<?xml version='1.0' encoding='utf-8'?>
<!DOCTYPE rfc [
  <!ENTITY nbsp    "&#160;">
  <!ENTITY zwsp   "&#8203;">
  <!ENTITY nbhy   "&#8209;">
  <!ENTITY wj     "&#8288;">
]>
<?xml-stylesheet type="text/xsl" href="rfc2629.xslt" ?>
<!-- generated by https://github.com/cabo/kramdown-rfc version 1.7.39 (Ruby 3.2.3) -->
<rfc xmlns:xi="http://www.w3.org/2001/XInclude" ipr="trust200902" docName="draft-zhao-opsawg-network-resilience-ps-01" category="info" submissionType="IETF" version="3">
  <!-- xml2rfc v2v3 conversion 3.34.0 -->
  <front>
    <title abbrev="Problem Statement for Network Resilience">Problem Statement for Network Resilience</title>
    <seriesInfo name="Internet-Draft" value="draft-zhao-opsawg-network-resilience-ps-01"/>
    <author initials="J." surname="Zhao" fullname="Jing Zhao" role="editor">
      <organization>China Unicom</organization>
      <address>
        <postal>
          <city>Beijing</city>
          <country>China</country>
        </postal>
        <email>zhaoj501@chinaunicom.cn</email>
      </address>
    </author>
    <author initials="R." surname="Pang" fullname="Ran Pang" role="editor">
      <organization>China Unicom</organization>
      <address>
        <postal>
          <city>Beijing</city>
          <country>China</country>
        </postal>
        <email>pangran@chinaunicom.cn</email>
      </address>
    </author>
    <author initials="W." surname="Lv" fullname="Wenxiang Lv" role="editor">
      <organization>China Unicom</organization>
      <address>
        <postal>
          <city>Beijing</city>
          <country>China</country>
        </postal>
        <email>lvwx28@chinaunicom.cn</email>
      </address>
    </author>
    <author initials="J." surname="Dong" fullname="Jie Dong" role="editor">
      <organization>Huawei Technologies</organization>
      <address>
        <postal>
          <city>Beijing</city>
          <country>China</country>
        </postal>
        <email>jie.dong@huawei.com</email>
      </address>
    </author>
    <author initials="S." surname="Zhang" fullname="Shuai Zhang" role="editor">
      <organization>China Unicom</organization>
      <address>
        <postal>
          <city>Beijing</city>
          <country>China</country>
        </postal>
        <email>zhangs366@chinaunicom.cn</email>
      </address>
    </author>
    <date year="2026" month="July" day="05"/>
    <area>Operations and Management Area</area>
    <workgroup>opsawg</workgroup>
    <abstract>
      <?line 68?>

<t>This document defines the problem space for network resilience. It identifies representative failure sources that expose limitations in current network architectures when facing complex, cascading, correlated, and unanticipated failures. It further analyzes cross-cutting resilience challenges and capability gaps across the pre-event, in-event, and post-event stages of the failure lifecycle, and derives a set of technical capabilities needed to improve network resilience.</t>
    </abstract>
  </front>
  <middle>
    <?line 72?>

<section anchor="introduction">
      <name>Introduction</name>
      <t>Current IP network reliability mechanisms are largely built around redundancy, fast failure detection, protection switching, and topology convergence. These mechanisms are effective for many anticipated and relatively well-bounded failures. However, as network scale, service dependency, and operational complexity increase, failures may become correlated across layers, evolve dynamically, consume the resources needed for recovery, or degrade service without causing a clear binary "up/down" state. In these conditions, static protection alone may not be sufficient to preserve service continuity.</t>
      <t>In this document, <strong>network resilience</strong> refers to the ability of a network to anticipate and reduce risk, absorb and contain failures, maintain an acceptable level of service during disruption, recover within bounded time objectives, and improve its future response based on operational feedback.</t>
      <t>The need for resilience enhancement is driven by three trends:</t>
      <ul spacing="normal">
        <li>
          <t><strong>Stricter Service Continuity Objectives:</strong> Critical services increasingly require more than binary availability. During severe disruptions, the network is expected to maintain a minimum acceptable service level and restore the target service level within bounded recovery objectives.</t>
        </li>
        <li>
          <t><strong>Operational Complexity Beyond Isolated Detection:</strong> Existing OAM tools provide mechanisms for fault detection, fault isolation, and performance monitoring <xref target="RFC7276"/>. However, visibility alone does not ensure that information from multiple layers and domains is correlated quickly enough to support coordinated mitigation in complex failure scenarios.</t>
        </li>
        <li>
          <t><strong>Growth of Correlated and Non-binary Failures:</strong> Conventional protection designs generally assume a bounded set of anticipated faults. They are less effective when failures involve shared-risk dependencies, gray degradation, control-plane instability, rapidly changing resource bottlenecks, or degradation of the systems required for diagnosis and recovery.</t>
        </li>
      </ul>
      <t>This document first describes representative failure sources and cross-cutting resilience challenges, then analyzes capability gaps across the failure lifecycle, and finally derives technical requirements for resilience enhancement.</t>
    </section>
    <section anchor="problem-statement">
      <name>Problem Statement</name>
      <t>Network resilience problems can originate from a range of physical, operational, design, protocol, performance, and security-related conditions. For analysis, this document identifies six representative failure sources and groups them into two broad categories: (1) structural and change-related sources and (2) dynamic and behavioral sources.</t>
      <t>These categories describe where resilience problems originate or first become observable. They are not mutually exclusive. A single incident may involve multiple sources, and its impact may propagate through shared dependencies, protocol interactions, traffic redistribution, resource contention, or automated recovery actions.</t>
      <figure anchor="fig-1">
        <name>Network Resilience Problem Space</name>
        <sourcecode type="text"><![CDATA[
+-------------------------------------------------------------------+
|               Network Resilience Problem Space                    |
+-------------------------------------------------------------------+
                                  |
             +--------------------+--------------------+
             |                                         |
             v                                         v
+----------------------------+        +------------------------------+
|      Failure Sources       |        | Cross-cutting Resilience     |
|                            |        |          Challenges          |
+----------------------------+        +------------------------------+
             |                                         |
      +------+------+                     +------------+------------+
      |             |                     |            |            |
      v             v                     v            v            v
+-----------+ +-----------+        +-----------+ +-----------+ +-----------+
|Structural | | Dynamic & |        |Correlated | | Resource  | | Recovery  |
| & Change  | |Behavioral |        |    and    | |Exhaustion | |  System   |
|  Sources  | |  Sources  |        | Cascading | |           | |Survivability|
+-----------+ +-----------+        | Failures  | +-----------+ +-----------+
      |             |              +-----------+
      |             |
      |-- Physical  |-- Control Plane and
      |   Interruption  Protocol Anomalies
      |
      |-- Configuration
      |   Errors    |-- Implicit Deterioration
      |                 (Gray Failures)
      +-- Planning
          and Design+-- Security Incidents
          Defects
]]></sourcecode>
      </figure>
      <section anchor="failure-sources">
        <name>Failure Sources</name>
        <section anchor="physical-interruption">
          <name>Physical Interruption</name>
          <t>Physical interruption occurs when links, ports, devices, line cards, or supporting infrastructure become unavailable. Mechanisms such as BFD and fast reroute can provide rapid protection against many anticipated and relatively well-bounded failures.</t>
          <t>However, protection may become ineffective when multiple components fail concurrently, backup resources are insufficient for the rerouted load, or the actual dependency relationship between primary and backup resources is not fully known. In such cases, recovery actions may lead to congestion, traffic blackholing, or secondary service degradation.</t>
        </section>
        <section anchor="configuration-errors">
          <name>Configuration Errors</name>
          <t>Configuration errors occur when incorrect or inconsistent configuration is introduced during provisioning, maintenance, or policy changes. The central problem is a mismatch among intended service behavior, routing and forwarding policy, and the configuration actually deployed in the network.</t>
          <t>Such mismatches can affect reachability, isolation, path selection, traffic engineering, or Quality of Service (QoS).</t>
          <ul spacing="normal">
            <li>
              <t><strong>Typical Scenarios:</strong> Misconfigured routing policies, incorrect VPN parameters, inconsistent network-slicing configuration, and incomplete or partially applied changes.</t>
            </li>
          </ul>
        </section>
        <section anchor="defects-in-network-planning-and-specification-design">
          <name>Defects in Network Planning and Specification Design</name>
          <t>Unlike transient configuration errors, planning and design defects are latent weaknesses in topology design, network specifications, protection schemes, dependency assumptions, or capacity planning. These weaknesses may remain invisible during normal operation and emerge only during protection switching, concurrent failures, or traffic surges.</t>
          <ul spacing="normal">
            <li>
              <t><strong>Typical Scenarios:</strong> Hidden shared-risk link groups (SRLGs) between primary and backup paths, insufficient backup capacity, poorly designed escape paths, and unexpectedly large fault domains caused by incomplete dependency analysis or inconsistent design practices.</t>
            </li>
            <li>
              <t><strong>Impact Example:</strong> After a primary-path failure, traffic may be switched to a backup path whose capacity was not validated against the expected failover load. The backup path then becomes congested or unavailable, turning a localized failure into wider service degradation.</t>
            </li>
          </ul>
        </section>
        <section anchor="control-plane-and-protocol-anomalies">
          <name>Control Plane and Protocol Anomalies</name>
          <t>These failures arise from abnormal behavior in routing, detection, or control protocols, including software defects, unstable protocol interactions, inconsistent state, and repeated state transitions that prevent the control plane from converging to a stable state.</t>
          <ul spacing="normal">
            <li>
              <t><strong>Typical Scenarios:</strong> Intermittent BFD flapping, IGP route churn, BGP route oscillation, inconsistent control state, and unstable interaction between independently designed protection or traffic-engineering mechanisms.</t>
            </li>
            <li>
              <t><strong>Amplification Effect:</strong> A localized anomaly can trigger repeated route recalculation, unnecessary protection switching, route churn, transient forwarding loops, or traffic blackholing. Services with strict delay, jitter, or packet-loss objectives may be affected even when the network eventually converges.</t>
            </li>
          </ul>
        </section>
        <section anchor="implicit-deterioration-gray-failures">
          <name>Implicit Deterioration (Gray Failures)</name>
          <t>A gray failure is a condition in which a link, node, protocol session, or service component appears operational while the service experienced by some or all traffic has degraded beyond an acceptable level.</t>
          <ul spacing="normal">
            <li>
              <t><strong>Typical Scenarios:</strong> Microbursts, intermittent packet loss, increased delay or jitter, asymmetric degradation, and degradation affecting only specific traffic classes or service flows.</t>
            </li>
            <li>
              <t><strong>Core Architectural Gaps:</strong>  </t>
              <ul spacing="normal">
                <li>
                  <t><em>State Ambiguity:</em> Periodic liveness mechanisms may not observe short-lived, flow-specific, path-specific, or performance-only degradation.</t>
                </li>
                <li>
                  <t><em>Observation-to-Action Gap:</em> IOAM <xref target="RFC9197"/> defines data fields for collecting operational and telemetry information along a packet path, but automated diagnosis, policy selection, and mitigation are outside the scope of that specification. Without an integrated decision and response loop, affected traffic may remain on a degraded path and continue to violate service objectives.</t>
                </li>
              </ul>
            </li>
          </ul>
        </section>
        <section anchor="security-incidents">
          <name>Security Incidents</name>
          <t>Security incidents can reduce network resilience by compromising the trustworthiness of control or management systems, manipulating routing or policy state, or consuming network resources through malicious traffic.</t>
          <ul spacing="normal">
            <li>
              <t><strong>Typical Scenarios:</strong> DDoS attacks, route hijacking, unauthorized configuration changes, falsified operational data, and manipulation of control or policy inputs.</t>
            </li>
            <li>
              <t><strong>Impact Mechanisms:</strong> A rapid traffic surge may exhaust link bandwidth, forwarding resources, processing capacity, or queue resources. Compromised control or management inputs may also trigger incorrect routing, protection, or recovery actions.</t>
            </li>
          </ul>
        </section>
      </section>
      <section anchor="cross-cutting-resilience-challenges">
        <name>Cross-cutting Resilience Challenges</name>
        <t>The failure sources above describe where resilience problems originate or first become observable. However, the severity of a resilience incident is often determined by properties that cut across multiple failure sources. In particular, three challenges make complex incidents difficult to handle using mechanisms designed primarily for isolated and anticipated failures.</t>
        <section anchor="correlated-and-cascading-failures">
          <name>Correlated and Cascading Failures</name>
          <t>Failures that appear independent at the logical network layer may share dependencies in physical infrastructure, control and management systems, software components, or external services. A single underlying event can therefore affect multiple nominally redundant components at the same time.</t>
          <t>Failures may also propagate through traffic redistribution, protocol interactions, shared-resource contention, and automated recovery actions. For example, a physical failure may trigger traffic rerouting, overload a backup path, cause packet loss and protocol instability, and subsequently trigger additional routing changes.</t>
          <t>In such cases, recovery mechanisms that operate correctly in isolation may interact in ways that amplify the original failure. The challenge is therefore not limited to detecting individual failed components. The network also needs sufficient dependency awareness and failure-context correlation to identify common causes, estimate the potential propagation scope, and avoid mitigation actions that expand the affected fault domain.</t>
        </section>
        <section anchor="resource-exhaustion-and-loss-of-recovery-capacity">
          <name>Resource Exhaustion and Loss of Recovery Capacity</name>
          <t>Network failures and traffic surges may exhaust data-plane, control-plane, or management-plane resources. Resource exhaustion can result from malicious traffic, legitimate traffic surges, failure-induced traffic redistribution, excessive protocol churn, telemetry storms, or repeated recovery actions.</t>
          <t>A particular resilience concern is that resources required for diagnosis and recovery may themselves become unavailable during a large-scale incident. For example, control-plane CPU exhaustion may delay routing convergence, while management-system or telemetry-processing overload may delay fault correlation, decision making, and policy execution.</t>
          <t>Consequently, a logically valid protection path or mitigation action may fail when activated under actual incident load. The resilience problem is therefore not only whether backup resources exist, but whether sufficient forwarding, control, and management capacity remains available throughout the mitigation and recovery process.</t>
        </section>
        <section anchor="recovery-system-survivability">
          <name>Recovery-System Survivability</name>
          <t>Resilience mechanisms increasingly depend on telemetry systems, controllers, management connectivity, orchestration platforms, policy engines, and other automation components. These systems may themselves become degraded, unreachable, overloaded, or inconsistent during the same incident they are expected to mitigate.</t>
          <t>Examples include telemetry pipeline failures, stale topology or resource information, inconsistent controller state, management connectivity loss, orchestration backlog, partially applied transactions, conflicting automated policies, and failed rollback operations.</t>
          <t>The resulting problem is a loss of recovery capability: the network may still have usable forwarding resources, but the systems required to observe the incident, select a mitigation strategy, execute the action, or verify the result may no longer operate correctly. A resilience architecture therefore needs to consider the survivability and degraded-mode behavior of its own sensing, decision, control, and recovery mechanisms.</t>
          <t>The failure sources and cross-cutting challenges described above explain where resilience incidents originate and why their impact may exceed the assumptions of conventional protection mechanisms. The following section analyzes where resilience capabilities are insufficient across the pre-event, in-event, and post-event stages of the failure lifecycle.</t>
        </section>
      </section>
    </section>
    <section anchor="resilience-gap-analysis-across-the-failure-lifecycle">
      <name>Resilience Gap Analysis Across the Failure Lifecycle</name>
      <t>The failure sources and cross-cutting challenges described above explain where resilience incidents originate and why they may propagate or exceed the assumptions of conventional protection mechanisms. This section analyzes the corresponding capability gaps across three stages of the failure lifecycle: pre-event, in-event, and post-event.</t>
      <figure anchor="fig-2">
        <name>Resilience Gaps Across the Failure Lifecycle</name>
        <sourcecode type="text"><![CDATA[
+-------------------------------------------------------------------+
|             Resilience Gaps Across the Failure Lifecycle          |
+-------------------------------------------------------------------+
                                  |
         +------------------------+------------------------+
         |                        |                        |
         v                        v                        v
+------------------+     +------------------+     +------------------+
|    Pre-event     |     |     In-event     |     |    Post-event    |
| Risk Discovery   |     | Awareness,       |     | Recovery         |
| & Validation     |     | Containment &    |     | Assurance &      |
|                  |     | Adaptive Response|     | Improvement      |
+------------------+     +------------------+     +------------------+
         |                        |                        |
         |-- Hidden Dependencies  |-- Fragmented Context  |-- Manual Recovery
         |-- Limited Validation   |-- Resource Blindness  |-- Weak Verification
         +-- Untested Capacity    |-- Mechanism Conflict  +-- Limited Learning
                                  +-- Recovery-System Risk
]]></sourcecode>
      </figure>
      <section anchor="pre-event-insufficient-risk-discovery-and-validation">
        <name>Pre-event: Insufficient Risk Discovery and Validation</name>
        <t>Before an incident occurs, resilience is weakened when latent dependencies, risky changes, and insufficient recovery resources cannot be identified or validated in advance.</t>
        <ul spacing="normal">
          <li>
            <t><strong>Incomplete Dependency Awareness:</strong> Logical topology information alone may not reveal shared physical infrastructure, common control or management dependencies, software commonality, or other hidden relationships among nominally redundant resources. As a result, failures that are assumed to be independent may actually share a common cause.</t>
          </li>
          <li>
            <t><strong>Limited Change and Policy Validation:</strong> Configuration, routing-policy, protection, and service changes may be syntactically valid while producing unintended behavior when combined with existing topology, policy, and resource constraints. Existing operational processes do not always provide sufficiently comprehensive pre-deployment validation across multi-vendor devices, multiple protocol layers, and service dependencies.</t>
          </li>
          <li>
            <t><strong>Limited Failure Simulation and Stress Validation:</strong> Protection paths and recovery strategies are often evaluated against predefined failure assumptions. They may not be validated under correlated failures, concurrent traffic surges, protocol instability, or partial management-system degradation. Consequently, backup capacity and recovery-system resources that appear sufficient under normal conditions may become inadequate during an actual incident.</t>
          </li>
        </ul>
        <t>The pre-event gap is therefore not merely the presence of configuration or design errors. The deeper problem is the inability to discover hidden dependencies, predict compound failure effects, and validate whether protection and recovery mechanisms remain effective under realistic incident conditions.</t>
      </section>
      <section anchor="in-event-insufficient-situation-awareness-containment-and-adaptive-response">
        <name>In-event: Insufficient Situation Awareness, Containment, and Adaptive Response</name>
        <t>During an incident, successful mitigation depends on the ability to understand the evolving situation, identify the affected scope, preserve sufficient recovery capacity, and coordinate actions across multiple mechanisms and layers. Current networks may lack these capabilities when failures are correlated, rapidly changing, or resource-constrained.</t>
        <ul spacing="normal">
          <li>
            <t><strong>Fragmented Failure Context:</strong> Telemetry, alarms, protocol state, topology information, resource utilization, and service-impact information may be collected by separate systems. Without timely correlation, multiple symptoms of a common underlying failure may be treated as independent events, delaying diagnosis and causing inconsistent mitigation decisions.</t>
          </li>
          <li>
            <t><strong>Insufficient Dependency and Propagation Awareness:</strong> When failures propagate across physical infrastructure, logical topology, protocols, and services, the network may not have sufficient information to determine the common cause or estimate the potential propagation scope. This limits the ability to contain the failure before additional services or network domains are affected.</t>
          </li>
          <li>
            <t><strong>Resource Blindness During Mitigation:</strong> A logically available protection or escape path may not have sufficient forwarding capacity, queue resources, control-plane processing capacity, or management-system capacity under actual incident load. Recovery actions based on incomplete or stale resource information may therefore move traffic or control workload into another bottleneck.</t>
          </li>
          <li>
            <t><strong>Interaction Among Independent Recovery Mechanisms:</strong> Routing convergence, fast reroute, traffic engineering, load balancing, admission control, and service-level recovery mechanisms may operate independently. Although each mechanism may behave correctly in isolation, their combined actions may result in oscillation, repeated traffic movement, transient loops, resource contention, or expansion of the affected fault domain.</t>
          </li>
          <li>
            <t><strong>Insufficient Recovery-System Survivability:</strong> Telemetry systems, controllers, management connectivity, orchestration platforms, and policy engines may themselves become overloaded, unreachable, or inconsistent during a major incident. The network may therefore lose part of its observation, decision, execution, or verification capability at the time when these capabilities are most needed.</t>
          </li>
        </ul>
        <t>The in-event gap is consequently not limited to detection speed or protection-switching time. It also includes the ability to construct a coherent incident view, contain propagation, preserve recovery capacity, and coordinate adaptive responses without amplifying the original failure.</t>
      </section>
      <section anchor="post-event-insufficient-recovery-assurance-and-adaptive-improvement">
        <name>Post-event: Insufficient Recovery Assurance and Adaptive Improvement</name>
        <t>After an incident has been contained, resilience still depends on whether service recovery is complete, whether temporary mitigation can be safely removed, and whether operational evidence is converted into validated improvements.</t>
        <t>Service Assurance for Intent-Based Networking (SAIN) <xref target="RFC9417"/> provides an architecture for assessing whether service instances and their dependent subservices are operating as expected. Building on such assurance information, resilience enhancement requires stronger integration among diagnosis, recovery orchestration, verification, and policy improvement.</t>
        <ul spacing="normal">
          <li>
            <t><strong>Dependence on Manual Recovery:</strong> Complex incidents often require manual diagnosis, traffic adjustment, configuration repair, capacity reassessment, or restoration of control and management systems. Heavy dependence on expert intervention increases recovery time and may produce inconsistent outcomes.</t>
          </li>
          <li>
            <t><strong>Insufficient Recovery Verification:</strong> The removal of an alarm or restoration of protocol adjacency does not necessarily indicate that the affected service has returned to its required performance level. Recovery processes may lack end-to-end verification of reachability, delay, loss, isolation, policy compliance, and service-level objectives.</t>
          </li>
          <li>
            <t><strong>Limited Incident-to-Policy Feedback:</strong> Incident evidence, root-cause findings, propagation paths, resource bottlenecks, and recovery outcomes are not always converted into updates to risk models, detection thresholds, dependency information, protection policies, capacity assumptions, or validation rules.</t>
          </li>
          <li>
            <t><strong>Insufficient Validation of Learned Changes:</strong> Changes derived from operational experience may introduce new interactions or risks if they are deployed directly. Closed-loop improvement therefore requires not only learning from incidents, but also validating proposed policy or configuration changes before they are applied to the production network.</t>
          </li>
        </ul>
        <t>The post-event gap is therefore broader than repair automation. A resilient network needs to verify that recovery objectives have actually been achieved and to convert incident evidence into validated improvements that reduce the probability or impact of similar failures in the future.</t>
      </section>
    </section>
    <section anchor="technical-requirements-for-resilience-enhancement">
      <name>Technical Requirements for Resilience Enhancement</name>
      <t>The problem space and lifecycle gap analysis above imply that a resilience-enhancement architecture needs to provide at least the following capabilities:</t>
      <ul spacing="normal">
        <li>
          <t><strong>Proactive Risk Awareness and Validation:</strong> Detect latent design, configuration, dependency, and degradation risks by correlating multi-dimensional telemetry, configuration state, topology, policy, and service intent. The architecture should also support pre-deployment validation or simulation of high-impact changes, compound failures, and stress scenarios.</t>
        </li>
        <li>
          <t><strong>Resource-aware Elastic Protection:</strong> Maintain sufficiently current awareness of available path and resource conditions so that protection and traffic-steering actions do not move traffic onto paths that cannot sustain the expected load. The network should be able to absorb short-lived shocks through resource buffering, traffic isolation, admission control, load shedding, or elastic scheduling where applicable.</t>
        </li>
        <li>
          <t><strong>Coordinated Fault Containment and Adaptive Response:</strong> Correlate evidence across protocol, network, infrastructure, management, and service layers; identify common causes and affected scope; estimate potential propagation; and coordinate mitigation actions so that local failures are contained rather than amplified by independent recovery mechanisms.</t>
        </li>
        <li>
          <t><strong>Bounded Recovery and Service Continuity:</strong> Restore critical service performance within defined recovery objectives while maintaining a minimum acceptable service level during disruption whenever feasible. Recovery actions should be verifiable and should avoid repeated oscillation between unstable states. The sensing, decision, control, and management functions required for recovery should remain available, or provide defined degraded-mode behavior, under the failure conditions they are expected to handle.</t>
        </li>
        <li>
          <t><strong>Closed-loop Learning and Adaptation:</strong> Use incident evidence and recovery outcomes to improve detection logic, dependency information, risk models, protection policies, capacity assumptions, and validation rules. Policy or configuration changes derived from operational feedback should themselves be validated before deployment.</t>
        </li>
      </ul>
    </section>
    <section anchor="conclusion">
      <name>Conclusion</name>
      <t>Current network reliability mechanisms remain necessary, but they are not sufficient for failure scenarios that are correlated, non-binary, dynamic, resource-constrained, or difficult to anticipate. The problem space described in this document shows that resilience gaps arise not only from individual failure sources, but also from hidden dependencies, cascading propagation, resource exhaustion, interaction among recovery mechanisms, and degradation of the systems required for diagnosis and recovery.</t>
      <t>A resilient network architecture therefore requires a lifecycle approach: reduce risk before failures occur, construct an accurate incident view while failures are evolving, contain propagation, preserve sufficient recovery capacity, restore services within defined objectives, verify the recovery result, and convert operational evidence into validated improvements.</t>
      <t>The technical capabilities identified in this document provide a basis for further architectural and protocol work on network resilience.</t>
    </section>
    <section anchor="security-considerations">
      <name>Security Considerations</name>
      <t>Resilience mechanisms can introduce new attack surfaces. For example, an attacker could inject or manipulate telemetry, topology, dependency, resource-state, or policy information to trigger unnecessary traffic movement, oscillation, incorrect containment decisions, or resource exhaustion. A resilience framework therefore needs to protect the authenticity, integrity, authorization, and freshness of sensing data and control inputs, and to apply appropriate access control to policy updates and automated recovery actions.</t>
      <t>Automated mitigation can also amplify incorrect decisions. Implementations should therefore support policy constraints, scoped actions, rollback or fail-safe behavior, and post-action verification. The security and availability of telemetry systems, controllers, orchestration platforms, and management connectivity are themselves part of the resilience problem and should be protected accordingly.</t>
    </section>
    <section anchor="iana-considerations">
      <name>IANA Considerations</name>
      <t>This document makes no requests of IANA.</t>
      <t>---back</t>
    </section>
  </middle>
  <back>
    <references anchor="sec-informative-references">
      <name>Informative References</name>
      <reference anchor="RFC7276" target="https://www.rfc-editor.org/info/rfc7276" xml:base="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.7276.xml">
        <front>
          <title>An Overview of Operations, Administration, and Maintenance (OAM) Tools</title>
          <author fullname="T. Mizrahi" initials="T." surname="Mizrahi"/>
          <author fullname="N. Sprecher" initials="N." surname="Sprecher"/>
          <author fullname="E. Bellagamba" initials="E." surname="Bellagamba"/>
          <author fullname="Y. Weingarten" initials="Y." surname="Weingarten"/>
          <date month="June" year="2014"/>
          <abstract>
            <t>Operations, Administration, and Maintenance (OAM) is a general term that refers to a toolset for fault detection and isolation, and for performance measurement. Over the years, various OAM tools have been defined for various layers in the protocol stack.</t>
            <t>This document summarizes some of the OAM tools defined in the IETF in the context of IP unicast, MPLS, MPLS Transport Profile (MPLS-TP), pseudowires, and Transparent Interconnection of Lots of Links (TRILL). This document focuses on tools for detecting and isolating failures in networks and for performance monitoring. Control and management aspects of OAM are outside the scope of this document. Network repair functions such as Fast Reroute (FRR) and protection switching, which are often triggered by OAM protocols, are also out of the scope of this document.</t>
            <t>The target audience of this document includes network equipment vendors, network operators, and standards development organizations. This document can be used as an index to some of the main OAM tools defined in the IETF. At the end of the document, a list of the OAM toolsets and a list of the OAM functions are presented as a summary.</t>
          </abstract>
        </front>
        <seriesInfo name="RFC" value="7276"/>
        <seriesInfo name="DOI" value="10.17487/RFC7276"/>
      </reference>
      <reference anchor="RFC9197" target="https://www.rfc-editor.org/info/rfc9197" xml:base="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.9197.xml">
        <front>
          <title>Data Fields for In Situ Operations, Administration, and Maintenance (IOAM)</title>
          <author fullname="F. Brockners" initials="F." role="editor" surname="Brockners"/>
          <author fullname="S. Bhandari" initials="S." role="editor" surname="Bhandari"/>
          <author fullname="T. Mizrahi" initials="T." role="editor" surname="Mizrahi"/>
          <date month="May" year="2022"/>
          <abstract>
            <t>In situ Operations, Administration, and Maintenance (IOAM) collects operational and telemetry information in the packet while the packet traverses a path between two points in the network. This document discusses the data fields and associated data types for IOAM. IOAM-Data-Fields can be encapsulated into a variety of protocols, such as Network Service Header (NSH), Segment Routing, Generic Network Virtualization Encapsulation (Geneve), or IPv6. IOAM can be used to complement OAM mechanisms based on, e.g., ICMP or other types of probe packets.</t>
          </abstract>
        </front>
        <seriesInfo name="RFC" value="9197"/>
        <seriesInfo name="DOI" value="10.17487/RFC9197"/>
      </reference>
      <reference anchor="RFC9417" target="https://www.rfc-editor.org/info/rfc9417" xml:base="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.9417.xml">
        <front>
          <title>Service Assurance for Intent-Based Networking Architecture</title>
          <author fullname="B. Claise" initials="B." surname="Claise"/>
          <author fullname="J. Quilbeuf" initials="J." surname="Quilbeuf"/>
          <author fullname="D. Lopez" initials="D." surname="Lopez"/>
          <author fullname="D. Voyer" initials="D." surname="Voyer"/>
          <author fullname="T. Arumugam" initials="T." surname="Arumugam"/>
          <date month="July" year="2023"/>
          <abstract>
            <t>This document describes an architecture that provides some assurance that service instances are running as expected. As services rely upon multiple subservices provided by a variety of elements, including the underlying network devices and functions, getting the assurance of a healthy service is only possible with a holistic view of all involved elements. This architecture not only helps to correlate the service degradation with symptoms of a specific network component but, it also lists the services impacted by the failure or degradation of a specific network component.</t>
          </abstract>
        </front>
        <seriesInfo name="RFC" value="9417"/>
        <seriesInfo name="DOI" value="10.17487/RFC9417"/>
      </reference>
    </references>
  </back>
  <!-- ##markdown-source:
H4sIAAAAAAAAA8VdbY/bRpL+bsD/gUiARV6kOce3m9zO4oAbj+1kFnnxepwN
cIv90CJbEm2K1LJJjZXz7W+/eu2upqixNxvcTpBkJFFkd3W9PPVUdc9yuXz4
YKiHxl8WxYu+WzV+V9wObvA73w7FuuuL7/1w1/Vvipc+1E3t29I/fOBWq94f
/qGvVF3Zuh08purdelj+vHXdstsHd7dZtnz5so+XL/dh+eiLhw+6VegaP/hw
+fDBuK8c/4b/vyweP3r85fLRV8tHv3v4oIR3Nl1/vCzqdt09fBDG1a4Ooe7a
V8c9XHvz7NXzhw/qfX9ZDP0YhsePHv3+0WOYR+/dZfHD3vdugItD4dqq+M61
bsOTuYLPHz7AwW36btxfFjzihw/gq+Ow7XoYDQgQnhouiz9eFP8Ns4KXPNE/
1u1G3+n6jWvrn+kpl8X1tm5d8WNbl90OPvQ7VzeXBYrk9e8effFfJX480qcX
ZQsX9B2uj6/qoevhZVkPMNMnvn4NT8DX3dgOOHm6rxnRy4vihaNLeEQvXatv
fMiA9nBp79pfbzw/XRTfHuJofvLt2xoewe99yICaw93bx//x640HVuxpZ+Tz
x9rrG/lwvhndna+LV77ctl3TbWof0qhe1/6igm/915auuuAh/9Ix3ZIWmUHd
wm3r+N4HKlK7Cf/+5Zf/tKT4n7brd/DAg7/EV2hh6XXx8vn1V4+/+lJ+/f0X
v/9Kf/3tF1/RFy4uLvg+y+WycKsw9K4c8PWrbR0K8Asj2Vrl13XrQzFsfbEX
txL2rvTkUsRHFMlHXBQ3Q1FX8NV6DesBn+zhQ3hJQyvWIIqx90Xoxr6k27qh
8G/3XfBFU+/qQSy+boty7HscgT7D9SC3wZcDfD8Ud1vfwt1KtGaQ477xbxdF
6ULpKngLfu3g2w04oGpB7mNsHQyprPf4lg4j0GjXYw+z6+Ey1xx/hnuXfRfC
shyHAe+e5laUW9c0vt14dkml27sVfDYci43bw3v0RRGVX/oDDH8BU9Hf8Dsw
04FfF2FweKduTd9QyTT12pfHsvF8feV7kBvcuwh+oGtR2+vSNenxKOfW+wom
NnRFvYN1AlHPrI0u966uqsbz8n9c3IByddVYouTxnWsR/M0Lc4+m1qnuYACg
7GEHg8Lxun7jm2OxGutmgHdAVyu4voL/ubY8LmBiYYizqzyuIDxogdokvxfh
rh7QKDY856HbozkfYRHbg4fbk1692oIeTZ/u12u8x4HVcefaY2HX2dFYGtI9
GOOdb5rlCkeY6cA33R2sSA8PD3HGoEi4BMH3h7rEce89fIsmhDftNDjhOrD6
oWzqtoTYFPwi3h3GBLLxcI03Oqmq0rij78Oi8IeugTlUR3AuuLbNETW4DWCD
pBxwIzEYWWecbQ93hWHDpfCi8hAUKh8HDBLdduMASjIG1GJXgEq5vliBB+mP
xUfj/t+q7q79CLVwQKtt8UEBB9mCH0IjXNBndWlXyjVd62lObTfAvIowrtcg
btQX0D2y9f6QhgF3AyMaQTakfPQU414WxWefnerpZ5/BizUIBm+J01fVA/V3
cYXgs7TUstKgxSCsOrxZoEvr+hXbKQzC1W1ckwVMoOa3IPS6svT7wYFnKxpQ
gwafEpd97FF4VR36cc9qK1InAcMNVJuGGpaqW71mbQysJWqK9RDAy6Djwlnu
Qba+WIGagB61mSqtYXVXrnxzwY7Y03LLYkcv5FuwgJKhEMoSHQQM5Aii6j3o
CxhvFcjHfwbivR36uhxgwLcyp+u4JMUPcbyXIPPrHtYdHYvMPqg6gwjAeHr/
t7GGGey6HpUSJCe65A4gV1kiCN0ssoAW5Y3kQCTDNnklGDi4fXg6O620IOCc
2no37uy66HLw+vBSh4HHAf+iBxomF02WR23FLNGFSugHswDXyZaf+COYQnED
WJdM9qm6LpTVs7d1oOjww9V3MP6uCWglBwh81kPhwq3d2AzW7/EbNd2W3qCw
4HuK37i+u65FIIB3/4vE8b8aJ3WoQy32wNZYdegXwBw9OAxem6GIeAA0bN13
u2IHT633qOTkczi4dCj3gIthfBMsc/kGFty33bjZ4uqEcb/venAmXddDeKWr
IFbXG74/BmuWW4rvpQfdqLsk5a/77m7YonFdGzcIg/i+a5eiSc/FQEkb0fe3
sizGA1VgCBsYM0QFWDbwlOC1yU+6uNgSKfOAD9MPFESOHLY8uN8UPQROiM+u
W/bHYQuXVkt0KCkC1Gjd4GyP4nNlFdHJAI5b7hsHawJSHcQkwGW4fV3BQFEv
NgIpyJ3DiAdI8lpfvgnGi7NUBReEY4AcLqj5sTeoardpu1AHMQZW7otT+Lau
+4DaF8q+Xr0fjpG3fD/6IVNuDWA6D4TOwBoAlbR2Cm8SqpF54ujDPZ7vQtHL
Sa6Lb39/ElMUvOJgQbZ9vSE9ZttwsEQwLxT5fnsMOI6F9csL0ToGLV3ZwTvG
YnlKwQNiBREsVblTJL0onneCL2HNFnkMtGg51G8/ZIko7SX57kDTMEjedcWq
7xxiUsq54WaXxSdffAohvB8RMjv2m6SCPg7R3vSTx58qAKHXK791h7rDb8pl
GpUQJcTHROVCG+IAdyLyJG50iKSSAom6FbptdPLGNtGX7SBckob4t2UDEOYA
F1wVFIrQukoSGgERNdbo4GS0EoJBiyAMQ25DF8OQ9m6DI4FgSe6NbXxi3rrM
KF2PiZEEsN4h2kGgAe4fJj0qJhB7RifATovM2Y0DeNjBxh+5F4ny73//++Df
gsJ+vvznfz5/+OBdkf+cEj7JWiiFm/l596uNZu7uJ8/KXs8+eP7NyTenM//w
Zx4++JuH90jm83unkY1dhivhrrgVK5zM5R0gMuuKzTLKTO6d9ruTX4riOiWw
ViK/1rzmn//en7gm8gT93+zF2Sg+nx1A/uT5cbw7/0Jvk6vGvKIczr/Ixfp5
kb+amc30kuwVLPZtcuXv4J+n4qt/Y1baQCu85KX6JXklPohV5zeoDRj18MMn
ydnneoM+lH5/9+ztFnJJgiZ4t+KWgEmhihiVmD9Mr+LdrpWd4UuM9N/djoDd
D4Ih3n2Q5N5FtIi/3yu5mUWeasWHfCO+vVwWLwQm8Ktrxn7FC8J+IDJ7hxsM
IZIEETXPkeWqhdDQMGV5en+447rejAxA7N2e9X3XB73sBlA3YNyBkpMe1296
ff7zydeIW1Vwnxq7o7G3zDfGH1z8p4R88IpbATgwIw6/wV771COWDhTVHj74
n8viY5jA8ouCyhj/+dH7YtFH/yuA7uOpW+R3P04itwLFD+MHtZV0V8JohSds
6hYBNuYwAbEcZbcLfBuRTF8x+JYsBxUUsqfeKXTyClbGVlJdRCvfpTQvjOUW
uaMnz58yuEXGq/eALwZPcFNTQ0oEMjplg/nX8AuJK5x8TAvNXQ3lBDPMc5yI
kjBjg+yRUDbcEKGLMK5IPiEJMe4N74S4DIaa2B6E5kxN0TyrogH4SXIkxqZE
+GZoM5kNQJ9tvYfRDXfeo2DqHVEIiDenj6w5q12PCAPftN1dSzQVSbt0AVdw
Cqto6o13xCnAjCDQMRhT5LZq4CnbriGuEdfcI0rHISSmL6ZgmmOA8mX2KEZI
XGn2vmfjJNVjcQNSRZcM6BMehi9aSAAQIuLozDdrTDqZhkUwyhwKqQ2Wy2i0
RJFAVk0JB9xtD7MoJan0nNoWkHUPPefLZFqYIEKmHgCEooruOtLtwUuazDNW
oA/ihJUksrClNPPO9eSu+UnCzW79ZOi81JTL7ZvuCDeuW0v1kBRvcdF0IJ6T
MEeaCWvoYA6aKxteBCwB4LlvlDjRNfSYRHvf6xr+CR4v7KByXJ/8qbv9NFIP
r4578g+3Skogv/BdHXQeiM9l5jRVSgHSyv35xfcwlt7t0MfKJ3EZtUoa8HtU
izCykRSkZXaE0x+401Azb7EH5+2ruIJJ28SXoiDVb6p7pjve7n0JCWPJC8Ae
Gr/7Y9vUb5ABdDC+UyVj9QTB2ntxZot1HnokU/o0tTvv3rQ+BCJEEimvqXBk
yu1gQs7rw1rvPLnc6AeIrVFGEOSB3AEWvOKolOk3j0er7rGMhgZF/FcTuVkq
gzUpW6dJwVN7zOdbVMtoTDPlhuT1DDuMPkx0LYz9xlCFs5r0TV3B1DKyCAOO
Zumf3L789uvw6X0+DzWdFMv4V/lIxYPRq+sbFT+oDaTdbu/1u1zjUkoVrqO6
jLKPwvNhMQC+uTpanbRrIwzFibMSJdlTKlwagdxwav3srcO7oTSu1kg2O53m
kqxYZJtsmEOUrARTwM5KA7xnRzSDKMed42BwAFOvOEJK6ERPE5lkfA6x8xiM
2CXamxJrxZExaHhAEr63oR0GOfZsHnAbWO365xR0mW65g2Devz9i5JhwFvop
nxKpR9CqoKzUSnRbHTSaoTiqhWWU0YrkaUpcsJtqRvLfoVsPd46qb2TkC5hu
YGb9DNGRLT5ViBYCSfaeiaOBOBRyNBx5iXXe91zalCjBQyIB0IyknodjogWX
QXAJ6l4bI8y3qwcaEOKsdQPukwRx8/WLQqDWFhZuUTyJb3ShrBsNJ9PoS4Mz
c4syMaKIRlu3aiaDtUHjVJLTWJoAZaoBcYJXCNqj935GUZAsx6ibIxU5Upwc
+nqz8X0SPk8OYpNrylGnN7atB8sM6FrmfV0mpBQjTKBvum6f+z+Dly40ugYq
riCzWJfoGhoH3uk1rk3PwAS+4odlgxRwKreoyXPUR/+FVSsCSbYuRPrDeEKr
vzYyzic8p3nNwwdXzNFHu0UkFBlZtKS7bY2YiHw1RLOu8ob3g6gT1LZSLVMQ
M0Zu7xDomcoR3K7hepRej16pp1SHXG4gvhNcY9NE8W5d0MotEq5UcJopSb4P
yZQA9yDZGchyjaHwShS4EotYm654yXAoumguHHeAbmA985oG44NUkuC1Q02h
yKqRP06nbBzFayO0ddPdJdW/xprdVWrkgKl87fY4C0wl4Qpi8Yur3QpQC3bB
fFa8wGWu4OYNljmxamMKbFqIZhoZCzaQwC3xSkhF8NFLHSPDSfMSFTVR+EuG
CpknpwH9wAQ1vrUcuuUVWxUMGoZ2g8W/v0h/zV9jqwzcwBXr2jcVFzBAnxoV
m1EYQtOAblHwx6xeh2U9jD6yfDhwyMjGwfDJsQC00DzAAGW8synPoecH0w+Y
gZJ+ljAMLi+By87g20Xxk/QNuJZUCeRBj4NrgoKrWMJGd7FIBm1ju6A1/EZS
cIrBWpCv29FjFIDAhngzKsykQMtmP0c9QFKh72o9gPMKaQM47StAK0QjhlBU
U1MEVY+x8xAuxHIxahfIRYMDd5Ro16EU4jARa+s9+V2sj0nikBIyCSkclAHr
EkhNY4mNT1x+QCBQ1t0YVHz32/rTp91t4YbBUcWQPfq2fg0vycUDjKEGSIoh
OfiXLAPrz03AalPexIJKK5oTp8dFSCMNmWHd7kGdphgwESIczJjsyIA0qYZn
HpEx8gqeCGgKFdzEoSgm8sgY1Si1ilAYhvK30Y+mL+aCKve0sDzzmQXkYdMY
QARdjKsp04vgKgVQeths9Ya4qrMMfWLatZXjpJC3wtaQX616FokgDkHwa+yY
MTeNlTME+YDUW8KREDBaDlJYH/M9dZSRdyjRFXA1NzJHk4kQKUNZLYIRGgC2
oZheuZ1742OHQLLVqkbNwPwE3ACoTgX35mYl4+EN1MJ8ogYvjT611q4MRxFz
prPPIvGs3yDR0IoX8MJIJtO0OcBb1AdGR5LFNlO0SrVo6qYgnaL8L6sjIsrY
J3LSUoqxX0BN7sTLRNCeiDrSRf8W1qs1XTqmLor8IOSIODfG4QQfUbHWGHiF
cIkLCRhTyvDarzdYWlBmHBw2odU7RujPbV8bmdFpSfVcmfRMsqGJ81wRlZb3
fBWV6uqek88FRkyVtuoojlLtPA0r2jneDVPFPPlccKJs4RM36aTxm+4Oqv2P
YIngkig70Oe5isEmNjVIlLBUzzkq0yg/6SJ7aekeLPEBSIMoTSYlcJYnwVp3
VCWmPONIiyg+JApG6EK1UXQHSU8QUVEzLifmkmkSdVjVh7oa5T7kaVVd+I6x
WRc1A5vXgu0QtFQD6jYFXGbMaVRLWvq3Q+xGwgliSyt3SFD03mEsw+XBtskA
esmaB6vVkdYw+0kayRQUyE/06NDVOTAqTeoKaF35zYhoLHtiHEosq5mSGH73
247xQyy0XUvEsi0pKdNvJ9ExZOERAzI3E016ixZ5WJOGIxMJ4/B8Gh7jooDT
4W6wKexYQKaxqVWc2bBiM+sS1p/46XMG7t9SrD4YXkHTzQh0sW9vFySsakI7
F1+vTFDJ2pA6+G/fssq6wWCqD2iRYoewBQ/rG0xKTys7yhc6ZtCW1Agco9bE
4+RNX9cvfrQy31GLGKZa0fxTP/NCEkazkOz6KftWaS0N/Im+Kt2X9dMYyyIh
dQi6saFacJt/C4A50lTXiOHFZy2I69pw6zGTbJZEIOCOWje1HRoLlY8okcc3
D7SiFIm0ChRBR2LlTnHOqQuilAzuS835J9Uhjx2YnBbpNXl1SsBkXKTFNNRG
cpGTlVAkHZBIhokQOgQ7b6tMsjqZa+CPllIdzwrbeJGBiMbRZ4227CUxdzJW
o7BAJtNQJcJOpkP+B8QvABmrLINAf9DOYc1Wp5pADJXQxh3vfuAoS84id+oh
NSHOW48meJh/SDUHjUMV1nNZMCeU2cgivogqMmgTWNYdzPJnBCJccxCC0xsp
7eu9p6Ju4vIhUON6avGC+wnZPZqUe54dbFCnOJs7I2mhVnJxo6rCwxYzpR5i
3SLwwQQNloNLbhHkpBKURkai/JoG75tyttiNJ35dahyp7NdINIramro0LzPK
jcDrUDcNgPADQnAygfl0bCUWcdKVCqukJAx+ruu5EF6CypDRiEhUfnNciEvy
WjPWhAuzF0EuErWY6SmQGYFVOcFECIKNT7F7haxXIUDCpeFAHD7Nxdqo4bwA
k+66KtVHUZjYTtjdwQx8G4SGZ387cTMzaO7ibCJ40nRrcifNDyvJF8EsGkfs
5SRdTHlVyhfxzndbkmPd2zZIDNRewE6qx0m2P9t2beZBDnwNCtndcae/9DJo
N/DJ0LKNSieNBL/urqnYF2wc7dduX1xpaesqPU4bTb7VL/9LV+g4aVAlnPHP
LRNM92R1uDTTM4lXKa8y272Nafx7xH35IWv2/9Dsmq/2/auctXT9S5pdzz70
/Afm22cbK89/YL59tuH1/AezUvr83EzOfyCL9kI1xgya/3vTzn/wIpl/If2G
L7HM/hR7OLilMV5+pYnlIpOKbX9MUsEuyD9zSZm688zl17xpjEL+b+wHV2CJ
PW3U+Y25z6nM9fLK7an96qXQ5vrBDW8O2+l8z2jjL5LzZBQzPx+kK9hiKN0N
Ty2vRR88790GBw8O6lrSdnr/O9ci6FdxT273rfAKmdTxg5i1PgEEVxEzQO//
5N2b4s+IB6RGkdtR8SM8mqr4mmzrkyIfTc1biLP4CzqCb73rpw2P534+pwHm
0B41cNLt+Fi7Hf8Rd2Q6H6NlXIIpmBA5UXb0rkl++N0nQvC1CUhz/+MiC0CB
mmo80qncF+mGjJYh1IkNLMdULuAOJjOYCG1SLla6VraDxr0s1FWRujVwZ191
cLoJmcoGqQXlaeKFovliEeFbIVsjfJ9WydJWVGw8QFKUd3Pcw7oygTRbIMjl
YAnYHcZZLT1wvrRlu7BtjUE67OZ4VcPPXAXm5AHWmn3CTNn1EukZUaNADQVN
lKt22zHd7DJKLMpWdVw6vKn7hDO/pDeyyc52qwlPsdSGP1sG4S1OUgln5Yhd
PEdwleWQsQfMbuypoxFBxtjGvsOIp0kHYfwrqj5QU4HXfZW65Ius+9ByxJhE
1JSjxs2YtqAluTkCtI40xDVEjWovbtLoRqqCfoug/sAwlJsZSS0OyVXZUsgS
DLWiPXvSThx59Uh+6fZuKzurZCfrFVuf651W4Kjfb+jRH+Zr9yLnZyY8l6RY
iri51uNhKmPWPQVT5bJ16nAySFP2ZJnt3smimeEx20ZTzm2a6qZM4jyFntoi
Z/gwW5QvctJq0iOXSUC/bkuuqbJj/BlPRFqt0p69vIsassG/oeQiO9hOya2Y
3kVAjGj6lNXawYvmqOlOIMfMgN4Ua0mtqOWOezY556o86E4/IcxwcILekauX
IKHuabqtzVcYB4ngGRPvLhthRVN1jSOvZhvW53NbrfenZnOWag8+GW2zTHHJ
7IqMcU9x3yTs3dYgYXqsAXUGl/FwTwAW3vRpXCbDRIwleoT12FgugiUUiG4z
Rw2ALGkKoKVSFaAzGijh1WEtUmEiKxtIzSEdhjATPFMxmxsidGN1LEpMq672
4Av4BrsWMIj8lBTpgEemSI5zsLl3vsuZY1s6JmW6TXlh2bJl9Li+im7LQED1
XAIF0UG9Ul4O5tg4ph9jfxXTanOB3WynhGjUyKk6mRNdCpVh4YDEImm2kZYr
j33bQ6SrUnsL1jPJ7xvqPG0gPYL/63aBq+cSYE1t1RYXV3TgAvvUkEVr0mjq
fYa14lMkbEVCD+bIiMdML5lYMn0W1jae2q5d6i2NJa8MQv2ULXliF0S9zgKl
ZgK90trl8WxyrIOGCmISzXDtSklJkZoOhI5IEIZojw8s6wnFQaXKMLVePfTD
0hYrgcmpMBuPujCHGWm3tOuTTcdFmElTxNd8F9dOmzm1npLqCnm/qOngPis4
Q8MmlzFpfpnWoc71zJzG1hg576vXvJxusolHl+Q7G5hqn6PXtW4gYXCHNJki
A9O8jNKnChc1WbuWgXY6I8FYQurQvSLIfWMML44370h6OVeEs1u1zuwwoRGt
wIO1JRfUKjnELmd81TXx8SNzMRKFoMR11k8MKUGDbmkD+NfhPpmYubKHIZ2Y
L/8vhNuNKNpuhBLqHPvwbCN0LLvGhj2hIWxXsLQCn9vZTtXyUKdjKs7XzE9c
1701sixw/GplL1sE5dLXmVKWrVnlxaz5ApaD+7zmz6Q+/GriDZPaNx31lPRD
LCSk3lJbSIhl2lQK0WZxQ9VKdw6dO6Rd1NN478jYwiCnRkWIqkStItTSoOoz
3R/oc/ee0/rkxZaxvZw7hPA4NWr9kNrcnFfmIEOBFUVDwUH8zaH2d4vouY2/
N2DqAxCUAkJtVA3xNCxpidHS40lXTGJiIuM4pWL08YkGzECoYfWoiYF3wxhe
Blu+V963Ok1CXomj4UKcAaWxuC35Y5w/rRt730W8Cqxl3/W4B8BACWz+wDTd
rT1xEmjvciyefs9mzh7zY+GL2Fkyg4PNuonQSfNkhKJb75JcsAvjhrzG8glF
DGmBQel/cnt18/2n3Dz92y+++qum5YEyK1u9w7tQVznFs6k0KI1stUbDvjBF
AmrLkgBPWTDPEu02HT91UTwZ66birnbdy6tzmOLSuTO4pAYaMOfm8qR2TlPG
RPHJ9Guno6ist1pkhp55LCPq6FAj/MNNblPKlZmdabslUwDxFC/+ihmXRgNX
vR7DwPEgz0ohcLi6X9jGCV4ZvpizhUH3ZJjW4fkex4viG+8Ox5Sj0lxo18TA
LW1S4opbF0ISHvk9vu9RaCafe2iwd9rodX8QyqhlCj5UcwYTcQ0fIsXJy8zs
YjIDEnMlQfF4FJfuxakpXld4fzmYK88URY3RKfQe953JGY6DKa3bs8F4O0ga
fWK5Yt4HssSdCthCksUOagWwW21l547sDjH7bmVjMWpQbc83sgBn5hw1JbG0
Rx9HIazjcznXjrdyiSdUP4O8YzcsGf6vaypKcq4Y4b5scpw/NyvjJHTV40FC
QvtNHJkcW4yypg2bWOhvgtlVR+XPsO2aKt++mjkE2yIVuzYSGzXZ6Wp4xH5s
zimmKYzAilGRIhK5fDCakK98dFbF/XyZ/477jrQ5VMyj9XdZ6y3pNMwe8tZ1
aryJ27irWnsrrhG6VEvEhNYbGWwTfWBs3GqkvMLji25INrIgRlB5cOMKHgEb
XR4nBae7FzSDi4ONjTWdnlArB5lmu8+Jlks1xBNejo7Oom4Qp17O9EPZ3pJ0
HG3sJYm9Ks7QO2bfG6H3SNtT6AcrrP1B+tEZFR3Y6U1M476oq0+kpdXjeeNJ
mbHdA0+zBMPEJkpzvh2nxXQkZeyYeBXPYHs5PYPN1LOepciXGE97LjCxU7HW
jrKO24q5QQIG1oi87N6EpY2pGQSIolbuHr4J6iWbf1MnisW+8fzLF7C2TElS
Fe0q6zvOGXU+4TFVxXif+2RH//QkWLs/jo1pZXgl3MxAxYIK4hUlTMipJGIs
1/IJK5bXPhLkGWKikYkJvNXYVGxbemLj+VIGJuypygBasq03WyXWYvVvyhQr
+cMFidNTHpUeWVJ/d/GsccT+ploFbVjUwz7zGowwmakzHMNvok5085hNSZWr
x908vP84Y6p1Qy4AAt6Nq45PSkI5EYGmxpUU3vrCRc0AYEh5pNiTmBpZ4ykI
LHzc4EoNpJ0eQGu2JOLvELHiPokUzkAOwjboaOz5oKeEA3ESYeurSnlaL5LG
IxeqsRGsrB6ypD1CaRdmOsbzOaXrttlhllNnSClccXJPyiLGUxFFHIsTPjHB
v1ybmcf+w5kWf+7bz3j1PyR6cJYa/MM0HZxp+Fd1of3WU0JcsrICbHKrMYHz
xlrPTkgZxrk+PxTzEzmvJ/FnWMo7OYWXuCk5zracHMGbYT850lbrdXOxRnvK
2b6EoHjfebonhxwTn4A7yIo1NiXT9rITEjApPKNMujGtrLgh2m0RuSbDQMVN
9XHHPfk9KXK9r7PS5BHrsZXBZJ3/qQbKI5HalDnggTkMCiUqzfmWz4UQo5ZE
Nm5ntlmZd7IlYzPYSVtOko3F2PNj8DPhfx7amkPeE14luvk8VM1Q7j+AW01B
MAFXbSY4C9POYlM94FrXJmPgDNARnJdCV0QpYDh0IGh+Vv17DqoXFYgnJMRG
5nTg6ORoq5ODjFODhq2ZtfHw4oUenprSFFsz4+N97Y7HtGuRFT9HUamrtJ6c
mY6iu0t7XxSXcesmnR4SMbhA72zTlulrNVicrpytGce/qZDzcf3pJqNFdnIG
8x4z/vEUNv3Ck47nUPmZxu+YnjgDTSEyIjbcXhbm4HjVvBgUqI9qYYlLOp9h
FBrfMJfifbNwokXj97Ga95eI9bTzYA/gMKHAnjuftc6nTi1qNpK995RrzDN+
7yH5UE/P/AEK0/l1orERt2PpqJZz0fWvbmSnQWTbLGlFUypntD16g3gEwLV0
9HMz1vmdNiUfbGAyYt5Njx0qa0f9Wfme0lYuoGYXdFl1+1rOc4s75b2F9Am9
21Qh+oR0PEDcTZ+VRnX3qD3P5bRQc3KyDW9gLw2OiwXkrI5v7HWyZ2KNJ5zx
X1Y43TAhEYPZqxHPUULnRQe2EdfJPLycPWAozDWSKArmJbTzARl6DkRPzUC4
M1//+AdB1iOb576vuVqNoojX44BYeMrjvGefMLmL+PGEGicHqJtlkyxTAZ5O
nSHBuwz7JDnFdEups9idtmDUGgtzC7OVh6PMEnl5gzhi77w4UkviKUQSpedd
remvL/Dfh7m/eHZvjezcNifH3lRDtRaxhvmdfAYFrmLNm0RQEirfNMdowDdX
31/NGG9+ij0eIIDUEvlxGDxpE35T/6INyvPhg/8DDfhGZjdtAAA=

-->

</rfc>
