Internet Engineering Task Force                        S. Perreault, Ed.
Internet-Draft                                                  Viagenie
Intended status: BCP                                         I. Yamagata
Expires: January 12, 2012                                    S. Miyakawa
                                                      NTT Communications
                                                             A. Nakagawa
                                          Japan Internet Exchange (JPIX)
                                                               H. Ashida
                                                           July 11, 2011

            Common requirements for Carrier Grade NAT (CGN)


   This document defines common requirements for Carrier-Grade NAT

Status of this Memo

   This Internet-Draft is submitted to IETF in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF), its areas, and its working groups.  Note that
   other groups may also distribute working documents as Internet-

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   The list of current Internet-Drafts can be accessed at

   The list of Internet-Draft Shadow Directories can be accessed at

   This Internet-Draft will expire on January 12, 2012.

Copyright Notice

   Copyright (c) 2011 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

Perreault, et al.       Expires January 12, 2012                [Page 1]

Internet-Draft              CGN Requirements                   July 2011

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   ( in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the BSD License.

Table of Contents

   1.  Introduction . . . . . . . . . . . . . . . . . . . . . . . . .  3
   2.  Terminology  . . . . . . . . . . . . . . . . . . . . . . . . .  3
   3.  Requirements for CGNs  . . . . . . . . . . . . . . . . . . . .  4
   4.  Logging  . . . . . . . . . . . . . . . . . . . . . . . . . . .  9
   5.  Bulk Port Allocation . . . . . . . . . . . . . . . . . . . . .  9
   6.  Deployment Considerations  . . . . . . . . . . . . . . . . . . 11
   7.  IANA Considerations  . . . . . . . . . . . . . . . . . . . . . 11
   8.  Security Considerations  . . . . . . . . . . . . . . . . . . . 11
   9.  Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 11
   10. References . . . . . . . . . . . . . . . . . . . . . . . . . . 11
     10.1.  Normative References  . . . . . . . . . . . . . . . . . . 11
     10.2.  Informative Reference . . . . . . . . . . . . . . . . . . 12
   Appendix A.  Change Log (to be removed by RFC Editor prior to
                publication)  . . . . . . . . . . . . . . . . . . . . 13
     A.1.   Changed in -02  . . . . . . . . . . . . . . . . . . . . . 13
     A.2.   Changed in -01  . . . . . . . . . . . . . . . . . . . . . 15
   Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 15

Perreault, et al.       Expires January 12, 2012                [Page 2]

Internet-Draft              CGN Requirements                   July 2011

1.  Introduction

   With the shortage of IPv4 addresses, it is expected that more ISPs
   may want to provide a service where a public IPv4 address would be
   shared by many subscribers.  Each subscriber is assigned a private
   address, and a NAT situated in the ISP's network translates between
   private and public addresses.  This is known as NAT444
   [I-D.shirasaki-nat444-isp-shared-addr] when the CPE includes a NAT

   This is not to be considered a solution to the shortage of IPv4
   addresses.  It is a service that can conceivably be offered alongside
   others, such as IPv6 services or regular, un-NATed IPv4 service.
   Some ISPs started offering such a service long before there was a
   shortage of IPv4 addresses, showing that there are driving forces
   other than the shortage of IPv4 addresses.

   This document describes behavioral requirements that are to be
   expected of those ISP-controlled NAT.  Meeting this set of
   requirements will greatly increase the likelihood that subscribers'
   applications will function properly.

   Readers should be aware of potential issues that may arise when
   sharing a public address between many subscribers.  See
   [] for details.

   This document builds upon previous works describing requirements for
   generic NATs [RFC4787][RFC5382][RFC5508].  These documents still
   apply in this context.  What follows are additional requirements, to
   be satisfied on top of previous ones.

2.  Terminology

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   document are to be interpreted as described in [RFC2119].

   Readers are expected to be familiar with [RFC4787] and the terms
   defined there.  The following additional term is used in this

   Carrier-Grade NAT (CGN):  A NAT-based [RFC2663] functional element
      operated by an administrative entity (e.g. operator) to share the
      same address among several subscribers.  A CGN is managed by the
      administrative entity, not the subscribers.

Perreault, et al.       Expires January 12, 2012                [Page 3]

Internet-Draft              CGN Requirements                   July 2011

         Note that the term "carrier-grade" has nothing to do with the
         quality of the NAT; that is left to discretion of implementers.
         Rather, it is to be understood as a topological qualifier: the
         NAT is placed in an ISP's network and translates the traffic of
         potentially many subscribers.  Subscribers have limited or no
         control over the CGN, whereas they typically have full control
         over a NAT placed on their premises.

   Figure 1 summarizes a common network topology in which a CGN

                                  |       Internet
                  ............... | ...................
                                  |       ISP network
                              ++------++  External realm
                  ........... |  CGN   |...............
                              ++------++  Internal realm
                                |    |
                                |    |
                                |    |    ISP network
                  ............. | .. | ................
                                |    |  Customer premises
                        ++------++  ++------++
                        |  CPE1  |  |  CPE2  |  etc.
                        ++------++  ++------++

                      Figure 1: CGN network topology

   Another possible topology is one for hotspots, where there is no
   customer premise or CPE, but where a CGN serves a bunch of customers
   who don't trust each other and hence fairness is an issue.  One
   important difference with the previous topology is the absence of
   NAT444.  This, however, has no impact on CGN requirements since they
   are driven by fairness and robustness in the service provided to
   customers, which applies in both cases.

3.  Requirements for CGNs

   What follows is a list of requirements for CGNs.  They are in
   addition to those found in other documents such as [RFC4787],
   [RFC5382], and [RFC5508].

Perreault, et al.       Expires January 12, 2012                [Page 4]

Internet-Draft              CGN Requirements                   July 2011

   REQ-1:  A CGN MUST support at least the following transport
           protocols: TCP (MUST support [RFC5382]), UDP (MUST support
           [RFC4787]), and ICMP (MUST support [RFC5508]).  Support for
           additional transport protocols is OPTIONAL.

   Justification:  These protocols are the ones that NATs traditionally
      support.  The IETF has documented the best current practices for

   REQ-2:  A CGN MUST have a default "IP address pooling" behavior of
           "Paired".  The CGN administrator MAY change this behavior on
           an application protocol basis.

           *  When multiple overlapping internal address ranges share
              the same external address pool (e.g.  DS-Lite
              [I-D.ietf-softwire-dual-stack-lite]), external addresses
              are paired with subscribers rather than internal

   Justification:  This stronger form of REQ-2 from [RFC4787] is
      justified by the stronger need for not breaking applications that
      depend on the external address remaining constant.

      Note that this requirement applies regardless of the transport
      protocol.  In other words, a CGN must use the same external IP
      address mapping for all sessions associated with the same internal
      IP address, be they TCP, UDP, ICMP, something else, or a mix of
      different protocols.

      The justification for allowing other behaviors is to allow the
      administrator to save external addresses and ports for application
      protocols that are known to work fine with other behaviors in
      practice.  However, the default behavior MUST be "Paired".

   REQ-3:  A CGN SHOULD limit the number of external ports (or,
           equivalently, "identifiers" for ICMP) that are assigned per

           A.  Limits SHOULD be configurable by the CGN administrator.

           B.  Limits MAY be configured and applied independently per
               transport protocol.

           C.  Additionally, it is RECOMMENDED that the CGN include
               administrator-adjustable thresholds to prevent a single
               subscriber from consuming excessive CPU resources from
               the CGN (e.g. rate limit the subscriber's creation of new

Perreault, et al.       Expires January 12, 2012                [Page 5]

Internet-Draft              CGN Requirements                   July 2011

   Justification:  A CGN can be considered a network resource that is
      shared by competing subscribers.  Limiting the number of external
      ports assigned to each subscriber mitigates the DoS attack that a
      subscriber could launch against other subscribers through the CGN
      in order to get a larger share of the resource.  It ensures
      fairness among subscribers.  Limiting the rate of allocation
      mitigates a similar attack where the CPU is the resource being
      targeted instead of port numbers.

   REQ-4:  A CGN SHOULD limit the amount of state memory allocated per
           mapping and per subscriber.  This may include limiting the
           number of TCP sessions, the number of filters, etc.,
           depending on the NAT implementation.

           A.  Limits SHOULD be configurable by the CGN administrator.

           B.  Additionally, it SHOULD be possible to limit the rate at
               which memory-consuming state elements are allocated.

   Justification:  A NAT needs to keep track of TCP sessions associated
      to each mapping.  This state consumes resources for which, in the
      case of a CGN, subscribers may compete.  It is necessary to ensure
      that each subscriber has access to a fair share of the CGN's
      resources.  Limiting TCP sessions per subscriber and per time unit
      is an effective mitigation against inter-subscriber DoS attacks.
      Limiting the rate of allocation is intended to prevent against CPU
      resource exhaustion.

   REQ-5:  It SHOULD be possible to administratively turn off
           translation for specific destination addresses and/or ports.

   Justification:  It is common for a CGN administrator to provide
      access for subscribers to servers installed in the ISP's network,
      in the external realm.  When such a server is able to reach the
      internal realm via normal routing (which is entirely controlled by
      the ISP), translation is unneeded.  In that case, the CGN may
      forward packets without modification, thus acting like a plain
      router.  This may represent an important efficiency gain.

      Figure 2 illustrates this use-case.

Perreault, et al.       Expires January 12, 2012                [Page 6]

Internet-Draft              CGN Requirements                   July 2011

                 X1:x1            X1':x1'            X2:x2
                 +---+from X1:x1  +---+from X1:x1    +---+
                 |   |  to X2:x2  |   |  to X2:x2    | S |
                 | C |>>>>>>>>>>>>| C |>>>>>>>>>>>>>>| e |
                 | P |            | G |              | r |
                 | E |<<<<<<<<<<<<| N |<<<<<<<<<<<<<<| v |
                 |   |from X2:x2  |   |from X2:x2    | e |
                 |   |  to X1:x1  |   |  to X1:x1    | r |
                 +---+            +---+              +---+

                        Figure 2: CGN pass-through

   REQ-6:  It is RECOMMENDED that a CGN have an "Endpoint-Independent
           Filtering" behavior.

   Justification:  This is a stronger form of REQ-8 from [RFC4787].  An
      "Address-Dependent Filtering" behavior is NOT RECOMMENDED.  This
      is based on the observation that some games and peer-to-peer
      applications require EIF for the NAT traversal to work.  In the
      context of a CGN it is important to minimise application breakage.

   REQ-7:  When a CGN loses state (due to a crash, reboot, failover to a
           cold standby, etc.), it MUST NOT reuse the same external IP
           addresses for new dynamic mappings for at least 120 seconds.

   Justification:  This is necessary in order to prevent collisions
      between old and new mappings and sessions.  It ensures that all
      established sessions are broken instead of redirected to a
      different peer.  The previous address pool MAY of course be reused
      after a second loss of state.

      The 120 seconds value corresponds to the Maximum Segment Lifetime
      (MSL) from [RFC0793].

      One way that this requirement could be satisfied would be have two
      distinct address pools: one dormant and one active.  When
      rebooting, the CGN would swap the dormant pool with the active
      pool.  Another way would be simply to wait 120 seconds before
      resuming NAT activity.

   REQ-8:  Once an external port is deallocated, it SHOULD NOT be
           reallocated to a new mapping until at least 120 seconds have
           passed.  The length of time and the maximum number of ports
           in this state SHOULD be configurable by the CGN

Perreault, et al.       Expires January 12, 2012                [Page 7]

Internet-Draft              CGN Requirements                   July 2011

   Justification:  This is to prevent users from receiving unwanted
      traffic.  It also helps prevent against clock skew when mappings
      are logged.

      The 120 seconds value corresponds to the Maximum Segment Lifetime
      (MSL) from [RFC0793].

   REQ-9:  A CGN MUST handle the IPv4 ID field of translated packets as
           described in [I-D.ietf-intarea-ipv4-id-update] section 9.

   Justification:  Refer to [I-D.ietf-intarea-ipv4-id-update].

   REQ-10:  A CGN SHOULD support a port forwarding protocol such as the
            Port Control Protocol [I-D.ietf-pcp-base].

   Justification:  Allowing subscribers to manipulate the NAT state
      table with a port forwarding protocol greatly increases the
      likelihood that applications will function properly.

   REQ-11:  A CGN SHOULD support [RFC4008].

   Justification:  It is anticipated that CGNs will be primarily
      deployed in ISP networks where the need for management is

      Note also that there are efforts within the IETF toward creating a
      MIB specifically for CGNs [I-D.jpdionne-behave-cgn-mib].

   REQ-12:  When packets pass from one side to the other, the DSCP
            values MUST be preserved.  If the CGN also includes diffserv
            classifier and marker functionality it MAY change the DSCP

   Justification:  See [RFC2983], in particular section 6.

   REQ-13:  When a CGN is unable to create a mapping due to resource
            contraints or administrative restrictions (i.e. quotas)...

            A.  it MUST drop the original packet;

            B.  it SHOULD send an ICMP Destination Unreachable message
                with code 3 (Port Unreachable) to the session initiator;

            C.  it SHOULD send a notification (e.g.  SNMP trap) towards
                a management system (if configured to do so);

            D.  and it MUST NOT delete existing mappings in order to
                "make room" for the new one.

Perreault, et al.       Expires January 12, 2012                [Page 8]

Internet-Draft              CGN Requirements                   July 2011

   Justification:  This is a slightly different form of REQ-8 from
      [RFC5508].  Code 3 is preferred to code 13 because it is listed as
      a "soft error" in [RFC5461], which is important because we don't
      want TCP stacks to abort the connection attempt in this case.
      Sending an ICMP error may be rate-limited for security reasons,
      which is why requirement B is a SHOULD, not a MUST.

4.  Logging

   It may be necessary for CGN administrators to be able to identify a
   subscriber based on external IPv4 address, port, and timestamp in
   order to deal with abuse and lawful intercept requests.  When
   multiple subscribers share a single external address, the source
   address and port that are visible at the destination host have been
   translated from the ones originated by the subscriber.

   In order to be able to do this, the CGN would need to log the
   following information for each mapping created:

   o  internal source address

   o  internal source port

   o  external source address

   o  external source port

   o  destination address (but see below)

   o  destination port (but see below)

   o  timestamp

   A disadvantage of this is that CGNs under heavy usage may produce
   large amounts of logs, which may require large storage volume.

   Readers should be aware of logging recommendations for Internet-
   facing servers [I-D.ietf-intarea-server-logging-recommendations].
   With compliant servers, the destination address and port do not need
   to be logged by the CGN.  This can help reduce the amount of logging.

5.  Bulk Port Allocation

   So far we have assumed that a CGN allocates one external port for
   every outgoing connection.  In this section, the impacts of
   allocating multiple external ports at a time are discussed.

Perreault, et al.       Expires January 12, 2012                [Page 9]

Internet-Draft              CGN Requirements                   July 2011

   There is a range of things a CGN can do:

   Traditional:  For every outgoing connection, allocate one external

   Random port set:  For an outgoing connection, create a set of several
      random external ports.  Subsequent outgoing connections will use
      ports from the set.  When the set is exhausted, a new connection
      causes a new set to be created.  A set is smaller or equal to the
      user's maximum port limit.

   Consecutive port set:  Same as the random port set, but the ports
      allocated to a set are consecutive instead of random.

   Note that this list is not exhaustive.  There is a continuum of
   behavior that a CGN may choose to implement.  For example, a CGN
   could use random sets of consecutive port sets.

   The impacts of bulk port allocation are as follows.

   Port Utilization:  The mechanisms at the top of the list are very
      efficient in their port utilization.  In that sense, they have
      good scaling properties (nothing is wasted).  The mechanisms at
      the bottom of the list will waste ports.  The number of wasted
      ports is proportional to size of the "bin".

   Logging:  Traditional allocation creates a lot of log entries.
      Allocation by random or consecutive port sets create the same
      number of log entries, but the entries in the case of consecutive
      port sets are smaller because the sets can be expressed very
      compactly by indicating a range (e.g. "12000-12009").

      With large set sizes, the logging frequency for random and
      consecutive port sets can approach that of DHCP servers.

      Traditional allocation can log destinations while random and
      consecutive port sets cannot.  This means that a CGN implementing
      one of the latter two will rely on the remote peer to follow the
      recommendations in
      [I-D.ietf-intarea-server-logging-recommendations].  If this is not
      acceptable, random or consecutive port sets cannot be used.

   Security:  Traditional and random port sets provide very good
      security in that ports numbers are not easily guessed.  Easily
      guessed port numbers put subscribers at risk of the attacks
      described in [RFC6056].  Consecutive port sets provides poor
      security to subscribers, especially if the set size is small.

Perreault, et al.       Expires January 12, 2012               [Page 10]

Internet-Draft              CGN Requirements                   July 2011

6.  Deployment Considerations

   Several issues are encountered when CGNs are used
   [I-D.ietf-intarea-shared-addressing-issues].  There is current work
   in the IETF toward alleviating some of these issues.  For example,
   see [I-D.boucadair-intarea-nat-reveal-analysis].

   The address sharing ratio is the ratio between the number of external
   addresses and the number of internal addresses that a CGN is
   configured to handle.  See
   [I-D.ietf-intarea-shared-addressing-issues] section 26.2 for guidance
   on picking an appropriate ratio.

7.  IANA Considerations

   There are no IANA considerations.

8.  Security Considerations

   If a malicious subscriber can spoof another subscriber's CPE, it may
   cause a DoS to that subscriber by creating mappings up to the allowed
   limit.  Therefore, the CGN administrator SHOULD ensure that spoofing
   is impossible.  This can be accomplished with ingress filtering, as
   described in [RFC2827].

9.  Acknowledgements

   Thanks for the input and review by Arifumi Matsumoto, Benson
   Schliesser, Dai Kuwabara, Dan Wing, Dave Thaler, Francis Dupont, Joe
   Touch, Lars Eggert, Kousuke Shishikura, Mohamed Boucadair, Reinaldo
   Penno, Senthil Sivakumar, Takanori Mizuguchi, Takeshi Tomochika,
   Tomohiro Fujisaki, Tomohiro Nishitani, Tomoya Yoshida, and Yasuhiro
   Shirasaki.  Dan Wing also contributed much of section 5.

10.  References

10.1.  Normative References

   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
              Requirement Levels", BCP 14, RFC 2119, March 1997.

   [RFC4008]  Rohit, R., Srisuresh, P., Raghunarayan, R., Pai, N., and
              C. Wang, "Definitions of Managed Objects for Network
              Address Translators (NAT)", RFC 4008, March 2005.

Perreault, et al.       Expires January 12, 2012               [Page 11]

Internet-Draft              CGN Requirements                   July 2011

   [RFC4787]  Audet, F. and C. Jennings, "Network Address Translation
              (NAT) Behavioral Requirements for Unicast UDP", BCP 127,
              RFC 4787, January 2007.

   [RFC5382]  Guha, S., Biswas, K., Ford, B., Sivakumar, S., and P.
              Srisuresh, "NAT Behavioral Requirements for TCP", BCP 142,
              RFC 5382, October 2008.

   [RFC5508]  Srisuresh, P., Ford, B., Sivakumar, S., and S. Guha, "NAT
              Behavioral Requirements for ICMP", BCP 148, RFC 5508,
              April 2009.

              Touch, J., "Updated Specification of the IPv4 ID Field",
              draft-ietf-intarea-ipv4-id-update-02 (work in progress),
              March 2011.

10.2.  Informative Reference

   [RFC0793]  Postel, J., "Transmission Control Protocol", STD 7,
              RFC 793, September 1981.

   [RFC2663]  Srisuresh, P. and M. Holdrege, "IP Network Address
              Translator (NAT) Terminology and Considerations",
              RFC 2663, August 1999.

   [RFC2827]  Ferguson, P. and D. Senie, "Network Ingress Filtering:
              Defeating Denial of Service Attacks which employ IP Source
              Address Spoofing", BCP 38, RFC 2827, May 2000.

   [RFC2983]  Black, D., "Differentiated Services and Tunnels",
              RFC 2983, October 2000.

   [RFC5461]  Gont, F., "TCP's Reaction to Soft Errors", RFC 5461,
              February 2009.

   [RFC6056]  Larsen, M. and F. Gont, "Recommendations for Transport-
              Protocol Port Randomization", BCP 156, RFC 6056,
              January 2011.

              Durand, A., Gashinsky, I., Lee, D., and S. Sheppard,
              "Logging recommendations for Internet facing servers",
              draft-ietf-intarea-server-logging-recommendations-04 (work
              in progress), April 2011.

              Ford, M., Boucadair, M., Durand, A., Levis, P., and P.

Perreault, et al.       Expires January 12, 2012               [Page 12]

Internet-Draft              CGN Requirements                   July 2011

              Roberts, "Issues with IP Address Sharing",
              draft-ietf-intarea-shared-addressing-issues-05 (work in
              progress), March 2011.

              Wing, D., Cheshire, S., Boucadair, M., Penno, R., and P.
              Selkirk, "Port Control Protocol (PCP)",
              draft-ietf-pcp-base-13 (work in progress), July 2011.

              Durand, A., Droms, R., Woodyatt, J., and Y. Lee, "Dual-
              Stack Lite Broadband Deployments Following IPv4
              Exhaustion", draft-ietf-softwire-dual-stack-lite-11 (work
              in progress), May 2011.

              Boucadair, M., Touch, J., Levis, P., and R. Penno,
              "Analysis of Solution Candidates to Reveal a Host
              Identifier in Shared Address Deployments",
              draft-boucadair-intarea-nat-reveal-analysis-03 (work in
              progress), June 2011.

              Ford, M., Boucadair, M., Durand, A., Levis, P., and P.
              Roberts, "Issues with IP Address Sharing",
              draft-ford-shared-addressing-issues-02 (work in progress),
              March 2010.

              Dionne, J. and M. Blanchet, "CGN Management Information
              Base (MIB)", draft-jpdionne-behave-cgn-mib-00 (work in
              progress), July 2011.

              Shirasaki, Y., Miyakawa, S., Nakagawa, A., Yamaguchi, J.,
              and H. Ashida, "NAT444 addressing models",
              draft-shirasaki-nat444-isp-shared-addr-05 (work in
              progress), January 2011.

Appendix A.  Change Log (to be removed by RFC Editor prior to

A.1.  Changed in -02

   o  CGNs MUST support at least TCP, UDP, and ICMP.

Perreault, et al.       Expires January 12, 2012               [Page 13]

Internet-Draft              CGN Requirements                   July 2011

   o  Add requirement from [I-D.ietf-intarea-ipv4-id-update].

   o  Add informative reference to

   o  Add requirement (SHOULD level) for a port forwarding protocol.

   o  Allow any pooling behavior on a per-application protocol basis.

   o  Adjust wording for external port allocation rate limiting.

   o  Add requirement for RFC4008 support (SHOULD level).

   o  Adjust wording for swapping address pools when rebooting.

   o  Add DSCP requirement (stolen from draft-jennings-behave-nat6).

   o  Add informative reference to

   o  Add requirement for hold-down pool.

   o  Change definition of CGN.

   o  Avoid usage of "device" loaded word throughout the document.

   o  Add requirement about resource exhaustion.

   o  Change title.

   o  Describe additional CGN topology where there is no NAT444.

   o  Better justification for "Paired" pool behavior.

   o  Make it clear that rate limiting allocation is for preserving CPU

   o  Generalize the requirement for limiting the number of TCP sessions
      per mapping so that it applies to all memory-consuming state

   o  Change CPE to subscriber where it applies throughout the text.

   o  Better terminology for bulk port allocation mechanisms.

   o  Explain how external address pairing works with DS-Lite.

Perreault, et al.       Expires January 12, 2012               [Page 14]

Internet-Draft              CGN Requirements                   July 2011

A.2.  Changed in -01

   o  Terminology: LSN is now CGN.

   o  Imported all requirements from RFCs 4787, 5382, and 5508.  This
      allowed us to eliminate some duplication.

   o  Added references to
      draft-ietf-intarea-server-logging-recommendations and

   o  Incorporated a requirement from

Authors' Addresses

   Simon Perreault (editor)
   2875 boul. Laurier, suite D2-630
   Quebec, QC  G1V 2M2

   Phone: +1 418 656 9254

   Ikuhei Yamagata
   NTT Communications Corporation
   Gran Park Tower 17F, 3-4-1 Shibaura, Minato-ku
   Tokyo  108-8118

   Phone: +81 50 3812 4704

   Shin Miyakawa
   NTT Communications Corporation
   Gran Park Tower 17F, 3-4-1 Shibaura, Minato-ku
   Tokyo  108-8118

   Phone: +81 50 3812 4695

Perreault, et al.       Expires January 12, 2012               [Page 15]

Internet-Draft              CGN Requirements                   July 2011

   Akira Nakagawa
   Japan Internet Exchange Co., Ltd. (JPIX)
   Otemachi Building 21F, 1-8-1 Otemachi, Chiyoda-ku
   Tokyo  100-0004

   Phone: +81 90 9242 2717

   Hiroyuki Ashida
   its communications Inc.
   541-1 Ichigao-cho Aoba-ku
   Yokohama  225-0024


Perreault, et al.       Expires January 12, 2012               [Page 16]