BBN RCC Monitoring
BL-IDM - Britton Lee Intelligent Database Machine
BOOTP - Bootstrap Protocol
BOOTPC - Bootstrap Protocol Client
BOOTPS - Bootstrap Protocol Server
BR-SAT-MON - Backroom SATNET Monitoring
CFTP - CFTP
CHAOS - CHAOS Protocol
CHARGEN - Character Generator Protocol
CISCO-FNA - CISCO FNATIVE
CISCO-TNA - CISCO TNATIVE
CISCO-SYS - CISCO SYSMAINT
CLOCK - DCNET Time Server Protocol
CMOT - Common Mgmnt Info Ser and Prot over TCP/IP
COOKIE-JAR - Authentication Scheme
CSNET-NS - CSNET Mailbox Nameserver Protocol
DAYTIME - Daytime Protocol
DCN-MEAS - DCN Measurement Subsystems Protocol
DCP - Device Control Protocol
DGP - Dissimilar Gateway Protocol
DISCARD - Discard Protocol
DMF-MAIL - Digest Message Format for Mail
DOMAIN - Domain Name System
ECHO - Echo Protocol
EGP - Exterior Gateway Protocol
EHF-MAIL - Encoding Header Field for Mail
EMCON - Emission Control Protocol
EMFIS-CNTL - EMFIS Control Service
EMFIS-DATA - EMFIS Data Service
FCONFIG - Fujitsu Config Protocol
FINGER - Finger Protocol
FTP - File Transfer Protocol
FTP-DATA - File Transfer Protocol Data

GGP - Gateway Gateway Protocol
GRAPHICS - Graphics Protocol
HMP - Host Monitoring Protocol
HOST2-NS - Host2 Name Server
HOSTNAME - Hostname Protocol
ICMP - Internet Control Message Protocol
IGMP - Internet Group Management Protocol
IGP - Interior Gateway Protocol
IMAP2 - Interim Mail Access Protocol version 2
INGRES-NET - INGRES-NET Service
IP - Internet Protocol
IPCU - Internet Packet Core Utility
IPPC - Internet Pluribus Packet Core
IP-ARC - Internet Protocol on ARCNET
IP-ARPA - Internet Protocol on ARPANET
IP-CMPRS - Compressing TCP/IP Headers
IP-DC - Internet Protocol on DC Networks
IP-DVMRP - Distance Vector Multicast Routing Protocol
IP-E - Internet Protocol on Ethernet Networks
IP-EE - Internet Protocol on Exp. Ethernet Nets
IP-FDDI - Transmission of IP over FDDI
IP-HC - Internet Protocol on Hyperchannnel
IP-IEEE - Internet Protocol on IEEE 802
IP-IPX - Transmission of 802.2 over IPX Networks
IP-MTU - IP MTU Discovery Options
IP-NETBIOS - Internet Protocol over NetBIOS Networks
IP-SLIP - Transmission of IP over Serial Lines
IP-WB - Internet Protocol on Wideband Network
IP-X25 - Internet Protocol on X.25 Networks
IRTP - Internet Reliable Transaction Protocol
ISI-GL - ISI Graphics Language Protocol
ISO-TP4 - ISO Transport Protocol Class 4
ISO-TSAP - ISO TSAP
LA-MAINT - IMP Logical Address Maintenance
LARP - Locus Address Resoultion Protocol
LDP - Loader Debugger Protocol
LEAF-1 - Leaf-1 Protocol
LEAF-2 - Leaf-2 Protocol
LINK - Link Protocol
LOC-SRV - Location Service
LOGIN - Login Host Protocol
MAIL - Format of Electronic Mail Messages
MERIT-INP - MERIT Internodal Protocol
METAGRAM - Metagram Relay
MIB - Management Information Base
MIT-ML-DEV - MIT ML Device
MFE-NSP - MFE Network Services Protocol
MIT-SUBNET - MIT Subnet Support

MIT-DOV - MIT Dover Spooler
MPM - Internet Message Protocol (Multimedia Mail)
MPM-FLAGS - MPM Flags Protocol
MPM-SND - MPM Send Protocol
MSG-AUTH - MSG Authentication Protocol
MSG-ICP - MSG ICP Protocol
MUX - Multiplexing Protocol
NAMESERVER - Host Name Server
NETBIOS-DGM - NETBIOS Datagram Service
NETBIOS-NS - NETBIOS Name Service
NETBIOS-SSN - NETBIOS Session Service
NETBLT - Bulk Data Transfer Protocol
NETED - Network Standard Text Editor
NETRJS - Remote Job Service
NI-FTP - NI File Transfer Protocol
NI-MAIL - NI Mail Protocol
NICNAME - Who Is Protocol
NFILE - A File Access Protocol
NNTP - Network News Transfer Protocol
NSW-FE - NSW User System Front End
NTP - Network Time Protocol
NVP-II - Network Voice Protocol
OSPF - Open Shortest Path First Interior GW Protocol
PCMAIL - Pcmail Transport Protocol
POP2 - Post Office Protocol - Version 2
POP3 - Post Office Protocol - Version 3
PPP - Point-to-Point Protocol
PRM - Packet Radio Measurement
PUP - PUP Protocol
PWDGEN - Password Generator Protocol
QUOTE - Quote of the Day Protocol
RARP - A Reverse Address Resolution Protocol
RATP - Reliable Asynchronous Transfer Protocol
RE-MAIL-CK - Remote Mail Checking Protocol
RDP - Reliable Data Protocol
RIP - Routing Information Protocol
RJE - Remote Job Entry
RLP - Resource Location Protocol
RTELNET - Remote Telnet Service
RVD - Remote Virtual Disk Protocol
SAT-EXPAK - Satnet and Backroom EXPAK
SAT-MON - SATNET Monitoring
SEP - Sequential Exchange Protocol
SFTP - Simple File Transfer Protocol
SGMP - Simple Gateway Monitoring Protocol
SNMP - Simple Network Management Protocol
SMI - Structure of Management Information
SMTP - Simple Mail Transfer Protocol

SQLSRV - SQL Service
ST - Stream Protocol
STATSRV - Statistics Service
SU-MIT-TG - SU/MIT Telnet Gateway ProtocolSUN-RPC - SUN Remote Procedure Call
SUPDUP - SUPDUP Protocol
SUR-MEAS - Survey Measurement
SWIFT-RVF - Remote Virtual File Protocol
TACACS-DS - TACACS-Database Service
TACNEWS - TAC News
TCP - Transmission Control Protocol
TCP-ACO - TCP Alternate Checksum Option
TELNET - Telnet Protocol
TFTP - Trivial File Transfer Protocol
THINWIRE - Thinwire Protocol
TIME - Time Server Protocol
TP-TCP - ISO Transport Service on top of the TCP
TRUNK-1 - Trunk-1 Protocol
TRUNK-2 - Trunk-2 Protocol
UCL - University College London Protocol
UDP - User Datagram Protocol
NNTP - Network News Transfer Protocol
USERS - Active Users Protocol
UUCP-PATH - UUCP Path Service
VIA-FTP - VIA Systems-File Transfer Protocol
VISA - VISA Protocol
VMTP - Versatile Message Transaction Protocol
WB-EXPAK - Wideband EXPAK
WB-MON - Wideband Monitoring
XNET - Cross Net Debugger
XNS-IDP - Xerox NS IDP

REFERENCES

[RFC952] Harrenstien, K., Stahl, M., and E. Feinler, "DoD Internet
Host Table Specification", RFC 952, SRI, October 1985.

[]

URL = ftp://ftp.isi.edu/in-notes/iana/assignments/service-names

Security Considerations

Security issues are not discussed in this memo.

Authors' Addresses

Joyce K. Reynolds
USC/Information Sciences Institute
4676 Admiralty Way
Marina del Rey, California 90292-6695

Phone: +1 310-822-1511
EMail: jkrey@isi.edu

Jon Postel
USC/Information Sciences Institute
4676 Admiralty Way
Marina del Rey, California 90292-6695

Phone: +1 310-822-1511
EMail: postel@isi.edu

The post RFC 1700 – Assigned Numbers appeared first on IPv6.net.

RFC 791 – Internet Protocol Version 4 Specification

IPv6 & IoT editor — Sat, 01 Aug 2009 17:42:51 +0000

INTERNET PROTOCOL

DARPA INTERNET PROGRAM

PROTOCOL SPECIFICATION

September 1981

prepared for

Defense Advanced Research Projects Agency
Information Processing Techniques Office
1400 Wilson Boulevard
Arlington, Virginia 22209

by

Information Sciences Institute
University of Southern California
4676 Admiralty Way
Marina del Rey, California 90291

September 1981
Internet Protocol

TABLE OF CONTENTS

PREFACE ........................................................ iii

1. INTRODUCTION ..................................................... 1

1.1 Motivation .................................................... 1
1.2 Scope ......................................................... 1
1.3 Interfaces .................................................... 1
1.4 Operation ..................................................... 2

2. OVERVIEW ......................................................... 5

2.1 Relation to Other Protocols ................................... 9
2.2 Model of Operation ............................................ 5
2.3 Function Description .......................................... 7
2.4 Gateways ...................................................... 9

3. SPECIFICATION ................................................... 11

3.1 Internet Header Format ....................................... 11
3.2 Discussion ................................................... 23
3.3 Interfaces ................................................... 31

APPENDIX A: Examples & Scenarios ................................... 34
APPENDIX B: Data Transmission Order ................................ 39

GLOSSARY ............................................................ 41

REFERENCES .......................................................... 45

[Page i]

September 1981
Internet Protocol

[Page ii]

September 1981
Internet Protocol

PREFACE

This document specifies the DoD Standard Internet Protocol. This
document is based on six earlier editions of the ARPA Internet Protocol
Specification, and the present text draws heavily from them. There have
been many contributors to this work both in terms of concepts and in
terms of text. This edition revises aspects of addressing, error
handling, option codes, and the security, precedence, compartments, and
handling restriction features of the internet protocol.

Jon Postel

Editor

September 1981

RFC: 791
Replaces: RFC 760
IENs 128, 123, 111,
80, 54, 44, 41, 28, 26

INTERNET PROTOCOL

DARPA INTERNET PROGRAM
PROTOCOL SPECIFICATION

1. INTRODUCTION

1.1. Motivation

The Internet Protocol is designed for use in interconnected systems of
packet-switched computer communication networks. Such a system has
been called a "catenet" [1]. The internet protocol provides for
transmitting blocks of data called datagrams from sources to
destinations, where sources and destinations are hosts identified by
fixed length addresses. The internet protocol also provides for
fragmentation and reassembly of long datagrams, if necessary, for
transmission through "small packet" networks.

1.2. Scope

The internet protocol is specifically limited in scope to provide the
functions necessary to deliver a package of bits (an internet
datagram) from a source to a destination over an interconnected system
of networks. There are no mechanisms to augment end-to-end data
reliability, flow control, sequencing, or other services commonly
found in host-to-host protocols. The internet protocol can capitalize
on the services of its supporting networks to provide various types
and qualities of service.

1.3. Interfaces

This protocol is called on by host-to-host protocols in an internet
environment. This protocol calls on local network protocols to carry
the internet datagram to the next gateway or destination host.

For example, a TCP module would call on the internet module to take a
TCP segment (including the TCP header and user data) as the data
portion of an internet datagram. The TCP module would provide the
addresses and other parameters in the internet header to the internet
module as arguments of the call. The internet module would then
create an internet datagram and call on the local network interface to
transmit the internet datagram.

In the ARPANET case, for example, the internet module would call on a

[Page 1]

September 1981
Internet Protocol
Introduction

local net module which would add the 1822 leader [2] to the internet
datagram creating an ARPANET message to transmit to the IMP. The
ARPANET address would be derived from the internet address by the
local network interface and would be the address of some host in the
ARPANET, that host might be a gateway to other networks.

1.4. Operation

The internet protocol implements two basic functions: addressing and
fragmentation.

The internet modules use the addresses carried in the internet header
to transmit internet datagrams toward their destinations. The
selection of a path for transmission is called routing.

The internet modules use fields in the internet header to fragment and
reassemble internet datagrams when necessary for transmission through
"small packet" networks.

The model of operation is that an internet module resides in each host
engaged in internet communication and in each gateway that
interconnects networks. These modules share common rules for
interpreting address fields and for fragmenting and assembling
internet datagrams. In addition, these modules (especially in
gateways) have procedures for making routing decisions and other
functions.

The internet protocol treats each internet datagram as an independent
entity unrelated to any other internet datagram. There are no
connections or logical circuits (virtual or otherwise).

The internet protocol uses four key mechanisms in providing its
service: Type of Service, Time to Live, Options, and Header Checksum.

The Type of Service is used to ind icate the quality of the service
desired. The type of service is an abstract or generalized set of
parameters which characterize the service choices provided in the
networks that make up the internet. This type of service indication
is to be used by gateways to select the actual transmission parameters
for a particular network, the network to be used for the next hop, or
the next gateway when routing an internet datagram.

The Time to Live is an indication of an upper bound on the lifetime of
an internet datagram. It is set by the sender of the datagram and
reduced at the points along the route where it is processed. If the
time to live reaches zero before the internet datagram reaches its
destination, the internet datagram is destroyed. The time to live can
be thought of as a self destruct time limit.

[Page 2]

September 1981
Internet Protocol
Introduction

The Options provide for control functions needed or useful in some
situations but unnecessary for the most common communications. The
options include provisions for timestamps, security, and special
routing.

The Header Checksum provides a verification that the information used
in processing internet datagram has been transmitted correctly. The
data may contain errors. If the header checksum fails, the internet
datagram is discarded at once by the entity which detects the error.

The internet protocol does not provide a reliable communication
facility. There are no acknowledgments either end-to-end or
hop-by-hop. There is no error control for data, only a header
checksum. There are no retransmissions. There is no flow control.

Errors detected may be reported via the Internet Control Message
Protocol (ICMP) [3] which is implemented in the internet protocol
module.

[Page 3]

September 1981
Internet Protocol

[Page 4]

September 1981
Internet Protocol

2. OVERVIEW

2.1. Relation to Other Protocols

The following diagram illustrates the place of the internet protocol
in the protocol hierarchy:

+------+ +-----+ +-----+ +-----+
|Telnet| | FTP | | TFTP| ... | ... |
+------+ +-----+ +-----+ +-----+
| | | |
+-----+ +-----+ +-----+
| TCP | | UDP | ... | ... |
+-----+ +-----+ +-----+
| | |
+--------------------------+----+
| Internet Protocol & ICMP |
+--------------------------+----+
|
+---------------------------+
| Local Network Protocol |
+---------------------------+

Protocol Relationships

Figure 1.

Internet protocol interfaces on one side to the higher level
host-to-host protocols and on the other side to the local network
protocol. In this context a "local network" may be a small network in
a building or a large network such as the ARPANET.

2.2. Model of Operation

The model of operation for transmitting a datagram from one
application program to another is illustrated by the following
scenario:

We suppose that this transmission will involve one intermediate
gateway.

The sending application program prepares its data and calls on its
local internet module to send that data as a datagram and passes the
destination address and other parameters as arguments of the call.

The internet module prepares a datagram header and attaches the data
to it. The internet module determines a local network address for
this internet address, in this case it is the address of a gateway.

[Page 5]

September 1981
Internet Protocol
Overview

It sends this datagram and the local network address to the local
network interface.

The local network interface creates a local network header, and
attaches the datagram to it, then sends the result via the local
network.

The datagram arrives at a gateway host wrapped in the local network
header, the local network interface strips off this header, and
turns the datagram over to the internet module. The internet module
determines from the internet address that the datagram is to be
forwarded to another host in a second network. The internet module
determines a local net address for the destination host. It calls
on the local network interface for that network to send the
datagram.

This local network interface creates a local network header and
attaches the datagram sending the result to the destination host.

At this destination host the datagram is stripped of the local net
header by the local network interface and handed to the internet
module.

The internet module determines that the datagram is for an
application program in this host. It passes the data to the
application program in response to a system call, passing the source
address and other parameters as results of the call.

Application Application
Program Program
\ /
Internet Module Internet Module Internet Module
\ / \ /
LNI-1 LNI-1 LNI-2 LNI-2
\ / \ /
Local Network 1 Local Network 2

Transmission Path

Figure 2

[Page 6]

September 1981
Internet Protocol
Overview

2.3. Function Description

The function or purpose of Internet Protocol is to move datagrams
through an interconnected set of networks. This is done by passing
the datagrams from one internet module to another until the
destination is reached. The internet modules reside in hosts and
gateways in the internet system. The datagrams are routed from one
internet module to another through individual networks based on the
interpretation of an internet address. Thus, one i mportant mechanism
of the internet protocol is the internet address.

In the routing of messages from one internet module to another,
datagrams may need to traverse a network whose maximum packet size is
smaller than the size of the datagram. To overcome this difficulty, a
fragmentation mechanism is provided in the internet protocol.

Addressing

A distinction is made between names, addresses, and routes [4]. A
name indicates what we seek. An address indicates where it is. A
route indicates how to get there. The internet protocol deals
primarily with addresses. It is the task of higher level (i.e.,
host-to-host or application) protocols to make the mapping from
names to addresses. The internet module maps internet addresses to
local net addresses. It is the task of lower level (i.e., local net
or gateways) procedures to make the mapping from local net addresses
to routes.

Addresses are fixed length of four octets (32 bits). An address
begins with a network number, followed by local address (called the
"rest" field). There are three formats or classes of internet
addresses: in class a, the high order bit is zero, the next 7 bits
are the network, and the last 24 bits are the local address; in
class b, the high order two bits are one-zero, the next 14 bits are
the network and the last 16 bits are the local address; in class c,
the high order three bits are one-one-zero, the next 21 bits are the
network and the last 8 bits are the local address.

Care must be taken in mapping internet addresses to local net
addresses; a single physical host must be able to act as if it were
several distinct hosts to the extent of using several distinct
internet addresses. Some hosts will also have several physical
interfaces (multi-homing).

That is, provision must be made for a host to have several physical
interfaces to the network with each having several logical internet
addresses.

[Page 7]

September 1981
Internet Protocol
Overview

Examples of address mappings may be found in "Address Mappings" [5].

Fragmentation

Fragmentation of an internet datagram is necessary when it
originates in a local net that allows a large packet size and must
traverse a local net that limits packets to a smaller size to reach
its destination.

An internet datagram can be marked "don't fragment." Any internet
datagram so marked is not to be internet fragmented under any
circumstances. If internet datagram marked don't fragment cannot be
delivered to its destination without fragmenting it, it is to be
discarded instead.

Fragmentation, transmission and reassembly across a local network
which is invisible to the internet protocol module is called
intranet fragmentation and may be used [6].

The internet fragmentation and reassembly procedure needs to be able
to break a datagram into an almost arbitrary number of pieces that
can be later reassembled. The receiver of the fragments uses the
identification field to ensure that fragments of different datagrams
are not mixed. The fragment offset field tells the receiver the
position of a fragment in the original datagram. The fragment
offset and length determine the portion of the original datagram
covered by this fragment. The more-fragments flag indicates (by
being reset) the last fragment. These fields provide sufficient
information to reassemble datagrams.

The identification field is used to distinguish the fragments of one
datagram from those of another. The originating protocol module of
an internet datagram sets the identification field to a value that
must be unique for that source-destination pair and protocol for the
time the datagram will be active in the internet system. The
originating protocol module of a complete datagram sets the
more-fragments flag to zero and the fragment offset to zero.

To fragment a long internet datagram, an internet protocol module
(for example, in a gateway), creates two new internet datagrams and
copies the contents of the internet header fields from the long
datagram into both new internet headers. The data of the long
datagram is divided into two portions on a 8 octet (64 bit) boundary
(the second portion might not be an integral multiple of 8 octets,
but the first must be). Call the number of 8 octet blocks in the
first portion NFB (for Number of Fragment Blocks). The first
portion of the data is placed in the first new internet datagram,
and the total length field is set to the length of the first

[Page 8]

September 1981
Internet Protocol
Overview

datagram. The more-fragments flag is set to one. The second
portion of the data is placed in the second new internet datagram,
and the total length field is set to the length of the second
datagram. The more-fragments flag carries the same value as the
long datagram. The fragment offset field of the second new internet
datagram is set to the value of that field in the long datagram plus
NFB.

This procedure can be generalized for an n-way split, rather than
the two-way split described.

To assemble the fragments of an internet datagram, an internet
protocol module (for example at a destination host) combines
internet datagrams that all have the same value for the four fields:
identification, source, destination, and protocol. The combination
is done by placing the data portion of each fragment in the relative
position indicated by the fragment offset in that fragment's
internet header. The first fragment will have the fragment offset
zero, and the last fragment will have the more-fragments flag reset
to zero.

2.4. Gateways

Gateways implement internet protocol to forward datagrams between
networks. Gateways also implement the Gateway to Gateway Protocol
(GGP) [7] to coordinate routing and other internet control
information.

In a gateway the higher level protocols need not be implemented and
the GGP functions are added to the IP module.

+-------------------------------+
| Internet Protocol & ICMP & GGP|
+-------------------------------+
| |
+---------------+ +---------------+
| Local Net | | Local Net |
+---------------+ +---------------+

Gateway Protocols

Figure 3.

[Page 9]

September 1981
Internet Protocol

[Page 10]

September 1981
Internet Protocol

3. SPECIFICATION

3.1. Int ernet Header Format

A summary of the contents of the internet header follows:

0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|Version| IHL |Type of Service| Total Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Identification |Flags| Fragment Offset |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Time to Live | Protocol | Header Checksum |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Source Address |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Destination Address |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Options | Padding |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

Example Internet Datagram Header

Figure 4.

Note that each tick mark represents one bit position.

Version: 4 bits

The Version field indicates the format of the internet header. This
document describes version 4.

IHL: 4 bits

Internet Header Length is the length of the internet header in 32
bit words, and thus points to the beginning of the data. Note that
the minimum value for a correct header is 5.

[Page 11]

September 1981
Internet Protocol
Specification

Type of Service: 8 bits

The Type of Service provides an indication of the abstract
parameters of the quality of service desired. These parameters are
to be used to guide the selection of the actual service parameters
when transmitting a datagram through a particular network. Several
networks offer service precedence, which somehow treats high
precedence traffic as more important than other traffic (generally
by accepting only traffic above a certain precedence at time of high
load). The major choice is a three way tradeoff between low-delay,
high-reliability, and high-throughput.

Bits 0-2: Precedence.
Bit 3: 0 = Normal Delay, 1 = Low Delay.
Bits 4: 0 = Normal Throughput, 1 = High Throughput.
Bits 5: 0 = Normal Relibility, 1 = High Relibility.
Bit 6-7: Reserved for Future Use.

0 1 2 3 4 5 6 7
+-----+-----+-----+-----+-----+-----+-----+-----+
| | | | | | |
| PRECEDENCE | D | T | R | 0 | 0 |
| | | | | | |
+-----+-----+-----+-----+-----+-----+-----+-----+

Precedence

111 - Network Control
110 - Internetwork Control
101 - CRITIC/ECP
100 - Flash Override
011 - Flash
010 - Immediate
001 - Priority
000 - Routine

The use of the Delay, Throughput, and Reliability indications may
increase the cost (in some sense) of the service. In many networks
better performance for one of these parameters is coupled with worse
performance on another. Except for very unusual cases at most two
of these three indications should be set.

The type of service is used to specify the treatment of the datagram
during its transmission through the internet system. Example
mappings of the internet type of service to the actual service
provided on networks such as AUTODIN II, ARPANET, SATNET, and PRNET
is given in "Service Mappings" [8].

[Page 12]

September 1981
Internet Protocol
Specification

The Network Control precedence designation is intended to be used
within a network only. The actual use and control of that
designation is up to each network. The Internetwork Control
designation is intended for use by gateway control originators only.
If the actual use of these precedence designations is of concern to
a particular network, it is the responsibility of that network to
control the access to, and use of, those precedence designations.

Total Length: 16 bits

Total Length is the length of the datagram, measured in octets,
including internet header and data. This field allows the length of
a datagram to be up to 65,535 octets. Such long datagrams are
impractical for most hosts and networks. All hosts must be prepared
to accept datagrams of up to 576 octets (whether they arrive whole
or in fragments). It is recommended that hosts only send datagrams
larger than 576 octets if they have assurance that the destination
is prepared to accept the larger datagrams.

The number 576 is selected to allow a reasonable sized data block to
be transmitted in addition to the required header information. For
example, this size allows a data block of 512 octets plus 64 header
octets to fit in a datagram. The maximal internet header is 60
octets, and a typical internet header is 20 octets, allowing a
margin for headers of higher level protocols.

Identification: 16 bits

An identifying value assigned by the sender to aid in assembling the
fragments of a datagram.

Flags: 3 bits

Various Control Flags.

Bit 0: reserved, must be zero
Bit 1: (DF) 0 = May Fragment, 1 = Don't Fragment.
Bit 2: (MF) 0 = Last Fragment, 1 = More Fragments.

0 1 2
+---+---+---+
| | D | M |
| 0 | F | F |
+---+---+---+

Fragment Offset: 13 bits

This field indicates where in the datagram this fragment belongs.

[Page 13]

September 1981
Internet Protocol
Specification

The fragment offset is measured in units of 8 octets (64 bits). The
first fragment has offset zero.

Time to Live: 8 bits

This field indicates the maximum time the datagram is allowed to
remain in the internet system. If this field contains the value
zero, then the datagram must be destroyed. This field is modified
in internet header processing. The time is measured in units of
seconds, but since every module that processes a datagram must
decrease the TTL by at least one even if it process the datagram in
less than a second, the TTL must be thought of only as an upper
bound on the time a datagram may exist. The intention is to cause
undeliverable datagrams to be discarded, and to bound the maximum
datagram lifetime.

Protocol: 8 bits

This field indicates the next level protocol used in the data
portion of the internet datagram. The values for various protocols
are specified in " Assigned Numbers" [9].

Header Checksum: 16 bits

A checksum on the header only. Since some header fields change
(e.g., time to live), this is recomputed and verified at each point
that the internet header is processed.

The checksum algorithm is:

The checksum field is the 16 bit one's complement of the one's
complement sum of all 16 bit words in the header. For purposes of
computing the checksum, the value of the checksum field is zero.

This is a simple to compute checksum and experimental evidence
indicates it is adequate, but it is provisional and may be replaced
by a CRC procedure, depending on further experience.

Source Address: 32 bits

The source address. See section 3.2.

Destination Address: 32 bits

The destination address. See section 3.2.

[Page 14]

September 1981
Internet Protocol
Specification

Options: variable

The options may appear or not in datagrams. They must be
implemented by all IP modules (host and gateways). What is optional
is their transmission in any particular datagram, not their
implementation.

In some environments the security option may be required in all
datagrams.

The option field is variable in length. There may be zero or more
options. There are two cases for the format of an option:

Case 1: A single octet of option-type.

Case 2: An option-type octet, an option-length octet, and the
actual option-data octets.

The option-length octet counts the option-type octet and the
option-length octet as well as the option-data octets.

The option-type octet is viewed as having 3 fields:

1 bit copied flag,
2 bits option class,
5 bits option number.

The copied flag indicates that this option is copied into all
fragments on fragmentation.

0 = not copied
1 = copied

The option classes are:

0 = control
1 = reserved for future use
2 = debugging and measurement
3 = reserved for future use

[Page 15]

September 1981
Internet Protocol
Specification

The following internet options are defined:

CLASS NUMBER LENGTH DESCRIPTION
----- ------ ------ -----------
0 0 - End of Option list. This option occupies only
1 octet; it has no length octet.
0 1 - No Operation. This option occupies only 1
octet; it has no length octet.
0 2 11 Security. Used to carry Security,
Compartmentation, User Group (TCC), and
Handling Restriction Codes compatible with DOD
requirements.
0 3 var. Loose Source Routing. Used to route the
internet datagram based on information
supplied by the source.
0 9 var. Strict Source Routing. Used to route the
internet datagram based on information
supplied by the source.
0 7 var. Record Route. Used to trace the route an
internet datagram takes.
0 8 4 Stream ID. Used to carry the stream
identifier.
2 4 var. Internet Timestamp.

Specific Option Definitions

End of Option List

+--------+
|00000000|
+--------+
Type=0

This option indicates the end of the option list. This might
not coincide with the end of the internet header according to
the internet header length. This is used at the end of all
options, not the end of each option, and need only be used if
the end of the options would not otherwise coincide with the end
of the internet header.

May be copied, introduced, or deleted on fragmentation, or for
any other reason.

[Page 16]

September 1981
Internet Protocol
Specification

No Operation

+--------+
|00000001|
+--------+
Type=1

This option may be used between options, for example, to align
the beginning of a subsequent option on a 32 bit boundary.

May be copied, introduced, or deleted on fragmentation, or for
any other reason.

Security

This option provides a way for hosts to send security,
compartmentation, handling restrictions, and TCC (closed user
group) parameters. The format for this option is as follows:

+--------+--------+---//---+---//---+---//---+---//---+
|10000010|00001011|SSS SSS|CCC CCC|HHH HHH| TCC |
+--------+--------+---//---+---//---+---//---+---//---+
Type=130 Length=11

Security (S field): 16 bits

Specifies one of 16 levels of security (eight of which are
reserved for future use).

00000000 00000000 - Unclassified
11110001 00110101 - Confidential
01111000 10011010 - EFTO
10111100 01001101 - MMMM
01011110 00100110 - PROG
10101111 00010011 - Restricted
11010111 10001000 - Secret
01101011 11000101 - Top Secret
00110101 11100010 - (Reserved for future use)
10011010 11110001 - (Reserved for future use)
01001101 01111000 - (Reserved for future use)
00100100 10111101 - (Reserved for future use)
00010011 01011110 - (Reserved for future use)
10001001 10101111 - (Reserved for future use)
11000100 11010110 - (Reserved for future use)
11100010 01101011 - (Reserved for future use)

[Page 17]

September 1981
Internet Protocol
Specification

Compartments (C field): 16 bits

An all zero value is used when the information transmitted is
not compartmented. Other values for the compartments field
may be obtained from the Defense Intelligence Agency.

Handling Restrictions (H field): 16 bits

The values for the control and release markings are
alphanumeric digraphs and are defined in the Defense
Intelligence Agency Manual DIAM 65-19, "Standard Security
Markings".

Transmission Control Code (TCC field): 24 bits

Provides a means to segregate traffic and define controlled
communities of inter est among subscribers. The TCC values are
trigraphs, and are available from HQ DCA Code 530.

Must be copied on fragmentation. This option appears at most
once in a datagram.

Loose Source and Record Route

+--------+--------+--------+---------//--------+
|10000011| length | pointer| route data |
+--------+--------+--------+---------//--------+
Type=131

The loose source and record route (LSRR) option provides a means
for the source of an internet datagram to supply routing
information to be used by the gateways in forwarding the
datagram to the destination, and to record the route
information.

The option begins with the option type code. The second octet
is the option length which includes the option type code and the
length octet, the pointer octet, and length-3 octets of route
data. The third octet is the pointer into the route data
indicating the octet which begins the next source address to be
processed. The pointer is relative to this option, and the
smallest legal value for the pointer is 4.

A route data is composed of a series of internet addresses.
Each internet address is 32 bits or 4 octets. If the pointer is
greater than the length, the source route is empty (and the
recorded route full) and the routing is to be based on the
destination address field.

[Page 18]

September 1981
Internet Protocol
Specification

If the address in destination address field has been reached and
the pointer is not greater than the length, the next address in
the source route replaces the address in the destination address
field, and the recorded route address replaces the source
address just used, and pointer is increased by four.

The recorded route address is the internet module's own internet
address as known in the environment into which this datagram is
being forwarded.

This procedure of replacing the source route with the recorded
route (though it is in the reverse of the order it must be in to
be used as a source route) means the option (and the IP header
as a whole) remains a constant length as the datagram progresses
through the internet.

This option is a loose source route because the gateway or host
IP is allowed to use any route of any number of other
intermediate gateways to reach the next address in the route.

Must be copied on fragmentation. Appears at most once in a
datagram.

Strict Source and Record Route

+--------+--------+--------+---------//--------+
|10001001| length | pointer| route data |
+--------+--------+--------+---------//--------+
Type=137

The strict source and record route (SSRR) option provides a
means for the source of an internet datagram to supply routing
information to be used by the gateways in forwarding the
datagram to the destination, and to record the route
information.

The option begins with the option type code. The second octet
is the option length which includes the option type code and the
length octet, the pointer octet, and length-3 octets of route
data. The third octet is the pointer into the route data
indicating the octet which begins the next source address to be
processed. The pointer is relative to this option, and the
smallest legal value for the pointer is 4.

A route data is composed of a series of internet addresses.
Each internet address is 32 bits or 4 octets. If the pointer is
greater than the length, the source route is empty (and the

[Page 19]

September 1981
Internet Protocol
Specification

recorded route full) and the routing is to be based on the
destination address field.

If the address in destination address field has been reached and
the pointer is not greater than the length, the next address in
the source route replaces the address in the destination address
field, and the recorded route address replaces the source
address just used, and pointer is increased by four.

The recorded route address is the internet module's own internet
address as known in the environment into which this datagram is
being forwarded.

This procedure of replacing the source route with the recorded
route (though it is in the reverse of the order it must be in to
be used as a source route) means the option (and the IP header
as a whole) remains a constant length as the datagram progresses
through the internet.

This option is a strict source route because the gateway or host
IP must send the datagram directly to the next address in the
source route through only the directly connected network
indicated in the next address to reach the next gateway or host
specified in the route.

Must be copied on fragmentation. Appears at most once in a
datagram.

Record Route

+--------+--------+--------+---------//--------+
|00000111| length | pointer| route data |
+--------+--------+--------+---------//--------+
Type=7

The record route option provides a means to record the route of
an internet datagram.

The option begins with the option type code. The second octet
is the option length which includes the option type code and the
length octet, the pointer octet, and length-3 octets of route
data. The third octet is the pointer into the route data
indicating the octet which begins the next area to store a route
address. The pointer is relative to this option, and the
smallest legal value for the pointer is 4.

A recorded route is composed of a series of internet addresses.
Each internet address is 32 bits or 4 octets. If the pointer is

[Page 20]

September 1981
Internet Protocol
Specification

greater than the length, the recorded route data area is full.
The originating host must compose this option with a large
enough route data area to hold all the address expected. The
size of the option does not change due to adding addresses. The
intitial contents of the route data area must be zero.

When an internet module routes a datagram it checks to see if
the record route option is present. If it is, it inserts its
own internet address as known in the environment into whi ch this
datagram is being forwarded into the recorded route begining at
the octet indicated by the pointer, and increments the pointer
by four.

If the route data area is already full (the pointer exceeds the
length) the datagram is forwarded without inserting the address
into the recorded route. If there is some room but not enough
room for a full address to be inserted, the original datagram is
considered to be in error and is discarded. In either case an
ICMP parameter problem message may be sent to the source
host [3].

Not copied on fragmentation, goes in first fragment only.
Appears at most once in a datagram.

Stream Identifier

+--------+--------+--------+--------+
|10001000|00000010| Stream ID |
+--------+--------+--------+--------+
Type=136 Length=4

This option provides a way for the 16-bit SATNET stream
identifier to be carried through networks that do not support
the stream concept.

Must be copied on fragmentation. Appears at most once in a
datagram.

[Page 21]

September 1981
Internet Protocol
Specification

Internet Timestamp

+--------+--------+--------+--------+
|01000100| length | pointer|oflw|flg|
+--------+--------+--------+--------+
| internet address |
+--------+--------+--------+--------+
| timestamp |
+--------+--------+--------+--------+
| . |
.
.
Type = 68

The Option Length is the number of octets in the option counting
the type, length, pointer, and overflow/flag octets (maximum
length 40).

The Pointer is the number of octets from the beginning of this
option to the end of timestamps plus one (i.e., it points to the
octet beginning the space for next timestamp). The smallest
legal value is 5. The timestamp area is full when the pointer
is greater than the length.

The Overflow (oflw) [4 bits] is the number of IP modules that
cannot register timestamps due to lack of space.

The Flag (flg) [4 bits] values are

0 -- time stamps only, stored in consecutive 32-bit words,

1 -- each timestamp is preceded with internet address of the
registering entity,

3 -- the internet address fields are prespecified. An IP
module only registers its timestamp if it matches its own
address with the next specified internet address.

The Timestamp is a right-justified, 32-bit timestamp in
milliseconds since midnight UT. If the time is not available in
milliseconds or cannot be provided with respect to midnight UT
then any time may be inserted as a timestamp provided the high
order bit of the timestamp field is set to one to indicate the
use of a non-standard value.

The originating host must compose this option with a large
enough timestamp data area to hold all the timestamp information
expected. The size of the option does not change due to adding

[Page 22]

September 1981
Internet Protocol
Specification

timestamps. The intitial contents of the timestamp data area
must be zero or internet address/zero pairs.

If the timestamp data area is already full (the pointer exceeds
the length) the datagram is forwarded without inserting the
timestamp, but the overflow count is incremented by one.

If there is some room but not enough room for a full timestamp
to be inserted, or the overflow count itself overflows, the
original datagram is considered to be in error and is discarded.
In either case an ICMP parameter problem message may be sent to
the source host [3].

The timestamp option is not copied upon fragmentation. It is
carried in the first fragment. Appears at most once in a
datagram.

Padding: variable

The internet header padding is used to ensure that the internet
header ends on a 32 bit boundary. The padding is zero.

3.2. Discussion

The implementation of a protocol must be robust. Each implementation
must expect to interoperate with others created by different
individuals. While the goal of this specification is to be explicit
about the protocol there is the possibility of differing
interpretations. In general, an implementation must be conservative
in its sending behavior, and liberal in its receiving behavior. That
is, it must be careful to send well-formed datagrams, but must accept
any datagram that it can interpret (e.g., not object to technical
errors where the meaning is still clear).

The basic internet service is datagram oriented and provides for the
fragmentation of datagrams at gateways, with reassembly taking place
at the destination internet protocol module in the destination host.
Of course, fragmentation and reassembly of datagrams within a network
or by private agreement between the gateways of a network is also
allowed since this is transparent to the internet protocols and the
higher-level protocols. This transparent type of fragmentation and
reassembly is termed "network-dependent" (or intranet) fragmentation
and is not discussed further here.

Internet addresses distinguish sources and destinations to the host
level and provide a protocol field as well. It is assumed that each
protocol will provide for whatever multiplexing is necessary within a
host.

[Page 23]

September 1981
Internet Protocol
Specification

Addressing

To provide for flexibility in assigning address to networks and
allow for the large number of small to intermediate sized networks
the interpretation of the address field is coded to specify a small
number of networks with a large number of host, a moderate number of
networks with a moderate number of hosts, and a large number of
networks with a small number of hosts. In addition there is an
escape code for extended addressing mode.

Address Formats:

High Order Bits Format Class
--------------- ------------------------------- -----
0 7 bits of net, 24 bits of host a
10 14 bits of net, 16 bits of host b
110 21 bits of net, 8 bits of host c
111 escape to extended addressing mode

A value of zero in the network field means this network. This is
only used in certain ICMP messages. The extended addressing mode
is undefined. Both of these features are reserved for future use.

The actual values assigned for network addresses is given in
"Assigned Numbers" [9].

The local address, assigned by the local network, must allow for a
single physical host to act as several distinct internet hosts.
That is, there must be a mapping between internet host addresses and
network/host interfaces that allows several internet addresses to
correspond to one interface. It must also be allowed for a host to
have several physical interfaces and to treat the datagrams from
several of them as if they were all addressed to a single host.

Address mappings between internet addresses and addresses for
ARPANET, SATNET, PRNET, and other networks are described in "Address
Mappings" [5].

Fragmentation and Reassembly.

The internet identification field (ID) is used together with the
source and destination address, and the protocol fields, to identify
datagram fragments for reassembly.

The More Fragments flag bit (MF) is set if the datagram is not the
last fragment. The Fragment Offset field identifies the fragment
location, relative to the beginning of the original unfragmented
datagram. Fragments are counted in units of 8 octets. The

[Page 24]

September 1981
Internet Protocol
Specification

fragmentation strategy is designed so than an unfragmented datagram
has all zero fragmentation information (MF = 0, fragment offset =
0). If an internet datagram is fragmented, its data portion must be
broken on 8 octet boundaries.

This format allows 2**13 = 8192 fragments of 8 octets each for a
total of 65,536 octets. Note that this is consistent with the the
datagram total length field (of course, the header is counted in the
total length and not in the fragments).

When fragmentation occurs, some options are copied, but others
remain with the first fragment only.

Every internet module must be able to forward a datagram of 68
octets without further fragmentation. This is because an internet
header may be up to 60 octets, and the minimum fragment is 8 octets.

Every internet destination must be able to receive a datagram of 576
octets either in one piece or in fragments to be reassembled.

The fields which may be affected by fragmentation include:

(1) options field
(2) more fragments flag
(3) fragment offset
(4) internet header length field
(5) total length field
(6) header checksum

If the Don't Fragment flag (DF) bit is set, then internet
fragmentation of this datagram is NOT permitted, although it may be
discarded. This can be used to prohibit fragmentation in cases
where the receiving host does not have sufficient resources to
reassemble internet fragments.

One example of use of the Don't Fragment feature is to down line
load a small host. A small host could have a boot strap program
that accepts a datagram stores it in memory and then executes it.

The fragmentation and reassembly procedures are most easily
described by examples. The following procedures are example
implementations.

General notation in the following pseudo programs: "=<" means "less
than or equal", "#" means "not equal", "=" means "equal", "<-" means
"is set to". Also, "x to y" includes x and excludes y; for example,
"4 to 7" would include 4, 5, and 6 (but not 7).

[Page 25]

September 1981
Internet Protocol
Specification

An Example Fragmentation Procedure

The maximum sized datagram that can be transmitted through the
next network is called the maximum transmission unit (MTU).

If the total length is less than or equal the maximum transmission
unit then submit this datagram to the next step in datagram
processing; otherwise cut the datagram into two fragments, the
first fragment being the maximum size, and the second fragment
being the rest of the datagram. The first fragment is submitted
to the next step in datagram processing, while the second fragment
is submitted to this procedure in case it is still too large.

Notation:

FO - Fragment Offset
IHL - Internet Header Length
DF - Don't Fragment flag
MF - More Fragments flag
TL - Total Length
OFO - Old Fragment Offset
OIHL - Old Internet Header Length
OMF - Old More Fragments flag
OTL - Old Total Length
NFB - Number of Fragment Blocks
MTU - Maximum Transmission Unit

Procedure:

IF TL =< MTU THEN Submit this datagram to the next step
in datagram processing ELSE IF DF = 1 THEN discard the
datagram ELSE
To produce the first fragment:
(1) Copy the original internet header;
(2) OIHL <- IHL; OTL <- TL; OFO <- FO; OMF <- MF;
(3) NFB <- (MTU-IHL*4)/8;
(4) Attach the first NFB*8 data octets;
(5) Correct the header:
MF <- 1; TL <- (IHL*4)+(NFB*8);
Recompute Checksum;
(6) Submit this fragment to the next step in
datagram processing;
To produce the second fragment:
(7) Selectively copy the internet header (some options
are not copied, see option definitions);
(8) Append the remaining data;
(9) Correct the header:
IHL <- (((OIHL*4)-(length of options not copied))+3)/4;

[Page 26]

September 1981
Internet Protocol
Specification

TL <- OTL - NFB*8 - (OIHL-IHL)*4);
FO <- OFO + NFB; MF <- OMF; Recompute Checksum;
(10) Submit this fragment to the fragmentation test; DONE.

In the above procedure each fragment (except the last) was made
the maximum allowable size. An alternative might produce less
than the maximum size datagrams. For example, one could implement
a fragmentation procedure that repeatly divided large datagrams in
half until the resulting fragments were less than the maximum
transmission unit size.

An Example Reassembly Procedure

For each datagram the buffer identifier is computed as the
concatenation of the source, destination, protocol, and
identification fields. If this is a whole datagram (that is both
the fragment offset and the more fragments fields are zero), then
any reassembly resources associated with this buffer identifier
are released and the datagram is forwarded to the next step in
datagram processing.

If no other fragment with this buffer identifier is on hand then
reassem bly resources are allocated. The reassembly resources
consist of a data buffer, a header buffer, a fragment block bit
table, a total data length field, and a timer. The data from the
fragment is placed in the data buffer according to its fragment
offset and length, and bits are set in the fragment block bit
table corresponding to the fragment blocks received.

If this is the first fragment (that is the fragment offset is
zero) this header is placed in the header buffer. If this is the
last fragment ( that is the more fragments field is zero) the
total data length is computed. If this fragment completes the
datagram (tested by checking the bits set in the fragment block
table), then the datagram is sent to the next step in datagram
processing; otherwise the timer is set to the maximum of the
current timer value and the value of the time to live field from
this fragment; and the reassembly routine gives up control.

If the timer runs out, the all reassembly resources for this
buffer identifier are released. The initial setting of the timer
is a lower bound on the reassembly waiting time. This is because
the waiting time will be increased if the Time to Live in the
arriving fragment is greater than the current timer value but will
not be decreased if it is less. The maximum this timer value
could reach is the maximum time to live (approximately 4.25
minutes). The current recommendation for the initial timer
setting is 15 seconds. This may be changed as experience with

[Page 27]

September 1981
Internet Protocol
Specification

this protocol accumulates. Note that the choice of this parameter
value is related to the buffer capacity available and the data
rate of the transmission medium; that is, data rate times timer
value equals buffer size (e.g., 10Kb/s X 15s = 150Kb).

Notation:

FO - Fragment Offset
IHL - Internet Header Length
MF - More Fragments flag
TTL - Time To Live
NFB - Number of Fragment Blocks
TL - Total Length
TDL - Total Data Length
BUFID - Buffer Identifier
RCVBT - Fragment Received Bit Table
TLB - Timer Lower Bound

Procedure:

(1) BUFID <- source|destination|protocol|identification;
(2) IF FO = 0 AND MF = 0
(3) THEN IF buffer with BUFID is allocated
(4) THEN flush all reassembly for this BUFID;
(5) Submit datagram to next step; DONE.
(6) ELSE IF no buffer with BUFID is allocated
(7) THEN allocate reassembly resources
with BUFID;
TIMER <- TLB; TDL <- 0;
(8) put data from fragment into data buffer with
BUFID from octet FO*8 to
octet (TL-(IHL*4))+FO*8;
(9) set RCVBT bits from FO
to FO+((TL-(IHL*4)+7)/8);
(10) IF MF = 0 THEN TDL <- TL-(IHL*4)+(FO*8)
(11) IF FO = 0 THEN put header in header buffer
(12) IF TDL # 0
(13) AND all RCVBT bits from 0
to (TDL+7)/8 are set
(14) THEN TL <- TDL+(IHL*4)
(15) Submit datagram to next step;
(16) free all reassembly resources
for this BUFID; DONE.
(17) TIMER <- MAX(TIMER,TTL);
(18) give up until next fragment or timer expires;
(19) timer expires: flush all reassembly with this BUFID; DONE.

In the case that two or more fragments contain the same data

[Page 28]

September 1981
Internet Protocol
Specification

either identically or through a partial overlap, this procedure
will use the more recently arrived copy in the data buffer and
datagram delivered.

Identification

The choice of the Identifier for a datagram is based on the need to
provide a way to uniquely identify the fragments of a particular
datagram. The protocol module assembling fragments judges fragments
to belong to the same datagram if they have the same source,
destination, protocol, and Identifier. Thus, the sender must choose
the Identifier to be unique for this source, destination pair and
protocol for the time the datagram (or any fragment of it) could be
alive in the internet.

It seems then that a sending protocol module needs to keep a table
of Identifiers, one entry for each destination it has communicated
with in the last maximum packet lifetime for the internet.

However, since the Identifier field allows 65,536 different values,
some host may be able to simply use unique identifiers independent
of destination.

It is appropriate for some higher level protocols to choose the
identifier. For example, TCP protocol modules may retransmit an
identical TCP segment, and the probability for correct reception
would be enhanced if the retransmission carried the same identifier
as the original transmission since fragments of either datagram
could be used to construct a correct TCP segment.

Type of Service

The type of service (TOS) is for internet service quality selection.
The type of service is specified along the abstract parameters
precedence, delay, throughput, and reliability. These abstract
parameters are to be mapped into the actual service parameters of
the particular networks the datagram traverses.

Precedence. An independent measure of the importance of this
datagram.

Delay. Prompt delivery is important for datagrams with this
indication.

Throughput. High data rate is important for datagrams with this
indication.

[Page 29]

September 1981
Internet Protocol
Specification

Reliability. A higher level of effort to ensure delivery is
important for datagrams with this indication.

For example, the ARPANET has a priority bit, and a choice between
"standard" messages (type 0) and "uncontrolled" messages (type 3),
(the choice between single packet and multipacket messages can also
be considered a service parameter). The uncontrolled messages tend
to be less reliably delivered and suffer less delay. Suppose an
internet datagram is to be sent through the ARPANET. Let the
internet type of service be given as:

Precedence: 5
Delay: 0
Throughput: 1
Reliability: 1

In this example, the mapping of these parameters to those available
for the ARPANET would be to set the ARPANET priority bit on since
t he Internet precedence is in the upper half of its range, to select
standard messages since the throughput and reliability requirements
are indicated and delay is not. More details are given on service
mappings in "Service Mappings" [8].

Time to Live

The time to live is set by the sender to the maximum time the
datagram is allowed to be in the internet system. If the datagram
is in the internet system longer than the time to live, then the
datagram must be destroyed.

This field must be decreased at each point that the internet header
is processed to reflect the time spent processing the datagram.
Even if no local information is available on the time actually
spent, the field must be decremented by 1. The time is measured in
units of seconds (i.e. the value 1 means one second). Thus, the
maximum time to live is 255 seconds or 4.25 minutes. Since every
module that processes a datagram must decrease the TTL by at least
one even if it process the datagram in less than a second, the TTL
must be thought of only as an upper bound on the time a datagram may
exist. The intention is to cause undeliverable datagrams to be
discarded, and to bound the maximum datagram lifetime.

Some higher level reliable connection protocols are based on
assumptions that old duplicate datagrams will not arrive after a
certain time elapses. The TTL is a way for such protocols to have
an assurance that their assumption is met.

[Page 30]

September 1981
Internet Protocol
Specification

Options

The options are optional in each datagram, but required in
implementations. That is, the presence or absence of an option is
the choice of the sender, but each internet module must be able to
parse every option. There can be several options present in the
option field.

The options might not end on a 32-bit boundary. The internet header
must be filled out with octets of zeros. The first of these would
be interpreted as the end-of-options option, and the remainder as
internet header padding.

Every internet module must be able to act on every option. The
Security Option is required if classified, restricted, or
compartmented traffic is to be passed.

Checksum

The internet header checksum is recomputed if the internet header is
changed. For example, a reduction of the time to live, additions or
changes to internet options, or due to fragmentation. This checksum
at the internet level is intended to protect the internet header
fields from transmission errors.

There are some applications where a few data bit errors are
acceptable while retransmission delays are not. If the internet
protocol enforced data correctness such applications could not be
supported.

Errors

Internet protocol errors may be reported via the ICMP messages [3].

3.3. Interfaces

The functional description of user interfaces to the IP is, at best,
fictional, since every operating system will have different
facilities. Consequently, we must warn readers that different IP
implementations may have different user interfaces. However, all IPs
must provide a certain minimum set of services to guarantee that all
IP implementations can support the same protocol hierarchy. This
section specifies the functional interfaces required of all IP
implementations.

Internet protocol interfaces on one side to the local network and on
the other side to either a higher level protocol or an application
program. In the following, the higher level protocol or application

[Page 31]

September 1981
Internet Protocol
Specification

program (or even a gateway program) will be called the "user" since it
is using the internet module. Since internet protocol is a datagram
protocol, there is minimal memory or state maintained between datagram
transmissions, and each call on the internet protocol module by the
user supplies all information necessary for the IP to perform the
service requested.

An Example Upper Level Interface

The following two example calls satisfy the requirements for the user
to internet protocol module communication ("=>" means returns):

SEND (src, dst, prot, TOS, TTL, BufPTR, len, Id, DF, opt => result)

where:

src = source address
dst = destination address
prot = protocol
TOS = type of service
TTL = time to live
BufPTR = buffer pointer
len = length of buffer
Id = Identifier
DF = Don't Fragment
opt = option data
result = response
OK = datagram sent ok
Error = error in arguments or local network error

Note that the precedence is included in the TOS and the
security/compartment is passed as an option.

RECV (BufPTR, prot, => result, src, dst, TOS, len, opt)

where:

BufPTR = buffer pointer
prot = protocol
result = response
OK = datagram received ok
Error = error in arguments
len = length of buffer
src = source address
dst = destination address
TOS = type of service
opt = option data

[Page 32]

September 1981
Internet Protocol
Specification

When the user sends a datagram, it executes the SEND call supplying
all the arguments. The internet protocol module, on receiving this
call, checks the arguments and prepares and sends the message. If the
arguments are good and the datagram is accepted by the local network,
the call returns successfully. If either the arguments are bad, or
the datagram is not accepted by the local network, the call returns
unsuccessfully. On unsuccessful returns, a reasonable report must be
made as to the cause of the problem, but the details of such reports
are up to individual implementations.

When a datagram arrives at the internet protocol module from the local
network, either there is a pending RECV call from the user addressed
or there is not. In the first case, the pending call is satisfied by
passing the information from the datagram to the user. In the second
case, the user addressed is notified of a pending datagram. If the
user addressed does not exist, an ICMP error message is returned to
the sender, and the data is discarded.

The notification of a user may be via a pseudo interrupt or similar
mechanism, as appropriate in the particular operating system
environment of the implementation.

A user's RECV call may then either be immediately satisfied by a
pending datagram, or the call may be pending until a datagram arrives.

The source address is included in the send call in case the sending
host has several addresses (multiple physical connections or logical
addresses). The internet module must check to see that the source
address is one of the legal address for this host.

An implementation may also allow or require a call to the internet
module to indicate interest in or reserve exclusive use of a class of
datagrams (e.g., all those with a certain value in the protocol
field).

This section functionally characterizes a USER/IP interface. The
notation used is similar to most procedure of function calls in high
level languages, but this usage is not meant to rule out trap type
service calls (e.g., SVCs, UUOs, EMTs), or any other form of
interprocess communication.

[Page 33]

September 1981
Internet Protocol

APPENDIX A: Examples & Scenarios

Example 1:

This is an example of the minimal data carrying internet datagram:

0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|Ver= 4 |IHL= 5 |Type of Service| Total Length = 21 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Identification = 111 |Flg=0| Fragment Offset = 0 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Time = 123 | Protocol = 1 | header checksum |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| source address |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| destination address |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| data |
+-+-+-+-+-+-+-+-+

Example Internet Datagram

Figure 5.

Note that each tick mark represents one bit position.

This is a internet datagram in version 4 of internet protocol; the
internet header consists of five 32 bit words, and the total length of
the datagram is 21 octets. This datagram is a complete datagram (not
a fragment).

[Page 34]

September 1981
Internet Protocol

Example 2:

In this example, we show first a moderate size internet datagram (452
data octets), then two internet fragments that might result from the
fragmentation of this datagram if the maximum sized transmission
allowed were 280 octets.

0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|Ver= 4 |IHL= 5 |Type of Service| Total Length = 472 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Identification = 111 |Flg=0| Fragment Offset = 0 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Time = 123 | Protocol = 6 | header checksum |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| source address |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| destination address |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| data |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| data |
\ \
\ \
| data |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| data |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

Example Internet Datagram

Figure 6.

[Page 35]

September 1981
Internet Protocol

Now the first fragment that results from splitting the datagram after
256 data octets.

0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|Ver= 4 |IHL= 5 |Type of Service| Total Length = 276 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Identification = 111 |Flg=1| Fragment Offset = 0 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Time = 119 | Protocol = 6 | Header Checksum |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| source address |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| destination address |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| data |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| data |
\ \
\ \
| data |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| data |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

Example Internet Fragment

Figure 7.

[Page 36]

September 1981
Internet Protocol

And the second fragment.

0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|Ver= 4 |IHL= 5 |Type of Service| Total Length = 216 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Identification = 111 |Flg=0| Fragment Offset = 32 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Time = 119 | Protocol = 6 | Header Checksum |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| source address |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| destination address |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ -+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| data |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| data |
\ \
\ \
| data |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| data |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

Example Internet Fragment

Figure 8.

[Page 37]

September 1981
Internet Protocol

Example 3:

Here, we show an example of a datagram containing options:

0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|Ver= 4 |IHL= 8 |Type of Service| Total Length = 576 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Identification = 111 |Flg=0| Fragment Offset = 0 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Time = 123 | Protocol = 6 | Header Checksum |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| source address |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| destination address |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Opt. Code = x | Opt. Len.= 3 | option value | Opt. Code = x |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Opt. Len. = 4 | option value | Opt. Code = 1 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Opt. Code = y | Opt. Len. = 3 | option value | Opt. Code = 0 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| data |
\ \
\ \
| data |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| data |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

Example Internet Datagram

Figure 9.

[Page 38]

September 1981
Internet Protocol

APPENDIX B: Data Transmission Order

The order of transmission of the header and data described in this
document is resolved to the octet level. Whenever a diagram shows a
group of octets, the order of transmission of those octets is the normal
order in which they are read in English. For example, in the following
diagram the octets are transmitted in the order they are numbered.

0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| 1 | 2 | 3 | 4 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| 5 | 6 | 7 | 8 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| 9 | 10 | 11 | 12 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

Transmission Order of Bytes

Figure 10.

Whenever an octet represents a numeric quantity the left most bit in the
diagram is the high order or most significant bit. That is, the bit
labeled 0 is the most significant bit. For example, the following
diagram represents the value 170 (decimal).

0 1 2 3 4 5 6 7
+-+-+-+-+-+-+-+-+
|1 0 1 0 1 0 1 0|
+-+-+-+-+-+-+-+-+

Significance of Bits

Figure 11.

Similarly, whenever a multi-octet field represents a numeric quantity
the left most bit of the whole field is the most significant bit. When
a multi-octet quantity is transmitted the most significant octet is
transmitted first.

[Page 39]

September 1981
Internet Protocol

[Page 40]

September 1981
Internet Protocol

GLOSSARY

1822
BBN Report 1822, "The Specification of the Interconnection of
a Host and an IMP". The specification of interface between a
host and the ARPANET.

ARPANET leader
The control information on an ARPANET message at the host-IMP
interface.

ARPANET message
The unit of transmission between a host and an IMP in the
ARPANET. The maximum size is about 1012 octets (8096 bits).

ARPANET packet
A unit of transmission used internally in the ARPANET between
IMPs. The maximum size is about 126 octets (1008 bits).

Destination
The destination address, an internet header field.

DF
The Don't Fragment bit carried in the flags field.

Flags
An internet header field carrying various control flags.

Fragment Offset
This internet header field indicates where in the internet
datagram a fragment belongs.

GGP
Gateway to Gateway Protocol, the protocol used primarily
between gateways to control routing and other gateway
functions.

header
Control information at the beginning of a message, segment,
datagram, packet or block of data.

ICMP
Internet Control Message Protocol, implemented in the internet
module, the ICMP is used from gateways to hosts and between
hosts to report errors and make routing suggestions.

[Page 41]

September 1981
Internet Protocol
Glossary

Identification
An internet header field carrying the identifying value
assigned by the sender to aid in assembling the fragments of a
datagram.

IHL
The internet header field Internet Header Length is the length
of the internet header measured in 32 bit words.

IMP
The Int erface Message Processor, the packet switch of the
ARPANET.

Internet Address
A four octet (32 bit) source or destination address consisting
of a Network field and a Local Address field.

internet datagram
The unit of data exchanged between a pair of internet modules
(includes the internet header).

internet fragment
A portion of the data of an internet datagram with an internet
header.

Local Address
The address of a host within a network. The actual mapping of
an internet local address on to the host addresses in a
network is quite general, allowing for many to one mappings.

MF
The More-Fragments Flag carried in the internet header flags
field.

module
An implementation, usually in software, of a protocol or other
procedure.

more-fragments flag
A flag indicating whether or not this internet datagram
contains the end of an internet datagram, carried in the
internet header Flags field.

NFB
The Number of Fragment Blocks in a the data portion of an
internet fragment. That is, the length of a portion of data
measured in 8 octet units.

[Page 42]

September 1981
Internet Protocol
Glossary

octet
An eight bit byte.

Options
The internet header Options field may contain several options,
and each option may be several octets in length.

Padding
The internet header Padding field is used to ensure that the
data begins on 32 bit word boundary. The padding is zero.

Protocol
In this document, the next higher level protocol identifier,
an internet header field.

Rest
The local address portion of an Internet Address.

Source
The source address, an internet header field.

TCP
Transmission Control Protocol: A host-to-host protocol for
reliable communication in internet environments.

TCP Segment
The unit of data exchanged between TCP modules (including the
TCP header).

TFTP
Trivial File Transfer Protocol: A simple file transfer
protocol built on UDP.

Time to Live
An internet header field which indicates the upper bound on
how long this internet datagram may exist.

TOS
Type of Service

Total Length
The internet header field Total Length is the length of the
datagram in octets including internet header and data.

TTL
Time to Live

[Page 43]

September 1981
Internet Protocol
Glossary

Type of Service
An internet header field which indicates the type (or quality)
of service for this internet datagram.

UDP
User Datagram Protocol: A user level protocol for transaction
oriented applications.

User
The user of the internet protocol. This may be a higher level
protocol module, an application program, or a gateway program.

Version
The Version field indicates the format of the internet header.

[Page 44]

September 1981
Internet Protocol

REFERENCES

[1] Cerf, V., "The Catenet Model for Internetworking," Information
Processing Techniques Office, Defense Advanced Research Projects
Agency, IEN 48, July 1978.

[2] Bolt Beranek and Newman, "Specification for the Interconnection of
a Host and an IMP," BBN Technical Report 1822, Revised May 1978.

[3] Postel, J., "Internet Control Message Protocol - DARPA Internet
Program Protocol Specification," RFC 792, USC/Information Sciences
Institute, September 1981.

[4] Shoch, J., "Inter-Network Naming, Addressing, and Routing,"
COMPCON, IEEE Computer Society, Fall 1978.

[5] Postel, J., "Address Mappings," RFC 796, USC/Information Sciences
Institute, September 1981.

[6] Shoch, J., "Packet Fragmentation in Inter-Network Protocols,"
Computer Networks, v. 3, n. 1, February 1979.

[7] Strazisar, V., "How to Build a Gateway", IEN 109, Bolt Beranek and
Newman, August 1979.

[8] Postel, J., "Service Mappings," RFC 795, USC/Information Sciences
Institute, September 1981.

[9] Postel, J., "Assigned Numbers," RFC 790, USC/Information Sciences
Institute, September 1981.

The post RFC 791 – Internet Protocol Version 4 Specification appeared first on IPv6.net.

RFC 1883 – Internet Protocol, Version 6 (IPv6) Specification (OBSOLETE)

IPv6 & IoT editor — Sat, 01 Aug 2009 17:13:58 +0000

Network Working Group S. Deering, Xerox PARC
Request for Comments: 1883 R. Hinden, Ipsilon Networks
Category: Standards Track December 1995

Internet Protocol, Version 6 (IPv6)
Specification

Status of this Memo

This document specifies an Internet standards track protocol for the
Internet community, and requests discussion and suggestions for
improvements. Please refer to the current edition of the "Internet
Official Protocol Standards" (STD 1) for the standardization state
and status of this protocol. Distribution of this memo is unlimited.

Abstract

This document specifies version 6 of the Internet Protocol (IPv6),
also sometimes referred to as IP Next Generation or IPng.

Table of Contents

1. Introduction..................................................3

2. Terminology...................................................4

3. IPv6 Header Format............................................5

4. IPv6 Extension Headers........................................6
4.1 Extension Header Order...................................8
4.2 Options..................................................9
4.3 Hop-by-Hop Options Header...............................11
4.4 Routing Header..........................................13
4.5 Fragment Header.........................................19
4.6 Destination Options Header..............................24
4.7 No Next Header..........................................25

5. Packet Size Issues...........................................26

6. Flow Labels..................................................28

7. Priority.....................................................30

8. Upper-Layer Protocol Issues..................................31
8.1 Upper-Layer Checksums...................................31
8.2 Maximum Packet Lifetime.................................32
8.3 Maximum Upper-Layer Payload Size........................32

Appendix A. Formatting Guidelines for Options...................33

Security Considerations.........................................36

Acknowledgments.................................................36

Authors' Addresses..............................................36

References......................................................37

1. Introduction

IP version 6 (IPv6) is a new version of the Internet Protocol,
designed as a successor to IP version 4 (IPv4) RFC-791. The
changes from IPv4 to IPv6 fall primarily into the following
categories:

o Expanded Addressing Capabilities

IPv6 increases the IP address size from 32 bits to 128 bits, to
support more levels of addressing hierarchy, a much greater
number of addressable nodes, and simpler auto-configuration of
addresses. The scalability of multicast routing is improved by
adding a "scope" field to multicast addresses. And a new type
of address called an "anycast address" is defined, used to send
a packet to any one of a group of nodes.

o Header Format Simplification

Some IPv4 header fields have been dropped or made optional, to
reduce the common-case processing cost of packet handling and
to limit the bandwidth cost of the IPv6 header.

o Improved Support for Extensions and Options

Changes in the way IP header options are encoded allows for
more efficient forwarding, less stringent limits on the length
of options, and greater flexibility for introducing new options
in the future.

o Flow Labeling Capability

A new capability is added to enable the labeling of packets
belonging to particular traffic "flows" for which the sender
requests special handling, such as non-default quality of
service or "real-time" service.

o Authentication and Privacy Capabilities

Extensions to support authentication, data integrity, and
(optional) data confidentiality are specified for IPv6.

This document specifies the basic IPv6 header and the initially-
defined IPv6 extension headers and options. It also discusses packet
size issues, the semantics of flow labels and priority, and the
effects of IPv6 on upper-layer protocols. The format and semantics
of IPv6 addresses are specified separately in RFC-1884. The IPv6
version of ICMP, which all IPv6 implementations are required to
include, is specified in RFC-1885.

2. Terminology

node - a device that implements IPv6.

router - a node that forwards IPv6 packets not explicitly
addressed to itself. [See Note below].

host - any node that is not a router. [See Note below].

upper layer - a protocol layer immediately above IPv6. Examples are
transport protocols such as TCP and UDP, control
protocols such as ICMP, routing protocols such as OSPF,
and internet or lower-layer protocols being "tunneled"
over (i.e., encapsulated in) IPv6 such as IPX,
AppleTalk, or IPv6 itself.

link - a communication facility or medium over which nodes can
communicate at the link layer, i.e., the layer
immediately below IPv6. Examples are Ethernets (simple
or bridged); PPP links; X.25, Frame Relay, or ATM
networks; and internet (or higher) layer "tunnels",
such as tunnels over IPv4 or IPv6 itself.

neighbors - nodes attached to the same link.

interface - a node's attachment to a link.

address - an IPv6-layer identifier for an interface or a set of
interfaces.

packet - an IPv6 header plus payload.

link MTU - the maximum transmission unit, i.e., maximum packet
size in octets, that can be conveyed in one piece over
a link.

path MTU - the minimum link MTU of all the links in a path between
a source node and a destination node.

Note: it is possible, though unusual, for a device with multiple
interfaces to be configured to forward non-self-destined packets
arriving from some set (fewer than all) of its interfaces, and to
discard non-self-destined packets arriving from its other interfaces.
Such a device must obey the protocol requirements for routers when
receiving packets from, and interacting with neighbors over, the
former (forwarding) interfaces. It must obey the protocol
requirements for hosts when receiving packets from, and interacting
with neighbors over, the latter (non-forwarding) interfaces.

3. IPv6 Header Format

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|Version| Prio. | Flow Label |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Payload Length | Next Header | Hop Limit |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
+ +
| |
+ Source Address +
| |
+ +
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
+ +
| |
+ Destination Address +
| |
+ +
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

Version 4-bit Internet Protocol version number = 6.

Prio. 4-bit priority value. See section 7.

Flow Label 24-bit flow label. See section 6.

Payload Length 16-bit unsigned integer. Length of payload,
i.e., the rest of the packet following the
IPv6 header, in octets. If zero, indicates that
the payload length is carried in a Jumbo Payload
hop-by-hop option.

Next Header 8-bit selector. Identifies the type of header
immediately following the IPv6 header. Uses
the same values as the IPv4 Protocol field
RFC-1700 et seq.].

Hop Limit 8-bit unsigned integer. Decremented by 1 by
each node that forwards the packet. The packet
is discarded if Hop Limit is decremented to
zero.

Source Address 128-bit address of the originator of the
packet. See RFC-1884.

Destination Address 128-bit address of the intended recipient
of the packet (possibly not the ultimate
recipient, if a Routing header is present).
See RFC-1884 and section 4.4.

4. IPv6 Extension Headers

In IPv6, optional internet-layer information is encoded in separate
headers that may be placed between the IPv6 header and the upper-
layer header in a packet. There are a small number of such extension
headers, each identified by a distinct Next Header value. As
illustrated in these examples, an IPv6 packet may carry zero, one, or
more extension headers, each identified by the Next Header field of
the preceding header:

+---------------+------------------------
| IPv6 header | TCP header + data
| |
| Next Header = |
| TCP |
+---------------+------------------------

+---------------+----------------+------------------------
| IPv6 header | Routing header | TCP header + data
| | |
| Next Header = | Next Header = |
| Routing | TCP |
+---------------+----------------+------------------------

+---------------+----------------+-----------------+-----------------
| IPv6 header | Routing header | Fragment header | fragment of TCP
| | | | header + data
| Next Header = | Next Header = | Next Header = |
| Routing | Fragment | TCP |
+---------------+----------------+-----------------+-----------------

With one exception, extension headers are not examined or processed
by any node along a packet's delivery path, until the packet reaches
the node (or each of the set of nodes, in the case of multicast)
identified in the Destination Address field of the IPv6 header.
There, normal demultiplexing on the Next Header field of the IPv6
header invokes the module to process the first extension header, or
the upper-layer header if no extension header is present. The
contents and semantics of each extension header determine whether or

not to proceed to the next header. Therefore, extension headers must
be processed strictly in the order they appear in the packet; a
receiver must not, for example, scan through a packet looking for a
particular kind of extension header and process that header prior to
processing all preceding ones.

The exception referred to in the preceding paragraph is the Hop-by-
Hop Options header, which carries information that must be examined
and processed by every node along a packet's delivery path, including
the source and destination nodes. The Hop-by-Hop Options header,
when present, must immediately follow the IPv6 header. Its presence
is indicated by the value zero in the Next Header field of the IPv6
header.

If, as a result of processing a header, a node is required to proceed
to the next header but the Next Header value in the current header is
unrecognized by the node, it should discard the packet and send an
ICMP Parameter Problem message to the source of the packet, with an
ICMP Code value of 2 ("unrecognized Next Header type encountered")
and the ICMP Pointer field containing the offset of the unrecognized
value within the original packet. The same action should be taken if
a node encounters a Next Header value of zero in any header other
than an IPv6 header.

Each extension header is an integer multiple of 8 octets long, in
order to retain 8-octet alignment for subsequent headers. Multi-
octet fields within each extension header are aligned on their
natural boundaries, i.e., fields of width n octets are placed at an
integer multiple of n octets from the start of the header, for n = 1,
2, 4, or 8.

A full implementation of IPv6 includes implementation of the
following extension headers:

Hop-by-Hop Options
Routing (Type 0)
Fragment
Destination Options
Authentication
Encapsulating Security Payload

The first four are specified in this document; the last two are
specified in RFC-1827, respectively.

4.1 Extension Header Order

When more than one extension header is used in the same packet, it is
recommended that those headers appear in the following order:

IPv6 header
Hop-by-Hop Options header
Destination Options header (note 1)
Routing header
Fragment header
Authentication header (note 2)
Encapsulating Security Payload header (note 2)
Destination Options header (note 3)
upper-layer header

note 1: for options to be processed by the first destination
that appears in the IPv6 Destination Address field
plus subsequent destinations listed in the Routing
header.

note 2: additional recommendations regarding the relative
order of the Authentication and Encapsulating
Security Payload headers are given in RFC-1827.

note 3: for options to be processed only by the final
destination of the packet.

Each extension header should occur at most once, except for the
Destination Options header which should occur at most twice (once
before a Routing header and once before the upper-layer header).

If the upper-layer header is another IPv6 header (in the case of IPv6
being tunneled over or encapsulated in IPv6), it may be followed by
its own extensions headers, which are separately subject to the same
ordering recommendations.

If and when other extension headers are defined, their ordering
constraints relative to the above listed headers must be specified.

IPv6 nodes must accept and attempt to process extension headers in
any order and occurring any number of times in the same packet,
except for the Hop-by-Hop Options header which is restricted to
appear immediately after an IPv6 header only. Nonetheless, it is
strongly advised that sources of IPv6 packets adhere to the above
recommended order until and unless subsequent specifications revise
that recommendation.

4.2 Options

Two of the currently-defined extension headers -- the Hop-by-Hop
Options header and the Destination Options header -- carry a variable
number of type-length-value (TLV) encoded "options", of the following
format:

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- - - - - - - - -
| Option Type | Opt Data Len | Option Data
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- - - - - - - - -

Option Type 8-bit identifier of the type of option.

Opt Data Len 8-bit unsigned integer. Length of the Option
Data field of this option, in octets.

Option Data Variable-length field. Option-Type-specific
data.

The sequence of options within a header must be processed strictly in
the order they appear in the header; a receiver must not, for
example, scan through the header looking for a particular kind of
option and process that option prior to processing all preceding
ones.

The Option Type identifiers are internally encoded such that their
highest-order two bits specify the action that must be taken if the
processing IPv6 node does not recognize the Option Type:

00 - skip over this option and continue processing the header.

01 - discard the packet.

10 - discard the packet and, regardless of whether or not the
packets's Destination Address was a multicast address, send
an ICMP Parameter Problem, Code 2, message to the packet's
Source Address, pointing to the unrecognized Option Type.

11 - discard the packet and, only if the packet's Destination
Address was not a multicast address, send an ICMP Parameter
Problem, Code 2, message to the packet's Source Address,
pointing to the unrecognized Option Type.

The third-highest-order bit of the Option Type specifies whether or
not the Option Data of that option can change en-route to the
packet's final destination. When an Authentication header is present
in the packet, for any option whose data may change en-route, its
entire Option Data field must be treated as zero-valued octets when
computing or verifying the packet's authenticating value.

0 - Option Data does not change en-route

1 - Option Data may change en-route

Individual options may have specific alignment requirements, to
ensure that multi-octet values within Option Data fields fall on
natural boundaries. The alignment requirement of an option is
specified using the notation xn+y, meaning the Option Type must
appear at an integer multiple of x octets from the start of the
header, plus y octets. For example:

2n means any 2-octet offset from the start of the header.
8n+2 means any 8-octet offset from the start of the header,
plus 2 octets.

There are two padding options which are used when necessary to align
subsequent options and to pad out the containing header to a multiple
of 8 octets in length. These padding options must be recognized by
all IPv6 implementations:

Pad1 option (alignment requirement: none)

+-+-+-+-+-+-+-+-+
| 0 |
+-+-+-+-+-+-+-+-+

NOTE! the format of the Pad1 option is a special case -- it does
not have length and value fields.

The Pad1 option is used to insert one octet of padding into the
Options area of a header. If more than one octet of padding is
required, the PadN option, described next, should be used,
rather than multiple Pad1 options.

PadN option (alignment requirement: none)

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- - - - - - - - -
| 1 | Opt Data Len | Option Data
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- - - - - - - - -

The PadN option is used to insert two or more octets of padding
into the Options area of a header. For N octets of padding,
the Opt Data Len field contains the value N-2, and the Option
Data consists of N-2 zero-valued octets.

Appendix A contains formatting guidelines for designing new options.

4.3 Hop-by-Hop Options Header

The Hop-by-Hop Options header is used to carry optional information
that must be examined by every node along a packet's delivery path.
The Hop-by-Hop Options header is identified by a Next Header value of
0 in the IPv6 header, and has the following format:

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Next Header | Hdr Ext Len | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +
| |
. .
. Options .
. .
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

Next Header 8-bit selector. Identifies the type of header
immediately following the Hop-by-Hop Options
header. Uses the same values as the IPv4
Protocol field RFC-1700 et seq.].

Hdr Ext Len 8-bit unsigned integer. Length of the
Hop-by-Hop Options header in 8-octet units,
not including the first 8 octets.

Options Variable-length field, of length such that the
complete Hop-by-Hop Options header is an integer
multiple of 8 octets long. Contains one or
more TLV-encoded options, as described in
section 4.2.

In addition to the Pad1 and PadN options specified in section 4.2,
the following hop-by-hop option is defined:

Jumbo Payload option (alignment requirement: 4n + 2)

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| 194 |Opt Data Len=4 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- +-+-+-+-+-+-+-+-+
| Jumbo Payload Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

The Jumbo Payload option is used to send IPv6 packets with
payloads longer than 65,535 octets. The Jumbo Payload Length is
the length of the packet in octets, excluding the IPv6 header but
including the Hop-by-Hop Options header; it must be greater than
65,535. If a packet is received with a Jumbo Payload option
containing a Jumbo Payload Length less than or equal to 65,535,

an ICMP Parameter Problem message, Code 0, should be sent to the
packet's source, pointing to the high-order octet of the invalid
Jumbo Payload Length field.

The Payload Length field in the IPv6 header must be set to zero
in every packet that carries the Jumbo Payload option. If a
packet is received with a valid Jumbo Payload option present and
a non-zero IPv6 Payload Length field, an ICMP Parameter Problem
message, Code 0, should be sent to the packet's source, pointing
to the Option Type field of the Jumbo Payload option.

The Jumbo Payload option must not be used in a packet that
carries a Fragment header. If a Fragment header is encountered
in a packet that contains a valid Jumbo Payload option, an ICMP
Parameter Problem message, Code 0, should be sent to the packet's
source, pointing to the first octet of the Fragment header.

An implementation that does not support the Jumbo Payload option
cannot have interfaces to links whose link MTU is greater than
65,575 (40 octets of IPv6 header plus 65,535 octets of payload).

4.4 Routing Header

The Routing header is used by an IPv6 source to list one or more
intermediate nodes to be "visited" on the way to a packet's
destination. This function is very similar to IPv4's Source Route
options. The Routing header is identified by a Next Header value of
43 in the immediately preceding header, and has the following format:

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Next Header | Hdr Ext Len | Routing Type | Segments Left |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
. .
. type-specific data .
. .
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

Next Header 8-bit selector. Identifies the type of header
immediately following the Routing header.
Uses the same values as the IPv4 Protocol field
RFC-1700 et seq.].

Hdr Ext Len 8-bit unsigned integer. Length of the
Routing header in 8-octet units, not including
the first 8 octets.

Routing Type 8-bit identifier of a particular Routing
header variant.

Segments Left 8-bit unsigned integer. Number of route
segments remaining, i.e., number of explicitly
listed intermediate nodes still to be visited
before reaching the final destination.

type-specific data Variable-length field, of format determined by
the Routing Type, and of length such that the
complete Routing header is an integer multiple
of 8 octets long.

If, while processing a received packet, a node encounters a Routing
header with an unrecognized Routing Type value, the required behavior
of the node depends on the value of the Segments Left field, as
follows:

If Segments Left is zero, the node must ignore the Routing header
and proceed to process the next header in the packet, whose type
is identified by the Next Header field in the Routing header.

If Segments Left is non-zero, the node must discard the packet and
send an ICMP Parameter Problem, Code 0, message to the packet's
Source Address, pointing to the unrecognized Routing Type.

The Type 0 Routing header has the following format:

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Next Header | Hdr Ext Len | Routing Type=0| Segments Left |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Reserved | Strict/Loose Bit Map |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
+ +
| |
+ Address[1] +
| |
+ +
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
+ +
| |
+ Address[2] +
| |
+ +
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
. . .
. . .
. . .
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
+ +
| |
+ Address[n] +
| |
+ +
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

Next Header 8-bit selector. Identifies the type of header
immediately following the Routing header.
Uses the same values as the IPv4 Protocol field
RFC-1700 et seq.].

Hdr Ext Len 8-bit unsigned integer. Length of the
Routing header in 8-octet units, not including
the first 8 octets. For the Type 0 Routing
header, Hdr Ext Len is equal to two times the
number of addresses in the header, and must
be an even number less than or equal to 46.

Routing Type 0.

Segments Left 8-bit unsigned integer . Number of route
segments remaining, i.e., number of explicitly
listed intermediate nodes still to be visited
before reaching the final destination.
Maximum legal value = 23.

Reserved 8-bit reserved field. Initialized to zero for
transmission; ignored on reception.

Strict/Loose Bit Map
24-bit bit-map, numbered 0 to 23, left-to-right.
Indicates, for each segment of the route, whether
or not the next destination address must be a
neighbor of the preceding address: 1 means strict
(must be a neighbor), 0 means loose (need not be
a neighbor).

Address[1..n] Vector of 128-bit addresses, numbered 1 to n.

Multicast addresses must not appear in a Routing header of Type 0, or
in the IPv6 Destination Address field of a packet carrying a Routing
header of Type 0.

If bit number 0 of the Strict/Loose Bit Map has value 1, the
Destination Address field of the IPv6 header in the original packet
must identify a neighbor of the originating node. If bit number 0
has value 0, the originator may use any legal, non-multicast address
as the initial Destination Address.

Bits numbered greater than n, where n is the number of addresses in
the Routing header, must be set to 0 by the originator and ignored by
receivers.

A Routing header is not examined or processed until it reaches the
node identified in the Destination Address field of the IPv6 header.
In that node, dispatching on the Next Header field of the immediately
preceding header causes the Routing header module to be invoked,
which, in the case of Routing Type 0, performs the following
algorithm:

if Segments Left = 0 {
proceed to process the next header in the packet, whose type is
identified by the Next Header field in the Routing header
}
else if Hdr Ext Len is odd or greater than 46 {
send an ICMP Parameter Problem, Code 0, message to the Source
Address, pointing to the Hdr Ext Len field, and discard the
packet
}
else {
compute n, the number of addresses in the Routing header, by
dividing Hdr Ext Len by 2

if Segments Left is greater than n {
send an ICMP Parameter Problem, Code 0, message to the Source
Address, pointing to the Segments Left field, and discard the
packet
}
else {
decrement Segments Left by 1;
compute i, the index of the next address to be visited in
the address vector, by subtracting Segments Left from n

if Address [i] or the IPv6 Destination Address is multicast {
discard the packet
}
else {
swap the IPv6 Destination Address and Address[i]

if bit i of the Strict/Loose Bit map has value 1 and the
new Destination Address is not the address of a neighbor
of this node {
send an ICMP Destination Unreachable -- Not a Neighbor
message to the Source Address and discard the packet
}
else if the IPv6 Hop Limit is less than or equal to 1 {
send an ICMP Time Exceeded -- Hop Limit Exceeded in
Transit message to the Source Address and discard the
packet
}
else {
decrement the Hop Limit by 1

resubmit the packet to the IPv6 module for transmission
to the new destination
}
}
}
}

As an example of the effects of the above algorithm, consider the
case of a source node S sending a packet to destination node D, using
a Routing header to cause the packet to be routed via intermediate
nodes I1, I2, and I3. The values of the relevant IPv6 header and
Routing header fields on each segment of the delivery path would be
as follows:

As the packet travels from S to I1:

Source Address = S Hdr Ext Len = 6
Destination Address = I1 Segments Left = 3
Address[1] = I2
(if bit 0 of the Bit Map is 1, Address[2] = I3
S and I1 must be neighbors; Address[3] = D
this is checked by S)

As the packet travels from I1 to I2:

Source Address = S Hdr Ext Len = 6
Destination Address = I2 Segments Left = 2
Address[1] = I1
(if bit 1 of the Bit Map is 1, Address[2] = I3
I1 and I2 must be neighbors; Address[3] = D
this is checked by I1)

As the packet travels from I2 to I3:

Source Address = S Hdr Ext Len = 6
Destination Address = I3 Segments Left = 1
Address[1] = I1
(if bit 2 of the Bit Map is 1, Address[2] = I2
I2 and I3 must be neighbors; Address[3] = D
this is checked by I2)

As the packet travels from I3 to D:

Source Address = S Hdr Ext Len = 6
Destination Address = D Segments Left = 0
Address[1] = I1
(if bit 3 of the Bit Map is 1, Address[2] = I2
I3 and D must be neighbors; Address[3] = I3
this is checked by I3)

4.5 Fragment Header

The Fragment header is used by an IPv6 source to send packets larger
than would fit in the path MTU to their destinations. (Note: unlike
IPv4, fragmentation in IPv6 is performed only by source nodes, not by
routers along a packet's delivery path -- see section 5.) The
Fragment header is identified by a Next Header value of 44 in the
immediately preceding header, and has the following format:

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Next Header | Reserved | Fragment Offset |Res|M|
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Identification |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

Next Header 8-bit selector. Identifies the initial header
type of the Fragmentable Part of the original
packet (defined below). Uses the same values
as the IPv4 Protocol field RFC-1700 et seq.].

Reserved 8-bit reserved field. Initialized to zero for
transmission; ignored on reception.

Fragment Offset 13-bit unsigned integer. The offset, in 8-octet
units, of the data following this header,
relative to the start of the Fragmentable Part
of the original packet.

Res 2-bit reserved field. Initialized to zero for
transmission; ignored on reception.

M flag 1 = more fragments; 0 = last fragment.

Identification 32 bits. See description below.

In order to send a pac ket that is too large to fit in the MTU of the
path to its destination, a source node may divide the packet into
fragments and send each fragment as a separate packet, to be
reassembled at the receiver.

For every packet that is to be fragmented, the source node generates
an Identification value. The Identification must be different than
that of any other fragmented packet sent recently* with the same
Source Address and Destination Address. If a Routing header is
present, the Destination Address of concern is that of the final
destination.

* "recently" means within the maximum likely lifetime of a packet,
including transit time from source to destination and time spent

awaiting reassembly with other fragments of the same packet.
However, it is not required that a source node know the maximum
packet lifetime. Rather, it is assumed that the requirement can
be met by maintaining the Identification value as a simple, 32-
bit, "wrap-around" counter, incremented each time a packet must
be fragmented. It is an implementation choice whether to
maintain a single counter for the node or multiple counters,
e.g., one for each of the node's possible source addresses, or
one for each active (source address, destination address)
combination.

The initial, large, unfragmented packet is referred to as the
"original packet", and it is considered to consist of two parts, as
illustrated:

original packet:

+------------------+----------------------//-----------------------+
| Unfragmentable | Fragmentable |
| Part | Part |
+------------------+----------------------//-----------------------+

The Unfragmentable Part consists of the IPv6 header plus any
extension headers that must be processed by nodes en route to the
destination, that is, all headers up to and including the Routing
header if present, else the Hop-by-Hop Options header if present,
else no extension headers.

The Fragmentable Part consists of the rest of the packet, that is,
any extension headers that need be processed only by the final
destination node(s), plus the upper-layer header and data.

The Fragmentable Part of the original packet is divided into
fragments, each, except possibly the last ("rightmost") one, being an
integer multiple of 8 octets long. The fragments are transmitted in
separate "fragment packets" as illustrated:

original packet:

+------------------+--------------+--------------+--//--+----------+
| Unfragmentable | first | second | | last |
| Part | fragment | fragment | .... | fragment |
+------------------+--------------+--------------+--//--+----------+

fragment packets:

+------------------+--------+--------------+
| Unfragmentable |Fragment| first |
| Part | Header | fragment |
+------------------+--------+--------------+

+------------------+--------+--------------+
| Unfragmentable |Fragment| second |
| Part | Header | fragment |
+------------------+--------+--------------+
o
o
o
+------------------+--------+----------+
| Unfragmentable |Fragment| last |
| Part | Header | fragment |
+------------------+--------+----------+

Each fragment packet is composed of:

(1) The Unfragmentable Part of the original packet, with the
Payload Length of the original IPv6 header changed to contain
the length of this fragment packet only (excluding the length
of the IPv6 header itself), and the Next Header field of the
last header of the Unfragmentable Part changed to 44.

(2) A Fragment header containing:

The Next Header value that identifies the first header of
the Fragmentable Part of the original packet.

A Fragment Offset containing the offset of the fragment,
in 8-octet units, relative to the start of the
Fragmentable Part of the original packet. The Fragment
Offset of the first ("leftmost") fragment is 0.

An M flag value of 0 if the fragment is the last
("rightmost") one, else an M flag value of 1.

The Identification value generated for the original
packet.

(3) The fragment itself.

The lengths of the fragments must be chosen such that the resulting
fragment packets fit within the MTU of the path to the packets'
destination(s).

At the destination, fragment packets are reassembled into their
original, unfragmented form, as illustrated:

reassembled original packet:

+------------------+----------------------//------------------------+
| Unfragmentable | Fragmentable |
| Part | Part |
+------------------+----------------------//------------------------+

The following rules govern reassembly:

An original packet is reassembled only from fragment packets that
have the same Source Address, Destination Address, and Fragment
Identification.

The Unfragmentable Part of the reassembled packet consists of all
headers up to, but not including, the Fragment header of the first
fragment packet (that is, the packet whose Fragment Offset is
zero), with the following two changes:

The Next Header field of the last header of the Unfragmentable
Part is obtained from the Next Header field of the first
fragment's Fragment header.

The Payload Length of the reassembled packet is computed from
the length of the Unfragmentable Part and the length and offset
of the last fragment. For example, a formula for computing the
Payload Length of the reassembled original packet is:

PL.orig = PL.first - FL.first - 8 + (8 * FO.last) + FL.last

where
PL.orig = Payload Length field of reassembled packet.
PL.first = Payload Length field of first fragment packet.
FL.first = length of fragment following Fragment header of
first fragment packet.
FO.last = Fragment Offset field of Fragment header of
last fragment packet.
FL.last = length of fragment following Fragment header of
last fragment packet.

The Fragmentable Part of the reassembled packet is constructed
from the fragments following the Fragment headers in each of the
fragment packets. The length of each fragment is computed by
subtracting from the packet's Payload Length the length of the
headers between the IPv6 header and fragment itself; its relative
position in Fragmentable Part is computed from its Fragment Offset
value.

The Fragment header is not present in the final, reassembled
packet.

The following error conditions may arise when reassembling fragmented
packets:

If insufficient fragments are received to complete reassembly of a
packet within 60 seconds of the reception of the first-arriving
fragment of that packet, reassembly of that packet must be
abandoned and all the fragments that have been received for that
packet must be discarded. If the first fragment (i.e., the one
with a Fragment Offset of zero) has been received, an ICMP Time
Exceeded -- Fragment Reassembly Time Exceeded message should be
sent to the source of that fragment.

If the length of a fragment, as derived from the fragment packet's
Payload Length field, is not a multiple of 8 octets and the M flag
of that fragment is 1, then that fragment must be discarded and an
ICMP Parameter Problem, Code 0, message should be sent to the
source of the fragment, pointing to the Payload Length field of
the fragment packet.

If the length and offset of a fragment are such that the Payload
Length of the packet reassembled from that fragment would exceed
65,535 octets, then that fragment must be discarded and an ICMP
Parameter Problem, Code 0, message should be sent to the source of
the fragment, pointing to the Fragment Offset field of the
fragment packet.

The following conditions are not expected to occur, but are not
considered errors if they do:

The number and content of the headers preceding the Fragment
header of different fragments of the same original packet may
differ. Whatever headers are present, preceding the Fragment
header in each fragment packet, are processed when the packets
arrive, prior to queueing the fragments for reassembly. Only
those headers in the Offset zero fragment packet are retained in
the reassembled packet.

The Next Header values in the Fragment headers of different
fragments of the same original packet may differ. Only the value
from the Offset zero fragment packet is used for reassembly.

4.6 Destination Options Header

The Destination Options header is used to carry optional information
that need be examined only by a packet's destination node(s). The
Destination Options header is identified by a Next Header value of 60
in the immediately preceding header, and has the following format:

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Next Header | Hdr Ext Len | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +
| |
. .
. Options .
. .
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

Next Header 8-bit selector. Identifies the type of header
immediately following the Destination Options
header. Uses the same values as the IPv4
Protocol field RFC-1700 et seq.].

Hdr Ext Len 8-bit unsigned integer. Length of the
Destination Options header in 8-octet units,
not including the first 8 octets.

Options Variable-length field, of length such that the
complete Destination Options header is an
integer multiple of 8 octets long. Contains
one or more TLV-encoded options, as described
in section 4.2.

The only destination options defined in this document are the Pad1
and PadN options specified in section 4.2.

Note that there are two possible ways to encode optional destination
information in an IPv6 packet: either as an option in the Destination
Options header, or as a separate extension header. The Fragment
header and the Authentication header are examples of the latter
approach. Which approach can be used depends on what action is
desired of a destination node that does not understand the optional
information:

o if the desired action is for the destination node to discard
the packet and, only if the packet's Destination Address is not
a multicast address, send an ICMP Unrecognized Type message to
the packet's Source Address, then the information may be
encoded either as a separate header or as an option in the

Destination Options header whose Option Type has the value 11
in its highest-order two bits. The choice may depend on such
factors as which takes fewer octets, or which yields better
alignment or more efficient parsing.

o if any other action is desired, the information must be encoded
as an option in the Destination Options header whose Option
Type has the value 00, 01, or 10 in its highest-order two bits,
specifying the desired action (see section 4.2).

4.7 No Next Header

The value 59 in the Next Header field of an IPv6 header or any
extension header indicates that there is nothing following that
header. If the Payload Length field of the IPv6 header indicates the
presence of octets past the end of a header whose Next Header field
contains 59, those octets must be ignored, and passed on unchanged if
the packet is forwarded.

5. Packet Size Issues

IPv6 requires that every link in the internet have an MTU of 576
octets or greater. On any link that cannot convey a 576-octet packet
in one piece, link-specific fragmentation and reassembly must be
provided at a layer below IPv6.

From each link to which a node is directly attached, the node must
be able to accept packets as large as that link's MTU. Links that
have a configurable MTU (for example, PPP links RFC-1661) must be
configured to have an MTU of at least 576 octets; it is recommended
that a larger MTU be configured, to accommodate possible
encapsulations (i.e., tunneling) without incurring fragmentation.

It is strongly recommended that IPv6 nodes implement Path MTU
Discovery RFC-1191, in order to discover and take advantage of
paths with MTU greater than 576 octets. However, a minimal IPv6
implementation (e.g., in a boot ROM) may simply restrict itself to
sending packets no larger than 576 octets, and omit implementation of
Path MTU Discovery.

In order to send a packet larger than a path's MTU, a node may use
the IPv6 Fragment header to fragment the packet at the source and
have it reassembled at the destination(s). However, the use of such
fragmentation is discouraged in any application that is able to
adjust its packets to fit the measured path MTU (i.e., down to 576
octets).

A node must be able to accept a fragmented packet that, after
reassembly, is as large as 1500 octets, including the IPv6 header. A
node is permitted to accept fragmented packets that reassemble to
more than 1500 octets. However, a node must not send fragments that
reassemble to a size greater than 1500 octets unless it has explicit
knowledge that the destination(s) can reassemble a packet of that
size.

In response to an IPv6 packet that is sent to an IPv4 d estination
(i.e., a packet that undergoes translation from IPv6 to IPv4), the
originating IPv6 node may receive an ICMP Packet Too Big message
reporting a Next-Hop MTU less than 576. In that case, the IPv6 node
is not required to reduce the size of subsequent packets to less than
576, but must include a Fragment header in those packets so that the
IPv6-to-IPv4 translating router can obtain a suitable Identification
value to use in resulting IPv4 fragments. Note that this means the
payload may have to be reduced to 528 octets (576 minus 40 for the
IPv6 header and 8 for the Fragment header), and smaller still if
additional extension headers are used.

Note: Path MTU Discovery must be performed even in cases where a
host "thinks" a destination is attached to the same link as
itself.

Note: Unlike IPv4, it is unnecessary in IPv6 to set a "Don't
Fragment" flag in the packet header in order to perform Path MTU
Discovery; that is an implicit attribute of every IPv6 packet.
Also, those parts of the RFC-1191 procedures that involve use of
a table of MTU "plateaus" do not apply to IPv6, because the IPv6
version of the "Datagram Too Big" message always identifies the
exact MTU to be used.

6. Flow Labels

The 24-bit Flow Label field in the IPv6 header may be used by a
source to label those packets for which it requests special handling
by the IPv6 routers, such as non-default quality of service or
"real-time" service. This aspect of IPv6 is, at the time of writing,
still experimental and subject to change as the requirements for flow
support in the Internet become clearer. Hosts or routers that do not
support the functions of the Flow Label field are required to set the
field to zero when originating a packet, pass the field on unchanged
when forwarding a packet, and ignore the field when receiving a
packet.

A flow is a sequence of packets sent from a particular source to a
particular (unicast or multicast) destination for which the source
desires special handling by the intervening routers. The nature of
that special handling might be conveyed to the routers by a control
protocol, such as a resource reservation protocol, or by information
within the flow's packets themselves, e.g., in a hop-by-hop option.
The details of such control protocols or options are beyond the scope
of this document.

There may be multiple active flows from a source to a destination, as
well as traffic that is not associated with any flow. A flow is
uniquely identified by the combination of a source address and a
non-zero flow label. Packets that do not belong to a flow carry a
flow label of zero.

A flow label is assigned to a flow by the flow's source node. New
flow labels must be chosen (pseudo-)randomly and uniformly from the
range 1 to FFFFFF hex. The purpose of the random allocation is to
make any set of bits within the Flow Label field suitable for use as
a hash key by routers, for looking up the state associated with the
flow.

All packets belonging to the same flow must be sent with the same
source address, destination address, priority, and flow label. If
any of those packets includes a Hop-by-Hop Options header, then they
all must be originated with the same Hop-by-Hop Options header
contents (excluding the Next Header field of the Hop-by-Hop Options
header). If any of those packets includes a Routing header, then
they all must be originated with the same contents in all extension
headers up to and including the Routing header (excluding the Next
Header field in the Routing header). The routers or destinations are
permitted, but not required, to verify that these conditions are
satisfied. If a violation is detected, it should be reported to the
source by an ICMP Parameter Problem message, Code 0, pointing to the
high-order octet of the Flow Label field (i.e., offset 1 within the
IPv6 packet).

Routers are free to "opportunistically" set up flow-handling state
for any flow, even when no explicit flow establishment information
has been provided to them via a control protocol, a hop-by-hop
option, or other means. For example, upon receiving a packet from a
particular source with an unknown, non-zero flow label, a router may
process its IPv6 header and any necessary extension headers as if the
flow label were zero. That processing would include determining the
next-hop interface, and possibly other actions, such as updating a
hop-by-hop option, advancing the pointer and addresses in a Routing
header, or deciding on how to queue the packet based on its Priority
field. The router may then choose to "remember" the results of those
processing steps and cache that information, using the source address
plus the flow label as the cache key. Subsequent packets with the
same source address and flow label may then be handled by referring
to the cached information rather than examining all those fields
that, according to the requirements of the previous paragraph, can be
assumed unchanged from the first packet seen in the flow.

Cached flow-handling state that is set up opportunistically, as
discussed in the preceding paragraph, must be discarded no more than
6 seconds after it is established, regardless of whether or not
packets of the same flow continue to arrive. If another packet with
the same source address and flow label arrives after the cached state
has been discarded, the packet undergoes full, normal processing (as
if its flow label were zero), which may result in the re-creation of
cached flow state for that flow.

The lifetime of flow-handling state that is set up explicitly, for
example by a control protocol or a hop-by-hop option, must be
specified as part of the specification of the explicit set-up
mechanism; it may exceed 6 seconds.

A source must not re-use a flow label for a new flow within the
lifetime of any flow-handling state that might have been established
for the prior use of that flow label. Since flow-handling state with
a lifetime of 6 seconds may be established opportunistically for any
flow, the minimum interval between the last packet of one flow and
the first packet of a new flow using the same flow label is 6
seconds. Flow labels used for explicitly set-up flows with longer
flow-state lifetimes must remain unused for those longer lifetimes
before being re-used for new flows.

When a node stops and restarts (e.g., as a result of a "crash"), it
must be careful not to use a flow label that it might have used for
an earlier flow whose lifetime may not have expired yet. This may be
accomplished by recording flow label usage on stable storage so that
it can be remembered across crashes, or by refraining from using any
flow labels until the maximum lifetime of any possible previously
established flows has expired (at least 6 seconds; more if explicit

flow set-up mechanisms with longer lifetimes might have been used).
If the minimum time for rebooting the node is known (often more than
6 seconds), that time can be deducted from the necessary waiting
period before starting to allocate flow labels.

There is no requirement that all, or even most, packets belong to
flows, i .e., carry non-zero flow labels. This observation is placed
here to remind protocol designers and implementors not to assume
otherwise. For example, it would be unwise to design a router whose
performance would be adequate only if most packets belonged to flows,
or to design a header compression scheme that only worked on packets
that belonged to flows.

7. Priority

The 4-bit Priority field in the IPv6 header enables a source to
identify the desired delivery priority of its packets, relative to
other packets from the same source. The Priority values are divided
into two ranges: Values 0 through 7 are used to specify the priority
of traffic for which the source is providing congestion control,
i.e., traffic that "backs off" in response to congestion, such as TCP
traffic. Values 8 through 15 are used to specify the priority of
traffic that does not back off in response to congestion, e.g.,
"real-time" packets being sent at a constant rate.

For congestion-controlled traffic, the following Priority values are
recommended for particular application categories:

0 - uncharacterized traffic
1 - "filler" traffic (e.g., netnews)
2 - unattended data transfer (e.g., email)
3 - (reserved)
4 - attended bulk transfer (e.g., FTP, NFS)
5 - (reserved)
6 - interactive traffic (e.g., telnet, X)
7 - internet control traffic (e.g., routing protocols, SNMP)

For non-congestion-controlled traffic, the lowest Priority value (8)
should be used for those packets that the sender is most willing to
have discarded under conditions of congestion (e.g., high-fidelity
video traffic), and the highest value (15) should be used for those
packets that the sender is least willing to have discarded (e.g.,
low-fidelity audio traffic). There is no relative ordering implied
between the congestion-controlled priorities and the non-congestion-
controlled priorities.

8. Upper-Layer Protocol Issues

8.1 Upper-Layer Checksums

Any transport or other upper-layer protocol that includes the
addresses from the IP header in its checksum computation must be
modified for use over IPv6, to include the 128-bit IPv6 addresses
instead of 32-bit IPv4 addresses. In particular, the following
illustration shows the TCP and UDP "pseudo-header" for IPv6:

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
+ +
| |
+ Source Address +
| |
+ +
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
+ +
| |
+ Destination Address +
| |
+ +
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Payload Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| zero | Next Header |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

o If the packet contains a Routing header, the Destination
Address used in the pseudo-header is that of the final
destination. At the originating node, that address will be in
the last element of the Routing header; at the recipient(s),
that address will be in the Destination Address field of the
IPv6 header.

o The Next Header value in the pseudo-header identifies the
upper-layer protocol (e.g., 6 for TCP, or 17 for UDP). It will
differ from the Next Header value in the IPv6 header if there
are extension headers between the IPv6 header and the upper-
layer header.

o The Payload Length used in the pseudo-header is the length of
the upper-layer packet, including the upper-layer header. It
will be less than the Payload Length in the IPv6 header (or in

the Jumbo Payload option) if there are extension headers
between the IPv6 header and the upper-layer header.

o Unlike IPv4, when UDP packets are originated by an IPv6 node,
the UDP checksum is not optional. That is, whenever
originating a UDP packet, an IPv6 node must compute a UDP
checksum over the packet and the pseudo-header, and, if that
computation yields a result of zero, it must be changed to hex
FFFF for placement in the UDP header. IPv6 receivers must
discard UDP packets containing a zero checksum, and should log
the error.

The IPv6 version of ICMP RFC-1885 includes the above pseudo-header
in its checksum computation; this is a change from the IPv4 version
of ICMP, which does not include a pseudo-header in its checksum. The
reason for the change is to protect ICMP from misdelivery or
corruption of those fields of the IPv6 header on which it depends,
which, unlike IPv4, are not covered by an internet-layer checksum.
The Next Header field in the pseudo-header for ICMP contains the
value 58, which identifies the IPv6 version of ICMP.

8.2 Maximum Packet Lifetime

Unlike IPv4, IPv6 nodes are not required to enforce maximum packet
lifetime. That is the reason the IPv4 "Time to Live" field was
renamed "Hop Limit" in IPv6. In practice, very few, if any, IPv4
implementations conform to the requirement that they limit packet
lifetime, so this is not a change in practice. Any upper-layer
protocol that relies on the internet layer (whether IPv4 or IPv6) to
limit packet lifetime ought to be upgraded to provide its own
mechanisms for detecting and discarding obsolete packets.

8.3 Maximum Upper-Layer Payload Size

When computing the maximum payload size available for upper-layer
data, an upper-layer protocol must take into account the larger size
of the IPv6 header relative to the IPv4 header. For example, in
IPv4, TCP's MSS option is computed as the maximum packet size (a
default value or a value learned through Path MTU Discovery) minus 40
octets (20 octets for the minimum-length IPv4 header and 20 octets
for the minimum-length TCP header). When using TCP over IPv6, the
MSS must be computed as the maximum packet size minus 60 octets,
because the minimum-length IPv6 header (i.e., an IPv6 header with no
extension headers) is 20 octets longer than a minimum-length IPv4
header.

Appendix A. Formatting Guidelines for Options

This appendix gives some advice on how to lay out the fields when
designing new options to be used in the Hop-by-Hop Options header or
the Destination Options header, as described in section 4.2. These
guidelines are based on the following assumptions:

o One desirable feature is that any multi-octet fields within the
Option Data area of an option be aligned on their natural
boundaries, i.e., fields of width n octets should be placed at
an integer multiple of n octets from the start of the Hop-by-
Hop or Destination Options header, for n = 1, 2, 4, or 8.

o Another desirable feature is that the Hop-by-Hop or Destination
Options header take up as little space as possible, subject to
the requirement that the header be an integer multiple of 8
octets long.

o It may be assumed that, when either of the option-bearing
headers are present, they carry a very small number of options,
usually only one.

These assumptions suggest the following approach to laying out the
fields of an option: order the fields from smallest to largest, with
no interior padding, then derive the alignment requirement for the
entire option based on the alignment requirement of the largest field
(up to a maximum alignment of 8 octets). This approach is
illustrated in the following examples:

Example 1

If an option X required two data fields, one of length 8 octets and
one of length 4 octets, it would be laid out as follows:

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Option Type=X |Opt Data Len=12|
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| 4-octet field |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
+ 8-octet field +
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

Its alignment requirement is 8n+2, to ensure that the 8-octet field
starts at a multiple-of-8 offset from the start of the enclosing

header. A complete Hop-by-Hop or Destination Options header
containing this one option would look as follows:

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Next Header | Hdr Ext Len=1 | Option Type=X |Opt Data Len=12|
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| 4-octet field |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
+ 8-octet field +
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

Example 2

If an option Y required three data fields, one of length 4 octets,
one of length 2 octets, and one of length 1 octet, it would be laid
out as follows:

+-+-+-+-+-+-+-+-+
| Option Type=Y |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|Opt Data Len=7 | 1-octet field | 2-octet field |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| 4-octet field |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

Its alignment requirement is 4n+3, to ensure that the 4-octet field
starts at a multiple-of-4 offset from the start of the enclosing
header. A complete Hop-by-Hop or Destination Options header
containing this one option would look as follows:

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Next Header | Hdr Ext Len=1 | Pad1 Option=0 | Option Type=Y |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|Opt Data Len=7 | 1-octet field | 2-octet field |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| 4-octet field |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| PadN Option=1 |Opt Data Len=2 | 0 | 0 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

Example 3

A Hop-by-Hop or Destination Options header containing both options X
and Y from Examples 1 and 2 would have one of the two following
formats, depending on which option appeared first:

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Next Header | Hdr Ext Len=3 | Option Type=X |Opt Data Len=12|
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| 4-octet field |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
+ 8-octet field +
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| PadN Option=1 |Opt Data Len=1 | 0 | Option Type=Y |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|Opt Data Len=7 | 1-octet field | 2-octet field |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| 4-octet field |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| PadN Option=1 |Opt Data Len=2 | 0 | 0 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Next Header | Hdr Ext Len=3 | Pad1 Option=0 | Option Type=Y |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|Opt Data Len=7 | 1-octet field | 2-octet field |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| 4-octet field |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| PadN Option=1 |Opt Data Len=4 | 0 | 0 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| 0 | 0 | Option Type=X |Opt Data Len=12|
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| 4-octet field |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
+ 8-octet field +
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

Security Considerations

This document specifies that the IP Authentication Header RFC-1826
and the IP Encapsulating Security Payload RFC-1827 be used with
IPv6, in conformance with the Security Architecture for the Internet
Protocol RFC-1825.

Acknowledgments

The authors gratefully acknowledge the many helpful suggestions of
the members of the IPng working group, the End-to-End Protocols
research group, and the Internet Community At Large.

Authors' Addresses

Stephen E. Deering Robert M. Hinden
Xerox Palo Alto Research Center Ipsilon Networks, Inc.
3333 Coyote Hill Road 2191 E. Bayshore Road, Suite 100
Palo Alto, CA 94304 Palo Alto, CA 94303
USA USA

Phone: +1 415 812 4839 Phone: +1 415 846 4604
Fax: +1 415 812 4471 Fax: +1 415 855 1414
EMail: deering@parc.xerox.com EMail: hinden@ipsilon.com

References

RFC-1825 Atkinson, R., "Security Architecture for the Internet
Protocol", RFC 1825, Naval Research Laboratory, August
1995.

RFC 1826,
Naval Research Laboratory, August 1995.

RFC-1827 Atkinson, R., "IP Encapsulating Security Protocol
(ESP)", RFC 1827, Naval Research Laboratory, August
1995.

RFC-1885 Conta, A., and S. Deering, "Internet Control Message
Protocol (ICMPv6) for the Internet Protocol Version 6
(IPv6) Specification", RFC 1885, Digital Equipment
Corporation, Xerox PARC, December 1995.

RFC-1884 Hinden, R., and S. Deering, Editors, "IP Version 6
Addressing Architecture", RFC 1884, Ipsilon Networks,
Xerox PARC, December 1995.

RFC-1191 Mogul, J., and S. Deering, "Path MTU Discovery", RFC
1191, DECWRL, Stanford University, November 1990.

RFC 791,
USC/Information Sciences Institute, September 1981.

RFC-1700 Reynolds, J., and J. Postel, "Assigned Numbers", STD 2,
RFC 1700, USC/Information Sciences Institute, October
1994.

RFC-1661 Simpson, W., Editor, "The Point-to-Point Protocol
(PPP)", STD 51, RFC 1661, Daydreamer, July 1994.

The post RFC 1883 – Internet Protocol, Version 6 (IPv6) Specification (OBSOLETE) appeared first on IPv6.net.

RFC 1819 – Internet Stream Protocol Version 2 (ST2) Protocol Specification

IPv6 & IoT editor — Tue, 28 Jul 2009 07:54:47 +0000

Network Working Group                                  ST2 Working Group

Request for Comments: 1819           L. Delgrossi and L. Berger, Editors

Obsoletes: 1190, IEN 119                                     August 1995

Category: Experimental

                Internet Stream Protocol Version 2 (ST2)

                 Protocol Specification - Version ST2+

Status of this Memo

   This memo defines an Experimental Protocol for the Internet

   community. This memo does not specify an Internet standard of any

   kind. Discussion and suggestions for improvement are requested.

   Distribution of this memo is unlimited.

IESG NOTE

   This document is a revision of RFC1190. The charter of this effort

   was clarifying, simplifying and removing errors from RFC1190 to

   ensure interoperability of implementations.

   NOTE WELL: Neither the version of the protocol described in this

   document nor the previous version is an Internet Standard or under

   consideration for that status.

   Since the publication of the original version of the protocol, there

   have been significant developments in the state of the art. Readers

   should note that standards and technology addressing alternative

   approaches to the resource reservation problem are currently under

   development within the IETF.

Abstract

   This memo contains a revised specification of the Internet STream

   Protocol Version 2 (ST2). ST2 is an experimental resource reservation

   protocol intended to provide end-to-end real-time guarantees over an

   internet. It allows applications to build multi-destination simplex

   data streams with a desired quality of service. The revised version

   of ST2 specified in this memo is called ST2+.

   This specification is a product of the STream Protocol Working Group

   of the Internet Engineering Task Force.

Table of Contents

     1 Introduction                                                   6

             1.1 What is ST2?                                         6

             1.2 ST2 and IP                                           8

             1.3 Protocol History                                     8

             1.3.1 RFC1190 ST and ST2+ Major Differences              9

             1.4 Supporting Modules for ST2                          10

             1.4.1 Data Transfer Protocol                            11

             1.4.2 Setup Protocol                                    11

             1.4.3 Flow Specification                                11

             1.4.4 Routing Function                                  12

             1.4.5 Local Resource Manager                            12

             1.5 ST2 Basic Concepts                                  15

             1.5.1 Streams                                           16

             1.5.2 Data Transmission                                 16

             1.5.3 Flow Specification                                17

             1.6 Outline of This Document                            19

     2 ST2 User Service Description                                  19

             2.1 Stream Operations and Primitive Functions           19

             2.2 State Diagrams                                      21

             2.3 State Transition Tables                             25

     3 The ST2 Data Transfer Protocol                                26

             3.1 Data Transfer with ST                               26

             3.2 ST Protocol Functions                               27

             3.2.1 Stream Identification                             27

             3.2.2 Packet Discarding based on Data Priority          27

     4 SCMP Functional Description                                   28

             4.1 Types of Streams                                    29

             4.1.1 Stream Building                                   30

             4.1.2 Knowledge of Receivers                            30

             4.2 Control PDUs                                        31

             4.3 SCMP Reliability                                    32

             4.4 Stream Options                                      33

             4.4.1 No Recovery                                       33

             4.4.2 Join Authorization Level                          34

             4.4.3 Record Route                                      34

             4.4.4 User Data                                         35

             4.5 Stream Setup                                        35

             4.5.1 Information from the Application                  35

             4.5.2 Initial Setup at the Origin                       35

             4.5.2.1 Invoking the Routing Function                   36

             4.5.2.2 Reserving Resources                             36

             4.5.3 Sending CONNECT Messages                          37

             4.5.3.1 Empty Target List                               37

             4.5.4 CONNECT Processing by an Intermediate ST agent    37

             4.5.5 CONNECT Processing at the Targets                 38

             4.5.6 ACCEPT Processing by an Intermediate ST agent     38

             4.5.7 ACCEPT Processing by the Origin                   39

             4.5.8 REFUSE Processing by the Intermediate ST agent    39

             4.5.9 REFUSE Processing by the Origin                   39

             4.5.10 Other Functions during Stream Setup              40

             4.6 Modifying an Existing Stream                        40

             4.6.1 The Origin Adding New Targets                     41

             4.6.2 The Origin Removing a Target                      41

             4.6.3 A Target Joining a Stream                         42

             4.6.3.1 Intermediate Agent (Router) as Origin           43

             4.6.4 A Target Deleting Itself                          43

             4.6.5 Changing a Stream's FlowSpec                      44

             4.7 Stream Tear Down                                    45

     5 Exceptional Cases                                             45

             5.1 Long ST Messages                                    45

             5.1.1 Handling of Long Data Packets                     45

             5.1.2 Handling of Long Control Packets                  46

             5.2 Timeout Failures                                    47

             5.2.1 Failure due to ACCEPT Acknowledgment Timeout      47

             5.2.2 Failure due to CHANGE Acknowledgment Timeout      47

             5.2.3 Failure due to CHANGE Response Timeout            48

             5.2.4 Failure due to CONNECT Acknowledgment Timeout     48

             5.2.5 Failure due to CONNECT Response Timeout           48

             5.2.6 Failure due to DISCONNECT Acknowledgment Timeout 48

             5.2.7 Failure due to JOIN Acknowledgment Timeout        48

             5.2.8 Failure due to JOIN Response Timeout              49

             5.2.9 Failure due to JOIN-REJECT Acknowledgment Timeout 49

             5.2.10 Failure due to NOTIFY Acknowledgment Timeout     49

             5.2.11 Failure due to REFUSE Acknowledgment Timeout     49

             5.2.12 Failure due to STATUS Response Timeout           49

             5.3 Setup Failures due to Routing Failures              50

             5.3.1 Path Convergence                                  50

             5.3.2 Other Cases                                       51

             5.4 Problems due to Routing Inconsistency               52

             5.5 Problems in Reserving Resources                     53

             5.5.1 Mismatched FlowSpecs                              53

             5.5.2 Unknown FlowSpec Version                          53

             5.5.3 LRM Unable to Process FlowSpec                    53

             5.5.4 Insufficient Resources                            53

             5.6 Problems Caused by CHANGE Messages                  54

             5.7 Unknown Targets in DISCONNECT and CHANGE            55

     6 Failure Detection and Recovery                                55

             6.1 Failure Detection                                   55

             6.1.1 Network Failures                                  56

             6.1.2 Detecting ST Agents Failures                      56

             6.2 Failure Recovery                                    58

             6.2.1 Problems in Stream Recovery                       60

             6.3 Stream Preemption                                   62

     7 A Group of Streams                                            63

             7.1 Basic Group Relationships                           63

             7.1.1 Bandwidth Sharing                                 63

             7.1.2 Fate Sharing                                      64

             7.1.3 Route Sharing                                     65

             7.1.4 Subnet Resources Sharing                          65

             7.2 Relationships Orthogonality                         65

     8 Ancillary Functions                                           66

             8.1 Stream ID Generation                                66

             8.2 Group Name Generator                                66

             8.3 Checksum Computation                                67

             8.4 Neighbor ST Agent Identification and

                     Information Collection                           67

             8.5 Round Trip Time Estimation                          68

             8.6 Network MTU Discovery                               68

             8.7 IP Encapsulation of ST                              69

             8.8 IP Multicasting                                     70

     9 The ST2+ Flow Specification                                   71

             9.1 FlowSpec Version #0 - (Null FlowSpec)               72

             9.2 FlowSpec Version #7 - ST2+ FlowSpec                 72

             9.2.1 QoS Classes                                       73

             9.2.2 Precedence                                        74

             9.2.3 Maximum Data Size                                 74

             9.2.4 Message Rate                                      74

             9.2.5 Delay and Delay Jitter                            74

             9.2.6 ST2+ FlowSpec Format                              75

     10 ST2 Protocol Data Units Specification                        77

             10.1 Data PDU                                           77

             10.1.1 ST Data Packets                                  78

             10.2 Control PDUs                                       78

             10.3 Common SCMP Elements                               80

             10.3.1 FlowSpec                                         80

             10.3.2 Group                                            81

             10.3.3 MulticastAddress                                 82

             10.3.4 Origin                                           82

             10.3.5 RecordRoute                                      83

             10.3.6 Target and TargetList                            84

             10.3.7 UserData                                         85

             10.3.8 Handling of Undefined Parameters                 86

             10.4 ST Control Message PDUs                            86

             10.4.1 ACCEPT                                           86

             10.4.2 ACK                                              88

             10.4.3 CHANGE                                           89

             10.4.4 CONNECT                                          89

             10.4.5 DISCONNECT                                       92

             10.4.6 ERROR                                            93

             10.4.7 HELLO                                            94

             10.4.8 JOIN                                             95

             10.4.9 JOIN-REJECT                                      96

             10.4.10 NOTIFY                                          97

             10.4.11 REFUSE                                          98

             10.4.12 STATUS                                         100

             10.4.13 STATUS-RESPONSE                                100

             10.5 Suggested Protocol Constants                      101

             10.5.1 SCMP Messages                                   102

             10.5.2 SCMP Parameters                                 102

             10.5.3 ReasonCode                                      102

             10.5.4 Timeouts and Other Constants                    104

             10.6 Data Notations                                    105

     11 References                                                  106

     12 Security Considerations                                     108

     13 Acknowledgments and Authors' Addresses                      108

1. Introduction

1.1 What is ST2?

   The Internet Stream Protocol, Version 2 (ST2) is an experimental

   connection-oriented internetworking protocol that operates at the

   same layer as connectionless IP. It has been developed to support the

   efficient delivery of data streams to single or multiple destinations

   in applications that require guaranteed quality of service. ST2 is

   part of the IP protocol family and serves as an adjunct to, not a

   replacement for, IP. The main application areas of the protocol are

   the real-time transport of multimedia data, e.g., digital audio and

   video packet streams, and distributed simulation/gaming, across

   internets.

   ST2 can be used to reserve bandwidth for real-time streams across

   network routes. This reservation, together with appropriate network

   access and packet scheduling mechanisms in all nodes running the

   protocol, guarantees a well-defined Quality of Service (QoS) to ST2

   applications. It ensures that real-time packets are delivered within

   their deadlines, that is, at the time where they need to be

   presented. This facilitates a smooth delivery of data that is

   essential for time- critical applications, but can typically not be

   provided by best- effort IP communication.

                      DATA PATH                         CONTROL PATH

                      =========                         ============

       Upper     +------------------+                     +---------+

       Layer     | Application data |                     | Control |

                 +------------------+                     +---------+

                          |                                    |

                          |                                    V

                          |                     +-------------------+

       SCMP               |                     |   SCMP |         |

                          |                     +-------------------+

                          |                             |

                          V                             V

            +-----------------------+      +------------------------+

       ST   | ST |                  |      | ST |         |         |

            +-----------------------+      +------------------------+

            D-bit=1                       D-bit=0

                   Figure 1: ST2 Data and Control Path

   Just like IP, ST2 actually consists of two protocols: ST for the data

   transport and SCMP, the Stream Control Message Protocol, for all

   control functions. ST is simple and contains only a single PDU format

   that is designed for fast and efficient data forwarding in order to

   achieve low communication delays. SCMP, however, is more complex than

   IP's ICMP. As with ICMP and IP, SCMP packets are transferred within

   ST packets as shown in Figure 1.

    +--------------------+

    | Conference Control |

    +--------------------+

   +-------+ +-------+ |

   | Video | | Voice | | +-----+ +------+ +-----+     +-----+ Application

   | Appl | | Appl | | | SNMP| |Telnet| | FTP | ... |     |    Layer

   +-------+ +-------+ | +-----+ +------+ +-----+     +-----+

       |        |      |     |        |     |            |

       V        V      |     |        |     |            |   ------------

    +-----+ +-----+   |     |        |     |            |

    | PVP | | NVP |   |     |        |     |            |

    +-----+ +-----+   +     |        |     |            |

     |   \      | \     \    |        |     |            |

     |    +-----|--+-----+   |        |     |            |

     |     Appl.|control V V        V     V            V

     | ST data |         +-----+    +-------+        +-----+

     | & control|         | UDP |    | TCP |    ... | RTP | Transport

     |          |         +-----+    +-------+        +-----+   Layer

     |         /|          / | \       / / |          / /|

     |\       / | +------+--|--\-----+-/--|--- ... -+ / |

     | \     / | |         |   \     /   |          / |

     | \   /   | |         |    \   +----|--- ... -+   |   -----------

     |   \ /    | |         |     \ /     |             |

     |    V     | |         |      V      |             |

     | +------+ | |         |   +------+ |   +------+ |

     | | SCMP | | |         |   | ICMP | |   | IGMP | |    Internet

     | +------+ | |         |   +------+ |   +------+ |     Layer

     |    |     | |         |      |      |      |      |

     V    V     V V         V      V      V      V      V

   +-----------------+ +-----------------------------------+

   | STream protocol |->|      Internet     Protocol        |

   +-----------------+ +-----------------------------------+

                  | \   / |

                  | \ / |

                  |   X   |                                  ------------

                  | / \ |

                  | /   \ |

                  VV     VV

   +----------------+   +----------------+

   | (Sub-) Network |...| (Sub-) Network |                  (Sub-)Network

   |    Protocol    |   |    Protocol    |                     Layer

   +----------------+   +----------------+

                   Figure 2. Protocol Relationships

1.2 ST2 and IP

   ST2 is designed to coexist with IP on each node. A typical

   distributed multimedia application would use both protocols: IP for

   the transfer of traditional data and control information, and ST2 for

   the transfer of real-time data. Whereas IP typically will be accessed

   from TCP or UDP, ST2 will be accessed via new end-to-end real-time

   protocols. The position of ST2 with respect to the other protocols of

   the Internet family is represented in Figure 2.

   Both ST2 and IP apply the same addressing schemes to identify

   different hosts. ST2 and IP packets differ in the first four bits,

   which contain the internetwork protocol version number: number 5 is

   reserved for ST2 (IP itself has version number 4). As a network layer

   protocol, like IP, ST2 operates independently of its underlying

   subnets. Existing implementations use ARP for address resolution, and

   use the same Layer 2 SAPs as IP.

   As a special function, ST2 messages can be encapsulated in IP

   packets. This is represented in Figure 2 as a link between ST2 and

   IP. This link allows ST2 messages to pass through routers which do

   not run ST2. Resource management is typically not available for

   these IP route segments. IP encapsulation is, therefore, suggested

   only for portions of the network which do not constitute a system

   bottleneck.

   In Figure 2, the RTP protocol is shown as an example of transport

   layer on top of ST2. Others include the Packet Video Protocol (PVP)

   [Cole81], the Network Voice Protocol (NVP) [Cohe81], and others such

   as the Heidelberg Transport Protocol (HeiTP) [DHHS92].

1.3 Protocol History

   The first version of ST was published in the late 1970's and was used

   throughout the 1980's for experimental transmission of voice, video,

   and distributed simulation. The experience gained in these

   applications led to the development of the revised protocol version

   ST2. The revision extends the original protocol to make it more

   complete and more applicable to emerging multimedia environments. The

   specification of this protocol version is contained in Internet RFC

   1190 which was published in October 1990 [RFC1190].

   With more and more developments of commercial distributed multimedia

   applications underway and with a growing dissatisfaction at the

   transmission quality for audio and video over IP in the MBONE,

   interest in ST2 has grown over the last years. Companies have

   products available incorporating the protocol. The BERKOM MMTS

   project of the German PTT [DeAl92] uses ST2 as its core protocol for

   the provision of multimedia teleservices such as conferencing and

   mailing. In addition, implementations of ST2 for Digital Equipment,

   IBM, NeXT, Macintosh, PC, Silicon Graphics, and Sun platforms are

   available.

   In 1993, the IETF started a new working group on ST2 as part of

   ongoing efforts to develop protocols that address resource

   reservation issues. The group's mission was to clean up the existing

   protocol specification to ensure better interoperability between the

   existing and emerging implementations. It was also the goal to

   produce an updated experimental protocol specification that reflected

   the experiences gained with the existing ST2 implementations and

   applications. Which led to the specification of the ST2+ protocol

   contained in this document.

1.3.1 RFC1190 ST and ST2+ Major Differences

   The protocol changes from RFC1190 were motivated by protocol

   simplification and clarification, and codification of extensions in

   existing implementations. This section provides a list of major

   differences, and is probably of interest only to those who have

   knowledge of RFC1190. The major differences between the versions are:

o   Elimination of "Hop IDentifiers" or HIDs. HIDs added much complexity

    to the protocol and was found to be a major impediment to

    interoperability. HIDs have been replaced by globally unique

    identifiers called "Stream IDentifiers" or SIDs.

o   Elimination of a number of stream options. A number of options were

    found to not be used by any implementation, or were thought to add

    more complexity than value. These options were removed. Removed

    options include: point-to-point, full-duplex, reverse charge, and

    source route.

o   Elimination of the concept of "subset" implementations. RFC1190

    permitted subset implementations, to allow for easy implementation

    and experimentation. This led to interoperability problems. Agents

    implementing the protocol specified in this document, MUST implement

    the full protocol. A number of the protocol functions are best-

    effort. It is expected that some implementations will make more

    effort than others in satisfying particular protocol requests.

o   Clarification of the capability of targets to request to join a

    steam. RFC1190 can be interpreted to support target requests, but

    most implementors did not understand this and did not add support

    for this capability. The lack of this capability was found to be a

    significant limitation in the ability to scale the number of

    participants in a single ST stream. This clarification is based on

    work done by IBM Heidelberg.

o   Separation of functions between ST and supporting modules. An effort

    was made to improve the separation of functions provided by ST and

    those provided by other modules. This is reflected in reorganization

    of some text and some PDU formats. ST was also made FlowSpec

    independent, although it does define a FlowSpec for testing and

    interoperability purposes.

o   General reorganization and re-write of the specification. This

    document has been organized with the goal of improved readability

    and clarity. Some sections have been added, and an effort was made

    to improve the introduction of concepts.

1.4 Supporting Modules for ST2

   ST2 is one piece of a larger mosaic. This section presents the

   overall communication architecture and clarifies the role of ST2 with

   respect to its supporting modules.

   ST2 proposes a two-step communication model. In the first step, the

   real-time channels for the subsequent data transfer are built. This

   is called stream setup. It includes selecting the routes to the

   destinations and reserving the correspondent resources. In the second

   step, the data is transmitted over the previously established

   streams. This is called data transfer. While stream setup does not

   have to be completed in real-time, data transfer has stringent real-

   time requirements. The architecture used to describe the ST2

   communication model includes:

o   a data transfer protocol for the transmission of real-time data

    over the established streams,

o   a setup protocol to establish real-time streams based on the flow

    specification,

o   a flow specification to express user real-time requirements,

o   a routing function to select routes in the Internet,

o   a local resource manager to appropriately handle resources involved

    in the communication.

   This document defines a data protocol (ST), a setup protocol (SCMP),

   and a flow specification (ST2+ FlowSpec). It does not define a

   routing function and a local resource manager. However, ST2 assumes

   their existence.

   Alternative architectures are possible, see [RFC1633] for an example

   alternative architecture that could be used when implementing ST2.

1.4.1 Data Transfer Protocol

   The data transfer protocol defines the format of the data packets

   belonging to the stream. Data packets are delivered to the targets

   along the stream paths previously established by the setup protocol.

   Data packets are delivered with the quality of service associated

   with the stream.

   Data packets contain a globally unique stream identifier that

   indicates which stream they belong to. The stream identifier is also

   known by the setup protocol, which uses it during stream

   establishment. The data transfer protocol for ST2, known simply as

   ST, is completely defined by this document.

1.4.2 Setup Protocol

   The setup protocol is responsible for establishing, maintaining, and

   releasing real-time streams. It relies on the routing function to

   select the paths from the source to the destinations. At each

   host/router on these paths, it presents the flow specification

   associated with the stream to the local resource manager. This causes

   the resource managers to reserve appropriate resources for the

   stream. The setup protocol for ST2 is called Stream Control Message

   Protocol, or SCMP, and is completely defined by this document.

1.4.3 Flow Specification

   The flow specification is a data structure including the ST2

   applications' QoS requirements. At each host/router, it is used by

   the local resource manager to appropriately handle resources so that

   such requirements are met. Distributing the flow specification to all

   resource managers along the communication paths is the task of the

   setup protocol. However, the contents of the flow specification are

   transparent to the setup protocol, which simply carries the flow

   specification. Any operations on the flow specification, including

   updating internal fields and comparing flow specifications are

   performed by the resource managers.

   This document defines a specific flow specification format that

   allows for interoperability among ST2 implementations. This flow

   specification is intended to support a flow with a single

   transmission rate for all destinations in the stream. Implementations

   may support more than one flow specification format and the means are

   provided to add new formats as they are defined in the future.

   However, the flow specification format has to be consistent

   throughout the stream, i.e., it is not possible to use different flow

   specification formats for different parts of the same stream.

1.4.4 Routing Function

   The routing function is an external unicast route generation

   capability. It provides the setup protocol with the path to reach

   each of the desired destinations. The routing function is called on a

   hop-by-hop basis and provides next-hop information. Once a route is

   selected by the routing function, it persists for the whole stream

   lifetime. The routing function may try to optimize based on the

   number of targets, the requested resources, or use of local network

   multicast or bandwidth capabilities. Alternatively, the routing

   function may even be based on simple connectivity information.

   The setup protocol is not necessarily aware of the criteria used by

   the routing function to select routes. It works with any routing

   function algorithm. The algorithm adopted is a local matter at each

   host/router and different hosts/routers may use different algorithms.

   The interface between setup protocol and routing function is also a

   local matter and therefore it is not specified by this document.

   This version of ST does not support source routing. It does support

   route recording. It does include provisions that allow identification

   of ST capable neighbors. Identification of remote ST hosts/routers is

   not specifically addressed.

1.4.5 Local Resource Manager

   At each host/router traversed by a stream, the Local Resource Manager

   (LRM) is responsible for handling local resources. The LRM knows

   which resources are on the system and what capacity they can provide.

   Resources include:

o   CPUs on end systems and routers to execute the application and

    protocol software,

o   main memory space for this software (as in all real-time systems,

    code should be pinned in main memory, as swapping it out would have

    detrimental effects on system performance),

o   buffer space to store the data, e.g., communication packets, passing

    through the nodes,

o   network adapters, and

o   transmission networks between the nodes. Networks may be as simple

    as point-to-point links or as complex as switched networks such as

    Frame Relay and ATM networks.

   During stream setup and modification, the LRM is presented by the

   setup protocol with the flow specification associated to the stream.

   For each resource it handles, the LRM is expected to perform the

   following functions:

o   Stream Admission Control: it checks whether, given the flow

    specification, there are sufficient resources left to handle the new

    data stream. If the available resources are insufficient, the new

    data stream must be rejected.

o   QoS Computation: it calculates the best possible performance the

    resource can provide for the new data stream under the current

    traffic conditions, e.g., throughput and delay values are computed.

o   Resource Reservation: it reserves the resource capacities required

    to meet the desired QoS.

   During data transfer, the LRM is responsible for:

o   QoS Enforcement: it enforces the QoS requirements by appropriate

    scheduling of resource access. For example, data packets from an

    application with a short guaranteed delay must be served prior to

    data from an application with a less strict delay bound.

   The LRM may also provide the following additional functions:

o   Data Regulation: to smooth a stream's data traffic, e.g., as with the

    leaky bucket algorithm.

o   Policing: to prevent applications exceed their negotiated QoS, e.g.,

    to send data at a higher rate than indicated in the flow

    specification.

o   Stream Preemption: to free up resources for other streams with

    higher priority or importance.

   The strategies adopted by the LRMs to handle resources are resource-

   dependent and may vary at every host/router. However, it is necessary

   that all LRMs have the same understanding of the flow specification.

   The interface between setup protocol and LRM is a local matter at

   every host and therefore it is not specified by this document. An

   example of LRM is the Heidelberg Resource Administration Technique

   (HeiRAT) [VoHN93].

   It is also assumed that the LRM provides functions to compare flow

   specifications, i.e., to decide whether a flow specification requires

   a greater, equal, or smaller amount of resource capacities to be

   reserved.

1.5 ST2 Basic Concepts

   The following sections present at an introductory level some of the

   fundamental ST2 concepts including streams, data transfer, and flow

   specification.

            Hosts Connections...                :      ...and Streams

            ====================                :      ==============

        data       Origin                       :          Origin

       packets +-----------+                    :          +----+

          +----|Application|                    :          |    |

          |    |-----------|                    :          +----+

          +--->| ST Agent |                    :           | |

               +-----------+                    :           | |

                     |                          :           | |

                     V                          :           | |

              +-------------+                   :           | |

              |             |                   :           | |

+-------------| Network A |                   :   +-------+ +--+

|             |             |                   :   |             |

|             +-------------+                   :   |     Target 2|

|                    |     Target 2             :   |     & Router|

|     Target 1       |    and Router            :   |             |

| +-----------+     | +-----------+           :   V             V

| |Application|<-+ | |Application|<-+        : +----+        +----+

| |-----------| | | |-----------| |        : |    |        |    |

+->| ST Agent |--+ +->| ST Agent |--+        : +----+        +----+

   +-----------+        +-----------+           :Target 1         | |

                              |                 :                 | |

                              V                 :                 | |

                    +-------------+             :                 | |

                    |             |             :                 | |

      +-------------| Network B |             :           +-----+ |

      |             |             |             :           |        |

      |             +-------------+             :           |        |

      |    Target 3        |    Target 4        :           |        |

      | +-----------+     | +-----------+     :           V        V

      | |Application|<-+ | |Application|<-+ :         +----+ +----+

      | |-----------| | | |-----------| | :         |    | |    |

      +->| ST Agent |--+ +->| ST Agent |--+ :         +----+ +----+

         +-----------+        +-----------+     :      Target 3 Target 4

                                                :

                         Figure 3: The Stream Concept

1.5.1 Streams

   Streams form the core concepts of ST2. They are established between a

   sending origin and one or more receiving targets in the form of a

   routing tree. Streams are uni-directional from the origin to the

   targets. Nodes in the tree represent so-called ST agents, entities

   executing the ST2 protocol; links in the tree are called hops. Any

   node in the middle of the tree is called an intermediate agent, or

   router. An agent may have any combination of origin, target, or

   intermediate capabilities.

   Figure 3 illustrates a stream from an origin to four targets, where

   the ST agent on Target 2 also functions as an intermediate agent. Let

   us use this Target 2/Router node to explain some basic ST2

   terminology: the direction of the stream from this node to Target 3

   and 4 is called downstream, the direction towards the Origin node

   upstream. ST agents that are one hop away from a given node are

   called previous-hops in the upstream, and next-hops in the downstream

   direction.

   Streams are maintained using SCMP messages. Typical SCMP messages are

   CONNECT and ACCEPT to build a stream, DISCONNECT and REFUSE to close

   a stream, CHANGE to modify the quality of service associated with a

   stream, and JOIN to request to be added to a stream.

   Each ST agent maintains state information describing the streams

   flowing through it. It can actively gather and distribute such

   information. It can recognize failed neighbor ST agents through the

   use of periodic HELLO message exchanges. It can ask other ST agents

   about a particular stream via a STATUS message. These ST agents then

   send back a STATUS-RESPONSE message. NOTIFY messages can be used to

   inform other ST agents of significant events.

   ST2 offers a wealth of functionalities for stream management. Streams

   can be grouped together to minimize allocated resources or to process

   them in the same way in case of failures. During audio conferences,

   for example, only a limited set of participants may talk at once.

   Using the group mechanism, resources for only a portion of the audio

   streams of the group need to be reserved. Using the same concept, an

   entire group of related audio and video streams can be dropped if one

   of them is preempted.

1.5.2 Data Transmission

   Data transfer in ST2 is simplex in the downstream direction. Data

   transport through streams is very simple. ST2 puts only a small

   header in front of the user data. The header contains a protocol

   identification that distinguishes ST2 from IP packets, an ST2 version

   number, a priority field (specifying a relative importance of streams

   in cases of conflict), a length counter, a stream identification, and

   a checksum. These elements form a 12-byte header.

   Efficiency is also achieved by avoiding fragmentation and reassembly

   on all agents. Stream establishment yields a maximum message size for

   data packets on a stream. This maximum message size is communicated

   to the upper layers, so that they provide data packets of suitable

   size to ST2.

   Communication with multiple next-hops can be made even more efficient

   using MAC Layer multicast when it is available. If a subnet supports

   multicast, a single multicast packet is sufficient to reach all

   next-hops connected to this subnet. This leads to a significant

   reduction of the bandwidth requirements of a stream. If multicast is

   not provided, separate packets need to be sent to each next-hop.

   As ST2 relies on reservation, it does not contain error correction

   mechanisms features for data exchange such as those found in TCP. It

   is assumed that real-time data, such as digital audio and video,

   require partially correct delivery only. In many cases, retransmitted

   packets would arrive too late to meet their real-time delivery

   requirements. Also, depending on the data encoding and the particular

   application, a small number of errors in stream data are acceptable.

   In any case, reliability can be provided by layers on top of ST2 when

   needed.

1.5.3 Flow Specification

   As part of establishing a connection, SCMP handles the negotiation of

   quality-of-service parameters for a stream. In ST2 terminology, these

   parameters form a flow specification (FlowSpec) which is associated

   with the stream. Different versions of FlowSpecs exist, see

   [RFC1190], [DHHS92] and [RFC1363], and can be distinguished by a

   version number. Typically, they contain parameters such as average

   and maximum throughput, end-to-end delay, and delay variance of a

   stream. SCMP itself only provides the mechanism for relaying the

   quality-of-service parameters.

   Three kinds of entities participate in the quality-of-service

   negotiation: application entities on the origin and target sites as

   the service users, ST agents, and local resource managers (LRM). The

   origin application supplies the initial FlowSpec requesting a

   particular service quality. Each ST agent which obtains the FlowSpec

   as part of a connection establishment message, it presents the local

   resource manager with it. ST2 does not determine how resource

   managers make reservations and how resources are scheduled according

   to these reservations; ST2, however, assumes these mechanisms as its

   basis.

   An example of the FlowSpec negotiation procedure is illustrated in

   Figure 4. Depending on the success of its local reservations, the LRM

   updates the FlowSpec fields and returns the FlowSpec to the ST agent,

   which passes it downstream as part of the connection message.

   Eventually, the FlowSpec is communicated to the application at the

   target which may base its accept/reject decision for establishing the

   connection on it and may finally also modify the FlowSpec. If a

   target accepts the connection, the (possibly modified) FlowSpec is

   propagated back to the origin which can then calculate an overall

   service quality for all targets. The application entity at the origin

   may later request a CHANGE to adjust reservations.

                 Origin                 Router               Target 1

                +------+      1a       +------+      1b      +------+

                |      |-------------->|      |------------->|      |

                +------+               +------+              +------+

                 ^ | ^                                          |

                 | | |                    2                     |

                 | | +------------------------------------------+

                 + +

+-------------+ \ \             +-------------+       +-------------+

|Max Delay: 12|   \ \            |Max Delay: 12|       |Max Delay: 12|

|-------------|    \ \           |-------------|       |-------------|

|Min Delay: 2|     \ \          |Min Delay: 5|       |Min Delay: 9|

|-------------|      \ \         |-------------|       |-------------|

|Max Size:4096|       + +        |Max Size:2048|       |Max Size:2048|

+-------------+       | |        +-------------+       +-------------+

    FlowSpec           | | 1

                       | +---------------+

                       |                  |

                       |                  V

                     2 |               +------+

                       +---------------|      |

                                       +------+

                                       Target 2

                                   +-------------+

                                   |Max Delay: 12|

                                   |-------------|

                                   |Min Delay: 4|

                                   |-------------|

                                   |Max Size:4096|

                                   +-------------+

        Figure 4: Quality-of-Service Negotiation with FlowSpecs

1.6 Outline of This Document

   This document contains the specification of the ST2+ version of the

   ST2 protocol. In the rest of the document, whenever the terms "ST" or

   "ST2" are used, they refer to the ST2+ version of ST2.

   The document is organized as follows:

o   Section 2 describes the ST2 user service from an application point

    of view.

o   Section 3 illustrates the ST2 data transfer protocol, ST.

o   Section 4 through Section 8 specify the ST2 setup protocol, SCMP.

o   the ST2 flow specification is presented in Section 9.

o   the formats of protocol elements and PDUs are defined in Section 10.

2. ST2 User Service Description

   This section describes the ST user service from the high-level point

   of view of an application. It defines the ST stream operations and

   primitive functions. It specifies which operations on streams can be

   invoked by the applications built on top of ST and when the ST

   primitive functions can be legally executed. Note that the presented

   ST primitives do not specify an API. They are used here with the only

   purpose of illustrating the service model for ST.

2.1 Stream Operations and Primitive Functions

   An ST application at the origin may create, expand, reduce, change,

   send data to, and delete a stream. When a stream is expanded, new

   targets are added to the stream; when a stream is reduced, some of

   the current targets are dropped from it. When a stream is changed,

   the associated quality of service is modified.

   An ST application at the target may join, receive data from, and

   leave a stream. This translates into the following stream operations:

o   OPEN: create new stream [origin], CLOSE: delete stream [origin],

o   ADD: expand stream, i.e., add new targets to it [origin],

o   DROP: reduce stream, i.e., drop targets from it [origin],

o   JOIN: join a stream [target], LEAVE: leave a stream [target],

o   DATA: send data through stream [origin],

o   CHG: change a stream's QoS [origin],

   Each stream operation may require the execution of several primitive

   functions to be completed. For instance, to open a new stream, a

   request is first issued by the sender and an indication is generated

   at one or more receivers; then, the receivers may each accept or

   refuse the request and the correspondent indications are generated at

   the sender. A single receiver case is shown in Figure 5 below.

                Sender             Network             Receiver

                  |                   |                   |

     OPEN.req     |                   |                   |

                  |-----------------> |                   |

                  |                   |-----------------> |

                  |                   |                   | OPEN.ind

                  |                   |                   | OPEN.accept

                  |                   |<----------------- |

                  |<----------------- |                   |

OPEN.accept-ind |                   |                   |

                  |                   |                   |

           Figure 5: Primitives for the OPEN Stream Operation

   Table 1 defines the ST service primitive functions associated to each

   stream operation. The column labelled "O/T" indicates whether the

   primitive is executed at the origin or at the target.

           +===================================================+

           |Primitive      | Descriptive                   |O/T|

           |===================================================|

           |OPEN.req       | open a stream                 | O |

           |OPEN.ind       | connection request indication | T |

           |OPEN.accept    | accept stream                 | T |

           |OPEN.refuse    | refuse stream                 | T |

           |OPEN.accept-ind| connection accept indication | O |

           |OPEN.refuse-ind| connection refuse indication | O |

           |ADD.req        | add targets to stream         | O |

           |ADD.ind        | add request indication        | T |

           |ADD.accept     | accept stream                 | T |

           |ADD.refuse     | refuse stream                 | T |

           |ADD.accept-ind | add accept indication         | O |

           |ADD.refuse-ind | add refuse indication         | O |

           |JOIN.req       | join a stream                 | T |

           |JOIN.ind       | join request indication       | O |

           |JOIN.reject    | reject a join                 | O |

           |JOIN.reject-ind| join reject indication        | T |

           |DATA.req       | send data                     | O |

           |DATA.ind       | receive data indication       | T |

           |CHG.req        | change stream QoS             | O |

           |CHG.ind        | change request indication     | T |

           |CHG.accept     | accept change                 | T |

           |CHG.refuse     | refuse change                 | T |

           |CHG.accept-ind | change accept indication      | O |

           |CHG.refuse-ind | change refuse indication      | O |

           |DROP.req       | drop targets                  | O |

           |DROP.ind       | disconnect indication         | T |

           |LEAVE.req      | leave stream                  | T |

           |LEAVE.ind      | leave stream indication       | O |

           |CLOSE.req      | close stream                  | O |

           |CLOSE.ind      | close stream indication       | T |

           +---------------------------------------------------+

                              Table 1: ST Primitives

2.2 State Diagrams

   It is not sufficient to define the set of ST stream operations. It is

   also necessary to specify when the operations can be legally

   executed. For this reason, a set of states is now introduced and the

   transitions from one state to the others are specified. States are

   defined with respect to a single stream. The previously defined

   stream operations can be legally executed only from an appropriate

   state.

   An ST agent may, with respect to an ST stream, be in one of the

   following states:

o   IDLE: the stream has not been created yet.

o   PENDING: the stream is in the process of being established.

o   ACTIVE: the stream is established and active.

o   ADDING: the stream is established. A stream expansion is underway.

o   CHGING: the stream is established. A stream change is underway.

   Previous experience with ST has lead to limits on stream operations

   that can be executed simultaneously. These restrictions are:

   1. A single ADD or CHG operation can be processed at one time. If

       an ADD or CHG is already underway, further requests are queued

       by the ST agent and handled only after the previous operation

       has been completed. This also applies to two subsequent

       requests of the same kind, e.g., two ADD or two CHG operations.

       The second operation is not executed until the first one has

       been completed.

   2. Deleting a stream, leaving a stream, or dropping targets from a

       stream is possible only after stream establishment has been

       completed. A stream is considered to be established when all

       the next-hops of the origin have either accepted or refused the

       stream. Note that stream refuse is automatically forced after

       timeout if no reply comes from a next-hop.

   3. An ST agent forwards data only along already established paths

       to the targets, see also Section 3.1. A path is considered to

       be established when the next-hop on the path has explicitly

       accepted the stream. This implies that the target and all other

       intermediate ST agents are ready to handle the incoming data

       packets. In no cases an ST agent will forward data to a

       next-hop ST agent that has not explicitly accepted the stream.

       To be sure that all targets receive the data, an application

       should send the data only after all paths have been

       established, i.e., the stream is established.

   4. It is allowed to send data from the CHGING and ADDING states.

       While sending data from the CHGING state, the quality of

       service to the targets affected by the change should be assumed

       to be the more restrictive quality of service. When sending

       data from the ADDING state, the targets that receive the data

       include at least all the targets that were already part of the

       stream at the time the ADD operation was invoked.

   The rules introduced above require ST agents to queue incoming

   requests when the current state does not allow to process them

   immediately. In order to preserve the semantics, ST agents have to

   maintain the order of the requests, i.e., implement FIFO queuing.

   Exceptionally, the CLOSE request at the origin and the LEAVE request

   at the target may be immediately processed: in these cases, the queue

   is deleted and it is possible that requests in the queue are not

   processed.

   The following state diagrams define the ST service. Separate diagrams

   are presented for the origin and the targets.

   The symbol (a/r)* indicates that all targets in the target list have

   explicitly accepted or refused the stream, or refuse has been forced

   after timeout. If the target list is empty, i.e., it contains no

   targets, the (a/r)* condition is immediately satisfied, so the empty

   stream is created and state ESTBL is entered.

   The separate OPEN and ADD primitives at the target are for conceptual

   purposes only. The target is actually unable to distinguish between

   an OPEN and an ADD. This is reflected in Figure 7 and Table 3 through

   the notation OPEN/ADD.

                        +------------+

                        |            |<-------------------+

            +---------->|    IDLE    |-------------+      |

            |           |            |    OPEN.req |      |

            |           +------------+             |      |

CLOSE.req |      CLOSE.req ^   ^ CLOSE.req       V      | CLOSE.req

            |                |   |            +---------+ |

            |                |   |            | PENDING |-|-+ JOIN.reject

            |                |   -------------|         |<|-+

            |    JOIN.reject |                +---------+ |

            |    DROP.req +----------+             |      |

            |       +-----|          |             |      |

            |       |     | ESTDL   | OPEN.(a/r)* |      |

            |       +---->|          |<------------+      |

            |             +----------+                    |

            |              | ^ | ^                     |

            |              | | | |                     |

       +----------+ CHG.req| | | | Add.(a/r)*    +----------+

       |          |<-------+ | | +-------------- |          |

       | CHGING |           | |                  | ADDING |

       |          |-----------+ +----------------->|          |

       +----------+ CHG.(a/r)*         JOIN.ind     +----------+

           |   ^                         ADD.req        |   ^

           |   |                                        |   |

           +---+                                        +---+

           DROP.req                                    DROP.req

           JOIN.reject                                 JOIN.reject

                  Figure 6: ST Service at the Origin

                 +--------+

                 |        |-----------------------+

                 | IDLE |                       |

                 |        |<---+                  | OPEN/ADD.ind

                 +--------+    | CLOSE.ind        | JOIN.req

                     ^         | OPEN/ADD.refuse |

                     |         | JOIN.refect-ind |

         CLOSE.ind   |         |                  V

         DROP.ind    |         |             +---------+

         LEAVE.req   |         +-------------|         |

                     |                       | PENDING |

                 +-------+                   |         |

                 |       |                   +---------+

                 | ESTBL |    OPEN/ADD.accept     |

                 |       |<-----------------------+

                 +-------+

                     Figure 7: ST Service at the Target

2.3 State Transition Tables

   Table 2 and Table 3 define which primitives can be processed from

   which states and the possible state transitions.

+======================================================================+

|Primitive      |IDLE|    PENDING    | ESTBL |    CHGING |    ADDING |

|======================================================================|

|OPEN.req       | ok | -             | -      | -          | -         |

|OPEN.accept-ind| - |if(a,r)*->ESTBL| -      | -          | -         |

|OPEN.refuse-ind| - |if(a,r)*->ESTBL| -      | -          | -         |

|ADD.req        | - | queued        |->ADDING| queued     | queued    |

|ADD.accept-ind | - | -             | -      | -          |if(a,r)*   |

|               | - | -             | -      | -          |->ESTBL    |

|ADD.refuse-ind | - | -             | -      | -          |if(a,r)*   |

|               | - | -             | -      | -          |->ESTBL    |

|JOIN.ind       | - | queued        |->ADDING| queued     |queued     |

|JOIN.reject    | - | OK            | ok     | ok         | ok        |

|DATA.req       | - | -             | ok     | ok         | ok        |

|CHG.req        | - | queued        |->CHGING| queued     |queued     |

|CHG.accept-ind | - | -             | -      |if(a,r)*    | -         |

|               | - | -             | -      |->ESTBL     | -         |

|CHG.refuse.ind | - | -             | -      |if(a,r)*    | -         |

|               | - | -             | -      |->ESTBL     | -         |

|DROP.req       | - | -             | ok     | ok         | ok        |

|LEAVE.ind      | - | OK            | ok     | ok         | ok        |

|CLOSE.req      | - | OK            | ok     | ok         | ok        |

+----------------------------------------------------------------------+

                Table 2: Primitives and States at the Origin

             +======================================================+

             | Primitive       |   IDLE    | PENDING   |   ESTBL   |

             |======================================================|

             | OPEN/ADD.ind    | ->PENDING | -          | -         |

             | OPEN/ADD.accept | -         | ->ESTBL    | -         |

             | OPEN/ADD.refuse | -         | ->IDLE     | -         |

             | JOIN.req        | ->PENDING | -          | -         |

             | JOIN.reject-ind |-          | ->IDLE     | -         |

             | DATA.ind        | -         | -          | ok        |

             | CHG.ind         | -         | -          | ok        |

             | CHG.accept      | -         | -          | ok        |

             | DROP.ind        | -         | ok         | ok        |

             | LEAVE.req       | -         | ok         | ok        |

             | CLOSE.ind       | -         | ok         | ok        |

             | CHG.ind         | -         | -          | ok        |

             +------------------------------------------------------+

                Table 3: Primitives and States at the Target

3. The ST2 Data Transfer Protocol

   This section presents the ST2 data transfer protocol, ST. First, data

   transfer is described in Section 3.1, then, the data transfer

   protocol functions are illustrated in Section 3.2.

3.1 Data Transfer with ST

   Data transmission with ST is unreliable. An application is not

   guaranteed that the data reaches its destinations and ST makes no

   attempts to recover from packet loss, e.g., due to the underlying

   network. However, if the data reaches its destination, it should do

   so according to the quality of service associated with the stream.

   Additionally, ST may deliver data corrupted in transmission. Many

   types of real-time data, such as digital audio and video, require

   partially correct delivery only. In many cases, retransmitted packets

   would arrive too late to meet their real-time delivery requirements.

   On the other hand, depending on the data encoding and the particular

   application, a small number of errors in stream data are acceptable.

   In any case, reliability can be provided by layers on top of ST2 if

   needed.

   Also, no data fragmentation is supported during the data transfer

   phase. The application is expected to segment its data PDUs according

   to the minimum MTU over all paths in the stream. The application

   receives information on the MTUs relative to the paths to the targets

   as part of the ACCEPT message, see Section 8.6. The minimum MTU over

   all paths can be calculated from the MTUs relative to the single

   paths. ST agents silently discard too long data packets, see also

   Section 5.1.1.

   An ST agent forwards the data only along already established paths to

   targets. A path is considered to be established once the next-hop ST

   agent on the path sends an ACCEPT message, see Section 2.2. This

   implies that the target and all other intermediate ST agents on the

   path to the target are ready to handle the incoming data packets. In

   no cases will an ST agent forward data to a next-hop ST agent that

   has not explicitly accepted the stream.

   To be reasonably sure that all targets receive the data with the

   desired quality of service, an application should send the data only

   after the whole stream has been established. Depending on the local

   API, an application may not be prevented from sending data before the

   completion of stream setup, but it should be aware that the data

   could be lost or not reach all intended targets. This behavior may

   actually be desirable to applications, such as those application that

   have multiple targets which can each process data as soon as it is

   available (e.g., a lecture or distributed gaming).

   It is desirable for implementations to take advantage of networks

   that support multicast. If a network does not support multicast, or

   for the case where the next-hops are on different networks, multiple

   copies of the data packet must be sent.

3.2 ST Protocol Functions

   The ST protocol provides two functions:

   o   stream identification

   o   data priority

3.2.1 Stream Identification

   ST data packets are encapsulated by an ST header containing the

   Stream IDentifier (SID). This SID is selected at the origin so that

   it is globally unique over the Internet. The SID must be known by the

   setup protocol as well. At stream establishment time, the setup

   protocol builds, at each agent traversed by the stream, an entry into

   its local database containing stream information. The SID can be used

   as a reference into this database, to obtain quickly the necessary

   replication and forwarding information.

   Stream IDentifiers are intended to be used to make the packet

   forwarding task most efficient. The time-critical operation is an

   intermediate ST agent receiving a packet from the previous-hop ST

   agent and forwarding it to the next-hop ST agents.

   The format of data PDUs including the SID is defined in Section 10.1.

   Stream IDentifier generation is discussed in Section 8.1.

3.2.2 Packet Discarding based on Data Priority

   ST provides a well defined quality of service to its applications.

   However, there may be cases where the network is temporarily

   congested and the ST agents have to discard certain packets to

   minimize the overall impact to other streams. The ST protocol

   provides a mechanism to discard data packets based on the Priority

   field in the data PDU, see Section 10.1. The application assigns each

   data packet with a discard-priority level, carried into the Priority

   field. ST agents will attempt to discard lower priority packets first

   during periods of network congestion. Applications may choose to send

   data at multiple priority levels so that less important data may be

   discarded first.

4. SCMP Functional Description

   ST agents create and manage streams using the ST Control Message

   Protocol (SCMP). Conceptually, SCMP resides immediately above ST (as

   does ICMP above IP). SCMP follows a request-response model. SCMP

   messages are made reliable through the use of retransmission after

   timeout.

   This section contains a functional description of stream management

   with SCMP. To help clarify the SCMP exchanges used to setup and

   maintain ST streams, we include an example of a simple network

   topology, represented in Figure 8. Using the SCMP messages described

   in this section it will be possible for an ST application to:

   o   Create a stream from A to the peers at B, C and D,

   o   Add a peer at E,

   o   Drop peers B and C, and

   o   Let F join the stream

   o   Delete the stream.

                                               +---------+    +---+

                                               |         |----| B |

               +---------+      +----------+   |         |    +---+

               |         |------| Router 1 |---| Subnet2 |

               |         |      +----------+   |         |

               |         |                     |         |

               |         |                     +---------+

               |         |                         |

               | Subnet1 |                         |

               |         |                     +----------+

               |         |                     | Router 3 |

       +---+   |         |                     +----------+

       | A |---|         |    +----------+           |

       +---+   |         |----| Router 2 |           |

               |         |    +----------+           |

               +---------+         |                 |

                                   |                 |

                                   |          +----------+    +---+

                                   +----------|          |----| C |

                                              |          |    +---+

                         +---------+          | Subnet3 |

                 +---+   |         |   +---+ |          |    +---+

                 | F |---| Subnet4 |---| E |--|          |----| D |

                 +---+   |         |   +---+ +----------+    +---+

                         +---------+

                Figure 8: Sample Topology for an ST Stream

   We first describe the possible types of stream in Section 4.1;

   Section 4.2 introduces SCMP control message types; SCMP reliability

   is discussed in Section 4.3; stream options are covered in Section

   4.4; stream setup is presented in Section 4.5; Section 4.6

   illustrates stream modification including stream expansion,

   reduction, changes of the quality of service associated to a stream.

   Finally, stream deletion is handled in Section 4.7.

4.1 Types of Streams

   SCMP allows for the setup and management of different types of

   streams. Streams differ in the way they are built and the information

   maintained on connected targets.

4.1.1 Stream Building

   Streams may be built in a sender-oriented fashion, receiver-oriented

   fashion, or with a mixed approach:

o   in the sender-oriented fashion, the application at the origin

    provides the ST agent with the list of receivers for the stream. New

    targets, if any, are also added from the origin.

o   in the receiver-oriented approach, the application at the origin

    creates an empty stream that contains no targets. Each target then

    joins the stream autonomously.

o   in the mixed approach, the application at the origin creates a

    stream that contains some targets and other targets join the stream

    autonomously.

   ST2 provides stream options to support sender-oriented and mixed

   approach steams. Receiver-oriented streams can be emulated through

   the use of mixed streams. The fashion by which targets may be added

   to a particular stream is controlled via join authorization levels.

   Join authorization levels are described in Section 4.4.2.

4.1.2 Knowledge of Receivers

   When streams are built in the sender-oriented fashion, all ST agents

   will have full information on all targets down stream of a particular

   agent. In this case, target information is relayed down stream from

   agent-to-agent during stream set-up.

   When targets add themselves to mixed approach streams, upstream ST

   agents may or may not be informed. Propagation of information on

   targets that "join" a stream is also controlled via join

   authorization levels. As previously mentioned, join authorization

   levels are described in Section 4.4.2.

   This leads to two types of streams:

o   full target information is propagated in a full-state stream. For

    such streams, all agents are aware of all downstream targets

    connected to the stream. This results in target information being

    maintained at the origin and at intermediate agents. Operations on

    single targets are always possible, i.e., change a certain target,

    or, drop that target from the stream. It is also always possible for

    any ST agent to attempt recovery of all downstream targets.

o   in light-weight streams, it is possible that the origin and other

    upstream agents have no knowledge about some targets. This results

    in less maintained state and easier stream management, but it limits

    operations on specific targets. Special actions may be required to

    support change and drop operations on unknown targets, see Section

    5.7. Also, stream recovery may not be possible. Of course, generic

    functions such as deleting the whole stream, are still possible. It

    is expected that applications that will have a large number of

    targets will use light-weight streams in order to limit state in

    agents and the number of targets per control message.

   Full-state streams serve well applications as video conferencing or

   distributed gaming, where it is important to have knowledge on the

   connected receivers, e.g., to limit who participates. Light-weight

   streams may be exploited by applications such as remote lecturing or

   playback applications of radio and TV broadcast where the receivers

   do not need to be known by the sender. Section 4.4.2 defines join

   authorization levels, which support two types of full-state streams

   and one type of light-weight stream.

4.2 Control PDUs

   SCMP defines the following PDUs (the main purpose of each PDU is also

   indicated):

1.      ACCEPT          to accept a new stream

2.      ACK             to acknowledge an incoming message

3.      CHANGE          to change the quality of service associated with

                                a stream

4.      CONNECT         to establish a new stream or add new targets to

                                an existing stream

5.      DISCONNECT      to remove some or all of the stream's targets

6.      ERROR           to indicate an error contained in an incoming

                                message

7.      HELLO           to detect failures of neighbor ST agents

8.      JOIN            to request stream joining from a target

9.      JOIN-REJECT     to reject a stream joining request from a target

10.     NOTIFY          to inform an ST agent of a significant event

11.     REFUSE          to refuse the establishment of a new stream

12.     STATUS          to query an ST agent on a specific stream

13.     STATUS-RESPONSE to reply queries on a specific stream

   SCMP follows a request-response model with all requests expecting

   responses. Retransmission after timeout is used to allow for lost or

   ignored messages. Control messages do not extend across packet

   boundaries; if a control message is too large for the MTU of a hop,

   its information is partitioned and a control message per partition is

   sent, as described in Section 5.1.2.

   CONNECT and CHANGE request messages are answered with ACCEPT messages

   which indicate success, and with REFUSE messages which indicate

   failure. JOIN messages are answered with either a CONNECT message

   indicating success, or with a JOIN-REJECT message indicating failure.

   Targets may be removed from a stream by either the origin or the

   target via the DISCONNECT and REFUSE messages.

   The ACCEPT, CHANGE, CONNECT, DISCONNECT, JOIN, JOIN-REJECT, NOTIFY

   and REFUSE messages must always be explicitly acknowledged:

o   with an ACK message, if the message was received correctly and it

    was possible to parse and correctly extract and interpret its

    header, fields and parameters,

o   with an ERROR message, if a syntax error was detected in the header,

    fields, or parameters included in the message. The errored PDU may

    be optionally returned as part of the ERROR message. An ERROR

    message indicates a syntax error only. If any other errors are

    detected, it is necessary to first acknowledge with ACK and then

    take appropriate actions. For instance, suppose a CHANGE message

    contains an unknown SID: first, an ACK message has to be sent, then

    a REFUSE message with ReasonCode (SIDUnknown) follows.

   If no ACK or ERROR message are received before the correspondent

   timer expires, a timeout failure occurs. The way an ST agent should

   handle timeout failures is described in Section 5.2.

   ACK, ERROR, and STATUS-RESPONSE messages are never acknowledged.

   HELLO messages are a special case. If they contain a syntax error, an

   ERROR message should be generated in response. Otherwise, no

   acknowledgment or response should be generated. Use of HELLO messages

   is discussed in Section 6.1.2.

   STATUS messages containing a syntax error should be answered with an

   ERROR message. Otherwise, a STATUS-RESPONSE message should be sent

   back in response. Use of STATUS and STATUS-RESPONSE are discussed in

   Section 8.4.

4.3 SCMP Reliability

   SCMP is made reliable through the use of retransmission when a

   response is not received in a timely manner. The ACCEPT, CHANGE,

   CONNECT, DISCONNECT, JOIN, JOIN-REJECT, NOTIFY, and REFUSE messages

   all must be answered with an ACK message, see Section 4.2. In

   general, when sending a SCMP message which requires an ACK response,

   the sending ST agent needs to set the Toxxxx timer (where xxxx is the

   SCMP message type, e.g., ToConnect). If it does not receive an ACK

   before the Toxxxx timer expires, the ST agent should retransmit the

   SCMP message. If no ACK has been received within Nxxxx

   retransmissions, then a SCMP timeout condition occurs and the ST

   agent enters its SCMP timeout recovery state. The actions performed

   by the ST agent as the result of the SCMP timeout condition differ

   for different SCMP messages and are described in Section 5.2.

   For some SCMP messages (CONNECT, CHANGE, JOIN, and STATUS) the

   sending ST agent also expects a response back (ACCEPT/REFUSE,

   CONNECT/JOIN- REJECT) after ACK has been received. For these cases,

   the ST agent needs to set the ToxxxxResp timer after it receives the

   ACK. (As before, xxxx is the initiating SCMP message type, e.g.,

   ToConnectResp). If it does not receive the appropriate response back

   when ToxxxxResp expires, the ST agent updates its state and performs

   appropriate recovery action as described in Section 5.2. Suggested

   constants are given in Section 10.5.4.

   The timeout and retransmission algorithm is implementation dependent

   and it is outside the scope of this document. Most existing

   algorithms are based on an estimation of the Round Trip Time (RTT)

   between two agents. Therefore, SCMP contains a mechanism, see Section

   8.5, to estimate this RTT. Note that the timeout related variable

   names described above are for reference purposes only, implementors

   may choose to combine certain variables.

4.4 Stream Options

   An application may select among some stream options. The desired

   options are indicated to the ST agent at the origin when a new stream

   is created. Options apply to single streams and are valid during the

   whole stream's lifetime. The options chosen by the application at the

   origin are included into the initial CONNECT message, see Section

   4.5.3. When a CONNECT message reaches a target, the application at

   the target is notified of the stream options that have been selected,

   see Section 4.5.5.

4.4.1 No Recovery

   When a stream failure is detected, an ST agent would normally attempt

   stream recovery, as described in Section 6.2. The NoRecovery option

   is used to indicate that ST agents should not attempt recovery for

   the stream. The protocol behavior in the case that the NoRecovery

   option has been selected is illustrated in Section 6.2. The

   NoRecovery option is specified by setting the S-bit in the CONNECT

   message, see Section 10.4.4. The S-bit can be set only by the origin

   and it is never modified by intermediate and target ST agents.

4.4.2 Join Authorization Level

   When a new stream is created, it is necessary to define the join

   authorization level associated with the stream. This level determines

   the protocol behavior in case of stream joining, see Section 4.1 and

   Section 4.6.3. The join authorization level for a stream is defined

   by the J-bit and N-bit in the CONNECT message header, see Section

   10.4.4. One of the following authorization levels has to be

   selected:

   o   Level 0 - Refuse Join (JN = 00): No targets are allowed to join this

       stream.

   o   Level 1 - OK, Notify Origin (JN = 01): Targets are allowed to join

       the stream. The origin is notified that the target has joined.

   o   Level 2 - OK (JN = 10): Targets are allowed to join the stream. No

       notification is sent to the stream origin.

   Some applications may choose to maintain tight control on their

   streams and will not permit any connections without the origin's

   permission. For such streams, target applications may request to be

   added by sending an out-of-band, i.e., via regular IP, request to the

   origin. The origin, if it so chooses, can then add the target

   following the process described in Section 4.6.1.

   The selected authorization level impacts stream handling and the

   state that is maintained for the stream, as described in Section 4.1.

4.4.3 Record Route

   The RecordRoute option can be used to request the route between the

   origin and a target be recorded and delivered to the application.

   This option may be used while connecting, accepting, changing, or

   refusing a stream. The results of a RecordRoute option requested by

   the origin, i.e., as part of the CONNECT or CHANGE messages, are

   delivered to the target. The results of a RecordRoute option

   requested by the target, i.e., as part of the ACCEPT or REFUSE

   messages, are delivered to the origin.

   The RecordRoute option is specified by adding the RecordRoute

   parameter to the mentioned SCMP messages. The format of the

   RecordRoute parameter is shown in Section 10.3.5. When adding this

   parameter, the ST agent at the origin must determine the number of

   entries that may be recorded as explained in Section 10.3.5.

4.4.4 User Data

   The UserData option can be used by applications to transport

   application specific data along with some SCMP control messages. This

   option can be included with ACCEPT, CHANGE, CONNECT, DISCONNECT, and

   REFUSE messages. The format of the UserData parameter is shown in

   Section 10.3.7. This option may be included by the origin, or the

   target, by adding the UserData parameter to the mentioned SCMP

   messages. This option may only be included once per SCMP message.

4.5 Stream Setup

   This section presents a description of stream setup. For simplicity,

   we assume that everything succeeds, e.g., any required resources are

   available, messages are properly delivered, and the routing is

   correct. Possible failures in the setup phase are handled in Section

   5.2.

4.5.1 Information from the Application

   Before stream setup can be started, the application has to collect

   the necessary information to determine the characteristics for the

   connection. This includes identifying the participants and selecting

   the QoS parameters of the data flow. Information passed to the ST

   agent by the application includes:

o   the list of the stream's targets (Section 10.3.6). The list may be

    empty (Section 4.5.3.1),

o   the flow specification containing the desired quality of service for

    the stream (Section 9),

o   information on the groups in which the stream is a member, if any

    (Section 7),

o   information on the options selected for the stream (Section 4.4).

4.5.2 Initial Setup at the Origin

   The ST agent at the origin then performs the following operations:

o   allocates a stream ID (SID) for the stream (Section 8.1),

o   invokes the routing function to determine the set of next-hops for

    the stream (Section 4.5.2.1),

o   invokes the Local Resource Manager (LRM) to reserve resources

    (Section 4.5.2.2),

o   creates local database entries to store information on the new

    stream,

o   propagates the stream creation request to the next-hops determined

    by the routing function (Section 4.5.3).

4.5.2.1 Invoking the Routing Function

   An ST agent that is setting up a stream invokes the routing function

   to find the next-hop to reach each of the targets specified by the

   target list provided by the application. This is similar to the

   routing decision in IP. However, in this case the route is to a

   multitude of targets with QoS requirements rather than to a single

   destination.

   The result of the routing function is a set of next-hop ST agents.

   The set of next-hops selected by the routing function is not

   necessarily the same as the set of next-hops that IP would select

   given a number of independent IP datagrams to the same destinations.

   The routing algorithm may attempt to optimize parameters other than

   the number of hops that the packets will take, such as delay, local

   network bandwidth consumption, or total internet bandwidth

   consumption. Alternatively, the routing algorithm may use a simple

   route lookup for each target.

   Once a next-hop is selected by the routing function, it persists for

   the whole stream lifetime, unless a network failure occurs.

4.5.2.2 Reserving Resources

   The ST agent invokes the Local Resource Manager (LRM) to perform the

   appropriate reservations. The ST agent presents the LRM with

   information including:

o   the flow specification with the desired quality of service for the

    stream (Section 9),

o   the version number associated with the flow specification

    (Section 9).

o   information on the groups the stream is member in, if any

    (Section 7),

   The flow specification contains information needed by the LRM to

   allocate resources. The LRM updates the flow specification contents

   information before returning it to the ST agent. Section 9.2.3

   defines the fields of the flow specification to be updated by the

   LRM.

   The membership of a stream in a group may affect the amount of

   resources that have to be allocated by the LRM, see Section 7.

4.5.3 Sending CONNECT Messages

   The ST agent sends a CONNECT message to each of the next-hop ST

   agents identified by the routing function. Each CONNECT message

   contains the SID, the selected stream options, the FlowSpec, and a

   TargetList. The format of the CONNECT message is defined by Section

   10.4.4. In general, the FlowSpec and TargetList depend on both the

   next-hop and the intervening network. Each TargetList is a subset of

   the original TargetList, identifying the targets that are to be

   reached through the next-hop to which the CONNECT message is being

   sent.

   The TargetList may be empty, see Section 4.5.3.1; if the TargetList

   causes a too long CONNECT message to be generated, the CONNECT

   message is partitioned as explained in Section 5.1.2. If multiple

   next-hops are to be reached through a network that supports network

   level multicast, a different CONNECT message must nevertheless be

   sent to each next-hop since each will have a different TargetList.

4.5.3.1 Empty Target List

   An application at the origin may request the local ST agent to create

   an empty stream. It does so by passing an empty TargetList to the

   local ST agent during the initial stream setup. When the local ST

   agent receives a request to create an empty stream, it allocates the

   stream ID (SID), updates its local database entries to store

   information on the new stream and notifies the application that

   stream setup is complete. The local ST agent does not generate any

   CONNECT message for streams with an empty TargetList. Targets may be

   later added by the origin, see Section 4.6.1, or they may

   autonomously join the stream, see Section 4.6.3.

4.5.4 CONNECT Processing by an Intermediate ST agent

   An ST agent receiving a CONNECT message, assuming no errors, responds

   to the previous-hop with an ACK. The ACK message must identify the

   CONNECT message to which it corresponds by including the reference

   number indicated by the Reference field of the CONNECT message. The

   intermediate ST agent calls the routing function, invokes the LRM to

   reserve resources, and then propagates the CONNECT messages to its

   next-hops, as described in the previous sections.

4.5.5 CONNECT Processing at the Targets

   An ST agent that is the target of a CONNECT message, assuming no

   errors, responds to the previous-hop with an ACK. The ST agent

   invokes the LRM to reserve local resources and then queries the

   specified application process whether or not it is willing to accept

   the connection.

   The application is presented with parameters from the CONNECT message

   including the SID, the selected stream options, Origin, FlowSpec,

   TargetList, and Group, if any, to be used as a basis for its

   decision. The application is identified by a combination of the

   NextPcol field, from the Origin parameter, and the service access

   point, or SAP, field included in the correspondent (usually single

   remaining) Target of the TargetList. The contents of the SAP field

   may specify the port or other local identifier for use by the

   protocol layer above the host ST layer. Subsequently received data

   packets will carry the SID, that can be mapped into this information

   and be used for their delivery.

   Finally, based on the application's decision, the ST agent sends to

   the previous-hop from which the CONNECT message was received either

   an ACCEPT or REFUSE message. Since the ACCEPT (or REFUSE) message has

   to be acknowledged by the previous-hop, it is assigned a new

   Reference number that will be returned in the ACK. The CONNECT

   message to which ACCEPT (or REFUSE) is a reply is identified by

   placing the CONNECT's Reference number in the LnkReference field of

   ACCEPT (or REFUSE). The ACCEPT message contains the FlowSpec as

   accepted by the application at the target.

4.5.6 ACCEPT Processing by an Intermediate ST agent

   When an intermediate ST agent receives an ACCEPT, it first verifies

   that the message is a response to an earlier CONNECT. If not, it

   responds to the next-hop ST agent with an ERROR message, with

   ReasonCode (LnkRefUnknown). Otherwise, it responds to the next-hop ST

   agent with an ACK, and propagates the individual ACCEPT message to

   the previous-hop along the same path traced by the CONNECT but in the

   reverse direction toward the origin.

   The FlowSpec is included in the ACCEPT message so that the origin and

   intermediate ST agents can gain access to the information that was

   accumulated as the CONNECT traversed the internet. Note that the

   resources, as specified in the FlowSpec in the ACCEPT message, may

   differ from the resources that were reserved when the CONNECT was

   originally processed. Therefore, the ST agent presents the LRM with

   the FlowSpec included in the ACCEPT message. It is expected that each

   LRM adjusts local reservations releasing any excess resources. The

   LRM may choose not to adjust local reservations when that adjustment

   may result in the loss of needed resources. It may also choose to

   wait to adjust allocated resources until all targets in transition

   have been accepted or refused.

   In the case where the intermediate ST agent is acting as the origin

   with respect to this target, see Section 4.6.3.1, the ACCEPT message

   is not propagated upstream.

4.5.7 ACCEPT Processing by the Origin

   The origin will eventually receive an ACCEPT (or REFUSE) message from

   each of the targets. As each ACCEPT is received, the application is

   notified of the target and the resources that were successfully

   allocated along the path to it, as specified in the FlowSpec

   contained in the ACCEPT message. The application may then use the

   information to either adopt or terminate the portion of the stream to

   each target.

   When an ACCEPT is received by the origin, the path to the target is

   considered to be established and the ST agent is allowed to forward

   the data along this path as explained in Section 2 and in Section

   3.1.

4.5.8 REFUSE Processing by the Intermediate ST agent

   If an application at a target does not wish to participate in the

   stream, it sends a REFUSE message back to the origin with ReasonCode

   (ApplDisconnect). An intermediate ST agent that receives a REFUSE

   message with ReasonCode (ApplDisconnect) acknowledges it by sending

   an ACK to the next-hop, invokes the LRM to adjusts reservations as

   appropriate, deletes the target entry from the internal database, and

   propagates the REFUSE message back to the previous-hop ST agent.

   In the case where the intermediate ST agent is acting as the origin

   with respect to this target, see Section 4.6.3.1, the REFUSE message

   is only propagated upstream when there are no more downstream agents

   participating in the stream. In this case, the agent indicates that

   the agent is to be removed from the stream propagating the REFUSE

   message with the G-bit set (1).

4.5.9 REFUSE Processing by the Origin

   When the REFUSE message reaches the origin, the ST agent at the

   origin sends an ACK and notifies the application that the target is

   no longer part of the stream and also if the stream has no remaining

   targets. If there are no remaining targets, the application may wish

   to terminate the stream, or keep the stream active to allow addition

   of targets or stream joining as described in Section 4.6.3.

4.5.10 Other Functions during Stream Setup

   Some other functions have to be accomplished by an ST agent as

   CONNECT messages travel downstream and ACCEPT (or REFUSE) messages

   travel upstream during the stream setup phase. They were not

   mentioned in the previous sections to keep the discussion as simple

   as possible. These functions include:

   o   computing the smallest Maximum Transmission Unit size over the path

       to the targets, as part of the MTU discovery mechanism presented in

       Section 8.6. This is done by updating the MaxMsgSize field of the

       CONNECT message, see Section 10.4.4. This value is carried back to

       origin in the MaxMsgSize field of the ACCEPT message, see Section

       10.4.1.

   o   counting the number of IP clouds to be traversed to reach the

       targets, if any. IP clouds are traversed when the IP encapsulation

       mechanism is used. This mechanism described in Section 8.7.

       Encapsulating agents update the IPHops field of the CONNECT message,

       see Section 10.4.4. The resulting value is carried back to origin in

       the IPHops field of the ACCEPT message, see Section 10.4.1.

   o   updating the RecoveryTimeout value for the stream based on what can

       the agent can support. This is part of the stream recovery

       mechanism, in Section 6.2. This is done by updating the

       RecoveryTimeout field of the CONNECT message, see Section 10.4.4.

       This value is carried back to origin in the RecoveryTimeout field of

       the ACCEPT message, see Section 10.4.1.

4.6 Modifying an Existing Stream

   Some applications may wish to modify a stream after it has been

   created. Possible changes include expanding a stream, reducing it,

   and changing its FlowSpec. The origin may add or remove targets as

   described in Section 4.6.1 and Section 4.6.2. Targets may request to

   join the stream as described in Section 4.6.3 or, they may decide to

   leave a stream as described in Section 4.6.4. Section 4.6.5 explains

   how to change a stream's FlowSpec.

   As defined by Section 2, an ST agent can handle only one stream

   modification at a time. If a stream modification operation is already

   underway, further requests are queued and handled when the previous

   operation has been completed. This also applies to two subsequent

   requests of the same kind, e.g., two subsequent changes to the

   FlowSpec.

4.6.1 The Origin Adding New Targets

   It is possible for an application at the origin to add new targets to

   an existing stream any time after the stream has been established.

   Before new targets are added, the application has to collect the

   necessary information on the new targets. Such information is passed

   to the ST agent at the origin.

   The ST agent at the origin issues a CONNECT message that contains the

   SID, the FlowSpec, and the TargetList specifying the new targets.

   This is similar to sending a CONNECT message during stream

   establishment, with the following exceptions: the origin checks that

   a) the SID is valid, b) the targets are not already members of the

   stream, c) that the LRM evaluates the FlowSpec of the new target to

   be the same as the FlowSpec of the existing stream, i.e., it requires

   an equal or smaller amount of resources to be allocated. If the

   FlowSpec of the new target does not match the FlowSpec of the

   existing stream, an error is generated with ReasonCode

   (FlowSpecMismatch). Functions to compare flow specifications are

   provided by the LRM, see Section 1.4.5.

   An intermediate ST agent that is already a participant in the stream

   looks at the SID and StreamCreationTime, and verifies that the stream

   is the same. It then checks if the intersection of the TargetList and

   the targets of the established stream is empty. If this is not the

   case, it responds with a REFUSE message with ReasonCode

   (TargetExists) that contains a TargetList of those targets that were

   duplicates. To indicate that the stream exists, and includes the

   listed targets, the ST agent sets to one (1) the E-bit of the REFUSE

   message, see Section 10.4.11. The agent then proceeds processing

   each new target in the TargetList.

   For each new target in the TargetList, processing is much the same as

   for the original CONNECT. The CONNECT is acknowledged, propagated,

   and network resources are reserved. Intermediate or target ST agents

   that are not already participants in the stream behave as in the case

   of stream setup (see Section 4.5.4 and Section 4.5.5).

4.6.2 The Origin Removing a Target

   It is possible for an application at the origin to remove existing

   targets of a stream any time after the targets have accepted the

   stream. The application at the origin specifies the set of targets

   that are to be removed and informs the local ST agent. Based on this

   information, the ST agent sends DISCONNECT messages with the

   ReasonCode (ApplDisconnect) to the next-hops relative to the targets.

   An ST agent that receives a DISCONNECT message must acknowledge it by

   sending an ACK to the previous-hop. The ST agent updates its state

   and notifies the LRM of the target deletion so that the LRM can

   modify reservations as appropriate. When the DISCONNECT message

   reaches the target, the ST agent also notifies the application that

   the target is no longer part of the stream. When there are no

   remaining targets that can be reached through a particular next-hop,

   the ST agent informs the LRM and it deletes the next-hop from its

   next-hops set.

   SCMP also provides a flooding mechanism to delete targets that joined

   the stream without notifying the origin. The special case of target

   deletion via flooding is described in Section 5.7.

4.6.3 A Target Joining a Stream

   An application may request to join an existing stream. It has to

   collect information on the stream including the stream ID (SID) and

   the IP address of the stream's origin. This can be done out-of-band,

   e.g., via regular IP. The information is then passed to the local ST

   agent. The ST agent generates a JOIN message containing the

   application's request to join the stream and sends it toward the

   stream origin.

   An ST agent receiving a JOIN message, assuming no errors, responds

   with an ACK. The ACK message must identify the JOIN message to which

   it corresponds by including the Reference number indicated by the

   Reference field of the JOIN message. If the ST agent is not traversed

   by the stream that has to be joined, it propagates the JOIN message

   toward the stream's origin. Once a JOIN message has been

   acknowledged, ST agents do not retain any state information related

   to the JOIN message.

   Eventually, an ST agent traversed by the stream or the stream's

   origin itself is reached. This agent must respond to a received JOIN

   first with an ACK to the ST agent from which the message was

   received, then, it issues either a CONNECT or a JOIN-REJECT message

   and sends it toward the target. The response to the join request is

   based on the join authorization level associated with the stream, see

   Section 4.4.2:

o   If the stream has authorization level #0 (refuse join):

    The ST agent sends a JOIN-REJECT message toward the target with

    ReasonCode (JoinAuthFailure).

o   If the stream has authorization level #1 (ok, notify origin):

    The ST agent sends a CONNECT message toward the target with a

    TargetList including the target that requested to join the stream.

    This eventually results in adding the target to the stream. When

    the ST agent receives the ACCEPT message indicating that the new

    target has been added, it does not propagate the ACCEPT message

    backwards (Section 4.5.6). Instead, it issues a NOTIFY message

    with ReasonCode (TargetJoined) so that upstream agents, including

    the origin, may add the new target to maintained state

    information. The NOTIFY message includes all target specific

    information.

o   If the stream has authorization level #2 (ok):

    The ST agent sends a CONNECT message toward the target with a

    TargetList including the target that requested to join the stream.

    This eventually results in adding the target to the stream. When

    the ST agent receives the ACCEPT message indicating that the new

    target has been added, it does not propagate the ACCEPT message

    backwards (Section 4.5.6), nor does it notify the origin. A NOTIFY

    message is generated with ReasonCode (TargetJoined) if the target

    specific information needs to be propagated back to the origin. An

    example of such information is change in MTU, see Section 8.6.

4.6.3.1 Intermediate Agent (Router) as Origin

   When a stream has join authorization level #2, see Section 4.4.2, it

   is possible that the stream origin is unaware of some targets

   participating in the stream. In this case, the ST intermediate agent

   that first sent a CONNECT message to this target has to act as the

   stream origin for the given target. This includes:

o   if the whole stream is deleted, the intermediate agent must

    disconnect the target.

o   if the stream FlowSpec is changed, the intermediate agent must

    change the FlowSpec for the target as appropriate.

o   proper handling of ACCEPT and REFUSE messages, without propagation

    to upstream ST agents.

o   generation of NOTIFY messages when needed. (As described above.)

   The intermediate agent behaves normally for all other targets added

   to the stream as a consequence of a CONNECT message issued by the

   origin.

4.6.4 A Target Deleting Itself

   The application at the target may inform the local ST agent that it

   wants to be removed from the stream. The ST agent then forms a REFUSE

   message with the target itself as the only entry in the TargetList

   and with ReasonCode (ApplDisconnect). The REFUSE message is sent back

   to the origin via the previous-hop. If a stream has multiple targets

   and one target leaves the stream using this REFUSE mechanism, the

   stream to the other targets is not affected; the stream continues to

   exist.

   An ST agent that receives a REFUSE message acknowledges it by sending

   an ACK to the next-hop. The target is deleted and the LRM is notified

   so that it adjusts reservations as appropriate. The REFUSE message is

   also propagated back to the previous-hop ST agent except in the case

   where the agent is acting as the origin. In this case a NOTIFY may be

   propagated instead, see Section 4.6.3.

   When the REFUSE reaches the origin, the origin sends an ACK and

   notifies the application that the target is no longer part of the

   stream.

4.6.5 Changing a Stream's FlowSpec

   The application at the origin may wish to change the FlowSpec of an

   established stream. Changing the FlowSpec is a critical operation and

   it may even lead in some cases to the deletion of the affected

   targets. Possible problems with FlowSpec changes are discussed in

   Section 5.6.

   To change the stream's FlowSpec, the application informs the ST agent

   at the origin of the new FlowSpec and of the list of targets relative

   to the change. The ST agent at the origin then issues one CHANGE

   message per next-hop including the new FlowSpec and sends it to the

   relevant next-hop ST agents. If the G-bit field of the CHANGE message

   is set (1), the change affects all targets in the stream.

   The CHANGE message contains a bit called I-bit, see Section 10.4.3.

   By default, the I-bit is set to zero (0) to indicate that the LRM is

   expected to try and perform the requested FlowSpec change without

   risking to tear down the stream. Applications that desire a higher

   probability of success and are willing to take the risk of breaking

   the stream can indicate this by setting the I-bit to one (1).

   Applications that require the requested modification in order to

   continue operating are expected to set this bit.

   An intermediate ST agent that receives a CHANGE message first sends

   an ACK to the previous-hop and then provides the FlowSpec to the LRM.

   If the LRM can perform the change, the ST agent propagates the CHANGE

   messages along the established paths.

   If the whole process succeeds, the CHANGE messages will eventually

   reach the targets. Targets respond with an ACCEPT (or REFUSE) message

   that is propagated back to the origin. In processing the ACCEPT

   message on the way back to the origin, excess resources may be

   released by the LRM as described in Section 4.5.6. The REFUSE message

   must have the ReasonCode (ApplRefused).

   SCMP also provides a flooding mechanism to change targets that joined

   the stream without notifying the origin. The special case of target

   change via flooding is described in Section 5.7.

4.7 Stream Tear Down

   A stream is usually terminated by the origin when it has no further

   data to send. A stream is also torn down if the application should

   terminate abnormally or if certain network failures are encountered.

   Processing in this case is identical to the previous descriptions

   except that the ReasonCode (ApplAbort, NetworkFailure, etc.) is

   different.

   When all targets have left a stream, the origin notifies the

   application of that fact, and the application is then responsible for

   terminating the stream. Note, however, that the application may

   decide to add targets to the stream instead of terminating it, or may

   just leave the stream open with no targets in order to permit stream

   joins.

5. Exceptional Cases

   The previous descriptions covered the simple cases where everything

   worked. We now discuss what happens when things do not succeed.

   Included are situations where messages exceed a network MTU, are

   lost, the requested resources are not available, the routing fails or

   is inconsistent.

5.1 Long ST Messages

   It is possible that an ST agent, or an application, will need to send

   a message that exceeds a network's Maximum Transmission Unit (MTU).

   This case must be handled but not via generic fragmentation, since

   ST2 does not support generic fragmentation of either data or control

   messages.

5.1.1 Handling of Long Data Packets

   ST agents discard data packets that exceed the MTU of the next-hop

   network. No error message is generated. Applications should avoid

   sending data packets larger than the minimum MTU supported by a given

   stream. The application, both at the origin and targets, can learn

   the stream minimum MTU through the MTU discovery mechanism described

   in Section 8.6.

5.1.2 Handling of Long Control Packets

   Each ST agent knows the MTU of the networks to which it is connected,

   and those MTUs restrict the size of the SCMP message it can send. An

   SCMP message size can exceed the MTU of a given network for a number

   of reasons:

o   the TargetList parameter (Section 10.3.6) may be too long;

o   the RecordRoute parameter (Section 10.3.5) may be too long.

o   the UserData parameter (Section 10.3.7) may be too long;

o   the PDUInError field of the ERROR message (Section 10.4.6) may be

    too long;

   An ST agent receiving or generating a too long SCMP message should:

o   break the message into multiple messages, each carrying part of the

    TargetList. Any RecordRoute and UserData parameters are replicated

    in each message for delivery to all targets. Applications that

    support a large number of targets may avoid using long TargetList

    parameters, and are expected to do so, by exploiting the stream

    joining functions, see Section 4.6.3. One exception to this rule

    exists. In the case of a long TargetList parameter to be included in

    a STATUS-RESPONSE message, the TargetList parameter is just

    truncated to the point where the list can fit in a single message,

    see Section 8.4.

o   for down stream agents: if the TargetList parameter contains a

    single Target element and the message size is still too long, the ST

    agent should issue a REFUSE message with ReasonCode

    (RecordRouteSize) if the size of the RecordRoute parameter causes

    the SCMP message size to exceed the network MTU, or with ReasonCode

    (UserDataSize) if the size of the UserData parameter causes the SCMP

    message size to exceed the network MTU. If both RecordRoute and

    UserData parameters are present the ReasonCode (UserDataSize) should

    be sent. For messages generated at the target: the target ST agent

    must check for SCMP messages that may exceed the MTU on the complete

    target-to-origin path, and inform the application that a too long

    SCMP messages has been generated. The format for the error reporting

    is a local implementation issue. The error codes are the same as

    previously stated.

   ST agents generating too long ERROR messages, simply truncate the

   PDUInError field to the point where the message is smaller than the

   network MTU.

5.2 Timeout Failures

   As described in Section 4.3, SCMP message delivery is made reliable

   through the use of acknowledgments, timeouts, and retransmission. The

   ACCEPT, CHANGE, CONNECT, DISCONNECT, JOIN, JOIN-REJECT, NOTIFY, and

   REFUSE messages must always be acknowledged, see Section 4.2. In

   addition, for some SCMP messages (CHANGE, CONNECT, JOIN) the sending

   ST agent also expects a response back (ACCEPT/REFUSE, CONNECT/JOIN-

   REJECT) after an ACK has been received. Also, the STATUS message must

   be answered with a STATUS-RESPONSE message.

   The following sections describe the handling of each of the possible

   failure cases due to timeout situations while waiting for an

   acknowledgment or a response. The timeout related variables, and

   their names, used in the next sections are for reference purposes

   only. They may be implementation specific. Different implementations

   are not required to share variable names, or even the mechanism by

   which the timeout and retransmission behavior is implemented.

5.2.1 Failure due to ACCEPT Acknowledgment Timeout

   An ST agent that sends an ACCEPT message upstream expects an ACK from

   the previous-hop ST agent. If no ACK is received before the ToAccept

   timeout expires, the ST agent should retry and send the ACCEPT

   message again. After NAccept unsuccessful retries, the ST agent sends

   a REFUSE message toward the origin, and a DISCONNECT message toward

   the targets. Both REFUSE and DISCONNECT must identify the affected

   targets and specify the ReasonCode (RetransTimeout).

5.2.2 Failure due to CHANGE Acknowledgment Timeout

   An ST agent that sends a CHANGE message downstream expects an ACK

   from the next-hop ST agent. If no ACK is received before the ToChange

   timeout expires, the ST agent should retry and send the CHANGE

   message again. After NChange unsuccessful retries, the ST agent

   aborts the change attempt by sending a REFUSE message toward the

   origin, and a DISCONNECT message toward the targets. Both REFUSE and

   DISCONNECT must identify the affected targets and specify the

   ReasonCode (RetransTimeout).

5.2.3 Failure due to CHANGE Response Timeout

   Only the origin ST agent implements this timeout. After correctly

   receiving the ACK to a CHANGE message, an ST agent expects to receive

   an ACCEPT, or REFUSE message in response. If one of these messages is

   not received before the ToChangeResp timer expires, the ST agent at

   the origin aborts the change attempt, and behaves as if a REFUSE

   message with the E-bit set and with ReasonCode (ResponseTimeout) is

   received.

5.2.4 Failure due to CONNECT Acknowledgment Timeout

   An ST agent that sends a CONNECT message downstream expects an ACK

   from the next-hop ST agent. If no ACK is received before the

   ToConnect timeout expires, the ST agent should retry and send the

   CONNECT message again. After NConnect unsuccessful retries, the ST

   agent sends a REFUSE message toward the origin, and a DISCONNECT

   message toward the targets. Both REFUSE and DISCONNECT must identify

   the affected targets and specify the ReasonCode (RetransTimeout).

5.2.5 Failure due to CONNECT Response Timeout

   Only the origin ST agent implements this timeout. After correctly

   receiving the ACK to a CONNECT message, an ST agent expects to

   receive an ACCEPT or REFUSE message in response. If one of these

   messages is not received before the ToConnectResp timer expires, the

   origin ST agent aborts the connection setup attempt, acts as if a

   REFUSE message is received, and it sends a DISCONNECT message toward

   the targets. Both REFUSE and DISCONNECT must identify the affected

   targets and specify the ReasonCode (ResponseTimeout).

5.2.6 Failure due to DISCONNECT Acknowledgment Timeout

   An ST agent that sends a DISCONNECT message downstream expects an ACK

   from the next-hop ST agent. If no ACK is received before the

   ToDisconnect timeout expires, the ST agent should retry and send the

   DISCONNECT message again. After NDisconnect unsuccessful retries, the

   ST agent simply gives up and it assumes the next-hop ST agent is not

   part in the stream any more.

5.2.7 Failure due to JOIN Acknowledgment Timeout

   An ST agent that sends a JOIN message toward the origin expects an

   ACK from a neighbor ST agent. If no ACK is received before the ToJoin

   timeout expires, the ST agent should retry and send the JOIN message

   again. After NJoin unsuccessful retries, the ST agent sends a JOIN-

   REJECT message back in the direction of the target with ReasonCode

   (RetransTimeout).

5.2.8 Failure due to JOIN Response Timeout

   Only the target agent implements this timeout. After correctly

   receiving the ACK to a JOIN message, the ST agent at the target

   expects to receive a CONNECT or JOIN-REJECT message in response. If

   one of these message is not received before the ToJoinResp timer

   expires, the ST agent aborts the stream join attempt and returns an

   error corresponding with ReasonCode (RetransTimeout) to the

   application.

   Note that, after correctly receiving the ACK to a JOIN message,

   intermediate ST agents do not maintain any state on the stream

   joining attempt. As a consequence, they do not set the ToJoinResp

   timer and do not wait for a CONNECT or JOIN-REJECT message. This is

   described in Section 4.6.3.

5.2.9 Failure due to JOIN-REJECT Acknowledgment Timeout

   An ST agent that sends a JOIN-REJECT message toward the target

   expects an ACK from a neighbor ST agent. If no ACK is received before

   the ToJoinReject timeout expires, the ST agent should retry and send

   the JOIN-REJECT message again. After NJoinReject unsuccessful

   retries, the ST agent simply gives up.

5.2.10 Failure due to NOTIFY Acknowledgment Timeout

   An ST agent that sends a NOTIFY message to a neighbor ST agent

   expects an ACK from that neighbor ST agent. If no ACK is received

   before the ToNotify timeout expires, the ST agent should retry and

   send the NOTIFY message again. After NNotify unsuccessful retries,

   the ST agent simply gives up and behaves as if the ACK message was

   received.

5.2.11 Failure due to REFUSE Acknowledgment Timeout

   An ST agent that sends a REFUSE message upstream expects an ACK from

   the previous-hop ST agent. If no ACK is received before the ToRefuse

   timeout expires, the ST agent should retry and send the REFUSE

   message again. After NRefuse unsuccessful retries, the ST agent gives

   up and it assumes it is not part in the stream any more.

5.2.12 Failure due to STATUS Response Timeout

   After sending a STATUS message to a neighbor ST agent, an ST agent

   expects to receive a STATUS-RESPONSE message in response. If this

   message is not received before the ToStatusResp timer expires, the ST

   agent sends the STATUS message again. After NStatus unsuccessful

   retries, the ST agent gives up and assumes that the neighbor ST agent

   is not active.

5.3 Setup Failures due to Routing Failures

   It is possible for an ST agent to receive a CONNECT message that

   contains a known SID, but from an ST agent other than the previous-

   hop ST agent of the stream with that SID. This may be:

   1. that two branches of the tree forming the stream have joined

       back together,

   2. the result of an attempted recovery of a partially failed

       stream, or

   3. a routing loop.

   The TargetList contained in the CONNECT is used to distinguish the

   different cases by comparing each newly received target with those of

   the previously existing stream:

o   if the IP address of the target(s) differ, it is case #1;

o   if the target matches a target in the existing stream, it may be

    case #2 or #3.

   Case #1 is handled in Section 5.3.1, while the other cases are

   handled in Section 5.3.2.

5.3.1 Path Convergence

   It is possible for an ST agent to receive a CONNECT message that

   contains a known SID, but from an ST agent other than the previous-

   hop ST agent of the stream with that SID. This might be the result of

   two branches of the tree forming the stream have joined back

   together. Detection of this case and other possible sources was

   discussed in Section 5.2.

   SCMP does not allow for streams which have converged paths, i.e.,

   streams are always tree-shaped and not graph-like. At the point of

   convergence, the ST agent which detects the condition generates a

   REFUSE message with ReasonCode (PathConvergence). Also, as a help to

   the upstream ST agent, the detecting agent places the IP address of

   one of the stream's connected targets in the ValidTargetIPAddress

   field of the REFUSE message. This IP address will be used by upstream

   ST agents to avoid splitting the stream.

   An upstream ST agent that receives the REFUSE with ReasonCode

   (PathConvergence) will check to see if the listed IP address is one

   of the known stream targets. If it is not, the REFUSE is propagated

   to the previous-hop agent. If the listed IP address is known by the

   upstream ST agent, this ST agent is the ST agent that caused the

   split in the stream. (This agent may even be the origin.) This agent

   then avoids splitting the stream by using the next-hop of that known

   target as the next-hop for the refused targets. It sends a CONNECT

   with the affected targets to the existing valid next-hop.

   The above process will proceed, hop by hop, until the

   ValidTargetIPAddress matches the IP address of a known target. The

   only case where this process will fail is when the known target is

   deleted prior to the REFUSE propagating to the origin. In this case

   the origin can just reissue the CONNECT and start the whole process

   over again.

5.3.2 Other Cases

   The remaining cases including a partially failed stream and a routing

   loop, are not easily distinguishable. In attempting recovery of a

   failed stream, an ST agent may issue new CONNECT messages to the

   affected targets. Such a CONNECT may reach an ST agent downstream of

   the failure before that ST agent has received a DISCONNECT from the

   neighborhood of the failure. Until that ST agent receives the

   DISCONNECT, it cannot distinguish between a failure recovery and an

   erroneous routing loop. That ST agent must therefore respond to the

   CONNECT with a REFUSE message with the affected targets specified in

   the TargetList and an appropriate ReasonCode (StreamExists).

   The ST agent immediately preceding that point, i.e., the latest ST

   agent to send the CONNECT message, will receive the REFUSE message.

   It must release any resources reserved exclusively for traffic to the

   listed targets. If this ST agent was not the one attempting the

   stream recovery, then it cannot distinguish between a failure

   recovery and an erroneous routing loop. It should repeat the CONNECT

   after a ToConnect timeout, see Section 5.2.4. If after NConnect

   retransmissions it continues to receive REFUSE messages, it should

   propagate the REFUSE message toward the origin, with the TargetList

   that specifies the affected targets, but with a different ReasonCode

   (RouteLoop).

   The REFUSE message with this ReasonCode (RouteLoop) is propagated by

   each ST agent without retransmitting any CONNECT messages. At each ST

   agent, it causes any resources reserved exclusively for the listed

   targets to be released. The REFUSE will be propagated to the origin

   in the case of an erroneous routing loop. In the case of stream

   recovery, it will be propagated to the ST agent that is attempting

   the recovery, which may be an intermediate ST agent or the origin

   itself. In the case of a stream recovery, the ST agent attempting the

   recovery may issue new CONNECT messages to the same or to different

   next-hops.

   If an ST agent receives both a REFUSE message and a DISCONNECT

   message with a target in common then it can, for the each target in

   common, release the relevant resources and propagate neither the

   REFUSE nor the DISCONNECT.

   If the origin receives such a REFUSE message, it should attempt to

   send a new CONNECT to all the affected targets. Since routing errors

   in an internet are assumed to be temporary, the new CONNECTs will

   eventually find acceptable routes to the targets, if one exists. If

   no further routes exist after NRetryRoute tries, the application

   should be informed so that it may take whatever action it seems

   necessary.

5.4 Problems due to Routing Inconsistency

   When an intermediate ST agent receives a CONNECT, it invokes the

   routing algorithm to select the next-hop ST agents based on the

   TargetList and the networks to which it is connected. If the

   resulting next-hop to any of the targets is across the same network

   from which it received the CONNECT (but not the previous-hop itself),

   there may be a routing problem. However, the routing algorithm at the

   previous- hop may be optimizing differently than the local algorithm

   would in the same situation. Since the local ST agent cannot

   distinguish the two cases, it should permit the setup but send back

   to the previous- hop ST agent an informative NOTIFY message with the

   appropriate ReasonCode (RouteBack), pertinent TargetList, and in the

   NextHopIPAddress element the address of the next-hop ST agent

   returned by its routing algorithm.

   The ST agent that receives such a NOTIFY should ACK it. If the ST

   agent is using an algorithm that would produce such behavior, no

   further action is taken; if not, the ST agent should send a

   DISCONNECT to the next-hop ST agent to correct the problem.

   Alternatively, if the next-hop returned by the routing function is in

   fact the previous-hop, a routing inconsistency has been detected. In

   this case, a REFUSE is sent back to the previous-hop ST agent

   containing an appropriate ReasonCode (RouteInconsist), pertinent

   TargetList, and in the NextHopIPAddress element the address of the

   previous-hop. When the previous-hop receives the REFUSE, it will

   recompute the next-hop for the affected targets. If there is a

   difference in the routing databases in the two ST agents, they may

   exchange CONNECT and REFUSE messages again. Since such routing errors

   in the internet are assumed to be temporary, the situation should

   eventually stabilize.

5.5 Problems in Reserving Resources

   As mentioned in Section 1.4.5, resource reservation is handled by the

   LRM. The LRM may not be able to satisfy a particular request during

   stream setup or modification for a number of reasons, including a

   mismatched FlowSpec, an unknown FlowSpec version, an error in

   processing a FlowSpec, and an inability to allocate the requested

   resource. This section discusses these cases and specifies the

   ReasonCodes that should be used when these error cases are

   encountered.

5.5.1 Mismatched FlowSpecs

   In some cases the LRM may require a requested FlowSpec to match an

   existing FlowSpec, e.g., when adding new targets to an existing

   stream, see Section 4.6.1. In case of FlowSpec mismatch the LRM

   notifies the processing ST agent which should respond with ReasonCode

   (FlowSpecMismatch).

5.5.2 Unknown FlowSpec Version

   When the LRM is invoked, it is passed information including the

   version of the FlowSpec, see Section 4.5.2.2. If this version is not

   known by the LRM, the LRM notifies the ST agent. The ST agent should

   respond with a REFUSE message with ReasonCode (FlowVerUnknown).

5.5.3 LRM Unable to Process FlowSpec

   The LRM may encounter an LRM or FlowSpec specific error while

   attempting to satisfy a request. An example of such an error is given

   in Section 9.2.1. These errors are implementation specific and will

   not be enumerated with ST ReasonCodes. They are covered by a single,

   generic ReasonCode. When an LRM encounters such an error, it should

   notify the ST agent which should respond with the generic ReasonCode

   (FlowSpecError).

5.5.4 Insufficient Resources

   If the LRM cannot make the necessary reservations because sufficient

   resources are not available, an ST agent may:

o   try alternative paths to the targets: the ST agent calls the routing

    function to find a different path to the targets. If an alternative

    path is found, stream connection setup continues in the usual way,

    as described in Section 4.5.

o   refuse to establish the stream along this path: the origin ST agent

    informs the application of the stream setup failure; intermediate

    and target ST agents issue a REFUSE message (as described in Section

    4.5.8) with ReasonCode (CantGetResrc).

   It depends on the local implementations whether an ST agent tries

   alternative paths or refuses to establish the stream. In any case, if

   enough resources cannot be found over different paths, the ST agent

   has to explicitly refuse to establish the stream.

5.6 Problems Caused by CHANGE Messages

   A CHANGE might fail for several reasons, including:

o   insufficient resources: the request may be for a larger amount of

    network resources when those resources are not available, ReasonCode

    (CantGetResrc);

o   a target application not agreeing to the change, ReasonCode

    (ApplRefused);

   The affected stream can be left in one of two states as a result of

   change failures: a) the stream can revert back to the state it was in

   prior to the CHANGE message being processed, or b) the stream may be

   torn down.

   The expected common case of failure will be when the requested change

   cannot be satisfied, but the pre-change resources remain allocated

   and available for use by the stream. In this case, the ST agent at

   the point where the failure occurred must inform upstream ST agents

   of the failure. (In the case where this ST agent is the target, there

   may not actually be a failure, the application may merely have not

   agreed to the change). The ST agent informs upstream ST agents by

   sending a REFUSE message with ReasonCode (CantGetResrc or

   ApplRefused). To indicate that the pre-change FlowSpec is still

   available and that the stream still exists, the ST agent sets the E-

   bit of the REFUSE message to one (1), see Section 10.4.11. Upstream

   ST agents receiving the REFUSE message inform the LRM so that it can

   attempt to revert back to the pre-change FlowSpec. It is permissible,

   but not desirable, for excess resources to remain allocated.

   For the case when the attempt to change the stream results in the

   loss of previously reserved resources, the stream is torn down. This

   can happen, for instance, when the I-bit is set (Section 4.6.5) and

   the LRM releases pre-change stream resources before the new ones are

   reserved, and neither new nor former resources are available. In this

   case, the ST agent where the failure occurs must inform other ST

   agents of the break in the affected portion of the stream. This is

   done by the ST agent by sending a REFUSE message upstream and a

   DISCONNECT message downstream, both with the ReasonCode

   (CantGetResrc). To indicate that pre-change stream resources have

   been lost, the E-bit of the REFUSE message is set to zero (0).

   Note that a failure to change the resources requested for specific

   targets should not cause other targets in the stream to be deleted.

5.7 Unknown Targets in DISCONNECT and CHANGE

   The handling of unknown targets listed in a DISCONNECT or CHANGE

   message is dependent on a stream's join authorization level, see

   Section 4.4.2. For streams with join authorization levels #0 and #1,

   see Section 4.4.2, all targets must be known. In this case, when

   processing a CHANGE message, the agent should generate a REFUSE

   message with ReasonCode (TargetUnknown). When processing a DISCONNECT

   message, it is possible that the DISCONNECT is a duplicate of an old

   request so the agent should respond as if it has successfully

   disconnected the target. That is, it should respond with an ACK

   message.

   For streams with join authorization level #2, it is possible that the

   origin is not aware of some targets that participate in the stream.

   The origin may delete or change these targets via the following

   flooding mechanism.

   If no next-hop ST agent can be associated with a target, the CHANGE/

   DISCONNECT message including the target is replicated to all known

   next-hop ST agents. This has the effect of propagating the CHANGE/

   DISCONNECT message to all downstream ST agents. Eventually, the ST

   agent that acts as the origin for the target (Section 4.6.3.1) is

   reached and the target is deleted.

   Target deletion/change via flooding is not expected to be the normal

   case. It is included to present the applications with uniform

   capabilities for all stream types. Flooding only applies to streams

   with join authorization level #2.

6. Failure Detection and Recovery

6.1 Failure Detection

   The SCMP failure detection mechanism is based on two assumptions:

1. If a neighbor of an ST agent is up, and has been up without a

    disruption, and has not notified the ST agent of a problem with

    streams that pass through both, then the ST agent can assume that

    there has not been any problem with those streams.

2. A network through which an ST agent has routed a stream will notify

    the ST agent if there is a problem that affects the stream data

    packets but does not affect the control packets.

   The purpose of the robustness protocol defined here is for ST agents

   to determine that the streams through a neighbor have been broken by

   the failure of the neighbor or the intervening network. This protocol

   should detect the overwhelming majority of failures that can occur.

   Once a failure is detected, the recovery procedures described in

   Section 6.2 are initiated by the ST agents.

6.1.1 Network Failures

   An ST agent can detect network failures by two mechanisms:

   o   the network can report a failure, or

   o   the ST agent can discover a failure by itself.

   They differ in the amount of information that an ST agent has

   available to it in order to make a recovery decision. For example, a

   network may be able to report that reserved bandwidth has been lost

   and the reason for the loss and may also report that connectivity to

   the neighboring ST agent remains intact. On the other hand, an ST

   agent may discover that communication with a neighboring ST agent has

   ceased because it has not received any traffic from that neighbor in

   some time period. If an ST agent detects a failure, it may not be

   able to determine if the failure was in the network while the

   neighbor remains available, or the neighbor has failed while the

   network remains intact.

6.1.2 Detecting ST Agents Failures

   Each ST agent periodically sends each neighbor with which it shares

   one or more streams a HELLO message. This message exchange is between

   ST agents, not entities representing streams or applications. That

   is, an ST agent need only send a single HELLO message to a neighbor

   regardless of the number of streams that flow between them. All ST

   agents (host as well as intermediate) must participate in this

   exchange. However, only ST agents that share active streams can

   participate in this exchange and it is an error to send a HELLO

   message to a neighbor ST agent with no streams in common, e.g., to

   check whether it is active. STATUS messages can be used to poll the

   status of neighbor ST agents, see Section 8.4.

   For the purpose of HELLO message exchange, stream existence is

   bounded by ACCEPT and DISCONNECT/REFUSE processing and is defined for

   both the upstream and downstream case. A stream to a previous-hop is

   defined to start once an ACCEPT message has been forwarded upstream.

   A stream to a next-hop is defined to start once the received ACCEPT

   message has been acknowledged. A stream is defined to terminate once

   an acknowledgment is sent for a received DISCONNECT or REFUSE

   message, and an acknowledgment for a sent DISCONNECT or REFUSE

   message has been received.

   The HELLO message has two fields:

   o   a HelloTimer field that is in units of milliseconds modulo the

       maximum for the field size, and

   o   a Restarted-bit specifying that the ST agent has been restarted

       recently.

   The HelloTimer must appear to be incremented every millisecond

   whether a HELLO message is sent or not. The HelloTimer wraps around

   to zero after reaching the maximum value. Whenever an ST agent

   suffers a catastrophic event that may result in it losing ST state

   information, it must reset its HelloTimer to zero and must set the

   Restarted-bit in all HELLO messages sent in the following

   HelloTimerHoldDown seconds.

   If an ST agent receives a HELLO message that contains the Restarted-

   bit set, it must assume that the sending ST agent has lost its state.

   If it shares streams with that neighbor, it must initiate stream

   recovery activity, see Section 6.2. If it does not share streams with

   that neighbor, it should not attempt to create one until that bit is

   no longer set. If an ST agent receives a CONNECT message from a

   neighbor whose Restarted-bit is still set, the agent must respond

   with an ERROR message with the appropriate ReasonCode

   (RestartRemote). If an agent receives a CONNECT message while the

   agent's own Restarted- bit is set, the agent must respond with an

   ERROR message with the appropriate ReasonCode (RestartLocal).

   Each ST stream has an associated RecoveryTimeout value. This value is

   assigned by the origin and carried in the CONNECT message, see

   Section 4.5.10. Each agent checks to see if it can support the

   requested value. If it can not, it updates the value to the smallest

   timeout interval it can support. The RecoveryTimeout used by a

   particular stream is obtained from the ACCEPT message, see Section

   4.5.10, and is the smallest value seen across all ACCEPT messages

   from participating targets.

   An ST agent must send HELLO messages to its neighbor with a period

   shorter than the smallest RecoveryTimeout of all the active streams

   that pass between the two ST agents, regardless of direction. This

   period must be smaller by a factor, called HelloLossFactor, which is

   at least as large as the greatest number of consecutive HELLO

   messages that could credibly be lost while the communication between

   the two ST agents is still viable.

   An ST agent may send simultaneous HELLO messages to all its neighbors

   at the rate necessary to support the smallest RecoveryTimeout of any

   active stream. Alternately, it may send HELLO messages to different

   neighbors independently at different rates corresponding to

   RecoveryTimeouts of individual streams.

   An ST agent must expect to receive at least one new HELLO message

   from each neighbor at least as frequently as the smallest

   RecoveryTimeout of any active stream in common with that neighbor.

   The agent can detect duplicate or delayed HELLO messages by comparing

   the HelloTimer field of the most recent valid HELLO message from that

   neighbor with the HelloTimer field of an incoming HELLO message.

   Valid incoming HELLO messages will have a HelloTimer field that is

   greater than the field contained in the previously received valid

   HELLO message by the time elapsed since the previous message was

   received. Actual evaluation of the elapsed time interval should take

   into account the maximum likely delay variance from that neighbor.

   If the ST agent does not receive a valid HELLO message within the

   RecoveryTimeout period of a stream, it must assume that the

   neighboring ST agent or the communication link between the two has

   failed and it must initiate stream recovery activity, as described

   below in Section 6.2.

6.2 Failure Recovery

   If an intermediate ST agent fails or a network or part of a network

   fails, the previous-hop ST agent and the various next-hop ST agents

   will discover the fact by the failure detection mechanism described

   in Section 6.1.

   The recovery of an ST stream is a relatively complex and time

   consuming effort because it is designed in a general manner to

   operate across a large number of networks with diverse

   characteristics. Therefore, it may require information to be

   distributed widely, and may require relatively long timers. On the

   other hand, since a network is typically a homogeneous system,

   failure recovery in the network may be a relatively faster and

   simpler operation. Therefore an ST agent that detects a failure

   should attempt to fix the network failure before attempting recovery

   of the ST stream. If the stream that existed between two ST agents

   before the failure cannot be reconstructed by network recovery

   mechanisms alone, then the ST stream recovery mechanism must be

   invoked.

   If stream recovery is necessary, the different ST agents will need to

   perform different functions, depending on their relation to the

   failure:

o   An ST agent that is a next-hop from a failure should first verify

    that there was a failure. It can do this using STATUS messages to

    query its upstream neighbor. If it cannot communicate with that

    neighbor, then for each active stream from that neighbor it should

    first send a REFUSE message upstream with the appropriate ReasonCode

    (STAgentFailure). This is done to the neighbor to speed up the

    failure recovery in case the hop is unidirectional, i.e., the

    neighbor can hear the ST agent but the ST agent cannot hear the

    neighbor. The ST agent detecting the failure must then, for each

    active stream from that neighbor, send DISCONNECT messages with the

    same ReasonCode toward the targets. All downstream ST agents process

    this DISCONNECT message just like the DISCONNECT that tears down the

    stream. If recovery is successful, targets will receive new CONNECT

    messages.

o   An ST agent that is the previous-hop before the failed component

    first verifies that there was a failure by querying the downstream

    neighbor using STATUS messages. If the neighbor has lost its state

    but is available, then the ST agent may try and reconstruct

    (explained below) the affected streams, for those streams that do

    not have the NoRecovery option selected. If it cannot communicate

    with the next-hop, then the ST agent detecting the failure sends a

    DISCONNECT message, for each affected stream, with the appropriate

    ReasonCode (STAgentFailure) toward the affected targets. It does so

    to speed up failure recovery in case the communication may be

    unidirectional and this message might be delivered successfully.

   Based on the NoRecovery option, the ST agent that is the previous-hop

   before the failed component takes the following actions:

o   If the NoRecovery option is selected, then the ST agent sends, per

    affected stream, a REFUSE message with the appropriate ReasonCode

    (STAgentFailure) to the previous-hop. The TargetList in these

    messages contains all the targets that were reached through the

    broken branch. As discussed in Section 5.1.2, multiple REFUSE

    messages may be required if the PDU is too long for the MTU of the

    intervening network. The REFUSE message is propagated all the way to

    the origin. The application at the origin can attempt recovery of

    the stream by sending a new CONNECT to the affected targets. For

    established streams, the new CONNECT will be treated by intermediate

    ST agents as an addition of new targets into the established stream.

o   If the NoRecovery option is not selected, the ST agent can attempt

    recovery of the affected streams. It does so one a stream by stream

    basis by issuing a new CONNECT message to the affected targets. If

    the ST agent cannot find new routes to some targets, or if the only

    route to some targets is through the previous-hop, then it sends one

    or more REFUSE messages to the previous-hop with the appropriate

    ReasonCode (CantRecover) specifying the affected targets in the

    TargetList. The previous-hop can then attempt recovery of the stream

    by issuing a CONNECT to those targets. If it cannot find an

    appropriate route, it will propagate the REFUSE message toward the

    origin.

   Regardless of which ST agent attempts recovery of a damaged stream,

   it will issue one or more CONNECT messages to the affected targets.

   These CONNECT messages are treated by intermediate ST agents as

   additions of new targets into the established stream. The FlowSpecs

   of the new CONNECT messages are the same as the ones contained in the

   most recent CONNECT or CHANGE messages that the ST agent had sent

   toward the affected targets when the stream was operational.

   Upon receiving an ACCEPT during the a stream recovery, the agent

   reconstructing the stream must ensure that the FlowSpec and other

   stream attributes (e.g., MaxMsgSize and RecoveryTimeout) of the re-

   established stream are equal to, or are less restrictive, than the

   pre-failure stream. If they are more restrictive, the recovery

   attempt must be aborted. If they are equal, or are less restrictive,

   then the recovery attempt is successful. When the attempt is a

   success, failure recovery related ACCEPTs are not forwarded upstream

   by the recovering agent.

   Any ST agent that decides that enough recovery attempts have been

   made, or that recovery attempts have no chance of succeeding, may

   indicate that no further attempts at recovery should be made. This is

   done by setting the N-bit in the REFUSE message, see Section 10.4.11.

   This bit must be set by agents, including the target, that know that

   there is no chance of recovery succeeding. An ST agent that receives

   a REFUSE message with the N-bit set (1) will not attempt recovery,

   regardless of the NoRecovery option, and it will set the N-bit when

   propagating the REFUSE message upstream.

6.2.1 Problems in Stream Recovery

   The reconstruction of a broken stream may not proceed smoothly. Since

   there may be some delay while the information concerning the failure

   is propagated throughout an internet, routing errors may occur for

   some time after a failure. As a result, the ST agent attempting the

   recovery may receive ERROR messages for the new CONNECTs that are

   caused by internet routing errors. The ST agent attempting the

   recovery should be prepared to resend CONNECTs before it succeeds in

   reconstructing the stream. If the failure partitions the internet and

   a new set of routes cannot be found to the targets, the REFUSE

   messages will eventually be propagated to the origin, which can then

   inform the application so it can decide whether to terminate or to

   continue to attempt recovery of the stream.

   The new CONNECT may at some point reach an ST agent downstream of the

   failure before the DISCONNECT does. In this case, the ST agent that

   receives the CONNECT is not yet aware that the stream has suffered a

   failure, and will interpret the new CONNECT as resulting from a

   routing failure. It will respond with an ERROR message with the

   appropriate ReasonCode (StreamExists). Since the timeout that the ST

   agents immediately preceding the failure and immediately following

   the failure are approximately the same, it is very likely that the

   remnants of the broken stream will soon be torn down by a DISCONNECT

   message. Therefore, the ST agent that receives the ERROR message with

   ReasonCode (StreamExists) should retransmit the CONNECT message after

   the ToConnect timeout expires. If this fails again, the request will

   be retried for NConnect times. Only if it still fails will the ST

   agent send a REFUSE message with the appropriate ReasonCode

   (RouteLoop) to its previous-hop. This message will be propagated back

   to the ST agent that is attempting recovery of the damaged stream.

   That ST agent can issue a new CONNECT message if it so chooses. The

   REFUSE is matched to a CONNECT message created by a recovery

   operation through the LnkReference field in the CONNECT.

   ST agents that have propagated a CONNECT message and have received a

   REFUSE message should maintain this information for some period of

   time. If an ST agent receives a second CONNECT message for a target

   that recently resulted in a REFUSE, that ST agent may respond with a

   REFUSE immediately rather than attempting to propagate the CONNECT.

   This has the effect of pruning the tree that is formed by the

   propagation of CONNECT messages to a target that is not reachable by

   the routes that are selected first. The tree will pass through any

   given ST agent only once, and the stream setup phase will be

   completed faster.

   If a CONNECT message reaches a target, the target should as

   efficiently as possible use the state that it has saved from before

   the stream failed during recovery of the stream. It will then issue

   an ACCEPT message toward the origin. The ACCEPT message will be

   intercepted by the ST agent that is attempting recovery of the

   damaged stream, if not the origin. If the FlowSpec contained in the

   ACCEPT specifies the same selection of parameters as were in effect

   before the failure, then the ST agent that is attempting recovery

   will not propagate the ACCEPT. FlowSpec comparison is done by the

   LRM. If the selections of the parameters are different, then the ST

   agent that is attempting recovery will send the origin a NOTIFY

   message with the appropriate ReasonCode (FailureRecovery) that

   contains a FlowSpec that specifies the new parameter values. The

   origin may then have to change its data generation characteristics

   and the stream's parameters with a CHANGE message to use the newly

   recovered subtree.

6.3 Stream Preemption

   As mentioned in Section 1.4.5, it is possible that the LRM decides to

   break a stream intentionally. This is called stream preemption.

   Streams are expected to be preempted in order to free resources for a

   new stream which has a higher priority.

   If the LRM decides that it is necessary to preempt one or more of the

   stream traversing it, the decision on which streams have to be

   preempted has to be made. There are two ways for an application to

   influence such decision:

   1. based on FlowSpec information. For instance, with the ST2+

       FlowSpec, streams can be assigned a precedence value from 0

       (least important) to 256 (most important). This value is

       carried in the FlowSpec when the stream is setup, see Section

       9.2, so that the LRM is informed about it.

   2. with the group mechanism. An application may specify that a set

       of streams are related to each other and that they are all

       candidate for preemption if one of them gets preempted. It can

       be done by using the fate-sharing relationship defined in

       Section 7.1.2. This helps the LRM making a good choice when

       more than one stream have to be preempted, because it leads to

       breaking a single application as opposed to as many

       applications as the number of preempted streams.

   If the LRM preempts a stream, it must notify the local ST agent. The

   following actions are performed by the ST agent:

o   The ST agent at the host where the stream was preempted sends

    DISCONNECT messages with the appropriate ReasonCode

    (StreamPreempted) toward the affected targets. It sends a REFUSE

    message with the appropriate ReasonCode (StreamPreempted) to the

    previous-hop.

o   A previous-hop ST agent of the preempted stream acts as in case of

    failure recovery, see Section 6.2.

o   A next-hop ST agent of the preempted stream acts as in case of

    failure recovery, see Section 6.2.

   Note that, as opposite to failure recovery, there is no need to

   verify that the failure actually occurred, because this is explicitly

   indicated by the ReasonCode (StreamPreempted).

7. A Group of Streams

   There may be need to associate related streams. The group mechanism

   is simply an association technique that allows ST agents to identify

   the different streams that are to be associated.

   A group consists of a set of streams and a relationship. The set of

   streams may be empty. The relationship applies to all group members.

   Each group is identified by a group name. The group name must be

   globally unique.

   Streams belong to the same group if they have the same GroupName in

   the GroupName field of the Group parameter, see Section 10.3.2. The

   relationship is defined by the Relationship field. Group membership

   must be specified at stream creation time and persists for the whole

   stream lifetime. A single stream may belong to multiple groups.

   The ST agent that creates a new group is called group initiator. Any

   ST agent can be a group initiator. The initiator allocates the

   GroupName and the Relationship among group members. The initiator may

   or may not be the origin of a stream belonging to the group.

   GroupName generation is described in Section 8.2.

7.1 Basic Group Relationships

   This version of ST defines four basic group relationships. An ST2+

   implementation must support all four basic relationships. Adherence

   to specified relationships are usually best effort. The basic

   relationships are described in detail below in Section 7.1.1 -

   Section 7.1.4.

7.1.1 Bandwidth Sharing

   Streams associated with the same group share the same network

   bandwidth. The intent is to support applications such as audio

   conferences where, of all participants, only some are allowed to

   speak at one time. In such a scenario, global bandwidth utilization

   can be lowered by allocating only those resources that can be used at

   once, e.g., it is sufficient to reserve bandwidth for a small set of

   audio streams.

   The basic concept of a shared bandwidth group is that the LRM will

   allocate up to some specified multiplier of the most demanding stream

   that it knows about in the group. The LRM will allocate resources

   incrementally, as stream setup requests are received, until the total

   group requirements are satisfied. Subsequent setup requests will

   share the group's resources and will not need any additional

   resources allocated. The procedure will result in standard allocation

   where only one stream in a group traverses an agent, and shared

   allocations where multiple streams traverse an agent.

   To illustrate, let's call the multiplier mentioned above "N", and the

   most demanding stream that an agent knows about in a group Bmax. For

   an application that intends to allow three participants to speak at

   the same time, N has a value of three and each LRM will allocate for

   the group an amount of bandwidth up to 3*Bmax even when there are

   many more steams in the group. The LRM will reserve resources

   incrementally, per stream request, until N*Bmax resources are

   allocated. Each agent may be traversed by a different set and number

   of streams all belonging to the same group.

   An ST agent receiving a stream request presents the LRM with all

   necessary group information, see Section 4.5.2.2. If maximum

   bandwidth, N*Bmax, for the group has already been allocated and a new

   stream with a bandwidth demand less than Bmax is being established,

   the LRM won't allocate any further bandwidth.

   If there is less than N*Bmax resources allocated, the LRM will expand

   the resources allocated to the group by the amount requested in the

   new FlowSpec, up to N*Bmax resources. The LRM will update the

   FlowSpec based on what resources are available to the stream, but not

   the total resources allocated for the group.

   It should be noted that ST agents and LRMs become aware of a group's

   requirements only when the streams belonging to the group are

   created. In case of the bandwidth sharing relationship, an

   application should attempt to establish the most demanding streams

   first to minimize stream setup efforts. If on the contrary the less

   demanding streams are built first, it will be always necessary to

   allocate additional bandwidth in consecutive steps as the most

   demanding streams are built. It is also up to the applications to

   coordinate their different FlowSpecs and decide upon an appropriate

   value for N.

7.1.2 Fate Sharing

   Streams belonging to this group share the same fate. If a stream is

   deleted, the other members of the group are also deleted. This is

   intended to support stream preemption by indicating which streams are

   mutually related. If preemption of multiple streams is necessary,

   this information can be used by the LRM to delete a set of related

   streams, e.g., with impact on a single application, instead of making

   a random choice with the possible effect of interrupting several

   different applications. This attribute does not apply to normal

   stream shut down, i.e., ReasonCode (ApplDisconnect). On normal

   disconnect, other streams belonging to such groups remain active.

   This relationship provides a hint on which streams should be

   preempted. Still, the LRM responsible for the preemption is not

   forced to behave accordingly, and other streams could be preempted

   first based on different criteria.

7.1.3 Route Sharing

   Streams belonging to this group share the same paths as much as is

   possible. This can be desirable for several reasons, e.g., to exploit

   the same allocated resources or in the attempt to maintain the

   transmission order. An ST agent attempts to select the same path

   although the way this is implemented depends heavily on the routing

   algorithm which is used.

   If the routing algorithm is sophisticated enough, an ST agent can

   suggest that a stream is routed over an already established path.

   Otherwise, it can ask the routing algorithm for a set of legal routes

   to the destination and check whether the desired path is included in

   those feasible.

   Route sharing is a hint to the routing algorithm used by ST. Failing

   to route a stream through a shared path should not prevent the

   creation of a new stream or result in the deletion of an existing

   stream.

7.1.4 Subnet Resources Sharing

   This relationship provides a hint to the data link layer functions.

   Streams belonging to this group may share the same MAC layer

   resources. As an example, the same MAC layer multicast address may be

   used for all the streams in a given group. This mechanism allows for

   a better utilization of MAC layer multicast addresses and it is

   especially useful when used with network adapters that offer a very

   small number of MAC layer multicast addresses.

7.2 Relationships Orthogonality

   The four basic relationships, as they have been defined, are

   orthogonal. This means, any combinations of the basic relationships

   are allowed. For instance, let's consider an application that

   requires full-duplex service for a stream with multiple targets.

   Also, let's suppose that only N targets are allowed to send data back

   to the origin at the same time. In this scenario, all the reverse

   streams could belong to the same group. They could be sharing both

   the paths and the bandwidth attributes. The Path&Bandwidth sharing

   relationship is obtained from the basic set of relationships. This

   example is important because it shows how full-duplex service can be

   efficiently obtained in ST.

8. Ancillary Functions

   Certain functions are required by ST host and intermediate agent

   implementations. Such functions are described in this section.

8.1 Stream ID Generation

   The stream ID, or SID, is composed of 16-bit unique identifier and

   the stream origin's 32-bit IP address. Stream IDs must be globally

   unique. The specific definition and format of the 16 -bit field is

   left to the implementor. This field is expected to have only local

   significance.

   An ST implementation has to provide a stream ID generator facility,

   so that an application or higher layer protocol can obtain a unique

   IDs from the ST layer. This is a mechanism for the application to

   request the allocation of stream ID that is independent of the

   request to create a stream. The Stream ID is used by the application

   or higher layer protocol when creating the streams.

   For instance, the following two functions could be made available:

   o   AllocateStreamID() -> result, StreamID

   o   ReleaseStreamID(StreamID) -> result

   An implementation may also provide a StreamID deletion function.

8.2 Group Name Generator

   GroupName generation is similar to Stream ID generation. The

   GroupName includes a 16-bit unique identifier, a 32-bit creation

   timestamp, and a 32-bit IP address. Group names are globally unique.

   A GroupName includes the creator's IP address, so this reduces a

   global uniqueness problem to a simple local problem. The specific

   definitions and formats of the 16-bit field and the 32-bit creation

   timestamp are left to the implementor. These fields must be locally

   unique, and only have local significance.

   An ST implementation has to provide a group name generator facility,

   so that an application or higher layer protocol can obtain a unique

   GroupName from the ST layer. This is a mechanism for the application

   to request the allocation of a GroupName that is independent of the

   request to create a stream. The GroupName is used by the application

   or higher layer protocol when creating the streams that are to be

   part of the group.

   For instance, the following two functions could be made available:

   o   AllocateGroupName() -> result, GroupName

   o   ReleaseGroupName(GroupName) -> result

   An implementation may also provide a GroupName deletion function.

8.3 Checksum Computation

   The standard Internet checksum algorithm is used for ST: "The

   checksum field is the 16-bit one's complement of the one's complement

   sum of all 16-bit words in the header. For purposes of computing the

   checksum, the value of the checksum field is zero (0)." See

   [RFC1071], [RFC1141], and [RFC791] for suggestions for efficient

   checksum algorithms.

8.4 Neighbor ST Agent Identification and Information Collection

   The STATUS message can be used to collect information about neighbor

   ST agents, streams the neighbor supports, and specific targets of

   streams the neighbor supports. An agent receiving a STATUS message

   provides the requested information via a STATUS-RESPONSE message.

   The STATUS message can be used to collect different information from

   a neighbor. It can be used to:

o   identify ST capable neighbors. If an ST agent wishes to check if

    a neighbor is ST capable, it should generate a STATUS message with

    an SID which has all its fields set to zero. An agent receiving a

    STATUS message with such SID should answer with a STATUS-RESPONSE

    containing the same SID, and no other stream information. The

    receiving ST agent must answer as soon as possible to aid in Round

    Trip Time estimation, see Section 8.5;

o   obtain information on a particular stream. If an ST agent wishes to

    check a neighbor's general information related to a specific

    stream, it should generate a STATUS message containing the stream's

    SID. An ST agent receiving such a message, will first check to see

    if the stream is known. If not known, the receiving ST agent sends a

    STATUS-RESPONSE containing the same SID, and no other stream

    information. If the stream is known, the receiving ST agent sends a

    STATUS-RESPONSE containing the stream's SID, IPHops, FlowSpec, group

    membership (if any), and as many targets as can be included in a

    single message as limited by MTU, see Section 5.1.2. Note that all

    targets may not be included in a response to a request for general

    stream information. If information on a specific target in a stream

    is desired, the mechanism described next should be used.

o   obtain information on particular targets in a stream. If an ST agent

    wishes to check a neighbor's information related to one or more

    specific targets of a specific stream, it should generate a STATUS

    message containing the stream's SID and a TargetList parameter

    listing the relevant targets. An ST agent receiving such a message,

    will first check to see if the stream and target are known. If the

    stream is not known, the agent follows the process described above.

    If both the stream and targets are known, the agent responds with

    STATUS-RESPONSE containing the stream's SID, IPHops, FlowSpec, group

    membership (if any), and the requested targets that are known. If

    the stream is known but the target is not, the agent responds with a

    STATUS-RESPONSE containing the stream's SID, IPHops, FlowSpec, group

    membership (if any), but no targets.

   The specific formats for STATUS and STATUS-RESPONSE messages are

   defined in Section 10.4.12 and Section 10.4.13.

8.5 Round Trip Time Estimation

   SCMP is made reliable through use of retransmission when an expected

   acknowledgment is not received in a timely manner. Timeout and

   retransmission algorithms are implementation dependent and are

   outside the scope of this document. However, it must be reasonable

   enough not to cause excessive retransmission of SCMP messages while

   maintaining the robustness of the protocol. Algorithms on this

   subject are described in [WoHD95], [Jaco88], [KaPa87].

   Most existing algorithms are based on an estimation of the Round Trip

   Time (RTT) between two hosts. With SCMP, if an ST agent wishes to

   have an estimate of the RTT to and from a neighbor, it should

   generate a STATUS message with an SID which has all its fields set to

   zero. An ST agent receiving a STATUS message with such SID should

   answer as rapidly as possible with a STATUS-RESPONSE message

   containing the same SID, and no other stream information. The time

   interval between the send and receive operations can be used as an

   estimate of the RTT to and from the neighbor.

8.6 Network MTU Discovery

   At connection setup, the application at the origin asks the local ST

   agent to create streams with certain QoS requirements. The local ST

   agent fills out its network MTU value in the MaxMsgSize parameter in

   the CONNECT message and forwards it to the next-hop ST agents. Each

   ST agent in the path checks to see if it's network MTU is smaller

   than the one specified in the CONNECT message and, if it is, the ST

   agent updates the MaxMsgSize in the CONNECT message to it's network

   MTU. If the target application decides to accept the stream, the ST

   agent at the target copies the MTU value in the CONNECT message to

   the MaxMsgSize field in the ACCEPT message and sends it back to the

   application at the origin. The MaxMsgSize field in the ACCEPT message

   is the minimum MTU of the intervening networks to that target. If the

   application has multiple targets then the minimum MTU of the stream

   is the smallest MaxMsgSize received from all the ACCEPT messages. It

   is the responsibility of the application to segment its PDUs

   according to the minimum MaxMsgSize of the stream since no data

   fragmentation is supported during the data transfer phase. If a

   particular target's MaxMsgSize is unacceptable to an application, it

   may disconnect the target from the stream and assume that the target

   cannot be supported. When evaluating a particular target's

   MaxMsgSize, the application or the application interface will need to

   take into account the size of the ST data header.

8.7 IP Encapsulation of ST

   ST packets may be encapsulated in IP to allow them to pass through

   routers that don't support the ST Protocol. Of course, ST resource

   management is precluded over such a path, and packet overhead is

   increased by encapsulation, but if the performance is reasonably

   predictable this may be better than not communicating at all.

   IP-encapsulated ST packets begin with a normal IP header. Most fields

   of the IP header should be filled in according to the same rules that

   apply to any other IP packet. Three fields of special interest are:

o   Protocol is 5, see [RFC1700], to indicate an ST packet is enclosed,

    as opposed to TCP or UDP, for example.

o   Destination Address is that of the next-hop ST agent. This may or

    may not be the target of the ST stream. There may be an intermediate

    ST agent to which the packet should be routed to take advantage of

    service guarantees on the path past that agent. Such an intermediate

    agent would not be on a directly-connected network (or else IP

    encapsulation wouldn't be needed), so it would probably not be

    listed in the normal routing table. Additional routing mechanisms,

    not defined here, will be required to learn about such agents.

o   Type-of-Service may be set to an appropriate value for the service

    being requested, see [RFC1700]. This feature is not implemented

    uniformly in the Internet, so its use can't be precisely defined

    here.

   IP encapsulation adds little difficulty for the ST agent that

   receives the packet. However, when IP encapsulation is performed it

   must be done in both directions. To process the encapsulated IP

   message, the ST agents simply remove the IP header and proceed with

   ST header as usual.

   The more difficult part is during setup, when the ST agent must

   decide whether or not to encapsulate. If the next-hop ST agent is on

   a remote network and the route to that network is through a router

   that supports IP but not ST, then encapsulation is required. The

   routing function provides ST agents with the route and capability

   information needed to support encapsulation.

   On forwarding, the (mostly constant) IP Header must be inserted and

   the IP checksum appropriately updated.

   Applications are informed about the number of IP hops traversed on

   the path to each target. The IPHops field of the CONNECT message, see

   Section 10.4.4, carries the number of traversed IP hops to the target

   application. The field is incremented by each ST agent when IP

   encapsulation will be used to reach the next-hop ST agent. The number

   of IP hops traversed is returned to the origin in the IPHops field of

   the ACCEPT message, Section 10.4.1.

   When using IP Encapsulation, the MaxMsgSize field will not reflect

   the MTU of the IP encapsulated segments. This means that IP

   fragmentation and reassembly may be needed in the IP cloud to support

   a message of MaxMsgSize. IP fragmentation can only occur when the MTU

   of the IP cloud, less IP header length, is the smallest MTU in a

   stream's network path.

8.8 IP Multicasting

   If an ST agent must use IP encapsulation to reach multiple next-hops

   toward different targets, then either the packet must be replicated

   for transmission to each next-hop, or IP multicasting may be used if

   it is implemented in the next-hop ST agents and in the intervening IP

   routers.

   When the stream is established, the collection of next-hop ST agents

   must be set up as an IP multicast group. The ST agent must allocate

   an appropriate IP multicast address (see Section 10.3.3) and fill

   that address in the IPMulticastAddress field of the CONNECT message.

   The IP multicast address in the CONNECT message is used to inform the

   next-hop ST agents that they should join the multicast group to

   receive subsequent PDUs. Obviously, the CONNECT message itself must

   be sent using unicast. The next-hop ST agents must be able to receive

   on the specified multicast address in order to accept the connection.

   If the next-hop ST agent can not receive on the specified multicast

   address, it sends a REFUSE message with ReasonCode (BadMcastAddress).

   Upon receiving the REFUSE, the upstream agent can choose to retry

   with a different multicast address. Alternatively, it can choose to

   lose the efficiency of multicast and use unicast delivery.

   The following permanent IP multicast addresses have been assigned to

   ST:

           224.0.0.7 All ST routers (intermediate agents)

           224.0.0.8 All ST hosts (agents)

   In addition, a block of transient IP multicast addresses, 224.1.0.0 -

   224.1.255.255, has been allocated for ST multicast groups. For

   instance, the following two functions could be made available:

   o   AllocateMcastAddr() -> result, McastAddr

   o   ListenMcastAddr(McastAddr) -> result

   o   ReleaseMcastAddr(McastAddr) -> result

9. The ST2+ Flow Specification

   This section defines the ST2+ flow specification. The flow

   specification contains the user application requirements in terms of

   quality of service. Its contents are LRM dependent and are

   transparent to the ST2 setup protocol. ST2 carries the flow

   specification as part of the FlowSpec parameter, which is described

   in Section 10.3.1. The required ST2+ flow specification is included

   in the protocol only to support interoperability. ST2+ also defines a

   "null" flow specification to be used only to support testing.

   ST2 is not dependent on a particular flow specification format and it

   is expected that other versions of the flow specification will be

   needed in the future. Different flow specification formats are

   distinguished by the value of the Version field of the FlowSpec

   parameter, see Section 10.3.1. A single stream is always associated

   with a single flow specification format, i.e., the Version field is

   consistent throughout the whole stream. The following Version field

   values are defined:

   0 - Null FlowSpec       /* must be supported */

   1 - ST Version 1

   2 - ST Version 1.5

   3 - RFC 1190 FlowSpec

   4 - HeiTS FlowSpec

   5 - BerKom FlowSpec

   6 - RFC 1363 FlowSpec

   7 - ST2+ FlowSpec       /* must be supported */

   FlowSpecs version #0 and #7 must be supported by ST2+

   implementations. Version numbers in the range 1-6 indicate flow

   specifications are currently used in existing ST2 implementations.

   Values in the 128-255 range are reserved for private and experimental

   use.

   In general, a flow specification may support sophisticated flow

   descriptions. For example, a flow specification could represent sub-

   flows of a particular stream. This could then be used to by a

   cooperating application and LRM to forward designated packets to

   specific targets based on the different sub-flows. The reserved bits

   in the ST2 Data PDU, see Section 10.1, may be used with such a flow

   specification to designate packets associated with different sub-

   flows. The ST2+ FlowSpec is not so sophisticated, and is intended for

   use with applications that generate traffic at a single rate for

   uniform delivery to all targets.

9.1 FlowSpec Version #0 - (Null FlowSpec)

   The flow specification identified by a #0 value of the Version field

   is called the Null FlowSpec. This flow specification causes no

   resources to be allocated. It is ignored by the LRMs. Its contents

   are never updated. Stream setup takes place in the usual way leading

   to successful stream establishment, but no resources are actually

   reserved.

   The purpose of the Null FlowSpec is that of facilitating

   interoperability tests by allowing streams to be built without

   actually allocating the correspondent amount of resources. The Null

   FlowSpec may also be used for testing and debugging purposes.

   The Null FlowSpec comprises the 4-byte FlowSpec parameter only, see

   Section 10.3.1. The third byte (Version field) must be set to 0.

9.2 FlowSpec Version #7 - ST2+ FlowSpec

   The flow specification identified by a #7 value of the Version field

   is the ST2+ FlowSpec, to be used by all ST2+ implementations. It

   allows the user applications to express their real-time requirements

   in the form of a QoS class, precedence, and three basic QoS

   parameters:

   o   message size,

   o   message rate,

   o   end-to-end delay.

   The QoS class indicates what kind of QoS guarantees are expected by

   the application, e.g., strict guarantees or predictive, see Section

   9.2.1. QoS parameters are expressed via a set of values:

o   the "desired" values indicate the QoS desired by the application.

    These values are assigned by the application and never modified by

    the LRM.

o   the "limit" values indicate the lowest QoS the application is

    willing to accept. These values are also assigned by the application

    and never modified by the LRM.

o   the "actual" values indicate the QoS that the system is able to

    provide. They are updated by the LRM at each node. The "actual"

    values are always bounded by the "limit" and "desired" values.

9.2.1 QoS Classes

   Two QoS classes are defined:

   1 - QOS_PREDICTIVE      /* QoSClass field value = 0x01, must be

                              supported*/

   2 - QOS_GUARANTEED      /* QoSClass field value = 0x10, optional */

o   The QOS_PREDICTIVE class implies that the negotiated QoS may be

    violated for short time intervals during the data transfer. An

    application has to provide values that take into account the

    "normal" case, e.g., the "desired" message rate is the allocated rate

    for the transmission. Reservations are done for the "normal" case as

    opposite to the peak case required by the QOS_GUARANTEED service

    class. This QoS class must be supported by all implementations.

o   The QOS_GUARANTEED class implies that the negotiated QoS for the

    stream is never violated during the data transfer. An application

    has to provide values that take into account the worst possible

    case, e.g., the "desired" message rate is the peak rate for the

    transmission. As a result, sufficient resources to handle the peak

    rate are reserved. This strategy may lead to overbooking of

    resources, but it provides strict real-time guarantees. Support of

    this QoS class is optional.

   If a LRM that doesn't support class QOS_GUARANTEED receives a

   FlowSpec containing QOS_GUARANTEED class, it informs the local ST

   agent. The ST agent may try different paths or delete the

   correspondent portion of the stream as described in Section 5.5.3,

   i.e., ReasonCode (FlowSpecError).

9.2.2 Precedence

   Precedence is the importance of the connection being established.

   Zero represents the lowest precedence. The lowest level is expected

   to be used by default. In general, the distinction between precedence

   and priority is that precedence specifies streams that are permitted

   to take previously committed resources from another stream, while

   priority identifies those PDUs that a stream is most willing to have

   dropped.

9.2.3 Maximum Data Size

   This parameter is expressed in bytes. It represents the maximum

   amount of data, excluding ST and other headers, allowed to be sent in

   a messages as part of the stream. The LRM first checks whether it is

   possible to get the value desired by the application (DesMaxSize). If

   not, it updates the actual value (ActMaxSize) with the available size

   unless this value is inferior to the minimum allowed by the

   application (LimitMaxSize), in which case it informs the local ST

   agent that it is not possible to build the stream along this path.

9.2.4 Message Rate

   This parameter is expressed in messages/second. It represents the

   transmission rate for the stream. The LRM first checks whether it is

   possible to get the value desired by the application (DesRate). If

   not, it updates the actual value (ActRate) with the available rate

   unless this value is inferior to the minimum allowed by the

   application (LimitRate), in which case it informs the local ST agent

   that it is not possible to build the stream along this path.

9.2.5 Delay and Delay Jitter

   The delay parameter is expressed in milliseconds. It represents the

   maximum end-to-end delay for the stream. The LRM first checks whether

   it is possible to get the value desired by the application

   (DesMaxDelay). If not, it updates the actual value (ActMaxDelay) with

   the available delay unless this value is greater than the maximum

   delay allowed by the application (LimitMaxDelay), in which case it

   informs the local ST agent that it is not possible to build the

   stream along this path.

   The LRM also updates at each node the MinDelay field by incrementing

   it by the minimum possible delay to the next-hop. Information on the

   minimum possible delay allows to calculate the maximum end-to-end

   delay range, i.e., the time interval in which a data packet can be

   received. This interval should not exceed the DesMaxDelayRange value

   indicated by the application. The maximum end-to-end delay range is

   an upper bound of the delay jitter.

9.2.6 ST2+ FlowSpec Format

   The ST2+ FlowSpec has the following format:

        0                   1                   2                   3

        0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

       |    QosClass   | Precedence   |            0(unused)          |

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

       |                             DesRate                           |

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

       |                            LimitRate                          |

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

       |                             ActRate                           |

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

       |            DesMaxSize         |           LimitMaxSize        |

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

       |            ActMaxSize         |           DesMaxDelay         |

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

       |            LimitMaxDelay      |           ActMaxDelay         |

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

       |            DesMaxDelayRange   |           ActMinDelay         |

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

                        Figure 9: The ST2+ FlowSpec.

   The LRM modifies only "actual" fields, i.e., those beginning with

   "Act". The user application assigns values to all other fields.

o   QoSClass indicates which of the two defined classes of service

    applies. The two classes are: QOS_PREDICTIVE (QoSClass = 1) and

    QOS_GUARANTEED (QoSClass = 2).

o   Precedence indicates the stream's precedence. Zero represents the

    lowest precedence, and should be the default value.

o   DesRate is the desired transmission rate for the stream in messages/

    second. This field is set by the origin and is not modified by

    intermediate agents.

o   LimitRate is the minimum acceptable transmission rate in messages/

    second. This field is set by the origin and is not modified by

    intermediate agents.

o   ActRate is the actual transmission rate allocated for the stream in

    messages/second. Each agent updates this field with the available

    rate unless this value is less than LimitRate, in which case a

    REFUSE is generated.

o   DesMaxSize is the desired maximum data size in bytes that will be

    sent in a message in the stream. This field is set by the origin.

o   LimitMaxSize is the minimum acceptable data size in bytes. This

    field is set by the origin

o   ActMaxSize is the actual maximum data size that may be sent in a

    message in the stream. This field is updated by each agent based on

    MTU and available resources. If available maximum size is less than

    LimitMaxSize, the connection must be refused with ReasonCode

    (CantGetResrc).

o   DesMaxDelay is the desired maximum end-to-end delay for the stream

    in milliseconds. This field is set by the origin.

o   LimitMaxDelay is the upper-bound of acceptable end-to-end delay for

    the stream in milliseconds. This field is set by the origin.

o   ActMaxDelay is the maximum end-to-end delay that will be seen by

    data in the stream. Each ST agent adds to this field the maximum

    delay that will be introduced by the agent, including transmission

    time to the next-hop ST agent. If the actual maximum exceeds

    LimitMaxDelay, then the connection is refused with ReasonCode

    (CantGetResrc).

o   DesMaxDelayRange is the desired maximum delay range that may be

    encountered end-to-end by stream data in milliseconds. This value is

    set by the application at the origin.

o   ActMinDelay is the actual minimum end-to-end delay that will be

    encountered by stream data in milliseconds. Each ST agent adds to

    this field the minimum delay that will be introduced by the agent,

    including transmission time to the next-hop ST agent. Each agent

    must add at least 1 millisecond. The delay range for the stream can

    be calculated from the actual maximum and minimum delay fields. It

    is expected that the range will be important to some applications.

10. ST2 Protocol Data Units Specification

10.1 Data PDU

   IP and ST packets can be distinguished by the IP Version Number

   field, i.e., the first four (4) bits of the packet; ST has been

   assigned the value 5 (see [RFC1700]). There is no requirement for

   compatibility between IP and ST packet headers beyond the first four

   bits. (IP uses value 4.)

   The ST PDUs sent between ST agents consist of an ST Header

   encapsulating either a higher layer PDU or an ST Control Message.

   Data packets are distinguished from control messages via the D-bit

   (bit 8) in the ST header.

   The ST Header also includes an ST Version Number, a total length

   field, a header checksum, a unique id, and the stream origin 32-bit

   IP address. The unique id and the stream origin 32-bit IP address

   form the stream id (SID). This is shown in Figure 10. Please refer to

   Section 10.6 for an explanation of the notation.

        0                   1                   2                   3

        0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

       | ST=5 | Ver=3 |D| Pri |   0   |            TotalBytes         |

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

       |          HeaderChecksum       |            UniqueID           |

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

       |                         OriginIPAddress                       |

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

                            Figure 10: ST Header

o   ST is the IP Version Number assigned to identify ST packets. The

    value for ST is 5.

o   Ver is the ST Version Number. The value for the current ST2+ version

    is 3.

o   D (bit 8) is set to 1 in all ST data packets and to 0 in all SCMP

    control messages.

o   Pri (bits 9-11) is the packet-drop priority field with zero (0)

    being lowest priority and seven the highest. The field is to be used

    as described in Section 3.2.2.

o   TotalBytes is the length, in bytes, of the entire ST packet, it

    includes the ST Header but does not include any local network

    headers or trailers. In general, all length fields in the ST

    Protocol are in units of bytes.

o   HeaderChecksum covers only the ST Header (12 bytes). The ST Protocol

    uses 16-bit checksums here in the ST Header and in each Control

    Message. For checksum computation, see Section 8.3.

o   UniqueID is the first element of the stream ID (SID). It is locally

    unique at the stream origin, see Section 8.1.

o   OriginIPAddress is the second element of the SID. It is the 32-bit

    IP address of the stream origin, see Section 8.1.

   Bits 12-15 must be set to zero (0) when using the flow specifications

   defined in this document, see Section 9. They may be set accordingly

   when other flow specifications are used, e.g., as described in

   [WoHD95].

10.1.1 ST Data Packets

   ST packets whose D-bit is non-zero are data packets. Their

   interpretation is a matter for the higher layer protocols and

   consequently is not specified here. The data packets are not

   protected by an ST checksum and will be delivered to the higher layer

   protocol even with errors. ST agents will not pass data packets over

   a new hop whose setup is not complete.

10.2 Control PDUs

   SCMP control messages are exchanged between neighbor ST agents using

   a D-bit of zero (0). The control protocol follows a request-response

   model with all requests expecting responses. Retransmission after

   timeout (see Section 4.3) is used to allow for lost or ignored

   messages. Control messages do not extend across packet boundaries; if

   a control message is too large for the MTU of a hop, its information

   is partitioned and a control message per partition is sent (see

   Section 5.1.2). All control messages have the following format

        0                   1                   2                   3

        0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

       | OpCode       |     Options   |           TotalBytes          |

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

       |          Reference            |          LnkReference         |

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

       |                         SenderIPAddress                       |

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

       |            Checksum           |            ReasonCode         |

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

       :                      OpCodeSpecificData                       :

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

                    Figure 11: ST Control Message Format

o   OpCode identifies the type of control message.

o   Options is used to convey OpCode-specific variations for a control

    message.

o   TotalBytes is the length of the control message, in bytes, including

    all OpCode specific fields and optional parameters. The value is

    always divisible by four (4).

o   Reference is a transaction number. Each sender of a request control

    message assigns a Reference number to the message that is unique

    with respect to the stream. The Reference number is used by the

    receiver to detect and discard duplicates. Each acknowledgment

    carries the Reference number of the request being acknowledged.

    Reference zero (0) is never used, and Reference numbers are assumed

    to be monotonically increasing with wraparound so that the older-

    than and more-recent-than relations are well defined.

o   LnkReference contains the Reference field of the request control

    message that caused this request control message to be created. It

    is used in situations where a single request leads to multiple

    responses from the same ST agent. Examples are CONNECT and CHANGE

    messages that are first acknowledged hop-by-hop and then lead to an

    ACCEPT or REFUSE response from each target.

o   SenderIPAddress is the 32-bit IP address of the network interface

    that the ST agent used to send the control message. This value

    changes each time the packet is forwarded by an ST agent (hop-by-

    hop).

o   Checksum is the checksum of the control message. Because the control

    messages are sent in packets that may be delivered with bits in

    error, each control message must be checked to be error free before

    it is acted upon.

o   ReasonCode is set to zero (0 = NoError) in most SCMP messages.

    Otherwise, it can be set to an appropriate value to indicate an

    error situation as defined in Section 10.5.3.

o   OpCodeSpecificData contains any additional information that is

    associated with the control message. It depends on the specific

    control message and is explained further below. In some response

    control messages, fields of zero (0) are included to allow the

    format to match that of the corresponding request message. The

    OpCodeSpecificData may also contain optional parameters. The

    specifics of OpCodeSpecificData are defined in Section 10.3.

10.3 Common SCMP Elements

   Several fields and parameters (referred to generically as elements)

   are common to two or more PDUs. They are described in detail here

   instead of repeating their description several times. In many cases,

   the presence of a parameter is optional. To permit the parameters to

   be easily defined and parsed, each is identified with a PCode byte

   that is followed by a PBytes byte indicating the length of the

   parameter in bytes (including the PCode, PByte, and any padding

   bytes). If the length of the information is not a multiple of four

   (4) bytes, the parameter is padded with one to three zero (0) bytes.

   PBytes is thus always a multiple of four (4). Parameters can be

   present in any order.

10.3.1 FlowSpec

   The FlowSpec parameter (PCode = 1) is used in several SCMP messages

   to convey the ST2 flow specification. The FlowSpec parameter has the

   following format:

        0                   1                   2                   3

        0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

       |   PCode = 1   |    PBytes     |   Version     |       0       |

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

       :                        FlowSpec detail                        :

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

                       Figure 12: FlowSpec Parameter

o   the Version field contains the FlowSpec version.

o   the FlowSpec detail field contains the flow specification and is

    transparent to the ST agent. It is the data structure to be passed

    to the LRM. It must be 4-byte aligned.

   The Null FlowSpec, see Section 9.1, has no FlowSpec detail field.

   PBytes is set to four (4), and Version is set to zero (0). The ST2+

   FlowSpec, see Section 9.2, is a 32-byte data structure. PBytes is set

   to 36, and Version is set to seven (7).

10.3.2 Group

   The Group parameter (PCode = 2) is an optional argument used to

   indicate that the stream is a member in the specified group.

        0                   1                   2                   3

        0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

       | PCode = 2    |   PBytes = 16 |           GroupUniqueID       |

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

       |                        GroupCreationTime                      |

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

       |                     GroupInitiatorIPAddress                   |

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

       |            Relationship       |                 N             |

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

                         Figure 13: Group Parameter

o   GroupUniqueID, GroupInitiatorIPAddress, and GroupCreationTime

    together form the GroupName field. They are allocated by the group

    name generator function, see Section 8.2. GroupUniqueID and

    GroupCreationTime are implementation specific and have only local

    definitions.

o   Relationship has the following format:

                                            0

                        0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5

                       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

                       |    0 (unused)         |S|P|F|B|

                       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

                       Figure 14: Relationship Field

   The B, F, P, S bits correspond to Bandwidth, Fate, Path, and Subnet

   resources sharing, see Section 7. A value of 1 indicates that the

   relationship exists for this group. All combinations of the four bits

   are allowed. Bits 0-11 of the Relationship field are reserved for

   future use and must be set to 0.

o   N contains a legal value only if the B-bit is set. It is the value

    of the N parameter to be used as explained in Section 7.1.1.

10.3.3 MulticastAddress

   The MulticastAddress parameter (PCode = 3) is an optional parameter

   that is used when using IP encapsulation and setting up an IP

   multicast group. This parameter is used to communicate the desired IP

   multicast address to next-hop ST agents that should become members of

   the group, see Section 8.8.

        0                   1                   2                   3

        0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

       | PCode = 3    |   PBytes = 8 |                0              |

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

       |                        IPMulticastAddress                     |

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

                        Figure 15: MulticastAddress

o   IPMulticastAddress is the 32-bit IP multicast address to be used to

    receive data packets for the stream.

10.3.4 Origin

   The Origin parameter (PCode = 4) is used to identify the next higher

   protocol, and the SAP being used in conjunction with that protocol.

        0                   1                   2                   3

        0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

       | PCode = 5    |   PBytes      | NextPcol      |OriginSAPBytes |

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

       :                OriginSAP                      :     Padding   |

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

                             Figure 16: Origin

o   NextPcol is an 8-bit field used in demultiplexing operations to

    identify the protocol to be used above ST. The values of NextPcol

    are in the same number space as the IP header's Protocol field and

    are consequently defined in the Assigned Numbers RFC [RFC1700].

o   OriginSAPBytes specifies the length of the OriginSAP, exclusive of

    any padding required to maintain 32-bit alignment.

o   OriginSAP identifies the origin's SAP associated with the NextPcol

    protocol.

   Note that the 32-bit IP address of the stream origin is not included

   in this parameter because it is always available as part of the ST

   header.

10.3.5 RecordRoute

   The RecordRoute parameter (PCode = 5) is used to request that the

   route between the origin and a target be recorded and delivered to

   the user application. The ST agent at the origin (or target)

   including this parameter, has to determine the parameter's length,

   indicated by the PBytes field. ST agents processing messages

   containing this parameter add their receiving IP address in the

   position indicated by the FreeOffset field, space permitting. If no

   space is available, the parameter is passed unchanged. When included

   by the origin, all agents between the origin and the target add their

   IP addresses and this information is made available to the

   application at the target. When included by the target, all agents

   between the target and the origin, inclusive, add their IP addresses

   and this information is made available to the application at the

   origin.

        0                   1                   2                   3

        0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

       |   PCode = 5   |     PBytes    |       0       | FreeOffset   |

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

       |                          IP Address 1                         |

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

       :                              ...                              :

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

       |                          IP Address N                         |

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

                           Figure 17: RecordRoute

o   PBytes is the length of the parameter in bytes. Length is determined

    by the agent (target or origin) that first introduces the parameter.

    Once set, the length of the parameter remains unchanged.

o   FreeOffset indicates the offset, relative to the start of the

    parameter, for the next IP address to be recorded. When the

    FreeOffset is greater than, or equal to, PBytes the RecordRoute

    parameter is full.

o   IP Address is filled in, space permitting, by each ST agent

    processing this parameter.

10.3.6 Target and TargetList

   Several control messages use a parameter called TargetList (PCode =

   6), which contains information about the targets to which the message

   pertains. For each Target in the TargetList, the information includes

   the 32-bit IP address of the target, the SAP applicable to the next

   higher layer protocol, and the length of the SAP (SAPBytes).

   Consequently, a Target structure can be of variable length. Each

   entry has the format shown in Figure 18.

        0                   1                   2                   3

        0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

       |                        Target IP Address                      |

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

       | TargetBytes | SAPBytes     |     SAP       :    Padding    |

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

                             Figure 18: Target

o   TargetIPAddress is the 32-bit IP Address of the Target.

o   TargetBytes is the length of the Target structure, beginning with

    the TargetIPAddress.

o   SAPBytes is the length of the SAP, excluding any padding required to

    maintain 32-bit alignment.

o   SAP may be longer than 2 bytes and it includes a padding when

    required. There would be no padding required for SAPs with lengths

    of 2, 6, 10, etc., bytes.

        0                   1                   2                   3

        0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

       | PCode = 6    |   PBytes      |           TargetCount = N     |

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

       |                           Target 1                            |

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

       :                               :                               :

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

       |                           Target N                            |

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

                           Figure 19: TargetList

10.3.7 UserData

   The UserData parameter (PCode = 7) is an optional parameter that may

   be used by the next higher protocol or an application to convey

   arbitrary information to its peers. This parameter is propagated in

   some control messages and its contents have no significance to ST

   agents. Note that since the size of control messages is limited by

   the smallest MTU in the path to the targets, the maximum size of this

   parameter cannot be specified a priori. If the size of this parameter

   causes a message to exceed the network MTU, an ST agent behaves as

   described in Section 5.1.2. The parameter must be padded to a

   multiple of 32 bits.

        0                   1                   2                   3

        0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

       | PCode = 7    |   PBytes      |           UserBytes           |

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

       :                      UserInfo                 :   Padding     |

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

                            Figure 20: UserData

o   UserBytes specifies the number of valid UserInfo bytes.

o   UserInfo is arbitrary data meaningful to the next higher protocol

    layer or application.

10.3.8 Handling of Undefined Parameters

   An ST agent must be able to handle all parameters listed above. To

   support possible future uses, parameters with unknown PCodes must

   also be supported. If an agent receives a message containing a

   parameter with an unknown Pcode value, the agent should handle the

   parameter as if it was a UserData parameter. That is, the contents of

   the parameter should be ignored, and the message should be

   propagated, as appropriate, along with the related control message.

10.4 ST Control Message PDUs

   ST Control messages are described in the following section. Please

   refer to Section 10.6 for an explanation of the notation.

10.4.1 ACCEPT

   ACCEPT (OpCode = 1) is issued by a target as a positive response to a

   CONNECT message. It implies that the target is prepared to accept

   data from the origin along the stream that was established by the

   CONNECT. ACCEPT is also issued as a positive response to a CHANGE

   message. It implies that the target accepts the proposed stream

   modification.

   ACCEPT is relayed by the ST agents from the target to the origin

   along the path established by CONNECT (or CHANGE) but in the reverse

   direction. ACCEPT must be acknowledged with ACK at each hop.

        0                   1                   2                   3

        0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

       | OpCode = 1   |      0        |           TotalBytes          |

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

       |      Reference                |         LnkReference          |

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

       |                         SenderIPAddress                       |

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

       |            Checksum           |          ReasonCode = 0       |

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

       |          MaxMsgSize           |          RecoveryTimeout      |

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

       |                      StreamCreationTime                       |

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

       |   IPHops      |                        0                      |

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

       :                           FlowSpec                            :

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

       :                           TargetList                          :

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

       :                           RecordRoute                         :

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

       :                           UserData                            :

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

                     Figure 21: ACCEPT Control Message

o   Reference contains a number assigned by the ST agent sending ACCEPT

    for use in the acknowledging ACK.

o   LnkReference is the Reference number from the corresponding CONNECT

    (or CHANGE)

o   MaxMsgSize indicates the smallest MTU along the path traversed by

    the stream. This field is only set when responding to a CONNECT

    request.

o   RecoveryTimeout reflects the nominal number of milliseconds that the

    application is willing to wait for a failed system component to be

    detected and any corrective action to be taken. This field

    represents what can actually be supported by each participating

    agent, and is only set when responding to a CONNECT request.

o   StreamCreationTime is the 32- bits system dependent timestamp copied

    from the corresponding CONNECT request.

o   IPHops is the number of IP encapsulated hops traversed by the

    stream. This field is set to zero by the origin, and is incremented

    at each IP encapsulating agent.

10.4.2 ACK

   ACK (OpCode = 2) is used to acknowledge a request. The ACK message is

   not propagated beyond the previous-hop or next-hop ST agent.

        0                   1                   2                   3

        0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

       | OpCode = 2   |     0         |           TotalBytes          |

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

       |       Reference               |           LnkReference = 0    |

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

       |                         SenderIPAddress                       |

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

       |       Checksum                |           ReasonCode          |

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

                       Figure 22: ACK Control Message

o   Reference is the Reference number of the control message being

    acknowledged.

o   ReasonCode is usually NoError, but other possibilities exist, e.g.,

    DuplicateIgn.

10.4.3 CHANGE

   CHANGE (OpCode = 3) is used to change the FlowSpec of an established

   stream. The CHANGE message is processed similarly to CONNECT, except

   that it travels along the path of an established stream. CHANGE must

   be propagated until it reaches the related stream's targets. CHANGE

   must be acknowledged with ACK at each hop.

        0                   1                   2                   3

        0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

       | OpCode = 3   |G|I|     0     |           TotalBytes          |

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

       |           Reference           |          LnkReference = 0     |

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

       |                        SenderIPAddress                        |

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

       |            Checksum           |          ReasonCode = 0       |

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

       :                            FlowSpec                           :

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

       :                           TargetList                          :

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

       :                           RecordRoute                         :

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

       :                            UserData                           :

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

                     Figure 23: CHANGE Control Message

o   G (bit 8) is used to request a global, stream-wide change; the

    TargetList parameter should be omitted when the G bit is specified.

o   I (bit 7) is used to indicate that the LRM is permitted to interrupt

    and, if needed, break the stream in the process of trying to satisfy

    the requested change.

o   Reference contains a number assigned by the ST agent sending CHANGE

    for use in the acknowledging ACK.

10.4.4 CONNECT

   CONNECT (OpCode = 4) requests the setup of a new stream or an

   addition to or recovery of an existing stream. Only the origin can

   issue the initial set of CONNECTs to setup a stream, and the first

   CONNECT to each next-hop is used to convey the SID.

   The next-hop initially responds with an ACK, which implies that the

   CONNECT was valid and is being processed. The next-hop will later

   relay back either an ACCEPT or REFUSE from each target. An

   intermediate ST agent that receives a CONNECT behaves as explained in

   Section 4.5.

        0                   1                   2                   3

        0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

       | OpCode = 4   |J N|S|    0    |           TotalBytes          |

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

       |           Reference           |          LnkReference = 0     |

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

       |                         SenderIPAddress                       |

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

       |           Checksum            |          ReasonCode = 0       |

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

       |           MaxMsgSize          |          RecoveryTimeout      |

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

       |                        StreamCreationTime                     |

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

       |   IPHops      |                        0                      |

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

       :                             Origin                            :

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

       :                           FlowSpec                            :

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

       :                          TargetList                           :

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

       :                          RecordRoute                          :

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

       :                             Group                             :

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

       :                        MulticastAddress                       :

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

       :                            UserData                           :

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

                     Figure 24: CONNECT Control Message

o   JN (bits 8 and 9) indicate the join authorization level for the

    stream, see Section 4.4.2.

o   S (bit 10) indicates the NoRecovery option (Section 4.4.1). When the

    S-bit is set (1), the NoRecovery option is specified for the stream.

o   Reference contains a number assigned by the ST agent sending CONNECT

    for use in the acknowledging ACK.

o   MaxMsgSize indicates the smallest MTU along the path traversed by

    the stream. This field is initially set to the network MTU of the

    agent issues the CONNECT.

o   RecoveryTimeout is the nominal number of milliseconds that the

    application is willing to wait for failed system component to be

    detected and any corrective action to be taken.

o   StreamCreationTime is the 32- bits system dependent timestamp

    generated by the ST agent issuing the CONNECT.

o   IPHops is the number of IP encapsulated hops traversed by the

    stream. This field is set to zero by the origin, and is incremented

    at each IP encapsulating agent.

10.4.5 DISCONNECT

   DISCONNECT (OpCode = 5) is used by an origin to tear down an

   established stream or part of a stream, or by an intermediate ST

   agent that detects a failure between itself and its previous-hop, as

   distinguished by the ReasonCode. The DISCONNECT message specifies the

   list of targets that are to be disconnected. An ACK is required in

   response to a DISCONNECT message. The DISCONNECT message is

   propagated all the way to the specified targets. The targets are

   expected to terminate their participation in the stream.

        0                   1                   2                   3

        0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

       | OpCode = 5   |G|    0        |           TotalBytes          |

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

       |      Reference                |     LnkReference = 0          |

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

       |                         SenderIPAddress                       |

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

       |            Checksum           |          ReasonCode           |

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

       |                      GeneratorIPAddress                       |

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

       :                           TargetList                          :

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

       :                            UserData                           :

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

                   Figure 25: DISCONNECT Control Message

o   G (bit 8) is used to request a DISCONNECT of all the stream's

    targets. TargetList should be omitted when the G-bit is set (1). If

    TargetList is present, it is ignored.

o   Reference contains a number assigned by the ST agent sending

    DISCONNECT for use in the acknowledging ACK.

o   ReasonCode reflects the event that initiated the message.

o   GeneratorIPAddress is the 32-bit IP address of the host that first

    generated the DISCONNECT message.

10.4.6 ERROR

   ERROR (OpCode = 6) is sent in acknowledgment to a request in which an

   error is detected. No action is taken on the erroneous request. No

   ACK is expected. The ERROR message is not propagated beyond the

   previous-hop or next-hop ST agent. An ERROR is never sent in response

   to another ERROR. The receiver of an ERROR is encouraged to try again

   without waiting for a retransmission timeout.

        0                   1                   2                   3

        0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

       | OpCode = 6   |       0       |           TotalBytes          |

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

       |      Reference                |     LnkReference = 0          |

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

       |                         SenderIPAddress                       |

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

       |            Checksum           |        ReasonCode             |

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

       :                           PDUInError                          :

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

                      Figure 26: ERROR Control Message

o   Reference is the Reference number of the erroneous request.

o   ReasonCode indicates the error that triggered the message.

o   PDUInError is the PDU in error, beginning with the ST Header. This

    parameter is optional. Its length is limited by network MTU, and may

    be truncated when too long.

10.4.7 HELLO

   HELLO (OpCode = 7) is used as part of the ST failure detection

   mechanism, see Section 6.1.

        0                   1                   2                   3

        0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

       | OpCode = 7   |R|    0        |           TotalBytes          |

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

       |       Reference = 0           |        LnkReference = 0       |

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

       |                         SenderIPAddress                       |

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

       |         Checksum              |          ReasonCode = 0       |

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

       |                          HelloTimer                           |

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

                      Figure 27: HELLO Control Message

o   R (bit 8) is used for the Restarted-bit.

o   HelloTimer represents the time in millisecond since the agent was

    restarted, modulo the precision of the field. It is used to detect

    duplicate or delayed HELLO messages.

10.4.8 JOIN

   JOIN (OpCode = 8) is used as part of the ST steam joining mechanism,

   see Section 4.6.3.

        0                   1                   2                   3

        0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

       | OpCode = 8   |      0        |           TotalBytes          |

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

       |      Reference                |         LnkReference = 0      |

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

       |                         SenderIPAddress                       |

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

       |            Checksum           |          ReasonCode = 0       |

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

       |                      GeneratorIPAddress                       |

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

       :                          TargetList                           :

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

                      Figure 28: JOIN Control Message

o   Reference contains a number assigned by the ST agent sending JOIN

    for use in the acknowledging ACK.

o   GeneratorIPAddress is the 32-bit IP address of the host that

    generated the JOIN message.

o   TargetList is the information associated with the target to be added

    to the stream.

10.4.9 JOIN-REJECT

   JOIN-REJECT (OpCode = 9) is used as part of the ST steam joining

   mechanism, see Section 4.6.3.

        0                   1                   2                   3

        0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

       | OpCode = 9   |      0        |           TotalBytes          |

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

       |      Reference                |          LnkReference         |

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

       |                         SenderIPAddress                       |

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

       |            Checksum           |          ReasonCode           |

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

       |                      GeneratorIPAddress                       |

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

                   Figure 29: JOIN-REJECT Control Message

o   Reference contains a number assigned by the ST agent sending the

    REFUSE for use in the acknowledging ACK.

o   LnkReference is the Reference number from the corresponding JOIN

    message.

o   ReasonCode reflects the reason why the JOIN request was rejected.

o   GeneratorIPAddress is the 32-bit IP address of the host that first

    generated the JOIN-REJECT message.

10.4.10 NOTIFY

   NOTIFY (OpCode = 10) is issued by an ST agent to inform other ST

   agents of events that may be significant. NOTIFY may be propagated

   beyond the previous-hop or next-hop ST agent depending on the

   ReasonCode, see Section 10.5.3; NOTIFY must be acknowledged with an

   ACK.

        0                   1                   2                   3

        0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

       | OpCode = 10 |      0        |           TotalBytes          |

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

       |      Reference                |         LnkReference = 0      |

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

       |                         SenderIPAddress                       |

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

       |            Checksum           |          ReasonCode           |

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

       |                      DetectorIPAddress                        |

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

       |          MaxMsgSize           |          RecoveryTimeout      |

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

       :                           FlowSpec                            :

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

       :                           TargetList                          :

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

       :                           UserData                            :

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

                     Figure 30: NOTIFY Control Message

o   Reference contains a number assigned by the ST agent sending the

    NOTIFY for use in the acknowledging ACK.

o   ReasonCode identifies the reason for the notification.

o   DetectorIPAddress is the 32-bit IP address of the ST agent that

    detects the event.

o   MaxMsgSize is set when the MTU of the listed targets has changed

    (e.g., due to recovery), or when the notification is generated after

    a successful JOIN. Otherwise it is set to zero (0).

o   RecoveryTimeout is set when the notification is generated after a

    successful JOIN. Otherwise it is set to zero (0).

o   FlowSpec is present when the notification is generated after a

    successful JOIN.

o   TargetList is present when the notification is related to one or

    more targets, or when MaxMsgSize is set

o   UserData is present if the notification is generated after a

    successful JOIN and the UserData parameter was set in the ACCEPT

    message.

10.4.11 REFUSE

   REFUSE (OpCode = 11) is issued by a target that either does not wish

   to accept a CONNECT message or wishes to remove itself from an

   established stream. It might also be issued by an intermediate ST

   agent in response to a CONNECT or CHANGE either to terminate a

   routing loop, or when a satisfactory next-hop to a target cannot be

   found. It may also be a separate command when an existing stream has

   been preempted by a higher precedence stream or an ST agent detects

   the failure of a previous-hop, next-hop, or the network between them.

   In all cases, the TargetList specifies the targets that are affected

   by the condition. Each REFUSE must be acknowledged by an ACK.

   The REFUSE is relayed back by the ST agents to the origin (or

   intermediate ST agent that created the CONNECT or CHANGE) along the

   path traced by the CONNECT. The ST agent receiving the REFUSE will

   process it differently depending on the condition that caused it, as

   specified in the ReasonCode field. No special effort is made to

   combine multiple REFUSE messages since it is considered most unlikely

   that separate REFUSEs will happen to both pass through an ST agent at

   the same time and be easily combined, e.g., have identical

   ReasonCodes and parameters.

        0                   1                   2                   3

        0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

       | OpCode = 11 |G|E|N|    0    |           TotalBytes          |

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

       |      Reference                |         LnkReference          |

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

       |                         SenderIPAddress                       |

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

       |            Checksum           |          ReasonCode           |

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

       |                       DetectorIPAddress                       |

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

       |                       ValidTargetIPAddress                    |

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

       :                          TargetList                           :

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

       :                         RecordRoute                           :

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

       :                            UserData                           :

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

                     Figure 31: REFUSE Control Message

o   G (bit 8) is used to indicate that all targets down stream from the

    sender are refusing. It is expected that this will be set most

    commonly due to network failures. The TargetList parameter is

    ignored or not present when this bit is set, and must be included

    when not set.

o   E (bit 9) is set by an ST agent to indicate that the request failed

    and that the pre-change stream attributes, including resources, and

    the stream itself still exist.

o   N (bit 10) is used to indicate that no further attempts to recover

    the stream should be made. This bit must be set when stream recovery

    should not be attempted, even in the case where the target

    application has shut down normally (ApplDisconnect).

o   Reference contains a number assigned by the ST agent sending the

    REFUSE for use in the acknowledging ACK.

o   LnkReference is either the Reference number from the corresponding

    CONNECT or CHANGE, if it is the result of such a message, or zero

    when the REFUSE was originated as a separate command.

o   DetectorIPAddress is the 32-bit IP address of the host that first

    generated the REFUSE message.

o   ValidTargetIPAddress is the 32-bit IP address of a host that is

    properly connected as part of the stream. This parameter is only

    used when recovering from stream convergence, otherwise it is set to

    zero (0).

10.4.12 STATUS

   STATUS (OpCode = 12) is used to inquire about the existence of a

   particular stream identified by the SID. Use of STATUS is intended

   for collecting information from an neighbor ST agent, including

   general and specific stream information, and round trip time

   estimation. The use of this message type is described in Section 8.4.

        0                   1                   2                   3

        0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

       | OpCode = 12   |       0       |           TotalBytes          |

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

       |      Reference                |       LnkReference = 0        |

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

       |                         SenderIPAddress                       |

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

       |            Checksum           |          ReasonCode = 0       |

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

       :                          TargetList                           :

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

                     Figure 32: STATUS Control Message

o   Reference contains a number assigned by the ST agent sending STATUS

    for use in the replying STATUS-RESPONSE.

o   TargetList is an optional parameter that when present indicates that

    only information related to the specific targets should be relayed

    in the STATUS-RESPONSE.

10.4.13 STATUS-RESPONSE

   STATUS-RESPONSE (OpCode = 13) is the reply to a STATUS message. If

   the stream specified in the STATUS message is not known, the STATUS-

   RESPONSE will contain the specified SID but no other parameters. It

   will otherwise contain the current SID, FlowSpec, TargetList, and

   possibly Groups of the stream. It the full target list can not fit in

   a single message, only those targets that can be included in one

   message will be included. As mentioned in Section 10.4.12, it is

   possible to request information on a specific target.

        0                   1                   2                   3

        0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

       | OpCode = 13 |    0          |           TotalBytes          |

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

       |      Reference                |       LnkReference = 0        |

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

       |                         SenderIPAddress                       |

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

       |            Checksum           |       ReasonCode = 0          |

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

       :                           FlowSpec                            :

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

       :                           Groups                              :

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

       :                          TargetList                           :

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

                 Figure 33: STATUS-RESPONSE Control Message

o   Reference contains a number assigned by the ST agent sending the

    STATUS.

10.5 Suggested Protocol Constants

   The ST Protocol uses several fields that must have specific values

   for the protocol to work, and also several values that an

   implementation must select. This section specifies the required

   values and suggests initial values for others. It is recommended that

   the latter be implemented as variables so that they may be easily

   changed when experience indicates better values. Eventually, they

   should be managed via the normal network management facilities.

   ST uses IP Version Number 5.

   When encapsulated in IP, ST uses IP Protocol Number 5.

10.5.1 SCMP Messages

   1)      ACCEPT

   2)      ACK

   3)      CHANGE

   4)      CONNECT

   5)      DISCONNECT

   6)      ERROR

   7)      HELLO

   8)      JOIN

   9)      JOIN-REJECT

   10)     NOTIFY

   11)     REFUSE

   12)     STATUS

   13)     STATUS-RESPONSE

10.5.2 SCMP Parameters

   1)      FlowSpec

   2)      Group

   3)      MulticastAddress

   4)      Origin

   5)      RecordRoute

   6)      TargetList

   7)      UserData

10.5.3 ReasonCode

   Several errors may occur during protocol processing. All ST error

   codes are taken from a single number space. The currently defined

   values and their meaning is presented in the list below. Note that

   new error codes may be defined from time to time. All implementations

   are expected to handle new codes in a graceful manner. If an unknown

   ReasonCode is encountered, it should be assumed to be fatal. The

   ReasonCode is an 8-bit field. Following values are defined:

1       NoError         No error has occurred.

2       ErrorUnknown    An error not contained in this list has been

                        detected.

3       AccessDenied    Access denied.

4       AckUnexpected   An unexpected ACK was received.

5       ApplAbort       The application aborted the stream abnormally.

6       ApplDisconnect The application closed the stream normally.

7       ApplRefused     Applications refused requested connection or

                        change.

8       AuthentFailed   The authentication function failed.

9       BadMcastAddress IP Multicast address is unacceptable in CONNECT

10      CantGetResrc    Unable to acquire (additional) resources.

11      CantRelResrc    Unable to release excess resources.

12      CantRecover     Unable to recover failed stream.

13      CksumBadCtl     Control PDU has a bad message checksum.

14      CksumBadST      PDU has a bad ST Header checksum.

15      DuplicateIgn    Control PDU is a duplicate and is being

                        acknowledged.

16      DuplicateTarget Control PDU contains a duplicate target, or an

                        attempt to add an existing target.

17      FlowSpecMismatch        FlowSpec in request does not match

                                existing FlowSpec.

18      FlowSpecError   An error occurred while processing the FlowSpec

19      FlowVerUnknown Control PDU has a FlowSpec Version Number that

                        is not supported.

20      GroupUnknown    Control PDU contains an unknown Group Name.

21      InconsistGroup An inconsistency has been detected with the

                        streams forming a group.

22      IntfcFailure    A network interface failure has been detected.

23      InvalidSender   Control PDU has an invalid SenderIPAddress

                        field.

24      InvalidTotByt   Control PDU has an invalid TotalBytes field.

25      JoinAuthFailure Join failed due to stream authorization level.

26      LnkRefUnknown   Control PDU contains an unknown LnkReference.

27      NetworkFailure A network failure has been detected.

28      NoRouteToAgent Cannot find a route to an ST agent.

29      NoRouteToHost   Cannot find a route to a host.

30      NoRouteToNet    Cannot find a route to a network.

31      OpCodeUnknown   Control PDU has an invalid OpCode field.

32      PCodeUnknown    Control PDU has a parameter with an invalid

                        PCode.

33      ParmValueBad    Control PDU contains an invalid parameter value.

34      PathConvergence Two branches of the stream join during the

                        CONNECT setup.

35      ProtocolUnknown Control PDU contains an unknown next-higher

                        layer protocol identifier.

36      RecordRouteSize RecordRoute parameter is too long to permit

                        message to fit a network's MTU.

37      RefUnknown      Control PDU contains an unknown Reference.

38      ResponseTimeout Control message has been acknowledged but not

                        answered by an appropriate control message.

39      RestartLocal    The local ST agent has recently restarted.

40      RestartRemote   The remote ST agent has recently restarted.

41      RetransTimeout An acknowledgment has not been received after

                        several retransmissions.

42      RouteBack       Route to next-hop through same interface as

                        previous-hop and is not previous-hop.

43      RouteInconsist A routing inconsistency has been detected.

44      RouteLoop       A routing loop has been detected.

45      SAPUnknown      Control PDU contains an unknown next-higher

                        layer SAP (port).

46      SIDUnknown      Control PDU contains an unknown SID.

47      STAgentFailure An ST agent failure has been detected.

48      STVer3Bad       A received PDU is not ST Version 3.

49      StreamExists    A stream with the given SID already exists.

50      StreamPreempted The stream has been preempted by one with a

                        higher precedence.

51      TargetExists    A CONNECT was received that specified an

                        existing target.

52      TargetUnknown   A target is not a member of the specified

                        stream.

53      TargetMissing   A target parameter was expected and is not

                        included, or is empty.

54      TruncatedCtl    Control PDU is shorter than expected.

55      TruncatedPDU    A received ST PDU is shorter than the ST Header

                        indicates.

56      UserDataSize    UserData parameter too large to permit a

                        message to fit into a network's MTU.

10.5.4 Timeouts and Other Constants

   SCMP uses retransmission to effect reliability and thus has several

   "retransmission timers". Each "timer" is modeled by an initial time

   interval (ToXxx), which may get updated dynamically through

   measurement of control traffic, and a number of times (NXxx) to

   retransmit a message before declaring a failure. All time intervals

   are in units of milliseconds. Note that the variables are described

   for reference purposes only, different implementations may not

   include the identical variables.

Value   Timeout Name    Meaning

------------------------------------------------------------------------

500   ToAccept        Initial hop-by-hop timeout for acknowledgment of

                        ACCEPT

    3   NAccept         ACCEPT retries before failure

500   ToChange        Initial hop-by-hop timeout for acknowledgment of

                        CHANGE

    3   NChange         CHANGE retries before failure

5000   ToChangeResp    End-to-End CHANGE timeout for receipt of ACCEPT

                        or REFUSE

500   ToConnect       Initial hop-by-hop timeout for acknowledgment of

                        CONNECT

    5   NConnect        CONNECT retries before failure

5000   ToConnectResp   End-to-End CONNECT timeout for receipt of ACCEPT

                        or REFUSE from targets by origin

500   ToDisconnect    Initial hop-by-hop timeout for acknowledgment of

                        DISCONNECT

    3   NDisconnect     DISCONNECT retries before failure

500   ToJoin          Initial hop-by-hop timeout for acknowledgment of

                        JOIN

    3   NJoin           JOIN retries before failure

500   ToJoinReject    Initial hop-by-hop timeout for acknowledgment of

                        JOIN-REJECT

    3   NJoinReject     JOIN-REJECT retries before failure

5000   ToJoinResp      Timeout for receipt of CONNECT or JOIN-REJECT

                        from origin or intermediate hop

500   ToNotify        Initial hop-by-hop timeout for acknowledgment of

                        NOTIFY

    3   NNotify         NOTIFY retries before failure

500   ToRefuse        Initial hop-by-hop timeout for acknowledgment of

                        REFUSE

    3   NRefuse         REFUSE retries before failure

500   ToRetryRoute    Timeout for receipt of ACCEPT or REFUSE from

                        targets during failure recovery

    5   NRetryRoute     CONNECT retries before failure

1000   ToStatusResp    Timeout for receipt of STATUS-RESPONSE

    3   NStatus         STATUS retries before failure

10000   HelloTimerHoldDown      Interval that Restarted bit must be set

                                after ST restart

    5   HelloLossFactor         Number of consecutively missed HELLO

                                messages before declaring link failure

2000   DefaultRecoveryTimeout Interval between successive HELLOs

                                to/from active neighbors

10.6 Data Notations

   The convention in the documentation of Internet Protocols is to

   express numbers in decimal and to picture data with the most

   significant octet on the left and the least significant octet on the

   right.

   The order of transmission of the header and data described in this

   document is resolved to the octet level. Whenever a diagram shows a

   group of octets, the order of transmission of those octets is the

   normal order in which they are read in English. For example, in the

   following diagram the octets are transmitted in the order they are

   numbered.

        0                   1                   2                   3

        0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

       |       1       |       2       |       3       |       4       |

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

       |       5       |       6       |       7       |       8       |

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

       |       9       |      10       |      11       |      12       |

       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

                  Figure 34: Transmission Order of Bytes

   Whenever an octet represents a numeric quantity the left most bit in

   the diagram is the high order or most significant bit. That is, the

   bit labeled 0 is the most significant bit. For example, the following

   diagram represents the value 170 (decimal).

                                0 1 2 3 4 5 6 7

                               +-+-+-+-+-+-+-+-+

                               |1 0 1 0 1 0 1 0|

                               +-+-+-+-+-+-+-+-+

                      Figure 35: Significance of Bits

   Similarly, whenever a multi-octet field represents a numeric quantity

   the left most bit of the whole field is the most significant bit.

   When a multi-octet quantity is transmitted the most significant octet

   is transmitted first.

   Fields whose length is fixed and fully illustrated are shown with a

   vertical bar (|) at the end; fixed fields whose contents are

   abbreviated are shown with an exclamation point (!); variable fields

   are shown with colons (:). Optional parameters are separated from

   control messages with a blank line. The order of parameters is not

   meaningful.

11. References

[RFC1071]       Braden, R., Borman, D., and C. Partridge,

                "Computing the Internet Checksum", RFC 1071,

                USC/Information Sciences Institute,

                Cray Research, BBN Laboratories, September 1988.

[RFC1112]       Deering, S., "Host Extensions for IP Multicasting",

                STD 5, RFC 1112, Stanford University, August 1989.

RFC 1819              ST2+ Protocol Specification            August 1995

[WoHD95]        L. Wolf, R. G. Herrtwich, L. Delgrossi: Filtering

                Multimedia Data in Reservation-based Networks,

                Kommunikation in Verteilten Systemen 1995 (KiVS),

                Chemnitz-Zwickau, Germany, February 1995.

[RFC1122]       Braden, R., "Requirements for Internet Hosts --

                Communication Layers", STD 3, RFC 1122,

                USC/Information Sciences Institute, October 1989.

[Jaco88]        Jacobson, V.: Congestion Avoidance and Control, ACM

                SIGCOMM-88, August 1988.

[KaPa87]        Karn, P. and C. Partridge: Round Trip Time Estimation,

                ACM SIGCOMM-87, August 1987.

[RFC1141]       Mallory, T., and A. Kullberg, "Incremental Updating

                of the Internet Checksum", RFC 1141, BBN, January 1990.

[RFC1363]       Partridge, C., "A Proposal Flow Specification",

                RFC 1363, BBN, September 1992.

[RFC791]        Postel, J., "Internet Protocol", STD 5, RFC 791,

                DARPA, September 1981.

[RFC1700]       Reynolds, J., and J. Postel, "Assigned Numbers",

                STD 2, RFC 1700, USC/Information Sciences Institute,

                October 1994.

[RFC1190]       Topolcic C., "Internet Stream Protocol Version 2

                (ST-II)", RFC 1190, CIP Working Group, October 1990.

[RFC1633]       Braden, R., Clark, D., and S. Shenker, "Integrated

                Services in the Internet Architecture: an Overview",

                RFC 1633, USC/Information Sciences Institute,

                MIT, Xerox PARC, June 1994.

[VoHN93]        C. Vogt, R. G. Herrtwich, R. Nagarajan: HeiRAT: the

                Heidelberg Resource Administration Technique - Design

                Philosophy and Goals, Kommunikation In Verteilten

                Systemen, Munich, Informatik Aktuell, Springer-Verlag,

                Heidelberg, 1993.

[Cohe81]        D. Cohen: A Network Voice Protocol NVP-II, University of

                Southern California, Los Angeles, 1981.

[Cole81]        R. Cole: PVP - A Packet Video Protocol, University of

                Southern California, Los Angeles, 1981.

[DeAl92]        L. Delgrossi (Ed.) The BERKOM-II Multimedia Transport

                System, Version 1, BERKOM Working Document, October,

                1992.

[DHHS92]        L. Delgrossi, C. Halstrick, R. G. Herrtwich, H.

                Stuettgen: HeiTP: a Transport Protocol for ST-II,

                GLOBECOM'92, Orlando (Florida), December 1992.

[Schu94]        H. Schulzrinne: RTP: A Transport Protocol for Real-Time

                Applications. Work in Progress, 1994.

12. Security Considerations

   Security issues are not discussed in this memo.

13. Acknowledgments and Authors' Addresses

   Many individuals have contributed to the work described in this memo.

   We thank the participants in the ST Working Group for their input,

   review, and constructive comments. George Mason University C3I Center

   for hosting an interim meeting. Murali Rajagopal for his efforts on

   ST2+ state machines. Special thanks are due to Steve DeJarnett, who

   served as working group co-chair until summer 1993.

   We would also like to acknowledge the authors of [RFC1190]. All

   authors of [RFC1190] should be considered authors of this document

   since this document contains much of their text and ideas.

   Louis Berger

   BBN Systems and Technologies

   1300 North 17th Street, Suite 1200

   Arlington, VA 22209

   Phone: 703-284-4651

   EMail: lberger@bbn.com

   Luca Delgrossi

   Andersen Consulting Technology Park

   449, Route des Cretes

   06902 Sophia Antipolis, France

   Phone: +33.92.94.80.92

   EMail: luca@andersen.fr

   Dat Duong

   BBN Systems and Technologies

   1300 North 17th Street, Suite 1200

   Arlington, VA 22209

   Phone: 703-284-4760

   EMail: dat@bbn.com

   Steve Jackowski

   Syzygy Communications Incorporated

   269 Mt. Hermon Road

   Scotts Valley, CA 95066

   Phone: 408-439-6834

   EMail: stevej@syzygycomm.com

   Sibylle Schaller

   IBM ENC

   Broadband Multimedia Communications

   Vangerowstr. 18

   D69020 Heidelberg, Germany

   Phone: +49-6221-5944553

   EMail: schaller@heidelbg.ibm.com

The post RFC 1819 – Internet Stream Protocol Version 2 (ST2) Protocol Specification appeared first on IPv6.net.

RFC 2460 – Internet Protocol, Version 6 (IPv6) Specification

IPv6 & IoT editor — Tue, 28 Jul 2009 06:17:17 +0000

Network Working Group S. Deering Request for Comments: 2460 Cisco Obsoletes: 1883 R. Hinden Category: Standards Track Nokia December 1998 Internet Protocol, Version 6 (IPv6) Specification Status of this Memo This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited. Copyright Notice Copyright (C) The Internet Society (1998). All Rights Reserved. Abstract This document specifies version 6 of the Internet Protocol (IPv6), also sometimes referred to as IP Next Generation or IPng. Table of Contents 1. Introduction..................................................2 2. Terminology...................................................3 3. IPv6 Header Format............................................4 4. IPv6 Extension Headers........................................6 4.1 Extension Header Order...................................7 4.2 Options..................................................9 4.3 Hop-by-Hop Options Header...............................11 4.4 Routing Header..........................................12 4.5 Fragment Header.........................................18 4.6 Destination Options Header..............................23 4.7 No Next Header..........................................24 5. Packet Size Issues...........................................24 6. Flow Labels..................................................25 7. Traffic Classes..............................................25 8. Upper-Layer Protocol Issues..................................27 8.1 Upper-Layer Checksums...................................27 8.2 Maximum Packet Lifetime.................................28 8.3 Maximum Upper-Layer Payload Size........................28 8.4 Responding to Packets Carrying Routing Headers..........29 Deering & Hinden Standards Track [Page 1] RFC 2460 IPv6 Specification December 1998 Appendix A. Semantics and Usage of the Flow Label Field.........30 Appendix B. Formatting Guidelines for Options...................32 Security Considerations.........................................35 Acknowledgments.................................................35 Authors' Addresses..............................................35 References......................................................35 Changes Since RFC-1883..........................................36 Full Copyright Statement........................................39 1. Introduction IP version 6 (IPv6) is a new version of the Internet Protocol, designed as the successor to IP version 4 (IPv4) [RFC-791]. The changes from IPv4 to IPv6 fall primarily into the following categories: o Expanded Addressing Capabilities IPv6 increases the IP address size from 32 bits to 128 bits, to support more levels of addressing hierarchy, a much greater number of addressable nodes, and simpler auto-configuration of addresses. The scalability of multicast routing is improved by adding a "scope" field to multicast addresses. And a new type of address called an "anycast address" is defined, used to send a packet to any one of a group of nodes. o Header Format Simplification Some IPv4 header fields have been dropped or made optional, to reduce the common-case processing cost of packet handling and to limit the bandwidth cost of the IPv6 header. o Improved Support for Extensions and Options Changes in the way IP header options are encoded allows for more efficient forwarding, less stringent limits on the length of options, and greater flexibility for introducing new options in the future. o Flow Labeling Capability A new capability is added to enable the labeling of packets belonging to particular traffic "flows" for which the sender requests special handling, such as non-default quality of service or "real-time" service. Deering & Hinden Standards Track [Page 2] RFC 2460 IPv6 Specification December 1998 o Authentication and Privacy Capabilities Extensions to support authentication, data integrity, and (optional) data confidentiality are specified for IPv6. This document specifies the basic IPv6 header and the initially- defined IPv6 extension headers and options. It also discusses packet size issues, the semantics of flow labels and traffic classes, and the effects of IPv6 on upper-layer protocols. The format and semantics of IPv6 addresses are specified separately in [ADDRARCH]. The IPv6 version of ICMP, which all IPv6 implementations are required to include, is specified in [ICMPv6]. 2. Terminology node - a device that implements IPv6. router - a node that forwards IPv6 packets not explicitly addressed to itself. [See Note below]. host - any node that is not a router. [See Note below]. upper layer - a protocol layer immediately above IPv6. Examples are transport protocols such as TCP and UDP, control protocols such as ICMP, routing protocols such as OSPF, and internet or lower-layer protocols being "tunneled" over (i.e., encapsulated in) IPv6 such as IPX, AppleTalk, or IPv6 itself. link - a communication facility or medium over which nodes can communicate at the link layer, i.e., the layer immediately below IPv6. Examples are Ethernets (simple or bridged); PPP links; X.25, Frame Relay, or ATM networks; and internet (or higher) layer "tunnels", such as tunnels over IPv4 or IPv6 itself. neighbors - nodes attached to the same link. interface - a node's attachment to a link. address - an IPv6-layer identifier for an interface or a set of interfaces. packet - an IPv6 header plus payload. link MTU - the maximum transmission unit, i.e., maximum packet size in octets, that can be conveyed over a link. Deering & Hinden Standards Track [Page 3] RFC 2460 IPv6 Specification December 1998 path MTU - the minimum link MTU of all the links in a path between a source node and a destination node. Note: it is possible, though unusual, for a device with multiple interfaces to be configured to forward non-self-destined packets arriving from some set (fewer than all) of its interfaces, and to discard non-self-destined packets arriving from its other interfaces. Such a device must obey the protocol requirements for routers when receiving packets from, and interacting with neighbors over, the former (forwarding) interfaces. It must obey the protocol requirements for hosts when receiving packets from, and interacting with neighbors over, the latter (non-forwarding) interfaces. 3. IPv6 Header Format +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |Version| Traffic Class | Flow Label | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Payload Length | Next Header | Hop Limit | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | + + | | + Source Address + | | + + | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | + + | | + Destination Address + | | + + | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Version 4-bit Internet Protocol version number = 6. Traffic Class 8-bit traffic class field. See section 7. Flow Label 20-bit flow label. See section 6. Payload Length 16-bit unsigned integer. Length of the IPv6 payload, i.e., the rest of the packet following this IPv6 header, in octets. (Note that any Deering & Hinden Standards Track [Page 4] RFC 2460 IPv6 Specification December 1998 extension headers [section 4] present are considered part of the payload, i.e., included in the length count.) Next Header 8-bit selector. Identifies the type of header immediately following the IPv6 header. Uses the same values as the IPv4 Protocol field [RFC-1700 et seq.]. Hop Limit 8-bit unsigned integer. Decremented by 1 by each node that forwards the packet. The packet is discarded if Hop Limit is decremented to zero. Source Address 128-bit address of the originator of the packet. See [ADDRARCH]. Destination Address 128-bit address of the intended recipient of the packet (possibly not the ultimate recipient, if a Routing header is present). See [ADDRARCH] and section 4.4. Deering & Hinden Standards Track [Page 5] RFC 2460 IPv6 Specification December 1998 4. IPv6 Extension Headers In IPv6, optional internet-layer information is encoded in separate headers that may be placed between the IPv6 header and the upper- layer header in a packet. There are a small number of such extension headers, each identified by a distinct Next Header value. As illustrated in these examples, an IPv6 packet may carry zero, one, or more extension headers, each identified by the Next Header field of the preceding header: +---------------+------------------------ | IPv6 header | TCP header + data | | | Next Header = | | TCP | +---------------+------------------------ +---------------+----------------+------------------------ | IPv6 header | Routing header | TCP header + data | | | | Next Header = | Next Header = | | Routing | TCP | +---------------+----------------+------------------------ +---------------+----------------+-----------------+----------------- | IPv6 header | Routing header | Fragment header | fragment of TCP | | | | header + data | Next Header = | Next Header = | Next Header = | | Routing | Fragment | TCP | +---------------+----------------+-----------------+----------------- With one exception, extension headers are not examined or processed by any node along a packet's delivery path, until the packet reaches the node (or each of the set of nodes, in the case of multicast) identified in the Destination Address field of the IPv6 header. There, normal demultiplexing on the Next Header field of the IPv6 header invokes the module to process the first extension header, or the upper-layer header if no extension header is present. The contents and semantics of each extension header determine whether or not to proceed to the next header. Therefore, extension headers must be processed strictly in the order they appear in the packet; a receiver must not, for example, scan through a packet looking for a particular kind of extension header and process that header prior to processing all preceding ones. Deering & Hinden Standards Track [Page 6] RFC 2460 IPv6 Specification December 1998 The exception referred to in the preceding paragraph is the Hop-by- Hop Options header, which carries information that must be examined and processed by every node along a packet's delivery path, including the source and destination nodes. The Hop-by-Hop Options header, when present, must immediately follow the IPv6 header. Its presence is indicated by the value zero in the Next Header field of the IPv6 header. If, as a result of processing a header, a node is required to proceed to the next header but the Next Header value in the current header is unrecognized by the node, it should discard the packet and send an ICMP Parameter Problem message to the source of the packet, with an ICMP Code value of 1 ("unrecognized Next Header type encountered") and the ICMP Pointer field containing the offset of the unrecognized value within the original packet. The same action should be taken if a node encounters a Next Header value of zero in any header other than an IPv6 header. Each extension header is an integer multiple of 8 octets long, in order to retain 8-octet alignment for subsequent headers. Multi- octet fields within each extension header are aligned on their natural boundaries, i.e., fields of width n octets are placed at an integer multiple of n octets from the start of the header, for n = 1, 2, 4, or 8. A full implementation of IPv6 includes implementation of the following extension headers: Hop-by-Hop Options Routing (Type 0) Fragment Destination Options Authentication Encapsulating Security Payload The first four are specified in this document; the last two are specified in [RFC-2402] and [RFC-2406], respectively. 4.1 Extension Header Order When more than one extension header is used in the same packet, it is recommended that those headers appear in the following order: IPv6 header Hop-by-Hop Options header Destination Options header (note 1) Routing header Fragment header Deering & Hinden Standards Track [Page 7] RFC 2460 IPv6 Specification December 1998 Authentication header (note 2) Encapsulating Security Payload header (note 2) Destination Options header (note 3) upper-layer header note 1: for options to be processed by the first destination that appears in the IPv6 Destination Address field plus subsequent destinations listed in the Routing header. note 2: additional recommendations regarding the relative order of the Authentication and Encapsulating Security Payload headers are given in [RFC-2406]. note 3: for options to be processed only by the final destination of the packet. Each extension header should occur at most once, except for the Destination Options header which should occur at most twice (once before a Routing header and once before the upper-layer header). If the upper-layer header is another IPv6 header (in the case of IPv6 being tunneled over or encapsulated in IPv6), it may be followed by its own extension headers, which are separately subject to the same ordering recommendations. If and when other extension headers are defined, their ordering constraints relative to the above listed headers must be specified. IPv6 nodes must accept and attempt to process extension headers in any order and occurring any number of times in the same packet, except for the Hop-by-Hop Options header which is restricted to appear immediately after an IPv6 header only. Nonetheless, it is strongly advised that sources of IPv6 packets adhere to the above recommended order until and unless subsequent specifications revise that recommendation. Deering & Hinden Standards Track [Page 8] RFC 2460 IPv6 Specification December 1998 4.2 Options Two of the currently-defined extension headers -- the Hop-by-Hop Options header and the Destination Options header -- carry a variable number of type-length-value (TLV) encoded "options", of the following format: +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- - - - - - - - - | Option Type | Opt Data Len | Option Data +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- - - - - - - - - Option Type 8-bit identifier of the type of option. Opt Data Len 8-bit unsigned integer. Length of the Option Data field of this option, in octets. Option Data Variable-length field. Option-Type-specific data. The sequence of options within a header must be processed strictly in the order they appear in the header; a receiver must not, for example, scan through the header looking for a particular kind of option and process that option prior to processing all preceding ones. The Option Type identifiers are internally encoded such that their highest-order two bits specify the action that must be taken if the processing IPv6 node does not recognize the Option Type: 00 - skip over this option and continue processing the header. 01 - discard the packet. 10 - discard the packet and, regardless of whether or not the packet's Destination Address was a multicast address, send an ICMP Parameter Problem, Code 2, message to the packet's Source Address, pointing to the unrecognized Option Type. 11 - discard the packet and, only if the packet's Destination Address was not a multicast address, send an ICMP Parameter Problem, Code 2, message to the packet's Source Address, pointing to the unrecognized Option Type. The third-highest-order bit of the Option Type specifies whether or not the Option Data of that option can change en-route to the packet's final destination. When an Authentication header is present Deering & Hinden Standards Track [Page 9] RFC 2460 IPv6 Specification December 1998 in the packet, for any option whose data may change en-route, its entire Option Data field must be treated as zero-valued octets when computing or verifying the packet's authenticating value. 0 - Option Data does not change en-route 1 - Option Data may change en-route The three high-order bits described above are to be treated as part of the Option Type, not independent of the Option Type. That is, a particular option is identified by a full 8-bit Option Type, not just the low-order 5 bits of an Option Type. The same Option Type numbering space is used for both the Hop-by-Hop Options header and the Destination Options header. However, the specification of a particular option may restrict its use to only one of those two headers. Individual options may have specific alignment requirements, to ensure that multi-octet values within Option Data fields fall on natural boundaries. The alignment requirement of an option is specified using the notation xn+y, meaning the Option Type must appear at an integer multiple of x octets from the start of the header, plus y octets. For example: 2n means any 2-octet offset from the start of the header. 8n+2 means any 8-octet offset from the start of the header, plus 2 octets. There are two padding options which are used when necessary to align subsequent options and to pad out the containing header to a multiple of 8 octets in length. These padding options must be recognized by all IPv6 implementations: Pad1 option (alignment requirement: none) +-+-+-+-+-+-+-+-+ | 0 | +-+-+-+-+-+-+-+-+ NOTE! the format of the Pad1 option is a special case -- it does not have length and value fields. The Pad1 option is used to insert one octet of padding into the Options area of a header. If more than one octet of padding is required, the PadN option, described next, should be used, rather than multiple Pad1 options. Deering & Hinden Standards Track [Page 10] RFC 2460 IPv6 Specification December 1998 PadN option (alignment requirement: none) +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- - - - - - - - - | 1 | Opt Data Len | Option Data +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- - - - - - - - - The PadN option is used to insert two or more octets of padding into the Options area of a header. For N octets of padding, the Opt Data Len field contains the value N-2, and the Option Data consists of N-2 zero-valued octets. Appendix B contains formatting guidelines for designing new options. 4.3 Hop-by-Hop Options Header The Hop-by-Hop Options header is used to carry optional information that must be examined by every node along a packet's delivery path. The Hop-by-Hop Options header is identified by a Next Header value of 0 in the IPv6 header, and has the following format: +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Next Header | Hdr Ext Len | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | | . . . Options . . . | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Next Header 8-bit selector. Identifies the type of header immediately following the Hop-by-Hop Options header. Uses the same values as the IPv4 Protocol field [RFC-1700 et seq.]. Hdr Ext Len 8-bit unsigned integer. Length of the Hop-by- Hop Options header in 8-octet units, not including the first 8 octets. Options Variable-length field, of length such that the complete Hop-by-Hop Options header is an integer multiple of 8 octets long. Contains one or more TLV-encoded options, as described in section 4.2. The only hop-by-hop options defined in this document are the Pad1 and PadN options specified in section 4.2. Deering & Hinden Standards Track [Page 11] RFC 2460 IPv6 Specification December 1998 4.4 Routing Header The Routing header is used by an IPv6 source to list one or more intermediate nodes to be "visited" on the way to a packet's destination. This function is very similar to IPv4's Loose Source and Record Route option. The Routing header is identified by a Next Header value of 43 in the immediately preceding header, and has the following format: +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Next Header | Hdr Ext Len | Routing Type | Segments Left | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | . . . type-specific data . . . | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Next Header 8-bit selector. Identifies the type of header immediately following the Routing header. Uses the same values as the IPv4 Protocol field [RFC-1700 et seq.]. Hdr Ext Len 8-bit unsigned integer. Length of the Routing header in 8-octet units, not including the first 8 octets. Routing Type 8-bit identifier of a particular Routing header variant. Segments Left 8-bit unsigned integer. Number of route segments remaining, i.e., number of explicitly listed intermediate nodes still to be visited before reaching the final destination. type-specific data Variable-length field, of format determined by the Routing Type, and of length such that the complete Routing header is an integer multiple of 8 octets long. If, while processing a received packet, a node encounters a Routing header with an unrecognized Routing Type value, the required behavior of the node depends on the value of the Segments Left field, as follows: Deering & Hinden Standards Track [Page 12] RFC 2460 IPv6 Specification December 1998 If Segments Left is zero, the node must ignore the Routing header and proceed to process the next header in the packet, whose type is identified by the Next Header field in the Routing header. If Segments Left is non-zero, the node must discard the packet and send an ICMP Parameter Problem, Code 0, message to the packet's Source Address, pointing to the unrecognized Routing Type. If, after processing a Routing header of a received packet, an intermediate node determines that the packet is to be forwarded onto a link whose link MTU is less than the size of the packet, the node must discard the packet and send an ICMP Packet Too Big message to the packet's Source Address. Deering & Hinden Standards Track [Page 13] RFC 2460 IPv6 Specification December 1998 The Type 0 Routing header has the following format: +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Next Header | Hdr Ext Len | Routing Type=0| Segments Left | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Reserved | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | + + | | + Address[1] + | | + + | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | + + | | + Address[2] + | | + + | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ . . . . . . . . . +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | + + | | + Address[n] + | | + + | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Next Header 8-bit selector. Identifies the type of header immediately following the Routing header. Uses the same values as the IPv4 Protocol field [RFC-1700 et seq.]. Hdr Ext Len 8-bit unsigned integer. Length of the Routing header in 8-octet units, not including the first 8 octets. For the Type 0 Routing header, Hdr Ext Len is equal to two times the number of addresses in the header. Routing Type 0. Deering & Hinden Standards Track [Page 14] RFC 2460 IPv6 Specification December 1998 Segments Left 8-bit unsigned integer. Number of route segments remaining, i.e., number of explicitly listed intermediate nodes still to be visited before reaching the final destination. Reserved 32-bit reserved field. Initialized to zero for transmission; ignored on reception. Address[1..n] Vector of 128-bit addresses, numbered 1 to n. Multicast addresses must not appear in a Routing header of Type 0, or in the IPv6 Destination Address field of a packet carrying a Routing header of Type 0. A Routing header is not examined or processed until it reaches the node identified in the Destination Address field of the IPv6 header. In that node, dispatching on the Next Header field of the immediately preceding header causes the Routing header module to be invoked, which, in the case of Routing Type 0, performs the following algorithm: Deering & Hinden Standards Track [Page 15] RFC 2460 IPv6 Specification December 1998 if Segments Left = 0 { proceed to process the next header in the packet, whose type is identified by the Next Header field in the Routing header } else if Hdr Ext Len is odd { send an ICMP Parameter Problem, Code 0, message to the Source Address, pointing to the Hdr Ext Len field, and discard the packet } else { compute n, the number of addresses in the Routing header, by dividing Hdr Ext Len by 2 if Segments Left is greater than n { send an ICMP Parameter Problem, Code 0, message to the Source Address, pointing to the Segments Left field, and discard the packet } else { decrement Segments Left by 1; compute i, the index of the next address to be visited in the address vector, by subtracting Segments Left from n if Address [i] or the IPv6 Destination Address is multicast { discard the packet } else { swap the IPv6 Destination Address and Address[i] if the IPv6 Hop Limit is less than or equal to 1 { send an ICMP Time Exceeded -- Hop Limit Exceeded in Transit message to the Source Address and discard the packet } else { decrement the Hop Limit by 1 resubmit the packet to the IPv6 module for transmission to the new destination } } } } Deering & Hinden Standards Track [Page 16] RFC 2460 IPv6 Specification December 1998 As an example of the effects of the above algorithm, consider the case of a source node S sending a packet to destination node D, using a Routing header to cause the packet to be routed via intermediate nodes I1, I2, and I3. The values of the relevant IPv6 header and Routing header fields on each segment of the delivery path would be as follows: As the packet travels from S to I1: Source Address = S Hdr Ext Len = 6 Destination Address = I1 Segments Left = 3 Address[1] = I2 Address[2] = I3 Address[3] = D As the packet travels from I1 to I2: Source Address = S Hdr Ext Len = 6 Destination Address = I2 Segments Left = 2 Address[1] = I1 Address[2] = I3 Address[3] = D As the packet travels from I2 to I3: Source Address = S Hdr Ext Len = 6 Destination Address = I3 Segments Left = 1 Address[1] = I1 Address[2] = I2 Address[3] = D As the packet travels from I3 to D: Source Address = S Hdr Ext Len = 6 Destination Address = D Segments Left = 0 Address[1] = I1 Address[2] = I2 Address[3] = I3 Deering & Hinden Standards Track [Page 17] RFC 2460 IPv6 Specification December 1998 4.5 Fragment Header The Fragment header is used by an IPv6 source to send a packet larger than would fit in the path MTU to its destination. (Note: unlike IPv4, fragmentation in IPv6 is performed only by source nodes, not by routers along a packet's delivery path -- see section 5.) The Fragment header is identified by a Next Header value of 44 in the immediately preceding header, and has the following format: +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Next Header | Reserved | Fragment Offset |Res|M| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Identification | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Next Header 8-bit selector. Identifies the initial header type of the Fragmentable Part of the original packet (defined below). Uses the same values as the IPv4 Protocol field [RFC-1700 et seq.]. Reserved 8-bit reserved field. Initialized to zero for transmission; ignored on reception. Fragment Offset 13-bit unsigned integer. The offset, in 8-octet units, of the data following this header, relative to the start of the Fragmentable Part of the original packet. Res 2-bit reserved field. Initialized to zero for transmission; ignored on reception. M flag 1 = more fragments; 0 = last fragment. Identification 32 bits. See description below. In order to send a packet that is too large to fit in the MTU of the path to its destination, a source node may divide the packet into fragments and send each fragment as a separate packet, to be reassembled at the receiver. For every packet that is to be fragmented, the source node generates an Identification value. The Identification must be different than that of any other fragmented packet sent recently* with the same Source Address and Destination Address. If a Routing header is present, the Destination Address of concern is that of the final destination. Deering & Hinden Standards Track [Page 18] RFC 2460 IPv6 Specification December 1998 * "recently" means within the maximum likely lifetime of a packet, including transit time from source to destination and time spent awaiting reassembly with other fragments of the same packet. However, it is not required that a source node know the maximum packet lifetime. Rather, it is assumed that the requirement can be met by maintaining the Identification value as a simple, 32- bit, "wrap-around" counter, incremented each time a packet must be fragmented. It is an implementation choice whether to maintain a single counter for the node or multiple counters, e.g., one for each of the node's possible source addresses, or one for each active (source address, destination address) combination. The initial, large, unfragmented packet is referred to as the "original packet", and it is considered to consist of two parts, as illustrated: original packet: +------------------+----------------------//-----------------------+ | Unfragmentable | Fragmentable | | Part | Part | +------------------+----------------------//-----------------------+ The Unfragmentable Part consists of the IPv6 header plus any extension headers that must be processed by nodes en route to the destination, that is, all headers up to and including the Routing header if present, else the Hop-by-Hop Options header if present, else no extension headers. The Fragmentable Part consists of the rest of the packet, that is, any extension headers that need be processed only by the final destination node(s), plus the upper-layer header and data. The Fragmentable Part of the original packet is divided into fragments, each, except possibly the last ("rightmost") one, being an integer multiple of 8 octets long. The fragments are transmitted in separate "fragment packets" as illustrated: original packet: +------------------+--------------+--------------+--//--+----------+ | Unfragmentable | first | second | | last | | Part | fragment | fragment | .... | fragment | +------------------+--------------+--------------+--//--+----------+ Deering & Hinden Standards Track [Page 19] RFC 2460 IPv6 Specification December 1998 fragment packets: +------------------+--------+--------------+ | Unfragmentable |Fragment| first | | Part | Header | fragment | +------------------+--------+--------------+ +------------------+--------+--------------+ | Unfragmentable |Fragment| second | | Part | Header | fragment | +------------------+--------+--------------+ o o o +------------------+--------+----------+ | Unfragmentable |Fragment| last | | Part | Header | fragment | +------------------+--------+----------+ Each fragment packet is composed of: (1) The Unfragmentable Part of the original packet, with the Payload Length of the original IPv6 header changed to contain the length of this fragment packet only (excluding the length of the IPv6 header itself), and the Next Header field of the last header of the Unfragmentable Part changed to 44. (2) A Fragment header containing: The Next Header value that identifies the first header of the Fragmentable Part of the original packet. A Fragment Offset containing the offset of the fragment, in 8-octet units, relative to the start of the Fragmentable Part of the original packet. The Fragment Offset of the first ("leftmost") fragment is 0. An M flag value of 0 if the fragment is the last ("rightmost") one, else an M flag value of 1. The Identification value generated for the original packet. (3) The fragment itself. The lengths of the fragments must be chosen such that the resulting fragment packets fit within the MTU of the path to the packets' destination(s). Deering & Hinden Standards Track [Page 20] RFC 2460 IPv6 Specification December 1998 At the destination, fragment packets are reassembled into their original, unfragmented form, as illustrated: reassembled original packet: +------------------+----------------------//------------------------+ | Unfragmentable | Fragmentable | | Part | Part | +------------------+----------------------//------------------------+ The following rules govern reassembly: An original packet is reassembled only from fragment packets that have the same Source Address, Destination Address, and Fragment Identification. The Unfragmentable Part of the reassembled packet consists of all headers up to, but not including, the Fragment header of the first fragment packet (that is, the packet whose Fragment Offset is zero), with the following two changes: The Next Header field of the last header of the Unfragmentable Part is obtained from the Next Header field of the first fragment's Fragment header. The Payload Length of the reassembled packet is computed from the length of the Unfragmentable Part and the length and offset of the last fragment. For example, a formula for computing the Payload Length of the reassembled original packet is: PL.orig = PL.first - FL.first - 8 + (8 * FO.last) + FL.last where PL.orig = Payload Length field of reassembled packet. PL.first = Payload Length field of first fragment packet. FL.first = length of fragment following Fragment header of first fragment packet. FO.last = Fragment Offset field of Fragment header of last fragment packet. FL.last = length of fragment following Fragment header of last fragment packet. The Fragmentable Part of the reassembled packet is constructed from the fragments following the Fragment headers in each of the fragment packets. The length of each fragment is computed by subtracting from the packet's Payload Length the length of the Deering & Hinden Standards Track [Page 21] RFC 2460 IPv6 Specification December 1998 headers between the IPv6 header and fragment itself; its relative position in Fragmentable Part is computed from its Fragment Offset value. The Fragment header is not present in the final, reassembled packet. The following error conditions may arise when reassembling fragmented packets: If insufficient fragments are received to complete reassembly of a packet within 60 seconds of the reception of the first-arriving fragment of that packet, reassembly of that packet must be abandoned and all the fragments that have been received for that packet must be discarded. If the first fragment (i.e., the one with a Fragment Offset of zero) has been received, an ICMP Time Exceeded -- Fragment Reassembly Time Exceeded message should be sent to the source of that fragment. If the length of a fragment, as derived from the fragment packet's Payload Length field, is not a multiple of 8 octets and the M flag of that fragment is 1, then that fragment must be discarded and an ICMP Parameter Problem, Code 0, message should be sent to the source of the fragment, pointing to the Payload Length field of the fragment packet. If the length and offset of a fragment are such that the Payload Length of the packet reassembled from that fragment would exceed 65,535 octets, then that fragment must be discarded and an ICMP Parameter Problem, Code 0, message should be sent to the source of the fragment, pointing to the Fragment Offset field of the fragment packet. The following conditions are not expected to occur, but are not considered errors if they do: The number and content of the headers preceding the Fragment header of different fragments of the same original packet may differ. Whatever headers are present, preceding the Fragment header in each fragment packet, are processed when the packets arrive, prior to queueing the fragments for reassembly. Only those headers in the Offset zero fragment packet are retained in the reassembled packet. The Next Header values in the Fragment headers of different fragments of the same original packet may differ. Only the value from the Offset zero fragment packet is used for reassembly. Deering & Hinden Standards Track [Page 22] RFC 2460 IPv6 Specification December 1998 4.6 Destination Options Header The Destination Options header is used to carry optional information that need be examined only by a packet's destination node(s). The Destination Options header is identified by a Next Header value of 60 in the immediately preceding header, and has the following format: +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Next Header | Hdr Ext Len | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | | . . . Options . . . | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Next Header 8-bit selector. Identifies the type of header immediately following the Destination Options header. Uses the same values as the IPv4 Protocol field [RFC-1700 et seq.]. Hdr Ext Len 8-bit unsigned integer. Length of the Destination Options header in 8-octet units, not including the first 8 octets. Options Variable-length field, of length such that the complete Destination Options header is an integer multiple of 8 octets long. Contains one or more TLV-encoded options, as described in section 4.2. The only destination options defined in this document are the Pad1 and PadN options specified in section 4.2. Note that there are two possible ways to encode optional destination information in an IPv6 packet: either as an option in the Destination Options header, or as a separate extension header. The Fragment header and the Authentication header are examples of the latter approach. Which approach can be used depends on what action is desired of a destination node that does not understand the optional information: o If the desired action is for the destination node to discard the packet and, only if the packet's Destination Address is not a multicast address, send an ICMP Unrecognized Type message to the packet's Source Address, then the information may be encoded either as a separate header or as an option in the Deering & Hinden Standards Track [Page 23] RFC 2460 IPv6 Specification December 1998 Destination Options header whose Option Type has the value 11 in its highest-order two bits. The choice may depend on such factors as which takes fewer octets, or which yields better alignment or more efficient parsing. o If any other action is desired, the information must be encoded as an option in the Destination Options header whose Option Type has the value 00, 01, or 10 in its highest-order two bits, specifying the desired action (see section 4.2). 4.7 No Next Header The value 59 in the Next Header field of an IPv6 header or any extension header indicates that there is nothing following that header. If the Payload Length field of the IPv6 header indicates the presence of octets past the end of a header whose Next Header field contains 59, those octets must be ignored, and passed on unchanged if the packet is forwarded. 5. Packet Size Issues IPv6 requires that every link in the internet have an MTU of 1280 octets or greater. On any link that cannot convey a 1280-octet packet in one piece, link-specific fragmentation and reassembly must be provided at a layer below IPv6. Links that have a configurable MTU (for example, PPP links [RFC- 1661]) must be configured to have an MTU of at least 1280 octets; it is recommended that they be configured with an MTU of 1500 octets or greater, to accommodate possible encapsulations (i.e., tunneling) without incurring IPv6-layer fragmentation. From each link to which a node is directly attached, the node must be able to accept packets as large as that link's MTU. It is strongly recommended that IPv6 nodes implement Path MTU Discovery [RFC-1981], in order to discover and take advantage of path MTUs greater than 1280 octets. However, a minimal IPv6 implementation (e.g., in a boot ROM) may simply restrict itself to sending packets no larger than 1280 octets, and omit implementation of Path MTU Discovery. In order to send a packet larger than a path's MTU, a node may use the IPv6 Fragment header to fragment the packet at the source and have it reassembled at the destination(s). However, the use of such fragmentation is discouraged in any application that is able to adjust its packets to fit the measured path MTU (i.e., down to 1280 octets). Deering & Hinden Standards Track [Page 24] RFC 2460 IPv6 Specification December 1998 A node must be able to accept a fragmented packet that, after reassembly, is as large as 1500 octets. A node is permitted to accept fragmented packets that reassemble to more than 1500 octets. An upper-layer protocol or application that depends on IPv6 fragmentation to send packets larger than the MTU of a path should not send packets larger than 1500 octets unless it has assurance that the destination is capable of reassembling packets of that larger size. In response to an IPv6 packet that is sent to an IPv4 destination (i.e., a packet that undergoes translation from IPv6 to IPv4), the originating IPv6 node may receive an ICMP Packet Too Big message reporting a Next-Hop MTU less than 1280. In that case, the IPv6 node is not required to reduce the size of subsequent packets to less than 1280, but must include a Fragment header in those packets so that the IPv6-to-IPv4 translating router can obtain a suitable Identification value to use in resulting IPv4 fragments. Note that this means the payload may have to be reduced to 1232 octets (1280 minus 40 for the IPv6 header and 8 for the Fragment header), and smaller still if additional extension headers are used. 6. Flow Labels The 20-bit Flow Label field in the IPv6 header may be used by a source to label sequences of packets for which it requests special handling by the IPv6 routers, such as non-default quality of service or "real-time" service. This aspect of IPv6 is, at the time of writing, still experimental and subject to change as the requirements for flow support in the Internet become clearer. Hosts or routers that do not support the functions of the Flow Label field are required to set the field to zero when originating a packet, pass the field on unchanged when forwarding a packet, and ignore the field when receiving a packet. Appendix A describes the current intended semantics and usage of the Flow Label field. 7. Traffic Classes The 8-bit Traffic Class field in the IPv6 header is available for use by originating nodes and/or forwarding routers to identify and distinguish between different classes or priorities of IPv6 packets. At the point in time at which this specification is being written, there are a number of experiments underway in the use of the IPv4 Type of Service and/or Precedence bits to provide various forms of "differentiated service" for IP packets, other than through the use of explicit flow set-up. The Traffic Class field in the IPv6 header is intended to allow similar functionality to be supported in IPv6. Deering & Hinden Standards Track [Page 25] RFC 2460 IPv6 Specification December 1998 It is hoped that those experiments will eventually lead to agreement on what sorts of traffic classifications are most useful for IP packets. Detailed definitions of the syntax and semantics of all or some of the IPv6 Traffic Class bits, whether experimental or intended for eventual standardization, are to be provided in separate documents. The following general requirements apply to the Traffic Class field: o The service interface to the IPv6 service within a node must provide a means for an upper-layer protocol to supply the value of the Traffic Class bits in packets originated by that upper- layer protocol. The default value must be zero for all 8 bits. o Nodes that support a specific (experimental or eventual standard) use of some or all of the Traffic Class bits are permitted to change the value of those bits in packets that they originate, forward, or receive, as required for that specific use. Nodes should ignore and leave unchanged any bits of the Traffic Class field for which they do not support a specific use. o An upper-layer protocol must not assume that the value of the Traffic Class bits in a received packet are the same as the value sent by the packet's source. Deering & Hinden Standards Track [Page 26] RFC 2460 IPv6 Specification December 1998 8. Upper-Layer Protocol Issues 8.1 Upper-Layer Checksums Any transport or other upper-layer protocol that includes the addresses from the IP header in its checksum computation must be modified for use over IPv6, to include the 128-bit IPv6 addresses instead of 32-bit IPv4 addresses. In particular, the following illustration shows the TCP and UDP "pseudo-header" for IPv6: +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | + + | | + Source Address + | | + + | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | + + | | + Destination Address + | | + + | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Upper-Layer Packet Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | zero | Next Header | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ o If the IPv6 packet contains a Routing header, the Destination Address used in the pseudo-header is that of the final destination. At the originating node, that address will be in the last element of the Routing header; at the recipient(s), that address will be in the Destination Address field of the IPv6 header. o The Next Header value in the pseudo-header identifies the upper-layer protocol (e.g., 6 for TCP, or 17 for UDP). It will differ from the Next Header value in the IPv6 header if there are extension headers between the IPv6 header and the upper- layer header. o The Upper-Layer Packet Length in the pseudo-header is the length of the upper-layer header and data (e.g., TCP header plus TCP data). Some upper-layer protocols carry their own Deering & Hinden Standards Track [Page 27] RFC 2460 IPv6 Specification December 1998 length information (e.g., the Length field in the UDP header); for such protocols, that is the length used in the pseudo- header. Other protocols (such as TCP) do not carry their own length information, in which case the length used in the pseudo-header is the Payload Length from the IPv6 header, minus the length of any extension headers present between the IPv6 header and the upper-layer header. o Unlike IPv4, when UDP packets are originated by an IPv6 node, the UDP checksum is not optional. That is, whenever originating a UDP packet, an IPv6 node must compute a UDP checksum over the packet and the pseudo-header, and, if that computation yields a result of zero, it must be changed to hex FFFF for placement in the UDP header. IPv6 receivers must discard UDP packets containing a zero checksum, and should log the error. The IPv6 version of ICMP [ICMPv6] includes the above pseudo-header in its checksum computation; this is a change from the IPv4 version of ICMP, which does not include a pseudo-header in its checksum. The reason for the change is to protect ICMP from misdelivery or corruption of those fields of the IPv6 header on which it depends, which, unlike IPv4, are not covered by an internet-layer checksum. The Next Header field in the pseudo-header for ICMP contains the value 58, which identifies the IPv6 version of ICMP. 8.2 Maximum Packet Lifetime Unlike IPv4, IPv6 nodes are not required to enforce maximum packet lifetime. That is the reason the IPv4 "Time to Live" field was renamed "Hop Limit" in IPv6. In practice, very few, if any, IPv4 implementations conform to the requirement that they limit packet lifetime, so this is not a change in practice. Any upper-layer protocol that relies on the internet layer (whether IPv4 or IPv6) to limit packet lifetime ought to be upgraded to provide its own mechanisms for detecting and discarding obsolete packets. 8.3 Maximum Upper-Layer Payload Size When computing the maximum payload size available for upper-layer data, an upper-layer protocol must take into account the larger size of the IPv6 header relative to the IPv4 header. For example, in IPv4, TCP's MSS option is computed as the maximum packet size (a default value or a value learned through Path MTU Discovery) minus 40 octets (20 octets for the minimum-length IPv4 header and 20 octets for the minimum-length TCP header). When using TCP over IPv6, the MSS must be computed as the maximum packet size minus 60 octets, Deering & Hinden Standards Track [Page 28] RFC 2460 IPv6 Specification December 1998 because the minimum-length IPv6 header (i.e., an IPv6 header with no extension headers) is 20 octets longer than a minimum-length IPv4 header. 8.4 Responding to Packets Carrying Routing Headers When an upper-layer protocol sends one or more packets in response to a received packet that included a Routing header, the response packet(s) must not include a Routing header that was automatically derived by "reversing" the received Routing header UNLESS the integrity and authenticity of the received Source Address and Routing header have been verified (e.g., via the use of an Authentication header in the received packet). In other words, only the following kinds of packets are permitted in response to a received packet bearing a Routing header: o Response packets that do not carry Routing headers. o Response packets that carry Routing headers that were NOT derived by reversing the Routing header of the received packet (for example, a Routing header supplied by local configuration). o Response packets that carry Routing headers that were derived by reversing the Routing header of the received packet IF AND ONLY IF the integrity and authenticity of the Source Address and Routing header from the received packet have been verified by the responder. Deering & Hinden Standards Track [Page 29] RFC 2460 IPv6 Specification December 1998 Appendix A. Semantics and Usage of the Flow Label Field A flow is a sequence of packets sent from a particular source to a particular (unicast or multicast) destination for which the source desires special handling by the intervening routers. The nature of that special handling might be conveyed to the routers by a control protocol, such as a resource reservation protocol, or by information within the flow's packets themselves, e.g., in a hop-by-hop option. The details of such control protocols or options are beyond the scope of this document. There may be multiple active flows from a source to a destination, as well as traffic that is not associated with any flow. A flow is uniquely identified by the combination of a source address and a non-zero flow label. Packets that do not belong to a flow carry a flow label of zero. A flow label is assigned to a flow by the flow's source node. New flow labels must be chosen (pseudo-)randomly and uniformly from the range 1 to FFFFF hex. The purpose of the random allocation is to make any set of bits within the Flow Label field suitable for use as a hash key by routers, for looking up the state associated with the flow. All packets belonging to the same flow must be sent with the same source address, destination address, and flow label. If any of those packets includes a Hop-by-Hop Options header, then they all must be originated with the same Hop-by-Hop Options header contents (excluding the Next Header field of the Hop-by-Hop Options header). If any of those packets includes a Routing header, then they all must be originated with the same contents in all extension headers up to and including the Routing header (excluding the Next Header field in the Routing header). The routers or destinations are permitted, but not required, to verify that these conditions are satisfied. If a violation is detected, it should be reported to the source by an ICMP Parameter Problem message, Code 0, pointing to the high-order octet of the Flow Label field (i.e., offset 1 within the IPv6 packet). The maximum lifetime of any flow-handling state established along a flow's path must be specified as part of the description of the state-establishment mechanism, e.g., the resource reservation protocol or the flow-setup hop-by-hop option. A source must not re- use a flow label for a new flow within the maximum lifetime of any flow-handling state that might have been established for the prior use of that flow label. Deering & Hinden Standards Track [Page 30] RFC 2460 IPv6 Specification December 1998 When a node stops and restarts (e.g., as a result of a "crash"), it must be careful not to use a flow label that it might have used for an earlier flow whose lifetime may not have expired yet. This may be accomplished by recording flow label usage on stable storage so that it can be remembered across crashes, or by refraining from using any flow labels until the maximum lifetime of any possible previously established flows has expired. If the minimum time for rebooting the node is known, that time can be deducted from the necessary waiting period before starting to allocate flow labels. There is no requirement that all, or even most, packets belong to flows, i.e., carry non-zero flow labels. This observation is placed here to remind protocol designers and implementors not to assume otherwise. For example, it would be unwise to design a router whose performance would be adequate only if most packets belonged to flows, or to design a header compression scheme that only worked on packets that belonged to flows. Deering & Hinden Standards Track [Page 31] RFC 2460 IPv6 Specification December 1998 Appendix B. Formatting Guidelines for Options This appendix gives some advice on how to lay out the fields when designing new options to be used in the Hop-by-Hop Options header or the Destination Options header, as described in section 4.2. These guidelines are based on the following assumptions: o One desirable feature is that any multi-octet fields within the Option Data area of an option be aligned on their natural boundaries, i.e., fields of width n octets should be placed at an integer multiple of n octets from the start of the Hop-by- Hop or Destination Options header, for n = 1, 2, 4, or 8. o Another desirable feature is that the Hop-by-Hop or Destination Options header take up as little space as possible, subject to the requirement that the header be an integer multiple of 8 octets long. o It may be assumed that, when either of the option-bearing headers are present, they carry a very small number of options, usually only one. These assumptions suggest the following approach to laying out the fields of an option: order the fields from smallest to largest, with no interior padding, then derive the alignment requirement for the entire option based on the alignment requirement of the largest field (up to a maximum alignment of 8 octets). This approach is illustrated in the following examples: Example 1 If an option X required two data fields, one of length 8 octets and one of length 4 octets, it would be laid out as follows: +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Option Type=X |Opt Data Len=12| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | 4-octet field | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | + 8-octet field + | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Deering & Hinden Standards Track [Page 32] RFC 2460 IPv6 Specification December 1998 Its alignment requirement is 8n+2, to ensure that the 8-octet field starts at a multiple-of-8 offset from the start of the enclosing header. A complete Hop-by-Hop or Destination Options header containing this one option would look as follows: +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Next Header | Hdr Ext Len=1 | Option Type=X |Opt Data Len=12| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | 4-octet field | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | + 8-octet field + | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Example 2 If an option Y required three data fields, one of length 4 octets, one of length 2 octets, and one of length 1 octet, it would be laid out as follows: +-+-+-+-+-+-+-+-+ | Option Type=Y | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |Opt Data Len=7 | 1-octet field | 2-octet field | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | 4-octet field | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Its alignment requirement is 4n+3, to ensure that the 4-octet field starts at a multiple-of-4 offset from the start of the enclosing header. A complete Hop-by-Hop or Destination Options header containing this one option would look as follows: +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Next Header | Hdr Ext Len=1 | Pad1 Option=0 | Option Type=Y | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |Opt Data Len=7 | 1-octet field | 2-octet field | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | 4-octet field | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | PadN Option=1 |Opt Data Len=2 | 0 | 0 | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Deering & Hinden Standards Track [Page 33] RFC 2460 IPv6 Specification December 1998 Example 3 A Hop-by-Hop or Destination Options header containing both options X and Y from Examples 1 and 2 would have one of the two following formats, depending on which option appeared first: +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Next Header | Hdr Ext Len=3 | Option Type=X |Opt Data Len=12| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | 4-octet field | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | + 8-octet field + | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | PadN Option=1 |Opt Data Len=1 | 0 | Option Type=Y | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |Opt Data Len=7 | 1-octet field | 2-octet field | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | 4-octet field | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | PadN Option=1 |Opt Data Len=2 | 0 | 0 | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Next Header | Hdr Ext Len=3 | Pad1 Option=0 | Option Type=Y | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |Opt Data Len=7 | 1-octet field | 2-octet field | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | 4-octet field | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | PadN Option=1 |Opt Data Len=4 | 0 | 0 | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | 0 | 0 | Option Type=X |Opt Data Len=12| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | 4-octet field | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | + 8-octet field + | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Deering & Hinden Standards Track [Page 34] RFC 2460 IPv6 Specification December 1998 Security Considerations The security features of IPv6 are described in the Security Architecture for the Internet Protocol [RFC-2401]. Acknowledgments The authors gratefully acknowledge the many helpful suggestions of the members of the IPng working group, the End-to-End Protocols research group, and the Internet Community At Large. Authors' Addresses Stephen E. Deering Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA Phone: +1 408 527 8213 Fax: +1 408 527 8254 EMail: deering@cisco.com Robert M. Hinden Nokia 232 Java Drive Sunnyvale, CA 94089 USA Phone: +1 408 990-2004 Fax: +1 408 743-5677 EMail: hinden@iprg.nokia.com References [RFC-2401] Kent, S. and R. Atkinson, "Security Architecture for the Internet Protocol", RFC 2401, November 1998. [RFC-2402] Kent, S. and R. Atkinson, "IP Authentication Header", RFC 2402, November 1998. [RFC-2406] Kent, S. and R. Atkinson, "IP Encapsulating Security Protocol (ESP)", RFC 2406, November 1998. [ICMPv6] Conta, A. and S. Deering, "ICMP for the Internet Protocol Version 6 (IPv6)", RFC 2463, December 1998. Deering & Hinden Standards Track [Page 35] RFC 2460 IPv6 Specification December 1998 [ADDRARCH] Hinden, R. and S. Deering, "IP Version 6 Addressing Architecture", RFC 2373, July 1998. [RFC-1981] McCann, J., Mogul, J. and S. Deering, "Path MTU Discovery for IP version 6", RFC 1981, August 1996. [RFC-791] Postel, J., "Internet Protocol", STD 5, RFC 791, September 1981. [RFC-1700] Reynolds, J. and J. Postel, "Assigned Numbers", STD 2, RFC 1700, October 1994. See also: http://www.iana.org/numbers.html [RFC-1661] Simpson, W., "The Point-to-Point Protocol (PPP)", STD 51, RFC 1661, July 1994. CHANGES SINCE RFC-1883 This memo has the following changes from RFC-1883. Numbers identify the Internet-Draft version in which the change was made. 02) Removed all references to jumbograms and the Jumbo Payload option (moved to a separate document). 02) Moved most of Flow Label description from section 6 to (new) Appendix A. 02) In Flow Label description, now in Appendix A, corrected maximum Flow Label value from FFFFFF to FFFFF (i.e., one less "F") due to reduction of size of Flow Label field from 24 bits to 20 bits. 02) Renumbered (relettered?) the previous Appendix A to be Appendix B. 02) Changed the wording of the Security Considerations section to avoid dependency loop between this spec and the IPsec specs. 02) Updated R. Hinden's email address and company affiliation. -------------------------------------------------------- 01) In section 3, changed field name "Class" to "Traffic Class" and increased its size from 4 to 8 bits. Decreased size of Flow Label field from 24 to 20 bits to compensate for increase in Traffic Class field. Deering & Hinden Standards Track [Page 36] RFC 2460 IPv6 Specification December 1998 01) In section 4.1, restored the order of the Authentication Header and the ESP header, which were mistakenly swapped in the 00 version of this memo. 01) In section 4.4, deleted the Strict/Loose Bit Map field and the strict routing functionality from the Type 0 Routing header, and removed the restriction on number of addresses that may be carried in the Type 0 Routing header (was limited to 23 addresses, because of the size of the strict/loose bit map). 01) In section 5, changed the minimum IPv6 MTU from 576 to 1280 octets, and added a recommendation that links with configurable MTU (e.g., PPP links) be configured to have an MTU of at least 1500 octets. 01) In section 5, deleted the requirement that a node must not send fragmented packets that reassemble to more than 1500 octets without knowledge of the destination reassembly buffer size, and replaced it with a recommendation that upper-layer protocols or applications should not do that. 01) Replaced reference to the IPv4 Path MTU Discovery spec (RFC- 1191) with reference to the IPv6 Path MTU Discovery spec (RFC- 1981), and deleted the Notes at the end of section 5 regarding Path MTU Discovery, since those details are now covered by RFC- 1981. 01) In section 6, deleted specification of "opportunistic" flow set-up, and removed all references to the 6-second maximum lifetime for opportunistically established flow state. 01) In section 7, deleted the provisional description of the internal structure and semantics of the Traffic Class field, and specified that such descriptions be provided in separate documents. -------------------------------------------------------- 00) In section 4, corrected the Code value to indicate "unrecognized Next Header type encountered" in an ICMP Parameter Problem message (changed from 2 to 1). 00) In the description of the Payload Length field in section 3, and of the Jumbo Payload Length field in section 4.3, made it clearer that extension headers are included in the payload length count. Deering & Hinden Standards Track [Page 37] RFC 2460 IPv6 Specification December 1998 00) In section 4.1, swapped the order of the Authentication header and the ESP header. (NOTE: this was a mistake, and the change was undone in version 01.) 00) In section 4.2, made it clearer that options are identified by the full 8-bit Option Type, not by the low-order 5 bits of an Option Type. Also specified that the same Option Type numbering space is used for both Hop-by-Hop Options and Destination Options headers. 00) In section 4.4, added a sentence requiring that nodes processing a Routing header must send an ICMP Packet Too Big message in response to a packet that is too big to fit in the next hop link (rather than, say, performing fragmentation). 00) Changed the name of the IPv6 Priority field to "Class", and replaced the previous description of Priority in section 7 with a description of the Class field. Also, excluded this field from the set of fields that must remain the same for all packets in the same flow, as specified in section 6. 00) In the pseudo-header in section 8.1, changed the name of the "Payload Length" field to "Upper-Layer Packet Length". Also clarified that, in the case of protocols that carry their own length info (like non-jumbogram UDP), it is the upper-layer- derived length, not the IP-layer-derived length, that is used in the pseudo-header. 00) Added section 8.4, specifying that upper-layer protocols, when responding to a received packet that carried a Routing header, must not include the reverse of the Routing header in the response packet(s) unless the received Routing header was authenticated. 00) Fixed some typos and grammatical errors. 00) Authors' contact info updated. -------------------------------------------------------- Deering & Hinden Standards Track [Page 38] RFC 2460 IPv6 Specification December 1998 Full Copyright Statement Copyright (C) The Internet Society (1998). All Rights Reserved. This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implementation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this paragraph are included on all such copies and derivative works. However, this document itself may not be modified in any way, such as by removing the copyright notice or references to the Internet Society or other Internet organizations, except as needed for the purpose of developing Internet standards in which case the procedures for copyrights defined in the Internet Standards process must be followed, or as required to translate it into languages other than English. The limited permissions granted above are perpetual and will not be revoked by the Internet Society or its successors or assigns. This document and the information contained herein is provided on an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Deering & Hinden Standards Track [Page 39]

The post RFC 2460 – Internet Protocol, Version 6 (IPv6) Specification appeared first on IPv6.net.