<?xml version='1.0' encoding='utf-8'?>
<!DOCTYPE rfc [
  <!ENTITY nbsp    "&#160;">
  <!ENTITY zwsp   "&#8203;">
  <!ENTITY nbhy   "&#8209;">
  <!ENTITY wj     "&#8288;">
]>
<?xml-stylesheet type="text/xsl" href="rfc2629.xslt" ?>
<!-- generated by https://github.com/cabo/kramdown-rfc version 1.7.39 (Ruby 3.2.3) -->
<rfc xmlns:xi="http://www.w3.org/2001/XInclude" ipr="trust200902" docName="draft-zhao-grow-bgp-graceful-degradation-00" category="info" submissionType="IETF" version="3">
  <!-- xml2rfc v2v3 conversion 3.34.0 -->
  <front>
    <title abbrev="BGP Graceful Degradation">BGP Graceful Degradation Under Control Plane Memory Pressure</title>
    <seriesInfo name="Internet-Draft" value="draft-zhao-grow-bgp-graceful-degradation-00"/>
    <author initials="J." surname="Zhao" fullname="Jing Zhao" role="editor">
      <organization>China Unicom</organization>
      <address>
        <postal>
          <city>Beijing</city>
          <country>China</country>
        </postal>
        <email>zhaoj501@chinaunicom.cn</email>
      </address>
    </author>
    <author initials="R." surname="Pang" fullname="Ran Pang">
      <organization>China Unicom</organization>
      <address>
        <postal>
          <city>Beijing</city>
          <country>China</country>
        </postal>
        <email>pangran@chinaunicom.cn</email>
      </address>
    </author>
    <author initials="X." surname="Gao" fullname="Xing Gao">
      <organization>China Unicom</organization>
      <address>
        <postal>
          <city>Beijing</city>
          <country>China</country>
        </postal>
        <email>gaox60@chinaunicom.cn</email>
      </address>
    </author>
    <date year="2026" month="July" day="06"/>
    <area>Operations and Management Area</area>
    <workgroup>grow</workgroup>
    <abstract>
      <?line 44?>

<t>This document describes an operational framework for graceful degradation
of BGP under control-plane memory pressure. When BGP speakers experience
rapid growth in routing state due to route flapping, configuration errors,
or anomalous route injection, control-plane memory can become exhausted,
leading to session resets, routing process restarts, or device reboots.</t>
      <t>The framework described in this document progressively reduces BGP route
admission and processing based on local resource conditions, isolates
non-critical neighbors or services when necessary, and restores routing
state in a controlled manner after recovery. The objective is to preserve
basic device operation and reduce service impact. This document does not
define any new BGP messages, path attributes, capabilities, or protocol
state machines.</t>
    </abstract>
  </front>
  <middle>
    <?line 60?>

<section anchor="introduction">
      <name>Introduction</name>
      <t>BGP speakers may experience rapid control-plane memory consumption when
routing state grows quickly due to route flapping, configuration errors,
large-scale route synchronization, rapid service expansion, or anomalous
route injection.</t>
      <t>When implementations lack active resource-protection mechanisms,
continuously receiving and processing routes can lead to memory
exhaustion, which may trigger BGP session resets, routing process
restarts, board resets, or even device reboots. Such failures not only
affect existing services but may also create renewed resource pressure
after recovery, because full routing state re-synchronization can again
consume significant control-plane resources. This may lead to a cycle of
exhaustion, restart, re-synchronization, and renewed exhaustion.</t>
      <t>This document describes a BGP graceful degradation operations framework
oriented toward control-plane memory pressure. The framework progressively
reduces BGP route admission and processing based on resource status and,
when necessary, isolates selected neighbors, address families, or services
to maintain basic device operation. After resource recovery, the device
re-synchronizes routing state in a controlled manner and returns to normal
operation.</t>
      <t>This document does not define new BGP messages, path attributes,
capabilities, or protocol state machines.</t>
    </section>
    <section anchor="requirements-language">
      <name>Requirements Language</name>
      <t>The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 <xref target="RFC8174">RFC2119</xref> when, and only when, they appear in all capitals, as shown here.</t>
    </section>
    <section anchor="problem-description">
      <name>Problem Description</name>
      <t>BGP is a stateful, incremental routing protocol. Upon receiving routes, a
BGP speaker must maintain control-plane state including prefixes, paths,
attributes, policy results, and next-hops.</t>
      <t>BGP routing state may grow rapidly in a short time under the following
scenarios:</t>
      <ul spacing="normal">
        <li>
          <t>Neighbors erroneously advertise a large number of routes;</t>
        </li>
        <li>
          <t>Route filtering or policy configuration anomalies;</t>
        </li>
        <li>
          <t>Multiple neighbors performing full-route synchronization simultaneously;</t>
        </li>
        <li>
          <t>Large-scale route flapping;</t>
        </li>
        <li>
          <t>Rapid VPN or EVPN service expansion;</t>
        </li>
        <li>
          <t>Malicious or anomalous route injection.</t>
        </li>
      </ul>
      <t>Existing resource protection typically resets neighbors after the route
count exceeds a static threshold, or restarts the protocol process after
memory is exhausted. While these methods can stop resource growth, they
often have the following limitations:</t>
      <ul spacing="normal">
        <li>
          <t>Protection actions are triggered too late;</t>
        </li>
        <li>
          <t>Failure impact scope is too broad;</t>
        </li>
        <li>
          <t>They cannot take progressive measures based on resource status;</t>
        </li>
        <li>
          <t>They cannot prioritize critical services;</t>
        </li>
        <li>
          <t>Full routing state re-synchronization after restart may again cause
resource peaks;</t>
        </li>
        <li>
          <t>They are prone to forming an "exhaustion--restart--re-synchronization--
exhaustion again" loop.</t>
        </li>
      </ul>
      <t>Therefore, an active protection mechanism based on resource feedback is
needed to limit BGP resource growth while the device still has management
and recovery capabilities.</t>
    </section>
    <section anchor="objectives-and-scope">
      <name>Objectives and Scope</name>
      <t>The objectives of BGP graceful degradation are:</t>
      <ul spacing="normal">
        <li>
          <t>Identify resource risks before control-plane memory is exhausted;</t>
        </li>
        <li>
          <t>Slow down or stop memory growth caused by new routes;</t>
        </li>
        <li>
          <t>Maintain the BGP process, management plane, and existing forwarding state
as much as possible;</t>
        </li>
        <li>
          <t>Limit impact to smaller address families, services, or neighbor scopes;</t>
        </li>
        <li>
          <t>Prioritize protection of critical services and critical neighbors;</t>
        </li>
        <li>
          <t>Smoothly restore complete routing state after resource recovery;</t>
        </li>
        <li>
          <t>Avoid large-scale simultaneous neighbor recovery causing new resource
shocks.</t>
        </li>
      </ul>
      <t>This document focuses on control-plane memory pressure caused or
significantly aggravated by BGP routing state growth.</t>
      <t>This document does not replace the following mechanisms:</t>
      <ul spacing="normal">
        <li>
          <t>Network capacity planning;</t>
        </li>
        <li>
          <t>Route filtering;</t>
        </li>
        <li>
          <t>Maximum prefix limits;</t>
        </li>
        <li>
          <t>Control plane protection;</t>
        </li>
        <li>
          <t>BGP error handling;</t>
        </li>
        <li>
          <t>Graceful Restart;</t>
        </li>
        <li>
          <t>Planned Graceful Shutdown.</t>
        </li>
      </ul>
    </section>
    <section anchor="graceful-degradation-principles">
      <name>Graceful Degradation Principles</name>
      <section anchor="prevention-first">
        <name>Prevention First</name>
        <t>Graceful degradation is a resource-protection mechanism for abnormal states
and should not replace normal route filtering, maximum prefix limits, and
capacity planning.</t>
      </section>
      <section anchor="minimum-impact-scope">
        <name>Minimum Impact Scope</name>
        <t>Protection actions should start from a smaller scope and only expand
progressively when resources continue to deteriorate.</t>
        <t>The reference order is as follows:</t>
        <ul spacing="normal">
          <li>
            <t>Reduce route admission or processing rate</t>
          </li>
          <li>
            <t>Pause admission of new routes for selected scopes</t>
          </li>
          <li>
            <t>Isolate selected address families, VRFs, or services</t>
          </li>
          <li>
            <t>Close selected non-critical BGP sessions</t>
          </li>
          <li>
            <t>Invoke process-level or device-level last-resort protection</t>
          </li>
        </ul>
      </section>
      <section anchor="maintain-control-capability">
        <name>Maintain Control Capability</name>
        <t>During degradation, the following should be preserved as much as possible:</t>
        <ul spacing="normal">
          <li>
            <t>Management access;</t>
          </li>
          <li>
            <t>Alarms and telemetry;</t>
          </li>
          <li>
            <t>Basic BGP session processing;</t>
          </li>
          <li>
            <t>Route withdrawal processing;</t>
          </li>
          <li>
            <t>Recovery and route re-synchronization capabilities.</t>
          </li>
        </ul>
      </section>
      <section anchor="prioritize-route-withdrawal-processing">
        <name>Prioritize Route Withdrawal Processing</name>
        <t>When resources are constrained, route withdrawal is usually more important
than new route advertisement. Delaying new routes may cause temporary
absence of new reachable paths, while delaying withdrawal may allow invalid
routes to persist. Therefore, during degradation, it is preferable to
prioritize processing withdrawals and updates affecting existing
reachability.</t>
      </section>
      <section anchor="recovery-must-be-executed-in-a-controlled-manner">
        <name>Recovery Must Be Executed in a Controlled Manner</name>
        <t>Recovery cannot simply be equated with lifting all restrictions. Route
refresh, neighbor re-establishment, and full-route learning may all cause
memory peaks again, so the recovery process needs to be batched,
rate-limited, and have hysteresis.</t>
      </section>
      <section anchor="resource-monitoring-and-state-determination">
        <name>Resource Monitoring and State Determination</name>
        <t>Devices can comprehensively use the following information to determine
whether to enter a graceful degradation state:</t>
        <ul spacing="normal">
          <li>
            <t>System memory utilization;</t>
          </li>
          <li>
            <t>Absolute available memory;</t>
          </li>
          <li>
            <t>Memory growth rate;</t>
          </li>
          <li>
            <t>Memory allocation failures;</t>
          </li>
          <li>
            <t>BGP process or module memory share;</t>
          </li>
          <li>
            <t>Route and path counts;</t>
          </li>
          <li>
            <t>Route growth rate per neighbor and address family;</t>
          </li>
          <li>
            <t>UPDATE processing rate and queue length;</t>
          </li>
          <li>
            <t>Estimated remaining safe operation time.</t>
          </li>
        </ul>
        <t>Relying solely on a fixed memory percentage may not accurately reflect
risk. Devices can consider both current resource level and growth trends.</t>
        <t>Before executing BGP degradation, devices SHOULD also try to determine
whether BGP is the main source of current memory pressure. If the main
resource consumption comes from other modules, limiting BGP route admission
and processing may only slow down the risk without solving the root
problem. In such cases, devices SHOULD rely on platform-level resource
management, shorten the monitoring interval, and MAY escalate directly to
last-resort protection if the non-BGP source cannot be contained. BGP
degradation SHOULD NOT be used as the sole response to non-BGP memory
pressure.</t>
        <t>Devices can divide operational states into:</t>
        <ul spacing="normal">
          <li>
            <t>Normal state;</t>
          </li>
          <li>
            <t>Warning state;</t>
          </li>
          <li>
            <t>Critical state;</t>
          </li>
          <li>
            <t>Recovery state.</t>
          </li>
        </ul>
        <t>Normal, Warning, and Critical reflect the current resource level and
associated protection actions.  Recovery is a transitional operational
state entered after the resource level has returned to safe ranges,
during which the device executes controlled restoration of routing
state.  It is not a resource level itself.</t>
        <t>Implementations can add finer states based on platform architecture, but
the externally presented model should remain simple.</t>
        <t>The following table provides an example mapping between resource states and
candidate degradation actions. Implementations may define more detailed
internal states based on platform architecture.</t>
        <table>
          <thead>
            <tr>
              <th align="left">State</th>
              <th align="left">Resource Level / Condition</th>
              <th align="left">Operational Action</th>
            </tr>
          </thead>
          <tbody>
            <tr>
              <td align="left">Normal</td>
              <td align="left">Memory level and growth rate are within expected ranges</td>
              <td align="left">Normal BGP route admission and processing</td>
            </tr>
            <tr>
              <td align="left">Warning</td>
              <td align="left">Memory utilization, growth rate, or UPDATE backlog exceeds a warning threshold</td>
              <td align="left">Slow down route admission or processing; prioritize withdrawals</td>
            </tr>
            <tr>
              <td align="left">Critical</td>
              <td align="left">Memory continues to deteriorate, allocation failures occur, or backlog memory becomes significant</td>
              <td align="left">Pause admission for selected scopes; isolate AFI/SAFI, VRFs, or services; close selected sessions</td>
            </tr>
            <tr>
              <td align="left">Recovery</td>
              <td align="left">Memory has returned below the recovery threshold and remained stable for a period; resource level is now Normal or near-Normal</td>
              <td align="left">Perform batched route re-synchronization; rebuild closed sessions; gradually restore normal processing rate</td>
            </tr>
          </tbody>
        </table>
      </section>
    </section>
    <section anchor="graded-degradation-strategy">
      <name>Graded Degradation Strategy</name>
      <section anchor="route-admission-and-processing-slowdown">
        <name>Route Admission and Processing Slowdown</name>
        <t>When a device enters the warning state, it can reduce BGP route admission
and processing speed to slow down memory growth. Methods that can be
adopted include:</t>
        <ul spacing="normal">
          <li>
            <t>Limit the number of new routes processed per unit time;</t>
          </li>
          <li>
            <t>Allocate processing quotas by neighbor or address family;</t>
          </li>
          <li>
            <t>Batch policy calculation and best-path calculation;</t>
          </li>
          <li>
            <t>Merge duplicate updates for the same route within a short time;</t>
          </li>
          <li>
            <t>Limit non-critical background tasks;</t>
          </li>
          <li>
            <t>Reserve processing capability for route withdrawals.</t>
          </li>
        </ul>
        <t>Route processing slowdown should not cause input queues to grow
indefinitely. Implementations need to monitor both UPDATE backlogs and the
memory consumed by queued messages. If the input queue backlog itself
becomes a significant source of memory pressure, the implementation SHOULD
narrow the affected scope, pause new route admission for the affected peers
or AFI/SAFI, or close the affected sessions in a controlled manner.</t>
        <t>An implementation that discards queued UPDATE messages MUST mark the
affected routing state as incomplete and MUST perform route
re-synchronization before returning the affected scope to normal operation.</t>
      </section>
      <section anchor="pause-admission-of-new-routes">
        <name>Pause Admission of New Routes</name>
        <t>When learning slowdown is insufficient to control resource growth, new
route admission can be paused within a selected scope.</t>
        <t>The pause scope can be:</t>
        <ul spacing="normal">
          <li>
            <t>Specific neighbors;</t>
          </li>
          <li>
            <t>Neighbor groups;</t>
          </li>
          <li>
            <t>Specific AFI/SAFI;</t>
          </li>
          <li>
            <t>Specific VRFs or services;</t>
          </li>
          <li>
            <t>All non-critical route sources.</t>
          </li>
        </ul>
        <t>During degradation, route withdrawals and necessary updates affecting
existing route validity can continue to be processed.</t>
        <t>When new route admission is paused, the implementation MUST treat the
affected Adj-RIB-In scope, or its equivalent implementation state, as
incomplete. The implementation MUST record the affected peers, peer groups,
AFI/SAFI, VRFs, and services, as applicable. Routes that are not admitted
during the pause period will not necessarily be restored by subsequent
incremental UPDATE messages.</t>
        <t>Before the affected scope is considered fully recovered, the implementation
MUST perform route re-synchronization, such as Route Refresh, Enhanced
Route Refresh, local soft refresh where applicable, or controlled session
re-establishment. If Route Refresh is not supported by the peer, controlled
session re-establishment may be required.</t>
      </section>
      <section anchor="isolate-address-families-or-services">
        <name>Isolate Address Families or Services</name>
        <t>When pausing new route admission is insufficient to control memory growth,
devices can isolate specific address families, services, or VRFs.</t>
        <t>Isolation means ceasing BGP route admission and processing for the selected
scope. Depending on the implementation and local policy, isolation may
include withdrawing affected routes from the local RIB.</t>
        <t>Where the implementation supports independent per-AFI/SAFI processing or
uses separate transport sessions for different services, isolation may be
applied to the affected AFI/SAFI without closing the entire BGP peer
session. Otherwise, isolating an AFI/SAFI may require closing the
corresponding BGP session.</t>
        <t>This action is more severe than pausing admission and is applied before
closing entire neighbors or peer sessions.</t>
      </section>
      <section anchor="controlled-session-closure">
        <name>Controlled Session Closure</name>
        <t>When a BGP speaker remains in a critical resource state and narrower
degradation actions cannot stop resource deterioration, selected BGP
sessions can be closed in a controlled manner.</t>
        <t>Session selection can consider multiple factors, including:</t>
        <ul spacing="normal">
          <li>
            <t>Estimated memory that may be released by closing the session;</t>
          </li>
          <li>
            <t>Total number of routes and paths received from the peer;</t>
          </li>
          <li>
            <t>Number or ratio of non-best paths;</t>
          </li>
          <li>
            <t>Recent route growth rate;</t>
          </li>
          <li>
            <t>Evidence of anomalous route injection or excessive route churn;</t>
          </li>
          <li>
            <t>Service importance and configured protection priority;</t>
          </li>
          <li>
            <t>Availability of alternative paths or redundant peers;</t>
          </li>
          <li>
            <t>Expected recovery cost and recovery time.</t>
          </li>
        </ul>
        <t>Prioritizing closure of sessions with a large number of non-best paths is
an optional strategy, but should not be the sole basis.</t>
        <t>To reduce service impact, implementations may allow operators to configure
protection priority for critical neighbors. Such protection should be
combined with explicit resource budgets or exemption limits. Otherwise, an
excessively large protected scope can make the degradation mechanism
ineffective and may prevent the device from preserving basic operation.</t>
        <t>Sessions should be closed in batches. After each batch of actions, the
memory release effect can be observed before deciding whether to continue
expanding the scope.</t>
      </section>
      <section anchor="last-resort-protection">
        <name>Last-Resort Protection</name>
        <t>If available degradation actions cannot preserve basic device operation,
the platform may need to invoke BGP process-level, control-unit-level,
line-card-level, or device-level protection.</t>
        <t>Such actions are last-resort measures and are not the normal objective of
graceful degradation.</t>
      </section>
    </section>
    <section anchor="recovery-strategy">
      <name>Recovery Strategy</name>
      <t>When memory returns to a safe range, the device can enter the recovery
state.</t>
      <t>Recovery determination can simultaneously consider:</t>
      <ul spacing="normal">
        <li>
          <t>Memory below recovery threshold;</t>
        </li>
        <li>
          <t>Memory has stabilized for a certain period;</t>
        </li>
        <li>
          <t>Memory growth rate has returned to normal;</t>
        </li>
        <li>
          <t>UPDATE backlog has decreased;</t>
        </li>
        <li>
          <t>Anomalous route injection or flapping has stopped;</t>
        </li>
        <li>
          <t>The system has the resource margin required to execute route
synchronization.</t>
        </li>
      </ul>
      <t>Entering and exiting degradation MUST use different thresholds
(hysteresis) to avoid frequent state switching. The recovery threshold for
a given state SHOULD be set sufficiently below its entry threshold, taking
into account observed memory volatility, the resource cost of route
synchronization, and the time required for memory to stabilize.</t>
      <t>The recovery process can be executed in the following order:</t>
      <ol spacing="normal" type="1"><li>
          <t>Confirm management and monitoring capabilities are normal;</t>
        </li>
        <li>
          <t>Restore new route admission for neighbors that were not disconnected;</t>
        </li>
        <li>
          <t>Perform full route synchronization, such as Route Refresh, session
rebuild, or local soft refresh, for affected neighbors and address
families to recover routes missed during degradation;</t>
        </li>
        <li>
          <t>Batch rebuild closed sessions;</t>
        </li>
        <li>
          <t>Gradually restore normal processing speed;</t>
        </li>
        <li>
          <t>Verify RIB, FIB, and resource status;</t>
        </li>
        <li>
          <t>Exit recovery state.</t>
        </li>
      </ol>
      <t>For neighbors whose new route admission was paused, merely restoring normal
processing speed will not fill in the missed routing state.</t>
      <t>Recovery can use:</t>
      <ul spacing="normal">
        <li>
          <t>Route Refresh;</t>
        </li>
        <li>
          <t>Enhanced Route Refresh;</t>
        </li>
        <li>
          <t>Local soft refresh, where sufficient local routing state has been retained;</t>
        </li>
        <li>
          <t>Controlled BGP session re-establishment.</t>
        </li>
      </ul>
      <t>Local soft refresh is applicable only when the implementation has retained
sufficient local pre-policy or post-policy routing state. Under memory
pressure, such retained state may be unavailable or may have been released
as part of resource protection.</t>
      <t>Both route refresh and session re-establishment may generate full-route
updates, so the number of simultaneously recovering neighbors and address
families needs to be limited.</t>
      <t>If memory grows rapidly again during recovery, the implementation SHOULD
stop starting new recovery batches. Scopes that have already recovered and
remained stable do not need to be degraded again unless resource pressure
continues to worsen or reaches a critical threshold.</t>
    </section>
    <section anchor="deployment-and-operations-considerations">
      <name>Deployment and Operations Considerations</name>
      <section anchor="threshold-setting">
        <name>Threshold Setting</name>
        <t>This document does not specify uniform memory thresholds.</t>
        <t>Thresholds can be combined with:</t>
        <ul spacing="normal">
          <li>
            <t>Device total memory;</t>
          </li>
          <li>
            <t>Control plane minimum safe margin;</t>
          </li>
          <li>
            <t>Normal route scale;</t>
          </li>
          <li>
            <t>Abnormal period route growth rate;</t>
          </li>
          <li>
            <t>Memory reclamation delay;</t>
          </li>
          <li>
            <t>Resources required for route refresh and neighbor rebuilding;</t>
          </li>
          <li>
            <t>Resource requirements for other protocols and management functions.</t>
          </li>
        </ul>
      </section>
      <section anchor="service-classification">
        <name>Service Classification</name>
        <t>Critical services can be identified by neighbor, address family, VRF, or
neighbor group.</t>
        <t>Service classification should remain simple and be consistent with real
network redundancy relationships. Critical service protection should not be
understood as absolute exemption; when the system is about to lose basic
operation capability, last-resort protection may still affect critical
neighbors.</t>
      </section>
      <section anchor="observability">
        <name>Observability</name>
        <t>Devices should provide the following information:</t>
        <ul spacing="normal">
          <li>
            <t>Current resource state;</t>
          </li>
          <li>
            <t>Current degradation level;</t>
          </li>
          <li>
            <t>Trigger reason;</t>
          </li>
          <li>
            <t>Current memory level and memory growth rate;</t>
          </li>
          <li>
            <t>Affected peers, peer groups, AFI/SAFI, VRFs, and services;</t>
          </li>
          <li>
            <t>Route admission or processing rate-limit status;</t>
          </li>
          <li>
            <t>Number of new routes not admitted, where available;</t>
          </li>
          <li>
            <t>Whether the affected routing state is marked as incomplete;</t>
          </li>
          <li>
            <t>Sessions closed due to resource protection and their selection reasons;</t>
          </li>
          <li>
            <t>Current recovery stage;</t>
          </li>
          <li>
            <t>Route re-synchronization method and progress;</t>
          </li>
          <li>
            <t>Whether recovery is paused due to renewed resource pressure.</t>
          </li>
        </ul>
        <t>Operations systems need to be able to distinguish session closures caused
by resource protection from ordinary link failures or protocol anomalies.</t>
      </section>
      <section anchor="gradual-deployment">
        <name>Gradual Deployment</name>
        <t>Initial deployment can proceed according to the following steps:</t>
        <ol spacing="normal" type="1"><li>
            <t>Enable only monitoring and alarms;</t>
          </li>
          <li>
            <t>Collect normal resource baselines;</t>
          </li>
          <li>
            <t>Verify route admission and processing slowdown;</t>
          </li>
          <li>
            <t>Verify recovery after pausing new route admission by injecting a
controlled volume of test routes under simulated memory pressure. The
test should confirm that the device pauses admission for the intended
scope, marks the affected routing state as incomplete, records the
affected peers and AFI/SAFI, and subsequently performs route
re-synchronization without persistent missing state;</t>
          </li>
          <li>
            <t>Configure a small number of critical neighbors;</t>
          </li>
          <li>
            <t>Enable automatic slowdown;</t>
          </li>
          <li>
            <t>Then enable pause admission and controlled session closure;</t>
          </li>
          <li>
            <t>Regularly drill the recovery process.</t>
          </li>
        </ol>
      </section>
    </section>
    <section anchor="security-considerations">
      <name>Security Considerations</name>
      <t>Attackers may cause devices to enter resource pressure states by
continuously advertising a large number of legitimate routes.</t>
      <t>Graceful degradation can reduce the probability of a single anomalous
neighbor causing a device crash, but cannot replace route filtering,
maximum prefix limits, neighbor authentication, and anomaly detection.</t>
      <t>Attackers may also attempt to:</t>
      <ul spacing="normal">
        <li>
          <t>Keep memory oscillating near degradation or recovery thresholds for long
periods;</t>
        </li>
        <li>
          <t>Induce a device to close specific BGP sessions by manipulating route
volume or churn;</t>
        </li>
        <li>
          <t>Consume resources by exploiting overly broad critical-neighbor
exemptions;</t>
        </li>
        <li>
          <t>Trigger repeated route re-synchronization during the recovery phase;</t>
        </li>
        <li>
          <t>Cause persistent incomplete routing state if recovery procedures are not
executed correctly.</t>
        </li>
      </ul>
      <t>Therefore, devices can adopt recovery hysteresis, reconnection backoff,
batch recovery, and multi-factor neighbor ranking to reduce risks.</t>
      <t>Pausing new route admission can make the local routing view temporarily
incomplete. Implementations MUST clearly record the affected scope and MUST
perform route re-synchronization before the affected scope is considered
fully recovered. Otherwise, some routes may remain missing for an extended
period of time.</t>
    </section>
    <section anchor="iana-considerations">
      <name>IANA Considerations</name>
      <t>This document does not request IANA to allocate new code points.</t>
    </section>
  </middle>
  <back>
    <references anchor="sec-normative-references">
      <name>Normative References</name>
      <reference anchor="RFC2119" target="https://www.rfc-editor.org/info/rfc2119" xml:base="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.2119.xml">
        <front>
          <title>Key words for use in RFCs to Indicate Requirement Levels</title>
          <author fullname="S. Bradner" initials="S." surname="Bradner"/>
          <date month="March" year="1997"/>
          <abstract>
            <t>In many standards track documents several words are used to signify the requirements in the specification. These words are often capitalized. This document defines these words as they should be interpreted in IETF documents. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements.</t>
          </abstract>
        </front>
        <seriesInfo name="BCP" value="14"/>
        <seriesInfo name="RFC" value="2119"/>
        <seriesInfo name="DOI" value="10.17487/RFC2119"/>
      </reference>
      <reference anchor="RFC8174" target="https://www.rfc-editor.org/info/rfc8174" xml:base="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.8174.xml">
        <front>
          <title>Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words</title>
          <author fullname="B. Leiba" initials="B." surname="Leiba"/>
          <date month="May" year="2017"/>
          <abstract>
            <t>RFC 2119 specifies common key words that may be used in protocol specifications. This document aims to reduce the ambiguity by clarifying that only UPPERCASE usage of the key words have the defined special meanings.</t>
          </abstract>
        </front>
        <seriesInfo name="BCP" value="14"/>
        <seriesInfo name="RFC" value="8174"/>
        <seriesInfo name="DOI" value="10.17487/RFC8174"/>
      </reference>
    </references>
  </back>
  <!-- ##markdown-source:
H4sIAAAAAAAAA5VcW3fbyJF+1zn6D308L7s5JOOZJDOJ/bKybE+UtWyt5Mll
9+ShCTRJjEGAgwYkM2d+/NZXVX0BCMnOw4wlEehLdV2++qqay+Xy/Kyv+tq9
MK9+vDE/drZwm6E2r922s6Xtq7YxPzWl68xl2/RdW5ub2jbOXLt92x3NTee8
Hzp3fmbX687dPz7K+VnZFo3d00RlZzf98l872y63XfuwXG8P9IO8sizTK8vn
z8/PCtu7LU31wlTNpqVR6PcX5rvn332/fP7D8vn352d+WO8r7+mFj8cDfXb1
5uPb87Pq0L0wfTf4/rvnz//0/DtaYefsC/Ph4Doe3RvblObaNnbr9q7pzQV9
fn720HafaFXD4YXB4s7P6MWh37Xdi/MzkhWtwr8wf1mZ/6Xl06+yo79UzTb8
pe22tqn+xXO8MJe7qrEkwapo9/Sh29uqfmGw95//8Pzb/yrw8cCfrgqSkSEJ
03iurPq2o1+Lqqedv3LVzzQDfm8HOoWjjput6HZlbiw/Iiu6tU34w9cs6ECP
drY5Xc9XL+DvK/NjJpG/QyI/frVAtrb9/P3zf3/687Om7fY09L2j8zHm9u3l
d99++6fw8x+//eH3L/AUdCc9d362Wq3wz3K5NHbte1K+Hr9/3FXekJ4OrBCl
80VXrR00xbRBb2xtNh3tEYpiaFQTVNeUuba3GzaFgW2nENtZHth29mI7B7Wd
lfnbzjX8tD84+8l13rjPNF3lmoIsq7OHqmRl7Hcka1KRoYd0fU+mYMrBmb7l
Pzqzqe3hQJ8tMOOm2g6yZOO6ru38glbV0V7ava3bwes7VfOzK/DUYn6ZBW1+
7ehEHK1qZ8mgXEkj1c6WWAXN7R1bn6H9uN4v4gIPXVvQR/h7bzt8QtOX7r4q
HP1t3ba9X4nUXSbSIPUSe+1HB0IDbiE0OsX6SEOUA43PguOtkKWW6gnYtnV+
LGVtPQ1If6/bgg6QBmmHjpZBOyZTgzdYmMq3NUnUQ6eaJa2hr/Bs46rtbk3i
w+q967B8bx5wZI3D+LY7Lng+7LOl/wUBkGviI6J92CDbmpaxt01DSkFOkP7f
kWjvXXdcGYihXfNh3NNLHqKFjtCUtDXaQVUE6UVl1HkhiLA2U+0PpM4Yb6TM
LS2saUnNS7ep6Hhtc6QNPLD49tjG1pEQDpaUzPY9nQBJlP5Q2INdVzUJw8kB
klT7tmjrsLu9hdU6Hw1qX5Vl7fDbN+YKm6bViU2cn42UfG+PmaIb0fN5HaQD
GvYH3jEkT0YxMgIYhze/DFXxiRTj3zOJ2nZbt/R01E5f8cem2HVt8FkLXVmQ
Ly3ZNp4/yM1J1pTZEwuETZtOpOYYo4GntsUnY+WcgyouIVd5kXZd7Mhl+j3W
B4FUzUAzsM4XrrrHxicKznN7NlZYJvYvsjs/U6vlBT/sqmLHgqcT3m5J//hE
njZg2lm04HVruzI+SPt397TBiVGbu4Fm2ZBnHzrROjK9mpZiNxvaIkmw8nJ6
wZxI2XhVtvatKSgQ9xiN1NOVyVgPCWyMTGcB/0RbpMMe6nriHzs62/F5spDs
1lYNC5cUi4682jbVhuydLGWsgWF2rwaFVQYJk1UfC1KbdjOWsoprMTN58BSy
tfTS6snww6c0F2eSJ/DJhcLNk0mRn6ZFPuC8vhB/xg545GVx9hM3a77sZeOR
4QwGRlqkyVOfGRwuqUFNakGvRl9LYipLLIK0aE/eR31P0BfCrKTfdII9/Wfm
XePKXKiW6FqSuvS0X3kc28uOKPlu87Tr5jPsh65hL80YhBximnvmNNX/GnW/
X3a9wL6P+F4z43q/MbeOPGDHjsabd4ToBho4BNhP7mjoeEtvnl3/dPfx2UL+
Ne8/8M+3b/7np6vbN6/x892fL969iz+EJ+7+/OGnd6/TT+nNyw/X12/ev5aX
6a9m8qfri388E71/9uHm49WH9xfvnp0Gd4LnkOUaQqdzI+2ERlg/BgSvLm/M
t783/6dA75/8E2DePzkwyDRwNvorHTV5lQOFnI4Pk/wDSbXqydEsMLjftQ+N
2TkyAxHiTdeuyVlT6oJZD3ngqmCJLHmyQlLfphBh2zr3mHxAK/PTge0guGvx
zzTlKAaaPVl/UuSxmQYNLOqhlLFJcz4HTYF+5HH60NZVgQDhhxquGXJo3Od+
uWsPoiDBgJN2w5chdEqAI5mxupNIut70FblFQa8wlw3pf/sgoKZwje2q1jOS
Xpr3ESAhpjZOIpUtydb6ipyyNRxiTTPs1zQaAWMRxku8fCtBuqrpyLEwKLns
ZByuJcxW+tY17bGimJqBMzI9QHyMgSiwnA3l5Of39KrVRfJY707if4AMskCO
/X+9eY+lvcG/JzhAlkSrKyrA6qcwNh/EmxD+ssgWY39/PAB2cqxHkM22KFEP
p6Fwl7MhWkfhXBl0kzxhv6NXd21dss8IsZtfjA4kYHMe8/xMQ0LlE8ZHWlKR
TOg1j5hBOXApAINQ7iGtXRITsTSkPT05+Z29d2O1MXW1rxT/qN7cpE3bQjNy
+AABJhy8WoMAwfJ9K2hC0a3xBTlbAcnkM7rWlvzUR5g7rRGOticLy4MZ7cF6
BiSPxamTIQ6k5sgD/kWZQsgHQgySVX0V4AhwhQ9CcM6W7R2gBalqUgRyC9ky
II8DbAqeMag3ncCzBByWSx0XP0xnBrtjMpQh8z6jLKg9hNSLvAolLXAYAZLO
IdEZmW1I69ZAshVSJvqFj0wOWtDCWEUAPkWfQqymNZH4dhaoKtAw5NU4uEqs
HqUf6qE/hBxJGJw7aEKIcm36TBPwWdREclUlvCppzmpzzGBC5T+RirBU5oFT
biV8Vnek4xTIKJAAo8A69EndOJ9zadaScGXe7zp4fggFq1WzXGQCMTy3OPQI
nGlxAHZR63DMECNwN/17aEnjKYyJg+MDUbtBuk6uqQaIOUFYQbXZbwS/I6Ym
671J9pApCUn6xDp4uac5tIhrT1nCTjxcL1JGgtS7iSXZefzGY1zct+SW89wt
d+1p8ZkiDYxR+QR0SEiNHGXxyc8Atg394KFH07g8gc/hdMHXZWkEQuCWNO7e
9nL0p+FXtOMprNg5mrKYutKUHsYI3DNyh7GAMWOVaWIEG4dYVbzPJK69Ygqx
WTmcQPPKXtMp84fYAyfOZLRNWYfRIt97K65IdAVroK3HD+92Qw8jUTOepZpJ
wZoCkd3zQ4BjSDD5s7dV55ml+3HOpBmcPZlMM1ln1wLW5Qi8eBvSgaEuRxLX
p7qx7GCXM4Jj4xS4PhL/SjdxXTX80pXYYPRYMxFQlyKRYtO1e4R1NViJeRHg
Mv6gacesGCdZMWk1yh5wACkddtESonKRd6NtUAQA/UK5Ac0BMXrVNVGv39Cp
Mr80Tf4kH4kEBHuh35gbTsSzpzaZ0+MjiNmeOBa8dCWZYPro1Df99fbtNAf8
jbmsW5+9NeLtMmJD5mjuWwEEWPKyJr2qEyGpv9fW9wioQMBJhyAGOcjgr4OV
XIbwdMQTrwfGsJlaLiamq8e7dpHZK+f8ttp1VpywBVYtro+83l4cbO/AK/Xq
E19xHpwTOul8Mk/wUPW7srMPtj75PDhLDsH88Cx9Mg3J3+SBQSb5W5rkJk4S
CbGkn1aCLCh4ymTLhU6brZE0cvADI+J9KwCQTscCKfRk2Em7UsoBia3Ir9T2
GF2+6B+wl1BFvcM4FgSZXXuxAFVVR2m1pVPQPEtxSxmGy9YmlBWif9XcUwJQ
Kgko3K3rPIVrplcCyCpnNATB2bNDcR1P27cw6jzSBiNLU8v5D4eSCRTh1fBE
QAggNngbrJzhmOIBXyPvfOXMm8+uGHpJrW3QahAd10x04LXbFEEZE3uwmUeo
sPtl4OCGVZEn3PACkGEjrneVeLSVKATWs0Fasshj8xLxYl1XfocjE4yTZW81
Ze0NRzyRcwDMIQIDLAukJezSSmYUVhsSnIZzIyEW1rYvdly9gLdasvOGzmFa
Tll2R8J0tMrKJ4kp+rgmAyCwEqjXO47gr+FRCZTb4CVeO0E/SJOAajpH6q6e
mbVu5A1iVQp5n/pnGs0xVUaPdvgriDyKW/NAlqOYeos7LH4f4AkBjVotVrzG
mnwsW8k9ZVKsZ/Kk4IERXu1C0qV/hooXMmEgdSMcCHKm89y35RCHJVdHtp25
HeYKQXFx1ppn/9msMJqkIHhlFAlksT/dvL74+GYafPjpXwY3QG+abb/jZ9+Q
NexZSzuUGlmbvN3kJRQwHSvR9JoNnASF80JUNmBcygj5HGkCBYCtUCewBvLL
oCikHrVBHCLlogwC7idXBVIChNd1CwEMXQefHpGtxB6sX0XR0+elsjaSiDg2
VKwOQh/5j1InUlqOKXQKCY9olBJZUETIw+gSgOF1WSf08NUmPs6lgFg6izUZ
VAe9wJWWZxFVIN/JNhaWPUEQAr6yY4RQGdr4mFCxTZM82cnQ6zgcJtSEBkE9
6yCMHa2TdoNAWlCq6k/k0umZEjjrYXYa8VMukFKuhXBgTqbfJ8tnZpIcvbiM
64t/GIfkg+uwFbkeoH5473kYYSoRJGAKR2kVpPjVtWSbHAZXEBcqdcnSE+mK
JznjsHKMUFds40AH4oSOlvFDASie5NRDldU9aeWotC2wGBttQ3KR4WU2qb+p
U05/uYzZX/xTjBr8J55ZBlqE90WG8VW1Ht7R4wZCKuN9W1Rs0YcT+LwyaWJO
CAhWkOXp3rJ9huIlO1eIMlFr4zlBTgjTL+wG+w4adMsEvYZzqaplxIZYq8Jv
jaiS7NqQMY9rxLTwK4YB7FOmi6AUw9UbFuLVpJTItaySomaFuoSeXuRqgq4T
zCp2FYQ1AIWsBwZPWCdtu2FsxXiUa0ZkuzSnIlXxmhL0U9aQQlgvQKlroUnc
KOE+WzxLxswkKmlr/+DchGsTggApU1NWJdtPTs+E05zuFg5C6yeMBcm/UTxy
JRo8ZCdfJwLeyK8axH9NQf4di/u3AELSFkAffsis40K07Vd6eblcxv8wlprJ
ryFmnvh0iVGdYNuq4co3Zy2iTSYO8RWFNp4x2GGcMgv5i3xWTps0aIKwq9tt
Rho/6DCRNaYBE6H1ZNL3MidIc2zK64umHRcYklE/yUYXcwjDtAitvPawaI1M
0o3iR0XbX08Sz5lU82UoOZqLt1e/vaP/zeSVL00xzipDEim7iv4l7mrkItYO
ohsh0SRYYTb37OKNF9NhUgLIomrLlyeGD4fwEBSDSTnbLaOq3UjNI+DaR1M2
jLseKloBby1t6SVQZTmEcgOTccp8TNHVr5G1Ac+bczZ3PR7YHgNi5kVcjFQ3
pYCsWtCsmAva6DRhwhLSHvIQwxkS/Jz2uXwNkvAHp/46avKIkl3R4UlBg3LI
Xnuc0D/UHiQbQtEtAGshUDlyxxJWllPqtAhI9NnQVFI801yd9XqUxP0ytD2p
DLPBCnTbbg7nvsKxxnKYrYuhTk0/azqupeDp9ImCdlTbyuFA72HqkCRC0xgv
2L3L0uxJzS+jjEd0CmwQfZFgHazXIsWtcBj57iI7cOQJp+m8gFrRkfy8VCty
Kk7y9Ko5EOpjXM9uQ5oyq4bDQAXgfRomGj18RW6CuscOUPmTXcomtRWEuVqe
roy1+QiBs8VEpyTB+fwseCU78ksJXk9gtTBD484gBXnnZ43tOnUjktoHF4ba
L6SSkx65wxu9QTbQee75S+6OfhH3Nh47uLj5fgc+s4tpH5OYTlkRAkZbgcpM
xRxEZ7jJYG+7TyLsOOWE6sfUsQzA4BrvaVE31DtnyCit04j/DXnBWGapQ8OM
GzTAW7E0L3K28j2JlvXTRxcVeYiophXW64cNnTI6bTCFSu20MEpnFXrD0mGJ
x5HTLDM7HAWsiLfk0GU38mbI+QlDQNUmFZZQkjfcyaxVl/BoUIbxXxEHR2FQ
3dfYC2hVXTuiHuM8T4xeuxG08+eUtkL7VKiJ87tMpsGHaPYcOey1S/42NdjN
mQM4NZburKWxevVoNJvo5UX58/L26tUSyaRYHAmFbBxsV0XLwmlPxtIoZT38
UlBi6aqamxXAoCtnTHXB/+iZUXYxBSlcqoglOjIZQtjw8QQjlGXTcGY5jPcs
jL4HPNZEpY+6JICDzohPuI+HUwm1p2CAnaEf1p42z7XZvOdlYuk5WzFjhJWP
LIgTku8YINL8EZ2fnbqA2YY6r+S5BJXbQDO+aXa2KbD5yQfSAuzbDRJM/huK
JrTqJE7xk8kNqn9kDzSiLDkyjMYPSZwfDuCpRYQsdzrbRTYoZX6x7XI8KKc5
fAjcz1UGZxWqJBcKFd5qcQSLvYtVETWJQ17vPDWNx7zXCCUhw83oggCeffAZ
X6ggQ2slaeUXpRhnkbQ66x/hhKaZTgQt6hjRfgTPSAj04BougLfNnIFjHDlp
AVCh3ZBXYY+sysB40U0xs5tHp8BoYXAZifxC8Dmq5FNPIIcO8Za8Pq7fu24Z
TDnfGgrGXGH27mAZYzNbgQFSQMb+y2rDRbo+E+9oM4Jdob2Ce0bmF6cODBri
f3AGKK122nrgwPfrxCvzATzeQ+VdnEtaT+JwmFc1NB8SXUmdsFFlOOMwaKx0
2yLUbDmN9+5eBGqT3o41olJnxxkWXAxNo3PqFkZt+uxHgwyD+WTVjTu1PNQP
uaE45iJ5c56kagEUJaIq5zEksjFcg/hmWIxYNxl1TaXsV3xYiPvM+8XTV5Sg
WdsT4CxsSMYJACPSzvvQL7ehRXF7bWwrVCCReHL1ABxIoiMiBKQdLLn26Dql
X6lFTJj2+EXW32svJHx/MCqcksAVfaszLA/Orwh1IMWRlwOlyKTgtGYgPD/4
Jy3iPdp9x/3qnwttB5MPix0BR4FC6f4EFxgLOdzQhzgmHJX4CM0oXFKRrAcL
qJmMkmYq3jxXu0pKniw7BKc47U3kgGKRraU9jzqgYnki1lg5zRLNxWxRW7gO
d9ptORYld2vxfabI+Er6zrRgnn+tXaKX0WKtTTLt/H2Txckth1QcFdgN25RI
I/Jk5n4qT3Z4p31DeqUgeyFW0uFw9mumVFgA7jOieJWxx+uh3KKTkk/faclC
OjdGfs42wKFFbKUQQeqcEcjAsPZoLRS+N9l7bDRBbHECbe9FhyCKg3Sy5DQx
W4I2Amj/PEXVcZJyF043tQ4kdyDEjw+t7qj4yt9YCwu92JRnuWrKRtYXHEy7
1l4ETadKCvClMNuxDhlQOGSExpPoBGKmQj72HQoft1L4uBn1TxBOSpXHJ9xk
6It4pKt/IcR1ZHW5DqfpfiUdHllVUmo86WIbyBn92/lZTae0RO4anpo2gyRt
k5NgnJl1quZVnthbyjVLxd9S7JHMM17swmWRuVpubOJXu89pNQ5O8QTjvQOb
lSPyWw18rFI3zpnIUGsYVfXLvIQt7b2jHukYREJPSuBgYdinHGdeNgYxClwL
Vhp+n5nOwnXcQaOM53zx+aTsIlLMq7+BftnxDQFcGfLajXnxlPsPvd26uPZw
cLFz2HipoO+0sBYdyJ4cAS5eKh7nqrxUeAIzYaad5tLo3WhXu/Zu9pNMWfJB
pGMJ4kVJkpv+j9SP8J983tz0uOkkG1MA4snr4RrIVjLOGdp5A6RpzbbCVS15
SauJa3hx5CohFajDyXLG2/T5OAt0VHOyjuogKt/cfh59h+rnPYNFhMLFWIoc
2gIyIF2cuxiFF/jmQZQ1tCZAkjapU9bANmn4UJfmss6WcdcFN7qxNn+7Aijc
VOxHUqsVHHaq+ebtTmrZqovfrbjhkUnzR/i4hEoZTz049QxgzVpCb4W0EP9u
Fbn8eIVt5h7iI5luzE6NCUQ/O7PTRHchRhhSg+xqQeq04GFCRsf3KEXCsYWq
Yq77tJOJ9vH7lZLWj9Ubzs/+sOIawpdqDkzg0+Pfr8xfyYY2RyRfC/MW/9O7
tpPO/R9WBKc47J9Unt+OTuJh1z7CoD7YxBntXefiCjmR1kteJ1WGyKFs8IOq
m0ppxHKOHS/0lKZStzo6UsGGyl/MfPRu5mCFwsiSer3pPKJZ4dnWUoyVRoO8
5beW9MM8Rkvw8k+njrkZMyfp7tVcfqxunafGFzdMFkuxf6nlDr4HhAqHXmsa
yVG/kWLa36AGEibILjmhY6JJ8AMuxR6l5UvFIQkO2gtIAzrxU6e3c4TjQjUh
0FEiAmHmnmBztq5xHNhSdxsl/0KDxt61BNknIVhVWuicWZON9pq3u2l/20rh
V0bt+HjjSy6iqDGPb0g+UpvgPJb7k1M7vap0hKPc4aw+j6VsawrQZcb4Sfl/
WgwtWyUjJciuA1LE87zQoan1GwWmV4JHteUHEpBrJOuyWFKewMeApojrtTvU
7TG6/uwLQi4V+sivCnE/xrh65/peu1of6d8XpuyIoqCg1ZBbhxivYSz8GhP+
PKNRDyGNO7Q75NlZ6964YX+vreYMDAW3vMy6eDSw4MKEdgUG1yt88HxyfR2Q
Z1FbbVfkbthQA9Re3lHMPjWQrO+Tg0PqOo4XPLL7qxhDesnCnTWvqVQM1Juh
0UYRPZqQwV8SMvdcgQvZx+XJ/RSVdCX3f6pwPUeWOLl+fGQGfsGMXTMqrWiK
JtMWo2lnO2i0dCugmrAd7YKTVlLTGmPLPY5AFfB9TqH5/K46kGFN9zGTEUvq
Tt4FPpKMteVGMRvaP2MG/DJ5acW9cORrMIS4xYUYySlYdq05K+4uHmmVZ28n
97r0sn+wuyS6eF4fGDrmDfTKNutWtK3o8a5ZNY3Lab9Y1pqmH+Wom7M7Af36
JQjIHpTHuhx3QaY2nv18i+zFEyWckzaTvIKTt8Y+cadCupTzC4rv55oQ8nJP
AAMx4EnbXkjlc3J4ctvdc6VWWgtTKUvZscBJCqQLX7Ixc4VVgXzVZXSkSNi/
HB9XQmrbvFV4ps4r909DdYDvu4x21WVtf1pUjSt85GskWAszby9W4PPoo+34
gOsQ00AhPcZ5ZeC83v86P1sfZ6UhXbG4q4fSZ101n7IWp+xKf7zhHKxDYXIW
nziQU2JSWTAHMWrBlbHW4OCKou3CF/NM7p707uBD3vOmSWhtP25tt3y/RPKb
S8DCoo/XoSKlRmgJ/ImX5EUh+hdqOaF6LolCeCfeOWEK66my1foYcnmslPOU
jA2nvBPf5EFm0YPsVLuQG+yMp3J2e/TdFzwSv6R+p9CkkPFLRquwYvmZlgt0
H9JEJY+kZWNYkn/K2kY2ttCysBe2joYZ14ZZlsmdsCOJddn6GMqkPhESc1YU
SkB6NYX9XKWHoy7zD5oTg6ENd88yZDp7pfP7qE926Ns9X0LPDvsHljIYKb1V
M27UU5J9UmsN9kXv/xF59pYOsMOX+3SILXNXPRTO3VHez0zyKXq76HtbxK8e
kv6iUOCMNy1O/ERsKT1Ovown3DdidTyh3Wu3raSmorq4evTuYtbcppf013k1
wWAGxg7xq4YiCgnXWmMXXdFZpIPg8pVRDVcap3cZ0fE+e5kx3b8YaDlNr4BG
tE4WIbxhyonGkuUrCLbHFSuACY3S/+1cvBjd+oKO0WoKYbvxd9pk7jxBZTa2
uuWvgVO4KiHgqmHJRQmAq5YOzlCnzq8CwosQhqwOg04fDSY4kC6rCV3q9wOl
C2trvnhZt0LmYZHgzPAFBNE2lkGAcvle8ZafII6Ds7HSPGerWctG0nRKoBXX
hC6OYMdZ+9QkqG8mllIKTy1MlC5RqDKu3OISw/S7AfIuAO6RTEMmilJcGJNa
7K1JIdrNZoGvLhNKKCSXjKZQkVxKOTLLDGzzSWOX2gPfxpfy1xORYVSTGRMf
9xU9Hy77VfVx3KMz7RxkQrZAv5em3dNGnXQHF4+en32pPSVUVL7UEUMp/Lgl
ZlSZ8m1o2fRad+ecIvhuJvUa7uaXKKTZHGJhqB5+Y64u3l/MOMVHr55TaKGQ
yG+B7g2drJB/0RIqP7QU9nA2/w8qYDpPRVQAAA==

-->

</rfc>
