draft-ietf-dots-signal-call-home-07.txt   draft-ietf-dots-signal-call-home-08.txt 
DOTS T. Reddy DOTS T. Reddy
Internet-Draft McAfee Internet-Draft McAfee
Intended status: Standards Track M. Boucadair Intended status: Standards Track M. Boucadair
Expires: May 21, 2020 Orange Expires: September 3, 2020 Orange
J. Shallow J. Shallow
November 18, 2019 March 2, 2020
Distributed Denial-of-Service Open Threat Signaling (DOTS) Signal Distributed Denial-of-Service Open Threat Signaling (DOTS) Signal
Channel Call Home Channel Call Home
draft-ietf-dots-signal-call-home-07 draft-ietf-dots-signal-call-home-08
Abstract Abstract
This document specifies the DOTS signal channel Call Home, which This document specifies the DOTS signal channel Call Home, which
enables a DOTS server to initiate a secure connection to a DOTS enables a DOTS server to initiate a secure connection to a DOTS
client, and to receive the attack traffic information from the DOTS client, and to receive the attack traffic information from the DOTS
client. The DOTS server in turn uses the attack traffic information client. The DOTS server in turn uses the attack traffic information
to identify the compromised devices launching the outgoing DDoS to identify the compromised devices launching the outgoing DDoS
attack and takes appropriate mitigation action(s). attack and takes appropriate mitigation action(s).
skipping to change at page 2, line 22 skipping to change at page 2, line 22
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on May 21, 2020. This Internet-Draft will expire on September 3, 2020.
Copyright Notice Copyright Notice
Copyright (c) 2019 IETF Trust and the persons identified as the Copyright (c) 2020 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of (https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
skipping to change at page 3, line 7 skipping to change at page 3, line 7
2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 11 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 11
3. DOTS Signal Channel Call Home . . . . . . . . . . . . . . . . 12 3. DOTS Signal Channel Call Home . . . . . . . . . . . . . . . . 12
3.1. Procedure . . . . . . . . . . . . . . . . . . . . . . . . 12 3.1. Procedure . . . . . . . . . . . . . . . . . . . . . . . . 12
3.2. DOTS Signal Channel Variations . . . . . . . . . . . . . 13 3.2. DOTS Signal Channel Variations . . . . . . . . . . . . . 13
3.2.1. Heartbeat Mechanism . . . . . . . . . . . . . . . . . 13 3.2.1. Heartbeat Mechanism . . . . . . . . . . . . . . . . . 13
3.2.2. Redirected Signaling . . . . . . . . . . . . . . . . 14 3.2.2. Redirected Signaling . . . . . . . . . . . . . . . . 14
3.3. DOTS Signal Channel Extension . . . . . . . . . . . . . . 15 3.3. DOTS Signal Channel Extension . . . . . . . . . . . . . . 15
3.3.1. Mitigation Request . . . . . . . . . . . . . . . . . 15 3.3.1. Mitigation Request . . . . . . . . . . . . . . . . . 15
3.3.2. Address Sharing Considerations . . . . . . . . . . . 18 3.3.2. Address Sharing Considerations . . . . . . . . . . . 18
3.3.3. DOTS Signal Call Home YANG Module . . . . . . . . . . 21 3.3.3. DOTS Signal Call Home YANG Module . . . . . . . . . . 21
4. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 26 4. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 27
4.1. DOTS Signal Channel Call Home UDP and TCP Port Number . . 26 4.1. DOTS Signal Channel Call Home UDP and TCP Port Number . . 27
4.2. DOTS Signal Channel CBOR Mappings Registry . . . . . . . 26 4.2. DOTS Signal Channel CBOR Mappings Registry . . . . . . . 27
4.3. New DOTS Conflict Cause . . . . . . . . . . . . . . . . . 27 4.3. New DOTS Conflict Cause . . . . . . . . . . . . . . . . . 28
4.4. DOTS Signal Call Home YANG Module . . . . . . . . . . . . 28 4.4. DOTS Signal Call Home YANG Module . . . . . . . . . . . . 29
5. Security Considerations . . . . . . . . . . . . . . . . . . . 28 5. Security Considerations . . . . . . . . . . . . . . . . . . . 29
6. Privacy Considerations . . . . . . . . . . . . . . . . . . . 29 6. Privacy Considerations . . . . . . . . . . . . . . . . . . . 30
7. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 30 7. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 31
8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 30 8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 31
9. References . . . . . . . . . . . . . . . . . . . . . . . . . 30 9. References . . . . . . . . . . . . . . . . . . . . . . . . . 31
9.1. Normative References . . . . . . . . . . . . . . . . . . 30 9.1. Normative References . . . . . . . . . . . . . . . . . . 31
9.2. Informative References . . . . . . . . . . . . . . . . . 31 9.2. Informative References . . . . . . . . . . . . . . . . . 32
Appendix A. Disambiguate Base DOTS Signal vs. DOTS Call Home . . 34 Appendix A. Disambiguate Base DOTS Signal vs. DOTS Call Home . . 35
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 35 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 36
1. Introduction 1. Introduction
1.1. The Problem 1.1. The Problem
The DOTS signal channel protocol [I-D.ietf-dots-signal-channel] is The DOTS signal channel protocol [I-D.ietf-dots-signal-channel] is
used to carry information about a network resource or a network (or a used to carry information about a network resource or a network (or a
part thereof) that is under a Distributed Denial of Service (DDoS) part thereof) that is under a Distributed Denial of Service (DDoS)
attack [RFC4732]. Such information is sent by a DOTS client to one attack [RFC4732]. Such information is sent by a DOTS client to one
or multiple DOTS servers so that appropriate mitigation actions are or multiple DOTS servers so that appropriate mitigation actions are
skipping to change at page 22, line 26 skipping to change at page 23, line 5
augment /ietf-signal:dots-signal/ietf-signal:message-type augment /ietf-signal:dots-signal/ietf-signal:message-type
/ietf-signal:redirected-signal: /ietf-signal:redirected-signal:
+--rw alt-ch-client string {call-home}? +--rw alt-ch-client string {call-home}?
+--rw alt-ch-client-record* inet:ip-address {call-home}? +--rw alt-ch-client-record* inet:ip-address {call-home}?
+--rw ttl uint32 {call-home}? +--rw ttl uint32 {call-home}?
3.3.3.2. YANG/JSON Mapping Parameters to CBOR 3.3.3.2. YANG/JSON Mapping Parameters to CBOR
The YANG/JSON mapping parameters to CBOR are listed in Table 1. The YANG/JSON mapping parameters to CBOR are listed in Table 1.
+-------------------+------------+--------+---------------+--------+ +--------------------+------------+------+---------------+--------+
| Parameter Name | YANG | CBOR | CBOR Major | JSON | | Parameter Name | YANG | CBOR | CBOR Major | JSON |
| | Type | Key | Type & | Type | | | Type | Key | Type & | Type |
| | | | Information | | | | | | Information | |
+-------------------+------------+--------+---------------+--------+ +--------------------+------------+------+---------------+--------+
| source-prefix | leaf-list | 0x8000 | 4 array | Array | |ietf-dots-call-home:| leaf-list | | | |
| | inet: | (TBD1) | | | | source-prefix | inet: | TBA1 | 4 array | Array |
| | ip-prefix | | 3 text string | String | | | ip-prefix | | 3 text string | String |
| source-port-range | list | 0x8001 | 4 array | Array | |ietf-dots-call-home:| | | | |
| | | (TBD2) | | | | source-port-range | list | TBA2 | 4 array | Array |
| source-icmp-type- | list | 0x8002 | 4 array | Array | |ietf-dots-call-home:| | | | |
| range | | (TBD3) | | | | source-icmp-type- | list | TBA3 | 4 array | Array |
| lower-type | uint8 | 0x8003 | 0 unsigned | Number | | range | | | | |
| | | (TBD4) | | | |ietf-dots-call-home:| | | | |
| upper-type | uint8 | 0x8004 | 0 unsigned | Number | | lower-type | uint8 | TBA4 | 0 unsigned | Number |
| | | (TBD5) | | | |ietf-dots-call-home:| | | | |
| alt-ch-client | string | 0x8005 | 3 text string | String | | upper-type | uint8 | TBA5 | 0 unsigned | Number |
| | | (TBD6) | | | |ietf-dots-call-home:| | | | |
| alt-ch-client- | leaf-list | 0x8006 | 4 array | Array | | alt-ch-client | string | TBA6 | 3 text string | String |
| record | inet: | (TBD7) | | | |ietf-dots-call-home:| leaf-list | TBA7 | 4 array | Array |
| | ip-address| | 3 text string | String | | alt-ch-client- | inet: | | | |
| ttl | uint32 | 0x8007 | 0 unsigned | Number | | record | ip-address| | 3 text string | String |
| | | (TBD8) | | | |ietf-dots-call-home:| | | | |
+-------------------+------------+--------+---------------+--------+ | ttl | uint32 | TBA8 | 0 unsigned | Number |
+--------------------+------------+------+---------------+--------+
Table 1: YANG/JSON Mapping Parameters to CBOR Table 1: YANG/JSON Mapping Parameters to CBOR
3.3.3.3. YANG Module 3.3.3.3. YANG Module
This module uses the common YANG types defined in [RFC6991]. This module uses the common YANG types defined in [RFC6991].
<CODE BEGINS> file "ietf-dots-call-home@2019-09-06.yang" <CODE BEGINS> file "ietf-dots-call-home@2019-09-06.yang"
module ietf-dots-call-home { module ietf-dots-call-home {
skipping to change at page 23, line 48 skipping to change at page 24, line 27
<mailto:mohamed.boucadair@orange.com>; <mailto:mohamed.boucadair@orange.com>;
Author: Jon Shallow Author: Jon Shallow
<mailto:ietf-supjps@jpshallow.com>"; <mailto:ietf-supjps@jpshallow.com>";
description description
"This module contains YANG definitions for the signaling "This module contains YANG definitions for the signaling
messages exchanged between a DOTS client and a DOTS server messages exchanged between a DOTS client and a DOTS server
for the Call Home deployment scenario. for the Call Home deployment scenario.
Copyright (c) 2019 IETF Trust and the persons identified as Copyright (c) 2020 IETF Trust and the persons identified as
authors of the code. All rights reserved. authors of the code. All rights reserved.
Redistribution and use in source and binary forms, with or Redistribution and use in source and binary forms, with or
without modification, is permitted pursuant to, and subject without modification, is permitted pursuant to, and subject
to the license terms contained in, the Simplified BSD License to the license terms contained in, the Simplified BSD License
set forth in Section 4.c of the IETF Trust's Legal Provisions set forth in Section 4.c of the IETF Trust's Legal Provisions
Relating to IETF Documents Relating to IETF Documents
(http://trustee.ietf.org/license-info). (http://trustee.ietf.org/license-info).
This version of this YANG module is part of RFC XXXX; see This version of this YANG module is part of RFC XXXX; see
skipping to change at page 26, line 44 skipping to change at page 27, line 29
Assignee: IESG <iesg@ietf.org> Assignee: IESG <iesg@ietf.org>
Contact: IETF Chair <chair@ietf.org> Contact: IETF Chair <chair@ietf.org>
Reference: RFC XXXX Reference: RFC XXXX
The assignment of port number 4647 is strongly suggested (DOTS signal The assignment of port number 4647 is strongly suggested (DOTS signal
channel uses port number 4646). channel uses port number 4646).
4.2. DOTS Signal Channel CBOR Mappings Registry 4.2. DOTS Signal Channel CBOR Mappings Registry
This specification registers the following comprehension-optional This specification registers the following comprehension-optional
parameters in the IANA "DOTS Signal Channel CBOR Key Values" registry parameters (Table 2) in the IANA "DOTS Signal Channel CBOR Key
established by [I-D.ietf-dots-signal-channel] (Table 2). Values" registry established by [I-D.ietf-dots-signal-channel] and
maintained at https://www.iana.org/assignments/dots/dots.xhtml#dots-
signal-channel-cbor-key-values.
o Note to the RFC Editor: Please delete (TBD1)-(TBD8) once CBOR keys o Note to the RFC Editor: Please delete TBA1-TBA8 once CBOR keys are
are assigned from the 0x8000 - 0xBFFF range. assigned from the 32768-49151 range.
+-------------------+--------+-------+------------+---------------+ +--------------------+-------+-------+------------+---------------+
| Parameter Name | CBOR | CBOR | Change | Specification | | Parameter Name | CBOR | CBOR | Change | Specification |
| | Key | Major | Controller | Document(s) | | | Key | Major | Controller | Document(s) |
| | Value | Type | | | | | Value | Type | | |
+-------------------+--------+-------+------------+---------------+ +--------------------+-------+-------+------------+---------------+
| source-prefix | 0x8000 | 4 | IESG | [RFCXXXX] | |ietf-dots-call-home:| | | | |
| | (TBD1) | | | | | source-prefix | TBA1 | 4 | IESG | [RFCXXXX] |
| source-port-range | 0x8001 | 4 | IESG | [RFCXXXX] | |ietf-dots-call-home:| | | | |
| | (TBD2) | | | | | source-port-range | TBA2 | 4 | IESG | [RFCXXXX] |
| source-icmp-type- | 0x8002 | 4 | IESG | [RFCXXXX] | |ietf-dots-call-home:| | | | |
| range | (TBD3) | | | | | source-icmp-type- | TBA3 | 4 | IESG | [RFCXXXX] |
| lower-type | 0x8003 | 0 | IESG | [RFCXXXX] | | range | | | | |
| | (TBD4) | | | | |ietf-dots-call-home:| | | | |
| upper-type | 0x8004 | 0 | IESG | [RFCXXXX] | | lower-type | TBA4 | 0 | IESG | [RFCXXXX] |
| | (TBD5) | | | | |ietf-dots-call-home:| | | | |
| alt-ch-client | 0x8005 | 3 | IESG | [RFCXXXX] | | upper-type | TBA5 | 0 | IESG | [RFCXXXX] |
| | (TBD6) | | | | |ietf-dots-call-home:| | | | |
| alt-ch-client- | 0x8006 | 4 | IESG | [RFCXXXX] | | alt-ch-client | TBA6 | 3 | IESG | [RFCXXXX] |
| record | (TBD7) | | | | |ietf-dots-call-home:| | | | |
| ttl | 0x8007 | 0 | IESG | [RFCXXXX] | |alt-ch-client-record| TBA7 | 4 | IESG | [RFCXXXX] |
| | (TBD8) | | | | |ietf-dots-call-home:| | | | |
+-------------------+--------+-------+------------+---------------+ | ttl | TBA8 | 0 | IESG | [RFCXXXX] |
+--------------------+-------+-------+------------+---------------+
Table 2: Assigned DOTS Signal Channel CBOR Key Values Table 2: Assigned DOTS Signal Channel CBOR Key Values
4.3. New DOTS Conflict Cause 4.3. New DOTS Conflict Cause
This document requests IANA to assign a new code from the "DOTS This document requests IANA to assign a new code from the "DOTS
Signal Channel Conflict Cause Codes" registry: Signal Channel Conflict Cause Codes" registry established by
[I-D.ietf-dots-signal-channel] and maintained at
https://www.iana.org/assignments/dots/dots.xhtml#dots-signal-channel-
conflict-cause-codes.
+-----+-----------------------------------+-------------+-----------+ +-------+----------------------------------+------------+-----------+
| Cod | Label | Description | Reference | | Code | Label | Descriptio | Reference |
| e | | | | | | | n | |
+-----+-----------------------------------+-------------+-----------+ +-------+----------------------------------+------------+-----------+
| 4 | request-rejected-legitimate- | Mitigation | [RFCXXXX] | | 4 (TB | request-rejected-legitimate- | Mitigation | [RFCXXXX] |
| | traffic | request | | | A9) | traffic | request | |
| | | rejected. | | | | | rejected. | |
| | | This code | | | | | This code | |
| | | is returned | | | | | is | |
| | | by the DOTS | | | | | returned | |
| | | server to | | | | | by the | |
| | | indicate | | | | | DOTS | |
| | | the attack | | | | | server to | |
| | | traffic has | | | | | indicate | |
| | | been | | | | | the attack | |
| | | classified | | | | | traffic | |
| | | as | | | | | has been | |
| | | legitimate | | | | | classified | |
| | | traffic. | | | | | as | |
+-----+-----------------------------------+-------------+-----------+ | | | legitimate | |
| | | traffic. | |
+-------+----------------------------------+------------+-----------+
4.4. DOTS Signal Call Home YANG Module 4.4. DOTS Signal Call Home YANG Module
This document requests IANA to register the following URI in the "ns" This document requests IANA to register the following URI in the "ns"
subregistry within the "IETF XML Registry" [RFC3688]: subregistry within the "IETF XML Registry" [RFC3688]:
URI: urn:ietf:params:xml:ns:yang:ietf-dots-call-home URI: urn:ietf:params:xml:ns:yang:ietf-dots-call-home
Registrant Contact: The IESG. Registrant Contact: The IESG.
XML: N/A; the requested URI is an XML namespace. XML: N/A; the requested URI is an XML namespace.
skipping to change at page 30, line 46 skipping to change at page 32, line 6
8. Acknowledgements 8. Acknowledgements
Thanks to Wei Pei, Xia Liang, Roman Danyliw, Dan Wing, Toema Thanks to Wei Pei, Xia Liang, Roman Danyliw, Dan Wing, Toema
Gavrichenkov, Daniel Migault, and Valery Smyslov for the comments. Gavrichenkov, Daniel Migault, and Valery Smyslov for the comments.
9. References 9. References
9.1. Normative References 9.1. Normative References
[I-D.ietf-dots-signal-channel] [I-D.ietf-dots-signal-channel]
K, R., Boucadair, M., Patil, P., Mortensen, A., and N. Reddy.K, T., Boucadair, M., Patil, P., Mortensen, A., and
Teague, "Distributed Denial-of-Service Open Threat N. Teague, "Distributed Denial-of-Service Open Threat
Signaling (DOTS) Signal Channel Specification", draft- Signaling (DOTS) Signal Channel Specification", draft-
ietf-dots-signal-channel-38 (work in progress), October ietf-dots-signal-channel-41 (work in progress), January
2019. 2020.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997, DOI 10.17487/RFC2119, March 1997,
<https://www.rfc-editor.org/info/rfc2119>. <https://www.rfc-editor.org/info/rfc2119>.
[RFC3688] Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688, [RFC3688] Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688,
DOI 10.17487/RFC3688, January 2004, DOI 10.17487/RFC3688, January 2004,
<https://www.rfc-editor.org/info/rfc3688>. <https://www.rfc-editor.org/info/rfc3688>.
skipping to change at page 31, line 37 skipping to change at page 32, line 44
2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
May 2017, <https://www.rfc-editor.org/info/rfc8174>. May 2017, <https://www.rfc-editor.org/info/rfc8174>.
[RFC8446] Rescorla, E., "The Transport Layer Security (TLS) Protocol [RFC8446] Rescorla, E., "The Transport Layer Security (TLS) Protocol
Version 1.3", RFC 8446, DOI 10.17487/RFC8446, August 2018, Version 1.3", RFC 8446, DOI 10.17487/RFC8446, August 2018,
<https://www.rfc-editor.org/info/rfc8446>. <https://www.rfc-editor.org/info/rfc8446>.
9.2. Informative References 9.2. Informative References
[I-D.ietf-dots-multihoming] [I-D.ietf-dots-multihoming]
Boucadair, M., K, R., and W. Pan, "Multi-homing Deployment Boucadair, M., Reddy.K, T., and W. Pan, "Multi-homing
Considerations for Distributed-Denial-of-Service Open Deployment Considerations for Distributed-Denial-of-
Threat Signaling (DOTS)", draft-ietf-dots-multihoming-02 Service Open Threat Signaling (DOTS)", draft-ietf-dots-
(work in progress), July 2019. multihoming-03 (work in progress), January 2020.
[I-D.ietf-dots-server-discovery] [I-D.ietf-dots-server-discovery]
Boucadair, M. and R. K, "Distributed-Denial-of-Service Boucadair, M. and T. Reddy.K, "Distributed-Denial-of-
Open Threat Signaling (DOTS) Agent Discovery", draft-ietf- Service Open Threat Signaling (DOTS) Agent Discovery",
dots-server-discovery-05 (work in progress), August 2019. draft-ietf-dots-server-discovery-10 (work in progress),
February 2020.
[I-D.ietf-dots-use-cases] [I-D.ietf-dots-use-cases]
Dobbins, R., Migault, D., Moskowitz, R., Teague, N., Xia, Dobbins, R., Migault, D., Moskowitz, R., Teague, N., Xia,
L., and K. Nishizuka, "Use cases for DDoS Open Threat L., and K. Nishizuka, "Use cases for DDoS Open Threat
Signaling", draft-ietf-dots-use-cases-20 (work in Signaling", draft-ietf-dots-use-cases-20 (work in
progress), September 2019. progress), September 2019.
[I-D.ietf-i2nsf-terminology] [I-D.ietf-i2nsf-terminology]
Hares, S., Strassner, J., Lopez, D., Xia, L., and H. Hares, S., Strassner, J., Lopez, D., Xia, L., and H.
Birkholz, "Interface to Network Security Functions (I2NSF) Birkholz, "Interface to Network Security Functions (I2NSF)
Terminology", draft-ietf-i2nsf-terminology-08 (work in Terminology", draft-ietf-i2nsf-terminology-08 (work in
progress), July 2019. progress), July 2019.
[I-D.ietf-idr-flow-spec-v6] [I-D.ietf-idr-flow-spec-v6]
McPherson, D., Raszuk, R., Pithawala, B., Loibl, C., Raszuk, R., and S. Hares, "Dissemination of
akarch@cisco.com, a., and S. Hares, "Dissemination of Flow Flow Specification Rules for IPv6", draft-ietf-idr-flow-
Specification Rules for IPv6", draft-ietf-idr-flow-spec- spec-v6-10 (work in progress), November 2019.
v6-09 (work in progress), November 2017.
[RFC2663] Srisuresh, P. and M. Holdrege, "IP Network Address [RFC2663] Srisuresh, P. and M. Holdrege, "IP Network Address
Translator (NAT) Terminology and Considerations", Translator (NAT) Terminology and Considerations",
RFC 2663, DOI 10.17487/RFC2663, August 1999, RFC 2663, DOI 10.17487/RFC2663, August 1999,
<https://www.rfc-editor.org/info/rfc2663>. <https://www.rfc-editor.org/info/rfc2663>.
[RFC4340] Kohler, E., Handley, M., and S. Floyd, "Datagram [RFC4340] Kohler, E., Handley, M., and S. Floyd, "Datagram
Congestion Control Protocol (DCCP)", RFC 4340, Congestion Control Protocol (DCCP)", RFC 4340,
DOI 10.17487/RFC4340, March 2006, DOI 10.17487/RFC4340, March 2006,
<https://www.rfc-editor.org/info/rfc4340>. <https://www.rfc-editor.org/info/rfc4340>.
 End of changes. 18 change blocks. 
106 lines changed or deleted 115 lines changed or added

This html diff was produced by rfcdiff 1.47. The latest version is available from http://tools.ietf.org/tools/rfcdiff/