4. A Simplified View of the Business Architecture
The Internet is a network of networks in which networks are
interconnected in specific ways and are independently operated. It
is important to note that the underlying Internet architecture puts
no restrictions on the ways that networks are interconnected;
interconnection is a business decision. As such, the Internet
interconnection architecture can be thought of as a "business
structure" for the Internet.
Central to the Internet business structure are the networks that
provide connectivity to other networks, called "transit networks".
These networks sell bulk bandwidth and routing services to each other
and to other networks as customers. Around the periphery of the
transit network are companies, schools, and other networks that
provide services directly to individuals. These might generally be
divided into "enterprise networks" and "access networks"; enterprise
networks provide "free" connectivity to their own employees or
members, and also provide them a set of services including electronic
mail, web services, and so on. Access networks sell broadband
connectivity (DSL, Cable Modem, 802.11 wireless, or 3GPP wireless) or
"dial" services (including PSTN dial-up and ISDN) to subscribers.
The subscribers are typically either residential or small office/home
office (SOHO) customers. Residential customers are generally
entirely dependent on their access provider for all services, while a
SOHO buys some services from the access provider and may provide
others for itself. Networks that sell transit services to nobody
else -- SOHO, residential, and enterprise networks -- are generally
refereed to as "edge networks"; transit networks are considered to be
part of the "core" of the Internet, and access networks are between
the two. This general structure is depicted in Figure 3.
/ \ / \
/--\ / \ / \
|SOHO|---+ Access | |Enterprise|
\--/ | Service | | Network |
/--\ | Provider| | |
|Home|---+ | ------ | |
\--/ \ +---+ +---+ /
\ / / \ \ /
------ | Transit | ------
| Service |
| Provider |
Figure 3: Conceptual Model of Internet Businesses
A specific example is shown in a traceroute from a home to a nearby
school. Internet connectivity in Figure 4 passes through
o the home network,
o Cox Communications, an access network using Cable Modem
o TransitRail, a commodity peering service for research and
education (R&E) networks,
o Corporation for Education Network Initiatives in California
(CENIC), a transit provider for educational networks, and
o the University of California at Santa Barbara, which in this
context might be viewed as an access network for its students and
faculty or as an enterprise network.
<stealth-10-32-244-218:> fred% traceroute www.ucsb.edu
traceroute to web.ucsb.edu (184.108.40.206),
64 hops max, 40 byte packets
1 fred-vpn (10.32.244.217) 1.560 ms 1.108 ms 1.133 ms
2 wsip-98-173-193-1.sb.sd.cox.net (220.127.116.11) 12.540 ms ...
3 18.104.22.168 ...
4 22.214.171.124 ...
5 langbbr01-as0.r2.la.cox.net ...
6 calren46-cust.lsanca01.transitrail.net ...
7 dc-lax-core1--lax-peer1-ge.cenic.net ...
8 dc-lax-agg1--lax-core1-ge.cenic.net ...
9 dc-ucsb--dc-lax-dc2.cenic.net ...
10 r2--r1--1.commserv.ucsb.edu ...
11 574-c--r2--2.commserv.ucsb.edu ...
12 * * *
Figure 4: Traceroute from Residential Customer to Educational
Another specific example could be shown in a traceroute from the home
through a Virtual Private Network (VPN tunnel) from the home,
crossing Cox Cable (an access network) and Pacific Bell (a transit
network), and terminating in Cisco Systems (an enterprise network); a
traceroute of the path doesn't show that as it is invisible within
the VPN and the contents of the VPN are invisible, due to encryption,
to the networks on the path. Instead, the traceroute in Figure 5 is
entirely within Cisco's internal network.
<stealth-10-32-244-218:~> fred% traceroute irp-view13
traceroute to irp-view13.cisco.com (126.96.36.199),
64 hops max, 40 byte packets
1 fred-vpn (10.32.244.217) 2.560 ms 1.100 ms 1.198 ms
<tunneled path through Cox and Pacific Bell>
3 sjc24-00a-gw2-ge2-2 (10.34.251.137) 26.298 ms...
4 sjc23-a5-gw2-g2-1 (10.34.250.78) 25.214 ms ...
5 sjc20-a5-gw1 (10.32.136.21) 23.205 ms ...
6 sjc12-abb4-gw1-t2-7 (10.32.0.189) 46.028 ms ...
7 sjc5-sbb4-gw1-ten8-2 (171.*.*.*) 26.700 ms ...
8 sjc12-dc5-gw2-ten3-1 ...
9 sjc5-dc4-gw1-ten8-1 ...
10 irp-view13 ...
Figure 5: Traceroute across VPN
Note that in both cases, the home network uses private address space
[RFC1918] while other networks generally use public address space,
and that three middleware technologies are in use here. These are
the uses of a firewall, a Network Address Translator (NAT), and a
Virtual Private Network (VPN).
Firewalls are generally sold as and considered by many to be a
security technology. This is based on the fact that a firewall
imposes a border between two administrative domains. Typically, a
firewall will be deployed between a residential, SOHO, or enterprise
network and its access or transit provider. In its essence, a
firewall is a data diode, imposing a policy on what sessions may pass
between a protected domain and the rest of the Internet. Simple
policies generally permit sessions to be originated from the
protected network but not from the outside; more complex policies may
permit additional sessions from the outside, such as electronic mail
to a mail server or a web session to a web server, and may prevent
certain applications from global access even though they are
originated from the inside.
Note that the effectiveness of firewalls remains controversial.
While network managers often insist on deploying firewalls as they
impose a boundary, others point out that their value as a security
solution is debatable. This is because most attacks come from behind
the firewall. In addition, firewalls do not protect against
application layer attacks such as viruses carried in email. Thus, as
a security solution, firewalls are justified as a layer in defense in
depth. That is, while an end system must in the end be responsible
for its own security, a firewall can inhibit or prevent certain kinds
of attacks, for example the consumption of CPU time on a critical
Key documents describing firewall technology and the issues it poses
o IP Multicast and Firewalls [RFC2588]
o Benchmarking Terminology for Firewall Performance [RFC2647]
o Behavior of and Requirements for Internet Firewalls [RFC2979]
o Benchmarking Methodology for Firewall Performance [RFC3511]
o Mobile IPv6 and Firewalls: Problem Statement [RFC4487]
o NAT and Firewall Traversal Issues of Host Identity Protocol
Network Address Translation is a technology that was developed in
response to ISP behaviors in the mid-1990's; when [RFC1918] was
published, many ISPs started handing out single or small numbers of
addresses, and edge networks were forced to translate. In time, this
became considered a good thing, or at least not a bad thing; it
amplified the public address space, and it was sold as if it were a
firewall. It of course is not; while traditional dynamic NATs only
translate between internal and external session address/port tuples
during the detected duration of the session, that session state may
exist in the network much longer than it exists on the end system,
and as a result constitutes an attack vector. The design, value, and
limitations of network address translation are described in:
o IP Network Address Translator Terminology and Considerations
o Traditional IP Network Address Translator [RFC3022]
o Protocol Complications with the IP Network Address Translator
o Network Address Translator Friendly Application Design Guidelines
o IAB Considerations for Network Address Translation [RFC3424]
o IPsec-Network Address Translation Compatibility Requirements
o Network Address Translation Behavioral Requirements for Unicast
o State of Peer-to-Peer Communication across Network Address
o IP Multicast Requirements for a Network Address Translator and a
Network Address Port Translator [RFC5135]
Virtual Private Networks come in many forms; what they have in common
is that they are generally tunneled over the Internet backbone, so
that as in Figure 5, connectivity appears to be entirely within the
edge network although it is in fact across a service provider's
network. Examples include IPsec tunnel-mode encrypted tunnels, IP-
in-IP or GRE tunnels, and MPLS LSPs [RFC3031][RFC3032].
5. Security Considerations
Security is addressed in some detail in Section 2.2 and Section 3.1.
Review comments were made by Adrian Farrel, Andrew Yourtchenko, Ashok
Narayanan, Bernie Volz, Chris Lonvick, Dan Romascanu, Dave McGrew,
Dave Oran, David Harrington, David Su, Don Sturek, Francis Cleveland,
Hemant Singh, James Polk, Jari Arkko, John Meylor, Joseph Salowey,
Julien Abeille, Kerry Lynn, Lars Eggert, Magnus Westerlund, Murtaza
Chiba, Paul Duffy, Paul Hoffman, Peter Saint-Andre, Ralph Droms,
Robert Sparks, Russ White, Sean Turner, Sheila Frankel, Stephen
Farrell, Tim Polk, Toerless Eckert, Tom Herbst, Vint Cerf, and
Yoshihiro Ohba. Several of the individuals suggested text, which was
very useful, as the authors don't claim to know half as much as their
reviewers collectively do.
7.1. Normative References
[RFC1122] Braden, R., "Requirements for Internet Hosts -
Communication Layers", STD 3, RFC 1122,
[RFC1123] Braden, R., "Requirements for Internet Hosts -
Application and Support", STD 3, RFC 1123,
[RFC1812] Baker, F., "Requirements for IP Version 4 Routers",
RFC 1812, June 1995.
[RFC4294] Loughney, J., "IPv6 Node Requirements", RFC 4294,
7.2. Informative References
[6LOWPAN-HC] Hui, J. and P. Thubert, "Compression Format for IPv6
Datagrams in Low Power and Lossy Networks
(6LoWPAN)", Work in Progress, February 2011.
[ABFAB-ARCH] Howlett, J., Hartman, S., Tschofenig, H., and E.
Lear, "Application Bridging for Federated Access
Beyond Web (ABFAB) Architecture", Work in Progress,
[AES-CCM-ECC] McGrew, D., Bailey, D., Campagna, M., and R. Dugal,
"AES-CCM ECC Cipher Suites for TLS", Work
in Progress, January 2011.
[COAP] Shelby, Z., Hartke, K., Bormann, C., and B. Frank,
"Constrained Application Protocol (CoAP)", Work
in Progress, March 2011.
[DIME-BASE] Fajardo, V., Ed., Arkko, J., Loughney, J., and G.
Zorn, "Diameter Base Protocol", Work in Progress,
[DNS-SD] Cheshire, S. and M. Krochmal, "DNS-Based Service
Discovery", Work in Progress, February 2011.
[DTLS] Rescorla, E. and N. Modadugu, "Datagram Transport
Layer Security version 1.2", Work in Progress,
[DYMO] Chakeres, I. and C. Perkins, "Dynamic MANET On-
demand (DYMO) Routing", Work in Progress, July 2010.
[IEC61850] Wikipedia, "Wikipedia Article: IEC 61850",
June 2011, <http://en.wikipedia.org/w/
[IEC62351-3] International Electrotechnical Commission Technical
Committee 57, "POWER SYSTEMS MANAGEMENT AND
ASSOCIATED INFORMATION EXCHANGE. DATA AND
COMMUNICATIONS SECURITY -- Part 3: Communication
network and system security Profiles including
TCP/IP", May 2007.
[IEEE802.1X] Institute of Electrical and Electronics Engineers,
"IEEE Standard for Local and Metropolitan Area
Networks - Port based Network Access Control",
IEEE Standard 802.1X-2010, February 2010.
[IP-SEC] Gont, F., "Security Assessment of the Internet
Protocol Version 4", Work in Progress, April 2011.
[IPv6-NODE-REQ] Jankiewicz, E., Loughney, J., and T. Narten, "IPv6
Node Requirements", Work in Progress, May 2011.
[MULTICAST-DNS] Cheshire, S. and M. Krochmal, "Multicast DNS", Work
in Progress, February 2011.
[Model] SGIP, "Smart Grid Architecture Committee: Conceptual
Model White Paper http://collaborate.nist.gov/
[OAUTHv2] Hammer-Lahav, E., Recordon, D., and D. Hardt, "The
OAuth 2.0 Authorization Protocol", Work in Progress,
[RESTFUL] Fielding, "Architectural Styles and the Design of
Network-based Software Architectures", 2000.
[RFC0768] Postel, J., "User Datagram Protocol", STD 6,
RFC 768, August 1980.
[RFC0791] Postel, J., "Internet Protocol", STD 5, RFC 791,
[RFC0792] Postel, J., "Internet Control Message Protocol",
STD 5, RFC 792, September 1981.
[RFC0793] Postel, J., "Transmission Control Protocol", STD 7,
RFC 793, September 1981.
[RFC0826] Plummer, D., "Ethernet Address Resolution Protocol:
Or converting network protocol addresses to 48.bit
Ethernet address for transmission on Ethernet
hardware", STD 37, RFC 826, November 1982.
[RFC0894] Hornig, C., "Standard for the transmission of IP
datagrams over Ethernet networks", STD 41, RFC 894,
[RFC1006] Rose, M. and D. Cass, "ISO transport services on top
of the TCP: Version 3", STD 35, RFC 1006, May 1987.
[RFC1034] Mockapetris, P., "Domain names - concepts and
facilities", STD 13, RFC 1034, November 1987.
[RFC1035] Mockapetris, P., "Domain names - implementation and
specification", STD 13, RFC 1035, November 1987.
[RFC1058] Hedrick, C., "Routing Information Protocol",
RFC 1058, June 1988.
[RFC1112] Deering, S., "Host extensions for IP multicasting",
STD 5, RFC 1112, August 1989.
[RFC1195] Callon, R., "Use of OSI IS-IS for routing in TCP/IP
and dual environments", RFC 1195, December 1990.
[RFC1332] McGregor, G., "The PPP Internet Protocol Control
Protocol (IPCP)", RFC 1332, May 1992.
[RFC1661] Simpson, W., "The Point-to-Point Protocol (PPP)",
STD 51, RFC 1661, July 1994.
[RFC1918] Rekhter, Y., Moskowitz, R., Karrenberg, D., Groot,
G., and E. Lear, "Address Allocation for Private
Internets", BCP 5, RFC 1918, February 1996.
[RFC1964] Linn, J., "The Kerberos Version 5 GSS-API
Mechanism", RFC 1964, June 1996.
[RFC2080] Malkin, G. and R. Minnear, "RIPng for IPv6",
RFC 2080, January 1997.
[RFC2126] Pouffary, Y. and A. Young, "ISO Transport Service on
top of TCP (ITOT)", RFC 2126, March 1997.
[RFC2131] Droms, R., "Dynamic Host Configuration Protocol",
RFC 2131, March 1997.
[RFC2136] Vixie, P., Thomson, S., Rekhter, Y., and J. Bound,
"Dynamic Updates in the Domain Name System (DNS
UPDATE)", RFC 2136, April 1997.
[RFC2328] Moy, J., "OSPF Version 2", STD 54, RFC 2328,
[RFC2357] Mankin, A., Romanov, A., Bradner, S., and V. Paxson,
"IETF Criteria for Evaluating Reliable Multicast
Transport and Application Protocols", RFC 2357,
[RFC2453] Malkin, G., "RIP Version 2", STD 56, RFC 2453,
[RFC2460] Deering, S. and R. Hinden, "Internet Protocol,
Version 6 (IPv6) Specification", RFC 2460,
[RFC2464] Crawford, M., "Transmission of IPv6 Packets over
Ethernet Networks", RFC 2464, December 1998.
[RFC2474] Nichols, K., Blake, S., Baker, F., and D. Black,
"Definition of the Differentiated Services Field (DS
Field) in the IPv4 and IPv6 Headers", RFC 2474,
[RFC2475] Blake, S., Black, D., Carlson, M., Davies, E., Wang,
Z., and W. Weiss, "An Architecture for
Differentiated Services", RFC 2475, December 1998.
[RFC2516] Mamakos, L., Lidl, K., Evarts, J., Carrel, D.,
Simone, D., and R. Wheeler, "A Method for
Transmitting PPP Over Ethernet (PPPoE)", RFC 2516,
[RFC2545] Marques, P. and F. Dupont, "Use of BGP-4
Multiprotocol Extensions for IPv6 Inter-Domain
Routing", RFC 2545, March 1999.
[RFC2560] Myers, M., Ankney, R., Malpani, A., Galperin, S.,
and C. Adams, "X.509 Internet Public Key
Infrastructure Online Certificate Status Protocol -
OCSP", RFC 2560, June 1999.
[RFC2588] Finlayson, R., "IP Multicast and Firewalls",
RFC 2588, May 1999.
[RFC2608] Guttman, E., Perkins, C., Veizades, J., and M. Day,
"Service Location Protocol, Version 2", RFC 2608,
[RFC2615] Malis, A. and W. Simpson, "PPP over SONET/SDH",
RFC 2615, June 1999.
[RFC2616] Fielding, R., Gettys, J., Mogul, J., Frystyk, H.,
Masinter, L., Leach, P., and T. Berners-Lee,
"Hypertext Transfer Protocol -- HTTP/1.1", RFC 2616,
[RFC2647] Newman, D., "Benchmarking Terminology for Firewall
Performance", RFC 2647, August 1999.
[RFC2663] Srisuresh, P. and M. Holdrege, "IP Network Address
Translator (NAT) Terminology and Considerations",
RFC 2663, August 1999.
[RFC2710] Deering, S., Fenner, W., and B. Haberman, "Multicast
Listener Discovery (MLD) for IPv6", RFC 2710,
[RFC2743] Linn, J., "Generic Security Service Application
Program Interface Version 2, Update 1", RFC 2743,
[RFC2784] Farinacci, D., Li, T., Hanks, S., Meyer, D., and P.
Traina, "Generic Routing Encapsulation (GRE)",
RFC 2784, March 2000.
[RFC2865] Rigney, C., Willens, S., Rubens, A., and W. Simpson,
"Remote Authentication Dial In User Service
(RADIUS)", RFC 2865, June 2000.
[RFC2979] Freed, N., "Behavior of and Requirements for
Internet Firewalls", RFC 2979, October 2000.
[RFC2993] Hain, T., "Architectural Implications of NAT",
RFC 2993, November 2000.
[RFC3007] Wellington, B., "Secure Domain Name System (DNS)
Dynamic Update", RFC 3007, November 2000.
[RFC3022] Srisuresh, P. and K. Egevang, "Traditional IP
Network Address Translator (Traditional NAT)",
RFC 3022, January 2001.
[RFC3027] Holdrege, M. and P. Srisuresh, "Protocol
Complications with the IP Network Address
Translator", RFC 3027, January 2001.
[RFC3031] Rosen, E., Viswanathan, A., and R. Callon,
"Multiprotocol Label Switching Architecture",
RFC 3031, January 2001.
[RFC3032] Rosen, E., Tappan, D., Fedorkow, G., Rekhter, Y.,
Farinacci, D., Li, T., and A. Conta, "MPLS Label
Stack Encoding", RFC 3032, January 2001.
[RFC3168] Ramakrishnan, K., Floyd, S., and D. Black, "The
Addition of Explicit Congestion Notification (ECN)
to IP", RFC 3168, September 2001.
[RFC3235] Senie, D., "Network Address Translator (NAT)-
Friendly Application Design Guidelines", RFC 3235,
[RFC3261] Rosenberg, J., Schulzrinne, H., Camarillo, G.,
Johnston, A., Peterson, J., Sparks, R., Handley, M.,
and E. Schooler, "SIP: Session Initiation Protocol",
RFC 3261, June 2002.
[RFC3265] Roach, A., "Session Initiation Protocol (SIP)-
Specific Event Notification", RFC 3265, June 2002.
[RFC3275] Eastlake, D., Reagle, J., and D. Solo, "(Extensible
Markup Language) XML-Signature Syntax and
Processing", RFC 3275, March 2002.
[RFC3315] Droms, R., Bound, J., Volz, B., Lemon, T., Perkins,
C., and M. Carney, "Dynamic Host Configuration
Protocol for IPv6 (DHCPv6)", RFC 3315, July 2003.
[RFC3376] Cain, B., Deering, S., Kouvelas, I., Fenner, B., and
A. Thyagarajan, "Internet Group Management Protocol,
Version 3", RFC 3376, October 2002.
[RFC3411] Harrington, D., Presuhn, R., and B. Wijnen, "An
Architecture for Describing Simple Network
Management Protocol (SNMP) Management Frameworks",
STD 62, RFC 3411, December 2002.
[RFC3412] Case, J., Harrington, D., Presuhn, R., and B.
Wijnen, "Message Processing and Dispatching for the
Simple Network Management Protocol (SNMP)", STD 62,
RFC 3412, December 2002.
[RFC3413] Levi, D., Meyer, P., and B. Stewart, "Simple Network
Management Protocol (SNMP) Applications", STD 62,
RFC 3413, December 2002.
[RFC3414] Blumenthal, U. and B. Wijnen, "User-based Security
Model (USM) for version 3 of the Simple Network
Management Protocol (SNMPv3)", STD 62, RFC 3414,
[RFC3415] Wijnen, B., Presuhn, R., and K. McCloghrie, "View-
based Access Control Model (VACM) for the Simple
Network Management Protocol (SNMP)", STD 62,
RFC 3415, December 2002.
[RFC3416] Presuhn, R., "Version 2 of the Protocol Operations
for the Simple Network Management Protocol (SNMP)",
STD 62, RFC 3416, December 2002.
[RFC3417] Presuhn, R., "Transport Mappings for the Simple
Network Management Protocol (SNMP)", STD 62,
RFC 3417, December 2002.
[RFC3418] Presuhn, R., "Management Information Base (MIB) for
the Simple Network Management Protocol (SNMP)",
STD 62, RFC 3418, December 2002.
[RFC3424] Daigle, L. and IAB, "IAB Considerations for
UNilateral Self-Address Fixing (UNSAF) Across
Network Address Translation", RFC 3424,
[RFC3436] Jungmaier, A., Rescorla, E., and M. Tuexen,
"Transport Layer Security over Stream Control
Transmission Protocol", RFC 3436, December 2002.
[RFC3453] Luby, M., Vicisano, L., Gemmell, J., Rizzo, L.,
Handley, M., and J. Crowcroft, "The Use of Forward
Error Correction (FEC) in Reliable Multicast",
RFC 3453, December 2002.
[RFC3511] Hickman, B., Newman, D., Tadjudin, S., and T.
Martin, "Benchmarking Methodology for Firewall
Performance", RFC 3511, April 2003.
[RFC3550] Schulzrinne, H., Casner, S., Frederick, R., and V.
Jacobson, "RTP: A Transport Protocol for Real-Time
Applications", STD 64, RFC 3550, July 2003.
[RFC3552] Rescorla, E. and B. Korver, "Guidelines for Writing
RFC Text on Security Considerations", BCP 72,
RFC 3552, July 2003.
[RFC3561] Perkins, C., Belding-Royer, E., and S. Das, "Ad hoc
On-Demand Distance Vector (AODV) Routing", RFC 3561,
[RFC3569] Bhattacharyya, S., "An Overview of Source-Specific
Multicast (SSM)", RFC 3569, July 2003.
[RFC3588] Calhoun, P., Loughney, J., Guttman, E., Zorn, G.,
and J. Arkko, "Diameter Base Protocol", RFC 3588,
[RFC3590] Haberman, B., "Source Address Selection for the
Multicast Listener Discovery (MLD) Protocol",
RFC 3590, September 2003.
[RFC3626] Clausen, T. and P. Jacquet, "Optimized Link State
Routing Protocol (OLSR)", RFC 3626, October 2003.
[RFC3629] Yergeau, F., "UTF-8, a transformation format of ISO
10646", STD 63, RFC 3629, November 2003.
[RFC3715] Aboba, B. and W. Dixon, "IPsec-Network Address
Translation (NAT) Compatibility Requirements",
RFC 3715, March 2004.
[RFC3810] Vida, R. and L. Costa, "Multicast Listener Discovery
Version 2 (MLDv2) for IPv6", RFC 3810, June 2004.
[RFC3828] Larzon, L-A., Degermark, M., Pink, S., Jonsson,
L-E., and G. Fairhurst, "The Lightweight User
Datagram Protocol (UDP-Lite)", RFC 3828, July 2004.
[RFC3853] Peterson, J., "S/MIME Advanced Encryption Standard
(AES) Requirement for the Session Initiation
Protocol (SIP)", RFC 3853, July 2004.
[RFC3923] Saint-Andre, P., "End-to-End Signing and Object
Encryption for the Extensible Messaging and Presence
Protocol (XMPP)", RFC 3923, October 2004.
[RFC3971] Arkko, J., Kempf, J., Zill, B., and P. Nikander,
"SEcure Neighbor Discovery (SEND)", RFC 3971,
[RFC3973] Adams, A., Nicholas, J., and W. Siadak, "Protocol
Independent Multicast - Dense Mode (PIM-DM):
Protocol Specification (Revised)", RFC 3973,
[RFC4017] Stanley, D., Walker, J., and B. Aboba, "Extensible
Authentication Protocol (EAP) Method Requirements
for Wireless LANs", RFC 4017, March 2005.
[RFC4033] Arends, R., Austein, R., Larson, M., Massey, D., and
S. Rose, "DNS Security Introduction and
Requirements", RFC 4033, March 2005.
[RFC4034] Arends, R., Austein, R., Larson, M., Massey, D., and
S. Rose, "Resource Records for the DNS Security
Extensions", RFC 4034, March 2005.
[RFC4035] Arends, R., Austein, R., Larson, M., Massey, D., and
S. Rose, "Protocol Modifications for the DNS
Security Extensions", RFC 4035, March 2005.
[RFC4108] Housley, R., "Using Cryptographic Message Syntax
(CMS) to Protect Firmware Packages", RFC 4108,
[RFC4120] Neuman, C., Yu, T., Hartman, S., and K. Raeburn,
"The Kerberos Network Authentication Service (V5)",
RFC 4120, July 2005.
[RFC4121] Zhu, L., Jaganathan, K., and S. Hartman, "The
Kerberos Version 5 Generic Security Service
Application Program Interface (GSS-API) Mechanism:
Version 2", RFC 4121, July 2005.
[RFC4210] Adams, C., Farrell, S., Kause, T., and T. Mononen,
"Internet X.509 Public Key Infrastructure
Certificate Management Protocol (CMP)", RFC 4210,
[RFC4213] Nordmark, E. and R. Gilligan, "Basic Transition
Mechanisms for IPv6 Hosts and Routers", RFC 4213,
[RFC4253] Ylonen, T. and C. Lonvick, "The Secure Shell (SSH)
Transport Layer Protocol", RFC 4253, January 2006.
[RFC4271] Rekhter, Y., Li, T., and S. Hares, "A Border Gateway
Protocol 4 (BGP-4)", RFC 4271, January 2006.
[RFC4291] Hinden, R. and S. Deering, "IP Version 6 Addressing
Architecture", RFC 4291, February 2006.
[RFC4301] Kent, S. and K. Seo, "Security Architecture for the
Internet Protocol", RFC 4301, December 2005.
[RFC4302] Kent, S., "IP Authentication Header", RFC 4302,
[RFC4303] Kent, S., "IP Encapsulating Security Payload (ESP)",
RFC 4303, December 2005.
[RFC4307] Schiller, J., "Cryptographic Algorithms for Use in
the Internet Key Exchange Version 2 (IKEv2)",
RFC 4307, December 2005.
[RFC4320] Sparks, R., "Actions Addressing Identified Issues
with the Session Initiation Protocol's (SIP) Non-
INVITE Transaction", RFC 4320, January 2006.
[RFC4340] Kohler, E., Handley, M., and S. Floyd, "Datagram
Congestion Control Protocol (DCCP)", RFC 4340,
[RFC4347] Rescorla, E. and N. Modadugu, "Datagram Transport
Layer Security", RFC 4347, April 2006.
[RFC4364] Rosen, E. and Y. Rekhter, "BGP/MPLS IP Virtual
Private Networks (VPNs)", RFC 4364, February 2006.
[RFC4410] Pullen, M., Zhao, F., and D. Cohen, "Selectively
Reliable Multicast Protocol (SRMP)", RFC 4410,
[RFC4422] Melnikov, A. and K. Zeilenga, "Simple Authentication
and Security Layer (SASL)", RFC 4422, June 2006.
[RFC4443] Conta, A., Deering, S., and M. Gupta, "Internet
Control Message Protocol (ICMPv6) for the Internet
Protocol Version 6 (IPv6) Specification", RFC 4443,
[RFC4487] Le, F., Faccin, S., Patil, B., and H. Tschofenig,
"Mobile IPv6 and Firewalls: Problem Statement",
RFC 4487, May 2006.
[RFC4492] Blake-Wilson, S., Bolyard, N., Gupta, V., Hawk, C.,
and B. Moeller, "Elliptic Curve Cryptography (ECC)
Cipher Suites for Transport Layer Security (TLS)",
RFC 4492, May 2006.
[RFC4556] Zhu, L. and B. Tung, "Public Key Cryptography for
Initial Authentication in Kerberos (PKINIT)",
RFC 4556, June 2006.
[RFC4566] Handley, M., Jacobson, V., and C. Perkins, "SDP:
Session Description Protocol", RFC 4566, July 2006.
[RFC4594] Babiarz, J., Chan, K., and F. Baker, "Configuration
Guidelines for DiffServ Service Classes", RFC 4594,
[RFC4601] Fenner, B., Handley, M., Holbrook, H., and I.
Kouvelas, "Protocol Independent Multicast - Sparse
Mode (PIM-SM): Protocol Specification (Revised)",
RFC 4601, August 2006.
[RFC4604] Holbrook, H., Cain, B., and B. Haberman, "Using
Internet Group Management Protocol Version 3
(IGMPv3) and Multicast Listener Discovery Protocol
Version 2 (MLDv2) for Source-Specific Multicast",
RFC 4604, August 2006.
[RFC4607] Holbrook, H. and B. Cain, "Source-Specific Multicast
for IP", RFC 4607, August 2006.
[RFC4608] Meyer, D., Rockell, R., and G. Shepherd, "Source-
Specific Protocol Independent Multicast in 232/8",
BCP 120, RFC 4608, August 2006.
[RFC4614] Duke, M., Braden, R., Eddy, W., and E. Blanton, "A
Roadmap for Transmission Control Protocol (TCP)
Specification Documents", RFC 4614, September 2006.
[RFC4741] Enns, R., "NETCONF Configuration Protocol",
RFC 4741, December 2006.
[RFC4742] Wasserman, M. and T. Goddard, "Using the NETCONF
Configuration Protocol over Secure SHell (SSH)",
RFC 4742, December 2006.
[RFC4743] Goddard, T., "Using NETCONF over the Simple Object
Access Protocol (SOAP)", RFC 4743, December 2006.
[RFC4744] Lear, E. and K. Crozier, "Using the NETCONF Protocol
over the Blocks Extensible Exchange Protocol
(BEEP)", RFC 4744, December 2006.
[RFC4760] Bates, T., Chandra, R., Katz, D., and Y. Rekhter,
"Multiprotocol Extensions for BGP-4", RFC 4760,
[RFC4787] Audet, F. and C. Jennings, "Network Address
Translation (NAT) Behavioral Requirements for
Unicast UDP", BCP 127, RFC 4787, January 2007.
[RFC4835] Manral, V., "Cryptographic Algorithm Implementation
Requirements for Encapsulating Security Payload
(ESP) and Authentication Header (AH)", RFC 4835,
[RFC4854] Saint-Andre, P., "A Uniform Resource Name (URN)
Namespace for Extensions to the Extensible Messaging
and Presence Protocol (XMPP)", RFC 4854,
[RFC4861] Narten, T., Nordmark, E., Simpson, W., and H.
Soliman, "Neighbor Discovery for IP version 6
(IPv6)", RFC 4861, September 2007.
[RFC4862] Thomson, S., Narten, T., and T. Jinmei, "IPv6
Stateless Address Autoconfiguration", RFC 4862,
[RFC4916] Elwell, J., "Connected Identity in the Session
Initiation Protocol (SIP)", RFC 4916, June 2007.
[RFC4919] Kushalnagar, N., Montenegro, G., and C. Schumacher,
"IPv6 over Low-Power Wireless Personal Area Networks
(6LoWPANs): Overview, Assumptions, Problem
Statement, and Goals", RFC 4919, August 2007.
[RFC4941] Narten, T., Draves, R., and S. Krishnan, "Privacy
Extensions for Stateless Address Autoconfiguration
in IPv6", RFC 4941, September 2007.
[RFC4944] Montenegro, G., Kushalnagar, N., Hui, J., and D.
Culler, "Transmission of IPv6 Packets over IEEE
802.15.4 Networks", RFC 4944, September 2007.
[RFC4960] Stewart, R., "Stream Control Transmission Protocol",
RFC 4960, September 2007.
[RFC4987] Eddy, W., "TCP SYN Flooding Attacks and Common
Mitigations", RFC 4987, August 2007.
[RFC5023] Gregorio, J. and B. de hOra, "The Atom Publishing
Protocol", RFC 5023, October 2007.
[RFC5061] Stewart, R., Xie, Q., Tuexen, M., Maruyama, S., and
M. Kozuka, "Stream Control Transmission Protocol
(SCTP) Dynamic Address Reconfiguration", RFC 5061,
[RFC5072] Varada, S., Ed., Haskins, D., and E. Allen, "IP
Version 6 over PPP", RFC 5072, September 2007.
[RFC5122] Saint-Andre, P., "Internationalized Resource
Identifiers (IRIs) and Uniform Resource Identifiers
(URIs) for the Extensible Messaging and Presence
Protocol (XMPP)", RFC 5122, February 2008.
[RFC5128] Srisuresh, P., Ford, B., and D. Kegel, "State of
Peer-to-Peer (P2P) Communication across Network
Address Translators (NATs)", RFC 5128, March 2008.
[RFC5135] Wing, D. and T. Eckert, "IP Multicast Requirements
for a Network Address Translator (NAT) and a Network
Address Port Translator (NAPT)", BCP 135, RFC 5135,
[RFC5191] Forsberg, D., Ohba, Y., Patil, B., Tschofenig, H.,
and A. Yegin, "Protocol for Carrying Authentication
for Network Access (PANA)", RFC 5191, May 2008.
[RFC5207] Stiemerling, M., Quittek, J., and L. Eggert, "NAT
and Firewall Traversal Issues of Host Identity
Protocol (HIP) Communication", RFC 5207, April 2008.
[RFC5216] Simon, D., Aboba, B., and R. Hurst, "The EAP-TLS
Authentication Protocol", RFC 5216, March 2008.
[RFC5238] Phelan, T., "Datagram Transport Layer Security
(DTLS) over the Datagram Congestion Control Protocol
(DCCP)", RFC 5238, May 2008.
[RFC5246] Dierks, T. and E. Rescorla, "The Transport Layer
Security (TLS) Protocol Version 1.2", RFC 5246,
[RFC5272] Schaad, J. and M. Myers, "Certificate Management
over CMS (CMC)", RFC 5272, June 2008.
[RFC5277] Chisholm, S. and H. Trevino, "NETCONF Event
Notifications", RFC 5277, July 2008.
[RFC5280] Cooper, D., Santesson, S., Farrell, S., Boeyen, S.,
Housley, R., and W. Polk, "Internet X.509 Public Key
Infrastructure Certificate and Certificate
Revocation List (CRL) Profile", RFC 5280, May 2008.
[RFC5289] Rescorla, E., "TLS Elliptic Curve Cipher Suites with
SHA-256/384 and AES Galois Counter Mode (GCM)",
RFC 5289, August 2008.
[RFC5308] Hopps, C., "Routing IPv6 with IS-IS", RFC 5308,
[RFC5340] Coltun, R., Ferguson, D., Moy, J., and A. Lindem,
"OSPF for IPv6", RFC 5340, July 2008.
[RFC5393] Sparks, R., Lawrence, S., Hawrylyshen, A., and B.
Campen, "Addressing an Amplification Vulnerability
in Session Initiation Protocol (SIP) Forking
Proxies", RFC 5393, December 2008.
[RFC5405] Eggert, L. and G. Fairhurst, "Unicast UDP Usage
Guidelines for Application Designers", BCP 145,
RFC 5405, November 2008.
[RFC5430] Salter, M., Rescorla, E., and R. Housley, "Suite B
Profile for Transport Layer Security (TLS)",
RFC 5430, March 2009.
[RFC5433] Clancy, T. and H. Tschofenig, "Extensible
Authentication Protocol - Generalized Pre-Shared Key
(EAP-GPSK) Method", RFC 5433, February 2009.
[RFC5437] Saint-Andre, P. and A. Melnikov, "Sieve Notification
Mechanism: Extensible Messaging and Presence
Protocol (XMPP)", RFC 5437, January 2009.
[RFC5539] Badra, M., "NETCONF over Transport Layer Security
(TLS)", RFC 5539, May 2009.
[RFC5545] Desruisseaux, B., "Internet Calendaring and
Scheduling Core Object Specification (iCalendar)",
RFC 5545, September 2009.
[RFC5546] Daboo, C., "iCalendar Transport-Independent
Interoperability Protocol (iTIP)", RFC 5546,
[RFC5548] Dohler, M., Watteyne, T., Winter, T., and D.
Barthel, "Routing Requirements for Urban Low-Power
and Lossy Networks", RFC 5548, May 2009.
[RFC5569] Despres, R., "IPv6 Rapid Deployment on IPv4
Infrastructures (6rd)", RFC 5569, January 2010.
[RFC5621] Camarillo, G., "Message Body Handling in the Session
Initiation Protocol (SIP)", RFC 5621,
[RFC5626] Jennings, C., Mahy, R., and F. Audet, "Managing
Client-Initiated Connections in the Session
Initiation Protocol (SIP)", RFC 5626, October 2009.
[RFC5652] Housley, R., "Cryptographic Message Syntax (CMS)",
STD 70, RFC 5652, September 2009.
[RFC5673] Pister, K., Thubert, P., Dwars, S., and T. Phinney,
"Industrial Routing Requirements in Low-Power and
Lossy Networks", RFC 5673, October 2009.
[RFC5681] Allman, M., Paxson, V., and E. Blanton, "TCP
Congestion Control", RFC 5681, September 2009.
[RFC5717] Lengyel, B. and M. Bjorklund, "Partial Lock Remote
Procedure Call (RPC) for NETCONF", RFC 5717,
[RFC5740] Adamson, B., Bormann, C., Handley, M., and J.
Macker, "NACK-Oriented Reliable Multicast (NORM)
Transport Protocol", RFC 5740, November 2009.
[RFC5751] Ramsdell, B. and S. Turner, "Secure/Multipurpose
Internet Mail Extensions (S/MIME) Version 3.2
Message Specification", RFC 5751, January 2010.
[RFC5785] Nottingham, M. and E. Hammer-Lahav, "Defining Well-
Known Uniform Resource Identifiers (URIs)",
RFC 5785, April 2010.
[RFC5826] Brandt, A., Buron, J., and G. Porcu, "Home
Automation Routing Requirements in Low-Power and
Lossy Networks", RFC 5826, April 2010.
[RFC5838] Lindem, A., Mirtorabi, S., Roy, A., Barnes, M., and
R. Aggarwal, "Support of Address Families in
OSPFv3", RFC 5838, April 2010.
[RFC5849] Hammer-Lahav, E., "The OAuth 1.0 Protocol",
RFC 5849, April 2010.
[RFC5867] Martocci, J., De Mil, P., Riou, N., and W.
Vermeylen, "Building Automation Routing Requirements
in Low-Power and Lossy Networks", RFC 5867,
[RFC5905] Mills, D., Martin, J., Burbank, J., and W. Kasch,
"Network Time Protocol Version 4: Protocol and
Algorithms Specification", RFC 5905, June 2010.
[RFC5932] Kato, A., Kanda, M., and S. Kanno, "Camellia Cipher
Suites for TLS", RFC 5932, June 2010.
[RFC5958] Turner, S., "Asymmetric Key Packages", RFC 5958,
[RFC5996] Kaufman, C., Hoffman, P., Nir, Y., and P. Eronen,
"Internet Key Exchange Protocol Version 2 (IKEv2)",
RFC 5996, September 2010.
[RFC5998] Eronen, P., Tschofenig, H., and Y. Sheffer, "An
Extension for EAP-Only Authentication in IKEv2",
RFC 5998, September 2010.
[RFC6031] Turner, S. and R. Housley, "Cryptographic Message
Syntax (CMS) Symmetric Key Package Content Type",
RFC 6031, December 2010.
[RFC6047] Melnikov, A., "iCalendar Message-Based
Interoperability Protocol (iMIP)", RFC 6047,
[RFC6052] Bao, C., Huitema, C., Bagnulo, M., Boucadair, M.,
and X. Li, "IPv6 Addressing of IPv4/IPv6
Translators", RFC 6052, October 2010.
[RFC6090] McGrew, D., Igoe, K., and M. Salter, "Fundamental
Elliptic Curve Cryptography Algorithms", RFC 6090,
[RFC6120] Saint-Andre, P., "Extensible Messaging and Presence
Protocol (XMPP): Core", RFC 6120, March 2011.
[RFC6121] Saint-Andre, P., "Extensible Messaging and Presence
Protocol (XMPP): Instant Messaging and Presence",
RFC 6121, March 2011.
[RFC6144] Baker, F., Li, X., Bao, C., and K. Yin, "Framework
for IPv4/IPv6 Translation", RFC RFC6144, April 2011.
[RFC6145] Li, X., Bao, C., and F. Baker, "IP/ICMP Translation
Algorithm", RFC 6145, April 2011.
[RFC6146] Bagnulo, M., Matthews, P., and I. Beijnum, "Stateful
NAT64: Network Address and Protocol Translation from
IPv6 Clients to IPv4 Servers", RFC 6146, April 2011.
[RFC6147] Bagnulo, M., Sullivan, A., Matthews, P., and I.
Beijnum, "DNS64: DNS Extensions for Network Address
Translation from IPv6 Clients to IPv4 Servers",
RFC 6147, April 2011.
[RFC6180] Arkko, J. and F. Baker, "Guidelines for Using IPv6
Transition Mechanisms during IPv6 Deployment",
RFC 6180, May 2011.
[RPL] Winter, T., Thubert, P., Brandt, A., Clausen, T.,
Hui, J., Kelsey, R., Levis, P., Pister, K., Struik,
R., and J. Vasseur, "RPL: IPv6 Routing Protocol for
Low power and Lossy Networks", Work in Progress,
[SP-MULPIv3.0] CableLabs, "DOCSIS 3.0 MAC and Upper Layer Protocols
Interface Specification, CM-SP-MULPIv3.0-I10-
090529", May 2009.
[SmartGrid] Wikipedia, "Wikipedia Article: Smart Grid",
February 2011, <http://en.wikipedia.org/w/
[TCP-SEC] Gont, F., "Security Assessment of the Transmission
Control Protocol (TCP)", Work in Progress,
[r1822] Bolt Beranek and Newman Inc., "Interface Message
Processor -- Specifications for the interconnection
of a host and a IMP, Report No. 1822", January 1976.
[xCAL] Daboo, C., Douglass, M., and S. Lees, "xCal: The XML
format for iCalendar", Work in Progress, April 2011.