[Ietf-behave] Topological complications from NAT
Bryan Ford <baford@mit.edu> Sun, 23 January 2005 11:08 UTC
From: Bryan Ford <baford@mit.edu>
Date: Sun, 23 Jan 2005 03:08:18 -0800
Subject: [Ietf-behave] Topological complications from NAT
Message-ID: <200501231208.13009.baford@mit.edu>
MIME-Version: 1.0
Content-Type: text/plain
Hi folks, I want to get your "first reactions" on an early draft of a new document that my co-author Pyda Srisuresh and I have started, which discusses certain NAT topics that the BEHAVE roadmap currently doesn't address, but probably needs to. As written so far, the document focuses particularly on discussing some of the "weird topologies" that NAT deployment increasingly (and often unintentionally) leads to, such as multi-level NAT with potentially overlapping private IP address spaces, and IP address space conflicts created by remote access VPN software. I've been thinking, however, that this document might appropriately be generalized a bit further into a document describing "recommendations pertaining to NAT deployment" or something like that. Currently on the BEHAVE roadmap we have several documents targetted at NAT implementors, and a document targetted at application developers, but nothing targetted at network administrators who actually _deploy_ NATs - this might be a crucial gap. (Obviously we want to avoid making the title sound like the document is recommending the deployment of NAT, which it's definitely not - but that's a wording issue.) Let us know what you think. Thanks, Bryan --- Topological Complications from Network Address Translation (NAT-TOP) Abstract This document identifies and provides recommendations for dealing with several new issues that have arisen recently out the ubiquitous deployment of network address translators (NAT), and the unconventional network topologies that are often constructed with them. First, the simplicity of configuring and administering networks through the combination of NAT and DHCP is increasingly leading to the deployment of multi-level hierarchies of interconnected private networks involving many overlapping private IP address spaces. The creation of these multi-level hierarchies is often unintentional, since each level of NAT is typically deployed by a separate administrative entity: e.g., an ISP, a corporation, or a home user. Second, the popularity of corporate virtual private networks (VPN) in conjunction with NAT leads to problems in which the private IP address space of the Internet access network through which a remote client is attached may unintentionally conflict with the private IP address space of the corporate network into which the remote client is tunneled. This document specifies best current practice recommendations for addressing each of these issues. Internet Draft B. Ford Document: draft-ford-behave-top-00.txt M.I.T. Expires: July 2005 P. Srisuresh Caymas Systems January 2005 Topological Complications from Network Address Translation (NAT-TOP) Status of this Memo This document is an Internet-Draft and is subject to all provisions of Section 10 of RFC2026. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet-Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet- Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/1id-abstracts.html The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html Distribution of this document is unlimited. Copyright Notice Copyright (C) The Internet Society (2005). All Rights Reserved. Abstract This document identifies and provides recommendations for dealing with several new issues that have arisen recently out the ubiquitous deployment of network address translators (NAT), and the unconventional network topologies that are often constructed with them. First, the simplicity of configuring and administering networks through the combination of NAT and DHCP is increasingly leading to the deployment of multi-level hierarchies of interconnected private networks involving many overlapping private IP address spaces. The creation of these multi-level hierarchies is often unintentional, since each level of NAT is typically deployed by Ford [Page 1] draft-ford-behave-top-00.txt January 2005 a separate administrative entity: e.g., an ISP, a corporation, or a home user. Second, the popularity of corporate virtual private networks (VPN) in conjunction with NAT leads to problems in which the private IP address space of the Internet access network through which a remote client is attached may unintentionally conflict with the private IP address space of the corporate network into which the remote client is tunneled. This document specifies best current practice recommendations for addressing each of these issues. Table of Contents 1. Introduction ................................................. 2. Multi-Level Private Address Space Topologies ................. 2.1. Operational Details of the Network ...................... 2.1.1. Client/Server Communication ........................... 2.1.2. Peer-to-Peer Communication ............................ 2.2. Caveats with the Network ................................ 2.3. Recommendations ......................................... 3. Remote Access VPN Topologies with Private Address Space ...... 3.1. Operational Details of the Network ...................... 3.2. Caveats with the Network ................................ 3.3. Recommendations .......................................... 4. Security Considerations ...................................... 1. Introduction The Internet was originally designed to use a single, global 32-bit IP address space to identify hosts on the network, allowing applications on one host to address and initiate communications with applications on any other host regardless of the respective hosts' topological locations or administrative domains. For a variety of pragmatic reasons, however, the Internet has gradually drifted away from strict conformance to this ideal of a single flat global address space, and towards a hierarchy of smaller "private" address spaces [RFC1918] clustered around a large central "public" address space. The most important pragmatic causes of this unintended evolution of the Internet's architecture appear to be: 1. Depletion of the 32-bit IPv4 address space due to the exploding total number of hosts on the Internet. Although IPv6 promises to solve this problem, the uptake of IPv6 has in practice been slower than expected. 2. Perceived Security and Privacy: Traditional NAT devices provide a filtering function that permits session flows to cross the NAT in just one direction, from private hosts to public network hosts. This filtering function is widely perceived as a security benefit. Ford [Page 2] draft-ford-behave-top-00.txt January 2005 In addition, the NAT's translation of a host's original IP addresses and port number in private network into an unrelated, external IP address and port number is perceived by some as a privacy benefit. 3. Ease-of-use: NAT vendors often combine the NAT function with a DHCP server function in the same device, which creates a compelling, effectively "plug-and-play" method of setting up small Internet-attached personal networks that is often much easier in practice for unsophisticated consumers than configuring up a true IP subnet. The many popular and inexpensive consumer NAT devices on the market are usually configured "out of the box" to obtain a single "public" IP address from an ISP or "upstream" network via DHCP, and the NAT device in turn acts as both a DHCP server and default router for any "downstream" hosts (and even other NATs) that the user plugs into it. Consumer NATs in this way effectively create and manage private home networks automatically without requiring any knowledge of network protocols or management on the part of the user. This ease-of-use benefit of NAT stems ultimately from the fact that DHCP is only capable of providing a single auto-configured IP address to each client. A DHCP client currently has no way to request a *block* of IP addresses from the server, from it might in turn form its own auto-configured "downstream" IP subnet for which it provides its own DHCP service. The fact that DHCP is only capable of auto-configuring client hosts, and is not capable of auto-configuring entire "client subnets", makes NAT a compelling solution in this common scenario. 2 Multi-Level Private Address Space Topologies Due to the above pragmatic considerations and perhaps others, NATs are increasingly, and often unintentionally, used to create hierarchically interconnected clusters of private networks as illustrated in the following diagram: Ford [Page 3] draft-ford-behave-top-00.txt January 2005 Main Internet (public IP addresses) ----+---------------+---------------+---------------+---- | | | | | | | | 66.39.3.7 18.181.0.31 138.76.29.7 155.99.25.1 +-------+ Host A Host B +-------------+ | NAT 1 | (Alice) (Jim) | NAT 2 | | (Bob) | | (CheapoISP) | +-------+ +-------------+ 10.1.1.1 10.1.1.1 | | | | Private Network 1 Private Network 2 (private IP addresses) (private IP addresses) ----+--------+---- ----+-----------------------+---- | | | | | | | | | | 10.1.1.10 10.1.1.11 10.1.1.10 10.1.1.11 10.1.1.12 Host C Host D +-------+ Host E +-------+ | NAT 3 | (Mary) | NAT 4 | | (Ann) | | (Lex) | +-------+ +-------+ 10.1.1.1 10.1.1.1 | | | | Private Network 3 | Private Network 4 (private IP addresses)| (private IP addresses) ----+-----------+---+ ----+-----------+---- | | | | | | | | 10.1.1.10 10.1.1.11 10.1.1.10 10.1.1.11 Host F Host G Host H Host I In the above scenario, Bob, Alice, Jim, and CheapoISP have each obtained a "genuine", globally routable IP address from an upstream service provider. Alice and Jim have chosen to attach only a single machine at each of these public IP addresses, preserving the originally intended architecture of the Internet and making their hosts, A and B, globally addressable throughout the Internet. Bob, in contrast, has purchased and attached a typical consumer NAT box. Bob's NAT obtains its external IP address (66.39.3.7) from Bob's ISP via DHCP, and automatically creates a private 10.1.1.x network for Bob's hosts C and D, acting as the DHCP server and default router for this private network. Bob probably does not even know anything about IP addresses; he merely knows that plugging the NAT into the Internet as instructed by the ISP, and then plugging his hosts into the NAT as the NAT's manual indicates, seems to work and gives all of his hosts Ford [Page 4] draft-ford-behave-top-00.txt January 2005 access to Internet. CheapoISP, an inexpensive service provider, has allocated only one or a few globally routable IP addresses, and uses NAT to share these public IP addresses among its many customers. Such an arrangement is becoming extremely common, especially in rapidly-developing countries where the exploding number of Internet-attached hosts greatly outstrips the ability of ISPs to obtain globally unique IP addresses for them. CheapoISP has chosen the popular 10.1.1.x address for its private network, since this is one of the three well-known private IP address blocks allocated in RFC specifically for this purpose. Out of the three incentives listed above for NAT deployment, the last two still apply even to customers of ISPs that use NAT, resulting in multi-level NAT toplogies as illustrated in the right side of the above diagram. (Even three-level NAT topologies are known to exist.) CheapoISP's customers Ann, Mary, and Lex have each obtained a single IP address on CheapoISP's network (Private Network 2), via DHCP as usual. Mary attaches only a single host at this point, but Ann and Lex each independently purchase and deploy consumer NATs in the same way that Bob did above. As it turns out, these consumer NATs also happen to use 10.1.1.x addresses for the private networks they create, since these are the configuration defaults hard-coded into the NATs by their vendors. Ann and Lex probably know nothing about IP addresses, and in particular they are probably unaware that the IP address spaces of their own private networks overlap not only with each other but also with the private IP address space used by their immediately upstream network. Nevertheless, despite this direct overlap, all of the "multi-level NATted hosts" - F, G, H, and I in this case - all nominally function and are able to initiate connections to any public server on the main Internet that has a globally routable IP address. Connections made from these hosts to the main Internet are merely translated twice: once by the consumer NAT (3 or 4) into the IP address space of CheapoISP's Private Network 2, and then again by CheapoISP's NAT 2 into the main Internet's global IP address space. 2.1 Operational Details of the Network In the "de facto" Internet address architecture that has resulted from the above pragmatic and economic incentives, only the nodes on the main Internet have globally unique IP addresses assigned by the official IP address registries. IP addresses on different private networks are typically managed independently: either manually by the administrator of the private network itself, or automatically by the NAT through which the private network is connected to its "upstream" service provider. Ford [Page 5] draft-ford-behave-top-00.txt January 2005 By convention, nodes on private networks are usually assigned IP addresses in one of the private address space ranges specifically allocated to this purpose in RFC 1918, ensuring that private IP addresses are easily distinguishable and do not conflict with the public IP addresses officially assigned to globally routable Internet hosts. A given private IP address can be and often is reused across many different private networks, however. In the figure above, for example, private networks 1, 2, 3, and 4 all have a node with IP address 10.1.1.10. Because the public and private IP address ranges are numerically disjoint, nodes on private networks can make use of both public and private IP addresses when initiating network communication sessions. Nodes on private networks can use private IP addresses to refer to other nodes on the same private network, and nodes can use public IP addresses to refer to nodes on the main Internet. Nodes on private networks have no direct method of addressing nodes on other private networks, however, and nodes on the main Internet have no direct way to address nodes on any private network. For example, host F in the figure above can directly address hosts A, B, and G using their assigned IP addresses, but F has no way to address any of the other hosts in the diagram. Host F in particular has no way even to address host E, even though E is located on the immediately "upstream" private network through which F is connected to the Internet! (Host E has the same IP address as host G, which is "legitimate" in the NAT world because the two hosts are on different private networks.) 2.1.1. Client/Server Communication When a host on a private network initiates a client/server-style communication session with a server on the main Internet, via the server's public IP address, the NAT intercepts the packets comprising that session (usually as a consequence of being the default router for the private network), and modifies the packets' IP and TCP/UDP headers so as to make the session appear externally as if it was initiated by the NAT itself. For example, if host C above initiates a connection to host A at IP address 18.181.0.31, NAT 1 modifies the packets comprising the session so as to appear on the main Internet as if the session originated from NAT 1. Similarly, if host F on private network 3 initiates a connection to host A, NAT 3 modifies the session so as to appear on private network 2 as if it had originated from NAT 3 at IP address 10.1.1.10. The modified session then traverses private network 2 and arrives at NAT 2, which further modifies the session so as to appear on the main Internet as if it had originated from NAT 2 at public IP address 155.99.25.1. The NATs in effect serve as Ford [Page 6] draft-ford-behave-top-00.txt January 2005 proxies that give their private "downstream" client nodes a temporary presence on "upstream" networks to support individual communication sessions. 2.1.2. Peer-to-Peer Communication While this network organization functions in practice for client/server-style communication, when the client is behind one or more levels of NAT and the server is on the main Internet, the lack of globally routable addresses for hosts on private networks makes direct peer-to-peer communication between those hosts difficult. For example, two private hosts F and H on the network shown above might "meet" and learn of each other through a well-known server on the main Internet, such as Host A, and desire to establish direct communication between G and H without requiring A to forward each packet. If G and H merely learn each other's (private) IP addresses from a registry kept by A, their attempts to connect to each other will fail because G and H reside on different private networks. Worse, if their connection attempts are not properly authenticated in some fashion, they may appear to succeed but end up talking to the wrong host: for example, G may end up talking to Host F, the host on Private Network 3 that happens to have the same private IP address as Host H. Host H might similarly end up unintentionally connecting to Host I. 2.2. Caveats with the Network (XXX This section is very rough and still needs a lot of work.) Even though conventional wisdom would suggest that the network described above is seriously broken, in practice it still works in many ways. Let us look at some anomalies here. For example, NAT-3 & NAT-4 are multi-homed on the same subnet(say, 10.1.1/24). Yet, the subnet is disjoint on different LANs; and so the NATs are really not multi-homed. This is an anomaly. NAT-3 is incapable of communicating reliably as a transport endpoint with other nodes on its adjacent networks 2 and 3 (e.g., for management purposes), unless its TCP/IP stack is capable of differentiating packets and communication sessions by the "side" or "port" they arrived from and not merely by IP address. If NAT-3 attempts to resolve the IP address of a neighboring host in the conventional manner by broadcasting an ARP request on all of its physical interfaces, for example, then it may get a different response on each of its physical interfaces. This is another anomaly. Ford [Page 7] draft-ford-behave-top-00.txt January 2005 2) Broken as it already is, it could have been worse and non- functional if the network layout wasnt carefully orchestrated to work. For example, all external interfaces are supposed to be heirarchically arranged, so the outgoign path reaches the Internet facing NAT. The NAT device is assumed to be providing DHCP-service on the private interfaces and NAT service on the external interface. If the nodes are connected differently, chaos could ensue - imagine one of the NAT devices (say, NAT-3) having its private interface on network-2 and NAt interface on network 3. Chaos could also ensue if there were multiple NAT devices on the same LAN. Multiple NAT devices providing DHCP service on the same LAN, from the same address pool is a recipe for chaos. Multiple nodes woudl end up having the same IP address. That would make the network broken. The network can also be broken if two NAT nodes attempt to provide NAT service without coordination between the two. The network will also be broken, if the address a NAT node (ex: NAT-3 or NAT-4) assumed on the DHCP-service providing interface is same as the address it is assigned on the external interface. This can easily happen when the vendors are different. Say, both interfaces being assigned 10.1.1.1 However below are some known caveats. 3. The NAT boxes (NAT 3, Nat 4, NAt 1, NAt 2) themselves do not provide any service other than respond to ping. NATs are not managed. 4. Hosts on the private realm are all assumed to be on a single LAN subnet. What if ISP unwisely uses private RFC1918 IP addresses for its mail servers, etc., which need to be accessible to its customers? Answer: bad things happen. 2.3. Recommendations (XXX needs a lot of work.) Consumer-oriented "Plug and Play" NAT devices MUST, and all NATs SHOULD, be able to handle topologies such as the one described above, in which a private IP address space on one side of the NAT potentially conflicts with the private IP address space on the other side. This means that the NAT must be able to keep the two IP address spaces separate in its internal data structures, and base all packet processing decisions on the "side" or "port" from which the packet arrived and not just on the basis of the IP addresses it contains. Ford [Page 8] draft-ford-behave-top-00.txt January 2005 NATs should individually conform to [BEHAVE-UDP] and [BEHAVE-TCP] guidelines, especially including hairpin translation support. Peer-to-peer apps should conform to [BEHAVE-APP] guidelines for middlebox traversal. Ideally, ISPs should not NAT their customers. If they do, any servers on the ISP's private network that need to be accessible to the ISP's customers (e.g., mail servers) should have global IP addresses, to ensure accessibility to customers who deploy NAT themselves. NAT boxes shoudl privide an ability to use one of two DHCP address pools and automagically use an address pool that does not conflict with the external interface IP address. 3. Remote Access VPN Topologies with Private Address Space Typically, when an enterprise user has a secure remote-access VPN client installed on his/her PC, the VPN client installs a Virtual adapter (VA) on the PC. When the secure VPN is established with corporate office, the VA is assigned an IP address from the corporate VPN-address pool. Subsequent to that, the routes on the PC are redone such that routes to all networks in the corporate network are redirected to the secure VPN, while leaving all other routes unchanged. Now, this becomes tricky when the corporate intranet network is built using RFC1918 address space. The employee may be accessing the corporate VPN either from his/her home office (or) a hotel (or) a customer site (or) a partner site. In other words, the employee's PC may already be located in a RFC1918 address space. So, when the VA is assigned an RC1918 address from the VPN server pool, there may be conflict with being able to route the packets correctly to the employee's corporate network. Ford [Page 9] draft-ford-behave-top-00.txt January 2005 (Corporate Private network 10.0.0.0/8) --------+---------------+------------+---------- | | 10.1.1.1 +---------------+ | | | Secure | | Remote Access | | VPN Server | +------+--------+ | {----+---------------+---------------} { } { Main Internet } { (public IP addresses) } { } {----+---------------+---------------} | 155.99.25.1 +----------------+ | NAT | | (in a Hotel | +--------+ | or home office | | | | or a partner's | | DHCP | | corp. office | | Server | | | | | +----------------+ +--------+ 10.1.1.1 10.1.1.2 | | Remote Private Network | | ----+-----------+-----------+-------------+----------+------ | | | | | | | | 10.1.1.10 10.1.1.11 10.1.1.12 10.1.1.13 Host A Host B +--------+ Host C | RA-VPN | | Client | | PC | +--------+ 3.1. Operational Details of the Network Ford [Page 10] draft-ford-behave-top-00.txt January 2005 3.2. Caveats with the Network 3.3. Recommendations Clearly, the remote access VPN client works best when the external client IP address (on the ethernet NIC) does not overlap with the corporate address space and the coporate VPN address pool. However, this cannot be assumed always. Employees often need to work from within arbitrary private IP address spaces such as hotel rooms, which neither the employee nor the corporate network administrator has any control over. In these situations, we advise the following to ensure proper operation of the Remote access VPN client. 1. The RA-VPN client's external IP address and subnet (at the remote site) should not fall within the address pool assigned by the VPN server. 2. The corporate VPN resources that match the following entities in remote address space will not be permitted access from the remote access VPN client. These are: a) client's external IP address, b) client's next-hop IP address, necessary to access the remote access VPN server from external interface, c) DHCP server on the remote network thatprovides address leases. In general, in orer to ensure continued availability of DHCP-server, any corporate network resource that overlaps the client's xternal IP address network is disallowed. For example, if the PC's external NIC is configured with 10.1.1.1/24, corporate network that overlaps this is not accessible from the remote access VPN client. XXX The above recommendations prevent "network meltdown", but still do not guarantee that the remote employee will be able to access the nodes on the corporate network he needs to if there is address overlap. Possible solutions: 1. Even if most of the private corporate network uses RFC1918 address space, allocate global IP addresses at least for the pool of IP addresses assigned to remote VPN clients, and for the critical servers on the corporate network that the remote VPN clients typically need to access. This will ensure at least that the remote VPN clients can always access those critical servers regardless of the private address space used at the remote attachment point. 2. We can suggest that there be two IP address pools on the VPN server, so the address pool which is used for a VPN client doesnt ever conflict with the physical NIC's IP address. For example, the VPN server might detect a conflict and inform the user that he Ford [Page 11] draft-ford-behave-top-00.txt January 2005 should try to connect to the "other" VPN server or IP address pool; ideally the VPN client and server could cooperate to perform this negotiation automatically. 3. the subnet mask used on the hotels be as small as possible (say, /29) and the hotels have a centralized DHCP-server that covers multiple small subnets. 4. Perhaps, if the VPN server identifed the overlap of the remote IP network and notified the VPN-client of the loss of connectivity to that portion of the corporate world, the VPN-client could do soemthing about it - such as talk to the local admin about assigning himself an IP address from a different subnet (say, plugging to a different plug point) if the hotel has such a facility. 5. Finally, the VPN-client could come in as bump in the stack and redirect all relevant packets in the subnet (with the exception of this that match with the router and DHCP server) over the VPN. This at least reduces the size of the "black hole" on the corporate network from a whole subnet to merely two IP addresses. 4. Security Considerations References (XXX needs serious updating) [BIDIR] Peer-to-Peer Working Group, NAT/Firewall Working Committee, "Bidirectional Peer-to-Peer Communication with Interposing Firewalls and NATs", August 2001. http://www.peer-to-peerwg.org/tech/nat/ [ICE] J. Rosenberg, "Interactive Connectivity Establishment (ICE): A Methodology for Network Address Translator (NAT) Traversal for the Session Initiation Protocol (SIP)", draft-rosenberg-sipping-ice-00 (Work In Progress), February 2003. [IPSEC-NAT] B. Aboba and W. Dixon, "IPsec-Network Address Translation (NAT) Compatibility Requirements", RFC 3715, March 2004. [KEGEL] Dan Kegel, "NAT and Peer-to-Peer Networking", July 1999. http://www.alumni.caltech.edu/~dank/peer-nat.html [MIDCOM] P. Srisuresh, J. Kuthan, J. Rosenberg, A. Molitor, and A. Rayhan, "Middlebox communication architecture and framework", RFC 3303, August 2002. Ford [Page 12] draft-ford-behave-top-00.txt January 2005 [NAT-APPL] D. Senie, "Network Address Translator (NAT)-Friendly Application Design Guidelines", RFC 3235, January 2002. [NAT-PROT] M. Holdrege and P. Srisuresh, "Protocol Complications with the IP Network Address Translator", RFC 3027, January 2001. [NAT-PT] G. Tsirtsis and P. Srisuresh, "Network Address Translation - Protocol Translation (NAT-PT)", RFC 2766, February 2000. [NAT-TERM] P. Srisuresh and M. Holdrege, "IP Network Address Translator (NAT) Terminology and Considerations", RFC 2663, August 1999. [NAT-TRAD] P. Srisuresh and K. Egevang, "Traditional IP Network Address Translator (Traditional NAT)", RFC 3022, January 2001. [RSIP] M. Borella, J. Lo, D. Grabelsky, and G. Montenegro, "Realm Specific IP: Framework", RFC 3102, October 2001. [SOCKS] M. Leech, M. Ganis, Y. Lee, R. Kuris, D. Koblas, and L. Jones, "SOCKS Protocol Version 5", RFC 1928, March 1996. [STUN] J. Rosenberg, J. Weinberger, C. Huitema, and R. Mahy, "STUN - Simple Traversal of User Datagram Protocol (UDP) Through Network Address Translators (NATs)", RFC 3489, March 2003. [SYM-STUN] Y. Takeda, "Symmetric NAT Traversal using STUN", draft-takeda-symmetric-nat-traversal-00.txt (Work In Progress), June 2003. [TCP] "Transmission Control Protocol", RFC 793, September 1981. [TEREDO] C. Huitema, "Teredo: Tunneling IPv6 over UDP through NATs", draft-ietf-ngtrans-shipworm-08.txt (Work In Progress), September 2002. [TURN] J. Rosenberg, J. Weinberger, R. Mahy, and C. Huitema, "Traversal Using Relay NAT (TURN)", draft-rosenberg-midcom-turn-01 (Work In Progress), March 2003. [UPNP] UPnP Forum, "Internet Gateway Device (IGD) Standardized Device Control Protocol V 1.0", November 2001. http://www.upnp.org/standardizeddcps/igd.asp Ford [Page 13] draft-ford-behave-top-00.txt January 2005 Author's Address Bryan Ford Computer Science and Artificial Intelligence Laboratory Massachusetts Institute of Technology 77 Massachusetts Ave. Cambridge, MA 02139 U.S.A. Phone: (617) 253-5261 E-mail: baford@xxxxxxx Web: http://www.brynosaurus.com/ Pyda Srisuresh Caymas Systems, Inc. 1179-A North McDowell Blvd. Petaluma, CA 94954 U.S.A. Phone: (707) 283-5063 E-mail: srisuresh@xxxxxxxxx Dan Kegel Kegel.com 901 S. Sycamore Ave. Los Angeles, CA 90036 Phone: (323) 931-6717 E-mail: dank@xxxxxxxxx Web: http://www.kegel.com/ Full Copyright Statement Copyright (C) The Internet Society (2005). All Rights Reserved. This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implementation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this paragraph are included on all such copies and derivative works. However, this document itself may not be modified in any way, such as by removing the copyright notice or references to the Internet Society or other Internet organizations, except as needed for the purpose of developing Internet standards in which case the procedures for copyrights defined in the Internet Standards process must be followed, or as required to translate it into languages other than English. The limited permissions granted above are perpetual and will not be revoked by the Internet Society or its successors or assigns. Ford [Page 14] draft-ford-behave-top-00.txt January 2005 This document and the information contained herein is provided on an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Ford [Page 15]