Internet Engineering Task Force Y. Fu Internet-Draft CNNIC Intended status: Standards Track S. Jiang Expires: May 19, 2018 B. Liu Huawei Technologies Co., Ltd J. Dong Y. Chen Tsinghua University November 15, 2017 Definitions of Managed Objects for MAP-E draft-ietf-softwire-map-mib-12 Abstract This memo defines a portion of the Management Information Base (MIB) for Mapping Address and Port with encapsulation (MAP-E) for use with network management protocols. Status of This Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at https://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on May 19, 2018. Copyright Notice Copyright (c) 2017 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must Fu, et al. Expires May 19, 2018 [Page 1] Internet-Draft draft-ietf-softwire-map-mib-12 November 2017 include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 2. The Internet-Standard Management Framework . . . . . . . . . 2 3. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 4. Structure of the MIB Module . . . . . . . . . . . . . . . . . 3 4.1. The mapMIBObjects . . . . . . . . . . . . . . . . . . . . 3 4.1.1. The mapRule Subtree . . . . . . . . . . . . . . . . . 3 4.1.2. The mapSecurityCheck Subtree . . . . . . . . . . . . 3 4.2. The mapMIBConformance Subtree . . . . . . . . . . . . . . 3 5. Definitions . . . . . . . . . . . . . . . . . . . . . . . . . 4 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 11 7. Security Considerations . . . . . . . . . . . . . . . . . . . 11 8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 13 9. References . . . . . . . . . . . . . . . . . . . . . . . . . 13 9.1. Normative References . . . . . . . . . . . . . . . . . . 13 9.2. Informative References . . . . . . . . . . . . . . . . . 14 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 15 1. Introduction Mapping of Address and Port with Encapsulation (MAP-E) [RFC7597] is a stateless, automatic tunnelling mechanism for providing an IPv4 connectivity service to end-users over a service provider's IPv6 network. This document defines a portion of the Management Information Base (MIB) for use with monitoring MAP-E devices. 2. The Internet-Standard Management Framework For a detailed overview of the documents that describe the current Internet-Standard Management Framework, please refer to section 7 of [RFC3410]. Managed objects are accessed via a virtual information store, termed the Management Information Base or MIB. MIB objects are generally accessed through the Simple Network Management Protocol (SNMP). Objects in the MIB are defined using the mechanisms defined in the Structure of Management Information (SMI). This memo specifies a MIB module that is compliant to the SMIv2, which is described in [RFC2578], [RFC2579] and [RFC2580]. Fu, et al. Expires May 19, 2018 [Page 2] Internet-Draft draft-ietf-softwire-map-mib-12 November 2017 3. Terminology The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119]. 4. Structure of the MIB Module The Interfaces MIB [RFC2863] defines generic managed objects for managing interfaces. Each logical interface (physical or virtual) has an ifEntry. Tunnels are handled by creating a logical interface (ifEntry) for each tunnel. Each MAP-E tunnel endpoint also acts as a virtual interface that has a corresponding entry in the Interface MIB. Those corresponding entries are indexed by ifIndex. MAP-E MIB is configurable on a per-interface basis, so it depends on several parts of the IF-MIB[RFC2863]. 4.1. The mapMIBObjects 4.1.1. The mapRule Subtree The mapRule subtree describes managed objects used for managing the multiple mapping rules in MAP-E. According to the [RFC7597], the mapping rules are divided into two categories, which are Basic Mapping Rule (BMR), and Forwarding Mapping Rule (FMR). 4.1.2. The mapSecurityCheck Subtree The mapSecurityCheck subtree provides statistics for the number of invalid packets that have been identified. There are two kind of invalid packets which are defined in the [RFC7597] as below. - The Border Relay (BR) will validates the received packet's source IPv6 address against the configured MAP domain rule and the destination IPv6 address against the configured BR IPv6 address. - The MAP node (CE and BR) will check that the received packets' source IPv4 address and port is in the range derived from the matching MAP Rule. 4.2. The mapMIBConformance Subtree The mapMIBConformance subtree provides conformance information of MIB objects. Fu, et al. Expires May 19, 2018 [Page 3] Internet-Draft draft-ietf-softwire-map-mib-12 November 2017 5. Definitions The following MIB module imports definitions from [RFC2578], [RFC2579], [RFC2580], [RFC2863], and [RFC4001]. MAP-E-MIB DEFINITIONS ::= BEGIN IMPORTS MODULE-IDENTITY, OBJECT-TYPE, mib-2, Unsigned32, Counter64 FROM SNMPv2-SMI --RFC2578 TEXTUAL-CONVENTION FROM SNMPv2-TC --RFC2579 ifIndex FROM IF-MIB --RFC2863 InetAddressIPv6, InetAddressIPv4, InetAddressPrefixLength FROM INET-ADDRESS-MIB --RFC4001 OBJECT-GROUP, MODULE-COMPLIANCE FROM SNMPv2-CONF; --RFC2580 mapMIB MODULE-IDENTITY LAST-UPDATED "201711150000Z" ORGANIZATION "IETF Softwire Working Group" CONTACT-INFO "Yu Fu CNNIC No.4 South 4th Street, Zhongguancun Beijing, P.R. China 100190 EMail: fuyu@cnnic.cn Sheng Jiang Huawei Technologies Co., Ltd Huawei Building, 156 Beiqing Rd., Hai-Dian District Beijing, P.R. China 100095 EMail: jiangsheng@huawei.com Bing Liu Huawei Technologies Co., Ltd Huawei Building, 156 Beiqing Rd., Hai-Dian District Beijing, P.R. China 100095 EMail: leo.liubing@huawei.com Jiang Dong Tsinghua University Department of Computer Science, Tsinghua University Fu, et al. Expires May 19, 2018 [Page 4] Internet-Draft draft-ietf-softwire-map-mib-12 November 2017 Beijing 100084 P.R. China Email: knight.dongjiang@gmail.com Yuchi Chen Tsinghua University Department of Computer Science, Tsinghua University Beijing 100084 P.R. China Email: chenycmx@gmail.com" DESCRIPTION "The MIB module is defined for management of objects for MAP-E BRs or CEs." REVISION "201711150000Z" DESCRIPTION "Initial version. Published as RFC xxxx." --RFC Ed.: RFC-edtitor pls fill in xxxx ::= { mib-2 xxx } --xxx to be replaced withIANA-assigned value mapMIBObjects OBJECT IDENTIFIER ::= {mapMIB 1} mapRule OBJECT IDENTIFIER ::= { mapMIBObjects 1 } mapSecurityCheck OBJECT IDENTIFIER ::= { mapMIBObjects 2 } -- ============================================================== -- Textual Conventions used in this MIB module -- ============================================================== RulePSID ::= TEXTUAL-CONVENTION DISPLAY-HINT "0x:" STATUS current DESCRIPTION "Indicates that the PSID is represented as hexidecimal for clarity." SYNTAX OCTET STRING (SIZE (2)) RuleType ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "Enumerates the type of the mapping rule. It defines three types of mapping rules here: bmr: Basic Mapping Rule (Not Forwarding Mapping Rule), fmr: Forwarding Mapping Rule (Not Basic Mapping Rule), Fu, et al. Expires May 19, 2018 [Page 5] Internet-Draft draft-ietf-softwire-map-mib-12 November 2017 bmrAndfmr: Basic and Forwarding Mapping Rule. The Basic Mapping Rule may also be a Forwarding Mapping Rule for mesh mode." REFERENCE "bmr, fmr: section 5 of RFC 7597. bmrAndfmr: section 5 of RFC 7597, section 4.1 of RFC 7598." SYNTAX INTEGER { bmr(1), fmr(2), bmrAndfmr(3) } mapRuleTable OBJECT-TYPE SYNTAX SEQUENCE OF MapRuleEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The (conceptual) table containing rule information for a specific mapping rule. It can also be used for row creation." ::= { mapRule 1 } mapRuleEntry OBJECT-TYPE SYNTAX MapRuleEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each entry in this table contains the information on a particular mapping rule." INDEX { ifIndex, mapRuleID } ::= { mapRuleTable 1 } MapRuleEntry ::= SEQUENCE { mapRuleID Unsigned32, mapRuleIPv6Prefix InetAddressIPv6, mapRuleIPv6PrefixLen InetAddressPrefixLength, mapRuleIPv4Prefix InetAddressIPv4, mapRuleIPv4PrefixLen InetAddressPrefixLength, mapRuleBRIPv6Address InetAddressIPv6, mapRulePSID RulePSID, mapRulePSIDLen Unsigned32, mapRuleOffset Unsigned32, mapRuleEALen Unsigned32, mapRuleType RuleType } Fu, et al. Expires May 19, 2018 [Page 6] Internet-Draft draft-ietf-softwire-map-mib-12 November 2017 mapRuleID OBJECT-TYPE SYNTAX Unsigned32 (1..4294967295) MAX-ACCESS not-accessible STATUS current DESCRIPTION "A unique identifier used to distinguish mapping rules." ::= { mapRuleEntry 1 } -- The object mapRuleIPv6Prefix is IPv6 specific and hence it does -- not use the version agnostic InetAddress. mapRuleIPv6Prefix OBJECT-TYPE SYNTAX InetAddressIPv6 MAX-ACCESS read-only STATUS current DESCRIPTION "The IPv6 prefix defined in the mapping rule which will be assigned to CE." ::= { mapRuleEntry 2 } mapRuleIPv6PrefixLen OBJECT-TYPE SYNTAX InetAddressPrefixLength MAX-ACCESS read-only STATUS current DESCRIPTION "The length of the IPv6 prefix defined in the mapping rule which will be assigned to CE." ::= { mapRuleEntry 3 } -- The object mapRuleIPv4Prefix is IPv4 specific and hence it does -- not use the version agnostic InetAddress. mapRuleIPv4Prefix OBJECT-TYPE SYNTAX InetAddressIPv4 MAX-ACCESS read-only STATUS current DESCRIPTION " The IPv4 prefix defined in the mapping rule which will be assigned to CE." ::= { mapRuleEntry 4 } mapRuleIPv4PrefixLen OBJECT-TYPE SYNTAX InetAddressPrefixLength MAX-ACCESS read-only STATUS current DESCRIPTION "The length of the IPv4 prefix defined in the mapping Fu, et al. Expires May 19, 2018 [Page 7] Internet-Draft draft-ietf-softwire-map-mib-12 November 2017 rule which will be assigned to CE." ::= { mapRuleEntry 5 } -- The object mapRuleBRIPv6Address is IPv6 specific and hence it does -- not use the version agnostic InetAddress. mapRuleBRIPv6Address OBJECT-TYPE SYNTAX InetAddressIPv6 MAX-ACCESS read-only STATUS current DESCRIPTION "The IPv6 address of the BR which will be conveyed to CE. If the BR IPv6 address is anycast, the relay must use this anycast IPv6 address as the source address in packets relayed to CEs." ::= { mapRuleEntry 6 } mapRulePSID OBJECT-TYPE SYNTAX RulePSID MAX-ACCESS read-only STATUS current DESCRIPTION "The PSID value algorithmically identifies a set of ports assigned to a CE." REFERENCE "PSID: section 5.1 of RFC 7597." ::= { mapRuleEntry 7 } mapRulePSIDLen OBJECT-TYPE SYNTAX Unsigned32(0..16) MAX-ACCESS read-only STATUS current DESCRIPTION "The bit length value of the number of significant bits in the PSID field. When it is set to 0, the PSID field is to be ignored." ::= { mapRuleEntry 8 } mapRuleOffset OBJECT-TYPE SYNTAX Unsigned32(0..15) MAX-ACCESS read-only STATUS current DESCRIPTION "The number of the mapRuleOffset is 6 by default as to exclude the System ports (0-1023). It is provided via the Rule Port Mapping Parameters in the Basic Mapping Rule." DEFVAL {6} Fu, et al. Expires May 19, 2018 [Page 8] Internet-Draft draft-ietf-softwire-map-mib-12 November 2017 ::= { mapRuleEntry 9 } mapRuleEALen OBJECT-TYPE SYNTAX Unsigned32(0..48) MAX-ACCESS read-only STATUS current DESCRIPTION "The length of the Embedded-Address (EA) defined in mapping rule which will be assigned to CE." REFERENCE "EA: section 3 of RFC 7597." ::= { mapRuleEntry 10 } mapRuleType OBJECT-TYPE SYNTAX RuleType MAX-ACCESS read-only STATUS current DESCRIPTION "Indicates the type of mapping rule. '1' represents a BMR. '2' represents a FMR and '3' is for a BMR which is also an FMR for mesh mode." REFERENCE "bmr, fmr: section 5 of RFC 7597. bmrAndfmr: section 5 of RFC 7597, section 4.1 of RFC 7598." ::= { mapRuleEntry 11 } mapSecurityCheckTable OBJECT-TYPE SYNTAX SEQUENCE OF MapSecurityCheckEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The (conceptual) table containing information on MAP security checks. This table can be used for statistics on the number of invalid packets that have been identified." ::= { mapSecurityCheck 1 } mapSecurityCheckEntry OBJECT-TYPE SYNTAX MapSecurityCheckEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each entry in this table contains information on a particular MAP SecurityCheck." Fu, et al. Expires May 19, 2018 [Page 9] Internet-Draft draft-ietf-softwire-map-mib-12 November 2017 INDEX { ifIndex } ::= { mapSecurityCheckTable 1 } MapSecurityCheckEntry ::= SEQUENCE { mapSecurityCheckInvalidv4 Counter64, mapSecurityCheckInvalidv6 Counter64 } mapSecurityCheckInvalidv4 OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "Indicates the number of received IPv4 packets which do not have a payload source IPv4 address or port within the range defined in the matching MAP rule." ::= { mapSecurityCheckEntry 1 } mapSecurityCheckInvalidv6 OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "Indicates the number of received IPv6 packets which do not have a source or destination IPv6 address matching a Basic Mapping Rule." ::= { mapSecurityCheckEntry 2 } -- Conformance Information mapMIBConformance OBJECT IDENTIFIER ::= {mapMIB 2} mapMIBCompliances OBJECT IDENTIFIER ::= { mapMIBConformance 1 } mapMIBGroups OBJECT IDENTIFIER ::= { mapMIBConformance 2 } -- compliance statements mapMIBCompliance MODULE-COMPLIANCE STATUS current DESCRIPTION "Describes the minimal requirements for conformance to the MAP-E MIB." MODULE -- this module MANDATORY-GROUPS { mapMIBRuleGroup , mapMIBSecurityGroup } ::= { mapMIBCompliances 1 } -- Units of Conformance mapMIBRuleGroup OBJECT-GROUP OBJECTS { Fu, et al. Expires May 19, 2018 [Page 10] Internet-Draft draft-ietf-softwire-map-mib-12 November 2017 mapRuleIPv6Prefix, mapRuleIPv6PrefixLen, mapRuleIPv4Prefix, mapRuleIPv4PrefixLen, mapRuleBRIPv6Address, mapRulePSID, mapRulePSIDLen, mapRuleOffset, mapRuleEALen, mapRuleType } STATUS current DESCRIPTION "The group of objects used to describe the MAP-E mapping rule." ::= { mapMIBGroups 1 } mapMIBSecurityGroup OBJECT-GROUP OBJECTS { mapSecurityCheckInvalidv4, mapSecurityCheckInvalidv6 } STATUS current DESCRIPTION "The group of objects used to provide information on the MAP-E security checks." ::= { mapMIBGroups 2 } END 6. IANA Considerations The MIB module in this document uses the following IANA-assigned OBJECT IDENTIFIER values recorded in the SMI Numbers registry: Descriptor OBJECT IDENTIFIER value ---------- ----------------------- MAP-E-MIB { mib-2 XXX } 7. Security Considerations There are no management objects defined in this MIB module that have a MAX-ACCESS clause of read-write and/or read-create. So, if this MIB module is implemented correctly, then there is no risk that an intruder can alter or create any management objects of this MIB module via direct SNMP SET operations. Some of the readable objects in this MIB module (i.e., objects with a MAX-ACCESS other than not-accessible) may be considered sensitive or Fu, et al. Expires May 19, 2018 [Page 11] Internet-Draft draft-ietf-softwire-map-mib-12 November 2017 vulnerable in some network environments. It is thus important to control even GET and/or NOTIFY access to these objects and possibly to even encrypt the values of these objects when sending them over the network via SNMP. Some of the MIB model's objects are vulnerable as the information which they hold may be used for targeting an attack against a MAP node (CE or BR). E.g., an intruder could use the information to help deduce the customer IPv4 and IPv6 topologies and address-sharing ratios in use by the ISP. The following is a list of the objects that have this vulnerability: mapRuleIPv6Prefix mapRuleIPv6PrefixLen mapRuleIPv4Prefix mapRuleIPv4PrefixLen mapRuleBRIPv6Address mapRulePSID mapRulePSIDLen mapRuleOffset mapRuleEALen mapRuleType SNMP versions prior to SNMPv3 did not include adequate security. Even if the network itself is secure (for example by using IPSec), there is no control as to who on the secure network is allowed to access and GET/SET (read/change/create/delete) the objects in this MIB module. Implementations SHOULD provide the security features described by the SNMPv3 framework (see [RFC3410]), and implementations claiming compliance to the SNMPv3 standard MUST include full support for authentication and privacy via the User-based Security Model (USM) [RFC3414] with the AES cipher algorithm [RFC3826]. Implementations MAY also provide support for the Transport Security Model (TSM) [RFC5591] in combination with a secure transport such as SSH [RFC5592] or TLS/DTLS [RFC6353]. Fu, et al. Expires May 19, 2018 [Page 12] Internet-Draft draft-ietf-softwire-map-mib-12 November 2017 Further, deployment of SNMP versions prior to SNMPv3 is NOT RECOMMENDED. Instead, it is RECOMMENDED to deploy SNMPv3 and to enable cryptographic security. It is then a customer/operator responsibility to ensure that the SNMP entity giving access to an instance of this MIB module is properly configured to give access to the objects only to those principals (users) that have legitimate rights to indeed GET or SET (change/create/delete) them. 8. Acknowledgements The authors would like to thank for valuable comments from David Harrington, Mark Townsley, Shishio Tsuchiya, Yong Cui, Suresh Krishnan, Bert Wijnen, Ian Farrer and Juergen Schoenwaelder. This document was produced using the xml2rfc tool [RFC7991]. 9. References 9.1. Normative References [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997, . [RFC2578] McCloghrie, K., Ed., Perkins, D., Ed., and J. Schoenwaelder, Ed., "Structure of Management Information Version 2 (SMIv2)", STD 58, RFC 2578, DOI 10.17487/RFC2578, April 1999, . [RFC2579] McCloghrie, K., Ed., Perkins, D., Ed., and J. Schoenwaelder, Ed., "Textual Conventions for SMIv2", STD 58, RFC 2579, DOI 10.17487/RFC2579, April 1999, . [RFC2580] McCloghrie, K., Ed., Perkins, D., Ed., and J. Schoenwaelder, Ed., "Conformance Statements for SMIv2", STD 58, RFC 2580, DOI 10.17487/RFC2580, April 1999, . [RFC2863] McCloghrie, K. and F. Kastenholz, "The Interfaces Group MIB", RFC 2863, DOI 10.17487/RFC2863, June 2000, . Fu, et al. Expires May 19, 2018 [Page 13] Internet-Draft draft-ietf-softwire-map-mib-12 November 2017 [RFC4001] Daniele, M., Haberman, B., Routhier, S., and J. Schoenwaelder, "Textual Conventions for Internet Network Addresses", RFC 4001, DOI 10.17487/RFC4001, February 2005, . [RFC7597] Troan, O., Ed., Dec, W., Li, X., Bao, C., Matsushima, S., Murakami, T., and T. Taylor, Ed., "Mapping of Address and Port with Encapsulation (MAP-E)", RFC 7597, DOI 10.17487/RFC7597, July 2015, . [RFC7598] Mrugalski, T., Troan, O., Farrer, I., Perreault, S., Dec, W., Bao, C., Yeh, L., and X. Deng, "DHCPv6 Options for Configuration of Softwire Address and Port-Mapped Clients", RFC 7598, DOI 10.17487/RFC7598, July 2015, . 9.2. Informative References [RFC3410] Case, J., Mundy, R., Partain, D., and B. Stewart, "Introduction and Applicability Statements for Internet- Standard Management Framework", RFC 3410, DOI 10.17487/RFC3410, December 2002, . [RFC3414] Blumenthal, U. and B. Wijnen, "User-based Security Model (USM) for version 3 of the Simple Network Management Protocol (SNMPv3)", STD 62, RFC 3414, DOI 10.17487/RFC3414, December 2002, . [RFC3826] Blumenthal, U., Maino, F., and K. McCloghrie, "The Advanced Encryption Standard (AES) Cipher Algorithm in the SNMP User-based Security Model", RFC 3826, DOI 10.17487/RFC3826, June 2004, . [RFC5591] Harrington, D. and W. Hardaker, "Transport Security Model for the Simple Network Management Protocol (SNMP)", STD 78, RFC 5591, DOI 10.17487/RFC5591, June 2009, . [RFC5592] Harrington, D., Salowey, J., and W. Hardaker, "Secure Shell Transport Model for the Simple Network Management Protocol (SNMP)", RFC 5592, DOI 10.17487/RFC5592, June 2009, . Fu, et al. Expires May 19, 2018 [Page 14] Internet-Draft draft-ietf-softwire-map-mib-12 November 2017 [RFC6353] Hardaker, W., "Transport Layer Security (TLS) Transport Model for the Simple Network Management Protocol (SNMP)", STD 78, RFC 6353, DOI 10.17487/RFC6353, July 2011, . [RFC7991] Hoffman, P., "The "xml2rfc" Version 3 Vocabulary", RFC 7991, DOI 10.17487/RFC7991, December 2016, . Authors' Addresses Yu Fu CNNIC No.4 South 4th Street, Zhongguancun Beijing 100190 P.R. China Email: fuyu@cnnic.cn Sheng Jiang Huawei Technologies Co., Ltd Q14, Huawei Campus, No.156 Beiqing Road Hai-Dian District, Beijing, 100095 P.R. China Email: jiangsheng@huawei.com Bing Liu Huawei Technologies Co., Ltd Q14, Huawei Campus, No.156 Beiqing Road Hai-Dian District, Beijing, 100095 P.R. China Email: leo.liubing@huawei.com Jiang Dong Tsinghua University Department of Computer Science, Tsinghua University Beijing 100084 P.R. China Email: knight.dongjiang@gmail.com Fu, et al. Expires May 19, 2018 [Page 15] Internet-Draft draft-ietf-softwire-map-mib-12 November 2017 Yuchi Chen Tsinghua University Department of Computer Science, Tsinghua University Beijing 100084 P.R. China Email: flashfoxmx@gmail.com Fu, et al. Expires May 19, 2018 [Page 16]