<?xml version='1.0' encoding='utf-8'?>
<!DOCTYPE rfc [
  <!ENTITY nbsp    "&#160;">
  <!ENTITY zwsp   "&#8203;">
  <!ENTITY nbhy   "&#8209;">
  <!ENTITY wj     "&#8288;">
]>
<?xml-stylesheet type="text/xsl" href="rfc2629.xslt" ?>
<!-- generated by https://github.com/cabo/kramdown-rfc version 1.7.39 (Ruby 3.2.3) -->
<rfc xmlns:xi="http://www.w3.org/2001/XInclude" ipr="trust200902" docName="draft-cui-nmrg-llm-nm-02" category="info" consensus="true" submissionType="IRTF" tocInclude="true" sortRefs="true" symRefs="true" version="3">
  <!-- xml2rfc v2v3 conversion 3.34.0 -->
  <front>
    <title abbrev="LLM4Net">A Framework for LLM Agent-Assisted Network Management with Human-in-the-Loop</title>
    <seriesInfo name="Internet-Draft" value="draft-cui-nmrg-llm-nm-02"/>
    <author initials="Y." surname="Cui" fullname="Yong Cui">
      <organization>Tsinghua University</organization>
      <address>
        <postal>
          <region>Beijing</region>
          <code>100084</code>
          <country>China</country>
        </postal>
        <email>cuiyong@tsinghua.edu.cn</email>
        <uri>http://www.cuiyong.net/</uri>
      </address>
    </author>
    <author initials="M." surname="Xing" fullname="Mingzhe Xing">
      <organization>Zhongguancun Laboratory</organization>
      <address>
        <postal>
          <region>Beijing</region>
          <code>100094</code>
          <country>China</country>
        </postal>
        <email>xingmz@zgclab.edu.cn</email>
      </address>
    </author>
    <author initials="L." surname="Zhang" fullname="Lei Zhang">
      <organization>Zhongguancun Laboratory</organization>
      <address>
        <postal>
          <region>Beijing</region>
          <code>100094</code>
          <country>China</country>
        </postal>
        <email>zhanglei@zgclab.edu.cn</email>
      </address>
    </author>
    <date year="2026" month="July" day="01"/>
    <area>IRTF</area>
    <workgroup>Network Management</workgroup>
    <keyword>Large Language Model</keyword>
    <keyword>Autonomous Agent</keyword>
    <keyword>Network Management</keyword>
    <keyword>Human in The Loop</keyword>
    <abstract>
      <?line 117?>

<t>This document describes a reference framework for collaborative network management between Large Language Model (LLM)-assisted agents and human operators. Because network management actions can affect service availability, security posture, customer traffic, and compliance obligations, LLM-generated recommendations need to be validated, reviewed, and audited before they are applied to operational networks. The framework therefore focuses on human-in-the-loop control for safe, auditable, and operator-supervised use of LLM-assisted decision support in network operations. The document is intended to be compatible with existing network management systems and protocols while identifying research issues, rather than specifying a complete implementation of all LLM agent mechanisms.</t>
    </abstract>
    <note removeInRFC="true">
      <name>About This Document</name>
      <t>
        The latest revision of this draft can be found at <eref target="https://xmzzyo.github.io/draft_llm_nm/draft-cui-nmrg-llm-nm.html"/>.
        Status information for this document may be found at <eref target="https://datatracker.ietf.org/doc/draft-cui-nmrg-llm-nm/"/>.
      </t>
      <t>
        Discussion of this document takes place on the
        Network Management Research Group mailing list (<eref target="mailto:nmrg@irtf.org"/>),
        which is archived at <eref target="https://mailarchive.ietf.org/arch/browse/nmrg"/>.
        Subscribe at <eref target="https://www.ietf.org/mailman/listinfo/nmrg/"/>.
      </t>
      <t>Source for this draft and an issue tracker can be found at
        <eref target="https://github.com/xmzzyo/draft_llm_nm"/>.</t>
    </note>
  </front>
  <middle>
    <?line 123?>

<section anchor="introduction">
      <name>Introduction</name>
      <section anchor="motivation">
        <name>Motivation</name>
        <t>Traditional network automation systems often fail to handle unanticipated scenarios or manage complex, multi-domain data dependencies. Large Language Models (LLMs), when used as agent-assisted components, offer multimodal data comprehension, adaptive reasoning, and broad generalization, making them a candidate technology for network management assistance <xref target="TM-IG1230"/>. This document describes a framework for using LLM-assisted agents as decision-support components in network management workflows.</t>
      </section>
      <section anchor="why-human-in-the-loop-is-necessary">
        <name>Why Human-in-the-Loop is Necessary</name>
        <t>Human-in-the-loop operation is necessary because network management actions can affect service availability, security posture, customer traffic, and compliance obligations. An LLM-generated recommendation may be syntactically valid but still operationally unsafe if it relies on stale telemetry, misinterprets local policy, affects the wrong service scope, or ignores maintenance windows and business constraints.</t>
        <t>In addition, many network-management decisions depend on operational knowledge that may not be fully represented in telemetry or retrieved documents, such as planned maintenance, customer exceptions, escalation procedures, and local risk tolerance. Human review therefore provides the point at which evidence, uncertainty, operational impact, and authorization are assessed before a recommendation is applied to the network. This document treats human-in-the-loop control as a necessary part of the safety and accountability model for LLM agent-assisted network management.</t>
      </section>
      <section anchor="problem-statement">
        <name>Problem Statement</name>
        <t>Network management presents persistent operational challenges, including multi-vendor configuration complexity, correlation of heterogeneous telemetry data, and timely response to dynamic security threats. LLM agents offer a potential approach to address these challenges through their data comprehension and reasoning capabilities.</t>
        <t>However, applying LLM agents in network management raises several research and engineering questions. These include how to provide semantic context for telemetry and configuration state, how to represent confidence and operational risk, how to validate LLM-generated recommendations before execution, and how to preserve auditability through provenance tracking.</t>
        <t>This document is intended as input for NMRG discussion on AI in network management. It focuses on research challenges and reference components rather than specifying a new network management protocol, a new LLM interface, or fully autonomous network control. Although the framework shows several supporting components, their purpose is to illustrate the human-supervised decision path from context collection to recommendation, validation, operator audit, and controlled execution.</t>
      </section>
      <section anchor="research-questions">
        <name>Research Questions</name>
        <t>This document motivates discussion of the following research questions:</t>
        <ul spacing="normal">
          <li>
            <t>What semantic context is needed for LLM-assisted systems to reason correctly over network telemetry and configuration state?</t>
          </li>
          <li>
            <t>How can confidence, uncertainty, validation results, and operational risk be represented so that operators can make informed decisions?</t>
          </li>
          <li>
            <t>How can human review, approval, modification, and rejection be designed as a meaningful control step rather than a procedural confirmation?</t>
          </li>
          <li>
            <t>What evidence and decision records are needed to make LLM-assisted recommendations and operator actions auditable and reproducible?</t>
          </li>
        </ul>
      </section>
    </section>
    <section anchor="terminology">
      <name>Terminology</name>
      <section anchor="acronyms-and-abbreviations">
        <name>Acronyms and Abbreviations</name>
        <ul spacing="normal">
          <li>
            <t>LLM: Large Language Model</t>
          </li>
          <li>
            <t>RAG: Retrieval-Augmented Generation</t>
          </li>
          <li>
            <t>MCP: Model Context Protocol</t>
          </li>
          <li>
            <t>A2A: Agent-to-Agent Protocol</t>
          </li>
          <li>
            <t>NACM: NETCONF Access Control Model</t>
          </li>
        </ul>
      </section>
    </section>
    <section anchor="reference-framework">
      <name>Reference Framework</name>
      <artwork><![CDATA[
+-------------------------------------------------------------+
|         LLM-Agent Assisted Network Management System        |
+-------------------------------------------------------------+
|+---------------LLM Agent Decision Module-------------------+|
||                                                           ||
||               +----Task Agent Module---+  +-------------+ ||
||               | +---------------------+|  | Task Agent  <-----+
||               | | Tools/Agent Comms   ||<-> Mgt Module  | ||  |
||               | +---------------------+|  +-------------+ ||  |
||               | +------+  +----------+ |  |Syntax Verify| ||  |
||               | |Prompt|  |Fine-Tuned| <->|     Module  | ||  |
||               | | Lib  |  |Weight Lib| |  +-------------+ ||  |
|| +----------+  | +------+  +----------+ |  +--------------+||  |
|| |RAG Module|<-> +--------------------+ |  |Access Control|||  |
|| +-----^----+  | |Foundation Model Lib| -->|    Module    |||  |
||       |       | +--------------------+ |  +-------|------+||  |
||       |       +----^---------------^---+          |       ||  |
|+-------|------------|---------------|--------------|-------+|  |
|+-------v------------v----+ +--------v--------------v-------+|  |
||Enhanced Telemetry Module| |   Operator Audit Module       ||  |
|+-----------^-------------+ +--------------|-------------^--+|  |
+------------|------------------------------|-------------|---+  |
             |                              |       +-----v---+  |
             |                              |       |Operator <--+
             |                              |       +---------+
+------------v------------------------------v------------------+
|               Original Network Management System             |
+------------------------------^-------------------------------+
                               |
+------------------------------v-------------------------------+
|                       Physical Network                       |
+--------------------------------------------------------------+

Figure 1: The LLM agent-Assisted Network Management Framework
]]></artwork>
      <t>Figure 1 illustrates the principal components of the LLM agent-assisted network management framework. The figure is a functional decomposition used to discuss human-supervised decision support, not a complete product architecture. A human operator instantiates a specific task agent (e.g., for fault analysis or topology optimization) via the Task Agent Management Module by specifying a foundation model, a prompt, and optional fine-tuned adapter parameters <xref target="Hu22"/>. The Enhanced Telemetry Module enriches raw telemetry data obtained from the underlying network management system and supplies it to the LLM Agent Decision Module. After decision-making, the generated configuration is validated for syntactic correctness and checked against access control rules. The Operator Audit Module provides a structured mechanism for human review of generated configurations; upon operator approval, configurations are issued to the network management system for deployment.</t>
      <section anchor="enhanced-telemetry-module">
        <name>Enhanced Telemetry Module</name>
        <t>The Enhanced Telemetry Module enriches raw telemetry data with semantic context, providing structured input to the LLM Agent Decision Module.
Telemetry data retrieved from network devices via NETCONF <xref target="RFC6241"/> (e.g., in XML format) typically lacks field descriptions, structured metadata, and vendor-specific context. Because this supplementary information is not present in the pre-trained knowledge of general-purpose LLMs, its absence can lead to misinterpretation and erroneous reasoning. To address this, an external knowledge base is used to store YANG model schemas, device manuals, and other relevant documentation.
The Enhanced Telemetry Module operates as middleware between the network management system and the external knowledge base. Through its southbound interface, it retrieves NETCONF data from the NETCONF client of the existing network management system. Through its northbound interface, it queries the external knowledge base for the corresponding YANG model or device documentation.
To improve semantic richness, the module processes retrieved data by simplifying formatted content (e.g., removing redundant or closing XML tags) and appending YANG tree path and field-description information to the relevant data elements. This produces structured, context-enriched input suitable for LLM analysis and reasoning.</t>
      </section>
      <section anchor="llm-agent-decision-module">
        <name>LLM Agent Decision Module</name>
        <section anchor="rag-module">
          <name>RAG Module</name>
          <t>A pre-trained LLM may lack knowledge of operator-specific configurations, vendor-specific syntax, or domain-specific operational procedures. Retrieval-Augmented Generation (RAG) <xref target="Lewis20"/> can retrieve relevant information from operator-defined sources, such as device documentation and operational knowledge bases, and combine it with semantically enriched telemetry.
For human-in-the-loop review, retrieved evidence needs to be traceable. The identifiers, versions, timestamps, and scope of retrieved documents SHOULD be recorded so that the operator and later audit processes can understand which evidence influenced the recommendation.</t>
        </section>
        <section anchor="task-agent-module">
          <name>Task Agent Module</name>
          <t>A task agent is created to support a specific network management task, such as traffic analysis, traffic optimization, or fault remediation. A task agent can include a selected foundation model, an associated prompt, and optionally fine-tuned adapter weights. These are deployment choices rather than the primary focus of this document.</t>
          <t>The framework can use libraries for foundation models, prompts, and fine-tuned adapter weights <xref target="Hu22"/>. From the human-in-the-loop perspective, the important requirement is that the selected model, prompt template, adapter version, input context, and output format are recorded as part of the decision context. This allows operators to understand the source of a recommendation and allows later audit or reproduction of the decision process.</t>
        </section>
        <section anchor="task-agent-communication-module">
          <name>Task Agent Communication Module</name>
          <t>A task agent may interact with external tools (e.g., Python scripts, network verification tools such as Batfish, or optimization solvers) to acquire additional information or perform specific operations.
Emerging agent protocols such as the Model Context Protocol (MCP) <xref target="mcp"/> and Agent-to-Agent Protocol (A2A) <xref target="a2a"/> illustrate possible mechanisms for tool invocation and inter-agent coordination. This document does not require a specific agent protocol. A deployment may use any mechanism that provides authenticated tool access, schema validation for tool inputs and outputs, error propagation, and audit correlation between an LLM-assisted recommendation and the external evidence or tool results used to produce it.</t>
          <t>In multi-domain or complex scenarios, multiple task agents may collaborate to achieve a shared network management objective. Such collaboration should preserve task context, partial results, constraints, and confidence information so that handoffs remain auditable and operator review remains meaningful.</t>
        </section>
        <section anchor="task-agent-management-module">
          <name>Task Agent Management Module</name>
          <t>The Task Agent Management Module is responsible for controlled creation, update, and deletion of task agents. In this framework, its main role is to bind a task agent to an operational objective, permission scope, and audit context.</t>
          <t>A task agent may be instantiated in response to an operator request, an automated policy trigger, or a higher-level orchestration workflow. Creation includes parsing the high-level intent, selecting an appropriate task template, initializing network context, assigning credentials or permissions, and creating a session identifier for audit correlation.</t>
          <t>Task agent updates may be needed when network conditions, model versions, prompts, or operator policies change. Updates SHOULD preserve the audit context and SHOULD record changes that may affect the interpretation of later recommendations.</t>
          <t>When a task agent completes, fails, or is explicitly terminated, its final state, generated actions, tool results, and relevant performance information SHOULD be archived in the audit log. This ensures that operator decisions and LLM-assisted recommendations can be traced after the task has ended.</t>
          <t>By providing structured, auditable, and policy-governed lifecycle management, the Task Agent Management Module supports operator-supervised LLM-assisted decision support rather than unconstrained autonomous network control.</t>
        </section>
      </section>
      <section anchor="config-verification-module">
        <name>Config Verification Module</name>
        <section anchor="syntax-validation-module">
          <name>Syntax Validation Module</name>
          <t>LLM-generated configurations MUST pass YANG schema validation before being queued for human approval. This module ensures that only syntactically correct configurations are presented for operator review, reducing the likelihood of invalid configurations reaching the deployment stage.</t>
        </section>
        <section anchor="access-control-module">
          <name>Access Control Module</name>
          <t>Syntactic correctness alone does not prevent an LLM from generating configurations that would perform unintended or harmful operations on critical network devices. It is therefore necessary to enforce explicit permission boundaries for LLM task agents.</t>
          <t>The NETCONF Access Control Model (NACM) defined in <xref target="RFC8341"/> provides a framework for specifying access permissions that can be applied to LLM task agents. NACM defines the concepts of users, groups, access operation types, and action types, which are applied as follows:</t>
          <ul spacing="normal">
            <li>
              <t>User and Group: Each task agent is registered as a distinct user, representing an entity with defined access permissions for specific devices. A task agent (user) is identified by a unique string within the system. Access control may also be applied at the group level, where a group consists of zero or more members and a task agent may belong to multiple groups.</t>
            </li>
            <li>
              <t>Access Operation Types: These define the types of operations permitted, including create, read, update, delete, and execute. Each task agent is assigned a set of permitted operation types based on its role.</t>
            </li>
            <li>
              <t>Action Types: These specify whether a given operation is permitted or denied, determining whether an LLM-generated operation request is allowed under the configured access control rules.</t>
            </li>
            <li>
              <t>Rule List: Each rule governs access control by specifying the content and operations a task agent is authorized to handle within the system.</t>
            </li>
          </ul>
          <t>This module MUST enforce explicit restrictions on the operations an LLM agent is permitted to perform, ensuring that network configurations remain compliant with operational security policies.</t>
        </section>
        <section anchor="feedback-module">
          <name>Feedback Module</name>
          <t>LLM-generated configurations may not always satisfy YANG schema constraints, access control rules, or operational requirements. The Feedback Module supplies structured feedback (e.g., in structured text format) and corrective hints to the LLM agent, enabling iterative refinement of generated configurations to meet these constraints.</t>
        </section>
      </section>
      <section anchor="operator-audit-module">
        <name>Operator Audit Module</name>
        <t>The Operator Audit Module provides a structured mechanism for human review of LLM-generated configurations prior to deployment. The output of the LLM Decision Module includes both the generated configuration and an associated confidence score. The configuration is validated against the YANG model and subject to access control enforcement. The confidence score (e.g., on a scale of 0 to 100) provides operators with a quantitative reference for assessing the reliability of the recommendation.</t>
        <t>The purpose of this module is not only to collect an approval action. It is intended to give operators enough context to judge whether the recommendation is consistent with the operational objective, whether the supporting data is complete and fresh, whether the affected network scope is acceptable, and whether additional verification or escalation is needed.</t>
        <t>Each audit instance MUST record the input context (e.g., input data, RAG query content, model selection, relevant configuration files) and the corresponding decision output. The audit steps include the following:</t>
        <ul spacing="normal">
          <li>
            <t>Result Verification: The operator verifies that the LLM-generated output is consistent with operational objectives and policy requirements.</t>
          </li>
          <li>
            <t>Compliance Check: The operator confirms that the output adheres to applicable regulatory standards and operational policies.</t>
          </li>
          <li>
            <t>Security Verification: The operator checks the output for potential security issues, such as misconfigurations or unintended access changes.</t>
          </li>
          <li>
            <t>Correction: If issues are identified, the operator documents the findings and applies corrective modifications.</t>
          </li>
        </ul>
        <t>Upon completion of the audit, the system records an audit decision entry to ensure traceability of operator actions. The audit record includes:</t>
        <ul spacing="normal">
          <li>
            <t>Timestamp of the audit action</t>
          </li>
          <li>
            <t>LLM Task Agent ID</t>
          </li>
          <li>
            <t>Operator decision (approve, reject, modify, or defer)</t>
          </li>
          <li>
            <t>Final executed command</t>
          </li>
          <li>
            <t>Operation type (e.g., configuration update, deletion, or execution)</t>
          </li>
        </ul>
        <t>The Operator Audit Module also provides explainability support to improve transparency in LLM-assisted decision-making. Each LLM-generated configuration includes a structured rationale indicating the key factors that influenced the decision. For example, if the system recommends increasing bandwidth allocation, the decision log indicates whether this was driven by high latency observed in telemetry, an SLA threshold breach, or another contributing factor.</t>
        <t>The audit process additionally supports counterfactual reasoning, enabling operators to assess the projected outcome if no action is taken. For example, the system may indicate that without intervention, packet loss is expected to increase by a specified percentage within a defined time window. This provides operators with a comparative basis for evaluating proposed actions.</t>
        <t>If an LLM agent decision is based on incomplete or uncertain data, the system flags it accordingly. For example, if real-time telemetry data is insufficient, the confidence score is lowered and the condition is noted in the audit record, allowing operators to exercise appropriate judgment.</t>
      </section>
    </section>
    <section anchor="research-challenges-and-considerations">
      <name>Research Challenges and Considerations</name>
      <t>This section summarizes research challenges raised by the reference framework. The intent is to identify issues for further NMRG discussion rather than to prescribe a single implementation.</t>
      <section anchor="semantic-context-and-provenance">
        <name>Semantic Context and Provenance</name>
        <t>Human review depends on context that is both machine-processable and meaningful to operators. Telemetry values, topology information, configuration state, and retrieved documents need scope, timestamp, source, collection method, and provenance metadata so that operators can judge whether the recommendation is based on relevant and current evidence.</t>
      </section>
      <section anchor="uncertainty-and-risk-representation">
        <name>Uncertainty and Risk Representation</name>
        <t>Confidence scores alone are insufficient for network-management decisions. Research is needed on how to present model uncertainty, input-data uncertainty, validation status, and operational impact as operator-facing risk information.</t>
      </section>
      <section anchor="human-review-workflow">
        <name>Human Review Workflow</name>
        <t>Human review needs to be designed so that operators can make informed decisions under time pressure. Open questions include what evidence to present, when to require secondary approval, how to avoid automation bias, and how to support operator requests for more evidence.</t>
      </section>
      <section anchor="accountability-and-auditability">
        <name>Accountability and Auditability</name>
        <t>LLM-assisted decisions need audit records that connect input evidence, model output, tool results, validation outcomes, operator decisions, and final actions. Such records are needed for incident analysis, rollback, compliance, and research reproducibility, while still protecting sensitive operational data and credentials.</t>
      </section>
    </section>
    <section anchor="use-cases">
      <name>Use Cases</name>
      <section anchor="ddos-intelligent-defense">
        <name>DDoS Intelligent Defense</name>
        <t>Distributed Denial of Service (DDoS) attacks represent a persistent operational threat. Conventional mitigation systems based on rate-limiting and signature matching may not adapt rapidly enough to generate fine-grained filtering rules in response to multi-dimensional telemetry patterns.</t>
        <t>This use case illustrates how the LLM agent-assisted framework supports filtering recommendation generation with human oversight. The Enhanced Telemetry Module retrieves and enriches traffic statistics, and the LLM-assisted agent generates a filtering recommendation with a rationale and evidence references.</t>
        <t>The recommendation is passed through syntax validation and access-control enforcement before being shown to the operator. Human review is needed because the operator may need to judge collateral impact, customer exceptions, threat-intelligence context, and escalation policy. The final operator decision and any executed command are recorded in the audit log.</t>
      </section>
      <section anchor="traffic-scheduling-and-optimization">
        <name>Traffic Scheduling and Optimization</name>
        <t>In large-scale networks, dynamic traffic scheduling is required to respond to fluctuating load, maintain QoS, and satisfy SLA requirements. Static or rule-based methods may not provide sufficient responsiveness or cross-domain visibility.</t>
        <t>This use case illustrates how the framework supports LLM agent-assisted traffic scheduling with operator control. The Enhanced Telemetry Module collects and enriches link utilization, queue occupancy, delay metrics, topology information, and service-class constraints.</t>
        <t>The LLM-assisted agent proposes a traffic-engineering adjustment, such as rerouting selected traffic classes through underutilized paths or adjusting policy parameters. The recommendation is validated before operator review. The operator then reviews the recommendation, validation result, expected path shift, policy constraints, and possible impact on other traffic classes before approving, modifying, rejecting, or deferring the action. The final operator decision and any revised configuration are stored in the audit log.</t>
      </section>
    </section>
    <section anchor="Security">
      <name>Security Considerations</name>
      <t>This section summarizes the main security issues introduced by LLM-assisted network management. The analysis assumes that LLM-assisted agents can access telemetry, retrieve contextual knowledge, invoke external tools, and generate recommendations or candidate configuration changes subject to human oversight.</t>
      <t>Security-sensitive assets include network configuration state, telemetry data, external knowledge bases, prompts and system instructions, fine-tuned weights, agent credentials, and human audit records. Compromise of these assets may lead to service disruption, policy violations, data leakage, or unauthorized configuration changes.</t>
      <t>The framework introduces trust boundaries between the LLM agent and the network management system, between the agent and external toolchains, between cooperating task agents, between retrieval databases and the LLM context, and between automated decision modules and human operators. Each boundary needs explicit protection through authentication, authorization, input validation, integrity protection, and audit logging.</t>
      <t>Prompt injection and RAG knowledge poisoning are important risks because they can influence operator-facing recommendations. Malicious telemetry fields, compromised documentation, poisoned retrieval databases, or cross-agent messages may affect model output. Mitigations include context separation, structured role tagging, input sanitization, integrity verification of retrieval documents, versioning of knowledge sources, logging of retrieved document identifiers, and deterministic validation of generated configurations.</t>
      <t>Agent identity and tool access also need protection. Each task agent should be bound to a distinct identity and to explicit permissions, for example through NACM-based access control. Tool invocation should use authenticated access, schema validation for tool inputs and outputs, sandboxing where appropriate, and human confirmation for high-risk tool invocations.</t>
      <t>The LLM-assisted decision layer can itself become a denial-of-service target. Excessive task instantiation requests, high-frequency telemetry triggers, or multi-agent loops may cause resource exhaustion or delayed incident response. Mitigations include rate limiting, admission control, quotas, maximum reasoning-depth or token limits, and circuit breakers in the Task Agent Management Module.</t>
      <t>LLMs may generate syntactically correct but semantically invalid configurations, such as referencing non-existent interfaces, misinterpreting vendor-specific syntax, or using incorrect parameter units. Mitigations include YANG schema validation, deterministic configuration simulation, access-control checks, confidence-based escalation thresholds, explicit reasoning logs, and operator review. Human approval MUST remain the final authority for high-impact changes.</t>
      <t>To support structured oversight, each generated configuration SHOULD be assigned a risk level derived from factors such as scope of impact, operation type, policy sensitivity, confidence score, and historical rollback frequency. Risk classification MUST be included in the audit record.</t>
    </section>
    <section anchor="IANA">
      <name>IANA Considerations</name>
      <t>This document includes no request to IANA.</t>
    </section>
  </middle>
  <back>
    <references anchor="sec-combined-references">
      <name>References</name>
      <references anchor="sec-normative-references">
        <name>Normative References</name>
        <reference anchor="RFC8341">
          <front>
            <title>Network Configuration Access Control Model</title>
            <author fullname="A. Bierman" initials="A." surname="Bierman"/>
            <author fullname="M. Bjorklund" initials="M." surname="Bjorklund"/>
            <date month="March" year="2018"/>
            <abstract>
              <t>The standardization of network configuration interfaces for use with the Network Configuration Protocol (NETCONF) or the RESTCONF protocol requires a structured and secure operating environment that promotes human usability and multi-vendor interoperability. There is a need for standard mechanisms to restrict NETCONF or RESTCONF protocol access for particular users to a preconfigured subset of all available NETCONF or RESTCONF protocol operations and content. This document defines such an access control model.</t>
              <t>This document obsoletes RFC 6536.</t>
            </abstract>
          </front>
          <seriesInfo name="STD" value="91"/>
          <seriesInfo name="RFC" value="8341"/>
          <seriesInfo name="DOI" value="10.17487/RFC8341"/>
        </reference>
        <reference anchor="RFC6241">
          <front>
            <title>Network Configuration Protocol (NETCONF)</title>
            <author fullname="R. Enns" initials="R." role="editor" surname="Enns"/>
            <author fullname="M. Bjorklund" initials="M." role="editor" surname="Bjorklund"/>
            <author fullname="J. Schoenwaelder" initials="J." role="editor" surname="Schoenwaelder"/>
            <author fullname="A. Bierman" initials="A." role="editor" surname="Bierman"/>
            <date month="June" year="2011"/>
            <abstract>
              <t>The Network Configuration Protocol (NETCONF) defined in this document provides mechanisms to install, manipulate, and delete the configuration of network devices. It uses an Extensible Markup Language (XML)-based data encoding for the configuration data as well as the protocol messages. The NETCONF protocol operations are realized as remote procedure calls (RPCs). This document obsoletes RFC 4741. [STANDARDS-TRACK]</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="6241"/>
          <seriesInfo name="DOI" value="10.17487/RFC6241"/>
        </reference>
      </references>
      <references anchor="sec-informative-references">
        <name>Informative References</name>
        <reference anchor="TM-IG1230">
          <front>
            <title>Autonomous Networks Technical Architecture</title>
            <author initials="K." surname="McDonnell" fullname="Kevin McDonnell">
              <organization/>
            </author>
            <author initials="A." surname="Machwe" fullname="Azahar Machwe">
              <organization/>
            </author>
            <author initials="D." surname="Milham" fullname="Dave Milham">
              <organization/>
            </author>
            <author initials="J." surname="O’Sullivan" fullname="James O’Sullivan">
              <organization/>
            </author>
            <author initials="J." surname="Niemöller" fullname="Jörg Niemöller">
              <organization/>
            </author>
            <author initials="L. F." surname="Varvello" fullname="Luca Franco Varvello">
              <organization/>
            </author>
            <author initials="V." surname="Devadatta" fullname="Vinay Devadatta">
              <organization/>
            </author>
            <author initials="W." surname="Lei" fullname="Wang Lei">
              <organization/>
            </author>
            <author initials="W." surname="Xu" fullname="Wang Xu">
              <organization/>
            </author>
            <author initials="X." surname="Yuan" fullname="Xie Yuan">
              <organization/>
            </author>
            <author initials="Y." surname="Stein" fullname="Yuval Stein">
              <organization/>
            </author>
            <date year="2023" month="February"/>
          </front>
        </reference>
        <reference anchor="Hu22">
          <front>
            <title>LoRA Low-Rank Adaptation of Large Language Models</title>
            <author initials="E. J." surname="Hu" fullname="Edward J Hu">
              <organization/>
            </author>
            <author initials="Y." surname="Shen" fullname="Yelong Shen">
              <organization/>
            </author>
            <author initials="P." surname="Wallis" fullname="Phillip Wallis">
              <organization/>
            </author>
            <author initials="Z." surname="Allen-Zhu" fullname="Zeyuan Allen-Zhu">
              <organization/>
            </author>
            <author initials="Y." surname="Li" fullname="Yuanzhi Li">
              <organization/>
            </author>
            <author initials="S." surname="Wang" fullname="Shean Wang">
              <organization/>
            </author>
            <author initials="L." surname="Wang" fullname="Lu Wang">
              <organization/>
            </author>
            <author initials="W." surname="Chen" fullname="Weizhu Chen">
              <organization/>
            </author>
            <date>n.d.</date>
          </front>
        </reference>
        <reference anchor="Lewis20">
          <front>
            <title>Retrieval-Augmented Generation for Knowledge-Intensive NLP Tasks</title>
            <author initials="P." surname="Lewis" fullname="Patrick Lewis">
              <organization/>
            </author>
            <author initials="E." surname="Perez" fullname="Ethan Perez">
              <organization/>
            </author>
            <author initials="A." surname="Piktus" fullname="Aleksandra Piktus">
              <organization/>
            </author>
            <author initials="F." surname="Petroni" fullname="Fabio Petroni">
              <organization/>
            </author>
            <author initials="V." surname="Karpukhin" fullname="Vladimir Karpukhin">
              <organization/>
            </author>
            <author initials="N." surname="Goyal" fullname="Naman Goyal">
              <organization/>
            </author>
            <author initials="H." surname="Küttler" fullname="Heinrich Küttler">
              <organization/>
            </author>
            <author initials="M." surname="Lewis" fullname="Mike Lewis">
              <organization/>
            </author>
            <author initials="W.-t." surname="Yih" fullname="Wen-tau Yih">
              <organization/>
            </author>
            <author initials="T." surname="Rocktäschel" fullname="Tim Rocktäschel">
              <organization/>
            </author>
            <author initials="S." surname="Riede" fullname="Sebastian Riede">
              <organization/>
            </author>
            <date>n.d.</date>
          </front>
        </reference>
        <reference anchor="mcp" target="https://modelcontextprotocol.io/introduction">
          <front>
            <title>Model Context Protocol</title>
            <author>
              <organization/>
            </author>
            <date year="2025" month="July"/>
          </front>
        </reference>
        <reference anchor="a2a" target="https://developers.googleblog.com/en/a2a-a-new-era-of-agent-interoperability/">
          <front>
            <title>Announcing the Agent2Agent Protocol (A2A)</title>
            <author>
              <organization/>
            </author>
            <date year="2025" month="July"/>
          </front>
        </reference>
      </references>
    </references>
    <?line 371?>

<section numbered="false" anchor="acknowledgments">
      <name>Acknowledgments</name>
      <t>We thanks Shailesh Prabhu from Nokia for his contributions to this document.</t>
    </section>
    <section numbered="false" anchor="appendix">
      <name>Appendix</name>
      <section numbered="false" anchor="appendix-a1-data-model">
        <name>Appendix A.1 Data Model</name>
        <t>This section defines the essential data models for LLM agent-assisted network management, including the LLM agent decision response and human audit records.</t>
        <section numbered="false" anchor="llm-response-data-model">
          <name>LLM Response Data Model</name>
          <t>The LLM Agent Decision Module returns generated configuration parameters and an associated confidence score. If the LLM cannot produce a valid configuration, it returns an error reason.</t>
          <sourcecode type="yang"><![CDATA[
module: llm-response-module
  +--rw llm-response
     +--rw config?         string
     +--rw confidence?     uint8
     +--rw error-reason?   enumeration
]]></sourcecode>
          <t>The LLM response YANG model is structured as follows:</t>
          <sourcecode type="yang"><![CDATA[
module llm-response-module {
  namespace "urn:ietf:params:xml:ns:yang:ietf-nmrg-llmn4et";
  prefix llmresponse;
  container llm-response {
    leaf config {
      type string;
    }
    leaf confidence {
      type uint8;
    }
    leaf error-reason {
      type enumeration {
        enum unsupported-task;
        enum unsupported-vendor;
      }
    }
  }
}
]]></sourcecode>
        </section>
        <section numbered="false" anchor="human-audit-data-model">
          <name>Human Audit Data Model</name>
          <t>This data model defines the structure for human audit operations and records. It supports collaborative decision-making by recording LLM-generated actions alongside the operator's final decision.</t>
          <sourcecode type="yang"><![CDATA[
module: human-audit-module
  +--rw human-audit
     +--rw task-id?      string
     +--rw generated-config?   string
     +--rw confidence?         uint8
     +--rw human-actions
        +--rw operator?          string
        +--rw action?            enumeration
        +--rw modified-config?   string
        +--rw timestamp?         yang:date-and-time
]]></sourcecode>
          <t>The human audit YANG model is structured as follows:</t>
          <sourcecode type="yang"><![CDATA[
module human-audit-module {
  namespace "urn:ietf:params:xml:ns:yang:ietf-nmrg-llmn4et";
  prefix llmaudit;
  import ietf-yang-types { prefix yang; }

  container human-audit {
    leaf task-id {
      type string;
      }
    leaf generated-config {
      type string;
      }
    leaf confidence {
      type uint8;
      }
    container human-actions {
      leaf operator {
        type string;
        }
      leaf action {
        type enumeration {
          enum approve;
          enum modify;
          enum reject;
          }
        }
      leaf modified-config {
        type string;
        }
      leaf timestamp {
        type yang:date-and-time;
        }
    }
  }
}
]]></sourcecode>
        </section>
      </section>
    </section>
  </back>
  <!-- ##markdown-source:
H4sIAAAAAAAAA9V923LcyJXge31FhvQwUqhQUsveXS/bM22aaqk1ltQakXK7
/eCJLCCrKpsooIwESJVEOfY35n2+YZ72zX+yX7LnljcUipTtjthYhcNN4pI4
ee7XZFEUs972tTlR907V805vzXXbXapV26lXr16r07Vp+uLUOet6U6k3pqfb
r3Wj12YL99S17Tfqu2Grm8I2Rb8xxau23d2b6eWyM1ewLCzzS3jv3qzUvVm3
3f5E2WbVzmZVWzbwvRNVdXrVF+Vgi2bbrYu63sIPxZOnMzcstxa+3Tb9fgcP
vnx38Vyp+0rXroWVbVOZnYH/a/p7c3XPVLZvO6tr/OXl6W/hP7CLe/jSvVkz
bJemO5lVAMTJrGwbZxo3uBPVd4OZAZy/mOnO6BP/PG5z3bXDDq4c7vre7NLs
4Vp1MlOqUK90tzbw/816gAfU67YyNd04Hfq2abft4BiTdPFwObpMOATUqIsN
rAU4nF2ZZjD4hdsAUYpxc++dcUZ35Ua9wKfxxlbbGm4gUn9ju361aLs1Xsen
4Pqm73fu5PFjfAwv2SuzsIYfe4wXHi+79tqZx7gAvrcGUg9LePPD9uPHffuY
6PbvQK5/b7Z4vwbcuj5ZmZ9b8HsLm7/xeJLsi02/re/NZnroNy3Qq1Bdi9wJ
VO/Mtr0yyq5U0/ZMNwX4Ahr+uFBng4XfmJ9+bJu1XICtnKgLZ5v1ZtDqfQN7
7Jzt93DL9Z0xPaK3hAv4386sgdVO1G+N/QnegE/ih3R9rfdO6StE07LGj5ZA
4BP11ZMnT371S/p1aHrk67ONbTS8NjijLl49Uw/Mh9LsevX+dw+RFeU5ghJe
223ahshrmFCAiT1A/ptewF2YaliUDTwwdPZEIVIBp9fX1wt5ctGY/nHA0G0I
er1Qf4BFA4Zewy8fgc3kImHpjwDOGhi4KYcGeHnZdhrE6WfD1P/8GTH1Ab65
/fibj+sSvuPR9CV4eLWAbeoEEa+MDVf+f8PCR4S7NnaEh1nTdlvdA6fjs++e
n/3qF7/8Sn7870/xR1S/ySMXr4uXL756+osn+AuoEzYHieoStePUhSk3jS11
rU5RX/Sm7IfO0FteXvHnQpD7O3MF6ux1+axtGlPX2b3Tj3qjO9Bk5ebaZHee
aaDda1tv9Da7/q/w/059/3/+13+cD3Vtr3ST3/7rf3Vr9caa7V//q65Nl918
NZQarVtTtur3ursCaNrsgd8DIfbqmbnSYCB6nd37AdCMjHJ48Q9Ddu0P1qgf
hxFcPw5XgK/z3li+TgZIPX3y9Bdo4RSo/adPM8S/at+dwv9dF+90c6lOK73r
gVRto9rVpKFxR/H/bXWtu0r9K3wjB8nUqCHPNyYH9e3GAmJ3sDf4j8tu/dHs
YWPqFDDbFH/cjNaDWx83Vr3KUQTrwys/sHCltDi89oOxHzcDyANB9MpcW/c0
Z8d3pu8skKcuToc1Wj7wRl6YxnSMG/RXfte017Wp1qZ4CbcbB+yt3rx6qy60
uzyOpLcaFi4v+aM5+noQMPXWdOZjzrq1uXS6AfOl3trLfsjfeq6XtoW3+q5t
cnz8vtaV3VoAVHe74XJjc+y/0Wj/X7R7nUvKd8A5AOFG/e6v/7vvx5z92l6a
Cdh/ADL1elA/2k12/cJu1bu2vOz/+p+u3Jj8S+dmqV1vAYp31lQoldtyR9gS
IhC/qTNwx8yHXr3t2r4tW1qjR8bs2UiRT4FPlvzgTp5DB8CCQmuroUSizVJp
+G/Fk/+BrslTnX7wtGlAB5aoXMGzZB/qKf1/+Lp6cPr09OEUDJUBOW93YPAX
67YFTbms2/WibLePTfMYPlToojHXBbBQ0a4KTZ4uwGc6fAeoWIOaf3wI5GxW
FIXSS7AHuuzh14uNdQqc2YH84cq4srNLUFUaDMQKuKcpjVplnjWAXbNpQR5t
xKvbRqd6CZeMaSblXT0Aj/phob1PToDD15pKbciFJPDBaLkFWKZSo3GZ+IQm
GjhVwht6tQJVrpzpriwAK6aLEDCHqyX4H/1e7VqH6n4Ojorr263pwLTCm7ac
08cBsbsamAcWaJe1XZNgujmGEcWaJRWg7Qw8BwBUfBsgg4t9CztWINwWUV3N
4akra67xJ1xZD+DZw2NLA8gzyAl78GEBzh18kF/nPcOKoGtls7B99KQj5uG9
jldYAbEcUAgUxyaNXGrwuhVyLXgSRCinV7Bf+j6acgbH47dwww4x5gAERDLq
Z9hrIExlSouxi4Lndm3Xo2/vCRHgFSgD+wArIQ9CUOPRgniFR+HzHGuZD7A8
SsQEUd0evrxlZvBi59Q16HVwhzBOsqs9vtr5WAGiq8EAkQCYDRIUNZ7bAeD8
nGaqmh5ex//iR4IxAitBMSIxoNqCb6Ab67ZuISKytVUF7s/svnqZSv3s/n1g
ZOB8Wmh20YFWzCmHerrd8nf8jtoVIEWtgDERLfAlWFoNjYYtlXZHrOVK0+jO
tg59J0aKgP9hrrZD3duigmWBCsBlWvnYsbQGiDBpWUnU3MM5YBA+PiChteP9
RjLjJ8AxAxmEeBMEqeNvgQaEHdGX8InObNAktQ3wEJp0FHyINx0YiWbNfAXR
lq4Ui0ptP9L+AXB9Kepvi+SAB0lIVI++WAsabU+cOiXhBCEJ5KdPwcn7/Bk5
7pjGyvXUgJFIztRe27jA3oVn74iIlNMTgPD3VQ0h5YKY4IfN/jBxgALwxpTG
OQ1e9+y7A/EMkoNPNv5JEJT/15puAdbqVmUHMCGcwNIgRAAT+NH1nrWeWg4A
VA/uV6rJ4O7QoArCUMb2sByoO9JaQNYaWQAlEiIE4BIgBZou4DNAf92ij75r
a1vCPd6zIwt63aHn57fvSvgaZUnsGqIGWBvFAwSN9nZtmwqIxbyJrACoRu2I
hg+eQiq+BIxWLL7Iqc3e479I8O8ZxYnI4QZSfX3p/TZUPz1hCeMowNRqQBx0
Zof6ilw+YKywa4S7Y7cQta2wM0ihG0CzAYfuag2BR5VuKiEpx1pso0ACdM1E
ArVZQiTVoVbEnTMuO+vAgEB8iTGEWUiyhs1UYljg5SvQs4zrXWuR+3rUvwCQ
wTsEAng0pusRKKBOignQscAY3uihrypqgM2dA5vloh3UY/4CgUhMIoIg1BhL
PESyGhjiuO1DLZcI106DeIPGxyWRH0FECMSSIlSRH0U+X8gcjrTkoVyimQAt
AH4cmLYtREggMpQMe3MowsIAQFJM38CCcC1FHJgejEzWSDTblDUYbGBz1vlX
gB/yuZqVXQ+iO8QukNiXbQeSFczaxqALiEKMsW/kNlTlTBpQ7ob40u0wj4jI
rvbgQtsyqpB+QzheRFw4sQ4aGAM3YAFuIBcofWAOWAIEqUMJAyTDmnFHuFQ7
rDd4A4KHQ4tCMAVbAmpuxxRBuwYatL0G+ejmxBp70eceomk9DeKN3pHD95D3
vbOA3wGQQBGYDhf6M7gO0YcBoBn1Rm3aa9yRSAMstCU7rSQgIB6JiGWVmlLH
IS/M/TJB/vkpEqLEEWMOQAENb3hP8g7fU+TIfACisQojJ9oDb1BNGu/9MY97
WuDWRE1iGIAmejGOBFJXTuPPu4G3/ub1uxeqsg5UEdEP/nf6cpoWC/WyT93V
QIuEP5j8PtJIrPBRpw7Cnim6e49xLo8go5BVWemSzQQrZB1TQ34VURxgA2tQ
W8KtiTfhNmhJPEeJx0DcmnhPzOC7oQP7axB9QAYwiQManJ78flFZieMdnGzw
ATfwwXYbuAyjLEO2n7koJf7c8wj97D16prU38rQjMEyRQdhvCYn2f/P8P6b8
lt1boE1KZdafK1izvc6c8CBHJ+A4g1uk+0ORsRwqATSiYKNq9S4ybRK1AGu0
sgdSAZdG3/BOkfsGPg/6gjylKGsjgxURhzsAFevmk9KIBjw13a5l+x7CU/oM
uLdGcUIyoaZLIdkktnbOKhNgmKO9seCT6Si6nflJCA7fBjMMXo247BCeaNSO
wMDByAHWdpmM6GD8dc377zgK+caTxdtw+lpgPWStrnJkpIVIQAvaWUaosf5J
g8ngpYZgU3a0o8gJw79vZmgx1YXptpY9f2LH0xJ8ur0EfadUdbNa2LJAAE6m
61OFenf64q7EGjz1+uzt0cxPoU6fnp5IlbBvizw1A7ffnJ7B9998e3H2/Zvn
ACp6FLQMEoDhoE29C/or1CBnlJt6VPwj/x7RGjfK/0NyMIy3lTTPSaD8Ozc/
HxzjRUKFVT3zvAQ4GWoztQTDcRM387f/uzmyBsGFaVKBJgDxaLzxR0fXuDmC
okc3eC9ZXP06RcnhMvBw29buMT99BhLj6MFfF/+iXq89cPTkjafO3wTN4Y7u
XiZHxCNkqZtzjOM+qN+DM7Ta3wHNDcjEdtfjI8/BfyouBtBMN4CKf+Fnv3BT
N+qVXRJD3/xg7HrT4+94+fZNZaDfuqkR1h5ly9yAwhBIiRqTKGbc5JJ+MwHN
nwI0N88hihCLwnqGNlUIbjxq8N1D3MT/HofG37mZ2lS+zKMAWvLvTwypGn8y
LjP6wsQvh7/7Xx8dLnOVPnfF+3hUTN2MvybL3HzbbNA1rcBWeIsvZCPgv/c2
5xRtTYLg6U0douTRGNn51v6UQvPo+HMH/24OfnvklxkJwq3/MmISgv6hZW4C
vn7t1dbfDw2h7xAxI6KO/03cHps2/vd9ZyE+A/flTrPGsH2JbRuLwzQkd/z7
oi/dgYUje/b/3m72jorTfu//ACR3/XvE3slzdKCN+uqEm3ZC2uM27yJxcPzr
SZQjqSOIrzGtXafhnAQQX5RciaGXVEH4S5ZyvODOi59eGVrfUQaPE9yYzOCg
5ZZgSwK4OTc8xCIBO6s9dRj59gCICUeFKezF6DG8of1qiU0h2OnRS+BywgOz
WC/mFOysNAQZ4N3qGuhLyf2+3XHmu931dis5socK/F7CUOrJRIyImlvu81h4
FY0PJbDmHAaAsfZhjeBqhXa7HyiiwAw+RA07jViGn5z69AkL+ZxcN+qoAlaG
arkGg/PrUXJJtUuMsTDEwzAWdwKgmY6zNkerPQQlEoSSw6DPJfd31LkEgqwQ
+pDA5xIDxd8qZkvy+BAQH+pzXBrzWWwfbVJ6mALLjSkvqVSgkdCYJpTMMXn9
HYAgVa9pQxSSqBp7bgZioirWl+jraUyIgnEEbPe1GnZtwnkxesyfo9iNimHj
3OkEwhGAyuzqdu/zmBiHHaU5Zgf+Xpagit84GTAXFCFbJBjiBNOd1J9d5J+I
KXRiO7/tymCJwJFQ+fjt0yfpIfr82QuobdQfXr9S3FD0EHsRpa5R6/LSgdCY
upIKk0+2Z0Ttdcyrcqa2COpAthvL2D1mWYjVuRIJWwi9TFIQakOymGoFpEtB
bDsWrFhqCDxTFz7hhLU+2BBWt5aOc2nAY7XRHM4nFRbJyWM6tIPgmxLFIQEL
rJ0mcy2lRxTsw3R5tWOpOcvl1a7rMRv54+mbF5JKxw6NrYb3mRbIiYOufbqF
8hYd0PJKY5FFck+a81S3cxyLg6EyHldpr5H/fdfB7dxPGfCNObYjlGzOkSIm
XTv0myWq2DSTSLUs5joXmIuYMWg+f7UErdaE4sPdte/88w0YqcnP/3mAqE2M
7THSUJZ6Y1i/YaqfBC6hD6kBoswY+y2WcjBFHGUXZRxVJKvZbVB1qBtR9mMh
C/GAVgor7mKmmMdFvfWJfaRWR04mVmjHEFUdIK2lyi1KZq/X7iGXa3ZYfQt7
wHZGzpriTRLUIhHUTLJEqURuQxgNS6GT6hLbfqwbBPmeexEuRMd5JeUGyXGF
apG37lktw6vWo8oM795XMSydnWbiju9hORF1US77sYcjUTaJPZgfKCOydx8o
C85dBPFWmvmM5cPFXT1rDwDuh6BTpd0NdGpJNo0ZISI7JQTJRwC+MivaJ0hZ
V5qk8jnFlgdJ2pzdXahtL2FNlJHM9pBOD1QMVmoxe+6tcVZI9NnayNYhdYoZ
Uie9LVg7McgI7A9Ii4oFhwoJ0DkmBdbbwGHc7gRGKlsjFSeqv+r8u+/fv3rG
yWdMyyaZZ2Th6AlgbVejH0QZ10QUkQrkeKGTWo2qt0iNejCkV1kk0pyuMOx9
dZBMmwFrJu4tcHqJBULR/NJBkbjCEwoOX48klo6EIDnzcCV1irlqQw40qApT
cWYYXfIEmJLmDrh0ByAYrJqQl3fgGTdYhG5LS4BPecnAJBN+8jXlqkKZEG1N
9J/AX2zJ00hT8RIEbdHEU/mLLUBSZFmwWxVLTEQ2WL22y06TcqfgYbQJNxe4
hZeOQ5u49M+9VTpkdCxI77DocGVYs4PWBlKi3Hbmz4PtjK8FBhYMCBasMjwg
U6Dvqe7pAREJmIvSDN4fIXzopZwImoEwGtgdOx+Sgn0I2oI7RepaYxnKJdUY
4MOE6wlQUivU6jVuNSB7wiukQkQdGbvQ63UAggjZlJhgondopJwzLTSoysmM
Q9zhe+HEdPeYMvZG8e2+32CQSqYM6Oxl6Qoztf4L/IaXpt/qfmXdhsQllR/A
QY1keEgV+pIIGlpesGMj0c3wKiATf1eHpgH2/O3WdGsKOtdptTUCgaiaLrSo
B6/P3qKt2JY7sBNU6ZmuuXA7LDypn2p4Mimfgo/rqIswduqxiwOIgH1ctWUk
LWG5EO3QAlvZRhTHqHWsNexzC6+nGizfJaqcROaRlCis2DIUIzsSkRj+geto
yPawmsS+FAol5+IZp6XIZCcgFy6REWzvAS+9w4V3ep2UC5ln0/YP7wHr5rbK
3aELHKyDh0Iqo8G3F+cIzCp3TWXtiNSdQv0osYdROhZ32OYVJMAR3mL3sGGu
3JC/AKjf6G46G9Quf2IdtVDnyGxJAzLy+KYd6ip2PNAHY6wJusTqOhZ7kxaw
UCpfResY5MGbXWzWbFcr9HFpu3mFMxhkCeb5IZcUbCeN6jivQ8bg1sSPdb5j
x3rPM6nxkzUmzhh2FWthKvHWJiiySIaFetmwNQrmhwNH2h+OIUn3ArhSwGap
DkOC5e1vgTZzVB8y7+hb81I2Ze09oROXJs2oUZNc2puUZt5QTsGXYlPOXbZo
yalTEBwIu15jqxC6R2oDVhCUQI1d9HAFMxS9MIxv5FyoM0Gb9x/I9Djfr49L
yALUCdPPxfiRFmw4GwNmnjgZ9xRtoG0scp39mEZ70QI6rO1T/whwPDdTOVHA
gkHPmwQgZfqwe45ADV4mMcGBFkDPIiKY2cF5REt9nxqCE7DYILi5RIbRdw3O
BhkWoQLhGz0UVHxrEMr38hFxXqMkbkxOftqTPMUGX9ZwsXlSelzJGckzFsDF
bK1HnQiw4x9wQxmn+qQuwI5t17wFYGvzYYfQY3dJT60I3LKP7L+i0oN0b8WU
nLQ2zDPV6Ds2JMgRy6nHSiS68zKiWvm8DuMFRzrYKOE8b+fxEFAdm0/xc7e2
Y6AD6WMSAJpypPghwslG4xeA9ICr3+4nE3AHgwIsVsUam3DQwYRo3pT7sjaJ
ap7fnbGW6MBNDh7cPnGQutRDExS3qW7r4eKY+4ziYa5uj70yVMa++h1NsL+b
N92N8qyv359fgI5wjpMQh4ZcmvKWRjoMB8k3c8bX52+F5lufQU1J3wBn5j3W
kqGeyvnG/qRVKqExfsXmG1Fntb00td20bYWSBC4TtW6PFgV9A3wqbyQeD0gF
SDrj7rAPBhF3Pp1Rr9vGREcL4L2ipnbyUDgfIMjmdroMGELINVt3cU3Bx/ZN
iYhV3W2xJyr6qdhlCI4zoW6cDKZuRAplfMNz7BEGQ2NQbksTNERqzygJF8My
hD01qBzM3dYnpB5gL9FD5XMeoAUoHY3TreDoJkWDfIYhLfbwsomNYASJ4Ce9
02PwqI9JPu0kKdhg+zjFpeDkYcKCpvRRr/Fn4qACDuiLvtNleoVTC+kok3bS
IIi9gLNCvXeGUxUv+AiAb6lZOMsj4BQySH/nO90qSpECtyNY89iCJzYXf+r3
HD55XE4gJqIO+DGQP3M9HuAHHlKbq7eoFSYuNfIYSC6qRvwofkp0ts/RnuYl
IbJatWtTKkiwTEhV5EPQGA7FGHwR1RnslUjw0XQtjf0gU24NnvXAGl8fOks0
/IoZfe9gM+EW2M3GcH0fSHeBhDqRvAWji20CXo+JREIZoa9nYxh60DnLg2TQ
VfQtya8UK8HdpeAETNCW/RzEBngvFNGHj4z5i5J4NFuBlhh9UN7Q4TZEIhCb
ZB0An2BXE6cUv5x8B41oY3FblWGLT1T1b4+HXuIy4mwqn23AOTnMMHgB4qJ0
NV0gxP5E1O2vLB4pQbjBG4qtqRu/lJd15QM9a8oqpZIeo1jmLFjwZbDskGX9
nKdYHDJjB/quQxfZlkGPxoSjeCDJvFyGY4wQWT/P2ZjxJkAGEuOcWxkKNfwk
kqRD0rAiGWZiZzOEUc/BhV1iRvyLDLYfx5FjDRxcdsA8qfXOA8IJYiber/QH
x9SYlIJHQMWCdlItXPlnYu0xuesnC6gOyWEpWVGctNsgbGlplGiAuAZvDXFt
eyPTuB0J+VaKTkfRgvrDmN5Pa2RTUeg+TZa22cr9fFXvWwkHcRVlI9JSNaFa
UodJO8moqhKDuWXbb25tCyAVm2WFk2QAxLCdZPZvaSbwbQL4maS4xl0NFBtz
liNjKxG9uKnxZz2PIIwKp7soj/kEl/rqyZOHEd0xAUoipMHnxEC6D9zgJ7gx
VKQJLK9gcBzPz4UIMg+qAQiary/7DPY25CNQrshdBahkWkElTq54C97rSueC
UWMnoJuGSp4+SIQHfhqwsOOV9CFsVIFgA2q8+sjUVZ6ZSBdKpjeoDkgrSQMQ
pdRBDW7yVzgkTXJTXMKxrMZ3ScwUzErMsWZpW6BCMqwXpiIA1WQiOCjkbEgp
alriZI6Hk0R6VCN4kdsQsJSIteG9Nx8+ope8BSaIQsyaM/XKgqZ7GHKDedU4
RGYsfMyzDCyOIbhQf8lGRGge5B3Fy1kgxu1mIVhhBJmkxDCyyCzwExSfpLZL
gtdcUwM0Z3H29Qz7fEagyNREAop8XFfou5HeJA+vpAQg+K5DTQfsKCo7aBqj
GNUpowEr1Lm3aregg/qPXPrxFeVc/NBdsIx++N3n38H5HelQnIGO8ZLXQZxw
YWywiUEYXq5kQe4lCi7xPK87xkolkdoSfzhfoCeTlxiudMaFTMv7XZheTCss
MrgUHZY4lCIJ18iChg4VongNw2ZfhA2KbDySkjKryJI3EMSgF748mwEjb/MI
SprgePkMrgUbGKB6wFqPXGVkRJnv2XPFHdXwQ3jvOWWYxGWmajVYxCos6L1h
L9q5hGbety+OhuGuh7dZZ4pOgs1Ahw+MlseZz7b0se0DcNq4nUbTgTWr6TSN
NN6J53+LMY8GOXMOvISgXquIScQyXZq9WgH+qayHgjgqWnsAFuo5YUAjO81x
ynzEQGQvSDlhTwYuvwR0X9sKLWVdt374Kivy1e3aA2RcYgZA/1xjb0JH0QY4
7JgepoQkIqldUsozH/GmPPX5q1Map3WbtsZTEjDBwjnqhpugyCmwy4H2z/sW
05uV9hObUu9jVo1mmKk1qB/INQ2HMgTvMCuSshMgFer2J7ZroGgAW3LmmI/y
MVOiL80YzQmOuaLJqJJkjcX5yZ4zt5jpIfzuwOs1mOyED3MKlj+LHMe0MRx5
S8huKN9TYuvHOkQzOsT72FAh4/2xeeeIO0THj4hvDCGm5dQAdrUMzHCYwm9d
TPNigWuVxzqBNWwapjbBayA1KyOGYogTJK1qvabGVpw3x1Lkut4fci4goS5o
Y6MWSvKc3ICtETYkXA/cRYunJlxzFiVYcEnri6s2Tj2zLpxzbHvAJqBXOti1
yYoc6JVJ80IyR3qWz/KeoZGufNQocaeTwUY3gMbDcNVNzgLT6DZlYdjlOzh/
SBptODSWEVs5GMabL2qbGDoSrfGoctajwUPSdHYIsh4SZnxODE/MnvsmuLOk
ivE2jFDLMR8+sOFTIjgR6R1aUmISj2wpwWoKEetQSUxGPMOJQHQKUux/RK41
VIiQBvKk1DC2FlLG4CrFYZ8RHVwkVbrQoDSXnol5OnwMn960cpRRMjfue1+P
DMZ+iQMfZCm4pBT3DuA+NHFYlWnwPs7w0lPvcET3nU8O8rDn7GwkFj79TB5N
IkTpkTOTR30sInfHyWU8bikZrqdBafSts/Fi8sYLQsyxsWOkzDAxdczHZ6An
FyoloNWpOxI3m9CaUcJc94657gepaY6YMe1WCxPFf9Mos895oWrCfTuaiQA3
o4mD38H9v86mjCOm5AgiGvHmTgtQCC06zPukp12wq69aW6WHKC2tdtnhBt5j
GdeFWfgpiZpzz2l+1Ac1oCTnInAO6cDBESlJ1aVPueORkGUvsVc8GkUaa8lt
H9cLEw4Qc+vmE4W+0NcVAmgnXQ8Tc9ormkYpSQUmrXTYFICZpnly1o9XBcLW
cTJbTg/iU7b4EB/sepEyN54zbPsYrjOrEn9LfdrXr8kovAeLcYbtmIT2Z8/a
czw9y9S1lf7XFawHGvOZdezzwCaemQbjGvC+z+Vgnwf4IsSifU9d+PEEDX3s
BBU+r2SBGlq8Dri4BcDXInNyyEBUOaAdi9riI1RYAKkA4dDomYIk9FwDC8lD
7GiDV3a2ojZSPiGiDWklbsNbS20SIumeTxih7OG4n0F6Z0Ce6PgTBD4o+B12
SXeN84dxYI9RSX32yYQVCcH0JFVyYoX3DxNocgW8jq285CvJkBPV/teb/q5J
oNgBz+eqyBCI7+JEJYeVnFIY2of1+UlcAYNU+DoGqbhyMV6gL3otE7wEX4Y7
NDRYsKXYgVvruRc6FUg5Dgi0WzGRosuLungWSGgp9/I7OlIpGo1lmP1Igmji
Kzk5kA0ldTT1dLqIP0Vp8qQn5nM655FlqjR5Y2V6FBSlQPwAHeVIDsJWToDu
D0LSvCXzoGWBpPtCSH2OPdVD7eXo+6T/kJrFajy+oeAkpj/ccB6OHAoME1eh
qiCZiYpNBuWh8EcIAzHMIZmtWyxJ0eFY6Hf/W3su7dWS4se4K0/U4xlN2NTY
kWAWrAvYvYmFgnDqT/QWfN8VaBaqjELI1kEo4/vfrgCVrEW/SGwnZHRCkifQ
kqS8YvPXXWIqjtxISmG9SwUBZzynj1oVVFuWww5W2lOWQWNzI1aEjrqchG9W
2kVZ64MD1i6mpV5iLqpm8T6L9GAmXf0EWOP2Ep/c6gzIrlgk6T/2KKIPJwdN
kcPCm8NAElx+ohmvSiEf5wbj+CMj8VBvxCy/aIBRg8Uiz9xhv6fccRMu78TZ
M/MYC9Moi9vYFfYsMoAHnYqhB1ZcRXQl2L8eocIfsUauFSUDOBtFP8oxM/ij
z011PvXiU/ZfojNwp+6wpILOHY6CTaqN2f2YA80DRfXpvr/z+XjQSMNHKHSj
LKjyJ/Ny9Jjx3NSxVJRdCUM7sMTW55+njoukoxc5e5rkdsKoiyjgIR1KmVNP
8qUZ9XgzHYPfMO7hQrkOR2SOjnyTPrmkqDS22LOZx2AR3TZkiD566JMFWR8s
jk+LOzJaFvsCWQFwngOrFt3ge+WSwQQZSJj7xrzoMs6TY38zL3tBiXr4hvWF
Jxq84K3QSJSMNfqjICHG74adZJtYeq5sW/tpKPJX4Z1LveaTwIYmKZxPIvpg
QCNwGDo5oEnSnqB09DDmjbzfc3Tab569GF/KeAbgsbgH/2jZiuOLIhubfOID
nZ/bom0TwVIXLPcXQst46KYNcs6FviNHM1POVzCwlzAzNk5J/EA9BKyUk254
thzp+ZC+iJUeaoYuzpo7AMJqaUMx6JM1z9jx2TTwgj89i/IDpy8Srt21Vo4X
pFRAnHGBwNqlPtpepokk33wYiY86T9VrjVvOj1qkYUTHwRfzcJXPss0FIFNN
EWsePQx/NrFzei1NvNIem0aaAEWIdKKk++STM5wAxc+m2feWevMJiR7/TmPb
8scDCuQlzFUKdDy2VJqGKZO4SnAfpvuEYtOTb/nwHDevS7cORhFZ9Hy8rwHb
y9dxNQn1k9kLroSQ7x3Z6rB3SUYKloZZnLISsTNttPhUw6Djsx8kwxukAPvw
xO/MOwIWdGpUOsciINCUSTZJ8ncOkeCR/8v2g/Q+dVliN9XD6cFx3LWBXfBy
gGwG4qSDF8soem86lqYeXLYVShmWGDS1Y+kaD6332puPvgcyfMCtWT/DEacC
knYs2ApBtKLfsfQSBU8mAFiCOM5meuKsm0yfkKSD98XDYebDRg/Ol+bJ5yXH
RVIqPm6fljAy4T6HgHNvvltUiIpeddtj7mqrP9jtsI3VmaKCkG7D8zaXoH5p
Fd/zb7tyAG7CUtElNgKKH3Vbl/WCUli8xeBdTHcR01nN6VjsdCdw6npzgE2j
DG1T0BQ7n1AgM+kuP8EZH7xl/piP5cb6CQMU/HAsVmOcNoXr6Xbr+UhLjLwa
wHnt7U0e3XORfZ4UUkQsk/g5FO3cPO2R8wfVgjrLkrhJVPBd1uzt2zjIb+2D
Yy0WsN9HKRO3PvFAYq4zUd3B4wO4UHEdK7smwwexEZMkmYdawPe24eAMX3D1
VA9Tyj4fkTdsBjfLe5pyFnGegBfFYjEgoI5sn5lUQXwXnMqnyCVp1UeULUMr
12TpisOJl6dvTg9DCbz6+eBEW1+GbtrQ3AnqG59d8Jn/CBouelp6+0XGbfbp
hP8Am6n++d4KTIi5B4v/QDXPBhyIc3DRwFPaqLedXm4GRuib9tJqoa1LirzS
fjeeBoaP8gEHH6a/dj8+oE4XX6ln6NLyEZSTz2cRVNr6jVPi3ElCXjGPFX/5
uddpd3Du7iYHikq285h3z42c+OY7/+gd27m47UwYdCcGbKo9JgjJQUdf0vH3
MrYWgv2SpBDNP4ruyZf3B4IQCNiiTuOarCiQR//yl7+oPf7JIHaoTxT+qTiP
o4IvzuhIr+46uzfzB6/Bdf7iN+EYMG5OP3iC9sFPDaCPf5U+QHAVDBc+YgDN
/pxUgDEY80i/pJ/RZq2sWZ//aH9T21Of5E+WOdAlRt0DVJ3g3+o7Icq4kw/b
+qRxJ7gKXQ9/Uq/5penvfY1/PQwbWz/g2n7pr+lPkVHyD0xH+lH6msJ4byV4
kyv8xwYFd1/Tpc+jR5kRsscJkQdPp9jMn0/wGm4wtvHvIbA6N1WBLs7Xx2+z
AfUPfA6f/zz7zNS6H0qA3OpzpwShvgkSn6mEQNl0VIkn4tP27yqG5y/7tAMl
/XNAo+4gzMbwW/5vcRwM1lGRdo36O8uS/5MfyAvtPlOyxEcaELBjUUpupWKA
eC9s9c0xOQrwFVHm7pa2SYkTCHibgdR8z28zvp59JTzHbydP5YKbP8z9dkdB
jzjwFf+4Lske5p0KIDR1okSlkHLE36cTDsn0c6oEWhcvcWSv6Hl8s+DZkk/+
Wbz2NYhQpjoS2FLNIXxyXHVk6mDMNV/42hfoHP/8AcAiPf49Wi+4olHxTADg
l5SXpN9r9Mq0GhNNJd2OX4+vc5r54DKnnNPLn6dBGTHw37SNwNTjtw5Ze7xC
qlj/L3hN2yhUeAAA

-->

</rfc>
