From 55527a22b102703d66efda61e44054af26ff16ed Mon Sep 17 00:00:00 2001 From: BIN HU Date: Sat, 13 Oct 2018 17:36:22 -0700 Subject: [PATCH] Docker IPv6 NAT Change-Id: I1abf48d46feb721cde0dda0326ece36f14e88214 Signed-off-by: BIN HU --- docs/release/userguide/docker-ipv6-nat.rst | 130 +++++++++++++++++++++++ docs/release/userguide/images/global-unicast.jpg | Bin 0 -> 7793 bytes docs/release/userguide/images/link-local.jpg | Bin 0 -> 8675 bytes docs/release/userguide/images/unicast-scope.jpg | Bin 0 -> 18425 bytes docs/release/userguide/images/unique-local.jpg | Bin 0 -> 12513 bytes docs/release/userguide/index.rst | 4 +- 6 files changed, 133 insertions(+), 1 deletion(-) create mode 100644 docs/release/userguide/docker-ipv6-nat.rst create mode 100644 docs/release/userguide/images/global-unicast.jpg create mode 100644 docs/release/userguide/images/link-local.jpg create mode 100644 docs/release/userguide/images/unicast-scope.jpg create mode 100644 docs/release/userguide/images/unique-local.jpg diff --git a/docs/release/userguide/docker-ipv6-nat.rst b/docs/release/userguide/docker-ipv6-nat.rst new file mode 100644 index 0000000..314e4ec --- /dev/null +++ b/docs/release/userguide/docker-ipv6-nat.rst @@ -0,0 +1,130 @@ +.. This work is licensed under a Creative Commons Attribution 4.0 International License. +.. http://creativecommons.org/licenses/by/4.0 +.. (c) Prakash Ramchandran + +=============== +Docker IPv6 NAT +=============== + +-------------------------------------------------- +What is the Issue with Using IPv6 with Containers? +-------------------------------------------------- + +Initially Docker was not created with IPv6 in mind. It was added later. As a +result, there are still several unresolved issues as to how IPv6 should be used +in a containerized world. + +Currently, you can let Docker give each container an IPv6 address from your +(public) pool, but this has disadvantages (Refer to [1]_): + +* Giving each container a publicly routable address means all ports (even + unexposed / unpublished ports) are suddenly reachable by everyone, if no + additional filtering is done. +* By default, each container gets a random IPv6 address, making it impossible + do DNS properly. An alternative is to assign a specific IPv6 address to each + container, but it is still an administrative hassle. +* Published ports won't work on IPv6, unless you have the userland proxy + enabled (which, for now, is enabled by default in Docker) +* The userland proxy, however, seems to be on its way out and has various + issues, such as: + * It can use a lot of RAM. + * Source IP addresses are rewritten, making it completely unusable for many + purposes, e.g. mail servers. + +IPv6 for Docker can (depending on your setup) be pretty much unusable and +completely inconsistent with the way how IPv4 works. Docker images are mostly +designed with IPv4 NAT in mind. NAT provides a layer of security allowing only +published ports through. Letting container link to user-defined networks +provide inter-container communication. This does not go hand in hand with the +way Docker IPv6 works, requiring image maintainers to rethink/adapt their +images with IPv6 in mind. + +---------------------- +Why not IPv6 with NAT? +---------------------- + +So why not try resolve above issues by managing ``ip6tables`` to setup IPv6 NAT +for your containers, like how it is done by the Docker daemon for IPv4. This +requires a locally reserved address like we do for private IP in IPv4. These +are called in IPv6 as local unicast Ipv6 address. Let’s first understand IPv6 +addressing scheme. + +We note that there are 3 types of IPv6 addresses, and all use last or least +significant 64 bits as Interface ID derived by splitting 48-bit MAC address +into 24 bits + 24 bits and insert an FE00 hexadecimal number in between those +two and inverting the most significant bit to create an equivalent 64-bit MAC +called EUI-64 bit. Refer to [2]_ for details. + +**1. Global Unicast Address** + +This is equivalent to IPv4’s public address with always 001 as Most +Significant bits of Global Routing Prefix. Subnets are 16 opposed to 8 bits +in IPv4. + +.. figure:: images/global-unicast.jpg + :name: docker-ipv6-nat-figure1 + :width: 100% + +**2. Link-Local Address** + +Link-local addresses are used for communication among IPv6 hosts on a link +(broadcast segment) only. These addresses are not routable. This address always +starts with FE80. These are used for generating IPv6 addresses and 48 bits +following FE80 are always set to 0. Interface ID is usual EUI-64 generated from +MAC address on the NIC. + +.. figure:: images/link-local.jpg + :name: docker-ipv6-nat-figure2 + :width: 100% + +**3. Unique-Local Address** + +This type of IPv6 address is globally unique & used only in site local +communication. The second half of this address contain Interface ID and the +first half is divided among Prefix, Local Bit, Global ID and Subnet ID. + +.. figure:: images/unique-local.jpg + :name: docker-ipv6-nat-figure3 + :width: 100% + +Prefix is always set to 1111 110. L bit, is set to 1 if the address is locally +assigned. So far, the meaning of L bit to 0 is not defined. Therefore, Unique +Local IPv6 address always starts with ‘FD’. + +IPv6 addresses of all types are assigned to interfaces, not nodes (hosts). An +IPv6 unicast address refers to a single interface. Since each interface belongs +to a single node (host), any of that node's interfaces' unicast addresses may +be used as an identifier for the node(host). For IPv6 NAT we prefer site scope +to be within site scope using unique local address, so that they remain private +within the organization. + +.. figure:: images/unicast-scope.jpg + :name: docker-ipv6-nat-figure4 + :width: 100% + + Figure 1: Scope of IPv6 Unicast Addresses + +Based on the IPv6 scope now question arises as what is needed to be mapped to +what? Is it IPv6 to IPv4 or IPv6 to IPv6 with post? Thus, we land up with are +we talking NAT64 with dual stack or just NAT66. Is it a standard that is agreed +upon in IETF RFCs? Dwelling into questions bring us back to should we +complicate life with another docker-ipv6nat? + +The conclusion is simple: it is not worth it and it is highly recommended that +you go through the blog listed below [3]_. + +---------- +Conclusion +---------- + +As IPv6 Project team in OPNFV, we recommend that IPv6 NAT is not worth the +effort and should be discouraged. As part of our conclusion, we recommend that +please do not use IPv6 NAT for containers for any NFV use cases. + +---------- +References +---------- + +.. [1] https://github.com/robbertkl/docker-ipv6nat +.. [2] https://www.tutorialspoint.com/ipv6/ipv6_special_addresses.htm +.. [3] http://ipv6friday.org/blog/2011/12/ipv6-nat/ diff --git a/docs/release/userguide/images/global-unicast.jpg b/docs/release/userguide/images/global-unicast.jpg new file mode 100644 index 0000000000000000000000000000000000000000..2eedf73cbe0c0a95a5cd20fc4cce6c63ed78d219 GIT binary patch literal 7793 zcmcgx2{>D6+ditAwy2?&R!drKhfa$wmVQLi%~sV^7nG9eX02un+5}Cysg{z#l);p$ z7ATUASt3K9uL5E3Cmmh&Go-+ceHo$H_Z|L?!Plf1dE^X574dG2SqpXZzx z`~VIBUmdcsw*lnjQ82LSmcOBTP-u@w3$ELTuix>R8$47O~!(n=*I#g&SR z%B$4AQeLIHN>TAE&978ft7~XzD5+?z(NtffrmmsBxQLuQbj?zQ6$%O~)Rh&L)&JKA z_!3ZE4jhszmzUE6mZ-|ftIB~502~116d-LE75?WTw*=C08EpBAm5Pu+$ydMkKhet*^WBh5s%&c%uG{3NjOAe6#4c5PqeTGXF!nI`SQu(E@MO<=Au0TUxb*aL} zoy*krIl;~ZuGZUieYyJnxQxQu6`OV+<7u4zzI~YSUNZYFLDu&;8A`To&?Y&|6v>Ql4~sRE>Z@R!J`i)bEiX zLEzzfrpUAk1O~~3mh|ZZ;rbxpIZYfLDL_9|*#QE#14UOsVDCR_c>Z`0X!7}D#-BR+ zPeGoF6oA&QErEV?GG%L-c z8VhrKH>YrX+Rw=$#~mHE(s#jhGDG}Rc#VZUvPE&?q~Pp4Q$A%f;1Y{c7R6>bZB|p+ zxtWxi58y{6yGiv^3vw+WaMQh2W@-D`xkux0f%lUZU*)cM&K-|ElYTxI5lM_b@8#OXzCVZ6OY&eIw>?@7SAl{^}c&adC7 zc_q<&$C?J=98Y~`x%Jgb5a@dALNITbOf51$3fuDe`d{8KyM3?jnZG3lH{pPQeE2$J zuIh82;kt3L1xk@KcNZ(o4Uv@;7@tg)V#Q0U;ZVqa;^Ai%SjhwZJE#fA4iK0rm6agQ z@H6X?iruj!ytIt?Y~CM{SfLd;HS2wSou#&uzY@inn|($PTW)x;FQ^ul1 zT==J_!IT~R{PgR=drBNcUMW3OdE}W`2BIc8Bt(OZ34=Eo^m|wV`1HSUp9kY8}KR{e5<722M7^US6onzaTe;A88}384Vm;n4um0U>~Ub$o^b*ALh;Q zTh=Cw5ySjk`D@H`1pqSPXG~BsqV4i>YFUf;ATHN79x@kFMbT$24x$Xd{_yxW_@~>- z7MKg?bV6;f6Maxi!|h&BS?wV@hs--431;TH$PV0{#?(vP?v@ZG2UN3wFm+}9%ErIaUS8eAv>ui1;tm39Ab{?7fBL047cg#Me)j%%e>IO$JmZ#A2+JHk7aT57E0pFV zbudgnv&%HyEh&TOej!uzIOIlRrB}SB?`HAWoz{tKkB42kjh@s7Mv1JS32pPtSrTOKQ+nTY+HE$=+fd%o$^*))bDN6)_ z3e69)r|RH}B6z)pbIBvRM~~lkqJ(`hUZj)d;&{LAz_&?ho<=x@ya&X`4*fcyw`K26;vh?*nSZIH{3!VJ2 zqMSf*ygy?uF`26)EkFuL6xE6K=*1=lvIWE=FALENQu(r^(Qm`giWE_eBsE+pJ|wkY zn|h>e))CRiS-92KB8-kK_KDsc<~$6a!JF3`zn+J0Ifo+-knYmh!w=Zf z7x;yGyzB6+RfDR9m+bA$U{y91D$jOeQLF9|5Ma7M$**k6%alcORX|`#Bb-NNt^lF1 zhg`$kepG7?k50=2f%D8Y7&Obb%9d3Fh%yj{7asdM(>=3^2p*=!S?b>ld{KEvG|Fvf2mG%A1U=BeUFbrHp)Pt zFCf~p6;i{BmoAH1_Alo^LH3(>3_u{#WMrwoCKrbIfrf%?ceT*2DNQR|R`)Y9Q#PHoA11mmafz zGG?PP(Y(i5rWpMr>1|1@eOawak}Qr=eO#s;#ybi%2vEb zbn^s%BzpGhcApdrOkWe;H>Z9(C&;RTBP^}yNmA5GlHF;=R@a1rz(f`ZJh0MV)B`0| zS6+0>=&yR9LBLvmF+eH+F4PI?7}wJ;WD7&mV!tho-I>iHn&z!Lekap%^$>n<|0&J>IuY|BP2P0iZps?^jX}TxJN~1notOJccRN2}47rXvVVL5+hI_ohjAGn5 z<3H~0lC;d--;Ta+h(r)|c%kQgYF_!TY7*WOVc}ez{4pXgg(H6?p^kpF;xwMApHh~T z2N6Mdb*T4ZDi9Y8v>|?IgWVJr3o)Xb1vbIrXw(Y-g(K-fIgA6k**S;P=}dpxgsDx` zuyGOjyR2sWjUbRHwe}U=6k1dGF4u#lnt~&|x|VZ~aEZ#u+M6vG9y2k0wWjGkWd~%> z`fQF9I-7Xeb5=>enf5n6LNC$)3JNrgNZnu+@%_j(d$BGqP250KJ>O{*Tq%+`X8F-W z{nh&1@lvhk zrQM)1M%BDaB*uMAIJcC&2*XWOwE_%DscyfUN ze8*Izs7v-2^QP*Ft8k@Mh^~_c?gYFG8coT6pJDdI#4P_(4WXMk!4XVBc3}3+J*Pq~ zZNg)Ir1WkDT$VW2W&8)j(vp2ZfUIASBl=8fjK$+0^=Lm#3@Yp?E3f3col5&_PK_0E8R zB8RY%ZdfOq))_Gm-X!JO*=uj}mIp-TITGi#GE}j5pInB8Mr03c~LN7Vaft z@WZ;_NaJTjm#WTP8JJp*(??%**hifS+vZCi_ZhT}oo2hY^ycf|TXD=41aR$+0#Y*a zNMN|C*aVka_Y2O`5K~Wp@sot%81GyDTG!wz_QKv=66#1#7CuZ;c_;FXMuAx&2&`&J zqkh7r!Jpa&z_(7+iV>oOf#)^(=)Bam?5fh(ud50x$jqzTFQL;BU->%!biZsh<X3(}ieGM+x_2xmIX=iBnjQtkA;qdrXdSWKNrdjrW9t4Iq6?+YVz{xoo zF`=u5l_gUT1OW}^HW<9Zy_-nC$i1Hu|=7_KZGa}-El}i27AR#NOcT4$;ofidb z34#Eb_E_$}%UplWZT}wrMeRYBK9zzENsQvdtW5P%HL4(+9RUxbg+YYuNT(bSO zAIrA19X7kXD>7M9efGWWJhA6wL8bxlD9S)SiLZb63@_%HC&SiQ_+3&!SD*J*pGZ`7 zLOX07iFb8)Uj7B+w$J3oSi2#?xr7m0QZ?H19G*v+t1mERUYi|cIf_%oUysqa74~NX zD<^v6*kib|M2$Dw#iR0_J_Y7l>6#lYQH53Ou8`(&vaZUTSER+_-CPi$v=|E`8*3J{ z!nGjJC_s6(@hB{_-7`>{!N=tMMph}(;7gimBt91 z4%dWw1P>lYrmmGPiLm|C#dbf#3D}9r?EKXSuu38uhZwhQPu0*|aemyqC5qE5tzgR9 zL}ehbf9eL*YdnPB*9?6F%=ozpNL-a@;*609syQnaTV?w*#Ru3-sUk%Y1nO=GK;VZQ z`S#I*JzrjpA|nla|-zZl>9tDZLhQ~Rc7)RS~@qZIhVR=&a!y!C1P+AitOO7-fO=sh@m0AZ7xv22tR&T*f8I?unKfS%f?q}ovFfD7!K;^z#2RnKWWv+8 zHoch}r=E$}ct=lZ3*ca_epK$%LPSHUMZmi@_vRe?^%pr<&9>fXJI^g1X8qe^u&Oq<00eEQ}0VAM!N80`SmoY&|PzT0)$@p zyP^I6nkQc@cCxj8ur*3c7eV3CBzkG8V#lo1WshiZ-VYuZdrYXd#WF+_lG{3p); zcM|psMgHDmPWCM3U5egYj40QRS8^{-!uPQVJI#2-cpCB@12f{kR|j?vapnSRjovBG zQ?u*x@)J`pBAQdnEhb`6sqnbni5snh`5^F&^O2^{f=AL(w=O+@&OMtr=v;1T6yneE zWKReFJb}jye?Ubb*~H}pRG6l=)>PorsWv2ijdMvB`1c)D2~+Z(bz4m-ZJMT~;cO0fC^s zx+6I_H!Fumx>1F|etpV$mz|rxl@yHN@vTz6`|Kb_onnQmZv{jL8n9S3zVJr3jC4SAFcjvYQO)VzgdHw6(cQ zgk0fPvv>a(F^aq9BhMIpZduP%BNNs9>1oktO}82aPcwq2Ia)vTOghuYb^7AA@49~p zX>0nWE#$Y|7ex%bMsD!ATydJV%YCzUX;Lnh1RE}@xxqayTiVU?kKxZXaZ#*BTJ-zs zC(VyJGTq|Ba*t!OY5E%DlrityhB3ng4x;lzt6A-P!c>dH6Ujx=Q4zdAvM&~+=nu0m ztgZ^?HQhy(m~arcytfKlH|~_tCS`})UWSVd-!uXk`fPNiWN zE@BI&*aQ9X;2VFf1>1#<(%uQjY)iqk%QN?I3{ToM8GXJG7s+*NAe{e-SZDead;L`D z({d271%ZR&Y#Gw*DC}XowL0MRC*$qaT`!nXDAnMaTNH&(1UkP($xM^t21lO1ZvJ|F zz2Ai&BKB2BzU!3haWTiTTmvLmiEN?;n(V>(#dnyA`ueq3nj>?5r>E0n8MT`}62ZMh zejRSf?mtuTZIloW!`%S2?HTY7`Ge>eXfv?DQtL2`c%e;+yYTu=)FUj-B4`QxM9oFcd8Us~}`JbDh8 zV^Y@Y$7lu*PBnN~gto!l|11~&WNsPiPL<^oT<(F&4%2E2>Zy(?y`86BF?9(CEQleQ z*!#In`Ka>+Fp)!pmfKYQyqCx$ub(g(HnrT9!^^ENRIeRs_TTPqzJXX-bD4mB5E0g* zE;r2BAhHa|!C~v@MhR>kOr0<5shXo1^t>oGp=~W)v4Q?-Z0-HqZ_qrN6;^D*5r*Ch zB_p@-l{`0#4{HVF=MS43(`knNs#0gvYaS8q$cr zRBwT?d{YNY6Xiwr*(}(Qf||kZ4*y;<7#^FvCuHmN$qz_nIK5f9hDGMQmVaQ!7({JgGOI||@iISBozRd%n?>Y|zk%67_DlNDE$r@1qlcCXqE2!UrtF%sXNW3&P_FvVQW_M1!2 z9%HZ94SSY!Kzj(Qb7ZfHs}RQn@Tlk+chq`Oij2K>vdXD|V-cQmzbWzPH&e0wsxIgE z?YM(HG*K18qhPhh=tfVoa5Wx0=Zq)rXy5e<>SijGt@jR(HiraQfIxEY)=PdxX9Y)+`cV$JCtb^)33TM-{HL)fB&^Nt0TqMF-eq`E|l zN>FWKub42NoOR%Ojc~7&X_+NzX4!{Pnl1ft{jmh^5F=u>XDa#=5B|}kDqzol0g#O5 A6951J literal 0 HcmV?d00001 diff --git a/docs/release/userguide/images/link-local.jpg b/docs/release/userguide/images/link-local.jpg new file mode 100644 index 0000000000000000000000000000000000000000..e0f00aa7e05713b2b986ebc4092759ec5d533152 GIT binary patch literal 8675 zcmbVwdmvP6`}RUQ2}vkoN}^q%g=Pq=T_L2|r3gDy&SFRm zF_@iksHDkhG$u5J9A^fNVNTz&-{1T0H~M~if8R3m&uz`Kp8I~T`?{`sNj^$G1FKIQ zvpNPyNl5`eLw|sT2^;}rq^0LS(6t2m$S#+aU9v=W<+5cT^F06+U@*?|L2mDhW5C0+42=D<)9l#s{v^#85!v%GV{BJ z?hc3k4=hoVU9)M|p{2@p=a*?;UTgI0y{F4JA1;2Sa;Al&v-`r88!J|-s;yhEzC~AW z>rdN^O-#-9?A>?dsKqhM<5nlmp0jsAIy#};FM3?^^z!xz3<|!A#f604ycHQ0eLE)h ze!_!?iAj%=Q_?dsv$At?^PasZDJ7MazpSXNrPkFqG`@cGwzaLjgWma((Z%ZP|1vN* z^mTZIJ2^G|jW@%eotw`~3Xu6%TK~yxL0(EwUeZgJ$ShelpO=(07W&F4Es@={Yw4Op zcFWFRR@OH9b@|%E_nsENTCsWe8IH<@D=jNkb&OeCxbvy~nb|)}?8g6BX8%d-ue`c| zRWef0;mIfg2tZ)Xg4G(z^V?YB)IuK#&^6PQ^(oZJU|vXos9=tz zP=JB)Py3*S_s)plQzk8g6p5YU2ThKl$U9X5ChYonxOMfaUN0j{5#ErYJ9$QzJ{M;qLN_lGuaDVH{)z;g5};+6f?2(3*O#W!81 z{Lo=(!NmzPFw^!~I$5qr8J9@wPkj8OsuC;QY!=yrtJJ@Zy9^uD_COixc+GuZtK zk^H#l6fKP`0ixkMxoYw7m0g&_esGv_c-qCOiSt;JnbQ8oL8FZAzJAGlNi)}z#Opg> z!KTIwK-Qr=aMA*{XdBz3&{{ZJLz+C_CYyn2!CkA<+DW<=*X-Zg`cqYcN_k3;%bE#v zGG$x8aZ#5{Ll-Sdmn-O{dS-q#Geuo`%6jd0)~ym@tUoTev^Z1w+5uqm|g9D*QzH;03GCSD88Ui2Q_%}b4(R_aHPkul+>XgcCgapdH5Es z{dt);_V6AJN&tL#ELt4eA#c`?#hVcKpQ9(BV!N2H0#P4FLP5rP2Jt`=e#wiH@ovSp zsY!3e2IjdkObY99n9_eg%uWKVn)*zb<Av;VPKU3pg&K4*B1^I_%VDH<68 zOT_-&Q%jlE<(JLQORn{@Ojt3Ep1P|L$sczzlrwjSsCZ;C9W9Hlbgi zb@OKXyHpEKSc(gFpDhDQid567%P>39G-fbW?kbnT}$lJ}_n|;b3aoHoxIwj~l6&$nkG#sfVb^5%f+vQf15+Fl7!Hm!r z?+q_@qj0Y|a<>fK4pLmj_jH4+RkrU42>yv=QW`Z}>l}ipoE&&7?Dg6puoFc*fn@LR zPJ0q2E%fK+#9iV@fIC_3n{HBPQU;2m^*C=)*`MC{-nR;ZaQM-H_xeopd)U)v05IA=LAffy*_Qu%hTmz7BXNE)~QOB#bAX5X|Eys2>rU~huB`g>D=KOBiv|RngYH~RlT|puNN&e zSxU(p=5}R%7-=)^R3edg3qRz{>2W|BYFL~9uz!6OC@L_)fh-jXaI0Lbgy36>8y+#f z%o2R3c(ZB#?9YM+QawuM|DuqV%+!ZOBMoR7qG(`kc|Fc6pPXc6ym1}Sf zxfWk9AJppnCsbxCHswwf<)MTKe7%iFk!HZ@wrs8oD!4SE%9P%6D(AJwfUP2h?B83C-d#^5u+r>N}#33Vg2UfhnbD)D0QPr8cJcr)FXB#CrYmI}`q; z0(r#PZ(}VU)~|^d9>V;GYs9=MFU1c$Hs2Gy1pHszU(p6K|5vVtAP~(t2{)V!2A6mB zjC5*kOt3EN&e!?nm5#%tWqDJa7!LQeogHwt6Qa0L#ra^Z%~GOD;>|1%w7d)hH2N$^%l_94_w(pKBFJ4@)7rJ)S6R6(z;a%i`L^F_|jFs zmooWfTN!aMyv{E=FsIq2D6YmBmt!k#;kNIKPGUXQnrk{qs2ybN4jEz|+5IU*0*opp zjmvlq3yMO4Z?-==?C*NJNS(xw_w*8vYvV65 z5=5{I$>2~C30o3&uCsvR$rOcJMzQPY$TMCNz<2VhrA`ybGkM970Qat*hUK;Y9dEOR zTio{IA&rg1NPrbF;-2t8f%yS6PcC3TgqNQMpzxaCB&4=YF!BsM^vg8*uGSuU5SguP z{mc^M`I(%mA@6JzMOU-&9;lqWm=w|dVf;w79pdhFbMk^(hcr^bn>`!o@U3A^&&m5f z(NU+0+ygvdLLK$!38hk|Q!)s3V#uiHXBz$hG9Q-!8IM~xk#WejFelawSCdF#+=q=3 z(qPjbLFisxCcZ`jOua3yQG!N@3w)LYIN!Wq0-WTXlgfb_n*Be%@9DhnOI|3P)$rtl zTAmA|ken{SCM`Z~GdCw{JZQy%O^E0WK}6P4LZGM`WBf-*5y>emPkEwaKMbF8^=V(c z=fODY9IM?pxv=0}+R0s1?BxLIlP!k?6V{engM077A4q`<3IgN2uUY=x;I;kz7{WJR z!;-(BWxJl=M4d~DHVkHWcMS*HTqO7~6(3F3v9A=*T8o((5}?>szi8ZqB|6)HLPk$h z6mc1j`)X1ZN-((}9d!~Z7gGnUoT{2%n}refNr3*U4@;pYUg%R03oSEJmPP5(sQZP# zxh@UPjfzo7W;ur+!^p|+ki$4nPfnmTTWRKO26F-|cC{!P-;|D#V+rDAsA6rdep!(R zCeL`zFVjEKVP@5ty_fViioXy>Zi?Cts#6x_IzME7=b{{YS5kb?GGQ0Fck@{^1(#-Q z$a#&oFNz~uaSw%M!7DZ!$@flmoGFFx!sRqTII2=niyY!iJA@Wyr-Tpj>I>SAn@Ka% z8QLJW8kqNJ-;Kt$PyqYyp>G75m0e)9l=w8W&Z-cDq`qsK3O1^v$PVK;jcWD1{V6Ma z31a7h0%ld6cpzNvpqAf4M7?Bdgzasq*?=oy5yg=PL=W?!nEuj7*2JDu_m9%CC++S- zaK4VL>3kRl{r0z+T7qE1Qwh*2_ZFxSn1gRNe}I>x=g#We$9+ygjcS=v@C|8tMz~^A zm&QTVSjnvP_CsR)q>2S|id|^?2V{23g|e)dK^nGFIJA9PNn&s;SLn23sol_S|6QW% zpQl74!w8lUA974b8*6*{&NdR@?Ff+GTk^29M~M?1t=7=9BZ^tusYLS#R_S=2b~vWY zBZc>)Kg>o2c zE(}PyHSw^|NgPD9&|EQAXrn^ExhZ^momOx;FEaf_h~FBsgn==}WPek(v-q7@xh5Zbk*H%YpKSJq90>dNBD8HWbUdNjuaf{@AL0I8{DbT1 zloG8NkAQ8BeP|^R)36b5+o@9#JznWzr#AVdOhij6cJNjkLP`LX51N0;cI7c&?Q(L* zc&Q*zkvX=h!gjL*?$Yi?{oaY0-7(G)_6cnhTUWsDbC3Xv6Z>jiH<6c=#o2(4VNBjWGkA#pQq@!7&Q2*jQx&ix_qLc%M zxjre8_2UyntoNP@)2?%^4f>@F1BKy%GC8gBv0k(HwB{hOEFa_kIefeQi$n=KlApH%8RGMmAp-8h(R5{B#nsb(S6o41laF;?v)^Q z8@RB_kWAld>o*iBE6Rba05b`&Jy+VskcZ<;;QQjtQE&Z@$;quhGs&cieL)7NyI`qQ zkeX-m;4E5iuKDG-LzNWA)`E{Mw0Y(nV`Eqc)k*n9Z2zl4UW0D^Q!0I~9c7onJKIp!7bvmyUpAXH{`4c|0zc2OrB=n1+s7oYL zS<<;qd2(Zk!=3INp)Dn>O#)<#+2YWuA_0*wda;nwXI9HZ$4EC=b_Bc1oGxCYgG!9o z@eUq%Q+H3utsMI~y+Q);ZQ%1r-Z_utsXvjtAaGsTM)Z5w?o57yZTmRPuB>gEv58#% zVe>uN>*QFN?)IXJ!I1pb3~{;Vscq>I@7y$gHE1z$4en=@Krg?KLvO~m4`%j$MUZE~ z(0k?VFxt1ng@0-SUK|tsA59=|QvOuK^Ydyr_$OZkX|3a1XW%?vg%YBA$3r{r7EIM- zndWQ_32+0yv2{P>C%%W<7oLGJicZ|^Z4OYyJ+87I%H-nGtm6X4x7sUZI3~?#IW!mP zX`w?Yi#p{8y(1frzB>d*{) z?MSCH$^0^F`EV9flx?1}`u@e_E*kW@gM9(o(lyGX=+@H3M7THt5FsNroay{Ekw>rD z$d$iap*hxdpP!=f2vOSAcX4vy>ZMx^SnUSF$efg`KD$L( zG(o6dz|YrBBD93CHnCm{m9WMcbddGYt;3Cfv2>?`?6LIP0r>+qXdiVIMK`()RIy3MXOz4&zJe4anOn7BvVe&pn+w8H<{Y#$7nNx18RB`AmrJ6P~sv%Z3 zoHsCG^9H6AGB6nn15cJV3gE*Z_*b0~e5)!8QMGQCC^zh!{}XYW;9&HdUh*4=TiYXs zM95Fiu1bIx&^mq|tr;a%9R<^)wwuR8eUU%${Oms`yuaa0=$^nj!NGe8DI^HXIrDn^ zr-ST)9OOJ_d>=WzH2S)D`Bw>`C_JQ_gUKB!Zw-Gi%u}72%s7&b+RYZ2R6Z+I9>BBN z65!n40;uu9NynN!;K#sI5}?ieq1B>(L9SqFoS7UFQ zy?xzArTam`o!aJ%^@B%-55g>3+@MKpfeH8lwJoL9K}qLx_nH5s!#zc2y~^(1@&){O z=8wohbS1hu%9dJ*BuBbJi-)hnD|7$*A`0MX#g!t3@;=zoY$3B4p_n zns*x1YPVdW$i(G;v%vYHr<(ktpX~d?xnOKuOKBf70e# zEd_gq!H*QicppW%X>Di)eR}4;v%7BcmDUrJAu#BqF5h_(E)qq!oO9C@B~J&)b$z`$ zhmNgs_QvE`Xl54I=jzRcmj)W&bABIIHRd`&&~0Q;&3zWlEQf5I@(8S%vWh(YW?{;(1hN|fV!;?yp_jQv;Sa-uImzC55f>guN3e*e%dg} z^TyWBinecF2=B#sUtR-?psDL!4|BiVcPM`}Wni@1)rCndaBb8vHTqN|i2Bt%e%GKD zxx|h9&+xIV0GTL+j_toE>*$61D6lz0>x;g70R0&pXD`QLsdEnZh`KrE9fX*y>f{?t UmnZS=rgqYS8^63o8_2MTiMS5tEQ)nXD6r zDQl8sXDnmJzRrwgW|-~0{`Y-9_p`kB_q@;heczbVdJX4sp2v9{zvFlOF5*7%2xy13 zg_Q+JLP7#`19$_82S8>Z$#v`gdIFF2z;nZ<4I9?4->^kWYU8GDTefZ6x@GHD>Fu&R zq_@j#-@0{&!VVd^o$~VX+rWyu6n5^C-6_BGuU{e|3A|?ghRqu`Y~CroReI$N%c(8clk^0tb@mIJ$$lxi-O{= z-AZce8ix)a(bG3DJaN*d^K zh{)$r(FuvKUMD5Ld7JVfGb{UJ&ZpeZ#U-U><)p6_m9=&C4UJ7dntyh5c6Imk_VrWg zjM1_2iOH$y8TR7R@(PE`TV4ChE(wt2-_81`W&g!48NjY}>(@)Jm-@>tiFHB1kd#@! zVgIp>vZw8(Za$DZp!;~!&NJ~DMc+589>2trzxA+vi^4%Yx*Gd0)Ba}J|IDx_|F10j zr(yqY7ZtQkQUcgKNf{6vB)t3~`Vi>P_r>nId^&H0G)bb9XR_FG(OH4{cb%}YI81y(x44U>5gC2GF1Rtl1K@l~O0Xr1ETDHj|&bc*_31tMP$DPzkB-QNA{)Fmp?jPpl0!Oxh4S}fFE#Luc}Ba=plc2# zc2BV5ijIpxG~1xcYU^mwVgz%Wyp76UFn1yg06e}q}|QF5uy$1#Up z(B&;+5YFc-ix%aNQ<&Z{ld`?Qqrl4#KR7(iJ*=mTtNdY|(oZyIOMORdnWdIi{tEH0 zRD7PzUz>PrJk2e37lpJa&`#irbe1{q!Dj&Cjw->H_sE*+V?_Y+RpYJ@90wRe7} z{izNAe+~Kg!dWUR!oRA(?rKepZD)ZyO~0YOO7Ath9+i=N}Y()0!p7OU^2~L0HeigNgMHi|Z@n4xcqJ0EKyxOOuZ*MD`|d0Ar5u`JbF+pfI&Zx+B0tHtt-8ZFTC67B2M*0+J` zSr-k~QQQjyE5)D($^6<%>qC;wlrLm2)~^y?$ON;=ZLi(x6Ypen*N7Wss`nwVCt}b; z;FQdhSdOkEwC5=hJhCv=vJzEFr6dQr2gsTEd5S?pDT;Ob*LoeVTgKGv@v1qRGGMQA zH<_V)?x)ji4_s|*cUwypuM-}kvAW$;lJtSxYtDNd_I_5OQZeq5va~hB?m&}6`A@I4 z)Ek1RcdN&7or>(&4Ga@y-&)kNjnnlXDK+t>m86r+j>P-9z0D`*mA?NokfkFJh% zd_b)Rg)a%mhHk^>)}IAMTCiNXQDrVDnc$8?lN1up(6-&O4VjgGRFp7?>-3G{-Wm;U zo?8C;g{C11*qYH{t9=66gCkA;Cp8c89o!ZRmt+k)JJQ!B!s$;rwV6NCY zuk4N|xw`5bCpW;ZpG%LZ-k!WYlQmEq#GZDTMcznu)-HY0p~f#VuRLC4nnYNQT$RTv z%_Jv_PVkC+OuLegQF%{#j6KI*r|pX^P2Frj9VQ-Gn?PG4&nPJR{pLrErLz505_3$JZj)YQX zlp0GVBX0(~Gv+j@hUJ^fNK;~3_SAIy6}KN4F3u|V*#i~DtI$@Og){Slz3fz{UV$nD zy35UzdLfyvxrvFb`{e3#Nx!vjz?wy(X2f+OYbKrxo8GSS->zy>Qomu9QyPse|M-(i zZFZM-kqn}Ww8jS}zR981a{5vebL20y(e0kxTd_r539nV!TbNm3!SW7@_qw0e%QhUg zqWMlc3fEw5!^i9N#31TGL&)oh(jtL&RjPBRdf5`P-l#8pj=NQ--=I7W>Q}iA=3;5L z=56G7l|^F^Vg!C{tjq1PKVz&{!wMZ`hM}&PJVL!ZLWdgld=7dA=^2AlnoEB2AE$Lx z5_oqZ;a+z+2v)9OyY|8OJ3bHSRmXNes4Z`U(pG!z73=U@oM%#Wav;x2pRY(O(B?w! zjD=v_!k*Q%)|{6n`CE~Aa?!WNAVkzCywtJD6h-I8>iI}Zm!XQhj(#jEZ2CB*XjE+H z+j&G8eJ5Ix4_~NhH{b#iM+kLo zU|tGTW*WPJ_4_U3Q0FagPRdoXp=XtWd+XJqSc--iUj#Orb5leVR;R~j38Z-e89s{6>B%EdX)kKQ zubO*YPUY27zw?YcseVR1NLbCK^e3f!J z`ttyG-fN)y@u(rZl>6dFcR(JT=iq0lpJk_(mbRQy8kD@LFsAC(w4L(2VN@|fGni7Erm=}!KH&QTd*!fD#X)=jyQ*C?R=2Fc*dG*?_`Z>E=)|}kIxuZXc%tK)Iq$r2^&iIHy z>x4hbTHYGkWu+h6JDRvuCmaap;>L*r4y@o}i>$3oY|~q1Ru^b341F8TI~=eL3>CQa z(^@QEj`BB%LC@f`?UY5Z5J-=gXZ%6-<~u=`53gKWY=vsyAteg0w3C6EuX_*Hq6jku z@^?1o9YhvfALw(jyRY-%4^;N&{7uXFq^-Trkat$E%nv|KmU^nacRwwPBqpygA5&xk z=C{|?0r@j$ntCDX!3XCV4(xDOrtKMp;-q0{>9oz30pVoq+ZTyDn_66@8u5?UNO6Mm zDbGleCYlUM^>;~uL8ARtDVl_B=kv#g`;eq$-844o2d6FdS`BteVqQg=txbv6S}4?Z zk5?Gxgc>ewgazOAq^+1;3?|k0q|0{DDOGV+stId7-`9s>nkUc65%~|JSNkb5s|UMNhZ-)Ti79@N-AL>hO<8?mw}F!c; zq(raGDN;&WvpqMpxh&4gKnx<0P}a1L02{=PX@!)u)TGkND31s$cmIbkj;G~ILPy58o1slYkj)V)B^?~OQ^;zLuoZi3SuT1*WVgTh{Ea|;n+zX)*ds?d>hmJN==Xdmqm zn2yjQWtutmhT&wWo~)NMDJcQVnP1S$iNrA}lfO|b#{^=~Ac(IUy###(Th}F05*+Oy z8|R^I(4HNPLxs00A`W^v#j6J2n^&b~E`0d**ivO>y7X@z_?H*{tKo2gQrO3HG^2E{ z*kt(RIMpw;J9J}d@hHoXAK+p}WOEN=F76*#%)CPj2j z^()};8$3zF>fHy}#3=3b4$+m{oqBK4qGl3`30~#BbpHkaF3JrtZl3D;S5VXu&VcL* z4*kwyxcb#A`94$h(zhvngd3eZB>DaWIUeVYdUjlbW4C9z@?F@1UN!d%Pze2aoxGBb zqWXMmjrTRN$KWd5N9OMaia|dDKRz<`j$X9mc`+j|VmfCkUq|DxV$i8B?aQLIgdy*q zRK7JvtD9;5&JD(zGo;jcgnd#gXcMj_`(R&5%;;S;*8HKbd2K;kEqX!d_H%Fs38XlN~M$2Hysj@Lof?@W!?8N;@1edB!Ejn~x% z_(4i}<0=Q8o_C!aZF1awRC^=Ss*3^j@;7R1I2fBe;b;j7=zequb@7m7#s~5efZ?J7 zHtQ^4G#R^-P;%3o((g3K+?sKidmuj;8mwH-I4hDGU3dk}V-OW{B8P`NHf_%&BBX5g z>TIn0>8PBBXPqVc`ptJoXMiSZj4@_xXdMAGh~U|sE@K-;yCKx;&Q?|jtISud-s)Fo zqTIi%Z#n+)2w|>y6t!Dm%~PWjcJUT|ww>=S>!XyyzUS0W?^IYkxv0o};UaWQYF#NL z)nUQOc3s&$D=x%&=#F3M*GrJX)_kX-F&83h-wL1k-Mx1G?3Bc^y*X&-|9D&>qJT0) zt@3Mvv5%*!2l_T$#<3c7A1)uz(yx4;5Ft#G3aA) z6Sc|?JY@ir|FbNF*px-L*cOrEI;g|&iaqupyAZWs?ZSJOc#(Xwrpgz(mSGIPJ>_0d zT3M$Yu8#qL%ZJC_MqcFVLRni@j(`pUsp6l52xI3ov})8Ey$CsYY$!OUe#yKB0-oaE zt{k8`!DhZI+&AfWk{kY##q(p(o^QF$?tKopf8%bIU97AQ7cS?wiR|(V{8H zCpd8wAEBrH&~^K78=4$18oZJMjYPU}CRC>l+J*pFF>u%Vry)*3;L}==9?2T8+lS}9 z!PV0)!#TeX%ML4uLFFaA?|F#YO6Zg2H~x6=v_ptNn$%#)muLH9;Uk(ZuO!B7SPFY@ zD6sJ_1g@isGd*0R+|GG`LUH53&idALL>5q_1si!t`sNpvkVlx~AFo5IP0JJ4ofm_c zu-5LWD;FiqcV3imq828)7doffp6S@i_kyidci9|(d@l2BKc#XtfPWlwG-c7H#cqRF z<;DyRT9?TQ$T^^5q;Mh*!`U;BYvh6{b@||DutPpF2NqLsG1|9!kT@oB$Q2^kM7$2L z2~k+p;L-1^cDs2>VP~4bf(U`U=8O!UlU1_c*HQQ*DP)c;$Cj(3$dsH{omCq?+54I<9@djpQM=Ee{#YnuXVMNR$CCb)4+inr|y(nSOl9Qpr*b(z-$enm4nA;)~u#px}kLeXpO%s5TjK`q1{VNHCB;ItWyN}t_)H99 zU***`!3+ZG4Hap9Nnx9h1w)^J+DOu6B?zHSIL=kmvl@*g> zvr^Ev`{F+fC+@!Adg2u#NT|CL#{N8Imq%^=$OHMIGOst3BRwdo{smlZmPH>NFLLHaSG%ZOtK9;c zz$lOG1=CmFC8en0`y1+3lO5&GEe#H}ib1A#-*T-qfrBz<8*t@cC7geJ4^51QDP%X6 zL8Hi;4^6ZgJz|gxdYj8Uk&`aF0CM~dnHMgL6o}Sb(T3L-@@yxHA1~uF7d%8%QWwK;^R|gWl|MmmAud* zCkAcBi%RbJykk*bthlPWgxA&_lPM?eN6ihn9pbonw-Z}mQWk&G9hr5s4V~k(FOnTo z|5$6yN4yHUu^1#5?AX?h`N)RF`l%2z(UBf&=R+y}t^MjzV8&lrln#yLY ztSMK?Hf^=%X1hQAkNoN%ekd8iYZ%p}tP>n(ZzSG05ay~aYWrvj9ZXnrlyTWF28B4j z!0P9Xz@@0cQs37!BDL-$gd)`&l~0T%Grz{JW1={z)eqtF6h_!6E)phh|Awi5w}z^}{cs-VaaUYGyM&_M^Glr=@ioO1f!Uq!aVoA0@ozU`lTnuWn zqi_vSiH*INF!pS%;dRBYGycp6!lQjhP2B?qQ@q~^SFc1SR-UmGa4l5QwjJxQlPAld zAM9IfSDlJJv~GOozq!t<{{WxP=g&i~m9RGwke|G`_K4|T`>a2%13!p6r)UAMBb`C* zAEJL1^=JjeTt<5YNOzNc+2o!@&G-Hfi*<1QclHSnNnVI<>nyV|^|LLfe5r_DYh>u9 z?4BPRPEZZ&aoB6_c~SDO{nkunqn<7^l|3I$JHLB~*1B|VEW)iPjrz~Fiy?n{mco2-|;8L$I9 zh)B-%2#{BW$qa3S(?MA?H-nU2p6&4!E$Rvq)Uo~t?OCIZKBGt_tDJHq)agswoW84$ zSw(?PuW};3CblYs!p?}T`XhzX5xPao&S)X|HJndhcsHdDPDFvTJ{YgGlFk54i5>{ z$d#3$Kt!uSYPE*EM%&ez%%~Xf%JR<*-}B=o7#pM3Mo~9?b|d&=5GQ5D`)^ra^EvPB zDB47do|OKR#y4}VPSf%aJ8q2a4^_uxP1kxr0lcwJ3ono#=zSTCA=RT^P;;I?UowHy z!N<>b#9^(N0}x*Vtz}iaS6JkCYA>RWAlWbi-a?(GcpFkxt|J4!aO^~E3UMAOmialnm8&{%f~JhWY47UEeZCIdA<@0 z9lvUG6<}i@Xt#*Cp*e}w2KPRv8}RUKqt5!v{az`|m|N`FmEYAUA9_DVTh{Z(&64WS zjpbDdE!+-LB9KklE9$t=MdYg7T;(rv$Gw%Uc~%SBnHA~35xP_>Rmb2xc{=0py2YYQ z5ty-O@;6qUSHhNSaE8VOKqRI@mXG!KdqHlAhFQYjZ%yuX+6gnYwwh*IX%&4RM+)m{ zCzNldF2G&*y1~hf!|JS>5{(xVd1<-TIH)zPY9GLsrErfN z4q5__FTzflgjc?AcTGkSF)M(5gN?$3Nw-TZv!*i;upZFlHYwd~$%=YM(UdqqQGK2h@R-y6U zTz>$yrTK;0bPAlZL`|?wtl`M4A#(UpE{ThCM`yM3+fUZ!m_ohUP{^Y-n@GbQw?@pWx>76YkL z1z>QsM3aNKqE8KYnei{y z(FyY#>F}Pprk0ZXMB@@(9=ndOZ0}TtmpicfWf#DnJw;s!9imk)UG)Gyw|75B>1N%V z(16TdR)q(pzX~kSVE%wLFB;^s`9}sM>Il=X&WRvHUOF57UHu$8=y(x&!19wF2fzW} za3#H;dXog&cs`Wj(GYt$^{sxW>#bd4P?dDUGcsb$poj6u)cXITNdZ10OnYNHLfbJE z{%aV@-UsKjIgw+;ATP(yy>GC;^MDQdeG)f0daY*x$DGIu&=9q{5&qWV+GE+!rffR` ziCCMc@Yqz@or#~L-k~5$5$9*6OW~};!+HYmraHuW7lAPghNu6yt9Z9@&{BVlFsn0x zO7WrzE7Ww2Lldv#>o>v<^V&whTkiuLbr4LG@u!NmpW3?t*fmzM05Pf#XFUy8@XQ~? z03?iBm~O9dYQDUzWo3$OCK8^kQQ*<)Eq}2s8>B4`v6rSrvYqq}BwkpGgH4KfX@?|x zHR1N%`TjJ``Jk6n6u-v*Ibls6O%NOh*X6~>x}U9NJC6blw5OR@$vxq~=J<}k_MRXB z)e58&(^e!n%rXVKRg^JaNGp7K*OX+(tu&qev7?EXt{QzJKu! zmRN0`>8$RAvpG4^A7UKrSKd<6eH7|RKL3>MEb!L>o%G1vHy4EvZCSS99 z%aylAnks1i=+9`uZ826QEL@cO+SrPVWp`i4 znDJcb1z660pIp~|OJRm@+CDNOVFJoqpL+niQ(~aq{4$vwZWq~_ehrxkY0|1vc%pXeKe?UNJ@0Z&6rg~;8I4JPNc{MA(Pxa?rb>^ zX0=@szAsa5g*F*&FWJ!aZ2rcQUg&c5>S$$Jxo9@X%Tsb%NwZ~v;%T?3pSVD00}zfM zf(T!U=@!t-Lds#sECX62pPJmkiJCa7RG>L;_xhAdj5#K=5ZjHDDJ4)1tyyaL@7h6E z{t!#2Q0i3)6IA8A^zU*|$bJ^U-~?J$_Y6o_2S7_{BI%#fiqQw7P1kXj&Wrjw zCcvm*%FF?LVC+rh3L00Y5Z4W$btb3WC@5|j7p|6H%{D)YHZS4=9-RIN7XG2eq#Jf1ctRT2STbFs%FETRCI=aCjMTVK&f}{2 z)1q^Pcc7W%8kK4NsbMf-xo8(~{|1&B|~7P#W}g4De&Du{8-I^b0pO^{5s14zLenicvMEII83y8;7@S$lE#i4MFSkPL(q(K? zU4%Aw@08X+?z~1Ga8Q`$=2LoFmIQ=~d9ndT<_0?=DsLuaxX3h?QvrbNbV%Zba=v_a zN_OXIBkS@O!{G?pBsvhDc1ooUjYGMs6<@z@zLO-2zMqwVT!Q${0|64#y*85h*2J8B z#zHcT5UDLlsJ#H|HQIRJvF8MaBG^LI73TUQ4V@EDxnB6@&HhAaDeV$SgpTgjyg#sH znqAlvJxUmAsaim1R)fO8=9uhJ9GHi{#5!N4heUiY>hn_BNoZj$Bqb+1h%7R+5*rj| z(J80{2V(_kMA0M@7EC@pN{n%U?=JPRIjJv4N9)|X)b{&Jb$_VGfwO8!E4Ti9T=X?m zj)V1k%W*^76_Y`0KciPiIoa)cLl2h0^Ty!$;4Zsysy9}mnjMk+_1@}mN3T!AgSLh7 zA+AaLZ?9oUH`)9S1HZ{DIkQ1!YiIAdVg;p*ksrcH=hI#B6Lshyj#UcnZeP<{Ux;uO z{z!7lS#z8S7Mx-ahA2i6b@Yh}L&MHIUk=v+U$3I%3hTA#azAw|#x8L#J}lcXER$Cl zxo}I!6>uh2h$$$8FITEn-fr&V4oTBp{uE(xF9 zmUI2UYTeL9j@k9)&cl=H}-`N*7uKa)#^=guP zXcT4XpEoSeGtKf0p$6j}6L1Q_B@3~k&RY+%ZjTfcySJ3vaSmK*W21b1$~*j1Az-hh zO6*%7=?H=kBw4y3|E8=Sf__y#`#%d=E_Uhh!yJD4*nD-bD1U2G@jk_LY6|x(i3m`1 zW@6A5k|WQra+V%DXrQo}ONM*~dg%R^aJ?lu6F^b;NVN{oq~PKzQIZ0SB6jAm)2{Ij z6U&>Wh^gcThlwtdWo?q9#pJ!*S0M|UQEXD(0Ccy0_DGT~6rkw2odJ0W-fC$egtum> zoPmmO00nkArt=IN9hIJqrSE3zJ(y0{E;()7bg$k8F%Vwr>Y^Y5Gc{;YUr%n>E8OyE z%b^c{AFBj9u#{=4_Pl3o`01`Pg2I3hj|jWe(`Ew{wmG%h%+7i9*T@_^YVGo{=<0F< zTAL^U_S9SZRM>Y0bkperxayneBNWlQ(f5*~-I4TPnZo1du;s`y#IcstAAPZ^jtIx3~sRvxF4ip(+z$jmOY@`s?2I|GcUH zWF72J?S$sfuh^U{fbNf*7{0wY{^S}rGY_{_+a*Hp>Alm@34gDG7b%gm!bEl^qdZv* zf+u)k_w|cGt_9d8G3e`0fX{0^zgLR$ydCu*1|>UXsC2sxzZzWn*5fgJS0U6+SWLY9 zeqFJNU9L2wuCnkwZoH=lIC{)i>SeQ0yjIl)R%Fv93piRO3UgTul1P69h|oO34EfLz zsX80@DwoxhtSDUakq^=LgKwjs!z%OaRUuWj>Rr&zX6NaDqidF!F>bnK7CvGgsdsLa z(4f@a%W;ccpZPE>yFIn_C9ds|yOX*v|A3xE3?n8NdnEYt?DwQgKht-0rizZ(d=;HG z*4=1pWB@?mYbH&_I|z%NW6QHP*YdS*k)9l4l*bwzd?0up4ajjGVU&GXVo+^JV3dbe zXF(~BT>15T%EVn{N890rMPo%&LBQXevHzkCCeakU^o<={XB(SYnP}59cZYBBHt!T1 z?E@QD7M9+d^Pifs?uJKV^^zME6nD%xM12fSwR+_=Lv^qTOGj4Fc8N}8A<_*OA_;Gd zwsXjdj9b@B(7rdZHI((1BG__L*e?wopc-MGbF zh5M3!MK!&_Lo6>l{)4eqV>hj7%x_>7j-FW33aEnewyNb*_$aqBH!JpWlt2d>?hBtf z{0Z1;3DK`gIA0qSGW3`Kpgq0^D27mgg7|)dsa->2ez0f*AV>Y83G^MQR;#@qW}Kgu z$9x<@4E@|+S{6H*Vkug0Ux6QY3*#G4FZBsjSmOW`1V7R&v}Yr!VH!TT{tNa1mi9w ziq^_s^ai=v^L6e*9*K5#3}U&b<4|A9j>-!;qRw-p_1-!+Ji zr$}G6Kc!;J(y?S!u)%ey;Y+*=(~5S#v0>_AOn1CztqoEP@-3UyA9FKmdM47tz}b63 z-AO$uqqRVUU>$N>Xde*vBgf3eAY$bT_3xBdGj^XL6=s4_BLPtH!K@;I+gfT5i252r zy3yJ+!3CVRt(w#^9w=BEpc}ytX z7V1{Cbc@ub-9cAP9ZNVau>Vn==5nOF^P*G&MiFSwLZWIkf^S`bmk4asGeD}$0osQl zCQvFa4(0%1)rF|qH6W6~Q7unXRDYJR??%D!dIVZkF|L%FBV7C1^;hiuduJJ}D$D?L z(i2CB(yWcuj3J|;QD76|U8)d2DXc^JS;XtagS;28em03NO}I8v(XGG7otIhc8H5`f z3K{x8c307mdDHUV5&ZLjS50r}1daM=Vd9)zLy#EszSgJ5Cz+R>)kMVTv9W3UmQ=|d zIwJsq6QbZ8N#CAN<<=55%sjN3ut9%tx?Zxj`cn1oBV(n%He(SUL13Hmn%S4@Z!k_Q z06H+~Z>#)ikFD2_0c%kCtQI$LWH}b)RLUAo4EyYTd@B;xIJBVS@lsIKprmkDKzV(i zQt~@FARDuvC2Y*yT-u}mI`Mj!_86Z%IQ)xyNflSwc~5Xivh#C9#wV9)2SdeVKTD*~ zHq^nApMf6^2q)YfXMc)xjX*>B?2@ zlSww0)tiyb{g9fnud#J?Cb;>g1CfFwggWT1>%pn!p-8t)`6jkmlz#ot6Qa4GEflQD zyVXlND!RBw(V%9Y@PiuyV^rCr_dND@6+Q2HfDpDzBq$y@5ns?d>`Cs!&6foksZ@I~ zkVj)mRDN$F#vM2eC_HS3 z4`J~)Shj`$1c;A@28#AXktJV0q!o0`J0d&R#d9s7b$qN=Ww@A7yTeeYY+kn!3Db<>ySV3C zjrF4wKCCi}2={Qq##cymTQ)RWkGW;~mKb#DE8momDqWG-;!)Rnq(RY+GYD=Z%QYrq zF0gyU{i`5go@Rr}rmkhSk*(VAf*do>BmdN?TYWv;V&On0k}Gt_jTj%{g^$o;=awlu zr$j21-NbyRHrW(?N8@?f+cJN=eauBP6vE}I+_)O0O}ka8j-B_0v`mG;TRprg3*w5l z6*~=?`$uVhWA02XZ&scUSj%&a#hhT-#SOT9{mNFUW&nVY&2D>IirX-o;zrCx_yj3gMvqr@V!tc5>MgmP zgm?lMzreL@f&YO2T7yONX6)8s&WL)-(p%~Xa!7&1p7=0IZ8G+xm3~WAS~7(4WQlJ} z{@a2Wy@Gu|Fb5?Rgn#aZVY}WR0hRr!`y*Cd1^DEPPJ0>Sqb#ROzAC++- zjj5#h2e=iY$@S4%XdU)&C&txXeSS zOZA!Gb(hO($en6@(=mf3)#|KlGDEZnzBLMkT!)rt|DAdOMvRgFOATQ4(?J~IN0dE8t8vhgnPU^M2gm%CCVYD><5|MTF8v5ipUmJ!r}C*QKYb8OfLM0 zi7}(VxWPd?=;NU9W54g+(j}8}#BkklvmEPhQiiLw%SwTt@I)x^$p`|@WP$NkHtd=tAL7Z_3?Y~r$fYWJ!S+2GN;0H77 zm>Hy9-jWxqbcL^z={I>6^Mg#2%`{V7s}tenANS$Hg|7b2QjcLr%?g8$*buh!>a*V! z35#^dR)&3?u-sJ4i<nf(Gl4UW`U>od{MZUi8L^0m)!s-|=DX&#upUG!%&^zx~ixFI;j_{=QO1E<~7 zBy@;DchltR)?BmG@eIlyPci6D^a=Y6wyR)z@nd_r=3BK`_|Vn&V6PA4M3FrF#qu2P zF6Iu~46-_z??t`Zh2xE9UBZnn=Kw|M?&Thc2b&bG|C}=Unj7JZ{0Qgt7;_MUXQ!lj zJgMjNWc`s{O>cn~_1&x_E`X;lPT_FqDq)n&29mJavC#3SNTOS$8JyYZOu$<{Gtpoe zpI{`O?ijP%alLQ#V%@lriPSXH|1~LawiDP8K-Ftkg)8 zc5{2n%p6cFOAJdm*$5N|uFwwXND%Q#rSJnxdHTz0O4AEH=5|X!I;tRqib2+AE=py$ zyV)|}RCjt%#KfOV{3atMv%>49X=!6Y>}p~fDX{7F!(4!nbITQ#Y>#-f*RC)GuHe<{ z49mzJAonWt=-Te2d6c~#qsbMY%Tvnrs5{KBX!TvqY@wZ!wZ8_FW1CZ6m>m1)lk}i< zZ}v*%b+bKnlhit1QA&!bccW{dtNO{3Pv4Py2fi=eHdn386L~I66aoGuc_?2KA?G~A z1C&3f;!eW)Z{G329elHDaDJ(gux6*`w?=G)Zue3-5?Plh?QCl`es1@?p37|N2{jDT zs*v&Q{j)eackrUr`~N1t{w>csrV386gre6tcb9NO!++LRnhq?cxyHx5~)_n zHjL<>jP8J}B=;n2;M*qKt$KdijhoK5zpS687euq?^>DSB?B%t4(M7?>>$zfBJ*SER$t5>A5BRIO}kZ3uf?|kx2MIlqeW7G|QGi+n7 zm-Kj6jCN^zR=gF2t?8dT5pgmj;iT%4jA${WHwoKT0((ZUzWgm2EJ_@ynrLTuz_Cr< zt+!~rty<@B1JTx?m6ZPuW&=Mni5Z;;_(7H*S(X$Xfyg>p0%dGxS%%Lla8HL$dAgmj zjOa>){6UE1@OY}I*g|Oho#XZ1>5-IS?*YwJpiX_%z&Qxv3_5v}Ia16<+Va~%tN6u*=JvOW}U{>}XuG066ATqRR6IPU_>E|OVR?TjkvbGC4EXq-GD zlDFr+EqR6r8HerS1zk+w0_5cL0}3MbURgZ@OQ`Ve-PG7>!d|DK z;U#lUc3GsO*{)}*1Vnb%!sP6}x{uRIMOg|xf$jMhzbgqoN9X-6M2=4GKTQ%XT}PatJpExY^1S+^mBhw11)H4Et^@BQH$VjKtOp znaDur&MJJFtF9{g>O$1nnCv@Q*K#k=u$iC2RXViYZxSMfZKamsIr@YsB95+BWTQqx zTIn079l!Et2&Cdb&`)U);nk1QX7236u1x+oJGX-0&YP^m>M0SzmuM85BO;j@la9$AoqNwVkkQeDU~%w5xO63$)2Hv4HF zK)c;87Pdh}==a3n5078~dXB($Q%VFky@$86&XQ7Iw|_;V3n%yG#T@%dX9G zISZ-Wk{qFKKfiLU4ARfN8hP>0oLwy>va;vh;*6pdeQREh3Zy+q?Ze&8xRQ6fZ{JS1 zurE@0uO^i?OFbkx%8W)7qoM`Y!wUTE*l$16Wew~{mwtHY zY;y;Kg)q$oki{1M>%Z95<9S|2kb0t2i^qepnM##B-%Uw9H>M999V~7-APmwZ78Uw@ z!yfEfM!I6;8L9EG3Y5Y;{K`wDt#^O$l4W-7C^rgFFd<%x&aHsA&cYvgpY)RbDdjY4r1<#)4J%rzdty}GQS#-Z0C3avY^ATsegs4;N{7khNFv|De$7ImSr zb7gCAVSeFgumZcagtZPNe4A(BatsOc6H^|P>oO5j* z_6)K}2y;&sIX{^F*Fycj(xjsd8`>oGO+}8}b+gQHEpykrUdy(Z+~kD4FU>o7?*z1= zQ!ZtJ=*7nCz41I9LmqMTgaEx?n;vHPE4=Pl(Jn$z3oP>yJl1cgh6ueIk|h8IP__u< z0EoiRYm$;t$Km1=7R}n`=+I;X6oC32l6j; z2d`TnAjKMz6ZU?JE}MW*c=Nib7Xui>I9pyKlNSTw-)R#9d{QBN_R-$VCTIgw?pkmP zLk<$Imy2!B_zo4+FTf{7=J3U4+;}8$jkY=(M{HC%QO?Q_{9=wW$jPTM@pc{B7w&$2 zkT(1yhVXV^{DP)oJz+;yd5=1a`An%`xVkXrI-m=ibDzZBY00K+ zhPPn{rmCQ{RN+-=u$dtj1wM<^d+0*bYF^_qe1{w6WVg0| z+xFFA>90w)QLLrL;x}_T5PYI_mm?a8YobYgtniuow>)JI%f#&A!9nUub^r z8#82`XUf5XOW&*fgO1&oL|b?w7OFv^w({dfi28vx=^2h2gcrWIF#hwP6(>~Mn|Ao4 zcfRFN?3+Xs6f(0nN;KN)R`9=fU*z!&sEn72OuKJD7|On^qqN0-!WJELBsx`I&3bc?xN%U&dt}~H&ep= zo);Vn*Pk@PH_qxu-uPBMJjZgpmC=}+iWl~xIB-u23*-B3r%5_pMKtok!pt&X7V}pC`83s$RkK zU2Lq-)amsAfkzq;!0#k&;Tj#194qjvqbS25(_EvoDQY=xY5AJhka1^+0Xp|hS$<(ZgjrzJ;_YR5eI4{qb)*1tD zVui_f=9gOFh5eTd0d7&{J=l{S6lVfw@oo6H=PLzpv*Na-WJRvkI%B}jAQk5t4DT^N zAlTB(B`*weu`?h08;<)N{Jz!uC6wFIaAkN9N6WHX^RY+;KsS>IM}?|q67f5OTO7U$ z>#0d3hVuW~db`y7-(wDad>{XPbKJoP^KagNxcqQt?z0c)8~)fYx#zH3aZlG#-b3q` z&pELFpRI$u{)>1~)At=#ch~KFn9ua1`_Z($jGuGLXysK4wj$*aTpw`SS5^?Z5To1A!Cv zxr=IeKOCFA;#StJCE@dQujdx3SWWME_B&kRo6uGvAz=~m z?ZP5rB0@sjrMHVoNJ>dbZ4;H*AuYK>TvAH%+a^4`;Ab}T3G(p?N(u`JOa7N%+;@Q3 z7Ql1UAzq%nz$P&sUNIhSJpcg!9zO82-wynj7tbc}jQj#y1h)!-Zz$OgY~tbN-L#qa z+o{2K`+@%tY!>4a-*fl`zl7NhfxUMnH6J`n-J)=^phoIa8%^=Z&3gfYTcu@o?3CTN zUrG7EK`m_^-J{3!PMtP5V|do++~q4*%`GggtnF{zc5rlZc5!p}xbNxZ?ep+aU{LVm zkkH7e-=kwJzsh$)REDz zW8)K(Q`7XtrR9~?HOBhJH(Wdb@1J4)71`G{R!DW2Q1+K3E5wP{S6ld z*v88PI*(TjfCEhO=tKzAVwer7qr?V#_`%N?aR%FGS5$lxq5Z9Qx2>(xq(Tu|s&JJL z-AZ$72ZqFnh9j+_Bf)jb?(7S-qT6PyiSgLf>_oU$D(z?kRhgZ-!Aubq&HeEQA}!^^TZuz=M+Ahpz^3;jFBu)fV?E*8 z`CF$oM!A5*lpDjl-SoLm~i2W4-H+cGUH zlJ3j*NJmaR(#fIFr2SL74m~8JuRtQdwYpdv{pg4bLdu;a50PU8bo*%z%u?HiL+fU- z=YtfqaN4gD#I?ktnEg*M2}qTCJN^J1-fmYvk6k;OKJ0CbGC!e$56vxI{x_dIKBh$gaxloi<<7^Dd7c*|{(`tRh+MWQnzi$~Enq zHzzgV1Mguh3f^>N(C=4Kb9{|oqPKh=DT2ATosWDs>xvp@;<~Z9X4iWN)JfbbJiAmP_*QR4lgDZ9|$#dlf1vCR~?0X zdH&gpH0aZuLkL%7G96vZPv;vbSs{gC3{s{^H%v5{m)bdvQ7-qVjRfIwuG86WAC_th z-Yki~Nr_)e zW;$7`;FvyntKEYtJ8qVhJvML+DNuNVI(;=oREG-$ydT9Gx-@J;gM^ zK;AMw47V_<4>ES!!g`FlQj;dVV#qDwUwt)0TgUHK-eBcSSu684^7-az{+i2vH_7#~ex<3|0|vNk+cQxoJkfiJN7DVe z&E=7oh;^snv_O`1#pm>a-Qgp~2eiZVF_@>eb$boH`1!lU{nC1CJ@5XuGPMkt8A$#& zEyM9_0$^kyd6DN2OW^So7ZCSAOCozHr4MMIOs-E^Y(#{J5Y$sqn}a`;ALaRFMQ7n2imjSDcKMK5uVh;<3pDK21-55X-jdD@V+a}F>(sUD?KFp_!-f2IdJ z*^xgX^V+loSvO|!jwK=88#a3hCk)tgfm*-Og^hiexxnz^Cp^Qn`WMjV2a~ygKq+q2 zR@9%f*9jr+UhW~kb=vs3+WhWruX&V1NqJcucKPxNO~q$NIioM~nBBwYK3y4%!P-HGAqGDZY08KjtvdHf?kz{!*4wQyQi*k8mNSFZ&Ssv# zec)k$<5u%*Qc^@9O%OQ@ zg0@yu(ero(5hR1?rI`Fq32cfb^y#mgWsMU^j0@Gj;M!CYK%>QYoLWt)h*(&?&Pa8G zY?MP)Uh3iA5t6Fz`9oX&fe|{DQ$#hmz$4~}C|evn9nIH~qlK&WqYH3Cu7I9CUc?1t zSGFqiwr~L|jPZ~QoPLdC?e66Q;SgFf29&zAt8k9!9WKyVbutuK1V8e7B45!ydA+^5ZmFC(XHSvEqe1%gArlfS|9Df{9FWO zD&8c+!6u<)DrU!Z1I~VjDZ9(BIbFN?JLcxdQ6oF%)m>57%gQ>Ty0|PYj$fyA%?R@S z9;>T%Bbt3Sk5Yue6JH?ufw=NOTvqM4S`Rue$nqhO$4UJDUaE!BxJ896Xs(zZOwnn?)rHOjNr z=5T>n@k-oiF%O9T2hYH%F#6h`9p~+MMO%a7_-+H1DfME}D|CF(L`U9!b`>Vov_hAZE)zapFq7eI!r6U7IC&y&BNs2G+c+W*nK5_X9u&nrQ81~?%(Lf z|8?9Frw2EZWEd)@B~_iU9d=vt&~sXyizPWaFpt(|n+7g`Z&vaAo}*o8iazJ`5XhD< z6V!Y*l+u&?SpW>_pZ)P&jCfKa(w)<$)^uZI4_jOIH7=S!+fiqqc{@00*L%s0#s*gJ znU2|Tjb@k0w>IPqHLx?ObH*1UyezIeh8ib$#h5X_FwU=}Y=Kkt7!SU26b*9po09d^ zi*D?5!-4u)22;SC?BMKRVAT+p1E$Bjjr-K}TS~W*$FB_-q9KDf8rRQE&pPpbB>j;q z-v`t(Wg;Jg%5bjM?0{+(EM2HvTyNvJ^L+S+c%2zNBi#>Z z%xg4GVje7AYMgWrrS*PJtFk3C=C>mS@jK!!kF{VXijs%5KUs0w2YD*G_jhoCk`g(m z(awzap)17C8gs?uk|u@IpV{TZHhzOHvyiIwp)orr-XHY5+wckOh*!%yj(9iA@HOU8 zMVLvuYIdi(otjHmUvr@B87|OtsVa%su?o5=3e6yZ`Wur2>hHbJe8=Gwio#Jul6E-HrGm z(>VR0uiAYx6(40qqC8#>gglYHOPp6DB#oeQ*k97k9l3yiXbVlW-b8K$7kCG1Ozm~3 zXv@IuCPH$=G zfnM+v`=o_y52<5=uh7{|un~@0hWS&iUZ;$6F@`Iiky!Gd-{aNQx2N^MSi@ zqRcfqg`I3$dT`j`cvlaKq_79PWkMfL%1+|9!0q68!Y{~>SLeb+D!uoblPVD zv47-%Sje0KZFSUyHkgU>%yW_ED3m5G7)R9AQV9J$(zFWI$aS&4;!si*e&RMTUWwyl zOq^ysNNLEKlzrlp7#0(f=$YO)Q`ew)hu7d>=_!TqDSUz?&!->rCaBKesewd>LR=@DlmhF&OXDyi!A7%}y6?-NHL%v~5GE|8s2v7&lelmQP}R9l#BMZLy;uHHqW z=S9olZ*~>W-Q)sx#PaqR&X7AwCPCeM?#vxb%Qfc$2hS~Va&Xo(jUAXh^xdy$qc$BY zRjRfa15Rt_nN)TxE&rdHG$6e6K)5pla z6U}HnCul=Ypb|(fuw`?P9q@*Bp^85>-DyLGEHah(ChGlm1IR}2ed9%6*(taKX&aIw z-&K-HA54B_I%=hM{SY#iG-bpF1720Ny0ahydq-_t@S@)udyQ2*I++)jPLN^aWN@A2 zsDUvkbM+Ayh!mwOaT*fA&dBI?p2cWmtY04X14pxCxy2}dMTjJ5Ytv_KUB96EsXJru zL41PZ3yZ5imUBHm#!oF5eb8X0RpK@NjRXeIB!f`yaBa-T6o%(~y2 zp|hUJ`2w;o3;e>}c_h_Xb9zql8gi<@&Wve+`%r`dtyzFH;{xrD`4%Y?PmT$+8A!?o zN}B!3_t$mlqCgbq^We^I;tAShBJTyg#`LUdifcYQHX2d3k1#7Ee!B9x`l@Bb0H}bW z>&#J|l2Jq`N2UEM?K%BZ_At53*;6m;SuVrc1a=(ew1U!3UxfA@Ro~BUw5CjSyP-#H3vQj0jbrFJMfN8IqW|<4jmw7BXr=Aw!!hsu{^b7+@%v>XgiA@iel|cWBKyQWqZQt|T5@xYjn&ksYyMQn1aTBIIdM z=sMhdbun!Sdp=L@po~%`u0`Gsx* zqV~s7)CNm3EWMoPms`GCY43aC7c`K{1Se%pQAV3|)=sc+ch?a@EJfOZLmX|Mq^hILHqRu*As+CC8HRx`7tU3a!v(dxH&mS_A6hp|ntC-emgiWotyx zitz{gB+KD4@7?-Hi}Gk%m9*lePku4gzcP$yNe~DHOOCNSMAPo#gk><4%!)dfxqz5c zl%n)n=<3!2)6Mii_&wXo9*!0I9P?i2#rvEpi|Hf7c>iQU_k2EJ__=gdZ5X=?$|ZN9v6bO=;;3?F>=7;?CUtaPd#EuMJ;a za~j&_Vc4l1mr?XKJT=zFCbsNt$Xa@SyW*Abj+@vR_p~?+XDQijOa<3VuGKSa!Ub+5 zCfA{qX3epXPS*u((b?0ZW>%`Qf{uw%92m^%eq|{aScx8iY0x~M5RFFUge~6f<_ms@ z)gW>@@n&VTA%FBTGUrT!X$8A}<3qIC0ts6%7k5!9aSZ+eks2QZ*6Yq|7Hd%k&Wz`V)0uX#~4M`DkAl=yy6}qjc$n9F|UJzFOXVsYBaX`}V$8k1_1B z7E{q=u^#J}Fuax@Q2MY2obOJEo4iC=QRI5}1VOeAO^I&aZ|Gk3&?MpG+tc_*;Q}=K z+rEjC#zSHF-#7?`5%?pYlAZ@BoFl=;hE^7ay0eVm>>>+GdCIW4R1x34;1{rd@03*K z*$2e9`>c|A60dvfB@}u@^oi?o4nfF-?oc4i4vO~MX`Fvh|EL;kJq<);suYPmwKOZX zuwHF8yL{<)cJ?Tv(tkra?Kz*fX$a}-6igm$h!RH-Y_-obT{+Dd6E2`+L|fq0FMtG{ zat;1fT06hDlByI^VneX8WLOQiT3oGo`oYcDkIFnYo=B!w7W+PDn^=H@JJWB2yVIWF z;O=}cj{bVZlh8r1T=0xrTmT%%8De$kKt^^`TDBGnSo&$!||=j`UL z1vlW=_f;R}0&n)MaUQz>)MZ4k=Wt#s*xcP??V<_99j`ds2UWYxGD=<_Td;=Hz-DPP zZZd))0P0bK21na=;t}cV)i%;hGlVUz;_@$@`Cl@_{Bq*GI_pTb>e!NFVe;(S;it{- zN7+$aAfkH!@HS;>;%Xop3e`Mdv*!R7FX3P{vMrfr$a%crkE6vEa)HsS)14Oue&+&p zN-Qx@Z}f*Dto?ULj4sGepzR0-|9{JWn=LJ65sy_dCsuoNvvjvx+Zs76s-lZp&%18D z8%()ZevLJpKX~fbU55YLJ!m@-%sOE|(z>)Y>ye+F5(|d*MUK8?ki4YhW?? z=O|DADZq2OUZ#j1_&Lhq)E_jX${L(Y{(HBqB#U_kwA5AzbMjv{-*{6HG7*15qVf@9 z^^8@Hojy^J8$SBoi8F-JszztTrn+U!TwAv%$1F%d&QNwgOe=!Q9^1O98eg=X>h954Xw_t>U8LU@NM&QvvLx z3RF5tA~<{SIY~S^5QTqSEy0jBah?FHXmNP2!fgqXi#Hvgr%wmRTnQ|-TF zr++>XEO^Xeo9bd{{nHZOhg;l)U)DfcK=NO@% z;ARE=K-rY_*T(GQ0(TI7g-ax22sooR=*yxCO^}4X57pvf%{TDsch+?OcF<1y@U?m9d4aO*ukfw>9DfGR2#U-jFU%X35ln zc;gfuzaX?Ks*EQ7#~5$WkE-;XapSfDewUA)NjA|B+MJ;pk!SU^2lM zXnAB|XE9uZaV8h|2!pJzo30{1!>M*4>_7qtn~w&<)&g*~^&swT6{ehRdqCWv6aV{XrzvN`!;BU$W8|D)1nbacIrn2U6jmr7kB zB&l0J!|%eZ**NYEIAntwz#UTpLmGx+K*A zkTm<-@-|6ah6{MKUg|T8l!FMkc#^%H{SF8Uhxd~!y!N4ojc&VX>T`izg-Vce(cT}t zljGxLAHP!}5`Gx6phUP1)&lGb1JXYc(GI#f6~x+AeP@ERO3 zf`TJU0qicGV&F?loHC6EN1b#uIZ zvB8HC1GUVQfc+4^z0scUxxi4U);bsPE9yF!d#K5A+ubHetT-lQmxqi0R^>GRV<1z# zZZA z{S;LH(9$^%88yQYp}H&v(lKcHF&OL_?HkUZ3Xq#|MYa<^sMkM1grCCrM-Banj^_6X zbVLnB{&~_&gY0>uWc8!zl}5V_IZ_eY>)@Q_iyadD`#W_p*BTOZvOeDS_Dx$cQx3n- zXT2BB(NpG)X|GU)V)cRp zS8%XnB|>p?_Pwz9oUvc$?St9*2QK62o9RFB*tdWgRaHBG*`Bd>|oc4U9guO}H`6UiCiZ+OvHb z_^qs@s~_{~nu90eO{30sD^oyx5QdyRfB za3*L6m;or$FL{>#pilpyRhpseZmZq&ViawuakosT8q`2K8XS8M41A51bqrouK)H_J zioO|O{CrR3(Mviei)i;52n|gTHa<+yXCD| z!Ms}AbX0g-v-ptPtlg=#>Av;y{SX{b9x*ts{~q@xMzsk`SF4Y;6?s>HsU!V!ZdGt%9)Jz*2L z;bQ=Ecj&qTYi%>-ld=|MaGNOEAF72 zRNBM?D;1zHeG{kuZ0$7g3T`wN?aOa8eJDE|dr>C1Uc!1EPLYA%KERH{_A+(Afd&qO zbKO`HKBldVL2J~vp6jWp-a~xYsF4z8!~`jWwavi5DdcfhwZUtny*Xs{#(U2u z7UW;!4uXn7X#z_kTJ!+sU^_mr7{1e+bHI%qGUAM>6bk>wU-Lx=CTZovOc2dvK4-W* zg@%ojN)8C`!K)Wnwo24RW`0V(A>o9+S72FG3o{wK*2;XuUQ1ZSVR&bnRlXtuH%ud- zaHa}N7bn6t$~j+hq#{Re4IhBr^Ommb zk8*WgSn)fzs*;dn^GdtV*hvFSn1ec@9;NI?#_F9R(f5r0Dkt7Hrynkt-If~06-x)c z_F8I85~7{=^ih;G&qlwrGeM7_V5n23q$COSSlo#t*t6Cy{^E$sRw9T;u5KP}h+aChPR(x>0M6nBv}~L9(s{QYpxRU0v%R0su9c)XFSWU$z~MQ`51<}FaK^Vl~-af z|J7L8d_CZ7E-#9FG|P!3f>EL-$f>9))Na6{Z`*Gxjp<&s#%#|dUf#ZBAe-j@O5u^i z)prg%kAa&e*Kqj3`!7{WOpV$>NIUCD<~l*?%d)RB;g><|(w*>M2Npu7UjF?c)m%ZT zH(9s4=4$I3`?6v45>gF>&XZ@eo;=Yje0u7@uIt_KCoowCyy@8&yrh@K8M^q?;(Cm| zc}HpmQ!9B8?~@olf7n2h$FpI#tqC71&I_xj%d{-^A3onqR1!^!CQ#vm4BWeT?b2{6LC%D> z8ZA*CX4;N2?;hAudTXy1k74T^xLq6gsPF%F8IY&Wt8N&)9{}~vrA%X$X{NzMgV)xt z6=mY{qR<}D1EhmeUr%0fofSqzQOS=I8qyocRKHz}OoheEb{ul>+>CTTN@8wl)94e2 zP-Os|OhXUQ_tp+wpo6svUUKS#M%-T<{mWk*y%6dUH4NYCg*I+4p3|tSFptf07AIDC z5Hg?q)^PiPg-F|8Ww8Q_*xz{<$_SDd`Ju_1I6GVIbDWo0$7#7SdL`|4F4FmFeLM19 zb;S#t6AmlPt9u?*BU{gC`6+?V-tqi#8CIa;Uj->vmH6W1j$aE&y|EbWR>TtrIv2TP|!-_~Np9ci`kTzsAL{m&$j)C8+6|7IhT&A%*0e z2=0uVmZ_xyhn^|k`0e#;eh@d9gw3OBHw0o#`=Y|D`N+@p!Jz$H)F>4_RJ+*d408 ziIYkr*HpxYNYu+DNq(Lup7^Sh6rb6cC^X>rB8UHBt4d`H1@ZOMpwDHNC~cxPSvYt8 q4irKShtzgoHXd(9rcKd$>lf$D%Dc5M+Ms=uQ$+IqFh&sN_WmCf@N8HB literal 0 HcmV?d00001 diff --git a/docs/release/userguide/index.rst b/docs/release/userguide/index.rst index f4012a7..e215d40 100644 --- a/docs/release/userguide/index.rst +++ b/docs/release/userguide/index.rst @@ -28,7 +28,8 @@ The IPv6 Setup in Container Networking serves as feature specific user guides and references when as a user you may want to explore IPv6 in Docker container environment. The use of NDP Proxying is explored to connect IPv6-only containers to external network. The Docker IPv6 simple cluster topology is -studied with two Hosts, each with 2 Docker containers. +studied with two Hosts, each with 2 Docker containers. Docker IPv6 NAT topic +is also explored. For more information, please find `Neutron's IPv6 document for Queens Release `_. @@ -42,3 +43,4 @@ For more information, please find `Neutron's IPv6 document for Queens Release ./ipv6-in-container-networking.rst ./icmpv6-and-ndp-proxying-for-docker-containers.rst ./docker-ipv6-simple-cluster-topology.rst + ./docker-ipv6-nat.rst -- 2.16.6