INTERNET DRAFT P. Gauthier Expires: October 1998 Inktomi Corporation draft-gauthier-wpad-00.txt J. Cohen Microsoft Corporation Martin Dunsmuir RealNetworks, Inc. Charles Perkins Sun Microsystems, Inc. The Web Proxy Auto-Discovery Protocol Status of this Memo This document is an Internet-Draft. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet-Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet- Drafts as reference material or to cite them other than as ``work in progress.'' To view the entire list of current Internet-Drafts, please check the ``1id-abstracts.txt'' listing contained in the Internet-Drafts Shadow Directories on ftp.is.co.za (Africa), ftp.nordu.net (Northern Europe), ftp.nis.garr.it (Southern Europe), munnari.oz.au (Pacific Rim), ftp.ietf.org (US East Coast), or ftp.isi.edu (US West Coast). Distribution of this memo is unlimited. Abstract A mechanism is needed to permit web clients to locate nearby web proxy caches. Current best practice is for end users to hand configure their web client (i.e., browser) with the URL of an "auto configuration file". In large environments this presents a formidable support problem. It would be much more manageable for the web client software to automatically learn the configuration information for its web proxy settings. This is typically referred to as a resource discovery problem. Web client implementers are faced with a dizzying array of resource discovery protocols at varying levels of implementation and deployment. This complexity is hampering deployment of a "web proxy auto-discovery" facility. This document proposes a pragmatic approach to web proxy auto-discovery. It draws on a number of proposed standards in the light of practical deployment concerns. It proposes an escalating strategy of resource discovery attempts in order to find a nearby web proxy server. It attempts to provide rich mechanisms for supporting a complex environment which may contain multiple web proxy servers. 1. Rationale The problem of locating nearby web proxy cache servers cannot wait for the implementation and large scale deployment of various upcoming resource discovery protocols. The widespread success of the HTTP protocol has placed unanticipated strains on the networks of corporations, ISPs and backbone providers. There currently is no effective method for these organizations to realize the obvious benefits of web caching without tedious and error prone configuration by each and every end user. The defacto mechanism for specifying a web proxy server configuration in web clients is the download of a script or configuration file named by a URL. Users are currently expected to hand configure this URL into their Browser or other web client. This mechanism suffers from a number of drawbacks: - Difficulty in supporting a large body of end-users. Many users misconfigure their proxy settings and are unable to diagnose the cause of their problems. - Lack of support for mobile clients who require a different proxy as their point of access changes. - Lack of support for complex proxy environments where there may exist a number of proxy servers with different affinities for different clients (based on network proximity, for example). Currently, clients would have to "know" which proxy server was optimal for their use. Currently available methods for resource discovery need to be exploited in the context of a well defined framework. Simple, functional and efficient mechanisms stand a good chance of solving this pressing and basic need. As new resource discovery mechanisms mature they can be folded into this framework with little difficulty. This document is a specification for implementers of web client software. It defines a protocol for automatically configuring those clients to use a local proxy. It also defines how an administrator should configure various resource discovery services in their network to support WPAD compatible web clients. While it does contain suggestions for web proxy server implementers, it does not make any specific demands of those parties. 2. Defining Web Proxy Auto-Discovery As mentioned above, currently web client software needs to be configured with the URL of a proxy auto-configuration file or script. The contents of this script are vendor specific and not currently standardized. This document does not attempt to discuss the contents of these files (see [8] for an example file format). Thus, the Web Proxy Auto-Discovery (WPAD) problem reduces to providing the web client a mechanism for discovering the URL of the Configuration File. Once this Configuration URL (CURL) is known, the client software already contains mechanisms for retrieving and interpreting the Configuration File (CFILE) to enable access to the specified proxy cache servers. It is worth carefully noting that the goal of the WPAD process is to discover the correct CURL at which to retrieve the CFILE. The client is *not* trying to directly discover the name of the proxy server. That would circumvent the additional capabilities provided by proxy Configuration Files (such as load balancing, request routing to an array of servers, or automated fail-over to backup proxy server [6,8]). It is worth noting that different clients requesting the CURL may receive completely different CFILEs in response. The web server may send back different CFILES based on a number of criteria such as the "User- Agent" header, "Accept" headers, client IP address/subnet, etc. The same client could conceivably receive a different CFILE on successive retrievals (as a method of round-robin load balancing, for example). This document will discuss a range of mechanisms for discovering the Configuration URL. The client will attempt them in a predefined order, until one succeeds. Existing widely deployed facilities may not provide enough expressiveness to specify a complete URL. As such, we will define default values for portions of the CURL which may not be expressible by some discovery mechanisms: http://: - There is no default for this potion. Any succeeding discovery mechanism will provide a value for the portion of the CURL. The client MUST NOT provide a default. - The client MUST assume port 80 if the successful discovery mechanism does not provide a port component. - The client MUST assume a path of "/wpad.dat" if the successful discovery mechanism does not provide a port component. 3. The Discovery Process 3.1. WPAD Overview This section will present a overview of the WPAD protocol. It is intended to introduce the concepts and flow of the protocol. The remaining sections (3.2-3.7) specify the protocol details. WPAD uses a collection of pre-existing Internet resource discovery mechanisms to perform web proxy auto-discovery. Readers may wish to refer to [1] for a similar approach to resource discovery, since it was a basis for this strategy. The WPAD protocol specifies the following: - how to use each mechanism for the specific purpose of web proxy auto-discovery - the order in which the mechanisms should be performed - the minimal set of mechanisms which must be attempted by a WPAD compliant web client The resource discovery mechanisms utilized by WPAD are as follows. - Dynamic Host Configuration Protocol (DHCP, [3,7]). - Service Location Protocol (SLP, [4]). - "Well Known Aliases" using DNS A records [5,9]. - DNS SRV records [2,9]. - "service: URLs" in DNS TXT records [10]. Of all these mechanisms only the DHCP and "Well Known Aliases" are required in WPAD clients. This decision is based on three reasons: these facilities are currently widely deployed in existing vendor hardware and software; they represent functionality that should cover most real world environments; they are relatively simple to implement. DNS servers supporting A records are clearly the most widely deployed of the services outlined above. It is reasonable to expect API support inside most web client development environments (POSIX C, Java, etc). The hierarchical nature of DNS makes it possible to support hierarchies of proxy servers. DNS is not suitable in every environment, unfortunately. Administrators often choose a DNS domain name hierarchy that does not correlate to network topologies, but rather with some organizational model (for example, foo.development.bar.com and foo.marketing.bar.com). DHCP servers, on the other hand, are frequently deployed with concern for network topologies. DHCP servers provide support for making configuration decisions based on subnets, which are directly related to network topology. Full client support for DHCP is not as ubiquitous as for DNS. That is, not all clients are equipped to take advantage of DHCP for their essential network configuration (assignment of IP address, network mask, etc). APIs for DHCP are not as widely available. Luckily, using DHCP for WPAD does not require either of these facilities. It is relatively easy for web client developers to speak just the minimal DHCP protocol to perform resource discovery. It entails building a simple UDP packet, sending it to the subnet broadcast address, and parsing the reply UDP packet(s) which are received to extract the WPAD option field. A reference implementation of this code in C is available [11]. The WPAD client makes a series of discovery requests, using the mechanisms mentioned above, in a specific order. Each time the discovery attempt succeeds, the client uses the information obtained to construct a CURL. If a CFILE is successfully retrieved at that CURL, the process completes. If not, the client resumes where it left of in the predefined series of resource discovery requests. If no untried mechanisms remain and a CFILE has not been successfully retrieved, the WPAD protocol fails and the client is configured to use no proxy server. First the client tries DHCP, followed by SLP. If no CFILE has been retrieved the client moves on to the DNS based mechanisms. The client will cycle through the DNS SRV, `Well Known Aliases' and DNS TXT record methods multiple times. Each time through the QNAME being used in the DNS query is made less and less specific. In this manner the client can locate the most specific configuration information possible, but can fall back on less specific information. Every DNS lookup has the QNAME prefixed with `wpad' to indicate the resource type being requested. As an example, consider a client with hostname johns- desktop.development.foo.com. Assume the web client software supports all of the mechanisms listed above. This is the sequence of discovery attempts the client would perform until one succeeded in locating a valid CFILE: - DHCP - SLP - DNS A lookup on QNAME=wpad.development.foo.com. - DNS SRV lookup on QNAME=wpad.development.foo.com. - DNS TXT lookup on QNAME=wpad.development.foo.com. - DNS A lookup on QNAME=wpad.foo.com. - DNS SRV lookup on QNAME=wpad.foo.com. - DNS TXT lookup on QNAME=wpad.foo.com. 3.2. When to Execute WPAD Web clients need to perform the WPAD protocol periodically to maintain correct proxy settings. This should occur on a regular basis corresponding to initialization of the client software or the networking stack below the client. As well, WPAD will need to occur in respond to expiration of existing configuration data. The following sections describe the details of these scenarios. 3.2.1. Periodic Discovery A web client MUST attempt WPAD upon detection of one of the following events: 1. Upon startup of the web client. 2. Whenever there indication from the networking stack that the IP address of the client host either has, or could have, changed. The choice of which event to use as the trigger for WPAD depends upon the client's environment. Clients MAY also choose to implement both options. WPAD MAY also be performed periodically to obtain fresh information. 3.2.1.1. Upon Startup of the Web Client For many types of web client (like web browsers) there can be many instances of the client operating for a given user at one time. This is often to allow display of multiple web pages in different windows, for example. There is no need to re-perform WPAD every time a new instance of the web client is opened. WPAD MUST be performed when the number of web client instances transitions from 0 to 1. It SHOULD NOT be performed as additional instances are created. 3.2.1.2. Network Stack Events Another option for clients is to tie the execution of WPAD to changes in the networking environment. If the client can learn about the change of the local host's IP address, or the possible change of the IP address, it MUST re-perform the WPAD protocol. Many operating systems provide indications of `network up' events, for example. Those type of events and system-boot events might be the triggers for WPAD in many environments. 3.2.2. Expiration of the CFILE The HTTP retrieval of the CURL may return HTTP headers specifying a valid lifetime for the CFILE returned. The client MUST obey these timeouts and rerun the WPAD process when it expires. A client MAY rerun the WPAD process if it detects a failure of the currently configured proxy (which is not otherwise recoverable by using the inherent mechanisms provided by the currently active Configuration File). Whenever the client decides to invalidate the current CURL or CFILE, it MUST rerun the entire WPAD protocol to ensure it discovers the currently correct CURL. Specifically, if the the valid lifetime of the CFILE ends(as specified by the HTTP headers provided when it was retrieved), the complete WPAD protocol MUST be rerun. The client MUST NOT simply re-use the existing CURL to obtain a fresh copy of the CFILE. A number of network round trips, broadcast and/or multicast communications may be required during the WPAD protocol. The WPAD protocol SHOULD NOT be invoked at a more frequent rate than specified earlier in this section; thus, for instance, it is prohibited to run WPAD each time a new URL is retrieved. 3.3. WPAD Protocol Specification The following pseudo-code fragment defines WPAD. Unsupported discovery mechanisms are treated as failure in the pseudo-code. Two subroutines need explanation. The subroutine strip_leading_component(dns_string) strips off the leading characters, up to and including the first dot (`.') in the string which is passed as a parameter, and is expected to contain DNS name. The boolean subroutine is_not_canonical(dns_string) returns FALSE if dns_string is one of the canonical domain suffixes defined in RFC 1591 [13] (for example, "com"). The slp_list and dns_list elements below are assumed to be linked lists containing a data field and a pointer to the next element. The data field contains the elements used to override the default values in creating a CURL, as detailed in section 3.5. load_CFILE() { /* MUST use DHCP */ curl = dhcp_query(/*WPAD option (section 3.4.1) */); if (curl != null) { /* DHCP succeeded */ if isvalid (read_CFILE(curl)) return SUCCESS; /* valid CFILE */ } /* Should use SLP */ slp_list = slp_query(/*(WPAD attributes */); while (slp_list != null) { /* test each curl */ if isvalid(read_CFILE(slp_list.curl_data)) return SUCCESS; /* valid CFILE */ else slp_list = slp_list.next; } /* all the DNS mechanisms */ TGTDOM = gethostbyname(me); TGTDOM = strip_leading_component(TGTDOM); while (is_not_canonical(TGTDOM)) { /* MUST try DNS A records */ dns_list = dns_query(/*QNAME=wpad.TGTDOM., QTYPE=A (section 3.4.3)*/); while (dns_list != null) { /* check each A record */ if isvalid(read_CFILE(dns_list, curl_data)) return SUCCESS; /* valid CFILE */ else dns_list = dns_list.next; } /* SHOULD try DNS SRV records */ dns_list = dns_query(/*QNAME=wpad.TGTDOM., QTYPE=SRV (section 3.4.4)*/); while (dns_list != null) { /* each TXT record */ if isvalid(read_CFILE(dns_list, curl_data)) return SUCCESS; /* valid CFILE */ else dns_list = dns_list.next; } /* SHOULD try DNS TXT records */ dns_list = dns_query(/*QNAME=wpad.TGTDOM., QTYPE=TXT (section 3.4.5)*/); while (dns_list != null) { /* each TXT record */ if isvalid(read_CFILE(dns_list, curl_data)) return SUCCESS; /* valid CFILE */ else dns_list = dns_list.next; } /* Still no match, remove leading component and iterate */ TGTDOM = strip_leading_component(TGTDOM); } /* no A, TXT or SRV records for wpad.* */ return FAILED; /* could not locate valid CFILE */ } 3.4. Discovery Mechanisms Each of the resource discovery methods will be marked as to whether the client MUST, SHOULD, MAY, or MUST NOT implement them to be compliant. Client vendors are encouraged to implement as many mechanisms as possible, to promote maximum interoperability. +-------------------------+--------+----------+ | Discovery | | Document | | Mechanism | Status | Section | +-------------------------+--------+----------+ | DHCP | MUST | 3.4.1 | | SLP | SHOULD | 3.4.2 | | "Well Known Alias" | MUST | 3.4.3 | | DNS SRV Records | SHOULD | 3.4.4 | | DNS TXT "service: URLs" | SHOULD | 3.4.5 | +-------------------------+--------+----------+ SUMMARY OF DISCOVERY MECHANISMS The methods in this section produce a candidate CURL, which then should be handled as specified in section 3.5 and beyond. 3.4.1. DHCP Client implementations MUST support DHCP. DHCP has widespread support in numerous vendor hardware and software implementations, and is widely deployed. It is also suited to this task, and is used to discover other network resources (such a time servers, printers, etc). The DHCP protocol is detailed in RFC 2131 [3]. We propose a new DHCP option[14] for use in web proxy auto-discovery. See RFC 2132 [7] for a list of existing DHCP options. The code for the web proxy auto-discovery option is TBD. The length for this option MUST be 4 octets. The option contains an IP address that is used as the field to form a candidate CURL. Code Len Address 1 +-----+-----+-----+-----+-----+-----+ | TBD | 4 | a1 | a2 | a3 | a4 | +-----+-----+-----+-----+-----+-----+ The client should obtain the value of the DHCP option code TBD from the DHCP server, typically during initialization. If the value is not available through a client OS API, the client SHOULD use a DHCPINFORM message to query the DHCP server to obtain the value. 3.4.2. Service Location Protocol The Service Location Protocol (SLP) is a Proposed Standard (RFC 2165) for general resource discovery. Experiences with implementation by several vendors have indicated the need for further simplification of the protocol, and SLPv2 is now entering Last Call. SLPv1 implementations from several vendors are now being fielded as products, and it is expected that these products will be upgraded to SLPv2 as soon as the latter is approved as a Proposed Standard. Using SLP for WPAD involves issuing a Service Request for service type "wpad", and processing the resulting Service Reply. The template that defines the attributes and URL format for WPAD service URLs can be found in [12]. Client implementations SHOULD choose to implement SLP support. Valid SLP responses MAY contain multiple CURLs. Services of type "wpad" MAY be authenticated if they are configured as part of a protected scope. 3.4.3. "Well Known Aliases" Client implementations MUST support this mechanism. This should be straightforward since only basic DNS lookup of A records is required. See RFC 2219 [5] for a description of using "well known" DNS aliases for resource discovery. We propose the "well known alias" of "wpad" for web proxy auto-discovery. The client performs the following DNS lookup: QNAME=wpad.TGTDOM., QCLASS=IN, QTYPE=A Each A RR which is returned contains an IP address which is used to replace the part of the CURL. 3.4.4. DNS SRV Records Client implementations SHOULD support DNS SRV records; details can be found in RFC 2052 [2]. If the implementation language/environment provides the ability to perform DNS lookups on QTYPEs other than A, clients are strongly encouraged to provide this support. Not all resolver APIs provide this functionality. The client issues the following DNS lookup: QNAME=wpad.tcp.TGTDOM., QCLASS=IN, QTYPE=SRV The client should use each valid RR it receives, in the order specified in RFC 2052 [2]. Each valid record will specify both a and a to override the CURL defaults. 3.4.5. DNS TXT service: Entries Client implementations SHOULD support this mechanism. If the implementation language/environment provides the ability to perform DNS lookups on QTYPEs other than A, the vendor is strongly encouraged to provide this support. Not all resolver APIs provide this functionality. The client should attempt to retrieve TXT RRs from the DNS to obtain "service: URLs" contained therein. The "service: URL" will be of the following format, specifying a complete candidate CURL for each record located: service:wpad:http://: The client should first issue the following DNS query: QNAME=wpad.TGTDOM., QCLASS=IN, QTYPE=TXT It should process each TXT RR it receives (if any) using each service: URL found (if any) to generate a candidate CURL. WPAD clients MUST NOT perform the QNAME=TGTDOM., QCLASS=IN, QTYPE=TXT lookup which would be suggested by following the procedures specified in [1]. 3.4.6. Fallback Clients MUST NOT implement the "Fallback" mechanism described in [1]. It is unlikely that a client will find a web server prepared to handle the CURL request at a random suffix of its FQDN. This will only increase the number of DNS probes and introduce an excess of spurious "GET" requests already burdened web servers. Instead, the "Well Known Aliases" method of section 3.4.4 provides equivalent functionality. 3.5. Composing a Candidate CURL Any successful discovery mechanism response will provide a (perhaps in the form of an IP address). Some mechanisms will also provide a and/or a . The client should override the default CURL fields with all of those supplied by the discovery mechanism. 3.6. Retrieving the CFILE at the CURL The client SHOULD send a valid "User-Agent" header. The client requests the CURL via HTTP. When making the request it MUST transmit HTTP "Accept" headers indicating what CFILE formats it is capable of accepting. For example, Netscape Navigator browsers with versions 2.0 and beyond might include the following line in the HTTP Request: Accept: application/x-ns-proxy-autoconfig The client MUST follow HTTP redirect directives (response codes 3xx) returned by the server. 3.7. Resuming Discovery If the HTTP request fails for any reason (fails to connect, server error response, etc) the client MUST resume the search for a successful CURL where it left off. 4. Client Implementation Considerations The discovery mechanisms specified in this document may raise concerns about network traffic and performance. The DHCP and SLP parts of the process will result in a unicast or perhaps a single broadcast by the client, and perhaps a few replies by listening DHCP servers. The remaining mechanisms are all DNS based. All DNS queries should have the QNAME terminated with a trailing `.' to indicate a FQDN and expedite the lookup. Each such TGTDOM iteration will cause 3 DNS lookups, each a unicast UDP packet and a reply. Most clients will have fewer than 2 TGTDOM iterations, limiting the total number of DNS request/replies to 6. All total, 7 UDP request/reply packets on client startup is quite a low overhead. The first web page downloaded by the client will likely dwarf that packet count. Each of the DNS lookups should stand a high chance of hitting the cache in the client's DNS server, since other clients will have likely looked them up recently, providing a low total elapsed time. This is of course the worst case, where no CURLS are obtained, and assuming a long client FQDN. Client implementations are encouraged to overlap WPAD with other startup activities. When SLP is not used, a longer delay could occur if a CURL is obtained, but the hosting web server is down. The client could spend considerable time waiting for the TCP "connect()" call to fail. This is rare when the web server hosting the CFILE has failed. To guard against CFILE, proxy servers SHOULD host CURLs on the proxy itself acting as web server (see section 5). Proxy servers are often deployed with considerable attention to fault tolerance. 5. Proxy Server Considerations Proxy servers SHOULD be capable of acting as a web server, so that they can host the CURL directly. The implementers of proxy servers are most likely to understand the deployment situations of proxy caches, the formats of proxy configuration files, etc. They can also build in the ability to select a CFILE based on all the various inputs at the time of the CURL request ("User-Agent", "Accept", client IP address/subnet/hostname, topological distribution of nearby proxy servers, etc). 6. Administrator Considerations Administrators SHOULD configure at least DHCP option TBD and/or DNS A RR methods in their environment (since those are the only two all compatible clients MUST implement). Beyond that, configuring to support mechanisms earlier in the search order will improve client startup time. One of the major motivations for WPAD was to support client location of "nearby" proxy servers. In many environments there may be a number of proxy servers (workgroup, corporate gateway, ISP, backbone). There are a number of possible points at which "nearness" decisions can be made in this framework: - SLP can use "scope = LOCAL". - DHCP servers for different subnets can return different answers. They can also base decisions on the client cipaddr field or the client identifier option. - DNS servers can be configured to return different SRV/A/TXT RRs for Different domain suffixes (for example, QNAMEs wpad.marketing.bigcorp.com and wpad.development.bigcorp.com). - The web server handling the CURL request can make decisions based on the "User-Agent", "Accept", client IP address/subnet/hostname, and the topological distribution of nearby proxy servers, etc. This can occur inside a CGI executable created to handle the CURL. As mentioned above it could be a proxy server itself handing the CURL request and making those decisions. - The CFILE may be expressive enough to select from a set of alternatives at "runtime" on the client. CARP [6] is based on this premise for an array of caches. It is not inconceivable that the CFILE could compute some network distance or fitness metrics to a set of candidate proxy servers and then select the "closest" or "most responsive" server. Not all of the above mechanisms can be supported in all currently deployed vendor hardware and software. The hope is that enough flexibility is provided in this framework that administrators can select which mechanisms will work in their environments. 7. Security Considerations Except in the case of SLP, this document does not address security of the protocols involved. The WPAD protocol is vulnerable to existing identified weaknesses in DHCP and DNS. The working groups for those standards, as well as the svrloc WG, are addressing security. WPAD does not create new security weaknesses that do not already exist in the current ways of retrieving CFILEs. 8. Acknowledgements Thanks to Pete St. Pierre for his suggestions and help with revisions to this document. 9. References [1] Moats, R., Hamilton, M., and P. Leach, "Finding Stuff (How to discover services)", Internet Draft, October 1997. [2] Gulbrandsen, A., and P. Vixie, "A DNS RR for specifying the location of services (DNS SRV)", RFC 2052, October 1996 [3] Droms, R., "Dynamic Host Configuration Protocol", RFC 2131, March 1997. [4] Veizades, J., Guttman, E., Perkins, C., and M. Day, "Service Location Protocol," Internet Draft, October 1997. [5] Hamilton, M., and R. Wright, "Use of DNS Aliases for Network Services", RFC 2219, October 1997. [6] Valloppillil, V., and K. Ross, "Cache Array Routing Protocol", Internet Draft, October 1997. [7] Alexander, S., and R. Droms, "DHCP Options and BOOTP Vendor Extensions", RFC 2132, March 1997. [8] Luotonen, A., "Navigator Proxy Auto-Config File Format", Netscape Corporation, http://home.netscape.com/eng/mozilla/2.0/relnotes/ demo/proxy-live.html, March 1996. [9] Mockapetris, P., "Domain Names - Concepts and Facilities", RFC 1034, November 1987. [10] Perkins, C., Guttman, E., and J. Kempf, "Service Templates and service: Schemes", Internet Draft, December 1997. [11] "A Sample DHCP Implementation for WPAD", Inktomi Corporation, http://www.inktomi.com/TBD.html, February 1998. [12] "WPAD Service Template", To be Released May/June1998. [13] Postel, J., "Domain Name System Structure and Delegation", RFC 1591, March 1994. 9. Author Information Paul Gauthier Inktomi Corporation 1900 South Norfolk Street Suite 310 San Mateo, CA 94403-1151 Phone: (650) 653-2800 Email: gauthier@inktomi.com Josh Cohen Microsoft Corporation One Microsoft Way Redmond, WA 98052 Phone: (425) 703-5812 Email: joshco@microsoft.com Martin Dunsmuir RealNetworks, Inc. 1111 3rd Ave, Suite 2900 Seattle, WA 98101 Phone: (206) 674-2237 Email: martind@real.com Charles Perkins Sun Microsystems, Inc. 15 Network Circle Menlo Park, CA 94025 Phone: (650) 786-6464 Email: charles.perkins@Sun.COM