<?xml version='1.0' encoding='utf-8'?>
<!DOCTYPE rfc [
  <!ENTITY nbsp    "&#160;">
  <!ENTITY zwsp   "&#8203;">
  <!ENTITY nbhy   "&#8209;">
  <!ENTITY wj     "&#8288;">
]>
<?xml-stylesheet type="text/xsl" href="rfc2629.xslt" ?>
<!-- generated by https://github.com/cabo/kramdown-rfc version 1.7.39 (Ruby 3.2.3) -->
<rfc xmlns:xi="http://www.w3.org/2001/XInclude" ipr="trust200902" docName="draft-ietf-savnet-inter-domain-problem-statement-20" category="info" submissionType="IETF" xml:lang="en" version="3">
  <!-- xml2rfc v2v3 conversion 3.34.0 -->
  <front>
    <title abbrev="Inter-domain SAVNET Problem Statement">Problem Statement, Gap Analysis, and Requirements for Inter-Domain Source Address Validation</title>
    <seriesInfo name="Internet-Draft" value="draft-ietf-savnet-inter-domain-problem-statement-20"/>
    <author initials="D." surname="Li" fullname="Dan Li">
      <organization>Tsinghua University</organization>
      <address>
        <postal>
          <city>Beijing</city>
          <country>China</country>
        </postal>
        <email>tolidan@tsinghua.edu.cn</email>
      </address>
    </author>
    <author initials="L." surname="Qin" fullname="Lancheng Qin">
      <organization>Zhongguancun Laboratory</organization>
      <address>
        <postal>
          <city>Beijing</city>
          <country>China</country>
        </postal>
        <email>qinlc@zgclab.edu.cn</email>
      </address>
    </author>
    <author initials="L." surname="Liu" fullname="Libin Liu">
      <organization>Zhongguancun Laboratory</organization>
      <address>
        <postal>
          <city>Beijing</city>
          <country>China</country>
        </postal>
        <email>liulb@zgclab.edu.cn</email>
      </address>
    </author>
    <author initials="M." surname="Huang" fullname="Mingqing Huang">
      <organization>Huawei</organization>
      <address>
        <postal>
          <city>Beijing</city>
          <country>China</country>
        </postal>
        <email>huangmingqing@huawei.com</email>
      </address>
    </author>
    <author initials="K." surname="Sriram" fullname="Kotikalapudi Sriram">
      <organization abbrev="USA NIST">USA National Institute of Standards and Technology</organization>
      <address>
        <postal>
          <city>Gaithersburg</city>
          <region>MD</region>
          <country>United States of America</country>
        </postal>
        <email>sriram.ietf@gmail.com</email>
      </address>
    </author>
    <date year="2026" month="July" day="03"/>
    <area>Routing</area>
    <workgroup>SAVNET</workgroup>
    <abstract>
      <?line 124?>

<t>This document analyzes the problem space and provides a gap analysis of existing inter-domain source address validation (SAV) mechanisms. Based on these findings, it outlines the technical requirements for future improvements.</t>
    </abstract>
  </front>
  <middle>
    <?line 128?>

<section anchor="intro">
      <name>Introduction</name>
      <t>Source Address Validation (SAV) is a fundamental mechanism for detecting and mitigating source address spoofing attacks <xref target="RFC2827"/> <xref target="RFC5210"/> <xref target="RFC3704"/> <xref target="RFC8704"/>. Inter-domain SAV, defined in the context of Internet routing using BGP-4 <xref target="RFC4271"/>, checks the source addresses of data traffic received from a neighboring AS, whether that traffic originated within the neighbor's network or is being transited through it. Inter-domain SAV is applied at border routers to incoming traffic on external interfaces directly connected to a neighboring AS. The local AS (SAV performing AS) and the neighbor AS are connected using external BGP (eBGP). The neighbor AS could be using either a public AS number (ASN) or a private ASN <xref target="RFC6996"/>.</t>
      <t>This document analyzes the problem space and provides a gap analysis of existing inter-domain SAV mechanisms. Based on these findings, it outlines the technical requirements for future improvements.
The corresponding work related to intra-domain SAV is documented in <xref target="I-D.ietf-savnet-intra-domain-problem-statement"/>, which includes SAV for hosts and customers (non-AS) connected to the AS <xref target="SAC-004"/>.</t>
      <t>The eBGP sessions between the border routers of the SAV performing AS and the neighbor ASes may include Customer-to-Provider (C2P), Provider-to-Customer (P2C), lateral peering (P2P), and Route Server (RS) to RS-client connection. The terms customer, provider (transit provider), and lateral peer (non-transit peer; peer (for simplicity)) used in this document are consistent with those defined in <xref target="RFC7908"/> <xref target="RFC9234"/>. Further, <xref target="RFC9234"/> mentions RS and RS-client. An RS-to-RS-client interface is akin to the customer interface. For the purposes of SAV, an RS-client-to-RS interface may be treated (1) like a provider interface for simplicity, or (2) like a union of lateral peers considering all the ASes the RS-client chose to peer with at the IXP RS.</t>
      <t>For the terminology used in this section and the rest of the document, see <xref target="terminology"/>.</t>
      <t>Access Control List (ACL) and unicast Reverse Path Forwarding (uRPF) based techniques are currently utilized to some extent for inter-domain SAV. In this document, the inter-domain SAV methods from only the existing IETF RFCs (BCP 38 <xref target="RFC2827"/> and BCP 84 <xref target="RFC3704"/> <xref target="RFC8704"/>) are considered for the gap analysis.</t>
      <t>This document analyzes the available methods and attempts to answer: (1) what are the technical gaps (<xref target="gap"/>), (2) what are the outstanding problems (<xref target="problem"/>), and (3) what are the practical requirements for the solutions to these problems (<xref target="req"/>).</t>
      <t>The following summarizes the fundamental problems with existing SAV mechanisms, as analyzed in <xref target="gap"/>.</t>
      <ul spacing="normal">
        <li>
          <t>Improper block: Existing uRPF-based mechanisms suffer from improper block (false positives) in two inter-domain scenarios: Limited Propagation of a Prefix and Hidden Prefix.</t>
        </li>
        <li>
          <t>Improper permit: With some existing uRPF-based SAV mechanisms, improper permit (false negatives) can happen on any type of interface (customer, lateral peer, or provider). Specifically, if the method relaxes the directionality constraint <xref target="RFC3704"/> <xref target="RFC8704"/> to try to achieve zero improper blocking, the possibility of improper permit increases. (Note: It is recognized that unless there is full adoption of SAV in the customer cone (CC) of the interface in consideration, improper permit is not fully preventable in scenarios where source address spoofing occurs from within the CC, i.e., a prefix at one Autonomous System (AS) in the CC is spoofed from another AS in the same CC.)</t>
        </li>
        <li>
          <t>High operational overhead: ACL-based ingress SAV filtering, when not automated, introduces significant operational overhead, as it needs to update ACL rules manually to adapt to prefix or routing changes in a timely manner. The high operational overhead issue does not pertain to existing uRPF-based mechanisms.</t>
        </li>
      </ul>
      <t>To address these problems, this document specifies (<xref target="req"/>) the following key technical requirements for any new solution:</t>
      <ul spacing="normal">
        <li>
          <t>Improved SAV accuracy over existing mechanisms: Any new inter-domain SAV mechanism must provide improved SAV accuracy in terms of improper block and improper permit over existing mechanisms. It must seek to achieve zero improper blocking (i.e., avoid false positives) in certain scenarios of interest (<xref target="gap"/>). Further, it must improve the directionality of filtering (i.e., achieve greater rejection of spoofed traffic) over existing mechanisms.</t>
        </li>
        <li>
          <t>Reduced operational overhead: Any new inter-domain SAV mechanism should be able to automatically detect changes in the SAV-related information (<xref target="terminology"/>) and/or SAV-specific information (<xref target="terminology"/>) required for generating the SAV table, obtain the updated information, and use the updated information to generate or update the SAV table.</t>
        </li>
        <li>
          <t>Benefit in incremental/partial deployment: Any new inter-domain SAV mechanism must not assume pervasive adoption of the SAV method, the SAV-related information, or the SAV-specific information. It should benefit early adopters by providing effective protection from spoofing of source addresses even in partial deployment.</t>
        </li>
        <li>
          <t>Providing necessary security guarantee: If any new inter-domain SAV mechanism introduces or uses SAV-specific information, security mechanisms must exist to prevent malicious injection or alteration of the SAV-specific information.</t>
        </li>
        <li>
          <t>Efficient convergence: Any new inter-domain SAV mechanism should achieve efficient convergence of the SAV table after any relevant changes occur in the SAV-related information or SAV-specific information used by the mechanism.</t>
        </li>
      </ul>
      <t>Note that this document focuses on inter-domain SAV mechanisms that validate and filter packets without modifying data plane packets (<xref target="scope"/>). This scope limitation is intentional, since allowing packet modification would introduce additional design, forwarding, interoperability, and deployment considerations beyond the problem space studied in this document. Therefore, SAV mechanisms based on data packet modification are outside the scope of this document.</t>
      <!--
Note: Private AS was mentioned earlier. A public AS may serve as a transit gateway for a routing zone utilizing private ASes. These private AS numbers are not visible in external eBGP advertisements because the transit public AS strips them from the AS_PATH using standard vendor features, such as remove-private-as {{Cisco}} or remove-private {{Juniper}}.
-->

</section>
    <section anchor="terminology">
      <name>Terminology</name>
      <dl newline="true">
        <dt>SAV table:</dt>
        <dd>
          <t>The table of prefixes that indicates the validity of a specific source IP address or source IP prefix per interface. Sometimes the terms 'RPF (Reverse Path Forwarding) list' or 'SAV rules' are used interchangeably with 'SAV table'.</t>
        </dd>
        <dt>Improper Block:</dt>
        <dd>
          <t>The validation results in packets with legitimate source addresses being blocked improperly due to an inaccurate SAV table. (The terms 'improper block' and 'false positive' are used synonymously.)</t>
        </dd>
        <dt>Improper Permit:</dt>
        <dd>
          <t>The validation results in packets with spoofed source addresses being permitted improperly due to an inaccurate SAV table. (The terms 'improper permit' and 'false negative' are used synonymously.)</t>
        </dd>
        <dt>Customer Cone:</dt>
        <dd>
          <t>The Customer Cone (CC) of a given AS, denoted as AS-A, includes: (1) AS-A itself, (2) AS-A's direct customers (ASes), (3) The customers of AS-A's direct customers (indirect customers), (4) And so on, recursively, following all chains of provider-to-customer (P2C) links down the hierarchy.</t>
        </dd>
        <dt>Prefixes in the CC:</dt>
        <dd>
          <t>IP prefixes permitted by their owners to be originated by, or used as source addresses for data traffic originated from, one or more ASes within the CC.</t>
        </dd>
        <dt>SAV-related Information:</dt>
        <dd>
          <t>Routing information (e.g., RIBs and FIBs populated by routing protocols or by the local configuration information -- described below -- provided by the AS operator) and objects published in the Resource Public Key Infrastructure (RPKI) that were originally proposed for non-SAV purposes but may also be used for SAV. The RPKI objects include existing RPKI object types (e.g., ROAs and ASPAs) as well as any new types that may be proposed.</t>
        </dd>
        <dt>SAV-specific Information:</dt>
        <dd>
          <t>Information dedicated to SAV, which may be defined and exchanged between ASes using potentially new inter-AS communication protocol or an extension of an existing protocol. The information may also take the form of new RPKI object type(s). It may also come from the local configuration information provided by the AS operator.</t>
        </dd>
        <dt>Configuration Information:</dt>
        <dd>
          <t>This information is configured locally by the AS operator. For example, an AS provisions (suballocates) prefixes p1 and p2 for a non-BGP customer network, which also owns an RIR-allocated prefix p3. The customer instructs the AS to advertise p1 via eBGP on the public Internet, restrict p2 strictly to internal use (in the customer network), and refrain from advertising p3 while still allowing it to source outbound traffic. The AS locally configures these prefixes accordingly. This configuration information is valuable for both intra-domain SAV to permit expected prefixes and inter-domain SAV at other interfaces to block unexpected prefixes.</t>
        </dd>
      </dl>
      <!-- The AS uses this configuration information locally for route origination and SAV filtering purposes. The configuration information can be viewed partly as SAV-related information (e.g., prefixes p1, p2) and partly as SAV-specific information (e.g., prefix p3). -->

<dl>
        <dt>Direct Server Return (DSR):</dt>
        <dd>
          <t>A traffic delivery model commonly used by Content Delivery Networks (CDNs) that use anycast service addresses while delivering data from edge locations that do not announce those addresses. In such deployments, a request is received by the anycast server or location, but the response is sent directly by another server (i.e., the edge location) with the anycast service address as the source address, rather than the address used to reach the edge server. This can create a legitimate hidden-prefix scenario.</t>
        </dd>
      </dl>
    </section>
    <section anchor="SAV_methods">
      <name>Existing Inter-domain SAV Mechanisms</name>
      <t>Inter-domain SAV is typically performed at the AS level (on a per neighbor-AS-interface basis) and can be deployed at AS border routers (ASBRs) to prevent source address spoofing. There are various mechanisms available to implement inter-domain SAV for anti-spoofing ingress filtering <xref target="nist"/> <xref target="manrs"/> <xref target="isoc"/>, which are reviewed in this section.</t>
      <ul spacing="normal">
        <li>
          <t>ACL-based ingress filtering <xref target="RFC3704"/>: ACL-based ingress SAV filtering is a technique that relies on ACL rules to filter packets based on their source addresses. The ACL rules may be generated based on local configuration information (<xref target="terminology"/>), possibly combined with other sources. However, ACL-based ingress SAV filtering, when not automated, introduces significant operational overhead, as ACL rules need to be updated in a timely manner to reflect prefix or routing changes in the inter-domain routing system. One may think of using ACL (perhaps erroneously) as a denylist on a provider interface to block source prefixes that are clearly invalid in the inter-domain routing context, such as internal-use-only prefixes of the SAV-performing AS, IANA special purpose prefixes, and unallocated IPv4/IPv6 prefixes. But it is impractical to store and maintain a very large and dynamically varying set of unallocated IPv6 prefixes. Instead, it may be more practical, for example, to compute an ACL denylist containing the internal-use-only prefixes and prefixes originated exclusively by the SAV-performing AS and subtract the denylist from a SAV table computed by a uRPF method. Also, for the interfaces with a customer AS, the ACL-only method is impractical while other techniques (using uRPF as described below) are more effective. ACL-based ingress SAV filtering (ACL allowlist) has applicability in scenarios such as (1) directly connected subnets with hosts, or (2) broadband cable, fiber-optic cable, or digital subscriber access loop (DSL) access networks. In these cases, where the service provider should have a clear knowledge of IP address prefixes provisioned (and configured) to manage those services, the ACL-only method in an allowlist form is applicable.</t>
        </li>
        <li>
          <t>uRPF-based mechanisms: A class of SAV mechanisms are based on Unicast Reverse Path Forwarding (uRPF) <xref target="RFC3704"/> <xref target="RFC8704"/>. The core idea of uRPF for SAV is to exploit the symmetry of inter-domain routing: in many cases, the best next hop for a destination is also the best previous hop for the source. In other words, if a packet arrives from a certain interface, the source address of that packet should be reachable via the same interface, according to the FIB. However, symmetry in routing does not always hold in practice, and to address cases where it does not hold, many enhancements and modes of uRPF have evolved. Different modes of uRPF have different levels of strictness and flexibility, and network operators can choose from them to suit particular network scenarios. We briefly describe these modes as follows:  </t>
          <ul spacing="normal">
            <li>
              <t>Strict uRPF <xref target="RFC3704"/>: Strict uRPF is the most stringent mode. It permits a packet only if it has a source address that is covered by a prefix in the FIB, and the next hop for that prefix is the same interface that the packet arrived on. This mode can be deployed at customer interfaces in some scenarios, e.g., a directly connected single-homed stub customer AS <xref target="nist"/>.</t>
            </li>
            <li>
              <t>Loose uRPF <xref target="RFC3704"/>: Loose uRPF verifies that the source address of a packet is routable on the internet by matching it with one or more prefixes in the FIB, regardless of the interface on which the packet arrives. If the source address is not routable, Loose uRPF discards the packet. Loose uRPF is typically deployed at the provider interfaces of an AS to block packets with source addresses from prefixes that are not routed on the global internet (e.g., IANA-allocated private-use addresses, unallocated IPv4/IPv6 addresses, multicast addresses, etc.).</t>
            </li>
            <li>
              <t>Feasible Path uRPF (FP-uRPF) <xref target="RFC3704"/>: Unlike Strict uRPF, which requires the packet to arrive on the exact best return path, FP-uRPF allows a packet to pass as long as the router could reach that source address through the interface it arrived on (based on the feasible routes in the Adj-RIBs-In <xref target="RFC4271"/>), even if the route is not the primary route (per best path selection). This makes it more effective in multi-homed environments where asymmetric routing is common, as it prevents legitimate traffic from being dropped simply because it did not take the "best" path back to the sender.</t>
            </li>
            <li>
              <t>Enhanced Feasible Path uRPF with Algorithm A (EFP-uRPF Alg-A) <xref target="RFC8704"/>: EFP-uRPF Alg-A expands the list of valid source addresses for a specific interface by including all prefixes associated with any Origin AS that is reachable through that interface. Instead of only accepting prefixes directly advertised on a link, the router identifies all the origin ASes present in the BGP updates received on that interface and then permits any prefix from those same ASes that it sees elsewhere in its Adj-RIBs-In (associated with all neighbors — customers, providers, peers). This "Origin AS-based" approach provides significantly more flexibility than strict or traditional FP-uRPF, as it accounts for cases where an AS in the CC may send traffic for one of its prefixes over a link where it only advertised a different prefix (multi-homing and asymmetric routing scenarios).</t>
            </li>
            <li>
              <t>Enhanced Feasible Path uRPF with Algorithm B (EFP-uRPF Alg-B) <xref target="RFC8704"/>: EFP-uRPF Alg-B provides even greater flexibility (compared to EFP-uRPF Alg-A) by aggregating all customer interfaces into a single "customer group" for validation purposes. The router first identifies all unique prefixes and origin ASes associated with all directly connected customer interfaces using only the Adj-RIBs-In associated with them. It then constructs a comprehensive RPF list (SAV table) that includes every prefix originated by those ASes, regardless of whether those prefixes were learned via customer, peer, or transit provider links. This list is applied uniformly across all customer-facing interfaces, attempting to ensure that legitimate traffic from a multihomed AS in the CC is never dropped, even if the traffic arrives on a different customer-facing port than the one where the specific prefix was advertised. In comparison to EFP-uRPF Alg-A, this method (Alg-B) reduces the possibility of improper block but at the expense of increased possibility of improper permit, i.e., reduced directionality.</t>
            </li>
            <li>
              <t>Virtual Routing and Forwarding (VRF) uRPF <xref target="RFC4364"/> <xref target="urpf"/> <xref target="manrs"/>: VRF uRPF uses a separate VRF table for each external BGP peer and is only a way of implementation for a SAV table.</t>
            </li>
          </ul>
        </li>
      </ul>
    </section>
    <section anchor="gap">
      <name>Gap Analysis</name>
      <t>The inadequacies of inter-domain SAV mechanisms can be characterized along three dimensions: improper block (false positives), improper permit (false negatives), and operational overhead. An ideal inter-domain SAV mechanism must block all spoofing traffic while permitting legitimate traffic in all scenarios of interest. However, in some cases, existing SAV mechanisms may unintentionally block legitimate traffic or permit spoofing traffic. This section aims to conduct a gap analysis of existing SAV mechanisms for different types of interfaces under various scenarios to identify their technical limitations.</t>
      <section anchor="sav_at_cust">
        <name>SAV at Customer Interfaces</name>
        <t>To prevent source address spoofing on customer interfaces, operators can enable ACL-based ingress filtering, or uRPF-based mechanisms such as Strict uRPF, FP-uRPF, or EFP-uRPF. However, the ACL method typically has high operational overhead. The uRPF-based mechanisms may cause improper block in two inter-domain scenarios: Limited Propagation of a Prefix (LPP) and Hidden Prefix (HP). They may also cause improper permit in the scenarios of source address spoofing within a CC. One example of LPP scenarios is when an AS attaches NO_EXPORT <xref target="RFC1997"/> BGP Community to some prefixes (routes) forwarded to some upstream providers (in multi-homing scenarios) (see <xref target="noexp"/>). Sometimes this scenario occurs by selectively propagating different sets of prefixes to different upstream providers. The Hidden Prefix scenario is typically associated with the Direct Server Return (DSR) scenario; anycast prefix in a Content Delivery Network (CDN) application is not announced by the AS where the DSR (edge server) is located (see <xref target="dsrp"/>). Source address spoofing within a CC scenario arises when a prefix at one AS in the CC is spoofed from another AS in the same CC (<xref target="spoofing_within_cc"/>). It is recognized that unless there is full adoption of SAV in the CC of the interface in consideration, improper permit is not fully preventable in the case of source address spoofing within a CC.</t>
        <t><xref target="customer_gap"/> provides an overview of the gaps associated with the ACL method, Strict uRPF, FP-uRPF, and EFP-uRPF for SAV at customer interfaces in the Limited Propagation of a Prefix, Hidden Prefix, and source address spoofing within a CC scenarios mentioned above. Illustrations and analyses of these gaps are provided in <xref target="noexp"/>, <xref target="dsrp"/>, and <xref target="spoofing_within_cc"/>, respectively.</t>
        <figure anchor="customer_gap">
          <name>The gaps of ACL-based ingress filtering, Strict uRPF, FP-uRPF, and EFP-uRPF for customer interfaces for the scenarios of interest.</name>
          <artwork><![CDATA[
+--------------------+------------+-----------+-------+--------+
|Traffic & Scenarios |     ACL    |Strict uRPF|FP-uRPF|EFP-uRPF|
+----------+---------+------------+-----------+-------+--------+
|Legitimate|   LPP   |            |                            |
|Traffic   +---------+            |       Improper Block       |
|          |   HP    |    High    |         possible           |
+----------+---------+Operational-+-------------------+--------+
|          |         |  Overhead  |                   |Improper|
|Spoofed   |  no SCC |            |                   |Permit  |
|Traffic   |         |            |   Functions as    |only for|
|          |         |            |      Expected     |EFP-uRPF|
|          |         |            |                   |Alg-B   |
|+---------+---------+            +-------------------+--------|
|Spoofed   |   SCC   |            |                            |
|Traffic   |         |            |       Improper Permit      |
|          |         |            |    (in partial deployment) |
+----------+---------+------------+----------------------------+

LPP = Limited Propagation of a Prefix
HP = Hidden Prefix 
SCC = Spoofing within a CC
'Functions as Expected' connotes the absence of improper permit. 
It also connotes low operational overhead. 
]]></artwork>
        </figure>
        <section anchor="noexp">
          <name>Limited Propagation of a Prefix Scenario</name>
          <t>In inter-domain networks, some prefixes may not propagate from a customer to all its providers and/or may not propagate transitively from the providers to all their providers due to various factors, such as the use of NO_EXPORT or NO_ADVERTISE Communities <xref target="RFC1997"/>, or some other selective-export policies. In these cases, it is possible that a prefix (route) announcement in the CC associated with a customer interface has limited propagation in the CC and is not received on that interface. Then the prefix is invisible in BGP at that interface but the traffic with source address in that prefix may still be received on that interface. This can give rise to improper block when performing SAV with existing mechanisms. These mechanisms include EFP-uRPF Alg-A, which is the focus of the following analysis, while it also applies to Strict uRPF and FP-uRPF. All these mechanisms suffer from the same problem of improper block in this scenario.</t>
          <figure anchor="no-export">
            <name>Limited propagation of a prefix caused by NO_EXPORT.</name>
            <artwork><![CDATA[
                          +----------------+
                          |    AS 3(P3)    |
                          +-+/\------+/\+--+
                             /         \
                            /           \ 
                           /             \
                          / (C2P)         \
                 +------------------+      \
                 |     AS 4(P4)     |       \
                 ++/\+--+/\+----+/\++        \
                   /     |        \           \
         P2[AS 2] /      |         \           \
                 /       |          \           \
                / (C2P)  |           \ P5[AS 5]  \ P5[AS 5]
+----------------+       |            \           \    
|    AS 2(P2)    |       | P1[AS 1]    \           \
+----------+/\+--+       | P6[AS 1]     \           \
             \           |               \           \
     P1[AS 1] \          |                \           \
     NO_EXPORT \         |                 \           \
                \(C2P)   |(C2P)        (C2P)\      (C2P)\
              +----------------+          +----------------+
              |  AS 1(P1, P6)  |          |    AS 5(P5)    |
              +----------------+          +----------------+
]]></artwork>
          </figure>
          <t>In the scenario of <xref target="no-export"/>, AS 1 is a customer of AS 2; AS 1 and AS 2 are customers of AS 4; AS 4 is a customer of AS 3; and AS 5 is a customer of both AS 3 and AS 4. AS 1 advertises prefix P1 to AS 2 with the NO_EXPORT community attribute attached, preventing AS 2 from further propagating the route for prefix P1 to AS 4. Consequently, AS 4 only learns the route for prefix P1 from AS 1 in this scenario. Suppose AS 1 and AS 4 have deployed inter-domain SAV while other ASes have not, and AS 4 has deployed EFP-uRPF at its customer interfaces.</t>
          <t>If AS 4 deploys EFP-uRPF Alg-A at customer interfaces, it will require packets with source addresses in P1 or P6 to only arrive on the interface with AS 1. When AS 1 sends legitimate packets with source addresses in P1 or P6 to AS 4 via AS 2, AS 4 improperly blocks these packets. The same improper block problem occurs with the use of Strict uRPF or FP-uRPF. EFP-uRPF with Alg-B can avoid the improper block in this specific scenario, but even this SAV method would have the improper block if the Traffic Engineering (TE) at AS 1 is such that none of the customer interfaces at AS 4 receives a route for P1 (or P6).</t>
        </section>
        <section anchor="dsrp">
          <name>Hidden Prefix Scenario</name>
          <t>CDNs use the concepts of anycast <xref target="RFC4786"/><xref target="RFC7094"/> and DSR to improve the quality of service by placing edge servers with content closer to users. An anycast IP address is assigned to devices in different locations, and incoming requests are routed to the closest edge server (DSR) location. Usually, only locations with rich connectivity announce the anycast IP address through BGP. The CDN server receives requests from users and creates tunnels to the edge locations, from where content is sent directly to users. DSR requires servers in the edge locations to use the anycast IP address as the source address in response packets. However, the ASes serving the edge servers do not announce the anycast prefixes through BGP, so the anycast prefix is hidden (invisible in BGP) on the customer interface side at intermediate ASes which — with existing inter-domain SAV mechanisms — would improperly block the response packets.</t>
          <t><xref target="dsr"/> illustrates a DSR scenario where the anycast IP prefix P7 is advertised by AS 3 through BGP. In this example, AS 3 is the provider of AS 4 and AS 5; AS 4 is the provider of AS 1, AS 2, and AS 5; and AS 2 is the provider of AS 1. AS 2 and AS 4 have deployed inter-domain SAV. When a user at AS 2 sends a request to the anycast destination IP, the forwarding path is AS 2-&gt;AS 4-&gt;AS 3. The anycast server in AS 3 receives the request and tunnels it to the edge servers in AS 1. Finally, the edge server sends the content packets to the user with source addresses in prefix P7. The forwarding path for the content packets is AS 1-&gt;AS 2. Since AS 2 does not receive routing information for prefix P7 from AS 1, EFP-uRPF Alg-A or EFP-uRPF Alg-B (or any other existing uRPF-based mechanism) at the customer interface of AS 2 facing AS 1 will improperly block the response packets from AS 1.</t>
          <figure anchor="dsr">
            <name>A Direct Server Return (DSR) scenario.</name>
            <artwork><![CDATA[
                                +----------------+
                Anycast Server+-+  AS 3(P3, P7)  |
                                +-+/\----+/\+----+
                                   /       \
                       / P3[AS 3] /         \ P3[AS 3] \
                      / P7[AS 3] /           \ P7[AS 3] \
                     \/         / (C2P)       \         \/
                       +----------------+      \
                       |    AS 4(P4)    |       \
                       ++/\+--+/\+--+/\++        \
                         /     |      \           \
       / P3[AS 4, AS 3] /      |       \           \
      / P7[AS 4, AS 3] /       |        \           \
     \/               / (C2P)  |         \ P5[AS 5]  \ P5[AS 5]
      +----------------+       |          \           \    
User+-+    AS 2(P2)    |       | P1[AS 1]  \           \
      +----------+/\+--+       | P6[AS 1]   \           \
                   \           |             \           \
           P6[AS 1] \          |              \           \
            P1[AS 1] \         |               \           \
                      \(C2P)   |(C2P)      (C2P)\      (C2P)\
                    +---------------+         +----------------+
       Edge Server+-+  AS 1(P1, P6)  |        |    AS 5(P5)    |
                    +----------------+        +----------------+
P7 is the anycast prefix and is originated only by AS 3 via BGP.
Note that the prefix route propagations relevant to the DSR
scenario are depicted; not all prefix propagations are depicted.
]]></artwork>
          </figure>
          <t>Further, there are cases of specific prefixes that may be exclusively used as source addresses (legitimately) without being advertised via BGP by any AS. While different from DSR scenarios, these cases similarly result in existing inter-domain SAV mechanisms improperly blocking legitimate traffic originating from such prefixes.</t>
        </section>
        <section anchor="spoofing_within_cc">
          <name>Source Address Spoofing within a Customer Cone Scenario</name>
          <t>In general, improper permit of spoofed packets in source address spoofing within a CC scenarios is unavoidable for various uRPF-based methods in partial deployment. For example, consider a topology in which AS 1 and AS 2 are customers of AS 3; and AS 3 is a customer of AS 4. AS 1 and AS 2 originate prefixes P1 and P2, respectively. AS 4 performs SAV on its customer interface with AS 3. P1 and P2 are announced from AS 3 to AS 4 and they would be included in the SAV table (allowlist) of AS 4 with any SAV mechanism. Assume AS 3 does not enforce SAV. Now as an example of source address spoofing within a CC, if AS 2 spoofs AS 1's prefix P1 and sends the spoofed packets to AS 4 (via AS 3), there is no way for AS 4 to detect the spoofed traffic. AS 4's SAV cannot differentiate between the spoofed and the legitimate packets that have source address in P1. In a source address spoofing within a CC scenario of this nature, the only recourse for blocking the spoofed traffic is for AS 3 also to be upgraded to do SAV, i.e., deployment of SAV closer to the source of spoofing.</t>
          <t>Another scenario is highlighted in <xref target="customer-spoofing"/> while using EFP-uRPF Alg-B method on customer interfaces. This scenario is not source address spoofing within a CC from the perspective of an individual customer interface of AS 4, but it is source address spoofing within a CC from the perspective of AS 4 looking across all its customer interfaces. EFP-uRPF Alg-B relaxes directionality to reduce (or eliminate) false positives and that makes it more susceptible to source address spoofing within a CC (per the latter perspective). This is expected because EFP-uRPF Alg-B somewhat conservatively applies the same relaxed SAV table across all customer interfaces.</t>
          <figure anchor="customer-spoofing">
            <name>A scenario of source address spoofing within a customer cone.</name>
            <artwork><![CDATA[
                                       +----------------+
                                       |    AS 3(P3)    |
                                       +-+/\----+/\+----+
                                          /       \
                                         /         \ 
                                        /           \
                                       / (C2P)       \
                              +----------------+      \
                              |    AS 4(P4)    |       \
                              ++/\+--+/\+--+/\++        \
                 P6[AS 2, AS 1] /     |      \           \
                P1[AS 2, AS 1] /      |       \           \
                     P2[AS 2] /       |        \           \
                             / (C2P)  |         \ P5[AS 5]  \ P5[AS 5]
             +----------------+       |          \           \    
Spoofer(P5')-+    AS 2(P2)    |       | P1[AS 1]  \           \
             +----------+/\+--+       | P6[AS 1]   \           \
                          \           |             \           \
                  P6[AS 1] \          |              \           \
                   P1[AS 1] \         |               \           \
                             \(C2P)   |(C2P)      (C2P)\      (C2P)\
                           +----------------+        +----------------+
                           |  AS 1(P1, P6)  |        |    AS 5(P5)    |
                           +----------------+        +----------------+
P5' is the spoofed source prefix P5 by the spoofer which is inside of 
AS 2 or connected to AS 2 through other ASes.
]]></artwork>
          </figure>
          <t>In <xref target="customer-spoofing"/>, the source address spoofing takes place within AS 4's CC, where the spoofer, which is inside of AS 2 or connected to AS 2 through other ASes, sends spoofing traffic with spoofed source addresses in P5 to AS 3 along the path AS 2 -&gt; AS 4 -&gt; AS 3. The arrows in <xref target="customer-spoofing"/> illustrate the commercial relationships between ASes. AS 3 serves as the provider for AS 4 and AS 5, while AS 4 acts as the provider for AS 1, AS 2, and AS 5. Additionally, AS 2 is the provider for AS 1. Suppose AS 1 and AS 4 have deployed inter-domain SAV, while the other ASes have not.</t>
          <t>If AS 4 deploys EFP-uRPF Alg-B at its customer interfaces, it will allow packets with source addresses in P5 to originate from AS 1, AS 2, and AS 5. Consequently, AS 4 will improperly permit the spoofed packets from AS 2, enabling them to propagate further.</t>
          <t>In the scenario of <xref target="customer-spoofing"/>, Strict uRPF, FP-uRPF, and EFP-uRPF Alg-A — applied on the customer interfaces — work effectively to block the spoofed packets from AS 2. This is because these mechanisms have a stronger directionality property than EFP-uRPF Alg-B.</t>
        </section>
      </section>
      <section anchor="sav_at_peer">
        <name>SAV at Peer Interfaces</name>
        <t>SAV is used at peer interfaces for validating the traffic entering the validating AS and destined for the AS's customer cone.
The data packets received from a customer or lateral peer AS must have source addresses belonging only to the prefixes in the CC of that AS. 
In both cases, the focus is on discovering all prefixes in the CC of the neighbor AS.
So, in principle, the SAV techniques suitable on customer interfaces may also be used on peer interfaces, especially EFP-uRPF Alg-A or Alg-B, which are more accommodative of asymmetric routing.
Indeed, asymmetric routing is thought to be prevalent for peer interfaces.
If SAV techniques suitable for customer interfaces are considered for peer interfaces, then the gap analysis of <xref target="sav_at_cust"/> would also be applicable to the SAV for the peer interfaces.
However, due to increased concern about asymmetric routing, network operators may conservatively use the same relaxed SAV techniques for peer interfaces as those for provider interfaces, e.g., Loose uRPF (<xref target="sav_at_prov"/>).
In that case, the gap analysis of <xref target="sav_at_prov"/> would also be applicable to the SAV for peer interfaces.</t>
      </section>
      <section anchor="sav_at_prov">
        <name>SAV at Provider Interfaces</name>
        <t>SAV is used at provider interfaces for validating the traffic entering the AS and destined for the AS's customer cone. <xref target="provider_peer_gap"/> summarizes the gaps of ACL-based ingress filtering and Loose uRPF for SAV at provider interfaces in the scenarios of interest. ACL-based ingress filtering may effectively block spoofing traffic from a provider AS, while appropriately allowing legitimate traffic, but it has high operational overhead. On the other hand, Loose uRPF correctly permits legitimate traffic, but it can also mistakenly allow spoofing traffic to pass through.</t>
        <t>In <xref target="provider_peer_gap"/>, spoofing from providers refers to a scenario in which spoofed traffic comes from provider ASes, either because they originated it or because they forwarded the spoofed traffic that propagated from their neighbor ASes. The spoofed prefix may belong to (originated by) any AS in the Internet other than the spoofing AS; it may even belong to an AS in the customer cone of the validating AS (example below).</t>
        <figure anchor="provider_peer_gap">
          <name>The gaps of ACL-based ingress filtering and Loose uRPF at provider interfaces in the scenarios of interest.</name>
          <artwork><![CDATA[
+------------------------+------------+---------------+
|   Traffic & Scenarios  |     ACL    |   Loose uRPF  |
+----------+-------------+------------+---------------+
|Legitimate|             |            |  Functions    |
|Traffic   |     --      |    High    |  as Expected  |
+----------+-------------+Operational +---------------+
|Spoofed   |   Spoofing  |  Overhead  |               |
|Traffic   |     from    |   (HOO)    |Improper Permit|
|          |   Providers |            |               |
+----------+-------------+------------+---------------+

'Functions as Expected' connotes the absence of improper block.
It also connotes low operational overhead.
]]></artwork>
        </figure>
        <t><xref target="provider-spoofing"/> illustrates a scenario of spoofing from providers and is used to analyze the gaps of ACL-based ingress filtering and Loose uRPF.</t>
        <figure anchor="provider-spoofing">
          <name>A scenario of source address spoofing from provider AS.</name>
          <artwork><![CDATA[
                          +----------------+
            Spoofer(P1')+-+    AS 3(P3)    |
                          +-+/\----+/\+----+
                             /       \
                            /         \ 
                           /           \
                          / (C2P)       \
                 +----------------+      \
                 |    AS 4(P4)    |       \
                 ++/\+--+/\+--+/\++        \
    P6[AS 2, AS 1] /     |      \           \
   P1[AS 2, AS 1] /      |       \           \
        P2[AS 2] /       |        \           \
                / (C2P)  |         \ P5[AS 5]  \ P5[AS 5]
+----------------+       |          \           \    
|    AS 2(P2)    |       | P1[AS 1]  \           \
+----------+/\+--+       | P6[AS 1]   \           \
             \           |             \           \
     P6[AS 1] \          |              \           \
      P1[AS 1] \         |               \           \
                \ (C2P)  | (C2P)    (C2P) \     (C2P) \
               +----------------+        +----------------+
               |  AS 1(P1, P6)  |        |    AS 5(P5)    |
               +----------------+        +----------------+
P1' is the spoofed source prefix P1 by the spoofer which is inside of 
AS 3 or connected to AS 3 through other ASes.
]]></artwork>
        </figure>
        <t>In <xref target="provider-spoofing"/>, the spoofer which is inside of AS 3 or connected to AS 3 through other ASes forges the source addresses in P1 and sends the spoofing traffic to the destination addresses in P2 at AS 2. AS 1 is a customer of AS 2; AS 1 and AS 2 are customers of AS 4; AS 4 is a customer of AS 3; and AS 5 is a customer of both AS 3 and AS 4. Suppose AS 4 and AS 1 have deployed inter-domain SAV, while the other ASes have not.</t>
        <t>Using an ACL-only method in the form of a denylist at the provider interface of AS 4 (facing AS 3) is impractical (incurs a very high operational overhead) as mentioned in <xref target="SAV_methods"/>.</t>
        <t>Applying Loose uRPF at the provider interface of AS 4 (facing AS 3) can greatly reduce the operational overhead because it uses the FIB as the information source for allowed prefixes, and can adapt to changes in the network to prevent false positives (improper blocking). 
However, using Loose uRPF at AS 4 will naturally permit packets with source addresses in P1 (since P1 is present in the FIB) and hence will not prevent the improper permit of the spoofed packets from AS 3 (<xref target="provider-spoofing"/>).
This is an expected limitation of Loose uRPF.</t>
      </section>
      <section anchor="problem">
        <name>Gap Analysis Summary</name>
        <t><xref target="problem_sum"/> provides a comprehensive summary of the gap analysis in <xref target="gap"/>. It highlights the scenarios where existing inter-domain SAV mechanisms may encounter issues, including instances of improper blocking of legitimate traffic, improper permitting of spoofing traffic, or high operational overhead. The various entries in the table in <xref target="problem_sum"/> can be traced back to the terminology and analyses presented in <xref target="gap"/>.</t>
        <figure anchor="problem_sum">
          <name>The scenarios where existing inter-domain SAV mechanisms may have improper block problem for legitimate traffic, improper permit problem for spoofing traffic, or high operational overhead.</name>
          <artwork><![CDATA[
+--------+----------+-----------+----------+-------+--------+
|Problems|    ACL   |   Strict  |  Loose   |FP-uRPF|EFP-uRPF|
|        |          |   uRPF    |  uRPF    |       |        |
|        |(CI or PI)|   (CI)    |  (PI)    | (CI)  | (CI)   |
+--------+----------+-----------+----------+-------+--------+
|Improper|  YES/NO  |    YES    |   NO**   |      YES       |
|Block   |(manual   | (LPP, HP) |          |    (LPP, HP)   |
|        |operator  |           |          |                |
|        |diligence)|           |          |                |
+--------+----------+-----------+----------+-------+--------+
|Improper|  YES/NO  |NO (no SCC)|   YES    |   NO (no SCC)  |
|Permit  |(manual   |YES (SCC)  |(Spoofing |   YES (SCC)    |
|        |operator  |           |  from    |                |
|        |diligence)|           |Providers)|                |
+--------+----------+-----------+----------+-------+--------+
|        |   YES    |                                       |
|  HOO   |  (Any    |                  NO                   |
|        |Scenarios)|                                       |
+--------+----------+---------------------------------------+
CI = Customer Interface
PI = Provider Interface
HOO = High Operational Overhead
LPP = Limited Propagation of a Prefix
HP = Hidden Prefix
SCC = Spoofing within a CC  
** Typically, an HP (like DSR prefixes) is hidden on the CIs
   but received on a provider or peer interface; 
   hence included in the FIB and that helps avoid
   improper block for Loose uRPF.      
]]></artwork>
        </figure>
        <t>New proposals for SAV should aim to fill in the following problem areas (gaps) found in the currently standardized SAV methods (found in IETF RFCs):</t>
        <ul spacing="normal">
          <li>
            <t>Improper block: Existing uRPF-based mechanisms suffer from improper block (false positives) in two inter-domain scenarios: Limited Propagation of a Prefix (e.g., NO_EXPORT and some other selective-export scenarios) and Hidden Prefix (e.g., CDN/DSR scenario).</t>
          </li>
          <li>
            <t>Improper permit: With some existing uRPF-based SAV mechanisms, improper permit (false negatives) can happen on any type of interface (customer, lateral peer, or provider). Specifically, if the method relaxes the directionality constraint <xref target="RFC3704"/> <xref target="RFC8704"/> to try to achieve zero improper blocking, the possibility of improper permit increases. (Note: It is recognized that unless there is full adoption of SAV in the CC of the interface in consideration, improper permit is not fully preventable in scenarios where source address spoofing occurs from within the CC, i.e., a prefix at one AS in the CC is spoofed from another AS in the same CC.)</t>
          </li>
          <li>
            <t>High operational overhead: ACL-based ingress SAV filtering, when not automated, introduces significant operational overhead, as it needs to update ACL rules manually to adapt to prefix or routing changes in a timely manner. The high operational overhead issue does not pertain to existing uRPF-based mechanisms.</t>
          </li>
        </ul>
        <t>The limitations of existing uRPF-based mechanisms are due to their exclusive reliance on BGP data. Although the algorithms themselves have evolved (e.g., <xref target="RFC8704"/>), the underlying input has remained unchanged, inherently constraining their accuracy in scenarios such as LPP and HP. With the availability of authoritative SAV-related information, plus the potential for SAV-specific information (<xref target="terminology"/>), it would be possible to develop comprehensive new SAV algorithms or mechanisms to overcome the existing gaps.</t>
      </section>
    </section>
    <section anchor="req">
      <name>Requirements for New Inter-domain SAV Mechanisms</name>
      <t>This section lists the requirements for any new inter-domain SAV mechanisms which may be proposed to bridge the technical gaps of existing mechanisms.</t>
      <section anchor="accurate-validation">
        <name>Accurate Validation</name>
        <t>Any new inter-domain SAV mechanism must provide improved SAV accuracy in terms of improper block and improper permit over existing mechanisms. It must seek to achieve zero improper blocking (i.e., avoid false positives) in certain scenarios of interest (<xref target="gap"/>). Further, it must improve the directionality of filtering (i.e., achieve greater rejection of spoofed traffic) over existing mechanisms.
The requirement applies for all directions of AS peering (customer, provider, and peer).</t>
      </section>
      <section anchor="reducing-operational-overhead">
        <name>Reducing Operational Overhead</name>
        <t>Any new inter-domain SAV mechanism should be able to automatically detect changes in the SAV-related information (<xref target="terminology"/>) and/or SAV-specific information (<xref target="terminology"/>) required for generating the SAV table, obtain the updated information, and use the updated information to generate the SAV table.</t>
      </section>
      <section anchor="early-adopters-benefit-in-incrementalpartial-deployment">
        <name>Early Adopters Benefit in Incremental/Partial Deployment</name>
        <t>Any new inter-domain SAV mechanism must not assume pervasive adoption of the SAV method, the SAV-related information, or the SAV-specific information. It should benefit early adopters by providing effective protection from spoofing of source addresses even in partial deployment.</t>
      </section>
      <section anchor="providing-necessary-security-guarantee">
        <name>Providing Necessary Security Guarantee</name>
        <t>SAV-related information, e.g., routing information and the existing RPKI signed objects, may be used to design more accurate SAV mechanisms. Such information must be protected during both its creation and dissemination (the BGP security community is already diligent about this). If any new inter-domain SAV mechanism introduces or uses SAV-specific information, security mechanisms must exist to prevent malicious injection or alteration of the SAV-specific information.</t>
      </section>
      <section anchor="efficient-convergence">
        <name>Efficient Convergence</name>
        <t>Any new inter-domain SAV mechanism should achieve efficient convergence of the SAV table after any relevant changes occur in the SAV-related information or SAV-specific information used by the mechanism.
In this context, convergence refers to the stabilization of the SAV tables on the AS-to-AS interfaces performing SAV.
It is essential that any new SAV mechanism converges to the correct updated SAV table in a proper manner, minimizing both improper block and improper permit during the process.</t>
        <ul spacing="normal">
          <li>
            <t>Additional considerations: Any new SAV proposal should keep the following guidelines in consideration. The initial SAV table computation (prior to SAV enforcement installation) must be performed only when the data used in the computation (e.g., routing tables, RPKI data) are in a stable (i.e., non-transient) state from the local AS's perspective. For instance, if an ASBR in the SAV performing AS is newly deployed or restarted, then sufficient time must be allowed for routing state convergence to complete before the initial SAV table computation is performed. Similar statement applies for the ASBR with regard to RPKI data convergence. After SAV enforcement installation, the SAV table should be dynamically and quickly updated when new prefixes are discovered (e.g., from BGP Updates or RPKI data updates) for inclusion the table. However, for removing a prefix from the SAV table (e.g., due to route withdrawal or RPKI changes), applying hysteresis (<xref target="RFC8704" sectionFormat="comma" section="3.6.2"/>) should be considered in the SAV design.</t>
          </li>
        </ul>
      </section>
    </section>
    <section anchor="requirement-of-troubleshooting">
      <name>Requirement of Troubleshooting</name>
      <t>Any new inter-domain SAV solution document should incorporate troubleshooting guidelines within its operational considerations section. Because an ASBR enforces SAV based strictly on a statically or dynamically computed SAV table, it cannot inherently detect its own validation errors, such as false positives (improper blocks) or false negatives (improper permits). Consequently, troubleshooting these anomalies will rely on operational feedback loops, where network operators receive, investigate, and resolve routing and reachability complaints from affected downstream or peering parties.</t>
    </section>
    <section anchor="requirement-for-consideration-of-private-ases">
      <name>Requirement for Consideration of Private ASes</name>
      <t>Private AS was mentioned in <xref target="intro"/>. A public AS may serve as a transit gateway for a routing zone utilizing private ASes. These private AS numbers are not visible in external eBGP advertisements because the transit public AS strips them from the AS_PATH using standard vendor features, such as remove-private-as <xref target="Cisco"/> or remove-private <xref target="Juniper"/>.</t>
      <t>A routing zone or network utilizing only private ASes can still adopt any new inter-domain SAV solutions developed for the public Internet. Implementing these solutions in such environments requires suitable operational modifications, such as employing SLURM (Simplified Local Internet Number Resource Management with the RPKI) <xref target="RFC8416"/> <xref target="I-D.ietf-sidrops-aspa-slurm"/> to locally register and assert RPKI objects (e.g., ROAs and ASPAs) strictly within the network consisting of private ASes. Any new inter-domain SAV solution document should incorporate recommendations for suitable operational modifications for this scenario, as necessary.</t>
    </section>
    <section anchor="scope">
      <name>Inter-domain SAV Scope</name>
      <t>Any new inter-domain SAV mechanisms should work in the same Internet Protocol (IP) address scenarios as existing SAV methods do. Generally, it includes all IP-encapsulated scenarios:</t>
      <ul spacing="normal">
        <li>
          <t>Native IP forwarding: This includes both the global routing table based forwarding and Customer Edge (CE) site forwarding of VPN traffic.</t>
        </li>
        <li>
          <t>IP-encapsulated Tunnel (IPsec, GRE, SRv6, etc.): In this scenario, the focus is on the validation of the outer layer IP source address.</t>
        </li>
        <li>
          <t>Both IPv4 and IPv6 addresses.</t>
        </li>
      </ul>
      <t>The scope does not include:</t>
      <ul spacing="normal">
        <li>
          <t>Non-IP packets: This includes MPLS label-based forwarding and other non-IP-based forwarding.</t>
        </li>
      </ul>
      <t>SAV mechanisms based on modification of packets in the data plane are outside the scope of this document. Existing architectures or protocols can be inherited by any new SAV mechanisms for greater effectiveness.</t>
    </section>
    <section anchor="Security">
      <name>Security Considerations</name>
      <t>The SAV table will be generated based on SAV-related information and/or SAV-specific information. If such information is poisoned by attackers, the resulting SAV table will be inaccurate. Consequently, legitimate traffic may be dropped improperly, or spoofing traffic may be permitted improperly. For SAV mechanisms that use BGP data as input for generating SAV tables, the use of applicable BGP routing security methods is important. Such methods include mechanisms for the prevention, detection, and mitigation of route hijacks, route leaks, and AS_PATH manipulations.</t>
    </section>
    <section anchor="IANA">
      <name>IANA Considerations</name>
      <t>This document does not request any IANA allocations.</t>
    </section>
    <section anchor="contributors">
      <name>Contributors</name>
      <t>Nan Geng<br/>
  Huawei<br/>
  Beijing,
  China <br/>
  Email: gengnan@huawei.com</t>
    </section>
  </middle>
  <back>
    <references anchor="sec-combined-references">
      <name>References</name>
      <references anchor="sec-normative-references">
        <name>Normative References</name>
        <reference anchor="RFC2827">
          <front>
            <title>Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing</title>
            <author fullname="P. Ferguson" initials="P." surname="Ferguson"/>
            <author fullname="D. Senie" initials="D." surname="Senie"/>
            <date month="May" year="2000"/>
            <abstract>
              <t>This paper discusses a simple, effective, and straightforward method for using ingress traffic filtering to prohibit DoS (Denial of Service) attacks which use forged IP addresses to be propagated from 'behind' an Internet Service Provider's (ISP) aggregation point. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements.</t>
            </abstract>
          </front>
          <seriesInfo name="BCP" value="38"/>
          <seriesInfo name="RFC" value="2827"/>
          <seriesInfo name="DOI" value="10.17487/RFC2827"/>
        </reference>
        <reference anchor="RFC4271">
          <front>
            <title>A Border Gateway Protocol 4 (BGP-4)</title>
            <author fullname="Y. Rekhter" initials="Y." role="editor" surname="Rekhter"/>
            <author fullname="T. Li" initials="T." role="editor" surname="Li"/>
            <author fullname="S. Hares" initials="S." role="editor" surname="Hares"/>
            <date month="January" year="2006"/>
            <abstract>
              <t>This document discusses the Border Gateway Protocol (BGP), which is an inter-Autonomous System routing protocol.</t>
              <t>The primary function of a BGP speaking system is to exchange network reachability information with other BGP systems. This network reachability information includes information on the list of Autonomous Systems (ASes) that reachability information traverses. This information is sufficient for constructing a graph of AS connectivity for this reachability from which routing loops may be pruned, and, at the AS level, some policy decisions may be enforced.</t>
              <t>BGP-4 provides a set of mechanisms for supporting Classless Inter-Domain Routing (CIDR). These mechanisms include support for advertising a set of destinations as an IP prefix, and eliminating the concept of network "class" within BGP. BGP-4 also introduces mechanisms that allow aggregation of routes, including aggregation of AS paths.</t>
              <t>This document obsoletes RFC 1771. [STANDARDS-TRACK]</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="4271"/>
          <seriesInfo name="DOI" value="10.17487/RFC4271"/>
        </reference>
        <reference anchor="RFC5210">
          <front>
            <title>A Source Address Validation Architecture (SAVA) Testbed and Deployment Experience</title>
            <author fullname="J. Wu" initials="J." surname="Wu"/>
            <author fullname="J. Bi" initials="J." surname="Bi"/>
            <author fullname="X. Li" initials="X." surname="Li"/>
            <author fullname="G. Ren" initials="G." surname="Ren"/>
            <author fullname="K. Xu" initials="K." surname="Xu"/>
            <author fullname="M. Williams" initials="M." surname="Williams"/>
            <date month="June" year="2008"/>
            <abstract>
              <t>Because the Internet forwards packets according to the IP destination address, packet forwarding typically takes place without inspection of the source address and malicious attacks have been launched using spoofed source addresses. In an effort to enhance the Internet with IP source address validation, a prototype implementation of the IP Source Address Validation Architecture (SAVA) was created and an evaluation was conducted on an IPv6 network. This document reports on the prototype implementation and the test results, as well as the lessons and insights gained from experimentation. This memo defines an Experimental Protocol for the Internet community.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="5210"/>
          <seriesInfo name="DOI" value="10.17487/RFC5210"/>
        </reference>
        <reference anchor="RFC3704">
          <front>
            <title>Ingress Filtering for Multihomed Networks</title>
            <author fullname="F. Baker" initials="F." surname="Baker"/>
            <author fullname="P. Savola" initials="P." surname="Savola"/>
            <date month="March" year="2004"/>
            <abstract>
              <t>BCP 38, RFC 2827, is designed to limit the impact of distributed denial of service attacks, by denying traffic with spoofed addresses access to the network, and to help ensure that traffic is traceable to its correct source network. As a side effect of protecting the Internet against such attacks, the network implementing the solution also protects itself from this and other attacks, such as spoofed management access to networking equipment. There are cases when this may create problems, e.g., with multihoming. This document describes the current ingress filtering operational mechanisms, examines generic issues related to ingress filtering, and delves into the effects on multihoming in particular. This memo updates RFC 2827. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements.</t>
            </abstract>
          </front>
          <seriesInfo name="BCP" value="84"/>
          <seriesInfo name="RFC" value="3704"/>
          <seriesInfo name="DOI" value="10.17487/RFC3704"/>
        </reference>
        <reference anchor="RFC8704">
          <front>
            <title>Enhanced Feasible-Path Unicast Reverse Path Forwarding</title>
            <author fullname="K. Sriram" initials="K." surname="Sriram"/>
            <author fullname="D. Montgomery" initials="D." surname="Montgomery"/>
            <author fullname="J. Haas" initials="J." surname="Haas"/>
            <date month="February" year="2020"/>
            <abstract>
              <t>This document identifies a need for and proposes improvement of the unicast Reverse Path Forwarding (uRPF) techniques (see RFC 3704) for detection and mitigation of source address spoofing (see BCP 38). Strict uRPF is inflexible about directionality, the loose uRPF is oblivious to directionality, and the current feasible-path uRPF attempts to strike a balance between the two (see RFC 3704). However, as shown in this document, the existing feasible-path uRPF still has shortcomings. This document describes enhanced feasible-path uRPF (EFP-uRPF) techniques that are more flexible (in a meaningful way) about directionality than the feasible-path uRPF (RFC 3704). The proposed EFP-uRPF methods aim to significantly reduce false positives regarding invalid detection in source address validation (SAV). Hence, they can potentially alleviate ISPs' concerns about the possibility of disrupting service for their customers and encourage greater deployment of uRPF techniques. This document updates RFC 3704.</t>
            </abstract>
          </front>
          <seriesInfo name="BCP" value="84"/>
          <seriesInfo name="RFC" value="8704"/>
          <seriesInfo name="DOI" value="10.17487/RFC8704"/>
        </reference>
      </references>
      <references anchor="sec-informative-references">
        <name>Informative References</name>
        <reference anchor="RFC1997">
          <front>
            <title>BGP Communities Attribute</title>
            <author fullname="R. Chandra" initials="R." surname="Chandra"/>
            <author fullname="P. Traina" initials="P." surname="Traina"/>
            <author fullname="T. Li" initials="T." surname="Li"/>
            <date month="August" year="1996"/>
            <abstract>
              <t>This document describes an extension to BGP which may be used to pass additional information to both neighboring and remote BGP peers. [STANDARDS-TRACK]</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="1997"/>
          <seriesInfo name="DOI" value="10.17487/RFC1997"/>
        </reference>
        <reference anchor="RFC6996">
          <front>
            <title>Autonomous System (AS) Reservation for Private Use</title>
            <author fullname="J. Mitchell" initials="J." surname="Mitchell"/>
            <date month="July" year="2013"/>
            <abstract>
              <t>This document describes the reservation of Autonomous System Numbers (ASNs) that are for Private Use only, known as Private Use ASNs, and provides operational guidance on their use. This document enlarges the total space available for Private Use ASNs by documenting the reservation of a second, larger range and updates RFC 1930 by replacing Section 10 of that document.</t>
            </abstract>
          </front>
          <seriesInfo name="BCP" value="6"/>
          <seriesInfo name="RFC" value="6996"/>
          <seriesInfo name="DOI" value="10.17487/RFC6996"/>
        </reference>
        <reference anchor="RFC7908">
          <front>
            <title>Problem Definition and Classification of BGP Route Leaks</title>
            <author fullname="K. Sriram" initials="K." surname="Sriram"/>
            <author fullname="D. Montgomery" initials="D." surname="Montgomery"/>
            <author fullname="D. McPherson" initials="D." surname="McPherson"/>
            <author fullname="E. Osterweil" initials="E." surname="Osterweil"/>
            <author fullname="B. Dickson" initials="B." surname="Dickson"/>
            <date month="June" year="2016"/>
            <abstract>
              <t>A systemic vulnerability of the Border Gateway Protocol routing system, known as "route leaks", has received significant attention in recent years. Frequent incidents that result in significant disruptions to Internet routing are labeled route leaks, but to date a common definition of the term has been lacking. This document provides a working definition of route leaks while keeping in mind the real occurrences that have received significant attention. Further, this document attempts to enumerate (though not exhaustively) different types of route leaks based on observed events on the Internet. The aim is to provide a taxonomy that covers several forms of route leaks that have been observed and are of concern to the Internet user community as well as the network operator community.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="7908"/>
          <seriesInfo name="DOI" value="10.17487/RFC7908"/>
        </reference>
        <reference anchor="RFC9234">
          <front>
            <title>Route Leak Prevention and Detection Using Roles in UPDATE and OPEN Messages</title>
            <author fullname="A. Azimov" initials="A." surname="Azimov"/>
            <author fullname="E. Bogomazov" initials="E." surname="Bogomazov"/>
            <author fullname="R. Bush" initials="R." surname="Bush"/>
            <author fullname="K. Patel" initials="K." surname="Patel"/>
            <author fullname="K. Sriram" initials="K." surname="Sriram"/>
            <date month="May" year="2022"/>
            <abstract>
              <t>Route leaks are the propagation of BGP prefixes that violate assumptions of BGP topology relationships, e.g., announcing a route learned from one transit provider to another transit provider or a lateral (i.e., non-transit) peer or announcing a route learned from one lateral peer to another lateral peer or a transit provider. These are usually the result of misconfigured or absent BGP route filtering or lack of coordination between autonomous systems (ASes). Existing approaches to leak prevention rely on marking routes by operator configuration, with no check that the configuration corresponds to that of the External BGP (eBGP) neighbor, or enforcement of the two eBGP speakers agreeing on the peering relationship. This document enhances the BGP OPEN message to establish an agreement of the peering relationship on each eBGP session between autonomous systems in order to enforce appropriate configuration on both sides. Propagated routes are then marked according to the agreed relationship, allowing both prevention and detection of route leaks.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="9234"/>
          <seriesInfo name="DOI" value="10.17487/RFC9234"/>
        </reference>
        <reference anchor="RFC7094">
          <front>
            <title>Architectural Considerations of IP Anycast</title>
            <author fullname="D. McPherson" initials="D." surname="McPherson"/>
            <author fullname="D. Oran" initials="D." surname="Oran"/>
            <author fullname="D. Thaler" initials="D." surname="Thaler"/>
            <author fullname="E. Osterweil" initials="E." surname="Osterweil"/>
            <date month="January" year="2014"/>
            <abstract>
              <t>This memo discusses architectural implications of IP anycast and provides some historical analysis of anycast use by various IETF protocols.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="7094"/>
          <seriesInfo name="DOI" value="10.17487/RFC7094"/>
        </reference>
        <reference anchor="RFC4364">
          <front>
            <title>BGP/MPLS IP Virtual Private Networks (VPNs)</title>
            <author fullname="E. Rosen" initials="E." surname="Rosen"/>
            <author fullname="Y. Rekhter" initials="Y." surname="Rekhter"/>
            <date month="February" year="2006"/>
            <abstract>
              <t>This document describes a method by which a Service Provider may use an IP backbone to provide IP Virtual Private Networks (VPNs) for its customers. This method uses a "peer model", in which the customers' edge routers (CE routers) send their routes to the Service Provider's edge routers (PE routers); there is no "overlay" visible to the customer's routing algorithm, and CE routers at different sites do not peer with each other. Data packets are tunneled through the backbone, so that the core routers do not need to know the VPN routes. [STANDARDS-TRACK]</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="4364"/>
          <seriesInfo name="DOI" value="10.17487/RFC4364"/>
        </reference>
        <reference anchor="RFC4786">
          <front>
            <title>Operation of Anycast Services</title>
            <author fullname="J. Abley" initials="J." surname="Abley"/>
            <author fullname="K. Lindqvist" initials="K." surname="Lindqvist"/>
            <date month="December" year="2006"/>
            <abstract>
              <t>As the Internet has grown, and as systems and networked services within enterprises have become more pervasive, many services with high availability requirements have emerged. These requirements have increased the demands on the reliability of the infrastructure on which those services rely.</t>
              <t>Various techniques have been employed to increase the availability of services deployed on the Internet. This document presents commentary and recommendations for distribution of services using anycast. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements.</t>
            </abstract>
          </front>
          <seriesInfo name="BCP" value="126"/>
          <seriesInfo name="RFC" value="4786"/>
          <seriesInfo name="DOI" value="10.17487/RFC4786"/>
        </reference>
        <reference anchor="RFC8416">
          <front>
            <title>Simplified Local Internet Number Resource Management with the RPKI (SLURM)</title>
            <author fullname="D. Ma" initials="D." surname="Ma"/>
            <author fullname="D. Mandelberg" initials="D." surname="Mandelberg"/>
            <author fullname="T. Bruijnzeels" initials="T." surname="Bruijnzeels"/>
            <date month="August" year="2018"/>
            <abstract>
              <t>The Resource Public Key Infrastructure (RPKI) is a global authorization infrastructure that allows the holder of Internet Number Resources (INRs) to make verifiable statements about those resources. Network operators, e.g., Internet Service Providers (ISPs), can use the RPKI to validate BGP route origin assertions. ISPs can also use the RPKI to validate the path of a BGP route. However, ISPs may want to establish a local view of exceptions to the RPKI data in the form of local filters and additions. The mechanisms described in this document provide a simple way to enable INR holders to establish a local, customized view of the RPKI, overriding global RPKI repository data as needed.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="8416"/>
          <seriesInfo name="DOI" value="10.17487/RFC8416"/>
        </reference>
        <reference anchor="I-D.ietf-savnet-intra-domain-problem-statement">
          <front>
            <title>Problem Statement, Gap Analysis, and Requirements for Intra-domain Source Address Validation</title>
            <author fullname="Lancheng Qin" initials="L." surname="Qin">
              <organization>Zhongguancun Laboratory</organization>
            </author>
            <author fullname="Dan Li" initials="D." surname="Li">
              <organization>Tsinghua University</organization>
            </author>
            <author fullname="Jianping Wu" initials="J." surname="Wu">
              <organization>Tsinghua University</organization>
            </author>
            <author fullname="Mingqing(Michael) Huang" initials="M." surname="Huang">
              <organization>Zhongguancun Laboratory</organization>
            </author>
            <author fullname="Nan Geng" initials="N." surname="Geng">
              <organization>Huawei</organization>
            </author>
            <date day="1" month="June" year="2026"/>
            <abstract>
              <t>   Source address validation (SAV) is an important means to mitigate IP
   source address spoofing [RFC2827].  This document analyzes the gaps
   in current operational mechanisms for intra-domain SAV.  It also
   identifies the properties that new intra-domain SAV mechanisms are
   expected to provide.

              </t>
            </abstract>
          </front>
          <seriesInfo name="Internet-Draft" value="draft-ietf-savnet-intra-domain-problem-statement-26"/>
        </reference>
        <reference anchor="I-D.ietf-sidrops-aspa-slurm">
          <front>
            <title>Simplified Local Internet Number Resource Management (SLURM) with RPKI Autonomous System Provider Authorizations (ASPA)</title>
            <author fullname="Job Snijders" initials="J." surname="Snijders">
         </author>
            <author fullname="Ben Cartwright-Cox" initials="B." surname="Cartwright-Cox">
              <organization>Port 179 Ltd</organization>
            </author>
            <date day="16" month="November" year="2025"/>
            <abstract>
              <t>   ISPs may want to establish a local view of exceptions to the Resource
   Public Key Infrastructure (RPKI) data in the form of local filters or
   additional attestations.  This document defines an addendum to RFC
   8416 by specifying a format for local filters and local assertions
   for Autonomous System Provider Authorizations (ASPA) for use with the
   RPKI.


              </t>
            </abstract>
          </front>
          <seriesInfo name="Internet-Draft" value="draft-ietf-sidrops-aspa-slurm-04"/>
        </reference>
        <reference anchor="Cisco" target="https://www.cisco.com/c/en/us/td/docs/routers/ios-xe/ip-routing/b-ip-routing/m_irg-remove-as-0.html">
          <front>
            <title>IP Routing Configuration Guide -- Chapter on Removing Private AS Numbers from the AS Path in BGP</title>
            <author>
              <organization>Cisco publication</organization>
            </author>
            <date/>
          </front>
        </reference>
        <reference anchor="Juniper" target="https://www.juniper.net/documentation/us/en/software/junos/cli-reference/topics/ref/statement/remove-private-edit-protocols-bgp.html">
          <front>
            <title>Junos CLI Reference (remove-private)</title>
            <author>
              <organization>Juniper publication</organization>
            </author>
            <date/>
          </front>
        </reference>
        <reference anchor="manrs" target="https://manrs.org/resources/training/tutorials/anti-spoofing/">
          <front>
            <title>Anti-Spoofing - Preventing traffic with spoofed source IP addresses (Module 5)</title>
            <author>
              <organization>MANRS publication</organization>
            </author>
            <date/>
          </front>
        </reference>
        <reference anchor="isoc" target="https://www.internetsociety.org/resources/doc/2015/addressing-the-challenge-of-ip-spoofing/">
          <front>
            <title>Addressing the challenge of IP spoofing</title>
            <author>
              <organization>Internet Society publication</organization>
            </author>
            <date year="2015"/>
          </front>
        </reference>
        <reference anchor="nist" target="https://doi.org/10.6028/NIST.SP.800-189r1.ipd">
          <front>
            <title>Border Gateway Protocol Security and Resilience</title>
            <author initials="K." surname="Sriram">
              <organization>NIST</organization>
            </author>
            <author initials="D." surname="Montgomery">
              <organization>NIST</organization>
            </author>
            <date year="2025"/>
          </front>
          <seriesInfo name="NIST SP 800-189r1" value=""/>
        </reference>
        <reference anchor="urpf" target="https://www.cisco.com/c/dam/en_us/about/security/intelligence/urpf.pdf">
          <front>
            <title>Unicast Reverse Path Forwarding Enhancements for the Internet Service Provider-Internet Service Provider Network Edge</title>
            <author>
              <organization>Cisco Systems, Inc.</organization>
            </author>
            <date year="2005"/>
          </front>
        </reference>
        <reference anchor="SAC-004" target="https://www.icann.org/en/ssac/publications/documents/sac-004-security-and-stability-advisory-committee-securing-the-edge-17-10-2002-en">
          <front>
            <title>SAC 004 | Security and Stability Advisory Committee - Securing the Edge</title>
            <author initials="" surname="Paul Vixie">
              <organization>ISC</organization>
            </author>
            <date year="2002"/>
          </front>
        </reference>
      </references>
    </references>
    <?line 568?>

<section numbered="false" anchor="Acknowledgements">
      <name>Acknowledgements</name>
      <t>Many thanks to Jared Mauch, Barry Greene, Fang Gao, Anthony Somerset, Yuanyuan Zhang, Igor Lubashev, Alvaro Retana, Joel Halpern, Ron Bonica, Aijun Wang, Michael Richardson, Li Chen, Gert Doering, Mingxing Liu, John O'Brien, Roland Dobbins, Paul Vixie, Amir Herzberg, Jeffrey Haas, and Xueyan Song for their reviews, comments, and suggestions. 
Apologies to any others whose names the authors may have inadvertently missed mentioning.</t>
    </section>
  </back>
  <!-- ##markdown-source:
H4sIAAAAAAAAA819a3PbRpbod/4KXLtqTU5IypIdO1E2U0PLdqwZP3glJzO7
m5QLJJskYhBg0IBkxfb97fc8uxsg+JCT3VrVTEwSQKP79Hm/ejAYdGwZZ7N3
cZpn5jQqi8p0knVBn2x5cv/+t/dPOtO4PI2SbJ53bDVZJdYmeVberOH+82dv
n3fiwsSn0UVelUm26FwvTqPL0U+vn73tdGb5NItXcN+siOflIDHlfGDjq8zA
56w0xWCWr+IkG6yLfJKa1QDmUpqVycrByf1Op0zKFJ4d88XoUi/2ox/idTTK
4vTGJrYfwfyjC/NblRR02UbzvIjOafynNH50mVfF1ESj2aww1kY/xWkyi0tY
RdSJJ5PCXJ3K/TO5n+a/+eZOGmewPJN1OnFVLvPitDMAwNjT6Okwepl0ooiX
+zTO+GtewO1vLcBlWcXRj1lyZQqblDdwaQr/nEZPTPIrQg2+51VWFvDT2TLJ
YvjBwFRS2IgcJ5v9rZRRhmZWDaeZvvjlMPq/Sebe/DLOpkuTLeRHev9/LvNs
sajgSgXTiid5EZd5cZs5/JZk6fRvvy+maTzZfP/LpPLvTyZJJr/8SS9Pkyqd
tL/81TB6AUMv3OtfwVAw2YX7meYAX65NcotXLvHplYz1tyU9PpzmK33vP4bR
ZZEU8cq9+B95mbyP03hdzRJ/jd7+4+Uoek3YFqeAZhbQuipNlM8Rr7JZXMws
ofBbM11meZovEDiKlvTw+eVbN/kf4qRcAhJNqgJXUJgFDAwLfxouBxCtNDPG
W4tvGq1MkUyDFVqa4hAp8m8L/ImW18nyYgVTvTKncOvF87OTb04ey8eHJ4+P
5ePXJ8f35eODx/cfysdv6GMH+UR9kONvv9VBHn377SP5+Pjb+9/Ix29PHugg
j+9/qx8fPnjkPj7+Rh/75uExfTwfPB02+EkRb+Un9SeSWZGv7SC263hg06pY
4WX431lipzl+jqIyLhYGuN6yLNf29Ojo+vp6OMXLCKej6ZHJjip7VM6OgMXZ
owJ4H+zJUZLbwQdzlKwHBXPDo8kg+LJ6lxSLAXCp/MrA2wf3h8tylUb8QmZ2
52NlpNFZns2TRVUwo/qhSmYmGgwAVeM1vCyC3y5wJLx1XCRXsNJodBm9rlYT
mEo0L/JVBJiCv43jcgmIGz35YUzvUt6Fn6MBYymtPVpXkxTwBN9IV4FLwqRG
0ymwTUCok/snjxhUf6+yZG2K7cD6lW8Ywt4gjCrcBRoX4QbQs/m8vAbJcQQ3
5vZomiYAmLkpTDY1R2W+ThCsZn7ktvBI4LbmtQ7MLClxo8t8mqd2MFmsN6H5
dxw7Ont5DqCSsaNufZzeVojIEg+ECf/Bh1WcFbYdLnRpCIPDWiyJJEChAhAW
kQOYQl4kcWqP4qxMBnad53P8PVzPCK9cyhWY5xh4BIAGv8A483kyja6BPUT0
MMyNX4JIFbPoA27QfZXPqtREX29f+avR64vLg9YNFxKbT7ejAYl5wAG4CWjv
prF4QIyjk/vHXx/J9GAhA8DZwXQZpylIMTPI50hA7cBwzxCeu2eQ38GK9Zmt
qzyXqYF2QHPbsmCcH+N8ltiyfaWzPKGVHd8fPrp/8s0Rcuzh5Xj4zf37g+Nv
vi2Oh8l6FtVQ886TvJgBdv0AL7mOb1DXIEyOLs20KoDVi1pjkzRBvL2zsY4W
WYR/tDYRGe4mUE9egc62yEEO3LTeqIs9+Zq+WpAX8G7g5TBVvCm6HEduOXdw
46tiPT+MWc7iFZD8OyB8kP9VeWRliUeIHWmaLIjocbzhejavQQkk2TS2JQAC
NSfDrOx5XgDrmOHOP8uWoFoEeh+igt9ZU1wlQAAA3Ctgn8Vg65XotSmv8+J9
9Gy2aIF1nUte3ljgSaB5nmfTYQ16979GyFyOzgb3WS5uoYppnGWEMcgJbTw9
CnDPOn5pj+ASjjRQiA0AKVCqTQAr8NvsCsivuBkAnFdJWRojdwodGVjM4Pjx
4Pg+KNT3TwYmqwEX5hnB6NGnOtJd6vhAYjw+yCIZHwBxKW8gULeDS7BuHFdp
9FPyITEhyp1fntVhdtLpDIfDTmcA0i2eWOBk07LTebtMbKSQgHmBtv87sC98
qYh3IPEYthCnvOZtBEUqWoBtEIttgKzAfACyxemGFodyRuE70ZW3CLqg/Pei
FShjMRD8yg6jJzHyO7gE7wYUBKaCqAfbn5QRoHOaZDKvEjU42MUU1LKGOTKv
yqowUbLCmfLvsuJVMpulptO5i2hbAG+e0jQ+3kWNJv/c6Ww3XniqCa56XoEm
STI29XOnN88MTIsAgICCXUwWMX1tgED5ZRSXZTx9b6OPH0UB/PyZP6Pap59R
79PP39Dn4YYJ1Yd3w4gAuyRjFg0syHwoiUErIYpuFFXEyEFDGTzkUVHf/Py5
D3zd4Gzw+fqMWbMFUMRO+BVmakDvnLH2E0eZSRZLMDlw6NFlP7peGlSeYbC4
dA/B5QVo/6gwo/CUueqj9yx8ZNYAwARYT4yI28ySkl0uYQkL0K/KTQjQ3qzX
wMFnANZowixftEWw7AAwQLmh+IZdBQgBaGAfCWHngOJAB4BM0zK9QRBm8Anf
m28scBi9hZmnOWIgqH2IHhFoMKiP8w09woFweXgfaGHBuLwRbhKwI1HXwH97
PHr4INgb6QwAos+QZQKzYmaGd2SkjUbd0eXrHsIPrjlV9TXvM5oEiD3RfzfJ
IzT+R8j6LaF6ATi6zmnMiNCnMGksGxcaK4onum4ml/+6nX3zC+J2MkUtf5pW
CBUcFWe4zG3J9uW0siXKf1ABszwbIDbUsEmMhY8fRXzBpnRoLbj7oBCQ2wfx
v7w2homkgdAAevx1A+3asA6muAK1R+YbncnkBmU+cDK5e3Yy7vW99IZrel/U
HZ+cwTUEaQE7szaGiAB+xkdId8JZkaDH2y9gubDIi8vBFBWqUtcOa2LEhnFW
1gGpr/gFjwqtu19k/PDVDFJ3I/zynfyOe2ABP4AgQKL2ekAryhBryM40CAhc
4lfS4kGeAl4GPJToBe1m5bxoOCPtPK8KJL1++GuE49KOXfAGuKUPwY7AbwBO
Dw7HbIhnvccJMkooRPwdQ1TAmCpBZ8uFERPDjzP/Gh4/GBj3G5hFWRiig+5x
L0qT94aYgsDa31yHWx+ZR/fEPQCmGRAuvDXcBMsQnDEmgDUgKC1kHGw9ARbW
R1tEsEZ5gJrjv8D+vgS81xUiViTslanvnGXccagN1F4qAeiu9uEuA3sSDEJE
xTYUGvgg4dPoJWw6sMizl8yeqz0qb7e6GD/vRRNiX8ybfquQDyIKVcB2MhQU
IFXT5HembAv7Rxwd1o5wbbJFFFx1fOzTOlrYJ+DkTJwLeQavwdscu0VvMPpo
gMM8ORtHD76p6RC4Nvz5m4fbVIieJwPYRBTjsgshgx/ulBPxVZykMTBHN1d8
Lag0ZrUuSeQCiV6b4pTQ7xr1AHxnnc3D62AJHz/CvzCpPiFe7VbgLOQ2x0UL
L6YH5DM9hO/tPmg8uEbdtl2UsIKTVkyzTHzW1IaHZ2Bo4crzPE3za1LkqtUq
LhIFQagKuqcJyd1G1UUhzNUqFIXP0MqHIJL/Ep2jbEM/yAQUi/en0TMdBNFw
wFjox4LJzOdwM2FIUnsUeGGc4opy4JGgpdkeEdN13tDMpyaD1eToW05WpGKB
AFjHC9Z5gcRi9HvMkw8E4hegPoM04l+GtQmvkezA8vonuUSYBjbn3oRFUn9c
Z52ZRSyzBuMtWoJaB68lBgBUcLMmt4NnX10vSEIWRXzMyRGw3NdmmswRIVLg
cQmzD8Zc0hc+yJ6y/kcuZLTLkETIcVRuIyVCIDDcEOGnywRYSfS7KfLGlgAo
mNJhT2wiRh+uowEDkNLAtIHRD6Pu6xzNtvMS5QRMKl9kzGYQzassRcaGsojk
yLwCJhzP8rVuHek6WV2uwGIAXmdnPWWfgSjKHDeg3d/cHXhJlpf0ohsALLnD
iPxDTEK9v2iaD97gyafANoWpBRbA2Rm8bmiGfRJQjHDA4mGyo6rMs3yVV1Zc
Aajg9iL3HM5KXXBsicAcUTUeXepNFigU7hz2EGNfgFYU4ao0SgC6ZLE08ew0
AqkgeAozpWmTYpekJUk5MmkyAgHY30BAQC59Ui/RkATksQnsDyIYoErbG4j2
AY6ZMTPiOtV6Rur52cuoqFLS0rIK0ZNQaRavSxKcDI+8cPYbEtACbof1gT2W
rAw8AY9mpmD1arltjQAsW6HMNLyVcEsZs/rRRq6BBg98MHe7WeeW/YZ6ZZnO
TMBGmVc6Jvre3OxS9JHKM3PtOPSp4zRXwkNixKJ4ekML81P380X3LQ+y3SyJ
VkAVyiDUrGiMj7AhXTUkVOawyBCbFLJtOkOkYXodKCnv9zOKqCvEcJUngNYt
rHwqO+fpTlki6kZOngbqaiIzkIW2sToYwmG7m4JMdEGaJOCg+VW0MbhbCU8s
6t52AOAWXhikk9k26tu/YXapRjCxHQQjEyIzdXG/hOQhJtJA7UEXMEOPTkNZ
JI3wCPAPHxAknu55QnCXtaeFyWhh4q7DuRN/BEE0YTKDX5nmazNh/aWyZtsN
uFIZ3CAfEL5RewlB+AncNCcZwmKENZOjdVyUCQB7ZtZpfkMxuoPpg9gdcA1g
obBtV7EFFKyJGZ0FS9L+LpCTRNbrbRAmOnG7zGsxcQFbS29Es2NyIyRLXhDQ
f6ZIFPhbKXhJUsALnPmmKwslF8JoEy4ExbEbH4xWeCIG2a5O4WhRxWB5lgbl
8tyxqh1QDAQEbp1lf0Hr8vv+NYGWR9tANCXSAOUu8Hu01lAsJpmjSOCdSL5x
Y2/aYY1LfYZkqyY6kCJFB25Di8oeTNtAIXqwphDPkYcg1AA9zFWceWolzWAf
ze6iTjIZJzei1sk8YZWoRIkXsian5vCB7Olsl++KnxSfNXvDmEcC9kzfm5LV
fRDM0SqfJfMbRBvyk67TGNQXvQlYh50C4yOeTDYVfQUbG+QGzz+xNI+MOSPg
QoIgjFVo8kj8FoleRNe0Bw7DEMUTYawzg+pIHxmTGLN9XiZxX1Y/mfF47K8r
gOh+usnF5K77BG1ZzZIW1wqpH6Cu5AUwvQYcJ+oCZOi0rAYNN7T2UByT3kYQ
IhwK39Hp/Pv/GQw6rBsH0fhr0K7EDwMvQraRoEI0Clyk6BWx6KQiK0wdy2CD
clyQlA+nZf2O6ieb9mx76ptQNX8rKpB7eya5ALgI5JlXCSj5rBs7/y459+IZ
kEeZWFF4JmYaK+t3Pi03YbA8kjUpXKswy+DdePT2hXiCrSS2RMAWZugmBTld
AaMDBKqmS1xoI5gfY7iBgmtguqBWWbsM1yQYj+6TweCvGC15G3hmPt4NZWCn
8/H0ipDic8eR+WnnlN18RPOwgazCGiEmdP5OKVsGV0OkJdpHHDnK3gin41T9
j6IUr+u+skswclAfVl8yam73QJ+NulscPOjksuU9HPseTp/U8Hu0ieKBgkGY
Q8Fabti0v+cWeg/NdmcDPyGjXdYeRLlg9lVaWpY4nmdEqVkAtaIdsSmiOPJB
+qDxeibqOBUrPsi0WE0tQy0g6nr/6r26XnmPqP1eXZsM1mpvsjy7QUsrvUFb
ya1rLLb94Str5EQ0l8XacvknLIxHqq1MnQc7VuYc22eYiCnLqv3obOQ4WiSo
LWBEa2aAsDG6ZOHrYNR3AQB2cOFvoGVbk87ZjYU/3NN4UhgSQBaCrq4HPXqz
v4LZY9seQqqp/4ZDPITXZAjoCNWHAtUH1NDQw+HtLXTPAhInmWVi9C7+ac3F
D8SQvUdOe81SGER7EQP63wDPHSsJO8sbAecoES74XWUhnBQRDCTBt4kJY38T
djLT5gA0N9CEYqlhsDF4Ftlgn1wDcNMKJA17nWvOBIpwhTrEudcTcNqa9lVT
7s1wAfbOxfkT9mM+xw/rfF2lMmUnGFwiFM5AFA4OBE5raWTh6IMBSuRpkUxw
LAMbgz/JVji1BTg+G0d5wf7pfIK6nWWJYJc+vHsheT3RmGXFP8CkhkUWMUiM
akqBsu7F+B/nPWa51+iTESCy9ybHYALbLRhOoTiSRhgmqM2APAR6yjnkKHeS
/xpRFod2k9O4krP7gqvkrrMOuG9GDNzR5XgEhizs/bVBt5V1mjTfT5OWGIbO
dchb6iREY0+DrwBqljDkkadgCUfsZEQN8+BMzAdm7zMXbCN0Ytm6zkkfI5B5
fZiisasVxQ7odYoQpICzvM+sOlAzDxe9j2EYooeDdhm/N+ItKVb4PL62Cc+u
7bFHQZ+aosPV6Qf7cHEH1gGM66mQIZBZAJCa6gdLrHsTjEivBmC1jEyBLPMh
Xq3RIo4RzjwTDnV2bTVBXZcUg17AVY45An0i2hkiK6pRjnNJxoBuMcED+I6l
+Nj5xUAHnTmd4cGwxnYxf4aIxuqcyfsmWhpO4CqJWXfjALbqZ5pX0aeAVJHA
7sA0+RP78DgjDzYDNbxu0xkrM5f4BUwOvczixJTXE9Y8wKWlqHUnSCvK1ZOS
403EBoA1TfIqc64YXiKsRXfEbZJ33wmEQdjmpAyBcOT93Y46CaXvVKTX4X5M
csp2bUTYKdpHDjHzYc0xb/+2bLZpbqGvl5y2QRoGCg1ytFXZxijDSJKcyBTQ
pZI1V+5egIJjLu5UL5Y0wFjz+TqeKCizdVyMUwBnuUrMNc4zLhADYrvd+cQM
MUBz+HLCTL/+dLsnKnwcMAT4AanqT1lFkED8hQFBADc/vbzoEfWOnECdmRTr
I27QAjMp8TOKMaoRjfFStAif6n2SsweEevb0tRWxgmgNjJtCqFay/LwUZ6yV
Nzm7mPAbk+VoLyQCh4PNcnY2ZRkg8tRISN4NR4FTMmm8wYrhNPLBodOTYySc
kyT8J5wbpnEX7p19EnISTF7DHCiGYnHJLv9ncuOCCTKA+EQpEBuuoKdJBFvB
gbu5mVYFnCPWJClmDno77QOQQGHi6dK/kOehZArPTMktC1AIjIklhekGghzq
IR6iIecCihvZU6+8pf7xLvzwTmK6YOG1ZVqBGBKnq2SfcNaVMNAUrK006iJF
kYmmuSggOgc+4jSJbWIZ5YV8eGd5KBimkfICevOTC9sLvWBbwkzihyAL4AoX
X9nQFeED1yU531OyxTfZEgcjggRxFxjyDOLjR0xVpoAgpZzTJ8zTxnw6EUkF
YpmwhkZOA3nhNgNP4fgu5rg3QsXpiS5NgckKuE/CXi4fZ4JlN5xYkyBBKyk2
NHIRJ0GgihQpdUrP/PP7lI8NH3pfAqIko1YTUsyImoTyOH19GL3Ir9GG7//P
hOn8UjFaJxaMd803425MqvMUme/OeN1GqofeYym4OYzeZJy8g9bMe1QAWRPF
+XRhsktMlzBFAfYPmbM99mQBvd+gJyNikttM8XHSVHa27pGhVJCUPe1JRgb+
zslKcql3MamiMwC+NSBB4l4QuKFriWr96Hz0esQOH4zYs6B1z0lQJPPq2/n4
6uER/OdRoAY8ASbOkWl0CWi+B6pFJVqGlIWLofuYtowEWYo54uz4vMnilXAx
4BLkurWGMosa7w1fiVVlhCWJs1DICnWvJ5+r13RLUs/XFTmPaR/dZiEYuSLF
g7odiJyEqRD1xjBYL2nFBr/KvA1A08OgXVOuN4f9dAKSuuv98zJTEqAxhYIl
rjOMRqBY9132TKCocU6XV2txa0vmFrwKybFobBJrB0zkQWZVl/GdXg2I1TCa
OWuJ4O1iP8O9bBHzvVhvxlX3omUsqcJTTb6vRVIVqdGp05IMDKDMnKeLUj5d
xtykyOPZhAUaBf7mMPVigMGyqf6Erg3YP8wYgpF4dQUq4TjvNM/XqK9hehr/
IkaClbwx1NynmB3Sl0QLUipE13B0L8GZZYyebqbs6H0Gyyclgmt2VGZ6FVSN
McwXpDU4u45kLnC6eKFqmbzSbtlqVKU9xNmYTTzQJVzZmmqAWuo0ja0mOtYE
d2G8pNlXriK5e1tT6CV1GHB5ZmIiesQ5cXOQjoNZEaCQJEw19mYFyytuXKS9
wRWxbBuBdKMbRFm7qJlmmIi/hJ1lExZwulSLA4FCdr/ei5oN6St6v9caCQWY
YAAlZpaSmFwoJS4KzA5QmtYEAUeo/Rb9k5kzCAAZwwfYSe8kloDGr8uiCUZz
ZqMmrz4/fxJIaQetQGy4vJM4vY5vcIkUvVLWaZjnlz7RhAApiJ6U/nl8sM+w
NmFREvH7fMZSh7aTSMBc5SlYBcPoaTKn0sSy7a6Zu0jqK11lYz4jBR4jf6n5
kISxM1euIF4OUcqXOdKIOmRWJJAqDOxgwHlagQhyTzq2M4z+CShQJKBF3Di2
JxTPs42t+HTtKVY+/SW6ZKcDLaGmJ4YXEjY8VjkaJSXyQ10/+ZDYULcej4iO
AbFgusQnmyjDIRy0sa8ob5Qkheg8ojMAJvSDPPQA+RnZ5GbbglcaqDV1tEaC
F6sHZ95mL2zmTpPCRbmIDsj9iA3nuJWxow/EDJY5GjO2rCahTHOK/pALFP8S
vaRN3gR+8DvavZQJ5Va1SX8O8Gi/AqFwzCxQvrByZ4KKZjldit+H9ePABb5u
eOdpBwqzAFaYOjoPwYzBYzJONkCNkmbeNldJ/9M59sOFzhI7peJ6P9wwvF6z
GMNdk9hyQ1214jllXxwrrvUA00bEAGltU6nVCTvbJlqk+UTrfRCy4klBXbTm
KuRYaRV6IPpb1NHghlWVliyVgh9NOR1iJjEizXMTc1yYpBXBpvt8PNgQVdhX
gPLvA1JWe1KSjkJgE9Ok7dN1gv4Jj5FIKdgNtIY39iN5GQvngOzRqI7ZT5Hm
GDPi4dn2luojdUbEG4a3FmY1UkpD8o26oY2JYWoGBL3BIe5o9usAQzCD8yws
TQMrkZN25n5WipCMQskK03T4QpdiniRNEcrWpGxsa+rFKn5vKBOzrkiS/MYN
FBZgsqsEDC0WLSyEYhFrWP+mMSQr3jNN7xTfhA1dMup2IzTlICj2RVgT1wE7
4cblAaCYA+uLFqaxgDu4lju8mAlsl0pcazIgG8eQpD531oZkRDWjdAG2Q7lc
gYrVfaaYAL8ORr1QNzqN6hdRDQJ2zhjBZuacw8DtobsgjB94e7QASSOS3rix
WLHuigIpFPSGbBxiACJvvEbikS0OammcZYaTIyGGGvRaAi/yKsf1nX9/xiYz
Rj77IcYDQ8pKZt5a3ZLrnEhZNpZ9RnQJgwPsHQickITp4RRVJmZe6mZq5Km2
QMo1ikSppYnJwLUG09ZSa0QXyjDQXCOW7gYUYdbqd7PRv61msV1+54PHvugK
P2JFj1LHHQd71s3voNoOhg2QvqsDDHwoqPUjGQW6EbszJSSCUr+IXV6SIJYS
C2qRlSb+huoec3+f5s2pOz7AQQ+QCJwTLLx1fEV1kbihXnNkfPB7HgfansC/
60hf63dbiN0pEsrPb0FzTxo092QXzT3xsCbGp+m3IZS7aK3HBbunmuSMatli
URgpQKYUgFYNiWpbWfWJ7rhbFrDi9R0CcpDvUY+GCKXMkwK973V6qdgDWXNg
hPTThq0tKlnblNlB4CqiQiJojorKN2m5RHRcyUGBvpg8HYVZYqD2CuPZz5mx
dZ0vpKfEK0WehrxHzrkX5DII1eK6mkqXL4IOfVscjkerHG1tNLCCUkitXGlW
QnJyhtAozTUoeAZwo41NTK/Ira3t9wDg5ip0CYZ9rdIS8w2gUBWie2+TWjHL
RhaNNdJEOYzQUZFWl9U6iNqnxG499TUnuc6L0odDkMADP4dKFdkFzPjzRE3m
MZNEYjlpuk4UUqggPoqu0GBh2C1c7ijNYQ0UI0aismJEEmNG5Argep3ZnsIe
LXApJAu+nntPEU3iKD8lRVkBo9QcFcpFCbwaP12ApuitDuzcRJ4NbOkRhiFO
I7iTb6TAKBC5AdDgvuKF0sVwSamr1aBTqSYFaq1wzgjTI3lNHCxhfsDCPsxB
v1vrFxd9vIt1CFxEB/QyA80VttnYDR9Kw9Ej9h18R9eAKajsKSbFFKS/QWN9
xTkW9nRv6dsBdWZsrrZFA6iAFz1E6d5UeakLAcpz8SLXKYicnZIhhRdaqCzJ
+Nm2io7AsaI2rTiZttQZkrwEruATilHHpAm2vDp3kGnOXJOVtQI3WVn2aGfY
PGNXP4DGfCily1E9Z/mEVXzA11GZdeE6DwaM0bFw0bQyXzvk06exxOTuXc0m
cMl85378j3dtfPUuLt8hy/lMBU17wojIq1okUL/h7oGJIi3tiOJxttuWGk52
NtfsPKckwWPKwwIUEJercjJvWaPDZmvxFwvt9lkgtoj9USemP1g12n05Hvc2
a0ej7gvpcXETJDHV3+/KISUXPKCKbdslOYAxZQBiIE2CMPgMTCQYJLEcJWQt
k7qwLAFFXr959+xf4zcXb5m3YjM9YKnIEs844au8cTXeTph32YLtaap9UAde
rS1W4K+8rk1ZQDVN06uUUZdL2LMcxAsVCoT5zImnCa2inNyobUsBoLVuAlqX
jtQsOk1qOdh5cHVzhowm9e1yL675cVq0rWh7Aoob5DuXI+G9hvHWhBPKN+lp
5EB95mGiSJjH5nUFeGXUDXImqHeP+m4E0DNbKJz3IpSHAaoXRvGnWa3a0IsO
q0yl6hB55zt+57vplGb2x2t/Yfg/udaXkthi1n4OIcVO5+NHZaPvqC4xaCiT
EX/C5AidJnUEaMMtz/L6W9glMhqn82kkZ7tvGAfdw8H6dUrgVxyw6IDX+JqU
eJJjuPI8TSssKefcJ7I0SYC6YLlVIBTOOSq9AoQ19B3y8oTa0YfyEtfKHoaU
L9f5f+6v89Wg5e+rbV++av72VefTW9Ef/i26dMv9RIl5uFfw9ynYp0+yMZ90
hz6FM/iq5dMBM3jplBl8LzL5SGYgf7Uvzb9PfglRFMygbYB6mYcfoH7ni7F7
hirNazOQRBdTm0E7DN54AT5o26cQBm2LhU9vtOi7FQafdD2whEvhUnRnlkeX
gL97gfiJy0IaQPzU/gx+eQ7MWlDe0m9kWgCVbgBxywDw90wzQek3j0gHD1Bf
AntaaAlt+FfDg5270AQigfCLMXHPEhqFOW6Aw2DQbS187W3FxG3UuAmMTgfp
7/t9LLXzAm+qKxgdhNf30WULJ+3cqyGOYsA98hLlWkUWT6xWnDZEGVjW56Wm
ycsTWH7RriKH/PHjaXQ3lFvcy/H7O29VSGG5zi6l/0Ah1SadXOS/1Rq88xmN
nbt71W/lymD7sOTAZM66Mq/5Jf2GVotqObWIkKGNSyzQ2aLjENQOdr6qeisl
9JtPizuLNVVXquAflNHYwPM/S1WYWoUAHDS7fOIZDlKxKuKVd5gAfBk9/enZ
xdvzy2dOeUfHQ6DY97mkcKVZSE6XHgCo0A21zrHG2rTk3rCG5Pg5xxudJ5kM
gp5TUFdBoADQfMP12YIAZMmlsrvrYHeDYdg/QxHOrREHUualaMFF3ZMsKE6l
ktSyGajQ5Oh6p+NGPDirhfPJQU8VCpQ+smtGkruMlXURKtOShhvandcSJdE0
NlTk6n2Vwu4abzlLwtuzWpLUdABK4z5p3oQF4Kp1BtVy7rAD9tokwj3Y10qY
GuZXkH9OTfQRo3B9MmGbJqf1a0H1ppvRZQj7xO2AKW0XIRvM+asdN5MoAEPk
QXf8oMfyY9fIXx39LGMe/fzV7pHh78h9+nnnjUfB55+jXbce1b7tGvWIOxnu
urdFin219WZRZy+jh93xw17wU/vQAh/6L//rlIjWWR/VRgQo+L/g/vHJf8EM
Tn5ROHipvuWB+vA1NWD3Ew58oeLwczT+Gifw9S/h5037QZdaUzp+bn7uKO6d
dMcnvfD+T9H4GMc+/mVzoqFywjD2Dz3yD+1aXnipqYy1PObmElzb0OFanvNy
yF/c1P12b8PPisSfathMX34OPzee3LolrdcaD3+iXTnujo/7ANM6Duiefd0d
f93KL2755oaaleUqc0XHetki+zhZiqUNOQvJ8+PADVoR2LciqgNf2ZzsZhkf
pT4ukkslnOClwuvo5Du+xhWq0Ym0eaxVZ0cP6aaHrQM8+E6f/XrzOtXK4U16
z8OhvE5DWBrFBtRDKUNTcN4Pj1ZT54uMSxBEE0otZxfmrK/OGsn9PmGxM+cu
UDUXoU+kmVOjvPqbYXJnWBb1W0U9Lvu8aDLZKHBptz5PL2QYNyVZdFmt1xwr
9WB+KOmXmhW2EWYJM8UpeEz3g+LTD4ewfgQn9Sl5wrYp2ENCFd5QedA2s17a
HUd9TsBLXeOyPZlpsAgACkBo/AhBy/G0WqqWV7s4YwBgM4z+uaRSZAATZj3U
kolu9T5aIIaYERlkF4OuC6RyuJJQHpg9wJyXWVdNnNLC/meHm6KBh2oRTMBp
RQ6umhEBRjcqgNzejECwRQVy3UAEg7hsj8LLdINvPCW9cAg12kZkLU9t7GfZ
Ism0jfHbZz0pOCO2QKYFKa2Z5JeUy7bWvFYeeqjarpXmMUwQsAld2oWeeN7Q
YKtbvYF5Rt68TgdrK10nMDBXMYFJkiHZZc4x38ffPPr8mTsU3//2ofR7RY+3
KtIChN8q19hNawSwf1bKofbAOy57ORUn/DQFIiULD+aCIYFR5mYQlA4k5KdN
FhmHPGaGSgJw94Jcai3y7EvprzRhl6pNdnJKiqZ2Qca3Y88rPz8JIehgw+hH
W3EfT+ZIrpKUllGgkq89p6/4qAVXVGraVqIpZWANMfbDRuir3e66KROHI8hw
8SLl5sAgFbwx1X6yjRrXvvS8JJe9wnmj5NRDHHfTJXrqJon116yezR3KtCyt
tfCUsvK18NWRfT3AeCkvVllRQ5fNYl3TCOuYGlTRvdByE0KAy1XRL1U3S3vK
H1vMY+oRpWblyswS7cwkFp6mu9VNxl0ZB+4JbqnV4JAs7JoAw8AGEC7QX6Iu
fWICuHdO//AhqWBzVFo+JhryeWlAnaQh1PBRG0a7kjK6JXHN+jk9SLQTp4B4
NaXltuO+yAN/t1N6tjwxFJXoMKEtAiwmdBZGeSKizJdsl3WcCAtjzsd9sctd
6gvlvyaWhhr8FSdB/5V2Do1ab04efeCpl3eQ30t5mEKtSVkj2IDUeNXPuWVK
v3mLLEYYNZGzCmYZj5a+VUg7FODpN9epDsDm2Lz+Y1r5CShU1CSOgOuqY2TJ
PkM5KL8NVbXHXlXrN3WfIPFABHZXOrOyHrazXWxP06RaKFc07UjSvUjokjZ1
EMn5GR/qFTnQ9omw5yHhD4euv0L7RfwjYA097u32kOhbxE/i7P+9j0TeRt/q
1TiKxg/QFH3wS+hZ8T9uexCee7zxHD35ePeTP/vb6+6Un4Nbts12myG4dXlq
WjoHyw7/irwi9LLs97HoSoKxW61vhfND5rAb3pa2hxTGzWd2unR+rruzWr0u
W3wuAoADPC+bfpcfreD1fu9L21IP88DscUjt8sJsfdQNv90Ts/21LW6cA5w/
m9Nu88js9cfwX3O7vtp6xXMMPOyrwYvaPDN7/TLb3rNjBqyVtChrmhLqk59J
+1alBa1MVFhqHVdd4IEto8CfY30PWBGYoDd1gjQbUi8SDPZ9J1WjWjRSHya8
c9j0LIF+pj6l0SHZSRRbc02zS9dGhGsTqOd1LQm50awsLMjf2t6u64157OCg
DWS5LijQBgWg3Ijmhg6d+if31HHmFcnDUN/kumONVGF1UZJSXwfu1Rgl2WH6
cFMcb0ladd2T4DI3Xq6oTkS6JbDV2zhVrSXKW+u9GJjFLWktFMLkxiPpZt5S
0JTcaUwbJ9DtSdhJMBeVfBMuR1rjjzVth888ae8jXe92pslW2DYkX3Mf1UQr
MPe7HL1b8UGr29E5EnUQR6EeScd8eXzSzAoiZV4ibexQybMtXjPnnwKV241H
M/a5eKqgPXDOJyl6uhHTamI0Oud6jPj+E92gS4MaNK4mrIahMHHuSk7vcrqv
QV13atgEeZ1fc2vBMBH0AFygwno2WPAqa9z3Qu8sZYE5/b+JcbryrvjdHvSU
k1DANtJew3QTOU6ob304lEu/xnvu8b7gQZZ56YmfjN7wiDB9WEuvW3yGxKvI
dNt0CIyPydbcqPjenQ6p/Zkzajvcl7INYjhTGMdKozjlIS2LpAxGBscD6YYg
7XYWRSzptDPp48g1FEHLakl29B6rwNmhzIA6Qvm/Tmekbb2CvFbMm07h/6Xm
2rnKFB0D7Hx2RXMFUsM+Ejdke8q46/nt34dbeQigfa4EMAShWymPxpawYKNj
tchWS+shu0w5YeGPvI+QNc1z2sWgymirg70BHz1ip3HmBDVOoublaGAazHlA
xtVrnnohSE2SNqzetZWlKk/p5nXICqk8mOgDq6CKcKFaA0neFkk108rcxnow
cYTOm0LmjicjSG6LSxNQHzovfBZ2wd+s0QohdyvLdq8iue/vVpkAjXd+ibkr
f3ut3u2P7EsW2PLQLd7VsHr3PHZri1f+bm/46gtvY/+y8cShn+NfDjCD/ZPH
LU/utIabAzTSFvbmObT93dY2lr8vM5E5ibMAY+pe78st5c0p/BGDuWWyB9rN
8veHzGcd48+xovXyHzCm5e9WFu2OcbYnPRxoWn/JfAC9XPubeqt8VTG/1qIW
vl74zLWETAmUyB3R9etHy9KPGj/wQfMNw3hDvfFmcqjb7RWotbPlyHo+36I9
tXag8m8nsY6xSaODi+6LCnlYBEwA6bdB5DYA6YsCv1mrufMEA9STv5ZhH7iS
VMNOe3rV4K+sK/G/Gp0oCmy3slWx9AEk8fqv4AZqjEjdg9HPscSTQMIm5UOe
A4UjXJzPhW2cgaEhHs1n5B+pCr79kY3g0BBN90TLSPvtYSJ9+MuSPHRyZD1s
ZnqATrQzWePJjlQPn7BBxuUB6RO0v96GDqIkTbi0pMg0gxnimGizE3VgGJJq
SMU+WnGHW5d3zc6oIRHWZmpTK6EdkHnOcR4Ne2ojga0h1zBCWrz3TXM4aO0j
NlvX6DXr4MibeqKs9CsEOgCqwn4CdVOBQartRer7D9AJyn/HZkvpL1a2f6Zz
BMjLY7kJFdW7N5LvteuFkLcyBzw0vNAfg3tGl3KWEnrWjD9Nd3R5zzZYJBXD
B4cgBR1jmin22LA6PPka3kKV5i0GPB2ugtzIN8fIA/dreHCH6/qHDkVEKspM
C5oWcmI0Ff9TZ6/8yh/zvG242oHjw85l3ucgZ5JNE+6Dqo4e3+sTe+Jpu7M2
jNs4gwJbkJgGcRvpIAsr3oxhEm6EfZjJZsSmM6tVPoudLb3R6WUIcJkZQ82A
21o+ocd2sSzFU4E5d3GqRz43pjhE1rVt5dvqP1oOZ95Yeamp/c0a/I8fw0r3
z+J4U0j6JpyKItrrmq3+xuRdUoiUYvh+F5SfVGRY1oidMTbg1G9pj0iF5nWD
WXNXNo1lD6+W9bP0yq2mH270kNNef0Ebuq6DDN5P5zufS4ECon9/NzT5mYOh
2YSkUxVrnErn3cqt8IXRJrtq6Zd3KMu6BZ+K6IxtehPxTSndbZyAfUAhFL0x
2IWgMLdtKW0V/74Pxq73IHKFgkk6XjcVPOGy7t3YsJi1D2p0BTyLAjP+pI3N
uIdzqu3puPAmCzQakFqzGjpO80LyvrQf2I43UcIkIt0qsagrZzrDzQVqLz9R
eumQsqx9O/v+aWmhqJVXwOe1LivwW2rQounCxRNobH0I0bJNQosPhP5NGEFM
qENY7WrQR6HFWSw1R6IdzZy/MilCCaQ9qpw64ouUWEziwrq1Nk49CbIpAurx
LtqjWnsSOYCNLr/TJuCUkeoHrjUvqx++LcKyrjp0NT7BTa6H+8u0yY7c+mWg
dcFtBdqNCm34f4CS28pAD3lfvRa7ZmLXvvh6zqi18HUwCJ4LqqiD6s/d8wyK
pzdj7xuVurqdu2umW+ZJmCffui/evGEnQaM6d6Mud+wobGd18Jfvw5cXzBK/
HN6iXLbpU9hgMLcsmW1Kii+REOiB8Kyu3ca2IU8LokRNHigJD3oYC2kFv5sv
lHt/Uh2fc1Ee3+v5bJ7b1fEd6LA/zEd/qFv+UE/8Xuf7Lfztt3Gx7/Oq38qR
/iW+8y91lx/uIf8yp/hB9XpfUq33RbV6bZV6X+bg/sM+7Z894B3K8gd+Tj43
n/sjrus/4q6+nYv6eJ+L+vhAF/WDNo+sT3Hf4aLeYOK3c1E3tVHvnG6RDv19
S7nNSlCFXZi2wgtXoNWSQdJQ4fH3MCO+PsKJJtUPXeHS/4J6xsD16xzPx3/Y
9fujZWnads6I1AisuDrUnWyztbW8S2Xo+gz0B73m4TTdJKMKNzkzaKuFR8cv
+QZP5N4PD0/7DLMfrdcpnS1UV2xuNT1ql4BlRpRXQ+kSBK6WKYWdxOVERDoP
QL39YTWA4Ca18URT0vhThvruXLZ4Fq/J0dU4xkqdO8FxbM2cjW5dtYT19MAY
dR4lzqOpg8X70CmhSI+YWyXlQXWPXUsFEWMiiEaTbgAC9yJckubLL8ldw3aG
zmY+4S6v9gN0KbVwkx56ednbTdlnYrX4dpXUkjBUDe82OqdekpsFj1uXoktV
a/HzO1utal3UGu2MrTzsO6p5jxbhKNn+1F3OpT3Zhk7NEbeDckXJAs6okTfi
srUVRV1ct3c8YBW7ZNtNa4O81fNWv0djK0q5tckqqYvLnqaXmr4Ju1wkHoNd
R7smYKX9LJ6Yha6BoOV+cHZdvXOb4JoyAQHwto5rW2y7lp/DRl9jnqRlUU/2
O1mwHOzBz4xS8HGz11pdUfAf2eynz8HH+p3h092zc6ouPu+R3Xt2riphd6wf
+Uf9NzRlv2zdrlVZFP3Hs8uj129kavBFp/n6zV/+4mcsF3jm2q/tU3cVZ5gr
R1N7OR73oxegnjWbHPgr9XWrD7uuJDafDv/Cp2cJEBmynd7hT/83QA3+0+UG
bzSPGgDdFZq56+4WQA1v78odXec30YHkyoFQC50nt4Wac6H0/nyohfsRgOeQ
P5r5izdv+JHuKLvZ8jRuRfvT8tE56zYXuPXd+9a96++rDhD19y1dkztj/H0z
SNHBZX7PzrnQ26b+sy/uBLejERzwUqDxt9p+ls4QhwG6dEwOlkCo6tILqool
nn12btEaQld62JoqCAJsBGy+I2cGqwrNhHVSpzQfdWlS7NWJ9QL4RKPxAOpW
gaDn3WoxdFT6hB6zLxbGpDtv6d2AEzpA3Nbuv6XMRTvrtbkmL31uQSd0IR85
YC5OVnIGbep1eI226ItjDDNGXXS0YW/lKpt5j3pRUMpFhHrFDMtmf5eYoVZl
dN0D58/ePo8unp9ZPAK78xffPZHAcuqPRN7Wn9s379rXaD76o92yOWDpO71w
s9ntDeqC3tEtPbZ5tLOnr4/CAqHesAYF3u3T6J+sVK9Ma2lvHccOaKhPKtQy
Xq+ZBjGygj3fay3fo64/9iJMcyDsUsLE7sxSccVUL508xALUrHIyluvpInzc
B57+uu0MSFLqCsqUiKfLBKyA6HdTNHvRUSSbrLWd5zu4wLgdRl2sgDv9X9m8
uclTtra+5xYv3LSCmTBPSGsw/pzW18MeYuOLbaxk75HXf85pz0lJxzxzKw06
xql21nVGvUb4YEqxhXce8tw4HJptkK3skg0mX8K0lpM76fjRXbxpiNYFDh2c
glA7gqGdo1G5ZKXpCknhaxbprPA44+MBsfAQs5SwqSFnu3DcSM8zIgxeAUu6
UmeNHLOpjOe/hM5+4eonPt+BPSFJtq44dl4YZJJ0gg0DkHZvaYS/OxqW/IWE
TsqtwC7bcmYv6h3ECsdDZmk0Zz7v3VEuYMoSF8H5P3hgMiVZEo4550g/WgNU
hPDpFA3YM5Fjg+B8s51Hm2PmoVa9+W6h1CrHpPm6YbZnIDMpMcLDGHup+q3D
tETAGgy208TcTqOQpNNXLrhlDJ9Zh7NFOXzeVBde+SE/3i3Mb3RCS3DMB7rQ
fMeM2njIyXGeu1QQ9p5KRSwrAewunRTJbGHEkNYzPDSS1tbZk/wiI9pxPLfG
nUSFJVz75sGpciJHtC0Si7IQh3DLWhwTHPtreoOuwtYXISUCq6fXWWPe75cn
UVd4KDXAalMj9Pje1hgnYho5GEA4ulLlRGYQ9n9qSEQYIjgUW6YgE9UDxgrz
qyBBUEoral9vOwCIDwXI4sqgxLfop6J+57W23wrOvhKZz75HvKHHGHCBLk+8
udXWOAQX/MnGmqol4sKdSUolmA0X5xbWsEnp2vf4cN6gwOIULK5ndqlbrlQM
VKEJCwNkoCSZGkwKIaUZdC034EplcFMfmiH7jGrDR6h9YEjgCdw651NXzlGd
oaOe0qOxFDg/dXWXhxMgiWYu1V1j1h9xulDd0Vnp0Q47AM8Ho8n1NjgTIbq9
5rUYWmKsS5zcCJ5RCzR39if8Vgricx27U4SaASY9kq+98JugOnYveG3wFHf0
xV4a4DlIhT9UcQHaiDGU2Ne+TJagbQ18tLbXEeHF+B/nkTRhyydIvHgOLfNe
TVyYGbzBJb8yN60zbYzdYMgreBUfauVAg2eWVUSyFPmhbHtkGjqrGegxZqXR
qi5OEnUIq+v2bSvp0HN4dAZ0xx6eUpJIsZK4RwcQ75czoZaHxyvhxmzDi76f
Rmgq4wIJkGEQYxVj1290FyeZ44XIxErhPQHStiMhUxZyzAQHPMszYFXkx7oN
r1LObNxAUz9QSDhSVDpH9o1gc201lJuRLr+Pp+3iXtprlQ0vrcDvaGMy6lH1
oezXJujzB0ndL0n/+r0JQJ68VT/N6HJQ5gOyEly2T70LOKUnYXmutaKTcfN1
AWsdkjofNw3JuHSc0oMvEW8QimlW24GKQO9cJb97lN+vIQiFSHAPaZ/MbV8/
U7fd7Gk0CmauDhNFgffGrBvekUUFD6egMtsNQ5DtjAQb3cMQfmmoZFYSduqu
QZmgOnm8Lt0SpEE97FHKtUY9T/sMfG31cq0p51S/UFnvEqu9pM6+eIv7zKnw
wR7ZIARxK30fWBnJ8mzABwXQkRRwUctv8BXY8TDlTOWgZJtbbWiIifwDlH75
5CJsLxEgEWIXnlh5HR5FjoYcaFbAz81MMuvR8yOEh+acA4lGSueB8cczDdGf
DsnDnE7q0TDPpXpt9+4k1gMce7tR7xYefEOpYnKBVXLLSzp2FN/qoBxOB4w4
Yg+7Nr3fYCheZZrdZPFKD/0CpAfFZfoeM/eFitgEJ4efHveKNqZUjniLkHYS
ZcKPclQyLMNPV85PpnPU2ONqkzwI1AX9KQn0ZpVTb0rniHCIEvQT4ReLucst
iBBesyK+RhNc3i+MEo+B1GD98saSsg1b0v33D/ACGBFgWX5/R8zaO2otPSc2
+f0dlG+x+/X7Ow+Gj4Ynd47+2gsgGZR0BMjJ4rlpvyGXfAtTRuJZ5jni2Q7x
YfO0Ihya5dOKHpe3YsfVYp2zAlgfLmQm4uNBqR46KercShc3BEWRkwyU1ASp
2DvDLgc+/xnQJBdCV10bT4IMMIoJIGTGfcl3R9UxcAaIjk5TvM7Cc4lNUdRO
BdmThwA4BnNouCyDmyQbv9es72uCjwvY4ixHlYFgSF2heckhFOfGzCiKnOb5
2mo162Z1jMQm0AVyhZk/mOHOKj5gIjpXHMPh3+hE9ES8ncBs0NkpPruYNFvU
2QBWcsafxDi4x2SBx6Fs4BxS1lm454iF4yK50garnY7/RgfwNrJfSCnD0Pco
WgOwQJHAojU6vLtAxR+TFfRoY1ye9sKJ3dJ+R28ifExZ8q6Dl+tJH/63KKtW
E0rVLShbKAp6yLozbQ0dcqJ9tdiXEVQc+KOW3YQRd9fs4fJsZXT5bjx6+0LS
VjT0EIHSOEN0MtQAJ8BC4lBmIJMdxHj4zBkyxc+fI2Vg7jJc+ztox4AKmjcw
qkMkLxzCeOCQUA4hRH53PoaFLJ7terQyDKvOqKAaSAChFRBDDBfwub8e7f3z
6KbAJZvsKinyjOHrexe7Ir+AIFb5jJyy0hpZIWZWKI5J03v548WrqHuJBw7j
qeKYSI3S3xVlvKZ9B9wV4+xVnMULxmHXlhx5ux6y/vD4ETn/zwdPh4kp5wNA
caB2C9uyjgc2rYoVBwRIy6A0q0ViWaXGLm6AviULCzGyVLZcvBlZSXUbj2zP
s73Aa64bR9zUaiZLHbP/GGfHIMMKLs6EUVPUbi/kZcODzkTkDs/UaCUP891N
/+HlFIbEOjX89/MhRo3VSRMcwhiA21Ewmst8mqdR9xzPjNWAhHOAIX7UDxfm
UN8sH0Y/cD84ig8FZ7aj4+l8PAANKF7bim0eH49Dxfw1+4DPx0ED3lOpVNZR
SPenPKo0n2BFfqjXirAL2vciLrhIOrVx7J49A7xIylqXX0CAn8avXaMvjMk1
ZvqWOhQjOEDs9qMfLp71o8uLq0f9yJTTYe/UNYb2m1c2qnfDUiNvd6EahJXF
NxjSHzfcGziTJ7ji8/EV53DCh0fe+THkmANtvQ9aCLAYpqDFY49rzpVrQvPV
+OUlvHti0kEr6DhQlNEYG3cMuRgyQCu+A70VAWITdfn2f85gAQmZcTtHAAEl
9pZuKdrHTKls6CPDcQGmOOoeyN8lOEmo6g4qJy0l4TqydluUaU29rM7vlLGF
eNe7h87qGtfHu3pFjlH3yu21HLal/r2ZB8Y2I3+Pm5I8L7bpB6KTzhJLMn5y
w0eNvDeFFItzX0klyvrMkky9TU1VqqWVpPiskCujLPItFPictmaGtIYXODmw
9gCbhA3wc+zVGhfYosAfBaIaHljvlpDAFZ9uEVT64hDO9POOJWkISanEeQH6
QSleNd8rko8la2AFewv42Ba0w1jRde5dWF/iswXYiFkmv8Im2L58TU383mpj
CtZSVvCCdZX6w9Gj89Hr0SZ64a8a/3ESJuglrh3Tb/h5tH6nwaB4bjOdQQP6
a6fzGsgBePEiwuSZF1V8bRL6+MQkv2K0Fj6egVCMI/r1GciJ9BRBv8ji7G9L
un8IgqzTGQwGlHeJrxhN32f5dYq911m3+Hi3+dNnTKNhVdDMvr9Dqj1mobyi
xAOA9XtyAf09RsvrVQx70o+exEVxE/1QGNj5fvQcLMDohxh46CiDzcJ2k5Ql
b8p+9B8VDAP/j/4T7cR+dL7ApJ4KqG1pruCB9CoucmwnCzpIP/p7Dkz7RZwC
KsIGXmAoNcdIF9yY/Fpl0T9pjFcJoADceIH/FjOLm/0yAegY+PADKhtPc4lw
v4L/fqBM6aTC4ZdZ9ObekyIxNHxKZ3/kk0mCmtQ4rtLop+RDgscErJIiemGK
3wEqMMzfgekU5gamFguq/KsyN7CqS6xaFTxMUC/F05htn5vQZKXcbKvFAm0S
3PioM6IupnIcnmsLj6E/THUC407LDCnUGmYlZayIs0m3Qp/xTG0I6tPY+f9y
zhwsKdEAAA==

-->

</rfc>
