Network Working Group F. Baker Internet-Draft Cisco Systems Expires: December 20, 2002 June 21, 2002 Recommended Packet Marking Policy draft-ietf-ieprep-packet-marking-policy-00 Status of this Memo This document is an Internet-Draft and is in full conformance with all provisions of Section 10 of RFC2026. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet- Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http:// www.ietf.org/ietf/1id-abstracts.txt. The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. This Internet-Draft will expire on December 20, 2002. Copyright Notice Copyright (C) The Internet Society (2002). All Rights Reserved. Abstract This paper summarizes a recommended correlation of applications to Differentiated Service Code Points. There is no intrinsic requirement that individual DSCPs correspond to given applications, but as a policy it is useful if they can be applied consistently. The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119 [2]. Baker Expires December 20, 2002 [Page 1] Internet-Draft Document June 2002 1. Introduction This paper summarizes a recommended correlation of applications to Differentiated Service Code Points. There is no intrinsic requirement that individual DSCPs correspond to given applications, but as a policy it is useful if they can be applied consistently. 1.1 Expected use in the network In the Internet today, corporate LANs and ISP WANs are generally not heavily utilized - they are commonly 10% utilized at most. For this reason, congestion, loss, and variation in delay and within corporate and ISP backbones is virtually unknown. This clashes with ser community perceptions, for three very good reasons. o It has not always been thus, and will not always be thus. The industry moves through cycles of bandwidth boom and bandwidth bust, depending on prevailing market conditions and the periodic deployment of new bandwidth-hungry applications. o In access networks, the state is often different. This may be because rates are artificially limited, or because of access network design trade-offs. o Other characteristics, such as database design on web servers, and configuration of firewalls and routers, often looks externally like a bandwidth limitation. The intent of this document is to provide a consistent marking strategy so that it can be configured and put into service on any link which finds itself congested, typically access links. 1.2 Key Diffserv concepts Someone seeking a deep understanding of the Differentiated Services Architecture [6] would do well to read it. However, we recapitulate key concepts here so save searching. 1.2.1 Queue or Class A queue or class is a data structure which holds traffic which is being subjected to delay due to lack of bandwidth. There are a number of ways to implement a queue; in some of these, it is more natural to discuss "classes in a queuing system" rather than "a set of queues and a scheduler". In the literature, as a result, the concepts are used somewhat interchangeably. A simple model of a queuing system, however, is a set of data Baker Expires December 20, 2002 [Page 2] Internet-Draft Document June 2002 structures for packet data, which we will call queues or classes, and a mechanism for selecting the next packet from among them. 1.2.1.1 Priority Queue A priority queuing system is a combination of a set of queues and a scheduler which empties them in priority sequence. When asked for a packet, the scheduler inspects the first queue, and if theer is data present returns a packet from that queue. Failing that, it inspects the second queue, and so on. A freeway onramp with a stoplight for one lane but allowing vehicles in the high occupancy vehicle lane to pass is an example of a priority queue. In a priority queuing system, a packet in the highest priority queue will experience a readily calculated delay - it is proportional to the amount of data remaining to be serialized when the packet arrived plus the volume of the data already queued ahead of it in the same queue. The technical reason for using a priority queue relates exactly to this fact: it limits jitter and delay, and should be used for traffic which has that requirement. 1.2.1.2 Rate Queues Similarly, a rate-based queuing system is a combination of a set of queues and a scheduler which empties each at a specified rate. An example of a rate based queuing system is a road intersection with a stoplight - the stoplight acts as a scheduler, giving each lane a certain opportunity to pass traffic through the intersection. In a rate-based queuing system, such as WFQ or WRR, the delay that a packet in any given queue will experience is dependant on the parameters and occupancy of its queue and the parameters and occupancy of the queues it is competing with. A queue whose traffic arrival rate is much less than the rate at which it lets traffic depart will tend to be empty, and packets in it will experience nominal delays. A packet whose arrival rate approximates or exceeds its departure rate will tend to be full, and packets in it will experience greater delay. Such a scheduler can impose a minimum rate, a maximum rate, or both, on any queue it touches. 1.2.2 Active Queue Management Active queue management is a generic name for any of a variety of procedures that use packet dropping or marking to manage the depth of a queue. The canonical example of such a procedure is RED93, in which a queue is assigned a minimum and maximum threshold, and the queuing algorithm maintains a moving average of the queue depth. When the mean queue depth exceeds the maximum threshold, all traffic Baker Expires December 20, 2002 [Page 3] Internet-Draft Document June 2002 is marked or dropped; when the mean queue depth exceeds the minimum threshold, a randomly selected subset if marked or dropped. This is intended to communicate with the system emitting the traffic, causing its congestion avoidance algorithms to kick in. 1.2.3 Policing of traffic Additionally, at the first router in a network that a acket crosses, arriving traffic may be measured, and dropped or marked according to a policy. This may be used to bias feedback loops, such as is done in AF [9], or to limit the amount of traffic in a system, as is done in EF [11]. 1.2.4 Differentiated Services Code Point (DSCP) The DSCP is a number in the range 0..63, which is placed into an IP packet to mark it according to the class of traffic it belongs in. 1.3 Per Hop Behavior (PHB) In the end, the facilities just described are combined to form a specified set of characteristics for handling different kinds of traffic, depending on the needs of the application. This document seeks to identify useful traffic aggregates and specify what PHB should be applied to them. Baker Expires December 20, 2002 [Page 4] Internet-Draft Document June 2002 2. Specified Traffic Classes Figure A shows eleven classes of traffic that are commonly specified in enterprise networks or on access links. None of these is mandatory for configuration; common experience is that a small subset is useful in any given network configuration. This specification recommends that if such a service is deployed, it be deployed in a manner consistent with this table. +=====+=======+====================+=====================+==============+ |PHB | DSCP | DSCP | Reference | Intended protocols | Configuration| +=====+=======+========+===========+=====================+==============+ |EF | EF | 101110 | RFC 3246 | Interactive Voice |RSVP Admission| | | | | | |Priority queue| +-----+-------+--------+-----------+---------------------+--------------+ |AF1 | AF11, | 001010 | RFC 2597 | Bulk transfers, web,| drop/mark | | | AF12, | 001100 | | general data service| AF13 <= AF12 | | | AF13 | 001110 | | | <= AF11,| | | | | | possible guaranteed minimum rate| | | | | | possible guaranteed maximum rate| +-----+-------+--------+-----------+---------------------+--------------+ |AF2 | AF21, | 010010 | RFC 2597 | Database access, | drop/mark | | | AF22, | 010100 | | transaction services| AF23 <= AF22 | | | AF23 | 010110 | | interactive traffic | <= AF21,| | | | | | possible guaranteed minimum rate| | | | | | possible guaranteed maximum rate| +-----+-------+--------+-----------+---------------------+--------------+ |AF3 | AF31, | 011010 | RFC 2597 | Locally defined | drop/mark | | | AF32, | 011100 | | mission-critical | AF33 <= AF32 | | | AF33 | 011110 | | applications | <= AF31,| | | | | | possible guaranteed minimum rate| | | | | | possible guaranteed maximum rate| +-----+-------+--------+-----------+---------------------+--------------+ |AF4 | AF41, | 100010 | RFC 2597 | Interactive video, | drop/mark | | | AF42, | 100100 | | associated voice | AF43 <= AF42 | | | AF43 | 100110 | | | <= AF41,| | | | | | possible guaranteed minimum rate| | | | | | possible guaranteed maximum rate| | | | | | Bandwidth Signaling| +-----+-------+--------+-----------+---------------------+--------------+ |IP |Class 6| 110000 | RFC 2474 | BGP, OSPF, etc | minimum rate | |Routing | | section 4.2.2 |Deep Queue AQM| +-----+-------+--------+-----------+---------------------+--------------+ |Streaming | 100000 | RFC 2474 | Often proprietary | minimum rate | |Video|Class 4| | section 4.2.2 | AQM | +-----+-------+--------+-----------+---------------------+--------------+ Baker Expires December 20, 2002 [Page 5] Internet-Draft Document June 2002 +=====+=======+====================+=====================+==============+ |PHB | DSCP | DSCP | Reference | Intended protocols | Configuration| +=====+=======+========+===========+=====================+==============+ | |Class 3| 011000 | RFC 2474 | SIP, H.323, etc | minimum rate | |Telephony | | section 4.2.2 |Deep Queue AQM| |Signaling | | | | | |voice/video | | | | | +-----+-------+--------+-----------+---------------------+--------------+ | |Class 2| 010000 | RFC 2474 | SNMP | minimum rate;| |Network | | section 4.2.2 | AQM | |Management | | | | | +-----+-------+--------+-----------+---------------------+--------------+ | |class 1| 001000 |Internet II|User-selected service| AQM | |Scavenger | | usage | | | +-----+-------+--------+-----------+---------------------+--------------+ | |class 0| 000000 | RFC 2474 | Unspecified traffic | minimum rate | |Default | | section 4.1 | AQM | +=====+=======+========+===========+=====================+==============+ Figure A: Summary of specified diffserv classes 2.1 Voice on IP The voice traffic class serves RP voice. It is specified in [11]. The fundamental service offered to voice traffic is best effort service up to a specified upper bound with nominal delay. It is in many respects similar to an ATM CBR VC; the circuit is guaranteed its bandwidth, and if it stays within the negotiated rate it experiences nominal loss and delay. Typical configurations negotiate the use of Voice on IP using protocols such as SIP and RSVP. When a user has been authorized to send voice traffic, this admission procedure has verified that data rates will be within the capacity of the network that it will use. Since RTP voice does not respond to loss or marking in any substantive way, the network must police at ingress to ensure that the voice traffic stays within its negotiated bounds. Having thus assured a predictable input rate, the network may use a priority queue to ensure nominal delay and jitter. 2.2 File Transfer Applications The File Transfer traffic class serves applications but which run over TCP [1][7][7] or a transport with a consistent congestion avoidance procedure, and normally drive as high a data rate as they can obtain over a long period of time. The FTP protocol is a common example. The PHB is specified in [9]. Baker Expires December 20, 2002 [Page 6] Internet-Draft Document June 2002 The fundamental service offered to mission critical traffic is best effort service with a specified minimum rate. One must assume that this class will consume any available capacity, and on congested links may experience queuing delay or loss. Typical configurations use ECN [10] or random loss to implement active queue management [4], and may impose a minimum or maximum rate. In queues, the probability of loss of AF11 traffic may not exceed the probability of loss of AF12 traffic, which in turn may not exceed the probability of loss of AF13 traffic. Ingress policing passes traffic in the class up to some specified threshold marked AF11, additional traffic up to some secondary threshold marked as AF32, and potentially passes additional traffic marked AF33. In such a case, if one network customer is driving significant excess and another seeks to use the link, any losses will be experienced by the high rate user, causing him to reduce his rate. 2.3 Human-response Applications The human response traffic class serves applications but which run over TCP [1][7][7] or a transport with a consistent congestion avoidance procedure, and serve transaction, database access, or interactive protocols. Such applications might include telnet, common ERP applications, instant messaging, or other applications which hold a user waiting until they respond. The PHB is specified in [9]. The fundamental service offered to human response traffic is best effort service with a specified minimum rate. The rate should be specified significantly in excess of actual measured rates, in order to ensure that this traffic experiences only nominal delay or loss. Typical configurations use ECN [10] or random loss to implement active queue management [4], and may impose a minimum or maximum rate. In queues, the probability of loss of AF21 traffic may not exceed the probability of loss of AF22 traffic, which in turn may not exceed the probability of loss of AF23 traffic. 2.4 Mission Specific and Critical Applications The mission-specific traffic class serves applications but which run over TCP [1][7][7] or a transport with a consistent congestion avoidance procedure, and serve needs the network administrator deems to need special support. For example, in a banking network, it might support electronic banking protocols. The PHB is specified in [9]. The fundamental service offered to mission critical traffic is best effort service with a specified minimum rate. The rate should be Baker Expires December 20, 2002 [Page 7] Internet-Draft Document June 2002 specified significantly in excess of actual measured rates, in order to ensure that this traffic experiences only nominal delay or loss. Typical configurations use ECN [10] or random loss to implement active queue management [4], and may impose a minimum or maximum rate. In queues, the probability of loss of AF31 traffic may not exceed the probability of loss of AF32 traffic, which in turn may not exceed the probability of loss of AF33 traffic. 2.5 Network Multimedia (video) The Network Multimedia traffic class serves applications that carry RTP data streams whose rate has been negotiated with the network using a protocol such as RSVP [3]. If the mean rate is conceived as Bc/frame interval and the difference between the mean and peak rate is Be/frame interval, the first Bc packets in a frame are marked AF41, the next Be packets are marked AF42, and any additional packets may be summarily dropped, or marked AF43 and subjected to loss in any but a queue of nominal depth. This PHB is specified in [9]. The fundamental service offered to network multimedia traffic is best effort service with controlled rate and delay. This traffic does not respond to loss or marking, and can be severely compromise by loss or delays that exceed its framing interval. It can be assumed, however, to have been initially transmitted in a manner roughly comparable to [12]. As such, active queue management [4] serves primarily to deal with extreme cases; ingress shaping or policing is depended on to ensure rate compliance. In queues, the probability of loss of AF41 traffic may not exceed the probability of loss of AF42 traffic, which in turn may not exceed the probability of loss of AF43 traffic if any. 2.6 IP Routing Protocols The IP Routing traffic class serves IP Routing Applications such as BGP or OSPF. It is specified in [5]. The fundamental service offered to routing traffic is best effort service with minimal loss, even at the cost of delays on the order of tens of milliseconds. By placing it into a separate queue or class, it may be ensured minima or maxima consistent with a specific service level agreement. By placing it into a separate queue or class, the routing it supports is helped to converge. Typical configurations use ECN [10] or random loss to implement active queue management [4], and may impose a minimum or maximum rate. Baker Expires December 20, 2002 [Page 8] Internet-Draft Document June 2002 2.7 Streaming Video The streaming video traffic class serves applications like Windows Media Player or RealAudio. These may use proprietary protocols, or may use TCP. It is specified in [5]. The fundamental service offered to streaming video is best effort service. By placing it into a separate queue or class, it may be ensured minima or maxima consistent with a specific service level agreement. Typical configurations use ECN [10] or random loss to implement active queue management [4], and may impose a minimum or maximum rate. 2.8 Telephony Signaling The Telephony Signaling traffic class serves network control applications like SIP and H.323 when used to route Voice on IP, Video on IP, and related applications. It is specified in [5]. The fundamental service offered to Telephony Signaling traffic is best effort service with minimize loss. The reason for this is to maximize the speed of such routing, and avoid the poor user experience that results from loss of control traffic. By placing it into a separate queue or class, it may be ensured minima or maxima consistent with a specific service level agreement. Typical configurations use ECN [10] or random loss to implement active queue management [4], and may impose a minimum or maximum rate. The AQM parameters are specified in such a manner as to permit relatively deep queues to form temporarily. 2.9 Network Management The management traffic class serves applications that are necessary to manage the network, such as SNMP servers, but which implement no congestion avoidance procedure. It is specified in [5]. The fundamental service offered to the network traffic class is best effort service with minimization of loss. By placing it into a separate queue or class, it may be ensured minima or maxima consistent with a specific service level agreement. Typical configurations use random loss to implement active queue management [4], to maximize the utility of network management applications while protecting the network in the event of an overload. Baker Expires December 20, 2002 [Page 9] Internet-Draft Document June 2002 2.10 Scavenger class The scavenger traffic class serves applications which run over TCP [1][7][7] or a transport with a consistent congestion avoidance procedure, and which the user is willing to accept service without guarantees. It is specified in [4]. The fundamental service offered to the scavenger traffic class is best effort service. By placing it into a separate queue or class, it may be ensured minima or maxima consistent with a specific service level agreement. Typical configurations use ECN [10] or random loss to implement active queue management [4]. It generally does not impose a minimum or maximum rate. 2.11 Default traffic class The default traffic class serves applications which have not been otherwise specified, but which run over TCP [1][7][7] or a transport with a consistent congestion avoidance procedure. It is specified in [5]. The fundamental service offered to the default traffic class is best effort service with active queue management to limit over-all delay. By placing it into a separate queue or class, it may be ensured minima or maxima consistent with a specific service level agreement. Typical configurations use ECN [10] or random loss to implement [4]active queue management [4], and may impose a minimum or maximum rate on the queue. Baker Expires December 20, 2002 [Page 10] Internet-Draft Document June 2002 3. Reflexive DSCP Policy In reviewing the specific use of the Differentiated Services Architecture for supporting the Internet Emergency Preparedness System, we found what we believe is a general issue. This is that even though a client or peer can connect to a server or peer with a predictable DSCP value, the response does not have a predictable DSCP value. We consider the issues, and recommend an approach to application policy regarding the DSCP. Figure 1 presents a connection being placed between two applications across a differentiated services network. . . . . . . . . . . . . . . . . . . . Client . . . . Server . . /----------/ . . /------------/ . . /---------------/. . Router -----/----- Router Router ----/----- Router . . . . . . . . . . . . . . . . . . . . . . . . . Figure 1: Connection across a network A behavior aggregate originated in part by a certain client toward a given server in a remote network may have certain application requirements, such as requiring service appropriate to an ERP application, video stream, or voice. One application may use different aggregates for different purposes, and therefore have different requirements. So the application may not be able to tell, a priori, with what DSCP it should use or respond. In addition, DSCPs have local significance in the Differentiated Services Architecture. It is possible and perhaps likely that a behavior aggregate might use different code points in different networks. There are a number of possible approaches to this issue. The simplest, which we fear is currently standard in Differentiated Services hosts, is to simply select a default value, such as "always make TCP applications use AF11". For some applications, such as voice (EF), this approach is appropriate, but for many it is not. 3.1 Default DSCP policy in a responder When a system accepts sessions initiated from another system, and there is no specific local policy, the responder SHOULD use the same DSCP Group as its request. Thus, if a TCP SYN arrives using any of Baker Expires December 20, 2002 [Page 11] Internet-Draft Document June 2002 AF11, AF12, or AF13, the TCP SYN-ACK and subsequent messages SHOULD use AF11 as the DSCP. When in doubt as to the set of DSCP code points comprising a DSCP Group, it SHOULD respond with exactly the same DSCP. There has been interest of late in changing the quality of service behavior for different portions of the same session, such as on a per-URL basis. The requester could initiate this. Thus, if the DSCP received on one TCP segment differs from the TCP used on a prior TCP segment in a session, the new DSCP SHOULD be reflected unless local policy prevents this. One way to implement this requires the receiving transport (TCP, SCTP, etc) to save the received DSCP and use an API to determine the correct responding DSCP from a configuration file. The configuration file lists the 64 possible DSCP values and the correct response. In most cases, the two SHOULD be the same, but the twelve AFxy code points map to AFx1. Local policy MAY update this mapping. 3.2 Application-directed DSCP policy The originator of a session, which is to say the application that opens it, SHOULD normally select the DSCP value used. This, of course, needs to be consistent with local network policy, and may be dictated entirely by that policy. The application would do this through an API, ideally one that maps the application to a DSCP value through local administrative policy. Thus, the API could set the DSCP for signaling of voice calls to a specific value, such as AF31. It would be better, though, if the API were to set it to a key word such as "VoiceSignaling" or "DatabaseAccess", and enable the network administration to interpret the key word to an appropriate code point. One way to implement this would be for the API code to look the key word up in a file or an LDAP Policy. It is possible for the responding application to use this same API. For example, separate policies might apply to database records of one type and database records of another type, something that only the database access application could determine. It is also possible for the application exchange to communicate a desired DSCP, and the responding application to use the API accordingly. In such a case, the application exchange MUST specify the key word rather than the specific DSCP, as it cannot know the applicable policy in the responder's network. Baker Expires December 20, 2002 [Page 12] Internet-Draft Document June 2002 4. Security Considerations This document discusses policy, and describes a recommended default policy, for the use of a Differentiated Services Code Point by transports and applications. If implemented as described, it should ask the network to do nothing that the network has not already allowed. If that is the case, no new security issues should arise from the use of such a policy. It is possible, however, for the policy to be applied incorrectly, or for another policy to be applied, which would be incorrect in the network. In that case, a policy issue exists which the network must detect, assess, and deal with. This is a known security issue in any network dependent on policy-directed behavior. Baker Expires December 20, 2002 [Page 13] Internet-Draft Document June 2002 5. Acknowledgements The author acknowledges a great many inputs, omst notably from Bruce Davie, Dave Oran, and Rei Atarashi. Baker Expires December 20, 2002 [Page 14] Internet-Draft Document June 2002 Normative References [1] Postel, J., "Transmission Control Protocol", STD 7, RFC 793, September 1981. [2] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. [3] Zhang, L., Berson, S., Herzog, S. and S. Jamin, "Resource ReSerVation Protocol (RSVP) -- Version 1 Functional Specification", RFC 2205, September 1997. [4] Howard, L., "An Approach for Using LDAP as a Network Information Service", RFC 2307, March 1998. [5] Nichols, K., Blake, S., Baker, F. and D. Black, "Definition of the Differentiated Services Field (DS Field) in the IPv4 and IPv6 Headers", RFC 2474, December 1998. [6] Blake, S., Black, D., Carlson, M., Davies, E., Wang, Z. and W. Weiss, "An Architecture for Differentiated Services", RFC 2475, December 1998. [7] Allman, M., Paxson, V. and W. Stevens, "TCP Congestion Control", RFC 2581, April 1999. [8] Floyd, S. and T. Henderson, "The NewReno Modification to TCP's Fast Recovery Algorithm", RFC 2582, April 1999. [9] Heinanen, J., Baker, F., Weiss, W. and J. Wroclawski, "Assured Forwarding PHB Group", RFC 2597, June 1999. [10] Ramakrishnan, K., Floyd, S. and D. Black, "The Addition of Explicit Congestion Notification (ECN) to IP", RFC 3168, September 2001. [11] Davie, B., Charny, A., Bennet, J., Benson, K., Le Boudec, J., Courtney, W., Davari, S., Firoiu, V. and D. Stiliadis, "An Expedited Forwarding PHB (Per-Hop Behavior)", RFC 3246, March 2002. Baker Expires December 20, 2002 [Page 15] Internet-Draft Document June 2002 Informative References [12] Bonaventure, O. and S. De Cnodder, "A Rate Adaptive Shaper for Differentiated Services", RFC 2963, October 2000. [13] "International Emergency Preparedness Scheme", ITU E.106, March 2000. [14] "Service Description for an International Emergency Multimedia Service (Draft)", ITU-T F.706, August 2001. Author's Address Fred Baker Cisco Systems 1121 Via Del Rey Santa Barbara, CA 93117 US Phone: +1-408-526-4257 Fax: +1-413-473-2403 EMail: fred@cisco.com Baker Expires December 20, 2002 [Page 16] Internet-Draft Document June 2002 Full Copyright Statement Copyright (C) The Internet Society (2002). All Rights Reserved. This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implementation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this paragraph are included on all such copies and derivative works. However, this document itself may not be modified in any way, such as by removing the copyright notice or references to the Internet Society or other Internet organizations, except as needed for the purpose of developing Internet standards in which case the procedures for copyrights defined in the Internet Standards process must be followed, or as required to translate it into languages other than English. The limited permissions granted above are perpetual and will not be revoked by the Internet Society or its successors or assigns. This document and the information contained herein is provided on an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Acknowledgement Funding for the RFC Editor function is currently provided by the Internet Society. Baker Expires December 20, 2002 [Page 17]