From 9044d0b00a56e97e642e7a6d2fd46787641fac9a Mon Sep 17 00:00:00 2001 From: Yi Wang Date: Wed, 8 Apr 2020 09:07:28 +0800 Subject: [PATCH] Add a document about StarlingX IPv6 deployment This document introduces a method to make StarlingX IPv6 deployment based on a NAT64/DNS64 gateway. In this document, * Brief the challenge of StarlingX IPv6 deployment * Introduce the infrastructure of the experimental setup * Introduce how to setup a NAT64/DNS64 gateway * Explain the special operations during StarlingX IPv6 provisioning Made clerical edits for RST formatting and grammar. Change-Id: I1a43ce19ed438dc094ed7d79c96fa71bfbc66a02 Co-Authored-By: Yan Chen Signed-off-by: Yi Wang Signed-off-by: MCamp859 --- .../r2_release/ipv6_note.txt | 6 +- .../r3_release/ipv6_note.txt | 6 +- .../r4_release/ipv6_note.txt | 6 +- .../figures/nat64_dns64.png | Bin 0 -> 46619 bytes .../figures/stx_nat64_dns64_diagram.png | Bin 0 -> 41119 bytes doc/source/developer_resources/index.rst | 1 + .../stx_ipv6_deployment.rst | 619 ++++++++++++++++++ 7 files changed, 635 insertions(+), 3 deletions(-) create mode 100644 doc/source/developer_resources/figures/nat64_dns64.png create mode 100644 doc/source/developer_resources/figures/stx_nat64_dns64_diagram.png create mode 100644 doc/source/developer_resources/stx_ipv6_deployment.rst diff --git a/doc/source/deploy_install_guides/r2_release/ipv6_note.txt b/doc/source/deploy_install_guides/r2_release/ipv6_note.txt index 4187fd7f6..1605f30f1 100644 --- a/doc/source/deploy_install_guides/r2_release/ipv6_note.txt +++ b/doc/source/deploy_install_guides/r2_release/ipv6_note.txt @@ -7,4 +7,8 @@ * Not all external servers are reachable via IPv6 addresses (for example Docker registries). Depending on your infrastructure, it may be necessary - to deploy a NAT64/DNS64 gateway to translate the IPv4 addresses to IPv6. \ No newline at end of file + to deploy a NAT64/DNS64 gateway to translate the IPv4 addresses to IPv6. + + * Refer to the :doc:`/../developer_resources/stx_ipv6_deployment` guide + for details on how to deploy a NAT64/DNS64 gateway to use StarlingX + with IPv6. diff --git a/doc/source/deploy_install_guides/r3_release/ipv6_note.txt b/doc/source/deploy_install_guides/r3_release/ipv6_note.txt index 4187fd7f6..1605f30f1 100644 --- a/doc/source/deploy_install_guides/r3_release/ipv6_note.txt +++ b/doc/source/deploy_install_guides/r3_release/ipv6_note.txt @@ -7,4 +7,8 @@ * Not all external servers are reachable via IPv6 addresses (for example Docker registries). Depending on your infrastructure, it may be necessary - to deploy a NAT64/DNS64 gateway to translate the IPv4 addresses to IPv6. \ No newline at end of file + to deploy a NAT64/DNS64 gateway to translate the IPv4 addresses to IPv6. + + * Refer to the :doc:`/../developer_resources/stx_ipv6_deployment` guide + for details on how to deploy a NAT64/DNS64 gateway to use StarlingX + with IPv6. diff --git a/doc/source/deploy_install_guides/r4_release/ipv6_note.txt b/doc/source/deploy_install_guides/r4_release/ipv6_note.txt index 4187fd7f6..1605f30f1 100644 --- a/doc/source/deploy_install_guides/r4_release/ipv6_note.txt +++ b/doc/source/deploy_install_guides/r4_release/ipv6_note.txt @@ -7,4 +7,8 @@ * Not all external servers are reachable via IPv6 addresses (for example Docker registries). Depending on your infrastructure, it may be necessary - to deploy a NAT64/DNS64 gateway to translate the IPv4 addresses to IPv6. \ No newline at end of file + to deploy a NAT64/DNS64 gateway to translate the IPv4 addresses to IPv6. + + * Refer to the :doc:`/../developer_resources/stx_ipv6_deployment` guide + for details on how to deploy a NAT64/DNS64 gateway to use StarlingX + with IPv6. diff --git a/doc/source/developer_resources/figures/nat64_dns64.png b/doc/source/developer_resources/figures/nat64_dns64.png new file mode 100644 index 0000000000000000000000000000000000000000..b82780661120815a1b82f097523e8043bbc6dc2d GIT binary patch literal 46619 zcmdSAWmKF`&^ zC)@z|f#jwxD+&5OLa`0}f?_41Bmn}|e8#*pK?QzCcb3z21A%b5pT3cLol49>poVIB zsD!4s(SAF6hQ{RL<73c$*5hfANI;gc-7CF@n5j7}J3EKUNn4_Zsi_}TtSq)_5*BJM z5~zewT@;HHX>rwyfMqYsV3Qa9;qiEql6~fq3~6|Y{oz>M@wtyq2Q6-!8yl9(Nq=t7 zBc>P9-BK48+(vG*{0>?k|8yb&Mgd;}Xb_zLUWii#!=C;3Djtm*@!t#38WN2Ee_r{3 z{(twj918RdT)o9jrY+n+E&k&B%GzH+83fjDg15RZYu;!e5H$y(G8q0g)! z6B0Edhho+nzGyb3hH(>?O&=Pqc~NRVG^=myk;kcb9uMwov3Z@iUwdU*PShg;%Bg2Q zg6IYF(Jk>1E#9Gl=&+y^$+R_!J}VQX5|Z{F*{dXdOoKSQa*g!p$>*Tp@uK(`>yU{D zt$rCb{xHH|SePr_FZIBYC0`buh!VjuCYzEGZwZb@=Q)D_Gt5UM?X78@bZfL)!&VST zJdk+?qW4MFAnB}5%=*>UACMd=jGsvspLN|rjA)st@FX=m9X-4?qh7Bj^chH8SM95G zJ*mm-);OQ=`w-awJ}px{3yDU{W^kVpUjUw?4!FfY!pyq&p2|zf zZvuY1vl&0Hsas`r%^XbK@=QFk^UVo6HZbohf*#W=W0Ax1K%fDN+~7j7D_w|b&;Z`J zc^Qm2CoPc|b3XKcjf672-Np_40-MR^3g?l01*u+UqgWqZp{Y{($-G`v>4 zxO-+PKBWQa`rxBd?}n~MY6Lav)1D`=<)Z@D^ncb)zBsw~WRdXny+bIcqGJFC8>jjFU4`e2e>CZOb917&3oeMsNG#)4?6KbP#^M>hlUom?G;B+W4X`+#x_~WY7uo2n{}SB-BSWS(#7bh zn;IzpRTIocS9Fpl-$@sK;X3zX@C{aM-)@16 zLR!Lvcx(*V&i{=9;M`ZRy$_)^VoE>=$kC}F@bQl%24AXyO-Gh)`W{#SM@}TP2eV=B zKi7YjCL)Fz93BFDrV6W;J=`S-)CQ&oOb+M&yZc5C=auXm(p@$*Ha0ev6oo$~4SEiI z>5Gn5n2n8%Cs80Kr~kR-V5mNIy{j~7Q`_#7kc9&sjxg zvwho*yakx_|7S!z{tJ{0<>Fa;t@6otnGJfCJ*K&7qS>EC*C*(4ZQfS?a%@VPQvwrBC`H8nIGGjl1uA*JIet|X0>DO8sy zr(Z3WpCb@O1r=gKpH_v*tM6l`GUKj~B(XC4!R77sAJ>@P)fydEU{?8KM|B`3!~g6O zzeaerDlrgTH>sEMqz?lIJyI{{e8yk`u5;>VSNDM|t))Co(lnV%;lQWXh69sEWds)^ z3;SiNfIwq_!$NHw9g868QM`T+hFefllGMSTDtZjdx->0CzR$`bAW*#G=nFmN*napn48C}&1DWeTl=#n_7q65p4019O>ECFSl_Dxa0i4hO!c|nysJ4fXXa_t zk#Bp8kF)F+!t@QP+)Y~QgawGGS-F@%9l#*LIRlcFTCWMCfBg6{b4bL3h8!ZkV27VS z*0(q`H344L89*qo(v&aOKF*M}CY9?^6-Qm-Z5&->t02Z5wJO5Z9>U z%E7Qy=D^NuuF81aZOOF9oa$WUQ1ek73imk)2OYjlLEaK#Lx>l+)# zy$Z-A$|t{6LmTVsn+@2L`r#k-td>*HR|=Nju7kl_rXO*>b+6=@F=@H!2~0MUTGOD3 z!v`^0s{1;1o$RNU!?-*-FKY5@!=kD9rdU%b?+k!N+izZUWTA-~Cw6(xOnWL@{?c>9TtwG) z%!V5X6G{*WZ(@90^0y3XAhWIwL{+I+lSN+t^qep6-O9PIZi>?AG!4n07>p#A_{&{) zLBX;+)_5Cg1U(K>uZM@n-j6A39(9_YAi%C1Lgtq*m13u+v^>G4b+cExJz>oQQ@iKh zWMve<+OfKyv$j=y{cb(jI7{j^F&v<=0jbv%i zno>-q@4EV|=|+zA@ouTBQHQmj+&;*<*ZOk7@$L6ikQ@a*^?<16RX$@DtLA}P|L4^t zkrKFNK;Bko@f2_n}t!It{s440Gf}n1=?&?qET^AprYR5Ewtayqg|ycbLYb97 z= zL@g5a^M}e>4QWAHWOPF!$G{fNIAhQ%mVJ{MUnpi7DM{ps7e_el5|P z{bTMqm{crHgPXTS&j2jKtEp4nfkzxuSmLDXD@=89fi@Lr;M=H>N`Mm?cCS;>%6RuI znJu~1LoidXl6_}zk1NEMn5C-ZU*6+jS;W_oalr$5U7pz9=MbZJK-@DhuzXfLQHo$1 z7i!~6k0tVS_f7V<IJ`R=;LPz8x!*l$>=5`%lVTWLaz6BE8lUr=}uY zVCXY22lBV{bPqwwls0d6(Ro#DS&{?y>o^h`BoGF1eFO=ALAs`0{!5)t&TgQ|auk?% z?y57t+%IOuq`1>MalTySWZu~PU+4hxuZ_1(bS#^+)r8>BWLl|{wcWkPg0?w>1r=xP z`2vaih$6J!{o}#{LOPTjO)P;*xi|@`Q8k_F$ki)!9 zLKJPqM{Ry)aZX$Fc;}l7jwaO4?^q&HjvW2P(S&40gYfyN`AJzQ z5Sb9y<_CWY7ZB8T^x6zrJ4X-u0$;Rs5);1ANte`Pm*_FGAr|U49_Ymbu5u&>kp-w1p`%qap{w{8uh-i7=$E>(wRTNOF{}E>lf3 zE+oa$GwY&M$IMLrqOb1b+(W`0C8Mh{B{WJOJFBAm>Al@u)rDYBAC^@`koGf2Q)d#HWock_xSI$y}z$FkCPiwP9Zm zFB$eWU=t`Fn3H^^Rz4{+le-}0>-l3juLDj}EO#5d6E9{O1jrn8LH0t}7!@RkJ;mI! zd3rpN^X3H#vSwpa%)}$<4o`2j4Eqmami=-K0A;3yoZGmy7~JuI0N!4jHDFPwT2mX3E!5z-pFE`EJx^9*E;H${=P;fF5%C1;1cJADH@)%U)O=rvTB zM3ryKwxKzT-DfKj0Fky0WVA*|Abhmp6%hQVIhPI3H+6^6aM&iYU}PfM`)7n4_6yI- zG+b~|K=Cj3uv<&0L9plVE9e&_P$5|!CGnNNo2%DR{OHNIn zpHb5S;gJ-n(*xlgl4YoH%Y_5&c5IqBjHAk?e`YABK`AcwS`1tKqqATpMntGBMj#mo z4>jzUY9gg3HDb0<^A9;5$$~XI=S;cCn=fzrSoJE2yR(qvUlh*OqJ#fH==~W{gSk-h z5y3;Dztll;7)9^tzgPexku%jnOd0>ofgM~hL!xF@aDvgmyc=@}P@n$E*_Tm5 zM*T*T9t2vW@_bdAeDF>ZUWZKn_L&kTD4FU%2tM%P&CvwNc{ECbUTnp+#eV|E@x z&OxNeZi(3pE}=ljczSBYHURxgpbRqwi;l%zWCFy&iIIdElcRS$OosmfT~`2p&JUv9 zj78|bLfMV|i0KsXLXDuAk>Yb-v8$WKdLE`+yy|A;;jy5nRW*GoKmRK}0+fut7n^=2 zCWZ}S3cL&K%t4C8)y$d`Ue#Hb;Vac-+4mH>p$@@PFM=q~Df#qU^Vl}%eQ6~%pX5n$ zUs!i_8D8iBKu=)W)+jxf;*dBoYL0*P6FI=ZE(9fmfTdpp4WT7Z-d3ht-D(F8bu|R$ zc^+zAfGvEAC;B;_iTftUz%+QbkG*H))LCiAJlNbEo940oo`VXW6Hx-*{5gV9D5|~% zSX;VZwhbq~&PTyM^T^9(DkzvFd4b)8N|TOX-sO*dh&PQFE#yET9F3A4Sczi>*Co?1 zL4Abo^eR1=hU2FbIVCx-;&xtyW1F=f(U+8ZX*K z?U`U^oB}A&5Jac49m6l+1+b;*-5zdY5Fr?tjHVDV^5#fSP_D>sPAIuuPekvkNjt&z zrqpKM34GgKeZ)c`pu#oZ>fHJ?j;3tqiy}8Irlq{1m``+TR6=?H0WVV$t8?0%rFncIse$NAK-Y zCnDdxyJ?5uw9zMe=b60->G~TERZsRE@VlsWnmGguvg z=!uE^J9kM;nc(eA0~f;lOrc6?(>^LA)PKm%gdhIV+0`YGn28)9c3WN~&!su{br8Cu zZ8rTm6*Bj8=-=*JXNWlmOmIF(X(vEVCZwguVEnBag^9@{Hb3BS%2yx-ta1Gb`CaXF zjB<@=eunQ86ueoV=5;9u2{omX!gFcbglY8go=cBuSBTYx65icsL^#~1^1e^Gn>zOm z%og|juo!X`m6!JdDolzsXU{i<5!WgVN~T+D>|l7Dy5Aw`n36wh$}yc-`o^90TeY0u zyp0ryvzlIC-!arLCX*XgX?wdhHo7WymyIdKJl~+6SZy08*qzUopueF}-IucyXXzayvAs0B;)2yL|hj9c?niZIcEOfxAm!4=^knRVn~m znWz$aOj6x`J66J6?hnW?{GAqI;K zCq5pC9!tPMB37GJNYp40>aj*DSVG99X#sHbGSQFbmK7co>wa3h!y?h;ZKOqmT@Zv({vJPmTA_Dnvb!y?sW*+#DxYLX9tQ zQBG1gNc>>6Ef*2GY_|L`oRuXuKX#5^>kRWA$r-FR-HS1HhKyu67MT);;UlZ!@MH^V zt5vesA7hxIkq=k*2N5$EeFYFC47}dNv$LIzl2&7AGubRAQw}82P889z)Io4)1g1T&zt(NQmc(Az0K0CRO5A!z4 z!H`x9ce-Gv20PiMLbWQs^RE_qyX%bkT~)t|){0T}roR8X zWW2c%!k6>nB2#-yl4(vNZ$i+cGLyqZM4qYm@up)t>Gp;F4I;Go!9Z$1L4~SxYsp6C zQW@{~E^m5wdv55%n;Cw83e+VTqh?$?WRSww7?Q`unXUP@CK=YZ(j<1T|DI!8<+a~r zm7xHc7nNkvcMn?4JJ;Lh)iYb8Q57QQKko__Yz2gz-r5@pO1sU;L*dd~l;0~8_ht5E ztR=?iT0g-2R=^%^WAdH}gnVjbZyMeoE_>KsGc9LmyS;j_2;<=Ss^31cn&h|dS2VFy zEF=NPL>hNIal&`8T-)m-z=+8EkS+~mw1S24$f}M$C>=Us`2Ia=2K(_yHO(s(1~GeT zZIFG|sB`XE5h&wTAn!>dz}%l$Sj)-ei((?kNc@d|?CEzQy%)T|?xKx3mfjwqLF*|l zc{VIfKP#<11ML^LegD3t&T>q)W47Im@^sn0!8X*Y-6Q5B)!p>xOR))bh*4jCeSLhU z5Jg;Qz##*Wg^RaiH)_*yTbnsr@0sQm=33HshvrTV#N~`nO%ZW^BoGlkY3ao} zV^m?-O=~u_(ap%}QOge8*|XeRrpXG0S>2X(KJ80+e!q=bdgaHL;>a63%FON)_!ig^ zZ6Yyy+>SBcLQzr8cke=GvZLjHB_xxp9~K;)>ABzVqK9D z*)>!d7yEZ4AzGAyatrurXEI#*@MZ#XihdefWNVIk&HkwRy=xaOQtb`o1MEmPsUWp! z!$2CQ+t&IfjKPqdq;N%po3*HPq7viKW` zpafhImn9^st<9f$8lr4m%VbLi66bsIJPa*45{;GVOna7*JYd7NoRD{u14=pkhRj{O z&4|ON1qj$IDSDM(9&?;c=13SyEAr*e;wZR|Vw}M?^%au_mYEQ+R||#4h6WjJ(jgDj z!1D20-~^JDd{y+Jzn?v^iy@k-2KH8YKhV{58hbVCEi3sH|ElrJPjz;(&)efp&wK59 zh4c1jxBEJuY$R%$uhc5vwyM=(6*!RkssU!iEdKWKyTFwVNL)Z7+IPr2ty#HSNXw?D z_s%jwCLf%T=mOJ7-0zT#mEuP~q_UkZeC> zb!GUhbZE1m?>lvVF2J~*UmTWlU*V7?{=(bse#1-Uy&8*w@(Y0~-oSJJZ)5fTN2tZj zGi##f>uxtBLX-hD1kg4L=N5yOpkng_=)&gd*fcjOmbWf0$fB<&=JCS2jhtoDbdkA6 zr}nhEvV&&M`Xl|bW!{KvM8dXABGV8p{h%v1t;kn`W87q`S=C=WQlkiWX#8nXM=HD6G>>1;z>B`wg z7stn`f-jABP{16o_4M^i?Q@sQzkiR*PO)&MLjYTstNODGiAjGX+iB5H)o^c>=yzP| z21RAbcXX5y3we0y-H;-Q40`QI=115dJGml!c`i?*d~)9l_iB?NC5_0XCBX#ZS4{_k z3crqL?2m5t8c(uf5dKcO95A{0heDVC>P-95He-qQ*qZmi$?n4EtqNb~@$1#WR7vu9`J8ev{oIdKivRz$S-O!sI z!iwb3Zx@e!u=io_;Zvam;5~tScPey#iDxG=I$5 zH~Nb#_X}Dz$s(p^9&G9@eE3^F;TdNlw)ATa>#se2;~mFw5_E^o_a7ZX>Ndww_Qz@% z$Ezsp+-S^k)P|%Jm5g`d$vMGZ%6q=ulVUA9zdMZr&N-|u+6*CxtUnJcFVElp>1%DE zJ*XtT{aePl$fpu`J=#UXNP;bRI*DoZ_7l1IwEnf!84l`cvUA65# z5Si)y$tcS{K}Pqg2P7WPQ))D?NMnE7yVs0-fi*QY0;$DzqtAgWpky|>T-meVW915) z^xvX-kJe>1W#cSL!=gbc^#GdR@xJLK{V4h_6JVQVFMx`a81?|U;3hq;-S;iG&Cfw+ z`Q?s2M`h)K4deda47hBQDmU_c3Z zm~^xMo4iU(mBqC~+u2!KSSanY_3x*wBOg|akR<%NT6@T?iqh?FUAYFxIzi1#^JTT5 z3qTp8GMF3&O6DfvFmmT7Cq86a59v1R&D*!tZ?EG$YaC`x_ZI!#F-(sW`7BdCm{f2Q z72J9IeI&ni2`-~#OO(wc%=#b7c@gy$Wa^~ z0`fcKth?{w=0Iqbr(D#AlUss7E;OfDjfNFoe5@=^;HE6sMg!|r8Sb^u@3c&CiPGK` zsqYZTElU@ws||OlgoXY(7@jW#XKseVlE_8w{~14?#S9WkJIwSMaK0BY zHO0AFY~bc~`MRp(;zT)B_;NG5((l;!&rxSJP|N#!mrcs z%3-D1r@Iw?zbwwhGB$C7esjR+5cktZ8GijN$wTKYQKqssm&h}Kv=L%RKm4{uQF~dF z+jtnd>UJ@?yZh&)&J{K7BQ=6YU@Lv#@}s}+B9R!y(dXTaq-@6}&V7T)F1K5fy)^!R zH|6Y){Y2V^mzN|=fq}z^f#*rD^qxP?p7!t4A&RHt1TNHzn*ndY@AG)i^1f(b=3O+u z-`65Kr%%YB#L%`=$$4pDPllxLpoZ<8^m369D~K{cgv#jt+IrwDp{F|Zb(ZS&?@)J8 zTgbs9>O^{F*ugHl11iPCMknKc?^VS751j%}?)RORn5lRR^B%K(mmlh0bL_g$u8Vc- zon%+|9eZV|9K49S`o>8&8-)U;kn8)PDEk|lA(B%%vHj*9AoPMLgYjML?q@S%_{V_y z8EUP1DQmbkqBv~QwlD@m^L0d&4m_eSHX%m3twGCUq>Ph;vcq&|%ZQsW;CXEOL9v+k z9x@YX@Knuh4U|52=1rQi1Ri>7wd4!dDeu00e$Q&0;99=RyO8uFYJBz_|fXT~Qv zp86+^pK5Jl8~>#|ssQ(S*z>TE7Vo{Yh66YI2IP=a33)P?HCB;*f$f;?6;e-OPY~#el(#iH*)R({`mb$eJ5?QU-3}q|{08@G5+Nb;f+O6LE z+In7>D&sGDUuc7t6|k0_8g$r6^{}`;f3q+Yb(NV2I1w@pH)IJwxMS9Dx?Y2Vk-)`r z2JqK$e)NM1k_Z{0Gb(vx`RX%GF8xX^u9KN7|&P`LA4x$nc3UkPnZX9WFx$$V)80U!TnUJT&&15gwD(q}$R_`m@Y zpMCbi{m3w`xT{Pl1WKGYs>D}Y94uNuESrLA<`Mx##_es+X9!RVVGi%jb5Ab zRbBy3XBDYMl-`Apx0lN|t%{wu#!ZhWXuH1mG=IfKPaN@&Kk}N%RT1FA`1_ux`RfpX zK%{ss7=Uoc0U|9t|GB}NvG%;fp|Yib z<(9mO$Ma8juOr%Bk)p1^r@0r9Ebd2Q7!6`6>a$<3*pBgy zMBVYvmI=Q59S-19aCj_n^keAYT&YtN+i{Pw`YS?6hZvbO<9Xak)&!Q~Hz33SajD!u zMBS2n7pdOY>r^Y&vy?p~kzJFIR6Goa2$ z(92x^sA4+5yx#HKkIg!g?|Wy%$G$H5Y{mc;cBY<};b5nI#8&{3T&dh~wUq5UEL zkK!FgFjitXET&6nC8}MD$~0*HlAR9BSguS%jS!dA*H2d{tko-|C8S6GZ)RK&1R;li zWqRxR(U%=Fd_~J&1}%RU2n~H!JkN{5PQG+XsI``=rxmSFc!?R=X*1d3u;65hu7*TE zi)Y3sI_A8Tj){j=k!hUz7ZU>O1p&%L7!i;NARqoT6LST)?kD5&SR#5&eoe`?(H)u5ZLy9j-M597o&}*+seyvoY_9!-`>^!m}kymw8q47N> zRqIW)c|x+;^$6MU*eY7e4sWFL*iAWZ={MwI2a?B3ua`hBCYNi$vJOb|6Owa6{ksMq zb!uFClG?L$j^~Vp&0fKX=@1w1&2U7fnHvD_mQ$Zt)r2nCHWcODfr3vYSP_S;!d$+E zzTzBu2=@Sq304Y4j@0$HUme)wPa<1K&X4ceJ zt;Sg5{Gh{j{XptwQUPrq9=HykPLmO2jTn{aacnA{%H%BPdHXg$3XKkVy~-N$@GC|o z!@fjcr{Tis@ha@{6fGZ>z~y8+8943`&a`)cU?^MeQ-O4bM`*5OM)q@1@QXg)KhH-d zt?SXsh=j^*8!7+FlEdCa;O*(+uOa4fC|*tT#tgXF!M6R{T za?{q|0ZzJ!?WgM!Q1YDVzkU1mbOJrT9@c8`9ob$M2}FpqmS!2#a1(Dkk(*SjqGQS1 zsJZ>SD&@yjFzVd?t*v?M*G&ew;qBmz<7~0%IpQ7WtRNzl`#Gm--$9HP^ECvYyp~Qsj-Cx6m^lKJaDc#yhx4-N z;HycbdZ5nF1$g7m8bLMqsl)bWQ(=n4cVb{(8u>Ld<+IXsdd} zzR6EtI0Q3d0-{`S@hRv_^{jn8_ZX-q zFWG=B%DIoj4#&p5opl z`=%GL$)3@v%0#RTD3sJA)TsZ++VYToTOeHrR-hqQy9mApiJzvYL1Pfo{xlrd; zRx0JH(goIWqJsgzAzuj)M6GzE=kx4T!X-MT_8&wQg6xGgTa{e==YN?AmHmAgm5GKU zOK|TIJ;&Q>XU>+6b*UDcpXt>O?Uun{Db#W+!>&q2*Z5)O-%O?-n1QP=*=H09n zQuunXNWDgB1Fw+UVBc48;QQ686_kyi;Z%! zJ}Vo=JdLpQbEyzApYKqa3^H=%82Su2+;c?{U2ikD>T7>;!$QK}qzIGh))Jpr2|$TC zZ<$t(q6SvA<)z&W6HAbbhv{p7npMQfOaN#dcrQxfCObP$J`Xa2Vdv@(kbF=Vdel`! zy^3!fr=UKkF;+YfyaG zV)|?e@U^$|vfCsb>*6JwP38$u(?0y+I3_bP%N@hZvqhyT-{ls}%7|%N>32)55!D~5 z09B&OGdx^DvmQf@#?I4AJC4VLP@^V4MiC;{V-yG)q~r8DTT9vh^j}C>{71kBtW4$9 ze-oQg(fq#^kwEZ|=1HF>mhpx6op^Qj(1;>6WzTG)`L|CR?`>yEj-T$f((%Il!Gf#Y zl)-jX?)sBwvYYnucAML++0}w~o1qynlJ8MTp-J>>#}fSoj;qMxqv*8T-%KfQucSI3 z`;*=p`uM}8mikqCu0^$)xljQ;jJNE2pROgTKPqrK8gQ?lKL`{h z-XTB!lK<7&bN1$MBjlCm%rRF(O13PXbYaghYRbzj`x4#RGNiLxa=&vVo@3T@>eaNU zr+tedNq}u$>dGhehbMr<)m2xhmw7E*Q|CB8V_)@pi0z(|!EZOs1%J*!EpO2~7|{t29&zZ%UaUV5>zq0fqhR)%e;cr4({7O3nnY?{sox ze;w~Du_Mz>V}pzKM+mc(8=VBiQCHO0>r#;mpQvhCv)$A2X_wx!5K(!93jVos(T#^^ z#=`)|2LzsgSau*0AZY>jvnedomJSspoQWkc2325*wAEi@#Lg6>X9_OslH`2p)IRAd=!I z^O?I|wGaD^1QFP4#4LVZ+#V3yayZ*#O?BI8=LS5LV8dtNo@HtZ9#T3<0}@@<2HF_Rf7vqeFfL z7rbbxl7mYbYKR6Qa+e>^O2zK?u1aLdi`|8|?s8KFA5TsW@2B-I4SP4_@;X?s!9g42 z0ZB`mn){dn-X0A=;JIzJkvPUThN~$6^}v~Swr5{R=~2>J@OIxXfys8_{T|uvWI(~ z^0jI&McHW_H-dTOOYAU4xPb|x&+pQ)Fvm%KVGuP$2ADZDA_{;2fS?aJQl>Neo<zxsTUeeG2!tms0z@dk<=2z=@UGZcyaX#_7W9S>QSW+xdLGa+Z zU|)v!pyZ#wR%u3=SL!s2 z5u*G=)#d>_Tb>-*mxy~%Rn7jA-Mf+Q0teqiX=MXWbezdytk3)CR`gGyaNM%a#6U70 z`{}cSv@@;uTK{<;wtS@Y{X?Uel#>{yowkaj#e_-V(%SuAw{S*BS0hVedC}fY5{}fz z^6P_Ykmlg07R%n9kFx>IjQp$6fJv^?+OhdoBm9>_S&!Qfx>C4WuX2b?foC`X&q(I= zbQ*+VH>@oHX)MeU5zD%i4J;kgch1#aa$jM$`k`9AFDICre(eZqSxOkEb?{S)3%&s4 z9JR5%s{#cd_>3G3PU)vLq*;~`|D@Xn=}pG&#|K;jB3#gw7&IVNfWV#-kl0Un8-~rz zYoL|3Kv-Rsg?A$(o3xNt&ZV< z#>oQ_W3Qr~9Z_wq|DGQZAo#+a39#He{lgm_yP7wVqB<=}?ssPu+H?acj}hYEMwyfQA}FB3ZZP*cTCL_p?;$pS?9e(Eua69cS_AlpYgDfI#O6s5{(Rob z^OK~p59xT4GO28Q7iz)+7fOZZCd-1ZIQbU)7-KTsm%?Zes)rPZgjLewZ1Lw0snJ>d z_bBqFmjfgOfRA2vs)xdp_UZ~7Dz^=ehGsFp7fo?t-5}1+x2eOS6bv}x%15{N-@18+ zile&czf7@FG1NF?06~T7EZFqY@{3XVBx2hn9=v5xJ8ORjb*Dz8g>e_4==)pzd#7FR z-KTLazhSh(KB)Vl)#TKb;oF3=KR8w22PNa38(21u7B_Uy1i)^luWDHld%G{#2iei# zvds4=T-6*s5p6QX**Q7Xmvl%XK`W+icKZMP=V!ls&_xZfcrs7`GxFoJcn!H;rQfUe z{!)m4OPL=%j1v;FA8sZ`Z~2Qwx}pA?`d(U221DZ|leSIs!yLHcbE7XUn&z*gwgAmo zWQ7X@26sz|XAhaN5Ii}pd^CE9uYH1HOc#;`bDNJfTd}9-qxUL}M+c|g)~>v^`kh7( zP8DES>E*shNvJkKnok&Xhp@@w?3uV}vZQpc{7XfmmSRd7fMQJY zLzWg6J~^sKLCi9u2r3_CgjTXhrYMx_odm~?Et1vVsXMYIeP!lN?|)>&n4sRKDEjPb z%y);0VH|${D`HI__I4O17%6?L(mk9^W&0&@-{=NCT;9Y=(pc9$8Nw@gkK!^@;c=N| zM_LX4s{H4W@WnR&v_;#yum>V^O{<^M;-!)dW_7dfbKMKotCZC)=$uR#ef$8ocMqi> zA7+k&r4L)S8~srUo++S5Ncvg*?GaiNTF{kpxBup5kWkn|>{2>92v+DW;Esd2L8(yE zx*?2+6>gzBp}7XxwW2~dI{n;!CfU!lQ!DFo5D8e{q8WU0>x@8dY&x5=`40L=;3kDd z+pgLhj<**7<;xe8T`Zto3aD134qAws)aq55D+28mT+z#i#ge=U1Xz$Pfv?$7v|W>? zT@-?ZCxS}{L12Y}AUH?Qc5U@X6llhw8w5Ht)pNo|ivYte!@&ZPk45+?Yj^4pgh}lP zTgnklih#nWi|#&^#-wnoUM0MkjA(DO(+K8P<*|f}>h_V89r5rS3Lq1&X_aG$2Lf>+ z8}0$>oInTz-f_jRc?W#9)bJ9h{g+ZTa> z;rsG`YViH{4Q0L{Wo@+DASve-N5J3v877hOaD{FE(f#)X@f+?Uoo zHK{AU?>C`~PlE%=z>C!33Ya4Lyg?Q;L*M5H-86v~4AA9qiWd~gxDE~u*S_im|9v2k z{D*|W2=I>W@q1?Q3k+e`@^Mh=r(9}uuuCi{OGc*kv6z#pBafX>~`LjzbliuAPb{8Rl8Cy z%BB|F_G^3>T1F5HV52*zT6dsD%d2lf^lO2m7t&pS-W~A7k(tPTzU38?e2}$2luxns zWVZ%d3XB9{1e$7U9uWzzL7+kuKlQrG%2#)seRPOMY#nP)u;#TllxfaI{kZ8_@vugF}G5vM#e%eAb&!*tSZQM{oalHKvAk*~Rw;6?Oq zU$Z?Z%14XUM5CK8#dY)`?NCQin3}&#Or>5jFnG*TYiYt?0HH{0DcioG4(?N zxUP?3v+xXWYsBGOhfHsm#80h{2r=)`bxnu$OM%{71dLw-a^RT?z0?3jX8@kF z7D~(acdnh@H%Vb3fw?U~Ul}fN?ReNuU|3-W^B$TWz&E{Smj-)1X}lqw9Dj$*a6RHh zAWpVOsthHXWd#HER}f`8fH45sCF-E&Z+c4D^!GaHI`A~{rq+f}FvTH$g9YinXnuX4 z8UG@jyuj-fOu$0B2E7>iKgRtZ-mC?@8c1f+{n#oKD?F+DCF%iBjei}2Fi0R;udXNI zVlDUsZXn^`PuQx7ZjctJ&7=zNrmB3mgLHNUapWO8J^9TG)KtI>i2e7-+9A>~{_-`b zn+^i@#i>-~v`VMYU!q`8MT zDn#eQ#+mCYtP>6I`Wk4%!FDmO=0YMcxIG`xrWOd{M8tR_ss_7Bn=x&s7CF6aoc-=QhvpEBouX z0wufp=N#XK{C{jx+y~QNUlwHG(;y`8>3n1>O4b=51+ku-Py_P|3QF!4J#M|^V54en zy^VH(j1PXHEDRjb9j>>%jeNqb;PKZhc>4~Uu4$4wbxh?7b?GP!p$2lSZ+1S;EU`qO z81Q{gYLJ32x@`;6z6cm#W7=G>*Xq{M1z=4)9IsM#BK%oE2(p2B|GQ7PkD2b2!{E zHjF|*yIGw))#Y6y{GO8zL8>6EBIhbAht`7C=aU=X1L3k{staFdwqakD7G_nt66}WE zsO@1N>nE_2(lq4VtGNGJzvRZ(`qUTI>|W$9WzuIL43+YX;q3GDjb}fW&H#E3P{%!y z#pTDz+M1zbqX26EcS1m>pXY?cB(Wx)QB{bd7-uoW6-QP6u&PB59r{rm4$WA28)2Eg z7XrpQePIXMa7)^v+pLxGi;K^?<65Hl(qU+2!5+2l_VSjAOQUyIb!H?cerS_n7J`1@ zlZ=ple$CO-(cvw1M{ym>#C)m5!kMstMs0|X@4^B(z1`sj6qy*8fkxgV}@6D-@V{ft*Qbw{j#gP>!dpkMycI4(`yk9f7b5F@l`ilBolY#8|j56(dry7kJa+X^kCDk|_` z**vY{{#|u80zUn#tD&2>^X{^&7GL2LVZI%q6Bz)pAdZD|TJlJmihZWdSTFO_B2og)dNZY?r_PW!i?vW)?mzDkYmz*K zftlIda8g6`TaDqJZVp`SuLbl2c%eKz_88Nd=Xu#XYs<|1(N2^@n1uEy?yU7Kb{)x( zyCcmE!}pys9c$>unLXtn7G=z!w3x~T%UC2UWe{Is{lO=&xrC0}ZT8*MkyTwz#Y9E` z(0M9EoJ~GBWuSeXEmFc5usXvDJu6fM7qcZC$Zc`DvK{HmUSiyyTdE2|R*fv_Z8AlA z+669rb)xkZA|B1|C(_?x5f#s1$NG_N-jhLB-n>6vlNi-`5m((+_J4n1eCoegeGR16 zQ?0-X036ibK(#*f5ta4hQY=LY>Q}!?|H#;~9eP_H_XX^F-*pL8TZ`j z3yRAOlr+gzXAcy4K;n98L_kCEKk{AI6#{l$3Ff#_bE;b)@i+PN^#{n~mv{;IxC!Z9 z9UT|#z-3gf-FpExBu`I|_;)}zMv%{pJ`2*b0|fL2U@KEdo?0ZC17cL}qZ@w!tTnFH zB@O}K%C{#Wyt;&1D*%Tt<0ruFDbnFN`e!?QSpfX@Pl@y#R>|EgYD=aUb4*kk~ z2t+rRGOo9xAoEo9rqecto0yo;-V6uH5tziTqGI@;%e(=DLlt_B#-a2eHl`s5GElXn zr|dtquU+0H5WDJpqjIX&DvAf1t0FR>K1vY)iS5Iz^2_1*(He(aS-tu^Z0#tZ);LG6 z{r7##`We8H0e}htpPXTq_j^U7dz@NKD$X!E0=3YeXaA@aG%OCGLRtmT%2|Z7|Tzy`=u@aYttX!CNcd#9}dB zdiQbKIhXoN2o}UVI&M_%CDNzs(x1j0fGGd+y>zK^YCC@sLJ^i{iapI*07EOdHJ=7% z#t=Po3T^mb_5sP>d=G#DO1Z07*IdddhNp*IuBgR>@xWXgWUY?74Z;gCM{&mVI* z0(`DSav=B6yGOgza1~@~4Mj#9oLZ$~47b#ZsN(BGsR~dH^?-Xs&%F`SX9-8#7CUCGVKxYrU?zQNvPu11c+nVf0zJQrK z&&F__;H?ILg9=i=f<3R=t=3r6h6i|8pzNy0WnM+16N(}MB(-#{1Sn~NhAmp=ABaCw zZh%N5HRgvK7|N-)G64$uw=R)~6q4RZ;FbW=_W%BevD>y9B!gZ7gaj$%07wEekMq&4 zE93^dCYYuZEV44TA|K`m^MNlycnL#9=Pxi>pE4$Vh3PIBnwf3;G=tzf3e;pEuOcf? zOgn7_wQLD)hS$}J#VREufAxa}dcu9ll}*3T%%%G7^Y5`yN!#k$?y>@1pBx9Lwx5XW zU^UZ4U&pduA+S*iqI7k3*8ir*pn8)=7{F_wvYYF92r6+$M|NPzyzTh8dZ2G$&}=Gn zi7fSfIOW{&l2nCeRrmCE-m^2XMT&Tnp?xD!;%E^Wc?$0yE9S^YdyjP@oDf{6Z82 zg!`UX2#nsAkb(6B<|@Ir&m-&i=}0e_IB!QKfwLS8zg6&yzx>Q^nJI_~!Qy^6$PRWx z5+eX5+CkM7TVg}=2=bq=%S=3Y75U=z0a%f5x47DJ040t6F*uRcimbq=X19Ip-o)G^ zcm$i9dEdrIu*48^1|D^tE5uy)9!hTzsNF8J7Xtfkt4f&i9Qb3x)q#NlIqmibly+tW z!Ln>XDSG8Eh;xiK#U5KPA59ayg}Y1Us1+sUsnC|#8yOu_2)i-NI(FaBA5ItT)cNfLNkO z;D069%l)*vf^~Q8NTn=9LR^MTnEn7{cTr54S!&II2nvHvR!JlQrjHYT5=z+KYCxqo{alJUZF_u=Lm z=9<=_;+6ads-ArAVCQSm2G%5fbYPZcw)<1sUHkT`g(ktmVQzJ6ezZC7DnS+57&AXa z4W6seA@B~&Q8l?^EjDvF%Wb0hMKFTwV%#Wxh(m9#g4(JPK#usxKxDl}ZVnHZT_jk# z1J-{(V@ccKiFR?!*z4@N*7egoR@X*m=rY}bh)B|~$8NAU!x^^tvl_Hhqr{)vv zYT1>V^b}xegZOUei893Pj3id@=-FT3#sR7}MbZvxl31{7x|fyZ zMuI~5+!E;WU>xE8n}+?c&xbqqMe^(vd?$2yI^q3~Eg9b-l!qRr*O(`-D7=ZCt?~&E zvL(zXB#vx&kY;(76a$Me=oI6DWC1+4TRAB+i}Phh$F_!j!HeUPwZD^?GU2E;+X-@cO9$m90V7E@ikIeIdP~`E_4I6dYhkI6BkN$%FFB`7E5So`IX-%}((8SM z;DM#HHF{5{bS#V7ce~Ut=42K{25H57HJnLS)GJHM{%G38J99dATY&5oHpyA!s{PYB z&LnlMFPkgKc9fQ?YLk#%h=Wo*YhW429caZVl&;=*zk9RxbXUa+dXFMaqYik*g!Q-| z<-tryn+Yl72|}0B?hko<=GOM+UR;T8c_Pib?;=<)$8XwqeDwFc>nwdH`+0_16=Vj* z-YY1~NKFwO{!xH?X@cabGyoRExo8uenlu)wENbi#Z}zt>KfixE{ghSfqouN<4zxdo zG+gUn(BIL&f3yh_WIRl;ydL_@YMphYl<`32o*JmATcR)!x!{`t@9iiRQw8jclFEH9 z{1F9Dn1C-3L{p(o92o}zLl?- zkcX=$(|B0<+0Z9a%kP;p@jyHjMnAIj=rshDt;I5{#9npKLZvIJP27J(Htm3wk; z%0B5GwJ?py|8g12NNNgq#%^^TM*bfsdVjspfpu)9UcX1EF_& z{0h=nsn8y-XnuX2-pK7Emh@n2Pfl|6@x-AHO4-!=^A9bk+!dsQcpI^HGqLq@oa6Nb z?2-WGQ-%2{EY>V#8nVm%U5u8nsOVSvbNxX5UyvK_3hy>|q=aPA+gZw&Hc`DwM{I3c zxp5i8`p@88Dyws+`T3EV)SUtYFl$pm#=g5~nlzi5uOyNsTAx1C*mxR!c71UV86*@3 zer&#;;3+FiLRpSeXylYdzJhDt+LSWAe4WJQ*^>!jLZ3C6*3~?MKFj4 zxdiOw3fWu_DOW2ZrS5cfjy*YiMYWqiO|FY*Vrkk-K!>D>T4?u*wcH;7js1}S)1Er2<}xoJD)kQ*UDZ)Fj^ z%9^wb>hNPt2*CYY`p9g6e^jKfbmSvtib{In_F>8i5Nbe$>}sM>%$QNqA6kLVC@Rlh zxPJtqeE7PN8b`6RwNf4V=O>?zY77cyB@32=UDAD~?ZYjNBvx)legtbX20#oO8xDEG zUbstHUYDwM>!3rQlRn-lF)p>c$qy9i3`)m<1|W~%>05-aC5PvJ|Ehv)b(jrLNE}5a zQ{7B*mlNiuV#n}o+jP&ik{JhpP$N6%MVW7X2%rX!`8glWL_>G>75C&UF7<8kl0tSZ z^7-;*7)YQ(n>Fy|W$6@>!kr=y#1zzZ6N!eCt(0Qd2>7m<3Z?%IxjcJVVwksF0n<{^ zaSzqhSquV{6Eio=WynfOz$fy@7AVFS0WLsL_zuunXSVmj}ar_eN80)LJ?S zI6y3-ll)I{_SJ)b{LDWup`+{qwgybt@0C@M9riJ_n!Ac+U54`nZ=M?%@JfGE-Q$e& zpd$vkWQ9~vCg8rMh=Y)2Yxtpz1ve*Fdk`LadnnA$Q&|Ipp!Z`me%Dpo3R5!Ayn7Gg8gr!Igf35a~lR+15) z#Pgs2-8||bM%^-plXy{UM_npu%J~DUgUt2yYn{$+9s}#P6z8Wm39kZmvfR+qH806_ z2!vc=ya^FI`FsY9^OK8>YpV|#t`dAYCI&LJvveCoL16t42yx$*&18x?5x4HZLX5o) z7Xf3~T%hHX`jwyNNAJLOl?s04)3CP#Fj110Cq0~nGtLD?A~!Lm9LH?Qm^In(=HMfu zyM6d%Al+gce;gP(Q3i+@$!-@xvXW~q^;zHD2yN_~W*feF?3y2o2WR$6=GFv)UF*Mq zOp|N?;A(wL_ZY)9)NY0ZVEynV@iLCx%%%T4MOC?JliYWGQ>hr8ZeM2p{}E^s-hlXg zjqo+&@$;j1)6U5AmryyzsXG6({hzX8dCV;JHc#8~qdsWKsmcs%v&#BnPHiM3TFr8_-LO-=P&6~=gtP8yt(`JL5HT(qGF%chW3@n7TW zXSNy3_C8n2?}CW>ukSB+U_W&IsXtd+c=@;K?b!!Y?fb9Yv(3fL?OE&u;ZJ%>{CO7# z76>x~pQcfq@aZy_$yNp@x*n;x3muoA7y4}0Td&^dVv1FgzH-%rJjd^{5@%m54=2gd zikRnjpK6CfY!>bEf{#;WE7~8uf;k=fUlgocAY^{poMqlQD*PsbWWlKJ;;!)w)pqw| zk+@d_O|hT6W@AOrp*0yrBCJL{;5NgS9@FuJcPSNZj>b{;-po#`6^I+YT_2&@ix8GwqoFzVirZ|?lvdVmh=bMVeTn;m|fW#J#l5PiYAjT=3vFh5=taA{bt+x0zP$df`!IUT~y z0#8GnylPWoBRT==gst*Z+9hc-KZc||+)TguhzVJ;kR)j$wjr*mYk)QaaHQ>S-;<<( zT2*VUDQ{UxSpaG*VjGQQQu;&Fq@vW|@~gvI3p?V;9wXD77^9BB6ld91mu&9Nz8e|m zk!JlOTw9yj){n?3BSa|w%-$cgsSNefcf&U`=#@!MlJs|h+?i13}mPK2<< z?H(+^86E}=&o%|5&nyPIo;K{_|5X7BBQF+Tikv@9&cp8S=b0-)|1P~ov`IP-Cf(bS z%Lxew9C;ct0&C{Jmnn@3^*`v(Uj}bjJQV%*!#R_G$0IXT`Mdl|&1Fc5HE9%CLWPb_ z-5KlxW`UxaPNIDvP2Fb=`JBR6Mdwb^_RY(C;?s)aTf{2$5#P+RDda_x>f#5xqqWz8 z<5iD;@IL)}lcefqYKY#&9yMo&LiU3UjYO=$TZT&5#OUasT$zjW%?fC6&m=ByFp5Pa z-TC0`TB?3Th&NU<-NOAy_zIVaSw}*Tv1QRWo>sAIrYdQu>^7N?YBx1QO`!~G$XwfSM`wGPVV7I8 zeO)3p^Pv(3p8dowW zBD5GDym8(-wI5F_pet@~T(-bM*1XPW+uPO$+3=VN2!24by=7rs9UAahGo)g~#utL# zFAO(1`5;Ei89^(}=U1p7@{Zb;p|N7C)5UTZxojxa_GT*K&j-6@UZof5BiV-ni_*di zbnb&o)A239fx<8W_vNUDN$@}n{jF=@A(=6Uj{MFcsd(33PGqB&4yJrl6;5Wk8N)pv z7hVdTyd5UH;pTN0{<%7C20CQ$k6L5fP|cyJ;~B+ECiex(T!F>yAi^Yz@H1~s|TD$|_IMyiI>>$H`l_Y0pQN!e4MEdo}NtUT-aaG-* zwfbx_nOaAto0)dI&pg}c?3=mhnx795cWUJVgInepTEL5fs_y|76~aEmd^d5SUrB|@ z;5o4rwQr98%sO)dlI>lCz=ArjOI!?Hbm9{Im-5f${XyM(il>B@7u4=5iqUZ7nVZ#C z`>gVQmevN7D$JAMAgWL~!}8=FB5EP2EPd+hoP<1vkl2*inu(E;_b(sowMrNw^YP}Y z0e*kQ1gBxJ!Hu%5Zmg^G!JMKeOg*=mI*V^*w+g$IJ$ZF3Uhgtp&~W}?CS<>Vv!ZeR zyB4Hvqsasx(n}82fQ~Sq2d>ozitXHPlt>)oxZSm<=nu$c*OmTA*8YpU7tW{B%Dv6k~Exyr^IX^1bJyH?MzKKkLdfVrE#sFbfH1wRXyr4o)Zeg(pHN-Zev2IVoYz4`2GB z+-4^GNLWNxui`snKg0N{KFyRy?kPd_XI)*r1D;{LPl1=lj!NhjhcL>XCjOlQoGqYi zb1Qr^BzVr%cYC@^0jPNrg&?Q@Ld9qIF2rSXj^|tCD_>70Wd?WO$wUw-Yni!C=}+KR z>Mlai7c=}WfrYEV!nZdh-S(wCOXl+`nCo>ai|-u@ad6Ib-gdh#lRDkTy&0H5&FMI0 z#c33&5%Tc%OjY;o{s1u71=oKvaMYhu}JgQV~V z(NsKare;l96~}}Qv!(m`KH`LLX5CQcWm1<1g`U^PlX3$-x$;*@zDd^-E@8(947XCq zs{9;l?IUT>@{$+l+e8)3JN2)B$Juc1xJmFKcc!XWKSi*$Eu6GNJ(pt0>E2j%H;~=f zTz`9@F|yct!{_2vz^=O^#4t#Kc~OkDLaa$}Tyi>~MhMTysdw%f?iV!(S9tb)XJI4t zI6=>8d)s0A&2Y&57?`PDN^|FsL5Kb;OYcvGNv}yxiIFqM0de|Erh7!(fHW8!(M7`P zpw@dEE`8O5_?+sd>fHVFZN83UL4|!J-+QOXhC{mJ@3gr^Y+`}|;wSFr)o1UKj*uU@ zK3t2OgK^cPU#SWf#jRFFbd~(CFD=kTN?hyOA1E(eEK~Q&InTJs0%1|T3efSvpmo-$ zK_yuaK@{58{OtwZ{`xZHo-;5H;WH6eO=|a`wws7^a{iHhA~`l=Fq{k0r(@VX)K>Uy zz~{-kv8@o*u>aM}*=KHlZ6npU(|SSu~~j+^yyu46zvEPrvzDBU(TXg5@d!kvQZ~ zfD~Gj{7*7g_ui87J_^=O^&Zbj7kR3bU7uv7kR8nMVud*RM<;7;c|$o&doeDRyXJt? zYKizPzCl<>&@Sm*N%~X9BZx~|!ZF{>sXo^ecLkyTfctE-4kKm~n~w)C>{mt74Fs9B zFM9z@ah1TRt&{%~B5n6XHLNrotdUH-sCN7*#%nkF?)g76twtJJP%ocn& zZGmr^FkvIhHIVT;b5{+j`d#=yJXdC7de+18Ww`U+&Ba4A?`d5e>96QwtqaJ7t>>!C z?)=$Wf4p~K;!FLXoUFA}H}zR9A4k>PeO+sIT19z8v6>_2oir?21UDlQZk}as+lhba zt-1km(P{C{z>-*mX;aieC?oW0R4_T@yuWe%!QAcZg>8vp5=0ODgD#=%0*z<($J=gY z3}d3ebc*YT_x^QlY~zjSjl~EbuU2c|arH)u<-V+#V$fB%dpVD?MPS znQ~&0=@WyFG_1*}()DZBWR?gM26<<-Pmdhfr9=ZNIr|Kp%KfUDE@vVwnoFtpm&dfd zjC`eq|JL{R`9SfA zE6#sE2_@MX31-e1-0%MVa94Qez!K*%B9Snq7<5Pkkq(oq+X?K;oYNRID|H(}Ds zJ(2XLwwRs*4qba?u!c2<=d3Bd^p&?samStF~}a z?Dl^cXS2~y5*|#%h+F;G(!D^OLjrOxpZikPYr+2wsC_+{tnMs^)%7Q}azYpsN)z*$#RfcUi@6grR%;^C+T(IZGsw5q`v_)~NTisC0zk(>%^xX{~ z)nkS13l3{Jk1EA8_p^hjc%M>I;AJYwc&l3?+BtsjF}&y5_GXIA)JMi{73iHBG2g746wQHR2cG50cQavGWp+-3O3kIJ z%+;$xO)Hs>fro3)fO1(KxSD{t)gmwcF3!epdHb4y2&M1ERqTp`E8g0oGD?C-044vc zgzQU9qCSk+C9&t81vhe5P0}HKbb_DrU8)=LSfQ6Q3$jM$kLh=i99t@~p0b#^vKc z*DR+fX7JvNc=tu!T%}h7H+1>#)vVuUdy<*jEEBh&*1#66xjC2(=+oaLceOFu?_j)| zwbt1ecOggzIXYP< zZFH1`e4+b8ngrfVQO^VU3wF$q*2X3cC6tE{uefJu2m&5nQ4zCCgmqboiqvwlZRt-- zeUPVle{jv$adU}HZ-WZ`!$z0gk(_%?zV{?Ay`fk}9BQYa*X-}F5%JI?c4fKWn|>$! zrtA2m*Tem*@>JBrBur}7UIp$@uCtd^bLaJ9Zh@&OV_z4r=wbw*`d2T_*%5Y>Dz!X( zn@rR0&b3&aXVTtjCQC7P#)oYSJI$1C9x&BLpvgpAY~V#k47F=_w;%xS?|05U8+shKLd$@ z)A5d>>M$gsCfp>ZT;@QXmUKVW3 zL7$I?+YjRs3UDc(cxO(G0L*}Dml%Fg_3232D0L~?lN%q)uoYPJW>o`D?rhTbri1jj zi|w>+C$*Zm48QfhdmdFHBetIyDkI6_SErj8)qvau{$oG(3SZf|PO9D>ejC}aKSO>D zz4*>uU?Vk{RT4TN+kGC{H*a9@zsCkWA5@P)%M4ykQ%c@5mnUpaZs7A;M;vGQ|2rlZ3qxU#&M4ehGATKFvf(5nhCbD~kRXhnI zn|;3@Tf4n^D_t&kX@dX1ox_Nz`pLEy|NnN5Hkj_!@xwtyczxP;?r}=kg-z%3$6nt+ zm6wW_kGnu5sQ3{!;bh_-urV@o_ozlN2qC^%zE%{xu0~ z-oSb&Pb)@Gq2*7O4l2s;pmBVh^cU%`y62|$QoOvVkz#FEl;28*U0zV|(l(njIW@ZC zc$k~bRk+_GTB7H1;ygJaA*E~f@t<}6xq8i@1^BRKtcb;*mq9ZXV*wHjd*i~4CH`mK zkA=PNIZ%RXVGZQ6W`BcSn;6)q9jzBw9Dn^N^HZicUi8F9C{v(~aUq;AsxcdeNI{DX;HTB5rp)CHJu+b#<9{uR#4q)(SN#8&M@hB~hz^WkVkxq;Lrdu5F zBsb)Io%bTx8kLUe96c=}1Mq7LkOua3ktH|nWbe)5 z{wf{`Bw;=pid9Bx1x#gHvp+$pFi4ruk+W8v@WHx&vM)EJ=Ozm6K z4=Vcy(K5$~KqU4^Al5=A&x5c|n?x)})))1ByW5w^e4`LrsaqM{0Nlg)XaF#YUOjon z__+cS*fR{*w$4+bEH>TBnO$Bx75Wst(IwB#DDutTcyByhSF*3?yGzkLm=X( zEgs1jR82bX%>2`}4h?B?QmJuN>wyacw=ogsxn>B~I?uA6+|>I*s(%_7;T;LT^a-)i zQ9jHaJ?laMhROr?$F;*<*SY{L-{|qaJ*Srbr8`|2-Nb#y6jtDmEZsnEsdOaa|9{W}alzRJV9@9$txlRr);h=IqA1|cOq zr@9iW3A~k>&6VNgE9#*5Wo+;{uty_99=ih58y8VQzk~N9G)_)#gMQ1GZgs*I##cGD zu1D*98?_e&K4E$K+|M)KJj(bRlK1)}j5N`iEB?~rM%#~9+Lqy>r_LSWl#AI%cd@BH za;mZaW;Ek7xLca-=)W2uL~n7ElIY3L&7-6n6JulO5&pz9AhGycs&}u%3DhkirK7;O z6j6Ue*p&D>V`DbVH%r?8k&V;mz>^*AR>`F}ar#;G@0Qz?Y>z7r4)Q*9d9p<-nih|s z1Ft=8i==Vqc;vWbMY(%{fM8akxYduvuGG;Dz8J1~VOFpBRtuSx1>kA7d*PGsywDsw zl9w7k)oSeMIDIv?I6XKBRV(my-}c28=b)1Er>J*@X?gn6e`R$Sl+q~}R;1Ha6ii|F z85`MA-O3OgwEe(h!U8+8$i+qpeqpvV7s2)wyM>DqZYpQNXZ!R%Kba6#KX47qo`F;h z?7GO-)gNQC6fO_Ss@v6j)j^S-m3pC^eXC2VO|tpk=RHwky5UVx-*P?L`a*#Iz- zf~AF+r|RlJm6eoYOz)!v&gZZN0#I}*({9Tud3zbl!AC>5%xnDm+176EixXxRbo@Xb zq!m^D{i4m^pxxTOvp!f}bKNw1V%GsUIr(i<}Sin0%5vIuSFutV9c#eLu_5>3ipIbb;5C(*c_$AczO@+d+O}MW?OS{gySTQB5Q{MX zI>owbqd40;RBm!o9MFnvM8rHl%Ikt~?Sw&1H(qQY5%3T}$p^Ez*H{TWTYU$Fs6BKmT-x%=N zs#;h8t1kY+bW`FN-U9y_d}&Xb^A0^OvFCXMrxe8geN5+`Bgh1l+W_85y1lRdC9Ke~ zFDk^>%zK%(9ed$vV1Z7it(c?aN988^`pW`%4s&~MFYq`v#Cm(u#j*QHqH3W(A0LDN zYkV*>q3*DA+!G2*|D8c0$Op{ESajsU^!qb!^I3k?P2zMEJ)F!1UJeIs8gN9bT3_8F zg$grHuyXu&XMn4>w?1v@!7R9@D{Cgz`=wYgiu#rzRe+MT&+|u;YH!TdMc|w+KorgE z(j52wE7Tu5fbePi?sM3A`3f-Z7e~a%uE7BQq=lwEh?$@2;n+OAasyxt_fz0HO zg(jqFyUPJ9m3zJTKW9l^k}A(gnD)m9pK=QvCtS3T?o6Jg_I~m^Bc(zs<+Urf$L|JV z9;?RWRi46rJ#w4vz;U(v2X3{vra4<($TxF*uO#Ss=yk;Ttvb911|?NEri93DR6@)= zmn&SMrzMV1=!NTdogg>uLRjDjWXQ_m%wQ14E=so(kCJE^s9ow@{1hN*oYK*m*>$^g z^%bP?orYPGXLwKkf7inAH=0y5?3Y*|=Z=Qiyv|!THLEzmMcT80@nc$|peNEvwkW=* z@zP7K?B{e&PDY@h{9VOt(3Rs(><6!GAsV%UM7Ga-P?Wxe! z?^eDGleZis(sxyc%*;p0DJqiuXRY*t(l_t~E@u7I4zuD?PG_oViB8HI2so z_~V2L`RrulK~9#>Zbexc^Tlt^2%JWL|zEs+p55{MM$oYe=OAtR1u1d$9wB$#Px;4Mjlw zo6>qQqK!N(&N|tW@+$eoOOjRnf&v}Ewkzf`E7A0lqseRid^Gx+B;HYvFBcyc=~qvW zY}x!}XCysYJ3-m{ruSvI-zF-brF4>hqfYBDzg$(vt_;DGXB6oBXZ3Fl;Y?rfj{nr> z%JLw+tmD$i$-kq1eXF&(=msRq=}xG)d2Kl&uR}4LTnm2jf{aD{rtT%f9*`rk2<>!H zH}ot!=-Yucd3qn^8PV3{&{KV%o=7YnLT`WAqa_*jzPUZXh9 ztKa$Jc)MWNZ)@^la_{KqsGgCLKlZ3S(Dkn}ueLw8Wr-9Q?3CUj=vgg4B^4UlI^Wp+ zeXOrA>BjY|`ZGpH zu2(=TJrEc?ZZPuwOttuWh1ZvREsFKq*@$OC^Gns@XIU<7?cJ#c78j*?rjmzj5Xk8{ z8{$^GCWwg6r?7EgjD&A$!slGXX&tI)zs^7_NpT+#y zZkLorSt7+Nt|M~aIMlpQk_{ZMwjNk1b#2+aKw@{2#j#tP-`l_A*IshaC&R=uO2DZi zW_VfglDlidImmvUSG6d)LB%XP^7K!Jh->S%u&cJ|(Rex&&(KjU;(O!HdAUh_(j{^R zT#6?qCPv1Fv##C1tkkz(1ndki*1B-qqN`^|z%)U|p)PHz6Jj7QPdxedIlH6-^ z2>dwYd|?l9XggEv>8mPskLfkN{6 z!txw%qth9zC|$+2Eb0)Wr4s_}n4y#6!-gsG)v*IxMU(u*q{seR7H5n7Q2)go0~~tZ z0vUvWLRY14 z9VIDnqMYqyn(4GRPrSYHI9K!FsS_n>_fWsll+J7T;fuIZpS;0=)e!LP04ZyN2p;Dsf4(9D2y;S#b1V+H2 zS9$3<&0B~$&0oBzbegJyU>1IJP}8@FyiVsn*ET%agvMoLyj}4R*gil;Haai)R%1z(X2&>RB;+W(}2P4P4%u`bn7+l7(up7O1M!HQRKQ zY_>Z3(2m5z%}!>Cz`Kbtga;#A#(lo`);ih_)XUG~9ZV|FSv&36cyZhoQ~&JN|3RpHGc$5VFqe^G18jxA56?*`P!u;M1Bo*tA0EA{qq zEpC=KiI}&mdDhI32D1g1bQfq#lTi{C#TvrD-E=iR91p)yz1nkoIVD8*cks}Gz*v7p z>rphY6^-8%GCAqXlT^|qA*Vv?TAYl$n9DY_Hi4@ObnTa4b{|L{Sr3CM%hBKS3L=i7 z&>w{XJAa20PolKC+$T21*sd?a^M1bj(+1tHE%-VJ<}?X^XCL8szjJ3rS(60OwR6Vt z-zfaL%wM^$>We;U!x~a>n*WgLxlXwYu*KGs`DV}6L9=Eb>;dk=V&~xZKi3m7%ojB( zSB*KJkvVc?K;UZd#WABowxoAd$h1u0vGo4hYsl$B5#(&0wm>=FmQ4l?Pd3Y4_n!zw z9H4(zlez4EUB1_w+4U^XnCXso-kYG4MG{|`Q`5W&B&(Q{Arj{*2Y>d4i_%?eZ>q6G zvAk_$LorW~ZPxkk8l$jQc|g?+X?r6o0(!cB(zb(R>V8mCr`j#``7gl0_?zw)XR$=PGuqj}{?wyr9Cs+YlbhjjSMW;$9T-neS{A^@vk87(=@=1J==e)z{d1&MQ zzbtWekIFzC0dQ@V(7S4KpDtW3aS_FX=iE68SicWyc6zi=Kwk(4A}WQTwZET2Z;&kpVxf= zHZP`|1zVg*+P%or**3%t79?NDpa**x5eNy)ArqG?4ts>eR^Wp$Cv#+JA$CZ`Ta1t=6L!AvWeXojtzm( zmH|Fo-%Ck~traJZ8uCa*%(#hbjdD0t>8KZ40%al*ReLUF~0Q;0FY)(JFfi^BF7&L?*^~_dusv?BKj6Z z5aAS8UYd7)67WB_0m>mPyfFXl4qe^9b6B<5>(({*BI!0-6$&&CdlAq4WIrB6xgFu8 zu1)J-PUZvSTT!?Habye5x1H&cO&1XhFbj2otA;$k`vML?dzD?J*hlK;0$G>;zW6( z6*Mcp7{2nFwmbyE-<5VP`FtC*hJIXt{P@5bM}4h${;)LfgJf15Mj*1m`6Z+zH92Yv z=-T{xs=tB8r|!I;7=U%<|H?5d$VZ=QD}TK%dD7%C{N2(_9J=4J6}c#z)3{S&fe$gO z_`f^t@TKYZt$kO}c}!aO)ANr5E12UhzS)S!GobC$MwqpDeDIa)lzCwPxSTK!qhA4r z7cyREr0t;xR@dlgnNjrz!d3(16*i$4&>x0OjMr=p=EiEt*H2}j?I#fY0R-uH5X;5M z8n}fPGRte*bUlGS@+jLWTwF{IKv%INrFawm^M%|Rsu9H51 zSH|0Cv+!lT;45+Cdc+W7t9`ANcjt7OTrS=yH#pNZ0Y^<+W;TZHw^x*o>02$kV zL!52OXQ6DOX#NxaIJncG0<%2LRzI3Gyl`x&d$Dxp~#cR?2$ zk+b*%<%KAT(2`0y3UsbaUq9+$j#@`^W*4}%zS4?@jSW!wcRtz}bNZ#s7Feb}u~XebOl*7y^>aMkMM z8;gG!OwM`Wd@iza7ucBcc>?16@d7D+T(llq9U%YU-<&9PgJl96w(|S|sOCPI0$!2{ zlvFhCVnLsLF$H$w+AVG?qh}-IQZ6lV)adp``WAUGu|EON^p|-HUlYS3L&;i|wFW!35? zXg>tmKKO(FbTW+G3ExeEse9OSJ_EU#dEJjYg#;JXv`xU^?_4_S6a;*0c3hMo5uB}g zL)|E0wCh|yr^G4ivo#4`ML3y*fbC43Gl0yPCnRy}|B94v2#YI38}Pa`m726$V9)Eh z?8@nE;gy>iQegJ;FMkJjK>`fm-=G2IsSVDYBb+7PIIZtJLU&N z+5pI&UKo&C-LMhnOQJx78bU`aA2%v#D+8F8_tU)$r2%?w&>l%IW}kXWp{~%y*_o&Q zi-ijwhb>%`^4)1U8aKH(To-xu^KF(()0?>_?>=IsIOfI>>}4i!?6=b>@G(w!gv{Jh zgWIbZqdBlzTsAU`KCX)Mb9^C6iML<-VQ|qNJOOE*KRW4V4Jf-Pt62T}oeCU3N!<5Q zClMukd?2^Vz z70l1S!y(}+O(7?Rd-c>GZR?0v4^*=9^SWO>P{7IQxv|Lvq{v=|nk>kASL6W#qD^-> z-1W$ii{}zjK3n-7cnEG0^1bbxo|;!{w#r65o>fMu^{}eDN&4bfy1<7rQN`%k%;&y) zwHKQBAm}=a>!0-Bn@DhAu4!hI%bwIn_7j+r#waoHO%H{u6oV9+GXt7Vt zSOip(*;yg9R*S!5En=7;zVkt1st!Qv3vBs;`u2DooK@?1u#AHahm?srr|O)usy|tt zPGqq{ZF-6ztxY4#1{fsZgG2DEcvE~clkH%369SZzx2+s@h|C>a+IVl91rUsEIkUt%S38F&HgID~pz1nG-JLq_1 zz;9U!K^3_6;F|Jd_r5EX!b+e~BbJ#0Eyw-=hS&){d6sIGY>R+2%^MxfTkvEU5CiwD zm<(WZ-%oKDb^TOwUXI=!bYV>E)wYfU`io;B9;@}LW$r0aPbBV|d<3*91bag)kLvl< zz_5rkE8^WXqBX7+R8^U2Z4{<$<%ew_rWUINy(kW3#qREgw2v%9u<`iQcy&N30b6nE z@O_X#`0maFczr#^)d0UerkZ1MC*9tSGsFTB->sEFKOMi}09s%A$d&?g9&yJx+U|vO z_B=Qpy53?Zpy7B8b#0R^;E-;2m0T(M#=z|Z@LtJ^sn4j;#wU$uMA?^(La9FFNdNDN zwf)iGS;hj7@7!)Z80e`)U{sU*!`+0>-YS>^IuaSouko2u@xMciB$Uoc)1_BBQ%VQsH#p^umAh|d_k34$F z+0&)kS5WD*J?%VGFD@!tHvhwW@=zZiv=fVO-QtB{(1^AJBwk)AWYf96+`RQX&BVpO zY9e7!I7Z{%jhK)6mFexbKw;UaweB@e#xJ!I2+?T-^!Xy6%0>#JTxEUwd%BV%08G1g zP29iTkIxuD#9tgFVtXoKB6!vx@E(uPK)s2-qQU_4TcD7KKbFT&EjC89O^U5{xw~rm zFW6p699pd@A{)33?lRrKtensDdr|VDfgxtbu%>bRuUGjRiuWxVo7!YY)3)5ig2Y_* zVMDJkT8~01LR{m|t&-%74%R=CjM)CUTl6KxdK=Zf{f5UW$o;)n_R*bq>%J8JgH?n@ zqesy?JTkL0bDebj_}qTK7TSUZeES7o+-ftVd7~r&l<&+}S=o3PWab&$Lr9S<+21#+ z#0lf!?cpHn#!#8SbMhejTM$=26b|APvZ%F7Pp%yOo(gpKVq1($`|o4L1XBJ%emo&p zC@w4q{!dS59T#Quwedv>X_gM@Zb7=GK{}-cDM{%LSsJ7yq@=sM1f)xmMoL<`yWhd* z_j&hEarfSx`<|II=bY>M>a^M&93N&FdMvp;PGF^OOnFDM$J7~ucvgfv;*qy}Lj)18-TcD`eV0j1iC{FHDwCeSta`-6#8dV&fW;NzcY0#|aN+lG z@i*1po$|-bv_o@X`aOgg`z&i z#opnuJ9yV zRT*o6p_4*`+zm)2b=>Z;%7cJk6258(DiA83{|X9=Sr@Wnq3?ja8I-c(6x;U?-#?Zo z3M)@Q!Dvw&lu8Ej>GxL0>m;21qo2^C+^_H`Vq+hYO(VBUobc5ra4KwmZ zHE8RqF?}RNAc$>6fNm9wX744jv;9`h@pc_f&-tW;n-X5z1rFzlK<&l5_?1tusNZ9} zZnrt>^*xBrO}-N)Z1tG-O>wF|p9npA*{6JCejt)OJR?5Ncg1T>Y{7QF62Ttl_weiC z7IWMofIH@M4!cpC_xbJ&CDgC&AU(PrADBU$ZIv&0YoC>3D1OO=3zbUSMofu>VyosW z%3_DYxZ;(km8!Rj9OFQB=X$G%Eh!g@^qvhRd%z*B&YQtH92j)Nt^)3(rk_^5WPJUJ+tZuMYWo z@jSKn4JUh1H0!a7tGkM6Xr_V9yZ}~XiqL`8^8TOHdVe`&M zi|(Ue^qx_vLa;I#UJ0B*D(f}S?_vau;+`z8NqVzSwh@JKJt_zQR@;{frCJ&Tsti(z z?9T8{Jb;6t%-T%<2X@S`My{9nAm0+BEpOCqF`RZaWOQG>=#_CwazD9~q2OoT?R>o& zF;kLW&}wHt9@#@8n!#zYJ$-@{bshdQgU@Y`K)rp&OKi)zsbJVp_T@~#4aPCvHsz;} zeIA}%lt?3eF54K9RfyS-qdMTMoN zLux_LtAJng)I5$LCB<&?k485%Df(vgqWq9a$oG)y-nsDnr))0Eif$Rt(KKSjCxE*p zro-@k^4Jrk>~#+`XV&*s+arOD64FuIV$=AuRQPnAnz->dSL~>|U$7ZQuw9ey?1_7(Cl?ax=JPkJui5uxPbg80Q=AGS7HKmb zKdSu4{p6RRt=|sWL2dyyGPXlkt*^#``HOBqGFZ39WJ&FHtW_(*C3t3HDT0R)^kKTh z8!*Z_>{R^IpflX-{f9`51R(KfpJpWVSW{az~^W{@%XXXM0b^AfvO&cMv;d%Nih`(&Mi(--Y!+}PGsMn5WpN!C2`mM%p|JTq1 z-=pnf9f>9uvcb_6J=0j=+SCv2evJ&=K$P}yVH1oVk<;9vdfvrB8BlUxXlh)>{`Wms zh2+Jm*TSyymo|jpn(u zH2jH$dc(02K1LI8E;~d@3%o-j zTE5(Vbw!EfvsYgx&$i~%)d@=NKZJbk%zcpYsR7pJ)2f3+)|fm9;*$fuwtJg8C3M4v z=YNt)W^PFbabOm9qz!MqXhl1XEx*4q4wVS*Tg}q{`9m*qjrAG;rcGQFljqH>qEn0T z$F{0tD5Te1-k& ztILmGekar@&CU20dU7v70if$NXJxOYn3vV82^jucY%O?Duor4D8Rxc$=U7V4n^a9q z1{rpLe&T$p1LGnAa=}d9!#Vr*)}vmM7NL_{!Oz;Q!aj2aMrCgr&8>6TC(y6OD{Up} z98OCUoRaK`xtUM5V)$F|55_*F)mfcQ$;(%ojPFOA+hkth8dWR|*{&@remv=FUpU&= zo-?l~=L2jB%Cf_2$n%S!EHELUCX8;wk60A`q%VYxIA(DS9k5>}GpP zWeoG)p5CNaG&uvLMh`e(Ds`98@^hsBKAA>|^#tpzakW@x~) z%5me<)YKG6UR2s>>FCIXD%rUy#)^0WQdswJ&{U++v*EqxMw!4aiYki1l zZYy%U|3mm)l18lQc-k!DVtfKp?~gYEmc3dj${ALy1?~E6ZritYUd5Qo$?Z{7Vke^4 zu8Sdy8l|(n4c_CyrtGDo!nppqp}Q%ZH$Cl-_=$s?hsN~{QTOwy407_TXNtOgB1*1G z0{0^aegb<^(f#|2*I^X2Py)&18*0N< z=l)dwlEj6?G|d|6qe9y~hYS95eCh$$>+Dx!-0KJJcN{~xr{bne21>`?bt=TJTBbNiFg3W``h?08k z;FMluv{VGK6v_Hf(X)b#)`_d6;Ui_W1%+Y7IzGn6w|`K*7L{Cm2i)#!PPmiQ@`lah zLU#(zW_pD6k{x$FZiZoVQX0GK;z}doCT- zVb^PMnK5oqeQaUau=Crnj~9+c^E(711`T@qhbx5h3|-s%0l+Y{3(1L-W|Bdk(yY4b zCMaY7VH*aU^p55%nG6@n&O^CteAHzz2!$6#yXU9G7NXz^SdEj*M3Zq7q5%c}-45vK zKeNBUNUJ_?Z3>4PRT$O!YQIx2x$|6IvS-@NnGuX?A^v5nq1*REr`=p; zazZK<(WfQjuV35W{(cWZUMKda0>&;125lkczRe0{f_C}n2|7;+A;~gSD>mPPj+7s^ z5=;Cl@6x>h%%jHlUJ|fG?q)FWL+(X6Zz)r{OuAD2^4|ItFs^uA1GI`2kG8w4jGTN7 zm;F8-W!fm+NCVAtyQ1^IR!W07`V!92q~SF+Y4yFplw~5UqqUe&zV(&W9I`z9+YZ>Y zAia=Oa{NTvj}~wXe)=BqB-%1E{H)!$|A7ruyAHZk_doKyM0W;yX=x&*-|?T}Fw69J zK4QB%bG}Fl!AO~l@JmZd-jViQ?9CO7TJ|5a;tzfEIPrDsLTCSW-HWuiOTuNuVYeSl ziiBZ5S8;Fir~ZOqLM2kaR=G&9L#sM}<#6c=>HXinAujn7qLg>8*Yp)4TpoW?Mi=e! zudFd=hQC@H)S4pLJ{pMv`vGkY8^OD?5^+4Gy5m2X`#HL|fO`^IY?VSoN`5!-DR)(W zI$m^~rleoz1$1#{FV6Ixc7=5bzG5yZMSt#|tCtn0!IGwUK9;bVY;0+ejPsI`Uc}WM z)J1Z6qd&r3Z66h?j6t_TuceF>hh>gY^O4<3QGK zdN?^JhY&8OFk*CoFW22vkPweEM;PBDc+J=JC3f*NNU08Tu7Q3Dbi}8cG4x7lgj|** zpbj%`F|r9HrNKWJFP3kgp7zz+(j`@_e<*YNvC`_KWtY)pGbeLWVtJqYv-ejbnSP^h zLj~i9>|uV}8Ko3{J6KlMk^Wv$a5?+w&P<7D899|<>EXMOpzN-vrWVp6npdP+aB2aA zRk`(`8Ofh-AwQk1+_nnN zk>>YxIId7LomG7!rtq1Fdkqs>A*jJ!B z+^!mEo?=x#taDrjm|m>|hNJ=6xrgLY?3|B+0j30|8aJ0M83Fg0g8@aqFADjfpJa?2 z6bR-s?Apwh*6?77o55_8EPvjNI^I9YTYQt1%a037dR`;~wR$ExO*~&%Od@DMWN}hI zc1tP%gnc^}<4FrZ6zO(XqxUh~-77sloV4EBveXPmPQvtqCe<5ZroeB^^v>|6H(`Ur zrU_##KB zYNWZ3?R#V}pPdw`DXVs8v^gK-@&@VscIcyx1g&Z;<4J;aqqz&dT7hO9B7U?nVc64C zm4Dcuur$y$mrz!-P7UOXXg@zbaPUzT|Eu^aicNuz zd8K8svCQ*M+zv*VRJmJNQo?-5>w%XXTC%~6Y0_Sxn6BCt$pYU_B*=X-lOmiPLx z{24;#QBxtwmzonRGG z_U{`X>evO`K>7E!YQGhqT}P>e6<8e#(@DezkOngqyTfki;)45^irr0%Kj>f!KAE4* z)pT4_7?7qu|ERe)1KI#x0*g~7=fz@vpFHMi#Jt8eQMQu?tok*CfiPw z${mulHRq(0FH3_Ol1>PP`k^CRGrQSR3?$s<^`6f>WIPo!Q z;=wYSloHy1<4LIh32(6zN8}0UThiwyYBRTU(!q5|hEX4X{hfjBfYaZpJMs?A@wwou z`JQ*`)>R+)>t-AOzW!Bf(UVY%rQrbtFIN}$%+3WZtyIe3#PS%Tf3>x_0}>4NoL|JB zdc}PmMO$b_smOi`(k4ZW%BtwC52D!7<1mW-&$ro#Yb38oz9>^af4*kmXb(cU5e{R^ z-EvH+egU9kCIl(Tp`i!69xjs&Id9msJ{+9NHpvh%7^bAAZoxAg64c{ngj!UnroEDS z>NSVa5zLo607Jq&-=5rgtX7o$`io|0{Jgc&q^BMX$ZP@YpW9K+y}+_M^tKb3vVFg{ zhDxVJ9h#Lp(e%24xb}40sy8UsDl{F`>NpO@MTFeeRPRI4%EKvXq7+N1zi$hr3_MVx z6hAYwaP*}p`evrUTT6M4L=YE&V%&0DJO7-@25B}LkyqUclf~>tMCPvc?%)l;upA8s zwsG?^$}wU+j^irzDVOH%f``>I)_w>3)$bQe_PD$DbSnUXL`Bl_r>(}*X%inGEbTAn zJi(!1D2HF@bT!yaGm*4=gD~lAt>QG>2);U^;qW-b}HMQFjP zgU6EKHTbPCN_3(Gn;oLO{tk)PCv+c;MuTjE)<$>v=|!?;ms~ffu7r~QdT>67cMEht zMlDA{7H?4e(gJSXl!=$3fCzu2DPD{BG@k)WyJ05pLKTAr6jC+JhI8jRHB;Up#|FK08=3`p~Lr1{?? zXA-tFh$WAI_N-E%!Y4m-*Ch9)nH!6Zd5B-bbTzbvxNQL|)`^BBTh0z$wL54rkoIqZ z1Hs0{3r7q16}2X$g@t$UzyX4U5}Gk)0rcQBRV4?Clgt)X znyN=}t*`H@{nItFW6ZNR4M}3TB_;W_`5WhB@OvExO+PUDW=y)N zl9i0aV^~Q`F*F;IF0^$MqvFBwb4f~wiopKB_x<|sKjA)jEY$Ru`Fbjyn`hUZei5%# z!`!1ME3CEZl;`#LK&e`WWVk8xjCeBh@}8y3NRcsmn)_u*vH0tH%>q(!CEF26@9CB{Tz$aD=QwMKY|g-x+c`@u zo=Ryg6HKi!b~J}ZAg(EPy*}Ub>LX3>Q_%C?P`6h>BfXitFOI1m#}hX&FvvQWLapi2 zkkqe!#!EEhj6B07iKyMv70>p=&Ex5QxxgCcGk#nt?-fTIS4UFE(jc`YtJ< z?SefjGUiv$SA1iCBgYA29IJ?M6Ghi}%Ristx|q1VpiSUK1sE##{el~bRqSK_Bze5~ zPBxs)@FC!Njg$EnKzc%cOS!n5fo#cWc?m65+s=X)p5RnX9>|X-i(sNteIPhb-9rf1 z>@I4{jpKs73-1G?LMq@Kx_$!sRd(kZ?17p_Ti>C_08@Bz=M&|e>!CdoSYDhR1Q^sx z8i|>L_&-~smvV6b!1!+)e^M<^!1Hp8nu58g`elQ~#EjqT$QN58Fl%jJDWYvf;&GBh< z<^C;f@`0tZ;eni2)Zh0cfaxTyjouZGLn`Na!KwBJ&352muZX+BogQ#PwLqnL`(n6h{5W6NrNtC+R$A^4rN=5%gOjTk3`>rma zqO7?VBHooVASNaAG5S41b+~j60|`_nN2-pWo0!`=u-OzV%g{oXXQ1OGP8Zkkzk+JDRaOUUFpS#$`~ZWni!`7x0C zeAC6mRTV}jbbhbcKFiU1KGHE#wspGbj4J_S?`qMkp@;2O(ERqX1+ac367$IUL{s~Cm9;9mp`vKjbH8h{XZR0K1)%fIU0%0{{< zfIxztGJ>f;QM4a8FpCX8((c9R zjO}B;$FN9!>|1@611Rg!j~<>B?`msn84~0pXiKd{8B9kQFd+TZ00ao>M*|!xQy1b- zh_Dqrs3k5EWDWXgNp6amGYV2ep*N_PLHyBxon?Uv!wB~`!hfG_1X8Z= z6eJ*Gc5g8)0rJ3?7?;Ge6`=64m7x%dzWCBmb&ujv%Wz9cH;7p5%Eb*H3W78`yA@b$ zH)VjC$RpigEl|x4dg0lsQP~MR{AXbBN_lF_>ut3DUCWtFId2Rj&>>irx@B~q!!j6n z$I023(ZrzAj*0?N38_MTZa)1jgSN zP)sy%32q8=%xG57B6`%o>aVRGa%2JrVa%M~F+iK&I#;oA72da0A~~C{ys8T zJ0GYeP%WrQR?IHJA532%z=^%;kd{C4Y`t}kRiC0#f`0<{NgCLYN4PP#ga4tE4O(Hg zpMAr_@PE>AaKVfl4lDqDn=cvNp!9`lc}DTR+Dx{i*5E1gCp_0`R4cxOV^9Nk4A}d3 zyj?1I{UnqR^RC&vhDf5Qal!6%68NHX>}oYWt`Kk#{tz_9f^pF0GPX&~27w|`Zr-{! z>08yMFp=b`=@2VZJ&oa1D!`G*fp9p>s~pL$(*Pg)epYaIZ*x!O%|Tm-1PX9|0@o7H z0(Tv}G{#kYVA?SO$AQ)U9dG>|KgxnsS~?-2HLCx-#8s4|5ppCk8M5RzZ)8N6M#ab( z?JK{~mK;E|DAO7Om_eS(Bs7p;ZD0KL>xme=H9=oZDr61&eE+K&sm4>PuMEJ4mDY(- zdf2v3R}NejFMTFq08RGx80+#~X*CWRHVJoQ|KQB@*0Jg}B7(6^CuPh~GCLUq4MZf_odIx=hqmbNO!kO=v^%ilK@b`FS_Gsd_+-(U zloaW3(!~i)zT;qV7s3paZO+SWOkhL$`H_XWm>exFXKInLYhmg~&U|cR-IlE$dXJ)Vn zV@cirI9T#?-C100&Q39*04ErY^3QS|N0IRTd|*{_4p5!Si6dvF2LAov^9Y#I2SQeO zKC3*bw$kY@?2E9**}sO~7^!c;^2N0%dp61g=>OjFWSdAut4<8w51T{!s@gYPJ01mWoy@ z)YlAJXe6^tQWjhiSSwy(079;YM&8sPI1IyD9|khmbdNcpUjK3?Mtz_$tY{syCvk|^6H)p=*yQ*)CF$>2R8}&neWNp_iS3kVQ+8E~Yk^3f9fsj4l2sb4u zoIu@39BAa0lQ0u7BZGB72!6pi$LJ)*u`G1w>Lyy572{oQi3deJ4U70`o)aM^K>UN= z68qrSlOBZhDw;ay^D%w}Z0YIGI?c>dI>A#cGg?+xK?<>)q{q7XnVo6AP*+;5;GfIR z=GDO;szY!8P%r@)5CvYLWN^d=MBtlq%$7=$g?1;frvlx~=K$wYG(k6E#qH(CYJh$m z24PUze4fuNXFdR*zUDljxZx_my3R6GxuaRHt1H^%eqFBIBD1qbFGj3VG(5=R+x$aJ z!kq?G+^OQz8Q6i7#wo!sZ0EN{e{*2^&(KwKpJ{lGX~In&b-JhAS|t0!2WZJky)4Tp zW;pLjmK))hrhDc2u^vYyE++Of!%HvxjB_rz2_TM^fj9Wn_tROa;4|y%(8OlMl7l?>JJ{rrHE+C9t|YI% zn^Y|o{p89z*3VKIIl~q;Ad7L;Yq}U#dYt?-u&Uf_ncwP>|-d*Ijhu+ic?fVUb3HIZ=oluYMC43d|^47444MG|{A%m#6 zzhS{=%0am@H!vPc8Dof9tI#MJ3jjxm^78UG7=n8|doK)JMnrPhB2a zfbTSedjOc8bbu6NPK}eW@xhBxqEE5s<0>MA;X~m!H3r-Pp8dp^U`H(OInDT1fYSM+ zRV!f1yz0%NrPh0}r4j{~PZarQqPj8VkDA8u0p95z2wt)Qele@YJphCV0$M~irdcVS zTh7%MD+B#6MKsK)GVRq6!T6PmA=H9R{Lvdd9)Fi#Jko%K1U%=>yZytjcY!iQrw!PV zDC$@}p}xvb01_crbTI#L9|J`Qga&Emt5N~;p{mwN1n~G_z~v`AjP*sWn0}2vjGLUf zNUL~*i3kHCHZAcR<#J`Cz_R2m5l>ZftjBl~0*MRO{}jkx^s#CPNq`STUbsAc23$aG zI}itqTIR{tXlCLgDZdGXtArcQNCRt6PJ4L;!>IlI8Q|Oj-tMmf=sF!FA9BEIfpRrK zUgeDgqUDC;^9!nXklJ}LE))bRS&1-`_{WPe0M8`~(U^opIYAU3Md6DV=y%bGh>w4H z2F9L@g51omczjDJPY{y$rekQW7?{dKAYni<;X#e{tkO-+iiUGPQ5>Qb7eaS}f>94TX4Ds?Ot>ld5Oyw*h zHie-eiopnhp)VC{l>oTbVI1n?)w)3?1qD^@4Ytlyp@Nll!`v!Ha0>flWW3Vx_C@7i z@0yuNHxPtDV1vEbzVNc&mp_2wHQ096zr8>FGKE%EZ&*N} z1q#E1!LDc({NSx{OxSYDMS-~wuj|}%52Re+d}JIQKm<7eerb>rz-*aBaSP#q?wa;! zmu)_PjTu1zS2S5V^8}LzZ#HjQ@7KYFH5YM^__AXYfX(E>11b=XM(G@gL#YJg$Cg+h zgIVCg;UZwbh|D|*weg38b&QOSb^b!2&;*t*6OVh3d&CVT5JX)z;y$!eguFNc`Sik>GV7vBYd;~ z{)rgX^!a~Jq9b6?n8H47IyZNcFUFk5v@T_rmt!bneY62j5qP_p65zB+=fuKmmuV3! zJ*%u0t<|>qqC5M`x{ zKhJ;DW)1!L00h{yyv_+AMBe!O^cNdo{{b)({U`tc literal 0 HcmV?d00001 diff --git a/doc/source/developer_resources/figures/stx_nat64_dns64_diagram.png b/doc/source/developer_resources/figures/stx_nat64_dns64_diagram.png new file mode 100644 index 0000000000000000000000000000000000000000..41a9c4803dd6b018176526c437674b00edc383bc GIT binary patch literal 41119 zcmd43XH=6*7ck24h=?dCA~k>t(t8acA_{~eAiWb6=~5z1x`K$bAR?f23^g?Aok&M| zsM00$-g~KP6uQjd^v9}tt?GIkQYjF^pp^MC$^W@b08oft;7HO zqscD)IRQbUkb;b~<}2gni|3BI1*y+{uDN`nGi_lEom1{)=cMK0s)uZ4X>|tCANZLU@iS2#uB&t$NS@e=++j;ejuln=my63TWZUc4*0?Fcdp;Vtg0SsO)d#jP58Z@6rZuY zNrx_!geEYCnE{(;|asFR7e z%Dv8rRR!bnd#(imer{xe{R+9%%9*9SgS{ymuwKY4j7H^D84 z3vZ*!?*N>$AHgTou*2h%TXX`3pN%a%`E571;Af?& z4qJ0-l5+e!@ZwV>d~kj)%Ct+B>Y*7L9w|qu9;$YE!0|b1oMHX6y5tCD+raX+CMNJ)Ad0YEbs@bpSWA9)T5p^025j=o%zKbiq1CH(gRgJ zd$@KUsMTxlwq0JZ+ZW)Frh$|20w&rr6X}Il$M1}Iy&1Ddcy9i<&iG>ZIQqO=0IG>f zXZt!HBL+N%Yp?NkJs@azx<1NkSGrhF?;o`n%myA865!ar2Lq32sz7^t*WdwV!~=}| zY6gH~I=nK#;5KnrY8nqE`wjFGpApb`#kZx~*dF-U;XCF)pO)qgay8>j*7HWVE%&HN zih~p)`1tXW7|qu+FJ?hful9QWaJQQSs#SMt)IFwBT>6T-Af^!EeCS5q8y%67 z=adJ36#D(ii*W&-X_{9Q5Ac2vu;k#*hVAw*@B(!ys4Fl@=Bnn?guCl+&g&mT@TA@M z1#>=4w#@XeH)s)iEzB7FctftZ?ND$(61I_+{8*1!AvyoW)IIVqAkbXl!B0rt1%KjvisN)E5ZPGez zp?~}WkNu)r+T~sbHAbR{2v!_p=+S;l- z$Z$)aWFxr9I(G7S!}mP#_MddzdyO}VyEl(XDiWmdtkROhJ+su3Zw|KmqCG59&Bi?( z3pdA~RMf->ikqcH8*3SF%G0;|{xoM+nq$=`g8z^p&fjKmogW3n-tn#lOk!5Il=65^ z1=b{T)vL`3k;{-(9*t40NIK#9ZD!A#$(-YF4E4q>lbN>8NngEXFcZ3ZFC)jB!PWCi zKVC8TZh>`dKW@5pVqHp$)bs3D)Q_-DysMs*Ip$-L+4W>Uz$Ak2LN}2QV6H&+#9w)y z$J8f4BeE&ddH^0pOmQujTJ)RC)15|&4~6w=@F(-xY4=(mzox9TTHz{pbN7?w=Ec@Q z#{-~6Db>Yk6XOuhAXXCgAPy3)%*06eC#Nuf7s<`ya;Yyncz}-uflaabE2fc8Ft;|i z>;w)wV?;I$IY{jHdhbUnKQQwc)BuYgPGtZo-JA%wqdq$q#Ke&s6(|Bek+ks&4-bUa z$FXL+m55R{HNN6KLIu}}<}6MPjUSt>?&I%y-CKOt<4W+rt~_;e(o&y&!uOcW2@=6o zZqh`$pUH5J;F0fCUoZcZmp*<{E^yI5ekni*U(?tF1)MVNzP(Y$fqzo{5aOru&BJmM z1O~DDFdDoF32p-KzdXB#TVNdb+yEwjZv%xt^Z;da^=cM^z-*kQyjKn+;AN9*Vi22g*ka7xfte(5bV99prfO+sgN~yHI>a} zAb8ars=~9^&Cbom)z;pwz@`PHX!A$@pESD2(Ni+BF95A4RnU%}?!0_T3CyU>c^=Cx@BVwf4h@OBH`_qr+pDV|Rf{emiee?l~T@tFUWT+iTc;mndGv zzH7!oUH-+GX4>Y!%IzJA-RrPx$C|jgJSy*32+y7-hXb1c)KgWr`AY~2tjYA=@h@EC zG$(h)T2{J)c|H;r&xE{vurR^2x$0rBhDIh9bQ6^{HFL-lSFjM2eo9p zhGRF89hYywcyq49%%|cvmGY?$f@apNMhk$5e3sRbG@#OGJ!{ebV3y zOFC|@Wm=h0O6ESKfg|e{lEE;ns?y2EG>yMfk!pv`r`_EW-$X4781(PTBo&9yNjZ-1pan^SxXx#Lzf)rooK|H2tJ$CW*6 zHad^y3CU^O4L}KoLj&I%%L4@D=5-*F?mJ6K5B(30tAVpkzdV#@;t!m7)$jce7-1#5 z{mC~JE{!Tc;^OMnWVRmQ*lvp`VsI9@14aQG@WDuIFE&Q-5&Bi9>x+zy1o74D-?|eQBx9YJp zKp$jy0SBI;n2{X}gG=>TJ+x24PdLO3v*a?-hzeN`ktv3XTOk)F6EmhVniR%#V&er6 zj_&}&up|Mf_dnSHc-R?R(K6=m9vxS(*IA?qPU%YZKMO&jW-gY3`*Om@44ptweN2jRHWY{rW0P=`TdkNed4uSvJ3XT;NH zwGoZKO}>J8GC!ma<=aluh^_t~812~4?JdnwOj?*B->l#1n#e6nPwP$Tg=pkartyO9 zt3Ch;gnWdGyFV`gnwxRS{~6BRwq(&dG{BAyeHV$0HA$~#8zPIR|H4#>7OF>%l#?nT$|?{0UH&su0n9XuCh78Z**9S>_Z>o!d%T$069z9gBG!z6AQT|Hp> zi;>PsI14)bf+4G#bGypH6CKq#=lVpQI{nG^eF~j_15noVw49#nGQHSZtd~uNYW8%Sl>Z9KPXRRQG^sNp4nd3bG0Aw3rR>+HJ+Zpxr%zVM`BroR68)2 zIGZc|Gi0fDA|x;pjN)?T2}e=Q{#V9&ftL1H>OaJcmD<&e9Gb`0B58AMzh|Zg(jU*~ zN|Hz%E?75iUo=Y+8IcJJ;HFV#UBBU|beu6F^z+^s!WLh1n942@_o;^nn{Jzizw_8l z?#_i;-3R_4RUS}?ejMc0X~}-D6#ki`K~t{>P7Dj@WAP^O=6xUSr$(}%AU2a8)skMN zK5*M`8%K>+Ak-kCG`quteRtz$jlHYS4IQTR^`0ow?!}1D9W5vE2Xp#-d?Sv7S`UNj zu`20gJEShs^V94-PIK<#nwVtR#k6m5*~Pq6NNh|GFR?LQCAyR7cHv(F{>_jKG*2D| zn)NatE<+P4B8ODZRUYs`%~(`uad~n-I5pPfb;1gy=L83FFol@MeI9T&aV5>+N+A)5 zdome8&b^q@f16LO;AJQRycGbES&ZZ`h5HM(-d*{$oC#Ek<>o(GpRsVGptk2u>)J*l zk2QJUQ$(M2h`xO{$!GGn4v7f#PabIfsE>Nn!EVBg zD7;R&cy-IdX33{?U=*ixS zn@t-Oa{w6IRamR)7wE!2%=wyU6fhq8h%b6^P&v-z^&uYzAs+4Y+q~->S|ltgvz)Ek zYGwg6nUSo~CM&ysY)!dGT|9sS=PD9f%%VM){j>f_71!9Jxp)7D`+R!a64fOE)Q#>} zHZ@{_0SCMW`+ALJTn4gYO{)FoR>lTD;8blneoj^IQP=V2L@05-$-+;_*uWn7jNYj0 zypg|K(q#p&2(_2uCU|_mT|pEMEVj3||A23IN#GsPZ_Jk?zMy5vi=t4keC8NxbIW9vk`p*a zQ!g(@q|CuieR$^ssv!b>E_$ueKD4=7WUvmk46Azkwk20Lqx~Nn{%~H3V>jb3i{we- z2686Bl}-?Ofl+3o-or;hH9@V%YhN<%jH< z|2Q56(AO9GjoJ4i(7&K1E?FcJ?(3a2M3Sk~qFFm!E2_sGT3g{wvhDEK-+#G$K#}Sj zeq0gmyOu^Jklr15s<<&%Hr(c}rK_wz#=*ylpwM`?t@zk)NiX=B?#~ozSa?wud;0p& z-c!D&^l*On&p&0Ih>Uj7elII1o(CYCD|NEJH9F?g4>`}TZxx`W+F}V~5;q=Z0tX>a zC1g90)QR$AglNerkw-k7RME=_%K6^5GKc<45A`4D418I#FX)s@Fuo{Wl<0uM^{({7=DHO>`SGW`4~PiuU%^k_lo>$wISh6KwF6L46C+Qi zXZkocl?G==>8FF?MkF21%36Qr6g%NjpTX%R7zqt*U`FCJ zU#LNpjWRFxGFs1$4YB_t;PGqs+V-QCVNv)f{X9RRKfhXWHm@={?Vum)l8H1VkW@KI zUTU3;eexo#%$$3V<1n=@t6nWOuU?Id1woPaOsV{)RyJWoXJxgX=)q;Gw3#%Pzs@;I zZKvxq(=E&HUoV=gYVYXGhdCTXeMLA(Oc7sy~f3cpx_kXdH1q# zG+#}F8@hsfYQl_smJ_$?vvYntBW!QVYE4USlZdMMYft!Jp+XQ^ydsvsQdJwh*^=Di zqrusiEB4hWOq0eXUkMA_F&h7{A|$FS-tMWDcLxT7nS*}|W+ixB#$coC5emMlbvBt|8eeQjEcgzszDcfJ(fRhP!dFGbABMqdGYBV zn$R1DZ5H;Sl2!^RkKX zsn(=&f%|_2eT9h&jo3H)Z?$YXQCLoG5qKo=P zjg>$0)93UF4(*FBFBp$ZorXv5Pj{|=HCf5rGaL2!Z#I0(X`|E=3Y}jaQV!MQ3z{*` zapZYDtu-H7D~>r4r8X~ZiD>tk7x_mrAr-x6-t7OS;b#HRKi;~4 zbGn7RU3~wa*qPGd-@{^JV!|;CNiNKjbMR&FYu7vrtr1(uCbve)`!c*9J3lwGgHhgx zRgBcu;Jpv(@{2I^KTbacP)kfM-G9fN4u8~M)p$o$m&>iquvmB#+>l&?Tx z!^8cA9ss+a!IRwhLGj^2$ghz>?Z#Ln}Z^GWT2zjX|qG{nX&x3>ezA@5gGT~<_Hyg#-O;XsvBS&)Cy5qQ+FvnR@1 z#d;(DNcf!zr=e6y{z*;46|uLTM?W93<8u$D%BG&C+4EULv)--;-1Awsm8ZghhFYf# z{^aft4|UN<=U54nNelad#+K=uVegJV=Jn52oo-;_K6uTSodohj3?|AUWgwHzlWpgQ zXqB^`OsDvk|7X9bkAbt4;qa&30Fo%tZ^|bPCTS_G5tv5%7jIsE4~)t&jM(5Q9ZDoy zbSBsInwS^VgBRf%`|pn*Pa5Sanr{!<#qzx~A^G&Dw$TezpEj9q4RyzN*I&Y?Vg!DT!uW#Lv_YMQz!UPmiPZ z;4j{su1e-+s>~O-R6o1xx6H@!^=K|)2mJ({GRjfK4zV(7`8ufWiD%I zK{UZrVkN71*_bcBVTbKhA7(|ECwnsCO=3IvxY~K;AwVLex@!Y^$z~elsOu#&j^LnT zU_qTQ>?E*~b?-3bx*Hq8_uyA9PE0GG>ZMNmeZ0;+k-G}3kpgLaw1iW{hWA;X-hv#& zd3W~~4nei=wceUH{l#iGrX7Ii*93yk*Xq^QLhAy+YylZ5B2dx#=(503vOM$PJVDz> z?+9p8t|4?c$&2&}C4OW4!!kG(0j>OoiqW0j#dF^;^RM)3y~OaeQR3KMy+fqsd^~je zBk>KjWCZ@h6K(3>E6hL@_AZnAUys$EubwR;XbW75D_2|@@S_1$jLznOOoNH(jEjFS4-F&LJS8JYtnt{P%Z0d4`gnol zwe`u70mn17^L!@(1(~x{tnPc%uj?QWjZcFT2wlRl2>~wrA8g|Y zk#wAUyfGmEM>NRn|BXXCC>4NOLC(NphCh%KNXiks`U6a$B}7m}`<}->Ut|7Hlpp{l z{(nP>2ngo#zwHW2Jq(~K@;7A;H<3O~|3=yW_1m~Z2+z3wH$UnY7OXJijF&GgfN;zM zNbpS9ujQm6evLr85`fTOQvo6q)j(D}53f%^jK2s0uPi7)#vPPL{++?JKxO|Awh>1% zh&!_FTPG8=digIh2i5Mo z_^R>WyMpaQL6z)p%0L~U#^m29`@ek~UrFS-Gco?t_S!+crD%MW?82YhAO8Qd!v8jA zdKekK_@^Ub_19+jDl6~=wVGnCJKdl-BFD9Y`62;y>)pS~b?)-s#+WFx_5?L(9f%%# zzl?7UXw+x=8p`8kufW(hItfZEprgQ2vraeZ)NQ2?UkxrZV$Cx<4LVG# znDuM@GLfIXqi>Jz*?>V{ZG2+jwFMNqfaegtpKVC@V!^i7D*=SgdccW(hMYxr4@m2= zw29g|S45mdpJG($aC2F}Dj$)8x4NsaTSPdED~~w`F2t0_d>c=@f^gIZ*2>}!UdrC1 zKKzL&ypSGY?W;Vh{ByPE9aNkX=y>?Uze($DDXRHR7#O?(>e4@MfmAt;ZR$QG`wy$> zp(h$H*LMyJ!65L{-=_dY-y_<&UG0z&&}a`(FwqDlGBTYQNhy`YHvkbCd+~aedRRUT zJ>PeWE>hpsO&%3O_f5#mvU~lZ<$@ctg>ZhZSbgdxM4<|f;n7jSp$e#&ih0Qs6Y*UD zjQ9qkjgJos#_R`(i8I}p=Q!Y!_KgecI*G;lv7a7flx$IVJta+`rM~j83_x(Z zoKAt8D@4S-4o}T#dM&a68VhLL4fmUsRu}jaZ@))5ZFG^$hOlH$d7giAcL|~SuH!5b zb(N#Zsq7cf61U59d?0!RrNp;bk^0fjgdUUoDOX`>A=~F;g4!+uW>|2>@uNHw4JSE)t`$@A5LX_Zk+AgwP;$K{m)1e%11 z!h88qB&8Zu&+>N{U#6{W0i}G6IER#Ql6bJ=HJVZr?L~_A1^W;F-k;+=s_0`S9-Svo zM$UkPhkrH_Lsxp2FE$>R<16&X=QV-Myn_F0#fQo>0>DFtk7pQ3Fs}}H&iQS+v7N2> zxVyMPdhRi(#^@^;^ZZgV;*&okP{R+ZPquyrgW?B%R~JPfLRMD{kITY2&5MXa+urGO zE4_rA>&N9I84_B62UinbPpXWnTpRxjNAc^p-{?GWgwS8UaO?#?LHqMb{|rqYehC<&eBBIw ziKQDva4E=F<9tK@ zD%K9;sm)0Ji`9;s+s4+oufpL#NF1p+nXp=Qn{)EH*@y=vlcHnjYN6Mt1 z%l_o0E_k?l*Lmq@U$(WD=m&BkW@HQH2j!6Ng3MN*w{#7aKfl$^As1tc>ek^HoO{3;_Sw4r0+X9*WcgR#~r}GWm?VYzE*}W z`yQj0y3o-@k7P;7GxpOb^b=3tEh!6I^Jbr2;4nJ-Z4^a8G(N9Cw)u|+Nh9kprvIrNvxb9w2lWGq_eX{3P!_5_R zR(<gh;O4N*pjO)tl8Y?SDS?31rzm9l6kt-% zPVaPab9<3NC{Q(%#;zK9+(EV|9^Qb}t+2g#k)-4s5$E29Am>>kJIINMn_26U3_3it zmX;XE@zXHig9T~+&~|(~++c59<2XYm&PvX}WmRacRMl%Su~u~KnkiVzj{|jkgI_NW z!3PxuoQ3Eeq?P_aRE7_i#xzAMof;tvyQ66}=BrXk&&%MbHuA+AE-V# z&VqegFO<(u(M5>yp3nm$MHfM2fhkm&_-lawj-c&=JaJLU=GsPT|Fzc*zMNR-mpfz$ zEe3IFjtwN-@l73T2LN!g{xw6sMlRCW22Bm+PyHWb}&zmrUGjhrJaj4(b2; z`d{>fxOje9AMDs4TT?06d#I@3bW6C6j^q$!@T>R&XMiFb<})3}46TeyhZX^LN}eRr zBOJN(ufrUo^`88U_1U`NWvCGvX`>>>sKJ=_Ms}Z1@@{oYw0><8dR*{a8ZEVoB6q;_ z^!ie4hCoN*g4Ce(x0Ngd`7`mctmnLa2x@tFQuq3z8eHP^q=soexnS=L*Lp~m_bDf& z>5NZZ8+k$FDJ^d(I~XM9^2jE(9&0HQ3QC%J7BEP=o!J`>;&#o&0QS-i zgZT0*F=be<9@v8_@gI$`R%83K^FE|Kd4)_cYHQ)^zgZ9fzXO>86}8lm_b35J&>#oS zK*5@{>Na(|`COYvv2Yg()rF#GIC2>@X%AB=Q0=re>w-muBf7or15}(6grTz0gL5-N zIOeGMC%k*4=927)4~O){J0fD`hb_gM_A7O!4sRRl_a&@nX?Q~2B1|rYGr-QMRmN!$ z`JZyUE9lM9PxjERxJb z%EfL3qFN@VHMYB)xDg}JXxFEo1;a_~q^_!$gg+NivLXyX=_b`W9Ft zyhoX&FQVr}T7Q01q>EH6bFIsAC-;k@t$FG63A!MAMRa=RsXT<9-3QN>xH6_~RVU6bRog5x9V)%4~Sap^`d>L8&QjfKqM z3qQuAUdEkkT@HfSbjQEAPRlgse-Nd@)b}!##n$n2hN)m=0yOZ3B19RdO62vhVAorE|{@=|McbRXWEsEdEyV{a$nBK zF%?}fqm=8kF!eUOo%5sIT<0IUp8mGZBLFq}35s6N;B{cGTP8v!EM6=c2$H=dBYdn` z6vbT|ZQV3E*Bb*<$Ia;$-b7MbnW18Oa7XVe9JGEanab1C$7S<`lQH$x`(~t6e|CAA z7X8b<8W}E}^rg(ejHAoRXFh?(Vk0dh8TMt%Gsnp>6Nu?Ex0qoJkqK?JR=SHYV${{rRfV)8r14Wj*sP z=QHydQG}4CZ%mEMs7}A!--Qs}*pQHRbMKp;F9{)%&P#_dB)!{?82lg~u(5^f@d6qg zFZryaPIp-QKIS+DPKT@oN^e!{)M%7RZ4L05lHJ>GbNIUScrZJ{erqnzJoMgfTiC2e z#zgAiU3FnkMRUS&E>r(|`^U2w@2N5-n6IS44PML%`o-JZkH}%;r@#J`#1Maoh;))V zT5{O%HkthNQbv%oI~Ejo8H?-I4xRi>tU}7#cDW{*+r3XoF=FiTCS7IR+Zv*z&*{2D`lunw=XRBMef%rK~b~B?n(}^ zZwF_%-TG^rtjEY`}=w zjN8S~E3EU?`D2@-j1adOF?OZ+2vX(MF>-m){5-v1!C8O)BQ4SG)BK1RZtRXLtCLz^ zI~6Zublnq_DqD3q9qtJ&n(5UykC1#d&@;a8?k>eCq3N8NhiVdh!GPJ^XFWj^Mo~O= z%fVoF;m4z%nB6c>%=Yy|wB;?v!w%(6h6FMmjky!{(7eg?M@Q`q4R#*WSew(inCttS z<0CtH6?O*=?xq^lbZJ)(oXA{D3&S--y4gLCPd7_MkGmyBy*+fknTL4V>}|TVTDY7f zj9b2dj1Iy{cn#^$wVY~^dMeJ$B*G}9DmALukX+w#({Zh(WKDx~t!V!QHu*<;3i#fLGRw9n}?Z%D*jL4++s>~wo*MGo0S>^Zm z>@c&jtvw=XemWzScaZn?>%(Ha_N!yOCm7~)+vsiB4v$S-P8+t}cNkuEd{*&|tBlep z;Xzjf;v66*hN3T5D{iYC%|vX)gm#?Hdhd#go_1G>dLOM|?Vi)5(3QQK&)+g9tSCI| za|mz1W?Ku`;n--&Vf^Fl4OnyIXgJvl8RIA&k{*`gc6Sq0tCI%>TiTsAuD2}*qMZBu zrl0GXRb0rqB+QPT%H7;39r}gZydN>s>oFk^>SW_l3l;ay0@WF)r`B93Nq`FKK>-&}89^Gd|q{ zVN;lRVA+f%=7M?$$ke=Of1dsI>jPyY`h45Ixqb_+D&d<*B%D-*8kQh66n?_7SGlhH z#&H8mtAkL7(FTbk+e1)jy~v@49BphHr7>c2#R}4H%emNJ(1`uMmj(M`5A7gTgif?- zs4&3B;bo-^USp;5QQAh3D?Aj22F6vOZ4=~1XCzXf2US!F@G3|nR?TzbC&F=Zp`WfE z`#{^Z-`P!@JjNP{nt=WC>8Fm~Z&TO3LL_Uyp;6;I*E1j1D3g^y!+;K4?Hw!Zf4+X- zJdDE5emmh&UiF7PW`_q_yAs;U@QtAY>Rhb4cWL@W3P;ZrgAP+L_5w>Vs*`>`+i*;m zao74GNF}J<5FLh!Z|}rjr;jVY-Sn1wBy?u(+!FEc{+1yXmf-P-K5M$D=-Nj^S3*N4yXD2p4x7SyShAJFvXLTo`X7a#&G4 zwjcBWf$leaZ-Tvk;4p_5EPqtkmRu8=k17I z+l&XwEi4%?aTyKpsE=6VmY^NlX0~4Sh{$M7Ll1Msg>$mbCJT62)1_dx)AFFjtFTGo zfOUgXSbGIA7`pCW_UVhlw3llHZB6y6Ts7azk+WDv31Smcuhtd?RfO1tZ#SyJurvl) zk9*$1$EY<0cYdI2TX!_`9w_&<*H~C(e2n<2rw&u%`7?Zc`(v!^Ul2bd92b@cuZc8T zlV2~i_l|b?6F1juAX}^8Ue=~jr;t(18YJ|ncIM;oK*@I!rl#fU{Qs1%4x~?5aYkHq zNZn6A9c^0>P9HfmKk>$jXXd=1Uo$sb41^A4r)oJjzdQ^=olz=Faw&`nAA;WBxQfX<@WH*!@w9K_ zI$T-IC_MwG{)kt-I60Ev_l|0*kgn44P|f-6a^tu;)=Srke4J!2DL|CP&&^q2o zn-=VP1=V}TfMrCXlXCfju{HT(Fbe0KVI4lq_i9x>>u~OYvR%~#1(&%maVVS?8zLL|f5ATXtp6|hNS*1un6k+9d%}ysbO}QFulUL1f)#a{VTsnpP+_Mszj8vhyF4E;fvp zFp*$^idPQ;P)<$QNa6YPf$n4T-f!*w20Gz6Vn~q&`%Ox>DE6-=R_OLe2v(IY`S&RH zrV!MXqB^_>C}h_jzRcm`v%+c3giF61ch;%%^xAW?f)LaKpNP7K;fj0+`B4*Mt#$3` zAIU0W%$+aj4He*l!F3aJLeQ6g$VjSea28zd`{P4ScW*|~k(ti(l~h?BkrBm)OR(|D z^r7J5&8K2lzKhq^s#L+cH8ckA%XPfinKSlF^)fYup3-*2E1 zzG4CCtKdx|j!^5dY}mbp@c<4Jcs}Bb5OtVosY2S`rGo5k=P!j+b%B z7jg(q;cF(M=NtS#u}iN%l}dT)8Np+^p?KR!K4fH(iRyl6xD@;029%ZB;Q0z+VQ!XZ zkKXoOqO+pC#th9f*v4{FE|Q8 z?WkM2dpML;Ejd%@T1~~ONDqjkTBFrS9&@n`HLCf))oV+km)yNAuC1*VE{jy?oJ=nY zgX(v5#a`>xSWk6`Xtoj(u550Io39oC~gbQxW+ z5&HgJ2ely*DUOZ4y~}zr^A{>M%|(v{Um`szAp66kGFCTkmyekl(^R&H}X+pd`cwqc0o@*rd&7j>bz1RAq zwd30xjGhIi(lA@bl8y-OyULi!bWdR|{An>-OMj2%;CHxYijd8E~Q%wHQG)n39d$Q#jVdf?8bpuUdkYc+)UFK;xll5Z4vKTa9 zLXg_|&Lu{3+BPP-6|j?K!3P7Gk>1#0%jKFCGuUHLw3Bvpj!VW*K2fD+f;^}il&zvVV@mM z1E!ZXh!(>39c!22&t}WD*Q1qPfoEvMMv7YM zeV+JI(YEzJh>i?Ip@M?dwcc|?a4{{uGQ+I$!<)`Qt$3Z9qE8643>WU;@=hMuyPI{0 zt6USYG9^*%S%fa=wg*_b6s>-}vPdg9cp)%YFcJ_PYbJ=S$BIu{w8j)_D>orh?OK$h z&(c`nwZ$e3e4@LCzb6lFbb-Eh-M6Jo*3uBIb>8cBTQn}_cUuSY2<8QNL<~wy7X=6G zV^V^?o#Qlk6@V7;1?q~NUj(*TZoeOBd2S=oVe!8})tw)MWW zUYrj6_JDKo;xgqi619^moNwWbOw63BKfkQg+{Y6n$0^VOoe>Gfo%yYzMy#{wyu7d{ z%4VP^`79L`{Si7u2|g9hK!+B$Ki2esH<0|u7Ve7c3kH?lCX{Vot!N!xDF7ntZ!qwI|!88hcp(Zpd`BDFR@i~jBbMM7HOScVJwBKn1ceVs34 zn9?+!y+Jq%OTBy&W~OI#<_X52L&YqTOGTQ3+MO53Gzv1a{}-MMkE8A_(`#|-O@1$% ztz0iEKMW~Y3eazQCQ!Ptnxxz>{&#!q$4hPQePgk*~$yOYy6&gu&qARNDa_Ngdk zGQD~x+`*ZVQ?OE8Z7W`M71VxWv@_0RRX)k4>=ykySN<>JxrfwWy{MY~VQAp55o)%-ZUuY1;ZO~kN6X~37*%yniN;j!RZ*85qlz(w9 z&RNhv<-!}F8~-efrAPyyK~dyikp9<~Dg}JL77O~`XL>hQgb)oZB*b@&J&qhv=nJ-!1C_N7m(xjKUQiliLuk@Xh4_2#l7y~)Viw%p zdQ+ALdS>U6@+Y6~j_&QzOG7+ManJ)gBHJX_y_}_L%-y|gkjNqnK#{{3D-Y-WcRfxg z{JZSz4r`evDqdls2d9Tp4B>o#8gCx2(pSyvtTG|3>Y(MDoa0FkH%H8;Rz<6KWT;^& z4>>7dcKfpx384B+^@|rvM}u%2Up=Yv95@|$c)H{Lb2II9GG6M?duji+TiOzI&@=zK zsgAar)0X$~4}b63wB6&H&Xr@))8qKgp1XIoghRc*&4zlJtumg(d7gfqL}*?bjPcq& zp*x)~Iaw0LaC@zLyInor6lFZZ*?Al`s!G{w)VLrr#_oBQ1ba+Mx&8{mTzfRpd1Aix zsA$~oD6PWoDB{reHj=}4lgnlNDC02s>GZwn4x_BXc*t3Us9J74gF9&&H z)ij}Uw$c0OJC*mb!Gzbi3555j2ZrrNbFTMcs;bm|NM97j%W9nQ$i>}mkBICTD>brN z=3P3g+VxP1wL;bT>yqMNl2!vY;nkiXqvu|Ux7DhXxA!XMKrGrHb8n0FqpY{{D&}O~ zb3o_Sy5SZV@&sk4NbJ7JyHq|O<-4#PgxSfaI~^>+>~&WAjk!)r9cw=>_Y<{I)YIld zuBi9LOwnWymn-wlV!ErRWlTn7c`KgHIZ+Ngusb zA0w4vyURuio32{YS&5>$5Fq6FEm5?^>$LCCj$=P;*Yfr<=dfOU5VcH{Y{lz#M8EdYzi@c!|Vf8ClE&+gNYG-J#FU&UFx;(w}R|7J^Lw}ozB8RM29L%Y>}=;O)yMP@w1;AUif-*DQ>m9ayq zV}gV9-o+ZP(<#Z1HSbYx)aoLsnG9GQk`tv`R>Db_shn?w+}SYR2{7s=8r$OBC2W$N zc~Ub&w*+;SI81Rb`H{nwAlm@)ewgtn=?xu8t_LGwT2wG!l4SBHUN6U25pUa6q#SC(utT`}2(s0!0-k9kFQU}2w|x>Oyy zT3)tCW9nppVpexuW?hYt_dUs=eZ92%>wd=)POX>^8A#rGC+vca`>WT9-tXx3Kg$Ni znTPH09vW4J(fAX)O;+VErqHsxk=`~LgqEMRGO{LVO7@;b&snulj-m`1Qg(Hz{MC{! zJ5$zo61^i0;T+*9u6wH#(f-~D&C8bte{oBdBB-jgmg`^IO-!hejqOQMPU&uSB%WwH z8DtzY41(_TcXZ6Ij)|d>wm)n3YNV5pBwH%3te1Q(eu(D3HJwbCuESYm^=8Z!HIil< znmErzHI8LH;GJZ19w}XVs4DDi@zj70me)!PBXUd2d)WH38(aa_mBZiB!C!0`W(L2& zef;-h_zU79_$$l!YvrQgN<*G9_;n3`Ljj~NWL|`WUo!Zc2q0y0ZTPt`qVN_*BJe#l z9)BxD7Cb2ak&kfvUw;*X^43c8d(?ZV1Aecdv%O3w|8bxEcCqxo;L=Oxy%M%)>wQpT z2RWgWse_+%La<5=*JEm; z^GN1N>hzPRe}k%5Bm4AieSP(X`>zc19L(m8`u~T#w+xFyefNJ+m!cw~C?KsMAl)#u z0St|FhqMC-LpLfSJxF)R(A^!<9YZ$)f^-Q;bDqJ~zkT*~uKhpzIxo(8NxK`-Aj#TlR90u^0ennl+cP80#Jxi>dqFF zr>AE{1<#EXwCq{`j=ez>O0JX+@kYqO&FzjbbfI6@@H?4xY@g@p6#J>eTTIsspX$BRR$yHmLQeitE)3aRVWDzm?S+^1%jGBl^lA^H=!)Q^>rEc znvp1VTIiHWP$875z!-N$PYZK!{B+U4g(?|M5XIVS-j>eHv+Kbec>ryd<1{=rq01N- zQcxE}NJL|60|gxwVr4t+OilS8E#QOfE+d628rD7knb)$-R=r?rK+;`BreRAWP{&U4 zMyd}VY8{cu>w{E6&%QrKIoFK(oXLZU_fJcV;qEq)>%+Ru!KwQn>>D%hexve%D>`uu zzLKAE(O8;r{WyZ>*Nm!GRD+XXiz@T5mnfD()GcRe!XWD4HT(C;i5_4%tcZP;hS&;x zmwW~H*_TI0)AcMrO1rvkQrNHCZeUc760+ILq3!xEDFBHow1@jCaI-1MdX(CGFjc<1m-zs za%Ma7x(T&(`SnS*fMa<1L;l)-3`*sD(8DRzYju4RPCX6na6c)`wi8I^Ab|`r!C5>R zvN!%p&_MNQ<1cTv*g&v-aF=PqjG{tbfc)3+uUbMi@S@9hh--Iq;5GbPJEQ zfo_;ngNor7i35|h7jo}?345x3Z@QA?zh^%e4}xiFHN}U(D3_kD=#qtlEi0McQe^07 z&L^UaUP^euc`0>Y?R)jgqg&qdEGDJhF?rmphb5HpkB-2F##nf~84k#OmFqc!h&gBv zZ^D{~zbAgHUDi)XOfTW?L5B+Xtg%`7I zGiov=Q|3SBft-%v<3n>Qna`5A)IUGWC+n13AJ{@OdR^WKJxJ*T&+*e++%h@%)nC#n zQe2DW;EI!OTP`PA?C)mtJ{z^zH=|7O>n}fMEkVsI&(`VKQ=~kbdKYC75-ziQz7tCJFFvWYQ|jD z|6U_}kW0XR^v~Hrg-8N+iN7s|V0-|jxy*m&`UFrw{_|N0> zscGV~*?6Ht@_meN4G-B&&=nR9{)AJvV72L!owfT!0Ldm zu16Nq-FRm6v}?Ne4E$vAJK0g$xo$7{BVVDPedMQW;NhIz`Fvq!>ev~5TK7hV{9}6e z0!8Uk-)FbFJhVB(131b)avy4>Xd(rdoa8?|2hKKXSKXX8$xmu(5<~_!j@M*2YqW_z za^SpvELv1A|5xF_PWQXo-|58vLjb6wxj3oN;nwEaH^HX9MAnlYP@nZc%hxt~e`^jo z*-087j&dpANICWEYX4}dzn{1MhsU)4^`C*mz#l?jwDk!9l;*nrI=O@gAdP$D!x-qs z6n;M!g9mqSb}$EiKgOtWA&3CMsQ~-0W&~~Hjo!7;N7PcVYq3w+9bX+2ZWXle10<~d z{nl@N<@w(g7A=bpGD0lGxpzjZd0hCxudsh?!FgaZIh)feGyR7C zv~~3UgkagO@+Y^w(7-7{iwWhhT-^rqme4Y$>XQ88@79=%oqcvl$vNPW>QOcmKPrt< z?(pY&@jcM9b5Zqd`2iWN#gull-9rTRWZmlWLgM}F0?tQW^JQzj{t6kQ3-Hb;%VA@? zW=h4R=+2Ub);#tE`Q|3?pL?sfh2lpUG}0n^1zlZKjO4qAV5En1%q^Bk8Fp_a_(BvvXOV_e$ImAQj54w7Uh~EAWdJv>31I z6fY;|hb-DqPYzzS%PlZ-BIhYBbyAjPhkfCh_p98+;h^K+3+2gw1vZ;-H|C6SqOr6= z(L0RL@MuXxmFock3Vt@q?8RU`U)@_=Ttpw5e~VIUhAVdL>J}OiuKOb^kA%W|+_;7! z5xg2uPb?88rR7eYz!WAoBSphgmhcD5iWTeDa>C-WX_KjaSPA}5F)iu@u1}yEUuP$> zbtHvnxy*)rnc%~R4%wBO6+f9JP9qbv-P&(8NPGNIFvf9>_i9kBrJeM3v9lI4y!ZhT5)T0{X2u{Y$&r6)^d5kuMih)-Qol%BEx{&%%SQpEDKy^C{ z4I)~F&3f>e9CdKSFvAbu5hgO+m~OfSE>HE~YAMyjn{?1O){P!fIOWuHUeR%{V9g$Z zX)UrTLUyJa&*FZVU-6pgs1ZX@e?6xwvt4%4R-5 zS=X+>kxz_7hK`64uI6B)Pfrb3RQncMF`NIfis{E});DK^gHj@?!^)*bp6wJ7KRC0{pT=jXNAAwzlQDM&&fp4$ZQyEo$p^_~^tIfzxUm^8-4)RzVdiG6 z)EC|?Cwcg$7bD{i+sb7>DhinO7154-li{K^+C=kvHot|viuj=pK8le)KJ5|EN-0t+SpIMq3Pv`gd zLVa2)nf0nF92l`!ce>QDyc*P<_gHSA&Tesg3tLdDIBIbuLtLrij(>KkzxG?3&nz&J zol?t{l4WdFgAGJZGzqSB(hBVl<~N~6wHoiOKZA$6Mc|QI z^p?f4*1lGbz!EK>ir$=z>S%O$fO7-0C66;T!BM4$o)R~LZ_-vYu_iM=Ju79f;(P*~ z!&T*`if=r``E8S08bhON89u8PHXI$$V>W{!$|^ekpUO&-@tT8uT_16aL=5!2Z7((W zWZ4D3X3u~ZV)c>uAj2fu$@?9*-Z;mP9)hH?d_svQb7s#;$Jl z>^Gyz9foj}uEzH0E}J}3hs}N1Fjkt%9#je0rAqupqU0)c>sn87s*wTy@N$V{OvYyC z8(+(Ec$NVLOu72Kdda7ZFG!Wgue7ffnLTm#E@T!zT3F<|H6M_jaYC9q-_{i()EzX@ zBzXE9KFDckU9SEdNvLs+cg{pvpIMb05v>(OnoQ1n`_kMJ2ZzObi8#YvdVBfIpCbq6 z{fBOw57-aSGCw|05^>U1^-B(ysBxd@yk5gXInxXsq6jjg`bMO!D-x@r%3Nf41wXpV z$?zTg7vbu5&H&3sU@9L{U93yHZw!C}(cwOGZM5Y@LA&hO&(^{Nc|q zQKK&kd+=)hs4={5obelTOKs9YEGMbMmfxBnL%F)ij9VYdeCURHYYZqlN_(+eSsUXi zg_ox?J$C!H7Pf&G?~EmVyG;WlA$D<|+%yFtAB6>t@7MuR^aMl6FdhzveOb_UamLUs zTNxG>`4%36~f_gnaAN%^r!nMlNss`eT=N@IUMUebj zQ}s^oZ;|^WA2%1~Lk(eg#XY=~F9W0a5KEKPM%Z$oy%en9e9^NeFHqWxUYS_=_>qrQ zo9jCpi5vfEL#v@*Mv(b}uA65X{sb4n56{x&=hH zPLQ;&hw2R}qz!pl1q62Xt5H2heB|Ijh`x9q%o|g0)6_5YnUFBNc|VDZR3(_#N~JKd z?Ax8zEC&6>+c<-(Y?@V8F%(%nBB=XxTJ@t(K0v}B|JX5a+-wk!9#!4;IReWVp>B9iTC+w;=CAjWgY@$)8~k4VHct_+2%op*&ZWS7=vv1Kwpg65@TX!y^NtR=esM1!_cuWuZ?*q-+4> zmKS0vRBunAwb6$dGb0-Lf|p*%+?0fLc+TjWLQ0N;q*|U%Fx^-QqWII3C8eBLMD5B- zLPuj`(u|rC-w)AUMK+$$vHNxk1KCzr@2!Xwn#-fSkt?75`A@zkQ6;Fp2&Gqxx?Ls( zF)XQt>E=HG<4rxe={DzZTay0fcZ>9w-+7~}CJIqamiB3>771UMlzQCLIgM1zFvn={ zmia9^#7S(krrG9y>K{)OIcmGmmcdZxd5)H9{VVKH51Pp?ko{D%n#@dm3I^$3j-roM0`3A3ACs5Y2* zrbc}+?B>4lz-)K8D#PJpX5oc}r-s#jjeA4$P;0r>$Vjnz5#KWT19H=2AKMaEPJVkl zlGVu9z2Q{%i#m;_g0Cv`oPQpU)%r|okPtfTDjX34Ss8XnC=I_{`c9PdW%^FOK=JJx zw+N)_Uaek*2%a>1cKtl_x;?Wwbcb^x7WN|W6T?UFd|gO6Bv17*Q2Q=Q&TLGFSk+`> zEF#SdLLEF@b4z)BKygnYsh>^B8t$K%N^2OU|E~L{tSsZvbCiL=_sp%>FdaZ1lbLz* z(^*}Bd9N`tLtk3@89wE);!Hj0Z*wB`*8$936d=r<)eyKGPnYpJ|HbAMKfnWRc!kF?@QQu>~xJnE)V0RHP| zJK8Y3(y4f`I7WzIMQLLkOATqV5$`Mf$YAyfShQLz(52WO_Ph4c{a#G*62)@zeYeAb z^y+V;aFkQ~8rzJK%d!4StH@q>v1`#At7gB27pPJytn5P8)AvR6g&u1m{o_BKfrH4q z9c_p414oQg!DyGNlA0o;&cY>6(Mud)8VZ6&l?pdpIY(yFbH>@+HDWRr6?lI*M9o&x z*gBtp8n_y=Zu&SRtYZo9MzQ&;5z`lbU9R7hZSQNBP0iKru=hLEf4nlVmp&yG7Ou$r zolqYsqOMK6{>-{OE4awwoLZbDNB;HDuCv|V&5s0H>vEI(ic1clEstnP)8+~K)kMal zQzA-v5i3NzFTE})jTpgZ#3XlbcDaW27(L4-nog^v;(5ewWLElixS}~;bx^*YVbuHG69t^%ngk3?s5ID0WZFIfwN~Pok z+kY9+?uB6FaS97qCWxO}LJv+h}y&Y2Gb}dY2B>!VtKum7>d|z^Ufy2 z4`=TKEVUO6{Ib3EvA&xFjvsTrlGnW(7AFHb*umMhRuT0uj&7UA2dtiEVF`-sc~2)e zFG+e5;6*RGkm6~dO%j7w5ecO%<^Ii-0A-e;X8|q}JThtbV;m)98Ht`7A%v>NHg)kn6{(A>ii zZ!3vVHPk;cG~(6+i)5HX=9fiMTDT(mmKY+UwAEr(u}6Qm_v4JC!^C7hOEB)M5!+d3 z^OJb>>YX;kYj^WZhJmmTOwyP4TGQvsV68W7bVpb!Hl3`^`(-2=9$gf)yDmg)c?5Q{jj>aQ^m(9*I2tBEGEm zz#!xFMy4bnUV|bkYe|y*iD5a)N`?h50~dg z^4oHDCJ;-4Cwjlny&nm#WQSy!=4%M~Np)7Z;3!~gBbS~K^@@Tl&P zv`LGt2k)&3|2=t84?s=?b`Q$rqRgiN$xZd4Sozekvw?u0hgGge!h-%G!YQ}1p4Pzv z@kZV6O^s=DfD|dmIez(To*ryBc7S94yz3nBsRw2SOq(9{i8Gs>I(zxo;n0>LIkOCX zmrlefGR&l8d>0^wr&r%IlSsIPJ~@yG1jd~->L0^{#@|-pT!z5xj!aLPG5r9nTz)YvSv{b&WTa(b+VoE#00;5OUq_PZw-7%dCU1UlwGolmzhD%SzQ zhy*&61dR$!el+CVU@Mjbp4an>)ncnNJUt*WRnnY&rSUq}@H6bh~L_Aa42?FB%3m_x?rwx|kL05d4b(ij=$2F?zh5$~gj z{N8y(C|^aPzmf5QE>-b{Z` zKqV*nsG8kOZ*O)E|DOQ)2 z*Vq_N?Ss6jKkV(D68kB0&cwgK!P~o;v9lO3o8B@@k%5pfMq y_LuXU^RWVXetvY zn$3j{Q)NSnCOct+Pfq}83_}ZWbuhHiR4#Xbb9y?0W;%_akz6_#KYffq$0B;c9NRk1 z58{o~>|N5;Lnp@!l6z|kXf?fUk`Mt4_qlGqCvlem6y+wy85&viR-MNMyc1tdzXNhR z@B^eJ3=F9oK<%vtv0wgJC4&yT;Ci}Y09Be676>QiC$&>L@ zIR7HS0Dcnq&KD>2|CN%hx}}9;*0lkG%!2FNOmv$)B~{&=_$D(otUt9Gy7QF)&9te; z0ks67gVJxz*Gi)yHsFu63-x?}MPubip7jRZU^jx#HmvM)Ncg$Vuj9nK9A>lTyS@R880X?!JNq-ry*ZkW z0NT^?C49`#VDFDe9+mXO0(-*(%%@93p50mcT*i)JO_5h-+)bL za^eK_d+Jf{a=25V-`noYMUM$$D==(+dwRIJr~yMJMm z^z_|!%iHP0FCjH$Gdu*Eub%81G3kTiU8VgkU^!7of?}$gXsz1`R=)Uf)!EQ`^*Vge zJ%wPUW@j9POnT_MG^KIh@tuv+W^LW?a2DasE{#piO5FIczAAg)?A+Y_<5RTjGA?=* z@~94ytgCYZF4WgH-3xy%_VcY0YrLWusv7m=XRbP1P|=}890AA$8VVzXjUqA#NGTzA zL_k(*`mt&bkP2B5jS%%hLf}tz&?`xDN(LXaphBEEY_B!%W$DL;0lXI=QJTH9_|};f zahp7jd-_2i-~7*=hfzxcYr-%=$4())_aHG`sLBXe-k`0QhIM(Rt-1L;aDlxl!Mxkh znWoHS;g9lfv@ZYvY2rIjSC#1oZTBD9yGF!UryJhH{1rUt!!=SR>f1T z_GUAuy*5(Fo2rJuS>}&8{ zXd06y+4pQ;|Jni&uf_b`GXOQ(2Yf{kFz)kon^3uBK@Pk)I8w#$mDvWf(Z`7VLFWqp z!rF>GT+jzph}%qWvORUK4A6QbbAZzf@GHYe^h@Wq3Y=TI0I)o3P-MbZw%cHB6)(?s ze~8RkjArV)}HX$K|qcp z+b1x$-_JB4hShx})Se#Xy`1l0Nkv3c^lerFpj&`;0Ki&sp=gBupT%dMOTYce<3~lr z3kBdU5Kx%zNN9ark7rvj7<|LFQ0u>Cr1&6ff!kHV-9Io?VBdL-oNjaVM$)Z?RYoXj z^>)$DWph`R3e--?A7DwU0oYiG?b$#7m>#ZwG>O(o~0(Agw6a+x6P!r#A1ZU(p$ zs9KX~sj5cC#H{W)p`nf#x?JhpJMHr(2SGi$u+OGHYIaX^U){p$S2=)73ykYFw`sKq z%X4=x8t|vd2}^yblp*S!RQ z>C8Rx#%B%4p8Amc)?@$e^~**bw@4uOz@(Yy)d=WJnsR1E6q z<9Q%<1hl4ukZ-+HQ}Ms(#vO4$KR%NWYn@Xyta%wlr1}Iw=M^D4^kSr>2|jPK==rKg zimBSxHW)rws3uPjMP zqB{^lB29|w`4?X#9)Vo`lP^MrIAVg|2dr1yfp|Uxyx4lTzRac^>)C3UoS}< z4Or%OpZA`9J!t2iUQ1AO`5|57jzxh42jqi}c26kI`4{w-;2KzW(14@ky54FL@5Vlw z)9iS>HpaR`kDlvy#V`fcNI3J3#~AUTFO+nNWrpJix_*mfyLVZkk@S(WaT~D4O`0SR zf9YyiBFtIqm1^Qt`?&@blIy8wEplqwY6obV!glqK@Yan3oEe_oT@*g>Xwxn@j6St{ zl|nFHw;6R_IR9nD!f}mQ=We%a+hPsoS+KeKL3y37s(b}$OUO)hR^H#>C7y*f8eo*|aUePx-e^w+d(P|!*7BqZ zx&Q30v+NC#C3!7PLdw^}*^*Cev)?Y0LQuJhc){(y0=&3uCGD~R65|w&X(*^VpF0w8 z#^E=X!av>l7hK`ZSk5BC?zpMec$%C+(p{b|2)$(yz1y7(X+a4u`3ma3{!pn0=iu?& zYCztF+n$8L8)Pk*mf<83qF1aNl50ydXdtQs3Rs#kfeJ~hN14iu*8HxLBtvRiQh8OB zztAR}2x{VBcbWL7E&)i5XWs`lAVh9t+V+}ByB6&sZwQreba!9-$r*up&1yc?nOjF+=H7*(_a)lRn&UI9-Wrb2 zLJk`#-veuR*Mg=$8&g+yzdo*iLViu6G9;5;4mSXSWb2tbd(wJMLG0xD>ulDD!+68k zSR5Sa-*Dd`XvCi zn&CaKPua_=zbZdf?~mrrvfS;TjdwWwHtFuNhK6&{Y%{xo@UW%{?g#B@frJ*f%=^xK z22y#I2_tqlS{FA@Iya}CPG7jgr#uSLJdh`plSjum8)JJml=CLr_fE#JB;vKCaa*er z@6-Ei2%UD;l%1Wuuwo!~c1-T~s@~ZV&-iM!rn>7D^nt5G^QTLoW23q;nR(2T4u_1QM0=Yh4fu5E#C4px-q?K!(RW>W8ckrBWJU5S#x z7E%@Mg+TII%jAl1E2qoW_3|PX`4>VVyoRk~w0nH7NU#Od3)PZ{DZyOz58N%4Zx_D{ zh(;OQ_EzJY1N6pzbLmrSH{2%9%om3qv!+pye19*$_5r?oAekq@z+f9P@vVysk?J-F zah`B@V7Zny>G$1zfZED4oi9yZTr%MgC{S~#ml~XHhDe7%`~*m&ZteQ zGG^7TPdUqnx0K;MmL@ZSeUPttlLjRAF*?da4~fq&IfHfgEw`Duxp=~H<9r@26bmBv zStll}X|c2wWybS{u@AXZqoxwl6bp&|F=zsonVRXWO8+d@PdzM%l@Ow5SIOOI)wj-V z2tMz;b%QaUSaF^P&)$~Lp^p}0d9HV}R29;ZE^XwL`AW)Gip%)7z0k8Qn2q(be9?` z<pQ$*t!hEhXmTO0AZ zmy9p0T&>IAT5HAH0TEdLi4>!N@e82o%KgWoTLJ`~$|`A=(<1IZ`K>Oc^q$v(b1Dfl z+k2;B4=`8nwV(*9?nBoLbU2eCf@%{=u&>_yiHk`jTo!wMC4N9T(7BTq-ee*&+m_*} zNEz8qQV^?Ht%P&_ozGU zYaWQ?QICBz2p>R`LB2F$4e32r$)CF^7!FZ~AXWtM;_iB5YZy&d4lK35*w?ZShKUGz7=vY2t0GI$zRGsG!< zF<9QSZx$VmF3k0ZB9-^!Q(}&tlY2qK1iVAn38vVx^JM>brW9~Fjk-f zbHxEruycUc)>dTb!@ZN?J0{_qFeb#+&iiAY^XaSuYKmJ0O(<}{DZtY6Te!3y|Mf~z zeXXR_aL}a|Qw&iOX%6R-*miF{4j$L9$(#JLJxQzq6_S8A0UUr}{K&=82k2}6G`ja} zTjZ(`g9NXY6+_~`mZ{W;9>&vM`f<^wbZspc`82=>%`ogF7v8-r$@2lApax#o<%InGO6~bv9B(i4hH8rrYA>av^2s6hfvihNWvT^s*H>c8Y0Z#}E3k#TYYqVv7 z!~JE9&@VHPmGm-oGu0Q7p3TMCv?24i*+%DDZ>*n5q6+ zY06U{7S5%UQ>yGsh*L3F7QxJjui%)l?`hP3~wKA12rpK$dQ9>s1Zv*oLmwQb! zSO=8cg5VNaOu`?cZKqX7ZnhNlK*sM6h4*S+CQ@h}%&sq#pfP<6#G6fWQ~h)uzH*zH zxhrW zW;U7Edz=A|$A(^(c&RGqRBL)9>swb-fJ>?AoJsSP$U)qYPt}744awU~QhCfod@}c- za_DAv@JN6wHeW+7k})H$t@y?IR7x9OV^>PG@L*t*QJcTnbyq!`UJ#Fu5L)H@j1~}e zk|5(C>fMuzc~svEfnkTwx1u0C!aPl3M}sCXhamXnoQxqd!y(hg>^W~_&urL4Hza!U zYE)XsYA?D#PvC?0ecxG52sAeMMugI z{j9Pqc=0MOh*OHb^rG+NU$M1YhD*$SmccI9Ru zC>9V;&82VR{?Sf>a1K0Duf>$^zVR z$=NT14BkixfJy#!vD>=FJfD7Q9YblIX#JaO+8e$1`+gz3+$$(we+6Ly`?B^JhoQC> z0!rx@|53?mf8@R{k1`3iJ0Y8t>+)(Wol>eOR~=hfALJRVZRE>r~T4b|Ctgnar%BWCK>vfojRaC3yHRTonLtV_5FOyIAG3%y)q!prgCd2Zi3LM z8s#F?uTht@%KgmiR0QDzf%N(JR2I?ltE(7K-lf5dOD%R^htH~yY}L!5AqD?zC@?c? z%{jlTn_yuxM-77jDZixAfA7pP_@GnWn=B>!m0{awk^hl``+WKtg9#&fve|piR*U~= zP!|LeB64BJaB9`BsT)71I9k0TTg~D~;ySmi-(rAbCU;(OL~qgLV2ehJ&h7XR8aBldL&?W6Lw+VibrXN#lIT`eFKGbf+e+jLu)KChhTVd{cuX?+}-s!b*$x2clhfV7|L{k$n#bU!L79-dHnZ3C-*&}9W5x#c!zq3NPrvd zaZMI{H)cYxU^P{C%Kn$O`7DR|ti?m;q}u}Ne%4ZEabi4ExjgVwa;AjQ8yQ6!XK@F* zS-VWIS+Pw%<32Am#i(%1u79-T`HH=Kn_S592hHZ#et}hYVh6+tC>y@z1zpB?8wQ(C z-#zAb-_dr&xxP{{2z z)WkvGR`#3gZp@n;c1oP-kcRD2OpQp_S=AN0+(_X*3z=H_jMKI;V1A&#z~o135k9>} zU^fLs*l&)2{y3TH;I-xTbN#7X242H={t#1L!jO1r3l943c-4OA;~Niy&YV8M`Xt@g zHMq}KPPtF#YCI(>6Y7pZ)ODbl-oTb91G2J3O-`CWG@seAqMNSS_I6vpH{Pvw%C_tNNjjuha&StYzcJf}VI@i9{a6Y0=eC0r= zb~9CWrg!f*A?%-Ld6VRm(_AfH8!my!Bo13OQy&Uk2_Ys=1}9kly~diTvF58`+-#2P zt?$JRsS)u{Fs=G-N&M7D-?l0&2 zja(WBlk$-bY=q`mVEygxwFNmRa%dQA3S}QK#rv`4Hxx9$RUPQxFrH2+l0cik3OwZJ zIc0SPiLoDSVA^U|986R=ZAL^`3)Jh=RAvvNHKU~A7nL1ql}pJqL79RCg!OMOAzK82 z104`LMqGS4;0yGctUySC4oVA33PO+R0g=^R6xa?hFl<41?j{MeRt+qBH$;%jn;MMLfJz6jcc7UrG>BQiLSsAS_{yl9V=*UKkhtUQsjKnuU4Xk>heFa8F zP!F^MfF`k%>cfDH-#(Do998Tub(^xxMI zWQXbT3~0{lRvuwssQ%RwS^h|`+oTd_M700-bF1I4C}-$~qI&rMLA(9;)%ic^us30U z#mE5L%s;vc1LMi%Kl`0en*_ix!9nru|I)|+s$=)1zDI{yWMECh`?KHetN$ecmHz)% z?-T={k%#|Pqx_9XfZpEG0iSl(8q=1{tvjun$m^O( zHo&p$ul1{Dw{qUtkXXr1=xx17I!Ez9yeH!Z@$<$=@wZd9wq zSOQ_1d;rAhztB!?x5pX4W*!D?mueu$g>qChxu(X_a0npM`RChTshoZWOqR~J!O}=> zpOf?R$Cr5;+NYy(1?9w_s4R{TQEyS{iigk3payatNr9<&@hD8Q$xVk zpEW6nFZE-Oo(IQ^xW^v%>FC`=F?WKFn@3}ue(=gLr5o>YAf@BjYtws`eR8;vG)qU;td$>PIZiM>4T}S2t zl_eE5XBNNiDhzvp&T(laDcO^{cnlV7jl z7|6xsETy5`{4uF$$ts(GL1D=UFC~_R)ucd5iF7f3PO}!o3pN+?zKQf@3&H`MNg)@m z*DDxun4ap;)AQJ39@MoUN{)lI1@yMC8%^qS>z%Q4+(41t5V0H;a&VnE-DbJ2qVG;qZlg==uXK*i=2$bBc} z_e=R(nY`?nGOw`wT0~24M+J|Nl7;(RH8y65nT8^Aa^i=usV`JxN1@O}wG~g1@ne+0N?MYK0A9FejN!NaTO>6dD7Mg(lkY5q zM2%3}2G~UOfJz>lf?g~m@=;?HZ~tQ3-Pp#{;EMx*c9Yy`YJBD=-qWDWFHb5Tc#fMt z>+qG?QhA*>r`a9a1V*>t~wya2u<=g`+PIJq+#2=2@y2 z{NWlO#*8x?CAzpC&3jvu2G4#uC~4Up$kFOrWx`eAg#M(_xA?S0mC^aRtoh13>Y}6! zg&nZD4BFKRa!rA^%FJQ(h)SJYWtNJ~=S5fvUE$%6hOb_y$sOh{+CZy1zD8V3-R(yR zgcHu~t}M3}#Tu%SA3d4V&GQY-4koBz-L$p)rTLLlZMJ6nx~t+9gl5yYdm)BcqbvL= ztX7IE3tcif<-G}=6bR)cM`z;|7lm0PT@vWZXR299ixd|s-7vKhx%%8)##cTfBCGVX zh^_{x1rjCH5tZChv#4T%Nm8w(Nr}^BrgVoF!451joAYd2e9FUZ!<;DTP}jsra{9Ko zymSN8h&_r7<)*GD4gxI z=JJay5`g9vYIiR&&5c^}I#r3g$2je83#Y-Bl|*eX!!BiK=~wr0#o3%2RW~Pdhh_y* zfGhMRjFx&oNaoD9t{-#b53|YzpAGg0DrV?4$YUD}UX>`1oyE<(Dn>woRDNuMm8Kmt z{Z?dgV>Gk<5lVP6p{_&g<6Zo`gu(Yz--*-xWROo4J7XU}81_iQCehi4i8iQ)#I|K{48WSUwk1E{Ki-CqpD1^h++gdx4XXQS%tq!ZeFEnjf}#k zGRmrHx>Hl!ZoJo|#MfRNH3;#7(PiXK(uVxj0ADy`H58z z3r6#7zv@jL=0H^)O+fMB;IQ+ref_H>30^lJSJiP4omNYLKhns|8k;$vqK7d%Vyy5I zR<~9Sf0YvQ(Z0`vJS*l#6TcDJ9#(eFB*U&jNK}}FIk35?@sdN$ujI6Pmu&l!0QYIj zdYkh^g0BZ#`giwrI0&gpIEAGvCWAB#Jj!{=Ij!`{U59R(^1d2FAr}9JAf;3%2i#B&Uw&&6>p|_CV$eQJ-$TJG>E7`?OG%*m} z%=Wg1{UJKh9$30PJ8DVO(z&R4trc1njNjt`E6C9&T8PUTmyB={Rg2PgGZu%E*!BfO z=(@ia!*S|lZnwXEWvVr%&*=1OQa!d+Y%yaE=zXY&Ht8*g#Qcxfuy}Wk_x0M$&}lbE2jBS@_}XCyS-8OyQ)I zN!yBcQpctPr;Us#uS!Y}o#!&HFQ1clMt#h=jja&@slRr2{z=%`S0^V?L^qq0voBJG zr{LB~Csq5uEg zWcTl0e%zC%vKvGv(BNIPmZ{qT9y94!U3PuF5e6pi=DMFNjCJD4<|4(^f3o?PIfa96=3YS3QX^YPJR8j|?Z5=qM4q!Jkh{K8q|0T4fnUaB=J%X2lvl$cT3P zJYqy)C|?sBhu%GlkskxjvmNhL$aEJsEanzEjS%mpvR`eq?TyX*{Wy1U7iv4ic|lN8_`86ZU?P)J(47-T$hM+@ zf&Zh-?oAv)tF4BfVsjR}{W&&AYZ<^;BP#s30Re1kuk!1f>fA$YnNMSG4=Y7LmW*0I zi{qrP#UtjMQA0yY;&C4JPXR7Mv2Y1N$_EtlXiM6OH!?mm$%vYI?8h}Ooz~kqFKn%K zizYx6-@C5h26%x64f$mdSh}xtw?T?I=S)ngbHQ2-5UBq$VZ^1byy4vb6D7f>dvZU%qpa;Oa0jC3-lW$UU z>0Pq0RuGY$JXa^|s%mZVJ8#wDFiGO92ySMbib^?ZznkbY*)||09nKvs7j4#+9&EI; zZ`L|3@>A&1rmTLtZLoam$L@=Kr&0#8ycQuo!tG%KSacnG0Xg(Bv*wlkDNEBScP>&1 zl2L)R;*4Zt0RJUr;aqnLXjfk`ptZ9@$rG;jxgY-2!bR(g7?Di6I&k59h8|0gf! z62=!_n~D{Ury#IHY@OvoT-cty@;7Es1dm=#ac+t@@r*o-OBh>mf2WcGpW)wZsb1-` zizSoin&)ayS6ez>xmyt0Z!3n0>#_(_&@sTkSfWN3%_{v^{(Yd97WSJ-5n+-S%TJSu zgL*zZ0q*J--XOQ1JrNO(mBM(7Ks&CZ|9eY_wu=AX|10qVg?Dy>b@3gHrzNoh&if#C zC5U;6o&?v{|F|n-xduQuzud9=@E#kS3Adq;(7nW4m^fsL^Pj{n zVPIT%h+>dZA&|j5;DfzZ6egL&S5uwi@eGBuU42ln{R@w1M1L0~(GXTlfu(MO>#^M_rG_-c{$E&|Sq7Fpj(vmxTedm7GdtN~V-QLS{ zKb@?wcJk*)lZiX(P^nF7J@!fXM9|SWpH_>X6n}K`T_}(2rmzAAh6z1rO^l@{;L$%q z+o}C}lK3|@0c~M^+Go#SpQv;GU;F-KGutGOtH6N^hA1{*+kwIAlnU?~k)6d_{-^Gz ze6p$fk}=14vVLS-Tp07?(+it?T;z_~8!JEN{+RJ!_6PGOC6#wa5 z1aqZVud?#%>8&S%vnsyryHl~rs83GhUiWIYzBALZw#;ea0eV*o;pw#L2k z5o*6`QM2#MCGV_`*U3u_vrK>;Y=#o>di|0q8`t+8yZPzL%HXPiSwFB1|b@*-{jYmbF)U}uU$96Qsd z@6~b1nBZv~Qt^4BPyXM0z510VvXv(vuXx?O;Ail(fL~i*9A4UF*jK8+z~G?05m+uH zTzLQeDY(460K8{q@ySNdJ~`W2_Du@@N9{!yv$w7QE|dTcqjCdNSlFf&DgIwCRNfZ^ zYCbJt-FHmC=E+3&FAGfK|NpvvmE+gO<{#P*s-qdW#e|ELtu4_C5K*8KC&zyYorwN%_1$51+Gf=cg#%{E-zC+3WewY2}2; z(}3!4v4GOf0vRDw)ljW33g%UNjMLrjHANSg0Byd8$e7?vI2(LgKXAYo1RS>Bs4qv( zeIUWBmq15QgX$SDC`A}R9o7VK_vgSvV(bqk7z7;VeR4Fbr731#P2_%~v!L89akRkK z-9A?0?Qbd{{;29n+Oe$o+nY#RH^aEvuc3cWnWQei z{Qmn_?aL<$fMPM1fr}V`%BRKeH}bvtvLN8egVT8Tg| z#hu0C_UrWOERkC*vB?l*>#^&}B8N?7GlPIS-rU~q54QJ6?&$*=$;ySk?$d(%19`45 z31WrrOX0t>tLW+isMt{R|oF6y6NFkjE@IDglUwZP-L zHcxakTo + stx_ipv6_deployment diff --git a/doc/source/developer_resources/stx_ipv6_deployment.rst b/doc/source/developer_resources/stx_ipv6_deployment.rst new file mode 100644 index 000000000..4e4ff7b37 --- /dev/null +++ b/doc/source/developer_resources/stx_ipv6_deployment.rst @@ -0,0 +1,619 @@ +========================= +StarlingX IPv6 Deployment +========================= + +.. contents:: + :local: + :depth: 2 + +---------- +Background +---------- + +StarlingX cluster networking supports both IPv4 and IPv6 (dual stack is not +supported). The current `StarlingX Installation Guide +`_ is only +applicable to IPv4 deployment. + +StarlingX releases before release 2.0 contain all required packages in the ISO +image, so a network connection to the public network is not required during +installing, bootstrapping, and provisioning. + +Beginning with the StarlingX 2.0 release, a native bare metal Kubernetes cluster +with OpenStack runs within containers on top of the cluster, instead of the +host platform. Docker images (for both platform application and OpenStack) are +installed on external image registries and expected to be pulled during the +bootstrapping and provisioning. + +Pulling Docker images from external image registries is not difficult for +StarlingX IPv4 deployment. However, it can be a big challenge for StarlingX +IPv6 deployment because IPv6 is not well supported by current +public/corporate networks. A solution is required to allow StarlingX nodes in +the IPv6 domain to be able to access registry servers in the IPv4 domain. + +There are several solutions for this requirement, IPv6 capable proxy, +NAT64/DNS64 gateway, local registry with IPv6 support, etc. In this document, +we'd like to share our practice in NAT64/DNS64 gateway based StarlingX IPv6 +deployment. + +----------------- +NAT64/DNS64 Brief +----------------- + +NAT64 is an IPv6 transition mechanism that facilitates communication between +IPv6 and IPv4 hosts by using a form of network address translation (NAT). NAT64 +gateway is a translator between IPv4 and IPv6 protocols. NAT64 was standardized +in `RFC 6052 `_, +`RFC 6145 `_, and +`RFC 6146 `_. + +DNS64 describes a DNS server that when asked for a domain's AAAA records, but +only finds A records, synthesizes the AAAA records from the A records. DNS64 +was standardized in `RFC 6147 `_. + +The figure below demonstrates how an IPv6 host access an IPv4 web server with +the assistance of an NAT64/DNS64 gateway. The access is transparent to the IPv6 +host. It doesn't even know the web server is in an IPv4 domain. + +.. figure:: ./figures/nat64_dns64.png + :width: 900px + :height: 360px + :align: center + :alt: NAT64 and DNS64 + + *Figure 1: NAT64 and DNS64* + +#. Host A sends a DNS request to the DNS64 server for the IPv6 address of the + web server. +#. The DNS64 server forwards the DNS request to the DNS server in IPv4 domain. +#. The DNS server sends the web server's IPv4 address back to the DNS64 server. +#. The DNS64 server synthesizes an IPv6 address by combining the IPv4 address + and a pre-defined IPv6 prefix and sends the synthesized IPv6 address to host + A. +#. Host A uses the IPv6 address to access the web server through the NAT64 + server. +#. The NAT64 server knows how the IPv6 address was synthesized. It can + translate the IPv6 packets from host A to IPv4 packets by replacing the IPv6 + address with the real IPv4 address of the web server, and making other + necessary modifications. After the translation, the NAT64 server sends + the packets to the web server. When it gets the response from the web + server, the NAT64 server will translate the IPv4 packets back to IPv6 packets + before sending them to host A. + +------------------------------------------- +NAT64/DNS64 based StarlingX IPv6 deployment +------------------------------------------- + +For a generic StarlingX IPv4 deployment, refer to the +`StarlingX Installation Guide `_. + +In this guide, all the operations are based on a virtual deployment (all +StarlingX nodes are VMs), to introduce how to use a NAT64/DNS64 server to make +a StarlingX IPv6 deployment. + +The diagram below demonstrates the infrastructure of the experimental setup. For +simplicity, the NAT64/DNS64 servers are combined together and the gateway is +running in a container. + +.. figure:: ./figures/stx_nat64_dns64_diagram.png + :width: 900px + :height: 450px + :align: center + :alt: NAT64/DNS64 based StarlingX IPv6 Deployment + + *Figure 2: NAT64/DNS64 based StarlingX IPv6 Deployment* + +* There are three bridge devices in the picture, `br_ipv4`, `br_ipv6_oam` and + `br_ipv6_mgmt`. `br_ipv4` is for the IPv4 domain connection. It is connected + to the outside of the host via the host NIC. `br_ip6_oam` is for the StarlingX + OAM network. `br_ipv6_mgmt` is for the StarlingX management network. The two + bridges are not connected to the outside. +* The green block is the NAT64/DNS64 gateway running in a container. The + container has two NICs: `eth0` is connected to the IPv4 domain and `eth1` is + connected to the IPv6 domain. +* The purple blocks are VMs for StarlingX nodes. `Controller-0&1` are connected + to both the `br_ipv6_oam` and `br_ipv6_mgmt` bridges. Worker nodes and storage + nodes are connected to the `br_ipv6_mgmt` bridge. +* The example uses the IP addresses 192.168.1.0/24 for the IPv4 domain and + FD00::0/96 for the IPv6 domain. + +*********************************** +How to set up a NAT64/DNS64 gateway +*********************************** + +There are many implementations of NAT64 available. +`TAYGA `_ is an out-of-kernel stateless NAT64 +implementation for Linux. It uses the +`TUN `_ driver +to exchange IPv4 and IPv6 packets with the kernel. `TAYGA` is easy to use and +configure, which is why it was chosen in this example. + +For the same reason, `BIND `_ was chosen as the DNS64 +solution in this setup. It is a very flexible, full-featured DNS system. +DNS64 support is added from BIND 9.8.0. + +~~~~~~~~~~~~~~~~~~~~~~~ +Build the gateway image +~~~~~~~~~~~~~~~~~~~~~~~ + +Below is the dockerfile to build the container image. The base image +is Ubuntu 18.04. `TAYGA` and `BIND` are both installed via ``apt-get``. +``run.sh`` is a script to make necessary configurations and start the +two services. `named.conf.options` is `BIND`'s configuration file. + +:: + + # Version 0.5 + FROM ubuntu:18.04 + RUN apt-get update + RUN apt-get install tayga bind9 bind9utils bind9-doc -y + RUN apt-get install iproute2 iptables dnsutils vim iputils-ping -y + + WORKDIR /opt + ADD run.sh /opt/run.sh + ADD named.conf.options /etc/bind/named.conf.options + +The script ``run.sh`` does a couple of things: + +#. Get the IP addresses of the two interfaces +#. Dynamically create a configuration file for `TAYGA` +#. Make necessary configurations (IP address, routing rules and iptables) and + start `TAYGA` service +#. Modify `BIND` configuration file and start `BIND` service + +Please note that in this script: + +#. An IPv6 address prefix as **fd00:ffff** is specified. + That means an IPv4 address `x.x.x.x` will be mapped to an IPv6 address + **fd00:ffff::x.x.x.x**. +#. `192.168.255.0/24` is an IPv4 address pool used by `TAYGA` inside the + container. + +Here's the content of ``run.sh``: + +:: + + #! /bin/bash + # variables + prefix=${1:-fd00:ffff} + gw_ipv4=${2:-192.168.1.1} + echo "$prefix, $gw_ipv4" + + # get container ip + ext_if=eth0 + int_if=eth1 + ext_ip=`ifconfig ${ext_if} | grep 'inet ' | cut -d' ' -f10` + int_ip=`ifconfig eth1 | grep 'inet6 ' | grep -v "fe80" | cut -d' ' -f10` + + ############# + # start nat64 + ############# + cat << EOF | tee tayga.conf + tun-device nat64 + ipv4-addr 192.168.255.1 + prefix $prefix::/96 + dynamic-pool 192.168.255.0/24 + data-dir /var/db/tayga + EOF + + mkdir -p /var/db/tayga + # create TUN device + tayga --mktun + ip link set nat64 up + # IP and routing settings + ip addr add $int_ip dev nat64 + ip addr add $ext_ip dev nat64 + ip route add 192.168.255.0/24 dev nat64 + ip route add $prefix::/96 dev nat64 + ip route del default + ip route add default via $gw_ipv4 + # set up NAT44 + iptables -t nat -A POSTROUTING -o $ext_if -j MASQUERADE -s 192.168.255.0/24 + tayga -c tayga.conf + + ############# + # start dns64 + ############# + sed -i "s#dns64 xxxx:ffff::/96 {#dns64 $prefix::/96 {#g" /etc/bind/named.conf.options + service bind9 start + + echo "start services done!" + +In named.conf.options, the option ``dns64`` is configured as below. Please note +that ``dnssec-validation`` must be set to ``no``. ``127.0.0.11`` is configured +in the option ``forwarders``. The value of the IP depends on the resolver +configured for the container. Docker internally uses libnetwork to configure and +enable the embedded DNS resolver. Libnetwork binds the resolver to the +container's loopback interface, so that DNS queries at ``127.0.0.11`` can be +routed (via iptables) to the ``backend DNS resolver`` in the Docker Engine. +That's why ``127.0.0.11`` is configured here. The DNS64 server will forward DNS +queries to ``127.0.0.11``. + +:: + + options { + directory "/var/cache/bind"; + forwarders { + 127.0.0.11; + }; + forward only; + + dnssec-validation no; + + auth-nxdomain no; # conform to RFC1035 + listen-on-v6 { any; }; + dns64 xxxx:ffff::/96 { + clients { any; }; + recursive-only yes; + break-dnssec yes; + exclude { any; }; + }; + }; + +~~~~~~~~~~~~~~~~~~~~~~~~~~~ +Start the gateway container +~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +Before starting the gateway container, the two bridges, `br_ipv4` and +`br_ipv6_oam`, should be created. Use the ``docker network`` command to create +these two bridges instead of the ``brctl`` command. In addition creating a +bridge device, ``docker network`` will assign a specific subnet to the bridge +and add the necessary iptables rules to make sure the bridge can access the +outside of the host. + +`br_ipv6_mgmt` is used to connect the management network of StarlingX nodes. +This setup is covered in the `Starling Installation Guide +`_. + +The IPv4 and IPv6 addresses used by the gateway container shown in Figure 2 are +all specified in the following script. + +Running a container with two NICs is a little tricky. ``docker run`` doesn't +support attaching a container to two networks. Here's the solution: + +#. Use ``docker create`` and ``docker start`` to create and start a container + first. +#. Use ``docker network`` to connect the container to the second network. + +Here's an example of the script to start the gateway container: + +:: + + #! /bin/bash + + IMAGE_NAME=nat64_dns64_gw + TAG=1.0 + FULL_IMAGE_NAME="$IMAGE_NAME:$TAG" + CONTAINER_NAME="nat64_dns64_gw" + + ipv6_br_name=br_ipv6_oam + prefix=fd00 + ipv6_prefix=$prefix:ffff + ipv6_subnet=$prefix::/96 + ipv6_br_ip=$prefix::ff + ipv6_srv_ip=$prefix::1 + + ipv4_br_name=br_ipv4 + ipv4_subnet=192.168.1.0/24 + ipv4_br_ip=192.168.1.1 + ipv4_srv_ip=192.168.1.2 + + # create networks + v6net=$(docker network ls | grep $ipv6_nw_name) + if [ -z "$v6net" ]; then + echo "create network $ipv6_nw_name" + docker network create --driver=bridge -o \ + "com.docker.network.bridge.name=$ipv6_br_name" \ + --subnet $ipv6_subnet --gateway=$ipv6_br_ip --ipv6 \ + $ipv6_nw_name + fi + v4net=$(docker network ls | grep $ipv4_nw_name) + if [ -z "$v4net" ]; then + echo "create network $ipv4_nw_name" + docker network create --driver=bridge \ + -o "com.docker.network.bridge.name=$ipv4_br_name" \ + -o "com.docker.network.bridge.enable_ip_masquerade=true" \ + --subnet $ipv4_subnet \ + --gateway=$ipv4_br_ip \ + $ipv4_nw_name + fi + + # run your container + echo "start container $CONTAINER_NAME" + docker create -it --net $ipv4_nw_name \ + --ip $ipv4_srv_ip \ + --name $CONTAINER_NAME + --cap-add=NET_ADMIN \ + --device=/dev/net/tun + --sysctl net.ipv6.conf.all.disable_ipv6=0 \ + --sysctl net.ipv4.ip_forward=1 \ + --sysctl net.ipv6.conf.all.forwarding=1 \ + $FULL_IMAGE_NAME /bin/bash + docker start $CONTAINER_NAME + docker network connect $ipv6_nw_name --ip6 $ipv6_srv_ip $CONTAINER_NAME + docker exec -d $CONTAINER_NAME /opt/run.sh $ipv6_prefix $ipv4_br_ip + + +************************************************************ +How to bootstrap and provision StarlingX for IPv6 deployment +************************************************************ + +Once the NAT64/DNS64 gateway is ready, it's time to start installing StarlingX +by following the `StarlingX Installation Guide +`_. + +~~~~~~~~~~~~~~~~~~~ +Bootstrap StarlingX +~~~~~~~~~~~~~~~~~~~ + +At the first boot-up of `controller-0`, the gateway and routing rules need to be +configured before bootstrapping. + +In this example, ens6 is the interface of the OAM network, f00::1 is the IP +address of the NAT64/DNS64 gateway, and fd00:ffff::/96 is the synthesized +IPv6 address: + +:: + + sudo ip addr add fd00::3/96 dev ens6 + sudo ip -6 route add fd00:ffff::/96 via fd00::1 + sudo ip -6 route add default dev ens6 + +For a StarlingX simplex case, a `localhost.yml` like the example below is needed +to bootstrap `controller-0`. + +:: + + --- + system_mode: simplex + + admin_username: admin + admin_password: + ansible_become_pass: + + external_oam_subnet: fd00::/96 + external_oam_gateway_address: fd00::1 + external_oam_floating_address: fd00::3 + + dns_servers: + - fd00::1 + + management_subnet: fd01::/96 + management_multicast_subnet: ff08::1:1:0/124 + cluster_host_subnet: fd02::/96 + cluster_pod_subnet: fd03::/96 + cluster_service_subnet: fd04::/112 + + +For a StarlingX duplex or multi-node case, the sample `localhost.yml` is as +shown below: + +:: + + --- + system_mode: duplex + + admin_username: admin + admin_password: + ansible_become_pass: + + management_subnet: fd01::/96 + management_start_address: fd01::2 + management_end_address: fd01::50 + + external_oam_subnet: fd00::/96 + external_oam_gateway_address: fd00::1 + external_oam_floating_address: fd00::2 + external_oam_node_0_address: fd00::3 + external_oam_node_1_address: fd00::4 + + dns_servers: + - fd00::1 + + management_multicast_subnet: ff08::1:1:0/124 + cluster_host_subnet: fd02::/96 + cluster_pod_subnet: fd03::/96 + cluster_service_subnet: fd04::/112 + +~~~~~~~~~~~~~~~~~~~ +Provision StarlingX +~~~~~~~~~~~~~~~~~~~ + +For duplex or multi-node cases, additional configurations are required because +in the StarlingX system, the pxeboot network and management network share the +same link. In the current support for IPv6, the management interface needed to +be isolated as a VLAN interface, and an untagged pxeboot network must be +configured. Otherwise, `controller-1` fails to get IPv6 address on the first +boot-up. + +The following shows the commands to create VLAN interface for the management +network during the provision stage of `controller-0`. + +With these commands, a logic interface called `mgmt_vlan` with VLAN id 100 on +the port `ens7` is created, and management and cluster networks are assigned to +this interface. Pxeboot network is assigned to the interface `ens7` (untagged). +(No need to do this again on `controller-1`, StarlingX will take care of the +VLAN interface creation for `controller-1`.) + +:: + + $ system host-if-add controller-0 mgmt_vlan vlan ens7 -V 100 + $ system host-if-modify controller-0 ens7 -c platform + $ system host-if-modify controller-0 mgmt_vlan -c platform + $ system interface-network-assign controller-0 mgmt_vlan mgmt + $ system interface-network-assign controller-0 mgmt_vlan cluster-host + $ system interface-network-assign controller-0 ens7 pxeboot + +Once these configurations are done, unlock `controller-0`. After that, +there are no other special operations required for IPv6 deployment, just +follow the generic StarlingX installation process. + +Some useful log information during the deployment is provided here for +reference. + +* System version + + :: + + [sysadmin@controller-0 ~(keystone_admin)]$ system show + +----------------------+--------------------------------------+ + | Property | Value | + +----------------------+--------------------------------------+ + | contact | None | + | created_at | 2020-03-20T09:21:08.889223+00:00 | + | description | None | + | https_enabled | False | + | location | None | + | name | f6e37368-80aa-4ce4-a205-115a321b9858 | + | region_name | RegionOne | + | sdn_enabled | False | + | security_feature | spectre_meltdown_v1 | + | service_project_name | services | + | software_version | 20.01 | + | system_mode | duplex | + | system_type | All-in-one | + | timezone | UTC | + | updated_at | 2020-03-20T09:22:58.865137+00:00 | + | uuid | 985077eb-03e5-425d-8b09-3d11b938ba58 | + | vswitch_type | none | + +----------------------+--------------------------------------+ + +* Controller-0 network list + + :: + + [sysadmin@controller-0 ~(keystone_admin)]$ system network-list + +----+--------------------------------------+-----------------+-----------------+---------+--------------------------------------+ + | id | uuid | name | type | dynamic | pool_uuid | + +----+--------------------------------------+-----------------+-----------------+---------+--------------------------------------+ + | 5 | 0c1d74ed-1ffb-4a03-949b-a45a4575912b | cluster-host | cluster-host | True | d835802c-1dcb-4b08-a0a1-5e688e8c45b9 | + | 2 | 3fd3b624-abc6-4b8a-843d-93cde783e3e4 | pxeboot | pxeboot | True | 9f30964b-393c-4556-b368-a9f7f9278fd2 | + | 1 | 4d6733f0-f3f7-4285-8625-5f7ffb0a207f | mgmt | mgmt | True | 19785b30-349f-49e5-81ea-55f62d530d7a | + | 6 | 73d25d3a-59e3-467c-8479-280da8952b58 | cluster-pod | cluster-pod | False | 5eacf77d-5dfa-4ed6-9170-c0d106c0a4b9 | + | 4 | ae5b50fb-43f2-4401-ac27-a9bb008b97e5 | multicast | multicast | False | e2b67d50-8bf8-4a99-b7f7-f1b74e101c3c | + | 3 | ceca83ec-b442-45f0-b32b-0cdfbc11a74a | oam | oam | False | 0b30c5aa-427c-4133-a09b-7cc91240e8e4 | + | 7 | fdeb383d-588a-4454-87c5-4a3bcff77374 | cluster-service | cluster-service | False | 84432e6d-81b0-4b97-aacf-f4a47f1235bd | + +----+--------------------------------------+-----------------+-----------------+---------+--------------------------------------+ + +* System address pool + + :: + + [sysadmin@controller-0 ~(keystone_admin)]$ system addrpool-list + +--------------------------------------+------------------------+---------------+--------+--------+-----------------------------------+------------------+---------------------+---------------------+-----------------+ + | uuid | name | network | prefix | order | ranges | floating_address | controller0_address | controller1_address | gateway_address | + +--------------------------------------+------------------------+---------------+--------+--------+-----------------------------------+------------------+---------------------+---------------------+-----------------+ + | d835802c-1dcb-4b08-a0a1-5e688e8c45b9 | cluster-host-subnet | fd02:: | 96 | random | ['fd02::1-fd02::ffff:fffe'] | fd02::1 | fd02::2 | fd02::3 | None | + | 5eacf77d-5dfa-4ed6-9170-c0d106c0a4b9 | cluster-pod-subnet | fd03:: | 96 | random | ['fd03::1-fd03::ffff:fffe'] | None | None | None | None | + | 84432e6d-81b0-4b97-aacf-f4a47f1235bd | cluster-service-subnet | fd04:: | 112 | random | ['fd04::1-fd04::fffe'] | None | None | None | None | + | 19785b30-349f-49e5-81ea-55f62d530d7a | management | fd01:: | 96 | random | ['fd01::2-fd01::50'] | fd01::2 | fd01::3 | fd01::4 | None | + | e2b67d50-8bf8-4a99-b7f7-f1b74e101c3c | multicast-subnet | ff08::1:1:0 | 124 | random | ['ff08::1:1:1-ff08::1:1:e'] | None | None | None | None | + | 0b30c5aa-427c-4133-a09b-7cc91240e8e4 | oam | fd00:: | 96 | random | ['fd00::1-fd00::ffff:fffe'] | fd00::2 | fd00::3 | fd00::4 | fd00::1 | + | 9f30964b-393c-4556-b368-a9f7f9278fd2 | pxeboot | 169.254.202.0 | 24 | random | ['169.254.202.1-169.254.202.254'] | 169.254.202.1 | 169.254.202.2 | 169.254.202.3 | None | + +--------------------------------------+------------------------+---------------+--------+--------+-----------------------------------+------------------+---------------------+---------------------+-----------------+ + +* Controller-0 interface list + + :: + + [sysadmin@controller-0 ~(keystone_admin)]$ system host-if-list controller-0 + +--------------------------------------+--------+----------+----------+------+--------------+----------+---------+---------------------------+ + | uuid | name | class | type | vlan | ports | uses i/f | used by | attributes | + | | | | | id | | | i/f | | + +--------------------------------------+--------+----------+----------+------+--------------+----------+---------+---------------------------+ + | 411ea0bf-a096-42e6-8681-26e6f29314eb | ens7 | platform | ethernet | None | [u'ens7'] | [] | [u'mgmt | MTU=1500 | + | | | | | | | | _vlan'] | | + | | | | | | | | | | + | 81aaac13-2c2f-4b3e-9ddc-d51114d36767 | data0 | data | ethernet | None | [u'eth1000'] | [] | [] | MTU=1500,accelerated=True | + | a0d93129-0ed4-435a-906e-6b135f6f066a | ens6 | platform | ethernet | None | [u'ens6'] | [] | [] | MTU=1500 | + | d5d88e96-04c6-4981-aa84-07d64a4eae5c | mgmt_v | platform | vlan | 100 | [] | [u'ens7' | [] | MTU=1500 | + | | lan | | | | | ] | | | + | | | | | | | | | | + | d933d630-f24e-4e69-b4a1-0c840a3dbbc7 | data1 | data | ethernet | None | [u'eth1001'] | [] | [] | MTU=1500,accelerated=True | + +--------------------------------------+--------+----------+----------+------+--------------+----------+---------+---------------------------+ + +* Controller-1 interface list + + :: + + [sysadmin@controller-0 ~(keystone_admin)]$ system host-if-list controller-1 + +--------------------------------------+----------+----------+----------+------+--------------+--------------+-----------+----------------------+ + | uuid | name | class | type | vlan | ports | uses i/f | used by | attributes | + | | | | | id | | | i/f | | + +--------------------------------------+----------+----------+----------+------+--------------+--------------+-----------+----------------------+ + | 6c082ca1-634c-4475-a9cc-dcb15eaa9a52 | pxeboot0 | platform | ethernet | None | [u'ens7'] | [] | [u'mgmt0' | MTU=1500 | + | | | | | | | | ] | | + | | | | | | | | | | + | bf743d9f-c1f5-497e-8199-4b59b67dd7de | data0 | data | ethernet | None | [u'eth1000'] | [] | [] | MTU=1500,accelerated | + | | | | | | | | | =True | + | | | | | | | | | | + | eb6ef259-64a1-4141-9514-f8767f51ba2a | oam0 | platform | ethernet | None | [u'ens6'] | [] | [] | MTU=1500 | + | ed34b240-8df3-4661-a1bf-4a536c8f1d9a | mgmt0 | platform | vlan | 100 | [] | [u'pxeboot0' | [] | MTU=1500 | + | | | | | | | ] | | | + | | | | | | | | | | + | f07cb373-377c-46de-a9e0-f05fee927236 | data1 | data | ethernet | None | [u'eth1001'] | [] | [] | MTU=1500,accelerated | + | | | | | | | | | =True | + | | | | | | | | | | + +--------------------------------------+----------+----------+----------+------+--------------+--------------+-----------+----------------------+ + +* Controller-0 interface and assigned network + + :: + + [sysadmin@controller-0 ~(keystone_admin)]$ system interface-network-list controller-0 + +--------------+--------------------------------------+-----------+--------------+ + | hostname | uuid | ifname | network_name | + +--------------+--------------------------------------+-----------+--------------+ + | controller-0 | 231f0e32-e726-405a-b09a-7b51c62eb047 | mgmt_vlan | cluster-host | + | controller-0 | 52f578fd-ace6-4644-998f-24ad9b413ad8 | ens6 | oam | + | controller-0 | 5dce2586-0df1-4299-a764-b62252a70832 | mgmt_vlan | mgmt | + | controller-0 | a94d2767-582b-4b45-bf38-0faea10cc016 | ens7 | pxeboot | + +--------------+--------------------------------------+-----------+--------------+ + +* Controller-1 interface and assigned network + + :: + + [sysadmin@controller-0 ~(keystone_admin)]$ system interface-network-list controller-1 + +--------------+--------------------------------------+----------+--------------+ + | hostname | uuid | ifname | network_name | + +--------------+--------------------------------------+----------+--------------+ + | controller-1 | 079030b3-89a2-45ba-8977-a0d19060fa31 | mgmt0 | cluster-host | + | controller-1 | 74df5f28-ad34-451a-af0d-f4c7622038b3 | mgmt0 | mgmt | + | controller-1 | 84e0d42e-5c04-40c9-b6a7-afcd08ea78b5 | pxeboot0 | pxeboot | + | controller-1 | 94d9a5ee-7fed-4b08-a41b-7b03ec71f447 | oam0 | oam | + +--------------+--------------------------------------+----------+--------------+ + +Some useful commands are listed here for reference. + +:: + + # dns lookup for IPv6 address + nslookup –query=AAAA + + # ping IPv6 address + ping6 + + # trace IPv6 path + tracepath6 -n + + # show IPv6 routing table + ip -6 route show + + # show IPv6 iptables in nat table + ip6tables -t nat -L + + # copy localhost.yml to controller-0 + scp -6 localhost.yml sysadmin@\[fd00::3\]:~/ + + # ssh controller-0 + ssh sysadmin@fd00::3 + +------- +Summary +------- + +In this document, we introduced a method to make a StarlingX IPv6 deployment +based on a NAT64/DNS64 gateway. Though only virtual deployment was discussed +here, the same method is also applicable to physical deployment. Physical +switches used for the management network should be configured to support VLAN.