rfc 791

RFC 792 – Internet Control Message Protocol


Network Working Group                                          J. Postel
Request for Comments:  792                                           ISI
                                                          September 1981
Updates:  RFCs 777, 760
Updates:  IENs 109, 128

                   INTERNET CONTROL MESSAGE PROTOCOL

                         DARPA INTERNET PROGRAM
                         PROTOCOL SPECIFICATION

Introduction

   The Internet Protocol (IP) [1] is used for host-to-host datagram
   service in a system of interconnected networks called the
   Catenet [2].  The network connecting devices are called Gateways.
   These gateways communicate between themselves for control purposes
   via a Gateway to Gateway Protocol (GGP) [3,4].  Occasionally a
   gateway or destination host will communicate with a source host, for
   example, to report an error in datagram processing.  For such
   purposes this protocol, the Internet Control Message Protocol (ICMP),
   is used.  ICMP, uses the basic support of IP as if it were a higher
   level protocol, however, ICMP is actually an integral part of IP, and
   must be implemented by every IP module.

   ICMP messages are sent in several situations:  for example, when a
   datagram cannot reach its destination, when the gateway does not have
   the buffering capacity to forward a datagram, and when the gateway
   can direct the host to send traffic on a shorter route.

   The Internet Protocol is not designed to be absolutely reliable.  The
   purpose of these control messages is to provide feedback about
   problems in the communication environment, not to make IP reliable.
   There are still no guarantees that a datagram will be delivered or a
   control message will be returned.  Some datagrams may still be
   undelivered without any report of their loss.  The higher level
   protocols that use IP must implement their own reliability procedures
   if reliable communication is required.

   The ICMP messages typically report errors in the processing of
   datagrams.  To avoid the infinite regress of messages about messages
   etc., no ICMP messages are sent about ICMP messages.  Also ICMP
   messages are only sent about errors in handling fragment zero of
   fragemented datagrams.  (Fragment zero has the fragment offeset equal
   zero).

                                                                [Page 1]

                                                          September 1981
RFC 792

Message Formats

   ICMP messages are sent using the basic IP header.  The first octet of
   the data portion of the datagram is a ICMP type field; the value of
   this field determines the format of the remaining data.  Any field
   labeled "unused" is reserved for later extensions and must be zero
   when sent, but receivers should not use these fields (except to
   include them in the checksum).  Unless otherwise noted under the
   individual format descriptions, the values of the internet header
   fields are as follows:

   Version

      4

   IHL

      Internet header length in 32-bit words.

   Type of Service

      0

   Total Length

      Length of internet header and data in octets.

   Identification, Flags, Fragment Offset

      Used in fragmentation, see [1].

   Time to Live

      Time to live in seconds; as this field is decremented at each
      machine in which the datagram is processed, the value in this
      field should be at least as great as the number of gateways which
      this datagram will traverse.

   Protocol

      ICMP = 1

   Header Checksum

      The 16 bit one's complement of the one's complement sum of all 16
      bit words in the header.  For computing the checksum, the checksum
      field should be zero.  This checksum may be replaced in the
      future.

[Page 2]                                                                

September 1981                                                          
RFC 792

   Source Address

      The address of the gateway or host that composes the ICMP message.
      Unless otherwise noted, this can be any of a gateway's addresses.

   Destination Address

      The address of the gateway or host to which the message should be
      sent.

                                                                [Page 3]

                                                          September 1981
RFC 792

Destination Unreachable Message

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Type      |     Code      |          Checksum             |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                             unused                            |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |      Internet Header + 64 bits of Original Data Datagram      |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   IP Fields:

   Destination Address

      The source network and address from the original datagram's data.

   ICMP Fields:

   Type

      3

   Code

      0 = net unreachable;

      1 = host unreachable;

      2 = protocol unreachable;

      3 = port unreachable;

      4 = fragmentation needed and DF set;

      5 = source route failed.

   Checksum

      The checksum is the 16-bit ones's complement of the one's
      complement sum of the ICMP message starting with the ICMP Type.
      For computing the checksum , the checksum field should be zero.
      This checksum may be replaced in the future.

   Internet Header + 64 bits of Data Datagram

      The internet header plus the first 64 bits of the original

[Page 4]                                                                

September 1981                                                          
RFC 792

      datagram's data.  This data is used by the host to match the
      message to the appropriate process.  If a higher level protocol
      uses port numbers, they are assumed to be in the first 64 data
      bits of the original datagram's data.

   Description

      If, according to the information in the gateway's routing tables,
      the network specified in the internet destination field of a
      datagram is unreachable, e.g., the distance to the network is
      infinity, the gateway may send a destination unreachable message
      to the internet source host of the datagram.  In addition, in some
      networks, the gateway may be able to determine if the internet
      destination host is unreachable.  Gateways in these networks may
      send destination unreachable messages to the source host when the
      destination host is unreachable.

      If, in the destination host, the IP module cannot deliver the
      datagram  because the indicated protocol module or process port is
      not active, the destination host may send a destination
      unreachable message to the source host.

      Another case is when a datagram must be fragmented to be forwarded
      by a gateway yet the Don't Fragment flag is on.  In this case the
      gateway must discard the datagram and may return a destination
      unreachable message.

      Codes 0, 1, 4, and 5 may be received from a gateway.  Codes 2 and
      3 may be received from a host.

                                                                [Page 5]

                                                          September 1981
RFC 792

Time Exceeded Message

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Type      |     Code      |          Checksum             |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                             unused                            |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |      Internet Header + 64 bits of Original Data Datagram      |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   IP Fields:

   Destination Address

      The source network and address from the original datagram's data.

   ICMP Fields:

   Type

      11

   Code

      0 = time to live exceeded in transit;

      1 = fragment reassembly time exceeded.

   Checksum

      The checksum is the 16-bit ones's complement of the one's
      complement sum of the ICMP message starting with the ICMP Type.
      For computing the checksum , the checksum field should be zero.
      This checksum may be replaced in the future.

   Internet Header + 64 bits of Data Datagram

      The internet header plus the first 64 bits of the original
      datagram's data.  This data is used by the host to match the
      message to the appropriate process.  If a higher level protocol
      uses port numbers, they are assumed to be in the first 64 data
      bits of the original datagram's data.

   Description

      If the gateway processing a datagram finds the time to live field

[Page 6]                                                                

September 1981                                                          
RFC 792

      is zero it must discard the datagram.  The gateway may also notify
      the source host via the time exceeded message.

      If a host reassembling a fragmented datagram cannot complete the
      reassembly due to missing fragments within its time limit it
      discards the datagram, and it may send a time exceeded message.

      If fragment zero is not available then no time exceeded need be
      sent at all.

      Code 0 may be received from a gateway.  Code 1 may be received
      from a host.

                                                                [Page 7]

                                                          September 1981
RFC 792

Parameter Problem Message

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Type      |     Code      |          Checksum             |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |    Pointer    |                   unused                      |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |      Internet Header + 64 bits of Original Data Datagram      |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   IP Fields:

   Destination Address

      The source network and address from the original datagram's data.

   ICMP Fields:

   Type

      12

   Code

      0 = pointer indicates the error.

   Checksum

      The checksum is the 16-bit ones's complement of the one's
      complement sum of the ICMP message starting with the ICMP Type.
      For computing the checksum , the checksum field should be zero.
      This checksum may be replaced in the future.

   Pointer

      If code = 0, identifies the octet where an error was detected.

   Internet Header + 64 bits of Data Datagram

      The internet header plus the first 64 bits of the original
      datagram's data.  This data is used by the host to match the
      message to the appropriate process.  If a higher level protocol
      uses port numbers, they are assumed to be in the first 64 data
      bits of the original datagram's data.

[Page 8]                                                                

September 1981                                                          
RFC 792

   Description

      If the gateway or host processing a datagram finds a problem with
      the header parameters such that it cannot complete processing the
      datagram it must discard the datagram.  One potential source of
      such a problem is with incorrect arguments in an option.  The
      gateway or host may also notify the source host via the parameter
      problem message.  This message is only sent if the error caused
      the datagram to be discarded.

      The pointer identifies the octet of the original datagram's header
      where the error was detected (it may be in the middle of an
      option).  For example, 1 indicates something is wrong with the
      Type of Service, and (if there are options present) 20 indicates
      something is wrong with the type code of the first option.

      Code 0 may be received from a gateway or a host.

                                                                [Page 9]

                                                          September 1981
RFC 792

Source Quench Message

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Type      |     Code      |          Checksum             |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                             unused                            |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |      Internet Header + 64 bits of Original Data Datagram      |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   IP Fields:

   Destination Address

      The source network and address of the original datagram's data.

   ICMP Fields:

   Type

      4

   Code

      0

   Checksum

      The checksum is the 16-bit ones's complement of the one's
      complement sum of the ICMP message starting with the ICMP Type.
      For computing the checksum , the checksum field should be zero.
      This checksum may be replaced in the future.

   Internet Header + 64 bits of Data Datagram

      The internet header plus the first 64 bits of the original
      datagram's data.  This data is used by the host to match the
      message to the appropriate process.  If a higher level protocol
      uses port numbers, they are assumed to be in the first 64 data
      bits of the original datagram's data.

   Description

      A gateway may discard internet datagrams if it does not have the
      buffer space needed to queue the datagrams for output to the next
      network on the route to the destination network.  If a gateway

[Page 10]                                                               

September 1981                                                          
RFC 792

      discards a datagram, it may send a source quench message to the
      internet source host of the datagram.  A destination host may also
      send a source quench message if datagrams arrive too fast to be
      processed.  The source quench message is a request to the host to
      cut back the rate at which it is sending traffic to the internet
      destination.  The gateway may send a source quench message for
      every message that it discards.  On receipt of a source quench
      message, the source host should cut back the rate at which it is
      sending traffic to the specified destination until it no longer
      receives source quench messages from the gateway.  The source host
      can then gradually increase the rate at which it sends traffic to
      the destination until it again receives source quench messages.

      The gateway or host may send the source quench message when it
      approaches its capacity limit rather than waiting until the
      capacity is exceeded.  This means that the data datagram which
      triggered the source quench message may be delivered.

      Code 0 may be received from a gateway or a host.

                                                               [Page 11]

                                                          September 1981
RFC 792

Redirect Message

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Type      |     Code      |          Checksum             |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                 Gateway Internet Address                      |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |      Internet Header + 64 bits of Original Data Datagram      |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   IP Fields:

   Destination Address

      The source network and address of the original datagram's data.

   ICMP Fields:

   Type

      5

   Code

      0 = Redirect datagrams for the Network.

      1 = Redirect datagrams for the Host.

      2 = Redirect datagrams for the Type of Service and Network.

      3 = Redirect datagrams for the Type of Service and Host.

   Checksum

      The checksum is the 16-bit ones's complement of the one's
      complement sum of the ICMP message starting with the ICMP Type.
      For computing the checksum , the checksum field should be zero.
      This checksum may be replaced in the future.

   Gateway Internet Address

      Address of the gateway to which traffic for the network specified
      in the internet destination network field of the original
      datagram's data should be sent.

[Page 12]                                                               

September 1981                                                          
RFC 792

   Internet Header + 64 bits of Data Datagram

      The internet header plus the first 64 bits of the original
      datagram's data.  This data is used by the host to match the
      message to the appropriate process.  If a higher level protocol
      uses port numbers, they are assumed to be in the first 64 data
      bits of the original datagram's data.

   Description

      The gateway sends a redirect message to a host in the following
      situation.  A gateway, G1, receives an internet datagram from a
      host on a network to which the gateway is attached.  The gateway,
      G1, checks its routing table and obtains the address of the next
      gateway, G2, on the route to the datagram's internet destination
      network, X.  If G2 and the host identified by the internet source
      address of the datagram are on the same network, a redirect
      message is sent to the host.  The redirect message advises the
      host to send its traffic for network X directly to gateway G2 as
      this is a shorter path to the destination.  The gateway forwards
      the original datagram's data to its internet destination.

      For datagrams with the IP source route options and the gateway
      address in the destination address field, a redirect message is
      not sent even if there is a better route to the ultimate
      destination than the next address in the source route.

      Codes 0, 1, 2, and 3 may be received from a gateway.

                                                               [Page 13]

                                                          September 1981
RFC 792

Echo or Echo Reply Message

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Type      |     Code      |          Checksum             |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |           Identifier          |        Sequence Number        |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Data ...
   +-+-+-+-+-

   IP Fields:

   Addresses

      The address of the source in an echo message will be the
      destination of the echo reply message.  To form an echo reply
      message, the source and destination addresses are simply reversed,
      the type code changed to 0, and the checksum recomputed.

   IP Fields:

   Type

      8 for echo message;

      0 for echo reply message.

   Code

      0

   Checksum

      The checksum is the 16-bit ones's complement of the one's
      complement sum of the ICMP message starting with the ICMP Type.
      For computing the checksum , the checksum field should be zero.
      If the total length is odd, the received data is padded with one
      octet of zeros for computing the checksum.  This checksum may be
      replaced in the future.

   Identifier

      If code = 0, an identifier to aid in matching echos and replies,
      may be zero.

   Sequence Number

[Page 14]                                                               

September 1981                                                          
RFC 792

      If code = 0, a sequence number to aid in matching echos and
      replies, may be zero.

   Description

      The data received in the echo message must be returned in the echo
      reply message.

      The identifier and sequence number may be used by the echo sender
      to aid in matching the replies with the echo requests.  For
      example, the identifier might be used like a port in TCP or UDP to
      identify a session, and the sequence number might be incremented
      on each echo request sent.  The echoer returns these same values
      in the echo reply.

      Code 0 may be received from a gateway or a host.

                                                               [Page 15]

                                                          September 1981
RFC 792

Timestamp or Timestamp Reply Message

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Type      |      Code     |          Checksum             |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |           Identifier          |        Sequence Number        |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Originate Timestamp                                       |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Receive Timestamp                                         |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Transmit Timestamp                                        |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   IP Fields:

   Addresses

      The address of the source in a timestamp message will be the
      destination of the timestamp reply message.  To form a timestamp
      reply message, the source and destination addresses are simply
      reversed, the type code changed to 14, and the checksum
      recomputed.

   IP Fields:

   Type

      13 for timestamp message;

      14 for timestamp reply message.

   Code

      0

   Checksum

      The checksum is the 16-bit ones's complement of the one's
      complement sum of the ICMP message starting with the ICMP Type.
      For computing the checksum , the checksum field should be zero.
      This checksum may be replaced in the future.

   Identifier

[Page 16]                                                               

September 1981                                                          
RFC 792

      If code = 0, an identifier to aid in matching timestamp and
      replies, may be zero.

   Sequence Number

      If code = 0, a sequence number to aid in matching timestamp and
      replies, may be zero.

   Description

      The data received (a timestamp) in the message is returned in the
      reply together with an additional timestamp.  The timestamp is 32
      bits of milliseconds since midnight UT.  One use of these
      timestamps is described by Mills [5].

      The Originate Timestamp is the time the sender last touched the
      message before sending it, the Receive Timestamp is the time the
      echoer first touched it on receipt, and the Transmit Timestamp is
      the time the echoer last touched the message on sending it.

      If the time is not available in miliseconds or cannot be provided
      with respect to midnight UT then any time can be inserted in a
      timestamp provided the high order bit of the timestamp is also set
      to indicate this non-standard value.

      The identifier and sequence number may be used by the echo sender
      to aid in matching the replies with the requests.  For example,
      the identifier might be used like a port in TCP or UDP to identify
      a session, and the sequence number might be incremented on each
      request sent.  The destination returns these same values in the
      reply.

      Code 0 may be received from a gateway or a host.

                                                               [Page 17]

                                                          September 1981
RFC 792

Information Request or Information Reply Message

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Type      |      Code     |          Checksum             |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |           Identifier          |        Sequence Number        |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   IP Fields:

   Addresses

      The address of the source in a information request message will be
      the destination of the information reply message.  To form a
      information reply message, the source and destination addresses
      are simply reversed, the type code changed to 16, and the checksum
      recomputed.

   IP Fields:

   Type

      15 for information request message;

      16 for information reply message.

   Code

      0

   Checksum

      The checksum is the 16-bit ones's complement of the one's
      complement sum of the ICMP message starting with the ICMP Type.
      For computing the checksum , the checksum field should be zero.
      This checksum may be replaced in the future.

   Identifier

      If code = 0, an identifier to aid in matching request and replies,
      may be zero.

   Sequence Number

      If code = 0, a sequence number to aid in matching request and
      replies, may be zero.

[Page 18]                                                               

September 1981                                                          
RFC 792

   Description

      This message may be sent with the source network in the IP header
      source and destination address fields zero (which means "this"
      network).  The replying IP module should send the reply with the
      addresses fully specified.  This message is a way for a host to
      find out the number of the network it is on.

      The identifier and sequence number may be used by the echo sender
      to aid in matching the replies with the requests.  For example,
      the identifier might be used like a port in TCP or UDP to identify
      a session, and the sequence number might be incremented on each
      request sent.  The destination returns these same values in the
      reply.

      Code 0 may be received from a gateway or a host.

                                                               [Page 19]

                                                          September 1981
RFC 792

Summary of Message Types

    0  Echo Reply

    3  Destination Unreachable

    4  Source Quench

    5  Redirect

    8  Echo

   11  Time Exceeded

   12  Parameter Problem

   13  Timestamp

   14  Timestamp Reply

   15  Information Request

   16  Information Reply

[Page 20]                                                               

September 1981                                                          
RFC 792

References

   [1]  Postel, J. (ed.), "Internet Protocol - DARPA Internet Program
         Protocol Specification," RFC 791, USC/Information Sciences
         Institute, September 1981.

   [2]   Cerf, V., "The Catenet Model for Internetworking," IEN 48,
         Information Processing Techniques Office, Defense Advanced
         Research Projects Agency, July 1978.

   [3]   Strazisar, V., "Gateway Routing:  An Implementation
         Specification", IEN 30, Bolt Beranek and Newman, April 1979.

   [4]   Strazisar, V., "How to Build a Gateway", IEN 109, Bolt Beranek
         and Newman, August 1979.

   [5]   Mills, D., "DCNET Internet Clock Service," RFC 778, COMSAT
         Laboratories, April 1981.

RFC 2401 – Security Architecture for the Internet Protocol

 
Network Working Group                                            S. Kent
Request for Comments: 2401 BBN Corp
Obsoletes: 1825 R. Atkinson
Category: Standards Track @Home Network
November 1998

Security Architecture for the Internet Protocol

Status of this Memo

This document specifies an Internet standards track protocol for the
Internet community, and requests discussion and suggestions for
improvements. Please refer to the current edition of the "Internet
Official Protocol Standards" (STD 1) for the standardization state
and status of this protocol. Distribution of this memo is unlimited.

Copyright Notice

Copyright (C) The Internet Society (1998). All Rights Reserved.

Table of Contents

1. Introduction........................................................3
1.1 Summary of Contents of Document..................................3
1.2 Audience.........................................................3
1.3 Related Documents................................................4
2. Design Objectives...................................................4
2.1 Goals/Objectives/Requirements/Problem Description................4
2.2 Caveats and Assumptions..........................................5
3. System Overview.....................................................5
3.1 What IPsec Does..................................................6
3.2 How IPsec Works..................................................6
3.3 Where IPsec May Be Implemented...................................7
4. Security Associations...............................................8
4.1 Definition and Scope.............................................8
4.2 Security Association Functionality..............................10
4.3 Combining Security Associations.................................11
4.4 Security Association Databases..................................13
4.4.1 The Security Policy Database (SPD).........................14
4.4.2 Selectors..................................................17
4.4.3 Security Association Database (SAD)........................21
4.5 Basic Combinations of Security Associations.....................24
4.6 SA and Key Management...........................................26
4.6.1 Manual Techniques..........................................27
4.6.2 Automated SA and Key Management............................27
4.6.3 Locating a Security Gateway................................28
4.7 Security Associations and Multicast.............................29

5. IP Traffic Processing..............................................30
5.1 Outbound IP Traffic Processing..................................30
5.1.1 Selecting and Using an SA or SA Bundle.....................30
5.1.2 Header Construction for Tunnel Mode........................31
5.1.2.1 IPv4 -- Header Construction for Tunnel Mode...........31
5.1.2.2 IPv6 -- Header Construction for Tunnel Mode...........32
5.2 Processing Inbound IP Traffic...................................33
5.2.1 Selecting and Using an SA or SA Bundle.....................33
5.2.2 Handling of AH and ESP tunnels.............................34
6. ICMP Processing (relevant to IPsec)................................35
6.1 PMTU/DF Processing..............................................36
6.1.1 DF Bit.....................................................36
6.1.2 Path MTU Discovery (PMTU)..................................36
6.1.2.1 Propagation of PMTU...................................36
6.1.2.2 Calculation of PMTU...................................37
6.1.2.3 Granularity of PMTU Processing........................37
6.1.2.4 PMTU Aging............................................38
7. Auditing...........................................................39
8. Use in Systems Supporting Information Flow Security................39
8.1 Relationship Between Security Associations and Data Sensitivity.40
8.2 Sensitivity Consistency Checking................................40
8.3 Additional MLS Attributes for Security Association Databases....41
8.4 Additional Inbound Processing Steps for MLS Networking..........41
8.5 Additional Outbound Processing Steps for MLS Networking.........41
8.6 Additional MLS Processing for Security Gateways.................42
9. Performance Issues.................................................42
10. Conformance Requirements..........................................43
11. Security Considerations...........................................43
12. Differences from RFC 1825.........................................43
Acknowledgements......................................................44
Appendix A -- Glossary................................................45
Appendix B -- Analysis/Discussion of PMTU/DF/Fragmentation Issues.....48
B.1 DF bit..........................................................48
B.2 Fragmentation...................................................48
B.3 Path MTU Discovery..............................................52
B.3.1 Identifying the Originating Host(s)........................53
B.3.2 Calculation of PMTU........................................55
B.3.3 Granularity of Maintaining PMTU Data.......................56
B.3.4 Per Socket Maintenance of PMTU Data........................57
B.3.5 Delivery of PMTU Data to the Transport Layer...............57
B.3.6 Aging of PMTU Data.........................................57
Appendix C -- Sequence Space Window Code Example......................58
Appendix D -- Categorization of ICMP messages.........................60
References............................................................63
Disclaimer............................................................64
Author Information....................................................65
Full Copyright Statement..............................................66

1. Introduction

1.1 Summary of Contents of Document

This memo specifies the base architecture for IPsec compliant
systems. The goal of the architecture is to provide various security
services for traffic at the IP layer, in both the IPv4 and IPv6
environments. This document describes the goals of such systems,
their components and how they fit together with each other and into
the IP environment. It also describes the security services offered
by the IPsec protocols, and how these services can be employed in the
IP environment. This document does not address all aspects of IPsec
architecture. Subsequent documents will address additional
architectural details of a more advanced nature, e.g., use of IPsec
in NAT environments and more complete support for IP multicast. The
following fundamental components of the IPsec security architecture
are discussed in terms of their underlying, required functionality.
Additional RFCs (see Section 1.3 for pointers to other documents)
define the protocols in (a), (c), and (d).

a. Security Protocols -- Authentication Header (AH) and
Encapsulating Security Payload (ESP)
b. Security Associations -- what they are and how they work,
how they are managed, associated processing
c. Key Management -- manual and automatic (The Internet Key
Exchange (IKE))
d. Algorithms for authentication and encryption

This document is not an overall Security Architecture for the
Internet; it addresses security only at the IP layer, provided
through the use of a combination of cryptographic and protocol
security mechanisms.

The keywords MUST, MUST NOT, REQUIRED, SHALL, SHALL NOT, SHOULD,
SHOULD NOT, RECOMMENDED, MAY, and OPTIONAL, when they appear in this
document, are to be interpreted as described in RFC 2119 [Bra97].

1.2 Audience

The target audience for this document includes implementers of this
IP security technology and others interested in gaining a general
background understanding of this system. In particular, prospective
users of this technology (end users or system administrators) are
part of the target audience. A glossary is provided as an appendix

to help fill in gaps in background/vocabulary. This document assumes
that the reader is familiar with the Internet Protocol, related
networking technology, and general security terms and concepts.

1.3 Related Documents

As mentioned above, other documents provide detailed definitions of
some of the components of IPsec and of their inter-relationship.
They include RFCs on the following topics:

a. "IP Security Document Roadmap" [TDG97] -- a document
providing guidelines for specifications describing encryption
and authentication algorithms used in this system.
b. security protocols -- RFCs describing the Authentication
Header (AH) [KA98a] and Encapsulating Security Payload (ESP)
[KA98b] protocols.
c. algorithms for authentication and encryption -- a separate
RFC for each algorithm.
d. automatic key management -- RFCs on "The Internet Key
Exchange (IKE)" [HC98], "Internet Security Association and
Key Management Protocol (ISAKMP)" [MSST97],"The OAKLEY Key
Determination Protocol" [Orm97], and "The Internet IP
Security Domain of Interpretation for ISAKMP" [Pip98].

2. Design Objectives

2.1 Goals/Objectives/Requirements/Problem Description

IPsec is designed to provide interoperable, high quality,
cryptographically-based security for IPv4 and IPv6. The set of
security services offered includes access control, connectionless
integrity, data origin authentication, protection against replays (a
form of partial sequence integrity), confidentiality (encryption),
and limited traffic flow confidentiality. These services are
provided at the IP layer, offering protection for IP and/or upper
layer protocols.

These objectives are met through the use of two traffic security
protocols, the Authentication Header (AH) and the Encapsulating
Security Payload (ESP), and through the use of cryptographic key
management procedures and protocols. The set of IPsec protocols
employed in any context, and the ways in which they are employed,
will be determined by the security and system requirements of users,
applications, and/or sites/organizations.

When these mechanisms are correctly implemented and deployed, they
ought not to adversely affect users, hosts, and other Internet
components that do not employ these security mechanisms for

protection of their traffic. These mechanisms also are designed to
be algorithm-independent. This modularity permits selection of
different sets of algorithms without affecting the other parts of the
implementation. For example, different user communities may select
different sets of algorithms (creating cliques) if required.

A standard set of default algorithms is specified to facilitate
interoperability in the global Internet. The use of these
algorithms, in conjunction with IPsec traffic protection and key
management protocols, is intended to permit system and application
developers to deploy high quality, Internet layer, cryptographic
security technology.

2.2 Caveats and Assumptions

The suite of IPsec protocols and associated default algorithms are
designed to provide high quality security for Internet traffic.
However, the security offered by use of these protocols ultimately
depends on the quality of the their implementation, which is outside
the scope of this set of standards. Moreover, the security of a
computer system or network is a function of many factors, including
personnel, physical, procedural, compromising emanations, and
computer security practices. Thus IPsec is only one part of an
overall system security architecture.

Finally, the security afforded by the use of IPsec is critically
dependent on many aspects of the operating environment in which the
IPsec implementation executes. For example, defects in OS security,
poor quality of random number sources, sloppy system management
protocols and practices, etc. can all degrade the security provided
by IPsec. As above, none of these environmental attributes are
within the scope of this or other IPsec standards.

3. System Overview

This section provides a high level description of how IPsec works,
the components of the system, and how they fit together to provide
the security services noted above. The goal of this description is
to enable the reader to "picture" the overall process/system, see how
it fits into the IP environment, and to provide context for later
sections of this document, which describe each of the components in
more detail.

An IPsec implementation operates in a host or a security gateway
environment, affording protection to IP traffic. The protection
offered is based on requirements defined by a Security Policy
Database (SPD) established and maintained by a user or system
administrator, or by an application operating within constraints

established by either of the above. In general, packets are selected
for one of three processing modes based on IP and transport layer
header information (Selectors, Section 4.4.2) matched against entries
in the database (SPD). Each packet is either afforded IPsec security
services, discarded, or allowed to bypass IPsec, based on the
applicable database policies identified by the Selectors.

3.1 What IPsec Does

IPsec provides security services at the IP layer by enabling a system
to select required security protocols, determine the algorithm(s) to
use for the service(s), and put in place any cryptographic keys
required to provide the requested services. IPsec can be used to
protect one or more "paths" between a pair of hosts, between a pair
of security gateways, or between a security gateway and a host. (The
term "security gateway" is used throughout the IPsec documents to
refer to an intermediate system that implements IPsec protocols. For
example, a router or a firewall implementing IPsec is a security
gateway.)

The set of security services that IPsec can provide includes access
control, connectionless integrity, data origin authentication,
rejection of replayed packets (a form of partial sequence integrity),
confidentiality (encryption), and limited traffic flow
confidentiality. Because these services are provided at the IP
layer, they can be used by any higher layer protocol, e.g., TCP, UDP,
ICMP, BGP, etc.

The IPsec DOI also supports negotiation of IP compression [SMPT98],
motivated in part by the observation that when encryption is employed
within IPsec, it prevents effective compression by lower protocol
layers.

3.2 How IPsec Works

IPsec uses two protocols to provide traffic security --
Authentication Header (AH) and Encapsulating Security Payload (ESP).
Both protocols are described in more detail in their respective RFCs
[KA98a, KA98b].

o The IP Authentication Header (AH) [KA98a] provides
connectionless integrity, data origin authentication, and an
optional anti-replay service.
o The Encapsulating Security Payload (ESP) protocol [KA98b] may
provide confidentiality (encryption), and limited traffic flow
confidentiality. It also may provide connectionless

integrity, data origin authentication, and an anti-replay
service. (One or the other set of these security services
must be applied whenever ESP is invoked.)
o Both AH and ESP are vehicles for access control, based on the
distribution of cryptographic keys and the management of
traffic flows relative to these security protocols.

These protocols may be applied alone or in combination with each
other to provide a desired set of security services in IPv4 and IPv6.
Each protocol supports two modes of use: transport mode and tunnel
mode. In transport mode the protocols provide protection primarily
for upper layer protocols; in tunnel mode, the protocols are applied
to tunneled IP packets. The differences between the two modes are
discussed in Section 4.

IPsec allows the user (or system administrator) to control the
granularity at which a security service is offered. For example, one
can create a single encrypted tunnel to carry all the traffic between
two security gateways or a separate encrypted tunnel can be created
for each TCP connection between each pair of hosts communicating
across these gateways. IPsec management must incorporate facilities
for specifying:

o which security services to use and in what combinations
o the granularity at which a given security protection should be
applied
o the algorithms used to effect cryptographic-based security

Because these security services use shared secret values
(cryptographic keys), IPsec relies on a separate set of mechanisms
for putting these keys in place. (The keys are used for
authentication/integrity and encryption services.) This document
requires support for both manual and automatic distribution of keys.
It specifies a specific public-key based approach (IKE -- [MSST97,
Orm97, HC98]) for automatic key management, but other automated key
distribution techniques MAY be used. For example, KDC-based systems
such as Kerberos and other public-key systems such as SKIP could be
employed.

3.3 Where IPsec May Be Implemented

There are several ways in which IPsec may be implemented in a host or
in conjunction with a router or firewall (to create a security
gateway). Several common examples are provided below:

a. Integration of IPsec into the native IP implementation. This
requires access to the IP source code and is applicable to
both hosts and security gateways.

b. "Bump-in-the-stack" (BITS) implementations, where IPsec is
implemented "underneath" an existing implementation of an IP
protocol stack, between the native IP and the local network
drivers. Source code access for the IP stack is not required
in this context, making this implementation approach
appropriate for use with legacy systems. This approach, when
it is adopted, is usually employed in hosts.

c. The use of an outboard crypto processor is a common design
feature of network security systems used by the military, and
of some commercial systems as well. It is sometimes referred
to as a "Bump-in-the-wire" (BITW) implementation. Such
implementations may be designed to serve either a host or a
gateway (or both). Usually the BITW device is IP
addressable. When supporting a single host, it may be quite
analogous to a BITS implementation, but in supporting a
router or firewall, it must operate like a security gateway.

4. Security Associations

This section defines Security Association management requirements for
all IPv6 implementations and for those IPv4 implementations that
implement AH, ESP, or both. The concept of a "Security Association"
(SA) is fundamental to IPsec. Both AH and ESP make use of SAs and a
major function of IKE is the establishment and maintenance of
Security Associations. All implementations of AH or ESP MUST support
the concept of a Security Association as described below. The
remainder of this section describes various aspects of Security
Association management, defining required characteristics for SA
policy management, traffic processing, and SA management techniques.

4.1 Definition and Scope

A Security Association (SA) is a simplex "connection" that affords
security services to the traffic carried by it. Security services
are afforded to an SA by the use of AH, or ESP, but not both. If
both AH and ESP protection is applied to a traffic stream, then two
(or more) SAs are created to afford protection to the traffic stream.
To secure typical, bi-directional communication between two hosts, or
between two security gateways, two Security Associations (one in each
direction) are required.

A security association is uniquely identified by a triple consisting
of a Security Parameter Index (SPI), an IP Destination Address, and a
security protocol (AH or ESP) identifier. In principle, the
Destination Address may be a unicast address, an IP broadcast
address, or a multicast group address. However, IPsec SA management
mechanisms currently are defined only for unicast SAs. Hence, in the

discussions that follow, SAs will be described in the context of
point-to-point communication, even though the concept is applicable
in the point-to-multipoint case as well.

As noted above, two types of SAs are defined: transport mode and
tunnel mode. A transport mode SA is a security association between
two hosts. In IPv4, a transport mode security protocol header
appears immediately after the IP header and any options, and before
any higher layer protocols (e.g., TCP or UDP). In IPv6, the security
protocol header appears after the base IP header and extensions, but
may appear before or after destination options, and before higher
layer protocols. In the case of ESP, a transport mode SA provides
security services only for these higher layer protocols, not for the
IP header or any extension headers preceding the ESP header. In the
case of AH, the protection is also extended to selected portions of
the IP header, selected portions of extension headers, and selected
options (contained in the IPv4 header, IPv6 Hop-by-Hop extension
header, or IPv6 Destination extension headers). For more details on
the coverage afforded by AH, see the AH specification [KA98a].

A tunnel mode SA is essentially an SA applied to an IP tunnel.
Whenever either end of a security association is a security gateway,
the SA MUST be tunnel mode. Thus an SA between two security gateways
is always a tunnel mode SA, as is an SA between a host and a security
gateway. Note that for the case where traffic is destined for a
security gateway, e.g., SNMP commands, the security gateway is acting
as a host and transport mode is allowed. But in that case, the
security gateway is not acting as a gateway, i.e., not transiting
traffic. Two hosts MAY establish a tunnel mode SA between
themselves. The requirement for any (transit traffic) SA involving a
security gateway to be a tunnel SA arises due to the need to avoid
potential problems with regard to fragmentation and reassembly of
IPsec packets, and in circumstances where multiple paths (e.g., via
different security gateways) exist to the same destination behind the
security gateways.

For a tunnel mode SA, there is an "outer" IP header that specifies
the IPsec processing destination, plus an "inner" IP header that
specifies the (apparently) ultimate destination for the packet. The
security protocol header appears after the outer IP header, and
before the inner IP header. If AH is employed in tunnel mode,
portions of the outer IP header are afforded protection (as above),
as well as all of the tunneled IP packet (i.e., all of the inner IP
header is protected, as well as higher layer protocols). If ESP is
employed, the protection is afforded only to the tunneled packet, not
to the outer header.

In summary,
a) A host MUST support both transport and tunnel mode.
b) A security gateway is required to support only tunnel
mode. If it supports transport mode, that should be used
only when the security gateway is acting as a host, e.g.,
for network management.

4.2 Security Association Functionality

The set of security services offered by an SA depends on the security
protocol selected, the SA mode, the endpoints of the SA, and on the
election of optional services within the protocol. For example, AH
provides data origin authentication and connectionless integrity for
IP datagrams (hereafter referred to as just "authentication"). The
"precision" of the authentication service is a function of the
granularity of the security association with which AH is employed, as
discussed in Section 4.4.2, "Selectors".

AH also offers an anti-replay (partial sequence integrity) service at
the discretion of the receiver, to help counter denial of service
attacks. AH is an appropriate protocol to employ when
confidentiality is not required (or is not permitted, e.g , due to
government restrictions on use of encryption). AH also provides
authentication for selected portions of the IP header, which may be
necessary in some contexts. For example, if the integrity of an IPv4
option or IPv6 extension header must be protected en route between
sender and receiver, AH can provide this service (except for the
non-predictable but mutable parts of the IP header.)

ESP optionally provides confidentiality for traffic. (The strength
of the confidentiality service depends in part, on the encryption
algorithm employed.) ESP also may optionally provide authentication
(as defined above). If authentication is negotiated for an ESP SA,
the receiver also may elect to enforce an anti-replay service with
the same features as the AH anti-replay service. The scope of the
authentication offered by ESP is narrower than for AH, i.e., the IP
header(s) "outside" the ESP header is(are) not protected. If only
the upper layer protocols need to be authenticated, then ESP
authentication is an appropriate choice and is more space efficient
than use of AH encapsulating ESP. Note that although both
confidentiality and authentication are optional, they cannot both be
omitted. At least one of them MUST be selected.

If confidentiality service is selected, then an ESP (tunnel mode) SA
between two security gateways can offer partial traffic flow
confidentiality. The use of tunnel mode allows the inner IP headers
to be encrypted, concealing the identities of the (ultimate) traffic
source and destination. Moreover, ESP payload padding also can be

invoked to hide the size of the packets, further concealing the
external characteristics of the traffic. Similar traffic flow
confidentiality services may be offered when a mobile user is
assigned a dynamic IP address in a dialup context, and establishes a
(tunnel mode) ESP SA to a corporate firewall (acting as a security
gateway). Note that fine granularity SAs generally are more
vulnerable to traffic analysis than coarse granularity ones which are
carrying traffic from many subscribers.

4.3 Combining Security Associations

The IP datagrams transmitted over an individual SA are afforded
protection by exactly one security protocol, either AH or ESP, but
not both. Sometimes a security policy may call for a combination of
services for a particular traffic flow that is not achievable with a
single SA. In such instances it will be necessary to employ multiple
SAs to implement the required security policy. The term "security
association bundle" or "SA bundle" is applied to a sequence of SAs
through which traffic must be processed to satisfy a security policy.
The order of the sequence is defined by the policy. (Note that the
SAs that comprise a bundle may terminate at different endpoints. For
example, one SA may extend between a mobile host and a security
gateway and a second, nested SA may extend to a host behind the
gateway.)

Security associations may be combined into bundles in two ways:
transport adjacency and iterated tunneling.

o Transport adjacency refers to applying more than one
security protocol to the same IP datagram, without invoking
tunneling. This approach to combining AH and ESP allows
for only one level of combination; further nesting yields
no added benefit (assuming use of adequately strong
algorithms in each protocol) since the processing is
performed at one IPsec instance at the (ultimate)
destination.

Host 1 --- Security ---- Internet -- Security --- Host 2
| | Gwy 1 Gwy 2 | |
| | | |
| -----Security Association 1 (ESP transport)------- |
| |
-------Security Association 2 (AH transport)----------

o Iterated tunneling refers to the application of multiple
layers of security protocols effected through IP tunneling.
This approach allows for multiple levels of nesting, since
each tunnel can originate or terminate at a different IPsec

site along the path. No special treatment is expected for
ISAKMP traffic at intermediate security gateways other than
what can be specified through appropriate SPD entries (See
Case 3 in Section 4.5)

There are 3 basic cases of iterated tunneling -- support is
required only for cases 2 and 3.:

1. both endpoints for the SAs are the same -- The inner and
outer tunnels could each be either AH or ESP, though it
is unlikely that Host 1 would specify both to be the
same, i.e., AH inside of AH or ESP inside of ESP.

Host 1 --- Security ---- Internet -- Security --- Host 2
| | Gwy 1 Gwy 2 | |
| | | |
| -------Security Association 1 (tunnel)---------- | |
| |
---------Security Association 2 (tunnel)--------------

2. one endpoint of the SAs is the same -- The inner and
uter tunnels could each be either AH or ESP.

Host 1 --- Security ---- Internet -- Security --- Host 2
| | Gwy 1 Gwy 2 |
| | | |
| ----Security Association 1 (tunnel)---- |
| |
---------Security Association 2 (tunnel)-------------

3. neither endpoint is the same -- The inner and outer
tunnels could each be either AH or ESP.

Host 1 --- Security ---- Internet -- Security --- Host 2
| Gwy 1 Gwy 2 |
| | | |
| --Security Assoc 1 (tunnel)- |
| |
-----------Security Association 2 (tunnel)-----------

These two approaches also can be combined, e.g., an SA bundle could
be constructed from one tunnel mode SA and one or two transport mode
SAs, applied in sequence. (See Section 4.5 "Basic Combinations of
Security Associations.") Note that nested tunnels can also occur
where neither the source nor the destination endpoints of any of the
tunnels are the same. In that case, there would be no host or
security gateway with a bundle corresponding to the nested tunnels.

For transport mode SAs, only one ordering of security protocols seems
appropriate. AH is applied to both the upper layer protocols and
(parts of) the IP header. Thus if AH is used in a transport mode, in
conjunction with ESP, AH SHOULD appear as the first header after IP,
prior to the appearance of ESP. In that context, AH is applied to
the ciphertext output of ESP. In contrast, for tunnel mode SAs, one
can imagine uses for various orderings of AH and ESP. The required
set of SA bundle types that MUST be supported by a compliant IPsec
implementation is described in Section 4.5.

4.4 Security Association Databases

Many of the details associated with processing IP traffic in an IPsec
implementation are largely a local matter, not subject to
standardization. However, some external aspects of the processing
must be standardized, to ensure interoperability and to provide a
minimum management capability that is essential for productive use of
IPsec. This section describes a general model for processing IP
traffic relative to security associations, in support of these
interoperability and functionality goals. The model described below
is nominal; compliant implementations need not match details of this
model as presented, but the external behavior of such implementations
must be mappable to the externally observable characteristics of this
model.

There are two nominal databases in this model: the Security Policy
Database and the Security Association Database. The former specifies
the policies that determine the disposition of all IP traffic inbound
or outbound from a host, security gateway, or BITS or BITW IPsec
implementation. The latter database contains parameters that are
associated with each (active) security association. This section
also defines the concept of a Selector, a set of IP and upper layer
protocol field values that is used by the Security Policy Database to
map traffic to a policy, i.e., an SA (or SA bundle).

Each interface for which IPsec is enabled requires nominally separate
inbound vs. outbound databases (SAD and SPD), because of the
directionality of many of the fields that are used as selectors.
Typically there is just one such interface, for a host or security
gateway (SG). Note that an SG would always have at least 2
interfaces, but the "internal" one to the corporate net, usually
would not have IPsec enabled and so only one pair of SADs and one
pair of SPDs would be needed. On the other hand, if a host had
multiple interfaces or an SG had multiple external interfaces, it
might be necessary to have separate SAD and SPD pairs for each
interface.

4.4.1 The Security Policy Database (SPD)

Ultimately, a security association is a management construct used to
enforce a security policy in the IPsec environment. Thus an
essential element of SA processing is an underlying Security Policy
Database (SPD) that specifies what services are to be offered to IP
datagrams and in what fashion. The form of the database and its
interface are outside the scope of this specification. However, this
section does specify certain minimum management functionality that
must be provided, to allow a user or system administrator to control
how IPsec is applied to traffic transmitted or received by a host or
transiting a security gateway.

The SPD must be consulted during the processing of all traffic
(INBOUND and OUTBOUND), including non-IPsec traffic. In order to
support this, the SPD requires distinct entries for inbound and
outbound traffic. One can think of this as separate SPDs (inbound
vs. outbound). In addition, a nominally separate SPD must be
provided for each IPsec-enabled interface.

An SPD must discriminate among traffic that is afforded IPsec
protection and traffic that is allowed to bypass IPsec. This applies
to the IPsec protection to be applied by a sender and to the IPsec
protection that must be present at the receiver. For any outbound or
inbound datagram, three processing choices are possible: discard,
bypass IPsec, or apply IPsec. The first choice refers to traffic
that is not allowed to exit the host, traverse the security gateway,
or be delivered to an application at all. The second choice refers
to traffic that is allowed to pass without additional IPsec
protection. The third choice refers to traffic that is afforded
IPsec protection, and for such traffic the SPD must specify the
security services to be provided, protocols to be employed,
algorithms to be used, etc.

For every IPsec implementation, there MUST be an administrative
interface that allows a user or system administrator to manage the
SPD. Specifically, every inbound or outbound packet is subject to
processing by IPsec and the SPD must specify what action will be
taken in each case. Thus the administrative interface must allow the
user (or system administrator) to specify the security processing to
be applied to any packet entering or exiting the system, on a packet
by packet basis. (In a host IPsec implementation making use of a
socket interface, the SPD may not need to be consulted on a per
packet basis, but the effect is still the same.) The management
interface for the SPD MUST allow creation of entries consistent with
the selectors defined in Section 4.4.2, and MUST support (total)
ordering of these entries. It is expected that through the use of
wildcards in various selector fields, and because all packets on a

single UDP or TCP connection will tend to match a single SPD entry,
this requirement will not impose an unreasonably detailed level of
SPD specification. The selectors are analogous to what are found in
a stateless firewall or filtering router and which are currently
manageable this way.

In host systems, applications MAY be allowed to select what security
processing is to be applied to the traffic they generate and consume.
(Means of signalling such requests to the IPsec implementation are
outside the scope of this standard.) However, the system
administrator MUST be able to specify whether or not a user or
application can override (default) system policies. Note that
application specified policies may satisfy system requirements, so
that the system may not need to do additional IPsec processing beyond
that needed to meet an application's requirements. The form of the
management interface is not specified by this document and may differ
for hosts vs. security gateways, and within hosts the interface may
differ for socket-based vs. BITS implementations. However, this
document does specify a standard set of SPD elements that all IPsec
implementations MUST support.

The SPD contains an ordered list of policy entries. Each policy
entry is keyed by one or more selectors that define the set of IP
traffic encompassed by this policy entry. (The required selector
types are defined in Section 4.4.2.) These define the granularity of
policies or SAs. Each entry includes an indication of whether
traffic matching this policy will be bypassed, discarded, or subject
to IPsec processing. If IPsec processing is to be applied, the entry
includes an SA (or SA bundle) specification, listing the IPsec
protocols, modes, and algorithms to be employed, including any
nesting requirements. For example, an entry may call for all
matching traffic to be protected by ESP in transport mode using
3DES-CBC with an explicit IV, nested inside of AH in tunnel mode
using HMAC/SHA-1. For each selector, the policy entry specifies how
to derive the corresponding values for a new Security Association
Database (SAD, see Section 4.4.3) entry from those in the SPD and the
packet (Note that at present, ranges are only supported for IP
addresses; but wildcarding can be expressed for all selectors):

a. use the value in the packet itself -- This will limit use
of the SA to those packets which have this packet's value
for the selector even if the selector for the policy entry
has a range of allowed values or a wildcard for this
selector.
b. use the value associated with the policy entry -- If this
were to be just a single value, then there would be no
difference between (b) and (a). However, if the allowed
values for the selector are a range (for IP addresses) or

wildcard, then in the case of a range,(b) would enable use
of the SA by any packet with a selector value within the
range not just by packets with the selector value of the
packet that triggered the creation of the SA. In the case
of a wildcard, (b) would allow use of the SA by packets
with any value for this selector.

For example, suppose there is an SPD entry where the allowed value
for source address is any of a range of hosts (192.168.2.1 to
192.168.2.10). And suppose that a packet is to be sent that has a
source address of 192.168.2.3. The value to be used for the SA could
be any of the sample values below depending on what the policy entry
for this selector says is the source of the selector value:

source for the example of
value to be new SAD
used in the SA selector value
--------------- ------------
a. packet 192.168.2.3 (one host)
b. SPD entry 192.168.2.1 to 192.168.2.10 (range of hosts)

Note that if the SPD entry had an allowed value of wildcard for the
source address, then the SAD selector value could be wildcard (any
host). Case (a) can be used to prohibit sharing, even among packets
that match the same SPD entry.

As described below in Section 4.4.3, selectors may include "wildcard"
entries and hence the selectors for two entries may overlap. (This
is analogous to the overlap that arises with ACLs or filter entries
in routers or packet filtering firewalls.) Thus, to ensure
consistent, predictable processing, SPD entries MUST be ordered and
the SPD MUST always be searched in the same order, so that the first
matching entry is consistently selected. (This requirement is
necessary as the effect of processing traffic against SPD entries
must be deterministic, but there is no way to canonicalize SPD
entries given the use of wildcards for some selectors.) More detail
on matching of packets against SPD entries is provided in Section 5.

Note that if ESP is specified, either (but not both) authentication
or encryption can be omitted. So it MUST be possible to configure
the SPD value for the authentication or encryption algorithms to be
"NULL". However, at least one of these services MUST be selected,
i.e., it MUST NOT be possible to configure both of them as "NULL".

The SPD can be used to map traffic to specific SAs or SA bundles.
Thus it can function both as the reference database for security
policy and as the map to existing SAs (or SA bundles). (To
accommodate the bypass and discard policies cited above, the SPD also

MUST provide a means of mapping traffic to these functions, even
though they are not, per se, IPsec processing.) The way in which the
SPD operates is different for inbound vs. outbound traffic and it
also may differ for host vs. security gateway, BITS, and BITW
implementations. Sections 5.1 and 5.2 describe the use of the SPD
for outbound and inbound processing, respectively.

Because a security policy may require that more than one SA be
applied to a specified set of traffic, in a specific order, the
policy entry in the SPD must preserve these ordering requirements,
when present. Thus, it must be possible for an IPsec implementation
to determine that an outbound or inbound packet must be processed
thorough a sequence of SAs. Conceptually, for outbound processing,
one might imagine links (to the SAD) from an SPD entry for which
there are active SAs, and each entry would consist of either a single
SA or an ordered list of SAs that comprise an SA bundle. When a
packet is matched against an SPD entry and there is an existing SA or
SA bundle that can be used to carry the traffic, the processing of
the packet is controlled by the SA or SA bundle entry on the list.
For an inbound IPsec packet for which multiple IPsec SAs are to be
applied, the lookup based on destination address, IPsec protocol, and
SPI should identify a single SA.

The SPD is used to control the flow of ALL traffic through an IPsec
system, including security and key management traffic (e.g., ISAKMP)
from/to entities behind a security gateway. This means that ISAKMP
traffic must be explicitly accounted for in the SPD, else it will be
discarded. Note that a security gateway could prohibit traversal of
encrypted packets in various ways, e.g., having a DISCARD entry in
the SPD for ESP packets or providing proxy key exchange. In the
latter case, the traffic would be internally routed to the key
management module in the security gateway.

4.4.2 Selectors

An SA (or SA bundle) may be fine-grained or coarse-grained, depending
on the selectors used to define the set of traffic for the SA. For
example, all traffic between two hosts may be carried via a single
SA, and afforded a uniform set of security services. Alternatively,
traffic between a pair of hosts might be spread over multiple SAs,
depending on the applications being used (as defined by the Next
Protocol and Port fields), with different security services offered
by different SAs. Similarly, all traffic between a pair of security
gateways could be carried on a single SA, or one SA could be assigned
for each communicating host pair. The following selector parameters
MUST be supported for SA management to facilitate control of SA
granularity. Note that in the case of receipt of a packet with an
ESP header, e.g., at an encapsulating security gateway or BITW

implementation, the transport layer protocol, source/destination
ports, and Name (if present) may be "OPAQUE", i.e., inaccessible
because of encryption or fragmentation. Note also that both Source
and Destination addresses should either be IPv4 or IPv6.

- Destination IP Address (IPv4 or IPv6): this may be a single IP
address (unicast, anycast, broadcast (IPv4 only), or multicast
group), a range of addresses (high and low values (inclusive),
address + mask, or a wildcard address. The last three are used
to support more than one destination system sharing the same SA
(e.g., behind a security gateway). Note that this selector is
conceptually different from the "Destination IP Address" field
in the <Destination IP Address, IPsec Protocol, SPI> tuple used
to uniquely identify an SA. When a tunneled packet arrives at
the tunnel endpoint, its SPI/Destination address/Protocol are
used to look up the SA for this packet in the SAD. This
destination address comes from the encapsulating IP header.
Once the packet has been processed according to the tunnel SA
and has come out of the tunnel, its selectors are "looked up" in
the Inbound SPD. The Inbound SPD has a selector called
destination address. This IP destination address is the one in
the inner (encapsulated) IP header. In the case of a
transport'd packet, there will be only one IP header and this
ambiguity does not exist. [REQUIRED for all implementations]

- Source IP Address(es) (IPv4 or IPv6): this may be a single IP
address (unicast, anycast, broadcast (IPv4 only), or multicast
group), range of addresses (high and low values inclusive),
address + mask, or a wildcard address. The last three are used
to support more than one source system sharing the same SA
(e.g., behind a security gateway or in a multihomed host).
[REQUIRED for all implementations]

- Name: There are 2 cases (Note that these name forms are
supported in the IPsec DOI.)
1. User ID
a. a fully qualified user name string (DNS), e.g.,
mozart@foo.bar.com
b. X.500 distinguished name, e.g., C = US, SP = MA,
O = GTE Internetworking, CN = Stephen T. Kent.
2. System name (host, security gateway, etc.)
a. a fully qualified DNS name, e.g., foo.bar.com
b. X.500 distinguished name
c. X.500 general name

NOTE: One of the possible values of this selector is "OPAQUE".

[REQUIRED for the following cases. Note that support for name
forms other than addresses is not required for manually keyed
SAs.
o User ID
- native host implementations
- BITW and BITS implementations acting as HOSTS
with only one user
- security gateway implementations for INBOUND
processing.
o System names -- all implementations]

- Data sensitivity level: (IPSO/CIPSO labels)
[REQUIRED for all systems providing information flow security as
per Section 8, OPTIONAL for all other systems.]

- Transport Layer Protocol: Obtained from the IPv4 "Protocol" or
the IPv6 "Next Header" fields. This may be an individual
protocol number. These packet fields may not contain the
Transport Protocol due to the presence of IP extension headers,
e.g., a Routing Header, AH, ESP, Fragmentation Header,
Destination Options, Hop-by-hop options, etc. Note that the
Transport Protocol may not be available in the case of receipt
of a packet with an ESP header, thus a value of "OPAQUE" SHOULD
be supported.
[REQUIRED for all implementations]

NOTE: To locate the transport protocol, a system has to chain
through the packet headers checking the "Protocol" or "Next
Header" field until it encounters either one it recognizes as a
transport protocol, or until it reaches one that isn't on its
list of extension headers, or until it encounters an ESP header
that renders the transport protocol opaque.

- Source and Destination (e.g., TCP/UDP) Ports: These may be
individual UDP or TCP port values or a wildcard port. (The use
of the Next Protocol field and the Source and/or Destination
Port fields (in conjunction with the Source and/or Destination
Address fields), as an SA selector is sometimes referred to as
"session-oriented keying."). Note that the source and
destination ports may not be available in the case of receipt of
a packet with an ESP header, thus a value of "OPAQUE" SHOULD be
supported.

The following table summarizes the relationship between the
"Next Header" value in the packet and SPD and the derived Port
Selector value for the SPD and SAD.

Next Hdr Transport Layer Derived Port Selector Field
in Packet Protocol in SPD Value in SPD and SAD
-------- --------------- ---------------------------
ESP ESP or ANY ANY (i.e., don't look at it)
-don't care- ANY ANY (i.e., don't look at it)
specific value specific value NOT ANY (i.e., drop packet)
fragment
specific value specific value actual port selector field
not fragment

If the packet has been fragmented, then the port information may
not be available in the current fragment. If so, discard the
fragment. An ICMP PMTU should be sent for the first fragment,
which will have the port information. [MAY be supported]

The IPsec implementation context determines how selectors are used.
For example, a host implementation integrated into the stack may make
use of a socket interface. When a new connection is established the
SPD can be consulted and an SA (or SA bundle) bound to the socket.
Thus traffic sent via that socket need not result in additional
lookups to the SPD/SAD. In contrast, a BITS, BITW, or security
gateway implementation needs to look at each packet and perform an
SPD/SAD lookup based on the selectors. The allowable values for the
selector fields differ between the traffic flow, the security
association, and the security policy.

The following table summarizes the kinds of entries that one needs to
be able to express in the SPD and SAD. It shows how they relate to
the fields in data traffic being subjected to IPsec screening.
(Note: the "wild" or "wildcard" entry for src and dst addresses
includes a mask, range, etc.)

Field Traffic Value SAD Entry SPD Entry
-------- ------------- ---------------- --------------------
src addr single IP addr single,range,wild single,range,wildcard
dst addr single IP addr single,range,wild single,range,wildcard
xpt protocol* xpt protocol single,wildcard single,wildcard
src port* single src port single,wildcard single,wildcard
dst port* single dst port single,wildcard single,wildcard
user id* single user id single,wildcard single,wildcard
sec. labels single value single,wildcard single,wildcard

* The SAD and SPD entries for these fields could be "OPAQUE"
because the traffic value is encrypted.

NOTE: In principle, one could have selectors and/or selector values
in the SPD which cannot be negotiated for an SA or SA bundle.
Examples might include selector values used to select traffic for

discarding or enumerated lists which cause a separate SA to be
created for each item on the list. For now, this is left for future
versions of this document and the list of required selectors and
selector values is the same for the SPD and the SAD. However, it is
acceptable to have an administrative interface that supports use of
selector values which cannot be negotiated provided that it does not
mislead the user into believing it is creating an SA with these
selector values. For example, the interface may allow the user to
specify an enumerated list of values but would result in the creation
of a separate policy and SA for each item on the list. A vendor
might support such an interface to make it easier for its customers
to specify clear and concise policy specifications.

4.4.3 Security Association Database (SAD)

In each IPsec implementation there is a nominal Security Association
Database, in which each entry defines the parameters associated with
one SA. Each SA has an entry in the SAD. For outbound processing,
entries are pointed to by entries in the SPD. Note that if an SPD
entry does not currently point to an SA that is appropriate for the
packet, the implementation creates an appropriate SA (or SA Bundle)
and links the SPD entry to the SAD entry (see Section 5.1.1). For
inbound processing, each entry in the SAD is indexed by a destination
IP address, IPsec protocol type, and SPI. The following parameters
are associated with each entry in the SAD. This description does not
purport to be a MIB, but only a specification of the minimal data
items required to support an SA in an IPsec implementation.

For inbound processing: The following packet fields are used to look
up the SA in the SAD:

o Outer Header's Destination IP address: the IPv4 or IPv6
Destination address.
[REQUIRED for all implementations]
o IPsec Protocol: AH or ESP, used as an index for SA lookup
in this database. Specifies the IPsec protocol to be
applied to the traffic on this SA.
[REQUIRED for all implementations]
o SPI: the 32-bit value used to distinguish among different
SAs terminating at the same destination and using the same
IPsec protocol.
[REQUIRED for all implementations]

For each of the selectors defined in Section 4.4.2, the SA entry in
the SAD MUST contain the value or values which were negotiated at the
time the SA was created. For the sender, these values are used to
decide whether a given SA is appropriate for use with an outbound
packet. This is part of checking to see if there is an existing SA

that can be used. For the receiver, these values are used to check
that the selector values in an inbound packet match those for the SA
(and thus indirectly those for the matching policy). For the
receiver, this is part of verifying that the SA was appropriate for
this packet. (See Section 6 for rules for ICMP messages.) These
fields can have the form of specific values, ranges, wildcards, or
"OPAQUE" as described in section 4.4.2, "Selectors". Note that for
an ESP SA, the encryption algorithm or the authentication algorithm
could be "NULL". However they MUST not both be "NULL".

The following SAD fields are used in doing IPsec processing:

o Sequence Number Counter: a 32-bit value used to generate the
Sequence Number field in AH or ESP headers.
[REQUIRED for all implementations, but used only for outbound
traffic.]
o Sequence Counter Overflow: a flag indicating whether overflow
of the Sequence Number Counter should generate an auditable
event and prevent transmission of additional packets on the
SA.
[REQUIRED for all implementations, but used only for outbound
traffic.]
o Anti-Replay Window: a 32-bit counter and a bit-map (or
equivalent) used to determine whether an inbound AH or ESP
packet is a replay.
[REQUIRED for all implementations but used only for inbound
traffic. NOTE: If anti-replay has been disabled by the
receiver, e.g., in the case of a manually keyed SA, then the
Anti-Replay Window is not used.]
o AH Authentication algorithm, keys, etc.
[REQUIRED for AH implementations]
o ESP Encryption algorithm, keys, IV mode, IV, etc.
[REQUIRED for ESP implementations]
o ESP authentication algorithm, keys, etc. If the
authentication service is not selected, this field will be
null.
[REQUIRED for ESP implementations]
o Lifetime of this Security Association: a time interval after
which an SA must be replaced with a new SA (and new SPI) or
terminated, plus an indication of which of these actions
should occur. This may be expressed as a time or byte count,
or a simultaneous use of both, the first lifetime to expire
taking precedence. A compliant implementation MUST support
both types of lifetimes, and must support a simultaneous use
of both. If time is employed, and if IKE employs X.509
certificates for SA establishment, the SA lifetime must be
constrained by the validity intervals of the certificates,
and the NextIssueDate of the CRLs used in the IKE exchange

for the SA. Both initiator and responder are responsible for
constraining SA lifetime in this fashion.
[REQUIRED for all implementations]

NOTE: The details of how to handle the refreshing of keys
when SAs expire is a local matter. However, one reasonable
approach is:
(a) If byte count is used, then the implementation
SHOULD count the number of bytes to which the IPsec
algorithm is applied. For ESP, this is the encryption
algorithm (including Null encryption) and for AH,
this is the authentication algorithm. This includes
pad bytes, etc. Note that implementations SHOULD be
able to handle having the counters at the ends of an
SA get out of synch, e.g., because of packet loss or
because the implementations at each end of the SA
aren't doing things the same way.
(b) There SHOULD be two kinds of lifetime -- a soft
lifetime which warns the implementation to initiate
action such as setting up a replacement SA and a
hard lifetime when the current SA ends.
(c) If the entire packet does not get delivered during
the SAs lifetime, the packet SHOULD be discarded.

o IPsec protocol mode: tunnel, transport or wildcard.
Indicates which mode of AH or ESP is applied to traffic on
this SA. Note that if this field is "wildcard" at the
sending end of the SA, then the application has to specify
the mode to the IPsec implementation. This use of wildcard
allows the same SA to be used for either tunnel or transport
mode traffic on a per packet basis, e.g., by different
sockets. The receiver does not need to know the mode in
order to properly process the packet's IPsec headers.

[REQUIRED as follows, unless implicitly defined by context:
- host implementations must support all modes
- gateway implementations must support tunnel mode]

NOTE: The use of wildcard for the protocol mode of an inbound
SA may add complexity to the situation in the receiver (host
only). Since the packets on such an SA could be delivered in
either tunnel or transport mode, the security of an incoming
packet could depend in part on which mode had been used to
deliver it. If, as a result, an application cared about the
SA mode of a given packet, then the application would need a
mechanism to obtain this mode information.

o Path MTU: any observed path MTU and aging variables. See
Section 6.1.2.4
[REQUIRED for all implementations but used only for outbound
traffic]

4.5 Basic Combinations of Security Associations

This section describes four examples of combinations of security
associations that MUST be supported by compliant IPsec hosts or
security gateways. Additional combinations of AH and/or ESP in
tunnel and/or transport modes MAY be supported at the discretion of
the implementor. Compliant implementations MUST be capable of
generating these four combinations and on receipt, of processing
them, but SHOULD be able to receive and process any combination. The
diagrams and text below describe the basic cases. The legend for the
diagrams is:

==== = one or more security associations (AH or ESP, transport
or tunnel)
---- = connectivity (or if so labelled, administrative boundary)
Hx = host x
SGx = security gateway x
X* = X supports IPsec

NOTE: The security associations below can be either AH or ESP. The
mode (tunnel vs transport) is determined by the nature of the
endpoints. For host-to-host SAs, the mode can be either transport or
tunnel.

Case 1. The case of providing end-to-end security between 2 hosts
across the Internet (or an Intranet).

====================================
| |
H1* ------ (Inter/Intranet) ------ H2*

Note that either transport or tunnel mode can be selected by the
hosts. So the headers in a packet between H1 and H2 could look
like any of the following:

Transport Tunnel
----------------- ---------------------
1. [IP1][AH][upper] 4. [IP2][AH][IP1][upper]
2. [IP1][ESP][upper] 5. [IP2][ESP][IP1][upper]
3. [IP1][AH][ESP][upper]

Note that there is no requirement to support general nesting,
but in transport mode, both AH and ESP can be applied to the
packet. In this event, the SA establishment procedure MUST
ensure that first ESP, then AH are applied to the packet.

Case 2. This case illustrates simple virtual private networks
support.

===========================
| |
---------------------|---- ---|-----------------------
| | | | | |
| H1 -- (Local --- SG1* |--- (Internet) ---| SG2* --- (Local --- H2 |
| Intranet) | | Intranet) |
-------------------------- ---------------------------
admin. boundary admin. boundary

Only tunnel mode is required here. So the headers in a packet
between SG1 and SG2 could look like either of the following:

Tunnel
---------------------
4. [IP2][AH][IP1][upper]
5. [IP2][ESP][IP1][upper]

Case 3. This case combines cases 1 and 2, adding end-to-end security
between the sending and receiving hosts. It imposes no new
requirements on the hosts or security gateways, other than a
requirement for a security gateway to be configurable to pass
IPsec traffic (including ISAKMP traffic) for hosts behind it.

===============================================================
| |
| ========================= |
| | | |
---|-----------------|---- ---|-------------------|---
| | | | | | | |
| H1* -- (Local --- SG1* |-- (Internet) --| SG2* --- (Local --- H2* |
| Intranet) | | Intranet) |
-------------------------- ---------------------------
admin. boundary admin. boundary

Case 4. This covers the situation where a remote host (H1) uses the
Internet to reach an organization's firewall (SG2) and to then
gain access to some server or other machine (H2). The remote
host could be a mobile host (H1) dialing up to a local PPP/ARA
server (not shown) on the Internet and then crossing the
Internet to the home organization's firewall (SG2), etc. The

details of support for this case, (how H1 locates SG2,
authenticates it, and verifies its authorization to represent
H2) are discussed in Section 4.6.3, "Locating a Security
Gateway".

======================================================
| |
|============================== |
|| | |
|| ---|----------------------|---
|| | | | |
H1* ----- (Internet) ------| SG2* ---- (Local ----- H2* |
^ | Intranet) |
| ------------------------------
could be dialup admin. boundary (optional)
to PPP/ARA server

Only tunnel mode is required between H1 and SG2. So the choices
for the SA between H1 and SG2 would be one of the ones in case
2. The choices for the SA between H1 and H2 would be one of the
ones in case 1.

Note that in this case, the sender MUST apply the transport
header before the tunnel header. Therefore the management
interface to the IPsec implementation MUST support configuration
of the SPD and SAD to ensure this ordering of IPsec header
application.

As noted above, support for additional combinations of AH and ESP is
optional. Use of other, optional combinations may adversely affect
interoperability.

4.6 SA and Key Management

IPsec mandates support for both manual and automated SA and
cryptographic key management. The IPsec protocols, AH and ESP, are
largely independent of the associated SA management techniques,
although the techniques involved do affect some of the security
services offered by the protocols. For example, the optional anti-
replay services available for AH and ESP require automated SA
management. Moreover, the granularity of key distribution employed
with IPsec determines the granularity of authentication provided.
(See also a discussion of this issue in Section 4.7.) In general,
data origin authentication in AH and ESP is limited by the extent to
which secrets used with the authentication algorithm (or with a key
management protocol that creates such secrets) are shared among
multiple possible sources.

The following text describes the minimum requirements for both types
of SA management.

4.6.1 Manual Techniques

The simplest form of management is manual management, in which a
person manually configures each system with keying material and
security association management data relevant to secure communication
with other systems. Manual techniques are practical in small, static
environments but they do not scale well. For example, a company
could create a Virtual Private Network (VPN) using IPsec in security
gateways at several sites. If the number of sites is small, and
since all the sites come under the purview of a single administrative
domain, this is likely to be a feasible context for manual management
techniques. In this case, the security gateway might selectively
protect traffic to and from other sites within the organization using
a manually configured key, while not protecting traffic for other
destinations. It also might be appropriate when only selected
communications need to be secured. A similar argument might apply to
use of IPsec entirely within an organization for a small number of
hosts and/or gateways. Manual management techniques often employ
statically configured, symmetric keys, though other options also
exist.

4.6.2 Automated SA and Key Management

Widespread deployment and use of IPsec requires an Internet-standard,
scalable, automated, SA management protocol. Such support is
required to facilitate use of the anti-replay features of AH and ESP,
and to accommodate on-demand creation of SAs, e.g., for user- and
session-oriented keying. (Note that the notion of "rekeying" an SA
actually implies creation of a new SA with a new SPI, a process that
generally implies use of an automated SA/key management protocol.)

The default automated key management protocol selected for use with
IPsec is IKE [MSST97, Orm97, HC98] under the IPsec domain of
interpretation [Pip98]. Other automated SA management protocols MAY
be employed.

When an automated SA/key management protocol is employed, the output
from this protocol may be used to generate multiple keys, e.g., for a
single ESP SA. This may arise because:

o the encryption algorithm uses multiple keys (e.g., triple DES)
o the authentication algorithm uses multiple keys
o both encryption and authentication algorithms are employed

The Key Management System may provide a separate string of bits for
each key or it may generate one string of bits from which all of them
are extracted. If a single string of bits is provided, care needs to
be taken to ensure that the parts of the system that map the string
of bits to the required keys do so in the same fashion at both ends
of the SA. To ensure that the IPsec implementations at each end of
the SA use the same bits for the same keys, and irrespective of which
part of the system divides the string of bits into individual keys,
the encryption key(s) MUST be taken from the first (left-most, high-
order) bits and the authentication key(s) MUST be taken from the
remaining bits. The number of bits for each key is defined in the
relevant algorithm specification RFC. In the case of multiple
encryption keys or multiple authentication keys, the specification
for the algorithm must specify the order in which they are to be
selected from a single string of bits provided to the algorithm.

4.6.3 Locating a Security Gateway

This section discusses issues relating to how a host learns about the
existence of relevant security gateways and once a host has contacted
these security gateways, how it knows that these are the correct
security gateways. The details of where the required information is
stored is a local matter.

Consider a situation in which a remote host (H1) is using the
Internet to gain access to a server or other machine (H2) and there
is a security gateway (SG2), e.g., a firewall, through which H1's
traffic must pass. An example of this situation would be a mobile
host (Road Warrior) crossing the Internet to the home organization's
firewall (SG2). (See Case 4 in the section 4.5 Basic Combinations of
Security Associations.) This situation raises several issues:

1. How does H1 know/learn about the existence of the security
gateway SG2?
2. How does it authenticate SG2, and once it has authenticated
SG2, how does it confirm that SG2 has been authorized to
represent H2?
3. How does SG2 authenticate H1 and verify that H1 is authorized
to contact H2?
4. How does H1 know/learn about backup gateways which provide
alternate paths to H2?

To address these problems, a host or security gateway MUST have an
administrative interface that allows the user/administrator to
configure the address of a security gateway for any sets of
destination addresses that require its use. This includes the ability
to configure:

o the requisite information for locating and authenticating the
security gateway and verifying its authorization to represent
the destination host.
o the requisite information for locating and authenticating any
backup gateways and verifying their authorization to represent
the destination host.

It is assumed that the SPD is also configured with policy information
that covers any other IPsec requirements for the path to the security
gateway and the destination host.

This document does not address the issue of how to automate the
discovery/verification of security gateways.

4.7 Security Associations and Multicast

The receiver-orientation of the Security Association implies that, in
the case of unicast traffic, the destination system will normally
select the SPI value. By having the destination select the SPI
value, there is no potential for manually configured Security
Associations to conflict with automatically configured (e.g., via a
key management protocol) Security Associations or for Security
Associations from multiple sources to conflict with each other. For
multicast traffic, there are multiple destination systems per
multicast group. So some system or person will need to coordinate
among all multicast groups to select an SPI or SPIs on behalf of each
multicast group and then communicate the group's IPsec information to
all of the legitimate members of that multicast group via mechanisms
not defined here.

Multiple senders to a multicast group SHOULD use a single Security
Association (and hence Security Parameter Index) for all traffic to
that group when a symmetric key encryption or authentication
algorithm is employed. In such circumstances, the receiver knows only
that the message came from a system possessing the key for that
multicast group. In such circumstances, a receiver generally will
not be able to authenticate which system sent the multicast traffic.
Specifications for other, more general multicast cases are deferred
to later IPsec documents.

At the time this specification was published, automated protocols for
multicast key distribution were not considered adequately mature for
standardization. For multicast groups having relatively few members,
manual key distribution or multiple use of existing unicast key
distribution algorithms such as modified Diffie-Hellman appears
feasible. For very large groups, new scalable techniques will be
needed. An example of current work in this area is the Group Key
Management Protocol (GKMP) [HM97].

5. IP Traffic Processing

As mentioned in Section 4.4.1 "The Security Policy Database (SPD)",
the SPD must be consulted during the processing of all traffic
(INBOUND and OUTBOUND), including non-IPsec traffic. If no policy is
found in the SPD that matches the packet (for either inbound or
outbound traffic), the packet MUST be discarded.

NOTE: All of the cryptographic algorithms used in IPsec expect their
input in canonical network byte order (see Appendix in RFC 791) and
generate their output in canonical network byte order. IP packets
are also transmitted in network byte order.

5.1 Outbound IP Traffic Processing

5.1.1 Selecting and Using an SA or SA Bundle

In a security gateway or BITW implementation (and in many BITS
implementations), each outbound packet is compared against the SPD to
determine what processing is required for the packet. If the packet
is to be discarded, this is an auditable event. If the traffic is
allowed to bypass IPsec processing, the packet continues through
"normal" processing for the environment in which the IPsec processing
is taking place. If IPsec processing is required, the packet is
either mapped to an existing SA (or SA bundle), or a new SA (or SA
bundle) is created for the packet. Since a packet's selectors might
match multiple policies or multiple extant SAs and since the SPD is
ordered, but the SAD is not, IPsec MUST:

1. Match the packet's selector fields against the outbound
policies in the SPD to locate the first appropriate
policy, which will point to zero or more SA bundles in the
SAD.

2. Match the packet's selector fields against those in the SA
bundles found in (1) to locate the first SA bundle that
matches. If no SAs were found or none match, create an
appropriate SA bundle and link the SPD entry to the SAD
entry. If no key management entity is found, drop the
packet.

3. Use the SA bundle found/created in (2) to do the required
IPsec processing, e.g., authenticate and encrypt.

In a host IPsec implementation based on sockets, the SPD will be
consulted whenever a new socket is created, to determine what, if
any, IPsec processing will be applied to the traffic that will flow
on that socket.

NOTE: A compliant implementation MUST not allow instantiation of an
ESP SA that employs both a NULL encryption and a NULL authentication
algorithm. An attempt to negotiate such an SA is an auditable event.

5.1.2 Header Construction for Tunnel Mode

This section describes the handling of the inner and outer IP
headers, extension headers, and options for AH and ESP tunnels. This
includes how to construct the encapsulating (outer) IP header, how to
handle fields in the inner IP header, and what other actions should
be taken. The general idea is modeled after the one used in RFC
2003, "IP Encapsulation with IP":

o The outer IP header Source Address and Destination Address
identify the "endpoints" of the tunnel (the encapsulator and
decapsulator). The inner IP header Source Address and
Destination Addresses identify the original sender and
recipient of the datagram, (from the perspective of this
tunnel), respectively. (see footnote 3 after the table in
5.1.2.1 for more details on the encapsulating source IP
address.)
o The inner IP header is not changed except to decrement the TTL
as noted below, and remains unchanged during its delivery to
the tunnel exit point.
o No change to IP options or extension headers in the inner
header occurs during delivery of the encapsulated datagram
through the tunnel.
o If need be, other protocol headers such as the IP
Authentication header may be inserted between the outer IP
header and the inner IP header.

The tables in the following sub-sections show the handling for the
different header/option fields (constructed = the value in the outer
field is constructed independently of the value in the inner).

5.1.2.1 IPv4 -- Header Construction for Tunnel Mode

<-- How Outer Hdr Relates to Inner Hdr -->
Outer Hdr at Inner Hdr at
IPv4 Encapsulator Decapsulator
Header fields: -------------------- ------------
version 4 (1) no change
header length constructed no change
TOS copied from inner hdr (5) no change
total length constructed no change
ID constructed no change
flags (DF,MF) constructed, DF (4) no change
fragmt offset constructed no change

TTL constructed (2) decrement (2)
protocol AH, ESP, routing hdr no change
checksum constructed constructed (2)
src address constructed (3) no change
dest address constructed (3) no change
Options never copied no change

1. The IP version in the encapsulating header can be different
from the value in the inner header.

2. The TTL in the inner header is decremented by the
encapsulator prior to forwarding and by the decapsulator if
it forwards the packet. (The checksum changes when the TTL
changes.)

Note: The decrementing of the TTL is one of the usual actions
that takes place when forwarding a packet. Packets
originating from the same node as the encapsulator do not
have their TTL's decremented, as the sending node is
originating the packet rather than forwarding it.

3. src and dest addresses depend on the SA, which is used to
determine the dest address which in turn determines which src
address (net interface) is used to forward the packet.

NOTE: In principle, the encapsulating IP source address can
be any of the encapsulator's interface addresses or even an
address different from any of the encapsulator's IP
addresses, (e.g., if it's acting as a NAT box) so long as the
address is reachable through the encapsulator from the
environment into which the packet is sent. This does not
cause a problem because IPsec does not currently have any
INBOUND processing requirement that involves the Source
Address of the encapsulating IP header. So while the
receiving tunnel endpoint looks at the Destination Address in
the encapsulating IP header, it only looks at the Source
Address in the inner (encapsulated) IP header.

4. configuration determines whether to copy from the inner
header (IPv4 only), clear or set the DF.

5. If Inner Hdr is IPv4 (Protocol = 4), copy the TOS. If Inner
Hdr is IPv6 (Protocol = 41), map the Class to TOS.

5.1.2.2 IPv6 -- Header Construction for Tunnel Mode

See previous section 5.1.2 for notes 1-5 indicated by (footnote
number).

<-- How Outer Hdr Relates Inner Hdr --->
Outer Hdr at Inner Hdr at
IPv6 Encapsulator Decapsulator
Header fields: -------------------- ------------
version 6 (1) no change
class copied or configured (6) no change
flow id copied or configured no change
len constructed no change
next header AH,ESP,routing hdr no change
hop limit constructed (2) decrement (2)
src address constructed (3) no change
dest address constructed (3) no change
Extension headers never copied no change

6. If Inner Hdr is IPv6 (Next Header = 41), copy the Class. If
Inner Hdr is IPv4 (Next Header = 4), map the TOS to Class.

5.2 Processing Inbound IP Traffic

Prior to performing AH or ESP processing, any IP fragments are
reassembled. Each inbound IP datagram to which IPsec processing will
be applied is identified by the appearance of the AH or ESP values in
the IP Next Protocol field (or of AH or ESP as an extension header in
the IPv6 context).

Note: Appendix C contains sample code for a bitmask check for a 32
packet window that can be used for implementing anti-replay service.

5.2.1 Selecting and Using an SA or SA Bundle

Mapping the IP datagram to the appropriate SA is simplified because
of the presence of the SPI in the AH or ESP header. Note that the
selector checks are made on the inner headers not the outer (tunnel)
headers. The steps followed are:

1. Use the packet's destination address (outer IP header),
IPsec protocol, and SPI to look up the SA in the SAD. If
the SA lookup fails, drop the packet and log/report the
error.

2. Use the SA found in (1) to do the IPsec processing, e.g.,
authenticate and decrypt. This step includes matching the
packet's (Inner Header if tunneled) selectors to the
selectors in the SA. Local policy determines the
specificity of the SA selectors (single value, list,
range, wildcard). In general, a packet's source address
MUST match the SA selector value. However, an ICMP packet
received on a tunnel mode SA may have a source address

other than that bound to the SA and thus such packets
should be permitted as exceptions to this check. For an
ICMP packet, the selectors from the enclosed problem
packet (the source and destination addresses and ports
should be swapped) should be checked against the selectors
for the SA. Note that some or all of these selectors may
be inaccessible because of limitations on how many bits of
the problem packet the ICMP packet is allowed to carry or
due to encryption. See Section 6.

Do (1) and (2) for every IPsec header until a Transport
Protocol Header or an IP header that is NOT for this
system is encountered. Keep track of what SAs have been
used and their order of application.

3. Find an incoming policy in the SPD that matches the
packet. This could be done, for example, by use of
backpointers from the SAs to the SPD or by matching the
packet's selectors (Inner Header if tunneled) against
those of the policy entries in the SPD.

4. Check whether the required IPsec processing has been
applied, i.e., verify that the SA's found in (1) and (2)
match the kind and order of SAs required by the policy
found in (3).

NOTE: The correct "matching" policy will not necessarily
be the first inbound policy found. If the check in (4)
fails, steps (3) and (4) are repeated until all policy
entries have been checked or until the check succeeds.

At the end of these steps, pass the resulting packet to the Transport
Layer or forward the packet. Note that any IPsec headers processed
in these steps may have been removed, but that this information,
i.e., what SAs were used and the order of their application, may be
needed for subsequent IPsec or firewall processing.

Note that in the case of a security gateway, if forwarding causes a
packet to exit via an IPsec-enabled interface, then additional IPsec
processing may be applied.

5.2.2 Handling of AH and ESP tunnels

The handling of the inner and outer IP headers, extension headers,
and options for AH and ESP tunnels should be performed as described
in the tables in Section 5.1.

6. ICMP Processing (relevant to IPsec)

The focus of this section is on the handling of ICMP error messages.
Other ICMP traffic, e.g., Echo/Reply, should be treated like other
traffic and can be protected on an end-to-end basis using SAs in the
usual fashion.

An ICMP error message protected by AH or ESP and generated by a
router SHOULD be processed and forwarded in a tunnel mode SA. Local
policy determines whether or not it is subjected to source address
checks by the router at the destination end of the tunnel. Note that
if the router at the originating end of the tunnel is forwarding an
ICMP error message from another router, the source address check
would fail. An ICMP message protected by AH or ESP and generated by
a router MUST NOT be forwarded on a transport mode SA (unless the SA
has been established to the router acting as a host, e.g., a Telnet
connection used to manage a router). An ICMP message generated by a
host SHOULD be checked against the source IP address selectors bound
to the SA in which the message arrives. Note that even if the source
of an ICMP error message is authenticated, the returned IP header
could be invalid. Accordingly, the selector values in the IP header
SHOULD also be checked to be sure that they are consistent with the
selectors for the SA over which the ICMP message was received.

The table in Appendix D characterize ICMP messages as being either
host generated, router generated, both, unknown/unassigned. ICMP
messages falling into the last two categories should be handled as
determined by the receiver's policy.

An ICMP message not protected by AH or ESP is unauthenticated and its
processing and/or forwarding may result in denial of service. This
suggests that, in general, it would be desirable to ignore such
messages. However, it is expected that many routers (vs. security
gateways) will not implement IPsec for transit traffic and thus
strict adherence to this rule would cause many ICMP messages to be
discarded. The result is that some critical IP functions would be
lost, e.g., redirection and PMTU processing. Thus it MUST be
possible to configure an IPsec implementation to accept or reject
(router) ICMP traffic as per local security policy.

The remainder of this section addresses how PMTU processing MUST be
performed at hosts and security gateways. It addresses processing of
both authenticated and unauthenticated ICMP PMTU messages. However,
as noted above, unauthenticated ICMP messages MAY be discarded based
on local policy.

6.1 PMTU/DF Processing

6.1.1 DF Bit

In cases where a system (host or gateway) adds an encapsulating
header (ESP tunnel or AH tunnel), it MUST support the option of
copying the DF bit from the original packet to the encapsulating
header (and processing ICMP PMTU messages). This means that it MUST
be possible to configure the system's treatment of the DF bit (set,
clear, copy from encapsulated header) for each interface. (See
Appendix B for rationale.)

6.1.2 Path MTU Discovery (PMTU)

This section discusses IPsec handling for Path MTU Discovery
messages. ICMP PMTU is used here to refer to an ICMP message for:

IPv4 (RFC 792):
- Type = 3 (Destination Unreachable)
- Code = 4 (Fragmentation needed and DF set)
- Next-Hop MTU in the low-order 16 bits of the second
word of the ICMP header (labelled "unused" in RFC
792), with high-order 16 bits set to zero

IPv6 (RFC 1885):
- Type = 2 (Packet Too Big)
- Code = 0 (Fragmentation needed)
- Next-Hop MTU in the 32 bit MTU field of the ICMP6
message

6.1.2.1 Propagation of PMTU

The amount of information returned with the ICMP PMTU message (IPv4
or IPv6) is limited and this affects what selectors are available for
use in further propagating the PMTU information. (See Appendix B for
more detailed discussion of this topic.)

o PMTU message with 64 bits of IPsec header -- If the ICMP PMTU
message contains only 64 bits of the IPsec header (minimum for
IPv4), then a security gateway MUST support the following options
on a per SPI/SA basis:

a. if the originating host can be determined (or the possible
sources narrowed down to a manageable number), send the PM
information to all the possible originating hosts.
b. if the originating host cannot be determined, store the PMTU
with the SA and wait until the next packet(s) arrive from the
originating host for the relevant security association. If

the packet(s) are bigger than the PMTU, drop the packet(s),
and compose ICMP PMTU message(s) with the new packet(s) and
the updated PMTU, and send the ICMP message(s) about the
problem to the originating host. Retain the PMTU information
for any message that might arrive subsequently (see Section
6.1.2.4, "PMTU Aging").

o PMTU message with >64 bits of IPsec header -- If the ICMP message
contains more information from the original packet then there may
be enough non-opaque information to immediately determine to which
host to propagate the ICMP/PMTU message and to provide that system
with the 5 fields (source address, destination address, source
port, destination port, transport protocol) needed to determine
where to store/update the PMTU. Under such circumstances, a
security gateway MUST generate an ICMP PMTU message immediately
upon receipt of an ICMP PMTU from further down the path.

o Distributing the PMTU to the Transport Layer -- The host mechanism
for getting the updated PMTU to the transport layer is unchanged,
as specified in RFC 1191 (Path MTU Discovery).

6.1.2.2 Calculation of PMTU

The calculation of PMTU from an ICMP PMTU MUST take into account the
addition of any IPsec header -- AH transport, ESP transport, AH/ESP
transport, ESP tunnel, AH tunnel. (See Appendix B for discussion of
implementation issues.)

Note: In some situations the addition of IPsec headers could result
in an effective PMTU (as seen by the host or application) that is
unacceptably small. To avoid this problem, the implementation may
establish a threshold below which it will not report a reduced PMTU.
In such cases, the implementation would apply IPsec and then fragment
the resulting packet according to the PMTU. This would result in a
more efficient use of the available bandwidth.

6.1.2.3 Granularity of PMTU Processing

In hosts, the granularity with which ICMP PMTU processing can be done
differs depending on the implementation situation. Looking at a
host, there are 3 situations that are of interest with respect to
PMTU issues (See Appendix B for additional details on this topic.):

a. Integration of IPsec into the native IP implementation
b. Bump-in-the-stack implementations, where IPsec is implemented
"underneath" an existing implementation of a TCP/IP protocol
stack, between the native IP and the local network drivers

c. No IPsec implementation -- This case is included because it
is relevant in cases where a security gateway is sending PMTU
information back to a host.

Only in case (a) can the PMTU data be maintained at the same
granularity as communication associations. In (b) and (c), the IP
layer will only be able to maintain PMTU data at the granularity of
source and destination IP addresses (and optionally TOS), as
described in RFC 1191. This is an important difference, because more
than one communication association may map to the same source and
destination IP addresses, and each communication association may have
a different amount of IPsec header overhead (e.g., due to use of
different transforms or different algorithms).

Implementation of the calculation of PMTU and support for PMTUs at
the granularity of individual communication associations is a local
matter. However, a socket-based implementation of IPsec in a host
SHOULD maintain the information on a per socket basis. Bump in the
stack systems MUST pass an ICMP PMTU to the host IP implementation,
after adjusting it for any IPsec header overhead added by these
systems. The calculation of the overhead SHOULD be determined by
analysis of the SPI and any other selector information present in a
returned ICMP PMTU message.

6.1.2.4 PMTU Aging

In all systems (host or gateway) implementing IPsec and maintaining
PMTU information, the PMTU associated with a security association
(transport or tunnel) MUST be "aged" and some mechanism put in place
for updating the PMTU in a timely manner, especially for discovering
if the PMTU is smaller than it needs to be. A given PMTU has to
remain in place long enough for a packet to get from the source end
of the security association to the system at the other end of the
security association and propagate back an ICMP error message if the
current PMTU is too big. Note that if there are nested tunnels,
multiple packets and round trip times might be required to get an
ICMP message back to an encapsulator or originating host.

Systems SHOULD use the approach described in the Path MTU Discovery
document (RFC 1191, Section 6.3), which suggests periodically
resetting the PMTU to the first-hop data-link MTU and then letting
the normal PMTU Discovery processes update the PMTU as necessary.
The period SHOULD be configurable.

7. Auditing

Not all systems that implement IPsec will implement auditing. For
the most part, the granularity of auditing is a local matter.
However, several auditable events are identified in the AH and ESP
specifications and for each of these events a minimum set of
information that SHOULD be included in an audit log is defined.
Additional information also MAY be included in the audit log for each
of these events, and additional events, not explicitly called out in
this specification, also MAY result in audit log entries. There is
no requirement for the receiver to transmit any message to the
purported transmitter in response to the detection of an auditable
event, because of the potential to induce denial of service via such
action.

8. Use in Systems Supporting Information Flow Security

Information of various sensitivity levels may be carried over a
single network. Information labels (e.g., Unclassified, Company
Proprietary, Secret) [DoD85, DoD87] are often employed to distinguish
such information. The use of labels facilitates segregation of
information, in support of information flow security models, e.g.,
the Bell-LaPadula model [BL73]. Such models, and corresponding
supporting technology, are designed to prevent the unauthorized flow
of sensitive information, even in the face of Trojan Horse attacks.
Conventional, discretionary access control (DAC) mechanisms, e.g.,
based on access control lists, generally are not sufficient to
support such policies, and thus facilities such as the SPD do not
suffice in such environments.

In the military context, technology that supports such models is
often referred to as multi-level security (MLS). Computers and
networks often are designated "multi-level secure" if they support
the separation of labelled data in conjunction with information flow
security policies. Although such technology is more broadly
applicable than just military applications, this document uses the
acronym "MLS" to designate the technology, consistent with much
extant literature.

IPsec mechanisms can easily support MLS networking. MLS networking
requires the use of strong Mandatory Access Controls (MAC), which
unprivileged users or unprivileged processes are incapable of
controlling or violating. This section pertains only to the use of
these IP security mechanisms in MLS (information flow security
policy) environments. Nothing in this section applies to systems not
claiming to provide MLS.

As used in this section, "sensitivity information" might include
implementation-defined hierarchic levels, categories, and/or
releasability information.

AH can be used to provide strong authentication in support of
mandatory access control decisions in MLS environments. If explicit
IP sensitivity information (e.g., IPSO [Ken91]) is used and
confidentiality is not considered necessary within the particular
operational environment, AH can be used to authenticate the binding
between sensitivity labels in the IP header and the IP payload
(including user data). This is a significant improvement over
labeled IPv4 networks where the sensitivity information is trusted
even though there is no authentication or cryptographic binding of
the information to the IP header and user data. IPv4 networks might
or might not use explicit labelling. IPv6 will normally use implicit
sensitivity information that is part of the IPsec Security
Association but not transmitted with each packet instead of using
explicit sensitivity information. All explicit IP sensitivity
information MUST be authenticated using either ESP, AH, or both.

Encryption is useful and can be desirable even when all of the hosts
are within a protected environment, for example, behind a firewall or
disjoint from any external connectivity. ESP can be used, in
conjunction with appropriate key management and encryption
algorithms, in support of both DAC and MAC. (The choice of
encryption and authentication algorithms, and the assurance level of
an IPsec implementation will determine the environments in which an
implementation may be deemed sufficient to satisfy MLS requirements.)
Key management can make use of sensitivity information to provide
MAC. IPsec implementations on systems claiming to provide MLS SHOULD
be capable of using IPsec to provide MAC for IP-based communications.

8.1 Relationship Between Security Associations and Data Sensitivity

Both the Encapsulating Security Payload and the Authentication Header
can be combined with appropriate Security Association policies to
provide multi-level secure networking. In this case each SA (or SA
bundle) is normally used for only a single instance of sensitivity
information. For example, "PROPRIETARY - Internet Engineering" must
be associated with a different SA (or SA bundle) from "PROPRIETARY -
Finance".

8.2 Sensitivity Consistency Checking

An MLS implementation (both host and router) MAY associate
sensitivity information, or a range of sensitivity information with
an interface, or a configured IP address with its associated prefix
(the latter is sometimes referred to as a logical interface, or an

interface alias). If such properties exist, an implementation SHOULD
compare the sensitivity information associated with the packet
against the sensitivity information associated with the interface or
address/prefix from which the packet arrived, or through which the
packet will depart. This check will either verify that the
sensitivities match, or that the packet's sensitivity falls within
the range of the interface or address/prefix.

The checking SHOULD be done on both inbound and outbound processing.

8.3 Additional MLS Attributes for Security Association Databases

Section 4.4 discussed two Security Association databases (the
Security Policy Database (SPD) and the Security Association Database
(SAD)) and the associated policy selectors and SA attributes. MLS
networking introduces an additional selector/attribute:

- Sensitivity information.

The Sensitivity information aids in selecting the appropriate
algorithms and key strength, so that the traffic gets a level of
protection appropriate to its importance or sensitivity as described
in section 8.1. The exact syntax of the sensitivity information is
implementation defined.

8.4 Additional Inbound Processing Steps for MLS Networking

After an inbound packet has passed through IPsec processing, an MLS
implementation SHOULD first check the packet's sensitivity (as
defined by the SA (or SA bundle) used for the packet) with the
interface or address/prefix as described in section 8.2 before
delivering the datagram to an upper-layer protocol or forwarding it.

The MLS system MUST retain the binding between the data received in
an IPsec protected packet and the sensitivity information in the SA
or SAs used for processing, so appropriate policy decisions can be
made when delivering the datagram to an application or forwarding
engine. The means for maintaining this binding are implementation
specific.

8.5 Additional Outbound Processing Steps for MLS Networking

An MLS implementation of IPsec MUST perform two additional checks
besides the normal steps detailed in section 5.1.1. When consulting
the SPD or the SAD to find an outbound security association, the MLS
implementation MUST use the sensitivity of the data to select an

appropriate outbound SA or SA bundle. The second check comes before
forwarding the packet out to its destination, and is the sensitivity
consistency checking described in section 8.2.

8.6 Additional MLS Processing for Security Gateways

An MLS security gateway MUST follow the previously mentioned inbound
and outbound processing rules as well as perform some additional
processing specific to the intermediate protection of packets in an
MLS environment.

A security gateway MAY act as an outbound proxy, creating SAs for MLS
systems that originate packets forwarded by the gateway. These MLS
systems may explicitly label the packets to be forwarded, or the
whole originating network may have sensitivity characteristics
associated with it. The security gateway MUST create and use
appropriate SAs for AH, ESP, or both, to protect such traffic it
forwards.

Similarly such a gateway SHOULD accept and process inbound AH and/or
ESP packets and forward appropriately, using explicit packet
labeling, or relying on the sensitivity characteristics of the
destination network.

9. Performance Issues

The use of IPsec imposes computational performance costs on the hosts
or security gateways that implement these protocols. These costs are
associated with the memory needed for IPsec code and data structures,
and the computation of integrity check values, encryption and
decryption, and added per-packet handling. The per-packet
computational costs will be manifested by increased latency and,
possibly, reduced throughout. Use of SA/key management protocols,
especially ones that employ public key cryptography, also adds
computational performance costs to use of IPsec. These per-
association computational costs will be manifested in terms of
increased latency in association establishment. For many hosts, it
is anticipated that software-based cryptography will not appreciably
reduce throughput, but hardware may be required for security gateways
(since they represent aggregation points), and for some hosts.

The use of IPsec also imposes bandwidth utilization costs on
transmission, switching, and routing components of the Internet
infrastructure, components not implementing IPsec. This is due to
the increase in the packet size resulting from the addition of AH
and/or ESP headers, AH and ESP tunneling (which adds a second IP
header), and the increased packet traffic associated with key
management protocols. It is anticipated that, in most instances,

this increased bandwidth demand will not noticeably affect the
Internet infrastructure. However, in some instances, the effects may
be significant, e.g., transmission of ESP encrypted traffic over a
dialup link that otherwise would have compressed the traffic.

Note: The initial SA establishment overhead will be felt in the first
packet. This delay could impact the transport layer and application.
For example, it could cause TCP to retransmit the SYN before the
ISAKMP exchange is done. The effect of the delay would be different
on UDP than TCP because TCP shouldn't transmit anything other than
the SYN until the connection is set up whereas UDP will go ahead and
transmit data beyond the first packet.

Note: As discussed earlier, compression can still be employed at
layers above IP. There is an IETF working group (IP Payload
Compression Protocol (ippcp)) working on "protocol specifications
that make it possible to perform lossless compression on individual
payloads before the payload is processed by a protocol that encrypts
it. These specifications will allow for compression operations to be
performed prior to the encryption of a payload by IPsec protocols."

10. Conformance Requirements

All IPv4 systems that claim to implement IPsec MUST comply with all
requirements of the Security Architecture document. All IPv6 systems
MUST comply with all requirements of the Security Architecture
document.

11. Security Considerations

The focus of this document is security; hence security considerations
permeate this specification.

12. Differences from RFC 1825

This architecture document differs substantially from RFC 1825 in
detail and in organization, but the fundamental notions are
unchanged. This document provides considerable additional detail in
terms of compliance specifications. It introduces the SPD and SAD,
and the notion of SA selectors. It is aligned with the new versions
of AH and ESP, which also differ from their predecessors. Specific
requirements for supported combinations of AH and ESP are newly
added, as are details of PMTU management.

Acknowledgements

Many of the concepts embodied in this specification were derived from
or influenced by the US Government's SP3 security protocol, ISO/IEC's
NLSP, the proposed swIPe security protocol [SDNS, ISO, IB93, IBK93],
and the work done for SNMP Security and SNMPv2 Security.

For over 3 years (although it sometimes seems *much* longer), this
document has evolved through multiple versions and iterations.
During this time, many people have contributed significant ideas and
energy to the process and the documents themselves. The authors
would like to thank Karen Seo for providing extensive help in the
review, editing, background research, and coordination for this
version of the specification. The authors would also like to thank
the members of the IPsec and IPng working groups, with special
mention of the efforts of (in alphabetic order): Steve Bellovin,
Steve Deering, James Hughes, Phil Karn, Frank Kastenholz, Perry
Metzger, David Mihelcic, Hilarie Orman, Norman Shulman, William
Simpson, Harry Varnis, and Nina Yuan.

Appendix A -- Glossary

This section provides definitions for several key terms that are
employed in this document. Other documents provide additional
definitions and background information relevant to this technology,
e.g., [VK83, HA94]. Included in this glossary are generic security
service and security mechanism terms, plus IPsec-specific terms.

Access Control
Access control is a security service that prevents unauthorized
use of a resource, including the prevention of use of a resource
in an unauthorized manner. In the IPsec context, the resource
to which access is being controlled is often:
o for a host, computing cycles or data
o for a security gateway, a network behind the gateway
or
bandwidth on that network.

Anti-replay
[See "Integrity" below]

Authentication
This term is used informally to refer to the combination of two
nominally distinct security services, data origin authentication
and connectionless integrity. See the definitions below for
each of these services.

Availability
Availability, when viewed as a security service, addresses the
security concerns engendered by attacks against networks that
deny or degrade service. For example, in the IPsec context, the
use of anti-replay mechanisms in AH and ESP support
availability.

Confidentiality
Confidentiality is the security service that protects data from
unauthorized disclosure. The primary confidentiality concern in
most instances is unauthorized disclosure of application level
data, but disclosure of the external characteristics of
communication also can be a concern in some circumstances.
Traffic flow confidentiality is the service that addresses this
latter concern by concealing source and destination addresses,
message length, or frequency of communication. In the IPsec
context, using ESP in tunnel mode, especially at a security
gateway, can provide some level of traffic flow confidentiality.
(See also traffic analysis, below.)

Encryption
Encryption is a security mechanism used to transform data from
an intelligible form (plaintext) into an unintelligible form
(ciphertext), to provide confidentiality. The inverse
transformation process is designated "decryption". Oftimes the
term "encryption" is used to generically refer to both
processes.

Data Origin Authentication
Data origin authentication is a security service that verifies
the identity of the claimed source of data. This service is
usually bundled with connectionless integrity service.

Integrity
Integrity is a security service that ensures that modifications
to data are detectable. Integrity comes in various flavors to
match application requirements. IPsec supports two forms of
integrity: connectionless and a form of partial sequence
integrity. Connectionless integrity is a service that detects
modification of an individual IP datagram, without regard to the
ordering of the datagram in a stream of traffic. The form of
partial sequence integrity offered in IPsec is referred to as
anti-replay integrity, and it detects arrival of duplicate IP
datagrams (within a constrained window). This is in contrast to
connection-oriented integrity, which imposes more stringent
sequencing requirements on traffic, e.g., to be able to detect
lost or re-ordered messages. Although authentication and
integrity services often are cited separately, in practice they
are intimately connected and almost always offered in tandem.

Security Association (SA)
A simplex (uni-directional) logical connection, created for
security purposes. All traffic traversing an SA is provided the
same security processing. In IPsec, an SA is an internet layer
abstraction implemented through the use of AH or ESP.

Security Gateway
A security gateway is an intermediate system that acts as the
communications interface between two networks. The set of hosts
(and networks) on the external side of the security gateway is
viewed as untrusted (or less trusted), while the networks and
hosts and on the internal side are viewed as trusted (or more
trusted). The internal subnets and hosts served by a security
gateway are presumed to be trusted by virtue of sharing a
common, local, security administration. (See "Trusted
Subnetwork" below.) In the IPsec context, a security gateway is
a point at which AH and/or ESP is implemented in order to serve

a set of internal hosts, providing security services for these
hosts when they communicate with external hosts also employing
IPsec (either directly or via another security gateway).

SPI
Acronym for "Security Parameters Index". The combination of a
destination address, a security protocol, and an SPI uniquely
identifies a security association (SA, see above). The SPI is
carried in AH and ESP protocols to enable the receiving system
to select the SA under which a received packet will be
processed. An SPI has only local significance, as defined by
the creator of the SA (usually the receiver of the packet
carrying the SPI); thus an SPI is generally viewed as an opaque
bit string. However, the creator of an SA may choose to
interpret the bits in an SPI to facilitate local processing.

Traffic Analysis
The analysis of network traffic flow for the purpose of deducing
information that is useful to an adversary. Examples of such
information are frequency of transmission, the identities of the
conversing parties, sizes of packets, flow identifiers, etc.
[Sch94]

Trusted Subnetwork
A subnetwork containing hosts and routers that trust each other
not to engage in active or passive attacks. There also is an
assumption that the underlying communications channel (e.g., a
LAN or CAN) isn't being attacked by other means.

Appendix B -- Analysis/Discussion of PMTU/DF/Fragmentation Issues

B.1 DF bit

In cases where a system (host or gateway) adds an encapsulating
header (e.g., ESP tunnel), should/must the DF bit in the original
packet be copied to the encapsulating header?

Fragmenting seems correct for some situations, e.g., it might be
appropriate to fragment packets over a network with a very small MTU,
e.g., a packet radio network, or a cellular phone hop to mobile node,
rather than propagate back a very small PMTU for use over the rest of
the path. In other situations, it might be appropriate to set the DF
bit in order to get feedback from later routers about PMTU
constraints which require fragmentation. The existence of both of
these situations argues for enabling a system to decide whether or
not to fragment over a particular network "link", i.e., for requiring
an implementation to be able to copy the DF bit (and to process ICMP
PMTU messages), but making it an option to be selected on a per
interface basis. In other words, an administrator should be able to
configure the router's treatment of the DF bit (set, clear, copy from
encapsulated header) for each interface.

Note: If a bump-in-the-stack implementation of IPsec attempts to
apply different IPsec algorithms based on source/destination ports,
it will be difficult to apply Path MTU adjustments.

B.2 Fragmentation

If required, IP fragmentation occurs after IPsec processing within an
IPsec implementation. Thus, transport mode AH or ESP is applied only
to whole IP datagrams (not to IP fragments). An IP packet to which
AH or ESP has been applied may itself be fragmented by routers en
route, and such fragments MUST be reassembled prior to IPsec
processing at a receiver. In tunnel mode, AH or ESP is applied to an
IP packet, the payload of which may be a fragmented IP packet. For
example, a security gateway, "bump-in-the-stack" (BITS), or "bump-
in-the-wire" (BITW) IPsec implementation may apply tunnel mode AH to
such fragments. Note that BITS or BITW implementations are examples
of where a host IPsec implementation might receive fragments to which
tunnel mode is to be applied. However, if transport mode is to be
applied, then these implementations MUST reassemble the fragments
prior to applying IPsec.

NOTE: IPsec always has to figure out what the encapsulating IP header
fields are. This is independent of where you insert IPsec and is
intrinsic to the definition of IPsec. Therefore any IPsec
implementation that is not integrated into an IP implementation must
include code to construct the necessary IP headers (e.g., IP2):

o AH-tunnel --> IP2-AH-IP1-Transport-Data
o ESP-tunnel --> IP2-ESP_hdr-IP1-Transport-Data-ESP_trailer

*********************************************************************

Overall, the fragmentation/reassembly approach described above works
for all cases examined.

AH Xport AH Tunnel ESP Xport ESP Tunnel
Implementation approach IPv4 IPv6 IPv4 IPv6 IPv4 IPv6 IPv4 IPv6
----------------------- ---- ---- ---- ---- ---- ---- ---- ----
Hosts (integr w/ IP stack) Y Y Y Y Y Y Y Y
Hosts (betw/ IP and drivers) Y Y Y Y Y Y Y Y
S. Gwy (integr w/ IP stack) Y Y Y Y
Outboard crypto processor *

* If the crypto processor system has its own IP address, then it
is covered by the security gateway case. This box receives
the packet from the host and performs IPsec processing. It
has to be able to handle the same AH, ESP, and related
IPv4/IPv6 tunnel processing that a security gateway would have
to handle. If it doesn't have it's own address, then it is
similar to the bump-in-the stack implementation between IP and
the network drivers.

The following analysis assumes that:

1. There is only one IPsec module in a given system's stack.
There isn't an IPsec module A (adding ESP/encryption and
thus) hiding the transport protocol, SRC port, and DEST port
from IPsec module B.
2. There are several places where IPsec could be implemented (as
shown in the table above).
a. Hosts with integration of IPsec into the native IP
implementation. Implementer has access to the source
for the stack.
b. Hosts with bump-in-the-stack implementations, where
IPsec is implemented between IP and the local network
drivers. Source access for stack is not available;
but there are well-defined interfaces that allows the
IPsec code to be incorporated into the system.

c. Security gateways and outboard crypto processors with
integration of IPsec into the stack.
3. Not all of the above approaches are feasible in all hosts.
But it was assumed that for each approach, there are some
hosts for whom the approach is feasible.

For each of the above 3 categories, there are IPv4 and IPv6, AH
transport and tunnel modes, and ESP transport and tunnel modes -- for
a total of 24 cases (3 x 2 x 4).

Some header fields and interface fields are listed here for ease of
reference -- they're not in the header order, but instead listed to
allow comparison between the columns. (* = not covered by AH
authentication. ESP authentication doesn't cover any headers that
precede it.)

IP/Transport Interface
IPv4 IPv6 (RFC 1122 -- Sec 3.4)
---- ---- ----------------------
Version = 4 Version = 6
Header Len
*TOS Class,Flow Lbl TOS
Packet Len Payload Len Len
ID ID (optional)
*Flags DF
*Offset
*TTL *Hop Limit TTL
Protocol Next Header
*Checksum
Src Address Src Address Src Address
Dst Address Dst Address Dst Address
Options? Options? Opt

? = AH covers Option-Type and Option-Length, but
might not cover Option-Data.

The results for each of the 20 cases is shown below ("works" = will
work if system fragments after outbound IPsec processing, reassembles
before inbound IPsec processing). Notes indicate implementation
issues.

a. Hosts (integrated into IP stack)
o AH-transport --> (IP1-AH-Transport-Data)
- IPv4 -- works
- IPv6 -- works
o AH-tunnel --> (IP2-AH-IP1-Transport-Data)
- IPv4 -- works
- IPv6 -- works

o ESP-transport --> (IP1-ESP_hdr-Transport-Data-ESP_trailer)
- IPv4 -- works
- IPv6 -- works
o ESP-tunnel --> (IP2-ESP_hdr-IP1-Transport-Data-ESP_trailer)
- IPv4 -- works
- IPv6 -- works

b. Hosts (Bump-in-the-stack) -- put IPsec between IP layer and
network drivers. In this case, the IPsec module would have to do
something like one of the following for fragmentation and
reassembly.
- do the fragmentation/reassembly work itself and
send/receive the packet directly to/from the network
layer. In AH or ESP transport mode, this is fine. In AH
or ESP tunnel mode where the tunnel end is at the ultimate
destination, this is fine. But in AH or ESP tunnel modes
where the tunnel end is different from the ultimate
destination and where the source host is multi-homed, this
approach could result in sub-optimal routing because the
IPsec module may be unable to obtain the information
needed (LAN interface and next-hop gateway) to direct the
packet to the appropriate network interface. This is not
a problem if the interface and next-hop gateway are the
same for the ultimate destination and for the tunnel end.
But if they are different, then IPsec would need to know
the LAN interface and the next-hop gateway for the tunnel
end. (Note: The tunnel end (security gateway) is highly
likely to be on the regular path to the ultimate
destination. But there could also be more than one path
to the destination, e.g., the host could be at an
organization with 2 firewalls. And the path being used
could involve the less commonly chosen firewall.) OR
- pass the IPsec'd packet back to the IP layer where an
extra IP header would end up being pre-pended and the
IPsec module would have to check and let IPsec'd fragments
go by.
OR
- pass the packet contents to the IP layer in a form such
that the IP layer recreates an appropriate IP header

At the network layer, the IPsec module will have access to the
following selectors from the packet -- SRC address, DST address,
Next Protocol, and if there's a transport layer header --> SRC
port and DST port. One cannot assume IPsec has access to the
Name. It is assumed that the available selector information is
sufficient to figure out the relevant Security Policy entry and
Security Association(s).

o AH-transport --> (IP1-AH-Transport-Data)
- IPv4 -- works
- IPv6 -- works
o AH-tunnel --> (IP2-AH-IP1-Transport-Data)
- IPv4 -- works
- IPv6 -- works
o ESP-transport --> (IP1-ESP_hdr-Transport-Data-ESP_trailer)
- IPv4 -- works
- IPv6 -- works
o ESP-tunnel --> (IP2-ESP_hdr-IP1-Transport-Data-ESP_trailer)
- IPv4 -- works
- IPv6 -- works

c. Security gateways -- integrate IPsec into the IP stack

NOTE: The IPsec module will have access to the following
selectors from the packet -- SRC address, DST address, Next
Protocol, and if there's a transport layer header --> SRC port
and DST port. It won't have access to the User ID (only Hosts
have access to User ID information.) Unlike some Bump-in-the-
stack implementations, security gateways may be able to look up
the Source Address in the DNS to provide a System Name, e.g., in
situations involving use of dynamically assigned IP addresses in
conjunction with dynamically updated DNS entries. It also won't
have access to the transport layer information if there is an ESP
header, or if it's not the first fragment of a fragmented
message. It is assumed that the available selector information
is sufficient to figure out the relevant Security Policy entry
and Security Association(s).

o AH-tunnel --> (IP2-AH-IP1-Transport-Data)
- IPv4 -- works
- IPv6 -- works
o ESP-tunnel --> (IP2-ESP_hdr-IP1-Transport-Data-ESP_trailer)
- IPv4 -- works
- IPv6 -- works

**********************************************************************

B.3 Path MTU Discovery

As mentioned earlier, "ICMP PMTU" refers to an ICMP message used for
Path MTU Discovery.

The legend for the diagrams below in B.3.1 and B.3.3 (but not B.3.2)
is:

==== = security association (AH or ESP, transport or tunnel)

---- = connectivity (or if so labelled, administrative boundary)
.... = ICMP message (hereafter referred to as ICMP PMTU) for

IPv4:
- Type = 3 (Destination Unreachable)
- Code = 4 (Fragmentation needed and DF set)
- Next-Hop MTU in the low-order 16 bits of the second
word of the ICMP header (labelled unused in RFC 792),
with high-order 16 bits set to zero

IPv6 (RFC 1885):
- Type = 2 (Packet Too Big)
- Code = 0 (Fragmentation needed and DF set)
- Next-Hop MTU in the 32 bit MTU field of the ICMP6

Hx = host x
Rx = router x
SGx = security gateway x
X* = X supports IPsec

B.3.1 Identifying the Originating Host(s)

The amount of information returned with the ICMP message is limited
and this affects what selectors are available to identify security
associations, originating hosts, etc. for use in further propagating
the PMTU information.

In brief... An ICMP message must contain the following information
from the "offending" packet:
- IPv4 (RFC 792) -- IP header plus a minimum of 64 bits

Accordingly, in the IPv4 context, an ICMP PMTU may identify only the
first (outermost) security association. This is because the ICMP
PMTU may contain only 64 bits of the "offending" packet beyond the IP
header, which would capture only the first SPI from AH or ESP. In
the IPv6 context, an ICMP PMTU will probably provide all the SPIs and
the selectors in the IP header, but maybe not the SRC/DST ports (in
the transport header) or the encapsulated (TCP, UDP, etc.) protocol.
Moreover, if ESP is used, the transport ports and protocol selectors
may be encrypted.

Looking at the diagram below of a security gateway tunnel (as
mentioned elsewhere, security gateways do not use transport mode)...

H1 =================== H3
\ | | /
H0 -- SG1* ---- R1 ---- SG2* ---- R2 -- H5
/ ^ | \
H2 |........| H4

Suppose that the security policy for SG1 is to use a single SA to SG2
for all the traffic between hosts H0, H1, and H2 and hosts H3, H4,
and H5. And suppose H0 sends a data packet to H5 which causes R1 to
send an ICMP PMTU message to SG1. If the PMTU message has only the
SPI, SG1 will be able to look up the SA and find the list of possible
hosts (H0, H1, H2, wildcard); but SG1 will have no way to figure out
that H0 sent the traffic that triggered the ICMP PMTU message.

original after IPsec ICMP
packet processing packet
-------- ----------- ------
IP-3 header (S = R1, D = SG1)
ICMP header (includes PMTU)
IP-2 header IP-2 header (S = SG1, D = SG2)
ESP header minimum of 64 bits of ESP hdr (*)
IP-1 header IP-1 header
TCP header TCP header
TCP data TCP data
ESP trailer

(*) The 64 bits will include enough of the ESP (or AH) header to
include the SPI.
- ESP -- SPI (32 bits), Seq number (32 bits)
- AH -- Next header (8 bits), Payload Len (8 bits),
Reserved (16 bits), SPI (32 bits)

This limitation on the amount of information returned with an ICMP
message creates a problem in identifying the originating hosts for
the packet (so as to know where to further propagate the ICMP PMTU
information). If the ICMP message contains only 64 bits of the IPsec
header (minimum for IPv4), then the IPsec selectors (e.g., Source and
Destination addresses, Next Protocol, Source and Destination ports,
etc.) will have been lost. But the ICMP error message will still
provide SG1 with the SPI, the PMTU information and the source and
destination gateways for the relevant security association.

The destination security gateway and SPI uniquely define a security
association which in turn defines a set of possible originating
hosts. At this point, SG1 could:

a. send the PMTU information to all the possible originating hosts.
This would not work well if the host list is a wild card or if
many/most of the hosts weren't sending to SG1; but it might work
if the SPI/destination/etc mapped to just one or a small number of
hosts.
b. store the PMTU with the SPI/etc and wait until the next packet(s)
arrive from the originating host(s) for the relevant security
association. If it/they are bigger than the PMTU, drop the
packet(s), and compose ICMP PMTU message(s) with the new packet(s)
and the updated PMTU, and send the originating host(s) the ICMP
message(s) about the problem. This involves a delay in notifying
the originating host(s), but avoids the problems of (a).

Since only the latter approach is feasible in all instances, a
security gateway MUST provide such support, as an option. However,
if the ICMP message contains more information from the original
packet, then there may be enough information to immediately determine
to which host to propagate the ICMP/PMTU message and to provide that
system with the 5 fields (source address, destination address, source
port, destination port, and transport protocol) needed to determine
where to store/update the PMTU. Under such circumstances, a security
gateway MUST generate an ICMP PMTU message immediately upon receipt
of an ICMP PMTU from further down the path. NOTE: The Next Protocol
field may not be contained in the ICMP message and the use of ESP
encryption may hide the selector fields that have been encrypted.

B.3.2 Calculation of PMTU

The calculation of PMTU from an ICMP PMTU has to take into account
the addition of any IPsec header by H1 -- AH and/or ESP transport, or
ESP or AH tunnel. Within a single host, multiple applications may
share an SPI and nesting of security associations may occur. (See
Section 4.5 Basic Combinations of Security Associations for
description of the combinations that MUST be supported). The diagram
below illustrates an example of security associations between a pair
of hosts (as viewed from the perspective of one of the hosts.) (ESPx
or AHx = transport mode)

Socket 1 -------------------------|
|
Socket 2 (ESPx/SPI-A) ---------- AHx (SPI-B) -- Internet

In order to figure out the PMTU for each socket that maps to SPI-B,
it will be necessary to have backpointers from SPI-B to each of the 2
paths that lead to it -- Socket 1 and Socket 2/SPI-A.

B.3.3 Granularity of Maintaining PMTU Data

In hosts, the granularity with which PMTU ICMP processing can be done
differs depending on the implementation situation. Looking at a
host, there are three situations that are of interest with respect to
PMTU issues:

a. Integration of IPsec into the native IP implementation
b. Bump-in-the-stack implementations, where IPsec is implemented
"underneath" an existing implementation of a TCP/IP protocol
stack, between the native IP and the local network drivers
c. No IPsec implementation -- This case is included because it is
relevant in cases where a security gateway is sending PMTU
information back to a host.

Only in case (a) can the PMTU data be maintained at the same
granularity as communication associations. In the other cases, the
IP layer will maintain PMTU data at the granularity of Source and
Destination IP addresses (and optionally TOS/Class), as described in
RFC 1191. This is an important difference, because more than one
communication association may map to the same source and destination
IP addresses, and each communication association may have a different
amount of IPsec header overhead (e.g., due to use of different
transforms or different algorithms). The examples below illustrate
this.

In cases (a) and (b)... Suppose you have the following situation.
H1 is sending to H2 and the packet to be sent from R1 to R2 exceeds
the PMTU of the network hop between them.

==================================
| |
H1* --- R1 ----- R2 ---- R3 ---- H2*
^ |
|.......|

If R1 is configured to not fragment subscriber traffic, then R1 sends
an ICMP PMTU message with the appropriate PMTU to H1. H1's
processing would vary with the nature of the implementation. In case
(a) (native IP), the security services are bound to sockets or the
equivalent. Here the IP/IPsec implementation in H1 can store/update
the PMTU for the associated socket. In case (b), the IP layer in H1
can store/update the PMTU but only at the granularity of Source and
Destination addresses and possibly TOS/Class, as noted above. So the
result may be sub-optimal, since the PMTU for a given
SRC/DST/TOS/Class will be the subtraction of the largest amount of
IPsec header used for any communication association between a given
source and destination.

In case (c), there has to be a security gateway to have any IPsec
processing. So suppose you have the following situation. H1 is
sending to H2 and the packet to be sent from SG1 to R exceeds the
PMTU of the network hop between them.

================
| |
H1 ---- SG1* --- R --- SG2* ---- H2
^ |
|.......|

As described above for case (b), the IP layer in H1 can store/update
the PMTU but only at the granularity of Source and Destination
addresses, and possibly TOS/Class. So the result may be sub-optimal,
since the PMTU for a given SRC/DST/TOS/Class will be the subtraction
of the largest amount of IPsec header used for any communication
association between a given source and destination.

B.3.4 Per Socket Maintenance of PMTU Data

Implementation of the calculation of PMTU (Section B.3.2) and support
for PMTUs at the granularity of individual "communication
associations" (Section B.3.3) is a local matter. However, a socket-
based implementation of IPsec in a host SHOULD maintain the
information on a per socket basis. Bump in the stack systems MUST
pass an ICMP PMTU to the host IP implementation, after adjusting it
for any IPsec header overhead added by these systems. The
determination of the overhead SHOULD be determined by analysis of the
SPI and any other selector information present in a returned ICMP
PMTU message.

B.3.5 Delivery of PMTU Data to the Transport Layer

The host mechanism for getting the updated PMTU to the transport
layer is unchanged, as specified in RFC 1191 (Path MTU Discovery).

B.3.6 Aging of PMTU Data

This topic is covered in Section 6.1.2.4.

Appendix C -- Sequence Space Window Code Example

This appendix contains a routine that implements a bitmask check for
a 32 packet window. It was provided by James Hughes
(jim_hughes@stortek.com) and Harry Varnis (hgv@anubis.network.com)
and is intended as an implementation example. Note that this code
both checks for a replay and updates the window. Thus the algorithm,
as shown, should only be called AFTER the packet has been
authenticated. Implementers might wish to consider splitting the
code to do the check for replays before computing the ICV. If the
packet is not a replay, the code would then compute the ICV, (discard
any bad packets), and if the packet is OK, update the window.

#include <stdio.h>
#include <stdlib.h>
typedef unsigned long u_long;

enum {
ReplayWindowSize = 32
};

u_long bitmap = 0; /* session state - must be 32 bits */
u_long lastSeq = 0; /* session state */

/* Returns 0 if packet disallowed, 1 if packet permitted */
int ChkReplayWindow(u_long seq);

int ChkReplayWindow(u_long seq) {
u_long diff;

if (seq == 0) return 0; /* first == 0 or wrapped */
if (seq > lastSeq) { /* new larger sequence number */
diff = seq - lastSeq;
if (diff < ReplayWindowSize) { /* In window */
bitmap <<= diff;
bitmap |= 1; /* set bit for this packet */
} else bitmap = 1; /* This packet has a "way larger" */
lastSeq = seq;
return 1; /* larger is good */
}
diff = lastSeq - seq;
if (diff >= ReplayWindowSize) return 0; /* too old or wrapped */
if (bitmap & ((u_long)1 << diff)) return 0; /* already seen */
bitmap |= ((u_long)1 << diff); /* mark as seen */
return 1; /* out of order but good */
}

char string_buffer[512];

#define STRING_BUFFER_SIZE sizeof(string_buffer)

int main() {
int result;
u_long last, current, bits;

printf("Input initial state (bits in hex, last msgnum):\n");
if (!fgets(string_buffer, STRING_BUFFER_SIZE, stdin)) exit(0);
sscanf(string_buffer, "%lx %lu", &bits, &last);
if (last != 0)
bits |= 1;
bitmap = bits;
lastSeq = last;
printf("bits:%08lx last:%lu\n", bitmap, lastSeq);
printf("Input value to test (current):\n");

while (1) {
if (!fgets(string_buffer, STRING_BUFFER_SIZE, stdin)) break;
sscanf(string_buffer, "%lu", ¤t);
result = ChkReplayWindow(current);
printf("%-3s", result ? "OK" : "BAD");
printf(" bits:%08lx last:%lu\n", bitmap, lastSeq);
}
return 0;
}

Appendix D -- Categorization of ICMP messages

The tables below characterize ICMP messages as being either host
generated, router generated, both, unassigned/unknown. The first set
are IPv4. The second set are IPv6.

IPv4

Type Name/Codes Reference
========================================================================
HOST GENERATED:
3 Destination Unreachable
2 Protocol Unreachable [RFC792]
3 Port Unreachable [RFC792]
8 Source Host Isolated [RFC792]
14 Host Precedence Violation [RFC1812]
10 Router Selection [RFC1256]

Type Name/Codes Reference
========================================================================
ROUTER GENERATED:
3 Destination Unreachable
0 Net Unreachable [RFC792]
4 Fragmentation Needed, Don't Fragment was Set [RFC792]
5 Source Route Failed [RFC792]
6 Destination Network Unknown [RFC792]
7 Destination Host Unknown [RFC792]
9 Comm. w/Dest. Net. is Administratively Prohibited [RFC792]
11 Destination Network Unreachable for Type of Service[RFC792]
5 Redirect
0 Redirect Datagram for the Network (or subnet) [RFC792]
2 Redirect Datagram for the Type of Service & Network[RFC792]
9 Router Advertisement [RFC1256]
18 Address Mask Reply [RFC950]

IPv4
Type Name/Codes Reference
========================================================================
BOTH ROUTER AND HOST GENERATED:
0 Echo Reply [RFC792]
3 Destination Unreachable
1 Host Unreachable [RFC792]
10 Comm. w/Dest. Host is Administratively Prohibited [RFC792]
12 Destination Host Unreachable for Type of Service [RFC792]
13 Communication Administratively Prohibited [RFC1812]
15 Precedence cutoff in effect [RFC1812]
4 Source Quench [RFC792]
5 Redirect
1 Redirect Datagram for the Host [RFC792]
3 Redirect Datagram for the Type of Service and Host [RFC792]
6 Alternate Host Address [JBP]
8 Echo [RFC792]
11 Time Exceeded [RFC792]
12 Parameter Problem [RFC792,RFC1108]
13 Timestamp [RFC792]
14 Timestamp Reply [RFC792]
15 Information Request [RFC792]
16 Information Reply [RFC792]
17 Address Mask Request [RFC950]
30 Traceroute [RFC1393]
31 Datagram Conversion Error [RFC1475]
32 Mobile Host Redirect [Johnson]
39 SKIP [Markson]
40 Photuris [Simpson]

Type Name/Codes Reference
========================================================================
UNASSIGNED TYPE OR UNKNOWN GENERATOR:
1 Unassigned [JBP]
2 Unassigned [JBP]
7 Unassigned [JBP]
19 Reserved (for Security) [Solo]
20-29 Reserved (for Robustness Experiment) [ZSu]
33 IPv6 Where-Are-You [Simpson]
34 IPv6 I-Am-Here [Simpson]
35 Mobile Registration Request [Simpson]
36 Mobile Registration Reply [Simpson]
37 Domain Name Request [Simpson]
38 Domain Name Reply [Simpson]
41-255 Reserved [JBP]

IPv6

Type Name/Codes Reference
========================================================================
HOST GENERATED:
1 Destination Unreachable [RFC 1885]
4 Port Unreachable

Type Name/Codes Reference
========================================================================
ROUTER GENERATED:
1 Destination Unreachable [RFC1885]
0 No Route to Destination
1 Comm. w/Destination is Administratively Prohibited
2 Not a Neighbor
3 Address Unreachable
2 Packet Too Big [RFC1885]
0
3 Time Exceeded [RFC1885]
0 Hop Limit Exceeded in Transit
1 Fragment reassembly time exceeded

Type Name/Codes Reference
========================================================================
BOTH ROUTER AND HOST GENERATED:
4 Parameter Problem [RFC1885]
0 Erroneous Header Field Encountered
1 Unrecognized Next Header Type Encountered
2 Unrecognized IPv6 Option Encountered

References

[BL73] Bell, D.E. & LaPadula, L.J., "Secure Computer Systems:
Mathematical Foundations and Model", Technical Report M74-
244, The MITRE Corporation, Bedford, MA, May 1973.

[Bra97] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Level", BCP 14, RFC 2119, March 1997.

[DoD85] US National Computer Security Center, "Department of
Defense Trusted Computer System Evaluation Criteria", DoD
5200.28-STD, US Department of Defense, Ft. Meade, MD.,
December 1985.

[DoD87] US National Computer Security Center, "Trusted Network
Interpretation of the Trusted Computer System Evaluation
Criteria", NCSC-TG-005, Version 1, US Department of
Defense, Ft. Meade, MD., 31 July 1987.

[HA94] Haller, N., and R. Atkinson, "On Internet Authentication",
RFC 1704, October 1994.

[HC98] Harkins, D., and D. Carrel, "The Internet Key Exchange
(IKE)", RFC 2409, November 1998.

[HM97] Harney, H., and C. Muckenhirn, "Group Key Management
Protocol (GKMP) Architecture", RFC 2094, July 1997.

[ISO] ISO/IEC JTC1/SC6, Network Layer Security Protocol, ISO-IEC
DIS 11577, International Standards Organisation, Geneva,
Switzerland, 29 November 1992.

[IB93] John Ioannidis and Matt Blaze, "Architecture and
Implementation of Network-layer Security Under Unix",
Proceedings of USENIX Security Symposium, Santa Clara, CA,
October 1993.

[IBK93] John Ioannidis, Matt Blaze, & Phil Karn, "swIPe: Network-
Layer Security for IP", presentation at the Spring 1993
IETF Meeting, Columbus, Ohio

[KA98a] Kent, S., and R. Atkinson, "IP Authentication Header", RFC
2402, November 1998.

[KA98b] Kent, S., and R. Atkinson, "IP Encapsulating Security
Payload (ESP)", RFC 2406, November 1998.

[Ken91] Kent, S., "US DoD Security Options for the Internet
Protocol", RFC 1108, November 1991.

[MSST97] Maughan, D., Schertler, M., Schneider, M., and J. Turner,
"Internet Security Association and Key Management Protocol
(ISAKMP)", RFC 2408, November 1998.

[Orm97] Orman, H., "The OAKLEY Key Determination Protocol", RFC
2412, November 1998.

[Pip98] Piper, D., "The Internet IP Security Domain of
Interpretation for ISAKMP", RFC 2407, November 1998.

[Sch94] Bruce Schneier, Applied Cryptography, Section 8.6, John
Wiley & Sons, New York, NY, 1994.

[SDNS] SDNS Secure Data Network System, Security Protocol 3, SP3,
Document SDN.301, Revision 1.5, 15 May 1989, published in
NIST Publication NIST-IR-90-4250, February 1990.

[SMPT98] Shacham, A., Monsour, R., Pereira, R., and M. Thomas, "IP
Payload Compression Protocol (IPComp)", RFC 2393, August
1998.

[TDG97] Thayer, R., Doraswamy, N., and R. Glenn, "IP Security
Document Roadmap", RFC 2411, November 1998.

[VK83] V.L. Voydock & S.T. Kent, "Security Mechanisms in High-
level Networks", ACM Computing Surveys, Vol. 15, No. 2,
June 1983.

Disclaimer

The views and specification expressed in this document are those of
the authors and are not necessarily those of their employers. The
authors and their employers specifically disclaim responsibility for
any problems arising from correct or incorrect implementation or use
of this design.

Author Information

Stephen Kent
BBN Corporation
70 Fawcett Street
Cambridge, MA 02140
USA

Phone: +1 (617) 873-3988
EMail: kent@bbn.com

Randall Atkinson
@Home Network
425 Broadway
Redwood City, CA 94063
USA

Phone: +1 (415) 569-5000
EMail: rja@corp.home.net

Copyright (C) The Internet Society (1998). All Rights Reserved.

This document and translations of it may be copied and furnished to
others, and derivative works that comment on or otherwise explain it
or assist in its implementation may be prepared, copied, published
and distributed, in whole or in part, without restriction of any
kind, provided that the above copyright notice and this paragraph are
included on all such copies and derivative works. However, this
document itself may not be modified in any way, such as by removing
the copyright notice or references to the Internet Society or other
Internet organizations, except as needed for the purpose of
developing Internet standards in which case the procedures for
copyrights defined in the Internet Standards process must be
followed, or as required to translate it into languages other than
English.

The limited permissions granted above are perpetual and will not be
revoked by the Internet Society or its successors or assigns.

This document and the information contained herein is provided on an
"AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.


RFC 1700 – Assigned Numbers


Network Working Group                                        J. Reynolds
Request for Comments: 1700 J. Postel
STD: 2 ISI
Obsoletes RFCs: 1340, 1060, 1010, 990, 960, October 1994
943, 923, 900, 870, 820, 790, 776, 770,
762, 758,755, 750, 739, 604, 503, 433, 349
Obsoletes IENs: 127, 117, 93
Category: Standards Track

ASSIGNED NUMBERS

Status of this Memo

This memo is a status report on the parameters (i.e., numbers and
keywords) used in protocols in the Internet community. Distribution
of this memo is unlimited.

OVERVIEW

This RFC is a snapshot of the ongoing process of the assignment of
protocol parameters for the Internet protocol suite. To make the
current information readily available the assignments are kept up-to-
date in a set of online text files. This RFC has been assembled by
catinating these files together with a minimum of formatting "glue".
The authors appologize for the somewhat rougher formatting and style
than is typical of most RFCs.

We expect that various readers will notice specific items that should be
corrected. Please send any specific corrections via email to
<iana@isi.edu>.

INTRODUCTION

The files in this directory document the currently assigned values for
several series of numbers used in network protocol implementations.

ftp://ftp.isi.edu/in-notes/iana/assignments

The Internet Assigned Numbers Authority (IANA) is the central
coordinator for the assignment of unique parameter values for Internet
protocols. The IANA is chartered by the Internet Society (ISOC) and
the Federal Network Council (FNC) to act as the clearinghouse to
assign and coordinate the use of numerous Internet protocol
parameters.

The Internet protocol suite, as defined by the Internet Engineering
Task Force (IETF) and its steering group (the IESG), contains numerous
parameters, such as internet addresses, domain names, autonomous
system numbers (used in some routing protocols), protocol numbers,
port numbers, management information base object identifiers,
including private enterprise numbers, and many others.

The common use of the Internet protocols by the Internet community
requires that the particular values used in these parameter fields be
assigned uniquely. It is the task of the IANA to make those unique
assignments as requested and to maintain a registry of the currently
assigned values.

Requests for parameter assignments (protocols, ports, etc.) should be
sent to <iana@isi.edu>.

Requests for SNMP network management private enterprise number
assignments should be sent to <iana-mib@isi.edu>.

The IANA is located at and operated by the Information Sciences
Institute (ISI) of the University of Southern California (USC).

If you are developing a protocol or application that will require the
use of a link, socket, port, protocol, etc., please contact the IANA
to receive a number assignment.

Joyce K. Reynolds
Internet Assigned Numbers Authority
USC - Information Sciences Institute
4676 Admiralty Way
Marina del Rey, California 90292-6695

Electronic mail: IANA@ISI.EDU
Phone: +1 310-822-1511

Most of the protocols are documented in the RFC series of notes. Some
of the items listed are undocumented. Further information on
protocols can be found in the memo, "Internet Official Protocol
Standards" (STD 1).

Data Notations

The convention in the documentation of Internet Protocols is to
express numbers in decimal and to picture data in "big-endian" order
[COHEN]. That is, fields are described left to right, with the most
significant octet on the left and the least significant octet on the
right.

The order of transmission of the header and data described in this
document is resolved to the octet level. Whenever a diagram shows a
group of octets, the order of transmission of those octets is the
normal order in which they are read in English. For example, in the
following diagram the octets are transmitted in the order they are
numbered.

0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| 1 | 2 | 3 | 4 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| 5 | 6 | 7 | 8 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| 9 | 10 | 11 | 12 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

Transmission Order of Bytes

Whenever an octet represents a numeric quantity the left most bit in the
diagram is the high order or most significant bit. That is, the bit
labeled 0 is the most significant bit. For example, the following
diagram represents the value 170 (decimal).

0 1 2 3 4 5 6 7
+-+-+-+-+-+-+-+-+
|1 0 1 0 1 0 1 0|
+-+-+-+-+-+-+-+-+

Significance of Bits

Similarly, whenever a multi-octet field represents a numeric quantity
the left most bit of the whole field is the most significant bit. When

a multi-octet quantity is transmitted the most significant octet is
transmitted first.

Special Addresses

There are five classes of IP addresses: Class A through Class E. Of
these, Classes A, B, and C are used for unicast addresses, Class D is
used for multicast addresses, and Class E addresses are reserved for
future use.

With the advent of classless addressing [CIDR1, CIDR2], the
network-number part of an address may be of any length, and the whole
notion of address classes becomes less important.

There are certain special cases for IP addresses. These special cases
can be concisely summarized using the earlier notation for an IP
address:

IP-address ::= { <Network-number>, <Host-number> }

or

IP-address ::= { <Network-number>, <Subnet-number>,
<Host-number> }

if we also use the notation "-1" to mean the field contains all 1
bits. Some common special cases are as follows:

(a) {0, 0}

This host on this network. Can only be used as a source
address (see note later).

(b) {0, <Host-number>}

Specified host on this network. Can only be used as a
source address.

(c) { -1, -1}

Limited broadcast. Can only be used as a destination
address, and a datagram with this address must never be
forwarded outside the (sub-)net of the source.

(d) {<Network-number>, -1}

Directed broadcast to specified network. Can only be used
as a destination address.

(e) {<Network-number>, <Subnet-number>, -1}

Directed broadcast to specified subnet. Can only be used as
a destination address.

(f) {<Network-number>, -1, -1}

Directed broadcast to all subnets of specified subnetted
network. Can only be used as a destination address.

(g) {127, <any>}

Internal host loopback address. Should never appear outside
a host.

REFERENCES

[COHEN] Cohen, D., "On Holy Wars and a Plea for Peace", IEEE Computer
Magazine, October 1981.

[CIDR1] Fuller, V., T. Li, J. Yu, and K. Varadhan, "Classless
Inter-Domain Routing (CIDR): an Address Assignment and
Aggregation Strategy", RFC 1519, September 1993.

[CIDR2] Rekhter, Y., and T. Li, "An Architecture for IP Address
Allocation with CIDR", RFC 1518, September 1993.

[]

URL = ftp://ftp.isi.edu/in-notes/iana/assignments/introduction

VERSION NUMBERS

In the Internet Protocol (IP) [RFC791] there is a field to identify
the version of the internetwork general protocol. This field is 4
bits in size.

Assigned Internet Version Numbers

Decimal Keyword Version References
------- ------- ------- ----------
0 Reserved [JBP]
1-3 Unassigned [JBP]
4 IP Internet Protocol [RFC791,JBP]
5 ST ST Datagram Mode [RFC1190,JWF]
6 SIP Simple Internet Protocol [RH6]
7 TP/IX TP/IX: The Next Internet [RXU]
8 PIP The P Internet Protocol [PXF]
9 TUBA TUBA [RXC]
10-14 Unassigned [JBP]
15 Reserved [JBP]

REFERENCES

[RFC791] Postel, J., ed., "Internet Protocol - DARPA Internet Program
Protocol Specification", STD 5, RFC 791, USC/Information
Sciences Institute, September 1981.

[RFC1190] Topolcic, C., Editor, "Experimental Internet Stream
Protocol, Version 2 (ST-II)", RFC 1190, CIP Working Group,
October 1990.

PEOPLE

[JPB] Jon Postel <postel@isi.edu>

[JWF] Jim Forgie <FORGIE@XN.LL.MIT.ED>

[RH6] Robert Hinden <Hinden@ENG.SUN.COM>

[RXU] Robert Ullmann <ariel@world.std.com>

[PXF] Paul Francis <francis@cactus.ntt.jp>

[RXC] Ross Callon <callon@wellfleet.com>

[]

URL = ftp://ftp.isi.edu/in-notes/iana/assignments/version-numbers

PROTOCOL NUMBERS

In the Internet Protocol (IP) [DDN], [RFC791] there is a field, called
Protocol, to identify the next level protocol. This is an 8 bit
field.

Assigned Internet Protocol Numbers

Decimal Keyword Protocol References
------- ------- -------- ----------
0 Reserved [JBP]
1 ICMP Internet Control Message [RFC792,JBP]
2 IGMP Internet Group Management [RFC1112,JBP]
3 GGP Gateway-to-Gateway [RFC823,MB]
4 IP IP in IP (encasulation) [JBP]
5 ST Stream [RFC1190,IEN119,JWF]
6 TCP Transmission Control [RFC793,JBP]
7 UCL UCL [PK]
8 EGP Exterior Gateway Protocol [RFC888,DLM1]
9 IGP any private interior gateway [JBP]
10 BBN-RCC-MON BBN RCC Monitoring [SGC]
11 NVP-II Network Voice Protocol [RFC741,SC3]
12 PUP PUP [PUP,XEROX]
13 ARGUS ARGUS [RWS4]
14 EMCON EMCON [BN7]
15 XNET Cross Net Debugger [IEN158,JFH2]
16 CHAOS Chaos [NC3]
17 UDP User Datagram [RFC768,JBP]
18 MUX Multiplexing [IEN90,JBP]
19 DCN-MEAS DCN Measurement Subsystems [DLM1]
20 HMP Host Monitoring [RFC869,RH6]
21 PRM Packet Radio Measurement [ZSU]
22 XNS-IDP XEROX NS IDP [ETHERNET,XEROX]
23 TRUNK-1 Trunk-1 [BWB6]
24 TRUNK-2 Trunk-2 [BWB6]
25 LEAF-1 Leaf-1 [BWB6]
26 LEAF-2 Leaf-2 [BWB6]
27 RDP Reliable Data Protocol [RFC908,RH6]
28 IRTP Internet Reliable Transaction [RFC938,TXM]
29 ISO-TP4 ISO Transport Protocol Class 4 [RFC905,RC77]
30 NETBLT Bulk Data Transfer Protocol [RFC969,DDC1]
31 MFE-NSP MFE Network Services Protocol [MFENET,BCH2]
32 MERIT-INP MERIT Internodal Protocol [HWB]
33 SEP Sequential Exchange Protocol [JC120]
34 3PC Third Party Connect Protocol [SAF3]
35 IDPR Inter-Domain Policy Routing Protocol [MXS1]

36 XTP XTP [GXC]
37 DDP Datagram Delivery Protocol [WXC]
38 IDPR-CMTP IDPR Control Message Transport Proto [MXS1]
39 TP++ TP++ Transport Protocol [DXF]
40 IL IL Transport Protocol [DXP2]
41 SIP Simple Internet Protocol [SXD]
42 SDRP Source Demand Routing Protocol [DXE1]
43 SIP-SR SIP Source Route [SXD]
44 SIP-FRAG SIP Fragment [SXD]
45 IDRP Inter-Domain Routing Protocol [Sue Hares]
46 RSVP Reservation Protocol [Bob Braden]
47 GRE General Routing Encapsulation [Tony Li]
48 MHRP Mobile Host Routing Protocol[David Johnson]
49 BNA BNA [Gary Salamon]
50 SIPP-ESP SIPP Encap Security Payload [Steve Deering]
51 SIPP-AH SIPP Authentication Header [Steve Deering]
52 I-NLSP Integrated Net Layer Security TUBA [GLENN]
53 SWIPE IP with Encryption [JI6]
54 NHRP NBMA Next Hop Resolution Protocol
55-60 Unassigned [JBP]
61 any host internal protocol [JBP]
62 CFTP CFTP [CFTP,HCF2]
63 any local network [JBP]
64 SAT-EXPAK SATNET and Backroom EXPAK [SHB]
65 KRYPTOLAN Kryptolan [PXL1]
66 RVD MIT Remote Virtual Disk Protocol [MBG]
67 IPPC Internet Pluribus Packet Core [SHB]
68 any distributed file system [JBP]
69 SAT-MON SATNET Monitoring [SHB]
70 VISA VISA Protocol [GXT1]
71 IPCV Internet Packet Core Utility [SHB]
72 CPNX Computer Protocol Network Executive [DXM2]
73 CPHB Computer Protocol Heart Beat [DXM2]
74 WSN Wang Span Network [VXD]
75 PVP Packet Video Protocol [SC3]
76 BR-SAT-MON Backroom SATNET Monitoring [SHB]
77 SUN-ND SUN ND PROTOCOL-Temporary [WM3]
78 WB-MON WIDEBAND Monitoring [SHB]
79 WB-EXPAK WIDEBAND EXPAK [SHB]
80 ISO-IP ISO Internet Protocol [MTR]
81 VMTP VMTP [DRC3]
82 SECURE-VMTP SECURE-VMTP [DRC3]
83 VINES VINES [BXH]
84 TTP TTP [JXS]
85 NSFNET-IGP NSFNET-IGP [HWB]
86 DGP Dissimilar Gateway Protocol [DGP,ML109]
87 TCF TCF [GAL5]
88 IGRP IGRP [CISCO,GXS]

89 OSPFIGP OSPFIGP [RFC1583,JTM4]
90 Sprite-RPC Sprite RPC Protocol [SPRITE,BXW]
91 LARP Locus Address Resolution Protocol [BXH]
92 MTP Multicast Transport Protocol [SXA]
93 AX.25 AX.25 Frames [BK29]
94 IPIP IP-within-IP Encapsulation Protocol [JI6]
95 MICP Mobile Internetworking Control Pro. [JI6]
96 SCC-SP Semaphore Communications Sec. Pro. [HXH]
97 ETHERIP Ethernet-within-IP Encapsulation [RXH1]
98 ENCAP Encapsulation Header [RFC1241,RXB3]
99 any private encryption scheme [JBP]
100 GMTP GMTP [RXB5]
101-254 Unassigned [JBP]
255 Reserved [JBP]

REFERENCES

[CFTP] Forsdick, H., "CFTP", Network Message, Bolt Beranek and
Newman, January 1982.

[CISCO] Cisco Systems, "Gateway Server Reference Manual", Manual
Revision B, January 10, 1988.

[DDN] Feinler, E., Editor, "DDN Protocol Handbook", Network
Information Center, SRI International, December 1985.

[DGP] M/A-COM Government Systems, "Dissimilar Gateway Protocol
Specification, Draft Version", Contract no. CS901145,
November 16, 1987.

[ETHERNET] "The Ethernet, A Local Area Network: Data Link Layer and
Physical Layer Specification", AA-K759B-TK, Digital
Equipment Corporation, Maynard, MA. Also as: "The
Ethernet - A Local Area Network", Version 1.0, Digital
Equipment Corporation, Intel Corporation, Xerox
Corporation, September 1980. And: "The Ethernet, A Local
Area Network: Data Link Layer and Physical Layer
Specifications", Digital, Intel and Xerox, November 1982.
And: XEROX, "The Ethernet, A Local Area Network: Data Link
Layer and Physical Layer Specification", X3T51/80-50,
Xerox Corporation, Stamford, CT., October 1980.

[IEN90] Cohen, D. and J. Postel, "Multiplexing Protocol", IEN 90,
USC/Information Sciences Institute, May 1979.

[IEN119] Forgie, J., "ST - A Proposed Internet Stream Protocol",
IEN 119, MIT Lincoln Laboratory, September 1979.

[IEN158] Haverty, J., "XNET Formats for Internet Protocol Version 4",
IEN 158, October 1980.

[MFENET] Shuttleworth, B., "A Documentary of MFENet, a National
Computer Network", UCRL-52317, Lawrence Livermore Labs,
Livermore, California, June 1977.

[PUP] Boggs, D., J. Shoch, E. Taft, and R. Metcalfe, "PUP: An
Internetwork Architecture", XEROX Palo Alto Research Center,
CSL-79-10, July 1979; also in IEEE Transactions on
Communication, Volume COM-28, Number 4, April 1980.

[SPRITE] Welch, B., "The Sprite Remote Procedure Call System",
Technical Report, UCB/Computer Science Dept., 86/302,
University of California at Berkeley, June 1986.

[RFC741] Cohen, D., "Specifications for the Network Voice Protocol",
RFC 741, ISI/RR 7539, USC/Information Sciences Institute,
March 1976.

[RFC768] Postel, J., "User Datagram Protocol", STD 6, RFC 768,
USC/Information Sciences Institute, August 1980.

[RFC791] Postel, J., "Internet Protocol - DARPA Internet Program
Protocol Specification", STD 5, RFC 791, DARPA, September
1981.

[RFC792] Postel, J., "Internet Control Message Protocol - DARPA
Internet Program Protocol Specification", STD 5, RFC 792,
USC/Information Sciences Institute, September 1981.

[RFC793] Postel, J., "Transmission Control Protocol - DARPA
Internet Program Protocol Specification", STD 7, RFC 793,
USC/Information Sciences Institute, September 1981.

[RFC823] Hinden, R., and A. Sheltzer, "The DARPA Internet Gateway",
RFC 823, BBN, September 1982.

[RFC869] Hinden, R., "A Host Monitoring Protocol", RFC 869,
Bolt Beranek and Newman, December 1983.

[RFC888] Seamonson, L., and E. Rosen, "STUB" Exterior Gateway
Protocol", RFC 888, BBN Communications Corporation,
January 1984.

[RFC905] International Standards Organization, "ISO Transport Protocol
Specification - ISO DP 8073", RFC 905, April 1984.

[RFC908] Velten, D., R. Hinden, and J. Sax, "Reliable Data Protocol",
RFC 908, BBN Communications Corporation, July 1984.

[RFC938] Miller, T., "Internet Reliable Transaction Protocol", RFC 938,
ACC, February 1985.

[RFC969] Clark, D., M. Lambert, and L. Zhang, "NETBLT: A Bulk Data
Transfer Protocol", RFC 969, MIT Laboratory for Computer
Science, December 1985.

[RFC1112] Deering, S., "Host Extensions for IP Multicasting",
STD 5, RFC 1112, Stanford University, August 1989.

[RFC1190] Topolcic, C., Editor, "Experimental Internet Stream
Protocol, Version 2 (ST-II)", RFC 1190, CIP Working Group,
October 1990.

[RFC1241] Woodburn, W., and D. Mills, " A Scheme for an Internet
Encapsulation Protocol: Version 1", RFC 1241, SAIC,
University of Delaware, July 1991.

[RFC1583] Moy, J., "The OSPF Specification", RFC 1583, Proteon,
March 1994.

PEOPLE

[BCH2] Barry Howard <Howard@NMFECC.LLNL.GOV>

[BK29] Brian Kantor <brian@UCSD.EDU>

[BN7] <mystery contact>

[BWB6] Barry Boehm <boehm@ARPA.MIL>

[BXH] Brian Horn <---none--->

[BXW] Bruce Willins <---none--->

[DDC1] David Clark <ddc@LCS.MIT.EDU>

[DLM1] David Mills <Mills@HUEY.UDEL.EDU>

[DRC3] Dave Cheriton <cheriton@PESCADERO.STANFORD.EDU>

[DXE1] Deborah Estrin <estrin@usc.edu>

[DXF] Dirk Fromhein <df@watershed.com>

[DXM2] David Mittnacht <---none--->

[DXP2] Dave Presotto <presotto@reseach.att.co

[David Johnson] <mystery contact>

[GAL5] Guillermo A. Loyola <LOYOLA@IBM.COM>

[GLENN] K. Robert Glenn <glenn@osi.ncsl.nist.gov>

[GXC] Greg Chesson <Greg@SGI.COM>

[GXS] Guenther Schreiner <snmp-admin@ira.uka.de>

[GXT1] Gene Tsudik <tsudik@USC.EDU>

[HCF2] Harry Forsdick <Forsdick@BBN.COM>

[HWB] Hans-Werner Braun <HWB@MCR.UMICH.EDU>

[HXH] Howard Hart <hch@hybrid.com>

[JBP] Jon Postel <postel@isi.edu>

[JC120] <mystery contact>

[JFH2] Jack Haverty <jhaverty@ORACLE.COM>

[JI6] John Ioannidis <ji@CS.COLUMBIA.EDU>

[JTM4] John Moy <jmoy@PROTEON.COM>

[JWF] Jim Forgie <FORGIE@XN.LL.MIT.EDU>

[JXS] Jim Stevens <Stevens@ISI.EDU>

[KATZ] Dave Katz <dkatz@cisco.com>

[MB] Mike Brescia <Brescia@CCV.BBN.COM>

[MBG] Michael Greenwald <Greenwald@SCRC-STONY-BROOK.SYMBOLICS.COM>

[ML109] Mike Little <little@MACOM4.ARPA>

[MTR] Marshall T. Rose <mrose@dbc.mtview.ca.us>

[MXS1] Martha Steenstrup <MSteenst@BBN.COM>

[NC3] J. Noel Chiappa <JNC@XX.LCS.MIT.EDU>

[PK] Peter Kirstein <Kirstein@NSS.CS.UCL.AC.UK>

[PXL1] Paul Liu <---none--->

[RH6] Robert Hinden <Hinden@ENG.SUN.COM>

[RTB3] Bob Braden <braden@isi.edu>

[RC77] <mystery contact>

[RWS4] Robert W. Scheifler <RWS@XX.LCS.MIT.EDU>

[RXB3] Robert Woodburn <woody@cseic.saic.com>

[RXH1] Russ Housley <Russ_Housley.McLean_CSD@xerox.com>

[SAF3] Stuart A. Friedberg <stuart@CS.WISC.EDU>

[SC3] Steve Casner <casner@isi.edu

[SGC] Steve Chipman <Chipman@F.BBN.COM>

[SHB] Steven Blumenthal <BLUMENTHAL@VAX.BBN.COM>

[Sue Hares] Sue Hares <skh@merit.edu>

[SXA] Susie Armstrong <Armstrong.wbst128@XEROX.COM>

[SXD] Steve Deering <deering@PARC.XEROX.COM>

[Tony Li] Tony Li <tli@cisco.com>

[TXM] Trudy Miller <Trudy@ACC.COM>

[VXD] Victor Dafoulas <---none--->

[WM3] William Melohn <Melohn@SUN.COM>

[WXC] Wesley Craig <Wesley.Craig@terminator.cc.umich.edu>

[ZSU] Zaw-Sing Su <ZSu@TSCA.ISTC.SRI.>

[]

URL = ftp://ftp.isi.edu/in-notes/iana/assignments/protocol-numbers

WELL KNOWN PORT NUMBERS

The Well Known Ports are controlled and assigned by the IANA and on
most systems can only be used by system (or root) processes or by
programs executed by privileged users.

Ports are used in the TCP [RFC793] to name the ends of logical
connections which carry long term conversations. For the purpose of
providing services to unknown callers, a service contact port is
defined. This list specifies the port used by the server process as
its contact port. The contact port is sometimes called the
"well-known port".

To the extent possible, these same port assignments are used with the
UDP [RFC768].

The assigned ports use a small portion of the possible port numbers.
For many years the assigned ports were in the range 0-255. Recently,
the range for assigned ports managed by the IANA has been expanded to
the range 0-1023.

Port Assignments:

Keyword Decimal Description References
------- ------- ----------- ----------
0/tcp Reserved
0/udp Reserved
# Jon Postel <postel@isi.edu>
tcpmux 1/tcp TCP Port Service Multiplexer
tcpmux 1/udp TCP Port Service Multiplexer
# Mark Lottor <MKL@nisc.sri.com>
compressnet 2/tcp Management Utility
compressnet 2/udp Management Utility
compressnet 3/tcp Compression Process
compressnet 3/udp Compression Process
# Bernie Volz <VOLZ@PROCESS.COM>
# 4/tcp Unassigned
# 4/udp Unassigned
rje 5/tcp Remote Job Entry
rje 5/udp Remote Job Entry
# Jon Postel <postel@isi.edu>
# 6/tcp Unassigned
# 6/udp Unassigned
echo 7/tcp Echo
echo 7/udp Echo
# Jon Postel <postel@isi.edu>
# 8/tcp Unassigned

# 8/udp Unassigned
discard 9/tcp Discard
discard 9/udp Discard
# Jon Postel <postel@isi.edu>
# 10/tcp Unassigned
# 10/udp Unassigned
systat 11/tcp Active Users
systat 11/udp Active Users
# Jon Postel <postel@isi.edu>
# 12/tcp Unassigned
# 12/udp Unassigned
daytime 13/tcp Daytime
daytime 13/udp Daytime
# Jon Postel <postel@isi.edu>
# 14/tcp Unassigned
# 14/udp Unassigned
# 15/tcp Unassigned [was netstat]
# 15/udp Unassigned
# 16/tcp Unassigned
# 16/udp Unassigned
qotd 17/tcp Quote of the Day
qotd 17/udp Quote of the Day
# Jon Postel <postel@isi.edu>
msp 18/tcp Message Send Protocol
msp 18/udp Message Send Protocol
# Rina Nethaniel <---none--->
chargen 19/tcp Character Generator
chargen 19/udp Character Generator
ftp-data 20/tcp File Transfer [Default Data]
ftp-data 20/udp File Transfer [Default Data]
ftp 21/tcp File Transfer [Control]
ftp 21/udp File Transfer [Control]
# Jon Postel <postel@isi.edu>
# 22/tcp Unassigned
# 22/udp Unassigned
telnet 23/tcp Telnet
telnet 23/udp Telnet
# Jon Postel <postel@isi.edu>
24/tcp any private mail system
24/udp any private mail system
# Rick Adam <rick@UUNET.UU.NET>
smtp 25/tcp Simple Mail Transfer
smtp 25/udp Simple Mail Transfer
# Jon Postel <postel@isi.edu>
# 26/tcp Unassigned
# 26/udp Unassigned
nsw-fe 27/tcp NSW User System FE
nsw-fe 27/udp NSW User System FE

# Robert Thomas <BThomas@F.BBN.COM>
# 28/tcp Unassigned
# 28/udp Unassigned
msg-icp 29/tcp MSG ICP
msg-icp 29/udp MSG ICP
# Robert Thomas <BThomas@F.BBN.COM>
# 30/tcp Unassigned
# 30/udp Unassigned
msg-auth 31/tcp MSG Authentication
msg-auth 31/udp MSG Authentication
# Robert Thomas <BThomas@F.BBN.COM>
# 32/tcp Unassigned
# 32/udp Unassigned
dsp 33/tcp Display Support Protocol
dsp 33/udp Display Support Protocol
# Ed Cain <cain@edn-unix.dca.mil>
# 34/tcp Unassigned
# 34/udp Unassigned
35/tcp any private printer server
35/udp any private printer server
# Jon Postel <postel@isi.edu>
# 36/tcp Unassigned
# 36/udp Unassigned
time 37/tcp Time
time 37/udp Time
# Jon Postel <postel@isi.edu>
rap 38/tcp Route Access Protocol
rap 38/udp Route Access Protocol
# Robert Ullmann <ariel@world.std.com>
rlp 39/tcp Resource Location Protocol
rlp 39/udp Resource Location Protocol
# Mike Accetta <MIKE.ACCETTA@CMU-CS-A.EDU>
# 40/tcp Unassigned
# 40/udp Unassigned
graphics 41/tcp Graphics
graphics 41/udp Graphics
nameserver 42/tcp Host Name Server
nameserver 42/udp Host Name Server
nicname 43/tcp Who Is
nicname 43/udp Who Is
mpm-flags 44/tcp MPM FLAGS Protocol
mpm-flags 44/udp MPM FLAGS Protocol
mpm 45/tcp Message Processing Module [recv]
mpm 45/udp Message Processing Module [recv]
mpm-snd 46/tcp MPM [default send]
mpm-snd 46/udp MPM [default send]
# Jon Postel <postel@isi.edu>
ni-ftp 47/tcp NI FTP

ni-ftp 47/udp NI FTP
# Steve Kille <S.Kille@isode.com>
auditd 48/tcp Digital Audit Daemon
auditd 48/udp Digital Audit Daemon
# Larry Scott <scott@zk3.dec.com>
login 49/tcp Login Host Protocol
login 49/udp Login Host Protocol
# Pieter Ditmars <pditmars@BBN.COM>
re-mail-ck 50/tcp Remote Mail Checking Protocol
re-mail-ck 50/udp Remote Mail Checking Protocol
# Steve Dorner <s-dorner@UIUC.EDU>
la-maint 51/tcp IMP Logical Address Maintenance
la-maint 51/udp IMP Logical Address Maintenance
# Andy Malis <malis_a@timeplex.com>
xns-time 52/tcp XNS Time Protocol
xns-time 52/udp XNS Time Protocol
# Susie Armstrong <Armstrong.wbst128@XEROX>
domain 53/tcp Domain Name Server
domain 53/udp Domain Name Server
# Paul Mockapetris <PVM@ISI.EDU>
xns-ch 54/tcp XNS Clearinghouse
xns-ch 54/udp XNS Clearinghouse
# Susie Armstrong <Armstrong.wbst128@XEROX>
isi-gl 55/tcp ISI Graphics Language
isi-gl 55/udp ISI Graphics Language
xns-auth 56/tcp XNS Authentication
xns-auth 56/udp XNS Authentication
# Susie Armstrong <Armstrong.wbst128@XEROX>
57/tcp any private terminal access
57/udp any private terminal access
# Jon Postel <postel@isi.edu>
xns-mail 58/tcp XNS Mail
xns-mail 58/udp XNS Mail
# Susie Armstrong <Armstrong.wbst128@XEROX>
59/tcp any private file service
59/udp any private file service
# Jon Postel <postel@isi.edu>
60/tcp Unassigned
60/udp Unassigned
ni-mail 61/tcp NI MAIL
ni-mail 61/udp NI MAIL
# Steve Kille <S.Kille@isode.com>
acas 62/tcp ACA Services
acas 62/udp ACA Services
# E. Wald <ewald@via.enet.dec.com>
# 63/tcp Unassigned
# 63/udp Unassigned
covia 64/tcp Communications Integrator (CI)

covia 64/udp Communications Integrator (CI)
# "Tundra" Tim Daneliuk
# <tundraix!tundra@clout.chi.il.us>
tacacs-ds 65/tcp TACACS-Database Service
tacacs-ds 65/udp TACACS-Database Service
# Kathy Huber <khuber@bbn.com>
sql*net 66/tcp Oracle SQL*NET
sql*net 66/udp Oracle SQL*NET
# Jack Haverty <jhaverty@ORACLE.COM>
bootps 67/tcp Bootstrap Protocol Server
bootps 67/udp Bootstrap Protocol Server
bootpc 68/tcp Bootstrap Protocol Client
bootpc 68/udp Bootstrap Protocol Client
# Bill Croft <Croft@SUMEX-AIM.STANFORD.EDU>
tftp 69/tcp Trivial File Transfer
tftp 69/udp Trivial File Transfer
# David Clark <ddc@LCS.MIT.EDU>
gopher 70/tcp Gopher
gopher 70/udp Gopher
# Mark McCahill <mpm@boombox.micro.umn.edu>
netrjs-1 71/tcp Remote Job Service
netrjs-1 71/udp Remote Job Service
netrjs-2 72/tcp Remote Job Service
netrjs-2 72/udp Remote Job Service
netrjs-3 73/tcp Remote Job Service
netrjs-3 73/udp Remote Job Service
netrjs-4 74/tcp Remote Job Service
netrjs-4 74/udp Remote Job Service
# Bob Braden <Braden@ISI.EDU>
75/tcp any private dial out service
75/udp any private dial out service
# Jon Postel <postel@isi.edu>
deos 76/tcp Distributed External Object Store
deos 76/udp Distributed External Object Store
# Robert Ullmann <ariel@world.std.com>
77/tcp any private RJE service
77/udp any private RJE service
# Jon Postel <postel@isi.edu>
vettcp 78/tcp vettcp
vettcp 78/udp vettcp
# Christopher Leong <leong@kolmod.mlo.dec.com>
finger 79/tcp Finger
finger 79/udp Finger
# David Zimmerman <dpz@RUTGERS.EDU>
www-http 80/tcp World Wide Web HTTP
www-http 80/udp World Wide Web HTTP
# Tim Berners-Lee <timbl@nxoc01.cern.ch>
hosts2-ns 81/tcp HOSTS2 Name Server

hosts2-ns 81/udp HOSTS2 Name Server
# Earl Killian <EAK@MORDOR.S1.GOV>
xfer 82/tcp XFER Utility
xfer 82/udp XFER Utility
# Thomas M. Smith <tmsmith@esc.syr.ge.com>
mit-ml-dev 83/tcp MIT ML Device
mit-ml-dev 83/udp MIT ML Device
# David Reed <--none--->
ctf 84/tcp Common Trace Facility
ctf 84/udp Common Trace Facility
# Hugh Thomas <thomas@oils.enet.dec.com>
mit-ml-dev 85/tcp MIT ML Device
mit-ml-dev 85/udp MIT ML Device
# David Reed <--none--->
mfcobol 86/tcp Micro Focus Cobol
mfcobol 86/udp Micro Focus Cobol
# Simon Edwards <--none--->
87/tcp any private terminal link
87/udp any private terminal link
# Jon Postel <postel@isi.edu>
kerberos 88/tcp Kerberos
kerberos 88/udp Kerberos
# B. Clifford Neuman <bcn@isi.edu>
su-mit-tg 89/tcp SU/MIT Telnet Gateway
su-mit-tg 89/udp SU/MIT Telnet Gateway
# Mark Crispin <MRC@PANDA.COM>
dnsix 90/tcp DNSIX Securit Attribute Token Map
dnsix 90/udp DNSIX Securit Attribute Token Map
# Charles Watt <watt@sware.com>
mit-dov 91/tcp MIT Dover Spooler
mit-dov 91/udp MIT Dover Spooler
# Eliot Moss <EBM@XX.LCS.MIT.EDU>
npp 92/tcp Network Printing Protocol
npp 92/udp Network Printing Protocol
# Louis Mamakos <louie@sayshell.umd.edu>
dcp 93/tcp Device Control Protocol
dcp 93/udp Device Control Protocol
# Daniel Tappan <Tappan@BBN.COM>
objcall 94/tcp Tivoli Object Dispatcher
objcall 94/udp Tivoli Object Dispatcher
# Tom Bereiter <--none--->
supdup 95/tcp SUPDUP
supdup 95/udp SUPDUP
# Mark Crispin <MRC@PANDA.COM>
dixie 96/tcp DIXIE Protocol Specification
dixie 96/udp DIXIE Protocol Specification
# Tim Howes <Tim.Howes@terminator.cc.umich.edu>
swift-rvf 97/tcp Swift Remote Vitural File Protocol

swift-rvf 97/udp Swift Remote Vitural File Protocol
# Maurice R. Turcotte
# <mailrus!uflorida!rm1!dnmrt%rmatl@uunet.UU.NET>
tacnews 98/tcp TAC News
tacnews 98/udp TAC News
# Jon Postel <postel@isi.edu>
metagram 99/tcp Metagram Relay
metagram 99/udp Metagram Relay
# Geoff Goodfellow <Geoff@FERNWOOD.MPK.CA.U>
newacct 100/tcp [unauthorized use]
hostname 101/tcp NIC Host Name Server
hostname 101/udp NIC Host Name Server
# Jon Postel <postel@isi.edu>
iso-tsap 102/tcp ISO-TSAP
iso-tsap 102/udp ISO-TSAP
# Marshall Rose <mrose@dbc.mtview.ca.us>
gppitnp 103/tcp Genesis Point-to-Point Trans Net
gppitnp 103/udp Genesis Point-to-Point Trans Net
acr-nema 104/tcp ACR-NEMA Digital Imag. & Comm. 300
acr-nema 104/udp ACR-NEMA Digital Imag. & Comm. 300
# Patrick McNamee <--none--->
csnet-ns 105/tcp Mailbox Name Nameserver
csnet-ns 105/udp Mailbox Name Nameserver
# Marvin Solomon <solomon@CS.WISC.EDU>
3com-tsmux 106/tcp 3COM-TSMUX
3com-tsmux 106/udp 3COM-TSMUX
# Jeremy Siegel <jzs@NSD.3Com.COM>
rtelnet 107/tcp Remote Telnet Service
rtelnet 107/udp Remote Telnet Service
# Jon Postel <postel@isi.edu>
snagas 108/tcp SNA Gateway Access Server
snagas 108/udp SNA Gateway Access Server
# Kevin Murphy <murphy@sevens.lkg.dec.com>
pop2 109/tcp Post Office Protocol - Version 2
pop2 109/udp Post Office Protocol - Version 2
# Joyce K. Reynolds <jkrey@isi.edu>
pop3 110/tcp Post Office Protocol - Version 3
pop3 110/udp Post Office Protocol - Version 3
# Marshall Rose <mrose@dbc.mtview.ca.us>
sunrpc 111/tcp SUN Remote Procedure Call
sunrpc 111/udp SUN Remote Procedure Call
# Chuck McManis <cmcmanis@sun.com>
mcidas 112/tcp McIDAS Data Transmission Protocol
mcidas 112/udp McIDAS Data Transmission Protocol
# Glenn Davis <davis@unidata.ucar.edu>
auth 113/tcp Authentication Service
auth 113/udp Authentication Service
# Mike St. Johns <stjohns@arpa.mil>

audionews 114/tcp Audio News Multicast
audionews 114/udp Audio News Multicast
# Martin Forssen <maf@dtek.chalmers.se>
sftp 115/tcp Simple File Transfer Protocol
sftp 115/udp Simple File Transfer Protocol
# Mark Lottor <MKL@nisc.sri.com>
ansanotify 116/tcp ANSA REX Notify
ansanotify 116/udp ANSA REX Notify
# Nicola J. Howarth <njh@ansa.co.uk>
uucp-path 117/tcp UUCP Path Service
uucp-path 117/udp UUCP Path Service
sqlserv 118/tcp SQL Services
sqlserv 118/udp SQL Services
# Larry Barnes <barnes@broke.enet.dec.com>
nntp 119/tcp Network News Transfer Protocol
nntp 119/udp Network News Transfer Protocol
# Phil Lapsley <phil@UCBARPA.BERKELEY.EDU>
cfdptkt 120/tcp CFDPTKT
cfdptkt 120/udp CFDPTKT
# John Ioannidis <ji@close.cs.columbia.ed>
erpc 121/tcp Encore Expedited Remote Pro.Call
erpc 121/udp Encore Expedited Remote Pro.Call
# Jack O'Neil <---none--->
smakynet 122/tcp SMAKYNET
smakynet 122/udp SMAKYNET
# Mike O'Dowd <odowd@ltisun8.epfl.ch>
ntp 123/tcp Network Time Protocol
ntp 123/udp Network Time Protocol
# Dave Mills <Mills@HUEY.UDEL.EDU>
ansatrader 124/tcp ANSA REX Trader
ansatrader 124/udp ANSA REX Trader
# Nicola J. Howarth <njh@ansa.co.uk>
locus-map 125/tcp Locus PC-Interface Net Map Ser
locus-map 125/udp Locus PC-Interface Net Map Ser
# Eric Peterson <lcc.eric@SEAS.UCLA.EDU>
unitary 126/tcp Unisys Unitary Login
unitary 126/udp Unisys Unitary Login
# <feil@kronos.nisd.cam.unisys.com>
locus-con 127/tcp Locus PC-Interface Conn Server
locus-con 127/udp Locus PC-Interface Conn Server
# Eric Peterson <lcc.eric@SEAS.UCLA.EDU>
gss-xlicen 128/tcp GSS X License Verification
gss-xlicen 128/udp GSS X License Verification
# John Light <johnl@gssc.gss.com>
pwdgen 129/tcp Password Generator Protocol
pwdgen 129/udp Password Generator Protocol
# Frank J. Wacho <WANCHO@WSMR-SIMTEL20.ARMY.MIL>
cisco-fna 130/tcp cisco FNATIVE

cisco-fna 130/udp cisco FNATIVE
cisco-tna 131/tcp cisco TNATIVE
cisco-tna 131/udp cisco TNATIVE
cisco-sys 132/tcp cisco SYSMAINT
cisco-sys 132/udp cisco SYSMAINT
statsrv 133/tcp Statistics Service
statsrv 133/udp Statistics Service
# Dave Mills <Mills@HUEY.UDEL.EDU>
ingres-net 134/tcp INGRES-NET Service
ingres-net 134/udp INGRES-NET Service
# Mike Berrow <---none--->
loc-srv 135/tcp Location Service
loc-srv 135/udp Location Service
# Joe Pato <apollo!pato@EDDIE.MIT.EDU>
profile 136/tcp PROFILE Naming System
profile 136/udp PROFILE Naming System
# Larry Peterson <llp@ARIZONA.EDU>
netbios-ns 137/tcp NETBIOS Name Service
netbios-ns 137/udp NETBIOS Name Service
netbios-dgm 138/tcp NETBIOS Datagram Service
netbios-dgm 138/udp NETBIOS Datagram Service
netbios-ssn 139/tcp NETBIOS Session Service
netbios-ssn 139/udp NETBIOS Session Service
# Jon Postel <postel@isi.edu>
emfis-data 140/tcp EMFIS Data Service
emfis-data 140/udp EMFIS Data Service
emfis-cntl 141/tcp EMFIS Control Service
emfis-cntl 141/udp EMFIS Control Service
# Gerd Beling <GBELING@ISI.EDU>
bl-idm 142/tcp Britton-Lee IDM
bl-idm 142/udp Britton-Lee IDM
# Susie Snitzer <---none--->
imap2 143/tcp Interim Mail Access Protocol v2
imap2 143/udp Interim Mail Access Protocol v2
# Mark Crispin <MRC@PANDA.COM>
news 144/tcp NewS
news 144/udp NewS
# James Gosling <JAG@SUN.COM>
uaac 145/tcp UAAC Protocol
uaac 145/udp UAAC Protocol
# David A. Gomberg <gomberg@GATEWAY.MITRE.ORG>
iso-tp0 146/tcp ISO-IP0
iso-tp0 146/udp ISO-IP0
iso-ip 147/tcp ISO-IP
iso-ip 147/udp ISO-IP
# Marshall Rose <mrose@dbc.mtview.ca.us>
cronus 148/tcp CRONUS-SUPPORT
cronus 148/udp CRONUS-SUPPORT

# Jeffrey Buffun <jbuffum@APOLLO.COM>
aed-512 149/tcp AED 512 Emulation Service
aed-512 149/udp AED 512 Emulation Service
# Albert G. Broscius <broscius@DSL.CIS.UPENN.EDU>
sql-net 150/tcp SQL-NET
sql-net 150/udp SQL-NET
# Martin Picard <<---none--->
hems 151/tcp HEMS
hems 151/udp HEMS
# Christopher Tengi <tengi@Princeton.EDU>
bftp 152/tcp Background File Transfer Program
bftp 152/udp Background File Transfer Program
# Annette DeSchon <DESCHON@ISI.EDU>
sgmp 153/tcp SGMP
sgmp 153/udp SGMP
# Marty Schoffstahl <schoff@NISC.NYSER.NET>
netsc-prod 154/tcp NETSC
netsc-prod 154/udp NETSC
netsc-dev 155/tcp NETSC
netsc-dev 155/udp NETSC
# Sergio Heker <heker@JVNCC.CSC.ORG>
sqlsrv 156/tcp SQL Service
sqlsrv 156/udp SQL Service
# Craig Rogers <Rogers@ISI.EDU>
knet-cmp 157/tcp KNET/VM Command/Message Protocol
knet-cmp 157/udp KNET/VM Command/Message Protocol
# Gary S. Malkin <GMALKIN@XYLOGICS.COM>
pcmail-srv 158/tcp PCMail Server
pcmail-srv 158/udp PCMail Server
# Mark L. Lambert <markl@PTT.LCS.MIT.EDU>
nss-routing 159/tcp NSS-Routing
nss-routing 159/udp NSS-Routing
# Yakov Rekhter <Yakov@IBM.COM>
sgmp-traps 160/tcp SGMP-TRAPS
sgmp-traps 160/udp SGMP-TRAPS
# Marty Schoffstahl <schoff@NISC.NYSER.NET>
snmp 161/tcp SNMP
snmp 161/udp SNMP
snmptrap 162/tcp SNMPTRAP
snmptrap 162/udp SNMPTRAP
# Marshall Rose <mrose@dbc.mtview.ca.us>
cmip-man 163/tcp CMIP/TCP Manager
cmip-man 163/udp CMIP/TCP Manager
cmip-agent 164/tcp CMIP/TCP Agent
smip-agent 164/udp CMIP/TCP Agent
# Amatzia Ben-Artzi <---none--->
xns-courier 165/tcp Xerox
xns-courier 165/udp Xerox

# Susie Armstrong <Armstrong.wbst128@XEROX.COM>
s-net 166/tcp Sirius Systems
s-net 166/udp Sirius Systems
# Brian Lloyd <---none--->
namp 167/tcp NAMP
namp 167/udp NAMP
# Marty Schoffstahl <schoff@NISC.NYSER.NET>
rsvd 168/tcp RSVD
rsvd 168/udp RSVD
# Neil Todd <mcvax!ist.co.uk!neil@UUNET.UU.NET>
send 169/tcp SEND
send 169/udp SEND
# William D. Wisner <wisner@HAYES.FAI.ALASKA.EDU>
print-srv 170/tcp Network PostScript
print-srv 170/udp Network PostScript
# Brian Reid <reid@DECWRL.DEC.COM>
multiplex 171/tcp Network Innovations Multiplex
multiplex 171/udp Network Innovations Multiplex
cl/1 172/tcp Network Innovations CL/1
cl/1 172/udp Network Innovations CL/1
# Kevin DeVault <<---none--->
xyplex-mux 173/tcp Xyplex
xyplex-mux 173/udp Xyplex
# Bob Stewart <STEWART@XYPLEX.COM>
mailq 174/tcp MAILQ
mailq 174/udp MAILQ
# Rayan Zachariassen <rayan@AI.TORONTO.EDU>
vmnet 175/tcp VMNET
vmnet 175/udp VMNET
# Christopher Tengi <tengi@Princeton.EDU>
genrad-mux 176/tcp GENRAD-MUX
genrad-mux 176/udp GENRAD-MUX
# Ron Thornton <thornton@qm7501.genrad.com>
xdmcp 177/tcp X Display Manager Control Protocol
xdmcp 177/udp X Display Manager Control Protocol
# Robert W. Scheifler <RWS@XX.LCS.MIT.EDU>
nextstep 178/tcp NextStep Window Server
NextStep 178/udp NextStep Window Server
# Leo Hourvitz <leo@NEXT.COM>
bgp 179/tcp Border Gateway Protocol
bgp 179/udp Border Gateway Protocol
# Kirk Lougheed <LOUGHEED@MATHOM.CISCO.COM>
ris 180/tcp Intergraph
ris 180/udp Intergraph
# Dave Buehmann <ingr!daveb@UUNET.UU.NET>
unify 181/tcp Unify
unify 181/udp Unify
# Vinod Singh <--none--->

audit 182/tcp Unisys Audit SITP
audit 182/udp Unisys Audit SITP
# Gil Greenbaum <gcole@nisd.cam.unisys.com>
ocbinder 183/tcp OCBinder
ocbinder 183/udp OCBinder
ocserver 184/tcp OCServer
ocserver 184/udp OCServer
# Jerrilynn Okamura <--none--->
remote-kis 185/tcp Remote-KIS
remote-kis 185/udp Remote-KIS
kis 186/tcp KIS Protocol
kis 186/udp KIS Protocol
# Ralph Droms <rdroms@NRI.RESTON.VA.US>
aci 187/tcp Application Communication Interface
aci 187/udp Application Communication Interface
# Rick Carlos <rick.ticipa.csc.ti.com>
mumps 188/tcp Plus Five's MUMPS
mumps 188/udp Plus Five's MUMPS
# Hokey Stenn <hokey@PLUS5.COM>
qft 189/tcp Queued File Transport
qft 189/udp Queued File Transport
# Wayne Schroeder <schroeder@SDS.SDSC.EDU>
gacp 190/tcp Gateway Access Control Protocol
cacp 190/udp Gateway Access Control Protocol
# C. Philip Wood <cpw@LANL.GOV>
prospero 191/tcp Prospero Directory Service
prospero 191/udp Prospero Directory Service
# B. Clifford Neuman <bcn@isi.edu>
osu-nms 192/tcp OSU Network Monitoring System
osu-nms 192/udp OSU Network Monitoring System
# Doug Karl <KARL-D@OSU-20.IRCC.OHIO-STATE.EDU>
srmp 193/tcp Spider Remote Monitoring Protocol
srmp 193/udp Spider Remote Monitoring Protocol
# Ted J. Socolofsky <Teds@SPIDER.CO.UK>
irc 194/tcp Internet Relay Chat Protocol
irc 194/udp Internet Relay Chat Protocol
# Jarkko Oikarinen <jto@TOLSUN.OULU.FI>
dn6-nlm-aud 195/tcp DNSIX Network Level Module Audit
dn6-nlm-aud 195/udp DNSIX Network Level Module Audit
dn6-smm-red 196/tcp DNSIX Session Mgt Module Audit Redir
dn6-smm-red 196/udp DNSIX Session Mgt Module Audit Redir
# Lawrence Lebahn <DIA3@PAXRV-NES.NAVY.MIL>
dls 197/tcp Directory Location Service
dls 197/udp Directory Location Service
dls-mon 198/tcp Directory Location Service Monitor
dls-mon 198/udp Directory Location Service Monitor
# Scott Bellew <smb@cs.purdue.edu>
smux 199/tcp SMUX

smux 199/udp SMUX
# Marshall Rose <mrose@dbc.mtview.ca.us>
src 200/tcp IBM System Resource Controller
src 200/udp IBM System Resource Controller
# Gerald McBrearty <---none--->
at-rtmp 201/tcp AppleTalk Routing Maintenance
at-rtmp 201/udp AppleTalk Routing Maintenance
at-nbp 202/tcp AppleTalk Name Binding
at-nbp 202/udp AppleTalk Name Binding
at-3 203/tcp AppleTalk Unused
at-3 203/udp AppleTalk Unused
at-echo 204/tcp AppleTalk Echo
at-echo 204/udp AppleTalk Echo
at-5 205/tcp AppleTalk Unused
at-5 205/udp AppleTalk Unused
at-zis 206/tcp AppleTalk Zone Information
at-zis 206/udp AppleTalk Zone Information
at-7 207/tcp AppleTalk Unused
at-7 207/udp AppleTalk Unused
at-8 208/tcp AppleTalk Unused
at-8 208/udp AppleTalk Unused
# Rob Chandhok <chandhok@gnome.cs.cmu.edu>
tam 209/tcp Trivial Authenticated Mail Protocol
tam 209/udp Trivial Authenticated Mail Protocol
# Dan Bernstein <brnstnd@stealth.acf.nyu.edu>
z39.50 210/tcp ANSI Z39.50
z39.50 210/udp ANSI Z39.50
# Mark Needleman
# <mhnur%uccmvsa.bitnet@cornell.cit.cornell.edu>
914c/g 211/tcp Texas Instruments 914C/G Terminal
914c/g 211/udp Texas Instruments 914C/G Terminal
# Bill Harrell <---none--->
anet 212/tcp ATEXSSTR
anet 212/udp ATEXSSTR
# Jim Taylor <taylor@heart.epps.kodak.com>
ipx 213/tcp IPX
ipx 213/udp IPX
# Don Provan <donp@xlnvax.novell.com>
vmpwscs 214/tcp VM PWSCS
vmpwscs 214/udp VM PWSCS
# Dan Shia <dset!shia@uunet.UU.NET>
softpc 215/tcp Insignia Solutions
softpc 215/udp Insignia Solutions
# Martyn Thomas <---none--->
atls 216/tcp Access Technology License Server
atls 216/udp Access Technology License Server
# Larry DeLuca <henrik@EDDIE.MIT.EDU>
dbase 217/tcp dBASE Unix

dbase 217/udp dBASE Unix
# Don Gibson
# <sequent!aero!twinsun!ashtate.A-T.COM!dong@uunet.UU.NET>
mpp 218/tcp Netix Message Posting Protocol
mpp 218/udp Netix Message Posting Protocol
# Shannon Yeh <yeh@netix.com>
uarps 219/tcp Unisys ARPs
uarps 219/udp Unisys ARPs
# Ashok Marwaha <---none--->
imap3 220/tcp Interactive Mail Access Protocol v3
imap3 220/udp Interactive Mail Access Protocol v3
# James Rice <RICE@SUMEX-AIM.STANFORD.EDU>
fln-spx 221/tcp Berkeley rlogind with SPX auth
fln-spx 221/udp Berkeley rlogind with SPX auth
rsh-spx 222/tcp Berkeley rshd with SPX auth
rsh-spx 222/udp Berkeley rshd with SPX auth
cdc 223/tcp Certificate Distribution Center
cdc 223/udp Certificate Distribution Center
# Kannan Alagappan <kannan@sejour.enet.dec.com>
# 224-241 Reserved
# Jon Postel <postel@isi.edu>
# 242/tcp Unassigned
# 242/udp Unassigned
sur-meas 243/tcp Survey Measurement
sur-meas 243/udp Survey Measurement
# Dave Clark <ddc@LCS.MIT.EDU>
# 244/tcp Unassigned
# 244/udp Unassigned
link 245/tcp LINK
link 245/udp LINK
dsp3270 246/tcp Display Systems Protocol
dsp3270 246/udp Display Systems Protocol
# Weldon J. Showalter <Gamma@MINTAKA.DCA.MIL>
# 247-255 Reserved
# Jon Postel <postel@isi.edu>
# 256-343 Unassigned
pdap 344/tcp Prospero Data Access Protocol
pdap 344/udp Prospero Data Access Protocol
# B. Clifford Neuman <bcn@isi.edu>
pawserv 345/tcp Perf Analysis Workbench
pawserv 345/udp Perf Analysis Workbench
zserv 346/tcp Zebra server
zserv 346/udp Zebra server
fatserv 347/tcp Fatmen Server
fatserv 347/udp Fatmen Server
csi-sgwp 348/tcp Cabletron Management Protocol
csi-sgwp 348/udp Cabletron Management Protocol
# 349-370 Unassigned

clearcase 371/tcp Clearcase
clearcase 371/udp Clearcase
# Dave LeBlang <leglang@atria.com>
ulistserv 372/tcp Unix Listserv
ulistserv 372/udp Unix Listserv
# Anastasios Kotsikonas <tasos@cs.bu.edu>
legent-1 373/tcp Legent Corporation
legent-1 373/udp Legent Corporation
legent-2 374/tcp Legent Corporation
legent-2 374/udp Legent Corporation
# Keith Boyce <---none--->
hassle 375/tcp Hassle
hassle 375/udp Hassle
# Reinhard Doelz <doelz@comp.bioz.unibas.ch>
nip 376/tcp Amiga Envoy Network Inquiry Proto
nip 376/udp Amiga Envoy Network Inquiry Proto
# Kenneth Dyke <kcd@cbmvax.cbm.commodore.com>
tnETOS 377/tcp NEC Corporation
tnETOS 377/udp NEC Corporation
dsETOS 378/tcp NEC Corporation
dsETOS 378/udp NEC Corporation
# Tomoo Fujita <tf@arc.bs1.fc.nec.co.jp>
is99c 379/tcp TIA/EIA/IS-99 modem client
is99c 379/udp TIA/EIA/IS-99 modem client
is99s 380/tcp TIA/EIA/IS-99 modem server
is99s 380/udp TIA/EIA/IS-99 modem server
# Frank Quick <fquick@qualcomm.com>
hp-collector 381/tcp hp performance data collector
hp-collector 381/udp hp performance data collector
hp-managed-node 382/tcp hp performance data managed node
hp-managed-node 382/udp hp performance data managed node
hp-alarm-mgr 383/tcp hp performance data alarm manager
hp-alarm-mgr 383/udp hp performance data alarm manager
# Frank Blakely <frankb@hpptc16.rose.hp.com>
arns 384/tcp A Remote Network Server System
arns 384/udp A Remote Network Server System
# David Hornsby <djh@munnari.OZ.AU>
ibm-app 385/tcp IBM Application
ibm-app 385/tcp IBM Application
# Lisa Tomita <---none--->
asa 386/tcp ASA Message Router Object Def.
asa 386/udp ASA Message Router Object Def.
# Steve Laitinen <laitinen@brutus.aa.ab.com>
aurp 387/tcp Appletalk Update-Based Routing Pro.
aurp 387/udp Appletalk Update-Based Routing Pro.
# Chris Ranch <cranch@novell.com>
unidata-ldm 388/tcp Unidata LDM Version 4
unidata-ldm 388/udp Unidata LDM Version 4

# Glenn Davis <davis@unidata.ucar.edu>
ldap 389/tcp Lightweight Directory Access Protocol
ldap 389/udp Lightweight Directory Access Protocol
# Tim Howes <Tim.Howes@terminator.cc.umich.edu>
uis 390/tcp UIS
uis 390/udp UIS
# Ed Barron <---none--->
synotics-relay 391/tcp SynOptics SNMP Relay Port
synotics-relay 391/udp SynOptics SNMP Relay Port
synotics-broker 392/tcp SynOptics Port Broker Port
synotics-broker 392/udp SynOptics Port Broker Port
# Illan Raab <iraab@synoptics.com>
dis 393/tcp Data Interpretation System
dis 393/udp Data Interpretation System
# Paul Stevens <pstevens@chinacat.Metaphor.COM>
embl-ndt 394/tcp EMBL Nucleic Data Transfer
embl-ndt 394/udp EMBL Nucleic Data Transfer
# Peter Gad <peter@bmc.uu.se>
netcp 395/tcp NETscout Control Protocol
netcp 395/udp NETscout Control Protocol
# Anil Singhal <---none--->
netware-ip 396/tcp Novell Netware over IP
netware-ip 396/udp Novell Netware over IP
mptn 397/tcp Multi Protocol Trans. Net.
mptn 397/udp Multi Protocol Trans. Net.
# Soumitra Sarkar <sarkar@vnet.ibm.com>
kryptolan 398/tcp Kryptolan
kryptolan 398/udp Kryptolan
# Peter de Laval <pdl@sectra.se>
# 399/tcp Unassigned
# 399/udp Unassigned
work-sol 400/tcp Workstation Solutions
work-sol 400/udp Workstation Solutions
# Jim Ward <jimw@worksta.com>
ups 401/tcp Uninterruptible Power Supply
ups 401/udp Uninterruptible Power Supply
# Guenther Seybold <gs@hrz.th-darmstadt.de>
genie 402/tcp Genie Protocol
genie 402/udp Genie Protocol
# Mark Hankin <---none--->
decap 403/tcp decap
decap 403/udp decap
nced 404/tcp nced
nced 404/udp nced
ncld 405/tcp ncld
ncld 405/udp ncld
# Richard Jones <---none--->
imsp 406/tcp Interactive Mail Support Protocol

imsp 406/udp Interactive Mail Support Protocol
# John Myers <jgm+@cmu.edu>
timbuktu 407/tcp Timbuktu
timbuktu 407/udp Timbuktu
# Marc Epard <marc@waygate.farallon.com>
prm-sm 408/tcp Prospero Resource Manager Sys. Man.
prm-sm 408/udp Prospero Resource Manager Sys. Man.
prm-nm 409/tcp Prospero Resource Manager Node Man.
prm-nm 409/udp Prospero Resource Manager Node Man.
# B. Clifford Neuman <bcn@isi.edu>
decladebug 410/tcp DECLadebug Remote Debug Protocol
decladebug 410/udp DECLadebug Remote Debug Protocol
# Anthony Berent <berent@rdgeng.enet.dec.com>
rmt 411/tcp Remote MT Protocol
rmt 411/udp Remote MT Protocol
# Peter Eriksson <pen@lysator.liu.se>
synoptics-trap 412/tcp Trap Convention Port
synoptics-trap 412/udp Trap Convention Port
# Illan Raab <iraab@synoptics.com>
smsp 413/tcp SMSP
smsp 413/udp SMSP
infoseek 414/tcp InfoSeek
infoseek 414/udp InfoSeek
# Steve Kirsch <stk@frame.com>
bnet 415/tcp BNet
bnet 415/udp BNet
# Jim Mertz <JMertz+RV09@rvdc.unisys.com>
silverplatter 416/tcp Silverplatter
silverplatter 416/udp Silverplatter
# Peter Ciuffetti <petec@silverplatter.com>
onmux 417/tcp Onmux
onmux 417/udp Onmux
# Stephen Hanna <hanna@world.std.com>
hyper-g 418/tcp Hyper-G
hyper-g 418/udp Hyper-G
# Frank Kappe <fkappe@iicm.tu-graz.ac.at>
ariel1 419/tcp Ariel
ariel1 419/udp Ariel
# Jonathan Lavigne <BL.JPL@RLG.Stanford.EDU>
smpte 420/tcp SMPTE
smpte 420/udp SMPTE
# Si Becker <71362.22@CompuServe.COM>
ariel2 421/tcp Ariel
ariel2 421/udp Ariel
ariel3 422/tcp Ariel
ariel3 422/udp Ariel
# Jonathan Lavigne <BL.JPL@RLG.Stanford.EDU>
opc-job-start 423/tcp IBM Operations Planning and Control Start

opc-job-start 423/udp IBM Operations Planning and Control Start
opc-job-track 424/tcp IBM Operations Planning and Control Track
opc-job-track 424/udp IBM Operations Planning and Control Track
# Conny Larsson <cocke@VNET.IBM.COM>
icad-el 425/tcp ICAD
icad-el 425/udp ICAD
# Larry Stone <lcs@icad.com>
smartsdp 426/tcp smartsdp
smartsdp 426/udp smartsdp
# Alexander Dupuy <dupuy@smarts.com>
svrloc 427/tcp Server Location
svrloc 427/udp Server Location
# <veizades@ftp.com>
ocs_cmu 428/tcp OCS_CMU
ocs_cmu 428/udp OCS_CMU
ocs_amu 429/tcp OCS_AMU
ocs_amu 429/udp OCS_AMU
# Florence Wyman <wyman@peabody.plk.af.mil>
utmpsd 430/tcp UTMPSD
utmpsd 430/udp UTMPSD
utmpcd 431/tcp UTMPCD
utmpcd 431/udp UTMPCD
iasd 432/tcp IASD
iasd 432/udp IASD
# Nir Baroz <nbaroz@encore.com>
nnsp 433/tcp NNSP
nnsp 433/udp NNSP
# Rob Robertson <rob@gangrene.berkeley.edu>
mobileip-agent 434/tcp MobileIP-Agent
mobileip-agent 434/udp MobileIP-Agent
mobilip-mn 435/tcp MobilIP-MN
mobilip-mn 435/udp MobilIP-MN
# Kannan Alagappan <kannan@sejour.lkg.dec.com>
dna-cml 436/tcp DNA-CML
dna-cml 436/udp DNA-CML
# Dan Flowers <flowers@smaug.lkg.dec.com>
comscm 437/tcp comscm
comscm 437/udp comscm
# Jim Teague <teague@zso.dec.com>
dsfgw 438/tcp dsfgw
dsfgw 438/udp dsfgw
# Andy McKeen <mckeen@osf.org>
dasp 439/tcp dasp Thomas Obermair
dasp 439/udp dasp tommy@inlab.m.eunet.de
# Thomas Obermair <tommy@inlab.m.eunet.de>
sgcp 440/tcp sgcp
sgcp 440/udp sgcp
# Marshall Rose <mrose@dbc.mtview.ca.us>

decvms-sysmgt 441/tcp decvms-sysmgt
decvms-sysmgt 441/udp decvms-sysmgt
# Lee Barton <barton@star.enet.dec.com>
cvc_hostd 442/tcp cvc_hostd
cvc_hostd 442/udp cvc_hostd
# Bill Davidson <billd@equalizer.cray.com>
https 443/tcp https MCom
https 443/udp https MCom
# Kipp E.B. Hickman <kipp@mcom.com>
snpp 444/tcp Simple Network Paging Protocol
snpp 444/udp Simple Network Paging Protocol
# [RFC1568]
microsoft-ds 445/tcp Microsoft-DS
microsoft-ds 445/udp Microsoft-DS
# Arnold Miller <arnoldm@microsoft.com>
ddm-rdb 446/tcp DDM-RDB
ddm-rdb 446/udp DDM-RDB
ddm-dfm 447/tcp DDM-RFM
ddm-dfm 447/udp DDM-RFM
ddm-byte 448/tcp DDM-BYTE
ddm-byte 448/udp DDM-BYTE
# Jan David Fisher <jdfisher@VNET.IBM.COM>
as-servermap 449/tcp AS Server Mapper
as-servermap 449/udp AS Server Mapper
# Barbara Foss <BGFOSS@rchvmv.vnet.ibm.com>
tserver 450/tcp TServer
tserver 450/udp TServer
# Harvey S. Schultz <hss@mtgzfs3.mt.att.com>
# 451-511 Unassigned
exec 512/tcp remote process execution;
# authentication performed using
# passwords and UNIX loppgin names
biff 512/udp used by mail system to notify users
# of new mail received; currently
# receives messages only from
# processes on the same machine
login 513/tcp remote login a la telnet;
# automatic authentication performed
# based on priviledged port numbers
# and distributed data bases which
# identify "authentication domains"
who 513/udp maintains data bases showing who's
# logged in to machines on a local
# net and the load average of the
# machine
cmd 514/tcp like exec, but automatic
# authentication is performed as for
# login server

syslog 514/udp
printer 515/tcp spooler
printer 515/udp spooler
# 516/tcp Unassigned
# 516/udp Unassigned
talk 517/tcp like tenex link, but across
# machine - unfortunately, doesn't
# use link protocol (this is actually
# just a rendezvous port from which a
# tcp connection is established)
talk 517/udp like tenex link, but across
# machine - unfortunately, doesn't
# use link protocol (this is actually
# just a rendezvous port from which a
tcp connection is established)
ntalk 518/tcp
ntalk 518/udp
utime 519/tcp unixtime
utime 519/udp unixtime
efs 520/tcp extended file name server
router 520/udp local routing process (on site);
# uses variant of Xerox NS routing
# information protocol
# 521-524 Unassigned
timed 525/tcp timeserver
timed 525/udp timeserver
tempo 526/tcp newdate
tempo 526/udp newdate
# 527-529 Unassigned
courier 530/tcp rpc
courier 530/udp rpc
conference 531/tcp chat
conference 531/udp chat
netnews 532/tcp readnews
netnews 532/udp readnews
netwall 533/tcp for emergency broadcasts
netwall 533/udp for emergency broadcasts
# 534-538 Unassigned
apertus-ldp 539/tcp Apertus Technologies Load Determination
apertus-ldp 539/udp Apertus Technologies Load Determination
uucp 540/tcp uucpd
uucp 540/udp uucpd
uucp-rlogin 541/tcp uucp-rlogin Stuart Lynne
uucp-rlogin 541/udp uucp-rlogin sl@wimsey.com
# 542/tcp Unassigned
# 542/udp Unassigned
klogin 543/tcp
klogin 543/udp

kshell 544/tcp krcmd
kshell 544/udp krcmd
# 545-549 Unassigned
new-rwho 550/tcp new-who
new-rwho 550/udp new-who
# 551-555 Unassigned
dsf 555/tcp
dsf 555/udp
remotefs 556/tcp rfs server
remotefs 556/udp rfs server
# 557-559 Unassigned
rmonitor 560/tcp rmonitord
rmonitor 560/udp rmonitord
monitor 561/tcp
monitor 561/udp
chshell 562/tcp chcmd
chshell 562/udp chcmd
# 563/tcp Unassigned
# 563/udp Unassigned
9pfs 564/tcp plan 9 file service
9pfs 564/udp plan 9 file service
whoami 565/tcp whoami
whoami 565/udp whoami
# 566-569 Unassigned
meter 570/tcp demon
meter 570/udp demon
meter 571/tcp udemon
meter 571/udp udemon
# 572-599 Unassigned
ipcserver 600/tcp Sun IPC server
ipcserver 600/udp Sun IPC server
nqs 607/tcp nqs
nqs 607/udp nqs
urm 606/tcp Cray Unified Resource Manager
urm 606/udp Cray Unified Resource Manager
# Bill Schiefelbein <schief@aspen.cray.com>
sift-uft 608/tcp Sender-Initiated/Unsolicited File Transfer
sift-uft 608/udp Sender-Initiated/Unsolicited File Transfer
# Rick Troth <troth@rice.edu>
npmp-trap 609/tcp npmp-trap
npmp-trap 609/udp npmp-trap
npmp-local 610/tcp npmp-local
npmp-local 610/udp npmp-local
npmp-gui 611/tcp npmp-gui
npmp-gui 611/udp npmp-gui
# John Barnes <jbarnes@crl.com>
ginad 634/tcp ginad
ginad 634/udp ginad

# Mark Crother <mark@eis.calstate.edu>
mdqs 666/tcp
mdqs 666/udp
doom 666/tcp doom Id Software
doom 666/tcp doom Id Software
# <ddt@idcube.idsoftware.com>
elcsd 704/tcp errlog copy/server daemon
elcsd 704/udp errlog copy/server daemon

entrustmanager 709/tcp EntrustManager
entrustmanager 709/udp EntrustManager
# Peter Whittaker <pww@bnr.ca>
netviewdm1 729/tcp IBM NetView DM/6000 Server/Client
netviewdm1 729/udp IBM NetView DM/6000 Server/Client
netviewdm2 730/tcp IBM NetView DM/6000 send/tcp
netviewdm2 730/udp IBM NetView DM/6000 send/tcp
netviewdm3 731/tcp IBM NetView DM/6000 receive/tcp
netviewdm3 731/udp IBM NetView DM/6000 receive/tcp
# Philippe Binet (phbinet@vnet.IBM.COM)
netgw 741/tcp netGW
netgw 741/udp netGW
netrcs 742/tcp Network based Rev. Cont. Sys.
netrcs 742/udp Network based Rev. Cont. Sys.
# Gordon C. Galligher <gorpong@ping.chi.il.us>
flexlm 744/tcp Flexible License Manager
flexlm 744/udp Flexible License Manager
# Matt Christiano
# <globes@matt@oliveb.atc.olivetti.com>
fujitsu-dev 747/tcp Fujitsu Device Control
fujitsu-dev 747/udp Fujitsu Device Control
ris-cm 748/tcp Russell Info Sci Calendar Manager
ris-cm 748/udp Russell Info Sci Calendar Manager
kerberos-adm 749/tcp kerberos administration
kerberos-adm 749/udp kerberos administration
rfile 750/tcp
loadav 750/udp
pump 751/tcp
pump 751/udp
qrh 752/tcp
qrh 752/udp
rrh 753/tcp
rrh 753/udp
tell 754/tcp send
tell 754/udp send
nlogin 758/tcp
nlogin 758/udp
con 759/tcp
con 759/udp

ns 760/tcp
ns 760/udp
rxe 761/tcp
rxe 761/udp
quotad 762/tcp
quotad 762/udp
cycleserv 763/tcp
cycleserv 763/udp
omserv 764/tcp
omserv 764/udp
webster 765/tcp
webster 765/udp
phonebook 767/tcp phone
phonebook 767/udp phone
vid 769/tcp
vid 769/udp
cadlock 770/tcp
cadlock 770/udp
rtip 771/tcp
rtip 771/udp
cycleserv2 772/tcp
cycleserv2 772/udp
submit 773/tcp
notify 773/udp
rpasswd 774/tcp
acmaint_dbd 774/udp
entomb 775/tcp
acmaint_transd 775/udp
wpages 776/tcp
wpages 776/udp
wpgs 780/tcp
wpgs 780/udp
concert 786/tcp Concert
concert 786/udp Concert
# Josyula R. Rao <jrrao@watson.ibm.com>
mdbs_daemon 800/tcp
mdbs_daemon 800/udp
device 801/tcp
device 801/udp
xtreelic 996/tcp Central Point Software
xtreelic 996/udp Central Point Software
# Dale Cabell <dacabell@smtp.xtree.com>
maitrd 997/tcp
maitrd 997/udp
busboy 998/tcp
puparp 998/udp
garcon 999/tcp
applix 999/udp Applix ac

puprouter 999/tcp
puprouter 999/udp
cadlock 1000/tcp
ock 1000/udp
1023/tcp Reserved
1024/udp Reserved
# IANA <iana@isi.edu>

REGISTERED PORT NUMBERS

The Registered Ports are not controlled by the IANA and on most
systems can be used by ordinary user processes or programs executed by
ordinary users.

Ports are used in the TCP [RFC793] to name the ends of logical
connections which carry long term conversations. For the purpose of
providing services to unknown callers, a service contact port is
defined. This list specifies the port used by the server process as
its contact port. While the IANA can not control uses of these ports
it does register or list uses of these ports as a convienence to the
community.

To the extent possible, these same port assignments are used with the
UDP [RFC768].

The Registered Ports are in the range 1024-65535.

Port Assignments:

Keyword Decimal Description References
------- ------- ----------- ----------
1024/tcp Reserved
1024/udp Reserved
# IANA <iana@isi.edu>
blackjack 1025/tcp network blackjack
blackjack 1025/udp network blackjack
iad1 1030/tcp BBN IAD
iad1 1030/udp BBN IAD
iad2 1031/tcp BBN IAD
iad2 1031/udp BBN IAD
iad3 1032/tcp BBN IAD
iad3 1032/udp BBN IAD
# Andy Malis <malis_a@timeplex.com>
instl_boots 1067/tcp Installation Bootstrap Proto. Serv.
instl_boots 1067/udp Installation Bootstrap Proto. Serv.
instl_bootc 1068/tcp Installation Bootstrap Proto. Cli.

instl_bootc 1068/udp Installation Bootstrap Proto. Cli.
# David Arko <<darko@hpfcrn.fc.hp.com>
socks 1080/tcp Socks
socks 1080/udp Socks
# Ying-Da Lee <ylee@syl.dl.nec.com
ansoft-lm-1 1083/tcp Anasoft License Manager
ansoft-lm-1 1083/udp Anasoft License Manager
ansoft-lm-2 1084/tcp Anasoft License Manager
ansoft-lm-2 1084/udp Anasoft License Manager
nfa 1155/tcp Network File Access
nfa 1155/udp Network File Access
# James Powell <james@mailhost.unidata.com>
nerv 1222/tcp SNI R&D network
nerv 1222/udp SNI R&D network
# Martin Freiss <freiss.pad@sni.de>
hermes 1248/tcp
hermes 1248/udp
alta-ana-lm 1346/tcp Alta Analytics License Manager
alta-ana-lm 1346/udp Alta Analytics License Manager
bbn-mmc 1347/tcp multi media conferencing
bbn-mmc 1347/udp multi media conferencing
bbn-mmx 1348/tcp multi media conferencing
bbn-mmx 1348/udp multi media conferencing
sbook 1349/tcp Registration Network Protocol
sbook 1349/udp Registration Network Protocol
editbench 1350/tcp Registration Network Protocol
editbench 1350/udp Registration Network Protocol
# Simson L. Garfinkel <simsong@next.cambridge.ma.us>
equationbuilder 1351/tcp Digital Tool Works (MIT)
equationbuilder 1351/udp Digital Tool Works (MIT)
# Terrence J. Talbot <lexcube!tjt@bu.edu>
lotusnote 1352/tcp Lotus Note
lotusnote 1352/udp Lotus Note
# Greg Pflaum <iris.com!Greg_Pflaum@uunet.uu.net>
relief 1353/tcp Relief Consulting
relief 1353/udp Relief Consulting
# John Feiler <relief!jjfeiler@uu2.psi.com>
rightbrain 1354/tcp RightBrain Software
rightbrain 1354/udp RightBrain Software
# Glenn Reid <glann@rightbrain.com>
intuitive edge 1355/tcp Intuitive Edge
intuitive edge 1355/udp Intuitive Edge
# Montgomery Zukowski
# <monty@nextnorth.acs.ohio-state.edu>
cuillamartin 1356/tcp CuillaMartin Company
cuillamartin 1356/udp CuillaMartin Company
pegboard 1357/tcp Electronic PegBoard
pegboard 1357/udp Electronic PegBoard

# Chris Cuilla
# <balr!vpnet!cuilla!chris@clout.chi.il.us>
connlcli 1358/tcp CONNLCLI
connlcli 1358/udp CONNLCLI
ftsrv 1359/tcp FTSRV
ftsrv 1359/udp FTSRV
# Ines Homem de Melo <sidinf@brfapesp.bitnet>
mimer 1360/tcp MIMER
mimer 1360/udp MIMER
# Per Schroeder <Per.Schroder@mimer.se>
linx 1361/tcp LinX
linx 1361/udp LinX
# Steffen Schilke <---none--->
timeflies 1362/tcp TimeFlies
timeflies 1362/udp TimeFlies
# Doug Kent <mouthers@slugg@nwnexus.wa.com>
ndm-requester 1363/tcp Network DataMover Requester
ndm-requester 1363/udp Network DataMover Requester
ndm-server 1364/tcp Network DataMover Server
ndm-server 1364/udp Network DataMover Server
# Toshio Watanabe
# <watanabe@godzilla.rsc.spdd.ricoh.co.j>
adapt-sna 1365/tcp Network Software Associates
adapt-sna 1365/udp Network Software Associates
# Jeffery Chiao <714-768-401>
netware-csp 1366/tcp Novell NetWare Comm Service Platform
netware-csp 1366/udp Novell NetWare Comm Service Platform
# Laurie Lindsey <llindsey@novell.com>
dcs 1367/tcp DCS
dcs 1367/udp DCS
# Stefan Siebert <ssiebert@dcs.de>
screencast 1368/tcp ScreenCast
screencast 1368/udp ScreenCast
# Bill Tschumy <other!bill@uunet.UU.NET>
gv-us 1369/tcp GlobalView to Unix Shell
gv-us 1369/udp GlobalView to Unix Shell
us-gv 1370/tcp Unix Shell to GlobalView
us-gv 1370/udp Unix Shell to GlobalView
# Makoto Mita <mita@ssdev.ksp.fujixerox.co.jp>
fc-cli 1371/tcp Fujitsu Config Protocol
fc-cli 1371/udp Fujitsu Config Protocol
fc-ser 1372/tcp Fujitsu Config Protocol
fc-ser 1372/udp Fujitsu Config Protocol
# Ryuichi Horie <horie@spad.sysrap.cs.fujitsu.co.jp>
chromagrafx 1373/tcp Chromagrafx
chromagrafx 1373/udp Chromagrafx
# Mike Barthelemy <msb@chromagrafx.com>
molly 1374/tcp EPI Software Systems

molly 1374/udp EPI Software Systems
# Jim Vlcek <vlcek@epimbe.com>
bytex 1375/tcp Bytex
bytex 1375/udp Bytex
# Mary Ann Burt <bytex!ws054!maryann@uunet.UU.NET>
ibm-pps 1376/tcp IBM Person to Person Software
ibm-pps 1376/udp IBM Person to Person Software
# Simon Phipps <sphipps@vnet.ibm.com>
cichlid 1377/tcp Cichlid License Manager
cichlid 1377/udp Cichlid License Manager
# Andy Burgess <aab@cichlid.com>
elan 1378/tcp Elan License Manager
elan 1378/udp Elan License Manager
# Ken Greer <kg@elan.com>
dbreporter 1379/tcp Integrity Solutions
dbreporter 1379/udp Integrity Solutions
# Tim Dawson <tdawson%mspboss@uunet.UU.NET>
telesis-licman 1380/tcp Telesis Network License Manager
telesis-licman 1380/udp Telesis Network License Manager
# Karl Schendel, Jr. <wiz@telesis.com>
apple-licman 1381/tcp Apple Network License Manager
apple-licman 1381/udp Apple Network License Manager
# Earl Wallace <earlw@apple.com>
udt_os 1382/tcp
udt_os 1382/udp
gwha 1383/tcp GW Hannaway Network License Manager
gwha 1383/udp GW Hannaway Network License Manager
# J. Gabriel Foster <fop@gwha.com>
os-licman 1384/tcp Objective Solutions License Manager
os-licman 1384/udp Objective Solutions License Manager
# Donald Cornwell <don.cornwell@objective.com>
atex_elmd 1385/tcp Atex Publishing License Manager
atex_elmd 1385/udp Atex Publishing License Manager
# Brett Sorenson <bcs@atex.com>
checksum 1386/tcp CheckSum License Manager
checksum 1386/udp CheckSum License Manager
# Andreas Glocker <glocker@sirius.com>
cadsi-lm 1387/tcp Computer Aided Design Software Inc LM
cadsi-lm 1387/udp Computer Aided Design Software Inc LM
# Sulistio Muljadi
objective-dbc 1388/tcp Objective Solutions DataBase Cache
objective-dbc 1388/udp Objective Solutions DataBase Cache
# Donald Cornwell
iclpv-dm 1389/tcp Document Manager
iclpv-dm 1389/udp Document Manager
iclpv-sc 1390/tcp Storage Controller
iclpv-sc 1390/udp Storage Controller
iclpv-sas 1391/tcp Storage Access Server

iclpv-sas 1391/udp Storage Access Server
iclpv-pm 1392/tcp Print Manager
iclpv-pm 1392/udp Print Manager
iclpv-nls 1393/tcp Network Log Server
iclpv-nls 1393/udp Network Log Server
iclpv-nlc 1394/tcp Network Log Client
iclpv-nlc 1394/udp Network Log Client
iclpv-wsm 1395/tcp PC Workstation Manager software
iclpv-wsm 1395/udp PC Workstation Manager software
# A.P. Hobson <A.P.Hobson@bra0112.wins.icl.co.uk>
dvl-activemail 1396/tcp DVL Active Mail
dvl-activemail 1396/udp DVL Active Mail
audio-activmail 1397/tcp Audio Active Mail
audio-activmail 1397/udp Audio Active Mail
video-activmail 1398/tcp Video Active Mail
video-activmail 1398/udp Video Active Mail
# Ehud Shapiro <udi@wisdon.weizmann.ac.il>
cadkey-licman 1399/tcp Cadkey License Manager
cadkey-licman 1399/udp Cadkey License Manager
cadkey-tablet 1400/tcp Cadkey Tablet Daemon
cadkey-tablet 1400/udp Cadkey Tablet Daemon
# Joe McCollough <joe@cadkey.com>
goldleaf-licman 1401/tcp Goldleaf License Manager
goldleaf-licman 1401/udp Goldleaf License Manager
# John Fox <---none--->
prm-sm-np 1402/tcp Prospero Resource Manager
prm-sm-np 1402/udp Prospero Resource Manager
prm-nm-np 1403/tcp Prospero Resource Manager
prm-nm-np 1403/udp Prospero Resource Manager
# B. Clifford Neuman <bcn@isi.edu>
igi-lm 1404/tcp Infinite Graphics License Manager
igi-lm 1404/udp Infinite Graphics License Manager
ibm-res 1405/tcp IBM Remote Execution Starter
ibm-res 1405/udp IBM Remote Execution Starter
netlabs-lm 1406/tcp NetLabs License Manager
netlabs-lm 1406/udp NetLabs License Manager
dbsa-lm 1407/tcp DBSA License Manager
dbsa-lm 1407/udp DBSA License Manager
# Scott Shattuck <ss@dbsa.com>
sophia-lm 1408/tcp Sophia License Manager
sophia-lm 1408/udp Sophia License Manager
# Eric Brown <sst!emerald!eric@uunet.UU.net>
here-lm 1409/tcp Here License Manager
here-lm 1409/udp Here License Manager
# David Ison <here@dialup.oar.net>
hiq 1410/tcp HiQ License Manager
hiq 1410/udp HiQ License Manager
# Rick Pugh <rick@bilmillennium.com>

af 1411/tcp AudioFile
af 1411/udp AudioFile
# Jim Gettys <jg@crl.dec.com>
innosys 1412/tcp InnoSys
innosys 1412/udp InnoSys
innosys-acl 1413/tcp Innosys-ACL
innosys-acl 1413/udp Innosys-ACL
# Eric Welch <--none--->
ibm-mqseries 1414/tcp IBM MQSeries
ibm-mqseries 1414/udp IBM MQSeries
# Roger Meli <rmmeli%winvmd@vnet.ibm.com>
dbstar 1415/tcp DBStar
dbstar 1415/udp DBStar
# Jeffrey Millman <jcm@dbstar.com>
novell-lu6.2 1416/tcp Novell LU6.2
novell-lu6.2 1416/udp Novell LU6.2
# Peter Liu <--none--->
timbuktu-srv1 1417/tcp Timbuktu Service 1 Port
timbuktu-srv1 1417/tcp Timbuktu Service 1 Port
timbuktu-srv2 1418/tcp Timbuktu Service 2 Port
timbuktu-srv2 1418/udp Timbuktu Service 2 Port
timbuktu-srv3 1419/tcp Timbuktu Service 3 Port
timbuktu-srv3 1419/udp Timbuktu Service 3 Port
timbuktu-srv4 1420/tcp Timbuktu Service 4 Port
timbuktu-srv4 1420/udp Timbuktu Service 4 Port
# Marc Epard <marc@waygate.farallon.com>
gandalf-lm 1421/tcp Gandalf License Manager
gandalf-lm 1421/udp Gandalf License Manager
# gilmer@gandalf.ca
autodesk-lm 1422/tcp Autodesk License Manager
autodesk-lm 1422/udp Autodesk License Manager
# David Ko <dko@autodesk.com>
essbase 1423/tcp Essbase Arbor Software
essbase 1423/udp Essbase Arbor Software
hybrid 1424/tcp Hybrid Encryption Protocol
hybrid 1424/udp Hybrid Encryption Protocol
# Howard Hart <hch@hybrid.com>
zion-lm 1425/tcp Zion Software License Manager
zion-lm 1425/udp Zion Software License Manager
# David Ferrero <david@zion.com>
sas-1 1426/tcp Satellite-data Acquisition System 1
sas-1 1426/udp Satellite-data Acquisition System 1
# Bill Taylor <sais@ssec.wisc.edu>
mloadd 1427/tcp mloadd monitoring tool
mloadd 1427/udp mloadd monitoring tool
# Bob Braden <braden@isi.edu>
informatik-lm 1428/tcp Informatik License Manager
informatik-lm 1428/udp Informatik License Manager

# Harald Schlangmann
# <schlangm@informatik.uni-muenchen.de>
nms 1429/tcp Hypercom NMS
nms 1429/udp Hypercom NMS
tpdu 1430/tcp Hypercom TPDU
tpdu 1430/udp Hypercom TPDU
# Noor Chowdhury <noor@hypercom.com>
rgtp 1431/tcp Reverse Gosip Transport
rgtp 1431/udp Reverse Gosip Transport
# <iwj10@cl.cam-orl.co.uk>
blueberry-lm 1432/tcp Blueberry Software License Manager
blueberry-lm 1432/udp Blueberry Software License Manager
# Steve Beigel <ublueb!steve@uunet.uu.net>
ms-sql-s 1433/tcp Microsoft-SQL-Server
ms-sql-s 1433/udp Microsoft-SQL-Server
ms-sql-m 1434/tcp Microsoft-SQL-Monitor
ms-sql-m 1434/udp Microsoft-SQL-Monitor
# Peter Hussey <peterhus@microsoft.com>
ibm-cics 1435/tcp IBM CISC
ibm-cics 1435/udp IBM CISC
# Geoff Meacock <gbibmswl@ibmmail.COM>
sas-2 1436/tcp Satellite-data Acquisition System 2
sas-2 1436/udp Satellite-data Acquisition System 2
# Bill Taylor <sais@ssec.wisc.edu>
tabula 1437/tcp Tabula
tabula 1437/udp Tabula
# Marcelo Einhorn
# <KGUNE%HUJIVM1.bitnet@taunivm.tau.ac.il>
eicon-server 1438/tcp Eicon Security Agent/Server
eicon-server 1438/udp Eicon Security Agent/Server
eicon-x25 1439/tcp Eicon X25/SNA Gateway
eicon-x25 1439/udp Eicon X25/SNA Gateway
eicon-slp 1440/tcp Eicon Service Location Protocol
eicon-slp 1440/udp Eicon Service Location Protocol
# Pat Calhoun <CALHOUN@admin.eicon.qc.ca>
cadis-1 1441/tcp Cadis License Management
cadis-1 1441/udp Cadis License Management
cadis-2 1442/tcp Cadis License Management
cadis-2 1442/udp Cadis License Management
# Todd Wichers <twichers@csn.org>
ies-lm 1443/tcp Integrated Engineering Software
ies-lm 1443/udp Integrated Engineering Software
# David Tong <David_Tong@integrated.mb.ca>
marcam-lm 1444/tcp Marcam License Management
marcam-lm 1444/udp Marcam License Management
# Therese Hunt <hunt@marcam.com>
proxima-lm 1445/tcp Proxima License Manager
proxima-lm 1445/udp Proxima License Manager

ora-lm 1446/tcp Optical Research Associates License Manager
ora-lm 1446/udp Optical Research Associates License Manager
apri-lm 1447/tcp Applied Parallel Research LM
apri-lm 1447/udp Applied Parallel Research LM
# Jim Dillon <jed@apri.com>
oc-lm 1448/tcp OpenConnect License Manager
oc-lm 1448/udp OpenConnect License Manager
# Sue Barnhill <snb@oc.com>
peport 1449/tcp PEport
peport 1449/udp PEport
# Qentin Neill <quentin@ColumbiaSC.NCR.COM>
dwf 1450/tcp Tandem Distributed Workbench Facility
dwf 1450/udp Tandem Distributed Workbench Facility
# Mike Bert <BERG_MIKE@tandem.com>
infoman 1451/tcp IBM Information Management
infoman 1451/udp IBM Information Management
# Karen Burns <---none--->
gtegsc-lm 1452/tcp GTE Government Systems License Man
gtegsc-lm 1452/udp GTE Government Systems License Man
# Mike Gregory <Gregory_Mike@msmail.iipo.gtegsc.com>
genie-lm 1453/tcp Genie License Manager
genie-lm 1453/udp Genie License Manager
# Paul Applegate <p.applegate2@genie.geis.com>
interhdl_elmd 1454/tcp interHDL License Manager
interhdl_elmd 1454/tcp interHDL License Manager
# Eli Sternheim eli@interhdl.com
esl-lm 1455/tcp ESL License Manager
esl-lm 1455/udp ESL License Manager
# Abel Chou <abel@willy.esl.com>
dca 1456/tcp DCA
dca 1456/udp DCA
# Jeff Garbers <jgarbers@netcom.com>
valisys-lm 1457/tcp Valisys License Manager
valisys-lm 1457/udp Valisys License Manager
# Leslie Lincoln <leslie_lincoln@valisys.com>
nrcabq-lm 1458/tcp Nichols Research Corp.
nrcabq-lm 1458/udp Nichols Research Corp.
# Howard Cole <hcole@tumbleweed.nrcabq.com>
proshare1 1459/tcp Proshare Notebook Application
proshare1 1459/udp Proshare Notebook Application
proshare2 1460/tcp Proshare Notebook Application
proshare2 1460/udp Proshare Notebook Application
# Robin Kar <Robin_Kar@ccm.hf.intel.com>
ibm_wrless_lan 1461/tcp IBM Wireless LAN
ibm_wrless_lan 1461/udp IBM Wireless LAN
# <flanne@vnet.IBM.COM>
world-lm 1462/tcp World License Manager
world-lm 1462/udp World License Manager

# Michael S Amirault <ambi@world.std.com>
nucleus 1463/tcp Nucleus
nucleus 1463/udp Nucleus
# Venky Nagar <venky@fafner.Stanford.EDU>
msl_lmd 1464/tcp MSL License Manager
msl_lmd 1464/udp MSL License Manager
# Matt Timmermans
pipes 1465/tcp Pipes Platform
pipes 1465/udp Pipes Platform mfarlin@peerlogic.com
# Mark Farlin <mfarlin@peerlogic.com>
oceansoft-lm 1466/tcp Ocean Software License Manager
oceansoft-lm 1466/udp Ocean Software License Manager
# Randy Leonard <randy@oceansoft.com>
csdmbase 1467/tcp CSDMBASE
csdmbase 1467/udp CSDMBASE
csdm 1468/tcp CSDM
csdm 1468/udp CSDM
# Robert Stabl <stabl@informatik.uni-muenchen.de>
aal-lm 1469/tcp Active Analysis Limited License Manager
aal-lm 1469/udp Active Analysis Limited License Manager
# David Snocken +44 (71)437-7009
uaiact 1470/tcp Universal Analytics
uaiact 1470/udp Universal Analytics
# Mark R. Ludwig <Mark-Ludwig@uai.com>
csdmbase 1471/tcp csdmbase
csdmbase 1471/udp csdmbase
csdm 1472/tcp csdm
csdm 1472/udp csdm
# Robert Stabl <stabl@informatik.uni-muenchen.de>
openmath 1473/tcp OpenMath
openmath 1473/udp OpenMath
# Garth Mayville <mayville@maplesoft.on.ca>
telefinder 1474/tcp Telefinder
telefinder 1474/udp Telefinder
# Jim White <Jim_White@spiderisland.com>
taligent-lm 1475/tcp Taligent License Manager
taligent-lm 1475/udp Taligent License Manager
# Mark Sapsford <Mark_Sapsford@@taligent.com>
clvm-cfg 1476/tcp clvm-cfg
clvm-cfg 1476/udp clvm-cfg
# Eric Soderberg <seric@cup.hp.com>
ms-sna-server 1477/tcp ms-sna-server
ms-sna-server 1477/udp ms-sna-server
ms-sna-base 1478/tcp ms-sna-base
ms-sna-base 1478/udp ms-sna-base
# Gordon Mangione <gordm@microsoft.com>
dberegister 1479/tcp dberegister
dberegister 1479/udp dberegister

# Brian Griswold <brian@dancingbear.com>
pacerforum 1480/tcp PacerForum
pacerforum 1480/udp PacerForum
# Peter Caswell <pfc@pacvax.pacersoft.com>
airs 1481/tcp AIRS
airs 1481/udp AIRS
# Bruce Wilson, 905-771-6161
miteksys-lm 1482/tcp Miteksys License Manager
miteksys-lm 1482/udp Miteksys License Manager
# Shane McRoberts <mcroberts@miteksys.com>
afs 1483/tcp AFS License Manager
afs 1483/udp AFS License Manager
# Michael R. Pizolato <michael@afs.com>
confluent 1484/tcp Confluent License Manager
confluent 1484/udp Confluent License Manager
# James Greenfiel <jim@pa.confluent.com>
lansource 1485/tcp LANSource
lansource 1485/udp LANSource
# Doug Scott <lansourc@hookup.net>
nms_topo_serv 1486/tcp nms_topo_serv
nms_topo_serv 1486/udp nms_topo_serv
# Sylvia Siu <Sylvia_Siu@Novell.CO>
localinfosrvr 1487/tcp LocalInfoSrvr
localinfosrvr 1487/udp LocalInfoSrvr
# Brian Matthews <brian_matthews@ibist.ibis.com>
docstor 1488/tcp DocStor
docstor 1488/udp DocStor
# Brian Spears <bspears@salix.com>
dmdocbroker 1489/tcp dmdocbroker
dmdocbroker 1489/udp dmdocbroker
# Razmik Abnous <abnous@documentum.com>
insitu-conf 1490/tcp insitu-conf
insitu-conf 1490/udp insitu-conf
# Paul Blacknell <paul@insitu.com>
anynetgateway 1491/tcp anynetgateway
anynetgateway 1491/udp anynetgateway
# Dan Poirier <poirier@VNET.IBM.COM>
stone-design-1 1492/tcp stone-design-1
stone-design-1 1492/udp stone-design-1
# Andrew Stone <andrew@stone.com>
netmap_lm 1493/tcp netmap_lm
netmap_lm 1493/udp netmap_lm
# Phillip Magson <philm@extro.ucc.su.OZ.AU>
ica 1494/tcp ica
ica 1494/udp ica
# John Richardson, Citrix Systems
cvc 1495/tcp cvc
cvc 1495/udp cvc

# Bill Davidson <billd@equalizer.cray.com>
liberty-lm 1496/tcp liberty-lm
liberty-lm 1496/udp liberty-lm
# Jim Rogers <trane!jimbo@pacbell.com>
rfx-lm 1497/tcp rfx-lm
rfx-lm 1497/udp rfx-lm
# Bill Bishop <bil@rfx.rfx.com>
watcom-sql 1498/tcp Watcom-SQL
watcom-sql 1498/udp Watcom-SQL
# Rog Skubowius <rwskubow@ccnga.uwaterloo.ca>
fhc 1499/tcp Federico Heinz Consultora
fhc 1499/udp Federico Heinz Consultora
# Federico Heinz <federico@heinz.com>
vlsi-lm 1500/tcp VLSI License Manager
vlsi-lm 1500/udp VLSI License Manager
# Shue-Lin Kuo <shuelin@mdk.sanjose.vlsi.com>
sas-3 1501/tcp Satellite-data Acquisition System 3
sas-3 1501/udp Satellite-data Acquisition System 3
# Bill Taylor <sais@ssec.wisc.edu>
shivadiscovery 1502/tcp Shiva
shivadiscovery 1502/udp Shiva
# Jonathan Wenocur <jhw@Shiva.COM>
imtc-mcs 1503/tcp Databeam
imtc-mcs 1503/udp Databeam
# Jim Johnstone <jjohnstone@databeam.com>
evb-elm 1504/tcp EVB Software Engineering License Manager
evb-elm 1504/udp EVB Software Engineering License Manager
# B.G. Mahesh < mahesh@sett.com>
funkproxy 1505/tcp Funk Software, Inc.
funkproxy 1505/udp Funk Software, Inc.
# Robert D. Vincent <bert@willowpond.com>
# 1506-1523 Unassigned
ingreslock 1524/tcp ingres
ingreslock 1524/udp ingres
orasrv 1525/tcp oracle
orasrv 1525/udp oracle
prospero-np 1525/tcp Prospero Directory Service non-priv
prospero-np 1525/udp Prospero Directory Service non-priv
pdap-np 1526/tcp Prospero Data Access Prot non-priv
pdap-np 1526/udp Prospero Data Access Prot non-priv
# B. Clifford Neuman <bcn@isi.edu>
tlisrv 1527/tcp oracle
tlisrv 1527/udp oracle
coauthor 1529/tcp oracle
coauthor 1529/udp oracle
issd 1600/tcp
issd 1600/udp
nkd 1650/tcp

nkd 1650/udp
proshareaudio 1651/tcp proshare conf audio
proshareaudio 1651/udp proshare conf audio
prosharevideo 1652/tcp proshare conf video
prosharevideo 1652/udp proshare conf video
prosharedata 1653/tcp proshare conf data
prosharedata 1653/udp proshare conf data
prosharerequest 1654/tcp proshare conf request
prosharerequest 1654/udp proshare conf request
prosharenotify 1655/tcp proshare conf notify
prosharenotify 1655/udp proshare conf notify
# <gunner@ibeam.intel.com>
netview-aix-1 1661/tcp netview-aix-1
netview-aix-1 1661/udp netview-aix-1
netview-aix-2 1662/tcp netview-aix-2
netview-aix-2 1662/udp netview-aix-2
netview-aix-3 1663/tcp netview-aix-3
netview-aix-3 1663/udp netview-aix-3
netview-aix-4 1664/tcp netview-aix-4
netview-aix-4 1664/udp netview-aix-4
netview-aix-5 1665/tcp netview-aix-5
netview-aix-5 1665/udp netview-aix-5
netview-aix-6 1666/tcp netview-aix-6
netview-aix-6 1666/udp netview-aix-6
# Martha Crisson <CRISSON@ralvm12.vnet.ibm.com>
licensedaemon 1986/tcp cisco license management
licensedaemon 1986/udp cisco license management
tr-rsrb-p1 1987/tcp cisco RSRB Priority 1 port
tr-rsrb-p1 1987/udp cisco RSRB Priority 1 port
tr-rsrb-p2 1988/tcp cisco RSRB Priority 2 port
tr-rsrb-p2 1988/udp cisco RSRB Priority 2 port
tr-rsrb-p3 1989/tcp cisco RSRB Priority 3 port
tr-rsrb-p3 1989/udp cisco RSRB Priority 3 port
#PROBLEMS!===================================================
mshnet 1989/tcp MHSnet system
mshnet 1989/udp MHSnet system
# Bob Kummerfeld <bob@sarad.cs.su.oz.au>
#PROBLEMS!===================================================
stun-p1 1990/tcp cisco STUN Priority 1 port
stun-p1 1990/udp cisco STUN Priority 1 port
stun-p2 1991/tcp cisco STUN Priority 2 port
stun-p2 1991/udp cisco STUN Priority 2 port
stun-p3 1992/tcp cisco STUN Priority 3 port
stun-p3 1992/udp cisco STUN Priority 3 port
#PROBLEMS!===================================================
ipsendmsg 1992/tcp IPsendmsg
ipsendmsg 1992/udp IPsendmsg
# Bob Kummerfeld <bob@sarad.cs.su.oz.au>

#PROBLEMS!===================================================
snmp-tcp-port 1993/tcp cisco SNMP TCP port
snmp-tcp-port 1993/udp cisco SNMP TCP port
stun-port 1994/tcp cisco serial tunnel port
stun-port 1994/udp cisco serial tunnel port
perf-port 1995/tcp cisco perf port
perf-port 1995/udp cisco perf port
tr-rsrb-port 1996/tcp cisco Remote SRB port
tr-rsrb-port 1996/udp cisco Remote SRB port
gdp-port 1997/tcp cisco Gateway Discovery Protocol
gdp-port 1997/udp cisco Gateway Discovery Protocol
x25-svc-port 1998/tcp cisco X.25 service (XOT)
x25-svc-port 1998/udp cisco X.25 service (XOT)
tcp-id-port 1999/tcp cisco identification port
tcp-id-port 1999/udp cisco identification port
callbook 2000/tcp
callbook 2000/udp
dc 2001/tcp
wizard 2001/udp curry
globe 2002/tcp
globe 2002/udp
mailbox 2004/tcp
emce 2004/udp CCWS mm conf
berknet 2005/tcp
oracle 2005/udp
invokator 2006/tcp
raid-cc 2006/udp raid
dectalk 2007/tcp
raid-am 2007/udp
conf 2008/tcp
terminaldb 2008/udp
news 2009/tcp
whosockami 2009/udp
search 2010/tcp
pipe_server 2010/udp
raid-cc 2011/tcp raid
servserv 2011/udp
ttyinfo 2012/tcp
raid-ac 2012/udp
raid-am 2013/tcp
raid-cd 2013/udp
troff 2014/tcp
raid-sf 2014/udp
cypress 2015/tcp
raid-cs 2015/udp
bootserver 2016/tcp
bootserver 2016/udp
cypress-stat 2017/tcp

bootclient 2017/udp
terminaldb 2018/tcp
rellpack 2018/udp
whosockami 2019/tcp
about 2019/udp
xinupageserver 2020/tcp
xinupageserver 2020/udp
servexec 2021/tcp
xinuexpansion1 2021/udp
down 2022/tcp
xinuexpansion2 2022/udp
xinuexpansion3 2023/tcp
xinuexpansion3 2023/udp
xinuexpansion4 2024/tcp
xinuexpansion4 2024/udp
ellpack 2025/tcp
xribs 2025/udp
scrabble 2026/tcp
scrabble 2026/udp
shadowserver 2027/tcp
shadowserver 2027/udp
submitserver 2028/tcp
submitserver 2028/udp
device2 2030/tcp
device2 2030/udp
blackboard 2032/tcp
blackboard 2032/udp
glogger 2033/tcp
glogger 2033/udp
scoremgr 2034/tcp
scoremgr 2034/udp
imsldoc 2035/tcp
imsldoc 2035/udp
objectmanager 2038/tcp
objectmanager 2038/udp
lam 2040/tcp
lam 2040/udp
interbase 2041/tcp
interbase 2041/udp
isis 2042/tcp
isis 2042/udp
isis-bcast 2043/tcp
isis-bcast 2043/udp
rimsl 2044/tcp
rimsl 2044/udp
cdfunc 2045/tcp
cdfunc 2045/udp
sdfunc 2046/tcp

sdfunc 2046/udp
dls 2047/tcp
dls 2047/udp
dls-monitor 2048/tcp
dls-monitor 2048/udp
shilp 2049/tcp
shilp 2049/udp
dlsrpn 2065/tcp Data Link Switch Read Port Number
dlsrpn 2065/udp Data Link Switch Read Port Number
dlswpn 2067/tcp Data Link Switch Write Port Number
dlswpn 2067/udp Data Link Switch Write Port Number
ats 2201/tcp Advanced Training System Program
ats 2201/udp Advanced Training System Program
rtsserv 2500/tcp Resource Tracking system server
rtsserv 2500/udp Resource Tracking system server
rtsclient 2501/tcp Resource Tracking system client
rtsclient 2501/udp Resource Tracking system client
# Aubrey Turner
# <S95525ta%etsuacad.bitnet@ETSUADMN.ETSU.EDU>
hp-3000-telnet 2564/tcp HP 3000 NS/VT block mode telnet
www-dev 2784/tcp world wide web - development
www-dev 2784/udp world wide web - development
NSWS 3049/tcp
NSWS 3049/udp
ccmail 3264/tcp cc:mail/lotus
ccmail 3264/udp cc:mail/lotus
dec-notes 3333/tcp DEC Notes
dec-notes 3333/udp DEC Notes
# Kim Moraros <moraros@via.enet.dec.com>
mapper-nodemgr 3984/tcp MAPPER network node manager
mapper-nodemgr 3984/udp MAPPER network node manager
mapper-mapethd 3985/tcp MAPPER TCP/IP server
mapper-mapethd 3985/udp MAPPER TCP/IP server
mapper-ws_ethd 3986/tcp MAPPER workstation server
mapper-ws_ethd 3986/udp MAPPER workstation server
# John C. Horton <jch@unirsvl.rsvl.unisys.com>
bmap 3421/tcp Bull Apprise portmapper
bmap 3421/udp Bull Apprise portmapper
# Jeremy Gilbert <J.Gilbert@ma30.bull.com>
udt_os 3900/tcp Unidata UDT OS
udt_os 3900/udp Unidata UDT OS
# James Powell <james@mailhost.unidata.com>
nuts_dem 4132/tcp NUTS Daemon
nuts_dem 4132/udp NUTS Daemon
nuts_bootp 4133/tcp NUTS Bootp Server
nuts_bootp 4133/udp NUTS Bootp Server
# Martin Freiss <freiss.pad@sni.>
unicall 4343/tcp UNICALL

unicall 4343/udp UNICALL
# James Powell <james@enghp.unidata.comp>
krb524 4444/tcp KRB524
krb524 4444/udp KRB524
# B. Clifford Neuman <bcn@isi.edu>
rfa 4672/tcp remote file access server
rfa 4672/udp remote file access server
commplex-main 5000/tcp
commplex-main 5000/udp
commplex-link 5001/tcp
commplex-link 5001/udp
rfe 5002/tcp radio free ethernet
rfe 5002/udp radio free ethernet
telelpathstart 5010/tcp TelepathStart
telelpathstart 5010/udp TelepathStart
telelpathattack 5011/tcp TelepathAttack
telelpathattack 5011/udp TelepathAttack
# Helmuth Breitenfellner <hbreitenf@vnet.imb.com>
mmcc 5050/tcp multimedia conference control tool
mmcc 5050/udp multimedia conference control tool
rmonitor_secure 5145/tcp
rmonitor_secure 5145/udp
aol 5190/tcp America-Online
aol 5190/udp America-Online
# Marty Lyons <marty@aol.com>
padl2sim 5236/tcp
padl2sim 5236/udp
hacl-hb 5300/tcp # HA cluster heartbeat
hacl-hb 5300/udp # HA cluster heartbeat
hacl-gs 5301/tcp # HA cluster general services
hacl-gs 5301/udp # HA cluster general services
hacl-cfg 5302/tcp # HA cluster configuration
hacl-cfg 5302/udp # HA cluster configuration
hacl-probe 5303/tcp # HA cluster probing
hacl-probe 5303/udp # HA cluster probing
hacl-local 5304/tcp
hacl-local 5304/udp
hacl-test 5305/tcp
hacl-test 5305/udp
# Eric Soderberg <seric@hposl102.cup.hp>
x11 6000-6063/tcp X Window System
x11 6000-6063/udp X Window System
# Stephen Gildea <gildea@expo.lcs.mit.edu>
sub-process 6111/tcp HP SoftBench Sub-Process Control
sub-process 6111/udp HP SoftBench Sub-Process Control
meta-corp 6141/tcp Meta Corporation License Manager
meta-corp 6141/udp Meta Corporation License Manager
# Osamu Masuda <--none--->

aspentec-lm 6142/tcp Aspen Technology License Manager
aspentec-lm 6142/udp Aspen Technology License Manager
# Kevin Massey <massey@aspentec.com>
watershed-lm 6143/tcp Watershed License Manager
watershed-lm 6143/udp Watershed License Manager
# David Ferrero <david@zion.com>
statsci1-lm 6144/tcp StatSci License Manager - 1
statsci1-lm 6144/udp StatSci License Manager - 1
statsci2-lm 6145/tcp StatSci License Manager - 2
statsci2-lm 6145/udp StatSci License Manager - 2
# Scott Blachowicz <scott@statsci.com>
lonewolf-lm 6146/tcp Lone Wolf Systems License Manager
lonewolf-lm 6146/udp Lone Wolf Systems License Manager
# Dan Klein <dvk@lonewolf.com>
montage-lm 6147/tcp Montage License Manager
montage-lm 6147/udp Montage License Manager
# Michael Ubell <michael@montage.com>
xdsxdm 6558/udp
xdsxdm 6558/tcp
afs3-fileserver 7000/tcp file server itself
afs3-fileserver 7000/udp file server itself
afs3-callback 7001/tcp callbacks to cache managers
afs3-callback 7001/udp callbacks to cache managers
afs3-prserver 7002/tcp users & groups database
afs3-prserver 7002/udp users & groups database
afs3-vlserver 7003/tcp volume location database
afs3-vlserver 7003/udp volume location database
afs3-kaserver 7004/tcp AFS/Kerberos authentication service
afs3-kaserver 7004/udp AFS/Kerberos authentication service
afs3-volser 7005/tcp volume managment server
afs3-volser 7005/udp volume managment server
afs3-errors 7006/tcp error interpretation service
afs3-errors 7006/udp error interpretation service
afs3-bos 7007/tcp basic overseer process
afs3-bos 7007/udp basic overseer process
afs3-update 7008/tcp server-to-server updater
afs3-update 7008/udp server-to-server updater
afs3-rmtsys 7009/tcp remote cache manager service
afs3-rmtsys 7009/udp remote cache manager service
ups-onlinet 7010/tcp onlinet uninterruptable power supplies
ups-onlinet 7010/udp onlinet uninterruptable power supplies
# Brian Hammill <hamill@dolphin.exide.com>
font-service 7100/tcp X Font Service
font-service 7100/udp X Font Service
# Stephen Gildea <gildea@expo.lcs.mit.edu>
fodms 7200/tcp FODMS FLIP
fodms 7200/udp FODMS FLIP
# David Anthony <anthony@power.amasd.anatcp.rockwell.com>

man 9535/tcp
man 9535/udp
isode-dua 17007/tcp
isode-dua 17007/udp

REFERENCES

[RFC768] Postel, J., "User Datagram Protocol", STD 6, RFC 768,
USC/Information Sciences Institute, August 1980.

[RFC793] Postel, J., ed., "Transmission Control Protocol - DARPA
Internet Program Protocol Specification", STD 7, RFC 793,
USC/Information Sciences Institute, September 1981.

[]

URL = ftp://ftp.isi.edu/in-notes/iana/assignments/port-numbers

INTERNET MULTICAST ADDRESSES

Host Extensions for IP Multicasting [RFC1112] specifies the
extensions required of a host implementation of the Internet Protocol
(IP) to support multicasting. Current addresses are listed below.

224.0.0.0 Base Address (Reserved) [RFC1112,JBP]
224.0.0.1 All Systems on this Subnet [RFC1112,JBP]
224.0.0.2 All Routers on this Subnet [JBP]
224.0.0.3 Unassigned [JBP]
224.0.0.4 DVMRP Routers [RFC1075,JBP]
224.0.0.5 OSPFIGP OSPFIGP All Routers [RFC1583,JXM1]
224.0.0.6 OSPFIGP OSPFIGP Designated Routers [RFC1583,JXM1]
224.0.0.7 ST Routers [RFC1190,KS14]
224.0.0.8 ST Hosts [RFC1190,KS14]
224.0.0.9 RIP2 Routers [GSM11]
224.0.0.10 IGRP Routers [Dino Farinacci]
224.0.0.11 Mobile-Agents [Bill Simpson]
224.0.0.12-224.0.0.255 Unassigned [JBP]

224.0.1.0 VMTP Managers Group [RFC1045,DRC3]
224.0.1.1 NTP Network Time Protocol [RFC1119,DLM1]
224.0.1.2 SGI-Dogfight [AXC]
224.0.1.3 Rwhod [SXD]
224.0.1.4 VNP [DRC3]
224.0.1.5 Artificial Horizons - Aviator [BXF]
224.0.1.6 NSS - Name Service Server [BXS2]
224.0.1.7 AUDIONEWS - Audio News Multicast [MXF2]
224.0.1.8 SUN NIS+ Information Service [CXM3]
224.0.1.9 MTP Multicast Transport Protocol [SXA]
224.0.1.10 IETF-1-LOW-AUDIO [SC3]
224.0.1.11 IETF-1-AUDIO [SC3]
224.0.1.12 IETF-1-VIDEO [SC3]
224.0.1.13 IETF-2-LOW-AUDIO [SC3]
224.0.1.14 IETF-2-AUDIO [SC3]
224.0.1.15 IETF-2-VIDEO [SC3]
224.0.1.16 MUSIC-SERVICE [Guido van Rossum]
224.0.1.17 SEANET-TELEMETRY [Andrew Maffei]
224.0.1.18 SEANET-IMAGE [Andrew Maffei]
224.0.1.19 MLOADD [Braden]
224.0.1.20 any private experiment [JBP]
224.0.1.21 DVMRP on MOSPF [John Moy]
224.0.1.22 SVRLOC <veizades@ftp.com>
224.0.1.23 XINGTV <hgxing@aol.com>
224.0.1.24 microsoft-ds <arnoldm@microsoft.com>
224.0.1.25 nbc-pro <bloomer@birch.crd.ge.com>
224.0.1.26 nbc-pfn <bloomer@birch.crd.ge.com>
224.0.1.27-224.0.1.255 Unassigned [JBP]

224.0.2.1 "rwho" Group (BSD) (unofficial) [JBP]
224.0.2.2 SUN RPC PMAPPROC_CALLIT [BXE1]

224.0.3.000-224.0.3.255 RFE Generic Service [DXS3]
224.0.4.000-224.0.4.255 RFE Individual Conferences [DXS3]
224.0.5.000-224.0.5.127 CDPD Groups [Bob Brenner]
224.0.5.128-224.0.5.255 Unassigned [IANA]
224.0.6.000-224.0.6.127 Cornell ISIS Project [Tim Clark]
224.0.6.128-224.0.6.255 Unassigned [IANA]

224.1.0.0-224.1.255.255 ST Multicast Groups [RFC1190,KS14]
224.2.0.0-224.2.255.255 Multimedia Conference Calls [SC3]

224.252.0.0-224.255.255.255 DIS transient groups [Joel Snyder]

232.0.0.0-232.255.255.255 VMTP transient groups [RFC1045,DRC3]

These addresses are listed in the Domain Name Service under MCAST.NET
and 224.IN-ADDR.ARPA.

Note that when used on an Ethernet or IEEE 802 network, the 23
low-order bits of the IP Multicast address are placed in the low-order
23 bits of the Ethernet or IEEE 802 net multicast address
1.0.94.0.0.0. See the next section on "IANA ETHERNET ADDRESS BLOCK".

REFERENCES

[RFC1045] Cheriton, D., "VMTP: Versatile Message Transaction
Protocol Specification", RFC 1045, Stanford University,
February 1988.

[RFC1075] Waitzman, D., C. Partridge, and S. Deering "Distance Vector
Multicast Routing Protocol", RFC-1075, BBN STC, Stanford
University, November 1988.

[RFC1112] Deering, S., "Host Extensions for IP Multicasting",
STD 5, RFC 1112, Stanford University, August 1989.

[RFC1119] Mills, D., "Network Time Protocol (Version 1), Specification
and Implementation", STD 12, RFC 1119, University of
Delaware, July 1988.

[RFC1190] Topolcic, C., Editor, "Experimental Internet Stream
Protocol, Version 2 (ST-II)", RFC 1190, CIP Working Group,
October 1990.

[RFC1583] Moy, J., "The OSPF Specification", RFC 1583, Proteon,
March 1994.

PEOPLE

<arnoldm@microsoft.com>

[AXC] Andrew Cherenson <arc@SGI.COM>

[Bob Brenner]

<bloomer@birch.crd.ge.com>

[Braden] Bob Braden <braden@isi.edu

[BXE1] Brendan Eic <brendan@illyria.wpd.sgi.com>

[BXF] Bruce Factor <ahi!bigapple!bruce@uunet.UU.NET>

[BXS2] Bill Schilit <schilit@parc.xerox.com>

[CXM3] Chuck McManis <cmcmanis@sun.com>

[Tim Clark]

[DLM1] David Mills <Mills@HUEY.UDEL.EDU>

[DRC3] Dave Cheriton <cheriton@PESCADERO.STANFORD.EDU>

[DXS3] Daniel Steinber <Daniel.Steinberg@Eng.Sun.COM>

[Dino Farinacci]

[GSM11] Gary S. Malkin <GMALKIN@XYLOGICS.COM>

<hgxing@aol.com>

[IANA] IANA <iana@isi.edu>

[JBP] Jon Postel <postel@isi.edu>

[JXM1] Jim Miner <miner@star.com>

[KS14] <mystery contact>

[Andrew Maffei]

[John Moy] John Moy <jmoy@PROTEON.COM>

[MXF2] Martin Forssen <maf@dtek.chalmers.se>

[Guido van Rossum]

[SC3] Steve Casner <casner@isi.edu>

[Joel Snyder]

[SXA] Susie Armstrong <Armstrong.wbst128@XEROX.COM>

[SXD] Steve Deering <deering@PARC.XEROX.COM>

<veizades@ftp.com>

[]

URL = ftp://ftp.isi.edu/in-notes/iana/assignments/multicast-addresses

SUN RPC NUMBERS

To obtain SUN Remote Procedure Call (RPC) numbers send an e-mail
request to "rpc@sun.com".

The RPC port management service ('portmap' in SunOS versions less than
5.0 and 'rpcbind' in SunOS versions greater than 5.0) "registers" the
IP port number that is allocated to a particular service when that
service is created. It does not allocate ports on behalf of those
services.

For an exact specification of the semantics refer to the source code
of svcudp_create() and svctcp_create() in the archives. In short
however is that these interfaces, and svc_tli_create their Transport
Independent RPC equivalent, take either a user specified port number
or RPC_ANY (-1) which effectively means "I don't care." In the "I
don't care" case the create code simply calls socket(2) or t_open(3n)
which allocates an IP port based on the rules:

if euid of the requesting process is 0 (i.e., root)
allocate the next available port number in the
reserved port range.
else
allocate the next available port in the non-reserved
range.

Port numbers count up sequentially.

Can a port that is "assigned" can be used when the assignee's service
is not present? Say port 501 is assigned to the "jeans" service. On
a machine that does not have the "jeans" service, nor has any clients
that might be expecting to use it, is port 501 available for other
uses? Any dynamic allocation process, like the portmapper, that
chooses the next unused port might allocate port 501 dynamically to a
process that asked for a "I don't care" port. So any dynamic
allocation scheme may pick an unused port that happened to correspond
to a port number that had been "assigned" but was currently unused.

While it might be desirable, it is impossible to guarantee that any
unused port, even though officially assigned to a service, is not
picked by a dynamic allocator since such an assignment might occur
long after the delivery of the system into a site that doesn't watch
for the latest list.

There is the restriction that only "superuser" on BSD derived systems
such as SunOS can bind to a port number that is less than 1024. So
programs have used this information in the past to identify whether or

not the service they were talking to was started by the superuser on
the remote system. Making this assumption is dangerous because not
all system enforce this restriction.

Sun RPC services use ports that are currently unused. If someone
noted that an RPC service was using port 781, it would be just as
happy using port 891, or 951. The service doesn't care what port it
gets, remote clients will query the portmapper to ask it what port
number was assigned to the service when it was started. The key is
that the port was not currently in use. The only port that ONC/RPC
must have is 111 its assigned port for the portmap service.

The most common complaint comes when people put a new service on their
system. When they configure their systems they put the new service
configuration commands at the end of their system startup scripts.
During startup, several network services may be started. Those
services that are ONC/RPC based just pick the next available port,
those that have pre-assigned ports bind to their pre-assigned port.
Clearly the correct sequence is to have all services that need a
particular port to be started first (or if they are "latent" services
that are started by inetd, to have inetd started). Finally, the RPC
services should be started as they will be assigned unused ports. (In
the BSD networking code (which we use) the algorithm for picking
ports is in the file in_pcb.c, function in_pcbbind().)

Services should be started in this order:

a) Services that will "run" continuously and have an assigned
port. Note that this includes rpcbind (nee portmap) that has
port 111 assigned to it.

b) inetd - which will automatically create sockets for those
services that have reserved ports but only run on demand
(like finger)

c) RPC services - which will automatically pick unused ports and
maximize efficiency of the "IP Port" namespace.

The include file /usr/include/netinet/in.h defines a constant
IPPORT_RESERVED to be 1024. The relevant text is:

/*
* Ports < IPPORT_RESERVED are reserved for
* privileged processes (e.g. root).
* Ports > IPPORT_USERRESERVED are reserved
* for servers, not necessarily privileged.
*/
#define IPPORT_RESERVED 1024

#define IPPORT_USERRESERVED 5000

Portmap does not allocate ports, the kernel allocates ports. The code
that does this is part of nearly every UNIX system in the world (and
since the BSD code is 'free' it is often the same code). RPC services
ask the kernel to allocate them a port by calling the "bind()" system
call. The parameter they pass is "INADDR_ANY" which means "allocate
me any IP port you want". The kernel does that by looking at all of
the ports that are currently in use and picking one that is not
currently used. The number picked is either less that 1024 if the
process is privledged, or greater than 1024 if the process is not
privledged. After the kernel has allocated a port, the service
registers this allocation with portmap. The portmapper is merely a
registry of previously allocated ports. Note "allocated" here is
being used in the sense that they are used by an open socket, not
assigned a well known name.

The role of /etc/services is to provide an idea to people who are
looking at network traffic as to where a packet may have originated
from or is headed to. For services like finger that have assigned
ports, they can just hard code the port they want into their
executable. (it isn't like it will change, and if they read it from
/etc/services and someone had mistyped the port number it won't
interoperate with clients anyway!)

It is not practical to read the /etc/services file into the kernel to
prevent it from giving out port numbers that are "pre-assigned", nor
is it generally desirable since with the correct ordering of startup
it is completely unneccesary.

Editors Note: This information was supplied by Chuck McManis of Sun.

[]

URL = ftp://ftp.isi.edu/in-notes/iana/assignments/sun-rpc-numbers

IP OPTION NUMBERS

The Internet Protocol (IP) has provision for optional header fields
identified by an option type field. Options 0 and 1 are exactly one
octet which is their type field. All other options have their one
octet type field, followed by a one octet length field, followed by
length-2 octets of option data. The option type field is sub-divided
into a one bit copied flag, a two bit class field, and a five bit
option number. These taken together form an eight bit value for the
option type field. IP options are commonly refered to by this value.

Copy Class Number Value Name Reference
---- ----- ------ ----- ------------------------------- ---------
0 0 0 0 EOOL - End of Options List [RFC791,JBP]
0 0 1 1 NOP - No Operation [RFC791,JBP]
1 0 2 130 SEC - Security [RFC1108]
1 0 3 131 LSR - Loose Source Route [RFC791,JBP]
0 2 4 68 TS - Time Stamp [RFC791,JBP]
1 0 5 133 E-SEC - Extended Security [RFC1108]
1 0 6 134 CIPSO - Commercial Security [???]
0 0 7 7 RR - Record Route [RFC791,JBP]
1 0 8 136 SID - Stream ID [RFC791,JBP]
1 0 9 137 SSR - Strict Source Route [RFC791,JBP]
0 0 10 10 ZSU - Experimental Measurement [ZSu]
0 0 11 11 MTUP - MTU Probe [RFC1191]
0 0 12 12 MTUR - MTU Reply [RFC1191]
1 2 13 205 FINN - Experimental Flow Control [Finn]
1 0 14 142 VISA - Expermental Access Control [Estrin]
0 0 15 15 ENCODE - ??? [VerSteeg]
1 0 16 144 IMITD - IMI Traffic Descriptor [Lee]
1 0 17 145 EIP - ??? [RFC1358]
0 2 18 82 TR - Traceroute [RFC1393]
1 0 19 147 ADDEXT - Address Extension [Ullmann IPv7]

IP TIME TO LIVE PARAMETER

The current recommended default time to live (TTL) for the
Internet Protocol (IP) [45,105] is 64.

IP TOS PARAMETERS

This documents the default Type-of-Service values that are currently
recommended for the most important Internet protocols.

TOS Value Description Reference
--------- -------------------------- ---------
0000 Default [RFC1349]
0001 Minimize Monetary Cost [RFC1349]
0010 Maximize Reliability [RFC1349]
0100 Maximize Throughput [RFC1349]
1000 Minimize Delay [RFC1349]
1111 Maximize Security [RFC1455]

The TOS value is used to indicate "better". Only one TOS value or
property can be requested in any one IP datagram.

Generally, protocols which are involved in direct interaction with a
human should select low delay, while data transfers which may involve
large blocks of data are need high throughput. Finally, high reliability
is most important for datagram-based Internet management functions.

Application protocols not included in these tables should be able to
make appropriate choice of low delay (8 decimal, 1000 binary) or high
throughput (4 decimal, 0100 binary).

The following are recommended values for TOS:

----- Type-of-Service Value -----

Protocol TOS Value

TELNET (1) 1000 (minimize delay)

FTP
Control 1000 (minimize delay)
Data (2) 0100 (maximize throughput)

TFTP 1000 (minimize delay)

SMTP (3)
Command phase 1000 (minimize delay)
DATA phase 0100 (maximize throughput)

Domain Name Service
UDP Query 1000 (minimize delay)
TCP Query 0000
Zone Transfer 0100 (maximize throughput)

NNTP 0001 (minimize monetary cost)

ICMP

Errors 0000
Requests 0000 (4)
Responses <same as request> (4)

Any IGP 0010 (maximize reliability)

EGP 0000

SNMP 0010 (maximize reliability)

BOOTP 0000

Notes:

(1) Includes all interactive user protocols (e.g., rlogin).

(2) Includes all bulk data transfer protocols (e.g., rcp).

(3) If the implementation does not support changing the TOS
during the lifetime of the connection, then the
recommended TOS on opening the connection is the default
TOS (0000).

(4) Although ICMP request messages are normally sent with
the default TOS, there are sometimes good reasons why they
would be sent with some other TOS value. An ICMP
response always uses the same TOS value as was used in the
corresponding ICMP request message.

An application may (at the request of the user) substitute
0001 (minimize monetary cost) for any of the above values.

REFERENCES

[RFC791] Postel, J., "Internet Protocol - DARPA Internet Program
Protocol Specification", STD 5, RFC 791, DARPA, September
1981.

[RFC1108] Kent, S., "U.S. Department of Defense Security Options for
the Internet Protocol", RFC 1108, BBN Communications,
November 1991.

[RFC1191] Mogul, J., and S. Deering, "Path MTU Discovery", RFC 1191,
DECWRL, Stanford University, November 1990.

[RFC1349] Almquist, P., "Type of Service in the Internet Protocol
Suite", RFC 1349, Consultant, July 1992.

[RFC1358] Chapin, L., Chair, "Charter of the Internet Architecture
Board (IAB)", RFC 1358, Internet Architecture Board, August
1992.

[RFC1393] Malkin, G., "Traceroute Using an IP Option", RFC 1393,
Xylogics, Inc., January 1993.

[RFC1455] Eastlake, D., "Physical Link Security Type of Service",
RFC 1455, Digital Equipment Corporation, May 1993.

[Ullmann IPv7]

PEOPLE

[Estrin] Deborah Estrin <Estrin@usc.edu>

[Finn] Greg Finn <Finn@isi.edu>

[JBP] Jon Postel <postel@isi.edu>

[Ullmann] Robert Ullmann <ariel@world.std.com>

[]

URL = ftp://ftp.isi.edu/in-notes/iana/assignments/ip-parameters

ICMP TYPE NUMBERS

The Internet Control Message Protocol (ICMP) has many messages that
are identified by a "type" field.

Type Name Reference
---- ------------------------- ---------
0 Echo Reply [RFC792]
1 Unassigned [JBP]
2 Unassigned [JBP]
3 Destination Unreachable [RFC792]
4 Source Quench [RFC792]
5 Redirect [RFC792]
6 Alternate Host Address [JBP]
7 Unassigned [JBP]
8 Echo [RFC792]
9 Router Advertisement [RFC1256]
10 Router Selection [RFC1256]
11 Time Exceeded [RFC792]
12 Parameter Problem [RFC792]
13 Timestamp [RFC792]
14 Timestamp Reply [RFC792]
15 Information Request [RFC792]
16 Information Reply [RFC792]
17 Address Mask Request [RFC950]
18 Address Mask Reply [RFC950]
19 Reserved (for Security) [Solo]
20-29 Reserved (for Robustness Experiment) [ZSu]
30 Traceroute [RFC1393]
31 Datagram Conversion Error [RFC1475]
32 Mobile Host Redirect [David Johnson]
33 IPv6 Where-Are-You [Bill Simpson]
34 IPv6 I-Am-Here [Bill Simpson]
35 Mobile Registration Request [Bill Simpson]
36 Mobile Registration Reply [Bill Simpson]
37-255 Reserved [JBP]

Many of these ICMP types have a "code" field. Here we list the types
again with their assigned code fields.

Type Name Reference
---- ------------------------- ---------
0 Echo Reply [RFC792]

Codes
0 No Code

1 Unassigned [JBP]

2 Unassigned [JBP]

3 Destination Unreachable [RFC792]

Codes
0 Net Unreachable
1 Host Unreachable
2 Protocol Unreachable
3 Port Unreachable
4 Fragmentation Needed and Don't Fragment was Set
5 Source Route Failed
6 Destination Network Unknown
7 Destination Host Unknown
8 Source Host Isolated
9 Communication with Destination Network is
Administratively Prohibited
10 Communication with Destination Host is
Administratively Prohibited
11 Destination Network Unreachable for Type of Service
12 Destination Host Unreachable for Type of Service

4 Source Quench [RFC792]
Codes
0 No Code

5 Redirect [RFC792]

Codes
0 Redirect Datagram for the Network (or subnet)
1 Redirect Datagram for the Host
2 Redirect Datagram for the Type of Service and Network
3 Redirect Datagram for the Type of Service and Host

6 Alternate Host Address [JBP]

Codes
0 Alternate Address for Host

7 Unassigned [JBP]

8 Echo [RFC792]

Codes
0 No Code

9 Router Advertisement [RFC1256]

Codes

0 No Code

10 Router Selection [RFC1256]

Codes
0 No Code

11 Time Exceeded [RFC792]

Codes
0 Time to Live exceeded in Transit
1 Fragment Reassembly Time Exceeded

12 Parameter Problem [RFC792]

Codes
0 Pointer indicates the error
1 Missing a Required Option [RFC1108]
2 Bad Length

13 Timestamp [RFC792]

Codes
0 No Code

14 Timestamp Reply [RFC792]

Codes
0 No Code

15 Information Request [RFC792]

Codes
0 No Code

16 Information Reply [RFC792]

Codes
0 No Code

17 Address Mask Request [RFC950]

Codes
0 No Code

18 Address Mask Reply [RFC950]

Codes
0 No Code

19 Reserved (for Security) [Solo]

20-29 Reserved (for Robustness Experiment) [ZSu]

30 Traceroute [RFC1393]

31 Datagram Conversion Error [RFC1475]

32 Mobile Host Redirect [David Johnson]

33 IPv6 Where-Are-You [Bill Simpson]

34 IPv6 I-Am-Here [Bill Simpson]

35 Mobile Registration Request [Bill Simpson]

36 Mobile Registration Reply [Bill Simpson]

REFERENCES

[RFC792] Postel, J., "Internet Control Message Protocol", STD 5,
RFC 792, USC/Information Sciences Institute, September 1981.

[RFC950] Mogul, J., and J. Postel, "Internet Standard Subnetting
Procedure", STD 5, RFC 950, Stanford, USC/Information
Sciences Institute, August 1985.

[RFC1108] Kent, S., "U.S. Department of Defense Security Options for
the Internet Protocol", RFC 1108, November 1991.

[RFC1256] Deering, S., Editor, "ICMP Router Discovery Messages", RFC
1256, Xerox PARC, September 1991.

[RFC1393] Malkin, G., "Traceroute Using an IP Option", RFC 1393,
Xylogics, Inc., January 1993.

[RFC1475] Ullmann, R., "TP/IX: The Next Internet", RFC 1475, Process
Software Corporation, June 1993.

PEOPLE

[JBP] Jon Postel <postel@isi.edu>

[David Johnson]

[Bill Simpson] <Bill.Simpson@um.cc.umich.edu> September, 1994.

[Solo]

[ZSu] Zaw-Sing Su <ZSu@TSCA.ISTC.SRI.COM>

[]

URL = ftp://ftp.isi.edu/in-notes/iana/assignments/icmp-parameters

TCP OPTION NUMBERS

The Transmission Control Protocol (TCP) has provision for optional
header fields identified by an option kind field. Options 0 and 1 are
exactly one octet which is their kind field. All other options have
their one octet kind field, followed by a one octet length field,
followed by length-2 octets of option data.

Kind Length Meaning Reference
---- ------ ------------------------------- ---------
0 - End of Option List [RFC793]
1 - No-Operation [RFC793]
2 4 Maximum Segment Lifetime [RFC793]
3 3 WSOPT - Window Scale [RFC1323]
4 2 SACK Permitted [RFC1072]
5 N SACK [RFC1072]
6 6 Echo (obsoleted by option 8) [RFC1072]
7 6 Echo Reply (obsoleted by option 8)[RFC1072]
8 10 TSOPT - Time Stamp Option [RFC1323]
9 2 Partial Order Connection Permitted[RFC1693]
10 5 Partial Order Service Profile [RFC1693]
11 CC [Braden]
12 CC.NEW [Braden]
13 CC.ECHO [Braden]
14 3 TCP Alternate Checksum Request [RFC1146]
15 N TCP Alternate Checksum Data [RFC1146]
16 Skeeter [Knowles]
17 Bubba [Knowles]
18 3 Trailer Checksum Option [Subbu & Monroe]

TCP ALTERNATE CHECKSUM NUMBERS

Number Description Reference
------- ------------------------------- ----------
0 TCP Checksum [RFC-1146]
1 8-bit Fletchers's algorithm [RFC-1146]
2 16-bit Fletchers's algorithm [RFC-1146]
3 Redundant Checksum Avoidance [Kay]

REFERENCES

[KAY] Kay, J. and Pasquale, J., "Measurement, Analysis, and
Improvement of UDP/IP Throughput for the DECstation 5000,"
Proceedings of the Winter 1993 Usenix Conference, January 1993
(available for anonymous FTP in

ucsd.edu:/pub/csl/fastnet/fastnet.tar.Z). <jkay@ucsd.edu>

[RFC793] Postel, J., "Transmission Control Protocol - DARPA Internet
Program Protocol Specification", STD 7, RFC 793, DARPA,
September 1981.

[RFC1323] Jacobson, V., Braden, R., and D. Borman, "TCP Extensions for
High Performance", RFC 1323, LBL, ISI, Cray Research, May
1992.

[RFC1072] Jacobson, V., and R. Braden, "TCP Extensions for Long-Delay
Paths", RFC 1072, LBL, ISI, October 1988.

[RFC1693] ?????

[RFC1146] Zweig, J., and C. Partridge, "TCP Alternate Checksum
Options", RFC 1146, UIUC, BBN, March 1990.

PEOPLE

[Braden] Bob Braden <braden@isi.edu>

[Knowles] Stev Knowles <stev@ftp.com>

[Kay] J. Kay <jkay@ucsd.edu>

[Subbu & Monroe] <mystery contact>

[]

URL = ftp://ftp.isi.edu/in-notes/iana/assignments/tcp-parameters

TELNET OPTIONS

The Telnet Protocol has a number of options that may be negotiated.
These options are listed here. "Internet Official Protocol Standards"
(STD 1) provides more detailed information.

Options Name References
------- ----------------------- ----------
0 Binary Transmission [RFC856,JBP]
1 Echo [RFC857,JBP]
2 Reconnection [NIC50005,JBP]
3 Suppress Go Ahead [RFC858,JBP]
4 Approx Message Size Negotiation [ETHERNET,JBP]
5 Status [RFC859,JBP]
6 Timing Mark [RFC860,JBP]
7 Remote Controlled Trans and Echo [RFC726,JBP]
8 Output Line Width [NIC50005,JBP]
9 Output Page Size [NIC50005,JBP]
10 Output Carriage-Return Disposition [RFC652,JBP]
11 Output Horizontal Tab Stops [RFC653,JBP]
12 Output Horizontal Tab Disposition [RFC654,JBP]
13 Output Formfeed Disposition [RFC655,JBP]
14 Output Vertical Tabstops [RFC656,JBP]
15 Output Vertical Tab Disposition [RFC657,JBP]
16 Output Linefeed Disposition [RFC657,JBP]
17 Extended ASCII [RFC698,JBP]
18 Logout [RFC727,MRC]
19 Byte Macro [RFC735,JBP]
20 Data Entry Terminal [RFC1043,RFC732,JBP]
22 SUPDUP [RFC736,RFC734,MRC]
22 SUPDUP Output [RFC749,MRC]
23 Send Location [RFC779,EAK1]
24 Terminal Type [RFC1091,MS56]
25 End of Record [RFC885,JBP]
26 TACACS User Identification [RFC927,BA4]
27 Output Marking [RFC933,SXS]
28 Terminal Location Number [RFC946,RN6]
29 Telnet 3270 Regime [RFC1041,JXR]
30 X.3 PAD [RFC1053,SL70]
31 Negotiate About Window Size [RFC1073,DW183]
32 Terminal Speed [RFC1079,CLH3]
33 Remote Flow Control [RFC1372,CLH3]
34 Linemode [RFC1184,DB14]
35 X Display Location [RFC1096,GM23]
36 Environment Option [RFC1408,DB14]
37 Authentication Option [RFC1409,DB14]
38 Encryption Option [DB14]
39 New Environment Option [RFC1572,DB14]

40 TN3270E [RFC1647]
255 Extended-Options-List [RFC861,JBP]

Telnet Authentication Types

In [RFC1409], a list of authentication types is introduced. Additions
to the list are registerd by the IANA and documented here.

Type Description Reference
0 NULL [RFC1409]
1 KERBEROS_V4 [RFC1409]
2 KERBEROS_V5 [RFC1409]
3 SPX [RFC1409]
4-5 Unassigned
6 RSA [RFC1409]
7-9 Unassigned
10 LOKI [RFC1409]
11 SSA [Schoch]

REFERENCES

[ETHERNET] "The Ethernet, A Local Area Network: Data Link Layer and
Physical Layer Specification", AA-K759B-TK, Digital
Equipment Corporation, Maynard, MA. Also as: "The
Ethernet - A Local Area Network", Version 1.0, Digital
Equipment Corporation, Intel Corporation, Xerox
Corporation, September 1980. And: "The Ethernet, A Local
Area Network: Data Link Layer and Physical Layer
Specifications", Digital, Intel and Xerox, November 1982.
And: XEROX, "The Ethernet, A Local Area Network: Data Link
Layer and Physical Layer Specification", X3T51/80-50, Xerox
Corporation, Stamford, CT., October 1980.

[NIC50005] DDN Protocol Handbook, "Telnet Reconnection Option",
"Telnet Output Line Width Option", "Telnet Output Page Size
Option", NIC 50005, December 1985.

[RFC652] Crocker, D., "Telnet Output Carriage-Return Disposition
Option", RFC 652, UCLA-NMC, October 1974.

[RFC653] Crocker, D., "Telnet Output Horizontal Tabstops Option",
RFC 653, UCLA-NMC, October 1974.

[RFC654] Crocker, D., "Telnet Output Horizontal Tab Disposition
Option", RFC 654, UCLA-NMC, October 1974.

[RFC655] Crocker, D., "Telnet Output Formfeed Disposition Option",
RFC 655, UCLA-NMC, October 1974.

[RFC656] Crocker, D., "Telnet Output Vertical Tabstops Option",
RFC 656, UCLA-NMC, October 1974.

[RFC657] Crocker, D., "Telnet Output Vertical Tab Disposition Option",
RFC 657, UCLA-NMC, October 1974.

[RFC658] Crocker, D., "Telnet Output Linefeed Disposition", RFC 658,
UCLA-NMC, October 1974.

[RFC698] Tovar, "Telnet Extended ASCII Option", RFC 698, Stanford
University-AI, July 1975.

[RFC726] Postel, J. and D. Crocker, "Remote Controlled Transmission
and Echoing Telnet Option", RFC 726, SRI-ARC, UC Irvine,
March 1977.

[RFC727] Crispin, M., "Telnet Logout Option", RFC 727, Stanford
University-AI, April 1977.

[RFC734] Crispin, M., "SUPDUP Protocol", RFC 734, Stanford,
October 1977.

[RFC735] Crocker, D. and R. Gumpertz, "Revised Telnet Byte Marco
Option", RFC 735, Rand, CMU, November 1977.

[RFC736] Crispin, M., "Telnet SUPDUP Option", Stanford University-AI,
RFC 736, Stanford, October 1977.

[RFC749] Greenberg, B., "Telnet SUPDUP-OUTPUT Option", RFC 749,
MIT-Multics, September 1978.

[RFC779] Killian, E., "Telnet Send-Location Option", RFC 779,
LLL, April 1981.

[RFC856] Postel, J. and J. Reynolds, "Telnet Binary Transmission",
STD 27, RFC 856, USC/Information Sciences Institute, May
1983.

[RFC857] Postel, J. and J. Reynolds, "Telnet Echo Option", STD 28, RFC
857, USC/Information Sciences Institute, May 1983.

[RFC858] Postel, J. and J. Reynolds, "Telnet Suppress Go Ahead
Option", STD 29, RFC 858, USC/Information Sciences Institute,
May 1983.

[RFC859] Postel, J. and J. Reynolds, "Telnet Status Option", STD 30,
RFC 859, USC/Information Sciences Institute, May 1983.

[RFC860] Postel, J. and J. Reynolds, "Telnet Timing Mark Option",
STD 31, RFC 860, USC/Information Sciences Institute, May
1983.

[RFC861] Postel, J. and J. Reynolds, "Telnet Extended Options - List
Option", STD 32, RFC 861, USC/Information Sciences Institute,
May 1983.

[RFC885] Postel, J., "Telnet End of Record Option", RFC 885,
USC/Information Sciences Institute, December 1983.

[RFC927] Anderson, B., "TACACS User Identification Telnet Option",
RFC 927, BBN, December 1984.

[RFC933] Silverman, S., "Output Marking Telnet Option", RFC 933,
MITRE, January 1985.

[RFC946] Nedved, R., "Telnet Terminal Location Number Option",
RFC 946, Carnegie-Mellon University, May 1985.

[RDC1041] Rekhter, J., "Telnet 3270 Regime Option", RFC 1041,
IBM, January 1988.

[RFC1043] Yasuda, A., and T. Thompson, "TELNET Data Entry Terminal
Option DODIIS Implementation", RFC 1043, DIA, February 1988.

[RFC1053] Levy, S., and T. Jacobson, "Telnet X.3 PAD Option",
RFC 1053, Minnesota Supercomputer Center, April 1988.

[RFC1073] Waitzman, D., "Telnet Window Size Option", RFC 1073,
BBN STC, October, 1988.

[RFC1079] Hedrick, C., "Telnet Terminal Speed Option", RFC 1079,
Rutgers University, December 1988.

[RFC1091] VanBokkelen, J., "Telnet Terminal Type Option",
RFC 1091, FTP Software, Inc., February 1989.

[RFC1096] Marcy, G., "Telnet X Display Location Option", RFC 1096,
Carnegie Mellon University, March 1989.

[RFC1184] Borman, D., Editor, "Telnet Linemode Option",
RFC 1184, Cray Research, Inc., October 1990.

[RFC1372] Hedrick, C., and D. Borman, "Telnet Remote Flow Control
Option", RFC 1372, Rutgers University, Cray Research, Inc.,
October 1992.

[RFC1408] Borman, D., Editor, "Telnet Environment Option", RFC 1408,
Cray Research, Inc., January 1993.

[RFC1409] Borman, D., Editor, "Telnet Authentication Option", RFC
1409, Cray Research, Inc., January 1993.

[RFC1572] Alexander, S., Editor, "Telnet Environment Option", RFC1572,
Lachman Technology, Inc., January 1994.

[RFC1647] Kelly, B., "TN3270 Enhancements", RFC1647, Auburn
University, July 1994.

PEOPLE

[BA4] Brian Anderson <baanders@CCQ.BBN.CO>

[CLH3] Charles Hedrick <HEDRICK@ARAMIS.RUTGERS.EDU>

[DB14] Dave Borman <dab@CRAY.COM>

[DW183] David Waitzman <dwaitzman@BBN.COM>

[EAK4] Earl Kill <EAK@MORDOR.S1.GOV>

[GM23] Glenn Marcy <Glenn.Marcy@A.CS.CMU.EDU>

[JBP] Jon Postel <postel@isi.edu>

[MRC] Mark Crispin <MRC@WSMR-SIMTEL20.ARMY.MIL>

[MS56] Marvin Solomon <solomon@CS.WISC.EDU>

[RN6] Rudy Nedved <Rudy.Nedved@CMU-CS-A.>

[Schoch] Steven Schoch <schoch@sheba.arc.nasa.gov>

[SL70] Stuart Levy <slevy@UC.MSC.UMN.EDU>

[SXS] Steve Silverman <Blankert@MITRE-GATEWAY.ORG>

[YXR] Yakov Rekhter <Yakov@IBM.COM>

[]

URL = ftp://ftp.isi.edu/in-notes/iana/assignments/telnet-options

DOMAIN NAME SYSTEM PARAMETERS

The Internet Domain Naming System (DOMAIN) includes several
parameters. These are documented in [RFC1034] and [RFC1035]. The
CLASS parameter is listed here. The per CLASS parameters are defined
in separate RFCs as indicated.

Domain System Parameters:

Decimal Name References
-------- ---- ----------
0 Reserved [PM1]
1 Internet (IN) [RFC1034,PM1]
2 Unassigned [PM1]
3 Chaos (CH) [PM1]
4 Hessoid (HS) [PM1]
5-65534 Unassigned [PM1]
65535 Reserved [PM1]

In the Internet (IN) class the following TYPEs and QTYPEs are defined:

TYPE value and meaning

A 1 a host address [RFC1035]
NS 2 an authoritative name server [RFC1035]
MD 3 a mail destination (Obsolete - use MX) [RFC1035]
MF 4 a mail forwarder (Obsolete - use MX) [RFC1035]
CNAME 5 the canonical name for an alias [RFC1035]
SOA 6 marks the start of a zone of authority [RFC1035]
MB 7 a mailbox domain name (EXPERIMENTAL) [RFC1035]
MG 8 a mail group member (EXPERIMENTAL) [RFC1035]
MR 9 a mail rename domain name (EXPERIMENTAL)[RFC1035]
NULL 10 a null RR (EXPERIMENTAL) [RFC1035]
WKS 11 a well known service description [RFC1035]
PTR 12 a domain name pointer [RFC1035]
HINFO 13 host information [RFC1035]
MINFO 14 mailbox or mail list information [RFC1035]
MX 15 mail exchange [RFC1035]
TXT 16 text strings [RFC1035]

RP 17 for Responsible Person [RFC1183]
AFSDB 18 for AFS Data Base location [RFC1183]
X25 19 for X.25 PSDN address [RFC1183]
ISDN 20 for ISDN address [RFC1183]
RT 21 for Route Through [RFC1183]

NSAP 22 for NSAP address, NSAP style A record [RFC1348]
NSAP-PTR 23 for domain name pointer, NSAP style [RFC1348]

SIG 24 for security signature [Donald Eastlake]
KEY 25 for security key [Donald Eastlake]

PX 26 X.400 mail mapping information [RFC1664]

GPOS 27 Geographical Position [Craig Farrell]

AAAA 28 IP6 Address [Susan Thomson]

AXFR 252 transfer of an entire zone [RFC1035]
MAILB 253 mailbox-related RRs (MB, MG or MR) [RFC1035]
MAILA 254 mail agent RRs (Obsolete - see MX) [RFC1035]
* 255 A request for all records [RFC1035]

REFERENCES

[RFC1034] Mockapetris, P., "Domain Names - Concepts and
Facilities", STD 13, RFC 1034, USC/Information Sciences
Institute, November 1987.

[RFC1035] Mockapetris, P., "Domain Names - Implementation and
Specification", STD 13, RFC 1035, USC/Information Sciences
Institute, November 1987.

[RFC1183] Everhart, C., Mamakos, L., Ullmann, R., and P. Mockapetris,
Editors, "New DNS RR Definitions", RFC 1183, Transarc,
University of Maryland, Prime Computer, USC/Information
Sciences Institute, October 1990.

[RFC1348] Manning, B., "DNS NSAP RRs", RFC 1348, Rice University,
July 1992.

[RFC1664] Allocchio, C., Bonito, A., Cole, B., Giordano, S., and R.
Hagens, "Using the Internet DNS to Distribute RFC1327 Mail
Address Mapping Tables", GARR-Italy, Cisco Systems Inc.,
Centro Svizzero Calcolo Scientifico, Advanced Network &
Services, August 1994.

PEOPLE

[Susan Thomson] Susan Thomson <set@swift.bellcore.com>

[PM1] Paul Mockapetris <pvm@isi.edu>

[Donald Eastlake] Donald E. Eastlake, III <dee@ranger.enet.dec.com>

[Craig Farrell]

[]

URL = ftp://ftp.isi.edu/in-notes/iana/assignments/dns-parameters

MAIL ENCODING HEADER FIELD KEYWORDS

[RFC1505] specifies an initial list of keywords for the experimental
encoding header field (EHF-MAIL), and provides that additional
keywords may be registered with the IANA.

Keyword Description Reference
_______ ___________ ____________

EDIFACT EDIFACT format [RFC1505]
EDI-X12 EDI X12 format [ANSI-X12]
EVFU FORTRAN format [RFC1505]
FS File System format [RFC1505]
Hex Hex binary format [RFC1505]
LZJU90 LZJU90 format [RFC1505]
LZW LZW format [RFC1505]
Message Encapsulated Message [RFC822]
PEM, PEM-Clear Privacy Enhanced Mail [RFC1421]
PGP Pretty Good Privacy [RFC1505]
Postscript Postscript format [POSTSCRIPT]
Shar Shell Archive format [RFC1505]
Signature Signature [RFC1505]
Tar Tar format [RFC1505]
Text Text [IS-10646]
uuencode uuencode format [RFC1505]
URL external URL-reference [RFC1505]

MAIL ENCRYPTION TYPES

[RFC822] specifies that Encryption Types for mail may be assigned.
There are currently no RFC 822 encryption types assigned. Please use
instead the Mail Privacy procedures defined in [RFC1421, RFC1422,
RFC1423].

ESMTP MAIL KEYWORDS

[RFC1651] specifies that extension to SMTP can be identified with
keywords.

Keywords Description Reference

------------ -------------------------------- ---------
SEND Send as mail [RFC821]
SOML Send as mail or terminal [RFC821]
SAML Send as mail and terminal [RFC821]
EXPN Expand the mailing list [RFC821]
HELP Supply helpful information [RFC821]
TURN Turn the operation around [RFC821]
8BITMIME Use 8-bit data [RFC1652]
SIZE Message size declaration [RFC1653]
VERB Verbose [Eric Allman]
ONEX One message transaction only [Eric Allman]

MAIL EXTENSION TYPES

The Simple Mail Transfer Protocol [RFC821] specifies a set of
commands or services for mail transfer. A general procedure for
extending the set of services is defined in [RFC1651]. The set of
service extensions is listed here.

Service Ext EHLO Keyword Parameters Verb Reference
----------- ------------ ---------- ---------- ---------
Send SEND none SEND [RFC821]
Send or Mail SOML none SOML [RFC821]
Send and Mail SAML none SAML [RFC821]
Expand EXPN none EXPN [RFC821]
Help HELP none HELP [RFC821]
Turn TURN none TURN [RFC821]
8 Bit MIME 8BITMIME none none [RFC1652]
Size SIZE number none [RFC1653]

MAIL SYSTEM NAMES

In some places, an identification of other mail systems is used.

One of these is in "The COSINE and Internet X.500 Schema" (section
9.3.18) [RFC1274]. The mail system names listed here are used as the
legal values in that schema under the "otherMailbox" attribute
"mailboxType" type (which must be a PrintableString).

Another place is in "Mapping between X.400(1988) / ISO 10021 and RFC
822" (section 4.2.2) [RFC1327]. The names listed here are used as

the legal values in that schema under the "std-or-address" attribute
"registered-dd-type" type (which must be a "key-string").

Note that key-string = <a-z, A-Z, 0-9, and "-" >.

Mail System Name Description Reference
---------------- ------------------------------- ---------
mcimail MCI Mail

MAIL TRANSMISSION TYPES

The Simple Mail Transfer Protocol [RFC821] and the Standard for the
Format of ARPA Internet Text Messages [RFC822] specify that a set of
"Received" lines will be prepended to the headers of electronic mail
messages as they are transported through the Internet. These received
line may optionally include either or both a "via" phrase and/or a
"with" phrase. The legal values for the phrases are listed here. The
via phrase is intended to indicate the link or physical medium over
which the message was transferred. The with phrase is intended to
indicate the protocol or logical process that was used to transfer the
message.

VIA link types Description Reference
-------------- ---------------------------- ---------
UUCP Unix-to-Unix Copy Program [???]

WITH protocol types Description Reference
------------------- ---------------------------- ---------
SMTP Simple Mail Transfer Protocol [RFC821]
ESMTP SMTP with Service Extensions [RFC1651]

REFERENCES

[ANSI-X12]

[POSTSCRIPT] Adobe Systems Inc., "PostScript Langpuage Reference
Manual", 2nd Edition, 2nd Printing, January 1991.

[IS-10646]

[RFC821] Postel, J., "Simple Mail Transfer Protocol", STD 10, RFC 821,
USC/Information Sciences Institute, August 1982.

[RFC822] Crocker, D., "Standard for the Format of ARPA-Internet Text
Messages", STD 11, RFC 822, UDEL, August 1982.

[RFC1274] Barker, P., and S. Kille, "The COSINE and Internet X.500
Schema", RFC 1274, University College London, November 1991.

[RFC1327] Hardcastle-Kille, S., "Mapping between X.400(1988) / ISO
10021 and RFC 822", RFC 1327, University College London,
May 1992.

[RFC1421] Linn, J., "Privacy Enhancement for Internet Electronic
Mail: Part I: Message Encipherment and Authentication
Procedures", RFC 1421, IAB IRTF PSRG, IETF PEM WG,
February 1993.

[RFC1422] Kent, S., "Privacy Enhancement for Internet
Electronic Mail: Part II -- Certificate-Based Key
Management", BBN, IAB IRTF PSRG, IETF PEM, February 1993.

[RFC1423] Balenson, D., "Privacy Enhancement for Internet Electronic
Mail: Part III -- Algorithms, Modes, and Identifiers",
RFC 1423, TIS, IAB IRTF PSRG, IETF PEM WG, February 1993.

[RFC1505] Costanzo, A., Robinson, D., and R. Ullmann, "Encoding Header
Field for Internet Messages", RFC 1505, AKC Consulting,
Computervision Corporation, August 1993.

[RFC1651] Klensin, J., Freed, N., Rose, M., Stefferud, E., and D.
Crocker, "SMTP Service Extensions", RFC 1651, MCI, Innosoft,
Dover Beach Consulting, Inc., Network Management Associates,
Inc., Silicon Graphics, Inc., July 1994.

[RFC1652] Klensin, J., Freed, N., Rose, M., Stefferud, E., and D.
Crocker, "SMTP Service Extension for 8bit-MIMEtransport",
RFC 1652, MCI, Innosoft, Dover Beach Consulting, Inc.,
Network Management Associates, Inc., Silicon Graphics, Inc.,
July 1994.

[RFC1653] Klensin, J., Freed, N., and K. Moore, "SMTP Service
Extension for Message Size Declaration", RFC 1653,
MCI, Innosoft, University of Tennessee, July 1994.

PEOPLE

[Eric Allman]

[]

URL = ftp://ftp.isi.edu/in-notes/iana/assignments/mail-parameters

BOOTP AND DHCP PARAMETERS

The Bootstrap Protocol (BOOTP) [RFC951] describes an IP/UDP
bootstrap protocol (BOOTP) which allows a diskless client machine to
discover its own IP address, the address of a server host, and the
name of a file to be loaded into memory and executed. The Dynamic
Host Configuration Protocol (DHCP) [RFC1531] provides a framework for
automatic configuration of IP hosts. The "DHCP Options and BOOTP
Vendor Information Extensions" [RFC1533] describes the additions to the
Bootstrap Protocol (BOOTP) which can also be used as options with the
Dynamic Host Configuration Protocol (DHCP).

BOOTP Vendor Extensions and DHCP Options are listed below:

Tag Name Data Length Meaning
--- ---- ----------- -------
0 Pad 0 None
1 Subnet Mask 4 Subnet Mask Value
2 Time Offset 4 Time Offset in
Seconds from UTC
3 Gateways N N/4 Gateway addresses
4 Time Server N N/4 Timeserver addresses
5 Name Server N N/4 IEN-116 Server addresses
6 Domain Server N N/4 DNS Server addresses
7 Log Server N N/4 Logging Server addresses
8 Quotes Server N N/4 Quotes Server addresses
9 LPR Server N N/4 Printer Server addresses
10 Impress Server N N/4 Impress Server addresses
11 RLP Server N N/4 RLP Server addresses
12 Hostname N Hostname string
13 Boot File Size 2 Size of boot file in 512 byte
chunks
14 Merit Dump File Client to dump and name
the file to dump it to
15 Domain Name N The DNS domain name of the
client
16 Swap Server N Swap Server addeess
17 Root Path N Path name for root disk
18 Extension File N Path name for more BOOTP info

19 Forward On/Off 1 Enable/Disable IP Forwarding
20 SrcRte On/Off 1 Enable/Disable Source Routing
21 Policy Filter N Routing Policy Filters
22 Max DG Assembly 2 Max Datagram Reassembly Size
23 Default IP TTL 1 Default IP Time to Live
24 MTU Timeout 4 Path MTU Aging Timeout
25 MTU Plateau N Path MTU Plateau Table

26 MTU Interface 2 Interface MTU Size
27 MTU Subnet 1 All Subnets are Local
28 Broadcast Address 4 Broadcast Address
29 Mask Discovery 1 Perform Mask Discovery
30 Mask Supplier 1 Provide Mask to Others
31 Router Discovery 1 Perform Router Discovery
32 Router Request 4 Router Solicitation Address
33 Static Route N Static Routing Table
34 Trailers 1 Trailer Encapsulation
35 ARP Timeout 4 ARP Cache Timeout
36 Ethernet 1 Ethernet Encapsulation
37 Default TCP TTL 1 Default TCP Time to Live
38 Keepalive Time 4 TCP Keepalive Interval
39 Keepalive Data 1 TCP Keepalive Garbage
40 NIS Domain N NIS Domain Name
41 NIS Servers N NIS Server Addresses
42 NTP Servers N NTP Server Addresses
43 Vendor Specific N Vendor Specific Information
44 NETBIOS Name Srv N NETBIOS Name Servers
45 NETBIOS Dist Srv N NETBIOS Datagram Distribution
46 NETBIOS Note Type 1 NETBIOS Note Type
47 NETBIOS Scope N NETBIOS Scope
48 X Window Font N X Window Font Server
49 X Window Manmager N X Window Display Manager
50 Address Request 4 Requested IP Address
51 Address Time 4 IP Address Lease Time
52 Overload 1 Overloaf "sname" or "file"
53 DHCP Msg Type 1 DHCP Message Type
54 DHCP Server Id 4 DHCP Server Identification
55 Parameter List N Parameter Request List
56 DHCP Message N DHCP Error Message
57 DHCP Max Msg Size 2 DHCP Maximum Message Size
58 Renewal Time 4 DHCP Renewal (T1) Time
59 Rebinding Time 4 DHCP Rebinding (T2) Time
60 Class Id N Class Identifier
61 Client Id N Client Identifier
62 Netware/IP Domain N Netware/IP Domain Name
63 Netware/IP Option N Netware/IP sub Options

64-127 Unassigned
128-154 Reserved

255 End 0 None

REFERENCES

[RFC951] Croft, B., and J. Gilmore, "BOOTSTRAP Protocol (BOOTP)",
RFC-951, Stanford and SUN Microsytems, September 1985.

[RFC1531] Droms, R., "Dynamic Host Configuration Protocol", Bucknell
University, October 1993.

[RFC1533] Alexander, S., and R. Droms, "DHCP Options and BOOTP Vendor
Extensions", Lachman Technology, Inc., Bucknell University,
October 1993.

[]

URL = ftp://ftp.isi.edu/in-notes/iana/assignments/bootp-and-dhcp-
parameters

ADDRESS FAMILY NUMBERS

Several protocols deal with multiple address families. The 16-bit
assignments are listed here.

Number Description Reference
------ ---------------------------------------------------- ---------
0 Reserved
1 IP (IP version 4)
2 IP6 (IP version 6)
3 NSAP
4 HDLC (8-bit multidrop)
5 BBN 1822
6 802 (includes all 802 media plus Ethernet "canonical format")
7 E.163
8 E.164 (SMDS, Frame Relay, ATM)
9 F.69 (Telex)
10 X.121 (X.25, Frame Relay)
11 IPX
12 Appletalk
13 Decnet IV
14 Banyan Vines
65535 Reserved

[]

URL = ftp://ftp.isi.edu/in-notes/iana/assignments/address-family-numbers

FOOBAR AF NUMBERS

In the FTP Operation Over Big Address Records (FOOBAR) Protocol
[RFC1639] there is a field, called "address family" or "af", to
identify the lower level protocol addresses in use. This is an 8 bit
field. The first 16 assignments (0-15) of the af value are exactly
the same as the IP Version number. The assignment for values 16-255
are listed here.

Assigned FOOBAR Address Families

Decimal Keyword Address Family References
------- ------- -------------- ----------
16 IPX Novell IPX
17-254 Unassigned
255 Reserved

REFERENCES

[RFC1639] Piscitello, D., "FTP Operation Over Big Address Records
(FOOBAR)", Core Competence, Inc., June 1994.

[]

URL = ftp://ftp.isi.edu/in-notes/iana/assignments/foobar-af-numbers

DIRECTORY SYSTEM NAMES

In the representation of distinquished names (and possibly other
contexts) of the X.500 Directory system, several unique keywords may
be necessary. For example, in the string representation of
distinguished names [RFC1485].

Keyword Attribute (X.520 keys)
------- ---------------------------------
CN CommonName
L LocalityName
ST StateOrProvinceName
O OrganizationName
OU OrganizationalUnitName
C CountryName

REFERENCES

[RFC1485] Hardcastle-Kille, S., "A String Representation of
Distinguished Names (OSI-DS 23 (v5))", RFC1485, ISODE
Consortium, July 1993.

[]

URL = ftp://ftp.isi.edu/in-notes/iana/assignments/directory-system-names

PUBLISHER IDENTIFICATION CODE

The RFC "A Format for E-Mailing Bibliographic Records" [RFC1357]
establishs a "publisher-ID" code. The IANA registry of these codes is
listed here.

Code Publisher Reference
------ ------------------------------------------------------- ---------
DUMMY for testing only [RFC1357]
TEST for testing only [RFC1357]
ISI Information Sciences Institute [JBP]
of the University of Southern California
UMCS University of Manchester Computer Science Department [TXC]

REFERENCES

[RFC1357] Cohen, D., Editor, "A Format for E-mailing Bibliographic
Records", RFC 1357, USC/Information Sciences Institute,
July 1992.

PEOPLE

[JBP] Jon Postel <postel@isi.edu>

[TXC] Tim Clement <timc@cs.man.ac.uk>

[]

URL = ftp://ftp.isi.edu/in-notes/iana/assignments/publisher-id

OSPF AUTHENTICATION CODES

The Open Shotrest Path First (OSPF) protocols has a provision for
authentication, and the type of authentication can me indicated by a
code number. The following are the registered authentication codes.

Code Authentication Method Reference
---- --------------------- ---------
0 No Authentication [RFC1583]
1 Simple Password Authentication [RFC1583]
2-65535 Reserved

REFERENCES

[RFC1583] Moy, J., "OSPF Version 2", RFC 1583, Proteon, Inc., March
1994.

[RFC1584] Moy, J., "Multicast Extensions to OSPF", RFC 1584, Proteon,
Inc., March 1994.

[RFC1585] Moy, J., "MOSPF: Analysis and Experience", RFC 1585,
Proteon, Inc., March 1994.

[RFC1586] deSouza, O., and M. Rodrigues, "Guidelines for Running OSPF
Over Frame Relay Networks", RFC 1586, AT&T Bell
Laboratories, March 1994.

[RFC1587] Coltun, R., and V. Fuller, "The OSPF NSSA Option", RFC 1587,
RainbowBridge Communications, BARRNet, March 1994.

[]

URL = ftp://ftp.isi.edu/in-notes/iana/assignments/ospf-authentication-
codes

MEDIA TYPES

[RFC1521] specifies that Content Types, Content Subtypes, Character
Sets, Access Types, and Conversion values for MIME mail will be
assigned and listed by the IANA.

Content Types and Subtypes
--------------------------

Type Subtype Description Reference
---- ------- ----------- ---------
text plain [RFC1521,NSB]
richtext [RFC1521,NSB]
tab-separated-values [Paul Lindner]

multipart mixed [RFC1521,NSB]
alternative [RFC1521,NSB]
digest [RFC1521,NSB]
parallel [RFC1521,NSB]
appledouble [MacMime,Patrik Faltstrom]
header-set [Dave Crocker]

message rfc822 [RFC1521,NSB]
partial [RFC1521,NSB]
external-body [RFC1521,NSB]
news [RFC 1036, Henry Spencer]

application octet-stream [RFC1521,NSB]
postscript [RFC1521,NSB]
oda [RFC1521,NSB]
atomicmail [atomicmail,NSB]
andrew-inset [andrew-inset,NSB]
slate [slate,terry crowley]
wita [Wang Info Transfer,Larry Campbell]
dec-dx [Digital Doc Trans, Larry Campbell]
dca-rft [IBM Doc Content Arch, Larry Campbell]
activemessage [Ehud Shapiro]
rtf [Paul Lindner]
applefile [MacMime,Patrik Faltstrom]
mac-binhex40 [MacMime,Patrik Faltstrom]
news-message-id [RFC1036, Henry Spencer]
news-transmission [RFC1036, Henry Spencer]
wordperfect5.1 [Paul Lindner]
pdf [Paul Lindner]
zip [Paul Lindner]
macwriteii [Paul Lindner]

msword [Paul Lindner]
remote-printing [RFC1486,MTR]

image jpeg [RFC1521,NSB]
gif [RFC1521,NSB]
ief Image Exchange Format [RFC1314]
tiff Tag Image File Format [MTR]

audio basic [RFC1521,NSB]

video mpeg [RFC1521,NSB]
quicktime [Paul Lindner]

The "media-types" directory contains a subdirectory for each content
type and each of those directories contains a file for each content
subtype.

|-application-
|-audio-------
|-image-------
|-media-types-|-message-----
|-multipart---
|-text--------
|-video-------

URL = ftp://ftp.isi.edu/in-notes/iana/assignments/media-types

Character Sets
--------------

All of the character sets listed the section on Character Sets are
registered for use with MIME as MIME Character Sets. The
correspondance between the few character sets listed in the MIME
specification [RFC1521] and the list in that section are:

Type Description Reference
---- ----------- ---------
US-ASCII see ANSI_X3.4-1968 below [RFC1521,NSB]
ISO-8859-1 see ISO_8859-1:1987 below [RFC1521,NSB]
ISO-8859-2 see ISO_8859-2:1987 below [RFC1521,NSB]
ISO-8859-3 see ISO_8859-3:1988 below [RFC1521,NSB]
ISO-8859-4 see ISO_8859-4:1988 below [RFC1521,NSB]
ISO-8859-5 see ISO_8859-5:1988 below [RFC1521,NSB]
ISO-8859-6 see ISO_8859-6:1987 below [RFC1521,NSB]
ISO-8859-7 see ISO_8859-7:1987 below [RFC1521,NSB]
ISO-8859-8 see ISO_8859-8:1988 below [RFC1521,NSB]
ISO-8859-9 see ISO_8859-9:1989 below [RFC1521,NSB]

Access Types
------------

Type Description Reference
---- ----------- ---------
FTP [RFC1521,NSB]
ANON-FTP [RFC1521,NSB]
TFTP [RFC1521,NSB]
AFS [RFC1521,NSB]
LOCAL-FILE [RFC1521,NSB]
MAIL-SERVER [RFC1521,NSB]

Conversion Values
-----------------

Conversion values or Content Transfer Encodings.

Type Description Reference
---- ----------- ---------
7BIT [RFC1521,NSB]
8BIT [RFC1521,NSB]
BASE64 [RFC1521,NSB]
BINARY [RFC1521,NSB]
QUOTED-PRINTABLE [RFC1521,NSB]

MIME / X.400 MAPPING TABLES

MIME to X.400 Table

MIME content-type X.400 Body Part Reference
----------------- ------------------ ---------
text/plain
charset=us-ascii ia5-text [RFC1494]
charset=iso-8859-x EBP - GeneralText [RFC1494]
text/richtext no mapping defined [RFC1494]
application/oda EBP - ODA [RFC1494]
application/octet-stream bilaterally-defined [RFC1494]
application/postscript EBP - mime-postscript-body [RFC1494]
image/g3fax g3-facsimile [RFC1494]
image/jpeg EBP - mime-jpeg-body [RFC1494]
image/gif EBP - mime-gif-body [RFC1494]
audio/basic no mapping defined [RFC1494]
video/mpeg no mapping defined [RFC1494]

Abbreviation: EBP - Extended Body Part

X.400 to MIME Table

Basic Body Parts

X.400 Basic Body Part MIME content-type Reference
--------------------- -------------------- ---------
ia5-text text/plain;charset=us-ascii [RFC1494]
voice No Mapping Defined [RFC1494]
g3-facsimile image/g3fax [RFC1494]
g4-class1 no mapping defined [RFC1494]
teletex no mapping defined [RFC1494]
videotex no mapping defined [RFC1494]
encrypted no mapping defined [RFC1494]
bilaterally-defined application/octet-stream [RFC1494]
nationally-defined no mapping defined [RFC1494]
externally-defined See Extended Body Parts [RFC1494]

X.400 Extended Body Part MIME content-type Reference
------------------------- -------------------- ---------
GeneralText text/plain;charset=iso-8859-x[RFC1494]
ODA application/oda [RFC1494]
mime-postscript-body application/postscript [RFC1494]
mime-jpeg-body image/jpeg [RFC1494]
mime-gif-body image/gif [RFC1494]

REFERENCES

[MacMime] Work in Progress.

[RFC1036] Horton, M., and R. Adams, "Standard for Interchange of
USENET Messages", RFC 1036, AT&T Bell Laboratories,
Center for Seismic Studies, December 1987.

[RFC1494] Alvestrand, H., and S. Thompson, "Equivalences between 1988
X.400 and RFC-822 Message Bodies", RFC 1494, SINTEF DELAB,
Soft*Switch, Inc., August 1993.

[RFC1521] Borenstien, N., and N. Freed, "MIME (Multipurpose Internet
Mail Extensions) Part One: Mechanisms for Specifying and
Describing the Format of Internet Message Bodies", RFC 1521,
Bellcore, Innosoft, September 1993.

PEOPLE

[Larry Campbell]

[Dave Crocker] Dave Crocker <dcrocker@mordor.stanford.edu>

[Terry Crowley]

[NSB] Nathaniel Borenstein <nsb@bellcore.com>

[MTR] Marshall Rose <mrose@dbc.mtview.ca.us>

[Paul Lindner]

[PXF] Patrik Faltstrom <paf@nada.kth.se>

[Ehud Shapiro]

[Henry Spencer]

[]

URL = ftp://ftp.isi.edu/in-notes/iana/assignments/media-types/media-
types

CHARACTER SETS

These are the official names for character sets that may be used in
the Internet and may be referred to in Internet documentation. These
names are expressed in ANSI_X3.4-1968 which is commonly called
US-ASCII or simply ASCII. The character set most commonly use in the
Internet and used especially in protocol standards is US-ASCII, this
is strongly encouraged. The use of the name US-ASCII is also
encouraged.

The character set names may be up to 40 characters taken from the
printable characters of US-ASCII. However, no distinction is made
between use of upper and lower case letters.

Character Set Reference
------------- ---------

Name: ANSI_X3.4-1968 [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-6
Alias: ANSI_X3.4-1986
Alias: ISO_646.irv:1991
Alias: ASCII
Alias: ISO646-US
Alias: US-ASCII
Alias: us
Alias: IBM367
Alias: cp367

Name: ISO-10646-UCS-2
Source: the 2-octet Basic Multilingual Plane, aka Unicode
this needs to specify network byte order: the standard
does not specify (it is a 16-bit integer space)

Name: ISO-10646-UCS-4
Source: the full code space. (same comment about byte order,
these are 31-bit numbers.

Name: ISO-10646-UTF-1
Source: Universal Transfer Format (1), this is the multibyte
encoding, that subsets ASCII-7. It does not have byte
ordering issues.

Name: ISO_646.basic:1983 [RFC1345,KXS2]
Source: ECMA registry
Alias: ref

Name: INVARIANT [RFC1345,KXS2]

Name: ISO_646.irv:1983 [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-2
Alias: irv

Name: BS_4730 [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-4
Alias: ISO646-GB
Alias: gb
Alias: uk

Name: NATS-SEFI [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-8-1

Name: NATS-SEFI-ADD [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-8-2

Name: NATS-DANO [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-9-1

Name: NATS-DANO-ADD [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-9-2

Name: SEN_850200_B [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-10
Alias: FI
Alias: ISO646-FI
Alias: ISO646-SE
Alias: se

Name: SEN_850200_C [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-11
Alias: ISO646-SE2
Alias: se2

Name: KS_C_5601-1987 [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-149
Alias: KS_C_5601-1989

Alias: KSC_5601
Alias: korean

Name: ISO-2022-KR [RFC1557,Choi]
Source: RFC-1557 (see also KS_C_5601-1987)

Name: EUC-KR [RFC1557,Choi]
Source: RFC-1557 (see also KS_C_5861-1992)

Name: ISO-2022-JP [RFC1468,Murai]
Source: RFC-1468

Name: ISO-2022-JP-2 [RFC1554,Ohta]
Source: RFC-1554

Name: JIS_C6220-1969-jp [RFC1345,KXS2]
Source: ECMA registry
Alias: JIS_C6220-1969
Alias: iso-ir-13
Alias: katakana
Alias: x0201-7

Name: JIS_C6220-1969-ro [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-14
Alias: jp
Alias: ISO646-JP

Name: IT [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-15
Alias: ISO646-IT

Name: PT [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-16
Alias: ISO646-PT

Name: ES [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-17
Alias: ISO646-ES

Name: greek7-old [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-18

Name: latin-greek [RFC1345,KXS2]

Source: ECMA registry
Alias: iso-ir-19

Name: DIN_66003 [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-21
Alias: de
Alias: ISO646-DE

Name: NF_Z_62-010_(1973) [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-25
Alias: ISO646-FR1

Name: Latin-greek-1 [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-27

Name: ISO_5427 [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-37

Name: JIS_C6226-1978 [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-42

Name: BS_viewdata [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-47

Name: INIS [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-49

Name: INIS-8 [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-50

Name: INIS-cyrillic [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-51

Name: ISO_5427:1981 [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-54

Name: ISO_5428:1980 [RFC1345,KXS2]
Source: ECMA registry

Alias: iso-ir-55

Name: GB_1988-80 [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-57
Alias: cn
Alias: ISO646-CN

Name: GB_2312-80 [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-58
Alias: chinese

Name: NS_4551-1 [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-60
Alias: ISO646-NO
Alias: no

Name: NS_4551-2 [RFC1345,KXS2]
Source: ECMA registry
Alias: ISO646-NO2
Alias: iso-ir-61
Alias: no2

Name: NF_Z_62-010 [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-69
Alias: ISO646-FR
Alias: fr

Name: videotex-suppl [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-70

Name: PT2 [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-84
Alias: ISO646-PT2

Name: ES2 [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-85
Alias: ISO646-ES2

Name: MSZ_7795.3 [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-86

Alias: ISO646-HU
Alias: hu

Name: JIS_C6226-1983 [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-87
Alias: x0208
Alias: JIS_X0208-1983

Name: greek7 [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-88

Name: ASMO_449 [RFC1345,KXS2]
Source: ECMA registry
Alias: ISO_9036
Alias: arabic7
Alias: iso-ir-89

Name: iso-ir-90 [RFC1345,KXS2]
Source: ECMA registry

Name: JIS_C6229-1984-a [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-91
Alias: jp-ocr-a

Name: JIS_C6229-1984-b [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-92
Alias: ISO646-JP-OCR-B
Alias: jp-ocr-b

Name: JIS_C6229-1984-b-add [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-93
Alias: jp-ocr-b-add

Name: JIS_C6229-1984-hand [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-94
Alias: jp-ocr-hand

Name: JIS_C6229-1984-hand-add [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-95
Alias: jp-ocr-hand-add

Name: JIS_C6229-1984-kana [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-96

Name: ISO_2033-1983 [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-98
Alias: e13b

Name: ANSI_X3.110-1983 [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-99
Alias: CSA_T500-1983
Alias: NAPLPS

Name: ISO_8859-1:1987 [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-100
Alias: ISO_8859-1
Alias: ISO-8859-1
Alias: latin1
Alias: l1
Alias: IBM819
Alias: CP819

Name: ISO_8859-2:1987 [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-101
Alias: ISO_8859-2
Alias: ISO-8859-2
Alias: latin2
Alias: l2

Name: T.61-7bit [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-102

Name: T.61-8bit [RFC1345,KXS2]
Alias: T.61
Source: ECMA registry
Alias: iso-ir-103

Name: ISO_8859-3:1988 [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-109
Alias: ISO_8859-3
Alias: ISO-8859-3
Alias: latin3

Alias: l3

Name: ISO_8859-4:1988 [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-110
Alias: ISO_8859-4
Alias: ISO-8859-4
Alias: latin4
Alias: l4

Name: ECMA-cyrillic [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-111

Name: CSA_Z243.4-1985-1 [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-121
Alias: ISO646-CA
Alias: csa7-1
Alias: ca

Name: CSA_Z243.4-1985-2 [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-122
Alias: ISO646-CA2
Alias: csa7-2

Name: CSA_Z243.4-1985-gr [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-123

Name: ISO_8859-6:1987 [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-127
Alias: ISO_8859-6
Alias: ISO-8859-6
Alias: ECMA-114
Alias: ASMO-708
Alias: arabic

Name: ISO_8859-6-E [RFC1556,IANA]
Source: RFC-1556

Name: ISO_8859-6-I [RFC1556,IANA]
Source: RFC-1556

Name: ISO_8859-7:1987 [RFC1345,KXS2]
Source: ECMA registry

Alias: iso-ir-126
Alias: ISO_8859-7
Alias: ISO-8859-7
Alias: ELOT_928
Alias: ECMA-118
Alias: greek
Alias: greek8

Name: T.101-G2 [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-128

Name: ISO_8859-8:1988 [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-138
Alias: ISO_8859-8
Alias: ISO-8859-8
Alias: hebrew

Name: ISO_8859-8-E [RFC1556,Nussbacher]
Source: RFC-1556

Name: ISO_8859-8-I [RFC1556,Nussbacher]
Source: RFC-1556

Name: CSN_369103 [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-139

Name: JUS_I.B1.002 [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-141
Alias: ISO646-YU
Alias: js
Alias: yu

Name: ISO_6937-2-add [RFC1345,KXS2]
Source: ECMA registry and ISO 6937-2:1983
Alias: iso-ir-142

Name: IEC_P27-1 [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-143

Name: ISO_8859-5:1988 [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-144
Alias: ISO_8859-5

Alias: ISO-8859-5
Alias: cyrillic

Name: JUS_I.B1.003-serb [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-146
Alias: serbian

Name: JUS_I.B1.003-mac [RFC1345,KXS2]
Source: ECMA registry
Alias: macedonian
Alias: iso-ir-147

Name: ISO_8859-9:1989 [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-148
Alias: ISO_8859-9
Alias: ISO-8859-9
Alias: latin5
Alias: l5

Name: greek-ccitt [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-150

Name: NC_NC00-10:81 [RFC1345,KXS2]
Source: ECMA registry
Alias: cuba
Alias: iso-ir-151
Alias: ISO646-CU

Name: ISO_6937-2-25 [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-152

Name: GOST_19768-74 [RFC1345,KXS2]
Source: ECMA registry
Alias: ST_SEV_358-88
Alias: iso-ir-153

Name: ISO_8859-supp [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-154
Alias: latin1-2-5

Name: ISO_10367-box [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-155

Name: latin6 [RFC1345,KXS2]
Source: ECMA registry
Alias: iso-ir-157
Alias: l6

Name: latin-lap [RFC1345,KXS2]
Source: ECMA registry
Alias: lap
Alias: iso-ir-158

Name: JIS_X0212-1990 [RFC1345,KXS2]
Source: ECMA registry
Alias: x0212
Alias: iso-ir-159

Name: DS_2089 [RFC1345,KXS2]
Source: Danish Standard, DS 2089, February 1974
Alias: DS2089
Alias: ISO646-DK
Alias: dk

Name: us-dk [RFC1345,KXS2]

Name: dk-us [RFC1345,KXS2]

Name: JIS_X0201 [RFC1345,KXS2]
Alias: X0201

Name: KSC5636 [RFC1345,KXS2]
Alias: ISO646-KR

Name: DEC-MCS [RFC1345,KXS2]
Source: VAX/VMS User's Manual,
Order Number: AI-Y517A-TE, April 1986.
Alias: dec

Name: hp-roman8 [RFC1345,KXS2]
Source: LaserJet IIP Printer User's Manual,
HP part no 33471-90901, Hewlet-Packard, June 1989.
Alias: roman8
Alias: r8

Name: macintosh [RFC1345,KXS2]
Source: The Unicode Standard ver1.0, ISBN 0-201-56788-1, Oct 1991
Alias: mac

Name: IBM037 [RFC1345,KXS2]
Source: IBM NLS RM Vol2 SE09-8002-01, March 1990

Alias: cp037
Alias: ebcdic-cp-us
Alias: ebcdic-cp-ca
Alias: ebcdic-cp-wt
Alias: ebcdic-cp-nl

Name: IBM038 [RFC1345,KXS2]
Source: IBM 3174 Character Set Ref, GA27-3831-02, March 1990
Alias: EBCDIC-INT
Alias: cp038

Name: IBM273 [RFC1345,KXS2]
Source: IBM NLS RM Vol2 SE09-8002-01, March 1990
Alias: CP273

Name: IBM274 [RFC1345,KXS2]
Source: IBM 3174 Character Set Ref, GA27-3831-02, March 1990
Alias: EBCDIC-BE
Alias: CP274

Name: IBM275 [RFC1345,KXS2]
Source: IBM NLS RM Vol2 SE09-8002-01, March 1990
Alias: EBCDIC-BR
Alias: cp275

Name: IBM277 [RFC1345,KXS2]
Source: IBM NLS RM Vol2 SE09-8002-01, March 1990
Alias: EBCDIC-CP-DK
Alias: EBCDIC-CP-NO

Name: IBM278 [RFC1345,KXS2]
Source: IBM NLS RM Vol2 SE09-8002-01, March 1990
Alias: CP278
Alias: ebcdic-cp-fi
Alias: ebcdic-cp-se

Name: IBM280 [RFC1345,KXS2]
Source: IBM NLS RM Vol2 SE09-8002-01, March 1990
Alias: CP280
Alias: ebcdic-cp-it

Name: IBM281 [RFC1345,KXS2]
Source: IBM 3174 Character Set Ref, GA27-3831-02, March 1990
Alias: EBCDIC-JP-E
Alias: cp281

Name: IBM284 [RFC1345,KXS2]
Source: IBM NLS RM Vol2 SE09-8002-01, March 1990

Alias: CP284
Alias: ebcdic-cp-es

Name: IBM285 [RFC1345,KXS2]
Source: IBM NLS RM Vol2 SE09-8002-01, March 1990
Alias: CP285
Alias: ebcdic-cp-gb

Name: IBM290 [RFC1345,KXS2]
Source: IBM 3174 Character Set Ref, GA27-3831-02, March 1990
Alias: cp290
Alias: EBCDIC-JP-kana

Name: IBM297 [RFC1345,KXS2]
Source: IBM NLS RM Vol2 SE09-8002-01, March 1990
Alias: cp297
Alias: ebcdic-cp-fr

Name: IBM420 [RFC1345,KXS2]
Source: IBM NLS RM Vol2 SE09-8002-01, March 1990,
IBM NLS RM p 11-11
Alias: cp420
Alias: ebcdic-cp-ar1

Name: IBM423 [RFC1345,KXS2]
Source: IBM NLS RM Vol2 SE09-8002-01, March 1990
Alias: cp423
Alias: ebcdic-cp-gr

Name: IBM424 [RFC1345,KXS2]
Source: IBM NLS RM Vol2 SE09-8002-01, March 1990
Alias: cp424
Alias: ebcdic-cp-he

Name: IBM437 [RFC1345,KXS2]
Source: IBM NLS RM Vol2 SE09-8002-01, March 1990
Alias: cp437
Alias: 437

Name: IBM500 [RFC1345,KXS2]
Source: IBM NLS RM Vol2 SE09-8002-01, March 1990
Alias: CP500
Alias: ebcdic-cp-be
Alias: ebcdic-cp-ch

Name: IBM850 [RFC1345,KXS2]
Source: IBM NLS RM Vol2 SE09-8002-01, March 1990
Alias: cp850

Alias: 850

Name: IBM851 [RFC1345,KXS2]
Source: IBM NLS RM Vol2 SE09-8002-01, March 1990
Alias: cp851
Alias: 851

Name: IBM852 [RFC1345,KXS2]
Source: IBM NLS RM Vol2 SE09-8002-01, March 1990
Alias: cp852
Alias: 852

Name: IBM855 [RFC1345,KXS2]
Source: IBM NLS RM Vol2 SE09-8002-01, March 1990
Alias: cp855
Alias: 855

Name: IBM857 [RFC1345,KXS2]
Source: IBM NLS RM Vol2 SE09-8002-01, March 1990
Alias: cp857
Alias: 857

Name: IBM860 [RFC1345,KXS2]
Source: IBM NLS RM Vol2 SE09-8002-01, March 1990
Alias: cp860
Alias: 860

Name: IBM861 [RFC1345,KXS2]
Source: IBM NLS RM Vol2 SE09-8002-01, March 1990
Alias: cp861
Alias: 861
Alias: cp-is

Name: IBM862 [RFC1345,KXS2]
Source: IBM NLS RM Vol2 SE09-8002-01, March 1990
Alias: cp862
Alias: 862

Name: IBM863 [RFC1345,KXS2]
Source: IBM Keyboard layouts and code pages, PN 07G4586 June 1991
Alias: cp863
Alias: 863

Name: IBM864 [RFC1345,KXS2]
Source: IBM Keyboard layouts and code pages, PN 07G4586 June 1991
Alias: cp864

Name: IBM865 [RFC1345,KXS2]

Source: IBM DOS 3.3 Ref (Abridged), 94X9575 (Feb 1987)
Alias: cp865
Alias: 865

Name: IBM868 [RFC1345,KXS2]
Source: IBM NLS RM Vol2 SE09-8002-01, March 1990
Alias: CP868
Alias: cp-ar

Name: IBM869 [RFC1345,KXS2]
Source: IBM Keyboard layouts and code pages, PN 07G4586 June 1991
Alias: cp869
Alias: 869
Alias: cp-gr

Name: IBM870 [RFC1345,KXS2]
Source: IBM NLS RM Vol2 SE09-8002-01, March 1990
Alias: CP870
Alias: ebcdic-cp-roece
Alias: ebcdic-cp-yu

Name: IBM871 [RFC1345,KXS2]
Source: IBM NLS RM Vol2 SE09-8002-01, March 1990
Alias: CP871
Alias: ebcdic-cp-is

Name: IBM880 [RFC1345,KXS2]
Source: IBM NLS RM Vol2 SE09-8002-01, March 1990
Alias: cp880
Alias: EBCDIC-Cyrillic

Name: IBM891 [RFC1345,KXS2]
Source: IBM NLS RM Vol2 SE09-8002-01, March 1990
Alias: cp891

Name: IBM903 [RFC1345,KXS2]
Source: IBM NLS RM Vol2 SE09-8002-01, March 1990
Alias: cp903

Name: IBM904 [RFC1345,KXS2]
Source: IBM NLS RM Vol2 SE09-8002-01, March 1990
Alias: cp904
Alias: 904

Name: IBM905 [RFC1345,KXS2]
Source: IBM 3174 Character Set Ref, GA27-3831-02, March 1990
Alias: CP905
Alias: ebcdic-cp-tr

Name: IBM918 [RFC1345,KXS2]
Source: IBM NLS RM Vol2 SE09-8002-01, March 1990
Alias: CP918
Alias: ebcdic-cp-ar2

Name: IBM1026 [RFC1345,KXS2]
Source: IBM NLS RM Vol2 SE09-8002-01, March 1990
Alias: CP1026

Name: EBCDIC-AT-DE [RFC1345,KXS2]
Source: IBM 3270 Char Set Ref Ch 10, GA27-2837-9, April 1987

Name: EBCDIC-AT-DE-A [RFC1345,KXS2]
Source: IBM 3270 Char Set Ref Ch 10, GA27-2837-9, April 1987

Name: EBCDIC-CA-FR [RFC1345,KXS2]
Source: IBM 3270 Char Set Ref Ch 10, GA27-2837-9, April 1987

Name: EBCDIC-DK-NO [RFC1345,KXS2]
Source: IBM 3270 Char Set Ref Ch 10, GA27-2837-9, April 1987

Name: EBCDIC-DK-NO-A [RFC1345,KXS2]
Source: IBM 3270 Char Set Ref Ch 10, GA27-2837-9, April 1987

Name: EBCDIC-FI-SE [RFC1345,KXS2]
Source: IBM 3270 Char Set Ref Ch 10, GA27-2837-9, April 1987

Name: EBCDIC-FI-SE-A [RFC1345,KXS2]
Source: IBM 3270 Char Set Ref Ch 10, GA27-2837-9, April 1987

Name: EBCDIC-FR [RFC1345,KXS2]
Source: IBM 3270 Char Set Ref Ch 10, GA27-2837-9, April 1987

Name: EBCDIC-IT [RFC1345,KXS2]
Source: IBM 3270 Char Set Ref Ch 10, GA27-2837-9, April 1987

Name: EBCDIC-PT [RFC1345,KXS2]
Source: IBM 3270 Char Set Ref Ch 10, GA27-2837-9, April 1987

Name: EBCDIC-ES [RFC1345,KXS2]
Source: IBM 3270 Char Set Ref Ch 10, GA27-2837-9, April 1987

Name: EBCDIC-ES-A [RFC1345,KXS2]
Source: IBM 3270 Char Set Ref Ch 10, GA27-2837-9, April 1987

Name: EBCDIC-ES-S [RFC1345,KXS2]
Source: IBM 3270 Char Set Ref Ch 10, GA27-2837-9, April 1987

Name: EBCDIC-UK [RFC1345,KXS2]
Source: IBM 3270 Char Set Ref Ch 10, GA27-2837-9, April 1987

Name: EBCDIC-US [RFC1345,KXS2]
Source: IBM 3270 Char Set Ref Ch 10, GA27-2837-9, April 1987

Name: UNKNOWN-8BIT [RFC1428]

Name: MNEMONIC [RFC1345,KXS2]
Source: RFC 1345, also known as "mnemonic+ascii+38"

Name: MNEM [RFC1345,KXS2]
Source: RFC 1345, also known as "mnemonic+ascii+8200"

Name: VISCII [RFC1456]
Source: RFC 1456

Name: VIQR [RFC1456]
Source: RFC 1456

Name: KOI8-R [RFC1489]
Source: RFC 1489, based on GOST-19768-74, ISO-6937/8,
INIS-Cyrillic, ISO-5427.

Name: UNICODE-1-1 [RFC1641]
Source: RFC 1641

Name: UNICODE-1-1-UTF-7 [RFC1642]
Source: RFC 1642

REFERENCES

[RFC1345] Simonsen, K., "Character Mnemonics & Character Sets",
RFC 1345, Rationel Almen Planlaegning, Rationel Almen
Planlaegning, June 1992.

[RFC1428] Vaudreuil, G., "Transition of Internet Mail from
Just-Send-8 to 8bit-SMTP/MIME", RFC1428, CNRI, February
1993.

[RFC1456] Vietnamese Standardization Working Group, "Conventions for
Encoding the Vietnamese Language VISCII: VIetnamese
Standard Code for Information Interchange VIQR: VIetnamese
Quoted-Readable Specification Revision 1.1", RFC 1456, May
1993.

[RFC1468] Murai, J., Crispin, M., and E. van der Poel, "Japanese
Character Encoding for Internet Messages", RFC 1468,

Keio University, Panda Programming, June 1993.

[RFC1489] Chernov, A., "Registration of a Cyrillic Character Set",
RFC1489, RELCOM Development Team, July 1993.

[RFC1554] Ohta, M., and K. Handa, "ISO-2022-JP-2: Multilingual
Extension of ISO-2022-JP", RFC1554, Tokyo Institute of
Technology, ETL, December 1993.

[RFC1556] Nussbacher, H., "Handling of Bi-directional Texts in MIME",
RFC1556, Israeli Inter-University, December 1993.

[RFC1557] Choi, U., Chon, K., and H. Park, "Korean Character Encoding
for Internet Messages", KAIST, Solvit Chosun Media,
December 1993.

[RFC1641] Goldsmith, D., and M. Davis, "Using Unicode with MIME",
RFC1641, Taligent, Inc., July 1994.

[RFC1642] Goldsmith, D., and M. Davis, "UTF-7", RFC1642, Taligent,
Inc., July 1994.

PEOPLE

[KXS2] Keld Simonsen <Keld.Simonsen@dkuug.dk>

[Choi] Uhhyung Choi <uhhyung@kaist.ac.kr>

[Murai] Jun Murai <jun@wide.ad.jp>

[Ohta] Masataka Ohta <mohta@cc.titech.ac.jp>

[Nussbacher] Hank Nussbacher <hank@vm.tau.ac.il>

[]

URL = ftp://ftp.isi.edu/in-notes/iana/assignments/character-sets

NETWORK MANAGEMENT PARAMETERS

For the management of hosts and gateways on the Internet a data
structure for the information has been defined. This data structure
should be used with any of several possible management protocols, such
as the "Simple Network Management Protocol" (SNMP) [RFC1157], or the
"Common Management Information Protocol over TCP" (CMOT) [RFC1095].

The data structure is the "Structure and Indentification of Management
Information for TCP/IP-based Internets" (SMI) [RFC1155], and the
"Management Information Base for Network Management of TCP/IP-based
Internets" (MIB-II) [RFC1213].

The SMI includes the provision for panrameters or codes to indicate
experimental or private data structures. These parameter assignments
are listed here.

The older "Simple Gateway Monitoring Protocol" (SGMP) [RFC1028] also
defined a data structure. The parameter assignments used with SGMP
are included here for historical completeness.

The network management object identifiers are under the iso (1), org
(3), dod (6), internet (1), or 1.3.6.1, branch of the name space.

The major branches are:

1 iso
1.3 org
1.3.6 dod
1.3.6.1 internet
1.3.6.1.1 directory
1.3.6.1.2 mgmt
1.3.6.1.2.1 mib-2
1.3.6.1.2.1.2.2.1.3 ifType
1.3.6.1.2.1.10 transmission
1.3.6.1.2.1.10.23 transmission.ppp
1.3.6.1.2.1.27 application
1.3.6.1.2.1.28 mta
1.3.6.1.3 experimental
1.3.6.1.4 private
1.3.6.1.4.1 enterprise
1.3.6.1.5 security
1.3.6.1.6 SNMPv2
1.3.6.1.7 mail

SMI Network Management Directory Codes:

Prefix: iso.org.dod.internet.directory (1.3.6.1.1.)

Decimal Name Description References
------- ---- ----------- ----------
all Reserved Reserved for future use [IANA]

SMI Network Management MGMT Codes:

Prefix: iso.org.dod.internet.mgmt (1.3.6.1.2.)

Decimal Name Description References
------- ---- ----------- ----------
0 Reserved [IANA]
1 MIB [KZM]

Prefix: iso.org.dod.internet.mgmt.mib-2 (1.3.6.1.2.1)

Decimal Name Description References
------- ---- ----------- ----------
0 Reserved Reserved [IANA]
1 system System [RFC1213,KZM]
2 interfaces Interfaces [RFC1213,KZM]
3 at Address Translation [RFC1213,KZM]
4 ip Internet Protocol [RFC1213,KZM]
5 icmp Internet Control Message [RFC1213,KZM]
6 tcp Transmission Control Protocol[RFC1213,KZM]
7 udp User Datagram Protocol [RFC1213,KZM]
8 egp Exterior Gateway Protocol [RFC1213,KZM]
9 cmot CMIP over TCP [RFC1213,KZM]
10 transmission Transmission [RFC1213,KZM]
11 snmp Simple Network Management [RFC1213,KZM]
12 GenericIF Generic Interface Extensions
-- [RFC1229,RFC1239,KZM]
13 Appletalk Appletalk Networking [RFC1243,SXW]
14 ospf Open Shortest Path First [RFC1253,FB77]
15 bgp Border Gateway Protocol [RFC1657]
16 rmon Remote Network Monitoring [RFC1271,SXW]
17 bridge Bridge Objects [RFC1286,EXD]
18 DecnetP4 Decnet Phase 4 [RFC1559, Saperia]
19 Character Character Streams [RFC1658]
20 snmpParties SNMP Parties [RFC1353,KZM]
21 snmpSecrets SNMP Secrets [RFC1353,KZM]
22 snmpDot3RptrMgt [RFC1516]
23 rip-2 Routing Information Protocol [RFC1389]
24 ident Identification Protocol [RFC1414]
25 host Host Resources [RFC1514]
26 snmpDot3MauMgt 802.3 Medium Attachment Units [RFC1515]
27 application Network Services Monitoring [RFC1565]
28 mta Mail Monitoring [RFC1566]
29 dsa X.500 Directory Monitoring [RFC1567]

30 IANAifType Interface Types [RFC1573]
31 ifMIB Interface Types [RFC1573]
32 dns Domain Name System [RFC1611]
33 upsMIB Uninterruptible Power Supplies [RFC1628]
34 sannauMIB SNA NAU MIB [RFC1665]
35 etherMIB Ethernet-like generic objects [RFC1650]
36 sipMIB SMDS inteface objects [RFC1694]
37 atmMIB ATM objects [RFC1695]
38 mdmMIB Dial-up modem objects [RFC1696]
39 rdbmsMIB relational database objects [RFC1697]

Prefix: iso.org.dod.internet.mgmt.mib-2.interface (1.3.6.1.2.1.2)

(1.3.6.1.2.1.2.2.1.3)

ifType definitions

Decimal Name Description
------- ---- -----------
1 other none of the following [RFC1213]
2 regular1822 BBN Report 1822 [RFC1213]
3 hdh1822 BBN Report 1822 [RFC1213]
4 ddn-x25 BBN Report 1822 [RFC1213]
5 x25 X.25 [RFC1382]
6 ethernet-csmacd [RFC1213]
7 IEEE802.3 CSMACD--like Objects [RF1284,JXC]
8 IEEE802.4 Token Bus-like Objects
-- [RFC1230,RFC1239,KZM]
9 IEEE802.5 Token Ring-like Objects
-- [RFC1231,RFC1239,KZM]
10 iso88026-man [RFC1213]
11 starLan [RFC1213]
12 proteon-10Mbit [RFC1213]
13 proteon-80Mbit [RFC1213]
14 hyperchannel [RFC1213]
15 FDDI FDDI Objects [RFC1285,JDC20]
16 lapb LAP B [RFC1381]
17 sdlc [RFC1213]
18 ds1 T1/E1 Carrier Objects [RFC1406]
19 e1 obsolete
20 basicISDN [RFC1213]
21 primaryISDN [RFC1213]
22 propPointToPointSerial [RFC1213]
23 ppp Point-to-Point Protocol [RFC1471]
24 softwareLoopback [RFC1213]
25 eon [RFC1213]
26 ethernet-3Mbit [RFC1213]
27 nsip [RFC1213]

28 slip [RFC1213]
29 ultra [RFC1213]
30 ds3 DS3/E3 Interface Objects [RFC1407]
31 sip SMDS Interface Objects [RFC1304,TXC]
32 frame-relay Frame Relay Objects [RFC1315,CXB]
33 RS-232 RS-232 Objects [RFC1659]
34 Parallel Parallel Printer Objects [RFC1660]
35 arcnet ARC network
36 arcnet-plus ARC network plus
37 atm ATM
38 MIOX25 MIOX25 [RFC1461]
39 SONET SONET or SDH
40 x25ple X.25 packet level [RFC1382]
41 iso88022llc 802.2 LLC
42 localTalk
43 smds-dxi SMDS DXI
44 frameRelayService Frame Relay DCE
45 v35 V.35
46 hssi HSSI
47 hippi HIPPI
48 modem generic modem
49 aal5 AAL5 over ATM
50 sonetPath
51 sonetVT
52 smds-icip SMDS Inter-Carrier Interface Protocol
53 propVirtual proprietary vitural/internal interface
54 propMultiLink proprietary multi-link multiplexing
55 IEEE802.12 100BaseVG
56 fibre-channel Fibre Channel

Prefix: iso.org.dod.internet.mgmt.mib-2.transmission (1.3.6.1.2.1.10)

Decimal Name Description
------- ---- -----------
5 x25 X.25 [RFC1382]
7 IEEE802.3 CSMACD--like Objects [RFC1650]
8 IEEE802.4 Token Bus-like Objects
-- [RFC1230,RFC1239,KZM]
9 IEEE802.5 Token Ring-like Objects
-- [RFC1231,RFC1239,KZM]
15 FDDI FDDI Objects [RFC1285,JDC20]
16 lapb LAP B [RFC1381]
18 ds1 T1 Carrier Objects [RFC1406]
19 e1 E1 Carrier Objects [RFC1406]
23 ppp Point-to-Point Protocol [RFC1471]
30 ds3 DS3/E3 Interface Objects [RFC1407]
31 sip SMDS Interface Objects [RFC1694]
32 frame-relay Frame Relay Objects [RFC1315,CXB]

33 RS-232 RS-232 Objects [RFC1659]
34 Parallel Parallel Printer Objects [RFC1660]
35 arcnet ARC network
36 arcnet-plus ARC network plus
37 atm ATM
38 MIOX25 MIOX25 [RFC1461]
39 sonetMIB SONET MIB [RFC1595]
44 frnetservMIB Frame Relay Service MIB for DCE [RFC1596]

Prefix: iso.org.dod.internet.mgmt.mib-2.transmission (1.3.6.1.2.1.10)

(1.3.6.1.2.1.10.23)

Decimal Name Description References
------- ---- ----------- ----------
1 pppLcp ppp link control [RFC1471]
2 pppSecurity ppp security [RFC1472]
3 pppIp ppp IP network control [RFC1473]
4 pppBridge ppp bridge networl control [RFC1474]

Prefix: iso.org.dod.internet.mgmt.mib-2.application (1.3.6.1.2.1.27)

(1.3.6.1.2.1.27.2.1.3)

assocApplicationProtocol OBJECT-TYPE
SYNTAX OBJECT IDENTIFIER
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"An identification of the protocol being used for the
application. For an OSI Application, this will be the
Application Context. For Internet applications, the IANA
maintains a registry of the OIDs which correspond to
well-known applications. If the application protocol is
not listed in the registry, an OID value of the form
{applTCPProtoID port} or {applUDProtoID port} are used for
TCP-based and UDP-based protocols, respectively. In either
case 'port' corresponds to the primary port number being
used by the protocol."
::= {assocEntry 3}

Decimal Name Description
------- ---- -----------
0 Reserved

(1.3.6.1.2.1.27.3)

(1.3.6.1.2.1.27.4)

-- OIDs of the form {applTCPProtoID port} are intended to be used
-- for TCP-based protocols that don't have OIDs assigned by other
-- means. {applUDPProtoID port} serves the same purpose for
-- UDP-based protocols. In either case 'port' corresponds to
-- the primary port number being used by the protocol. For example,
-- assuming no other OID is assigned for SMTP, an OID of
-- {applTCPProtoID 25} could be used, since SMTP is a TCP-based
-- protocol that uses port 25 as its primary port.

Prefix: iso.org.dod.internet.mgmt.mib-2.mta (1.3.6.1.2.1.28)

(1.3.6.1.2.1.28.2.1.24)

mtaGroupMailProtocol OBJECT-TYPE
SYNTAX OBJECT IDENTIFIER
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"An identification of the protocol being used by this group.
For an group employing OSI protocols, this will be the
Application Context. For Internet applications, the IANA
maintains a registry of the OIDs which correspond to
well-known message transfer protocols. If the application
protocol is not listed in the registry, an OID value of the
form {applTCPProtoID port} or {applUDProtoID port} are used
for TCP-based and UDP-based protocols, respectively. In
either case 'port' corresponds to the primary port number
being used by the group. applTCPProtoID and applUDPProtoID
are defined in [5]."
::= {mtaGroupEntry 24}

Decimal Name Description
------- ---- -----------
0 Reserved

SMI Network Management Experimental Codes:

Prefix: iso.org.dod.internet.experimental (1.3.6.1.3.)

Decimal Name Description References
------- ---- ----------- ----------
0 Reserved [JKR1]
1 CLNS ISO CLNS Objects [GS2]
* 2 T1-Carrier T1 Carrier Objects [FB77]
* 3 IEEE802.3 Ethernet-like Objects [JXC]
* 4 IEEE802.5 Token Ring-like Objects [EXD]
* 5 DECNet-PHIV DECNet Phase IV [JXS2]
* 6 Interface Generic Interface Objects [KZM]

* 7 IEEE802.4 Token Bus-like Objects [KZM]
* 8 FDDI FDDI Objects [JDC20]
9 LANMGR-1 LAN Manager V1 Objects [JXG1]
10 LANMGR-TRAPS LAN Manager Trap Objects [JXG1]
11 Views SNMP View Objects [CXD]
12 SNMP-AUTH SNMP Authentication Objects [KZM]
* 13 BGP Border Gateway Protocol [SW159]
* 14 Bridge Bridge MIB [FB77]
* 15 DS3 DS3 Interface Type [TXB]
* 16 SIP SMDS Interface Protocol [TXB]
* 17 Appletalk Appletalk Networking [SXW]
* 18 PPP PPP Objects [FJK2]
* 19 Character MIB Character MIB [BS221]
* 20 RS-232 MIB RS-232 MIB [BS221]
* 21 Parallel MIB Parallel MIB [BS221]
22 atsign-proxy Proxy via Community [RXF]
* 23 OSPF OSPF MIB [FB77]
24 Alert-Man Alert-Man [LS8]
25 FDDI-Synoptics FDDI-Synoptics [DXP1]
* 26 Frame Relay Frame Relay MIB [CXB]
* 27 rmon Remote Network Management MIB [SXW]
28 IDPR IDPR MIB [RAW44]
29 HUBMIB IEEE 802.3 Hub MIB [DXM5]
30 IPFWDTBLMIB IP Forwarding Table MIB [FB77]
31 LATM MIB [TXB]
32 SONET MIB [TXB]
33 IDENT [MTR]
34 MIME-MHS [MTR]
35 MAUMIB IEEE 802.3 Mau MIB [DXM5]
36 Host Resources Host Resources MIB [SXW]
37 ISIS-MIB Integrated ISIS protocol MIB [CXG]
38 Chassis Chassis MIB [JDC20]
39 ups ups [JDC20]
40 App-Mon Application Monitoring MIB [TXK]
41 ATM UNI ATM [MXA1]
42 FC Fibre Channel [JXC4]
* 43 DNS Domain Name Service [Rob Austein]
44 X.25 X.25 MIB [Dean Throop]
45 Frame Relay Serv. Frame Relay Service MIB [Tracy Cox]
46 Madman-Applications [Ned Freed]
47 Madman-MTA [Ned Freed]
48 Madman-DSA [Ned Freed]
49 Modem [Steve Waldbusser]
50 SNA NAU [Deirdre Kostick]
51 SDLC SDLC [Jeff Hilgeman]
52 DNS Domain Name Service [Jon Saperia]
53 network-objects IP info ix X.500 [Johannsen]
54 printmib [Joel Gyllenskog]

55 rdbmsmib [Robert Purvey]
56 sipMIB [Tracy Brown]
57 stIImib ST-II protocol MIB [Hartmut Wittig]
58 802.5 SSR MIB 802.5 Station Source Routing MIB [KZM]

* = obsoleted

SMI Private Codes:

Prefix: iso.org.dod.internet.private (1.3.6.1.4)

Decimal Name Description References
------- ---- ----------- ----------
0 Reserved [JKR1]
1 enterprise private enterprises [JKR1]

SMI Private Enterprise Codes:

Prefix: iso.org.dod.internet.private.enterprise (1.3.6.1.4.1)

See the file "enterprise-numbers".

SMI Security Codes:

Prefix: iso.org.dod.internet.security (1.3.6.1.5)

Decimal Name Description References
------- ---- ----------- ----------
0 Reserved [JKR1]
1 kerberosV4 Kerberos version 4 objects [1,BCN]
2 kerberosV5 Kerberos version 5 objects [2,BCN]

SMI SNMPv2 Codes:

Prefix: iso.org.dod.internet.snmpv2 (1.3.6.1.6)

SMI mail Codes:

Prefix: iso.org.dod.internet.mail (1.3.6.1.7)

1 mime-mhs

REFERENCES

[1] Miller, S.P., B.C. Neuman, J.I. Schiller, and J.H. Saltzer,
"Project Athena Technical Plan Section E.2.1: Kerberos
Authentication and Authorization System", Project Athena,

MIT, December 1987.

[2] Kohl, J., and B.C. Neuman, "The Kerberos Network
Authentication Service (V5)" work in progress, September
1992.

[RFC1028] Davin, J., J. Case, M. Fedor, and M. Schoffstall, "A Simple
Gateway Monitoring Protocol", RFC 1028, Proteon, Inc.,
University of Tennessee at Knoxville, Cornell University,
Rensselaer Polytechnic Institute, November 1987.

[RFC1095] Warrier, U., and L. Besaw, "The Common Management
Information Services and Protocol over TCP/IP (CMOT)",
RFC 1095, Unisys Corp., Hewlett-Packard, April 1989.

[RFC1155] Rose, M., and K. McCloghrie, "Structure and Identification
of Management Information for TCP/IP-based internets",
STD 16, RFC 1155, Performance Systems International, Hughes
LAN Systems, May 1990.

[RFC1157] Case, J., M. Fedor, M. Schoffstall, and J. Davin,
"A Simple Network Management Protocol", STD 15, RFC 1157,
SNMP Research, Performance Systems International,
Performance Systems International, MIT Laboratory for
Computer Science, May 1990.

[RFC1213] McCloghrie, K., and M. Rose, "Management Information Base
for Network Management of TCP/IP-based internets: MIB-II",
STD 17, RFC 1213, Hughes LAN Systems, Performance Systems
International, March 1991.

[RFC1229] McCloghrie, K., Editor, "Extensions to the Generic-Interface
MIB", RFC 1229, Hughes LAN Systems, Inc., May 1991.

[RFC1230] McCloghrie, K., and R. Fox, "IEEE 802.4 Token Bus MIB",
RFC 1230, Hughes LAN Systems, Inc., Synoptics, Inc.,
May 1991.

[RFC1231] McCloghrie, K., Fox, R., and E. Decker, "IEEE 802.5 Token
Ring MIB", RFC 1231, Hughes LAN Systems, Inc., Synoptics,
Inc., cisco Systems, Inc., May 1991.

[RFC1239] Reynolds, J., "Reassignment of Experimental MIBs to
Standard MIBs", RFC 1239, USC/Information Sciences
Institute, ISI, June 1991.

[RFC1243] Waldbusser, S., Editor, "AppleTalk Management Information
Base", RFC 1243, Carnegie Mellon University, July 1991.

[RFC1253] Baker, F., and R. Coltun, "OSPF Version 2 Management
Information Base", RFC 1253, ACC, Computer Science Center,
August 1991.

[RFC1271] Waldbusser, S., "Remote Network Monitoring Management
Information Base", RFC 1271, Carnegie Mellon University,
November 1991.

[RFC1284] Cook, J., Editor, "Definitions of Managed Objects
for the Ethernet-like Interface Types", RFC 1284, Chipcom
Corporation, December 1991.

[RFC1285] Case, J., "FDDI Management Information Base", RFC 1285,
SNMP Research, Incorporated, January 1992.

[RFC1286] Decker, E., Langille, P., Rijsinghani, A., and K.
McCloghrie, "Definitions of Managed Objects for Bridges",
RFC 1286, cisco Systems, Inc., DEC, Hughes LAN Systems,
Inc., December 1991.

[RFC1304] Cox, T., and K. Tesnik, Editors, "Definitions of Managed
Objects for the SIP Interface Type", RFC 1304, Bell
Communications Research, February 1992.

[RFC1315] Brown, C., Baker, F., and C. Carvalho, "Management
Information Base for Frame Relay DTEs", RFC 1315, Wellfleet
Communications, Inc., Advanced Computer Communications,
April 1992.

[RFC1353] McCloghrie, K., Davin, J., and J. Galvin, "Definitions of
Managed Objects for Administration of SNMP Parties",
RFC 1353, Hughes LAN Systems, Inc., MIT Laboratory for
Computer Science, Trusted Information Systems, Inc.,
July 1992.

[RFC1381] Throop, D., and F. Baker, "SNMP MIB Extension for X.25
LAPB", RFC 1381, Data General Corporation, Advanced Computer
Communications, November 1992.

[RFC1382] Throop, D., Editor, "SNMP MIB Extension for the X.25 Packet
Layer", RFC 1382, Data General Corporation, November 1992.

[RFC1389] Malkin, G., and F. Baker, "RIP Version 2 MIB Extension", RFC
1389, Xylogics, Inc., Advanced Computer Communications,
January 1993.

[RFC1406] Baker, F., and J. Watt, Editors, "Definitions of Managed
Objects for the DS1 and E1 Interface Types", RFC 1406,

Advanced Computer Communications, Newbridge Networks
Corporation, January 1993.

[RFC1407] Cox, T., and K. Tesink, "Definitions of Managed Objects
for the DS3/E3 Interface Type", RFC 1407, Bell
Communications Research, January 1993.

[RFC1414] St. Johns, M., and M. Rose, "Identification MIB", RFC 1414,
US Department of Defense, Dover Beach Consulting, Inc.,
February 1993.

[RFC1461] Throop, D., "SNMP MIB extension for Multiprotocol
Interconnect over X.25", RFC 1461, Data General Corporation,
May 1993.

[RFC1471] Kastenholz, F., "The Definitions of Managed Objects for
the Link Control Protocol of the Point-to-Point Protocol",
RFC 1471, FTP Software, Inc., June 1993.

[RFC1472] Kastenholz, F., "The Definitions of Managed Objects for
the Security Protocols of the Point-to-Point Protocol", RFC
1472, FTP Software, Inc., June 1993.

[RFC1473] Kastenholz, F., "The Definitions of Managed Objects for
the IP Network Control Protocol of the Point-to-Point
Protocol", RFC 1473, FTP Software, Inc., June 1993.

[RFC1474] Kastenholz, F., "The Definitions of Managed Objects for
the Bridge Network Control Protocol of the Point-to-Point
Protocol" RFC 1474, FTP Software, Inc., June 1993.

[RFC1514] Grillo, P., and S. Waldbusser, "Host Resources MIB", RFC
1514, Network Innovations, Intel Corporation, Carnegie
Mellon University, September 1993.

[RFC1515] McMaster, D., McCloghrie, K., and S. Roberts, "Definitions
of Managed Objects for IEEE 802.3 Medium Attachment Units
(MAUs)", RFC 1515, SynOptics Communications, Inc., Hughes
LAN Systems, Inc., Farallon Computing, Inc., September 1993.

[RFC1516] McMaster, D., and K. McCloghrie, "Definitions of Managed
Objects for IEEE 802.3 Repeater Devices", RFC 1516,
SynOptics Communications, Inc., Hughes LAN Systems, Inc.,
September 1993.

[RFC1559] Saperia, J., "DECnet Phase IV MIB Extensions", RFC 1559,
Digital Equipment Corporation, December 1993.

[RFC1565] Kille, S., WG Chair, and N. Freed, Editor, "Network Services
Monitoring MIB", RFC 1565, ISODE Consortium and Innosoft,
January 1994.

[RFC1566] Kille, S., WG Chair, and N. Freed, Editor, "Mail Monitoring
MIB", RFC 1566, ISODE Consortium, Innosoft, January 1994.

[RFC1567] Mansfield, G., and S. Kille, "X.500 Directory Monitoring
MIB", RFC 1567, AIC Systems Laboratory, ISODE Consortium,
January 1994.

[RFC1573] McCloghrie, K., and F. Kastenholz, "Evolution of the
Interfaces Group of MIB-II", RFC 1573, Hughes LAN Systems,
FTP Software, January 1994.

[RFC1595] Brown, T., and K. Tesink, Editors, "Definitions of Managed
Objects for the SONET/SDH Interface Type", RFC 1595,
Bell Communications Research, March 1994.

[RFC1596] Brown, T., Editor, Definitions of Managed Objects for Frame
Relay Service", RFC 1596, Bell Communications Research,
March 1994.

[RFC1611] Austein, R., and J. Saperia, "DNS Server MIB Extensions",
RFC 1611, Epilogue Technology Corporation, Digital Equipment
Corporation, May 1994.

[RFC1628] Case, J., Editor, "UPS Management Information Base", RFC
1628, SNMP Research, Incorporated, May 1994.

[RFC1650] Kastenholz, F., "Definitions of Managed Objects for
the Ethernet-like Interface Types using SMIv2", RFC 1650,
FTP Software, Inc., August 1994.

[RFC1657] Willis, S., Burruss, J., and J. Chu, Editor, "Definitions of
Managed Objects for the Fourth Version of the Border Gateway
Protocol (BGP-4) using SMIv2", RFC 1657, Wellfleet
Communications Inc., IBM Corp., July 1994.

[RFC1658] Stewart, B., "Definitions of Managed Objects for Character
Stream Devices using SMIv2", RFC 1658, Xyplex, Inc., July
1994.

[RFC1659] Stewart, B., "Definitions of Managed Objects for RS-232-like
Hardware Devices using SMIv2", RFC 1659, Xyplex, Inc., July
1994.

[RFC1660] Stewart, B., "Definitions of Managed Objects for

Parallel-printer-like Hardware Devices using SMIv2", RFC
1660, Xyplex, Inc., July
1994.

[RFC1665] Kielczewski, Z., Kostick, D., and K. Shih, Editors,
"Definitions of Managed Objects for SNA NAUs using SMIv2",
RFC 1665, Eicon Technology Corporation, Bell Communications
Research, Novell, July 1994.

[RFC1694] Brown, T., and K. Tesink, Editors, "Definitions of Managed
Objects for SMDS Interfaces using SMIv2", RFC 1694, Bell
Communications Research, August 1994.

[RFC1695] Ahmed, M., and K. Tesink, Editors, "Definitions of Managed
Objects for ATM Management Version 8.0 using SMIv2", RFC
1695, Bell Communications Research, August 1994.

[RFC1696] Barnes, J., Brown, L., Royston, R., and S. Waldbusser,
"Modem Management Information Base (MIB) using SMIv2", RFC
1696, Xylogics, Inc., Motorola, US Robotics, Inc., Carnegie
Mellon University, August 1994.

[RFC1697] Brower, D., Editor, Purvy, B., RDBMSMIB Working Group Chair,
Daniel, A., Sinykin, M., and J. Smith, "Relational Database
Management System (RDBMS) Management Information Base (MIB)
using SMIv2", RFC 1697, The ASK Group, INGRES DBMS
Development, Oracle Corporation, Informix Software, Inc.,
Oracle Corporation, August 1994.

PEOPLE

[Rob Austein]

[BCN] B. Clifford Neuman <bcn@isi.edu>

[BS221] Bob Stewart <STEWART@XYPLEX.COM>

[CXB] Caralyn Brown <cbrown%wellfleet.com@talcott.harvard.edu>

[CXD] Chuck Davin <jrd@ptt.lcs.mit.edu>

[CXG] Chris Gunner <gunner@dsmail.lkg.dec.com>

[Dean Throop]

[DXM5] Donna McMaster <mcmaster@synoptics.com>

[DXP1] David Perkins <dperkins@synoptics.com>

[EXD] Eric Decker <cire@cisco.com>

[FB77] Fred Baker <fbaker@acc.com>

[FJK2]

[GS2] Greg Satz <satz@CISCO.COM>

[IANA] IANA <iana@isi.edu>

[JDC20] Jeffrey Case <case@UTKUX1.UTK.EDU>

[JKR1] Joyce K. Reynolds <jkrey@isi.edu>

[JXC] John Cook <cook@chipcom.com>

[JXG1] Jim Greuel <jimg%hpcndpc@hplabs.hp.com>

[JXS2] Jon Saperia <saperia@tcpjon.enet.dec.com>

[Jeff Hilgeman]

[Johannsen]

[KZM] Keith McCloghrie <KZM@HLS.COM>

[LS8] Louis Steinberg <lou@ARAMIS.RUTGERS.EDU>

[MXA1] Masuma Ahmed <mxa@mail.bellcore.com>

[MTR] Marshall Rose <mrose@dbc.mtview.ca.us>

[RAW44] Robert A. Woodburn <WOODY@SPARTA.COM>

[JXC4] John Chu <jychu@watson.ibm.com>

[Ned Freed]

[Deirdre Kostick]

[Joel Gyllenskog] Joel Gyllenskog <jgyllens@hpdmd48.boi.hp.com>

[Robert Purvey] Robert Purvey <bpurvy@us.oracle.com>

[RXF] Richard Fox <rfox@synoptics.com>

[Jon Saperia] Jon Saperia <saperia@tcpjon.enet.dec.com>

[SW159] Steven Willis <swillis@WELLFLEET.COM>

[SXW] Steve Waldbusser <sw01+@andrew.cmu.edu>

[TXB] Tracy Brown <tacox@mail.bellcore.com>

[TXK] Teemu Kurki <grus@funet.fi>

[Hartmut Wittig]

[]

URL = ftp://ftp.isi.edu/in-notes/iana/assignments/smi-numbers

PRIVATE ENTERPRISE NUMBERS

SMI Network Management Private Enterprise Codes:

Prefix: iso.org.dod.internet.private.enterprise (1.3.6.1.4.1)

This file is

ftp://ftp.isi.edu/in-notes/iana/assignments/enterprise-numbers

Decimal Name References
------- ---- ----------
0 Reserved Joyce K. Reynolds <jkrey@isi.edu>
1 Proteon John A. Shriver <jas@PROTEON.COM>
2 IBM Vik Chandra <vc@ralvm6.vnet.ibm.com>
3 CMU Steve Waldbusser <sw01+@andrew.cmu.edu>
4 Unix Keith Sklower <sklower@okeeffe.berkeley.edu>
5 ACC Art Berggreen <art@SALT.ACC.COM>
6 TWG John Lunny <jlunny@eco.twg.com> (703) 847-4500
7 CAYMAN Beth Miaoulis beth@cayman.com
8 PSI Marty Schoffstahl schoff@NISC.NYSER.NET
9 cisco Greg Satz satz@CISCO.COM
10 NSC Geof Stone geof@NETWORK.COM
11 HP R. Dwight Schettler rds%hpcndm@HPLABS.HP.COM
12 Epilogue Karl Auerbac karl@empirical.com
13 U of Tennessee Jeffrey Case case@UTKUX1.UTK.EDU
14 BBN Robert Hinden <hinden@ENG.SUN.COM>
15 Xylogics, Inc. John R. LoVerso loverso@westford.ccur.com
16 Timeplex Laura Bridge laura@uunet.UU.NET
17 Canstar Sanand Patel sanand@HUB.TORONTO.EDU
18 Wellfleet Caralyn Brown cbrown@wellfleet.com
19 TRW Jay Frederking jayf@blackhole.ind.TRW.COM
20 MIT Jon Rochlis jon@ATHENA.MIT.EDU
21 EON Michael Waters ---none---
22 Spartacus Yoav Kluger ykluger@HAWK.ULOWELL.EDU
23 Novell Steve Bostock steveb@novell.com
24 Spider Systems Peter Reid peter@spider.co.uk
25 NSFNET Hans-Werner Braun HWB@MCR.UMICH.EDU
26 Hughes LAN Systems Keith McCloghrie KZM@HLS.COM
27 Intergraph Guy Streeter guy@guy.bll.ingr.com
28 Interlan Bruce Taber taber@europa.InterLan.COM
29 Vitalink Communications
30 Ulana Bill Anderson wda@MITRE-BEDFORD.ORG
31 NSWC Stephen Northcutt SNORTHC@RELAY-NSWC.NAVY.MIL
32 Santa Cruz Operation Keith Reynolds keithr@SCO.COM
33 Xyplex Bob Stewart STEWART@XYPLEX.COM
34 Cray Hunaid Engineer hunaid@OPUS.CRAY.COM
35 Bell Northern Research Glenn Waters gwaters@BNR.CA

36 DEC Ron Bhanukitsiri rbhank@DECVAX.DEC.COM
37 Touch Brad Benson ---none---
38 Network Research Corp. Bill Versteeg bvs@NCR.COM
39 Baylor College of Medicine Stan Barber SOB@BCM.TMC.EDU
40 NMFECC-LLNL Steven Hunter hunter@CCC.MFECC.LLNL.GOV
41 SRI David Wolfe ctabka@TSCA.ISTC.SRI.COM
42 Sun Microsystems Dennis Yaro yaro@SUN.COM
43 3Com Jeremy Siegel jzs@NSD.3Com.COM
44 CMC Dave Preston ---none---
45 SynOptics David Perkins dperkins@synoptics.com
46 Cheyenne Software Reijane Huai sibal@CSD2.NYU.EDU
47 Prime Computer Mike Spina WIZARD%enr.prime.com@RELAY.CS.NET
48 MCNC/North Carolina Data Network Ken Whitfield ken@MCNC.ORG
49 Chipcom John Cook cook@chipcom.com
50 Optical Data Systems Josh Fielk ---none---
51 gated Jeffrey C. Honig jch@gated.cornell.edu
52 Cabletron Systems Roger Dev ---none---
53 Apollo Computers Jeffrey Buffun jbuffum@APOLLO.COM
54 DeskTalk Systems, Inc. David Kaufman ---none---
55 SSDS Ron Strich ---none---
56 Castle Rock Computing John Sancho ---none---
57 MIPS Computer Systems Charles Marker II marker@MIPS.COM
58 TGV, Inc. Ken Adelman Adelman@TGV.COM
59 Silicon Graphics, Inc. Ronald Jacoby rj@SGI.COM
60 University of British Columbia Don McWilliam mcwillm@CC.UBC.CA
61 Merit Bill Norton wbn@MERIT.EDU
62 FiberCom Eric Rubin err@FIBERCOM.COM
63 Apple Computer Inc Jim Hayes Hayes@APPLE.COM
64 Gandalf Henry Kaijak ---none---
65 Dartmouth Philip Koch Philip.Koch@DARTMOUTH.EDU
66 David Systems Kathryn de Graaf degraaf@davidsys.com
67 Reuter Bob Zaniolo ---none---
68 Cornell Laurie Collinsworth ljc1@cornell.edu
69 LMS L. Michael Sabo Sabo@DOCKMASTER.NCSC.MIL
70 Locus Computing Corp. Arthur Salazar lcc.arthur@SEAS.UCLA.EDU
71 NASA Steve Schoch SCHOCH@AMES.ARC.NASA.GOV
72 Retix Alex Martin ---none---
73 Boeing Jerry Geisler ---none---
74 AT&T Rich Bantel rgb@mtung.att.com
75 Ungermann-Bass Didier Moretti ---none---
76 Digital Analysis Corporation
Skip Koppenhaver stubby!skip@uunet.UU.NET
77 LAN Manager Doug Karl KARL-D@OSU-20.IRCC.OHIO-STATE.EDU
78 Netlabs Jonathan Biggar jon@netlabs.com
79 ICL Jon Infante ---none---
80 Auspex Systems Brian A. Ehrmantraut bae@auspex.com
81 Lannet Company Efrat Ramati ---none---
82 Network Computing Devices Dave Mackie lupine!djm@UUNET.UU.NET

83 Raycom Systems Bruce Willins ---none---
84 Pirelli Focom Ltd. Sam Lau ---none---
85 Datability Software Systems Larry Fischer lfischer@dss.com
86 Network Application Technology Y.C. Wang ---none---
87 LINK (Lokales Informatik-Netz Karlsruhe)
Guenther Schreiner snmp-admin@ira.uka.de
88 NYU Bill Russell russell@cmcl2.NYU.EDU
89 RND Rina Nethaniel ---none---
90 InterCon Systems Corporation Amanda Walker AMANDA@INTERCON.COM
91 Coral Network Corporation Jason Perreault jason@coral.com
92 Webster Computer Corporation Robert R. Elz kre@munnari.oz.au
93 Frontier Technologies Corporation
Prakash Ambegaonkar ---none---
94 Nokia Data Communications Douglas Egan ---none---
95 Allen-Bradely Company
Bill King abvax!calvin.icd.ab.com!wrk@uunet.UU.NET
96 CERN
Jens T. Rasmussen jenst%cernvax.cern.ch@CUNYVM.CUNY.EDU
97 Sigma Network Systems, Inc.
Ken Virgile signet!ken@xylogics.COM
98 Emerging Technologies, Inc.
Dennis E. Baasch etinc!dennis@uu.psi.com
99 SNMP Research Jeffrey Case case@UTKUX1.UTK.EDU
100 Ohio State University
Shamim Ahmed ahmed@nisca.ircc.ohio-state.edu
101 Ultra Network Technologies Julie Dmytryk
Julie_Dmytryk.MKT@usun.ultra.com
102 Microcom Annmarie Freitas ---none---
103 Martin Marietta Astronautic Group David Rageth DAVE@MMC.COM
104 Micro Technology Mike Erlinger mike@lexcel.com
105 Process Software Corporation Bernie Volz VOLZ@PROCESS.COM
106 Data General Corporation
Joanna Karwowska karwowska@dg-rtp.dg.com
107 Bull Company Anthony Berent berent@rdgeng.enet.dec.com
108 Emulex Corporation Jeff Freeman ---none---
109 Warwick University Computing Services
Israel Drori raanan@techunix.technion.ac.il
110 Network General Corporation
James Davidson ngc!james@uunet.UU.NET
111 Oracle John Hanley jhanley@oracle.com
112 Control Data Corporation Nelluri L. Reddy reddy@uc.msc.umn.edu
113 Hughes Aircraft Company Keith McCloghrie KZM@HLS.COM
114 Synernetics, Inc. Jas Parmar jas@synnet.com
115 Mitre Bede McCall bede@mitre.org
116 Hitachi, Ltd. Hirotaka Usuda ---none---
117 Telebit Mark S. Lewis mlewis@telebit.com
118 Salomon Technology Services Paul Maurer II ---none---
119 NEC Corporation Yoshiyuki Akiyama

kddlab!ccs.mt.nec.co.jp!y-akiyam@uunet.uu.net
120 Fibermux Michael Sung msung@ccrelay.fibermux.com
121 FTP Software Inc. Stev Knowles stev@vax.ftp.com
122 Sony Takashi Hagiwara Hagiwara@Sm.Sony.Co.Jp
123 Newbridge Networks Corporation James Watt ---none---
124 Racal-Milgo Information Systems Maurice R. Turcotte
mailrus!uflorida!rm1!dnmrt%rmatl@uunet.UU.NET
125 CR SYSTEMS Soren H. Sorensen ---none---
126 DSET Corporation Dan Shia dset!shia@uunet.UU.NET
127 Computone Bill Versteeg bvs@NCR.COM
128 Tektronix, Inc. Dennis Thomas dennist@tektronix.TEK.COM
129 Interactive Systems Corporation
Steve Alexander stevea@i88.isc.com
130 Banyan Systems Inc.
Deepak Taneja eepak=Taneja%Eng%Banyan@Thing.banyan.com
131 Sintrom Datanet Limited
132 Bell Canada Mark Fabbi markf@gpu.utcs.utoronto.ca
133 Crosscomm Corporation Reuben Sivan crossc!rsivan@uunet.UU.NET
134 Rice University Catherine Foulston cathyf@rice.edu
135 T3Plus Networking, Inc. Harley Frazee harley@io.t3plus.com
136 Concurrent Computer Corporation
John R. LoVerso loverso@westford.ccur.com
137 Basser Paul O'Donnell paulod@cs.su.oz.au
138 Luxcom
139 Artel Jon Ziegler Ziegler@Artel.com
140 Independence Technologies, Inc. (ITI)
Gerard Berthet gerard@indetech.com
141 Frontier Software Development Narendra Popat ---none---
142 Digital Computer Limited Osamu Fujiki ---none---
143 Eyring, Inc. Ron Holt ron@Eyring.COM
144 Case Communications Peter Kumik ---none---
145 Penril DataComm, Inc. Keith Hogan keith%penril@uunet.uu.net
146 American Airlines Bill Keatley ---none---
147 Sequent Computer Systems Scott Hahn sdh@sequent.com
148 Bellcore Kaj Tesink kaj@nvuxr.cc.bellcore.com
149 Konkord Communications Ken Jones konkord!ksj@uunet.uu.net
150 University of Washington
Christopher Wheeler cwheeler@cac.washignton.edu
151 Develcon Sheri Mayhew zaphod!sherim@herald.usask.ca
152 Solarix Systems Paul Afshar paul@solar1.portal.com
153 Unifi Communications Corp. Yigal Hochberg yigal@unifi.com
154 Roadnet Dale Shelton ---none---
155 Network Systems Corp.
Nadya K. El-Afandi nadya@khara.network.com
156 ENE (European Network Engineering) Peter Cox ---none---
157 Dansk Data Elektronik A/S Per Bech Hansen pbh@dde.dk
158 Morning Star Technologies Karl Fox karl@MorningStar.Com
159 Dupont EOP Oscar Rodriguez ---none---

160 Legato Systems, Inc. Jon Kepecs kepecs@Legato.COM
161 Motorola SPS Vince Enriquez enriquez@sps.mot.com
162 European Space Agency (ESA)
Eduardo EDUATO%ESOC.BITNET@CUNYVM.CUNY.EDU
163 BIM Bernard Lemercier bl@sunbim.be
164 Rad Data Communications Ltd. Oft Israel ---none---
165 Intellicom Paul Singh ---none---
166 Shiva Corporation Phil Budne phil@Shiva.COM
167 Fujikura America Debbie Reed ---none---
168 Xlnt Designs INC (XDI) Mike Anello mike@xlnt.com
169 Tandem Computers Rex Davis ---none---
170 BICC David A. Brown fzbicdb@uk.ac.ucl
171 D-Link Systems, Inc. Henry P. Nagai ---none---
172 AMP, Inc. Rick Downs ---none---
173 Netlink Mauro Zallocco ---none---
174 C. Itoh Electronics Larry Davis ---none---
175 Sumitomo Electric Industries (SEI)
Kent Tsuno tsuno@sumitomo.com
176 DHL Systems, Inc.
David B. Gurevich dgurevic@rhubarb.ssf-sys.dhl.com
177 Network Equipment Technologies Mark Tom marktom@tom.net.com
178 APTEC Computer Systems Larry Burton ssds!larryb@uunet.UU.NET
179 Schneider & Koch & Co, Datensysteme GmbH Thomas Ruf tom@rsp.de
180 Hill Air Force Base Russell G. Wilson rwilson@oodis01.af.mil
181 ADC Kentrox Bruce Kropp ktxc8!bruce@uunet.UU.NET
182 Japan Radio Co. Nagayuki Kojima nkojima@lab.nihonmusen.co.jp
183 Versitron Matt Harris ---none---
184 Telecommunication Systems Hugh Lockhart ---none---
185 Interphase Gil Widdowson ---none---
186 Toshiba Corporation Mike Asagami toshiba@mothra.nts.uci.edu
187 Clearpoint Research Corp.
188 Ascom Andrew Smith andrew@hasler.ascom.ch
189 Fujitsu America Chung Lam ---none---
190 NetCom Solutions, Inc. Dale Cabell---none---
191 NCR Cheryl Krupczak clefor@secola.columbia.ncr.com
192 Dr. Materna GmbH Torsten Beyer tb@Materna.de
193 Ericsson Business Communications Gunnar Nilsson ---none---
194 Metaphor Computer Systems Paul Rodwick ---none---
195 Patriot Partners Paul Rodwick ---none---
196 The Software Group Limited (TSG)
Ragnar Paulson tsgfred!ragnar@uunet.UU.NET
197 Kalpana, Inc. Anil Bhavnani ---none---
198 University of Waterloo
R. J. White snmp-tech@watmath.waterloo.edu
199 CCL/ITRI
Ming-Perng Chen N100CMP0%TWNITRI1.BITNET@CUNYVM.CUNY.EDU
200 Coeur Postel Professor Kynikos Special Consultant
201 Mitsubish Cable Industries, Ltd. Masahiko Hori ---none---

202 SMC Lance Sprung ---none---
203 Crescendo Communication, Inc. Prem Jain prem@cres.com
204 Goodall Software Engineering Doug Goodall goodall@crl.com
205 Intecom Brad Parke ---none---
206 Victoria University of Wellington
Jonathan Stone jonathan@isor.vuw.ac.nz
207 Allied Telesis, Inc.
Scott Holley SCOTT_CLINTON_HOLLEY@cup.portal.com
208 Dowty Network Systems A/S Hartvig Ekner hj@dowtyns.dk
209 Protools Glen Arp ---none---
210 Nippon Telegraph and Telephone Corp.
Toshiharu Sugawara sugawara%wink.ntt.jp@RELAY.CS.NET
211 Fujitsu Limited Ippei Hayashi hayashi@sysrap.cs.fujitsu.co.jp
212 Network Peripherals Inc. Creighton Chong cchong@fastnet.com
213 Netronix, Inc. Jacques Roth ---none---
214 University of Wisconsin - Madison
Dave Windorski DAVID.WINDORSKI@MAIL.ADMIN.WISC.EDU
215 NetWorth, Inc. Craig Scott ---none---
216 Tandberg Data A/S Harald Hoeg haho%huldra.uucp@nac.no
217 Technically Elite Concepts, Inc.
Russell S. Dietz Russell_Dietz@Mcimail.com
218 Labtam Australia Pty. Ltd.
Michael Podhorodecki michael@labtam.oz.au
219 Republic Telcom Systems, Inc.
Steve Harris rtsc!harris@boulder.Colorado.edu
220 ADI Systems, Inc. Paul Liu ---none---
221 Microwave Bypass Systems, Inc. Tad Artis ---none---
222 Pyramid Technology Corp. Richard Rein rein@pyramid.com
223 Unisys_Corp Lawrence Brow ---none---
224 LANOPTICS LTD., Israel
Israel Drori raanan@techunix.technion.ac.il
225 NKK Corporation J. Yoshida ---none---
226 MTrade UK Ltd. Peter Delchiappo ---none---
227 Acals Patrick Cheng pcheng@dill.ind.trw.com
228 ASTEC, Inc. Hiroshi Fujii fujii@astec.co.jp
229 Delmarva Power John K. Scoggin, Jr. scoggin@delmarva.com
230 Telematics International, Inc. Kevin Smith ---none---
231 Siemens Nixdorf Informations Syteme AG
Gunther Kroenert ---none---
232 Compaq
233 NetManage, Inc. William Dunn netmanage@cup.portal.com
234 NCSU Computing Center David Joyner david@unity.ncsu.edu
235 Empirical Tools and Technologies
Karl Auerbach karl@empirical.com
236 Samsung Group Hong K. Paik paik@samsung.com
237 Takaoka Electric Mfg. Co., Ltd.
Hidekazu Hagiwara hagiwara@takaoka.takaoka-electric.co.jp
238 Netrix Systems Corporation Eldon S. Mast esm@netrix.com

239 WINDATA Bob Rosenbaum ---none---
240 RC International A/S Carl H. Dreyer chd@rci.dk
241 Netexp Research Henk Boetzkes ---none---
242 Internode Systems Pty Ltd
Simon Hackett simon@ucs.adelaide.edu.au
243 netCS Informationstechnik GmbH
Oliver Korfmacher okorf@bunt.netcs.com
244 Lantronix Rich Lyman rich@alecto.gordian.com
245 Avatar Consultants
Kory Hamzeh ames!avatar.com!kory@harvard.harvard.edu
246 Furukawa Electoric Co. Ltd.
Shoji Fukutomi kddlab!polo.furukawa.co.jp!fuku@uunet.UU.NET
247 AEG Electrcom R. Nurnberg ---none---
248 Richard Hirschmann GmbH & Co.
Heinz Nisi mia@intsun.rus.uni-stuttgart.de
249 G2R Inc. Khalid Hireche ---none---
250 University of Michigan
Tim Howes Tim.Howes@terminator.cc.umich.edu
251 Netcomm, Ltd. W.R. Maynard-Smith ---none---
252 Sable Technology Corporation Rodney Thayer ---none---
253 Xerox Edwards E. Reed ipcontact.cin_ops@xerox.com
254 Conware Computer Consulting GmbH
Michael Sapich sapich@conware.de
255 Compatible Systems Corp. John Gawf gawf@compatible.com
256 Scitec Communications Systems Ltd. Stephen Lewis ---none---
257 Transarc Corporation Pat Barron Pat_Barron@TRANSARC.COM
258 Matsushita Electric Industrial Co., Ltd.
Nob Mizuno mizuno@isl.mei.co.jp
259 ACCTON Technology Don Rooney ---none---
260 Star-Tek, Inc. Carl Madison carl@startek.com
261 Codenoll Tech. Corp. Dan Willie ---none---
262 Formation, Inc. Carl Marcinik ---none---
263 Seiko Instruments, Inc. (SII) Yasuyoshi Watanabe ---none---
264 RCE (Reseaux de Communication d'Entreprise S.A.)
Etienne Baudras-Chardigny ---none---
265 Xenocom, Inc. Sean Welch welch@raven.ulowell.edu
266 KABELRHEYDT Hubert Theissen ---none---
267 Systech Computer Corporation
Brian Petry systech!bpetry@uunet.UU.NET
268 Visual Brian O'Shea bos@visual.com
269 SDD (Scandinavian Airlines Data Denmark A/S)
Per Futtrup ---none---
270 Zenith Electronics Corporation David Lin ---none---
271 TELECOM FINLAND Petri Jokela ---none---
272 BinTec Computersystems Marc Sheldon ms@BinTec.DE
273 EUnet Germany Marc Sheldon ms@Germany.EU.net
274 PictureTel Corporation Oliver Jones oj@pictel.com
275 Michigan State University Lih-Er Wey WEYLE@msu.edu

276 GTE Telecom Incorporated Grant Gifford ---none---
277 Cascade Communications Corp.
Chikong Shue alpo!chi@uunet.uu.net
278 Hitachi Cable, Ltd. Takahiro Asai ---none---
279 Olivetti Marco Framba framba@orc.olivetti.com
280 Vitacom Corporation Parag Rastogi parag@cup.portal.com
281 INMOS Graham Hudspith gwh@inmos.co.uk
282 AIC Systems Laboratories Ltd. Glenn Mansfield glenn@aic.co.jp
283 Cameo Communications, Inc. Alan Brind ---none---
284 Diab Data AB Mats Lindstrom mli@diab.se
285 Olicom A/S Lars Povlsen krus@olicom.dk
286 Digital-Kienzle Computersystems Hans Jurgen Dorr ---none---
287 CSELT(Centro Studi E Laboratori Telecomunicazioni)
Paolo Coppo coppo@cz8700.cselt.stet.it
288 Electronic Data Systems Mark Holobach holobach@tis.eds.com
289 McData Corporation Glenn Levitt gpl0363@mcmail.mcdata.com
290 Harris Corporation David Rhein davidr@ssd.csd.harris.com
291 Technology Dynamics, Inc. Chip Standifer TDYNAMICS@MCIMAIL.COM
292 DATAHOUSE Information Systems Ltd. Kim Le ---none---
293 DSIR Network Group Tony van der Peet srghtvp@grv.dsir.govt.nz
294 Texas Instruments Blair Sanders Blair_Sanders@mcimail.com
295 PlainTree Systems Inc. Paul Chefurka chefurka@plntree.UUCP
296 Hedemann Software Development
Stefan Hedemann 100015.2504@compuserve.com
297 Fuji Xerox Co., Ltd. Hiroshi Kume
Kume%KSPB%Fuji_Xerox@tcpgw.netg.ksp.fujixerox.co.jp
298 Asante Technology Hsiang Ming Ma ---none---
299 Stanford University
RL "Bob" Morgan morgan@jessica.stanford.edu
300 Digital Link Jimmy Tu jimmy@dl.com
301 Raylan Corporation Mark S. Lewis mlewis@telebit.com
302 Datacraft Alan Lloyd alan@datacraft.oz
303 Hughes Keith McCloghrie KZM@HLS.COM
304 Farallon Computing, Inc. Steven Sweeney ---none---
305 GE Information Services Steve Bush sfb@ncoast.org
306 Gambit Computer Communications Zohar Seigal ---none---
307 Livingston Enterprises, Inc.
Steve Willens steve@livingston.com
308 Star Technologies Jim Miner miner@star.com
309 Micronics Computers Inc. Darren Croke dc@micronics.com
310 Basis, Inc. Heidi Stettner heidi@mtxinu.COM
311 Microsoft John M. Ballard jballard@microsoft.com
312 US West Advance Technologies
Donna Hopkins dmhopki@uswat.uswest.com
313 University College London Shaw C. Chuang S.Chuang@cs.ucl.ac.uk
314 Eastman Kodak Company W. James Colosky wjc@tornado.kodak.com
315 Network Resources Corporation Kathy Weninger ---none---
316 Atlas Telecom Bruce Kropp ktxc8!bruce@uunet.UU.NET

317 Bridgeway Umberto Vizcaino ---none---
318 American Power Conversion Corp.
Peter C. Yoest apc!yoest@uunet.uu.net
319 DOE Atmospheric Radiation Measurement Project
Paul Krystosek krystosk@eid.anl.gov
320 VerSteeg CodeWorks Bill Versteeg bvs@NCR.COM
321 Verilink Corp Bill Versteeg bvs@NCR.COM
322 Sybus Corportation Mark T. Dauscher mdauscher@sybus.com
323 Tekelec Bob Grady ---none---
324 NASA Ames Research Cente Nick Cuccia cuccia@nas.nasa.gov
325 Simon Fraser University Robert Urquhart quipu@sfu.ca
326 Fore Systems, Inc. Eric Cooper ecc@fore.com
327 Centrum Communications, Inc. Vince Liu ---none---
328 NeXT Computer, Inc.
Lennart Lovstrand Lennart_Lovstrand@NeXT.COM
329 Netcore, Inc. Skip Morton ---none---
330 Northwest Digital Systems Brian Dockter ---none---
331 Andrew Corporation Ted Tran ---none---
332 DigiBoard Dror Kessler dror@digibd.com
333 Computer Network Technology Corp. Bob Meierhofer ---none---
334 Lotus Development Corp. Bill Flanagan bflanagan@lotus.com
335 MICOM Communication Corporation
Donna Beatty SYSAD@prime.micom.com
336 ASCII Corporation Toshiharu Ohno tony-o@ascii.co.jp
337 PUREDATA Research Tony Baxter tony@puredata.com
338 NTT DATA Yasuhiro Kohata kohata@rd.nttdata.jp
339 Empros Systems International David Taylor dtaylor@ems.cdc.ca
340 Kendall Square Research (KSR) Dave Hudson tdh@uunet.UU.NET
341 Martin Marietta Energy Systems Gary Haney haneyg@ornl.gov
342 Network Innovations Pete Grillo pl0143@mail.psi.net
343 Intel Corporation Brady Orand borand@pcocd2.intel.com
344 Proxar Ching-Fa Hwang cfh@proxar.com
345 Epson Research Center Richard Schneider rschneid@epson.com
346 Fibernet George Sandoval ---none---
347 Box Hill Systems Corporation Tim Jones tim@boxhill.com
348 American Express Travel Related Services
Jeff Carton jcarton@amex-trs.com
349 Compu-Shack Tomas Vocetka OPLER%CSEARN.bitnet@CUNYVM.CUNY.EDU
350 Parallan Computer, Inc. Charles Dulin ---none---
351 Stratacom Clyde Iwamoto cki@strata.com
352 Open Networks Engineering, Inc. Russ Blaesing rrb@one.com
353 ATM Forum Keith McCloghrie KZM@HLS.COM
354 SSD Management, Inc. Bill Rose ---none---
355 Automated Network Management, Inc. Carl Vanderbeek ---none--
356 Magnalink Communications Corporation
David E. Kaufman ---none---
357 TIL Systems, Ltd. Garry McCracken ---none---
358 Skyline Technology, Inc. Don Weir ---none---

359 Nu-Mega Technologies, Inc. Dirk Smith ---none---
360 Morgan Stanley & Co. Inc.
Victor Kazdoba vsk@katana.is.morgan.com
361 Integrated Business Network Michael Bell ---none---
362 L & N Technologies, Ltd. Steve Loring ---none---
363 Cincinnati Bell Information Systems, Inc.
Deron Meranda dmeranda@cbis.COM
364 OSCOM International
Farhad Fozdar f_fozdar@fennel.cc.uwa.edu.au
365 MICROGNOSIS Paul Andon pandon@micrognosis.co.uk
366 Datapoint Corporation Lee Ziegenhals lcz@sat.datapoint.com
367 RICOH Co. Ltd.
Toshio Watanabe watanabe@godzilla.rsc.spdd.ricoh.co.jp
368 Axis Communications AB Martin Gren martin@axis.se
369 Pacer Software Wayne Tackabury wft@pacersoft.com
370 Axon Networks Inc. Robin Iddon axon@cix.clink.co.uk
371 Brixton Systems, Inc. Peter S. Easton easton@brixton.com
372 GSI Etienne Demailly etienne.demailly@gsi.fr
373 Tatung Co., Ltd.
Chih-Yi Chen TCCISM1%TWNTTIT.BITNET@pucc.Princeton.EDU
374 DIS Research LTD. Ray Compton rayc@command.com
375 Quotron Systems, Inc.
Richard P. Stubbs richard@atd.quotron.com
376 Dassault Electronique
Olivier J. Caleff caleff@dassault-elec.fr
377 Corollary, Inc. James L. Gula gula@corollary.com
378 SEEL, Ltd. Ken Ritchie ---none---
379 Lexcel Mike Erlinger mike@lexcel.com
380 Sophisticated Technologies, Inc.
Bill Parducci 70262.1267@compuserve.com
381 OST A. Pele ---none---
382 Megadata Pty Ltd. Andrew McRae andrew@megadata.mega.oz.au
383 LLNL Livermore Computer Center
Dan Nessett nessett@ocfmail.ocf.llnl.gov
384 Dynatech Communications Graham Welling s8000!gcw@uunet.uu.net
385 Symplex Communications Corp. Cyrus Azar ---none---
386 Tribe Computer Works Ken Fujimoto fuji@tribe.com
387 Taligent, Inc. Lorenzo Aguilar lorenzo@taligent.com
388 Symbol Technologies, Inc.
John Kramer +1-408-369-2679 jkramer@psd.symbol.com
389 Lancert Mark Hankin ---none---
390 Alantec Paul V. Fries pvf@alantec.com
391 Ridgeback Solutions
Errol Ginsberg bacchus!zulu!errol@uu2.psi.com
392 Metrix, Inc. D. Venkatrangan venkat@metrix.com
393 Excutive Systems/XTree Company
Dale Cabell cabell@smtp.xtree.com
394 NRL Communication Systems Branch

R. K. Nair nair@itd.nrl.navy.mil
395 I.D.E. Corporation Rob Spade ---none---
396 Matsushita Electric Works, Ltd.
Claude Huss claude@trc.mew.mei.co.jp
397 MegaPAC Ian George ---none---
398 Pilkington Communication Systems Dave Atkinson ---none---
399 Hitachi Computer Products (America), Inc.
Masha Golosovker masha@hicomb.hi.com
400 METEO FRANCE Remy Giraud Remy.Giraud@meteo.fr
401 PRC Inc. Jim Noble noble_jim@prc.com
402 Wal*Mart Stores, Inc. Mike Fitzgerel mlfitzg@wal-mart.com
403 Nissin Electric Company, Ltd. Aki Komatsuzaki (408) 737-0274
404 Distributed Support Information Standard
Mike Migliano <mike@uwm.edu>
405 SMDS Interest Group (SIG)
Elysia C. Tan <ecmt1@sword.bellcore.com>
406 SolCom Systems Ltd. Hugh Evans 0506 873855
407 Bell Atlantic Colin deSa socrates!bm5ld15@bagout.BELL-ATL.COM
408 Advanced Multiuser Technologies Corporation
409 Mitsubishi Electric Corporation
Yoshitaka Ogawa <ogawa@nkai.cow.melco.co.jp>
410 C.O.L. Systems, Inc. Frank Castellucci (914) 277-4312
411 University of Auckland
Nevil Brownlee < n.brownlee@aukuni.ac.nz>
412 Desktop Management Task Force (DMTF)
Dave Perkins <dperkins@synoptics.com>
413 Klever Computers, Inc. Tom Su 408-735-7723 kci@netcom.com
414 Amdahl Corporation Steve Young sy@uts.admahl.com
415 JTEC Pty, Ltd. Jan Bartel (02) 809 6933
416 Matra Communcation Hong-Loc Nguyen (33.1) 34.60.85.25
417 HAL Computer Systems Michael A. Petonic petonic@hal.com
418 Lawrence Berkeley Laboratory Russ Wright wright@lbl.gov
419 Dale Computer Corporation Dean Craven 1-800-336-7483
420 IPTC, Universitaet of Tuebingen
Andreas J. Haug <ahaug@mailserv.zdv.uni-tuebingen.de>
421 Bytex Corporation
Mary Ann Burt <bytex!ws054!maryann@uunet.UU.NET>
422 Cogwheel, Inc. Brian Ellis bri@Cogwheel.COM
423 Lanwan Technologies Thomas Liu (408) 986-8899
424 Thomas-Conrad Corporation Karen Boyd 512-836-1935
425 TxPort Bill VerSteeg bvs@ver.com
426 Compex, Inc. Andrew Corlett BDA@ORION.OAC.UCI.EDU
427 Evergreen Systems, Inc. Bill Grace (415) 897-8888
428 HNV, Inc. James R. Simons jrs@denver.ssds.COM
429 U.S. Robotics, Inc. Chris Rozman chrisr@usr.com
430 Canada Post Corporation Walter Brown +1 613 722-8843
431 Open Systems Solutions, Inc. David Ko davidk@ossi.com
432 Toronto Stock Exchange Paul Kwan (416) 947-4284

433 MamakosTransSys Consulting
Louis A. Mamakos louie@transsys.com
434 EICON Vartan Narikian vartan@eicon.qc.ca
435 Jupiter Systems Russell Leefer rml@jupiter.com
436 SSTI Philip Calas (33) 61 44 19 51
437 Grand Junction Networks Randy Ryals randyr@grandjunction.com
438 Anasazi, Inc. Chad Larson (chad@anasazi.com)
439 Edward D. Jones and Company John Caruso (314) 851-3422
440 Amnet, Inc. Richard Mak mak@amnet.COM
441 Chase Research Kevin Gage ---none---
442 PEER Networks Randy Presuhn randy@peer.com
443 Gateway Communications, Inc. Ed Fudurich ---none---
444 Peregrine Systems Eric Olinger eric@peregrine.com
445 Daewoo Telecom SeeYoung Oh oco@scorpio.dwt.co.kr
446 Norwegian Telecom Research Paul Hoff paalh@brage.nta.no
447 WilTel Anil Prasad anil_prasad@wiltel.com
448 Ericsson-Camtec Satish Popat ---none---
449 Codex Thomas McGinty ---none---
450 Basis Heidi Stettner heidi@mtxinu.COM
451 AGE Logic Syd Logan syd@age.com
452 INDE Electronics Gordon Day gday@inde.ubc.ca
453 ISODE Consortium Steve Kille S.Kille@isode.com
454 J.I. Case Mike Oswald mike@helios.uwsp.edu
455 Trillium Jeff Lawrence j_lawrence@trillium.com
456 Bacchus Inc. Errol Ginsberg bacchus!zulu!errol@uu2.psi.com
457 MCC Doug Rosenthal rosenthal@mcc.com
458 Stratus Computer Dave Snay dks@sw.stratus.com
459 Quotron Richard P. Stubbs richard@atd.quotron.com
460 Beame & Whiteside Carl Beame beame@ns.bws.com
461 Cellular Technical Services Greg Hummel ---none---
462 Shore Microsystems, Inc. Gordon Elam (309) 229-3009
463 Telecommunications Techniques Corp. Tom Nisbet nisbet@tt.com
464 DNPAP (Technical University Delft)
Jan van Oorschot <bJan.vOorschot@dnpap.et.tudelft.nl>
465 Plexcom, Inc. Bruce Miller (805) 522-3333
466 Tylink Stavros Mohlulis (508) 285-0033
467 Brookhaven National Laboratory
Dave Stampf drs@bach.ccd.bnl.gov
468 Computer Communication Systems
Gerard Laborde <Gerard.Laborde@sp1.y-net.fr>
469 Norand Corp. Rose Gorrell 319-269-3100
470 MUX-LAP Philippe Labrosse 514-735-2741
471 Premisys Communications, Inc
Mike MacFaden <premisys!mike@fernwood.mpk.ca.us>
472 Bell South Telecommunications Johnny Walker 205-988-7105
473 J. Stainsbury PLC Steve Parker 44-71-921-7550
474 Ki Research Inc Toni Barckley 410-290-0355x220
475 Wandel and Goltermann Technologies

David Walters 919-941-5730x4203 <walter@wg.com>
476 Emerson Computer Power
Roger Draper 714-457-3638 rdraper@cerf.net
477 Network Software Associates Jeffery Chiao 714-768-4013
478 Procter and Gamble Peter Marshall 513-983-1100x5988
479 Meridian Technology Corporation
Kenneth B. Denson <kdenson@magic.meridiantc.com>
480 QMS, Inc. Bill Lott lott@imagen.com
481 Network Express Tom Jarema 313-761-5051 ITOH@MSEN.COM
482 LANcity Corporation Pam Yassini pam@lancity.com
483 Dayna Communications, Inc.
Sanchaita Datta datta@signus.utah.edu
484 kn-X Ltd. Sam Lau 44 943 467007
485 Sync Research, Inc. Alan Bartky (714) 588-2070
486 PremNet Ken Huang HuangK@rimail.interlan.com
487 SIAC Peter Ripp (212) 383-9061
488 New York Stock Exchange Peter Ripp (212) 383-9061
489 American Stock Exchange Peter Ripp (212) 383-9061
490 FCR Software, Inc. Brad Parker brad@fcr.com
491 National Medical Care, Inc. Robert Phelan (617) 466-9850
492 Dialogue Communication Systemes, S.A.
Klaus Handke +(49) 30 802 24 97
493 NorTele Bjorn Kvile +47 2 48 89 90
494 Madge Networks, Inc.
Duncan Greatwood dgreatwo@madge.mhs.compuserve.com
495 Memotec Communications Graham Higgins ghiggins@teleglobe.com
496 CTON Nick Hennenfent nicholas@cton.com
497 Leap Technology, Inc. George Economou george@leap.com
498 General DataComm, Inc. William Meltzer meltzer@gdc.com
499 ACE Communications, Ltd. Danny On 972-3-570-1423
500 Automatic Data Processing (ADP) Alex Rosin (201) 714-3982
501 Programa SPRITEL Alberto Martinez
Martinez_Alberto_SPRITEL@euskom.spritel.es
502 Adacom Aial Haorch 972-4-899-899
503 Metrodata Ltd Nick Brown 100022.767@compuserve.com
504 Ellemtel Telecommunication Systems Laboratories
Richard G Bruvik Richard.Bruvik@eua.ericsson.se
505 Arizona Public Service Duane Booher DBOOHER@APSC.COM
506 NETWIZ, Ltd., Emanuel Wind eumzvir@techunix.technion.ac.il
507 Science and Engineering Research Council (SERC) Paul Kummer
P.Kummer@daresbury.ac.uk
508 The First Boston Corporation Kevin Chou
csfb1!dbadmin4!kchou@uunet.UU.NET
509 Hadax Electronics Inc. Marian Kramarczyk
73477.2731@compuserve.com
510 VTKK Markku Lamminluoto lamminluoto@vtkes1.vtkk.fi
511 North Hills Israel Ltd. Carmi Cohen carmi@north.hellnet.org
512 TECSIEL R. Burlon sr@teculx.tecsiel.it

513 Bayerische Motoren Werke (BMW) AG Michael Connolly
mconnolly@net.bmw.de
514 CNET Technologies Nelson Su 408-954-8000
515 MCI Kurt Robohm krobohm@mcimail.com
516 Human Engineering AG (HEAG) Urs Brunner
ubrunner@clients.switch.ch
517 FileNet Corporation Joe Raby raby@filenet.com
518 NFT-Ericsson Kjetil Donasen +47 2 84 24 00
519 Dun & Bradstreet Vic Smagovic 908-464-2079
520 Intercomputer Communications Brian Kean 513-745-0500x244
521 Defense Intelligence Agency
Barry Atkinson DIA-DMS@DDN-CONUS.DDN.MIL
522 Telesystems SLW Inc. Joe Magony 416-441-9966
523 APT Communications David Kloper 301-831-1182
524 Delta Airlines Jim Guy 404-715-2948
525 California Microwave Kevin Braun 408-720-6520
526 Avid Technology Inc Steve Olynyk 508-640-3328
527 Integro Advanced Computer Systems
Pascal Turbiez +33-20-08-00-40
528 RPTI Chris Shin 886-2-918-3006
529 Ascend Communications Inc. Marc Hyman 510-769-6001
530 Eden Computer Systems Inc. Louis Brando 305-591-7752
531 Kawasaki-Steel Corp
Tomoo Watanabe nrd@info.kawasaki-steel.co.jp
532 Barclays Malcolm Houghton +44 202 671 212
533 B.U.G., Inc. Isao Tateishi tateishi@bug.co.jp
534 Exide Electronics Brian Hammill hamill@dolphin.exide.com
535 Superconducting Supercollider Lab.
Carl W. Kalbfleisch cwk@irrational.ssc.gov
536 Triticom Jim Bales (612) 937-0772
537 Universal Instruments Corp.
Tom Dinnel BA06791%BINGVAXA.bitnet@CUNYVM.CUNY.EDU
538 Information Resources, Inc. Jeff Gear jjg@infores.com
539 Applied Innovation, Inc. Dean Dayton dean@aicorp.cmhnet.org
540 Crypto AG Roland Luthi luthi@iis.ethz.ch
541 Infinite Networks, Ltd. Sean Harding +44 923 710 277
542 Rabbit Software Bill Kwan kwan@rabbit.com
543 Apertus Technologies Stuart Stanley stuarts@apertus.com
544 Equinox Systems, Inc. Monty Norwood 1-800-275-3500 x293
545 Hayes Microcomputer Products
Chris Roussel hayes!hayes.com!croussel@uunet.UU.NET
546 Empire Technologies Inc. Cheryl Krupczak cheryl@cc.gatech.edu
547 Glaxochem, Ltd. Andy Wilson 0229 52261547
548 KPY Network Partners, Corp.
Gordon Vickers sccs@pizza.netcom.com
549 Agent Technology, Inc. Ibi Dhilla idhilla@genesis.nred.ma.us
550 Dornier GMBH Arens Heinrech 49-7545-8 ext 9337
551 Telxon Corporation Frank Ciotti frankc@teleng.telxon.com

552 Entergy Corporation Louis Cureau 504-364-7630
553 Garrett Communications Inc. Igor Khasin (408) 980-9752
554 Agile Networks, Inc. Dave Donegan ddonegan@agile.com
555 Larscom Sameer Jayakar 415-969-7572
556 Stock Equipment Karl Klebenow 216-543-6000
557 ITT Corporation Kevin M. McCauley kmm@vaxf.acdnj.itt.com
558 Universal Data Systems, Inc.
Howard Cunningham 70400.3671@compuserve.com
559 Sonix Communications, Ltd. David Webster +44 285 641 651
560 Paul Freeman Associates, Inc.
Pete Wilson pwilson@world.std.com
561 John S. Barnes, Corp. Michael Lynch 704-878-4107
562 Northern Telecom, Ltd.
Glenn Waters 613-763-3933 <gwaters@bnr.ca>
563 CAP Debris Patrick Preuss ppr@lfs.hamburg.cap-debris.de
564 Telco Systems NAC Harry Hirani Harry@telco-nac.com
565 Tosco Refining Co Fred Sanderson 510-602-4358
566 Russell Info Sys Atul Desai 714-362-4040
567 University of Salford Richard Letts R.J.Letts@salford.ac.uk
568 NetQuest Corp. Jerry Jacobus netquest@tigger.jvnc.net
569 Armon Networking Ltd. Yigal Jacoby yigal@armon.hellnet.org
570 IA Corporation Didier Fort Didier.Fort@lia.com
571 AU-System Communicaton AB Torbjorn Ryding 8-7267572
572 GoldStar Information & Communications, Ltd.
Soo N. Kim ksn@giconet.gsic.co.kr
573 SECTRA AB Tommy Pedersen tcp@sectra.se
574 ONEAC Corporation Bill Elliot ONEACWRE@AOL.COM
575 Tree Technologies Michael Demjanenko (716) 688-4640
576 GTE Government Systems Henry Hernandez (617) 455-2942
577 Denmac Systems, Inc. Andy Denenberg (708) 291-7760
578 Interlink Computer Sciences, Inc.
Mike Mazurek mfm@interlink.com
579 Bridge Information Systems, Inc. Stephen Harvey (314) 567-8482
580 Leeds and Northrup Australia (LNA) Nigel Cook nigelc@lna.oz.au
581 BHA Computer David Hislop rob@bha.oz.au
582 Newport Systems Solutions, Inc.
Pauline Chen paulinec@netcom.com
583 Atrium Technologies Narender Reddy Vangati vnr@atrium.com
584 ROBOTIKER Maribel Narganes maribel@teletek.es
585 PeerLogic Inc. Ratinder Ahuja ratinder@peerlogic.com
586 Digital Transmittion Systems Bill VerSteeg bvs@ver.com
587 Far Point Communications Bill VerSteeg bvs@ver.com
588 Xircom Bill VerSteeg bvs@ver.com
589 Mead Data Central Stephanie Bowman steph@meaddata.com
590 Royal Bank of Canada N. Lim (416) 348-5197
591 Advantis, Inc. Janet Brehm 813 878-4298
592 Chemical Banking Corp. Paul McDonnell pmcdonnl@world.std.com
593 Eagle Technology Ted Haynes (408) 441-4043

594 British Telecom Ray Smyth rsmyth@bfsec.bt.co.uk
595 Radix BV P. Groenendaal project2@radix.nl
596 TAINET Communication System Corp.
Joseph Chen +886-2-6583000 (R.O.C.)
597 Comtek Services Inc. Steve Harris (703) 506-9556
598 Fair Issac Steve Pasadis apple.com!fico!sxp (415) 472-2211
599 AST Research Inc. Bob Beard bobb@ast.com
600 Soft*Star s.r.l. Ing. Enrico Badella softstar@pol88a.polito.it
601 Bancomm Joe Fontes jwf@bancomm.com
602 Trusted Information Systems, Inc.
James M. Galvin galvin@tis.com
603 Harris & Jeffries, Inc. Deepak Shahane hjinc@CERF.NET
604 Axel Technology Corp. Henry Ngai (714) 455-1688
605 GN Navtel, Inc. Joe Magony 416-479-8090
606 CAP debis Patrick Preuss +49 40 527 28 366
607 Lachman Technology, Inc. Steve Alexander stevea@lachman.com
608 Galcom Networking Ltd.
Zeev Greenblatt galnet@vax.trendline.co.il
609 BAZIS M. van Luijt martin@bazis.nl
610 SYNAPTEL Eric Remond remond@synaptel.fr
611 Investment Management Services, Inc.
J. Laurens Troost rens@stimpys.imsi.com
612 Taiwan Telecommunication Lab
Dennis Tseng LOUIS%TWNMOCTL.BITNET@pucc.Princeton.EDU
613 Anagram Corporation Michael Demjanenko (716) 688-4640
614 Univel John Nunneley jnunnele@univel.com
615 University of California, San Diego
Arthur Bierer abierer@ucsd.edu
616 CompuServe Ed Isaacs, Brian Biggs SYSADM@csi.compuserve.com
617 Telstra - OTC Australia
Peter Hanselmann peterhan@turin.research.otc.com.au
618 Westinghouse Electric Corp.
Ananth Kupanna ananth@access.digex.com
619 DGA Ltd. Tom L. Willis twillis@pintu.demon.co.uk
620 Elegant Communications Inc.
Robert Story Robert.Story@Elegant.COM
621 Experdata Claude Lubin clubin@expdat.gna.org
622 Unisource Business Networks Sweden AB
Goran Sterner gsr@tip.net
623 Molex, Inc. Steven Joffe molex@mcimail.com
624 Quay Financial Software Mick Fleming mickf@quay.ie
625 VMX Inc. Joga Ryali joga@vmxi.cerfnet.com
626 Hypercom, Inc. Noor Chowdhury (602) 548-2113
627 University of Guelph Kent Percival Percival@CCS.UoGuelph.CA
628 DIaLOGIKa Juergen Jungfleisch 0 68 97 9 35-0
629 NBASE Switch Communication
Sergiu Rotenstein 75250.1477@compuserve.com
630 Anchor Datacomm B.V. Erik Snoek sdrierik@diamond.sara.nl

631 PACDATA John Reed johnr@hagar.pacdata.com
632 University of Colorado Evi Nemeth evi@cs.colorado.edu
633 Tricom Communications Limited
Robert Barrett 0005114429@mcimail.com
634 Santix Software GmbH
Michael Santifaller santi%mozart@santix.guug.de
635 FastComm Communications Corp.
Bill Flanagan 70632.1446@compuserve.com
636 The Georgia Institute of Technology
Michael Mealling michael.mealling@oit.gatech.edu
637 Alcatel Data Networks
Douglas E. Johnson doug.e.johnson@adn.sprint.com
638 GTECH Brian Ruptash bar@gtech.com
639 UNOCAL Corporation Peter Ho ho@unocal.com
640 First Pacific Network Randy Hamilton 408-703-2763
641 Lexmark International Don Wright don@lexmark.com
642 Qnix Computer Sang Weon, Yoo swyoo@qns.qnix.co.kr
643 Jigsaw Software Concepts (Pty) Ltd.
Willem van Biljon wvb@itu2.sun.ac.za
644 VIR, Inc. Mark Cotton (215) 364-7955
645 SFA Datacomm Inc. Don Lechthaler lech@world.std.com
646 SEIKO Telecommunication Systems, Inc.
Lyn T. Robertson (503) 526-5638
647 Unified Management Andy Barnhouse (612) 561-4944
648 RADLINX Ltd. Ady Lifshes ady%rndi@uunet.uu.net
649 Microplex Systems Ltd. Henry Lee hyl@microplex.com
650 Objecta Elektronik & Data AB Johan Finnved jf@objecta.se
651 Phoenix Microsystems Bill VerSteeg bvs@ver.com
652 Distributed Systems International, Inc.
Ron Mackey rem@dsiinc.com
653 Evolving Systems, Inc. Judith C. Bettinger judy@evolving.com
654 SAT GmbH Walter Eichelburg 100063.74@compuserve.com
655 CeLAN Technology, Inc. Mark Liu 886--35-772780
656 Landmark Systems Corp.
Steve Sonnenberg steves@socrates.umd.edu
657 Netone Systems Co., Ltd.
YongKui Shao syk@new-news.netone.co.jp
658 Loral Data Systems Jeff Price jprice@cps070.lds.loral.com
659 Cellware Broadband Technology Michael Roth mike@cellware.de
660 Mu-Systems Gaylord Miyata miyata@world.std.com
661 IMC Networks Corp. Jerry Roby (714) 724-1070
662 Octel Communications Corp. Alan Newman (408) 321-5182
663 RIT Technologies LTD. Ghiora Drori drori@dcl.hellnet.org
664 Adtran Jeff Wells 205-971-8000
665 PowerPlay Technologies, Inc. Ray Caruso rayman@csn.org
666 Oki Electric Industry Co., Ltd.
Shigeru Urushibara uru@cs1.cs.oki.co.jp
667 Specialix International Jeremy Rolls jeremyr@specialix.co.uk

668 INESC (Instituto de Engenharia de Sistemas e Computadores)
Pedro Ramalho Carlos prc@inesc.pt
669 Globalnet Communications Real Barriere (514) 651-6164
670 Product Line Engineer SVEC Computer Corp.
Rich Huang msumgr@enya.cc.fcu.edu.tw
671 Printer Systems Corp. Bill Babson bill@prsys.com
672 Contec Micro Electronics USA David Sheih (408) 434-6767
673 Unix Integration Services Chris Howard chris@uis.com
674 Dell Computer Corporation Steven Blair sblair@dell.com
675 Whittaker Electronic Systems Michael McCune mccune@cerf.net
676 QPSX Communications David Pascoe davidp@qpsx.oz.au
677 Loral WDl Mike Aronson Mike_Aronson@msgate.wdl.loral.com
678 Federal Express Corp. Randy Hale (901) 369-2152
679 E-COMMS Inc. Harvey Teale (206) 857-3399
680 Software Clearing House Tom Caris ca@sch.com
681 Antlow Computers LTD. C. R. Bates 44-635-871829
682 Emcom Corp. Mike Swartz emcom@cerf.net
683 Extended Systems, Inc.
Al Youngwerth alberty@tommy.extendsys.com
684 Sola Electric Mike Paulsen (708) 439-2800
685 Esix Systems, Inc. Anthony Chung esix@esix.tony.com
686 3M/MMM Chris Amley ccamley@mmm.com
687 Cylink Corp. Ed Chou ed@cylink.com
688 Znyx Advanced Systems Division, Inc.
Alan Deikman aland@netcom.com
689 Texaco, Inc. Jeff Lin linj@Texaco.com
690 McCaw Cellular Communication Corp. Tri Phan tri.phan@mccaw.com
691 ASP Computer Product Inc. Elise Moss 71053.1066@compuserve.com
692 HiPerformance Systems Mike Brien +27-11-806-1000
693 Regionales Rechenzentrum
Sibylle Schweizer unrz54@daphne.rrze.uni-erlangen.de
694 SAP AG Dr. Uwe Hommel +49 62 27 34 0
695 ElectroSpace System Inc.
Dr. Joseph Cleveland e03353@esitx.esi.org
696 ( Unassigned )
697 MultiPort Software Reuben Sivan 72302.3262@compuserve.com
698 Combinet, Inc. Samir Sawhney samir@combinet.com
699 TSCC Carl Wist carlw@tscc.com
700 Teleos Communications Inc. Bill Nayavich wln@teleoscom.com
701 Alta Research Amy Saperstein (305) 428-8535
702 Independence Blue Cross Bill Eshbach esh@ibx.com
703 ADACOM Station Interconnectivity LTD.
Itay Kariv +9 72 48 99 89 9
704 MIROR Systems Frank Kloes +27 12 911 0003
705 Merlin Gerin Adam Stolinski (714) 557-1637 x249
706 Owen-Corning Fiberglas Tom Mann mann.td@ocf.compuserve.com
707 Talking Networks Inc. Terry Braun tab@lwt.mtxinu.com
708 Cubix Corporation Rebekah Marshall (702) 883-7611

709 Formation Inc. Bob Millis bobm@formail.formation.com
710 Lannair Ltd. Pablo Brenner pablo@lannet.com
711 LightStream Corp. Chris Chiotasso chris@lightstream.com
712 LANart Corp. Doron I. Gartner doron@lanart.com
713 University of Stellenbosch Graham Phillips phil@cs.sun.ac.za
714 Wyse Technology Bill Rainey bill@wyse.com
715 DSC Communications Corp. Colm Bergin cbergin@cpdsc.com
716 NetEc Thomas Krichel netec@uts.mcc.ac.uk
717 Breltenbach Software Engineering Hilmar Tuneke +02 92 49 70 00
718 Victor Company of Japan,Limited
Atsushi Sakamoto 101176.2703@compuserve.com
719 Japan Direx Corporation Teruo Tomiyama +81 3 3498 5050
720 NECSY Network Control Systems S.p.A. Piero Fiozzo fip@necsy.it
721 ISDN Systems Corp. Jeff Milloy p00633@psilink.com
722 Zero-One Technologies, LTD. Curt Chen + 88 62 56 52 32 33
723 Radix Technologies, Inc. Steve Giles giless@delphi.com
724 National Institute of Standards and Technology
Jim West west@mgmt3.ncsl.nist.gov
725 Digital Technology Inc. Chris Gianattasio gto@lanhawk.com
726 Castelle Corp. Waiming Mok wmm@castelle.com
727 Presticom Inc. Martin Dube 76270.2672@compuserve.com
728 Showa Electric Wire & Cable Co., Ltd.
Robert O'Grady kfn@tanuki.twics.co.jp
729 SpectraGraphics Jack Hinkle hinkle@spectra.com
730 Connectware Inc. Rick Downs rxd4@acsysinc.com
731 Wind River Systems Emily Hipp hipp@wrs.com
732 RADWAY International Ltd. Doron Kolton 0005367977@mcimail.com
733 System Management ARTS, Inc. Alexander Dupuy dupuy@smarts.com
734 Persoft, Inc. Steven M. Entine entine@pervax.persoft.com
735 Xnet Technology Inc. Esther Chung estchung@xnet-tech.com
736 Unison-Tymlabs Dean Andrews ada@unison.com
737 Micro-Matic Research Patrick Lemli 73677.2373@compuserve.com
738 B.A.T.M. Advance Technologies
Nahum Killim bcrystal@actcom.co.il
739 University of Copenhagen Kim H|glund shotokan@diku.dk
740 Network Security Systems, Inc.
Carleton Smith rpitt@nic.cerf.net
741 JNA Telecommunications Sean Cody seanc@jna.com.au
742 Encore Computer Corporation Tony Shafer tshafer@encore.com
743 Central Intelligent Agency Carol Jobusch 703 242-2485
744 ISC (GB) Limited Mike Townsend miket@cix.compulink.co.uk
745 Digital Communication Associates Ravi Shankar shankarr@dca.com
746 CyberMedia Inc. Unni Warrier unni@cs.ucla.edu
747 Distributed Systems International, Inc.
Ron Mackey rem@dsiinc.com
748 Peter Radig EDP-Consulting Peter Radig +49 69 9757 6100
749 Vicorp Interactive Systems Phil Romine phil@vis.com
750 Inet Inc. Bennie Lopez brl@inetinc.com

751 Argonne National Laboratory Michael Shaffer mashaffer@anl.gov
752 Tek Logix Peter Palsall 905 625-4121
753 North Western University Phil Draughon jpd@nwu.edu
754 Astarte Fiber Networks James Garnett garnett@catbelly.com
755 Diederich & Associates, Inc.
Douglas Capitano dlcapitano@delphi.com
756 Florida Power Corporation Bob England rengland@fpc.com
757 ASK/INGRES Howard Dernehl howard@ingres.com
758 Open Network Enterprise Spada Stefano +39 39 245-8101
759 The Home Depot Keith Porter ktp01@homedepot.com
760 Pan Dacom Telekommunikations Jens Andresen +49 40 644 09 71
761 NetTek Steve Kennedy steve@gbnet.com
762 Karlnet Corp. Doug Kall kbridge@osu.edu
763 Efficient Networks, Inc. Thirl Johnson (214) 991-3884
764 Fiberdata Jan Fernquist +46 828 8383
765 Lanser Emil Smilovici (514) 485-7104
766 Telebit Communications A/S Peder Chr. Norgaard pcn@tbit.dk
767 HILAN GmbH Markus Pestinger markus@lahar.ka.sub.org
768 Network Computing Inc.
Fredrik Noon fnoon@ncimail.mhs.compuserve.com
769 Walgreens Company Denis Renaud (708) 818-4662
770 Internet Initiative Japan Inc. Toshiharu Ohno tony-o@iij.ad.jp
771 GP van Niekerk Ondernemings
Gerrit van Niekerk gvanniek@dos-lan.cs.up.ac.za
772 DSP & Telecoms Research Group
Patrick McGleenon p.mcgleenon@ee.queens-belfast.ac.uk
773 Securities Industry Automation Corporation
Chiu Szeto cszeto@prism.poly.edu
774 SYNaPTICS David Gray david@synaptics.ie
775 Data Switch Corporation Joe Welfeld jwelfeld@dasw.com
776 Telindus Distribution Karel Van den Bogaert kava@telindus.be
777 MAXM Systems Corporation Gary Greathouse ggreathouse@maxm.com
778 Fraunhofer Gesellschaft
Jan Gottschick jan.gottschick@isst.fhg.de
779 EQS Business Services Ken Roberts kroberts@esq.com
780 CNet Technology Inc. Repus Hsiung idps17@shts.seed.net.tw
781 Datentechnik GmbH Thomas Pischinger +43 1 50100 266
782 Network Solutions Inc. Dave Putman davep@netsol.com
783 Viaman Software Vikram Duvvoori info@viman.com
784 Schweizerische Bankgesellschaft Zuerich
Roland Bernet Roland.Bernet@zh014.ubs.ubs.ch
785 University of Twente - TIOS Aiko Pras pras@cs.utwente.nl
786 Simplesoft Inc. Sudhir Pendse sudhir@netcom.com
787 Stony Brook, Inc. Ken Packert p01006@psilink.com
788 Unified Systems Solutions, Inc.
Steven Morgenthal smorgenthal@attmail.com
789 Network Appliance Corporation
Varun Mehta varun@butch.netapp.com

790 Ornet Data Communication Technologies Ltd.
Haim Kurz haim@ornet.co.il
791 Computer Associates International
Glenn Gianino giagl01@usildaca.cai.com
792 Multipoint Network Inc. Michael Nguyen mike@multipoint.com
793 NYNEX Science & Technology Lily Lau llau@nynexst.com
794 Commercial Link Systems Wiljo Heinen wiljo@freeside.cls.de
795 Adaptec Inc. Tom Battle tab@lwt.mtxinu.com
796 Softswitch Charles Springer cjs@ssw.com
797 Link Technologies, Inc. Roy Chu royc@wyse.com
798 IIS Olry Rappaport iishaifa@attmail.com
799 Mobile Solutions Inc. Dale Shelton dshelton@srg.srg.af.mil
800 Xylan Corp. Burt Cyr burt@xylan.com
801 Airtech Software Forge Limited
Callum Paterson tsf@cix.compulink.co.uk
802 National Semiconductor Maurice Turcotte mturc@atlanta.nsc.com
803 Video Lottery Technologies Angelo Lovisa ange@awd.cdc.com
804 National Semiconductor Corp Waychi Doo wcd@berlioz.nsc.com
805 Applications Management Corp
Terril (Terry) Steichen tjs@washington.ssds.com
806 Travelers Insurance Company Eric Miner ustrv67v@ibmmail.com
807 Taiwan International Standard Electronics Ltd.
B. J. Chen bjchen@taisel.com.tw
808 US Patent and Trademark Office Rick Randall randall@uspto.gov
809 Hynet, LTD. Amir Fuhrmann amf@teleop.co.il
810 Aydin, Corp. Rick Veher (215) 657-8600
811 ADDTRON Technology Co., LTD. Tommy Tasi +8 86-2-4514507
812 Fannie Mae David King s4ujdk@fnma.com
813 MultiNET Services Hubert Martens martens@multinet.de
814 GECKO mbH Holger Dopp hdo@gecko.de
815 Memorex Telex Mike Hill hill@raleng.mtc.com
816 Advanced Communications Networks (ACN) SA
Antoine Boss +41 38 247434
817 Telekurs AG Jeremy Brookfield bkj@iris.F2.telekurs.ch
818 Victron bv Jack Stiekema jack@victron.nl
819 CF6 Company Francois Caron +331 4696 0060
820 Walker Richer and Quinn Inc.
Rebecca Higgins rebecca@elmer.wrq.com
821 Saturn Systems Paul Parker paul_parker@parker.fac.cs.cmu.edu
822 Mitsui Marine and Fire Insurance Co. LTD.
Kijuro Ikeda +813 5389 8111
823 Loop Telecommunication International, Inc.
Charng-Show Li +886 35 787 696
824 Telenex Corporation James Krug (609) 866-1100
825 Bus-Tech, Inc. Charlie Zhang chun@eecs.cory.berkley.edu
826 ATRIE Fred B.R. Tuang cmp@fddi3.ccl.itri.org.tw
827 Gallagher & Robertson A/S Arild Braathen arild@gar.no
828 Networks Northwest, Inc. John J. Hansen jhansen@networksnw.com

829 Conner Peripherials Richard Boyd rboyd@mailserver.conner.com
830 Elf Antar France P. Noblanc +33 1 47 44 45 46
831 Lloyd Internetworking Glenn McGregor glenn@lloyd.com
832 Datatec Industries, Inc. Chris Wiener cwiener@datatec.com
833 TAICOM Scott Tseng cmp@fddi3.ccl.itri.org.tw
834 Brown's Operating System Services Ltd.
Alistair Bell alistair@ichthya.demon.co.uk
835 MiLAN Technology Corp. Gopal Hegde gopal@milan.com
836 NetEdge Systems, Inc. Dave Minnich Dave_Minnich@netedge.com
837 NetFrame Systems George Mathew george_mathew@netframe.com
838 Xedia Corporation Colin Kincaid colin%madway.uucp@dmc.com
839 Pepsi Niraj Katwala niraj@netcom.com
840 Tricord Systems, Inc. Mark Dillon mdillon@tricord.mn.org
841 Proxim Inc. Russ Reynolds proxim@netcom.com
842 Applications Plus, Inc. Joel Estes joele@hp827.applus.com
843 Pacific Bell Aijaz Asif saasif@srv.PacBell.COM
844 Supernet Sharon Barkai sharon@supernet.com
845 TPS-Teleprocessing Systems Manfred Gorr gorr@tpscad.tps.de
846 Technology Solutions Company Niraj Katwala niraj@netcom.com
847 Computer Site Technologies Tim Hayes (805) 967-3494
848 NetPort Software John Bartas jbartas@sunlight.com
849 Alon Systems Menachem Szus 70571.1350@compuserve.com
850 Tripp Lite Lawren Markle 72170.460@compuserve.com
851 NetComm Limited
Paul Ripamonti paulri@msmail.netcomm.pronet.com
852 Precision Systems, Inc. (PSI)
Fred Griffin cheryl@empiretech.com
853 Objective Systems Integrators Ed Reeder Ed.Reeder@osi.com
854 Simpact Associates Inc.
Robert Patterson bpatterson@dcs.simpact.com
855 Systems Enhancement Corporation
Steve Held 71165.2156@compuserve.com
856 Information Integration, Inc. Gina Sun iiii@netcom.com
857 CETREL S.C. Louis Reinard ssc-re@cetrel.lu
858 ViaTech Development
Theodore J. Collins III ted.collins@vtdev.mn.org
859 Olivetti North America Tom Purcell tomp@mail.spk.olivetti.com
860 WILMA Nikolaus Schaller hns@ldv.e-technik.tu-muenchen.de
861 ILX Systems Inc. Peter Mezey peterm@ilx.com
862 Total Peripherals Inc. Mark Ustik (508) 393-1777
863 SunNetworks Consultant John Brady jbrady@fedeast.east.sun.com
864 Arkhon Technologies, Inc. Joe Wang rkhon@nic.cerf.net
865 Computer Sciences Corporation
George M. Dands dands@sed.csc.com
866 Philips.TRT Thibault Muchery +33 14128 7000
867 Katron Technologies Inc. Robert Kao +88 627 991 064
868 Transition Engineering Inc.
Hemant Trivedi hemant@transition.com

869 Altos Engineering Applications, Inc.
Wes Weber or Dave Erhart altoseng@netcom.com
870 Nicecom Ltd. Arik Ramon arik@nicecom.nice.com
871 Fiskars/Deltec Carl Smith (619) 291-2973
872 AVM GmbH Andreas Stockmeier stocki@avm-berlin.de
873 Comm Vision Richard Havens (408) 923 0301 x22
874 Institute for Information Industry
Peter Pan peterpan@pdd.iii.org.tw
875 Legent Corporation Gary Strohm gstrohm@legent.com
876 Network Automation Doug Jackson +64 6 285 1711
877 NetTech Marshall Sprague marshall@nettech.com
878 Coman Data Communications Ltd.
Zvi Sasson coman@nms.cc.huji.ac.il
879 Skattedirektoratet Karl Olav Wroldsen +47 2207 7162
880 Client-Server Technologies Timo Metsaportti timo@itf.fi
881 Societe Internationale de Telecommunications Aeronautiques
Chuck Noren chuck.noren@es.atl.sita.int
882 Maximum Strategy Inc. Paul Stolle pstolle@maxstrat.com
883 Integrated Systems, Inc. Michael Zheng mz@isi.com
884 E-Systems, Melpar Rick Silton rsilton@melpar.esys.com
885 Reliance Comm/Tec Mark Scott 73422.1740@compuserve.com
886 Summa Four Inc. Paul Nelson (603) 625-4050
887 J & L Information Systems Rex Jackson (818) 709-1778
888 Forest Computer Inc. Dave Black dave@forest.com
889 Palindrome Corp. Jim Gast jgast@palindro.mhs.compuserve.com
890 ZyXEL Communications Corp. Harry Chou howie@csie.nctu.edu.tw
891 Network Managers (UK) Ltd, Mark D Dooley mark@netmgrs.co.uk
892 Sensible Office Systems Inc. Pat Townsend (712) 276-0034
893 Informix Software Anthony Daniel anthony@informix.com
894 Dynatek Communications Howard Linton (703) 490-7205
895 Versalynx Corp. Dave Fisler (619) 536-8023
896 Potomac Scheduling Communications Company
David Labovitz del@access.digex.net
897 Sybase Inc. Dave Meldrum meldrum@sybase.com
898 DiviCom Inc. Eyal Opher eyal@divi.com
899 Datus elektronische Informationssysteme GmbH
Hubert Mertens marcus@datus.uucp
900 Matrox Electronic Systems Limited
Marc-Andre Joyal marc-andre.joyal@matrox.com
901 Digital Products, Inc. Ross Dreyer rdreyer@digprod.com
902 Scitex Corp. Ltd. Yoav Chalfon yoav_h@ird.scitex.com
903 RAD Vision Oleg Pogorelik radvis@vax.trendline.co.il
904 Tran Network Systems Paul Winkeler paulw@revco.com
905 Scorpion Logic Sean Harding +09 2324 5672
906 Inotech Inc. Eric Jacobs (703) 641-0469
907 Controlled Power Co. Yu Chin 76500,3160@compuserve.com
908 Elsag Bailey Incorporate Derek McKearney mckearney@bailey.com
909 J.P. Morgan Chung Szeto szeto_chung@jpmorgan.com

910 Clear Communications Corp. Kurt Hall khall@clear.com
911 General Technology Inc. Perry Rockwell (407) 242-2733
912 Adax Inc. Jory Gessow jory@adax.com
913 Mtel Technologies, Inc. Jon Robinson 552-3355@mcimail.com
914 Underscore, Inc. Jeff Schnitzer jds@underscore.com
915 SerComm Corp. Ben Lin +8 862-577-5400
916 Baxter Healthcare Corporation
Joseph Sturonas sturonaj@mpg.mcgawpark.baxter.com
917 Tellus Technology Ron Cimorelli (510) 498-8500
918 Continuous Electron Beam Accelerator Facility
Paul Banta banta@cebaf.gov
919 Canoga Perkins Margret Siska (818) 718-6300
920 R.I.S Technologies Fabrice Lacroix +33 7884 6400
921 INFONEX Corp. Kazuhiro Watanabe kazu@infonex.co.jp
922 WordPerfect Corp. Douglas Eddy eddy@wordperfect.com
923 NRaD Russ Carleton roccor@netcom.com
924 Hong Kong Telecommunications Ltd. K. S. Luk +8 52 883 3183
925 Signature Systems Doug Goodall goodall@crl.com
926 Alpha Technologies LTD. Guy Pothiboon (604) 430-8908
927 PairGain Technologies, Inc. Ken Huang kenh@pairgain.com
928 Sonic Systems Sudhakar Ravi sudhakar@sonicsys.com
929 Steinbrecher Corp. Kary Robertson krobertson@delphi.com
930 Centillion Networks, Inc. Derek Pitcher derek@lanspd.com
931 Network Communication Corp.
Tracy Clark ncc!central!tracyc@netcomm.attmail.com
932 Sysnet A.S. Carstein Seeberg case@sysnet.no
933 Telecommunication Systems Lab Gerald Maguire maguire@it.kth.se
934 QMI Scott Brickner (410) 573-0013
935 Phoenixtec Power Co., LTD. An-Hsiang Tu +8 862 646 3311
936 Hirakawa Hewtech Corp. H. Ukaji lde02513@niftyserve.or.jp
937 No Wires Needed B.V. Arnoud Zwemmer roana@cs.utwente.nl
938 Primary Access Kerstin Lodman lodman@priacc.com
939 Enterprises.FDSW Dag Framstad dag.framstad@fdsw.no
940 Grabner & Kapfer GnbR Vinzenz Grabner zen@wsr.ac.att
941 Nemesys Research Ltd. Michael Dixon mjd@nemesys.co.uk
942 Pacific Communication Sciences, Inc. (PSCI)
Yvonne Kammer mib-contact@pcsi.com
943 Level One Communications, Inc.
Moshe Kochinski moshek@level1.com
944 Fast Track, Inc. Andrew H. Dimmick adimmick@world.std.com
945 Andersen Consulting, OM/NI Practice
Greg Tilford p00919@psilink.com
946 Bay Technologies Pty Ltd. Paul Simpson pauls@baytech.com.au
947 Integrated Network Corp. Daniel Joffe wandan@integnet.com
948 Epoch, Inc. David Haskell deh@epoch.com
949 Wang Laboratories Inc. Pete Reilley pvr@wiis.wang.com
950 Polaroid Corp. Sari Germanos sari@temerity.polaroid.com
951 Sunrise Sierra Gerald Olson (510) 443-1133

952 Silcon Group Bjarne Bonvang +45 75 54 22 55
953 Coastcom Donald Pickerel dpickere@netcom.com
954 4th DIMENSION SOFTWARE LTD.
Thomas Segev/Ely Hofner autumn@zeus.datasrv.co.il
955 SEIKO SYSTEMS Inc. Kiyoshi Ishida ishi@ssi.co.jp
956 PERFORM Jean-Hugues Robert +33 42 27 29 32
957 TV/COM International Jean Tellier (619) 675-1376
958 Network Integration, Inc.
Scott C. Lemon slemon@nii.mhs.compuserve.com
959 Sola Electric, A Unit of General Signal
Bruce Rhodes 72360,2436@compuserve.com
960 Gradient Technologies, Inc. Geoff Charron geoff@gradient.com
961 Tokyo Electric Co., Ltd. A. Akiyama +81 558 76 9606
962 Codonics, Inc. Joe Kulig jjk@codonics.com
963 Delft Technical University Mark Schenk m.schenk@ced.tudelft.nl
964 Carrier Access Corp. Roger Koenig tomquick@carrier.com
965 eoncorp Barb Wilson wilsonb@eon.com
966 Naval Undersea Warfare Center
Mark Lovelace lovelace@mp34.nl.nuwc.navy.mil
967 AWA Limited Mike Williams +61 28 87 71 11
968 Distinct Corp. Tarcisio Pedrotti tarci@distinct.com
969 National Technical University of Athens
Theodoros Karounos karounos@phgasos.ntua.gr
970 BGS Systems, Inc. Amr Hafez amr@bgs.com
971 McCaw Wireless Data Inc. Brian Bailey bbailey@airdata.com
972 Bekaert Koen De Vleeschauwer kdv@bekaert.com
973 Epic Data Inc. Vincent Lim vincent_lim@epic.wimsey.com
974 Prodigy Services Co. Ed Ravin elr@wp.prodigy.com
975 First Pacific Networks (FPN) Randy Hamilton randy@fpn.com
976 Xylink Ltd. Bahman Rafatjoo 100117.665@compuserve.com
977 Relia Technologies Corp. Fred Chen fredc@relia1.relia.com.tw
978 Legacy Storage Systems Inc.
James Hayes james@lss-chq.mhs.compuserve.com
979 Digicom, SPA Claudio Biotti +39 3312 0 0122
980 Ark Telecom Alan DeMars alan@arktel.com
981 National Security Agency (NSA)
Cynthia Stewart maedeen@romulus.ncsc.mil
982 Southwestern Bell Corporation
Brian Bearden bb8840@swuts.sbc.com
983 Virtual Design Group, Inc.
Chip Standifer 70650.3316@compuserve.com
984 Rhone Poulenc Olivier Pignault +33 1348 2 4053
985 Swiss Bank Corporation Neil Todd toddn@gb.swissbank.com
986 ATEA N.V. Walter van Brussel p81710@banyan.atea.be
987 Computer Communications Specialists, Inc.
Carolyn Zimmer cczimmer@crl.com
988 Object Quest, Inc. Michael L. Kornegay mlk@bir.com
989 DCL System International, Ltd. Gady Amit gady-a@dcl-see.co.il

990 SOLITON SYSTEMS K.K. Masayuki Yamai +81 33356 6091
991 U S Software Don Dunstan ussw@netcom.com
992 Systems Research and Applications Corporation
Todd Herr herrt@smtplink.sra.com
993 University of Florida Todd Hester todd@circa.ufl.edu
994 Dantel, Inc. John Litster (209) 292-1111
995 Multi-Tech Systems, Inc. Dale Martenson (612) 785-3500 x519
996 Softlink Ltd. Moshe Leibovitch softlink@zeus.datasrv.co.il
997 ProSum Christian Bucari +33.1.4590.6231
998 March Systems Consultancy, Ltd.
Ross Wakelin r.wakelin@march.co.uk
999 Hong Technology, Inc. Walt Milnor brent@oceania.com
1000 Internet Assigned Numbers Authority iana@isi.edu
1001 PECO Energy Co. Rick Rioboli u002rdr@peco.com
1002 United Parcel Service Steve Pollini nrd1sjp@nrd.ups.com
1003 Storage Dimensions, Inc. Michael Torhan miketorh@xstor.com
1004 ITV Technologies, Inc. Jacob Chen itv@netcom.com
1005 TCPSI Victor San Jose Victor.Sanjose@sp1.y-net.es
1006 Promptus Communications, Inc. Paul Fredette (401) 683-6100
1007 Norman Data Defense Systems
Kristian A. Bognaes norman@norman.no
1008 Pilot Network Services, Inc. Rob Carrade carrade@pilot.net
1009 Integrated Systems Solutions Corporation
Chris Cowan cc@austin.ibm.com
1010 SISRO Kamp Alexandre 100074.344@compuserve.com
1011 NetVantage Kevin Bailey speed@kaiwan.com
1012 Marconi S.p.A. Giuseppe Grasso gg@relay.marconi.it
1013 SURECOM Mike S. T. Hsieh +886.25.92232
1014 Royal Hong Kong Jockey Club
Edmond Lee 100267.3660@compuserve.com
1015 Gupta Howard Cohen hcohen@gupta.com
1016 Tone Software Corporation Neil P. Harkins (714) 991-9460
1017 Opus Telecom Pace Willisson pace@blitz.com
1018 Cogsys Ltd. Niall Teasdale niall@hedgehog.demon.co.uk
1019 Komatsu, Ltd. Akifumi Katsushima +81 463.22.84.30
1020 ROI Systems, Inc Michael Wong (801) 942-1752
1021 Lightning Instrumentation SA Mike O'Dowd odowd@lightning.ch
1022 TimeStep Corp. Stephane Lacelle slacelle@newbridge.com
1023 INTELSAT Ivan Giron i.giron@intelsat.int
1024 Network Research Corporation Japan, Ltd.
Tsukasa Ueda 100156.2712@compuserve.com
1025 Relational Development, Inc. Steven Smith rdi@ins.infonet.net
1026 Emerald Systems, Corp. Robert A. Evans Jr. (619) 673-2161 x5120
1027 Mitel, Corp. Tom Quan tq@software.mitel.com
1028 Software AG Peter Cohen sagpc@sagus.com
1029 MillenNet, Inc. Manh Do (510) 770-9390
1030 NK-EXA Corp. Ken'ichi Hayami hayami@dst.nk-exa.co.jp
1031 BMC Software Chris Sharp csharp@patrol.com

1032 StarFire Enterprises, Inc. Lew Gaiter lg@starfire.com
1033 Hybrid Networks, Inc. Doug Muirhead dougm@hybrid.com
1034 Quantum Software GmbH Thomas Omerzu omerzu@quantum.de
1035 Openvision Technologies Limited
Andrew Lockhart alockhart@openvision.co.uk
1036 Healthcare Communications, Inc. (HCI)
Larry Streepy streepy@healthcare.com
1037 SAIT Systems Hai Dotu +3223.7053.11
1038 SAT Mleczko Alain +33.1.4077.1156
1039 CompuSci Inc., Bob Berry bberry@compusci.com
1040 Aim Technology Ganesh Rajappan ganeshr@aim.com
1041 CIESIN Kalpesh Unadkat kalpesh@ciesin.org
1042 Systems & Technologies International
Howard Smith ghamex@aol.com
1043 Israeli Electric Company (IEC) Yoram Harlev yoram@yor.iec.co.il
1044 Phoenix Wireless Group, Inc.
Gregory M. Buchanan buchanan@pwgi.com
1045 SWL Bill Kight wkightgrci.com (410) 290.7245
1046 nCUBE Greg Thompson gregt@ncube.com
1047 Cerner, Corp. Dennis Avondet (816) 221.1024 X2432
1048 Andersen Consulting Mark Lindberg mlindber@andersen.com
1049 Lincoln Telephone Company Bob Morrill root@si6000.ltec.com
1050 Acer Jay Tao jtao@Altos.COM
1051 Cedros Juergen Haakert +49.2241.9701.80
1052 AirAccess Ido Ophir 100274.365@compuserve.com
1053 Expersoft Corporation David Curtis curtis@expersoft.com
1054 Eskom Sanjay Lakhani h00161@duvi.eskom.co.za
1055 SBE, Inc. Vimal Vaidya vimal@sbei.com
1056 EBS, Inc. Emre Gundogan baroque@ebs.com
1057 American Computer and Electronics, Corp.
Tom Abraham tha@acec.com
1058 Syndesis Limited Wil Macaulay wil@syndesis.com
1059 Isis Distributed Systems, Inc. Ken Chapman kchapman@isis.com
1060 Priority Call Management Greg Schumacher gregs@world.std.com
1061 Koelsch & Altmann GmbH
Christian Schreyer 100142.154@compuserve.com
1062 WIPRO INFOTECH LTD. Chandrashekar Kapse kapse@wipinfo.soft.net
1063 Controlware Uli Blatz ublatz@cware.de
1064 Mosaic Software W.van Biljon willem@mosaic.co.za
1065 Canon Information Systems
Victor Villalpando vvillalp@cisoc.canon.com
1066 AmericaOnline Andrew R. Scholnick andrew@aol.net
1067 Whitetree Network Technologies, Inc.
Carl Yang cyang@whitetree.com
1068 Xetron Corp. Dave Alverson davea@xetron.com
1069 Target Concepts, Inc. Bill Price bprice@tamu.edu
1070 DMH Software Yigal Hochberg 72144.3704@compuserve.com
1071 Innosoft International, Inc. Jeff Allison jeff@innosoft.com

1072 Controlware GmbH Uli Blatz ublatz@cware.de
1073 Telecommunications Industry Association (TIA)
Mike Youngberg mikey@synacom.com
1074 Boole & Babbage Rami Rubin rami@boole.com
1075 System Engineering Support, Ltd. Vince Taylor +44 454.614.638
1076 SURFnet Ton Verschuren Ton.Verschuren@surfnet.nl
1077 OpenConnect Systems, Inc. Mark Rensmeyer mrensme@oc.com
1078 PDTS (Process Data Technology and Systems)
Martin Gutenbrunner GUT@pdts.mhs.compuserve.com
1079 Cornet, Inc. Nat Kumar (703) 658-3400
1080 NetStar, Inc. John K. Renwick jkr@netstar.com
1081 Semaphore Communications, Corp. Jimmy Soetarman (408) 980-7766
1082 Casio Computer Co., Ltd. Shouzo Ohdate ohdate@casio.co.jp
1083 CSIR Frikkie Strecker fstreck@marge.mikom.csir.co.za
1084 APOGEE Communications Olivier Caleff caleff@apogee-com.fr
1085 Information Management Company Michael D. Liss mliss@imc.com
1086 Wordlink, Inc. Mike Aleckson (314) 878-1422
1087 PEER Avinash S. Rao arao@cranel.com
1088 Telstra Corp. Michael Scollay michaels@ind.tansu.com.au
1089 Net X, Inc. Sridhar Kodela techsupp@netx.unicomp.net
1090 PNC PLC Gordon Tees +44 716.061.200

To request an assignment of an Enterprise Number send the complete
company name, address, and phone number; and the contact's person
complete name, address, phone number, and email mailbox in an email
message to <iana-mib@isi.edu>.

[]

URL = ftp://ftp.isi.edu/in-notes/iana/assignments/enterprise-numbers

SGMP Vendor Specific Codes: [obsolete]

Prefix: 1,255,

Decimal Name References
------- ---- ----------
0 Reserved [JKR1]
1 Proteon [JS18]
2 IBM [JXR]
3 CMU [SXW]
4 Unix [MS9]
5 ACC [AB20]
6 TWG [MTR]
7 CAYMAN [BXM2]
8 NYSERNET [MS9]
9 cisco [GS2]
10 BBN [RH6]
11 Unassigned [JKR1]
12 MIT [JR35]
13-254 Unassigned [JKR1]
255 Reserved [JKR1]

[]

URL = ftp://ftp.isi.edu/in-notes/iana/assignments/sgmp-vendor-specific-
codes

ADDRESS RESOLUTION PROTOCOL PARAMETERS

The Address Resolution Protocol (ARP) specified in [RFC826] has
several parameters. The assigned values for these parameters are
listed here.

REVERSE ADDRESS RESOLUTION PROTOCOL OPERATION CODES

The Reverse Address Resolution Protocol (RARP) specified in [RFC903]
uses the "Reverse" codes below.

DYNAMIC REVERSE ARP

The Dynamic Reverse Address Resolution Protocol (DRARP) uses the
"DRARP" codes below. For further information, contact: David Brownell
(suneast!helium!db@Sun.COM).

INVERSE ADDRESS RESOULUTION PROTOCOL

The Inverse Address Resolution Protocol (IARP) specified in [RFC1293]
uses the "InARP" codes below.

Assignments:

Number Operation Code (op) Reference
------ -------------------------- ---------
1 REQUEST [RFC826]
2 REPLY [RFC826]
3 request Reverse [RFC903]
4 reply Reverse [RFC903]
5 DRARP-Request [David Brownell]
6 DRARP-Reply [David Brownell]
7 DRARP-Error [David Brownell]
8 InARP-Request [RFC1293]
9 InARP-Reply [RFC1293]
10 ARP-NAK [Mark Laubach]

Number Hardware Type (hrd) References
------ ----------------------------------- ----------
1 Ethernet (10Mb) [JBP]
2 Experimental Ethernet (3Mb) [JBP]
3 Amateur Radio AX.25 [PXK]
4 Proteon ProNET Token Ring [JBP]
5 Chaos [GXP]
6 IEEE 802 Networks [JBP]
7 ARCNET [JBP]
8 Hyperchannel [JBP]
9 Lanstar [TU]

10 Autonet Short Address [MXB1]
11 LocalTalk [JKR1]
12 LocalNet (IBM PCNet or SYTEK LocalNET) [JXM]
13 Ultra link [RXD2]
14 SMDS [GXC1]
15 Frame Relay [AGM]
16 Asynchronous Transmission Mode (ATM) [JXB2]
17 HDLC [JBP]
18 Fibre Channel [Yakov Rekhter]
19 Asynchronous Transmission Mode (ATM) [Mark Laubach]
20 Serial Line [JBP]
21 Asynchronous Transmission Mode (ATM) [MXB1]

Protocol Type (pro)

Use the same codes as listed in the section called "Ethernet Numbers
of Interest" (all hardware types use this code set for the protocol
type).

REFERENCES

[RFC826] Plummer, D., "An Ethernet Address Resolution Protocol or
Converting Network Protocol Addresses to 48-bit Ethernet
Addresses for Transmission on Ethernet Hardware", STD 37, RFC
826, MIT-LCS, November 1982.

[RFC903] Finlayson, R., Mann, T., Mogul, J., and M. Theimer, "A
Reverse Address Resolution Protocol", STD 38, RFC 903,
Stanford University, June 1984.

[RFC1293] Bradley, T., and C. Brown, "Inverse Address Resolution
Protocol", RFC 1293, Wellfleet Communications, Inc.,
January 1992.

PEOPLE

[AGM] Andy Malis <malis_a@timeplex.com>

[GXC1] George Clapp <meritec!clapp@bellcore.bellcore.com>

[GXP] Gill Pratt <gill%mit-ccc@MC.LCS.MIT.EDU>

[JBP] Jon Postel <postel@isi.edu>

[JKR1] Joyce K. Reynolds <jkrey@isi.edu>

[JXM] Joseph Murdock <---none--->

[MXB1] Mike Burrows <burrows@SRC.DEC.COM>

[PXK] Philip Koch <Philip.Koch@DARTMOUTH.EDU>

[RXD2] Rajiv Dhingra <rajiv@ULTRA.COM>

[TU] Tom Unger <tom@CITI.UMICH>

[David Brownell]

[Mark Laubach]

[Yakov Rekhter] <Yakov@IBM.COM>

[]

URL = ftp://ftp.isi.edu/in-notes/iana/assignments/arp-parameters

IEEE 802 NUMBERS OF INTEREST

Some of the networks of all classes are IEEE 802 Networks. These
systems may use a Link Service Access Point (LSAP) field in much the
same way the MILNET uses the "link" field. Further, there is an
extension of the LSAP header called the Sub-Network Access Protocol
(SNAP).

The IEEE likes to describe numbers in binary in bit transmission
order, which is the opposite of the big-endian order used throughout
the Internet protocol documentation.

Assignments:

Link Service Access Point Description References
------------------------- ----------- ----------
IEEE Internet
binary binary decimal
00000000 00000000 0 Null LSAP [IEEE]
01000000 00000010 2 Indiv LLC Sublayer Mgt [IEEE]
11000000 00000011 3 Group LLC Sublayer Mgt [IEEE]
00100000 00000100 4 SNA Path Control [IEEE]
01100000 00000110 6 Reserved (DOD IP) [RFC768,JBP]
01110000 00001110 14 PROWAY-LAN [IEEE]
01110010 01001110 78 EIA-RS 511 [IEEE]
01111010 01011110 94 ISI IP [JBP]
01110001 10001110 142 PROWAY-LAN [IEEE]
01010101 10101010 170 SNAP [IEEE]
01111111 11111110 254 ISO CLNS IS 8473 [RFC926,JXJ]
11111111 11111111 255 Global DSAP [IEEE]

These numbers (and others) are assigned by the IEEE Standards Office.
The address is:

IEEE Registration Authority
c/o Iris Ringel
IEEE Standards Dept
445 Hoes Lane, P.O. Box 1331
Piscataway, NJ 08855-1331
Phone +1 908 562 3813
Fax: +1 908 562 1571

The fee is $1000 and it takes 10 working days after receipt of the
request form and fee. They will not do anything via fax or phone.

At an ad hoc special session on "IEEE 802 Networks and ARP", held
during the TCP Vendors Workshop (August 1986), an approach to a

consistent way to send DoD-IP datagrams and other IP related protocols
(such as the Address Resolution Protocol (ARP)) on 802 networks was
developed, using the SNAP extension (see [RFC1042]).

REFERENCES

[RFC768] Postel, J., "User Datagram Protocol", STD 6, RFC 768,
USC/Information Sciences Institute, August 1980.

[RFC926] International Standards Organization, "Protocol for Providing
the Connectionless-Mode Network Services", RFC 926, ISO,
December 1984.

[RFC1042] Postel, J., and J. Reynolds, "A Standard for the
Transmission of IP Datagrams over IEEE 802 Networks", STD
43, RFC 1042, USC/Information Sciences Institute, February
1988.

PEOPLE

[JBP] Jon Postel <postel@isi.edu>

[JXJ] <mystery contact>

[]

URL = ftp://ftp.isi.edu/in-notes/iana/assignments/ieee-802-numbers

ETHER TYPES

Many of the networks of all classes are Ethernets (10Mb) or
Experimental Ethernets (3Mb). These systems use a message "type"
field in much the same way the ARPANET uses the "link" field.

If you need an Ether Type, contact:

Xerox Systems Institute
3400 Hillview Ave.
PO BOX 10034
Palo Alto, CA 94303

Phone: 415-813-7164
Contact: Fonda Lix Pallone

The following list of EtherTypes is contributed unverified information
from various sources.

Assignments:

Ethernet Exp. Ethernet Description References
------------- ------------- ----------- ----------
decimal Hex decimal octal
000 0000-05DC - - IEEE802.3 Length Field [XEROX]
257 0101-01FF - - Experimental [XEROX]
512 0200 512 1000 XEROX PUP (see 0A00) [8,XEROX]
513 0201 - - PUP Addr Trans (see 0A01)[XEROX]
0400 Nixdorf [XEROX]
1536 0600 1536 3000 XEROX NS IDP [133,XEROX]
0660 DLOG [XEROX]
0661 DLOG [XEROX]
2048 0800 513 1001 Internet IP (IPv4) [105,JBP]
2049 0801 - - X.75 Internet [XEROX]
2050 0802 - - NBS Internet [XEROX]
2051 0803 - - ECMA Internet [XEROX]
2052 0804 - - Chaosnet [XEROX]
2053 0805 - - X.25 Level 3 [XEROX]
2054 0806 - - ARP [88,JBP]
2055 0807 - - XNS Compatability [XEROX]
2076 081C - - Symbolics Private [DCP1]
2184 0888-088A - - Xyplex [XEROX]
2304 0900 - - Ungermann-Bass net debugr[XEROX]
2560 0A00 - - Xerox IEEE802.3 PUP [XEROX]
2561 0A01 - - PUP Addr Trans [XEROX]
2989 0BAD - - Banyan Systems [XEROX]
4096 1000 - - Berkeley Trailer nego [XEROX]
4097 1001-100F - - Berkeley Trailer encap/IP[XEROX]

5632 1600 - - Valid Systems [XEROX]
16962 4242 - - PCS Basic Block Protocol [XEROX]
21000 5208 - - BBN Simnet [XEROX]
24576 6000 - - DEC Unassigned (Exp.) [XEROX]
24577 6001 - - DEC MOP Dump/Load [XEROX]
24578 6002 - - DEC MOP Remote Console [XEROX]
24579 6003 - - DEC DECNET Phase IV Route[XEROX]
24580 6004 - - DEC LAT [XEROX]
24581 6005 - - DEC Diagnostic Protocol [XEROX]
24582 6006 - - DEC Customer Protocol [XEROX]
24583 6007 - - DEC LAVC, SCA [XEROX]
24584 6008-6009 - - DEC Unassigned [XEROX]
24586 6010-6014 - - 3Com Corporation [XEROX]
28672 7000 - - Ungermann-Bass download [XEROX]
28674 7002 - - Ungermann-Bass dia/loop [XEROX]
28704 7020-7029 - - LRT [XEROX]
28720 7030 - - Proteon [XEROX]
28724 7034 - - Cabletron [XEROX]
32771 8003 - - Cronus VLN [131,DT15]
32772 8004 - - Cronus Direct [131,DT15]
32773 8005 - - HP Probe [XEROX]
32774 8006 - - Nestar [XEROX]
32776 8008 - - AT&T [XEROX]
32784 8010 - - Excelan [XEROX]
32787 8013 - - SGI diagnostics [AXC]
32788 8014 - - SGI network games [AXC]
32789 8015 - - SGI reserved [AXC]
32790 8016 - - SGI bounce server [AXC]
32793 8019 - - Apollo Computers [XEROX]
32815 802E - - Tymshare [XEROX]
32816 802F - - Tigan, Inc. [XEROX]
32821 8035 - - Reverse ARP [48,JXM]
32822 8036 - - Aeonic Systems [XEROX]
32824 8038 - - DEC LANBridge [XEROX]
32825 8039-803C - - DEC Unassigned [XEROX]
32829 803D - - DEC Ethernet Encryption [XEROX]
32830 803E - - DEC Unassigned [XEROX]
32831 803F - - DEC LAN Traffic Monitor [XEROX]
32832 8040-8042 - - DEC Unassigned [XEROX]
32836 8044 - - Planning Research Corp. [XEROX]
32838 8046 - - AT&T [XEROX]
32839 8047 - - AT&T [XEROX]
32841 8049 - - ExperData [XEROX]
32859 805B - - Stanford V Kernel exp. [XEROX]
32860 805C - - Stanford V Kernel prod. [XEROX]
32861 805D - - Evans & Sutherland [XEROX]
32864 8060 - - Little Machines [XEROX]
32866 8062 - - Counterpoint Computers [XEROX]

32869 8065 - - Univ. of Mass. @ Amherst [XEROX]
32870 8066 - - Univ. of Mass. @ Amherst [XEROX]
32871 8067 - - Veeco Integrated Auto. [XEROX]
32872 8068 - - General Dynamics [XEROX]
32873 8069 - - AT&T [XEROX]
32874 806A - - Autophon [XEROX]
32876 806C - - ComDesign [XEROX]
32877 806D - - Computgraphic Corp. [XEROX]
32878 806E-8077 - - Landmark Graphics Corp. [XEROX]
32890 807A - - Matra [XEROX]
32891 807B - - Dansk Data Elektronik [XEROX]
32892 807C - - Merit Internodal [HWB]
32893 807D-807F - - Vitalink Communications [XEROX]
32896 8080 - - Vitalink TransLAN III [XEROX]
32897 8081-8083 - - Counterpoint Computers [XEROX]
32923 809B - - Appletalk [XEROX]
32924 809C-809E - - Datability [XEROX]
32927 809F - - Spider Systems Ltd. [XEROX]
32931 80A3 - - Nixdorf Computers [XEROX]
32932 80A4-80B3 - - Siemens Gammasonics Inc. [XEROX]
32960 80C0-80C3 - - DCA Data Exchange Cluster[XEROX]
80C4 Banyan Systems [XEROX]
80C5 Banyan Systems [XEROX]
32966 80C6 - - Pacer Software [XEROX]
32967 80C7 - - Applitek Corporation [XEROX]
32968 80C8-80CC - - Intergraph Corporation [XEROX]
32973 80CD-80CE - - Harris Corporation [XEROX]
32975 80CF-80D2 - - Taylor Instrument [XEROX]
32979 80D3-80D4 - - Rosemount Corporation [XEROX]
32981 80D5 - - IBM SNA Service on Ether [XEROX]
32989 80DD - - Varian Associates [XEROX]
32990 80DE-80DF - - Integrated Solutions TRFS[XEROX]
32992 80E0-80E3 - - Allen-Bradley [XEROX]
32996 80E4-80F0 - - Datability [XEROX]
33010 80F2 - - Retix [XEROX]
33011 80F3 - - AppleTalk AARP (Kinetics)[XEROX]
33012 80F4-80F5 - - Kinetics [XEROX]
33015 80F7 - - Apollo Computer [XEROX]
33023 80FF-8103 - - Wellfleet Communications [XEROX]
33031 8107-8109 - - Symbolics Private [XEROX]
33072 8130 - - Hayes Microcomputers [XEROX]
33073 8131 - - VG Laboratory Systems [XEROX]
8132-8136 Bridge Communications [XEROX]
33079 8137-8138 - - Novell, Inc. [XEROX]
33081 8139-813D - - KTI [XEROX]
8148 Logicraft [XEROX]
8149 Network Computing Devices[XEROX]
814A Alpha Micro [XEROX]

33100 814C - - SNMP [JKR1]
814D BIIN [XEROX]
814E BIIN [XEROX]
814F Technically Elite Concept[XEROX]
8150 Rational Corp [XEROX]
8151-8153 Qualcomm [XEROX]
815C-815E Computer Protocol Pty Ltd[XEROX]
8164-8166 Charles River Data System[XEROX]
817D-818C Protocol Engines [XEROX]
818D Motorola Computer [XEROX]
819A-81A3 Qualcomm [XEROX]
81A4 ARAI Bunkichi [XEROX]
81A5-81AE RAD Network Devices [XEROX]
81B7-81B9 Xyplex [XEROX]
81CC-81D5 Apricot Computers [XEROX]
81D6-81DD Artisoft [XEROX]
81E6-81EF Polygon [XEROX]
81F0-81F2 Comsat Labs [XEROX]
81F3-81F5 SAIC [XEROX]
81F6-81F8 VG Analytical [XEROX]
8203-8205 Quantum Software [XEROX]
8221-8222 Ascom Banking Systems [XEROX]
823E-8240 Advanced Encryption Syste[XEROX]
827F-8282 Athena Programming [XEROX]
8263-826A Charles River Data System[XEROX]
829A-829B Inst Ind Info Tech [XEROX]
829C-82AB Taurus Controls [XEROX]
82AC-8693 Walker Richer & Quinn [XEROX]
8694-869D Idea Courier [XEROX]
869E-86A1 Computer Network Tech [XEROX]
86A3-86AC Gateway Communications [XEROX]
86DB SECTRA [XEROX]
86DE Delta Controls [XEROX]
34543 86DF - - ATOMIC [JBP]
86E0-86EF Landis & Gyr Powers [XEROX]
8700-8710 Motorola [XEROX]
8A96-8A97 Invisible Software [XEROX]
36864 9000 - - Loopback [XEROX]
36865 9001 - - 3Com(Bridge) XNS Sys Mgmt[XEROX]
36866 9002 - - 3Com(Bridge) TCP-IP Sys [XEROX]
36867 9003 - - 3Com(Bridge) loop detect [XEROX]
65280 FF00 - - BBN VITAL-LanBridge cache[XEROX]
FF00-FF0F ISC Bunker Ramo [XEROX]

The standard for transmission of IP datagrams over Ethernets and
Experimental Ethernets is specified in [RFC894] and [RFC895]
respectively.

NOTE: Ethernet 48-bit address blocks are assigned by the IEEE.

IEEE Registration Authority
c/o Iris Ringel
IEEE Standards Department
445 Hoes Lane, P.O. Box 1331
Piscataway, NJ 08855-1331
Phone +1 908 562 3813
Fax: +1 908 562 1571

IANA ETHERNET ADDRESS BLOCK

The IANA owns an Ethernet address block which may be used for
multicast address asignments or other special purposes.

The address block in IEEE binary is: 0000 0000 0000 0000 0111 1010

In the normal Internet dotted decimal notation this is 0.0.94 since
the bytes are transmitted higher order first and bits within bytes are
transmitted lower order first (see "Data Notation" in the
Introduction).

IEEE CSMA/CD and Token Bus bit transmission order: 00 00 5E

IEEE Token Ring bit transmission order: 00 00 7A

Appearance on the wire (bits transmitted from left to right):

0 23 47
| | |
1000 0000 0000 0000 0111 1010 xxxx xxx0 xxxx xxxx xxxx xxxx
| |
Multicast Bit 0 = Internet Multicast
1 = Assigned by IANA for
other uses

Appearance in memory (bits transmitted right-to-left within octets,
octets transmitted left-to-right):

0 23 47
| | |
0000 0001 0000 0000 0101 1110 0xxx xxxx xxxx xxxx xxxx xxxx
| |
Multicast Bit 0 = Internet Multicast

1 = Assigned by IANA for other uses

The latter representation corresponds to the Internet standard
bit-order, and is the format that most programmers have to deal with.
Using this representation, the range of Internet Multicast addresses
is:

01-00-5E-00-00-00 to 01-00-5E-7F-FF-FF in hex, or

1.0.94.0.0.0 to 1.0.94.127.255.255 in dotted decimal

ETHERNET VENDOR ADDRESS COMPONENTS

Ethernet hardware addresses are 48 bits, expressed as 12 hexadecimal
digits (0-9, plus A-F, capitalized). These 12 hex digits consist of
the first/left 6 digits (which should match the vendor of the Ethernet
interface within the station) and the last/right 6 digits which
specify the interface serial number for that interface vendor.

Ethernet addresses might be written unhyphenated (e.g., 123456789ABC),
or with one hyphen (e.g., 123456-789ABC), but should be written
hyphenated by octets (e.g., 12-34-56-78-9A-BC).

These addresses are physical station addresses, not multicast nor
broadcast, so the second hex digit (reading from the left) will be
even, not odd.

At present, it is not clear how the IEEE assigns Ethernet block
addresses. Whether in blocks of 2**24 or 2**25, and whether
multicasts are assigned with that block or separately. A portion of
the vendor block address is reportedly assigned serially, with the
other portion intentionally assigned randomly. If there is a global
algorithm for which addresses are designated to be physical (in a
chipset) versus logical (assigned in software), or globally-assigned
versus locally-assigned addresses, some of the known addresses do not
follow the scheme (e.g., AA0003; 02xxxx).

00000C Cisco
00000E Fujitsu
00000F NeXT
000010 Sytek
00001D Cabletron
000020 DIAB (Data Intdustrier AB)
000022 Visual Technology
00002A TRW

000032 GPT Limited (reassigned from GEC Computers Ltd)
00005A S & Koch
00005E IANA
000065 Network General
00006B MIPS
000077 MIPS
00007A Ardent
000089 Cayman Systems Gatorbox
000093 Proteon
00009F Ameristar Technology
0000A2 Wellfleet
0000A3 Network Application Technology
0000A6 Network General (internal assignment, not for products)
0000A7 NCD X-terminals
0000A9 Network Systems
0000AA Xerox Xerox machines
0000B3 CIMLinc
0000B7 Dove Fastnet
0000BC Allen-Bradley
0000C0 Western Digital
0000C5 Farallon phone net card
0000C6 HP Intelligent Networks Operation (formerly Eon Systems)
0000C8 Altos
0000C9 Emulex Terminal Servers
0000D7 Dartmouth College (NED Router)
0000D8 3Com? Novell? PS/2
0000DD Gould
0000DE Unigraph
0000E2 Acer Counterpoint
0000EF Alantec
0000FD High Level Hardvare (Orion, UK)
000102 BBN BBN internal usage (not registered)
0020AF 3COM ???
001700 Kabel
008064 Wyse Technology / Link Technologies
00802B IMAC ???
00802D Xylogics, Inc. Annex terminal servers
00808C Frontier Software Development
0080C2 IEEE 802.1 Committee
0080D3 Shiva
00AA00 Intel
00DD00 Ungermann-Bass
00DD01 Ungermann-Bass
020701 Racal InterLan
020406 BBN BBN internal usage (not registered)
026086 Satelcom MegaPac (UK)
02608C 3Com IBM PC; Imagen; Valid; Cisco
02CF1F CMC Masscomp; Silicon Graphics; Prime EXL

080002 3Com (Formerly Bridge)
080003 ACC (Advanced Computer Communications)
080005 Symbolics Symbolics LISP machines
080008 BBN
080009 Hewlett-Packard
08000A Nestar Systems
08000B Unisys
080011 Tektronix, Inc.
080014 Excelan BBN Butterfly, Masscomp, Silicon Graphics
080017 NSC
08001A Data General
08001B Data General
08001E Apollo
080020 Sun Sun machines
080022 NBI
080025 CDC
080026 Norsk Data (Nord)
080027 PCS Computer Systems GmbH
080028 TI Explorer
08002B DEC
08002E Metaphor
08002F Prime Computer Prime 50-Series LHC300
080036 Intergraph CAE stations
080037 Fujitsu-Xerox
080038 Bull
080039 Spider Systems
080041 DCA Digital Comm. Assoc.
080045 ???? (maybe Xylogics, but they claim not to know this number)
080046 Sony
080047 Sequent
080049 Univation
08004C Encore
08004E BICC
080056 Stanford University
080058 ??? DECsystem-20
08005A IBM
080067 Comdesign
080068 Ridge
080069 Silicon Graphics
08006E Concurrent Masscomp
080075 DDE (Danish Data Elektronik A/S)
08007C Vitalink TransLAN III
080080 XIOS
080086 Imagen/QMS
080087 Xyplex terminal servers
080089 Kinetics AppleTalk-Ethernet interface
08008B Pyramid
08008D XyVision XyVision machines

080090 Retix Inc Bridges
484453 HDS ???
800010 AT&T
AA0000 DEC obsolete
AA0001 DEC obsolete
AA0002 DEC obsolete
AA0003 DEC Global physical address for some DEC machines
AA0004 DEC Local logical address for systems running
DECNET

ETHERNET MULTICAST ADDRESSES

An Ethernet multicast address consists of the multicast bit, the
23-bit vendor component, and the 24-bit group identifier assigned by
the vendor. For example, DEC is assigned the vendor component
08-00-2B, so multicast addresses assigned by DEC have the first
24-bits 09-00-2B (since the multicast bit is the low-order bit of the
first byte, which is "the first bit on the wire").

Ethernet Type
Address Field Usage

Multicast Addresses:

01-00-5E-00-00-00- 0800 Internet Multicast [RFC1112]
01-00-5E-7F-FF-FF
01-00-5E-80-00-00- ???? Internet reserved by IANA
01-00-5E-FF-FF-FF
01-80-C2-00-00-00 -802- Spanning tree (for bridges)
09-00-02-04-00-01? 8080? Vitalink printer
09-00-02-04-00-02? 8080? Vitalink management
09-00-09-00-00-01 8005 HP Probe
09-00-09-00-00-01 -802- HP Probe
09-00-09-00-00-04 8005? HP DTC
09-00-1E-00-00-00 8019? Apollo DOMAIN
09-00-2B-00-00-00 6009? DEC MUMPS?
09-00-2B-00-00-01 8039? DEC DSM/DTP?
09-00-2B-00-00-02 803B? DEC VAXELN?
09-00-2B-00-00-03 8038 DEC Lanbridge Traffic Monitor (LTM)
09-00-2B-00-00-04 ???? DEC MAP End System Hello
09-00-2B-00-00-05 ???? DEC MAP Intermediate System Hello
09-00-2B-00-00-06 803D? DEC CSMA/CD Encryption?
09-00-2B-00-00-07 8040? DEC NetBios Emulator?
09-00-2B-00-00-0F 6004 DEC Local Area Transport (LAT)
09-00-2B-00-00-1x ???? DEC Experimental
09-00-2B-01-00-00 8038 DEC LanBridge Copy packets

(All bridges)
09-00-2B-01-00-01 8038 DEC LanBridge Hello packets
(All local bridges)
1 packet per second, sent by the
designated LanBridge
09-00-2B-02-00-00 ???? DEC DNA Lev. 2 Routing Layer routers?
09-00-2B-02-01-00 803C? DEC DNA Naming Service Advertisement?
09-00-2B-02-01-01 803C? DEC DNA Naming Service Solicitation?
09-00-2B-02-01-02 803E? DEC DNA Time Service?
09-00-2B-03-xx-xx ???? DEC default filtering by bridges?
09-00-2B-04-00-00 8041? DEC Local Area Sys. Transport (LAST)?
09-00-2B-23-00-00 803A? DEC Argonaut Console?
09-00-4E-00-00-02? 8137? Novell IPX
09-00-56-00-00-00- ???? Stanford reserved
09-00-56-FE-FF-FF
09-00-56-FF-00-00- 805C Stanford V Kernel, version 6.0
09-00-56-FF-FF-FF
09-00-77-00-00-01 ???? Retix spanning tree bridges
09-00-7C-02-00-05 8080? Vitalink diagnostics
09-00-7C-05-00-01 8080? Vitalink gateway?
0D-1E-15-BA-DD-06 ???? HP
AB-00-00-01-00-00 6001 DEC Maintenance Operation Protocol
(MOP) Dump/Load Assistance
AB-00-00-02-00-00 6002 DEC Maintenance Operation Protocol
(MOP) Remote Console
1 System ID packet every 8-10 minutes,
by every:
DEC LanBridge
DEC DEUNA interface
DEC DELUA interface
DEC DEQNA interface
(in a certain mode)
AB-00-00-03-00-00 6003 DECNET Phase IV end node Hello
packets 1 packet every 15 seconds,
sent by each DECNET host
AB-00-00-04-00-00 6003 DECNET Phase IV Router Hello packets
1 packet every 15 seconds, sent by
the DECNET router
AB-00-00-05-00-00 ???? Reserved DEC through
AB-00-03-FF-FF-FF
AB-00-03-00-00-00 6004 DEC Local Area Transport (LAT) - old
AB-00-04-00-xx-xx ???? Reserved DEC customer private use
AB-00-04-01-xx-yy 6007 DEC Local Area VAX Cluster groups
Sys. Communication Architecture (SCA)
CF-00-00-00-00-00 9000 Ethernet Configuration Test protocol
(Loopback)

Broadcast Address:

FF-FF-FF-FF-FF-FF 0600 XNS packets, Hello or gateway search?
6 packets every 15 seconds, per XNS
station
FF-FF-FF-FF-FF-FF 0800 IP (e.g. RWHOD via UDP) as needed
FF-FF-FF-FF-FF-FF 0804 CHAOS
FF-FF-FF-FF-FF-FF 0806 ARP (for IP and CHAOS) as needed
FF-FF-FF-FF-FF-FF 0BAD Banyan
FF-FF-FF-FF-FF-FF 1600 VALID packets, Hello or gateway
search?
1 packets every 30 seconds, per VALID
station
FF-FF-FF-FF-FF-FF 8035 Reverse ARP
FF-FF-FF-FF-FF-FF 807C Merit Internodal (INP)
FF-FF-FF-FF-FF-FF 809B EtherTalk

REFERENCES

[RFC894] Hornig, C., "A Standard for the Transmission of IP Datagrams
over Ethernet Networks, STD 41, RFC 894, Symbolics,
April 1984.

[RFC895] Postel, J., "A Standard for the Transmission of IP Datagrams
over Experimental Ethernet Networks, STD 42, RFC 895,
USC/Information Sciences Institute, April 1984.

[RFC1112] Deeering, S., "Host Extensions for IP Multicasting",
STD 5, RFC 1112, Stanford University, August 1989.

PEOPLE

[AXC] Andrew Cherenson <arc@SGI.COM>

[DCP1] David Plummer <DCP@SCRC-QUABBIN.ARPA>

[DT15] Daniel Tappan <Tappan@BBN.COM>

[HWB] Hans-Werner Braun <HWB@MCR.UMICH.EDU>

[JBP] Jon Postel <postel@isi.edu>

[JKR1] Joyce K. Reynolds <jkrey@isi.edu>

[JXM] Joseph Murdock <---none--->

[XEROX] Fonda Pallone (415-813-7164)

[]

URL = ftp://ftp.isi.edu/in-notes/iana/assignments/ethernet-numbers

X.25 TYPE NUMBERS

CCITT defines the high order two bits of the first octet of call user
data as follows:

00 - Used for other CCITT recomendations (such as X.29)
01 - Reserved for use by "national" administrative
authorities
10 - Reserved for use by international administrative authoorities
11 - Reserved for arbitrary use between consenting DTEs

Call User Data (hex) Protocol Reference
------------------- -------- ---------

01 PAD [GS2]
C5 Blacker front-end descr dev [AGM]
CC IP [RFC877,AGM]*
CD ISO-IP [AGM]
CF PPP [RFC1598]
DD Network Monitoring [AGM]

*NOTE: ISO SC6/WG2 approved assignment in ISO 9577 (January 1990).

REFERENCES

[RFC877] Korb, J., "A Standard for the Transmission of IP Datagrams
Over Public Data Networks", RFC 877, Purdue University,
September 1983.

[RFC1598] Simpson, W., "PPPin X.25", RFC 1598, Daydreamer, March 1994.

PEOPLE

[AGM] Andy Malis <malis_a@timeplex.com>

[GS2] Greg Satz <satz@CISCO.COM>

[]

URL = ftp://ftp.isi.edu/in-notes/iana/assignments/x25-type-numbers

PUBLIC DATA NETWORK NUMBERS

One of the Internet Class A Networks is the international system of
Public Data Networks. This section lists the mapping between the
Internet Addresses and the Public Data Network Addresses (X.121).

Assignments:

Internet Public Data Net Description References
-------------- ----------------- ----------- ----------
014.000.000.000 Reserved [JBP]
014.000.000.001 3110-317-00035 00 PURDUE-TN [TN]
014.000.000.002 3110-608-00027 00 UWISC-TN [TN]
014.000.000.003 3110-302-00024 00 UDEL-TN [TN]
014.000.000.004 2342-192-00149 23 UCL-VTEST [PK]
014.000.000.005 2342-192-00300 23 UCL-TG [PK]
014.000.000.006 2342-192-00300 25 UK-SATNET [PK]
014.000.000.007 3110-608-00024 00 UWISC-IBM [MS56]
014.000.000.008 3110-213-00045 00 RAND-TN [MO2]
014.000.000.009 2342-192-00300 23 UCL-CS [PK]
014.000.000.010 3110-617-00025 00 BBN-VAN-GW [JD21]
014.000.000.011 2405-015-50300 00 CHALMERS [UXB]
014.000.000.012 3110-713-00165 00 RICE [PAM6]
014.000.000.013 3110-415-00261 00 DECWRL [PAM6]
014.000.000.014 3110-408-00051 00 IBM-SJ [SXA3]
014.000.000.015 2041-117-01000 00 SHAPE [JFW]
014.000.000.016 2628-153-90075 00 DFVLR4-X25 [GB7]
014.000.000.017 3110-213-00032 00 ISI-VAN-GW [JD21]
014.000.000.018 2624-522-80900 52 FGAN-SIEMENS-X25 [GB7]
014.000.000.019 2041-170-10000 00 SHAPE-X25 [JFW]
014.000.000.020 5052-737-20000 50 UQNET [AXH]
014.000.000.021 3020-801-00057 50 DMC-CRC1 [VXT]
014.000.000.022 2624-522-80329 02 FGAN-FGANFFMVAX-X25 [GB7]
014.000.000.023 2624-589-00908 01 ECRC-X25 [PXD]
014.000.000.024 2342-905-24242 83 UK-MOD-RSRE [JXE2]
014.000.000.025 2342-905-24242 82 UK-VAN-RSRE [AXM]
014.000.000.026 2624-522-80329 05 DFVLRSUN-X25 [GB7]
014.000.000.027 2624-457-11015 90 SELETFMSUN-X25 [BXD]
014.000.000.028 3110-408-00146 00 CDC-SVL [RAM57]
014.000.000.029 2222-551-04400 00 SUN-CNUCE [ABB2]
014.000.000.030 2222-551-04500 00 ICNUCEVM-CNUCE [ABB2]
014.000.000.031 2222-551-04600 00 SPARE-CNUCE [ABB2]
014.000.000.032 2222-551-04700 00 ICNUCEVX-CNUCE [ABB2]
014.000.000.033 2222-551-04524 00 CISCO-CNUCE [ABB2]
014.000.000.034 2342-313-00260 90 SPIDER-GW [AD67]

014.000.000.035 2342-313-00260 91 SPIDER-EXP [AD67]
014.000.000.036 2342-225-00101 22 PRAXIS-X25A [TXR]
014.000.000.037 2342-225-00101 23 PRAXIS-X25B [TXR]
014.000.000.038 2403-712-30250 00 DIAB-TABY-GW [FXB]
014.000.000.039 2403-715-30100 00 DIAB-LKP-GW [FXB]
014.000.000.040 2401-881-24038 00 DIAB-TABY1-GW [FXB]
014.000.000.041 2041-170-10060 00 STC [TC27]
014.000.000.042 2222-551-00652 60 CNUCE [TC27]
014.000.000.043 2422-510-05900 00 Tollpost-Globe AS [OXG]
014.000.000.044 2422-670-08900 00 Tollpost-Globe AS [OXG]
014.000.000.045 2422-516-01000 00 Tollpost-Globe AS [OXG]
014.000.000.046 2422-450-00800 00 Tollpost-Globe AS [OXG]
014.000.000.047 2422-610-00200 00 Tollpost-Globe AS [OXG]
014.000.000.048 2422-310-00300 00 Tollpost-Globe AS [OXG]
014.000.000.049 2422-470-08800 00 Tollpost-Globe AS [OXG]
014.000.000.050 2422-210-04600 00 Tollpost-Globe AS [OXG]
014.000.000.051 2422-130-28900 00 Tollpost-Globe AS [OXG]
014.000.000.052 2422-310-27200 00 Tollpost-Globe AS [OXG]
014.000.000.053 2422-250-05800 00 Tollpost-Globe AS [OXG]
014.000.000.054 2422-634-05900 00 Tollpost-Globe AS [OXG]
014.000.000.055 2422-670-08800 00 Tollpost-Globe AS [OXG]
014.000.000.056 2422-430-07400 00 Tollpost-Globe AS [OXG]
014.000.000.057 2422-674-07800 00 Tollpost-Globe AS [OXG]
014.000.000.058 2422-230-16900 00 Tollpost-Globe AS [OXG]
014.000.000.059 2422-518-02900 00 Tollpost-Globe AS [OXG]
014.000.000.060 2422-370-03100 00 Tollpost-Globe AS [OXG]
014.000.000.061 2422-516-03400 00 Tollpost-Globe AS [OXG]
014.000.000.062 2422-616-04400 00 Tollpost-Globe AS [OXG]
014.000.000.063 2422-650-23500 00 Tollpost-Globe AS [OXG]
014.000.000.064 2422-330-02500 00 Tollpost-Globe AS [OXG]
014.000.000.065 2422-350-01900 00 Tollpost-Globe AS [OXG]
014.000.000.066 2422-410-00700 00 Tollpost-Globe AS [OXG]
014.000.000.067 2422-539-06200 00 Tollpost-Globe AS [OXG]
014.000.000.068 2422-630-07200 00 Tollpost-Globe AS [OXG]
014.000.000.069 2422-470-12300 00 Tollpost-Globe AS [OXG]
014.000.000.070 2422-470-13000 00 Tollpost-Globe AS [OXG]
014.000.000.071 2422-170-04600 00 Tollpost-Globe AS [OXG]
014.000.000.072 2422-516-04300 00 Tollpost-Globe AS [OXG]
014.000.000.073 2422-530-00700 00 Tollpost-Globe AS [OXG]
014.000.000.074 2422-650-18800 00 Tollpost-Globe AS [OXG]
014.000.000.075 2422-450-24500 00 Tollpost-Globe AS [OXG]
014.000.000.076 2062-243-15631 00 DPT-BXL-DDC [LZ15]
014.000.000.077 2062-243-15651 00 DPT-BXL-DDC2 [LZ15]
014.000.000.078 3110-312-00431 00 DPT-CHI [LZ15]
014.000.000.079 3110-512-00135 00 DPT-SAT-ENG [LZ15]
014.000.000.080 2080-941-90550 00 DPT-PAR [LZ15]
014.000.000.081 4545-511-30600 00 DPT-PBSC [LZ15]
014.000.000.082 4545-513-30900 00 DPT-HONGKONG [LZ15]

014.000.000.083 4872-203-55000 00 UECI-TAIPEI [LZ15]
014.000.000.084 2624-551-10400 20 DPT-HANOVR [LZ15]
014.000.000.085 2624-569-00401 99 DPT-FNKFRT [LZ15]
014.000.000.086 3110-512-00134 00 DPT-SAT-SUPT [LZ15]
014.000.000.087 4602-3010-0103 20 DU-X25A [JK64]
014.000.000.088 4602-3010-0103 21 FDU-X25B [JK64]
014.000.000.089 2422-150-33700 00 Tollpost-Globe AS [OXG]
014.000.000.090 2422-271-07100 00 Tollpost-Globe AS [OXG]
014.000.000.091 2422-516-00100 00 Tollpost-Globe AS [OXG]
014.000.000.092 2422-650-18800 00 Norsk Informas. [OXG]
014.000.000.093 2422-250-30400 00 Tollpost-Globe AS [OXG]
014.000.000.094 Leissner Data AB [PXF1]
014.000.000.095 Leissner Data AB [PXF1]
014.000.000.096 Leissner Data AB [PXF1]
014.000.000.097 Leissner Data AB [PXF1]
014.000.000.098 Leissner Data AB [PXF1]
014.000.000.099 Leissner Data AB [PXF1]
014.000.000.100 Leissner Data AB [PXF1]
014.000.000.101 Leissner Data AB [PXF1]
014.000.000.102 Leissner Data AB [PXF1]
014.000.000.103 Leissner Data AB [PXF1]
014.000.000.104 Leissner Data AB [PXF1]
014.000.000.105 Leissner Data AB [PXF1]
014.000.000.106 Leissner Data AB [PXF1]
014.000.000.107 Leissner Data AB [PXF1]
014.000.000.108 Leissner Data AB [PXF1]
014.000.000.109 Leissner Data AB [PXF1]
014.000.000.110 Leissner Data AB [PXF1]
014.000.000.111 Leissner Data AB [PXF1]
014.000.000.112 Leissner Data AB [PXF1]
014.000.000.113 Leissner Data AB [PXF1]
014.000.000.114 Leissner Data AB [PXF1]
014.000.000.115 Leissner Data AB [PXF1]
014.000.000.116 Leissner Data AB [PXF1]
014.000.000.117 Leissner Data AB [PXF1]
014.000.000.118 Leissner Data AB [PXF1]
014.000.000.119 Leissner Data AB [PXF1]
014.000.000.120 Leissner Data AB [PXF1]
014.000.000.121 Leissner Data AB [PXF1]
014.000.000.122 Leissner Data AB [PXF1]
014.000.000.123 Leissner Data AB [PXF1]
014.000.000.124 Leissner Data AB [PXF1]
014.000.000.125 Leissner Data AB [PXF1]
014.000.000.126 Leissner Data AB [PXF1]
014.000.000.127 Leissner Data AB [PXF1]
014.000.000.128 Leissner Data AB [PXF1]
014.000.000.129 2422-150-17900 00 Tollpost-Globe AS [OXG]
014.000.000.130 2422-150-42700 00 Tollpost-Globe AS [OXG]

014.000.000.131 2422-190-41900 00 T-G Airfreight AS [OXG]
014.000.000.132 2422-616-16100 00 Tollpost-Globe AS [OXG]
014.000.000.133 2422-150-50700-00 Tollpost-Globe Int. [OXG]
014.000.000.134 2422-190-28100-00 Intersped AS [OXG]

014.000.000.135-014.255.255.254 Unassigned [JBP]
014.255.255.255 Reserved [JBP]

The standard for transmission of IP datagrams over the Public Data
Network is specified in RFC-1356 [69].

REFERENCES

[RFC877] Korb, J., "A Standard for the Transmission of IP Datagrams
Over Public Data Networks", RFC 877, Purdue University,
September 1983.

PEOPLE

[ABB2] A. Blasco Bonito <blasco@ICNUCEVM.CNUCE.CNR.IT>

[AD67] Andy Davis <andy@SPIDER.CO.UK>

[AXH] Arthur Harvey <harvey@gah.enet.dec.com>

[AXM] Alex Martin <---none--->

[BXD] Brian Dockter <---none--->

[FXB] <mystery contact>

[GB7] Gerd Beling <GBELING@ISI.EDU>

[JBP] Jon Postel <postel@isi.edu.

[JD21] Jonathan Dreyer <Dreyer@CCV.BBN.COM>

[JFW] Jon F. Wilkes <Wilkes@CCINT1.RSRE.MOD.UK>

[JK64] mystery contact!

[JXE2] Jeanne Evans <JME%RSRE.MOD.UK@CS.UCL.AC.UK>

[LZ15] Lee Ziegenhals <lcz@sat.datapoint.com>

[MS56] Marvin Solomon <solomon@CS.WISC.EDU>

[MO2] Michael O'Brien <obrien@AEROSPACE.AERO.ORG>

[OXG] Oyvind Gjerstad <ogj%tglobe2.UUCP@nac.no>

[PAM6] Paul McNabb <pam@PURDUE.EDU>

[PK] Peter Kirstein <Kirstein@NSS.CS.UCL.AC.UK>

[PXD] Peter Delchiappo <---none--->

[PXF1] Per Futtrup <---none--->

[RAM57] Rex Mann <---none--->

[SXA3] Sten Andler <---none--->

[TN] Thomas Narten <narten@PURDUE.EDU>

[TC27] Thomas Calderwood <TCALDERW@BBN.COM>

[TXR] Tim Rylance <praxis!tkr@UUNET.UU.NET>

[UXB] <mystery contact>

[VXT] V. Taylor <vktaylor@NCS.DND.CA>

[]

URL = ftp://ftp.isi.edu/in-notes/iana/assignments/public-data-network-
numbers

MILNET LINK NUMBERS

The word "link" here refers to a field in the original MILNET Host/IMP
interface leader. The link was originally defined as an 8-bit field.
Later specifications defined this field as the "message-id" with a
length of 12 bits. The name link now refers to the high order 8 bits of
this 12-bit message-id field. The Host/IMP interface is defined in BBN
Report 1822 [BBN1822].

The low-order 4 bits of the message-id field are called the sub-link.
Unless explicitly specified otherwise for a particular protocol, there
is no sender to receiver significance to the sub-link. The sender may
use the sub-link in any way he chooses (it is returned in the RFNM by
the destination IMP), the receiver should ignore the sub-link.

Link Assignments:

Decimal Description References
------- ----------- ----------
0-63 BBNCC Monitoring [MB]
64-149 Unassigned [JBP]
150 Xerox NS IDP [ETHERNET,XEROX]
151 Unassigned [JBP]
152 PARC Universal Protocol [PUP,XEROX]
153 TIP Status Reporting [JGH]
154 TIP Accounting [JGH]
155 Internet Protocol [regular] [RFC791,JBP]
156-158 Internet Protocol [experimental] [RFC791,JBP]
159 Figleaf Link [JBW1]
160 Blacker Local Network Protocol [DM28]
161-194 Unassigned [JBP]
195 ISO-IP [RFC926,RXM]
196-247 Experimental Protocols [JBP]
248-255 Network Maintenance [JGH]

MILNET LOGICAL ADDRESSES

The MILNET facility for "logical addressing" is described in [RFC878]
and [RFC1005]. A portion of the possible logical addresses are
reserved for standard uses.

There are 49,152 possible logical host addresses. Of these, 256 are
reserved for assignment to well-known functions. Assignments for
well-known functions are made by the IANA. Assignments for other

logical host addresses are made by the NIC.

Logical Address Assignments:

Decimal Description References
------- ----------- ----------
0 Reserved [JBP]
1 The BBN Core Gateways [MB]
2-254 Unassigned [JBP]
255 Reserved [JBP]

MILNET X.25 ADDRESS MAPPINGS

All MILNET hosts are assigned addresses by the Defense Data Network
(DDN). The address of a MILNET host may be obtained from the Network
Information Center (NIC), represented as an ASCII text string in what
is called "host table format". This section describes the process by
which MILNET X.25 addresses may be derived from addresses in the NIC
host table format.

A NIC host table address consists of the ASCII text string
representations of four decimal numbers separated by periods,
corresponding to the four octeted of a thirty-two bit Internet
address. The four decimal numbers are referred to in this section as
"n", "h' "l", and "i". Thus, a host table address may be represented
as: "n.h.l.i". Each of these four numbers will have either one, two,
or three decimal digits and will never have a value greater than 255.
For example, in the host table, address: "10.2.0.124", n=10, h=2, l=0,
and i=124. To convert a host table address to a MILNET X.25 address:

1. If h < 64, the host table address corresponds to the X.25
physical address:

ZZZZ F IIIHHZZ (SS)

where:

ZZZZ = 0000 as required

F = 0 because the address is a physical address;

III is a three decimal digit respresentation of
"i", right-adjusted and padded with leading

zeros if required;

HH is a two decimal digit representation of "h",
right-adjusted and padded with leading zeros
if required;

ZZ = 00 and

(SS) is optional

In the example given above, the host table address 10.2.0.124
corresponds to the X.25 physical address 000001240200.

2. If h > 64 or h = 64, the host table address corresponds to the
X.25 logical address

ZZZZ F RRRRRZZ (SS)

where:

ZZZZ = 0000 as required

F = 1 because the address is a logical address;

RRRRR is a five decimal digit representation of
the result "r" of the calculation

r = h * 256 + i

(Note that the decimal representation of
"r" will always require five digits);

ZZ = 00 and

(SS) is optional

Thus, the host table address 10.83.0.207 corresponds to the X.25
logical address 000012145500.

In both cases, the "n" and "l" fields of the host table address are
not used.

REFERENCES

[BBN1822] BBN, "Specifications for the Interconnection of a Host and

an IMP", Report 1822, Bolt Beranek and Newman, Cambridge,
Massachusetts, revised, December 1981.

[ETHERNET] "The Ethernet, A Local Area Network: Data Link Layer and
Physical Layer Specification", AA-K759B-TK, Digital
Equipment Corporation, Maynard, MA. Also as: "The Ethernet
- A Local Area Network", Version 1.0, Digital Equipment
Corporation, Intel Corporation, Xerox Corporation,
September 1980. And: "The Ethernet, A Local Area Network:
Data Link Layer and Physical Layer Specifications",
Digital, Intel and Xerox, November 1982. And: XEROX, "The
Ethernet, A Local Area Network: Data Link Layer and
Physical Layer Specification", X3T51/80-50, Xerox
Corporation, Stamford, CT., October 1980.

[PUP] Boggs, D., J. Shoch, E. Taft, and R. Metcalfe, "PUP: An
Internetwork Architecture", XEROX Palo Alto Research Center,
CSL-79-10, July 1979; also in IEEE Transactions on
Communication, Volume COM-28, Number 4, April 1980.

[RFC791] Postel, J., ed., "Internet Protocol - DARPA Internet Program
Protocol Specification", STD 5, RFC 791, USC/Information
Sciences Institute, September 1981.

[RFC878] Malis, Andrew, "The ARPANET 1822L Host Access Protocol",
RFC 878, BBN Communications Corp., December 1983.

[RFC926] International Standards Organization, "Protocol for Providing
the Connectionless-Mode Network Services", RFC 926, ISO,
December 1984.

[RFC1005] Khanna, A., and A. Malis, "The ARPANET AHIP-E Host Access
Protocol (Enhanced AHIP)", RFC 1005, BBN Communications
Corp., May 1987.

PEOPLE

[DM28] Dennis Morris <Morrisd@IMO-UVAX.DCA.MIL>

[JBP] Jon Postel <postel@isi.edu>

[JBW1] Joseph Walters, Jr. <JWalters@BBN.COM>

[JGH] Jim Herman <Herman@CCJ.BBN.COM>

[MB] Michael Brescia <Brescia@CCV.BBN.COM>

[RXM] Robert Myhill <Myhill@CCS.BBN.COM>

[XEROX] Fonda Pallone <---none--->

[]

URL = ftp://ftp.isi.edu/in-notes/iana/assignments/milnet-parameters

XNS PROTOCOL TYPES

Assigned well-known socket numbers

Routing Information 1
Echo 2
Router Error 3
Experimental 40-77

Assigned internet packet types

Routing Information 1
Echo 2
Error 3
Packet Exchange 4
Sequenced Packet 5
PUP 12
DoD IP 13
Experimental 20-37

[]

URL = ftp://ftp.isi.edu/in-notes/iana/assignments/xns-protocol-types

INTERNET / XNS PROTOCOL MAPPINGS

Below are two tables describing the arrangement of protocol fields or
type field assignments so that one could send XNS Datagrams on the
MILNET or Internet Datagrams on 10Mb Ethernet, and also protocol and
type fields so one could encapsulate each kind of Datagram in the
other.

upper| DoD IP | PUP | NS IP |
lower | | | |
--------------|--------|--------|--------|
| Type | Type | Type |
3Mb Ethernet | 1001 | 1000 | 3000 |
| octal | octal | octal |
--------------|--------|--------|--------|
| Type | Type | Type |
10 Mb Ethernet| 0800 | 0200 | 0600 |
| hex | hex | hex |
--------------|--------|--------|--------|
| Link | Link | Link |
MILNET | 155 | 152 | 150 |
| decimal| decimal| decimal|
--------------|--------|--------|--------|

upper| DoD IP | PUP | NS IP |
lower | | | |
--------------|--------|--------|--------|
| |Protocol|Protocol|
DoD IP | X | 12 | 22 |
| | decimal| decimal|
--------------|--------|--------|--------|
| | | |
PUP | ? | X | ? |
| | | |
--------------|--------|--------|--------|
| Type | Type | |
NS IP | 13 | 12 | X |
| decimal| decimal| |
--------------|--------|--------|--------|

[]

URL = ftp://ftp.isi.edu/in-notes/iana/assignments/ip-xns-mapping

PRONET 80 TYPE NUMBERS

Below is the current list of PRONET 80 Type Numbers. Note: a protocol
that is on this list does not necessarily mean that there is any
implementation of it on ProNET.

Of these, protocols 1, 14, and 20 are the only ones that have ever
been seen in ARP packets.

For reference, the header is (one byte/line):

destination hardware address
source hardware address
data link header version (2)
data link header protocol number
data link header reserved (0)
data link header reserved (0)

Some protocols have been known to tuck stuff in the reserved fields.

Those who need a protocol number on ProNET-10/80 should contact John
Shriver (jas@proteon.com).

1 IP
2 IP with trailing headers
3 Address Resolution Protocol
4 Proteon HDLC
5 VAX Debugging Protocol (MIT)
10 Novell NetWare (IPX and pre-IPX) (old format,
3 byte trailer)
11 Vianetix
12 PUP
13 Watstar protocol (University of Waterloo)
14 XNS
15 Diganostics
16 Echo protocol (link level)
17 Banyan Vines
20 DECnet (DEUNA Emulation)
21 Chaosnet
23 IEEE 802.2 or ISO 8802/2 Data Link
24 Reverse Address Resolution Protocol
29 TokenVIEW-10
31 AppleTalk LAP Data Packet
33 Cornell Boot Server Location Protocol
34 Novell NetWare IPX (new format, no trailer,
new XOR checksum)

[]

URL = ftp://ftp.isi.edu/in-notes/iana/assignments/pronet80-type-numbers

NOVELL SAP NUMBERS OF INTEREST

For the convenience of the Internet community the IANA maitains a list
of Novell Service Access Point (SAP) numbers. This list is kept
up-to-date- by contributions from the community. Please send
corrections and additions to IANA@ISI.EDU.

Novell SAPs
====== ====

Decimal Hex SAP Description
======= ==== ===============

0 0000 Unknown
1 0001 User
2 0002 User Group
3 0003 Print Queue or Print Group
4 0004 File Server (SLIST source)
5 0005 Job Server
6 0006 Gateway
7 0007 Print Server or Silent Print Server
8 0008 Archive Queue
9 0009 Archive Server
10 000a Job Queue
11 000b Administration
15 000F Novell TI-RPC
23 0017 Diagnostics
32 0020 NetBIOS
33 0021 NAS SNA Gateway
35 0023 NACS Async Gateway or Asynchronous Gateway
36 0024 Remote Bridge or Routing Service
38 0026 Bridge Server or Asynchronous Bridge Server
39 0027 TCP/IP Gateway Server
40 0028 Point to Point (Eicon) X.25 Bridge Server
41 0029 Eicon 3270 Gateway
42 002a CHI Corp ???
44 002c PC Chalkboard
45 002d Time Synchronization Server or Asynchronous Timer
46 002e SAP Archive Server or SMS Target Service Agent
69 0045 DI3270 Gateway
71 0047 Advertising Print Server
75 004b Btrieve VAP/NLM 5.0
76 004c Netware SQL VAP/NLM Server
77 004d Xtree Network Version Netware XTree
80 0050 Btrieve VAP 4.11
82 0052 QuickLink (Cubix)
83 0053 Print Queue User
88 0058 Multipoint X.25 Eicon Router

96 0060 STLB/NLM ???
100 0064 ARCserve
102 0066 ARCserve 3.0
114 0072 WAN Copy Utility
122 007a TES-Netware for VMS
146 0092 WATCOM Debugger or Emerald Tape Backup Server
149 0095 DDA OBGYN ???
152 0098 Netware Access Server (Asynchronous gateway)
154 009a Netware for VMS II or Named Pipe Server
155 009b Netware Access Server
158 009e Portable Netware Server or SunLink NVT
161 00a1 Powerchute APC UPS NLM
170 00aa LAWserve ???
172 00ac Compaq IDA Status Monitor
256 0100 PIPE STAIL ???
258 0102 LAN Protect Bindery
259 0103 Oracle DataBase Server
263 0107 Netware 386 or RSPX Remote Console
271 010f Novell SNA Gateway
274 0112 Print Server (HP)
276 0114 CSA MUX (f/Communications Executive)
277 0115 CSA LCA (f/Communications Executive)
278 0116 CSA CM (f/Communications Executive)
279 0117 CSA SMA (f/Communications Executive)
280 0118 CSA DBA (f/Communications Executive)
281 0119 CSA NMA (f/Communications Executive)
282 011a CSA SSA (f/Communications Executive)
283 011b CSA STATUS (f/Communications Executive)
286 011e CSA APPC (f/Communications Executive)
294 0126 SNA TEST SSA Profile
298 012a CSA TRACE (f/Communications Executive)
304 0130 Communications Executive
307 0133 NNS Domain Server or Netware Naming Services Domain
309 0135 Netware Naming Services Profile
311 0137 Netware 386 Print Queue or NNS Print Queue
321 0141 LAN Spool Server (Vap, Intel)
338 0152 IRMALAN Gateway
340 0154 Named Pipe Server
360 0168 Intel PICKIT Comm Server or Intel CAS Talk Server
369 171 UNKNOWN???
371 0173 Compaq
372 0174 Compaq SNMP Agent
373 0175 Compaq
384 0180 XTree Server or XTree Tools
394 18A UNKNOWN??? Running on a Novell Server
432 01b0 GARP Gateway (net research)
433 01b1 Binfview (Lan Support Group)
447 01bf Intel LanDesk Manager

458 01ca AXTEC ???
459 01cb Netmode ???
460 1CC UNKNOWN??? Sheva netmodem???
472 01d8 Castelle FAXPress Server
474 01da Castelle LANPress Print Server
476 1DC Castille FAX/Xerox 7033 Fax Server/Excel Lan Fax
496 01f0 LEGATO ???
501 01f5 LEGATO ???
563 0233 NMS Agent or Netware Management Agent
567 0237 NMS IPX Discovery or LANtern Read/Write Channel
568 0238 NMS IP Discovery or LANtern Trap/Alarm Channel
570 023a LABtern
572 023c MAVERICK ???
574 23E UNKNOWN??? Running on a Novell Server
575 023f Used by eleven various Novell Servers
590 024e Remote Something ???
618 026a Network Management (NMS) Service Console
619 026b Time Synchronization Server (Netware 4.x)
632 0278 Directory Server (Netware 4.x)
772 0304 Novell SAA Gateway
776 0308 COM or VERMED 1 ???
778 030a Gallacticom BBS
780 030c Intel Netport 2 or HP JetDirect or HP Quicksilver
800 0320 Attachmate Gateway
807 0327 Microsoft Diagnostiocs ???
821 0335 MultiTech Systems Multisynch Comm Server
853 0355 Arcada Backup Exec
858 0358 MSLCD1 ???
865 0361 NETINELO ???
894 037e Twelve Novell file servers in the PC3M family
895 037f ViruSafe Notify
902 0386 HP Bridge
903 0387 HP Hub
916 0394 NetWare SAA Gateway
923 039b Lotus Notes
951 03b7 Certus Anti Virus NLM
964 03c4 ARCserve 4.0 (Cheyenne)
967 03c7 LANspool 3.5 (Intel)
990 03de Gupta Sequel Base Server or NetWare SQL
993 03e1 Univel Unixware
996 03e4 Univel Unixware
1020 03fc Intel Netport
1021 03fd Print SErver Queue ???
1034 40A ipnServer??? Running on a Novell Server
1035 40B UNKNOWN???
1037 40D LVERRMAN??? Running on a Novell Server
1038 40E LVLIC??? Running on a Novell Server
1040 410 UNKNOWN??? Running on a Novell Server

1044 0414 Kyocera
1065 0429 Site Lock Virus (Brightworks)
1074 0432 UFHELP R ???
1075 433 Sunoptics SNMP Agent???
1100 044c Backup ???
1111 457 Canon GP55??? Running on a Canon GP55 network printer
1115 045b Dell SCSI Array (DSA) Monitor
1200 04b0 CD-Net (Meridian)
1217 4C1 UNKNOWN???
1299 513 Emulux NQA??? Something from Emulex
1312 0520 Site Lock Checks
1321 0529 Site Lock Checks (Brightworks)
1325 052d Citrix OS/2 App Server
1344 536 Milan ???
1408 0580 McAfee's NetShield anti-virus
1569 621 ?? Something from Emulex
1571 623 UNKNOWN??? Running on a Novell Server
1900 076C Xerox
2857 0b29 Site Lock
3113 0c29 Site Lock Applications
3116 0c2c Licensing Server
9088 2380 LAI Site Lock
9100 238c Meeting Maker
18440 4808 Site Lock Server or Site Lock Metering VAP/NLM
21845 5555 Site Lock User
25362 6312 Tapeware
28416 6f00 Rabbit Gateway (3270)
30467 7703 MODEM??
32770 8002 NetPort Printers (Intel) or LANport
32776 8008 WordPerfect Network Version
34238 85BE Cisco Enhanced Interior Routing Protocol (EIGRP)
34952 8888 WordPerfect Network Version or Quick Network Management
36864 9000 McAfee's NetShield anti-virus
38404 9604 ?? CSA-NT_MON
61727 f11f Site Lock Metering VAP/NLM
61951 f1ff Site Lock
62723 F503 ?? SCA-NT
65535 ffff Any Service or Wildcard

This file is

ftp://ftp.isi.edu/in-notes/iana/assignments/novell-sap-numbers

[]

URL = ftp://ftp.isi.edu/in-notes/iana/assignments/novell-sap-numbers

POINT-TO-POINT PROTOCOL FIELD ASSIGNMENTS

PPP DLL PROTOCOL NUMBERS

The Point-to-Point Protocol (PPP) Data Link Layer [146,147,175]
contains a 16 bit Protocol field to identify the the encapsulated
protocol. The Protocol field is consistent with the ISO 3309 (HDLC)
extension mechanism for Address fields. All Protocols MUST be
assigned such that the least significant bit of the most significant
octet equals "0", and the least significant bit of the least
significant octet equals "1".

Assigned PPP DLL Protocol Numbers

Value (in hex) Protocol Name

0001 Padding Protocol
0003 to 001f reserved (transparency inefficient)
0021 Internet Protocol
0023 OSI Network Layer
0025 Xerox NS IDP
0027 DECnet Phase IV
0029 Appletalk
002b Novell IPX
002d Van Jacobson Compressed TCP/IP
002f Van Jacobson Uncompressed TCP/IP
0031 Bridging PDU
0033 Stream Protocol (ST-II)
0035 Banyan Vines
0037 reserved (until 1993)
0039 AppleTalk EDDP
003b AppleTalk SmartBuffered
003d Multi-Link
003f NETBIOS Framing
0041 Cisco Systems
0043 Ascom Timeplex
0045 Fujitsu Link Backup and Load Balancing (LBLB)
0047 DCA Remote Lan
0049 Serial Data Transport Protocol (PPP-SDTP)
004b SNA over 802.2
004d SNA
004f IP6 Header Compression
006f Stampede Bridging
007d reserved (Control Escape) [RFC1661]
007f reserved (compression inefficient) [RFC1662]
00cf reserved (PPP NLPID)
00fb compression on single link in multilink group
00fd 1st choice compression

00ff reserved (compression inefficient)

0201 802.1d Hello Packets
0203 IBM Source Routing BPDU
0205 DEC LANBridge100 Spanning Tree
0231 Luxcom
0233 Sigma Network Systems

8001-801f Not Used - reserved [RFC1661]
8021 Internet Protocol Control Protocol
8023 OSI Network Layer Control Protocol
8025 Xerox NS IDP Control Protocol
8027 DECnet Phase IV Control Protocol
8029 Appletalk Control Protocol
802b Novell IPX Control Protocol
802d reserved
802f reserved
8031 Bridging NCP
8033 Stream Protocol Control Protocol
8035 Banyan Vines Control Protocol
8037 reserved till 1993
8039 reserved
803b reserved
803d Multi-Link Control Protocol
803f NETBIOS Framing Control Protocol
807d Not Used - reserved [RFC1661]
8041 Cisco Systems Control Protocol
8043 Ascom Timeplex
8045 Fujitsu LBLB Control Protocol
8047 DCA Remote Lan Network Control Protocol (RLNCP)
8049 Serial Data Control Protocol (PPP-SDCP)
804b SNA over 802.2 Control Protocol
804d SNA Control Protocol
804f IP6 Header Compression Control Protocol
006f Stampede Bridging Control Protocol
80cf Not Used - reserved [RFC1661]
80fb compression on single link in multilink group control
80fd Compression Control Protocol
80ff Not Used - reserved [RFC1661]

c021 Link Control Protocol
c023 Password Authentication Protocol
c025 Link Quality Report
c027 Shiva Password Authentication Protocol
c029 CallBack Control Protocol (CBCP)
c081 Container Control Protocol [KEN]
c223 Challenge Handshake Authentication Protocol
c281 Proprietary Authentication Protocol [KEN]

c26f Stampede Bridging Authorization Protocol
c481 Proprietary Node ID Authentication Protocol [KEN]

Protocol field values in the "0xxx" to "3xxx" range identify the
network-layer protocol of specific datagrams, and values in the "8xxx"
to "bxxx" range identify datagrams belonging to the associated Network
Control Protocol (NCP), if any.

It is recommended that values in the "02xx" to "1exx" and "xx01" to
"xx1f" ranges not be assigned, as they are compression inefficient.

Protocol field values in the "4xxx" to "7xxx" range are used for
protocols with low volume traffic which have no associated NCP.

Protocol field values in the "cxxx" to "exxx" range identify datagrams
as Control Protocols (such as LCP).

PPP LCP AND IPCP CODES

The Point-to-Point Protocol (PPP) Link Control Protocol (LCP), [146]
the Compression Control Protocol (CCP), Internet Protocol Control
Protocol (IPCP), [147] and other control protocols, contain an 8 bit
Code field which identifies the type of packet. These Codes are
assigned as follows:

Code Packet Type
---- -----------
1 Configure-Request
2 Configure-Ack
3 Configure-Nak
4 Configure-Reject
5 Terminate-Request
6 Terminate-Ack
7 Code-Reject
8 * Protocol-Reject
9 * Echo-Request
10 * Echo-Reply
11 * Discard-Request
12 * Identification
13 * Time-Remaining
14 + Reset-Request
15 + Reset-Reply

* LCP Only
+ CCP Only

PPP LCP CONFIGURATION OPTION TYPES

The Point-to-Point Protocol (PPP) Link Control Protocol (LCP)
specifies a number of Configuration Options [146] which are
distinguished by an 8 bit Type field. These Types are assigned as
follows:

Type Configuration Option
---- --------------------
1 Maximum-Receive-Unit
2 Async-Control-Character-Map
3 Authentication-Protocol
4 Quality-Protocol
5 Magic-Number
6 RESERVED
7 Protocol-Field-Compression
8 Address-and-Control-Field-Compression
9 FCS-Alternatives
10 Self-Describing-Pad
11 Numbered-Mode
12 Multi-Link-Procedure
13 Callback
14 Connect-Time
15 Compound-Frames
16 Nominal-Data-Encapsulation
17 Multilink-MRRU
18 Multilink-Short-Sequence-Number-Header-Format
19 Multilink-Endpoint-Discriminator
20 Proprietary [KEN]
21 DCE-Identifier [SCHNEIDER]

PPP LCP FCS-ALTERNATIVES

The Point-to-Point Protocol (PPP) Link Control Protocol (LCP)
FCS-Alternatives Configuration Option contains an 8-bit Options field
which identifies the FCS used. These are assigned as follows:

Bit FCS
---- ----------
1 Null FCS
2 CCITT 16-Bit FCS
4 CCITT 32-bit FCS

PPP LCP CALLBACK OPERATION FIELDS

The Point-to-Point Protocol (PPP) Link Control Protocol (LCP) Callback
Configuration Option contains an 8-bit Operations field which
identifies the format of the Message. These are assigned as follows:

Operation Description
--------- ---------------------------
0 Location determined by user authentication.
1 Dialing string.
2 Location identifier.
3 E.164 number.
4 X.500 distinguished name.
5 unassigned
6 Location is determined during CBCP negotiation.

PPP IPCP CONFIGURATION OPTION TYPES

The Point-to-Point Protocol (PPP) Internet Protocol Control Protocol
(IPCP) specifies a number of Configuration Options [147] which are
distinguished by an 8 bit Type field. These Types are assigned as
follows:

Type Configuration Option
---- --------------------
1 IP-Addresses (deprecated)
2 IP-Compression-Protocol
3 IP-Address

PPP ATCP CONFIGURATION OPTION TYPES

The Point-to-Point Protocol (PPP) Apple Talk Control Protocol (ATCP)
specifies a number of Configuration Options [RFC-1378] which are
distinguished by an 8 bit Type field. These Types are assigned as
follows:

Type Configuration Option
---- --------------------
1 AppleTalk-Address
2 Routing-Protocol
3 Suppress-Broadcasts
4 AT-Compression-Protocol
5 Reserved
6 Server-information
7 Zone-information
8 Default-Router-Address

PPP OSINLCP CONFIGURATION OPTION TYPES

The Point-to-Point Protocol (PPP) OSI Network Layer Control Protocol
(OSINLCP) specifies a number of Configuration Options [RFC-1377] which
are distinguished by an 8 bit Type field. These Types are assigned as
follows:

Type Configuration Option
---- --------------------
1 Align-NPDU

PPP BRIDGING CONFIGURATION OPTION TYPES

The Point-to-Point Protocol (PPP) Bridging Control Protocol (BCP)
specifies a number of Configuration Options which are distinguished by
an 8 bit Type field. These Types are assigned as follows:

Type Configuration Option
---- --------------------
1 Bridge-Identification
2 Line-Identification
3 MAC-Support
4 Tinygram-Compression
5 LAN-Identification
6 MAC-Address
7 Spanning-Tree-Protocol

PPP BRIDGING MAC TYPES

The Point-to-Point Protocol (PPP) Bridging Control Protocol (BCP)
contains an 8 bit MAC Type field which identifies the MAC
encapsulated. These Types are assigned as follows:

Type MAC
---- -----------
0 Reserved
1 IEEE 802.3/Ethernet with cannonical addresses
2 IEEE 802.4 with cannonical addresses
3 IEEE 802.5 with non-cannonical addresses
4 FDDI with non-cannonical addresses
5-10 reserved
11 IEEE 802.5 with cannonical addresses
12 FDDI with cannonical addresses

PPP BRIDGING SPANNING TREE

The Point-to-Point Protocol (PPP) Bridging Control Protocol (BCP)
Spanning Tree Configuration Option contains an 8-bit Protocol field
which identifies the spanning tree used. These are assigned as
follows:

Protocol Spanning Tree
-------- ---------------
0 Null - no spanning tree protocol supported
1 IEEE 802.1D spanning tree protocol

2 IEEE 802.1G extended spanning tree protocol
3 IBM source route spanning tree protocol
4 DEC LANbridge 100 spanning tree protocol

REFERENCES

[RFC1661] Simpson, W., Editor, "The Point-to-Point Protocol (PPP)",
STD 51, RFC 1661, Daydreamer, July 1994.

[RFC1662] Simpson, W., Editor, "PPP in HDLC-like Framing", STD 51, RFC
1662, Daydreamer, July 1994.

PEOPLE

[KEN] <ken@funk.com>

[SCHNEIDER] Kevin Schneider <kevin@adtran.com>

[]

URL = ftp://ftp.isi.edu/in-notes/iana/assignments/ppp-numbers

MACHINE NAMES

These are the Official Machine Names as they appear in the Domain Name
System HINFO records and the NIC Host Table. Their use is described
in [RFC952].

A machine name or CPU type may be up to 40 characters taken from the
set of uppercase letters, digits, and the two punctuation characters
hyphen and slash. It must start with a letter, and end with a letter
or digit.

AMIGA-500
AMIGA-500/010
AMIGA-500/020
AMIGA-500/EC030
AMIGA-500/030
AMIGA-600
AMIGA-1000
AMIGA-1000/010
AMIGA-1000/020
AMIGA-1000/EC030
AMIGA-1000/030
AMIGA-1200
AMIGA-1200/EC030
AMIGA-1200/030
AMIGA-1200/EC040
AMIGA-1200/LC040
AMIGA-1200/040
AMIGA-2000
AMIGA-2000/010
AMIGA-2000/020
AMIGA-2000/EC030
AMIGA-2000/030
AMIGA-2000/LC040
AMIGA-2000/EC040
AMIGA-2000/040
AMIGA-3000
AMIGA-3000/EC040
AMIGA-3000/LC040
AMIGA-3000/040
AMIGA-3000/060
AMIGA-4000/EC030
AMIGA-4000/030
AMIGA-4000/LC040
AMIGA-4000/040
AMIGA-4000/060
ALTO

ALTOS-6800
AMDAHL-V7
APOLLO
APPLE-MACINTOSH
APPLE-POWERBOOK
ATARI-104ST
ATT-3B1
ATT-3B2
ATT-3B20
ATT-7300
AXP
BBN-C/60
BURROUGHS-B/29
BURROUGHS-B/4800
BUTTERFLY
C/30
C/70
CADLINC
CADR
CDC-170
CDC-170/750
CDC-173
CDTV
CDTV/060
CD32
CELERITY-1200
CLUB-386
COMPAQ-386/20
COMTEN-3690
CP8040
CRAY-1
CRAY-X/MP
CRAY-2
CTIWS-117
DANDELION
DEC-10
DEC-1050
DEC-1077
DEC-1080
DEC-1090
DEC-1090B
DEC-1090T
DEC-2020T
DEC-2040
DEC-2040T
DEC-2050T
DEC-2060
DEC-2060T

DEC-2065
DEC-AXP
DEC-FALCON
DEC-KS10
DECSTATION
DEC-VAX
DEC-VAXCLUSTER
DEC-VAXSTATION
DEC-VAX-11730
DORADO
DPS8/70M
ELXSI-6400
EVEREX-386
FOONLY-F2
FOONLY-F3
FOONLY-F4
GOULD
GOULD-6050
GOULD-6080
GOULD-9050
GOULD-9080
H-316
H-60/68
H-68
H-68/80
H-89
HONEYWELL-DPS-6
HONEYWELL-DPS-8/70
HP3000
HP3000/64
IBM-158
IBM-360/67
IBM-370/3033
IBM-3081
IBM-3084QX
IBM-3101
IBM-4331
IBM-4341
IBM-4361
IBM-4381
IBM-4956
IBM-6152
IBM-PC
IBM-PC/AT
IBM-PC/RT
IBM-PC/XT
IBM-RS/6000
IBM-SERIES/1

IMAGEN
IMAGEN-8/300
IMSAI
INTEGRATED-SOLUTIONS
INTEGRATED-SOLUTIONS-68K
INTEGRATED-SOLUTIONS-CREATOR
INTEGRATED-SOLUTIONS-CREATOR-8
INTEL-386
INTEL-IPSC
IS-1
IS-68010
LMI
LSI-11
LSI-11/2
LSI-11/23
LSI-11/73
M68000
MAC-II
MAC-POWERBOOK
MACINTOSH
MASSCOMP
MC500
MC68000
MICROPORT
MICROVAX
MICROVAX-I
MV/8000
NAS3-5
NCR-COMTEN-3690
NEXT/N1000-316
NOW
ONYX-Z8000
PDP-11
PDP-11/3
PDP-11/23
PDP-11/24
PDP-11/34
PDP-11/40
PDP-11/44
PDP-11/45
PDP-11/50
PDP-11/70
PDP-11/73
PE-7/32
PE-3205
PERQ
PLEXUS-P/60
PLI

PLURIBUS
PRIME-2350
PRIME-2450
PRIME-2755
PRIME-9655
PRIME-9755
PRIME-9955II
PRIME-2250
PRIME-2655
PRIME-9955
PRIME-9950
PRIME-9650
PRIME-9750
PRIME-2250
PRIME-750
PRIME-850
PRIME-550II
PYRAMID-90
PYRAMID-90MX
PYRAMID-90X
RIDGE
RIDGE-32
RIDGE-32C
ROLM-1666
RS/6000
S1-MKIIA
SMI
SEQUENT-BALANCE-8000
SIEMENS
SILICON-GRAPHICS
SILICON-GRAPHICS-IRIS
SGI-IRIS-2400
SGI-IRIS-2500
SGI-IRIS-3010
SGI-IRIS-3020
SGI-IRIS-3030
SGI-IRIS-3110
SGI-IRIS-3115
SGI-IRIS-3120
SGI-IRIS-3130
SGI-IRIS-4D/20
SGI-IRIS-4D/20G
SGI-IRIS-4D/25
SGI-IRIS-4D/25G
SGI-IRIS-4D/25S
SGI-IRIS-4D/50
SGI-IRIS-4D/50G
SGI-IRIS-4D/50GT

SGI-IRIS-4D/60
SGI-IRIS-4D/60G
SGI-IRIS-4D/60T
SGI-IRIS-4D/60GT
SGI-IRIS-4D/70
SGI-IRIS-4D/70G
SGI-IRIS-4D/70GT
SGI-IRIS-4D/80GT
SGI-IRIS-4D/80S
SGI-IRIS-4D/120GTX
SGI-IRIS-4D/120S
SGI-IRIS-4D/210GTX
SGI-IRIS-4D/210S
SGI-IRIS-4D/220GTX
SGI-IRIS-4D/220S
SGI-IRIS-4D/240GTX
SGI-IRIS-4D/240S
SGI-IRIS-4D/280GTX
SGI-IRIS-4D/280S
SGI-IRIS-CS/12
SGI-IRIS-4SERVER-8
SPERRY-DCP/10
SUN
SUN-2
SUN-2/50
SUN-2/100
SUN-2/120
SUN-2/130
SUN-2/140
SUN-2/150
SUN-2/160
SUN-2/170
SUN-3/50
SUN-3/60
SUN-3/75
SUN-3/80
SUN-3/110
SUN-3/140
SUN-3/150
SUN-3/160
SUN-3/180
SUN-3/200
SUN-3/260
SUN-3/280
SUN-3/470
SUN-3/480
SUN-4/60
SUN-4/110

SUN-4/150
SUN-4/200
SUN-4/260
SUN-4/280
SUN-4/330
SUN-4/370
SUN-4/390
SUN-50
SUN-100
SUN-120
SUN-130
SUN-150
SUN-170
SUN-386i/250
SUN-68000
SYMBOLICS-3600
SYMBOLICS-3670
SYMMETRIC-375
SYMULT
TANDEM-TXP
TANDY-6000
TEK-6130
TI-EXPLORER
TP-4000
TRS-80
UNIVAC-1100
UNIVAC-1100/60
UNIVAC-1100/62
UNIVAC-1100/63
UNIVAC-1100/64
UNIVAC-1100/70
UNIVAC-1160
UNKNOWN
VAX
VAX-11/725
VAX-11/730
VAX-11/750
VAX-11/780
VAX-11/785
VAX-11/790
VAX-11/8600
VAX-8600
VAXCLUSTER
VAXSTATION
WANG-PC002
WANG-VS100
WANG-VS400
WYSE-386

WYSE-WN5004
WYSE-WN5008
WYSE-WN5104
WYSE-WN5108
WYSE-WX15C
WYSE-WX17C
WYSE-WX17M
WYSE-WX19C
WYSE-WX19M
WYSE-WYX14M
WYSE-WYX5
XEROX-1108
XEROX-8010
ZENITH-148

REFERENCES

[RFC952] Harrenstien, K., Stahl, M., and E. Feinler, "DoD Internet
Host Table Specification", RFC 952, SRI, October 1985.

[]

URL = ftp://ftp.isi.edu/in-notes/iana/assignments/machine-names

OPERATING SYSTEM NAMES

These are the Official System Names as they appear in the Domain Name
System HINFO records and the NIC Host Table. Their use is described in
[RFC952].

A system name may be up to 40 characters taken from the set of
uppercase letters, digits, and the three punctuation characters
hyphen, period, and slash. It must start with a letter, and end with
a letter or digit.

AEGIS
AMIGA-OS-1.2
AMIGA-OS-1.3
AMIGA-OS-2.0
AMIGA-OS-2.1
AMIGA-OS-3.0
AMIGA-OS-3.1
APOLLO
AIX/370
AIX-PS/2
BS-2000
CEDAR
CGW
CHORUS
CHRYSALIS
CMOS
CMS
COS
CPIX
CTOS
CTSS
DCN
DDNOS
DOMAIN
DOS
EDX
ELF
EMBOS
EMMOS
EPOS
FOONEX
FORTH
FUZZ
GCOS
GPOS

HDOS
IMAGEN
INTERCOM
IMPRESS
INTERLISP
IOS
IRIX
ISI-68020
ITS
LISP
LISPM
LOCUS
MACOS
MINOS
MOS
MPE5
MPE/V
MPE/IX
MSDOS
MULTICS
MUSIC
MUSIC/SP
MVS
MVS/SP
NEXUS
NMS
NONSTOP
NOS-2
NTOS
OPENVMS
OS/DDP
OS/2
OS4
OS86
OSX
PCDOS
PERQ/OS
PLI
PSDOS/MIT
PRIMOS
RMX/RDOS
ROS
RSX11M
RTE-A
SATOPS
SCO-OPEN-DESKTOP-1.0
SCO-OPEN-DESKTOP-1.1
SCO-OPEN-DESKTOP-2.0

SCO-OPEN-DESKTOP-3.0
SCO-OPEN-DESKTOP-LITE-3.0
SCO-OPEN-SERVER-3.0
SCO-UNIX-3.2.0
SCO-UNIX-3.2V2.0
SCO-UNIX-3.2V2.1
SCO-UNIX-3.2V4.0
SCO-UNIX-3.2V4.1
SCO-UNIX-3.2V4.2
SCO-XENIX-386-2.3.2
SCO-XENIX-386-2.3.3
SCO-XENIX-386-2.3.4
SCS
SIMP
SUN
SUN-OS-3.5
SUN-OS-4.0
SWIFT
TAC
TANDEM
TENEX
THE-MAJOR-BBS
TOPS10
TOPS20
TOS
TP3010
TRSDOS
ULTRIX
UNIX
UNIX-BSD
UNIX-V1AT
UNIX-V
UNIX-V.1
UNIX-V.2
UNIX-V.3
UNIX-PC
UNKNOWN
UT2D
V
VM
VM/370
VM/CMS
VM/SP
VMS
VMS/EUNICE
VRTX
WAITS
WANG

WIN32
WYSE-WYXWARE
X11R3
XDE
XENIX

REFERENCES

[RFC952] Harrenstien, K., Stahl, M., and E. Feinler, "DoD Internet
Host Table Specification", RFC 952, SRI, October 1985.

[]

URL = ftp://ftp.isi.edu/in-notes/iana/assignments/operating-system-names

TERMINAL TYPE NAMES

These are the Official Terminal Type Names. Their use is described in
[RFC930]. The maximum length of a name is 40 characters.

A terminal names may be up to 40 characters taken from the set of
uppercase letters, digits, and the two punctuation characters hyphen
and slash. It must start with a letter, and end with a letter or
digit.

ADDS-CONSUL-980
ADDS-REGENT-100
ADDS-REGENT-20
ADDS-REGENT-200
ADDS-REGENT-25
ADDS-REGENT-40
ADDS-REGENT-60
ADDS-VIEWPOINT
ADDS-VIEWPOINT-60
AED-512
AMPEX-DIALOGUE-210
AMPEX-DIALOGUE-80
AMPEX-210
AMPEX-230
ANDERSON-JACOBSON-510
ANDERSON-JACOBSON-630
ANDERSON-JACOBSON-832
ANDERSON-JACOBSON-841
ANN-ARBOR-AMBASSADOR
ANSI
ARDS
BITGRAPH
BUSSIPLEXER
CALCOMP-565
CDC-456
CDI-1030
CDI-1203
C-ITOH-101
C-ITOH-50
C-ITOH-80
CLNZ
COMPUCOLOR-II
CONCEPT-100
CONCEPT-104
CONCEPT-108
DATA-100

DATA-GENERAL-6053
DATAGRAPHIX-132A
DATAMEDIA-1520
DATAMEDIA-1521
DATAMEDIA-2500
DATAMEDIA-3025
DATAMEDIA-3025A
DATAMEDIA-3045
DATAMEDIA-3045A
DATAMEDIA-DT80/1
DATAPOINT-2200
DATAPOINT-3000
DATAPOINT-3300
DATAPOINT-3360
DEC-DECWRITER-I
DEC-DECWRITER-II
DEC-GIGI
DEC-GT40
DEC-GT40A
DEC-GT42
DEC-LA120
DEC-LA30
DEC-LA36
DEC-LA38
DEC-VT05
DEC-VT100
DEC-VT101
DEC-VT102
DEC-VT125
DEC-VT131
DEC-VT132
DEC-VT200
DEC-VT220
DEC-VT240
DEC-VT241
DEC-VT300
DEC-VT320
DEC-VT340
DEC-VT50
DEC-VT50H
DEC-VT52
DEC-VT55
DEC-VT61
DEC-VT62
DELTA-DATA-5000
DELTA-DATA-NIH-7000
DELTA-TELTERM-2
DIABLO-1620

DIABLO-1640
DIGILOG-333
DTC-300S
DTC-382
EDT-1200
ETOS52-APL
ETOS52-CRT
ETOS52-FDW
ETOS52-FUP
ETOS52-GFM
ETOS52-SPR
EXECUPORT-4000
EXECUPORT-4080
FACIT-TWIST-4440
FREEDOM-100
FREEDOM-110
FREEDOM-200
GENERAL-TERMINAL-100A
GENERAL-TERMINAL-101
GIPSI-TX-M
GIPSI-TX-ME
GIPSI-TX-C4
GIPSI-TX-C8
GSI
HAZELTINE-1420
HAZELTINE-1500
HAZELTINE-1510
HAZELTINE-1520
HAZELTINE-1552
HAZELTINE-2000
HAZELTINE-ESPRIT
HITACHI-5601
HITACHI-5603
HITACHI-5603E
HITACHI-5603EA
HITACHI-560X
HITACHI-560XE
HITACHI-560XEA
HITACHI-560PR
HITACHI-HOAP1
HITACHI-HOAP2
HITACHI-HOAP3
HITACHI-HOAP4
HP-2392
HP-2621
HP-2621A
HP-2621P
HP-2623

HP-2626
HP-2626A
HP-2626P
HP-2627
HP-2640
HP-2640A
HP-2640B
HP-2645
HP-2645A
HP-2648
HP-2648A
HP-2649
HP-2649A
IBM-1050
IBM-2741
IBM-3101
IBM-3101-10
IBM-3151
IBM-3179-2
IBM-3180-2
IBM-3196-A1
IBM-3275-2
IBM-3276-2
IBM-3276-3
IBM-3276-4
IBM-3277-2
IBM-3278-2
IBM-3278-3
IBM-3278-4
IBM-3278-5
IBM-3279-2
IBM-3279-3
IBM-3477-FC
IBM-3477-FG
IBM-5081
IBM-5151
IBM-5154
IBM-5251-11
IBM-5291-1
IBM-5292-2
IBM-5555-B01
IBM-5555-C01
IBM-6153
IBM-6154
IBM-6155
IBM-AED
IBM-3278-2-E
IBM-3278-3-E

IBM-3278-4-E
IBM-3278-5-E
IBM-3279-2-E
IBM-3279-3-E
IMLAC
INFOTON-100
INFOTON-400
INFOTONKAS
ISC-8001
LSI-ADM-1
LSI-ADM-11
LSI-ADM-12
LSI-ADM-2
LSI-ADM-20
LSI-ADM-22
LSI-ADM-220
LSI-ADM-3
LSI-ADM-31
LSI-ADM-3A
LSI-ADM-42
LSI-ADM-5
MEMOREX-1240
MICROBEE
MICROTERM-ACT-IV
MICROTERM-ACT-V
MICROTERM-ERGO-301
MICROTERM-MIME-1
MICROTERM-MIME-2
MICROTERM-ACT-5A
MICROTERM-TWIST
NEC-5520
NETRONICS
NETWORK-VIRTUAL-TERMINAL
OMRON-8025AG
PERKIN-ELMER-550
PERKIN-ELMER-1100
PERKIN-ELMER-1200
PERQ
PLASMA-PANEL
QUME-SPRINT-5
QUME-101
QUME-102
SOROC
SOROC-120
SOUTHWEST-TECHNICAL-PRODUCTS-CT82
SUN
SUPERBEE
SUPERBEE-III-M

TEC
TEKTRONIX-4006
TEKTRONIX-4010
TEKTRONIX-4012
TEKTRONIX-4013
TEKTRONIX-4014
TEKTRONIX-4023
TEKTRONIX-4024
TEKTRONIX-4025
TEKTRONIX-4027
TEKTRONIX-4105
TEKTRONIX-4107
TEKTRONIX-4110
TEKTRONIX-4112
TEKTRONIX-4113
TEKTRONIX-4114
TEKTRONIX-4115
TEKTRONIX-4125
TEKTRONIX-4404
TELERAY-1061
TELERAY-3700
TELERAY-3800
TELETEC-DATASCREEN
TELETERM-1030
TELETYPE-33
TELETYPE-35
TELETYPE-37
TELETYPE-38
TELETYPE-40
TELETYPE-43
TELEVIDEO-910
TELEVIDEO-912
TELEVIDEO-920
TELEVIDEO-920B
TELEVIDEO-920C
TELEVIDEO-925
TELEVIDEO-955
TELEVIDEO-950
TELEVIDEO-970
TELEVIDEO-975
TERMINET-1200
TERMINET-300
TI-700
TI-733
TI-735
TI-743
TI-745
TI-800

TYCOM
UNIVAC-DCT-500
VIDEO-SYSTEMS-1200
VIDEO-SYSTEMS-5000
VOLKER-CRAIG-303
VOLKER-CRAIG-303A
VOLKER-CRAIG-404
VISUAL-200
VISUAL-55
WYSE-30
WYSE-50
WYSE-60
WYSE-75
WYSE-85
WYSE-99GT
WYSE-100
WYSE-120
WYSE-120ES
WYSE-150
WYSE-150ES
WYSE-160
WYSE-160ES
WYSE-185
WYSE-185ES
WYSE-285
WYSE-285ES
WYSE-325
WYSE-325ES
WYSE-350
WYSE-370
XEROX-1720
XTERM
ZENITH-H19
ZENITH-Z29
ZENTEC-30

REFERENCES

[RFC930] Solomon, M., and E. Wimmers, "Telnet Terminal Type Option",
RFC 930, University of Wisconsin, Madison, January 1985.

[]

URL = ftp://ftp.isi.edu/in-notes/iana/assignments/terminal-type-names

PROTOCOL AND SERVICE NAMES

These are the Official Protocol Names as they appear in the Domain
Name System WKS records and the NIC Host Table. Their use is
described in [RFC952].

A protocol or service may be up to 40 characters taken from the set of
uppercase letters, digits, and the punctuation character hyphen. It
must start with a letter, and end with a letter or digit.

ARGUS - ARGUS Protocol
ARP - Address Resolution Protocol
AUTH - Authentication Service
BBN-RCC-MON - BBN RCC Monitoring
BL-IDM - Britton Lee Intelligent Database Machine
BOOTP - Bootstrap Protocol
BOOTPC - Bootstrap Protocol Client
BOOTPS - Bootstrap Protocol Server
BR-SAT-MON - Backroom SATNET Monitoring
CFTP - CFTP
CHAOS - CHAOS Protocol
CHARGEN - Character Generator Protocol
CISCO-FNA - CISCO FNATIVE
CISCO-TNA - CISCO TNATIVE
CISCO-SYS - CISCO SYSMAINT
CLOCK - DCNET Time Server Protocol
CMOT - Common Mgmnt Info Ser and Prot over TCP/IP
COOKIE-JAR - Authentication Scheme
CSNET-NS - CSNET Mailbox Nameserver Protocol
DAYTIME - Daytime Protocol
DCN-MEAS - DCN Measurement Subsystems Protocol
DCP - Device Control Protocol
DGP - Dissimilar Gateway Protocol
DISCARD - Discard Protocol
DMF-MAIL - Digest Message Format for Mail
DOMAIN - Domain Name System
ECHO - Echo Protocol
EGP - Exterior Gateway Protocol
EHF-MAIL - Encoding Header Field for Mail
EMCON - Emission Control Protocol
EMFIS-CNTL - EMFIS Control Service
EMFIS-DATA - EMFIS Data Service
FCONFIG - Fujitsu Config Protocol
FINGER - Finger Protocol
FTP - File Transfer Protocol
FTP-DATA - File Transfer Protocol Data

GGP - Gateway Gateway Protocol
GRAPHICS - Graphics Protocol
HMP - Host Monitoring Protocol
HOST2-NS - Host2 Name Server
HOSTNAME - Hostname Protocol
ICMP - Internet Control Message Protocol
IGMP - Internet Group Management Protocol
IGP - Interior Gateway Protocol
IMAP2 - Interim Mail Access Protocol version 2
INGRES-NET - INGRES-NET Service
IP - Internet Protocol
IPCU - Internet Packet Core Utility
IPPC - Internet Pluribus Packet Core
IP-ARC - Internet Protocol on ARCNET
IP-ARPA - Internet Protocol on ARPANET
IP-CMPRS - Compressing TCP/IP Headers
IP-DC - Internet Protocol on DC Networks
IP-DVMRP - Distance Vector Multicast Routing Protocol
IP-E - Internet Protocol on Ethernet Networks
IP-EE - Internet Protocol on Exp. Ethernet Nets
IP-FDDI - Transmission of IP over FDDI
IP-HC - Internet Protocol on Hyperchannnel
IP-IEEE - Internet Protocol on IEEE 802
IP-IPX - Transmission of 802.2 over IPX Networks
IP-MTU - IP MTU Discovery Options
IP-NETBIOS - Internet Protocol over NetBIOS Networks
IP-SLIP - Transmission of IP over Serial Lines
IP-WB - Internet Protocol on Wideband Network
IP-X25 - Internet Protocol on X.25 Networks
IRTP - Internet Reliable Transaction Protocol
ISI-GL - ISI Graphics Language Protocol
ISO-TP4 - ISO Transport Protocol Class 4
ISO-TSAP - ISO TSAP
LA-MAINT - IMP Logical Address Maintenance
LARP - Locus Address Resoultion Protocol
LDP - Loader Debugger Protocol
LEAF-1 - Leaf-1 Protocol
LEAF-2 - Leaf-2 Protocol
LINK - Link Protocol
LOC-SRV - Location Service
LOGIN - Login Host Protocol
MAIL - Format of Electronic Mail Messages
MERIT-INP - MERIT Internodal Protocol
METAGRAM - Metagram Relay
MIB - Management Information Base
MIT-ML-DEV - MIT ML Device
MFE-NSP - MFE Network Services Protocol
MIT-SUBNET - MIT Subnet Support

MIT-DOV - MIT Dover Spooler
MPM - Internet Message Protocol (Multimedia Mail)
MPM-FLAGS - MPM Flags Protocol
MPM-SND - MPM Send Protocol
MSG-AUTH - MSG Authentication Protocol
MSG-ICP - MSG ICP Protocol
MUX - Multiplexing Protocol
NAMESERVER - Host Name Server
NETBIOS-DGM - NETBIOS Datagram Service
NETBIOS-NS - NETBIOS Name Service
NETBIOS-SSN - NETBIOS Session Service
NETBLT - Bulk Data Transfer Protocol
NETED - Network Standard Text Editor
NETRJS - Remote Job Service
NI-FTP - NI File Transfer Protocol
NI-MAIL - NI Mail Protocol
NICNAME - Who Is Protocol
NFILE - A File Access Protocol
NNTP - Network News Transfer Protocol
NSW-FE - NSW User System Front End
NTP - Network Time Protocol
NVP-II - Network Voice Protocol
OSPF - Open Shortest Path First Interior GW Protocol
PCMAIL - Pcmail Transport Protocol
POP2 - Post Office Protocol - Version 2
POP3 - Post Office Protocol - Version 3
PPP - Point-to-Point Protocol
PRM - Packet Radio Measurement
PUP - PUP Protocol
PWDGEN - Password Generator Protocol
QUOTE - Quote of the Day Protocol
RARP - A Reverse Address Resolution Protocol
RATP - Reliable Asynchronous Transfer Protocol
RE-MAIL-CK - Remote Mail Checking Protocol
RDP - Reliable Data Protocol
RIP - Routing Information Protocol
RJE - Remote Job Entry
RLP - Resource Location Protocol
RTELNET - Remote Telnet Service
RVD - Remote Virtual Disk Protocol
SAT-EXPAK - Satnet and Backroom EXPAK
SAT-MON - SATNET Monitoring
SEP - Sequential Exchange Protocol
SFTP - Simple File Transfer Protocol
SGMP - Simple Gateway Monitoring Protocol
SNMP - Simple Network Management Protocol
SMI - Structure of Management Information
SMTP - Simple Mail Transfer Protocol

SQLSRV - SQL Service
ST - Stream Protocol
STATSRV - Statistics Service
SU-MIT-TG - SU/MIT Telnet Gateway Protocol
SUN-RPC - SUN Remote Procedure Call
SUPDUP - SUPDUP Protocol
SUR-MEAS - Survey Measurement
SWIFT-RVF - Remote Virtual File Protocol
TACACS-DS - TACACS-Database Service
TACNEWS - TAC News
TCP - Transmission Control Protocol
TCP-ACO - TCP Alternate Checksum Option
TELNET - Telnet Protocol
TFTP - Trivial File Transfer Protocol
THINWIRE - Thinwire Protocol
TIME - Time Server Protocol
TP-TCP - ISO Transport Service on top of the TCP
TRUNK-1 - Trunk-1 Protocol
TRUNK-2 - Trunk-2 Protocol
UCL - University College London Protocol
UDP - User Datagram Protocol
NNTP - Network News Transfer Protocol
USERS - Active Users Protocol
UUCP-PATH - UUCP Path Service
VIA-FTP - VIA Systems-File Transfer Protocol
VISA - VISA Protocol
VMTP - Versatile Message Transaction Protocol
WB-EXPAK - Wideband EXPAK
WB-MON - Wideband Monitoring
XNET - Cross Net Debugger
XNS-IDP - Xerox NS IDP

REFERENCES

[RFC952] Harrenstien, K., Stahl, M., and E. Feinler, "DoD Internet
Host Table Specification", RFC 952, SRI, October 1985.

[]

URL = ftp://ftp.isi.edu/in-notes/iana/assignments/service-names

Security Considerations

Security issues are not discussed in this memo.

Authors' Addresses

Joyce K. Reynolds
USC/Information Sciences Institute
4676 Admiralty Way
Marina del Rey, California 90292-6695

Phone: +1 310-822-1511
EMail: jkrey@isi.edu

Jon Postel
USC/Information Sciences Institute
4676 Admiralty Way
Marina del Rey, California 90292-6695

Phone: +1 310-822-1511
EMail: postel@isi.edu


RFC 791 – Internet Protocol Version 4 Specification


INTERNET PROTOCOL

DARPA INTERNET PROGRAM

PROTOCOL SPECIFICATION

September 1981

prepared for

Defense Advanced Research Projects Agency
Information Processing Techniques Office
1400 Wilson Boulevard
Arlington, Virginia 22209

by

Information Sciences Institute
University of Southern California
4676 Admiralty Way
Marina del Rey, California 90291

September 1981
Internet Protocol

TABLE OF CONTENTS

PREFACE ........................................................ iii

1. INTRODUCTION ..................................................... 1

1.1 Motivation .................................................... 1
1.2 Scope ......................................................... 1
1.3 Interfaces .................................................... 1
1.4 Operation ..................................................... 2

2. OVERVIEW ......................................................... 5

2.1 Relation to Other Protocols ................................... 9
2.2 Model of Operation ............................................ 5
2.3 Function Description .......................................... 7
2.4 Gateways ...................................................... 9

3. SPECIFICATION ................................................... 11

3.1 Internet Header Format ....................................... 11
3.2 Discussion ................................................... 23
3.3 Interfaces ................................................... 31

APPENDIX A: Examples & Scenarios ................................... 34
APPENDIX B: Data Transmission Order ................................ 39

GLOSSARY ............................................................ 41

REFERENCES .......................................................... 45

[Page i]

September 1981
Internet Protocol

[Page ii]

September 1981
Internet Protocol

PREFACE

This document specifies the DoD Standard Internet Protocol. This
document is based on six earlier editions of the ARPA Internet Protocol
Specification, and the present text draws heavily from them. There have
been many contributors to this work both in terms of concepts and in
terms of text. This edition revises aspects of addressing, error
handling, option codes, and the security, precedence, compartments, and
handling restriction features of the internet protocol.

Jon Postel

Editor

September 1981

RFC: 791
Replaces: RFC 760
IENs 128, 123, 111,
80, 54, 44, 41, 28, 26

INTERNET PROTOCOL

DARPA INTERNET PROGRAM
PROTOCOL SPECIFICATION

1. INTRODUCTION

1.1. Motivation

The Internet Protocol is designed for use in interconnected systems of
packet-switched computer communication networks. Such a system has
been called a "catenet" [1]. The internet protocol provides for
transmitting blocks of data called datagrams from sources to
destinations, where sources and destinations are hosts identified by
fixed length addresses. The internet protocol also provides for
fragmentation and reassembly of long datagrams, if necessary, for
transmission through "small packet" networks.

1.2. Scope

The internet protocol is specifically limited in scope to provide the
functions necessary to deliver a package of bits (an internet
datagram) from a source to a destination over an interconnected system
of networks. There are no mechanisms to augment end-to-end data
reliability, flow control, sequencing, or other services commonly
found in host-to-host protocols. The internet protocol can capitalize
on the services of its supporting networks to provide various types
and qualities of service.

1.3. Interfaces

This protocol is called on by host-to-host protocols in an internet
environment. This protocol calls on local network protocols to carry
the internet datagram to the next gateway or destination host.

For example, a TCP module would call on the internet module to take a
TCP segment (including the TCP header and user data) as the data
portion of an internet datagram. The TCP module would provide the
addresses and other parameters in the internet header to the internet
module as arguments of the call. The internet module would then
create an internet datagram and call on the local network interface to
transmit the internet datagram.

In the ARPANET case, for example, the internet module would call on a

[Page 1]

September 1981
Internet Protocol
Introduction

local net module which would add the 1822 leader [2] to the internet
datagram creating an ARPANET message to transmit to the IMP. The
ARPANET address would be derived from the internet address by the
local network interface and would be the address of some host in the
ARPANET, that host might be a gateway to other networks.

1.4. Operation

The internet protocol implements two basic functions: addressing and
fragmentation.

The internet modules use the addresses carried in the internet header
to transmit internet datagrams toward their destinations. The
selection of a path for transmission is called routing.

The internet modules use fields in the internet header to fragment and
reassemble internet datagrams when necessary for transmission through
"small packet" networks.

The model of operation is that an internet module resides in each host
engaged in internet communication and in each gateway that
interconnects networks. These modules share common rules for
interpreting address fields and for fragmenting and assembling
internet datagrams. In addition, these modules (especially in
gateways) have procedures for making routing decisions and other
functions.

The internet protocol treats each internet datagram as an independent
entity unrelated to any other internet datagram. There are no
connections or logical circuits (virtual or otherwise).

The internet protocol uses four key mechanisms in providing its
service: Type of Service, Time to Live, Options, and Header Checksum.

The Type of Service is used to indicate the quality of the service
desired. The type of service is an abstract or generalized set of
parameters which characterize the service choices provided in the
networks that make up the internet. This type of service indication
is to be used by gateways to select the actual transmission parameters
for a particular network, the network to be used for the next hop, or
the next gateway when routing an internet datagram.

The Time to Live is an indication of an upper bound on the lifetime of
an internet datagram. It is set by the sender of the datagram and
reduced at the points along the route where it is processed. If the
time to live reaches zero before the internet datagram reaches its
destination, the internet datagram is destroyed. The time to live can
be thought of as a self destruct time limit.

[Page 2]

September 1981
Internet Protocol
Introduction

The Options provide for control functions needed or useful in some
situations but unnecessary for the most common communications. The
options include provisions for timestamps, security, and special
routing.

The Header Checksum provides a verification that the information used
in processing internet datagram has been transmitted correctly. The
data may contain errors. If the header checksum fails, the internet
datagram is discarded at once by the entity which detects the error.

The internet protocol does not provide a reliable communication
facility. There are no acknowledgments either end-to-end or
hop-by-hop. There is no error control for data, only a header
checksum. There are no retransmissions. There is no flow control.

Errors detected may be reported via the Internet Control Message
Protocol (ICMP) [3] which is implemented in the internet protocol
module.

[Page 3]

September 1981
Internet Protocol

[Page 4]

September 1981
Internet Protocol

2. OVERVIEW

2.1. Relation to Other Protocols

The following diagram illustrates the place of the internet protocol
in the protocol hierarchy:

+------+ +-----+ +-----+ +-----+
|Telnet| | FTP | | TFTP| ... | ... |
+------+ +-----+ +-----+ +-----+
| | | |
+-----+ +-----+ +-----+
| TCP | | UDP | ... | ... |
+-----+ +-----+ +-----+
| | |
+--------------------------+----+
| Internet Protocol & ICMP |
+--------------------------+----+
|
+---------------------------+
| Local Network Protocol |
+---------------------------+

Protocol Relationships

Figure 1.

Internet protocol interfaces on one side to the higher level
host-to-host protocols and on the other side to the local network
protocol. In this context a "local network" may be a small network in
a building or a large network such as the ARPANET.

2.2. Model of Operation

The model of operation for transmitting a datagram from one
application program to another is illustrated by the following
scenario:

We suppose that this transmission will involve one intermediate
gateway.

The sending application program prepares its data and calls on its
local internet module to send that data as a datagram and passes the
destination address and other parameters as arguments of the call.

The internet module prepares a datagram header and attaches the data
to it. The internet module determines a local network address for
this internet address, in this case it is the address of a gateway.

[Page 5]

September 1981
Internet Protocol
Overview

It sends this datagram and the local network address to the local
network interface.

The local network interface creates a local network header, and
attaches the datagram to it, then sends the result via the local
network.

The datagram arrives at a gateway host wrapped in the local network
header, the local network interface strips off this header, and
turns the datagram over to the internet module. The internet module
determines from the internet address that the datagram is to be
forwarded to another host in a second network. The internet module
determines a local net address for the destination host. It calls
on the local network interface for that network to send the
datagram.

This local network interface creates a local network header and
attaches the datagram sending the result to the destination host.

At this destination host the datagram is stripped of the local net
header by the local network interface and handed to the internet
module.

The internet module determines that the datagram is for an
application program in this host. It passes the data to the
application program in response to a system call, passing the source
address and other parameters as results of the call.

Application Application
Program Program
\ /
Internet Module Internet Module Internet Module
\ / \ /
LNI-1 LNI-1 LNI-2 LNI-2
\ / \ /
Local Network 1 Local Network 2

Transmission Path

Figure 2

[Page 6]

September 1981
Internet Protocol
Overview

2.3. Function Description

The function or purpose of Internet Protocol is to move datagrams
through an interconnected set of networks. This is done by passing
the datagrams from one internet module to another until the
destination is reached. The internet modules reside in hosts and
gateways in the internet system. The datagrams are routed from one
internet module to another through individual networks based on the
interpretation of an internet address. Thus, one important mechanism
of the internet protocol is the internet address.

In the routing of messages from one internet module to another,
datagrams may need to traverse a network whose maximum packet size is
smaller than the size of the datagram. To overcome this difficulty, a
fragmentation mechanism is provided in the internet protocol.

Addressing

A distinction is made between names, addresses, and routes [4]. A
name indicates what we seek. An address indicates where it is. A
route indicates how to get there. The internet protocol deals
primarily with addresses. It is the task of higher level (i.e.,
host-to-host or application) protocols to make the mapping from
names to addresses. The internet module maps internet addresses to
local net addresses. It is the task of lower level (i.e., local net
or gateways) procedures to make the mapping from local net addresses
to routes.

Addresses are fixed length of four octets (32 bits). An address
begins with a network number, followed by local address (called the
"rest" field). There are three formats or classes of internet
addresses: in class a, the high order bit is zero, the next 7 bits
are the network, and the last 24 bits are the local address; in
class b, the high order two bits are one-zero, the next 14 bits are
the network and the last 16 bits are the local address; in class c,
the high order three bits are one-one-zero, the next 21 bits are the
network and the last 8 bits are the local address.

Care must be taken in mapping internet addresses to local net
addresses; a single physical host must be able to act as if it were
several distinct hosts to the extent of using several distinct
internet addresses. Some hosts will also have several physical
interfaces (multi-homing).

That is, provision must be made for a host to have several physical
interfaces to the network with each having several logical internet
addresses.

[Page 7]

September 1981
Internet Protocol
Overview

Examples of address mappings may be found in "Address Mappings" [5].

Fragmentation

Fragmentation of an internet datagram is necessary when it
originates in a local net that allows a large packet size and must
traverse a local net that limits packets to a smaller size to reach
its destination.

An internet datagram can be marked "don't fragment." Any internet
datagram so marked is not to be internet fragmented under any
circumstances. If internet datagram marked don't fragment cannot be
delivered to its destination without fragmenting it, it is to be
discarded instead.

Fragmentation, transmission and reassembly across a local network
which is invisible to the internet protocol module is called
intranet fragmentation and may be used [6].

The internet fragmentation and reassembly procedure needs to be able
to break a datagram into an almost arbitrary number of pieces that
can be later reassembled. The receiver of the fragments uses the
identification field to ensure that fragments of different datagrams
are not mixed. The fragment offset field tells the receiver the
position of a fragment in the original datagram. The fragment
offset and length determine the portion of the original datagram
covered by this fragment. The more-fragments flag indicates (by
being reset) the last fragment. These fields provide sufficient
information to reassemble datagrams.

The identification field is used to distinguish the fragments of one
datagram from those of another. The originating protocol module of
an internet datagram sets the identification field to a value that
must be unique for that source-destination pair and protocol for the
time the datagram will be active in the internet system. The
originating protocol module of a complete datagram sets the
more-fragments flag to zero and the fragment offset to zero.

To fragment a long internet datagram, an internet protocol module
(for example, in a gateway), creates two new internet datagrams and
copies the contents of the internet header fields from the long
datagram into both new internet headers. The data of the long
datagram is divided into two portions on a 8 octet (64 bit) boundary
(the second portion might not be an integral multiple of 8 octets,
but the first must be). Call the number of 8 octet blocks in the
first portion NFB (for Number of Fragment Blocks). The first
portion of the data is placed in the first new internet datagram,
and the total length field is set to the length of the first

[Page 8]

September 1981
Internet Protocol
Overview

datagram. The more-fragments flag is set to one. The second
portion of the data is placed in the second new internet datagram,
and the total length field is set to the length of the second
datagram. The more-fragments flag carries the same value as the
long datagram. The fragment offset field of the second new internet
datagram is set to the value of that field in the long datagram plus
NFB.

This procedure can be generalized for an n-way split, rather than
the two-way split described.

To assemble the fragments of an internet datagram, an internet
protocol module (for example at a destination host) combines
internet datagrams that all have the same value for the four fields:
identification, source, destination, and protocol. The combination
is done by placing the data portion of each fragment in the relative
position indicated by the fragment offset in that fragment's
internet header. The first fragment will have the fragment offset
zero, and the last fragment will have the more-fragments flag reset
to zero.

2.4. Gateways

Gateways implement internet protocol to forward datagrams between
networks. Gateways also implement the Gateway to Gateway Protocol
(GGP) [7] to coordinate routing and other internet control
information.

In a gateway the higher level protocols need not be implemented and
the GGP functions are added to the IP module.

+-------------------------------+
| Internet Protocol & ICMP & GGP|
+-------------------------------+
| |
+---------------+ +---------------+
| Local Net | | Local Net |
+---------------+ +---------------+

Gateway Protocols

Figure 3.

[Page 9]

September 1981
Internet Protocol

[Page 10]

September 1981
Internet Protocol

3. SPECIFICATION

3.1. Internet Header Format

A summary of the contents of the internet header follows:

0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|Version| IHL |Type of Service| Total Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Identification |Flags| Fragment Offset |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Time to Live | Protocol | Header Checksum |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Source Address |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Destination Address |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Options | Padding |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

Example Internet Datagram Header

Figure 4.

Note that each tick mark represents one bit position.

Version: 4 bits

The Version field indicates the format of the internet header. This
document describes version 4.

IHL: 4 bits

Internet Header Length is the length of the internet header in 32
bit words, and thus points to the beginning of the data. Note that
the minimum value for a correct header is 5.

[Page 11]

September 1981
Internet Protocol
Specification

Type of Service: 8 bits

The Type of Service provides an indication of the abstract
parameters of the quality of service desired. These parameters are
to be used to guide the selection of the actual service parameters
when transmitting a datagram through a particular network. Several
networks offer service precedence, which somehow treats high
precedence traffic as more important than other traffic (generally
by accepting only traffic above a certain precedence at time of high
load). The major choice is a three way tradeoff between low-delay,
high-reliability, and high-throughput.

Bits 0-2: Precedence.
Bit 3: 0 = Normal Delay, 1 = Low Delay.
Bits 4: 0 = Normal Throughput, 1 = High Throughput.
Bits 5: 0 = Normal Relibility, 1 = High Relibility.
Bit 6-7: Reserved for Future Use.

0 1 2 3 4 5 6 7
+-----+-----+-----+-----+-----+-----+-----+-----+
| | | | | | |
| PRECEDENCE | D | T | R | 0 | 0 |
| | | | | | |
+-----+-----+-----+-----+-----+-----+-----+-----+

Precedence

111 - Network Control
110 - Internetwork Control
101 - CRITIC/ECP
100 - Flash Override
011 - Flash
010 - Immediate
001 - Priority
000 - Routine

The use of the Delay, Throughput, and Reliability indications may
increase the cost (in some sense) of the service. In many networks
better performance for one of these parameters is coupled with worse
performance on another. Except for very unusual cases at most two
of these three indications should be set.

The type of service is used to specify the treatment of the datagram
during its transmission through the internet system. Example
mappings of the internet type of service to the actual service
provided on networks such as AUTODIN II, ARPANET, SATNET, and PRNET
is given in "Service Mappings" [8].

[Page 12]

September 1981
Internet Protocol
Specification

The Network Control precedence designation is intended to be used
within a network only. The actual use and control of that
designation is up to each network. The Internetwork Control
designation is intended for use by gateway control originators only.
If the actual use of these precedence designations is of concern to
a particular network, it is the responsibility of that network to
control the access to, and use of, those precedence designations.

Total Length: 16 bits

Total Length is the length of the datagram, measured in octets,
including internet header and data. This field allows the length of
a datagram to be up to 65,535 octets. Such long datagrams are
impractical for most hosts and networks. All hosts must be prepared
to accept datagrams of up to 576 octets (whether they arrive whole
or in fragments). It is recommended that hosts only send datagrams
larger than 576 octets if they have assurance that the destination
is prepared to accept the larger datagrams.

The number 576 is selected to allow a reasonable sized data block to
be transmitted in addition to the required header information. For
example, this size allows a data block of 512 octets plus 64 header
octets to fit in a datagram. The maximal internet header is 60
octets, and a typical internet header is 20 octets, allowing a
margin for headers of higher level protocols.

Identification: 16 bits

An identifying value assigned by the sender to aid in assembling the
fragments of a datagram.

Flags: 3 bits

Various Control Flags.

Bit 0: reserved, must be zero
Bit 1: (DF) 0 = May Fragment, 1 = Don't Fragment.
Bit 2: (MF) 0 = Last Fragment, 1 = More Fragments.

0 1 2
+---+---+---+
| | D | M |
| 0 | F | F |
+---+---+---+

Fragment Offset: 13 bits

This field indicates where in the datagram this fragment belongs.

[Page 13]

September 1981
Internet Protocol
Specification

The fragment offset is measured in units of 8 octets (64 bits). The
first fragment has offset zero.

Time to Live: 8 bits

This field indicates the maximum time the datagram is allowed to
remain in the internet system. If this field contains the value
zero, then the datagram must be destroyed. This field is modified
in internet header processing. The time is measured in units of
seconds, but since every module that processes a datagram must
decrease the TTL by at least one even if it process the datagram in
less than a second, the TTL must be thought of only as an upper
bound on the time a datagram may exist. The intention is to cause
undeliverable datagrams to be discarded, and to bound the maximum
datagram lifetime.

Protocol: 8 bits

This field indicates the next level protocol used in the data
portion of the internet datagram. The values for various protocols
are specified in "Assigned Numbers" [9].

Header Checksum: 16 bits

A checksum on the header only. Since some header fields change
(e.g., time to live), this is recomputed and verified at each point
that the internet header is processed.

The checksum algorithm is:

The checksum field is the 16 bit one's complement of the one's
complement sum of all 16 bit words in the header. For purposes of
computing the checksum, the value of the checksum field is zero.

This is a simple to compute checksum and experimental evidence
indicates it is adequate, but it is provisional and may be replaced
by a CRC procedure, depending on further experience.

Source Address: 32 bits

The source address. See section 3.2.

Destination Address: 32 bits

The destination address. See section 3.2.

[Page 14]

September 1981
Internet Protocol
Specification

Options: variable

The options may appear or not in datagrams. They must be
implemented by all IP modules (host and gateways). What is optional
is their transmission in any particular datagram, not their
implementation.

In some environments the security option may be required in all
datagrams.

The option field is variable in length. There may be zero or more
options. There are two cases for the format of an option:

Case 1: A single octet of option-type.

Case 2: An option-type octet, an option-length octet, and the
actual option-data octets.

The option-length octet counts the option-type octet and the
option-length octet as well as the option-data octets.

The option-type octet is viewed as having 3 fields:

1 bit copied flag,
2 bits option class,
5 bits option number.

The copied flag indicates that this option is copied into all
fragments on fragmentation.

0 = not copied
1 = copied

The option classes are:

0 = control
1 = reserved for future use
2 = debugging and measurement
3 = reserved for future use

[Page 15]

September 1981
Internet Protocol
Specification

The following internet options are defined:

CLASS NUMBER LENGTH DESCRIPTION
----- ------ ------ -----------
0 0 - End of Option list. This option occupies only
1 octet; it has no length octet.
0 1 - No Operation. This option occupies only 1
octet; it has no length octet.
0 2 11 Security. Used to carry Security,
Compartmentation, User Group (TCC), and
Handling Restriction Codes compatible with DOD
requirements.
0 3 var. Loose Source Routing. Used to route the
internet datagram based on information
supplied by the source.
0 9 var. Strict Source Routing. Used to route the
internet datagram based on information
supplied by the source.
0 7 var. Record Route. Used to trace the route an
internet datagram takes.
0 8 4 Stream ID. Used to carry the stream
identifier.
2 4 var. Internet Timestamp.

Specific Option Definitions

End of Option List

+--------+
|00000000|
+--------+
Type=0

This option indicates the end of the option list. This might
not coincide with the end of the internet header according to
the internet header length. This is used at the end of all
options, not the end of each option, and need only be used if
the end of the options would not otherwise coincide with the end
of the internet header.

May be copied, introduced, or deleted on fragmentation, or for
any other reason.

[Page 16]

September 1981
Internet Protocol
Specification

No Operation

+--------+
|00000001|
+--------+
Type=1

This option may be used between options, for example, to align
the beginning of a subsequent option on a 32 bit boundary.

May be copied, introduced, or deleted on fragmentation, or for
any other reason.

Security

This option provides a way for hosts to send security,
compartmentation, handling restrictions, and TCC (closed user
group) parameters. The format for this option is as follows:

+--------+--------+---//---+---//---+---//---+---//---+
|10000010|00001011|SSS SSS|CCC CCC|HHH HHH| TCC |
+--------+--------+---//---+---//---+---//---+---//---+
Type=130 Length=11

Security (S field): 16 bits

Specifies one of 16 levels of security (eight of which are
reserved for future use).

00000000 00000000 - Unclassified
11110001 00110101 - Confidential
01111000 10011010 - EFTO
10111100 01001101 - MMMM
01011110 00100110 - PROG
10101111 00010011 - Restricted
11010111 10001000 - Secret
01101011 11000101 - Top Secret
00110101 11100010 - (Reserved for future use)
10011010 11110001 - (Reserved for future use)
01001101 01111000 - (Reserved for future use)
00100100 10111101 - (Reserved for future use)
00010011 01011110 - (Reserved for future use)
10001001 10101111 - (Reserved for future use)
11000100 11010110 - (Reserved for future use)
11100010 01101011 - (Reserved for future use)

[Page 17]

September 1981
Internet Protocol
Specification

Compartments (C field): 16 bits

An all zero value is used when the information transmitted is
not compartmented. Other values for the compartments field
may be obtained from the Defense Intelligence Agency.

Handling Restrictions (H field): 16 bits

The values for the control and release markings are
alphanumeric digraphs and are defined in the Defense
Intelligence Agency Manual DIAM 65-19, "Standard Security
Markings".

Transmission Control Code (TCC field): 24 bits

Provides a means to segregate traffic and define controlled
communities of interest among subscribers. The TCC values are
trigraphs, and are available from HQ DCA Code 530.

Must be copied on fragmentation. This option appears at most
once in a datagram.

Loose Source and Record Route

+--------+--------+--------+---------//--------+
|10000011| length | pointer| route data |
+--------+--------+--------+---------//--------+
Type=131

The loose source and record route (LSRR) option provides a means
for the source of an internet datagram to supply routing
information to be used by the gateways in forwarding the
datagram to the destination, and to record the route
information.

The option begins with the option type code. The second octet
is the option length which includes the option type code and the
length octet, the pointer octet, and length-3 octets of route
data. The third octet is the pointer into the route data
indicating the octet which begins the next source address to be
processed. The pointer is relative to this option, and the
smallest legal value for the pointer is 4.

A route data is composed of a series of internet addresses.
Each internet address is 32 bits or 4 octets. If the pointer is
greater than the length, the source route is empty (and the
recorded route full) and the routing is to be based on the
destination address field.

[Page 18]

September 1981
Internet Protocol
Specification

If the address in destination address field has been reached and
the pointer is not greater than the length, the next address in
the source route replaces the address in the destination address
field, and the recorded route address replaces the source
address just used, and pointer is increased by four.

The recorded route address is the internet module's own internet
address as known in the environment into which this datagram is
being forwarded.

This procedure of replacing the source route with the recorded
route (though it is in the reverse of the order it must be in to
be used as a source route) means the option (and the IP header
as a whole) remains a constant length as the datagram progresses
through the internet.

This option is a loose source route because the gateway or host
IP is allowed to use any route of any number of other
intermediate gateways to reach the next address in the route.

Must be copied on fragmentation. Appears at most once in a
datagram.

Strict Source and Record Route

+--------+--------+--------+---------//--------+
|10001001| length | pointer| route data |
+--------+--------+--------+---------//--------+
Type=137

The strict source and record route (SSRR) option provides a
means for the source of an internet datagram to supply routing
information to be used by the gateways in forwarding the
datagram to the destination, and to record the route
information.

The option begins with the option type code. The second octet
is the option length which includes the option type code and the
length octet, the pointer octet, and length-3 octets of route
data. The third octet is the pointer into the route data
indicating the octet which begins the next source address to be
processed. The pointer is relative to this option, and the
smallest legal value for the pointer is 4.

A route data is composed of a series of internet addresses.
Each internet address is 32 bits or 4 octets. If the pointer is
greater than the length, the source route is empty (and the

[Page 19]

September 1981
Internet Protocol
Specification

recorded route full) and the routing is to be based on the
destination address field.

If the address in destination address field has been reached and
the pointer is not greater than the length, the next address in
the source route replaces the address in the destination address
field, and the recorded route address replaces the source
address just used, and pointer is increased by four.

The recorded route address is the internet module's own internet
address as known in the environment into which this datagram is
being forwarded.

This procedure of replacing the source route with the recorded
route (though it is in the reverse of the order it must be in to
be used as a source route) means the option (and the IP header
as a whole) remains a constant length as the datagram progresses
through the internet.

This option is a strict source route because the gateway or host
IP must send the datagram directly to the next address in the
source route through only the directly connected network
indicated in the next address to reach the next gateway or host
specified in the route.

Must be copied on fragmentation. Appears at most once in a
datagram.

Record Route

+--------+--------+--------+---------//--------+
|00000111| length | pointer| route data |
+--------+--------+--------+---------//--------+
Type=7

The record route option provides a means to record the route of
an internet datagram.

The option begins with the option type code. The second octet
is the option length which includes the option type code and the
length octet, the pointer octet, and length-3 octets of route
data. The third octet is the pointer into the route data
indicating the octet which begins the next area to store a route
address. The pointer is relative to this option, and the
smallest legal value for the pointer is 4.

A recorded route is composed of a series of internet addresses.
Each internet address is 32 bits or 4 octets. If the pointer is

[Page 20]

September 1981
Internet Protocol
Specification

greater than the length, the recorded route data area is full.
The originating host must compose this option with a large
enough route data area to hold all the address expected. The
size of the option does not change due to adding addresses. The
intitial contents of the route data area must be zero.

When an internet module routes a datagram it checks to see if
the record route option is present. If it is, it inserts its
own internet address as known in the environment into which this
datagram is being forwarded into the recorded route begining at
the octet indicated by the pointer, and increments the pointer
by four.

If the route data area is already full (the pointer exceeds the
length) the datagram is forwarded without inserting the address
into the recorded route. If there is some room but not enough
room for a full address to be inserted, the original datagram is
considered to be in error and is discarded. In either case an
ICMP parameter problem message may be sent to the source
host [3].

Not copied on fragmentation, goes in first fragment only.
Appears at most once in a datagram.

Stream Identifier

+--------+--------+--------+--------+
|10001000|00000010| Stream ID |
+--------+--------+--------+--------+
Type=136 Length=4

This option provides a way for the 16-bit SATNET stream
identifier to be carried through networks that do not support
the stream concept.

Must be copied on fragmentation. Appears at most once in a
datagram.

[Page 21]

September 1981
Internet Protocol
Specification

Internet Timestamp

+--------+--------+--------+--------+
|01000100| length | pointer|oflw|flg|
+--------+--------+--------+--------+
| internet address |
+--------+--------+--------+--------+
| timestamp |
+--------+--------+--------+--------+
| . |
.
.
Type = 68

The Option Length is the number of octets in the option counting
the type, length, pointer, and overflow/flag octets (maximum
length 40).

The Pointer is the number of octets from the beginning of this
option to the end of timestamps plus one (i.e., it points to the
octet beginning the space for next timestamp). The smallest
legal value is 5. The timestamp area is full when the pointer
is greater than the length.

The Overflow (oflw) [4 bits] is the number of IP modules that
cannot register timestamps due to lack of space.

The Flag (flg) [4 bits] values are

0 -- time stamps only, stored in consecutive 32-bit words,

1 -- each timestamp is preceded with internet address of the
registering entity,

3 -- the internet address fields are prespecified. An IP
module only registers its timestamp if it matches its own
address with the next specified internet address.

The Timestamp is a right-justified, 32-bit timestamp in
milliseconds since midnight UT. If the time is not available in
milliseconds or cannot be provided with respect to midnight UT
then any time may be inserted as a timestamp provided the high
order bit of the timestamp field is set to one to indicate the
use of a non-standard value.

The originating host must compose this option with a large
enough timestamp data area to hold all the timestamp information
expected. The size of the option does not change due to adding

[Page 22]

September 1981
Internet Protocol
Specification

timestamps. The intitial contents of the timestamp data area
must be zero or internet address/zero pairs.

If the timestamp data area is already full (the pointer exceeds
the length) the datagram is forwarded without inserting the
timestamp, but the overflow count is incremented by one.

If there is some room but not enough room for a full timestamp
to be inserted, or the overflow count itself overflows, the
original datagram is considered to be in error and is discarded.
In either case an ICMP parameter problem message may be sent to
the source host [3].

The timestamp option is not copied upon fragmentation. It is
carried in the first fragment. Appears at most once in a
datagram.

Padding: variable

The internet header padding is used to ensure that the internet
header ends on a 32 bit boundary. The padding is zero.

3.2. Discussion

The implementation of a protocol must be robust. Each implementation
must expect to interoperate with others created by different
individuals. While the goal of this specification is to be explicit
about the protocol there is the possibility of differing
interpretations. In general, an implementation must be conservative
in its sending behavior, and liberal in its receiving behavior. That
is, it must be careful to send well-formed datagrams, but must accept
any datagram that it can interpret (e.g., not object to technical
errors where the meaning is still clear).

The basic internet service is datagram oriented and provides for the
fragmentation of datagrams at gateways, with reassembly taking place
at the destination internet protocol module in the destination host.
Of course, fragmentation and reassembly of datagrams within a network
or by private agreement between the gateways of a network is also
allowed since this is transparent to the internet protocols and the
higher-level protocols. This transparent type of fragmentation and
reassembly is termed "network-dependent" (or intranet) fragmentation
and is not discussed further here.

Internet addresses distinguish sources and destinations to the host
level and provide a protocol field as well. It is assumed that each
protocol will provide for whatever multiplexing is necessary within a
host.

[Page 23]

September 1981
Internet Protocol
Specification

Addressing

To provide for flexibility in assigning address to networks and
allow for the large number of small to intermediate sized networks
the interpretation of the address field is coded to specify a small
number of networks with a large number of host, a moderate number of
networks with a moderate number of hosts, and a large number of
networks with a small number of hosts. In addition there is an
escape code for extended addressing mode.

Address Formats:

High Order Bits Format Class
--------------- ------------------------------- -----
0 7 bits of net, 24 bits of host a
10 14 bits of net, 16 bits of host b
110 21 bits of net, 8 bits of host c
111 escape to extended addressing mode

A value of zero in the network field means this network. This is
only used in certain ICMP messages. The extended addressing mode
is undefined. Both of these features are reserved for future use.

The actual values assigned for network addresses is given in
"Assigned Numbers" [9].

The local address, assigned by the local network, must allow for a
single physical host to act as several distinct internet hosts.
That is, there must be a mapping between internet host addresses and
network/host interfaces that allows several internet addresses to
correspond to one interface. It must also be allowed for a host to
have several physical interfaces and to treat the datagrams from
several of them as if they were all addressed to a single host.

Address mappings between internet addresses and addresses for
ARPANET, SATNET, PRNET, and other networks are described in "Address
Mappings" [5].

Fragmentation and Reassembly.

The internet identification field (ID) is used together with the
source and destination address, and the protocol fields, to identify
datagram fragments for reassembly.

The More Fragments flag bit (MF) is set if the datagram is not the
last fragment. The Fragment Offset field identifies the fragment
location, relative to the beginning of the original unfragmented
datagram. Fragments are counted in units of 8 octets. The

[Page 24]

September 1981
Internet Protocol
Specification

fragmentation strategy is designed so than an unfragmented datagram
has all zero fragmentation information (MF = 0, fragment offset =
0). If an internet datagram is fragmented, its data portion must be
broken on 8 octet boundaries.

This format allows 2**13 = 8192 fragments of 8 octets each for a
total of 65,536 octets. Note that this is consistent with the the
datagram total length field (of course, the header is counted in the
total length and not in the fragments).

When fragmentation occurs, some options are copied, but others
remain with the first fragment only.

Every internet module must be able to forward a datagram of 68
octets without further fragmentation. This is because an internet
header may be up to 60 octets, and the minimum fragment is 8 octets.

Every internet destination must be able to receive a datagram of 576
octets either in one piece or in fragments to be reassembled.

The fields which may be affected by fragmentation include:

(1) options field
(2) more fragments flag
(3) fragment offset
(4) internet header length field
(5) total length field
(6) header checksum

If the Don't Fragment flag (DF) bit is set, then internet
fragmentation of this datagram is NOT permitted, although it may be
discarded. This can be used to prohibit fragmentation in cases
where the receiving host does not have sufficient resources to
reassemble internet fragments.

One example of use of the Don't Fragment feature is to down line
load a small host. A small host could have a boot strap program
that accepts a datagram stores it in memory and then executes it.

The fragmentation and reassembly procedures are most easily
described by examples. The following procedures are example
implementations.

General notation in the following pseudo programs: "=<" means "less
than or equal", "#" means "not equal", "=" means "equal", "<-" means
"is set to". Also, "x to y" includes x and excludes y; for example,
"4 to 7" would include 4, 5, and 6 (but not 7).

[Page 25]

September 1981
Internet Protocol
Specification

An Example Fragmentation Procedure

The maximum sized datagram that can be transmitted through the
next network is called the maximum transmission unit (MTU).

If the total length is less than or equal the maximum transmission
unit then submit this datagram to the next step in datagram
processing; otherwise cut the datagram into two fragments, the
first fragment being the maximum size, and the second fragment
being the rest of the datagram. The first fragment is submitted
to the next step in datagram processing, while the second fragment
is submitted to this procedure in case it is still too large.

Notation:

FO - Fragment Offset
IHL - Internet Header Length
DF - Don't Fragment flag
MF - More Fragments flag
TL - Total Length
OFO - Old Fragment Offset
OIHL - Old Internet Header Length
OMF - Old More Fragments flag
OTL - Old Total Length
NFB - Number of Fragment Blocks
MTU - Maximum Transmission Unit

Procedure:

IF TL =< MTU THEN Submit this datagram to the next step
in datagram processing ELSE IF DF = 1 THEN discard the
datagram ELSE
To produce the first fragment:
(1) Copy the original internet header;
(2) OIHL <- IHL; OTL <- TL; OFO <- FO; OMF <- MF;
(3) NFB <- (MTU-IHL*4)/8;
(4) Attach the first NFB*8 data octets;
(5) Correct the header:
MF <- 1; TL <- (IHL*4)+(NFB*8);
Recompute Checksum;
(6) Submit this fragment to the next step in
datagram processing;
To produce the second fragment:
(7) Selectively copy the internet header (some options
are not copied, see option definitions);
(8) Append the remaining data;
(9) Correct the header:
IHL <- (((OIHL*4)-(length of options not copied))+3)/4;

[Page 26]

September 1981
Internet Protocol
Specification

TL <- OTL - NFB*8 - (OIHL-IHL)*4);
FO <- OFO + NFB; MF <- OMF; Recompute Checksum;
(10) Submit this fragment to the fragmentation test; DONE.

In the above procedure each fragment (except the last) was made
the maximum allowable size. An alternative might produce less
than the maximum size datagrams. For example, one could implement
a fragmentation procedure that repeatly divided large datagrams in
half until the resulting fragments were less than the maximum
transmission unit size.

An Example Reassembly Procedure

For each datagram the buffer identifier is computed as the
concatenation of the source, destination, protocol, and
identification fields. If this is a whole datagram (that is both
the fragment offset and the more fragments fields are zero), then
any reassembly resources associated with this buffer identifier
are released and the datagram is forwarded to the next step in
datagram processing.

If no other fragment with this buffer identifier is on hand then
reassembly resources are allocated. The reassembly resources
consist of a data buffer, a header buffer, a fragment block bit
table, a total data length field, and a timer. The data from the
fragment is placed in the data buffer according to its fragment
offset and length, and bits are set in the fragment block bit
table corresponding to the fragment blocks received.

If this is the first fragment (that is the fragment offset is
zero) this header is placed in the header buffer. If this is the
last fragment ( that is the more fragments field is zero) the
total data length is computed. If this fragment completes the
datagram (tested by checking the bits set in the fragment block
table), then the datagram is sent to the next step in datagram
processing; otherwise the timer is set to the maximum of the
current timer value and the value of the time to live field from
this fragment; and the reassembly routine gives up control.

If the timer runs out, the all reassembly resources for this
buffer identifier are released. The initial setting of the timer
is a lower bound on the reassembly waiting time. This is because
the waiting time will be increased if the Time to Live in the
arriving fragment is greater than the current timer value but will
not be decreased if it is less. The maximum this timer value
could reach is the maximum time to live (approximately 4.25
minutes). The current recommendation for the initial timer
setting is 15 seconds. This may be changed as experience with

[Page 27]

September 1981
Internet Protocol
Specification

this protocol accumulates. Note that the choice of this parameter
value is related to the buffer capacity available and the data
rate of the transmission medium; that is, data rate times timer
value equals buffer size (e.g., 10Kb/s X 15s = 150Kb).

Notation:

FO - Fragment Offset
IHL - Internet Header Length
MF - More Fragments flag
TTL - Time To Live
NFB - Number of Fragment Blocks
TL - Total Length
TDL - Total Data Length
BUFID - Buffer Identifier
RCVBT - Fragment Received Bit Table
TLB - Timer Lower Bound

Procedure:

(1) BUFID <- source|destination|protocol|identification;
(2) IF FO = 0 AND MF = 0
(3) THEN IF buffer with BUFID is allocated
(4) THEN flush all reassembly for this BUFID;
(5) Submit datagram to next step; DONE.
(6) ELSE IF no buffer with BUFID is allocated
(7) THEN allocate reassembly resources
with BUFID;
TIMER <- TLB; TDL <- 0;
(8) put data from fragment into data buffer with
BUFID from octet FO*8 to
octet (TL-(IHL*4))+FO*8;
(9) set RCVBT bits from FO
to FO+((TL-(IHL*4)+7)/8);
(10) IF MF = 0 THEN TDL <- TL-(IHL*4)+(FO*8)
(11) IF FO = 0 THEN put header in header buffer
(12) IF TDL # 0
(13) AND all RCVBT bits from 0
to (TDL+7)/8 are set
(14) THEN TL <- TDL+(IHL*4)
(15) Submit datagram to next step;
(16) free all reassembly resources
for this BUFID; DONE.
(17) TIMER <- MAX(TIMER,TTL);
(18) give up until next fragment or timer expires;
(19) timer expires: flush all reassembly with this BUFID; DONE.

In the case that two or more fragments contain the same data

[Page 28]

September 1981
Internet Protocol
Specification

either identically or through a partial overlap, this procedure
will use the more recently arrived copy in the data buffer and
datagram delivered.

Identification

The choice of the Identifier for a datagram is based on the need to
provide a way to uniquely identify the fragments of a particular
datagram. The protocol module assembling fragments judges fragments
to belong to the same datagram if they have the same source,
destination, protocol, and Identifier. Thus, the sender must choose
the Identifier to be unique for this source, destination pair and
protocol for the time the datagram (or any fragment of it) could be
alive in the internet.

It seems then that a sending protocol module needs to keep a table
of Identifiers, one entry for each destination it has communicated
with in the last maximum packet lifetime for the internet.

However, since the Identifier field allows 65,536 different values,
some host may be able to simply use unique identifiers independent
of destination.

It is appropriate for some higher level protocols to choose the
identifier. For example, TCP protocol modules may retransmit an
identical TCP segment, and the probability for correct reception
would be enhanced if the retransmission carried the same identifier
as the original transmission since fragments of either datagram
could be used to construct a correct TCP segment.

Type of Service

The type of service (TOS) is for internet service quality selection.
The type of service is specified along the abstract parameters
precedence, delay, throughput, and reliability. These abstract
parameters are to be mapped into the actual service parameters of
the particular networks the datagram traverses.

Precedence. An independent measure of the importance of this
datagram.

Delay. Prompt delivery is important for datagrams with this
indication.

Throughput. High data rate is important for datagrams with this
indication.

[Page 29]

September 1981
Internet Protocol
Specification

Reliability. A higher level of effort to ensure delivery is
important for datagrams with this indication.

For example, the ARPANET has a priority bit, and a choice between
"standard" messages (type 0) and "uncontrolled" messages (type 3),
(the choice between single packet and multipacket messages can also
be considered a service parameter). The uncontrolled messages tend
to be less reliably delivered and suffer less delay. Suppose an
internet datagram is to be sent through the ARPANET. Let the
internet type of service be given as:

Precedence: 5
Delay: 0
Throughput: 1
Reliability: 1

In this example, the mapping of these parameters to those available
for the ARPANET would be to set the ARPANET priority bit on since
the Internet precedence is in the upper half of its range, to select
standard messages since the throughput and reliability requirements
are indicated and delay is not. More details are given on service
mappings in "Service Mappings" [8].

Time to Live

The time to live is set by the sender to the maximum time the
datagram is allowed to be in the internet system. If the datagram
is in the internet system longer than the time to live, then the
datagram must be destroyed.

This field must be decreased at each point that the internet header
is processed to reflect the time spent processing the datagram.
Even if no local information is available on the time actually
spent, the field must be decremented by 1. The time is measured in
units of seconds (i.e. the value 1 means one second). Thus, the
maximum time to live is 255 seconds or 4.25 minutes. Since every
module that processes a datagram must decrease the TTL by at least
one even if it process the datagram in less than a second, the TTL
must be thought of only as an upper bound on the time a datagram may
exist. The intention is to cause undeliverable datagrams to be
discarded, and to bound the maximum datagram lifetime.

Some higher level reliable connection protocols are based on
assumptions that old duplicate datagrams will not arrive after a
certain time elapses. The TTL is a way for such protocols to have
an assurance that their assumption is met.

[Page 30]

September 1981
Internet Protocol
Specification

Options

The options are optional in each datagram, but required in
implementations. That is, the presence or absence of an option is
the choice of the sender, but each internet module must be able to
parse every option. There can be several options present in the
option field.

The options might not end on a 32-bit boundary. The internet header
must be filled out with octets of zeros. The first of these would
be interpreted as the end-of-options option, and the remainder as
internet header padding.

Every internet module must be able to act on every option. The
Security Option is required if classified, restricted, or
compartmented traffic is to be passed.

Checksum

The internet header checksum is recomputed if the internet header is
changed. For example, a reduction of the time to live, additions or
changes to internet options, or due to fragmentation. This checksum
at the internet level is intended to protect the internet header
fields from transmission errors.

There are some applications where a few data bit errors are
acceptable while retransmission delays are not. If the internet
protocol enforced data correctness such applications could not be
supported.

Errors

Internet protocol errors may be reported via the ICMP messages [3].

3.3. Interfaces

The functional description of user interfaces to the IP is, at best,
fictional, since every operating system will have different
facilities. Consequently, we must warn readers that different IP
implementations may have different user interfaces. However, all IPs
must provide a certain minimum set of services to guarantee that all
IP implementations can support the same protocol hierarchy. This
section specifies the functional interfaces required of all IP
implementations.

Internet protocol interfaces on one side to the local network and on
the other side to either a higher level protocol or an application
program. In the following, the higher level protocol or application

[Page 31]

September 1981
Internet Protocol
Specification

program (or even a gateway program) will be called the "user" since it
is using the internet module. Since internet protocol is a datagram
protocol, there is minimal memory or state maintained between datagram
transmissions, and each call on the internet protocol module by the
user supplies all information necessary for the IP to perform the
service requested.

An Example Upper Level Interface

The following two example calls satisfy the requirements for the user
to internet protocol module communication ("=>" means returns):

SEND (src, dst, prot, TOS, TTL, BufPTR, len, Id, DF, opt => result)

where:

src = source address
dst = destination address
prot = protocol
TOS = type of service
TTL = time to live
BufPTR = buffer pointer
len = length of buffer
Id = Identifier
DF = Don't Fragment
opt = option data
result = response
OK = datagram sent ok
Error = error in arguments or local network error

Note that the precedence is included in the TOS and the
security/compartment is passed as an option.

RECV (BufPTR, prot, => result, src, dst, TOS, len, opt)

where:

BufPTR = buffer pointer
prot = protocol
result = response
OK = datagram received ok
Error = error in arguments
len = length of buffer
src = source address
dst = destination address
TOS = type of service
opt = option data

[Page 32]

September 1981
Internet Protocol
Specification

When the user sends a datagram, it executes the SEND call supplying
all the arguments. The internet protocol module, on receiving this
call, checks the arguments and prepares and sends the message. If the
arguments are good and the datagram is accepted by the local network,
the call returns successfully. If either the arguments are bad, or
the datagram is not accepted by the local network, the call returns
unsuccessfully. On unsuccessful returns, a reasonable report must be
made as to the cause of the problem, but the details of such reports
are up to individual implementations.

When a datagram arrives at the internet protocol module from the local
network, either there is a pending RECV call from the user addressed
or there is not. In the first case, the pending call is satisfied by
passing the information from the datagram to the user. In the second
case, the user addressed is notified of a pending datagram. If the
user addressed does not exist, an ICMP error message is returned to
the sender, and the data is discarded.

The notification of a user may be via a pseudo interrupt or similar
mechanism, as appropriate in the particular operating system
environment of the implementation.

A user's RECV call may then either be immediately satisfied by a
pending datagram, or the call may be pending until a datagram arrives.

The source address is included in the send call in case the sending
host has several addresses (multiple physical connections or logical
addresses). The internet module must check to see that the source
address is one of the legal address for this host.

An implementation may also allow or require a call to the internet
module to indicate interest in or reserve exclusive use of a class of
datagrams (e.g., all those with a certain value in the protocol
field).

This section functionally characterizes a USER/IP interface. The
notation used is similar to most procedure of function calls in high
level languages, but this usage is not meant to rule out trap type
service calls (e.g., SVCs, UUOs, EMTs), or any other form of
interprocess communication.

[Page 33]

September 1981
Internet Protocol

APPENDIX A: Examples & Scenarios

Example 1:

This is an example of the minimal data carrying internet datagram:

0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|Ver= 4 |IHL= 5 |Type of Service| Total Length = 21 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Identification = 111 |Flg=0| Fragment Offset = 0 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Time = 123 | Protocol = 1 | header checksum |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| source address |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| destination address |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| data |
+-+-+-+-+-+-+-+-+

Example Internet Datagram

Figure 5.

Note that each tick mark represents one bit position.

This is a internet datagram in version 4 of internet protocol; the
internet header consists of five 32 bit words, and the total length of
the datagram is 21 octets. This datagram is a complete datagram (not
a fragment).

[Page 34]

September 1981
Internet Protocol

Example 2:

In this example, we show first a moderate size internet datagram (452
data octets), then two internet fragments that might result from the
fragmentation of this datagram if the maximum sized transmission
allowed were 280 octets.

0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|Ver= 4 |IHL= 5 |Type of Service| Total Length = 472 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Identification = 111 |Flg=0| Fragment Offset = 0 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Time = 123 | Protocol = 6 | header checksum |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| source address |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| destination address |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| data |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| data |
\ \
\ \
| data |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| data |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

Example Internet Datagram

Figure 6.

[Page 35]

September 1981
Internet Protocol

Now the first fragment that results from splitting the datagram after
256 data octets.

0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|Ver= 4 |IHL= 5 |Type of Service| Total Length = 276 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Identification = 111 |Flg=1| Fragment Offset = 0 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Time = 119 | Protocol = 6 | Header Checksum |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| source address |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| destination address |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| data |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| data |
\ \
\ \
| data |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| data |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

Example Internet Fragment

Figure 7.

[Page 36]

September 1981
Internet Protocol

And the second fragment.

0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|Ver= 4 |IHL= 5 |Type of Service| Total Length = 216 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Identification = 111 |Flg=0| Fragment Offset = 32 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Time = 119 | Protocol = 6 | Header Checksum |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| source address |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| destination address |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| data |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| data |
\ \
\ \
| data |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| data |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

Example Internet Fragment

Figure 8.

[Page 37]

September 1981
Internet Protocol

Example 3:

Here, we show an example of a datagram containing options:

0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|Ver= 4 |IHL= 8 |Type of Service| Total Length = 576 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Identification = 111 |Flg=0| Fragment Offset = 0 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Time = 123 | Protocol = 6 | Header Checksum |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| source address |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| destination address |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Opt. Code = x | Opt. Len.= 3 | option value | Opt. Code = x |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Opt. Len. = 4 | option value | Opt. Code = 1 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Opt. Code = y | Opt. Len. = 3 | option value | Opt. Code = 0 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| data |
\ \
\ \
| data |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| data |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

Example Internet Datagram

Figure 9.

[Page 38]

September 1981
Internet Protocol

APPENDIX B: Data Transmission Order

The order of transmission of the header and data described in this
document is resolved to the octet level. Whenever a diagram shows a
group of octets, the order of transmission of those octets is the normal
order in which they are read in English. For example, in the following
diagram the octets are transmitted in the order they are numbered.

0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| 1 | 2 | 3 | 4 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| 5 | 6 | 7 | 8 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| 9 | 10 | 11 | 12 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

Transmission Order of Bytes

Figure 10.

Whenever an octet represents a numeric quantity the left most bit in the
diagram is the high order or most significant bit. That is, the bit
labeled 0 is the most significant bit. For example, the following
diagram represents the value 170 (decimal).

0 1 2 3 4 5 6 7
+-+-+-+-+-+-+-+-+
|1 0 1 0 1 0 1 0|
+-+-+-+-+-+-+-+-+

Significance of Bits

Figure 11.

Similarly, whenever a multi-octet field represents a numeric quantity
the left most bit of the whole field is the most significant bit. When
a multi-octet quantity is transmitted the most significant octet is
transmitted first.

[Page 39]

September 1981
Internet Protocol

[Page 40]

September 1981
Internet Protocol

GLOSSARY

1822
BBN Report 1822, "The Specification of the Interconnection of
a Host and an IMP". The specification of interface between a
host and the ARPANET.

ARPANET leader
The control information on an ARPANET message at the host-IMP
interface.

ARPANET message
The unit of transmission between a host and an IMP in the
ARPANET. The maximum size is about 1012 octets (8096 bits).

ARPANET packet
A unit of transmission used internally in the ARPANET between
IMPs. The maximum size is about 126 octets (1008 bits).

Destination
The destination address, an internet header field.

DF
The Don't Fragment bit carried in the flags field.

Flags
An internet header field carrying various control flags.

Fragment Offset
This internet header field indicates where in the internet
datagram a fragment belongs.

GGP
Gateway to Gateway Protocol, the protocol used primarily
between gateways to control routing and other gateway
functions.

header
Control information at the beginning of a message, segment,
datagram, packet or block of data.

ICMP
Internet Control Message Protocol, implemented in the internet
module, the ICMP is used from gateways to hosts and between
hosts to report errors and make routing suggestions.

[Page 41]

September 1981
Internet Protocol
Glossary

Identification
An internet header field carrying the identifying value
assigned by the sender to aid in assembling the fragments of a
datagram.

IHL
The internet header field Internet Header Length is the length
of the internet header measured in 32 bit words.

IMP
The Interface Message Processor, the packet switch of the
ARPANET.

Internet Address
A four octet (32 bit) source or destination address consisting
of a Network field and a Local Address field.

internet datagram
The unit of data exchanged between a pair of internet modules
(includes the internet header).

internet fragment
A portion of the data of an internet datagram with an internet
header.

Local Address
The address of a host within a network. The actual mapping of
an internet local address on to the host addresses in a
network is quite general, allowing for many to one mappings.

MF
The More-Fragments Flag carried in the internet header flags
field.

module
An implementation, usually in software, of a protocol or other
procedure.

more-fragments flag
A flag indicating whether or not this internet datagram
contains the end of an internet datagram, carried in the
internet header Flags field.

NFB
The Number of Fragment Blocks in a the data portion of an
internet fragment. That is, the length of a portion of data
measured in 8 octet units.

[Page 42]

September 1981
Internet Protocol
Glossary

octet
An eight bit byte.

Options
The internet header Options field may contain several options,
and each option may be several octets in length.

Padding
The internet header Padding field is used to ensure that the
data begins on 32 bit word boundary. The padding is zero.

Protocol
In this document, the next higher level protocol identifier,
an internet header field.

Rest
The local address portion of an Internet Address.

Source
The source address, an internet header field.

TCP
Transmission Control Protocol: A host-to-host protocol for
reliable communication in internet environments.

TCP Segment
The unit of data exchanged between TCP modules (including the
TCP header).

TFTP
Trivial File Transfer Protocol: A simple file transfer
protocol built on UDP.

Time to Live
An internet header field which indicates the upper bound on
how long this internet datagram may exist.

TOS
Type of Service

Total Length
The internet header field Total Length is the length of the
datagram in octets including internet header and data.

TTL
Time to Live

[Page 43]

September 1981
Internet Protocol
Glossary

Type of Service
An internet header field which indicates the type (or quality)
of service for this internet datagram.

UDP
User Datagram Protocol: A user level protocol for transaction
oriented applications.

User
The user of the internet protocol. This may be a higher level
protocol module, an application program, or a gateway program.

Version
The Version field indicates the format of the internet header.

[Page 44]

September 1981
Internet Protocol

REFERENCES

[1] Cerf, V., "The Catenet Model for Internetworking," Information
Processing Techniques Office, Defense Advanced Research Projects
Agency, IEN 48, July 1978.

[2] Bolt Beranek and Newman, "Specification for the Interconnection of
a Host and an IMP," BBN Technical Report 1822, Revised May 1978.

[3] Postel, J., "Internet Control Message Protocol - DARPA Internet
Program Protocol Specification," RFC 792, USC/Information Sciences
Institute, September 1981.

[4] Shoch, J., "Inter-Network Naming, Addressing, and Routing,"
COMPCON, IEEE Computer Society, Fall 1978.

[5] Postel, J., "Address Mappings," RFC 796, USC/Information Sciences
Institute, September 1981.

[6] Shoch, J., "Packet Fragmentation in Inter-Network Protocols,"
Computer Networks, v. 3, n. 1, February 1979.

[7] Strazisar, V., "How to Build a Gateway", IEN 109, Bolt Beranek and
Newman, August 1979.

[8] Postel, J., "Service Mappings," RFC 795, USC/Information Sciences
Institute, September 1981.

[9] Postel, J., "Assigned Numbers," RFC 790, USC/Information Sciences
Institute, September 1981.


RFC 1883 – Internet Protocol, Version 6 (IPv6) Specification (OBSOLETE)


Network Working Group S. Deering, Xerox PARC
Request for Comments: 1883 R. Hinden, Ipsilon Networks
Category: Standards Track December 1995

Internet Protocol, Version 6 (IPv6)
Specification

Status of this Memo

This document specifies an Internet standards track protocol for the
Internet community, and requests discussion and suggestions for
improvements. Please refer to the current edition of the "Internet
Official Protocol Standards" (STD 1) for the standardization state
and status of this protocol. Distribution of this memo is unlimited.

Abstract

This document specifies version 6 of the Internet Protocol (IPv6),
also sometimes referred to as IP Next Generation or IPng.

Table of Contents

1. Introduction..................................................3

2. Terminology...................................................4

3. IPv6 Header Format............................................5

4. IPv6 Extension Headers........................................6
4.1 Extension Header Order...................................8
4.2 Options..................................................9
4.3 Hop-by-Hop Options Header...............................11
4.4 Routing Header..........................................13
4.5 Fragment Header.........................................19
4.6 Destination Options Header..............................24
4.7 No Next Header..........................................25

5. Packet Size Issues...........................................26

6. Flow Labels..................................................28

7. Priority.....................................................30

8. Upper-Layer Protocol Issues..................................31
8.1 Upper-Layer Checksums...................................31
8.2 Maximum Packet Lifetime.................................32
8.3 Maximum Upper-Layer Payload Size........................32

Appendix A. Formatting Guidelines for Options...................33

Security Considerations.........................................36

Acknowledgments.................................................36

Authors' Addresses..............................................36

References......................................................37

1. Introduction

IP version 6 (IPv6) is a new version of the Internet Protocol,
designed as a successor to IP version 4 (IPv4) RFC-791. The
changes from IPv4 to IPv6 fall primarily into the following
categories:

o Expanded Addressing Capabilities

IPv6 increases the IP address size from 32 bits to 128 bits, to
support more levels of addressing hierarchy, a much greater
number of addressable nodes, and simpler auto-configuration of
addresses. The scalability of multicast routing is improved by
adding a "scope" field to multicast addresses. And a new type
of address called an "anycast address" is defined, used to send
a packet to any one of a group of nodes.

o Header Format Simplification

Some IPv4 header fields have been dropped or made optional, to
reduce the common-case processing cost of packet handling and
to limit the bandwidth cost of the IPv6 header.

o Improved Support for Extensions and Options

Changes in the way IP header options are encoded allows for
more efficient forwarding, less stringent limits on the length
of options, and greater flexibility for introducing new options
in the future.

o Flow Labeling Capability

A new capability is added to enable the labeling of packets
belonging to particular traffic "flows" for which the sender
requests special handling, such as non-default quality of
service or "real-time" service.

o Authentication and Privacy Capabilities

Extensions to support authentication, data integrity, and
(optional) data confidentiality are specified for IPv6.

This document specifies the basic IPv6 header and the initially-
defined IPv6 extension headers and options. It also discusses packet
size issues, the semantics of flow labels and priority, and the
effects of IPv6 on upper-layer protocols. The format and semantics
of IPv6 addresses are specified separately in RFC-1884. The IPv6
version of ICMP, which all IPv6 implementations are required to
include, is specified in RFC-1885.

2. Terminology

node - a device that implements IPv6.

router - a node that forwards IPv6 packets not explicitly
addressed to itself. [See Note below].

host - any node that is not a router. [See Note below].

upper layer - a protocol layer immediately above IPv6. Examples are
transport protocols such as TCP and UDP, control
protocols such as ICMP, routing protocols such as OSPF,
and internet or lower-layer protocols being "tunneled"
over (i.e., encapsulated in) IPv6 such as IPX,
AppleTalk, or IPv6 itself.

link - a communication facility or medium over which nodes can
communicate at the link layer, i.e., the layer
immediately below IPv6. Examples are Ethernets (simple
or bridged); PPP links; X.25, Frame Relay, or ATM
networks; and internet (or higher) layer "tunnels",
such as tunnels over IPv4 or IPv6 itself.

neighbors - nodes attached to the same link.

interface - a node's attachment to a link.

address - an IPv6-layer identifier for an interface or a set of
interfaces.

packet - an IPv6 header plus payload.

link MTU - the maximum transmission unit, i.e., maximum packet
size in octets, that can be conveyed in one piece over
a link.

path MTU - the minimum link MTU of all the links in a path between
a source node and a destination node.

Note: it is possible, though unusual, for a device with multiple
interfaces to be configured to forward non-self-destined packets
arriving from some set (fewer than all) of its interfaces, and to
discard non-self-destined packets arriving from its other interfaces.
Such a device must obey the protocol requirements for routers when
receiving packets from, and interacting with neighbors over, the
former (forwarding) interfaces. It must obey the protocol
requirements for hosts when receiving packets from, and interacting
with neighbors over, the latter (non-forwarding) interfaces.

3. IPv6 Header Format

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|Version| Prio. | Flow Label |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Payload Length | Next Header | Hop Limit |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
+ +
| |
+ Source Address +
| |
+ +
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
+ +
| |
+ Destination Address +
| |
+ +
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

Version 4-bit Internet Protocol version number = 6.

Prio. 4-bit priority value. See section 7.

Flow Label 24-bit flow label. See section 6.

Payload Length 16-bit unsigned integer. Length of payload,
i.e., the rest of the packet following the
IPv6 header, in octets. If zero, indicates that
the payload length is carried in a Jumbo Payload
hop-by-hop option.

Next Header 8-bit selector. Identifies the type of header
immediately following the IPv6 header. Uses
the same values as the IPv4 Protocol field
RFC-1700 et seq.].

Hop Limit 8-bit unsigned integer. Decremented by 1 by
each node that forwards the packet. The packet
is discarded if Hop Limit is decremented to
zero.

Source Address 128-bit address of the originator of the
packet. See RFC-1884.

Destination Address 128-bit address of the intended recipient
of the packet (possibly not the ultimate
recipient, if a Routing header is present).
See RFC-1884 and section 4.4.

4. IPv6 Extension Headers

In IPv6, optional internet-layer information is encoded in separate
headers that may be placed between the IPv6 header and the upper-
layer header in a packet. There are a small number of such extension
headers, each identified by a distinct Next Header value. As
illustrated in these examples, an IPv6 packet may carry zero, one, or
more extension headers, each identified by the Next Header field of
the preceding header:

+---------------+------------------------
| IPv6 header | TCP header + data
| |
| Next Header = |
| TCP |
+---------------+------------------------

+---------------+----------------+------------------------
| IPv6 header | Routing header | TCP header + data
| | |
| Next Header = | Next Header = |
| Routing | TCP |
+---------------+----------------+------------------------

+---------------+----------------+-----------------+-----------------
| IPv6 header | Routing header | Fragment header | fragment of TCP
| | | | header + data
| Next Header = | Next Header = | Next Header = |
| Routing | Fragment | TCP |
+---------------+----------------+-----------------+-----------------

With one exception, extension headers are not examined or processed
by any node along a packet's delivery path, until the packet reaches
the node (or each of the set of nodes, in the case of multicast)
identified in the Destination Address field of the IPv6 header.
There, normal demultiplexing on the Next Header field of the IPv6
header invokes the module to process the first extension header, or
the upper-layer header if no extension header is present. The
contents and semantics of each extension header determine whether or

not to proceed to the next header. Therefore, extension headers must
be processed strictly in the order they appear in the packet; a
receiver must not, for example, scan through a packet looking for a
particular kind of extension header and process that header prior to
processing all preceding ones.

The exception referred to in the preceding paragraph is the Hop-by-
Hop Options header, which carries information that must be examined
and processed by every node along a packet's delivery path, including
the source and destination nodes. The Hop-by-Hop Options header,
when present, must immediately follow the IPv6 header. Its presence
is indicated by the value zero in the Next Header field of the IPv6
header.

If, as a result of processing a header, a node is required to proceed
to the next header but the Next Header value in the current header is
unrecognized by the node, it should discard the packet and send an
ICMP Parameter Problem message to the source of the packet, with an
ICMP Code value of 2 ("unrecognized Next Header type encountered")
and the ICMP Pointer field containing the offset of the unrecognized
value within the original packet. The same action should be taken if
a node encounters a Next Header value of zero in any header other
than an IPv6 header.

Each extension header is an integer multiple of 8 octets long, in
order to retain 8-octet alignment for subsequent headers. Multi-
octet fields within each extension header are aligned on their
natural boundaries, i.e., fields of width n octets are placed at an
integer multiple of n octets from the start of the header, for n = 1,
2, 4, or 8.

A full implementation of IPv6 includes implementation of the
following extension headers:

Hop-by-Hop Options
Routing (Type 0)
Fragment
Destination Options
Authentication
Encapsulating Security Payload

The first four are specified in this document; the last two are
specified in RFC-1827, respectively.

4.1 Extension Header Order

When more than one extension header is used in the same packet, it is
recommended that those headers appear in the following order:

IPv6 header
Hop-by-Hop Options header
Destination Options header (note 1)
Routing header
Fragment header
Authentication header (note 2)
Encapsulating Security Payload header (note 2)
Destination Options header (note 3)
upper-layer header

note 1: for options to be processed by the first destination
that appears in the IPv6 Destination Address field
plus subsequent destinations listed in the Routing
header.

note 2: additional recommendations regarding the relative
order of the Authentication and Encapsulating
Security Payload headers are given in RFC-1827.

note 3: for options to be processed only by the final
destination of the packet.

Each extension header should occur at most once, except for the
Destination Options header which should occur at most twice (once
before a Routing header and once before the upper-layer header).

If the upper-layer header is another IPv6 header (in the case of IPv6
being tunneled over or encapsulated in IPv6), it may be followed by
its own extensions headers, which are separately subject to the same
ordering recommendations.

If and when other extension headers are defined, their ordering
constraints relative to the above listed headers must be specified.

IPv6 nodes must accept and attempt to process extension headers in
any order and occurring any number of times in the same packet,
except for the Hop-by-Hop Options header which is restricted to
appear immediately after an IPv6 header only. Nonetheless, it is
strongly advised that sources of IPv6 packets adhere to the above
recommended order until and unless subsequent specifications revise
that recommendation.

4.2 Options

Two of the currently-defined extension headers -- the Hop-by-Hop
Options header and the Destination Options header -- carry a variable
number of type-length-value (TLV) encoded "options", of the following
format:

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- - - - - - - - -
| Option Type | Opt Data Len | Option Data
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- - - - - - - - -

Option Type 8-bit identifier of the type of option.

Opt Data Len 8-bit unsigned integer. Length of the Option
Data field of this option, in octets.

Option Data Variable-length field. Option-Type-specific
data.

The sequence of options within a header must be processed strictly in
the order they appear in the header; a receiver must not, for
example, scan through the header looking for a particular kind of
option and process that option prior to processing all preceding
ones.

The Option Type identifiers are internally encoded such that their
highest-order two bits specify the action that must be taken if the
processing IPv6 node does not recognize the Option Type:

00 - skip over this option and continue processing the header.

01 - discard the packet.

10 - discard the packet and, regardless of whether or not the
packets's Destination Address was a multicast address, send
an ICMP Parameter Problem, Code 2, message to the packet's
Source Address, pointing to the unrecognized Option Type.

11 - discard the packet and, only if the packet's Destination
Address was not a multicast address, send an ICMP Parameter
Problem, Code 2, message to the packet's Source Address,
pointing to the unrecognized Option Type.

The third-highest-order bit of the Option Type specifies whether or
not the Option Data of that option can change en-route to the
packet's final destination. When an Authentication header is present
in the packet, for any option whose data may change en-route, its
entire Option Data field must be treated as zero-valued octets when
computing or verifying the packet's authenticating value.

0 - Option Data does not change en-route

1 - Option Data may change en-route

Individual options may have specific alignment requirements, to
ensure that multi-octet values within Option Data fields fall on
natural boundaries. The alignment requirement of an option is
specified using the notation xn+y, meaning the Option Type must
appear at an integer multiple of x octets from the start of the
header, plus y octets. For example:

2n means any 2-octet offset from the start of the header.
8n+2 means any 8-octet offset from the start of the header,
plus 2 octets.

There are two padding options which are used when necessary to align
subsequent options and to pad out the containing header to a multiple
of 8 octets in length. These padding options must be recognized by
all IPv6 implementations:

Pad1 option (alignment requirement: none)

+-+-+-+-+-+-+-+-+
| 0 |
+-+-+-+-+-+-+-+-+

NOTE! the format of the Pad1 option is a special case -- it does
not have length and value fields.

The Pad1 option is used to insert one octet of padding into the
Options area of a header. If more than one octet of padding is
required, the PadN option, described next, should be used,
rather than multiple Pad1 options.

PadN option (alignment requirement: none)

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- - - - - - - - -
| 1 | Opt Data Len | Option Data
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- - - - - - - - -

The PadN option is used to insert two or more octets of padding
into the Options area of a header. For N octets of padding,
the Opt Data Len field contains the value N-2, and the Option
Data consists of N-2 zero-valued octets.

Appendix A contains formatting guidelines for designing new options.

4.3 Hop-by-Hop Options Header

The Hop-by-Hop Options header is used to carry optional information
that must be examined by every node along a packet's delivery path.
The Hop-by-Hop Options header is identified by a Next Header value of
0 in the IPv6 header, and has the following format:

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Next Header | Hdr Ext Len | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +
| |
. .
. Options .
. .
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

Next Header 8-bit selector. Identifies the type of header
immediately following the Hop-by-Hop Options
header. Uses the same values as the IPv4
Protocol field RFC-1700 et seq.].

Hdr Ext Len 8-bit unsigned integer. Length of the
Hop-by-Hop Options header in 8-octet units,
not including the first 8 octets.

Options Variable-length field, of length such that the
complete Hop-by-Hop Options header is an integer
multiple of 8 octets long. Contains one or
more TLV-encoded options, as described in
section 4.2.

In addition to the Pad1 and PadN options specified in section 4.2,
the following hop-by-hop option is defined:

Jumbo Payload option (alignment requirement: 4n + 2)

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| 194 |Opt Data Len=4 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Jumbo Payload Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

The Jumbo Payload option is used to send IPv6 packets with
payloads longer than 65,535 octets. The Jumbo Payload Length is
the length of the packet in octets, excluding the IPv6 header but
including the Hop-by-Hop Options header; it must be greater than
65,535. If a packet is received with a Jumbo Payload option
containing a Jumbo Payload Length less than or equal to 65,535,

an ICMP Parameter Problem message, Code 0, should be sent to the
packet's source, pointing to the high-order octet of the invalid
Jumbo Payload Length field.

The Payload Length field in the IPv6 header must be set to zero
in every packet that carries the Jumbo Payload option. If a
packet is received with a valid Jumbo Payload option present and
a non-zero IPv6 Payload Length field, an ICMP Parameter Problem
message, Code 0, should be sent to the packet's source, pointing
to the Option Type field of the Jumbo Payload option.

The Jumbo Payload option must not be used in a packet that
carries a Fragment header. If a Fragment header is encountered
in a packet that contains a valid Jumbo Payload option, an ICMP
Parameter Problem message, Code 0, should be sent to the packet's
source, pointing to the first octet of the Fragment header.

An implementation that does not support the Jumbo Payload option
cannot have interfaces to links whose link MTU is greater than
65,575 (40 octets of IPv6 header plus 65,535 octets of payload).

4.4 Routing Header

The Routing header is used by an IPv6 source to list one or more
intermediate nodes to be "visited" on the way to a packet's
destination. This function is very similar to IPv4's Source Route
options. The Routing header is identified by a Next Header value of
43 in the immediately preceding header, and has the following format:

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Next Header | Hdr Ext Len | Routing Type | Segments Left |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
. .
. type-specific data .
. .
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

Next Header 8-bit selector. Identifies the type of header
immediately following the Routing header.
Uses the same values as the IPv4 Protocol field
RFC-1700 et seq.].

Hdr Ext Len 8-bit unsigned integer. Length of the
Routing header in 8-octet units, not including
the first 8 octets.

Routing Type 8-bit identifier of a particular Routing
header variant.

Segments Left 8-bit unsigned integer. Number of route
segments remaining, i.e., number of explicitly
listed intermediate nodes still to be visited
before reaching the final destination.

type-specific data Variable-length field, of format determined by
the Routing Type, and of length such that the
complete Routing header is an integer multiple
of 8 octets long.

If, while processing a received packet, a node encounters a Routing
header with an unrecognized Routing Type value, the required behavior
of the node depends on the value of the Segments Left field, as
follows:

If Segments Left is zero, the node must ignore the Routing header
and proceed to process the next header in the packet, whose type
is identified by the Next Header field in the Routing header.

If Segments Left is non-zero, the node must discard the packet and
send an ICMP Parameter Problem, Code 0, message to the packet's
Source Address, pointing to the unrecognized Routing Type.

The Type 0 Routing header has the following format:

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Next Header | Hdr Ext Len | Routing Type=0| Segments Left |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Reserved | Strict/Loose Bit Map |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
+ +
| |
+ Address[1] +
| |
+ +
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
+ +
| |
+ Address[2] +
| |
+ +
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
. . .
. . .
. . .
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
+ +
| |
+ Address[n] +
| |
+ +
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

Next Header 8-bit selector. Identifies the type of header
immediately following the Routing header.
Uses the same values as the IPv4 Protocol field
RFC-1700 et seq.].

Hdr Ext Len 8-bit unsigned integer. Length of the
Routing header in 8-octet units, not including
the first 8 octets. For the Type 0 Routing
header, Hdr Ext Len is equal to two times the
number of addresses in the header, and must
be an even number less than or equal to 46.

Routing Type 0.

Segments Left 8-bit unsigned integer. Number of route
segments remaining, i.e., number of explicitly
listed intermediate nodes still to be visited
before reaching the final destination.
Maximum legal value = 23.

Reserved 8-bit reserved field. Initialized to zero for
transmission; ignored on reception.

Strict/Loose Bit Map
24-bit bit-map, numbered 0 to 23, left-to-right.
Indicates, for each segment of the route, whether
or not the next destination address must be a
neighbor of the preceding address: 1 means strict
(must be a neighbor), 0 means loose (need not be
a neighbor).

Address[1..n] Vector of 128-bit addresses, numbered 1 to n.

Multicast addresses must not appear in a Routing header of Type 0, or
in the IPv6 Destination Address field of a packet carrying a Routing
header of Type 0.

If bit number 0 of the Strict/Loose Bit Map has value 1, the
Destination Address field of the IPv6 header in the original packet
must identify a neighbor of the originating node. If bit number 0
has value 0, the originator may use any legal, non-multicast address
as the initial Destination Address.

Bits numbered greater than n, where n is the number of addresses in
the Routing header, must be set to 0 by the originator and ignored by
receivers.

A Routing header is not examined or processed until it reaches the
node identified in the Destination Address field of the IPv6 header.
In that node, dispatching on the Next Header field of the immediately
preceding header causes the Routing header module to be invoked,
which, in the case of Routing Type 0, performs the following
algorithm:

if Segments Left = 0 {
proceed to process the next header in the packet, whose type is
identified by the Next Header field in the Routing header
}
else if Hdr Ext Len is odd or greater than 46 {
send an ICMP Parameter Problem, Code 0, message to the Source
Address, pointing to the Hdr Ext Len field, and discard the
packet
}
else {
compute n, the number of addresses in the Routing header, by
dividing Hdr Ext Len by 2

if Segments Left is greater than n {
send an ICMP Parameter Problem, Code 0, message to the Source
Address, pointing to the Segments Left field, and discard the
packet
}
else {
decrement Segments Left by 1;
compute i, the index of the next address to be visited in
the address vector, by subtracting Segments Left from n

if Address [i] or the IPv6 Destination Address is multicast {
discard the packet
}
else {
swap the IPv6 Destination Address and Address[i]

if bit i of the Strict/Loose Bit map has value 1 and the
new Destination Address is not the address of a neighbor
of this node {
send an ICMP Destination Unreachable -- Not a Neighbor
message to the Source Address and discard the packet
}
else if the IPv6 Hop Limit is less than or equal to 1 {
send an ICMP Time Exceeded -- Hop Limit Exceeded in
Transit message to the Source Address and discard the
packet
}
else {
decrement the Hop Limit by 1

resubmit the packet to the IPv6 module for transmission
to the new destination
}
}
}
}

As an example of the effects of the above algorithm, consider the
case of a source node S sending a packet to destination node D, using
a Routing header to cause the packet to be routed via intermediate
nodes I1, I2, and I3. The values of the relevant IPv6 header and
Routing header fields on each segment of the delivery path would be
as follows:

As the packet travels from S to I1:

Source Address = S Hdr Ext Len = 6
Destination Address = I1 Segments Left = 3
Address[1] = I2
(if bit 0 of the Bit Map is 1, Address[2] = I3
S and I1 must be neighbors; Address[3] = D
this is checked by S)

As the packet travels from I1 to I2:

Source Address = S Hdr Ext Len = 6
Destination Address = I2 Segments Left = 2
Address[1] = I1
(if bit 1 of the Bit Map is 1, Address[2] = I3
I1 and I2 must be neighbors; Address[3] = D
this is checked by I1)

As the packet travels from I2 to I3:

Source Address = S Hdr Ext Len = 6
Destination Address = I3 Segments Left = 1
Address[1] = I1
(if bit 2 of the Bit Map is 1, Address[2] = I2
I2 and I3 must be neighbors; Address[3] = D
this is checked by I2)

As the packet travels from I3 to D:

Source Address = S Hdr Ext Len = 6
Destination Address = D Segments Left = 0
Address[1] = I1
(if bit 3 of the Bit Map is 1, Address[2] = I2
I3 and D must be neighbors; Address[3] = I3
this is checked by I3)

4.5 Fragment Header

The Fragment header is used by an IPv6 source to send packets larger
than would fit in the path MTU to their destinations. (Note: unlike
IPv4, fragmentation in IPv6 is performed only by source nodes, not by
routers along a packet's delivery path -- see section 5.) The
Fragment header is identified by a Next Header value of 44 in the
immediately preceding header, and has the following format:

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Next Header | Reserved | Fragment Offset |Res|M|
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Identification |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

Next Header 8-bit selector. Identifies the initial header
type of the Fragmentable Part of the original
packet (defined below). Uses the same values
as the IPv4 Protocol field RFC-1700 et seq.].

Reserved 8-bit reserved field. Initialized to zero for
transmission; ignored on reception.

Fragment Offset 13-bit unsigned integer. The offset, in 8-octet
units, of the data following this header,
relative to the start of the Fragmentable Part
of the original packet.

Res 2-bit reserved field. Initialized to zero for
transmission; ignored on reception.

M flag 1 = more fragments; 0 = last fragment.

Identification 32 bits. See description below.

In order to send a packet that is too large to fit in the MTU of the
path to its destination, a source node may divide the packet into
fragments and send each fragment as a separate packet, to be
reassembled at the receiver.

For every packet that is to be fragmented, the source node generates
an Identification value. The Identification must be different than
that of any other fragmented packet sent recently* with the same
Source Address and Destination Address. If a Routing header is
present, the Destination Address of concern is that of the final
destination.

* "recently" means within the maximum likely lifetime of a packet,
including transit time from source to destination and time spent

awaiting reassembly with other fragments of the same packet.
However, it is not required that a source node know the maximum
packet lifetime. Rather, it is assumed that the requirement can
be met by maintaining the Identification value as a simple, 32-
bit, "wrap-around" counter, incremented each time a packet must
be fragmented. It is an implementation choice whether to
maintain a single counter for the node or multiple counters,
e.g., one for each of the node's possible source addresses, or
one for each active (source address, destination address)
combination.

The initial, large, unfragmented packet is referred to as the
"original packet", and it is considered to consist of two parts, as
illustrated:

original packet:

+------------------+----------------------//-----------------------+
| Unfragmentable | Fragmentable |
| Part | Part |
+------------------+----------------------//-----------------------+

The Unfragmentable Part consists of the IPv6 header plus any
extension headers that must be processed by nodes en route to the
destination, that is, all headers up to and including the Routing
header if present, else the Hop-by-Hop Options header if present,
else no extension headers.

The Fragmentable Part consists of the rest of the packet, that is,
any extension headers that need be processed only by the final
destination node(s), plus the upper-layer header and data.

The Fragmentable Part of the original packet is divided into
fragments, each, except possibly the last ("rightmost") one, being an
integer multiple of 8 octets long. The fragments are transmitted in
separate "fragment packets" as illustrated:

original packet:

+------------------+--------------+--------------+--//--+----------+
| Unfragmentable | first | second | | last |
| Part | fragment | fragment | .... | fragment |
+------------------+--------------+--------------+--//--+----------+

fragment packets:

+------------------+--------+--------------+
| Unfragmentable |Fragment| first |
| Part | Header | fragment |
+------------------+--------+--------------+

+------------------+--------+--------------+
| Unfragmentable |Fragment| second |
| Part | Header | fragment |
+------------------+--------+--------------+
o
o
o
+------------------+--------+----------+
| Unfragmentable |Fragment| last |
| Part | Header | fragment |
+------------------+--------+----------+

Each fragment packet is composed of:

(1) The Unfragmentable Part of the original packet, with the
Payload Length of the original IPv6 header changed to contain
the length of this fragment packet only (excluding the length
of the IPv6 header itself), and the Next Header field of the
last header of the Unfragmentable Part changed to 44.

(2) A Fragment header containing:

The Next Header value that identifies the first header of
the Fragmentable Part of the original packet.

A Fragment Offset containing the offset of the fragment,
in 8-octet units, relative to the start of the
Fragmentable Part of the original packet. The Fragment
Offset of the first ("leftmost") fragment is 0.

An M flag value of 0 if the fragment is the last
("rightmost") one, else an M flag value of 1.

The Identification value generated for the original
packet.

(3) The fragment itself.

The lengths of the fragments must be chosen such that the resulting
fragment packets fit within the MTU of the path to the packets'
destination(s).

At the destination, fragment packets are reassembled into their
original, unfragmented form, as illustrated:

reassembled original packet:

+------------------+----------------------//------------------------+
| Unfragmentable | Fragmentable |
| Part | Part |
+------------------+----------------------//------------------------+

The following rules govern reassembly:

An original packet is reassembled only from fragment packets that
have the same Source Address, Destination Address, and Fragment
Identification.

The Unfragmentable Part of the reassembled packet consists of all
headers up to, but not including, the Fragment header of the first
fragment packet (that is, the packet whose Fragment Offset is
zero), with the following two changes:

The Next Header field of the last header of the Unfragmentable
Part is obtained from the Next Header field of the first
fragment's Fragment header.

The Payload Length of the reassembled packet is computed from
the length of the Unfragmentable Part and the length and offset
of the last fragment. For example, a formula for computing the
Payload Length of the reassembled original packet is:

PL.orig = PL.first - FL.first - 8 + (8 * FO.last) + FL.last

where
PL.orig = Payload Length field of reassembled packet.
PL.first = Payload Length field of first fragment packet.
FL.first = length of fragment following Fragment header of
first fragment packet.
FO.last = Fragment Offset field of Fragment header of
last fragment packet.
FL.last = length of fragment following Fragment header of
last fragment packet.

The Fragmentable Part of the reassembled packet is constructed
from the fragments following the Fragment headers in each of the
fragment packets. The length of each fragment is computed by
subtracting from the packet's Payload Length the length of the
headers between the IPv6 header and fragment itself; its relative
position in Fragmentable Part is computed from its Fragment Offset
value.

The Fragment header is not present in the final, reassembled
packet.

The following error conditions may arise when reassembling fragmented
packets:

If insufficient fragments are received to complete reassembly of a
packet within 60 seconds of the reception of the first-arriving
fragment of that packet, reassembly of that packet must be
abandoned and all the fragments that have been received for that
packet must be discarded. If the first fragment (i.e., the one
with a Fragment Offset of zero) has been received, an ICMP Time
Exceeded -- Fragment Reassembly Time Exceeded message should be
sent to the source of that fragment.

If the length of a fragment, as derived from the fragment packet's
Payload Length field, is not a multiple of 8 octets and the M flag
of that fragment is 1, then that fragment must be discarded and an
ICMP Parameter Problem, Code 0, message should be sent to the
source of the fragment, pointing to the Payload Length field of
the fragment packet.

If the length and offset of a fragment are such that the Payload
Length of the packet reassembled from that fragment would exceed
65,535 octets, then that fragment must be discarded and an ICMP
Parameter Problem, Code 0, message should be sent to the source of
the fragment, pointing to the Fragment Offset field of the
fragment packet.

The following conditions are not expected to occur, but are not
considered errors if they do:

The number and content of the headers preceding the Fragment
header of different fragments of the same original packet may
differ. Whatever headers are present, preceding the Fragment
header in each fragment packet, are processed when the packets
arrive, prior to queueing the fragments for reassembly. Only
those headers in the Offset zero fragment packet are retained in
the reassembled packet.

The Next Header values in the Fragment headers of different
fragments of the same original packet may differ. Only the value
from the Offset zero fragment packet is used for reassembly.

4.6 Destination Options Header

The Destination Options header is used to carry optional information
that need be examined only by a packet's destination node(s). The
Destination Options header is identified by a Next Header value of 60
in the immediately preceding header, and has the following format:

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Next Header | Hdr Ext Len | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +
| |
. .
. Options .
. .
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

Next Header 8-bit selector. Identifies the type of header
immediately following the Destination Options
header. Uses the same values as the IPv4
Protocol field RFC-1700 et seq.].

Hdr Ext Len 8-bit unsigned integer. Length of the
Destination Options header in 8-octet units,
not including the first 8 octets.

Options Variable-length field, of length such that the
complete Destination Options header is an
integer multiple of 8 octets long. Contains
one or more TLV-encoded options, as described
in section 4.2.

The only destination options defined in this document are the Pad1
and PadN options specified in section 4.2.

Note that there are two possible ways to encode optional destination
information in an IPv6 packet: either as an option in the Destination
Options header, or as a separate extension header. The Fragment
header and the Authentication header are examples of the latter
approach. Which approach can be used depends on what action is
desired of a destination node that does not understand the optional
information:

o if the desired action is for the destination node to discard
the packet and, only if the packet's Destination Address is not
a multicast address, send an ICMP Unrecognized Type message to
the packet's Source Address, then the information may be
encoded either as a separate header or as an option in the

Destination Options header whose Option Type has the value 11
in its highest-order two bits. The choice may depend on such
factors as which takes fewer octets, or which yields better
alignment or more efficient parsing.

o if any other action is desired, the information must be encoded
as an option in the Destination Options header whose Option
Type has the value 00, 01, or 10 in its highest-order two bits,
specifying the desired action (see section 4.2).

4.7 No Next Header

The value 59 in the Next Header field of an IPv6 header or any
extension header indicates that there is nothing following that
header. If the Payload Length field of the IPv6 header indicates the
presence of octets past the end of a header whose Next Header field
contains 59, those octets must be ignored, and passed on unchanged if
the packet is forwarded.

5. Packet Size Issues

IPv6 requires that every link in the internet have an MTU of 576
octets or greater. On any link that cannot convey a 576-octet packet
in one piece, link-specific fragmentation and reassembly must be
provided at a layer below IPv6.

From each link to which a node is directly attached, the node must
be able to accept packets as large as that link's MTU. Links that
have a configurable MTU (for example, PPP links RFC-1661) must be
configured to have an MTU of at least 576 octets; it is recommended
that a larger MTU be configured, to accommodate possible
encapsulations (i.e., tunneling) without incurring fragmentation.

It is strongly recommended that IPv6 nodes implement Path MTU
Discovery RFC-1191, in order to discover and take advantage of
paths with MTU greater than 576 octets. However, a minimal IPv6
implementation (e.g., in a boot ROM) may simply restrict itself to
sending packets no larger than 576 octets, and omit implementation of
Path MTU Discovery.

In order to send a packet larger than a path's MTU, a node may use
the IPv6 Fragment header to fragment the packet at the source and
have it reassembled at the destination(s). However, the use of such
fragmentation is discouraged in any application that is able to
adjust its packets to fit the measured path MTU (i.e., down to 576
octets).

A node must be able to accept a fragmented packet that, after
reassembly, is as large as 1500 octets, including the IPv6 header. A
node is permitted to accept fragmented packets that reassemble to
more than 1500 octets. However, a node must not send fragments that
reassemble to a size greater than 1500 octets unless it has explicit
knowledge that the destination(s) can reassemble a packet of that
size.

In response to an IPv6 packet that is sent to an IPv4 destination
(i.e., a packet that undergoes translation from IPv6 to IPv4), the
originating IPv6 node may receive an ICMP Packet Too Big message
reporting a Next-Hop MTU less than 576. In that case, the IPv6 node
is not required to reduce the size of subsequent packets to less than
576, but must include a Fragment header in those packets so that the
IPv6-to-IPv4 translating router can obtain a suitable Identification
value to use in resulting IPv4 fragments. Note that this means the
payload may have to be reduced to 528 octets (576 minus 40 for the
IPv6 header and 8 for the Fragment header), and smaller still if
additional extension headers are used.

Note: Path MTU Discovery must be performed even in cases where a
host "thinks" a destination is attached to the same link as
itself.

Note: Unlike IPv4, it is unnecessary in IPv6 to set a "Don't
Fragment" flag in the packet header in order to perform Path MTU
Discovery; that is an implicit attribute of every IPv6 packet.
Also, those parts of the <A href="/rfcs/rfc1191.html">RFC-1191 procedures that involve use of
a table of MTU "plateaus" do not apply to IPv6, because the IPv6
version of the "Datagram Too Big" message always identifies the
exact MTU to be used.

6. Flow Labels

The 24-bit Flow Label field in the IPv6 header may be used by a
source to label those packets for which it requests special handling
by the IPv6 routers, such as non-default quality of service or
"real-time" service. This aspect of IPv6 is, at the time of writing,
still experimental and subject to change as the requirements for flow
support in the Internet become clearer. Hosts or routers that do not
support the functions of the Flow Label field are required to set the
field to zero when originating a packet, pass the field on unchanged
when forwarding a packet, and ignore the field when receiving a
packet.

A flow is a sequence of packets sent from a particular source to a
particular (unicast or multicast) destination for which the source
desires special handling by the intervening routers. The nature of
that special handling might be conveyed to the routers by a control
protocol, such as a resource reservation protocol, or by information
within the flow's packets themselves, e.g., in a hop-by-hop option.
The details of such control protocols or options are beyond the scope
of this document.

There may be multiple active flows from a source to a destination, as
well as traffic that is not associated with any flow. A flow is
uniquely identified by the combination of a source address and a
non-zero flow label. Packets that do not belong to a flow carry a
flow label of zero.

A flow label is assigned to a flow by the flow's source node. New
flow labels must be chosen (pseudo-)randomly and uniformly from the
range 1 to FFFFFF hex. The purpose of the random allocation is to
make any set of bits within the Flow Label field suitable for use as
a hash key by routers, for looking up the state associated with the
flow.

All packets belonging to the same flow must be sent with the same
source address, destination address, priority, and flow label. If
any of those packets includes a Hop-by-Hop Options header, then they
all must be originated with the same Hop-by-Hop Options header
contents (excluding the Next Header field of the Hop-by-Hop Options
header). If any of those packets includes a Routing header, then
they all must be originated with the same contents in all extension
headers up to and including the Routing header (excluding the Next
Header field in the Routing header). The routers or destinations are
permitted, but not required, to verify that these conditions are
satisfied. If a violation is detected, it should be reported to the
source by an ICMP Parameter Problem message, Code 0, pointing to the
high-order octet of the Flow Label field (i.e., offset 1 within the
IPv6 packet).

Routers are free to "opportunistically" set up flow-handling state
for any flow, even when no explicit flow establishment information
has been provided to them via a control protocol, a hop-by-hop
option, or other means. For example, upon receiving a packet from a
particular source with an unknown, non-zero flow label, a router may
process its IPv6 header and any necessary extension headers as if the
flow label were zero. That processing would include determining the
next-hop interface, and possibly other actions, such as updating a
hop-by-hop option, advancing the pointer and addresses in a Routing
header, or deciding on how to queue the packet based on its Priority
field. The router may then choose to "remember" the results of those
processing steps and cache that information, using the source address
plus the flow label as the cache key. Subsequent packets with the
same source address and flow label may then be handled by referring
to the cached information rather than examining all those fields
that, according to the requirements of the previous paragraph, can be
assumed unchanged from the first packet seen in the flow.

Cached flow-handling state that is set up opportunistically, as
discussed in the preceding paragraph, must be discarded no more than
6 seconds after it is established, regardless of whether or not
packets of the same flow continue to arrive. If another packet with
the same source address and flow label arrives after the cached state
has been discarded, the packet undergoes full, normal processing (as
if its flow label were zero), which may result in the re-creation of
cached flow state for that flow.

The lifetime of flow-handling state that is set up explicitly, for
example by a control protocol or a hop-by-hop option, must be
specified as part of the specification of the explicit set-up
mechanism; it may exceed 6 seconds.

A source must not re-use a flow label for a new flow within the
lifetime of any flow-handling state that might have been established
for the prior use of that flow label. Since flow-handling state with
a lifetime of 6 seconds may be established opportunistically for any
flow, the minimum interval between the last packet of one flow and
the first packet of a new flow using the same flow label is 6
seconds. Flow labels used for explicitly set-up flows with longer
flow-state lifetimes must remain unused for those longer lifetimes
before being re-used for new flows.

When a node stops and restarts (e.g., as a result of a "crash"), it
must be careful not to use a flow label that it might have used for
an earlier flow whose lifetime may not have expired yet. This may be
accomplished by recording flow label usage on stable storage so that
it can be remembered across crashes, or by refraining from using any
flow labels until the maximum lifetime of any possible previously
established flows has expired (at least 6 seconds; more if explicit

flow set-up mechanisms with longer lifetimes might have been used).
If the minimum time for rebooting the node is known (often more than
6 seconds), that time can be deducted from the necessary waiting
period before starting to allocate flow labels.

There is no requirement that all, or even most, packets belong to
flows, i.e., carry non-zero flow labels. This observation is placed
here to remind protocol designers and implementors not to assume
otherwise. For example, it would be unwise to design a router whose
performance would be adequate only if most packets belonged to flows,
or to design a header compression scheme that only worked on packets
that belonged to flows.

7. Priority

The 4-bit Priority field in the IPv6 header enables a source to
identify the desired delivery priority of its packets, relative to
other packets from the same source. The Priority values are divided
into two ranges: Values 0 through 7 are used to specify the priority
of traffic for which the source is providing congestion control,
i.e., traffic that "backs off" in response to congestion, such as TCP
traffic. Values 8 through 15 are used to specify the priority of
traffic that does not back off in response to congestion, e.g.,
"real-time" packets being sent at a constant rate.

For congestion-controlled traffic, the following Priority values are
recommended for particular application categories:

0 - uncharacterized traffic
1 - "filler" traffic (e.g., netnews)
2 - unattended data transfer (e.g., email)
3 - (reserved)
4 - attended bulk transfer (e.g., FTP, NFS)
5 - (reserved)
6 - interactive traffic (e.g., telnet, X)
7 - internet control traffic (e.g., routing protocols, SNMP)

For non-congestion-controlled traffic, the lowest Priority value (8)
should be used for those packets that the sender is most willing to
have discarded under conditions of congestion (e.g., high-fidelity
video traffic), and the highest value (15) should be used for those
packets that the sender is least willing to have discarded (e.g.,
low-fidelity audio traffic). There is no relative ordering implied
between the congestion-controlled priorities and the non-congestion-
controlled priorities.

8. Upper-Layer Protocol Issues

8.1 Upper-Layer Checksums

Any transport or other upper-layer protocol that includes the
addresses from the IP header in its checksum computation must be
modified for use over IPv6, to include the 128-bit IPv6 addresses
instead of 32-bit IPv4 addresses. In particular, the following
illustration shows the TCP and UDP "pseudo-header" for IPv6:

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
+ +
| |
+ Source Address +
| |
+ +
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
+ +
| |
+ Destination Address +
| |
+ +
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Payload Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| zero | Next Header |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

o If the packet contains a Routing header, the Destination
Address used in the pseudo-header is that of the final
destination. At the originating node, that address will be in
the last element of the Routing header; at the recipient(s),
that address will be in the Destination Address field of the
IPv6 header.

o The Next Header value in the pseudo-header identifies the
upper-layer protocol (e.g., 6 for TCP, or 17 for UDP). It will
differ from the Next Header value in the IPv6 header if there
are extension headers between the IPv6 header and the upper-
layer header.

o The Payload Length used in the pseudo-header is the length of
the upper-layer packet, including the upper-layer header. It
will be less than the Payload Length in the IPv6 header (or in

the Jumbo Payload option) if there are extension headers
between the IPv6 header and the upper-layer header.

o Unlike IPv4, when UDP packets are originated by an IPv6 node,
the UDP checksum is not optional. That is, whenever
originating a UDP packet, an IPv6 node must compute a UDP
checksum over the packet and the pseudo-header, and, if that
computation yields a result of zero, it must be changed to hex
FFFF for placement in the UDP header. IPv6 receivers must
discard UDP packets containing a zero checksum, and should log
the error.

The IPv6 version of ICMP RFC-1885 includes the above pseudo-header
in its checksum computation; this is a change from the IPv4 version
of ICMP, which does not include a pseudo-header in its checksum. The
reason for the change is to protect ICMP from misdelivery or
corruption of those fields of the IPv6 header on which it depends,
which, unlike IPv4, are not covered by an internet-layer checksum.
The Next Header field in the pseudo-header for ICMP contains the
value 58, which identifies the IPv6 version of ICMP.

8.2 Maximum Packet Lifetime

Unlike IPv4, IPv6 nodes are not required to enforce maximum packet
lifetime. That is the reason the IPv4 "Time to Live" field was
renamed "Hop Limit" in IPv6. In practice, very few, if any, IPv4
implementations conform to the requirement that they limit packet
lifetime, so this is not a change in practice. Any upper-layer
protocol that relies on the internet layer (whether IPv4 or IPv6) to
limit packet lifetime ought to be upgraded to provide its own
mechanisms for detecting and discarding obsolete packets.

8.3 Maximum Upper-Layer Payload Size

When computing the maximum payload size available for upper-layer
data, an upper-layer protocol must take into account the larger size
of the IPv6 header relative to the IPv4 header. For example, in
IPv4, TCP's MSS option is computed as the maximum packet size (a
default value or a value learned through Path MTU Discovery) minus 40
octets (20 octets for the minimum-length IPv4 header and 20 octets
for the minimum-length TCP header). When using TCP over IPv6, the
MSS must be computed as the maximum packet size minus 60 octets,
because the minimum-length IPv6 header (i.e., an IPv6 header with no
extension headers) is 20 octets longer than a minimum-length IPv4
header.

Appendix A. Formatting Guidelines for Options

This appendix gives some advice on how to lay out the fields when
designing new options to be used in the Hop-by-Hop Options header or
the Destination Options header, as described in section 4.2. These
guidelines are based on the following assumptions:

o One desirable feature is that any multi-octet fields within the
Option Data area of an option be aligned on their natural
boundaries, i.e., fields of width n octets should be placed at
an integer multiple of n octets from the start of the Hop-by-
Hop or Destination Options header, for n = 1, 2, 4, or 8.

o Another desirable feature is that the Hop-by-Hop or Destination
Options header take up as little space as possible, subject to
the requirement that the header be an integer multiple of 8
octets long.

o It may be assumed that, when either of the option-bearing
headers are present, they carry a very small number of options,
usually only one.

These assumptions suggest the following approach to laying out the
fields of an option: order the fields from smallest to largest, with
no interior padding, then derive the alignment requirement for the
entire option based on the alignment requirement of the largest field
(up to a maximum alignment of 8 octets). This approach is
illustrated in the following examples:

Example 1

If an option X required two data fields, one of length 8 octets and
one of length 4 octets, it would be laid out as follows:

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Option Type=X |Opt Data Len=12|
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| 4-octet field |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
+ 8-octet field +
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

Its alignment requirement is 8n+2, to ensure that the 8-octet field
starts at a multiple-of-8 offset from the start of the enclosing

header. A complete Hop-by-Hop or Destination Options header
containing this one option would look as follows:

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Next Header | Hdr Ext Len=1 | Option Type=X |Opt Data Len=12|
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| 4-octet field |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
+ 8-octet field +
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

Example 2

If an option Y required three data fields, one of length 4 octets,
one of length 2 octets, and one of length 1 octet, it would be laid
out as follows:

+-+-+-+-+-+-+-+-+
| Option Type=Y |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|Opt Data Len=7 | 1-octet field | 2-octet field |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| 4-octet field |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

Its alignment requirement is 4n+3, to ensure that the 4-octet field
starts at a multiple-of-4 offset from the start of the enclosing
header. A complete Hop-by-Hop or Destination Options header
containing this one option would look as follows:

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Next Header | Hdr Ext Len=1 | Pad1 Option=0 | Option Type=Y |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|Opt Data Len=7 | 1-octet field | 2-octet field |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| 4-octet field |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| PadN Option=1 |Opt Data Len=2 | 0 | 0 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

Example 3

A Hop-by-Hop or Destination Options header containing both options X
and Y from Examples 1 and 2 would have one of the two following
formats, depending on which option appeared first:

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Next Header | Hdr Ext Len=3 | Option Type=X |Opt Data Len=12|
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| 4-octet field |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
+ 8-octet field +
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| PadN Option=1 |Opt Data Len=1 | 0 | Option Type=Y |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|Opt Data Len=7 | 1-octet field | 2-octet field |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| 4-octet field |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| PadN Option=1 |Opt Data Len=2 | 0 | 0 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Next Header | Hdr Ext Len=3 | Pad1 Option=0 | Option Type=Y |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|Opt Data Len=7 | 1-octet field | 2-octet field |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| 4-octet field |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| PadN Option=1 |Opt Data Len=4 | 0 | 0 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| 0 | 0 | Option Type=X |Opt Data Len=12|
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| 4-octet field |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
+ 8-octet field +
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

Security Considerations

This document specifies that the IP Authentication Header RFC-1826
and the IP Encapsulating Security Payload RFC-1827 be used with
IPv6, in conformance with the Security Architecture for the Internet
Protocol RFC-1825.

Acknowledgments

The authors gratefully acknowledge the many helpful suggestions of
the members of the IPng working group, the End-to-End Protocols
research group, and the Internet Community At Large.

Authors' Addresses

Stephen E. Deering Robert M. Hinden
Xerox Palo Alto Research Center Ipsilon Networks, Inc.
3333 Coyote Hill Road 2191 E. Bayshore Road, Suite 100
Palo Alto, CA 94304 Palo Alto, CA 94303
USA USA

Phone: +1 415 812 4839 Phone: +1 415 846 4604
Fax: +1 415 812 4471 Fax: +1 415 855 1414
EMail: <A href="mailto:deering@parc.xerox.com">deering@parc.xerox.com EMail: <A href="mailto:hinden@ipsilon.com">hinden@ipsilon.com

References

RFC-1825 Atkinson, R., "Security Architecture for the Internet
Protocol", <A href="/rfcs/rfc1825.html">RFC 1825, Naval Research Laboratory, August
1995.

RFC 1826,
Naval Research Laboratory, August 1995.

RFC-1827 Atkinson, R., "IP Encapsulating Security Protocol
(ESP)", <A href="/rfcs/rfc1827.html">RFC 1827, Naval Research Laboratory, August
1995.

RFC-1885 Conta, A., and S. Deering, "Internet Control Message
Protocol (ICMPv6) for the Internet Protocol Version 6
(IPv6) Specification", <A href="/rfcs/rfc1885.html">RFC 1885, Digital Equipment
Corporation, Xerox PARC, December 1995.

RFC-1884 Hinden, R., and S. Deering, Editors, "IP Version 6
Addressing Architecture", <A href="/rfcs/rfc1884.html">RFC 1884, Ipsilon Networks,
Xerox PARC, December 1995.

RFC-1191 Mogul, J., and S. Deering, "Path MTU Discovery", RFC
1191, DECWRL, Stanford University, November 1990.

RFC 791,
USC/Information Sciences Institute, September 1981.

RFC-1700 Reynolds, J., and J. Postel, "Assigned Numbers", STD 2,
<A href="/rfcs/rfc1700.html">RFC 1700, USC/Information Sciences Institute, October
1994.

RFC-1661 Simpson, W., Editor, "The Point-to-Point Protocol
(PPP)", STD 51, <A href="/rfcs/rfc1661.html">RFC 1661, Daydreamer, July 1994.



RFC 1819 – Internet Stream Protocol Version 2 (ST2) Protocol Specification

 

Network Working Group                                  ST2 Working Group
Request for Comments: 1819           L. Delgrossi and L. Berger, Editors
Obsoletes: 1190, IEN 119                                     August 1995
Category: Experimental
                Internet Stream Protocol Version 2 (ST2)
                 Protocol Specification - Version ST2+
Status of this Memo
   This memo defines an Experimental Protocol for the Internet
   community.  This memo does not specify an Internet standard of any
   kind.  Discussion and suggestions for improvement are requested.
   Distribution of this memo is unlimited.
IESG NOTE
   This document is a revision of RFC1190. The charter of this effort
   was clarifying, simplifying and removing errors from RFC1190 to
   ensure interoperability of implementations.
   NOTE WELL: Neither the version of the protocol described in this
   document nor the previous version is an Internet Standard or under
   consideration for that status.
   Since the publication of the original version of the protocol, there
   have been significant developments in the state of the art.  Readers
   should note that standards and technology addressing alternative
   approaches to the resource reservation problem are currently under
   development within the IETF.
Abstract
   This memo contains a revised specification of the Internet STream
   Protocol Version 2 (ST2). ST2 is an experimental resource reservation
   protocol intended to provide end-to-end real-time guarantees over an
   internet. It allows applications to build multi-destination simplex
   data streams with a desired quality of service. The revised version
   of ST2 specified in this memo is called ST2+.
   This specification is a product of the STream Protocol Working Group
   of the Internet Engineering Task Force.
Table of Contents
     1  Introduction                                                   6
             1.1  What is ST2?                                         6
             1.2  ST2 and IP                                           8
             1.3  Protocol History                                     8
             1.3.1  RFC1190 ST and ST2+ Major Differences              9
             1.4  Supporting Modules for ST2                          10
             1.4.1  Data Transfer Protocol                            11
             1.4.2  Setup Protocol                                    11
             1.4.3  Flow Specification                                11
             1.4.4  Routing Function                                  12
             1.4.5  Local Resource Manager                            12
             1.5  ST2 Basic Concepts                                  15
             1.5.1  Streams                                           16
             1.5.2  Data Transmission                                 16
             1.5.3  Flow Specification                                17
             1.6  Outline of This Document                            19
     2  ST2 User Service Description                                  19
             2.1  Stream Operations and Primitive Functions           19
             2.2  State Diagrams                                      21
             2.3  State Transition Tables                             25
     3  The ST2 Data Transfer Protocol                                26
             3.1  Data Transfer with ST                               26
             3.2  ST Protocol Functions                               27
             3.2.1  Stream Identification                             27
             3.2.2  Packet Discarding based on Data Priority          27
     4  SCMP Functional Description                                   28
             4.1  Types of Streams                                    29
             4.1.1  Stream Building                                   30
             4.1.2  Knowledge of Receivers                            30
             4.2  Control PDUs                                        31
             4.3  SCMP Reliability                                    32
             4.4  Stream Options                                      33
             4.4.1  No Recovery                                       33
             4.4.2  Join Authorization Level                          34
             4.4.3  Record Route                                      34
             4.4.4  User Data                                         35
             4.5  Stream Setup                                        35
             4.5.1  Information from the Application                  35
             4.5.2  Initial Setup at the Origin                       35
             4.5.2.1  Invoking the Routing Function                   36
             4.5.2.2  Reserving Resources                             36
             4.5.3  Sending CONNECT Messages                          37
             4.5.3.1  Empty Target List                               37
             4.5.4  CONNECT Processing by an Intermediate ST agent    37
             4.5.5  CONNECT Processing at the Targets                 38
             4.5.6  ACCEPT Processing by an Intermediate ST agent     38
             4.5.7  ACCEPT Processing by the Origin                   39
             4.5.8  REFUSE Processing by the Intermediate ST agent    39
             4.5.9  REFUSE Processing by the Origin                   39
             4.5.10  Other Functions during Stream Setup              40
             4.6  Modifying an Existing Stream                        40
             4.6.1  The Origin Adding New Targets                     41
             4.6.2  The Origin Removing a Target                      41
             4.6.3  A Target Joining a Stream                         42
             4.6.3.1  Intermediate Agent (Router) as Origin           43
             4.6.4  A Target Deleting Itself                          43
             4.6.5  Changing a Stream's FlowSpec                      44
             4.7  Stream Tear Down                                    45
     5  Exceptional Cases                                             45
             5.1  Long ST Messages                                    45
             5.1.1  Handling of Long Data Packets                     45
             5.1.2  Handling of Long Control Packets                  46
             5.2  Timeout Failures                                    47
             5.2.1  Failure due to ACCEPT Acknowledgment Timeout      47
             5.2.2  Failure due to CHANGE Acknowledgment Timeout      47
             5.2.3  Failure due to CHANGE Response Timeout            48
             5.2.4  Failure due to CONNECT Acknowledgment Timeout     48
             5.2.5  Failure due to CONNECT Response Timeout           48
             5.2.6  Failure due to DISCONNECT Acknowledgment Timeout  48
             5.2.7  Failure due to JOIN Acknowledgment Timeout        48
             5.2.8  Failure due to JOIN Response Timeout              49
             5.2.9  Failure due to JOIN-REJECT Acknowledgment Timeout 49
             5.2.10  Failure due to NOTIFY Acknowledgment Timeout     49
             5.2.11  Failure due to REFUSE Acknowledgment Timeout     49
             5.2.12  Failure due to STATUS Response Timeout           49
             5.3  Setup Failures due to Routing Failures              50
             5.3.1  Path Convergence                                  50
             5.3.2  Other Cases                                       51
             5.4  Problems due to Routing Inconsistency               52
             5.5  Problems in Reserving Resources                     53
             5.5.1  Mismatched FlowSpecs                              53
             5.5.2  Unknown FlowSpec Version                          53
             5.5.3  LRM Unable to Process FlowSpec                    53
             5.5.4  Insufficient Resources                            53
             5.6  Problems Caused by CHANGE Messages                  54
             5.7  Unknown Targets in DISCONNECT and CHANGE            55
     6  Failure Detection and Recovery                                55
             6.1  Failure Detection                                   55
             6.1.1  Network Failures                                  56
             6.1.2  Detecting ST Agents Failures                      56
             6.2  Failure Recovery                                    58
             6.2.1  Problems in Stream Recovery                       60
             6.3  Stream Preemption                                   62
     7  A Group of Streams                                            63
             7.1  Basic Group Relationships                           63
             7.1.1  Bandwidth Sharing                                 63
             7.1.2  Fate Sharing                                      64
             7.1.3  Route Sharing                                     65
             7.1.4  Subnet Resources Sharing                          65
             7.2  Relationships Orthogonality                         65
     8  Ancillary Functions                                           66
             8.1  Stream ID Generation                                66
             8.2  Group Name Generator                                66
             8.3  Checksum Computation                                67
             8.4  Neighbor ST Agent Identification and
                     Information Collection                           67
             8.5  Round Trip Time Estimation                          68
             8.6  Network MTU Discovery                               68
             8.7  IP Encapsulation of ST                              69
             8.8  IP Multicasting                                     70
     9  The ST2+ Flow Specification                                   71
             9.1  FlowSpec Version #0 - (Null FlowSpec)               72
             9.2  FlowSpec Version #7 - ST2+ FlowSpec                 72
             9.2.1  QoS Classes                                       73
             9.2.2  Precedence                                        74
             9.2.3  Maximum Data Size                                 74
             9.2.4  Message Rate                                      74
             9.2.5  Delay and Delay Jitter                            74
             9.2.6  ST2+ FlowSpec Format                              75
     10  ST2 Protocol Data Units Specification                        77
             10.1  Data PDU                                           77
             10.1.1  ST Data Packets                                  78
             10.2  Control PDUs                                       78
             10.3  Common SCMP Elements                               80
             10.3.1  FlowSpec                                         80
             10.3.2  Group                                            81
             10.3.3  MulticastAddress                                 82
             10.3.4  Origin                                           82
             10.3.5  RecordRoute                                      83
             10.3.6  Target and TargetList                            84
             10.3.7  UserData                                         85
             10.3.8  Handling of Undefined Parameters                 86
             10.4  ST Control Message PDUs                            86
             10.4.1  ACCEPT                                           86
             10.4.2  ACK                                              88
             10.4.3  CHANGE                                           89
             10.4.4  CONNECT                                          89
             10.4.5  DISCONNECT                                       92
             10.4.6  ERROR                                            93
             10.4.7  HELLO                                            94
             10.4.8  JOIN                                             95
             10.4.9  JOIN-REJECT                                      96
             10.4.10  NOTIFY                                          97
             10.4.11  REFUSE                                          98
             10.4.12  STATUS                                         100
             10.4.13  STATUS-RESPONSE                                100
             10.5  Suggested Protocol Constants                      101
             10.5.1  SCMP Messages                                   102
             10.5.2  SCMP Parameters                                 102
             10.5.3  ReasonCode                                      102
             10.5.4  Timeouts and Other Constants                    104
             10.6  Data Notations                                    105
     11  References                                                  106
     12  Security Considerations                                     108
     13  Acknowledgments and Authors' Addresses                      108
1.  Introduction
1.1  What is ST2?
   The Internet Stream Protocol, Version 2 (ST2) is an experimental
   connection-oriented internetworking protocol that operates at the
   same layer as connectionless IP. It has been developed to support the
   efficient delivery of data streams to single or multiple destinations
   in applications that require guaranteed quality of service. ST2 is
   part of the IP protocol family and serves as an adjunct to, not a
   replacement for, IP. The main application areas of the protocol are
   the real-time transport of multimedia data, e.g., digital audio and
   video packet streams, and distributed simulation/gaming, across
   internets.
   ST2 can be used to reserve bandwidth for real-time streams across
   network routes. This reservation, together with appropriate network
   access and packet scheduling mechanisms in all nodes running the
   protocol, guarantees a well-defined Quality of Service (QoS) to ST2
   applications. It ensures that real-time packets are delivered within
   their deadlines, that is, at the time where they need to be
   presented.  This facilitates a smooth delivery of data that is
   essential for time- critical applications, but can typically not be
   provided by best- effort IP communication.
                      DATA PATH                         CONTROL PATH
                      =========                         ============
       Upper     +------------------+                     +---------+
       Layer     | Application data |                     | Control |
                 +------------------+                     +---------+
                          |                                    |
                          |                                    V
                          |                     +-------------------+
       SCMP               |                     |   SCMP  |         |
                          |                     +-------------------+
                          |                             |
                          V                             V
            +-----------------------+      +------------------------+
       ST   | ST |                  |      | ST |         |         |
            +-----------------------+      +------------------------+
            D-bit=1                       D-bit=0
                   Figure 1: ST2 Data and Control Path
   Just like IP, ST2 actually consists of two protocols: ST for the data
   transport and SCMP, the Stream Control Message Protocol, for all
   control functions. ST is simple and contains only a single PDU format
   that is designed for fast and efficient data forwarding in order to
   achieve low communication delays. SCMP, however, is more complex than
   IP's ICMP. As with ICMP and IP, SCMP packets are transferred within
   ST packets as shown in Figure 1.
    +--------------------+
    | Conference Control |
    +--------------------+
   +-------+ +-------+ |
   | Video | | Voice | | +-----+ +------+ +-----+     +-----+ Application
   | Appl  | | Appl  | | | SNMP| |Telnet| | FTP | ... |     |    Layer
   +-------+ +-------+ | +-----+ +------+ +-----+     +-----+
       |        |      |     |        |     |            |
       V        V      |     |        |     |            |   ------------
    +-----+  +-----+   |     |        |     |            |
    | PVP |  | NVP |   |     |        |     |            |
    +-----+  +-----+   +     |        |     |            |
     |   \      | \     \    |        |     |            |
     |    +-----|--+-----+   |        |     |            |
     |     Appl.|control  V  V        V     V            V
     | ST  data |         +-----+    +-------+        +-----+
     | & control|         | UDP |    |  TCP  |    ... | RTP | Transport
     |          |         +-----+    +-------+        +-----+   Layer
     |         /|          / | \       / / |          / /|
     |\       / |  +------+--|--\-----+-/--|--- ... -+ / |
     | \     /  |  |         |   \     /   |          /  |
     |  \   /   |  |         |    \   +----|--- ... -+   |   -----------
     |   \ /    |  |         |     \ /     |             |
     |    V     |  |         |      V      |             |
     | +------+ |  |         |   +------+  |   +------+  |
     | | SCMP | |  |         |   | ICMP |  |   | IGMP |  |    Internet
     | +------+ |  |         |   +------+  |   +------+  |     Layer
     |    |     |  |         |      |      |      |      |
     V    V     V  V         V      V      V      V      V
   +-----------------+  +-----------------------------------+
   | STream protocol |->|      Internet     Protocol        |
   +-----------------+  +-----------------------------------+
                  | \   / |
                  |  \ /  |
                  |   X   |                                  ------------
                  |  / \  |
                  | /   \ |
                  VV     VV
   +----------------+   +----------------+
   | (Sub-) Network |...| (Sub-) Network |                  (Sub-)Network
   |    Protocol    |   |    Protocol    |                     Layer
   +----------------+   +----------------+
                   Figure 2.  Protocol Relationships
1.2  ST2 and IP
   ST2 is designed to coexist with IP on each node. A typical
   distributed multimedia application would use both protocols: IP for
   the transfer of traditional data and control information, and ST2 for
   the transfer of real-time data. Whereas IP typically will be accessed
   from TCP or UDP, ST2 will be accessed via new end-to-end real-time
   protocols. The position of ST2 with respect to the other protocols of
   the Internet family is represented in Figure 2.
   Both ST2 and IP apply the same addressing schemes to identify
   different hosts. ST2 and IP packets differ in the first four bits,
   which contain the internetwork protocol version number: number 5 is
   reserved for ST2 (IP itself has version number 4). As a network layer
   protocol, like IP, ST2 operates independently of its underlying
   subnets. Existing implementations use ARP for address resolution, and
   use the same Layer 2 SAPs as IP.
   As a special function, ST2 messages can be encapsulated in IP
   packets.  This is represented in Figure 2 as a link between ST2 and
   IP. This link allows ST2 messages to pass through routers which do
   not run ST2.  Resource management is typically not available for
   these IP route segments. IP encapsulation is, therefore, suggested
   only for portions of the network which do not constitute a system
   bottleneck.
   In Figure 2, the RTP protocol is shown as an example of transport
   layer on top of ST2. Others include the Packet Video Protocol (PVP)
   [Cole81], the Network Voice Protocol (NVP) [Cohe81], and others such
   as the Heidelberg Transport Protocol (HeiTP) [DHHS92].
1.3  Protocol History
   The first version of ST was published in the late 1970's and was used
   throughout the 1980's for experimental transmission of voice, video,
   and distributed simulation. The experience gained in these
   applications led to the development of the revised protocol version
   ST2. The revision extends the original protocol to make it more
   complete and more applicable to emerging multimedia environments. The
   specification of this protocol version is contained in Internet RFC
   1190 which was published in October 1990 [RFC1190].
   With more and more developments of commercial distributed multimedia
   applications underway and with a growing dissatisfaction at the
   transmission quality for audio and video over IP in the MBONE,
   interest in ST2 has grown over the last years. Companies have
   products available incorporating the protocol. The BERKOM MMTS
   project of the German PTT [DeAl92] uses ST2 as its core protocol for
   the provision of multimedia teleservices such as conferencing and
   mailing. In addition, implementations of ST2 for Digital Equipment,
   IBM, NeXT, Macintosh, PC, Silicon Graphics, and Sun platforms are
   available.
   In 1993, the IETF started a new working group on ST2 as part of
   ongoing efforts to develop protocols that address resource
   reservation issues.  The group's mission was to clean up the existing
   protocol specification to ensure better interoperability between the
   existing and emerging implementations. It was also the goal to
   produce an updated experimental protocol specification that reflected
   the experiences gained with the existing ST2 implementations and
   applications. Which led to the specification of the ST2+ protocol
   contained in this document.
1.3.1  RFC1190 ST and ST2+ Major Differences
   The protocol changes from RFC1190 were motivated by protocol
   simplification and clarification, and codification of extensions in
   existing implementations. This section provides a list of major
   differences, and is probably of interest only to those who have
   knowledge of RFC1190. The major differences between the versions are:
o   Elimination of "Hop IDentifiers" or HIDs. HIDs added much complexity
    to the protocol and was found to be a major impediment to
    interoperability. HIDs have been replaced by globally unique
    identifiers called "Stream IDentifiers" or SIDs.
o   Elimination of a number of stream options. A number of options were
    found to not be used by any implementation, or were thought to add
    more complexity than value. These options were removed. Removed
    options include: point-to-point, full-duplex, reverse charge, and
    source route.
o   Elimination of the concept of "subset" implementations. RFC1190
    permitted subset implementations, to allow for easy implementation
    and experimentation. This led to interoperability problems. Agents
    implementing the protocol specified in this document, MUST implement
    the full protocol. A number of the protocol functions are best-
    effort. It is expected that some implementations will make more
    effort than others in satisfying particular protocol requests.
o   Clarification of the capability of targets to request to join a
    steam. RFC1190 can be interpreted to support target requests, but
    most implementors did not understand this and did not add support
    for this capability. The lack of this capability was found to be a
    significant limitation in the ability to scale the number of
    participants in a single ST stream. This clarification is based on
    work done by IBM Heidelberg.
o   Separation of functions between ST and supporting modules. An effort
    was made to improve the separation of functions provided by ST and
    those provided by other modules. This is reflected in reorganization
    of some text and some PDU formats. ST was also made FlowSpec
    independent, although it does define a FlowSpec for testing and
    interoperability purposes.
o   General reorganization and re-write of the specification. This
    document has been organized with the goal of improved readability
    and clarity. Some sections have been added, and an effort was made
    to improve the introduction of concepts.
1.4  Supporting Modules for ST2
   ST2 is one piece of a larger mosaic. This section presents the
   overall communication architecture and clarifies the role of ST2 with
   respect to its supporting modules.
   ST2 proposes a two-step communication model. In the first step, the
   real-time channels for the subsequent data transfer are built. This
   is called stream setup. It includes selecting the routes to the
   destinations and reserving the correspondent resources. In the second
   step, the data is transmitted over the previously established
   streams.  This is called data transfer. While stream setup does not
   have to be completed in real-time, data transfer has stringent real-
   time requirements. The architecture used to describe the ST2
   communication model includes:
o   a data transfer protocol for the transmission of real-time data
    over the established streams,
o   a setup protocol to establish real-time streams based on the flow
    specification,
o   a flow specification to express user real-time requirements,
o   a routing function to select routes in the Internet,
o   a local resource manager to appropriately handle resources involved
    in the communication.
   This document defines a data protocol (ST), a setup protocol (SCMP),
   and a flow specification (ST2+ FlowSpec). It does not define a
   routing function and a local resource manager. However, ST2 assumes
   their existence.
   Alternative architectures are possible, see [RFC1633] for an example
   alternative architecture that could be used when implementing ST2.
1.4.1  Data Transfer Protocol
   The data transfer protocol defines the format of the data packets
   belonging to the stream. Data packets are delivered to the targets
   along the stream paths previously established by the setup protocol.
   Data packets are delivered with the quality of service associated
   with the stream.
   Data packets contain a globally unique stream identifier that
   indicates which stream they belong to. The stream identifier is also
   known by the setup protocol, which uses it during stream
   establishment. The data transfer protocol for ST2, known simply as
   ST, is completely defined by this document.
1.4.2  Setup Protocol
   The setup protocol is responsible for establishing, maintaining, and
   releasing real-time streams. It relies on the routing function to
   select the paths from the source to the destinations. At each
   host/router on these paths, it presents the flow specification
   associated with the stream to the local resource manager. This causes
   the resource managers to reserve appropriate resources for the
   stream.  The setup protocol for ST2 is called Stream Control Message
   Protocol, or SCMP, and is completely defined by this document.
1.4.3  Flow Specification
   The flow specification is a data structure including the ST2
   applications' QoS requirements. At each host/router, it is used by
   the local resource manager to appropriately handle resources so that
   such requirements are met. Distributing the flow specification to all
   resource managers along the communication paths is the task of the
   setup protocol. However, the contents of the flow specification are
   transparent to the setup protocol, which simply carries the flow
   specification. Any operations on the flow specification, including
   updating internal fields and comparing flow specifications are
   performed by the resource managers.
   This document defines a specific flow specification format that
   allows for interoperability among ST2 implementations. This flow
   specification is intended to support a flow with a single
   transmission rate for all destinations in the stream. Implementations
   may support more than one flow specification format and the means are
   provided to add new formats as they are defined in the future.
   However, the flow specification format has to be consistent
   throughout the stream, i.e., it is not possible to use different flow
   specification formats for different parts of the same stream.
1.4.4  Routing Function
   The routing function is an external unicast route generation
   capability. It provides the setup protocol with the path to reach
   each of the desired destinations. The routing function is called on a
   hop-by-hop basis and provides next-hop information. Once a route is
   selected by the routing function, it persists for the whole stream
   lifetime. The routing function may try to optimize based on the
   number of targets, the requested resources, or use of local network
   multicast or bandwidth capabilities. Alternatively, the routing
   function may even be based on simple connectivity information.
   The setup protocol is not necessarily aware of the criteria used by
   the routing function to select routes. It works with any routing
   function algorithm. The algorithm adopted is a local matter at each
   host/router and different hosts/routers may use different algorithms.
   The interface between setup protocol and routing function is also a
   local matter and therefore it is not specified by this document.
   This version of ST does not support source routing. It does support
   route recording. It does include provisions that allow identification
   of ST capable neighbors. Identification of remote ST hosts/routers is
   not specifically addressed.
1.4.5  Local Resource Manager
   At each host/router traversed by a stream, the Local Resource Manager
   (LRM) is responsible for handling local resources. The LRM knows
   which resources are on the system and what capacity they can provide.
   Resources include:
o   CPUs on end systems and routers to execute the application and
    protocol software,
o   main memory space for this software (as in all real-time systems,
    code should be pinned in main memory, as swapping it out would have
    detrimental effects on system performance),
o   buffer space to store the data, e.g., communication packets, passing
    through the nodes,
o   network adapters, and
o   transmission networks between the nodes. Networks may be as simple
    as point-to-point links or as complex as switched networks such as
    Frame Relay and ATM networks.
   During stream setup and modification, the LRM is presented by the
   setup protocol with the flow specification associated to the stream.
   For each resource it handles, the LRM is expected to perform the
   following functions:
o   Stream Admission Control: it checks whether, given the flow
    specification, there are sufficient resources left to handle the new
    data stream. If the available resources are insufficient, the new
    data stream must be rejected.
o   QoS Computation: it calculates the best possible performance the
    resource can provide for the new data stream under the current
    traffic conditions, e.g., throughput and delay values are computed.
o   Resource Reservation: it reserves the resource capacities required
    to meet the desired QoS.
   During data transfer, the LRM is responsible for:
o   QoS Enforcement: it enforces the QoS requirements by appropriate
    scheduling of resource access. For example, data packets from an
    application with a short guaranteed delay must be served prior to
    data from an application with a less strict delay bound.
   The LRM may also provide the following additional functions:
o   Data Regulation: to smooth a stream's data traffic, e.g., as with the
    leaky bucket algorithm.
o   Policing: to prevent applications exceed their negotiated QoS, e.g.,
    to send data at a higher rate than indicated in the flow
    specification.
o   Stream Preemption: to free up resources for other streams with
    higher priority or importance.
   The strategies adopted by the LRMs to handle resources are resource-
   dependent and may vary at every host/router. However, it is necessary
   that all LRMs have the same understanding of the flow specification.
   The interface between setup protocol and LRM is a local matter at
   every host and therefore it is not specified by this document. An
   example of LRM is the Heidelberg Resource Administration Technique
   (HeiRAT) [VoHN93].
   It is also assumed that the LRM provides functions to compare flow
   specifications, i.e., to decide whether a flow specification requires
   a greater, equal, or smaller amount of resource capacities to be
   reserved.
1.5  ST2 Basic Concepts
   The following sections present at an introductory level some of the
   fundamental ST2 concepts including streams, data transfer, and flow
   specification.
            Hosts Connections...                :      ...and Streams
            ====================                :      ==============
        data       Origin                       :          Origin
       packets +-----------+                    :          +----+
          +----|Application|                    :          |    |
          |    |-----------|                    :          +----+
          +--->| ST Agent  |                    :           |  |
               +-----------+                    :           |  |
                     |                          :           |  |
                     V                          :           |  |
              +-------------+                   :           |  |
              |             |                   :           |  |
+-------------|  Network A  |                   :   +-------+  +--+
|             |             |                   :   |             |
|             +-------------+                   :   |     Target 2|
|                    |     Target 2             :   |     & Router|
|     Target 1       |    and Router            :   |             |
|  +-----------+     |  +-----------+           :   V             V
|  |Application|<-+  |  |Application|<-+        : +----+        +----+
|  |-----------|  |  |  |-----------|  |        : |    |        |    |
+->| ST Agent  |--+  +->| ST Agent  |--+        : +----+        +----+
   +-----------+        +-----------+           :Target 1         |  |
                              |                 :                 |  |
                              V                 :                 |  |
                    +-------------+             :                 |  |
                    |             |             :                 |  |
      +-------------|  Network B  |             :           +-----+  |
      |             |             |             :           |        |
      |             +-------------+             :           |        |
      |    Target 3        |    Target 4        :           |        |
      |  +-----------+     |  +-----------+     :           V        V
      |  |Application|<-+  |  |Application|<-+  :         +----+ +----+
      |  |-----------|  |  |  |-----------|  |  :         |    | |    |
      +->| ST Agent  |--+  +->| ST Agent  |--+  :         +----+ +----+
         +-----------+        +-----------+     :      Target 3 Target 4
                                                :
                         Figure 3: The Stream Concept
1.5.1  Streams
   Streams form the core concepts of ST2. They are established between a
   sending origin and one or more receiving targets in the form of a
   routing tree. Streams are uni-directional from the origin to the
   targets. Nodes in the tree represent so-called ST agents, entities
   executing the ST2 protocol; links in the tree are called hops. Any
   node in the middle of the tree is called an intermediate agent, or
   router. An agent may have any combination of origin, target, or
   intermediate capabilities.
   Figure 3 illustrates a stream from an origin to four targets, where
   the ST agent on Target 2 also functions as an intermediate agent. Let
   us use this Target 2/Router node to explain some basic ST2
   terminology: the direction of the stream from this node to Target 3
   and 4 is called downstream, the direction towards the Origin node
   upstream. ST agents that are one hop away from a given node are
   called previous-hops in the upstream, and next-hops in the downstream
   direction.
   Streams are maintained using SCMP messages. Typical SCMP messages are
   CONNECT and ACCEPT to build a stream, DISCONNECT and REFUSE to close
   a stream, CHANGE to modify the quality of service associated with a
   stream, and JOIN to request to be added to a stream.
   Each ST agent maintains state information describing the streams
   flowing through it. It can actively gather and distribute such
   information. It can recognize failed neighbor ST agents through the
   use of periodic HELLO message exchanges. It can ask other ST agents
   about a particular stream via a STATUS message. These ST agents then
   send back a STATUS-RESPONSE message. NOTIFY messages can be used to
   inform other ST agents of significant events.
   ST2 offers a wealth of functionalities for stream management. Streams
   can be grouped together to minimize allocated resources or to process
   them in the same way in case of failures. During audio conferences,
   for example, only a limited set of participants may talk at once.
   Using the group mechanism, resources for only a portion of the audio
   streams of the group need to be reserved. Using the same concept, an
   entire group of related audio and video streams can be dropped if one
   of them is preempted.
1.5.2  Data Transmission
   Data transfer in ST2 is simplex in the downstream direction. Data
   transport through streams is very simple. ST2 puts only a small
   header in front of the user data. The header contains a protocol
   identification that distinguishes ST2 from IP packets, an ST2 version
   number, a priority field (specifying a relative importance of streams
   in cases of conflict), a length counter, a stream identification, and
   a checksum. These elements form a 12-byte header.
   Efficiency is also achieved by avoiding fragmentation and reassembly
   on all agents. Stream establishment yields a maximum message size for
   data packets on a stream. This maximum message size is communicated
   to the upper layers, so that they provide data packets of suitable
   size to ST2.
   Communication with multiple next-hops can be made even more efficient
   using MAC Layer multicast when it is available. If a subnet supports
   multicast, a single multicast packet is sufficient to reach all
   next-hops connected to this subnet. This leads to a significant
   reduction of the bandwidth requirements of a stream. If multicast is
   not provided, separate packets need to be sent to each next-hop.
   As ST2 relies on reservation, it does not contain error correction
   mechanisms features for data exchange such as those found in TCP. It
   is assumed that real-time data, such as digital audio and video,
   require partially correct delivery only. In many cases, retransmitted
   packets would arrive too late to meet their real-time delivery
   requirements. Also, depending on the data encoding and the particular
   application, a small number of errors in stream data are acceptable.
   In any case, reliability can be provided by layers on top of ST2 when
   needed.
1.5.3  Flow Specification
   As part of establishing a connection, SCMP handles the negotiation of
   quality-of-service parameters for a stream. In ST2 terminology, these
   parameters form a flow specification (FlowSpec) which is associated
   with the stream. Different versions of FlowSpecs exist, see
   [RFC1190], [DHHS92] and [RFC1363], and can be distinguished by a
   version number.  Typically, they contain parameters such as average
   and maximum throughput, end-to-end delay, and delay variance of a
   stream. SCMP itself only provides the mechanism for relaying the
   quality-of-service parameters.
   Three kinds of entities participate in the quality-of-service
   negotiation: application entities on the origin and target sites as
   the service users, ST agents, and local resource managers (LRM). The
   origin application supplies the initial FlowSpec requesting a
   particular service quality. Each ST agent which obtains the FlowSpec
   as part of a connection establishment message, it presents the local
   resource manager with it. ST2 does not determine how resource
   managers make reservations and how resources are scheduled according
   to these reservations; ST2, however, assumes these mechanisms as its
   basis.
   An example of the FlowSpec negotiation procedure is illustrated in
   Figure 4. Depending on the success of its local reservations, the LRM
   updates the FlowSpec fields and returns the FlowSpec to the ST agent,
   which passes it downstream as part of the connection message.
   Eventually, the FlowSpec is communicated to the application at the
   target which may base its accept/reject decision for establishing the
   connection on it and may finally also modify the FlowSpec. If a
   target accepts the connection, the (possibly modified) FlowSpec is
   propagated back to the origin which can then calculate an overall
   service quality for all targets. The application entity at the origin
   may later request a CHANGE to adjust reservations.
                 Origin                 Router               Target 1
                +------+      1a       +------+      1b      +------+
                |      |-------------->|      |------------->|      |
                +------+               +------+              +------+
                 ^  | ^                                          |
                 |  | |                    2                     |
                 |  | +------------------------------------------+
                 +  +
 +-------------+  \  \             +-------------+       +-------------+
 |Max Delay: 12|   \  \            |Max Delay: 12|