From 61fde7b8c53cdafcf64bb6365fd94d4808a14262 Mon Sep 17 00:00:00 2001 From: Vivek Date: Fri, 4 Oct 2024 17:13:43 -0700 Subject: [PATCH 01/33] Add Skeleton --- .../high-availability/eni-based-forwarding.md | 45 +++++++++++++++++++ 1 file changed, 45 insertions(+) create mode 100644 doc/smart-switch/high-availability/eni-based-forwarding.md diff --git a/doc/smart-switch/high-availability/eni-based-forwarding.md b/doc/smart-switch/high-availability/eni-based-forwarding.md new file mode 100644 index 0000000000..940c9f0077 --- /dev/null +++ b/doc/smart-switch/high-availability/eni-based-forwarding.md @@ -0,0 +1,45 @@ +# SmartSwitch ENI Based Forwarding + +## Table of Content ## + +- [SmartSwitch ENI Based Forwarding](#smartswitch-eni-based-forwarding) + - [Table of Content](#table-of-content) + - [Revision](#revision) + - [Scope](#scope) + - [Definitions/Abbreviations](#definitionsabbreviations) + - [Overview](#overview) + - [Requirements](#requirements) + - [Architecture Design](#architecture-design) + - [Programming ACL Rules](#programming-acl-rules) + - [HA Active Mode](#ha-active-mode) + - [HA Standy Mode](#ha-standby-mode) + - [ACL Orchagent Design Changes](#acl-orchagent-design-changes) + - [Configuration and management](#configuration-and-management) + - [Warmboot and Fastboot Design Impact](#warmboot-and-fastboot-design-impact) + - [Memory Consumption](#memory-consumption) + - [Restrictions/Limitations](#restrictionslimitations) + - [Testing Requirements/Design](#testing-requirementsdesign) + - [Unit Test cases](#unit-test-cases) + - [System Test cases](#system-test-cases) + - [Open/Action items - if any](#openaction-items---if-any) + +## Revision ## + +| Rev | Date | Author | Change Description | +| --- | ---- | ------ | ------------------ | +| 0.1 | 10/05/2024 | Vivek Reddy Karri | Initial version | + +## Scope ## + +This document provides a high-level design for Smart Switch ENI based Packet Forwarding using ACL rules + +## Definitions/Abbreviations ## + +| Term | Meaning | +| ---- | ------------------------------------------------------- | +| NPU | Network Processing Unit | +| DPU | Data Processing Unit | + +## Overview ## + +## Requirements ## \ No newline at end of file From 7ee04221d1b9789f42fcfbc090bbf867dd857e49 Mon Sep 17 00:00:00 2001 From: Vivek Date: Mon, 7 Oct 2024 15:11:30 -0700 Subject: [PATCH 02/33] Add ACL Orchagent Flow --- .../high-availability/eni-based-forwarding.md | 6 +++++- .../images/new_acl_redirect_flow.svg | 13 +++++++++++++ .../images/old_acl_redirect_flow.svg | 13 +++++++++++++ 3 files changed, 31 insertions(+), 1 deletion(-) create mode 100644 doc/smart-switch/high-availability/images/new_acl_redirect_flow.svg create mode 100644 doc/smart-switch/high-availability/images/old_acl_redirect_flow.svg diff --git a/doc/smart-switch/high-availability/eni-based-forwarding.md b/doc/smart-switch/high-availability/eni-based-forwarding.md index 940c9f0077..3d7ac40362 100644 --- a/doc/smart-switch/high-availability/eni-based-forwarding.md +++ b/doc/smart-switch/high-availability/eni-based-forwarding.md @@ -42,4 +42,8 @@ This document provides a high-level design for Smart Switch ENI based Packet For ## Overview ## -## Requirements ## \ No newline at end of file +## Requirements ## + +

Current ACL Orchagent Redirect Flow

+ +

Proposed ACL Orchagent Redirect Flow

\ No newline at end of file diff --git a/doc/smart-switch/high-availability/images/new_acl_redirect_flow.svg b/doc/smart-switch/high-availability/images/new_acl_redirect_flow.svg new file mode 100644 index 0000000000..abd705248a --- /dev/null +++ b/doc/smart-switch/high-availability/images/new_acl_redirect_flow.svg @@ -0,0 +1,13 @@ + + + + + + + + ACL_RULE with REDIRECT : {1) port 2) lag 3) nexthop 4) nexthop groupWait until redirect object is foundProgram ACL Rule with REDIRECT=oidAPPL/CONF DBNextHop Object UpdateACL Orchagent SAI/SDKVNet/Route Orch5) Tunnel Next Hop} Update ACL Rule with new nh oid \ No newline at end of file diff --git a/doc/smart-switch/high-availability/images/old_acl_redirect_flow.svg b/doc/smart-switch/high-availability/images/old_acl_redirect_flow.svg new file mode 100644 index 0000000000..99d699b0f9 --- /dev/null +++ b/doc/smart-switch/high-availability/images/old_acl_redirect_flow.svg @@ -0,0 +1,13 @@ + + + + + + + + ACL_RULE with REDIRECT = {port lag, nexthop, nexthop group}Wait until redirect object is foundProgram ACL Rule with REDIRECT=oidAPPL/CONF DBNextHop Object UpdateACL Orchagent SAI/SDKVNet/Route Orch \ No newline at end of file From 9df1a5d2fc5787cbb9971bcadbb3bceff5e73163 Mon Sep 17 00:00:00 2001 From: Vivek Date: Mon, 7 Oct 2024 19:21:26 -0700 Subject: [PATCH 03/33] Design changes are updated --- .../high-availability/eni-based-forwarding.md | 66 ++++++++++++++++++- 1 file changed, 64 insertions(+), 2 deletions(-) diff --git a/doc/smart-switch/high-availability/eni-based-forwarding.md b/doc/smart-switch/high-availability/eni-based-forwarding.md index 3d7ac40362..b322248b2e 100644 --- a/doc/smart-switch/high-availability/eni-based-forwarding.md +++ b/doc/smart-switch/high-availability/eni-based-forwarding.md @@ -11,9 +11,9 @@ - [Requirements](#requirements) - [Architecture Design](#architecture-design) - [Programming ACL Rules](#programming-acl-rules) - - [HA Active Mode](#ha-active-mode) - - [HA Standy Mode](#ha-standby-mode) - [ACL Orchagent Design Changes](#acl-orchagent-design-changes) + - [Existing Design](#existing-design) + - [Updated Design](#Updated-design) - [Configuration and management](#configuration-and-management) - [Warmboot and Fastboot Design Impact](#warmboot-and-fastboot-design-impact) - [Memory Consumption](#memory-consumption) @@ -39,11 +39,73 @@ This document provides a high-level design for Smart Switch ENI based Packet For | ---- | ------------------------------------------------------- | | NPU | Network Processing Unit | | DPU | Data Processing Unit | +| VIP | Virtual IP | +| PA | Physical Adress | ## Overview ## +There are two possible NPU-DPU Traffic forwarding models. + +1) VIP based model + * Controller allocates VIP per DPU, which is advertised and visible from anywhere in the cloud infrastructure. + * The host has the DPU VIP as the gateway address for its traffic. + * Simple, decouples a DPU from switch. + * Costly, since you need VIP per DPU. + +2) ENI Based Forwarding + * The host has the switch VIP as the gateway address for its traffic. + * Cheaper, since only VIP per switch is needed (or even per a row of switches). ENI placement can be directed even across smart switches. + +ENI Based Forwarding is the preferred approach because of cost constraints. + ## Requirements ## +ENI based forwarding requires the switch to understand the relationship between the packet and ENI, and ENI and DPU. + +* Each DPU is represented as a PA (public address). Unlike VIP, PA does't have to be visible from the entire cloud infrastructure +* Each ENI belongs to a certain DPU (local or remote) +* Each packet can be identified as belonging to that switch using VIP and VNI +* Forwarding can be to local DPU PA or remote DPU PA over L3 VxLAN +* Scale: [# of DPUs] * [# of ENIs per DPU] * 2 (inbound and outbound) + +## Architecture Design ## + +### Programming ACL Rules ### + +* Packet Forwarding from NPU to local and remote DPU's are clearly explained in the High Availability HLD https://github.com/sonic-net/SONiC/blob/master/doc/smart-switch/high-availability/smart-switch-ha-hld.md#42-data-path-ha +* In a nutshell, the ACL rule for a ENI depends on the role of its DPU in the corresponding HA pair i.e. local or standby +* Thus, ACL rules must be dynamically updated on the NPU. This should be handled by HaMgrd as it will have all the necessary information to make the decision. +* The format on how the rules must be writted will be explained further in the document + +### ACL Orchagent Design Changes ### + +#### Existing Design #### + +Current Design on ACL Orchagent is equipped to infer and program "REDIRECT" action for an ACL Rule. Here is the schema expected for the field + + key: ACL_RULE_TABLE:table_name:rule_name + + redirect_action = 1*255CHAR ; redirect parameter + ; This parameter defines a destination for redirected packets + ; it could be: + : name of physical port. Example: "Ethernet10" + : name of LAG port Example: "PortChannel5" + : next-hop ip address (in global) Example: "10.0.0.1" + : next-hop ip address and vrf Example: "10.0.0.2@Vrf2" + : next-hop ip address and ifname Example: "10.0.0.3@Ethernet1" + : next-hop group set of next-hop Example: "10.0.0.1,10.0.0.3@Ethernet1" + +Existing configuration flow is presented below +

Current ACL Orchagent Redirect Flow

+#### Updated Design #### + +This design has a few shortcomings + +1) It is not equipped to handle redirect action to a Tunnel Next Hop +2) It follows fire and forget and doesn't keep track of the updates made to that next-hop object. This has to be fixed for the DPU to have uninterrupted traffic flow after an event which triggers an update of next-hop object + +Updated design is presented below +

Proposed ACL Orchagent Redirect Flow

\ No newline at end of file From 50ff55bba6b28cddfded5a1ca51b9aa81b9421c2 Mon Sep 17 00:00:00 2001 From: Vivek Date: Tue, 8 Oct 2024 00:28:29 -0700 Subject: [PATCH 04/33] Add ACL config --- .../high-availability/eni-based-forwarding.md | 95 ++++++++++++++++++- 1 file changed, 93 insertions(+), 2 deletions(-) diff --git a/doc/smart-switch/high-availability/eni-based-forwarding.md b/doc/smart-switch/high-availability/eni-based-forwarding.md index b322248b2e..b4d04c3153 100644 --- a/doc/smart-switch/high-availability/eni-based-forwarding.md +++ b/doc/smart-switch/high-availability/eni-based-forwarding.md @@ -14,7 +14,8 @@ - [ACL Orchagent Design Changes](#acl-orchagent-design-changes) - [Existing Design](#existing-design) - [Updated Design](#Updated-design) - - [Configuration and management](#configuration-and-management) + - [ACL Configuration](#acl-configuration) + - [Tunnel Next Hop](#tunnel-next-hop) - [Warmboot and Fastboot Design Impact](#warmboot-and-fastboot-design-impact) - [Memory Consumption](#memory-consumption) - [Restrictions/Limitations](#restrictionslimitations) @@ -108,4 +109,94 @@ This design has a few shortcomings Updated design is presented below -

Proposed ACL Orchagent Redirect Flow

\ No newline at end of file +

Proposed ACL Orchagent Redirect Flow

+ +### ACL Configuration ### + +ACL Table Type and ACL table Configuration as follows: + + { + "ACL_TABLE_TYPE": { + "ENI": { + "MATCHES": [ + "VNI", + "DST_IP", + "INNER_SRC_MAC", + "INNER_DST_MAC", + ], + "ACTIONS": [ + "REDIRECT_ACTION", + ], + "BIND_POINTS": [ + "PORT" + ] + } + }, + "ACL_TABLE": { + "ENI": { + "STAGE": "INGRESS", + "TYPE": "ENI", + "PORTS": [ + "" + ] + } + } + } + +ACL Rule for Inbound Traffic and Local DPU. Inbound traffic will be matched on INNER_SRC_MAC + + { + "ACL_RULE": { + "ENI|RULE_INBOUND_ENI0": { + "PRIORITY": "999", + "VNI": "4000", + "DST_IP": "1.1.1.1/32", + "INNER_SRC_MAC": "aa:bb:cc:dd:ee:ff" + "REDIRECT": "2.2.2.2" # PA Address for local DPU + } + } + } + +ACL Rule for Outbound Traffic and Local DPU. Inbound traffic will be matched on INNER_DST_MAC + + { + "ACL_RULE": { + "ENI|RULE_INBOUND_ENI0": { + "PRIORITY": "999", + "VNI": "4000", + "DST_IP": "3.3.3.3/32", + "INNER_DST_MAC": "aa:bb:cc:11:22:33" + "REDIRECT": "2.2.2.2" # PA Address for local DPU + } + } + } + +### Tunnel Next Hop ### + +ACL Rule for Inbound traffic and remote DPU + + { + "ACL_RULE": { + "ENI|RULE_INBOUND_ENI0": { + "PRIORITY": "999", + "VNI": "4000", + "DST_IP": "1.1.1.1/32", + "INNER_SRC_MAC": "aa:bb:cc:dd:ee:ff" + "REDIRECT": '{"tunnel_name" : "tunnel0", "dst_ip": "4.4.4.4", "vni": "100", "mac_address": ""}' + } + } + } + +ACL Rule for Outbound traffic and remote DPU + + { + "ACL_RULE": { + "ENI|RULE_INBOUND_ENI0": { + "PRIORITY": "999", + "VNI": "4000", + "DST_IP": "3.3.3.3/32", + "INNER_DST_MAC": "aa:bb:cc:11:22:33" + "REDIRECT": '{"tunnel_name" : "tunnel0", "dst_ip": "6.6.6.6", "vni": "100", "mac_address": ""}' + } + } + } From 48c8b7898654bf8b51008bad63303e50c87b01c1 Mon Sep 17 00:00:00 2001 From: Vivek Date: Tue, 8 Oct 2024 12:19:33 -0700 Subject: [PATCH 05/33] json based nexthop tunnel --- .../high-availability/eni-based-forwarding.md | 30 +++++++++++++++++++ 1 file changed, 30 insertions(+) diff --git a/doc/smart-switch/high-availability/eni-based-forwarding.md b/doc/smart-switch/high-availability/eni-based-forwarding.md index b4d04c3153..8af95bf872 100644 --- a/doc/smart-switch/high-availability/eni-based-forwarding.md +++ b/doc/smart-switch/high-availability/eni-based-forwarding.md @@ -173,6 +173,36 @@ ACL Rule for Outbound Traffic and Local DPU. Inbound traffic will be matched on ### Tunnel Next Hop ### +An example flow which creates a Tunnel Next Hop would be when a VNET Route is programmed with Tunnel Hop. Ref: https://github.com/sonic-net/SONiC/blob/master/doc/vxlan/Vxlan_hld.md#22-app-db + + VNET_ROUTE_TUNNEL_TABLE:{{vnet_name}}:{{prefix}} + "endpoint": {{ip_address}} + "mac_address":{{mac_address}} (OPTIONAL) + "vni": {{vni}}(OPTIONAL) + +To identify a Tunnel Next Hop, a combination of these parameters are required by ACL Orchagent +1) Tunnel Name +2) Endpoint IP +3) MAC (OPTIONAL) +4) VNI (OPTIONAL) + +ACL_RULE_TABLE should be equipped to accept these new paremeters without breaking backward compatibility. Thus it is decided to add a new Table to represent + + + key: ACL_RULE_TABLE:table_name:rule_name + + redirect_action = 1*255CHAR ; redirect parameter + ; This parameter defines a destination for redirected packets + ; it could be: + : name of physical port. Example: "Ethernet10" + : name of LAG port Example: "PortChannel5" + : next-hop ip address (in global) Example: "10.0.0.1" + : next-hop ip address and vrf Example: "10.0.0.2@Vrf2" + : next-hop ip address and ifname Example: "10.0.0.3@Ethernet1" + : next-hop group set of next-hop Example: "10.0.0.1,10.0.0.3@Ethernet1" + : next hop for tunnel Example: "{\"endpoint\": \"1.1.1.1/32\", \"mac_address\": \"aa:aa:aa:aa:aa:aa\", \"tunnel_name\": \"ha_tunnel0\", \"vni\": \"100\"}" + : next hop group set for tunnel Example: "{\"endpoint\": \"1.1.1.1/32\", \"tunnel_name\": \"ha_tunnel0\", }" + ACL Rule for Inbound traffic and remote DPU { From 861f0d7a28d24a9e232910463dabf3d04719a0b8 Mon Sep 17 00:00:00 2001 From: Vivek Date: Tue, 8 Oct 2024 12:45:08 -0700 Subject: [PATCH 06/33] Configuration Changes added --- .../high-availability/eni-based-forwarding.md | 60 +++++++++---------- 1 file changed, 28 insertions(+), 32 deletions(-) diff --git a/doc/smart-switch/high-availability/eni-based-forwarding.md b/doc/smart-switch/high-availability/eni-based-forwarding.md index 8af95bf872..5aa74a3e00 100644 --- a/doc/smart-switch/high-availability/eni-based-forwarding.md +++ b/doc/smart-switch/high-availability/eni-based-forwarding.md @@ -186,47 +186,43 @@ To identify a Tunnel Next Hop, a combination of these parameters are required by 3) MAC (OPTIONAL) 4) VNI (OPTIONAL) -ACL_RULE_TABLE should be equipped to accept these new paremeters without breaking backward compatibility. Thus it is decided to add a new Table to represent +ACL_RULE_TABLE should be equipped to accept these new paremeters without breaking backward compatibility. Thus, a new Table to represent the tunnel next hop. +``` +key = "TUNNEL_NEXT_HOP:tunnel_next_hop_name" - key: ACL_RULE_TABLE:table_name:rule_name +tunnel_name = STRING ; Name of the Tunnel which has the nexthop associated +endpoint_ip = IPv4/IPv6 ; Endpoint IP +mac_address = MAC ; Inner Destination MAC (Optional) +vni = INT ; Next Hop Entry VNI (Optional) +``` - redirect_action = 1*255CHAR ; redirect parameter - ; This parameter defines a destination for redirected packets - ; it could be: - : name of physical port. Example: "Ethernet10" - : name of LAG port Example: "PortChannel5" - : next-hop ip address (in global) Example: "10.0.0.1" - : next-hop ip address and vrf Example: "10.0.0.2@Vrf2" - : next-hop ip address and ifname Example: "10.0.0.3@Ethernet1" - : next-hop group set of next-hop Example: "10.0.0.1,10.0.0.3@Ethernet1" - : next hop for tunnel Example: "{\"endpoint\": \"1.1.1.1/32\", \"mac_address\": \"aa:aa:aa:aa:aa:aa\", \"tunnel_name\": \"ha_tunnel0\", \"vni\": \"100\"}" - : next hop group set for tunnel Example: "{\"endpoint\": \"1.1.1.1/32\", \"tunnel_name\": \"ha_tunnel0\", }" +Key for this table should be an input to redirect_action field in the ACL_RULE_TABLE -ACL Rule for Inbound traffic and remote DPU +``` +key: ACL_RULE_TABLE:table_name:rule_name - { - "ACL_RULE": { - "ENI|RULE_INBOUND_ENI0": { - "PRIORITY": "999", - "VNI": "4000", - "DST_IP": "1.1.1.1/32", - "INNER_SRC_MAC": "aa:bb:cc:dd:ee:ff" - "REDIRECT": '{"tunnel_name" : "tunnel0", "dst_ip": "4.4.4.4", "vni": "100", "mac_address": ""}' - } - } - } +redirect_action = 1*255CHAR : + : next hop for tunnel Example: ha_tunnel0_nh, this should be an entry in the TUNNEL_NEXT_HOP table +``` -ACL Rule for Outbound traffic and remote DPU +Exmaple: ACL Rule for outbound traffic and remote DPU - { + { + "TUNNEL_NEXT_HOP": { + "ha_tunnel0_nh":{ + "tunnel_name": "ha_tunnel0", + "endpoint_ip": "3.3.3.3/32", + "vni": "100" + } + } "ACL_RULE": { - "ENI|RULE_INBOUND_ENI0": { + "ENI|RULE_INBOUND_REMOTE_ENI0": { "PRIORITY": "999", "VNI": "4000", - "DST_IP": "3.3.3.3/32", - "INNER_DST_MAC": "aa:bb:cc:11:22:33" - "REDIRECT": '{"tunnel_name" : "tunnel0", "dst_ip": "6.6.6.6", "vni": "100", "mac_address": ""}' + "DST_IP": "1.1.1.1/32", + "INNER_DST_MAC": "aa:bb:cc:dd:ee:ff" + "REDIRECT": "ha_tunnel0" } - } + } } From 0b0e45e2126587043a39eeacef64cfc249122cce Mon Sep 17 00:00:00 2001 From: Vivek Date: Tue, 8 Oct 2024 13:48:02 -0700 Subject: [PATCH 07/33] Added all the rwmaining parts --- .../high-availability/eni-based-forwarding.md | 47 +++++++++++++------ 1 file changed, 32 insertions(+), 15 deletions(-) diff --git a/doc/smart-switch/high-availability/eni-based-forwarding.md b/doc/smart-switch/high-availability/eni-based-forwarding.md index 5aa74a3e00..a79a4a621f 100644 --- a/doc/smart-switch/high-availability/eni-based-forwarding.md +++ b/doc/smart-switch/high-availability/eni-based-forwarding.md @@ -17,10 +17,8 @@ - [ACL Configuration](#acl-configuration) - [Tunnel Next Hop](#tunnel-next-hop) - [Warmboot and Fastboot Design Impact](#warmboot-and-fastboot-design-impact) - - [Memory Consumption](#memory-consumption) - [Restrictions/Limitations](#restrictionslimitations) - [Testing Requirements/Design](#testing-requirementsdesign) - - [Unit Test cases](#unit-test-cases) - [System Test cases](#system-test-cases) - [Open/Action items - if any](#openaction-items---if-any) @@ -41,7 +39,7 @@ This document provides a high-level design for Smart Switch ENI based Packet For | NPU | Network Processing Unit | | DPU | Data Processing Unit | | VIP | Virtual IP | -| PA | Physical Adress | +| PA | Physical Address | ## Overview ## @@ -143,7 +141,7 @@ ACL Table Type and ACL table Configuration as follows: } } -ACL Rule for Inbound Traffic and Local DPU. Inbound traffic will be matched on INNER_SRC_MAC +Example: ACL Rule for Inbound Traffic and Local DPU. Inbound traffic will be matched on INNER_SRC_MAC { "ACL_RULE": { @@ -157,7 +155,7 @@ ACL Rule for Inbound Traffic and Local DPU. Inbound traffic will be matched on I } } -ACL Rule for Outbound Traffic and Local DPU. Inbound traffic will be matched on INNER_DST_MAC +Example: ACL Rule for Outbound Traffic and Local DPU. Inbound traffic will be matched on INNER_DST_MAC { "ACL_RULE": { @@ -189,27 +187,29 @@ To identify a Tunnel Next Hop, a combination of these parameters are required by ACL_RULE_TABLE should be equipped to accept these new paremeters without breaking backward compatibility. Thus, a new Table to represent the tunnel next hop. ``` -key = "TUNNEL_NEXT_HOP:tunnel_next_hop_name" +key = "TUNNEL_NEXT_HOP_TABLE:next_hop_object_name" -tunnel_name = STRING ; Name of the Tunnel which has the nexthop associated -endpoint_ip = IPv4/IPv6 ; Endpoint IP -mac_address = MAC ; Inner Destination MAC (Optional) -vni = INT ; Next Hop Entry VNI (Optional) +tunnel_name = STRING ; Name of the Tunnel which has the nexthop associated +endpoint_ip = List of IP's separated by comma ; Endpoint IP's. When there are multiple IP's it is assumed to be a next hop group +mac_address = List of MAC's separated by comma ; Inner Destination MAC's (Optional) +vni = List of VNI's separated by comma ; Next Hop Entry VNI's (Optional) ``` -Key for this table should be an input to redirect_action field in the ACL_RULE_TABLE +Key for this table should be an input to redirect_action field in the ACL_RULE_TABLE + +**Note: ** ``` key: ACL_RULE_TABLE:table_name:rule_name redirect_action = 1*255CHAR : - : next hop for tunnel Example: ha_tunnel0_nh, this should be an entry in the TUNNEL_NEXT_HOP table + : next hop for tunnel Example: ha_tunnel0_nh, this should be a key in the TUNNEL_NEXT_HOP table ``` Exmaple: ACL Rule for outbound traffic and remote DPU { - "TUNNEL_NEXT_HOP": { + "TUNNEL_NEXT_HOP_TABLE": { "ha_tunnel0_nh":{ "tunnel_name": "ha_tunnel0", "endpoint_ip": "3.3.3.3/32", @@ -217,12 +217,29 @@ Exmaple: ACL Rule for outbound traffic and remote DPU } } "ACL_RULE": { - "ENI|RULE_INBOUND_REMOTE_ENI0": { + "ENI|RULE_OUTBOUND_REMOTE_ENI0": { "PRIORITY": "999", "VNI": "4000", "DST_IP": "1.1.1.1/32", "INNER_DST_MAC": "aa:bb:cc:dd:ee:ff" - "REDIRECT": "ha_tunnel0" + "REDIRECT": "ha_tunnel0_nh" } } } + +## Warmboot and Fastboot Design Impact ## + +No Changes here. + +## Restrictions/Limitations ## + +- Even though provision for Tunnel NH Group is provided, it is not in the scope of this feature to support Tunnel NH Group. +- HaMgrd will be writing the ACL rules to APPL_DB and so Configuration/CLI/Yang model to support TUNNEL_NEXT_HOP_TABLE is not in the scope of this feature + +## Testing Requirements/Design ## + +- Migrate existing Private Link tests to use ENI Forwarding Approach. Until HaMgrd is available, test should progran ACL rules in APPL_DB +- Add individual test cases which verify next hop forwarding +- Add individual test cases to verify tunnel next hop forwarding regardless of HA availability + +## Open/Action items - if any ## \ No newline at end of file From c05a8a6116abe2c955a50a05fe4733717096af06 Mon Sep 17 00:00:00 2001 From: Vivek Date: Tue, 8 Oct 2024 14:09:42 -0700 Subject: [PATCH 08/33] Update HLD --- doc/smart-switch/high-availability/eni-based-forwarding.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/doc/smart-switch/high-availability/eni-based-forwarding.md b/doc/smart-switch/high-availability/eni-based-forwarding.md index a79a4a621f..66c69aacd2 100644 --- a/doc/smart-switch/high-availability/eni-based-forwarding.md +++ b/doc/smart-switch/high-availability/eni-based-forwarding.md @@ -100,10 +100,11 @@ Existing configuration flow is presented below #### Updated Design #### -This design has a few shortcomings +The existing design has a few shortcomings 1) It is not equipped to handle redirect action to a Tunnel Next Hop 2) It follows fire and forget and doesn't keep track of the updates made to that next-hop object. This has to be fixed for the DPU to have uninterrupted traffic flow after an event which triggers an update of next-hop object +3) State of the ACL rule should be clearly reflected in the STATE_DB Updated design is presented below From 177821017c50f0c37e5b86402f987343deb20e5e Mon Sep 17 00:00:00 2001 From: Vivek Date: Tue, 8 Oct 2024 14:55:18 -0700 Subject: [PATCH 09/33] Update the design --- .../high-availability/eni-based-forwarding.md | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/doc/smart-switch/high-availability/eni-based-forwarding.md b/doc/smart-switch/high-availability/eni-based-forwarding.md index 66c69aacd2..ca547cd456 100644 --- a/doc/smart-switch/high-availability/eni-based-forwarding.md +++ b/doc/smart-switch/high-availability/eni-based-forwarding.md @@ -204,15 +204,15 @@ Key for this table should be an input to redirect_action field in the ACL_RULE_T key: ACL_RULE_TABLE:table_name:rule_name redirect_action = 1*255CHAR : - : next hop for tunnel Example: ha_tunnel0_nh, this should be a key in the TUNNEL_NEXT_HOP table + : next hop for tunnel Example: npu2npu_tunnel0, this should be a key in the TUNNEL_NEXT_HOP table ``` Exmaple: ACL Rule for outbound traffic and remote DPU { "TUNNEL_NEXT_HOP_TABLE": { - "ha_tunnel0_nh":{ - "tunnel_name": "ha_tunnel0", + "npu2npu_tunnel_nh":{ + "tunnel_name": "npu2npu_tunnel0", "endpoint_ip": "3.3.3.3/32", "vni": "100" } @@ -223,7 +223,7 @@ Exmaple: ACL Rule for outbound traffic and remote DPU "VNI": "4000", "DST_IP": "1.1.1.1/32", "INNER_DST_MAC": "aa:bb:cc:dd:ee:ff" - "REDIRECT": "ha_tunnel0_nh" + "REDIRECT": "npu2npu_tunnel_nh" } } } @@ -234,7 +234,6 @@ No Changes here. ## Restrictions/Limitations ## -- Even though provision for Tunnel NH Group is provided, it is not in the scope of this feature to support Tunnel NH Group. - HaMgrd will be writing the ACL rules to APPL_DB and so Configuration/CLI/Yang model to support TUNNEL_NEXT_HOP_TABLE is not in the scope of this feature ## Testing Requirements/Design ## From 0e58f7299cbcfb3378c0102461c4c9949c776aba Mon Sep 17 00:00:00 2001 From: Vivek Date: Tue, 8 Oct 2024 19:27:37 -0700 Subject: [PATCH 10/33] Design update --- .../high-availability/eni-based-forwarding.md | 84 +++++++++++------- .../images/acl_tunnel_redirect_flow.svg | 13 +++ .../images/eni_redirect_overview.png | Bin 0 -> 31291 bytes .../images/new_acl_redirect_flow.svg | 6 +- 4 files changed, 68 insertions(+), 35 deletions(-) create mode 100644 doc/smart-switch/high-availability/images/acl_tunnel_redirect_flow.svg create mode 100644 doc/smart-switch/high-availability/images/eni_redirect_overview.png diff --git a/doc/smart-switch/high-availability/eni-based-forwarding.md b/doc/smart-switch/high-availability/eni-based-forwarding.md index ca547cd456..64b8a6c3de 100644 --- a/doc/smart-switch/high-availability/eni-based-forwarding.md +++ b/doc/smart-switch/high-availability/eni-based-forwarding.md @@ -40,6 +40,8 @@ This document provides a high-level design for Smart Switch ENI based Packet For | DPU | Data Processing Unit | | VIP | Virtual IP | | PA | Physical Address | +| NH | Next Hop | +| NHG | Next Hop Group | ## Overview ## @@ -76,6 +78,8 @@ ENI based forwarding requires the switch to understand the relationship between * Thus, ACL rules must be dynamically updated on the NPU. This should be handled by HaMgrd as it will have all the necessary information to make the decision. * The format on how the rules must be writted will be explained further in the document +![alt text](./images/eni_redirect_overview.png) + ### ACL Orchagent Design Changes ### #### Existing Design #### @@ -94,25 +98,28 @@ Current Design on ACL Orchagent is equipped to infer and program "REDIRECT" acti : next-hop ip address and ifname Example: "10.0.0.3@Ethernet1" : next-hop group set of next-hop Example: "10.0.0.1,10.0.0.3@Ethernet1" -Existing configuration flow is presented below - -

Current ACL Orchagent Redirect Flow

+**Current ACL Orchagent Redirect Flow** +

#### Updated Design #### The existing design has a few shortcomings -1) It is not equipped to handle redirect action to a Tunnel Next Hop +1) It is not equipped to handle redirect action to a Tunnel NH or NG Group 2) It follows fire and forget and doesn't keep track of the updates made to that next-hop object. This has to be fixed for the DPU to have uninterrupted traffic flow after an event which triggers an update of next-hop object 3) State of the ACL rule should be clearly reflected in the STATE_DB -Updated design is presented below +**Proposed design when Nexthop is programmed**

Proposed ACL Orchagent Redirect Flow

+**Proposed design when Tunnel NH or NHG is programmed** + +

Proposed ACL Orchagent Redirect Flow

+ ### ACL Configuration ### -ACL Table Type and ACL table Configuration as follows: +**ACL Table Type and ACL table Configuration** { "ACL_TABLE_TYPE": { @@ -136,13 +143,13 @@ ACL Table Type and ACL table Configuration as follows: "STAGE": "INGRESS", "TYPE": "ENI", "PORTS": [ - "" + "" ] } } } -Example: ACL Rule for Inbound Traffic and Local DPU. Inbound traffic will be matched on INNER_SRC_MAC +**Example: ACL Rule for Inbound Traffic and Local DPU** { "ACL_RULE": { @@ -150,21 +157,21 @@ Example: ACL Rule for Inbound Traffic and Local DPU. Inbound traffic will be mat "PRIORITY": "999", "VNI": "4000", "DST_IP": "1.1.1.1/32", - "INNER_SRC_MAC": "aa:bb:cc:dd:ee:ff" + "INNER_DST_MAC": "aa:bb:cc:dd:ee:ff" "REDIRECT": "2.2.2.2" # PA Address for local DPU } } } -Example: ACL Rule for Outbound Traffic and Local DPU. Inbound traffic will be matched on INNER_DST_MAC +**Example: ACL Rule for Outbound Traffic and Local DPU** { "ACL_RULE": { - "ENI|RULE_INBOUND_ENI0": { + "ENI|RULE_OUTBOUND_ENI0": { "PRIORITY": "999", "VNI": "4000", "DST_IP": "3.3.3.3/32", - "INNER_DST_MAC": "aa:bb:cc:11:22:33" + "INNER_SRC_MAC": "aa:bb:cc:11:22:33" "REDIRECT": "2.2.2.2" # PA Address for local DPU } } @@ -172,58 +179,71 @@ Example: ACL Rule for Outbound Traffic and Local DPU. Inbound traffic will be ma ### Tunnel Next Hop ### -An example flow which creates a Tunnel Next Hop would be when a VNET Route is programmed with Tunnel Hop. Ref: https://github.com/sonic-net/SONiC/blob/master/doc/vxlan/Vxlan_hld.md#22-app-db +An example flow which creates a Tunnel Next Hop would be programming a VNET route with Tunnel Hop. Ref for Schema: https://github.com/sonic-net/SONiC/blob/master/doc/vxlan/Vxlan_hld.md#22-app-db VNET_ROUTE_TUNNEL_TABLE:{{vnet_name}}:{{prefix}} "endpoint": {{ip_address}} "mac_address":{{mac_address}} (OPTIONAL) "vni": {{vni}}(OPTIONAL) -To identify a Tunnel Next Hop, a combination of these parameters are required by ACL Orchagent -1) Tunnel Name -2) Endpoint IP -3) MAC (OPTIONAL) -4) VNI (OPTIONAL) +To create a Tunnel NH or NHG, a combination of these parameters are required +- Tunnel Name +- Endpoint IP +- MAC (OPTIONAL) +- VNI (OPTIONAL) -ACL_RULE_TABLE should be equipped to accept these new paremeters without breaking backward compatibility. Thus, a new Table to represent the tunnel next hop. +ACL_RULE_TABLE should be equipped to accept these new paremeters. Thus, a new table to represent the tunnel NH or NHG is added. +Key for this table should be an input to redirect_action field in the ACL_RULE_TABLE ``` -key = "TUNNEL_NEXT_HOP_TABLE:next_hop_object_name" +key = "TUNNEL_NH_TABLE:nh_object_name" -tunnel_name = STRING ; Name of the Tunnel which has the nexthop associated +tunnel_name = STRING ; Name of the Tunnel which has the NH or NHG associated endpoint_ip = List of IP's separated by comma ; Endpoint IP's. When there are multiple IP's it is assumed to be a next hop group mac_address = List of MAC's separated by comma ; Inner Destination MAC's (Optional) vni = List of VNI's separated by comma ; Next Hop Entry VNI's (Optional) +description = STRING ; Additional Information explaining the NH (Optional) ``` -Key for this table should be an input to redirect_action field in the ACL_RULE_TABLE - -**Note: ** ``` key: ACL_RULE_TABLE:table_name:rule_name redirect_action = 1*255CHAR : - : next hop for tunnel Example: npu2npu_tunnel0, this should be a key in the TUNNEL_NEXT_HOP table + : next hop for tunnel Example: npu2npu_tunnel0, this should be a key in the TUNNEL_NH_TABLE ``` Exmaple: ACL Rule for outbound traffic and remote DPU { - "TUNNEL_NEXT_HOP_TABLE": { - "npu2npu_tunnel_nh":{ - "tunnel_name": "npu2npu_tunnel0", - "endpoint_ip": "3.3.3.3/32", - "vni": "100" + "TUNNEL_NH_TABLE": { + "ha_tunnel_nh0":{ + "DESCRIPTION": "NH to Active NPU with ENI 1000" + "TUNNEL_NAME": "npu_tunnel", + "ENDPOINT_IP": "3.3.3.3", + "VNI": "100" + }, + "npu2npu_tunnel_nhg0":{ + "DESCRIPTION": "NHG to HA Pair with ENI 2000" + "TUNNEL_NAME": "npu_tunnel", + "ENDPOINT_IP": "1.1.1.1,2.2.2.2", + "VNI": "200,200" } } "ACL_RULE": { - "ENI|RULE_OUTBOUND_REMOTE_ENI0": { + "ENI|INBOUND_REMOTE_ENI1000": { + "PRIORITY": "999", + "VNI": "4000", + "DST_IP": "1.1.1.1/32", + "INNER_DST_MAC": "aa:bb:cc:dd:ee:ff" + "REDIRECT": "ha_tunnel_nh0" + }, + "ENI|INBOUND_REMOTE_ENI2000": { "PRIORITY": "999", "VNI": "4000", "DST_IP": "1.1.1.1/32", "INNER_DST_MAC": "aa:bb:cc:dd:ee:ff" - "REDIRECT": "npu2npu_tunnel_nh" + "REDIRECT": "npu2npu_tunnel_nhg0" } } } diff --git a/doc/smart-switch/high-availability/images/acl_tunnel_redirect_flow.svg b/doc/smart-switch/high-availability/images/acl_tunnel_redirect_flow.svg new file mode 100644 index 0000000000..3db8e1fdc0 --- /dev/null +++ b/doc/smart-switch/high-availability/images/acl_tunnel_redirect_flow.svg @@ -0,0 +1,13 @@ + + + + + + + + ACL_RULE with REDIRECT = tunnel nexthop or tunnel nh groupVerify if the nh oid is already createdAPPL/CONF DBVxLAN Orchagent SAI/SDKACL OrchagentCreate tunnel nh or nh group Create ACL Rule \ No newline at end of file diff --git a/doc/smart-switch/high-availability/images/eni_redirect_overview.png b/doc/smart-switch/high-availability/images/eni_redirect_overview.png new file mode 100644 index 0000000000000000000000000000000000000000..f1af3edba6b41fa924121636f7e676a62099c2c7 GIT binary patch literal 31291 zcmeEuXH-*Lv@RkDf(R<0f)qun7?j?Ng(6jY2c?(Li_G1 zPC#%vihzJnmGlfSGHD)Q1N=MXsxEhrAg}G(Jn-Rxg|337vN8b|@Sc?5REP}$5&jb3 zj}G_)evUXra2oi33O|M*{OjA(QHaxjy(d(~U-(6(VTpi1nn2-!jOMdbi=$^hQ1_N^ zuUQRHn_svhbEe^OGGTnck64PA@2*^r|3>5*Mf!6g^n$a(Ia!l@HjcnocjFP;Su&yJ zH8T9(ms|znCobMR^-1=D6V#dMu6@f5EEg`xzx6{}+I-S--28Ip@ZzVLIAx%8#^5au0S#H2{$I?{lI~kG)#<#Dcs9b6)Jyy`eWn*3O+`-qTNfd|tkDFfYN+>IJc8lYC$c!RP zWmM7@YcI#_CY&wtqgGC~rxVcZ*t`U*U0Od4qI4MySK^ALTR^JDZ=Z?@lnTAG=dJ1J z+T~r^c?qQIR-T#s=KhFag5ef4vqWbYNBW6!q^GZGp)gFu$bcqR#Z|A)EQ?vkBBs)C z-X(2bMrYLxmf-y%u1{6uI2&1il;$LfBGaU%0y*hHqXHi?iQ6O+Hf4hBs2yIQ#+`TN zK!=T80mp-#cQjBrpk zyffn?VcoFdR-LJ%kW|CWV^F@kh>`v*S=E$_*XuxDwF3Qwrx0XAmPV$@=yU%I$9S9B zmJs}@47vnd6T;D9%ej31ITADl!RCnl_;Z&Sj_}P*rYzdw=o;q26p} zkY4;8?Ox|S<@CyH=fwqD(!XdYCrPfl7lyKd#~Un)A1mb32xl|)mUhfo8TE1GcGcOZdCH)4GBv*35SL?|z#PE>^$^J_rOMJ;b@PIpFV&F=4~$)& z47QoAPj-#YTf7LvWsJ!SF`aLtt?bVl&-W}`OL_d&Tt-KDr^nkO^qOU4(bC6{f!;<} zy>q{Sy?$Xtg_s;1t+l!azwK#q^g7?n4G2DdKecCssiM4@kE@+Qw|;fbq_>c*o~g(| zNzf?edWv+X1lZ@HSPUh<&J2REZXpSezszh$?Wi%BBf{Qh;Y}{5p#o(GPj0m#=Hcr99Jw!gllwWSIxR$4b30Zi& zn%+N&tAMRh*YtOci)Bvm>v=cd?#ZxXQ-H>Y4W=ict*E8#;NH?|Y;_31gr7*qgpz(% zq=r!&e`ZceXGxaasnRVTA^2Wzd-MC}e@Xst9nkTJkZvAZj-n&xe$M}0fLDvkh;%7E z^w>U8S4$_bF-~^0C5nxYRr_oUiMstN7zNXJ_f-37phoQo1K0v*Gs|R+Ry=kMVKln3 zBD>pa&r*0>mQumTreW@Q`314QzFtm4LqngYl1S$>8)x;DUeNv}r%hJBejbKv4*h+) z?oQ}pnAY*10b3XhLZrWFbg0>#Wqzi#9o~{zg&GR`*K?=^5?WO%>Xuqhf96z}DNfwD zf#9waq6m3={BcunBNVlQ6m=6W%I_h`IEt%LhU@x6D=cA*#|_RS1?g?cw8|p)miL^W zeO9Xbo5Hb5#Somt`_uY2xGh8DQMC zv%fr9_`H6pRG zn=AR^ag8cX0F@`bNx?=bJQ1)R!>tz?eI|=hXS^1vel_|Z3v=}D!98Z1JLPu$dF*g+ zbY>2}8m4S7sriwGX5jJtA!Vkrffm*BWwIArM(!kjmxo)?g`Bv6UlDlBlx&+CAL};7 z(h(QMLM{xwjSoP$ecrTxJ!-@4JIxHnt77ls-b%B@bgn4c`oOd(&mP}uDrv-XqPFF+ zYAh}B3uOha{G|`wgRJHaA5ZQw>2o4#sv`z``%@uW!wYuy=KYsHPF|DBaVMjy$~TWO zjn5t3Gtt#gK`%&DmzqZRs>dZ)M}*{CYHsQdXfpP=1wfb+wZuP5xi99qEM5Y^Zl&7~ zB4?vSW>u|XZpP8RfxPZun7oZqB9??lyPr)!cNa| z{4ux8JcLW}Ww2e4sXY~UMS!}hJ@~1>?ya%IBI4cQt3G&+xp6~nL)ZO*{yn}wzd`5{ ztK<0PKQr<)1)m@_a|H3J!0+75>L>Y8&6bcTD%GP=#P|d&Fp~qrdeSLmCq@xHM5Jtr zOK)APPV9{|EihadAWw60H1jN#Qq0iRxo5{|L;&R`rBbpy^^WVfPeA}xzr-BNUCd{E zqp8vZcZObI)<;|WF@t%lonD&F!Nwc#R~o5e@UZ7Vk4XBFwCjUdf7bnxMMCjb$h=1ZPBD9#$4lbMg&z4&k!h2U6{X1L z<>(HvP^rOQA(hfXP!cs$qUIgpo$0%EFRgycPY4K&zVo>0R`-)N4WYVQCzo_?=%YWK zoo8!8@tTXDWncGULCbyYz%LECori0?!94xnV0VN5*=A`Fuo12wA0_5;b>y$qc|5Bn zTaem+%dD$u=Iya!S-6blp})KNocU!o#PMN=tTIgmXGAw^ZbFGYnCiJ7c2mQ?W#-c2 zm_ho`K&J_rtRQ=3z#3F6k5X0~%Q%8!+}l`00+4^8>QnFroW3IX%ArrR~$*)si2_RA>YRz>oGE>T)SW zzS06Kla=6s`MJiGgw5o4(IMJI&{#rb?r_O4O!k~WDD9r23QbSyBf9I0eZ_^lyisg^ zLZrM}e$#VOW;iMBtA=#hkDJUnt0;-f$YgODW)&Xn*{V(Vj_Fi{06-dp`-za*htkQe z2T9-K%l!*DYpZTOdlpJ4nYyi=Q=+w!UtE8F-fSgbkLj(7hX_I=d0S!cLMtNhxj+Bc z!OW?Hvx@XJnjPL#OSQ!+a_1-l4UO)J`HXE)kfqvs2HnH((AlXX*SYWiqkEYR05KYj zOi5}cwI)*EmV6Oa`&<)NX!~F_mgN?Bo_asYae&?`YCCY%wZ{Jby>A=~^)~z_l z@A3$cRpJ^}DnV8W5>YwZTRRllKYl)N#BJ%kkZf`+9j+%ekM0QtJ3}Q?Fa?j*F_Q|QtaVQnN8M&y39adfwQ8YrRnr3Ks4`TkrVklnb!)mkf!h0RNBqRXq2 zUx)96ALG6fyc%Ftka%}N%}IEpWFe5b{jhENq0ShUIR9KM3nlqbCVO?>c){I+0tVvf z3jfE$Y-ud#7wG-tvrB6Cx;6qsuo(^#(sM}iMplQ&&0>&MFKf;uWaolxs4iEkooCro z{|`fbOzE>)a?hA1!Lf2D2yHQ##qk=$U5$E*Q#GJ!Nb6(+bQg0vp+LCSaKJ`RhSZcR znf%NjxsA{cc=x^N0rfHe9Y2{oHFK;I^`yYROtwD2ssG82TB#w+b;-mC%$(DnbmOYt_#r@01 zzoP&(Ye2F%+hPgpLzw&qR77T|4GIvGmvm^j!x+T+8bj%=yq&_=S10SiKfk?N3*dcN z%qp&k3z{*T!_c53M&fV+cA1*pX%J~q7k}5RaUeNd(w2-F z5-(sEqou7q^s6%&_i1PU-Zt#w(YlzUr3V>3?>4z(>?+GRWh}V3Vt!MD%K2y_`Q&#& zXDG-(t_;FXh~AzaB36N?BA&}5rZjR5+Rtmu~~TXwb?+_Ne5L+mWKu9_gb^OG8sRMCX~t#REaT1{YN zR=DFM`>^U&m&-nrG&qXxJDjG5RnI;r`Ye~%y}rOAJFqxdNKf>dF7AiNquwOVrS`3Z zWcBgay$p+;gELtE^mZAs#arwv4A-}aIZW80s)?spLiP@?-fDN|+wQ3y5Odz<)Go2J znp-qd7b>+1?*$p^dZ_+f*PPL6gS4rtaQiQQ{@k`)S&X^}3t52krQ4S-Q0BRMl8z** zfk?SVkt>w}>#)2;A*pS{!N%vjRex9w`jWJWBi5~H)oZ)yi@>XBmLBZY}mD{hUlS8jdW8zFc=&( z!E0PV%tvM)Rm`r1H7LlIx393UGY~^`%VCQwX0TXR_bWevz?oJ_y(WwbE=n>+>3$xE z{V-*@oau96ubEcSy;hm}Qa0t6Xl9N-SmwmKB^3H;BJia zuSO5qwS+S=y;Wkf3zyxe&PY7GS6@sixr0b_ZoFDz-T7(fHSj#~%h5eSo|^>>M(8Xb zwt84a)?3-T*zFaj@jOnx8i`lK)?UcXklJhJ1|`MCg>w0iN<_O*e!C0zmr~uY1maB5k@sQ05tjBOau2CU|dy|Ywxl`R*`5YI%jFoC6wk`%qR|z_YlHakr z1e;TL6nhZvM#Rha=i1_Vdah!r8 zpGr2Sdg|pI+EBp1#V;@aTTZG|uW8k>eRwFVQG?@+1=_arWxt%0`R z_ruFk28YoFVX!|2fa>lk#xGG$_x6K4F3Mfb&dy#Mw1NvrU^3@$J2HBEAbPOP;G<@%LE>T#(>cX=54QBD}z+e4_UKQ8Za$R zZ(W7BRu4S^4ok$-+VsvkxcK{9}^x zP$=HctDy;RLkLteu@8Ul@Ce%lV?g6JCQRjQ7nc-zNk{uLzmy)n8&;=zB0@;|J|KYn z1|D$82qz5crE93yY^a?^TXAcDJm-Kk^uTwRi%UU zh1dVs-v^HX>%-zMYJKj{!0#|r?Fyj#gPoJCSx*d8ah?LX=1MVmBf0(+6*BXk3RIY* zHu%iUcl*(C6bX1JB0|Gi{hN-@r6hX08%?~5Z0H)?=5RFHxM;5Kljuq?53u;1xjVvv z(M*e0yB#L>_^`^I$>Chu2HfOBv_$n*U!}(^vCiNS zh90TT^slhL^@6E6Qp8qyAZ_XZJGe=oXZw|w`j3VB!)~8=0Cr=UlTQv{X|ED)PHyz& zxkAx{tYZ)VjC^gof%2uHg8%`v2|ij_D_Iiz$r7cU%TvV@>H;#^tuf-AXTy%xs}2mj z@musnQU96rH<6nwfe?;vy_YGcFq=oB-Ewr>L`H$wwbaNzxIvq{;3NAvBol5?P~%I+ zmz7Vq91FZC$HDF5d*da}-LokIR{C&|S)y+@!`2sueiAI&$B8Fl;|IA1st2_=oDP4= z=U54{!EvATe%7x`--(kg-42njlj}2&JD=aee6!_l2RsJ&c5K#?!8EEBK)5Q4Z)}PgNCDw5G!dj+ebV z>g6A-<)7NZ&w89Wq$kOp+Rfu#2d2K{t(mGnWP)$Jjb_3I?`Q{|VPqhREMBqLD!e?H z*Dho}LxLUrs#BqhVUG-dx#yyElJ)F?SX=P%+P-r#c&J$FoGep)f~~pBvMbMv%NG3b zr9Ivu&ft?QOiShzXLpIf-OFyt=N5PpB~Yimw@Z0Qm9#24dS7H}J3KX4q$-pwWT88? zc!k^G2`VO^3>_!B)Ssqwl4CzH1HRz%!j3|p(uq^T-W_2{LqOof7YJa3Ias=oM87je{aQn(QKg+;sFtnDQr3?PP$0P(`B^m0Ki)T852M02sU zUY=)1Jcj4DzuytB+&o-^F-;I#SumSw$|+j2vh+B#9HX1_pvG*?bO%DNM^HlJo3g-P zytI4ZYr9V7On-zTLO;NVO=Fn4C!Qx<*9`ARNmhG2K#r0*C107Az4%7<*v_aC0Fp)Q z6v=Dz^x;b4zaM%1`WK0)T{X+UX8sKqO1}ee5Zb}BGfpQd?F;P9?EN^%NoegM8zBGY z?CKOCPr^{s3s?+R0kf$D&OE^9|!UkBU^2TfX`TrzUWerg$}hcFJZ;xHHKUYAU%%+gNr{b;c6YaT(bD2hvq|z8 zOc{Mp4N(@oLUvr^1w=mq)Kw5k6W4HYVasS`u1Du5``R?hgG$TJ%aq!&*U+XsGCO3zAptad%8leaUg98X(OE zP&|&~@kt6uBcOoNI(^>wZ|~>tT3VlD z)8<={$H0eEM1TocQIb8pX3_Ii5S)X|`JvLopG?7V65uZaFf%0aGyB*7zz4v)_gMh7 zGLyW*@B!pMTWpOdBKhjTNqfMd1%z4Z5*ycqPIv(wgis`{Ju2y|NiL{KO|F{^u6|+3#LP{LNI)<7pfp{VfN+*N;Po%xVRM`)%fRNfj?B9J?F2 zP%VoOl3ocfUEH zb`3bmwOhn3NE23pk{4el>OQx4EakXtJ7gObW#p6y41JM2VNCw(C2u&dnWL4n*vQcyDIiutNqPb$k3E0$Dc@zA5RolE)l8|kI(E64DS|Nsvf^K zK)Mr0de1K_KtQuWuEPB2!)X<+yoLj9z7t+oh|u)*(zh~)7p zq?t*8VG-%n6V_Q8F+kk%8b_cwv-5A2mFhBbjs3*!ep|^Cdf;E$^8fW?2R|Nynky5R z>rMm5!MpzEtldEtpX2rwYDflfR(VgW*(i8O*FrBYF~f$@6P0(IEf5a?2~ynr<~nea zhZOO+@~5VMS%X&q1RL|~)m*^|5rW153|I0X9DH*0A`Qo_&M8nuJ>$PL7VYRM7wHqX z`>!Aqegle12vl9c4SWTgpf?tF+y4Gb*RVdVB3tDL+XHi9m+||=xr+N{y^{`KRF=)$VLR~|2U}m z{M9yT*$gf=Z@u6@)S#Eimk|BFaw|@(XFa*8atk7IORHa8J2Be(QF)|&_2Hw=h;0+j zB=@kZe`Me*A^0oLaoG3B#4%q2_*LmW$FW2Ro=hEh6LX4$=lCW9*YjQg!mbCec>hIK z3ZiEOs;9%gLe^$3*yW(hl>5^A!{iyi?eOWu@}3AMU*8Aj6>dw`+8nz&eM98h`D3mE zkdOm?vBDGf&f(8fylWq(?1bHY}$$11!?AfV77AFG`|z~K#=0?#A=F*{0aI< z=K;g6x0P@wM=t>Dq@7fl`2z#}St}3*7ojlcGo+*lO&C8nW`zx#L%f%o+s`MI!Pczu z?pU0tSfUOADC7J=F8fzCU-Ls3;cI7(YljDhcm%*N(3AqZ6j* z>t!H@-*>%ot*(V~t1vjM+HeQ$H<9h^bX znP;lq@JY*wedRb0Q0Av_xOS(HRm7WVC*gC)_xEKP0jykhpQuy(_^34VYk(IXi{C0b z!RS=L)ph3IRH<5zWwZcx`~*N0R~rh|&B1$3UalP4W@oZ65nB-+E{mI!c!-|vxbpYUfNTTv7nAMVU*2@3 z&5U{u<DCRPp&Oh6Ns6yYZQ=vD)a3<)-zK8$o|t(Pb7b6%onsds|)37u#z2PAeD zg-g6|<1s>1W9{XlDSe@PUJdPG1^%FA+t0cO32BP@D>ySpu?3RT_8T!Jg41QK9tT(a z%y0Yr$Ml4WzXO4yE<3)eSW8g8)P`$2|X*k6`8zy|Te6SjVHn}a}pw6t8j zJiNmfMFLUgto79*soWI`8SrD+8VH`!9?&x}0fTpjo-*0d9y4QV%>coJeYYZuaJSg= z1!h7lqlXK5JQV5VZ41R#^5v1mspr`e)DB+y4F`EskHi2_pqtbQa02=jfRDHrH(*E% z+4OsjR8u0}@6G0YE#Z1`S$`!Wek)?>3wST5PQkwI`di1R1^qqitu~j2k1ZxZdXm(M z-C**=E&Y@3_ybu$oOsg%UmU*}sNZ1$LR8_o*D=RP1>EW#pjhAj$V6N}DP@!RySJ5p zNjR;0tlB9 z3KA!ff6&Vaaaoo;Wo|~2A-!%eXJWG;WN({uW#N$;Gi*hQIET;gFm_%ddpmzCl}B{v zUNX_R^)=oDQr+{3Y_bExyK9HS-7L>RPl+IM)1L4m#>NS^oQ+F2PCF4w0lT)ND4 zM~m5OX=ct~+rj9f&ITQ{OuA&;U!u~pa9+sJBAyF#sB3X2*Q-!4cAfHXPLSRL6n3Gb z{v82rN;+$LL5C8cK7bv(ft<-+OtiR#hv*dg*+JKUQVxU79>|*1^re1a>H_@KlNA_Z zd2U+NPBr~ljMv{P2l|6($U^(AdMb0lUXXjA|ISs4^I9-+TWZcV1mN0;H`{Q+@2~pz zzwQC06OCa9>UosVzky+BB<%!m|3yh$@k%bfq9b-WR0-ymX%~LFQjjA}Y6Pe~sjcHR zW{$|jFW!5gt-sbaj^eOqP0;42Cm;CC%s+lXJU-{DRCaG%36?wd40{eJZ0XJc@Yz&} zYd~ok36mGEu?GO-Z7q`L$1X!yu6IyF?Q0J=8yds?JQ94Q;4LrBHB^W!{_;qnw4?w4 zNWMx2?tYREA4YtyU{a@S{eF{k;)BN$Wso8%#=!3pfI@;PN1P?LQ!NPPucBtKs&$z) z17&87_dWU=qJ9o3dxbX%J^cp?VP=6M-#&WG!A_{Sg48|irkze%R?jG!{cKBr$M`p2_(z=Z z@4Nt?;D?xq*hvJ23=lNr|M{Y!9>M;k!4M(ou0{ zD=gGEC0mHnGDHED(^DD@w{4QQN}Fe#u$!Xx@r%M=m$ob!Mm;2hhx01@mR+7z^E4g7 zYRp4~=+iwsmg`p;4;FR2!2OYuEnvo*z1e>3BRV!?+d6*LLv$)=_&zV@;dW&X^1Hg= zUY0p7b-Z?KemL&gwVJmkaBEu0^SK){Q4Ay~KtDktL_>>(Dg3m*?z^X<_zXeW?eYCc z%|xgHO{QD1U8rLvJPRio>c*G6|AtKkV#QbcYM7PQWQlgubFg&fhR|UE3atxyBz`_I zgdEqx-`zj5*8mDv(Fp53;`z>tYEm7gH43=+fg*6;J`v1dNG{k@>__z~Bswj~NSkS@ z`>F%mi0AIid>WZ=yZf#Ktamvk#mRs0yVlLxZxcMez?xUOyO)N2EcGRgAUQx1`63lZ zuPJgQ(ZHRS{N9}IxDpqI%Pu>}f7pU)XUB1KU&!yE-hcsx11-?2*Mj!1=Xf1bq@yX) z%|^+kT!c#eg3*`_{gmBRyW1%K(O+aqOD-B>QtrO#mHP;kB!xTQ!H!!FS8~eML7PP` zDkTw}aWJtiWTX;pJNmi?goUJV&A}F`C_Ky6YKT^sEb-3Rd!%%+*iJb{8**{!hx9}C^EB)gH$`Wl#3+dMgNvY$cfr@t2h?j5E z3>^$dva2tY|E_8fbl7Y`tT67PXVLr0=9|(fYkych)7a?|JNK9R>5ddlD= zE#!)dcW&FgaqTRMUeK*FEp_%Osb(CBPr;4Nc50!O;oQs`2!qw0$HVR+AT)5U=}vIM3JOQt3xwyoHlqAbpN4{l-It?=Y#6 z(j3qJ!mFhY_x;^pav0dzzkx8w_wKD_Q=F_N?nzhi6uI_n&(AP9spe2oTlHC7$;waU zP)15WdaCCzTk?n=J%_jESI(LU>UO;K|JwAiq9}h?IYVx#Yn%X$#fQ7n`cQQWHi@^A zrkK!Fq-avMk;=K|kx$H5HlPWTA4sg9K-5j+7VB%fF3aD|RYr=BWM;W`{(71vtqjJ1 z``rpq2fTDb^f!CcRR+Ri`fh{w$6KEFzRGvcS-5X8cD~h$*C0-fV@;T?43ilq@1_y{w~ z1>>Ga%{am1b9lPO&$T2+YDJjG5%%A|kHS>&Zt6ou*E<$8{Z*g8=8sj*QN493+{`lQ z_A@9TZsvLj%^-!)ocZAfCo)g@$(g+~>J~VXBGFH&lZ2eJb{gE+qx2)z%i}CbmL1PUrEOsvmgVM!FE-RUg#X zF|~0uE`;Wm!nTa>(2N^X%bqN+IPZL^>IYkesMVaE3>2H!?iwL9r0IQND{^WSfkI&yy*hiv$UK6*-(5L9hYl`!GVn;_1(YUE0wLLVIQnr*NWcdB3bcUi z`<5LU*&7YC<~;t>nu8GvXgiI^F63`@uz_FwSpU|+*OJa z^ON%vbV$(P%@Amejnol71GOf9>(r{ae@`7ghu)wz=QR3>JRIpqGL=`gSrC6fA2kW} zIA)rh@6WE`H*BB5sNaRnlf%0=#Sih4SFe^aE)Q^UmZhBENPiO zxU`tceqS}#5FM)x9T=0lNVg+bRDTaL^}wJd1J3R>Uqb^?{LK^1h5>$}uGul~domVA zLGT46A&P^2d=6WC>eGn!&_cyYP36Yw{!{v~RYJ!)NT7QRA&C%V__kPqjvJb(te2Mh1ToJ%$RxQ5sWH1l0noSv zbn+hTG60<`zTD0X`F}-V^Ms+8ZrmQG@RF+d-HalQbd{|(u@zlCJ-wc2Lmh%j!e8|WP>-rblp zu&}Ub5uH!h=qfmhsSzTC45DrW%l>k_y%u-%^H7#LmFQ>%8&eW{m zIM*}L4@p!)Preelss<_Q8{=E9cQ+Vhc@obe>Q76gUR&QHm>n4H}V*?;M|sx zN{oE*yECViT7DO+HK}OD8#lL|9q)B!;CGcEw1;rBI}@yXltAgY2c->Fs(`e6){^gb z-7X#J`ebR1@5s{Eyg>gaD3#U)1SO~L=$WLaiO!VMHsGaI=?wEWXYx`}H7YCQFJOL< z1_5u&V?Ux6U|uH{mq#ldZEU48*N57QXBN3jL(sp4Puet}0JmvOK6~`>1_vVGj>kr; z&^T=z$HeTA`Ld=^5?Bq|GxI%v zuY3w#XO!Qc>+1U{dU%cENKq6K|4L7W_*pXmpVZU{EktaW@M?WN`$z)g5yVEV-?CcAydnn^ep^?*4Y z$B%PlOAi2&N@_WTsXd1!s7{3sD};?_>OPTkV7~QTTLQTk=imgOkx0?eYk-bF7B@#Q0K<#I z>PM>eZ$v>&9YAJT-77?NPXH;*V!-gAa|-Q=QA7%W?kb|)U~P4IMzwXap}R@ZTACz4 z@ET(if4KiN!KpzN3;=_I?nC+D+57%BZrx71vgCdFnu#?BPP>gmx$aiRPSN;k#5LuM zDE4eVBT(ae^bQ>#rz}ZW<}1QixQjT) zOQ$%)q@no2tAVr0<@3Zn??S78H3=@$r|aXfPdj5&5h#j(^SO*5?nO2pF0)XtQm~*t z2QtC<6|@3~;?H5h;?eIdlz7Z-E#8Dk#;NM*pN6vLAZeuEs{SokIo7lKij021O+q_BOhx~oZK-J;Y%>Iv@^us67 zAzPn2)5BKZ{M;Zn$$Q0Pb_RO!Qb+UP4VW2d1=s#K1kovYTW2fzHJx5hRUfAfwMO#0 ztfutB(YGa!t0!mts`KmnmloC+>bsq=mgO{lJ(|PTwJqPb1WNqM`)rIkoof$bizs{f zI%mw?%Nt}`iaw0DV;r=c|Bd_iEkvFDWVcyQ zSJG(ZU=H>GC3{ZdI_Xc_af1ugeVV7@M5T?oDr``FXJmers!BDa8A{eISG#A0GT>58 z&0Ue?SD4DC_DsJOuGCd8ew1oIkFLN&ihIqMzzf40L86YebN+!dlm12F4T@u=TOSE@ zSl;^;6@B)wOX2^Z**-F7d@hVt+&jxFG=nXM(h((2_>dd%MX9bW6a-_vmQI*HY{)q4 zlD_8->s6&sIOlXrtTJa$GoO&3SZ6ZDJEk&+H_HUud2lhxar~h}a7&vf5c^~Is8dGK z$f4~V)VQ0T0(901R$MhQ!vp-X9^1SA2o_S7^IoBnk24*j;_CGRrBmVi3RUYmNK)hw z^ISUdh*~@=7l~eL;Iqc+SL>*dF^ z&U^mfGezq)6d_Or8^Qu_JNKO(HrP`Tp?EL&27&M?_@mz;iOI(ucM^_%H9XLo^dpe{olJ zej9xj)nC?6Cf=Ruo)^%Prnq5v%1Av6vFr;#97)s27*0E5n-o-*DvDazmZ*~?so24I zI7CBk`;+4{8EfO@sDnu3T9aDQZVw@Cm8P{cAga?AlP5L58Ii@5eAxOj{2nPaUdhTN zg6I-n1;{eHub2t%DmuD}WXlqTiy*sVYSzNsJ?f@D(o};BE2}V*O^22&FA}N7?BTmH zZ;8+@eOGG_3vIsjkd)gQ{@S)P9kM*;MVILjFaDH zM#{3l*!40eRA3`}ir!l3=q=7Dk8FFh8O`x?FrjksAt3J_N|v(F^vj=q#*CGa7)TuG zMWlzy3b7#^C3`;xpXQQ?m>s-q{CS;`u0i&i>LcFhp{L9^$RPxO-;5pz8?tJxhukbN$nat7b%^d2ggc9T z&`g)T2zk`Moc6wZrp&}c#7GR1sHCXL9Od`+p!C7`wQC-o_?m^K%-f@V4xg@^~J)j3{%5Z=MK)ACj_2GAH zzo~N?Ro45gHD!Wv&bG$x&$lm(z3?J>Z77}mtlO|=#KK6nVsJ(u7R|qxPBQ+>r6(73 zYjhepJ`0@00`@Mi>al?H1HH)Uhl^4!dc)77(4DCnT*(2ClY_}LFGVeTR(-ROK*(A2 zs#N!_H+CtNx|E}AO9P*V(xMral~>&L+&Qn*49z@(MfW%mBSMSCx?PYyJu~D+eFrp% zY-K=7Nq77dOptqk=_);SfrpAi^pugMMv=|D5iL-R6ZlC&@;u%hlxGDx%8Mz4dCK1N zYF&uAoF5=7$6o3C85K&L6&K^$%YPe?^wu|BfU6@;nA&&9%d028ViZPn?rce<;nrH1&f#4{75$b~&f} zpy=(9&lzEacVE2K>Hj!2DO75!p5Idv7T3v}h^5|9gVIb@Ye{m(iO2RlMmOF#>_sQt z)!a_8RmK!P()V9*WGtAuHC~GEB*3?bPod^;u8+m74fkZhtA(mVve*QVxgTfhGSR)SZQ&{ZV@i5D;7?`&H^!>ACQ9&xR!x-y~3H*Sf$Sd45Ib$)1s^#Ju;2kP3NH zZ1r+|Xq_W^Z~RoBM)AsFuWGI%+!*hQ*f0L#vDuhNhkIWe5Qy!Us-{F==*jn5a;$G` zU4y%K@gCLANTZ0$tdKJ=dj3j`T_xp+HLQK2(GuzT<5}~22;J^(d#o%UCZXbcB*>G& zW3PNo3*R~b*D;;T+X0x4@H zxsUq~UUwh@jFcqS{u8stwtSn<&N5;#UgyyEbXe9~Soh1cKpj?PO#J_b`W>t}fE6pz zQ$1wiSesx`ZIt86CZQ-=l?W%J#!xY)){t!T9u_c;8i)W1?WI=FG4j4$f6eses7)IT z$wHu_6-LzeY_3WBQI-NR1Gt;Fg;LJ^aW|W#rMK^?T$Ac^sDj9@zVB@#aeEyuiZ*V> zcZlp!O0npsE9&~MGhHU$RyFphE1Nh_kSNw#&|22GA4bktlZ-Mf_C@u9x8}2^ekQ-8 zOZ|Wyc~e&bC~McMymRpi7mlcOj<|)FTPLC+X3XOALHccu=8|q};0pxnvDRXPpY zG}cQ8I?1po$BKFf+&oPm(E2dK$X$%*?CVhV1^=sY=MsG_PvjPXdbCRuHhFO(kIDWx z?qmDO!}fr8F2m=)y?V)G&9lbBU_6OQ{Mmig7n=C4p}r1E`a6E02@dl zj0amEU(5g!{MIV}?x*ot)t9o)bN9YCy{gK<#I1qIWET#*;&E?v$Yi;%AE!MEG#(*8 zC)ZMQ_pgl3%e6w#5H(5-+@oZbJ^KQ<1xjbP7wCfda`xNPyNu{>VyEzQWd;GA8O~&Y z0}qrsg|~Y(wuIyERoUQ0!hf^YuenO22{*OCpDbOtRUJ(cvwOK>L`#ZgA_~2(08J(Q z!IA0@DQk+!8v#4!-Zdz;2?vkty;~ZpZW6ew-LHf*g0HJ$)0cjl>;*m+d(R6+2@ta2b%OPpLVepR>-*kl^Y2lSntA{{EF+w_M;*6LCnA^5fzw< z;x2NO$MA=KDI|phK?%}PRcvwfG+2IHr7v~LuP@KY0BhaOIE)0R=MES2YWo&^x7Ep^ zh!_2pK_<3kMpCL>IOzC_v~1f%Z2RDr=SuDROt#Q@KeIuS%SPS{BN(xgl^P%bP|2#i zQ2u~hSP9SkJwT>h5y$XljfLvTDWk7hj~jv0D2PrWmV(SgRM9Itcrf2TIk?w3ZF&FHy(q1 zMoZw1fcmB8`#yWK0u=R(^lIju9>`nHLLeenIJhuF6-X4k)oZ?}Q4gE_bR(pNqT?!CXx zdHTC1SU5-36Fa2PH29^SvV;U~XrEuxfJ@5E(M^J!sy?g{aB&KM5){5u7F`UnoX^uJ zti5D=RAKP)gLF$J_(p%1CBO9_n{8?Toei+Vz?o0gAAr_2j|J8I0yn5_o*|n=#i+{e z;%5&hFO(ehxJl{Yfw*HPg=odsu$6Hk9pyA*qDV5Lm0FR*q9_u#&rxAE@S=0%fM$X| z#Um3#XFkC8UY%+17%`khw`IuQ(7!dGP7VYZY88ZZ?|e6V!xyJjDVrZLbAC6L5G6@| ze~8_@)%Ou%Ahy-KZ=7dPVHL#^UVB)xbJb^hzM-V{4Xc#v19U*-0c;!J$*DGg@456p z7@2CrG;dVRe)U`E@FsdKhgW=Ju|KWKFIXOAp&6n7e@c1q9%)TgC^&SDVi)v@x zQ_`W^O52=T^I)M~qU1@X!0wz>{H;tlSWSPou5nho&V!WSKzgNCqOWhvILb>};c(dA z;ppTCLTCwiX*4Tq;JqP9G;qMem=oDKCcm90Vl(eG?CSzws2XY&2zxB*(hE5l?n5Q& zLnupMU1D!M-9p`qymE@@wVG+qtA(67XysCW?Sff4&SwwdGT$<)Jy>dG%*u7kTYsqq z<2A}IcK-|cW;RDD>oNqc@aeGicRjYWEi{;XNwUlS$PSEt`&U%!uHK0sQ4<2FW0jmm`RPQgI}kvv7W6cUzOu5in)-Mw02uc3UmOIW)}6k1xFn>4fjD#CTn)NMVnqmLr+k&u2|^!QD?%R@3zR``P-#tWMy;bkAO zF@9}<#1^g>VRM!HOi8tUEkc^Qm?j~;Xw<9uU|8hHm*ZQQuLV-SUde=Q{iSvS7U#eNX3x!}y-J8>*9tF9>p0fzctOv~1 zfIKCXEPWPR8OLt^%$nL-f^7^Qz8L<*qUIBc%Z)hrMOOIj@AD>V{+u@<_Eu?El*<== z?U@w+fu9p_$V3H6CR{_ucBK~NkY!X>u$WY>h@MrC?$^Jpp`3TCczfI|Jk;G|N*A^S zoJ4Us&%f;haul>x(S|Ep9z8n~i0HbFts&>|pC9ttaBYtkz;>n55=W8U9Hl}FoTcC| zHMCJ#b^OIty8n$W#_=)E-?vU+DY)Xy%>`y^`7w8YxElF_rTeQ^Am{N!XzZDp?`ZQo zmLNqVG50Kb<&4~1FqL5=d5I~TmXD?da%+Kd#e7Lst0ohp;kWW#X*OJS!?&$4T4B6B zQ=B|?{}2mt94-^V$f0L*!AoISuEp?hCi9SU{&hpec0=7J+qOcEdAZn_m1GHu)7aVG zo~m5N-FisLM7fto?|YMh1MEt57E7;7EsU~1znIBbxD6D)V@ALJy?w8NB5kX3&;eH5iWo4z9Q>s>Ctnq0=C)P0>`)0NcyR}t5wVf2XGdWv$NKyKb0@y)F zUlY9!g3n;Ys{K^r76Xm(?tvdgTZmNEbx?*1{x}U4(xc-vLTi}}1GMKQ*SB818`1W6 z-A$^<-97*g(x8d2Dm5SdKrSa*S;hs%Ee#Lj#5{*?J7hy@bA`HppP}&_I70(6+i)2* zraYp`malO*6IIto2X!Mswwtg!lq0qj^p{&yRSY}jcWHb58_!0u!;@d)x9bMSpAd zG|d@3WA@B;s2|)?+$CKYxb4qi=cv{pmaq*6hT2isj<+csetq%U63v{ zK!}Z^2!eos5Tr_f>78IBbdeG|K|yMYlmtjfa&`dy@VVc;_j%9x&VPHati5K|%x`9` znZ4JFaUJ=DcF8TQTtO86y_hzJrB_%B(pvkLSYl8OFAKuB!N@^D z9`R%xwe#=zj>O?_>iisqM(pqQloRzoax=ar-GAfoJ~q*E|BXV+$`40^MD{*ps|R7c zh19U+iaM2r-5G!hxsFx0O(D>j^4KWtZRv+47b=-jwkmy$HTF10OEjRI$v;ZiDifU# z{tb4^uQyajOzFcc6}aC-uY1W!CDF=!s0zik9adg{jN+0275LD7ul#18>__L|`dz9~ z*HGESXl$d`G+cRU=2yL!XzBm9a9F^jXf5%{!4rsIIf4qX zSi!r4Y3=zBDVjxbB0A3JmoItGbP9&Pk#$X0fSLhG5<`!?EWETsCv#3<(T@lpr+`cI zj;c0id#fcI4y*tfN*%hj>at+hO;3{f%t(_(XOpsXRO(8UA+lh$JAFwd#I7Ki{Onrc zA{}WKV=e18>;~~)7ACEg1WUP-_TyTk`OkQ)Widh(x}AR98i zUs9>Z1+rH&!?;Zhf67nERWpUH4N;Y?$YQ3Z|6pg|yty2m-T1ib^ZS>Qj!UO{H6>AI{OKrp3>s)dS_d=(?g}GIO z-7R}3S47XaX7K@E0h`fr)j54S%d6pRY?0V-r;c=9vRh3sPsj<_#pkCF#iq67cbIVW zT|n^mO_mukMYXlxt8YOHBRgDxRXvC<>c)bcNW6Rn$`*AA&p=v(nAwll3sWr`KaTt9 zo>dvLjz6lj?ECYq@{nC)NBxW|q|G-=%K{d%d||YyNFwHrb>3HXVWt$SECGc{fLZYb z?aL)`N^82qmrTzuytDS8zVOMk{HAr!5CK&R9MQB=?4pofm^}o`O6SR09FMX*6N?DgQm=t%xeG%qxRGrZC>v0pb| z*-91ZJgwX0Ii15UHu(6vUQ0*8|E7!37IX}bfNU|+vlPrY$mgT>Jr z=390Db8>_HK(Vn)d~n^Y4=h5V&py3w+5j4_CXfg>;$bT`xU+Vf->0)#@TXP-?n0>q z)ikkcA+|S@&CL<^4s8Q(BIj6t>ML36)7K>ho?pb3tahX*V8BlHivBu zz`%=8yDYt90L~&F`7xUh6*B^PX5I+G?5n40QXin>8@B^H#yJ@bKnLc))O- zudedpq@hnj?W3kVqxQIBbN8?xCz|_0UJ-fwfx0`~pZkDnV|&h|V%3B{UdhDrjg zd*tP-T_8USeE30=@>RH0a?`s>Ntrs}Zvug3@z-$Zj#R5%aZmA06=U!3Gf#=7{GdlA zLSVVW`Q3OI>et?Up~l7u2-f6-@AUwZMzyrXlmt*|hi9BtY3Ddba?b;+TzV8m zeYw7DzFTbZ&}j!cuIv1SPHFo^ui)p;cgoKI$Gvrx?pd@zvk>c>h>?-+$@Ua`-CRke zc=Z)^!|4YCNq36>`r&ly*4p7S)~lLpM;2x;v_NpnlU{?=qz%+PoM^vNV%VyJqW{mR zl3Z}K*J#b%;Pb@!#Em@c`~JpAI0=&)aw}6mir4vw;hObA>{!Ani;4V~#wt?zuRg0Ndg(bUGf6R%Gm@`SKrf-QUMj^VUgpK`t_@!ur?!0-U_S4 zsRbW@JK3prmUq@aDZaRsNwOsflasfVMo8LseX_JNNv7g*cJfM}VArsoclEd2E6HaO zzRX9$n(JLu%B(0pDZwkR-XjatXA1@TNsF?h40_^a?jfErc)8W zYC(MR!q@oAv{2kP*xq}E#rI2qmrzxw@h3tE|ya>|u20Q2R z0f+J=(pCP3TQtJDlGh@GYsBi;8>Ax+V!KDRfm*mo)bw@Fch3;Q-G0+ zQHdxy{jHccVc*X^{IgtUrRnyOTe<9u`jgV?71bClGDkhl@_y!1zQp)LH=>xuVt5}s zc)|y^yC~uAD#Dg>G#&JllCq+w5CG!pBh{B)r;ffpxJV15=UC569VdHV2eJyldpceD zoW@l7zg;~vt+jA(`w4Xw_{X+vl~W{jlIZ@(&5DHSZ%jBif(w&Zm7;@Nw9$eD=I2Ji zm!0}9M$UJW&K45S8s>=6KK^J8+avU=$O?#?E^5-?fr~91Qi_}ibgw+HfGW{c;mLqm z_2`@7|K`KK)PB^pP{;}h7OjOVCVBKBe{hoK>KR6;8<)$)Oi+3*Mm5Wi$oIdUwJ0QV zq?pxM9fWUjbr&aDlL!{| zgSeq45^+>QVSZ44nH6_tVrsT^>%$BJ@P-OoX?<{ukI)dcD;pRYf#KMAoS9A+sVZ`XUImU$K33r3*r^nwu&RxPQ&tY>i=2qjg38)gjRxl}-5r&+cfUW1|7z9IZd2}- zddVh4Voh^=JMBd~4?7d^))2T0<-0W@+uHT^bftQn93tFxivu9PXHTyfn!D@8#@2(( zn^Xc;Nv(K6anHKk=()X*T{oLsw6xSt`Rw=U@O8|%bF%fQFq1P!WSsJS4||!rV$h20 z6B#1e7qVHdXsTwiu!!8Frca98h&X*klUvR9zUBw#Du7>V`I_%RBNfE|e0=fx;XeV@uoB|OQr)jqy2FzQUMoFq$yn?*1p(mUzXW-5*>h#d1UYgk^OXpi(U1HJ1sn^W7|xLt#V zL7@Nxm$@!s`b|8k!rGq=%1Bz2n*>2M^pR@A0&Fu4jJJ#+c2=_kPtNL zdomBzX7g{LRx>mE>zq(KujHGuLR%a#I!OFno(Nt_g!oznZM=jR$R@jy ztKw?TD=#mBg@m7rE!BH|9ACmClsWVuO9E5P@2~0e2i0M+5yo;M%g}W+gP&ovPxtUM zo5j8_pK`Gc!Xear)blVLc~NY%I+iBv33HIt#*D1xiEYACoW?=OP2)?{PUixJCI$1N z#Kt1yBFNe}E|UD$!Ozi_5Fs@}BPaZhDL(_eLcBM#XmO&xtgdSsk~3;4j~u(~_^EdG zjfLxXLJCS?u&~L-%Ug7lymXG$#^YnJhL1vmP6{a_$X@Jr5um;F*r>+guM{@}2_=&(azc`8(CnLX@RLd1T z8VLs|TAZ1@Fet(2KQ6MxKoO@#boD`ag+dhstS<9v6)!L)@IiX1a+SY5Oqu#g^J8j_ z-iW^qc>e1M4qkKCa;!FYq&syjNWM2?3yWm>*ft^tt+_QB=1!3H`-a*9wq{L%ia6y; zJja?6@Y!>bo>rjMltM|M)titB)qyqL?xf(BebK%dgb50=+CXL9ariSXkKbiBO`zqR zTw#H-7iod=NVyCDxXkhtD73ksp5HrlmqISD8f+D3S$=cHeqhTQ`rs(#dV6xdnUrI6hxJaVM*euFHjH*|i)o+B0sgjN031+?oay z$*Lh@rn2|sZz8}22+MdXu9ioNjs}lkVoApXSVl$z`R<+h)214u0KJMm$$5SU0_jZj zWOBTXyZaG!bz6U@cjw0*vh!{^mE8~hYs}w+|MxF0vmZP5u28_NDyNR`;h5k}1tz%Ch zU7Ot^0>rpmnXRb+p!}|hSpNYiO8`*B3+!~eO~6a^W~;>~`fUfo$Xo$Rhr@59F;U;= zoc6OFIQrC#{oyr$^nZWKyV?48;{dgK7#QO5wjD@=YTKIs!*V9UA`0%>c$&8ZMsf-T z>FFI|ePaA_VeiEfO`vI77bKNbe}dzeQnwg2l@v_6Pd*m@2iN}uP%O32jGK2j2M!;v zt{Fu(Hs0dpi~9EV?FSFms~#G=1-lDk{~19|gRHI7%R=rCColN!uQo5fFCKp;9uQBE z%}G%D3S-b0yV0!Pc|*s5Erz$8-EXDR_ya96or)_G zU^uj!*?$5k&WTR%(!MaC`j4QbfcaXg9}CrMOhNoWSeba=i#j&lQb) za=_r)mE_%lUZ69gcvF-#RQIZuD_u!2v7oNt;p)=2Bj`I;dtK!VPCd_kV%!7nV+xX zBTJlr#+xf=$HyOU7*W?#Ao$VYIFJH!zcjZFv?N|_K2WzV6o_m^#zL2(gp?U4Fx}ozHWMic6$lfO&Li; ze=Q+fVsqw<(MD=J0QJOn@ere(%&_}j@MbvxBnK&lUAh5B4|#yPfYmFx4gIGX#A*x|T{lrwC@Vdpmuk*;6&%@-N@QDuUA<;0_a1!1_NRzFsE~{LF0>6Y#uqI9odeo`$m8Fm_Eg-=A4bXCFD{r=nACZ2 z$1b3R!|N^5-rs*7q87Q7+&Xjs+Rf#GoZq~Fyta)~K?W$7Un(~QpJy}XgQ`7Vkzm1r z3i8$6TxzijM>V+x@LrlOKUy9)aF~u>l*6Ota#GCTFVAgD&pOK&AxR}QTw0z=n}bi@ zG+$aInPSTvabioeelVk`sc{^4#AV0lRf-~Xz}NpnZBI%`vI< z+m%lgTCg`Kh)XNq;b|!x@$LJ$i@XO{H5OHZ?|Pb(a%T~5spO<%#v!MRtritT7N;wC z=;(b|YNSm>-;8gA35w+~4&Kn%yzefIh15tk5&9bzmIYv7+1nYHYwrizX?O)BBJmE^4pB|+@&|N zB;LsS!D?l44CU{DeHCH1u$}T5xltXWO!NT!iO`HV6wSV4#B2Mq6v8TBnO2u% zyN&`|%=AO_X~pi3^JRZYp4PAD8{jk!3RsWtBo?-$01^V6c+|}SkzYnZLx(&qT>8dP z2;Kq3)^ARa0mpnOe*}m;e%jJtP)Pq8suLK9HD$uhZ~HGG=>Z(r<@$%=m27B;*jjr zVxO#wTTM~m*pklz_NWtbQ)?yQJ1^`Kyxz#_%RY9eY*2YOWGeUpnJ@9CDAb`#We|l; zbB}G4;HH+S5R%@ZNA6hoDsD)6PCc!+{SK+&g2|}#5|>=nC?uDq&n3zm`unCMT6>?M z*NRc>C0G^zjIIXc6Z)t(kokujJ+rXzi;jJpI*1#PIgLfyVp3t6{&E(+)Kp7(q4iFb z^`aN0mZFQqHlc*$#^q)P_~GOt_XswKwFO>f5=i{`-+0oeryw)aeVLXsk^Qk4XO#2l zqHwHV&^qz8oF8F2k*quU8iZVN2l528bdzenz6qhqrgCCw{F^gIfJX5d2ssPymmEa- z9v>$}3oUNU5=SYv6LZYMaZ#LZQ-lsKOLh_)Z=^sYrRCMFrW$X(AnIp}QV&X!ev@** z4_dD1X_cZET4g!TYE1zeL2vQ}9^sm+5^8WJ{@$1I2of=graaD8;wCWi+@ZxnLU|g5 z!^a#V>ihulrE&bLPUD*w%^l#i&t=b0-eWoQU&B|83Rl;kUrm2WZ_)*SkV{U}VM7RP zcDFB#x!QG(0Fe-glinniS{AO#GcFo4u<1?4G}XohiYKAFJxd7kWW3XNFb@JHofND7 z1eD3deSr$7U?!TP^TwNyQR9F=8ijpG06=^*5hT5UgY{bMpYiU(0;60Dia{ zwMm(OdKWm`#(dF2aB;<|Phm2&ma{bw(Be#>eCH+qw&~~lR)#@=_i4GBBS2zHN>{-L zsi|;*a#s;X8Z6-l&hk|IeUgI(DEF4Hu|Q23%hDk8Y&-%R>y5T68`Wbk3+)B(YlVXP zn97u?GK~xeU%NmHXJL!(#kto+-h(@3I9h@(E_WA9_?f5AlVj#}NPS{r-x_9Luo()R z&_?}8Y=6Qf9`!}pBXKQT=dT{wudN%25-$J>Y>KN+=HNaIqQWI<3gNpx{nrwguyw_O_XoP0fC|-Sv3YkcAG$KZAGHifhIr^`jeQVBZ?G zJ_#bdQZ5I*!*Yq*rH$HfcL@5Cp7)YS8P_+`M`1E^Fs083IeBTQ$p8VYeT$BO3MTc|w zN`Q)f(|G^|ToCJC6RzEEEv6EP&s}a|c0#zV?&++6SF + - ACL_RULE with REDIRECT : {1) port 2) lag 3) nexthop 4) nexthop groupWait until redirect object is foundProgram ACL Rule with REDIRECT=oidAPPL/CONF DBNextHop Object UpdateACL Orchagent SAI/SDKVNet/Route Orch5) Tunnel Next Hop} Update ACL Rule with new nh oid \ No newline at end of file + ACL_RULE with REDIRECT = nexthopWait until redirect object is foundProgram ACL Rule with REDIRECT=oidAPPL/CONF DBNextHop RemoveACL Orchagent SAI/SDKRoute Orchagent Delete ACL RuleNextHop Object Remove Re-create ACL Rule with new oidNextHop Object CreateNextHop Create \ No newline at end of file From 3742545f5fbffcdc55318a653180ea5e76049a50 Mon Sep 17 00:00:00 2001 From: Vivek Date: Tue, 8 Oct 2024 22:15:22 -0700 Subject: [PATCH 11/33] Update Packet Flows --- .../high-availability/eni-based-forwarding.md | 64 ++++++++++++------ .../high-availability/images/active_eni.png | Bin 0 -> 15121 bytes .../images/active_standby_eni.png | Bin 0 -> 33944 bytes .../images/case_for_tunnel_nhg.png | Bin 0 -> 65680 bytes .../images/eni_redirect_overview.png | Bin 31291 -> 0 bytes 5 files changed, 44 insertions(+), 20 deletions(-) create mode 100644 doc/smart-switch/high-availability/images/active_eni.png create mode 100644 doc/smart-switch/high-availability/images/active_standby_eni.png create mode 100644 doc/smart-switch/high-availability/images/case_for_tunnel_nhg.png delete mode 100644 doc/smart-switch/high-availability/images/eni_redirect_overview.png diff --git a/doc/smart-switch/high-availability/eni-based-forwarding.md b/doc/smart-switch/high-availability/eni-based-forwarding.md index 64b8a6c3de..099a9d391f 100644 --- a/doc/smart-switch/high-availability/eni-based-forwarding.md +++ b/doc/smart-switch/high-availability/eni-based-forwarding.md @@ -9,6 +9,7 @@ - [Definitions/Abbreviations](#definitionsabbreviations) - [Overview](#overview) - [Requirements](#requirements) + - [Packet Flow](#packet-flow) - [Architecture Design](#architecture-design) - [Programming ACL Rules](#programming-acl-rules) - [ACL Orchagent Design Changes](#acl-orchagent-design-changes) @@ -42,6 +43,7 @@ This document provides a high-level design for Smart Switch ENI based Packet For | PA | Physical Address | | NH | Next Hop | | NHG | Next Hop Group | +| HA | High Availability | ## Overview ## @@ -67,18 +69,30 @@ ENI based forwarding requires the switch to understand the relationship between * Each ENI belongs to a certain DPU (local or remote) * Each packet can be identified as belonging to that switch using VIP and VNI * Forwarding can be to local DPU PA or remote DPU PA over L3 VxLAN -* Scale: [# of DPUs] * [# of ENIs per DPU] * 2 (inbound and outbound) +* Scale: [# of DPUs] * [# of ENIs per DPU] * 2 (inbound and outbound) in case of one VIP per switch ## Architecture Design ## ### Programming ACL Rules ### -* Packet Forwarding from NPU to local and remote DPU's are clearly explained in the High Availability HLD https://github.com/sonic-net/SONiC/blob/master/doc/smart-switch/high-availability/smart-switch-ha-hld.md#42-data-path-ha +* Packet Forwarding from NPU to local and remote DPU's are clearly explained in the HA HLD https://github.com/sonic-net/SONiC/blob/master/doc/smart-switch/high-availability/smart-switch-ha-hld.md#42-data-path-ha * In a nutshell, the ACL rule for a ENI depends on the role of its DPU in the corresponding HA pair i.e. local or standby * Thus, ACL rules must be dynamically updated on the NPU. This should be handled by HaMgrd as it will have all the necessary information to make the decision. * The format on how the rules must be writted will be explained further in the document -![alt text](./images/eni_redirect_overview.png) +## Packet Flow ## + +**Case 1: Packet lands directly on NPU which has the currrent Active ENI** + +![Active ENI case](./images/active_eni.png) + +**Case 2: Packet lands NPU which has the currrent Standby ENI** + +![Active Standby ENI case](./images/active_standby_eni.png) + +**Case 3: Packet lands a NPU which has the same VIP but it doesn't host the ENI** + +![Case for Tunnel NHG](./images/case_for_tunnel_nhg.png) ### ACL Orchagent Design Changes ### @@ -107,7 +121,7 @@ The existing design has a few shortcomings 1) It is not equipped to handle redirect action to a Tunnel NH or NG Group 2) It follows fire and forget and doesn't keep track of the updates made to that next-hop object. This has to be fixed for the DPU to have uninterrupted traffic flow after an event which triggers an update of next-hop object -3) State of the ACL rule should be clearly reflected in the STATE_DB +3) Update ACL Orchagent to match on INNER_SRC_MAC and INNER_DST_MAC **Proposed design when Nexthop is programmed** @@ -119,14 +133,15 @@ The existing design has a few shortcomings ### ACL Configuration ### -**ACL Table Type and ACL table Configuration** +**ACL Table Type and ACL Table Configuration** { "ACL_TABLE_TYPE": { "ENI": { "MATCHES": [ - "VNI", + "TUNNEL_VNI", "DST_IP", + "DST_IPV6", "INNER_SRC_MAC", "INNER_DST_MAC", ], @@ -155,8 +170,8 @@ The existing design has a few shortcomings "ACL_RULE": { "ENI|RULE_INBOUND_ENI0": { "PRIORITY": "999", - "VNI": "4000", - "DST_IP": "1.1.1.1/32", + "TUNNEL_VNI": "4000", + "DST_IP": "1.1.1.1/32", # Switch VIP "INNER_DST_MAC": "aa:bb:cc:dd:ee:ff" "REDIRECT": "2.2.2.2" # PA Address for local DPU } @@ -169,7 +184,7 @@ The existing design has a few shortcomings "ACL_RULE": { "ENI|RULE_OUTBOUND_ENI0": { "PRIORITY": "999", - "VNI": "4000", + "TUNNEL_VNI": "4000", "DST_IP": "3.3.3.3/32", "INNER_SRC_MAC": "aa:bb:cc:11:22:33" "REDIRECT": "2.2.2.2" # PA Address for local DPU @@ -213,7 +228,7 @@ redirect_action = 1*255CHAR : : next hop for tunnel Example: npu2npu_tunnel0, this should be a key in the TUNNEL_NH_TABLE ``` -Exmaple: ACL Rule for outbound traffic and remote DPU +**Exmaple: ACL Rule for outbound traffic and remote DPU in the same HA pair** { "TUNNEL_NH_TABLE": { @@ -222,25 +237,34 @@ Exmaple: ACL Rule for outbound traffic and remote DPU "TUNNEL_NAME": "npu_tunnel", "ENDPOINT_IP": "3.3.3.3", "VNI": "100" - }, - "npu2npu_tunnel_nhg0":{ - "DESCRIPTION": "NHG to HA Pair with ENI 2000" - "TUNNEL_NAME": "npu_tunnel", - "ENDPOINT_IP": "1.1.1.1,2.2.2.2", - "VNI": "200,200" } } "ACL_RULE": { "ENI|INBOUND_REMOTE_ENI1000": { "PRIORITY": "999", - "VNI": "4000", + "TUNNEL_VNI": "4000", "DST_IP": "1.1.1.1/32", "INNER_DST_MAC": "aa:bb:cc:dd:ee:ff" "REDIRECT": "ha_tunnel_nh0" - }, + } + } + } + +**Exmaple: ACL Rule for outbound traffic and remote DPU in a different HA pair** + + { + "TUNNEL_NH_TABLE": { + "npu2npu_tunnel_nhg0":{ + "DESCRIPTION": "NHG to HA Pair with ENI 2000" + "TUNNEL_NAME": "npu_tunnel", + "ENDPOINT_IP": "1.1.1.1,2.2.2.2", + "VNI": "200,200" + } + } + "ACL_RULE": { "ENI|INBOUND_REMOTE_ENI2000": { "PRIORITY": "999", - "VNI": "4000", + "TUNNEL_VNI": "4000", "DST_IP": "1.1.1.1/32", "INNER_DST_MAC": "aa:bb:cc:dd:ee:ff" "REDIRECT": "npu2npu_tunnel_nhg0" @@ -254,7 +278,7 @@ No Changes here. ## Restrictions/Limitations ## -- HaMgrd will be writing the ACL rules to APPL_DB and so Configuration/CLI/Yang model to support TUNNEL_NEXT_HOP_TABLE is not in the scope of this feature +- HaMgrd will be writing the ACL rules to APPL_DB and so Configuration/CLI/Yang model to support TUNNEL_NH_TABLE is not in the scope of this feature ## Testing Requirements/Design ## diff --git a/doc/smart-switch/high-availability/images/active_eni.png b/doc/smart-switch/high-availability/images/active_eni.png new file mode 100644 index 0000000000000000000000000000000000000000..71a8261fb754a5b094b1d52516943a9820318ef9 GIT binary patch literal 15121 zcmd^mXH-;A^X4#)I)K6e0)hfVk_;kA@-Tp81O$<+h)4#>NrDoFoO6~8Yze6BMh>C)ouBYi%*2QXS#mPIQ1LA_= zX@b#2temM@bb^mGQ*TOMz4Jlv(U5sp=FO*F!bNi0PU?=jR|do%lC=@JteTlwOP`8} zwQaP{O*BoK6YaR^e<|KBs~8s7n|m}?pptOuJQNWCfgvG8@B)Qb=di5oW5VZ%;3x>V z9Karcf5`IpPw+%6H&K^TX}$HOe-G%o=t6jkFgQ?`7%8LEt?~HZb0K9?&;9%F0#yhu zj@yC$-Wjv7AsX5=X8U&v9IJ_{=i=(yZ+!R87AgZnxUDld?*m7i%8oSO% zZ65b#&`TnHoG(52uk>zEa&n;2q}@oF^qZg9q-wufW=tmI+=V~Dg^3AU?1W)i*s6^Y zT}pik0{l|D?ge&`bb>fzsi4fHe=j?II8SS5{|vvoxa?jqkh4lq=yDjU1Pa5&VR>~+ zy6v0Lo(1siqQ5s%QN{s5@BDzy(ql(W_<{^|UT6vt77JxYJonVgeg#v`CIz;z+2BOl z!OFhy*CdcPq0GTs6ii&|LnTv>JA#P0s+Fn!Dj7i^XoY9rnJ4d3BB`RPP$G%7h62k# z5y2HY1-$0{BJj$dmDoe&t2Za)fy_7&f%s>ay$*|5Whk?&J*6oxs2>vMA-RJL%1Xe* zz&Px6b654UZeT)7nZZ6#uZW?#di@xo*#XRX*Ua8P~Dw z<0?J~*Enp$V1_YHfo-eY%$JLM(8P^a@hlY(In-okUsFS65 zt6KNhO>7Hn3I}2qt{T$2UEcaXBA7gp9E=TXBD6xTQ+X{Ps-%so*scusy zb#^UnzxE>NBwS0xcbfNAO{+S|Bva3R&Q$0HUH8K;u7amU)-qk9zgi?{OwaBgujOR0 zM&IrTf35Q*M*8Q?)9t2;G~fwZA`?`R3-IN`2N%1Ppe|Q&+6*?oYDOq&wF7g>b*q&F z7S11MVX{ZqFD#2ca2-_~EXr`Op?UC-X!C3&;dp&Cf6I+kDZ2XZoJ=3Chsn{Qe({3K z$@k)n%c5V}?;kHG+)d}Jn;pCE{^ijs(;vLj+~BNpKi~b{^-o*l_wJUR{?-vwh8VjH ziu}~?7iep402}C^^ywhxNPW~9^7WgVmFw2@gg4K;@4kl1gr2@Z>t41oSjA8J!4F1` zEfbl}eOyImZGL5kttT6Ae*W2eRpPoiIq2_ld)Yjw1;; z?GM*eBO%!Qy#kE4B)6C7fi68YGd%WNgDTwE`+H%Leue2OHbNkq_tM_4{oxG3#~)MY zJig5tVG0rzXLuN=ef*p6?#U=SakAyzjP78fWI8cuusz)0EN>bL54Ji6X0+9^KO|XU z@Hk3@J3Pj|Zf;WQ=aLx4blLY&2d)*@qoWxlHSZ5knfcpW zrdtJh0MWUDg%2-z{LI<-lZ~BKPRIFHM_Gti zne%56e6yo_Bl6^F3?8$iA@Xcjsk60G(enXeR2pk~_BbwBZ5g$0xuPmc2tUBvgdnX zn_8GYM}cgkYWz{zZ%8G~uCV+wrJZx7MN6kJ`(q89=SseXu6|;ogn1YI^czREXWrm; zwDi&J=UJbfmNJ!$ZNslRP_!4K&uyfm%;}}tp0Rad(!ivVqy7GkNkdycqq=G1CrNq( z`ex6cbW&=j-o`DSR|Kz|NLGBfTO~GW^1HWH0D?u<_orjFG$;OL@>2o zyScr!i#yLii^M5RWZun6ZxoPwHX?Vi=EkkYjOupV5BhtLT`8nb*7FCG^i8chDM%Dc zZpUDn^rwC_ZkGRSBYDnSH|s3wf&E^bQ_CD%g8yPyHTc6Vse^wnQVPHDQuGINMgxN& zlOH};BXuHqt^_|al$GT%|CJ;vM)vm?<*t&h^Y_G24q`)tV&Ci?G+! z;~y{0JYHdryZJ0EuTkmI)j3w8m6L^OUUnJbKf*V>qJ6jdORZU)C}1osGd)MP>8P(; z@eunir5RdA;%6<7l2t9kb`rU4uHG@dXuman%&B_IO)=ufyw8q(oqMSiP`71%lxQXC zn+`4p3D%r-Es?r#4(Ao5t%w^*!ah0qQXF zElmT9IK>|^s$t|_ciDjc-9(dzo3Lp{p#xrF>u>*;otX>xu0h?MyLfKb`)*n^s+ zS{*MC1?{6TL%(B7w0f0|QrN$MW%k&ln79k}Tz65Ali7$AVTIkc;AIWzMT>=V%V1w1 zxfUsEp1B@H`bhAdcp>@CVF5Y3qV3ytms?}s$_u7ELmm|`N6n96v{~8XT#kzE zy^ZUlGOEyCms5G|GA!+}Nk+>s$sU7d$K_@T^f7B!ey7$q9xb9$4bX$-Cy&YPQSIgQa zy{?SfS1k3!)EVjM{rvir$z{sKqsH{ww=;TvtQ) zgr<39GOfZ%f^?Xk3K~7@rY^gx6CJr{RNi`G({$|)M^&Hv6^)SzuN&sY`*PLilvL`t zS2S-&ZOg=as3hhRl+dY&|I?oz_=S=;;bGeQao3HDqBoq`{ zrAVWoHO6#~FH+(j`uG~R;q|2A+%{SK!nvkHJ;huMA=(a#>ajm=d_0oh6SC>OBEsn? zSD46=pNJpnn67#{JUPdrN_loTWws?}c9P}ZUEfT+lDR%|E7;SRA4BtG!f36aFVM+^Gy0?dBRm4Qw*Nlp;CT*ZA-{%|rbPsq+#R>gI|@W@<_K(Gq=(>i7FU<&j9LK&;oo z`v+rh#s+vT1YVrBtJ5>uGhHuq-l*W=uP*WE>55UAx)#D-G@iprI@h$CZaXc=Ef54H z`UXQVwT7+Mw~llxy%rm_l=H0TqM}8fGz^!u8l^LVlDSi zvgoz^Cmaf2e#m1uUJPaWQJ&=ahwZv6B>nfgI@Pmrw?fq#neU7^YElM8v)ARkgRCd< zW>8GbujwJ5VR;&+LQ1u&`tBNKXxAyM2n`Z4G1vhkYm#M1^R+<54r|u&(pjofJccxe z*Gp104Mr5-zFedV9=iv&mv&3ZMUpBHkKu4xWseMmSZ_ZKoMeUsS^(|EuVlQLmZxOG zG4Oe*FDL{oZ!F0_1@|Q2NSTcQ>XX7;Obk9c`E95H_uw1L%vSmnsi(dmL)Zsn(;Z(9 z93Wvhiou=U{JQ*c3+2rgp|muND-4Q&XG5^8o>WsZ?adJ}^}AYrO3LhvA)nNKt162= z77FrK)GJfmV)+yW@t`j; z2bMMW>&hjmM;$>yhP!6=+CibLp%9#GXbA-rp`3zh!ODO0;XY~AkArKg7-2xZmCoS> zHfD@r31-GVcKrDnh5j681NMd@9_NwCyNV@$XiY-VrG%!cypLN%3lAC|pw$8PDi|ey zRAo1++}3arB#NSeKQS>Sw6`}dkG3Vz=FuwMSfQ5lWfOL^rDn2`Y29Ui@&m7xe=(HZ zO}N5Ts%R>8(`|cYo-WVtd&@QNs8gPbW^dbPWY?`Cq#-fmIS4 zl$9ZLSrtj-*e@i7yQraZTG(1&I+L!B;_1d3;1> z$qDxUMWi%-1%1ypllC;Tds6~+~CI$oOadc~gSf0heof;TMbv8-ge-(qAYIe-@K z)ktGI-9A0X=a*OfB%zq95YFECb6DY@_UG4{>}tFkzu=5xTMHpr4$>IejfUW3ndJuv z;fYKJ{}AMdr@Ga546*r%5N2|=TyheENH0@ah2SynwbESYFfk#6rpI@fu&fRiXKm7G zwshn4f*$!Zfxxo%c(Dq0%}X=kLfd{L@- z_yC4n3Q7F@Cdi(}*%#1cD~)FTA52CiR44S+Fg%SHIK@~EV;JMdV^p7yp79sw&pt4g zUh!k9V4V&%++P9N`E!JC1UVDB>yYcyb@HjZUg7{B+wFgO9Fqp#G8K7Muw(VPG01u? zLC#c@!u81&*G(%n*XSk$0G^tjTEX{Yrz{m#uDXr(1_+dk3ez~zFJfY!%c~!1gs)D> zGh~>c=`-APdTNw-O|2&MJ>IBAZQ@>8w9ZaS_|(0vrmsp2{B}ClsuL_Ss)BAE#mQO> z;9!xv#ba5gS9Ege&Sc61K1;bBp6;}X@s!u+8Q9lM*!3!QpV<-eb$#P!!DngiHOijj z={=*DaJha(bfv0R5;}aa4Hm6_b0hnwiiHxh30^gd<J#5_lFYMcgP7bOZ#(7IFcXw61Wf^^U*B21!(_+SwNvr zk8Mg(IejCY=-~8Xd|dJzobyDIGTr?Sv5vYMxKZV9#WoHN97Psyp#nf0u6Z}uQ71<` zjvu2LY^CWyU1rYWbNk_=-GvX6o4I-NokO>mE(smYx@3UDLl1A`dY=2m$oPA1zk8Nq zWE~_tw(Yt@HKn$uD$FvxCEb5mO`3R^2u&Hgc;&d`Vk5F)@#bqS`?~NzZrE%B-(r`q zCUp*$m2Y%W8Pt=~U93UfOi^i8GVi=zVZ4?#ETVRdAK*QA+p^j($=nGyG;U?s*QO2b z*Kd@*F%;0w?gjOjhm6k;w0UmpP8z#tG|3m)PL==sBk@lCVoDNsXUJut=O+i&1vBhB zVg87@l&aHrF597ExIh9U|X^dXuRQ35lDvu>?FGDd_84B_f` z+NFIFGM64Z6XH>WKTE8Fj1r#(1yhZd%>q3WwsS3e!&!boZ?7#O%;%*Ij`Pz;-$1e5 z#f9V|O65MDnQ=MldYpH6=xM8(O_gF<5z2R5wRC86<1C;l3+3=s+qcOsexrIFS|C01 z$)ecOAG4X6ZfxoVJ!uwm=G6W0{)sz23KPS7=>je;mU@GN30Ic6B`#7vy4aQTD}pj) z5%T`d(@RI7hG~Ed!1unOzBL}|-K8|!KRWQ}3OhO5r-B*F>6ls&P|Yb&zE}F^^^}Za z@Fj)@eY9N({PO!RsyPPYE4i%52o*&|D2Duo@-?Uz4HLbxFuB4Xa>W2AT?r;#fKk{0 z&WU~d{SmJhEfX^dVoy>^-L4cAV{d^JBaX{OxJ`%|6QcuVi!oALI%ZH|Vjm<+UG@LH z9w^w%TYj|)d7`Da$^6&=+3AoH^cE40=VV76R5f2OPpaKTTpRkMye_X;BSPi0*xl@_ zY0G$(R`U)riZ)SC0u}&t^#$+f_5GXneO~SCOk1tqT zdZ4M9%<0J=Ta2C?vs+wT&Gzwm2ZNu7s!+j?eK@S$y~>$zaZfkBwtd#kpoK8y`;^*M zt|3b6`|bNZAsf>w$O5S<_dL$=EldnLt!eLJMCE!SNvE*TKy0^=)OFT9S^Nv-c!;Bc zX1qh~rhDyOZ`vG361L2f8}!5)7Twok+Yv@@22>f9U7HLh>#6)yoG<9q!Pi~Z(XS9( zG=a^l#{eIt7AxX>Z@UiCAiZu&MOMjD;$LaA!;lY$T}C}_W|QBLx7D$n%x+H*j-t_j z4#^Yvq{ccPdvP(2&0`}30t?pwT@<_1I=bhhQcR;CdRmYwBsYUDGD(19`8q(IiaA7a zI9dbWMAB}&x}!m@iEpod1u!cF zI!|2BH|gaAm-qF|A@OJI>c-w~fKyPdyjb7yR->sKo0Pmz9*XjTuM52z)@04e`B~lH z@|8VyYTpFJ*8wgmrUZHW3R*UWMP?7{d^B&MwOSG#N9@!WzmM-%TYWGwvl%1bAbGig zTBf{fFExKz=+^Dt_YRL(^H{c*G+=k|ikdh{B^}ph0xEsp9PaFvJw-1CCLWWzi-9?* z-+xkO8e9K>Sj7`g!dNM6Y4m%>X`ik7ILE(V*dONgn~VSt{rA#giHPV@r~+;8xv{FJ zcR!Dfjjc8#&iEZa>DD;AnlV~uhUwVm)bmTi_L}Q0Le1-?KUFDR0{E+WVAJcAc#+ef ztn~rA@BtCG{&d2t^wkH`pOg1t!QAhrJB!wj8h0o<>J)Q`3wv_b+`s`I$#f4-WDuAj zlBCFM%kPP$<)TaY6|=ElV5MKbgHW&@ z_wW{kvS4WcA_KgOSiu9bIw}-`S9a1&IEq8gLf*LVd>l>SCp76$>`VY?nFx%7z_3cncS|bb zpoK$}Z-Hx(5Rm8tqdy{lR=Le<6NkU=(N zQAbKCpZ0qzw#I%m$ZT%Ak(SSmh;k!k#xk|pr@7ftnH&oK2^L>0&OLeSwI_SaGFGCg zvmd(wyZ^3VEi78gSqfXE;A>&woI=H1?&CeJ7-`YNLPVt-seXUU^T>rRO{UwoG1yp4-$Jq&;q0npkUitIgl3nq|@VqY+IPFtk`;#P1zNTmeS(L%)O%Vnf2H@L~u|&|7uAqHW zT1C4qjX->F`|^MqZ6%A-m1~y^ErP8%r6MGvoB1E|yUy}9tt1&$c^=!*;uaHbxDk44 zH$UDWt9&O&jno2Z=F6`{ph4HpN;I^$3r{G00b0iJ$?8j>Nvxa^APMIWqV+EvjQ$x8 zqKP)IkI-}gaXrVj*8Ewl(!K9le7TGyNlHE=Yd=6W)?!NZ;1bl0VnO4z+v1*|U}&3{ zl4>v!Xpq6|j6?2AL9e&XU(ZNb8@;|=o&HaD9-S@!ij9Z^h4!J)yFVDU+gti%T|XHl z$CY*rCl>-Q5Z5Ch$4r-@ZYA&6<2)GCx^gS&L-M)7ohD30J4*08(ClCHM{UCvF39FvC zbwK*JGx(pk1I(b!yh8$aZFoe%koQ}|>mX3m!<~|qF2~lxpl%3&7KkF$z(p*@!x?9s z-4G^$BLJ_QEy#yLy1)+DDqgamG#^M0iIzi(LwQRlzQ(U*UTK5tcRoF1f;nrV zcG$j;=7)}wu5;QGBc)O)5X#A*Twu^TP8K*oiTtHAFWk(_U-daT`aBwfqrfoJU4YRu zx1XBP=YEt1Zpa5LU|KEqlsVP~y6nF^8{ox)SQCSBZM+&0MdnS5M$q5sB3Cep1eI9_iLmY(v zX%wwFyl#<(#tI%G5NChJHrG-k!p;5pxg@>XgnYFG$RY!D3DSlib zxY8|f0;~k&wnIVpJ1F&!Hl#{W0d7H%a8*(6V?-}aVCXj#0Xm^!3YY3_n z#)i^O3{VXOXLE#LW%P7E+&8`GCU-}=P6hz>BoXgY+67EsLTEDkXpjfZP>jm#XQzUE}%$v!a=dU z=6!((KCT>)|JfGS{RGhq2XDV~NlpwIs}JQL&NJBYmjk|gb!3MH?Dq(zXPnR*8jq{;=*pTt@O%C(b%mL6@SE->$LG)nTJZt2zwInQx)f-N%kzk4O52h0YT z%39F!&|BB5P&Xij@u6kT?2iDl8IGTGIzrlvRZ?!D zUP%G%SDk~N=RguMJ1SHKDG2S7(+l^C@-V-+Y8`Uks_I|JFtRNcR!SVb{^G5F%KnYS z7i%tpjtYqG7U7j<@zGYb$aR<=3D`0jump)r>+{ew=7rk#cO=<9ygL7-*r|6QfR!N* z@eHeQ9ebW4Uh&OnF#>1;UCsUY1&R*3UE)mZ%=u!WM3~NakH-`ta|_f5fn-hQt1ko= zA)IFPO_rJq%F5`lEDDUT7CS@5y6+2<1hN2^c;!Q1Fm0&(4DwhvWwQmvPIFCA13jF(dmAZSp(x5W8x?pi($$1=7W z!}a_JFYs1OO4}i*Ob`{ti2~crfE}5W!)0+QZ1RCubZVbSa(E z>70YXn{Hl2YC)hu#=q#(Mk36z$1f03wC{hA3P7P?o;pX4>RqA!MdRRD66jV$6c2q$ z{2#N({1Pg>L-3{N5O53x+u0`gDHk`KNY4xyTVyCC5}56uj|#r{r>apvu;2{{1Tb6w z#}Y+9825&g=_7!^w2fzk_8`RXv`)mh)zAKOKGH(}#~tIc_iTa)TY&@yzzGlC`2YJM z0{zPp6eWw4Vi+v}&x$DOt(UxBymQ3}(U9xp}Op2-Zr)E&-E<2ELU4Lkq z^W43v9ZH%izM7iPG66UjL%zRoJ@)0JXP{wIc{B`aX7+wZ1pbV6{++a%NyGjD@wLn+ zn~aj~Z;#vloXS>#daqX%H@5SdD))=_oNu(C)|3t-2Z7)c)H*B%RFwzbzUv@)k~?^_ z^HLG$;ah%tek39^bo+6}CZVkVxy-08yuEJT+ty`0H?%gKKz&K0(!BlQ()HUTm*|B{ zeza^Pocuiad{>_uRbzM^r_IAv{t~qX+w~nE3g=;t^&-3mjPHNju$rFS6Q{&z{pUAm z+?8=GgHF6KsQ$e>OOrx^25_2z-|>pkSH&Iat?JK){=d6v%~D76m9Fvq^)>9@SO|_m zO=IO5qiM~2pWS*<(eg9>(3tbmU*c07s}i88qr!g)p^pDPQwQz?ri2J64zplc zUy1i={XOfeL_piI)Hvn>Dh^FyX`i3f*_fAP61^c0Z77%;EjurZ2@lKuX{Nhnf%yu0 z1Qbj}gW4g`e_To+MQ=PFVHm7&CE0*L#K2In+R!i=*}V@wOuz0nu5DR2=PvIH6TM4E z1_bxll?1*Gi+Q&6F%8ry#}(vxCp!2?Gh=}(&j74Vqzp7YAFxV2|N5p#)MQs^?dQJD z+*^LXJez_=xn-&&x|0OjevL)a34NReeQ8nMsxC^kRLPy@&+34xgNbQhL-b4N^qf zVwZq6|28e8Zx7hFMTO{TN_;Q4e{MbYecP`U0ZTxa6prAleQ>R_-bIGMbmCD}rM5qu z7^0^hI)>Yt3Z?JD7mne>MUf@#u*w@Ui8sALOCU|=`N>sU^ViAy+I_x9^F9?{!3GAo z-@G*k{H>69n%}#fTTL1GG+XD^1)SK*D46E8bSPlI4_uv_C8~&^iwGyu zLMg~JSG?|PHsk?ga)v|WYZ0l+VU_DWdZs(fHkv_;65IBm@fusC5Lnpt1YcCw!_a#>x+@ioE=iUZQ42sUYt?}Cm8I4$X?I@jJ%c}(Y&yXh*?|NhX*?gnsv+e}|WspDO zpPd_(hL6i5%Yyd+J?iFWMO*9h7`1B7Z|EI;1JA|aC^8Zw%d{sqHh&WcK8@~MHquwY z`S6kMta5xSy^?rufWRB$M!SY6A8pTR?98`p_5biqsZKrF7CV$f_5*1e)RH}ai2?-9 zO07Q0JdYN2@s&ik=-uIdH{Yg>@3Re6&yS6D*ag%RKm`$vBnJ4Gtwe_dmaY&GJSOXz zdh(x9kw*2;$Dr5$6=4G@oMyB*)Kd{(deen6t7`?sp1M|(1g?TGDjX_VhDHiPr!7m1 z-Hvo>yXd)2@uBJaK`gbOS+5_wJqhpo%wO1fY2+c3OAOH%~cRPce!gA!5TwoOc z+2U=%l!FiU-(wbs$KY_EM17Ip`4@}4aRa8L#zf#9@Z0*k${Gv9xE@rc} z8NV+30^ZPFE1OTA2=QX_yR?aZPb&fosBm(3^5aLUeE&iK zoJ42=!sGm-7KW}7k)?$FuLt!?l{mJWK6&G(F9Qv40)7d$ocFt%vrfT*woX; zalli%;^Hx5l;AQyJQ2X9hYl#D78D?x8HG)uTc$B5p3g*J8zAv1Nx3>Dk5q!?&66|S zF5>W1b%T0JmkMD?;MJiZQIkHXr-jmSAP)UX-oRrwE_81GlbyDJ9c{7qo)KzFz>w+r zO3IO_zH7YPQgFQ|zUH4>i~&Yop7wQRgw{}CND+K*DVa|)_9TgdE(#GrzXQZy(375w z9MOe7Bf@svJZb7}Kx&UJKG;RK7HR6y3qSypC5jwCFfYKB1L})^-KJh6CZ4;NCv}zj zz0;q`Ke!7x@j#R}SjG4EMeJ~k5EPeyah`YySfOI{jD$+GB5I{b^r~*=w^= z(ZikOWSSY**R4*`O49ci4dK-}V0&kmUK2qZ*cWJ?oXwS>dbbvE?#o|Y52V+?#NuMe zxzK>S&_XE~a~S0s7xUN2wYRza@bS93P}Z{Y!XOT^IxFteI8iZ!za`gkgSlxcFmKw*INm<^KzSF+ndquDmN z6Lh=nfX8n7^l`s~R3Mc=m?g9!2>>DC?DvnVVbQ1AUPaHDXLlDnZLzq8m*nZ-N^y5|) z;P|GIF-W9}&3kql14_STwD{`HPzLwZW%<{n0$R00t@{LNCdrqq1^?5TZyTjC z5zL?>fQiX7$i%IJk1x7Uvb&s_Bj|bPV;=gt~2eW;) z4SpJO$W%YD9W5{J{k#iwA#CE?d^l-jIVdtE4BlT&C+%JB1?W$MtT9sNMSy6W9tt=R zYpDRYb$ZJJ?oWC8&JrNeEO-EzY6*qiQhue46SN*wAxExOC|Am+y^Iko?@7kf3n`L#P z1fI6NQQm6JlxbA~t)UgOQ1_L4Ut;4-FCBsIVmgT1Qz6{THOHsl{y0?Jwb4%LSq*4anC7%u{tN1jxw_8ELy?Y65A5*x8$rTS@4FJ}NrxRx_oFx|gSD%5bL1m{e}k zlnw~k!{OpyvC&d{y`qO3jYC z*5{|m195;MN^WwCa4dc~kaQD^?#xT8tJ^ z?M>9u@&a^#ALe|I-i@j9q!D=H1P;8Ym}0~+_{V%7oe1G!eg>pq7^6mrpMR2Gvc$2( zyhKZ!G*CWG5|-S2Ta`|9?!p(gDd29Wf8L3{E}kZa&Zdpp$#87t62B50m1t$eFE_dJ zCvehoCyVZ}_*fUFqH`;hKBe`bThzc_iQA*6k4s(rZ1mqU2!aJVqES>zooVaQ^ zUd=F$d=h4;}e5MpU9qv=7JnM$j0Df zk}XuzSNEENu`egBe8g8gZmI01)-&19EVt)eKPQ#xknRIu?id`Ay`fi)-v*w5KwqDn z(YF1v0yxdpDzEqaIK|L~x?dF0OK+=&Y?jizz@aIlMKdOe0JK&4d;VDu!z!SP@raW} z8RWe&hAZZw=8?qL!p>742~9KsF7tE_10Ya~+OY@b!p1zgXx+oYV}PIU*XS?@u)9)k z{hQdV)61G+@b!aLLfC{~j?D8PJM15q&qju+C4g>qfo`?<`s00d{n zp`?q9p6&egB+T^;j7ba14>?D5%~!zJ0JjKKb+DkO%S?$>Ol`kU-k6k3gbK9cJAA>) z?=*1iHF93Rr|DZFJMG1CH;9KofS{IJao-cRd2ndLNJ9L^YHV{Y$KOF(daqp>{+jRw z#-!RlaMLMvA;jm-P^cZN{k&kQc1B7B{q-96aLaKhrFLtKSG81VoV~ogzUZ z1j@!47&4kT6f0I9+s=1Tn94PUMi)HpiFRWK3eYHn#3`X4Q3Nwqx9DTrse_rSt@<|K z9gL~XWKspwl!lS>ov6A?1H%5yfyyJgxofid3Q+VCFReR)k!NQz+C8iHR_JzhQoT+b zBHd@ZA?o9=jW-q3&9OSBiH2RF)6YJ&k*KMRsJPyC43|Pri{wkid14ez>4r#N+on4| z8v-HE+45$i(Io%$YUH@4VWJWnyAh4Mj?MQQiF zj+F}kvo{8SO>Tz=i@pXH4^>daqQqIXak*WZe9e6ffH>UuZ!*&`nSn2^`whMRd=TLa z7ZKhoZE}xj`Buw+ukWx&b{&>CZKtbit-mD?7Ek;}V2FR^8?sTtG7l-Z*+^DW-s#pg zO3c4*JQV7;S}Pq9)r=-l6b~$6yBFM*=tFto;QzE4hj>U81>Xk`L3#DwTND0n2~cvz+Gih;}YNivfInk}AFsaPEhBsn!b` zdz0exMoqf2WYJbWl!~e-J)Kh6Ao!fYart#@id+Lb$p_AFat#Q>S2dic-Y5ESm96{J zs&9jg*n@1YQ<{^6Dt9R(tu97LaZsA>WpfJZPes(Y!vV;*6V(<=-(SRYCxVZ1DjGMq zeX_zkWc$Ljo!|VvU$4%h^VrO`ti}!sdXoQfbRAN{6@rJpV^Tm;FuYyr)MQu<+2Cp# zvo0DM6d=DNm53w{-IJ_Nx^D{6XCqlw8Da8>Ik_Q-tsN?jF?6kI(alp)jCkG51bV?Pa!J|7 zz8ddaGx1=?-c9;H_TmFIe9Nwp#An$#hQaU5z_ZxR#JER_0un=aNSAaCf`oK;DBWE{ zziZt4ocB5B>@Uj2z&}>p_pcT~s>*T?aLI8oFfbm-zm$HBfq{j@z_=xVeHVO3lSjx7 z{CCUwwVWhIaUbP61_mvLytIUdyU|wioe8S8$&L-AP#3A!kudtGUzbBl_!w@#(aE|KzN**=ga7vteyyQn|3Ob5pseSt{(0 zTRSeHR~i_2#I6N7u+7GW&F<} z=@O@9fvo>wkPF+gdXD+}@spPnbl|-&Wlh!w(ogJzzPJ!U2$3~-|K~F+{tVLn6^Ork z;Xvs!9i7P);_HYLPHht@8~dm;n=OB1w&OCv*&*OYJbKbdaP{xkx#XTH0MA0 zNC(fRvZTcS&uilnSTMTR#tJoJS6=vO-+J}bg>JpuOc8N&BVQEkzim*Ca6U8{RHzqn zQJ&n%bCpiedK4R~!tS-zDro1(u;X2rkMVhLG)OJBnQ!r~1AA;wMxX39%P)Ml6cN2L zvehM(w1+QxU@ER~ow8h4R;zmWvz&+6;%Nq0%0lamoAV@3JY?@2Hboc6RgnH$Ws#6C zM9ni9a)^~;Y-4#jxqIQx9KmlKvFW~llARwy&(IXDYEBZat;vE0w)jsTUs-A+TzkiU zXn$;$(7!2WVYx*{n%DL%_ce5v)4v4sVT;M@!K?+X$DSpP_9Zb8ZwRR%8YvQ{%OpLy9JfVYR+~G{ouP!~aXL*k>30^AEKJlo9L7h8CSOjl@ zYl)lU@Irp((|XgvNlYeWaf}#Ao_>5|feDtB?^hh&t}<2V_`z2~*MjTSRG;VLhHlAc zC)4)ZtM5YjV%CRq!q>-3QrG`9HN~6w;c#2_-J^k<6xXhhm;ZVw95>hKDQ6^QE4*1) z-XpYG_|7cu&F7fu{q>yG1bw^Ow#$QVPSK6Hx52D7S27%_@PnY*<1zi-lBVma(VqPd znm^pSZ-byc0*hZ4v(J8Xd>B^J4$|Ck^_31Xa)(taA`a2(S|jRXMUcd&yT@w=lWkyV zABK&~`jH8*eHdUdAV=plD%ZHiubZEU*v#WiNi(l|!K2&qzuT!@eXhvaSRuHY zTOk%0f= zav;f}1;=bLl;3VwGQE5l+Zf_?eU$T}5`N{}FFH;MTZ&kj52SfMtn$LE`}o6#^!T;# zZo_b}0vnCjQAF+f_rxATIm$O$I&bbAo;KYyZm-Cr^sMr-zZQ=xLJ@Tlr0!EL$9_rIs($BuC3#My-{DswhjGzY0mQK??dScNPq5KDws8t?vaRWc5^oI z-oE#+f=2YBR>M{bAsX%jSlQo%)qzw>isc_WsyC z=&lHC9Z|;8%C93EO0L;%H}LPS1Z%XuX(&yz5-|Ho_tbQb*vhREc!W6afs&G@g+8&&yB91n`-=UKPD-7N7GP;_5T;Hpiy(h^GPxjczTS@WU;lhnjuSscPbDK0JV_&FI?I`US_uOqX|1f9h zHft&yPHn5DX9;!w>w9m?BU1qq&N(g?aF$ncI_s8NWMAIa#s`6owO?ERX@1XXasH!~x`%HgY z6fBez2AKQRGN%uhb1z>k4xTZ-$lgb_xYR9HiUI@INz;|j6n3TQltShmRBpVRMb#;S zyA6ju*|A1ew%;9Il_i1&)!Rm9Y~y`e|0kO!j!NK@%-BQm)kt&&WP3?VnWv?7g*ngO z(fpW_*Z=tnc8a0|XwxjLw^~a+d=4Q(QhRQ3l@H2N#D97y^cz?F;A2GWAn)+2cSOVN zOUetMu}Xce4^z#iEOYpTw=1F|EDnYgIbHZxg4v6ofrVhNt<1>`U&nx9_dcJtk?m;M zYr)ehjCe!@h0EJS4$$xN7@E&GcJTeE?Xs<&C5>O3#W9A&Mpr-4VKk8ciBn}hs;SKv z^0X>W3CWrM(l5-(_zJZcF8e3X5K=y3hGPaP+i5&CqM*-p9y9jwN@O%@nW-E%vJPP2 z`fxRP9IJ09Sbn}ypg*_^>L0%%M{U;fBSfxP*P>$3In;qwMANHgzn!ADYTC})`+S`_ zv0TZ3@wGg$`gAnj)^_!us&SIrl|GU3Ol8}NE@Qg3zu&8(UMIdc9`)*k#_Fi;R17PZ zzbSz*AvBENEglW4@S7(&elC)Fn}hWm4Ec;r&HQJxhW++($?qjg7wfXF=b67+$mWdJ zA3NRs*ZnVLX+>zBF52U^XoqDAt~nWLW%J4z7~uYE7xYXNm)^Y8q>e4I4fRW06^DJo ziB~7n{kRkmNyd$rD76R_!!5IZ(bEbeLreb>2c4wINkv+Z!(RTP@#t%sBa{=7d=N+9 zuT6xuQJG(~KSPky{DOaG?$XJ$ZFMrqWYQkgS3wfd1&WF7n4z0t`RSaee)`LLY6fDJfZ zlIpR+T2GX7&iF?8Pe2HkV35Px?@iFlyi|$lJN=F=;|bQqmfN{^hDf@4q080%r5K4(>h~LgZ`mhS6W2qP}rI zjMlp7h5f@=17f~^74+i|*(+2sU=P4ZNnSI)7buep+CyB5)mTRmxyKl~>QZdP%Az9w zGH^0#f1rX9uokMMNWPixR-&(-cpFme9R1CBPU%38T*Tc$YCc!j$&(qLM;&mJ2fw*G zHR}^xtq3}XBB?yL%2s-K`YTeD)!rZuS|W3g+9~WOO4~V+s1^g4QO$NoaQjwzSX1r7 zBO2!(uIClp21yRpeL|Zb0v>ezQV#h9xinyz2OHkDagI@X{oJbK6TX%y|n zXB!12TjpvqEwRB^d_e|~bEY^G%!~NLpRpFqDty|Ee)$&AdbSp_dI7Vmk#ui#g+8Vw z2s2`zei)8zEEuZ3y4{Aw$o$vfF1jDJVMlvqKgD-$#WB9vZE7Mx5JRee(}zq@(L!@s z7|XOvj0}|w+~)&&!5i5~U4i<&{4w&GOZU_2IM_;jPWLYb`dF;T+DX3|ZsoY`&WZYS z#tth;YLv1B#$bJqH%rJ%cZiloIc=*$ac!fu6N!-5C)G{y>dJ!I1^DxLg7yMjuf3nb z%&8oH-V*gMDV2*Zmq>CTLo9YzN-U(Fm&_O)=nd~6Af=2L!t;uApe3Fpz(B{P|Aqev z%%Lu#yBi0NYdGuF{j`Xd^u$$tB5%VLjIP{q_ABV4H$NN7U&Uk=p;th#60HE)Q~er- z7VU@c*w?l-t8PW!rslZy51Ha%`$vTwcn%Ti@ysixyVY-3CF+{Ro7y}|Z-qk5Vg*R< zcRSZ+CjFhqqFsh3Smoz!$!P1_@+ESzKY`01MWU92rRiYetRrglVFxm-zI9lPB&#mj z?@?fO<^0r4Y&=JITmv|v6@SbUZF`J7w@qvPL;M+VKK9{lB-$g(=#3{96^+z!rHEA! z06R=mdL0cKF1)RoldTuJ8&0Ip6~i1a(xs84v+U1lC^a5QmQW*GX*_3#tB;_HPPzdN zpqf6x6_w<3eHPk6ix_9me+iF5<-tvbN}dF)O6xw65k`Zl=y35p{_i$wHeeZi^M}Q0lj(t0i0e{09;IoycIGY$Mukw?@_bJ7U_?6 zFf!6P;23f-)vwf*KXRE1!2Fk6|xq z_(Avr)+C?gG-m;cU1EjqK7*Fv;~86}imB@?g2ig@)*H=?IC#(MU#51E2!rR@Lgtpz znI7WSYlv}p?SPePJ=~5_*AC#GEr3vB_2pTuY(b{YODB+(rTOf4CCGCt;fG0Sd1VmBF7r_U~KvIU|`WV%tw>gr)y|<8@X4hD3gS^ zL`H~bJyQ>=S`a%PQRk<`J&2C_%cvqq0_}~>C4JS-DWNDbYHluk<@5KauUR%i>xZk; zoDBrEbd|kN=cq37`2mGl;}t+%!Rrajh+>cP@``5cG1X>3nqkN0qc`kG90q4K-*az?Iu4a5&~WXE%obeMHd=9`$+r`} zTIjLL<-WCQ__aeDQIwQn|4Quj&jr+(bUt|bkF-U96o2d-&j2^&E$v#njwQs+ zM^hUN-}~4EJ8`!(^8Lj-aiY2A9df>PJG-Lx=4E~Axj(F_W)4u{{u?k}roZ&~T@^tz zE!wgSA zd_5<;@B|cbF7)oa%JkV3Osn%tnRnct_r%Vk`?!brtko87x}fHGdsq}bXjDuDJ%@lo zy?N&V!zT8}I5SP8phwMokn4IU0bM)GzG3h_et&k@|3aU$c34^XDddP$-{y_$A1^n1 z%n39FshV}w_behah7Z0H*>64hgRaw%w)V&7Nh5A^0AkaWw?Y)-K>KQ&0lX!z-~NMN zdp8>Dt|VAq0A^+%#)>Mxxcb0jGg126x~Og=zltNsgcutIWUl2Xv(8OP6kF{rOEL5m`w@ww z*lK(&sImU3S6oMFu{N)VX}w*TU6vx`642b#n{z@r0 z^f}_5V!YGDdl)|)47OpqZ>*6=p03AwcDKd_4#pU{=^Jg@KLhP^<;)XE$5&EDA@#5Gp@&wj@rLk96Kwq`3Ki zlEB&<6hZy{ux8y^wA`DF7Hm|hobz~+ALHJFpm73nVtKP$Ms z4SpyWJz|o_OgJL1yFnB6O{>%_Mx}xC>x;g9a{gYOcio!?E&k_>yK{K&{r+5~x zXg0&LSKi}Z>6;=n3-?$gtOjMsD&P1684uZroFe2%i0yoi+c2jIVaP%55 z_J{%(`Qpt;7rV+)t>?`-;TZ-5eWMpi&V5`88&%fH6_3#;^Ic) z9@Trd*&w#A9`-6kds$GH^jvM48z5@)c`ciQ9Z*m$Zy=hS;f#Dx=VWZBR_9=ceH(j1r34Orc7 zIP9BsWf-B(dkB-grLy(aTrVm&zzT&+W?XnOF5PRuUR-g7wxA z9dYMG+B3ybUEA5PAM6LH$S*lrM|!CHq}yz)`-)c|WESF9!Z(_(vD^y2LXZ{enOHih zAsvoh%bwU+I9RD=jMXLk6XGZ<8+h5^Qgh>dUVSe-n$33$uLIt&5^jLkD7RYxJ;gPA zKDx*3nwK#_IIaA<V3Q6mL-Bodl;5DI{xCW)mIQgb%VcemQvDJlWL#VOp$Alt)bpJ&JE4Tq-yyGvd;(0ZmUjSc z*j3Y>!YazARX{nhd!1i@PqgC(_{wL))fp3O3P7~chmC8_nJthIdb>)ofVJs^c& zDg01DIx;Tn&U9wD*p!Ec{1N$cn>doLB@!Q?gHPYoziSgN+RJX;PnfPN{grz$JDL|T z1dv>r{t%p*8@fLGKNlM7@6fw-;KNvKQ(*UM!IpAF-2$ z^fP93X6t3Bm5S{ByzLtJC^lAtT^IL3^gV>u`H~)$X7q)EVCl?znc8~ZGY3=OJEYH? z`eO=Us;HshG=r99qv8yN_*HITV-C5CR&D!;TmXgD@~bn78Me$s0jz$d#5B!S@N9h- z99#K+$^!Apim7h-my9VH5&L!r>F(^-7-$!r3N-P2daI)&jfZCn!!y?;YuR9fX9uzD zIWiNRPei>{#ddP$+;*xN)3cr&p-jLBh3Vk=O-$t64Zty#H{(gWpfFaw>4E%0>&?T} z_J4|NvlOLi;99%~sG+MOq3Dy0h*&QME+w*83~*Kz-Dm#ggEgJ)=atZ=NpMD zy9xKKQ>dZvPW_(VwzeN?DV2=lOOLQCB!S^dVnrfy4|E0DV?jckaZPP9=WVOS$Yw<> z_1xsvB9@Y;wXeJJ}{$`ExzBF+j5>>7E6A4PZdyN5@{M**x()YYrJT)VPv+qnF`O)A`|KSHnyQ5 z`jAaPd$_4mEh?pVA?GYhq}9NZ@wK3D_cEq)2YYj)nEJz~%ag%uV*VxJV&}Q+sgoS_ zTaa4MYWL%=gj@eB3s5stZ24T;!CA37{&n9r^0SBRYk?X>_hNZx_akevIs+g@_q4sEnZ=8Tac^m$QiBh% zoL4vEY^x^QueIktpK~GbYFsnbCf=x`oOY&qC8;WLvqxD1$h(XU{>d00IfdQ0e9HMxBvr2hk z9PQ(*o=gqA3@L7|{XX=@0-19J(fd7eIY_dcjRQ5AqEsIKj{|WMlm8AGFQ43K!w8JIHZ(}X+@X2Ya1oe@Wr>1HJiWZLq+EcPLo%^;*%E&B z0lM&fxebk_SDU8PULRYER6ozw1r;xa_ zLz$jq8%cebwub+slbzXVyRNJ+I3&IGe1Q+DSmTsiH3{y+KHRS?`w0-qVCDKpY1yDq zG#w^@uap&Js{DW!u(Mo7o6@2rlU5ngdXu^=8keGv5kzEbx_x@tJ=q;@qrFkSOuKh#GeRE-v*qTAUUISQP?Txj>kL! zs%DYGi{@y~NwA8bS}$8S=@1_B#+0CWgBC6`dul1!`GY*&g`g=q@g&|7G<71@s@!)hV$vPJ#;v$T{?kpm32(b3GzGFN^E*wO|YNU zYyF(rh}nYDndfE4{D9TYXblOy2;Dp0^|_fIOQ%<<_}lkQVx(6R8ii|Y2YnWV6XhOW z>yZJe0Ih9--B*o>B(~{^yuQF)OeFS*8p=w03pd07+W;y1PH+P!_>EqnbtUm=LC!{t zwm^QG#UZjTYf+UY*{OOX{Po)-5UQBo`7(deMO8wD%naVJj83}(E_C_$7l^$^iAdK` zGM@GQG0t#ynC{i}Y18f)(jIx%KK2+vwh2_R zG5V0pCOU^*J~0|s#>jR`$?yugs$HPs)~5)18aqxlIi))PJi7=^r{a;56zdc3^+Wo? zOBbtL_7{HBU zxk53FrmZD#FPrg3;iM!(b+HF_w9DmT#6qO63a|RuT2`m>Xy8X`$pyvv*5=b!dyc_IJ1spL0kB%02wfp`2l8d zn(o)%++>6YFw?<8jCxy3GK$-)cm{}vSnSzg)|SWncY{6@q%=?NvQ^6PbD^FDEVapsqN5Qvg@g#w6Ydrj% zmRJt)5DI5(yXfZWL3r-ecCe@*6r%5GNAE$^+U+1>&;wEZ@ zm7y~>pEc`dj3NFSCDchk=zv!XbIa#up1V!F37niIt}J+4o?(EWlkA%CU>T^0L`v*9 zdI0Fx6>o?D*}py^E$Qt>j?Ej-{5Mq+yWlx?dlifG`; z=PYSxfD_x>R$ig0h)oLg85r0TXOE#`ES9kB4<= zy-7~JzncODeG?EHJ#+0mo&pZI3w@AR!Yv5GxzK7Mc9D)tQJxDCr2ziPE!Q1%6q1{J zIiIoXeYr1JzwNA{Mz0Dz_{ydr!se(LBvT1>uCcgBIZB~yF!e;&+<;!CQhVGs`aa*x z=fO<5>DKS_C)x4?hQL=KqCxQI!Q1yaDIZ7fvq8rQb?$vZVvHGAI4%dvuM~* zG3fNXR=YFL&Q_t8p{=W^dYLaJ*8XEE$Q8)`oj^T+nrp5z6tKZvguoL^s59@gKOhSO z6PYjbvvDcr%9O3I8?UTDZ?TH4QJx4lJ{CjEb-th{J+!x-Z$Vpg$KxDWsb4T!$QFM> zax?ZwD!o1o5{1aZ@R#`Zm$ZOhPy6kj?+-j2d;7Rs>Ik=A;IDnyv`nZVao@_4{l*sD1g4z23*`2t;wcO+7YxX+|5B=6z0;+W`uG2V&)RY;F?*Oxwib7@o?zj zToO9hW)UJzK3||F*3%I1%)g}S6}6WWiGRsolj5Nbim0#m?}}(j0w;k%m1&;cYMAg| zu|g9M6~%pnnr~PKq)kJ(#u9|GH!%du3S)EoE~JeKLB=rL@PGzO3u543x?_S2h>3X; zHtDfv)NwifJo~3NnqVXw$WuSGJ-huiUQ^yXpl9GU7nm^~--?#l6rb~99De8VF8E;y3PL1h`dnTz@xJnY$UHK-*^Mqs6DTEdf&$Y{PNw^2QBdf zQ`;KsTRxs}s07zPLu2fpCzmdpuC4r$m6sVFtLAQsM#V014e3^*x2i^NsKJ ze~>{5RHv9FyQ}f$)a3(`c*nW+M{9#CGtT{diFS2)pmVEK@4mR$;yLX1xgNd*{)y5w z-Mq<|uDR04n8-tqg&^i0U<6rKt8*%LDqbGY!2@KTF~@Blx=N`ZBv{`qIc&k>jFV@I z&+1S;11ZTK;6}W?@$ZgSSGGjkrZFIcC;eu({WI=!P!FW)#X5Mv8TG8Ysg z$=pLf1u-T3o^csBMEhjhTG>YD<2vsiI0N@0aa2pcXxa^=ka^MJ9|NKuv<6%C$NOSp z@jys?akXx!CTrOfsw|pw@&?# z49CdlV){={MhJ)133#6JpO|=Y0M|}?v?&}#j*kOR&n{pQRP`YbuU>%ab@^&L$|nt3 z*u!gjge2R*Qd!1%PY1t~ZW@t-J%c@n+| zjExP5g$&Axm%KK1(=)Y6ex9I%Tg=?P@mQ-ISZ;j89~pz!+s?m9J>&vDnC|X^S58QUVDl<%|%Lcd>j!K&or=}!GtilKs zLQC2T>jnEf`=w;YO+DO1UgYH=apRo#h3#hE@p#kqC|F#gE1~>z&+tW$RI4u*&_04+ ztVlhuO2Vk;zBOO3K;i2N5+w$XB#Yc)Ji;dqe_O!Ia$x-+MUwYwPVZw%p}H(A7)g+R zM7NBiQnCzjR}a~yap6PWOoAMEnu47!g8yvS?oEDQ=V=+ zD0=Snzqpw}Ftc1@7S$!m#Yuk$25E)mF(?v@oO^X~Ad=zM-6y?TsrBDC?$2i&6FeG_>IGV>+aY+dcz`=*f(Jn?R=HYr8O@cp zKzuH!;qf6cvSlImniJ{n1uYZl0L2_e_*)T$dox#2ehUwnzL^Ypd&}Mf#CCu0#|L7N zdOz;mxTlFD1(2|r@Om7u|0ssE9!7$t+S35MLD>QaVAMA1g2C@GaPA#-33DoBk5c@?ryn*+gPm~{L`FR6Evue*?DV|JcrrREMN3Y2lq*fayf&bg{ zPJG0PW% z*{9N1rBFfuNfmu0xUUq2k^Af!>=&zc{6!OL?fk%Rcs0?sN>@AXedN0lvty|@76)Un zv*p+#?E0JQi$ow<51i!nP#f>S2r4I~_NZM?!_KKS$)Sn(pq-=-vIe*Yu^K|<1u-{&kbh&m-dJ}kveP9Uq40Dp<2c6H8_CdrlRLMKF zdXMBJ%$Xvx#@s=xiFE|em!4q2-Cm1al;~G~5&an9j(%i7Ta9^XxX{e56_44xYfY{% z@8Pc+B%`I=h@aK#Z7i^-ghfL4NNgkpRy87TeXGKQtsG8SWQG=|0dLuJ5>c6Zun@wT zAbK+K3mwoCMQRyAD&5eTM)oO?5LbQ=8LGHXP8E(?4q-e7Q?5(&TLFbzU7!5z_g=S` zR>%|Ga;>YK03k}(tV;<6Z!e%+CZc`C%XJl>A2(XYl^+=-USalWY8#r88pHQnTeOGB z+$)umpzv*A2buwsp8tSYU5vhQ>w*ADymI#QHhvu1VZ}Qp(KdKRqgD2S(p|ZG*%E0%Y<_7hnmwJWZ+VUs_%! zRUx^17VdM&pf*?B5WrdX;KiRqlh_XDXlrrWSK{wxgLHcjXzLCab^^FZ3CY@%vN&NQ zbSG*}x)S;;gJH5F3+?{a%wR+Gr)mXojwj^~2z!m&%^}j(5Ffr(1pkJPXto%VY`c%v zyY1SIdI1O248%<S9S{DVmx9YoWl;3oHZp{NS!U>vMx@}B9wIWO^fkv4C z)WF{!K9=LH@4^JzJ;d@Dk5LNem?c8VdoDk3-J9^=o#J{eUjwab1a`nlb$K$SG0=^k zx_3(TT)+yzE55M-HW789q!qAE2BPIz3KS`ajlm@G?iz3IHhc{!47C$6V3X*vN z@1{tQGtg;WOMHG|l|jYvv95ASTH=#5ETj|bcq@ZWMZsvid5WcW(9PxQ3w~&F&K`;P zn-KLf{YUgknCK+>Q_N%nq~C+EDOaHe0rh~^lV-8{QrYeH+&?8D9Cg1b;d{-Z2fH90Ef60?q)WI!5eT8y)m4I+OdJr2z`l^sf631d z!!@>&LuGSsBD%hQrXSVv7cVC%Wn_OTqbq^Ol>L=kDM{Np@)E=G?4jR_tkBPL2B`4! z^k*4n*=i4|-IOC;c?%eV@EVFqPPc*&L~u?E)Tlxw6KBpG=M797L=oi&z`Nu|hvbiG zBLo=mOMwJcE|RRVRLNKp3EZK{8)ib}P{YrHzS6zy{xE?BZ09-HsxIB%uRMJ(mnMfS zv^!YBIY*1E{iUd8Z$|IJtk5BI5I8mKK%b*nLC3Q*l3U0>$-rL30;Z^dZR{wB)NADb z0YMIZF`TbjU6v`Cfsy|@_;G*7CjW#5S7OfZKqNXRb|niPR801{+lXg4oeEodT(8#l zq`c>C(+iN)APSJFvZ~&L&9_-yk*>iMi2XQQMuz1v?XLaaNiY`;%vF{{knj-0W+Qrd zrTO7!b8`S;IKN8}zWP$Ko3QFm1q!N}2Wx5#~q-qn{tX8ofMKb8D#D zs$S!(=&s3cZ+_lRXumsp((KnN+OgAXcgMJBlnSOKZ?8hNI>KWzSflU)Jqm zd^g}MLRsw-&B*^=?Le~_v;-D-#kjgWWN7pyN(i`6MI8vpj0)eVMwQr8i%#qI>b-2Z zg}!}brP8ZntYtMBYN3OwC;_fEVs-a2>lB2vXw+g#s{Hh-I_lsUGqR&^5|ZIUV^!ES z&6WTA;x)`P)qMe{em-(XGidzW6P=Vfw7?m`7el38WzOm$e)Z!RPjR8cF*{n74IRGJ|HXJ_kCL@tO}@v+^`WvF^e%mp!WN>@i->i#_YgCgRN6_}K8I_)Jr+0k9R zorlrciM0f*6>lPBNXzP%SbDfn@mf}uZ56?;_R(tyUVCk3f6huC_jiHJ6!KuSaTMwo zUP2@!uf7n8L{%^phskD04=}JQJ1EezpmG^@#J&(UGA^{i^v-gB1wrbJG9lv+lVhdV zf;?N#z{lk9)Fg4p8!?z|Z@A3~W+4wnXtQj84tL2x*khh{k6;Ta(jfijON8El+RLT} z#icvnpS{2_nnFzAs3;pmvM}|pnW$0s0NORZ_nVh<59nGOSHMiO743^Y%%z&|hW^mb zo!7H2G8HwB{-oXpW}pg$z}lZnG+oE!rco+E>Y{m+=FIDmk|T^CUe*l2f5Ar1$PabL zq7c=wQ(K_=94vjkmdi4aX@*YOi7uga`ge+d zYL#NXCpjt9>$d)F{?v;_^vVQ{cZ-wde;s$>ac%8C?#P%torjsa&n*kI_jXKK-d>fY zRm8Nr-_b~8I(c`)E>*m~Mce4Dc43AMi_zvBgV1HdK4*ujPbr&?sJHLnp4{ZGLptLFsHi zu)6|Wf~=7#`fUcY7a#?DwU2s%C;Bu?ED8&39DHp64a-XOx(aaf6e@>?D_?vgu= zS9W+;-6GxpDFUQ9`fzmtw?rP>T>~wzM}fWQeOqpB2Jx*aD0eSjgSR4y-(v*(FiiE1 zXfZ_@0=pE{YhWdfds7vZKHDy3*|jBks>kXUw?YTGbAGh`?l5>8gwhOe#vOqd8WIm+ zaN!r)ThBVVgj6W7zHEc!)NGr4kH!t?2UhV`nYZ|xBFOr|nIVHEy5Z5PCyk9CA^?1# zIrT`o_2cMrNM|@Kt*$=-0j~3XUT4rvp@XpJDcLx4>Yu<=gj&l-&z)7S)YD1+4Zn}r zOYyGv7A7GUny9YD>hEg(L^#IsSTO>l&x5oTk`mq2Bn{x$#@sKHFk(kC8P{+icKYA) z67QRy{n+0uX-WXdYjEY2g+|h54RXAz2=cdE#*k>$EL*)rdoB_4{Y6}cD`=f;SU&(E zAR@YoVLVd`emlK&`l98$-`cg z+0ZF+7cZD?cQ-Vj1^#-$Z_^DmLF0`|m!om{+KN41#n@3}-CeIdXVg{63s%^PMWjvv z@`t~$Y;TSi-XptWGX5ObXTQ{LH&Z<>uL=A?-1Ni3-pJ*yG5w;=-$$S%#FJ?kt5agy zaeOvzQxi6mfx8BWeD_JK~UH4T&?2A4Sr&Ms|j?1MvBQ?}X4?DpZJCvk>eS_>D-*v8HB z`MaH#TKs&+fUq3Xehb(`jJ9S?wrFZK$sIqsbM)g07Wq^9j;EA4+o_(9Gk1F%*?9J>J z#H}S$57dM%Z?MP%E|>^&h9rS4pItP4y6k(MAVl1v1HmW3WP`OThl0g(5{2K`yEa-^2O zdXYS3l#zk0TK-WP7WY+pw(he(J2;9RI!{(i473^-S;Knsxpjy&AHpj?_4Hy0@1a7GeLYW(kSAK@|qlPXS zbrFb1MDR0{>?1wgAb)V_=zmlIP*{vK7YodT_$RBoY2 zqe12nQ#EI>VCM7Y+yo3#zEoy8Z8cfiZJ@*ccR+8Uqly6@AX@L=)z*5hj7^qept z@gXjIQi<6znG$`xlGYl%+zY3ps;&k06_0DB`}Mx2iKpdaB?R!*!IE|b4TwWb%OySj zR~7(>s2hriwi1UwIu0Bg$*=0+fMxD}5M!pfN(*bp@(U5MRJZ*Q%$^?hI6{SJV~t6% zm~|e@0ro2T2d-BSc1g9>FCxN*hKBTPdT{f5n5JY%$_z%#IHG2PpH7c-4CuLh1)3E} zmIbR>%J(!i_u04Zd|5-FP8NPbAP$S7*1Kbnj697fLL{4M--%F^1_~FKQ=){!P}DwK zgz`Kt@b4J)@<|_4hotAF00kz&nuu>cwlRIY#-$Uu2eFX-9X(Y!OnIylWq;yWLzL4y z)+B}^q9ag%lp@_DaSc{(*lu)efApWIV+@^ zgh=wBc~gi>%Yq^GyB0$t`$X4W*FO6Iaos;Y`s>!S{Sv7B3vBG8rXGH8FuZ%Xw$xDs zcK?$3x`eq2d&>gZ``5TXWU#uevPSFY80QSbRC7e5@)_X>&C6hNPFNp5-`%~Myi=Y6 zqDHw7+gQhahD7rP&RckH%iMUzp-kka#-eE5$kPXxf6bBr2*1L<`MAd0xF$k0gilWA zb>i`4ZMliZYnAbgioLdNiiyWNl)a5(WF~X5u3*7NKO(H9;u{u)1gmOXFR+rZBTseg zo0dlg*nrce)v3AH0CfLmn!Yqx*Es`uU)jes&E~`~4vDnSSos|A+JHxmzuN+0+T#B# z7xf7Hm>JZgkmXo@^s$K-jJ6T&k=OSr1)iNY6oyXeXwG+w;`zN9kU6x%?dKa^QSRkW zR-MS(WNr);D89rZXza58rR70Dd^R~+M&d^zlmjTdW^0K9LJzw@#>Z${VjB+4-93N=HbcN<)#i%sl97G_CIecAAg?TqrxB~-CF{c57z zAQy~oH0kE@ERL`0v5tD0hYJjYmxXEO3*gVY3){dfQl>fh_5E=7E^~foCY2Nn{xSk4 zfkXdF22AXI==V`d6GzE7q??h5?y2v2Io)3@!fG`?BE_j%J%{n_47_YjGGr1}2=VzN z(#BwV%+g;*!fv9gpcC|B)55vL>aaDGP_H{Os$$02^wktg8(lnEpX4i9kOBH0D{ct7 zQg;c_^Qi{`HcY|m!U5&A3$5W9A++9d`i@p1kZL%#K{GWe*H^BfI~(+HLC?*{YYNPy zrXg$|f=tR7u7dbcU+Kcoe|&=gorDQfRYH~=;3~QY6n)vb-kQ;gq6oDEk79@i`Et?p z;4az2bp~dgsrhB;XUyN|!m^>Lro~S!F=AALPFYvn?2hU#v6^eR>ctB!)-x}0`;-oe zn|{+!m_J4a0y_!q#N@{)O_qS+-D#swdI#+flI3yscN=C6u7`Eewa)+BIfS|O9om#x zCN+sf%0Gxz5-ORWe7(~aQ{x?db@9yk)Q8!^^r=rnRu6)pj3Q_r!6%(_4SC%FCqM?)z;lMeR&e=&3iIM|LGW`pkymxtmwHd8upyu@SB>Dll*=0<7i^`Xg1zN-1M2i}iNTONV`Hh! zNjLx$#(wmCxKcLoHw4lW%NgnG0pb*S^)iqqf=2E~zcs*55T|_f>|9>%F3D>N8Wd*z z+!iF{?U`aLkltT)SLR8zVopKRLriUk7#C6`Wz-WX8p1~ST-%5y6XuRvXOFAr_p%OgcjLwW%uI?lQ8 zz1LoQ?X}ikpU)ckMm*jsG4uvM#~q(1jWdZj{4<8E?e>u=++-hu7Ej!li({XU9QH{V zFq7c_%=0kmn{QU1FS>H6)3lMeldBgnS-9L@vkId@m_?MrZYTFAsqExXY;{UFVQk=9 zkg~~Di7*^6HGJ*Ka;hqON%9@53`Yz3;^U_p2x^A9YL1bXpg*c~7C&CQ zho+nFK4_n&lNVcFJ(wH6&2zbkNdA}*wSXH%UG__UpZ+;kmT=?KJZV8>Nb*;oyc)`%Ur3~TiR$;yVP~Hi65cwm}06|yXtvWKOrf^Y!>f2SHzXAG8WF| zC>oI#tz61NHoC_tdFS-WYE7SSY@ZgwnY+%DZMc0kv#jZg4^`7g?!w@+bfJr@GDdZ^ z&jaI+kn!YEC(z*o^F^HhIj7gR^~KG4w%Nu9NU6MoZ>q<72+q?PM8*E`=f*_3L4k>88>x>o7<%_tS=ntbdszS zq`rVQ>(V~Ax`R((k~oRQz87nQjgt1_loNQ~3Rsy$6K4G=Wy_!oGG~?;%mo5B2lG&l_lhL*%l|QGpj@ zt`LO6h^$WtjE5Z>=6PYg`1$du-jdV|8o_BTkTY&v{XtlWjib-@Vfr5WqyEzq+X#hF zEPudbl}k*JD7%p2$a;W#NnPorZsmum#3&{exbIzM{a`R^L|2f%{YeCsM#{M9zw{5r zxDFkpgc0nJBCYd|4$+okJ)%k6A8rmz887?9rKCH+Td-C1r;`>D6g?j-8;LRsvL~g> z-$NJ5p2YdG_R=S8@fFr5=6ZF!n+UTD7V0sxtS{!l8(n@>kpdP5GdCEQDO-OMd(E3O z$AA0|?y3lfHtse4Rgzm6LX~O)1*R81A+d#fq$xyrm5C?WABYG`pAV76$KkunRaK`e z`%xPlR{uLHpt(f{YjYz@$k2RQmEtYpYl`c(ZWOFy#8lrlIbn$JNN2lH*u9xwZR_YV~;B-l`YieyRu2$n?ccKC(s4~qm#|W~TzC1rZr=sbO8iM9?HT$T3>s z$StWSzmDgyI*_p9Jo$sGaNJrHbqS4{Nq(VF%$~sPJ>|+BGLSj4)yCS12LeH) zOe34>BRu3ygg=2jUTB4NK!5F)g`53cGzST#JB6RYyvob-S|62OMc?YjBy6?aW>I06 zNnsIUI|1lAjrnVORbL&ij;*?()Cj1e$)D-v4$khBGP49>jvUmK$Papj;UX?|7jxp< zdzmX$ZPB!Ij1Ra&6TtlBUq!_PN&Qc5{7Ns9bHut>?XUUtCntJLJc+j1aFm3r{G&J} z5%M;{jb#H}OJ7nacicPcEIW&;XGzg!$12UTdky3nB+Su#VB}@9vQQ1r$-^$-icqu% z%HraQVdy>Y=aTEJ`9V=sC^Vi=h>W|K$Z0sLS>b`Awcm5OV;Sg;V!QCJ(a~R)0?ch-G{KB+CMzb8ys;P8?2?i0$(F#2>Z9oo;?naRPDgUw*NhpQ zxT5BghFQ9MJ+yV`OU)^_2`}lp!Q<5{TQ+(!frcCp+C`9U1d24p{-Nge5(R(7F&iIu zs9Sn`dDy-EMGd}c(8F^6)40g!7-P8uK6F^Sb=Jmmd+|DOlWV!SOM~+vjZ3gW{sF5PM1Cw=;S!pa3u%Io&tv^ zvB#kdv4THE4BNn8_99x0m{p$sn?QJE+6xwGhWDnqBOr_xdl{48smlWMN`Z)Y>8gC>uNV9_11yvz;O>^OZgc(juXT8wR%z}n z7Hi657KNBIFpxP5`%Q2${(Mg^qhq%!$I*p^QxPk=#b5@}WZRHt9#&hmh0EW(Q1M9%?Abf?N0O2GI3{W(yFbf)d7h^^lE@KE!? zoq4le!It^l^b0J?QL`3jD@9RUfNm-l%)8I>>zV(EB|;TTjwAK_=IXo^u_B|!>&P6& z*dQ1MnHt@JzvpC6s-5lb>3dw~8Cm(+YI4U5PRlEos8o~>p|(J8mYd?zejgH|Kv{U$ z!As3Q2%PdcSe~qz#*iIq ziQ{tv&-1TuAyaXUf=4vHb-DQ0;*u252E?BcZ+7D4sC~J>q^y+)v>sn?G-@vydN&Aod`OqGvOo%;F@aGHPb7as5M9uP?TUI0ciUxk3Say_JcgBH1(vt`VJ!xAv3(3CwcYUN8L;%O6XV3wA^wU#RQ!-vZ|3!k%J2 z%S7s@!>jmgP6PH=M}Pj;zaR4U2zK}dwU=6AmglHX9R-p>P&h(f%D)v(HW4rO=7X00 z+-v%Pq0^^S?N!c$As+1d82APq6Oz{W!;SpRc*2T?NMsB^IVl z;aLn|K{gzxx&B^`SkizqQ$Jb?B#?}<2g12P%C5f`7yR~CSu5Zb)YW->1NIjdf@X?* z^!su6kItb_Uca?^MDMdTT^ z5bM@GZSwcnw5@SiTlvd8t?5v@$g)O9k^dnGcyCq_>L3w~g#w)lkoxuUb@QWpBS2~; zZJJhp%QcG>n`%Pr(o3|Ec|DdaOpy{%WNemh-2W)REiBL4p^r`PNI<27Fxe&{?*Ea< zIXI|G#fbS7G36&*1X1`%J^I_}drp7P;q77Ude~Rk=u6K*F{^x0= zWbfmn6H;If;n6BRf6bvc++UH$FmSiu3Th*-hBX|co$3++r}@pdhNcN3gZ$gdX2n2U zQmod0pZ~9csL9ud>i|jXEqf=U$p|T?&;wAcqAf|_8)KAolc^E~;Q%B875|nmBNYy? zW4Ti5ylKI&2is)drw~HeJV(|G+9C`a^VQ;i%$NoqD`ic3Xu^&IMIiOSTj2`^bto|^ z%fijHzT>2X*gPG9fQWkz_IGRf{vKJ+?;~CJ!*L2sR^*x?O;mo!b-;Y}e4tSR^>mPw z;zL2BIMJjG5X?K?(?6KB0hDggGEuGjv{~EKZ{uI*C?T~TN(?O;X&RMW#5uNlZG2~p z!XmlR=2z&)%W8Sxy)BoH58(knsn}A>_NcXCdW~Xf*{EiVZ1c*@>G1Mw*SCzo#+d6Dv)(Rc*rX+pQC1+s7QPIQwLu!EM_4kccY z%Q_yQTy-S7{6dTx7Y&ESRQU7T)gkmK*k~mTSGA7otjA8?< zWdiR`$Ze^;4$ooynNf%PJT+y;&r`1yU%IlLBbqjn-Qs#zpI5cNP81P{-K`$FnQ!Ra zgR1((GstGubekj$+-ypfu&+$o*fQMF}=s+iCazqT$KR;C~%>SE-{EDr;WGrooh(kJV zfEd^dr=WFu95#0U*~IrAa!UkM-&VH74*dK{fEO9MLn2k-sp!FmXBWwW-_odb1j@pm zqPmQOLkZE)=z5oil?8|I3*KWVV?ur!x~w`>V8Z}7^K%5*?U{#a>rx`i@#1@!7I#5s zsPRb(II-Co7LN97ilaTR-eR%ZKe4olae_{5K5`KoAtmi1Hnc575Jq0Zci$T(U@^rk z(2CC5#ys==Aqlyje`XY5OYYb}C9iqI{cxy6!xO2@bRujx1uxObW(A@~)JVT{EgVhO z?)tv&B)Y#=tBfCxoKL;6`KaQ~%_7kw=G!N7lf1wr7FBG2@=?P3VEd)%Av(-gOqXE) z7k%s>g81ECRxZz&11ViHLtd{gf{t7*m#M`tVmsg15aJq-*)h^3|Mdelu>Aw&pJP8I zb3EMxbz%iXkkgQjxS9$y>64+cD#QCjVwnLE?O@N>tc*A zky>SrS!VA)aU3ZAD!Oum?4qad)yT!EP?o1aIvpv16@X9nL8be-4m?;WSNYe2m9WNJ zpG%Ei61|k|SKezRgX7`d*EzjX*#HYeb&lbO0N^1QVtRjVDmOf_+aVkIGPEr0o0nBJ zAw&VP?JRl3w9v+<+w7$3vizDIGt6!*6Kw_`UiN{rsc+!>N=@M2S1HF^WzO0nrHXql zx(V{(F!|nx5BOm%H-|Da4P*Vu>kbl9nTT(H_bBLtY5C)c?bgf@Bb2OUU74CK)kq zl^l>r5yeWzAjt%^)cB6x3@qm8T~e&GyBdY0`&(cR7VCc+G-LPrNgj>u-?aiU5VYsu zj-oNqWFEqt;!OAa0ZKOi(;vqko>=WnpxHOr1&85{|C7v^qx~8idVgPIaaiNWkJuUv zMNJEzX2L(_Y_5Bq*TD%B-XS9RUk}tAjtb>(Z0>F=c4ve5pGy{&AS4uX_I_Sw0(+0f z|6f1)|BVdzcgtPBY4u6k_Hyo0WhtY3k*KYm@XYmM&3ZPfV<*i0j{+U|Q;9ogzmn8B zvW+mNWWSrt-Wz`^J$wjDjeNMu4%_3}kDeb9NGyF#JILJY zLiv6z0RP{*w0un+hOSZg=r@VO;D{m?r|upX+4sn`k3n%Hl7J9$oqap!`rxLN+&bK- z@txl%@h{>=B#>k^G5+VT+GMte<2Le<4gSlDQe(5z?+~@TZ2VKPQv5b6*uH7~H5LuY zE!u?eP(QLy!1NiXwO1y zGy9#kObNhG-T`8$;(3Yl9}%h%q=+}wuC$7#A6SmR(zH_znAq_mKqwCZo^M+G)P*RV z^RNKagd_zd0g@c_lnwo5+!~T|muxnX6z86E!i`!^_oGKhy#ZHYKiK9ulQDpl6kFE& zV@t&t1Gil}luY(5jsPz~Z-Fm|vlJi}ED_Ag<`zPx>+v2T9R(~m7mQ{m1&ZjOQU*zN zT-^DD%K~7!J&Vsp_QqvGN6A;m=hB1@m3oiXzSTEjik;ay+x!i*{3+b&zg&(QzX_8Q3Rqg4>3&hRSfX5IaE86_NV0VjF%ByU(zZwYL7IyQY z=+6b1xKqcrzg(XNc#jaRecA2XDbsbgCiW=j5Rgc^bIWm{rs=oAWok&Kvem#VJ4}Gqu6twwO_X_#GtujEvLb*01E0$=AzPo?Ug)$9FgQ(IF9F?y$&~QJ2 za&gyVAA>LmfOh5U*z@74F~8kfW5D}H$sY&mZnGzV1A|Mt%8vA`ugpnV|vqR<%uy{O2h@4lyr&(u*x4pT|67B3!C`?|rvJI27 z>yZ4WG5?h9E3ahTGL4++A)I&M5VT|p82ZaPAXBLUihN~N`SUu0+Eu}w0DtS(tTFZk zHETx-trkc!#`3ioZtPH;)#zGy)+zm?Z3Na`x$0;hFwlnR%K+G9`uXlQ#uy;8H3BN@ z%OP-T)A(C)yB0wYkjJ;?1LCj#)%@H2_xm{2V@lP~+rWD^i?@P^SlB zGT?B%+rb{0w#bmH=}5;ywtN+Dq|4qTH}v zkKSE-zFmzHW)skV+{L62LapgRLs=2G22_i$BCe?t!Tn1DMbmzC1_d^r9f?p7{5W9x z-rAVo^L>JQdT#G+;IXwtXx}cq10Hr8gz_*5BYxO&)6^J_>_idXW5p~1H9?q)G2daH ziV^1{kK8+Sx`O2B&DHoeq0n-ub8;h>@=5R!lY&;d7cN?2<3Xi>ZQ63lNhe5?EQG3T z!D+yk3D$b83g%~e6`cYBwx5w$u=ozj5R#Vx%3<$tutdasH2(~g&z`Q6_HWMJ4b(8N_0hzNpI{}->L8_d>ORSaWNeY0?+E;*Yf_^3l zqddb!=nR0ovL@RBdNvxkr*xrk;{A6p>9V9izcJzgz{Yo{v6To5D&P1kOT`bm0ae-c zU}Yd*V>m#E7my7a$5kC{&4AJ+;fz?!W%mQrk^2NA@q^m6_roDl?4)(BZ8UZdE?)2$ z$Gu|#O&Crpt*Z$f6#F-iHmRBw)-V8TZOlZ1O%uoDQ3)2B2Un*u735a65&dFjoVmwel{|Xt0rRih(l_ zNELH+j4p__6^WQ{0Ys9p1nSfKu?bUL%+hj2po!yBvsI=o4?Zeg-IgqfaY{8Jc9 z%tM_6T-Qh4l2d^}r<${j*&D%wSq?tD=-$ZQu9Cr#%GI};(4s&qQ38z~l)pLNeI?*V z@Irb%j}P4&4JKfe=Zqh>W|nos074gxP@}hQ0ll3F9E85fi+yb*&PQdYQ!cj=3bmON zE36l-Jj`|3_ly(LW#2a>2NeLs^}TLS#|H-$KO4kPNeO_Jz7AAV7@-zeUG%~ zP^LXuRSg7;mfzmr_-gz@{R%)^gsDs&1CWj*H72Cvt=wn0icf*6q!D9PoADyjqW79* zdIAT^FkV=Bhyh-RAU(pDeK6Lpk}P^o#TW3YUoELULyp0DX$c(}o&*}{f!3RSJ{-rT zCAFGxKJ}Zye+2NcU5fpE?oL=Bkm3>p-b$r9 zx8D#6(rC+MbwlH8z+83*YMft8XWBoFqL&)lf=Yf7pC8{B$`4o+uZlx+NHiQt?C*KOo~Q-vyNR$7pu^ zI((#zs(1e;K~^6R0*(qEh&TTT-2wpe!enY5fXkygH5gZrd+g}>qmmvEp>2v!8*98q zchX{Rd?KBh#B}9mV(UGvyVBE8axHk*ceAj>4+u2F+kU)_Dg1V6=nO67`}P&r6&gMz zn{D#cY)+}#|B6+Y$!rqF%z=>N>rne^COzL0gnbm8h%wH9S%6-S-TY!`=5qxh7@x0l z0~lg{HYOb(h-cH0ejd+IC#GzS5M(NFuUfN~ZSZ*ttd2U&Axz@`m@`krc~%$4tg!i> z)3hhy2#=lpH@SdMiiEuye}4~Tbffy^_s_Gl$=px-5Qo9XUaON^&HtGB7EMxk`k%># z*r?IFnioIaViS?8M{+1UvRRijqM(=WT(yU^v4TW zKTK=PjY9gU=v_0Nm(oxi9ivP55R9oPqxq9#A0CVp6FfS3vrqlG>2Gf$WgL0rbA!z0 zt+aye-UU4WYg`nUvVTy@4k3-j&sas|k&Kp)h)TV?bw#t-kU{V)A*KtYM& zF&6B$aB2O#{?nhGeUw*<9+%qaZ-%~$Gd+k1Od)^Pt0h^ZCM0QN9SpP4 zf0N>h3-!Umtr*68`7vxp2~%YWLZ3!oLAuT-y)a2~>*F(^$ph*lG8 zwjSX!FsWE6YdSRiu7LN;w}-{vgTc}xR#TFZ^Jb@b)VY6oOF!)#BZw(-3Ce899p7uU zD?a36j(bblR-ye$x|`##7rH??uKpUS>@E`tGl_;^5oTrAz2->-&Y-93@pK(rVobJC zi2Ghx{L6-tyg@GF+^-fM#d*r~_B6E}n~pV^H7mKMeE8-4i0Ic*j|98FwB`4|{(s&m z@IK2Tpf*#GZe3R&zBqWBg9|f{ga)GTJwCqq$^c%B5M+Q5Pllsz5sv7qfUf5IHe`oM zMKEM5^8=lncjtjgC809rG2I~k-O4&C=z@^60lqlxbBk14L^3L4@Lmi!Dr_A~*`tSG^1gxBHsp5= zAq!b-B(B)q0j`tFd!3!W57{;KAC>$7F3*XRW8P1UJ*N`e;jE3DGaWlr(ZDeh0<;K? z2t)U%;tP>}qei5I({y2e=Ho3+NHZf>h*9`|tu@IB1nKDs^xd@hX235|dwZRkILEQ- zLm)vLxJ8!iY1Yh7R=U;iK=ib6d(|a$;xDmag=0Phu>29N0EE;N37Q11=_ z)1Wwnbiyv+howN2+6{zj9OW0T*CQDm(Gf?5efARGB~N2SrsfipM+bm8(JluX#+A(% z14ygU8)7H~NZ*$It`{#r4GdgS(9ut*U%Povl>)va+%&2Qw+Gp7VIbywLw9||2_fjb zMpL>D`Hxg%tBgJ*Oq~YSm#agINIcC_Ms~e7A)$r@%Bi&x7kl4eoBWJ&mAifjTT}$l{LQB#obgR- zK)X`XRTO8?(LD)SfL8u?gqa)g&&PxyB{Sq=2u}d={NllYDT4kK%<8| zM%@OEzI&U95UsQU(WE8x_G<{PC1bgL=H~{BP|eaGp9k6wA%ydy3YKEQ+Y(T(0toN* zDWEE&bzcF;RRC$cm0|TB5L%YNiazJ`U^)*7FH$`rI9eF7hUNri7cL?sIy!?>2!lf@ zq>{dUe$qMgb!ycWIOkH4b_H7-oqpvP@8D2M{rSe^M}lqso_s*9_T@Ys0$QN!_BS5(5Gpy!B=3^bXofm z?a_3%@^_X`TueM8KaGLv*VWd%d<61u-nnhP*ScXBt8vU*|n6?u6{ zxLKE>e?WOdOaqc#t*{{UWB^a);;~ z{a2MET6kkomA>YQDJw86P3OwB%W>1OZ=PkCH1|&0BT+~^ztxSY>bLh*ltxxJfRD*$ z7ucdYX*~m=8t$i!_1D5VvmQ|_#OW;s-T3-1b5=6WOH0gV-Hcie6yZwy$holvHqRDU z#Bh=~Pw@xeGLucgM}#{fM(VrKos$~xb#?B=kX5h-H9xUMdIBaV80Eb(_TghXZps?h zJkL{P-GQX&MBAj25^e?Y21iEZZqo8a%O49RJlf6XU4^S3Zb^0C^>)bw0;`7h9HEr8 z6b4+RXTB1g1pAh3m?GI^!EJBy;Yj_**H~~!Xuu)SV!=CPLW{G2Hgn$SCoVUL1nr=m zKk5$IJkcv_02Ll&kSk%f!F}*i4}rdGl-HRp4KSlxLN3cc(wM$t=5@{F4JFIoh%q8SH`Oj4L%n5Pb{92vU5 zOgk8ECPzz&t1f4+cp`qx>PpPOshMgw@6_qH zl=&%0A5^dybH#~Y_;U*6bv%Nyi*|SGY1f!>ZqWn;VN@1k+@)@z0-oTT#T~rtcniYT z1aIqBgZ3dyR8e3qj%!-h6n0UcSMxbpH&y*lKr579o?~#aM|>OlDrk&pYSZdV21Yxu z5nm~pCOe`py)a*-1#Kfz9@TVp(m7o368J zh`-Xq-#%~m{G;A*RB?yTAUdvmon2Hsw1xRgzMFUS{I_Giv^ykiddEuwDo-`cBfZ;f z5(joJC^F)ZhRLFsNdnH}edhLl6c^i>al}d>$;v`2iw37ZZt+#TK`Gl;Z&)Dq+nQ@B zBj1F_TffA*hxdk;OZT5%sdAobk>OL3)=W5uf6Q#TlI?{xgS7i2Z%CXQ;%7KFu2MG) zY@VK|`Pgc8Fd596UkfRoS)=sSm(gb&@r~)(4N_U^Sjx;JVj?Z7LK3B3T zqhO9ULq)M^@eu2%zN~H<@GvKflbn2gv-7|bWa;vkk9vq+FKS5GRkv6lh~BV zdoQ^LH%z|#&i99`%OsCj>BQU1e1AxE3gEmeIaiSO;GTyG+}j9;Pr-mkjSumlc)OZm_v ztfqhRCFFC~Z>_D3e*?0u2YlzNg*TD}9-H0zvG(=udRqIK8C9KkM+&FbVGxf72HS$w)MF%XQo{a}%d8tW@Bmz{GxPHWAH693OAq3i?$3En8D>!;k>%OCQmd8S(S%zyF@oDrTD$F zq8mn-L-%Ge&v#5}4i9K7p7RR(I>+<~8j08rLk9oZCYZ1Mr-b9`I48wx=o%+iftx5z zQEC*fYqX9vHx*cy5}0+I8nZAreW=sV6h2W)~jm<#NG5Uu(mO1&p; zYSeeqx)7DmCp68n#hep!14l@5C-30U(j=ox)4SLDBR{e9l)!lIGhKiIlqGGS2#*`GIUq?H+lTKHm&`vUqg*JK>KK zO<%q>A>R#X)}b-LJ)n0w(T+P1(Mk?_v&*B6_3y`~mOCUGjEa`jUm1I1$oG$S>Lx`(^YJfdCBbC3pX6`oJrn0lEw==Rt>ULn{O^oD&BEln671G zU@hapQ>(u1TFgz+(HJ5fR1`_YpIIY`pLfALX1Gw5#ius{DS;ixDtXm9GxxIz2FC>NDXttvsRWa$<+!2y@%k zw%^V312bzHb#{VsJ7GQGU#|HjD{O6o@0iD2THkT_qxdV=hm@oqy=Yc%DckF1^Pa5e zbfxv~IVtyR#(|7-i;fkqR;1+;mOk`{=T5vH@f|&9UY0XoE{Ol;avNXla1g)!cwDjD zEo@@byZQlXp%(RS4m55FBw_>7?@{ygWa>cj@WgJQR5MW^Q8t@=NiAELs?PP?l0UUT zQF>_?HM=PFry^Q`*E-ji)@e#M$YgTjE?uQ6{id;ciKgwla@Pm?i*a;W_M}np zmE5SiFfiv5>yv`UfQwg)`B2ULQj4f|@OSquxe$dYTKiT3KTVqO9|X zd`54`R`g7@CUfu~6o?X24T(XVfQ%SdU0AhzRtUB-;#wOU>u}jSD`8>AGJo`xf)%{>B=q9d*o{9&=tTM5AYM zZ9g~U^r+q0f>TPytyF;S{E+?(PlX)=ad@uVTtd&4Rd9eyJ@^Jkb?j;fRn{-nU|6E- z3+!UvJ?{{E#ODo{W;ZyVu@=sKnpmz~AChvpuuYrc(vc&f_3Ft#C+x4mlYq0}dw^6d z8TERdR<2d_<@^!^s#@&RIp0Dt@uhj=5>H)qF3(SU4s?s1v7(Z}ATzP(AG zHW|>{yQ^3A6|vlG>1Fnaqxa4%27AE8SpMxdq?aq0nxdA}>&(PIu8YpT6)J*?)JjgX z2s6KJH?o0{v6o`WH!ePNY@$7vap+daBca=VNB&-p#ghTzb(?I8AJWMf>(k2#ST0(G z9k<-_q`5jA=dqKjnXD=M&&re|UOkn(u1=`O1HKCt> r7ZV3n%oz(jvj6=*pYs3jv=?O}3lm1Tuq;!s;6GKRGm541=7IkQq{PK( literal 0 HcmV?d00001 diff --git a/doc/smart-switch/high-availability/images/case_for_tunnel_nhg.png b/doc/smart-switch/high-availability/images/case_for_tunnel_nhg.png new file mode 100644 index 0000000000000000000000000000000000000000..bf593f2f42cfd1cee1d974c79eee717aa15f085a GIT binary patch literal 65680 zcmZ_0cOcb!{6CJY2q!aS)vavGjEuNaWMpKMhQ0U5CJmt!+1s(n-m9YGNVa1q*_2u4 z@A*FJ-uwA|KHq=t4d=YiYdq)U@pzs`>Z*zqWK3jucz6`ouKulohetSxheu#YN({eg zOfB|;|KU4pD9Yg#cAlKW!(+$0_V;Bi597sAl2>$ndj~&?h%WQq>b-UC@29Q0r?iQ@ zk8*EP*QRmu529#mTL<^unkn;$>6kaiirp#tl61dVol27-Zw-9B>L-1!Q$n(%UTABq zdaHB9GkNBRo~e0f!kWaJlAXyHp5HoRh1xht+5Pbd{?~uhMFKoYCv(k|-~F#YAukul zmlHQ8Bt*&L;s5{tlglehs&nsFuHygx6H3+}74H6j{T?rXn;g}m&G>5m`2X=p6npR# z%m4Lz*_4k2!4BHQSzgF00v1W@zPFHzSljR=YnQ72NKp@v_Sw#mJIl9pm5BK1KM$B^ zhZT~zus(u~+*L{GZOZOlNcP+R_4ulikFf&Plo=uF;TiQOT}Afe4X?2p%L;w7@*?xR zm3||kzfY>1jy*W9Kuk>@_M*Wt5pr{Tmgp9tUd{<7rT}TbbZu=8Al27+eggAM{}}%M;><*d^=ZZMGAkn6jeU;du}=clx2kgZ3Hr8$)MGjcS+VbZl!NT! zhEs|HjK#%l28)HoURH46?kUn5U#`lKN+wYeFW?GY7u6Kms8)-w;FcWE0hJx0-qUT- zE&)Q+`&@s&iju93OLl`2_kTK^j%=TQ-(!b6q${v?>)vOXCZz0<%J>5Jd1&kALNByb z7&b7uFyRw2U2ob6jlPk7g>H$_)G&zR(kN~N@5}Hw46{NbT2I3&4rn-O8@L=!dra{m ze`GRfia)Qz8+kg+dePl~47bj^^8P4(=BdAV;64M?1LP*-quJ+3_{k7UlWiarmM>I4 zp@@npat|0gh3qRs4PNhaNA3x7kGcfg9PI|-Uq@47?WfuzB3xw{a1RwOluZ>3Z#>83 z-Z96Bd(t)$>14Oel`<5V;VWhK6HTudU&Ih1HpzaSoj2_C!zrV~^G}h6^WSis$w5AU zh`<#8Wa;?FZ(py#D^n(kNWU=oKAdC6J@N`6>EwkA>cTYelt?`MlPmbRUtc7^%DYsK zx>-B(c)xvl`h(P=U%U_iTWVl&M>ZkCFpDj>UJ%k#)pGV_eF(d{tIy8+(Av`SgG;i- zCFC)91bWo$!R_4^pKrn?mCHKNpOg`w-gZq{L)N87(99k_KWqK%cUK;aOgRlaFB(U#FpjYVyw6)s3u7# ztdu^zL5}qS%`H*GHxyhf$lp-!AHt1ZA%1Lj%3s!(NcTb9_-phG@fLGfu6yZ5Z4Oj}t7CxA7c4 zQg#Up!pa;Ig&g5?!ofWBU;O;Y_E4PiO$Y82p+Yb4-}B+#M*0GYEClp1$QH_JCrHxu zt=4$q>Fmh_yGBu;9MJ=~*KHh!HAYCPDZo=s5$(#Hc&(=P7Xt(CSYB|zBZ!$Qf1gnn zTvDvV$OG7&mVv)KV=mwIJ=`;PgQ!-1Z@C=Va-xVDa;-|#-{qb=^WOYK!`YP77@ zPx&!BTvHVK~46Jf8uZKR(Z`hs}J=k44ho$K| z*j^|amRQKYL(X4y>y)eC-o}92xX;!Q{Mx>qxAgic*IeolRtTBZ8!O{7HxrY6w{z-O zKk{tu@2u1=#F+Sc8r*xSov$3jZ@YZ($#4J8C+VGh+xm_EiY__wkp8_7=aL5v?CbB@ zH||wn#K!O2UAk%Hs%>!p$Gbb_Ay1eznJ2=-*sxB9m=(Je+|wK*xju3sWyinE ziHAtN38hj*w-W5fJ`7n+iYs6{!C{g&D^<{cag)k4!pjj=)Hy!8v5Yat5|p@FT4pXSPF-ecG1?KRXekEFAFd88f2Otd9PbDN4{hjowFl zO{Gi+H_M&adh(FqHBV7pwmH3*nFzruWJ4=1q@iMlT&hWuySTY{PBB`9cYZiWbD&4Y9g->_^ zZcJwPgtK`o(^eVt0zC0yrw&(a>NHSw;_kz$c> zdAO+aJ+Pg>wgaQlvnUb5sxMKC5gi`Pj4_tbF&Z=b6?ggPdXHM0*G*m0t@o!R2JuNw zPAoUhBzfClL6jjvBw$PJQ9~>ypxcyNsCl3OXSq_P47k{A_NPUbS>vH z0@FF<9}GISvFNz4)0GrdV6FJS9%GeFV^<4E+6>q9pB7M)+IX>4`bpX@HoH}|U9|kZ zX6YNV&V;#5M{*u4kBWCzjs=a^(neOwN1o9d*V6O|X)NZ_TBt)@LDrcRth=g$vV;KC zXVqpe>E`n{vozVt|5|^?U{dyu-k<~HuX!M%tRjTnz4ztqql&do$=dPfZ;E_3^4`m! zOgR$7cpSm9?2WKYddC^Qsy2~NzVb}0O+~-K8I=eI`AB-DI?Zonzzuxy%@B z0x`C?_b!#xy86N-@mP6WY&N^fPKKp`Fp;kQgE^K5#hX~`;lkSG`AzNNyHP5Jqh8-2 z09c#&{>n5c%t`a_B%iF?%w`R-_bPNB4?aqBJ8|8sjm5o6{*thex)7muT|Ehv#4Nic z`0;Sv`_;i)K@^4-XrGNn7q+wBH8mVuEUenN`%8kzT9L(7YvI9x zu?ejU*UxSa{C&Z>uTg3hc|{FazMfuc6*~I|3GPLOLw*N)qXOlBm3eP1+u4_Yh&orB znYxd%gLS(M&>4j1#yY88`VnkEnR|XsRXtJKr)KWfBiDXCvM(n3CI+M-T9idyl$fwpPMMhmO z>ai6Z;^0NncMkK{^;KakZ)0+qj~)Jg!(_qlBrOX5SMKP_6I5`TZ^oz3N5>o zLxaAYw3_Ah^2W+VJZekNyB;n~BZH+ON-*4Xd&; z%Oa#UUy<{_krV%9HPIBXIncN-vigab;j1Qi<nBRHX ze(A_vW<+xFPtHX^#IB+MC5f^%-wnzyF^KyMV^BFO( z^H7l99j79?t$#K*g1bEK$MIud)))VZX*ipw6_0hX2#mh544Gp&{c+`|I5V`RO{e%& zSig1IUz(v}y!Gqd1?SR|Jia{2Vl;avCr;#ny`vg>A&f<`LS@E9JviD;R7`A`-oWNK z_Qzjx;(RfEm+82%I{f*Z_j?*_$yn=yIMc4k?JVytyEi(=cq&`L3H#}~L&h7PXbwux z{kC?I7HYe?6hL>|qh2&9lqgKeb+fAJfW*->%t0gw^Rihucd1R)sIW zhrZR|^(q}>&v$(I+DAJ**5);3#mqWh^#?Kb7DmYI50?2EWO5`huxNwC;|)FrY7Bj*WHS3d(-VC*hrrCZa>p91uu;p62YW>Z+w)6w zXa}W@c@~M81ZQkrq+@h?t{*zV>9OQXEp!w;kA(Q;ojS|vC8P#(A8`yNe^Q^OuD;Xy zLC1T+^IX>U_>3G!!n}GSgUNkIYoA=@z57tH>HDn&)2KQq2XOs@>b-sZRnHyVR<}t} zEq!f?XrzO92B!J!Zv_ET{v!qb_{XNpy4hMqz64N^Rnbz;O$0xpIak5a{ak}cDsFUI z##W1At^vx#ZXyrxmAr!Te*JF7*;x++RyRsM3^oJ(b5`Wl0~WYCP)jhGG<-)M^Gw=E>;t?I&j8Mjn$P{AC8_ ziLP=cL5;i90&Y-fRK4LWOQ_KO>|{t3ATifFT&sc~8(62v=2KSgW6TnV5p|hW7qjl< z84LU5IMrIcxznC-(Rn0Hth~)W)mn7Sj_n+oj{+ zpAVsUWO%~0o;I=CBfRYVmFi3PV8iOh@L0~RrL|8oVoRnKZ>g1aLn&Dv-z->gi7>My zdLq5Gw>56i7S1BS@N+(|$YwHxfpTvI+Kj2de3OIif&K=co$A70kd_SV_wOaw%svrl zDDF&@4DHujbgsF))aM-JN>A`g#5!7XT6j>J$O6gjJ8Hg8y{@Kba#d;+8%it&3XMM3 zJoh5WKDP&#G{<&YA8Gg5yH3DQPtS+1696ir4%=A2Ou^ca!ZiQ-z+fbr#C)O8Imc#1 z)R~2VR5;1sZ^&0!S$WDelJz&VLk;og#W6w*lKFNC_8rb*I5gs}@QLs6E#W7OcOD#Z zIL)u7(&H^>fReps2N2vC8Dcch=%0r0%50v5G)RY`HfC7d#LW0w&%V8*w;YN==kWsc zQI_!h422x1WD&1&Kpt=m{>dH!tNuZJ#^#r0^p?))hflAZU{hlXm3?#cr+n3wZGEi65rt6PJ}v;767!2A;|Lt(LwHz- zqKNnr{wF()?>x=-E}xX4Z96{21dX>29IfHSWu)GNj}?Y(b=Oq^c!kP-1fOL3tM9wakJcBE^hsxY%XVW#5wKtDY?J{O~ z^}4TY;Xr(w^YQngcqVsN&v&j<;}*CNTiIYcqK{a2$C=11Mw4cFg5E)WVy9;L6RY%1 zo&qGHBHu&6XmY{cb@=q=k$?_6E5PG8X-^1-6)6`W3@Mu^@cUoiX$!P}ldo602(h-rZ+D7q6KS;Veb<-`tP9F*`m}Xy>t~R%2dam$ z8rOxJFDoCj7joxoJ(gW2+T}1bj^3W}?ZU^^UD;3IAdLn+IpM?A4cVV^80wxtk26c( z_xK_-6<9i+OV^Y$X5=>X4uH%nVbDWM^19qI_FfW^-2MJ$3DR}k!Wy*rRXY_fx!6p? zRtC;pJ3ej}Z@bv7EbvsQ{FGo7#dbRxu zf((nACP?daHaME%8;ZnSVe$O>Y_sVIm9DdMDO4H8Zp}mtgV0BhnB{j$Eb!LuuC^~h zbg7W1yqGa7-p?JZd7AW#()Q_hfTgSd4G{Ri5#)C90b@X6IC`1RF#{3R^ zdd83r$;3)dJg_QT?D415{<4N(@KqXyhoH6WJut$TzZ}Jo3#ALlf8fCSphcX{KF2CS zw(~$frLgGRG4Z}4J$nXYk5s9x5$6h|X@-RIWizC9@&U6Az&FlI1E$CF@=G3XERPNY zs!;L%b>Z}N@kZBf<-pUD9|2_RQio5W5J_-B{7RPn9sI<_dNK~+t09`M?v89~5uWR= z9_NB``HhMg@9k4-hZa7yQaHg zfu2^P({eo;E8&O-2VdVAU74fRB64ut^2}2tMZ0aAv)`N|9Ljc&Lv~&PuyBc#Zy76Y z75{SGb9p~NVbI@_o@m|wqJ*uT`tlk~0e!Gqaj_>G3?Y9<(dZ2^<>MM}j z%M+|wTj#D8kkuN3#N)RR2cPh~b3F{BT2T7y#Im`=B9#d1rXxb)dMfS5-}`*1J3`Ez zBfoX_{1LvNN1kC<1YUOBUYpO!2p8X?cj7JU?PuH877E@0pa$xAQD^TuI&MI(ipXcR z9vox*LTUd>*z!5w>$lVj;~tPi?q5z}gnNDtPW%TeMPTn>hkHGarx6Q~3dmnM%JAYx z^ne$BX60Ma6W{u7iw@AJT{0yb+8pz?-!dsac2c}6OD)+>6Rlc~^yteCJ9dCYy%{O# zT_|cClW>{s@@m&H@wq2Zzy92|?DLi7t_NNr4o^25v{uyU0f3c#1Elr3NEL7tn{eiWD|i9K4DYQ-XJph**?p%! z`O%8l5%IQhsL9>FK2yYk6UvXLU3C677%sUyyBSdXEzVlM=(Ds_g!Fc{)XrilzlY|K z$JEo&N4ZG+9W8=V%-VaSPe*>C{>x(?8}LxIMGQqJzt+1O-s@*J9k}HHmWRx0ojsW$ zgtHJXsC<=wOmqnYLSG~sEmu`6_}(wg`r=L-5tYl;3x?a@;_dVAw1q2}@Q1i=e`;Ls zt-ahRF-Zzbds#1tb$Eo+_6cYph1*r`jc7xnt z_?mXC2$KDl=Bg&?jQtaa3T+_|a+=(4(vCl_WHjgywWaj$Z!Afv0k>s^@PP)ewsCJp z{Y*wOA;CYHkgREYb7|p4uE-Q$C+e%Cr|OJszp6>hbCxD> z%pg=_Mv(76E56$2@RvPH)J@xxNznz>^s2NY0FQ(Ymfkd$R0L0XH=@zRTYhVV zq!V8n$qj*{oJL5XnO392TX=z-WA2Fo`j3eqG}>%BxUqO|y!TG4)L4}>9qfc3$f7~N5+^k)Tm>MT z5{bAkG49Oq{YYb83UX0|HM8?Cq0!V$nUe*nzz6}3A&FEq&^-SS90Qi1^u@~A@g}7W zyFZU#ST(R|&mj;h_eWuIhl}Eb-L};t7)SwbipDXpyb{KTFYi z|1J3&Oo8dWcjzo{#ce*~p=~<9_E)?830p<>9fGlOv6G}xd#^J{aHlc-+AbA8ro_JtQY~ z;FVEvv&o^rC*(%RnvRIt!~1^-HPB&kju*g0?$J!qej_Rf+GnyUwFqUVKU#qG8=3SZ zqJ&4p%^J^$CG`TJ@`3bwg!Bh-4RYk@@d$1}IJ+TtA4zxFQLxU9iM`SfZGX8fq z4K`Y%;=tuE;0pu;7nzfPY8gjg!D`dseRb@}?I}UV%#{>up3b?}DSoW83f|`0_8g0Q zn_Sh$-74n8{Z+v`95bsZkxzQ<&(LywLW^Nc#(?k9bk07FdhFg!AT*$9zj_6HpHb23 zkbGrFns%j!keTraT&cgeoCMyF%HQv%VfEz%vqrA2H6@Xl>YFCP=U^emgmpzm_c0&a zANHu>PSgt=sZTT69C@<>A>dp$MqXP4kXO+fk=1c{ii)8)7}f*l1W$sbNVfc)eN?wEIE z`%^^S*Us~zPG33W_r}Buo~oZfukNmWif=uuOFA(xW_*bei2@UUE&s=A;PjQ~rjS?# zPCE9;6>D;xgDP{IARTRNosJH3ri$Bmi{4zKNv`m;h;UoV_pWtY-fHz-Ym5xXE8L!H zfsm6TL68up&!S^>*gLRaheC4;0uJixYdj%ZD=~2znYeE)Vm|9Jw@_QXU!GL{+GQTC z8H&Es)?b)<=_vBTtNus)sRJ{ZkaNc;yp15~!Cx*Qi((}>*{RO#N@O3zdgAzY@tCq} zDbG&w%;sZ*jp-QMK1*A9iIptXAQFR_<{;~yTewE_FZL#1hokHozYBmfQ0%_+f0v0^ zTLIA^L*e$9{b_VF+7mxvYp3+AY8j)7iUPC337x(3Q%51>hWS_0x(*hbep~X6y^iTU zBxCUiOc9f1KpyguNcXvZJw7*m6UE%?2#PuBTZN&1=gq<}CxyKcAk}uRKW{62)4x-pfmhbF@+{~Ru#}Vn|{~h8;HbMIq zA=(3k$%<)3o~Fyi<4)zjiR2q@1suK74*NkTXzMJA4YlxQ>~FjlEL`~dq0jo#Aqh=d zOj}NH$?kVccO5M4!ekXh0#tUU|JEDo(#hxAI(Ret@%v66CJl=#1PPkVuGyIKFTp;|yEq%467R&UE&$ zfQbHzv2?nDGy&)Vxl$YmnFS+-H`$XSk3`?x-qR zfZ^O<;S!3AyDl`@LS|~nrx<9?5y^&6P_-K-B85A;t3|K_ueJx#h>trT4LfBIa+cdH%G@4>}bizhYgUuL+Y{9lp}Vswd=$kB>~)NlmIdv zQ-3}k`mso7{DTs$%~0!|3&BJVHMg%u_}Euf`whHnin%{ z*{Z6Ft_g;nh8Cm^3K@3%CFa~lw%rg$hdO3l>LATPlsYU^vH;-V1(Xo3vc7d?8y4v0 z!?deSQI=8KcWG!L`4@EtW$31a$8e@~<}h{r*P1c)(+Xn;_FqtuV}1iU*-&r@kiv&` zu@h_uEJDTauKbLQZcp~xo&$Z|*(WmDzhcs@e&v`o&D}9p!kHeXeYWS*6^8GWn(8w3 zMJr<~ETMh1{0Mp6kNrLL-Z| zvDtnM1XGnw(#u`Uu%_QXI4^QoVHCS<{ z30_Tv?5n0QMxn)4X8W?e&EZcH?#m}13wv+cSliiEAUH0fVyK zZS&2yG-|JwjU1YZY|Hy@mQsj~bbSL~6zfXL20XR$W-bdPD(@+-Z8!1bVpS}_-{S85&QsqOje>g1iejw;1Ykz)u zGP+^hg-ArI5%zwdVB;hJEz4sW9|1F7ggul2*3+q-WA61y^2@{1i?DbqpI*TJZGh(N zHQchPnae6P0qXqKg7nZym#)jAKHKY}pY-girx&436!YQLYWVquTyk%{X9?kZW9k5? z>Ce$bXPjUvWL?@4b=+?6_ns3OmA3c9E)*m*9~)-tG>K5vU+Nw)RP7sq&f?HxkUbuS zY<9-~DjlhCoWERw@80$h&<+++VCq6|0~G>>0k>E(bK%O@n63Ct+t2e;?CT57xD?1` z1C2N|>OQ_?mV4%gFtaUCr4{>oJHx=n+#(mKD~=z^ioGBAbPH=;R6R~kPvlOvKufm& zO|0>?n)I)?s?xvi0`9kCGg9Sf=Vnkm0-U|u8w#<(*KMrUQr??o_6@&U3#-2|NkTu0 zu%NaS8-ZIs(1aE?sLAY=ZD)DL~}304ZE#>RvhLCJxT3ay;B!hrLAMsCkpI$|By#BbK}9j zx8y>8sSPyzWs)m(J%x3vN@gt~v)mrc>#{!=+jEYbd&@+{zn$za6V}69wOQ|_2bIR; zVR?yLD_(#E^hte3liE&2x&CKz*f~Iou_3bX(SU@1{{0?@;mw>S>UjXF= z!sV5MpymxmTG{EE)ho1|03VMJ5N@LlwvLZCy_m%vQbIx^LY9*+I%gGBe~YW=QI(8U zJ@b?s*fS;$L(=Eb$yUUMx{Td-*qFP0WNG=5sgA!AalAci>~QN4(g#aHN)=nE@2nOu zJ*f9D{0TBaTsidf#}sDRK|fS9zkU;20XmOC&zZfFOMS<_n{xaZM_6JxHR3*FNBuFzoAkQ3@ZEpPzm8INO>VigM1dB>u(4mED92_nI!J`cg=)Oz zB3mdk)KR`s1jnFj%EmDwQ1UK1d7gXeNL#=$$Fa8`3y%&fhD&|r7MlLu(Bk57AQ)yH z4Wvx1CIheS#nMmM=gRz+QeNv0lkx5?Xm@8_P$tNU4ciF0KQc?3^JQr*2HyOpic#rM zS#mrUU2NUt@1cC6Uh2C`Q&3BlIQZp6kQpIA1cumZ=`371TAGmsd87HEC=qu?IRcZmDykjUE+Lhk4kxO`3tF;x;LlFE^R*MDHOz1 zJ>j;m--xzt+}o@GX-Li9k1}`T5joPWCt6#tZO2dhJeWp1j%R!=FghKKC{SF4=sK@X34uh;@Ut+XITcD6jB9FR+X(u7N%CFHzx zi*sdqOYT6Hj8|voA&4c5-|i3KOcV_u*Vu;8-OSF|iEYrioDiK@vM$W>2C3aF?Y@=u zxg4YWEk!}%%zMBz4O@xBzMWF1!snyuTkVMzGRJDFN%fu0U&W>$IpH$Vl7mi~_vQJy zU{$$OH5FdUY*)pxexBL3>>2q)S=ddEFMv(XZC3Q~R+zqd5Hgm2rikX8sxYRrCzTxG z(3Q18YH5UMi^$w&fV(XRCbymC*m+2#-rr))4ZAishwUquBN*y_3HbebQkxVg8%Icn zREH`(oS*6cIr0Cn=B~8rD6~8k*-}gvqwx}Gl%=}Ze=bOf)??D)5ESDfV<=gvUfi0+ zUw!P{B!BJckM;uy}2WVuI8EwRW(rIdH(tct;XkcsmyGh)t#Rvu3N_ zO6EWr$LLg|26MVT|9_)1i08QA{y&(e}yHMBbKF3ZJMVK{WEUdT(m0PNa{qSd5{{%dL*$lYYzm6Y@ zaQ{9^7?ZqRWX@&v!g%VwF-Jm6)$I_$LdVwlq<>H01p?*AG3em1RYF4H9X<%G{C9{A z_l+46vm~55UcC=@PrP(-m5KkqIrSOzQ%sh^a|m>!ekb6z(1Z&r$gKIsDi;c8aut;I z-ZM0zhg>-B)4pmzg&y-p6%8e1z+J+ch$S%{1+p>WBjL~kOyv(~aE9H{v+7rj-o!2C z@Z|mj6OxvZ5yqsI?7oOekMwV;T7e?PyVa67!K~%CkQ}$X_Xu#5bS1t4Y1_0>UC(U}AKL33ZT_}QmJ!f76+lL&P5Rm^wM6)ZTZPtH&$f3qv z)+VYo)9N8~Qh#11%LtcsFU1i#ibw{;h=lgUGIspyTw;Cu^<=$UaaTpwQYAr!iuiY) zgwp_4U?X9NU^h%UvO9H8lP(mN2T9DWf83vWH~$?3o@OhJ2fhpCYaK!n2q{w0%4Dqz zoc*1?(M& zH|9AvI*wLLe!tV>bUBqqdvED%>l!8MFFClCUvAB?ZNr+fdwZL`U z?t518B(0^2AA`vf{70RStN{yYsasmE3~A7^0}efu^Jhj?>4es0!QeISdibD4M7@{V z4OEW7jiTqIlfWFGk_2`7s7)0RI$FI+84$C+#V=*2hnK|L)qDUpfVp=2%CX71P6o26 z8r7te!=dDd9T(2Hvk`@f)P^S@_Uw@a0dnnXePtSEO`b+vv@JNY6X?9EdoT5kb26hr zNLGYM#_c|2ZeHrKxoFS0fQWU?>_XYVew^G+4^CE39)ih;7fmlf*-+UgQp z=$Eo43V=&m-mco-?l*|knSP*28eJ5o3z3Zbk!6kOz`Y@P zFF_+$S-V`*PCM(#F#_UF`ygTpr$+RUEi_#9--SV#>&G4Nu!ImnjEp!+Dt$Z`v6if5bi=xTn?6jV{xb-fixz(o`&xl|SH6yo>G89@} zGwY)I3h$)tyv+KNYET{a_KXDhu34?WQ!w6&YRX3$u{zS_xZ41}n+)ycc zr_4;>lK$o6&Br~)HgRX@d5;huD+Xq^Z;1`9XCrZ4HXtsr{ML`?^f8ci*_nu8j)A5= z%(i+udRc?WF8#_=tJ20~dz zKyXwW?C{%m!7Vk@F+}?;20AW_L{JK5Cc-=df;J42@#Iew4uQ6Lq%D-yE8F#3yxA;Q z-HTAOkME97(vEO-^mK?|NVR@}K5GP@Ay?jYE?65=qDh)IvIrrlc$|aN3OGqlxE0v5s)_M` z;!I}6AsXVKADuH~zzw0ih_CwVbGx&z0?+wHrr(RvU(ShjBJpCS z6VN%?;Q5jPOVfGaU@v-eWvqVG38TPZ)ElBq)=S%B`2j7LBo`{~!7&1z>xY5z|!p^!dV#A`3N%jW+UMUxFRtQqe;X$*4q5f8xRB ztw4|!!JO!|%paRXkqv%LxtH&xgUWX7Ua_>7>_f-;S@MF2bU?MGN;v$4EpD0(aT6w_ zE_mG*gDW6K7#`BJu-yONY-cZO-~W;+htWv?TQ*8n=wn^1v#GLZJxVq8nVGBQw}eU; z4OdU0!LlMOcV0fVRfw*viUuN<0B3wnTnxQ{(*GNV}n`qA7bd_Ve(UB;-5Sgv!J@NpR5eWqZwpY+c27E)$xQMbN( z_VqU*gIM=pP(40Z&%o6k0XGB0ITALlHM7$llsO_)uW3hSq@h&bNxr(AJa9b^8k3sL zq;$myx70{?!Jy4sJ-qyUvAw2Lkn8dh(9b0`$?T)0W$vbgH^6O1vaYR+=7TWyH5L8J z>WV%L2ibt*yQaSMyOxJdVKf0ZqA@HlD>rHMi(pW6xK)u9rlzOc1Y>0l`daIztm5k=nieKfd@R}qu0_~#s1GFKAsux=*V9a< zZ_OFPJ3A}CnMJ+e+M+F;j}u~E#T#$fsdD019A{LPFl zKjb`aIft3(hD=GK()^iPnb#B>uTqLB6H9PULsQC$14uYJW^R0AFzeQb`08nviIh(~ z31kMW+aRf{DpvlaaRZfEk;kV`iO693gU->?&%e0AqMstGx@GmDz}+EmfO2U(OPWiU zoJWFXBf+`T@l&scQPHgWBSe&JS9Fms#EOj0Z)bSC#-tsJ&pqpfeXk3z&fj^!Odk6| zuU&b=dp@c~vPf-Jt7}$9cnZK$w{tbz`D+48+CFjDvhTf%d;Kbeny!^ASo4J9e>$xc zeen0b=b6Sx{}WC?Hhu+QK4Vh!8~O(>Z0b?;mX_(!%JZ@hvM)ecQb}6^J+i2I=gFR; zayGrijk^l%m&*m>8#z0AcqK3{bZ!CRXBkk3cHBI>F9(7g^opsi%xzAb91F7$DB}gObL;jJV< zcqxtqGIY+jO_7vCxgt{6{Fm1eMhMNXaTC~o{H}& zAjCFj8Oh0ZHD;?iW*3Dw_oTUN!Wdpg9xn;%ZwBbq&dBPVh%K?U-g>eDbPTN;-e8sMRvHX)(JFp zG$;Rz`Xb>d1(Ap#0#)3htET}Cgm9l{`rl6fdy$?X{c3N&ddTPFpA!Tx^oFU(ML;eq zjoe53=pkF`UO-whKA6<&hc-)h06lqX!*zZ3a|I-hVSDfsVd0!fY>J@jG++|>nwm5~ zQQ8I1q5gbyWC9fUPSJ=q0xEo`0MJli5Mdkv4rnIQf+T%E{-z(4kjNyfUZd}x4FE}& zdm~nP1!f>;YY;)Zd@2GN*L!2Hxig5kQGa+B#vHL{<85xEle}`50CVSJOS~_vhAt>E z6k)rgBJj^S|8okF8u$kv&#Htk@wXErPgJOh+439Q~(L zdTx2WrQFcz!x=XKq_G*-qHG?WiFPRW<{05ZC)|eK!lXqlqeg?sOjsmVPMl6vlTSP1 zUz1t{M(Up5u{mH@g+=mP}N_eOpS zT+yCjf5^VML5)S6gXSbzm0jbWTfC@k93sN40FV{SXr5roQ&^Q|eE`Bdn@^Y4!jSsj zu42gflax6!83;7cATo_Y{aTCpb9l-ufwSqqoNS`3J7-zNF(d+xwgfou+SIv=s#U<1QFjN^sr8@7BUsca2U4Io=w8n zd+~KBqH~RgnO|lZ-@3g8lLIH^t1ubZ)j#9~Gcrj=-T;i7wh&gnxVbmr>sE8cXB4(L z>a*HE1N@q=X1(8bPqLvAuv0IP>A2AYFnDAD$TW_nvWbBF?w3TX;44;toc^ic$94Qa zp2!KnR~s{;dC2%XMHesT<#cwb8OA9UQ8-&M+Y|?IozV2poKS54YbMs5m08s075N~o zx@A^u3mO^jBQg zfd$Jj`D+YOfg@&FvuR_swrJI;(p|$Q&wWEI2FrbzmH5D6uk39@I4fYvuwAw zmX`$h?U&Sd!CNSHSPw?ZGlccdI{VkOP*GE2WgG_ySu*- z2w}7|Bk6hL=CX#&a^)vuKO(AEIOiHkjFwP`mT;+R>PxeCblmTv(?RUrmBoHtVG;{P zvn4X%4)km%g1&2_Jb^o_92pj0FVv;$z$};8#K+r2=z}K;J!n9h4=|&#LvAI zzm-7gr6Xt!n~S+4bo|_e+UzwjU|$=#4h`4Tr#nxHKt(T6m8z^ng_m=l0XO-Ii{VTl zwJJ<~5Y-9!iJpj9O7M2!-guqwT}QSmC`OwQ#qth}fR0=j4^iiitM1FwDe6b5wqK+x z&aohdnKrJlp0EmN+1|&+#f@ASAaWx6LHq4j5ch#@GW3IXmN_!)YoT}JjIz}8yHTpj zy7hYYxd(yd{KY_Ac7=o>^yS_pm7fC!3jm2h{1yzbS7la*PzI@!R(31#RG%p|js-R? z{zF!jYWe*wFb|i~5!%fU>oA1lu!BWp#CEY(TBPU+O`-9+v|@FkU&5*{wn;&dV{}ff zQ0d)TPB-&Cc8dn-VDiCdfeFB>&=m7#t24Lpv+xPc;Q5g zrCYoXZ6P8LF5nnh94fVifaShr?UvAjOjdUgX_zXMHoHh<2XbRpS3f>eWSv{~17cy6 zx?f4YYGN)Mk(EHTwHN1!PTT9>y@!AxLf^?S!9ADB_GPc9#z&*MBeeu`&Sb@vXQ|sg z73p^f82{16#wHm|o)n&YYwciv<$!cj<9jF%Z`hq{R%FBv&i>vB0=R;9jDTAksSF&6 z%4oHPCU?)Yx2uWpEC5|(MKRJVfHBkbxT!=6-9CC4p%|hK$L_CTZ0C<{&o>2J4k9ks zYsfhhFY!uNLD^IrX{o9a>bdI8F_-TFI(0#eWis(PyU;IG^su^1uwV8b_5?m^jL80C zZge?+J6Doj>Xq1ImA33qJQaDA%kwhKp$Ot1{-PF=HyOc6vdW>b~l>AM!?O+v%@w%bXA@5n~< z9R&Q~9%BdjP)gTOkww5~`L%j1izI|6;p-AQ_&M}JWd3?H_i&tT~ugNcvxL%#A|)l6p_;N!3d3Zx6wRN!XRP4@m=VKmMWK%R1+oW ze3JZP^RR_GEoL1#)Qoe#tUe(K?7qw_rwPkg%Kn10e)KR*@rl}YIRhSpe$IP4-O*H= zh>T@c_JoeM8}~n40X3AK%E8Z+aIx_@{r6}c6C`pU18EcY1jfJ%TxD|t>^xgQa^T9)o;k- z2oS%VKxsD%Qj@v#Dn!V2Sdp`HKpzv#o`cNOMEaZ61J%*#bBx~X&5v-ngKmNwriKF_ zqN05N+V~d>djU+F&e@Zd$Zsy=<20K$P-gQ@M^ljBXdfpfp91A1ofY??BoTJ^5fnQ- z@!`x+(FT~nh)l9qav!x8pF$>L`+fB4CuUw!)_cW9XK4Ih7QCk$83zb=Ore8%+ce-d z{z+wZp-aWWECDA;XUnwdT53)n6E!-N*Wv}#K$Y6(Luvt@bk`_lXV5p*XoCGgegyB5 zV#;eGeXmWMrIhHxT$lY{ckXN@{L29T`%O6k#K%d8NmL;s9tn?9XTBRbM@&G$sXi-9 z0!-dXn;Kl<539{VZXBcDg#ssqFTuJ9El;V$<1*%e`$sJp=fkqH0u#@MwGZsb9)2$d zG|B(@f`LOv&n3ilQ_pE`YKq(y#!WK8elI{t7V`r?=yK&x;I$w_ONFM6ncSCuD4z7qBn)K25#tA!atO z0iDt$fkc%l$U6H|bp(2xaQeN&b;wQwI`EQN;|S6%$m-&u`JGlRgD8YYK`Q;0kQSSR z8a#7FN#XYvyZqtR6yn(~AU*v^^Br^@W(y^o&zAObasjuzUSrd-!@om&8uMh_6AxFy3ri}%}8=dy_bT88hXpW-8J9} zElk3^y^)E$;JIw-G&(n9OJnpp{$a}r6R&*oiJyD5A|D8bSN^#c)K3_p2(N_7*-45fD&zoR?!te;iStEGUDp8q0LZDbn4Z#9>zG?OetfY=yr8Nz|E;L~BJd>{-|6Vl>%)r}@1BSF^* z!VKKaYH*@}V>?UTn(0t%0b+RE+g`w+%+(22>i9?goPtX#u4{8a5y)-Jz6HN(c%FNQZPvZxBJYh)78zT_Q-TloImJ8_#*3 z_x--}<6P%l)V|lf)?9OrImVbWFG02fmUVpc$cyWJc$t5s{7l;451wg;fDP81-+=LX zD^ue{{--Ns(cXwt*sXHutWlRglB4q6ApjH`6Qkzx4?rx7xJ=h&@>2&EYd_w{nHQ!$q$&iU2_lwjqm{u!3^ZZ*^C68 z8UTjCqdMS|6V4+f=LCf0eEggN5Jl!4;cH!l$0!XEl35bW{54A)B|na!$=ww>Lw{F* z@eZ`Rjo^qSQF00rMla+i(d$wp1m9|s-j;JffUQKr=l|-r2lB$}v2q=>5jb`W> z&2`LteP((R=k-Cfgv8%90%Zeu5iu~0frv8(M~q~M2M9?=KW{@RA1Z9THjuAwITE~! z>)ftIr%72E{!@cabNeifFs~b0A&OdOE4e@{*5;<+GO--XeYtZ1gV*!+UrtpNh-I%o z-7nJ{OJp6>?3yPU$m{kjIMt~Kji6(R2C~+r@NVqby4~HFh_~O#4-zRV9%fPuMH?Po zmU8>jo;@$=_v?H1$;SaGVEQeR6~BDe3C(Plagw3LlEDgqPvrkx&WLYXIxO%&$9@mf zdi+o0H1_+v~zl*qcwxsz^!S;`)M zY5cm^YwsP#@Xd-Qy<#;>_%2J&bRDp!YRsplS_@xNKG?`#U?77BB%P+pD~xWx#E3?s z+!q8J4m>@|aM_Y;HGGe$A=de`IN1=%c9ezo_3Wk?wdItV0x!A4??wCbfYVT-Saoh{ zUntlWETYr&lzYRl9I1CRON#3K*o^-sHOE=rodr3^TMg$ArOA0~epO}UIWN7OdTMxI zu-BB$BbNZj_P+XNZ}h7qmlh_S3%k~JPV&v{D=YScBToyO%Li^h-eXwYs4w{Q{O7J? zmXw0xAjz)pWAhDP-KNB%q1^=A-}H65Yhjy*`V~?~LuXSDr^knu8Msdh1gN_D;zd5nuf&f ziRJCI74j5G4E^!zz9G6n7-_OzV7mtP826+#A6%Flq*x?09yB%2^=nb}(TzSbRhw({ z)ASG5x>;kYvHYp-AuudK0KkJC3?%z`PIluMPBX{n4AbJGY~u<8aFVuIlK;57!^!)s z^;3NOaE#n7i_ZUjFP{iBB&^Tu@Kei#1bNOtAA*qX5W?EWm&?*w zTC4s7sRdCFd&GLpUM7TCbA{#4Lr+Dmf!3^Far@5LB`;d zOCT@^(9>#xWwPzS{^?&`8#keiZt8i5TglLa!#CO!H(15{U>>t_28g9q=*+$O_;NaBQ^MUmu zyxFDicnL48-IiXYDG z+9Mxg8w}#u>({+NW^rjUFXMRk!MkSGa6^6I6`f)M#T$EOZhrD%-qV)sIQ7RK3?~@> zUf=b^sAGn$+m$VkW1<)18Jvy}9%`~&xnGE*-^?h@E*RqeWFr>d?83Ut$rAjMkQJhbJ;v87m&tTnY65IrYU%Ax@J zB>0GSe8920!csQOg5CUQbyYG`*$N>iPI3olgcqZkXB4Whg#{i?-{brH4Jay3@-{Fn zZTp+3J(CE$otOiE!}*Er6`Vq{?`m>7@2U^9nf}ujAt1zkhbfEWc=vBwb&;$$Ry!WE zk0rrcIXtxG|GVtS_MJy9&75At|94*ouHrv$V2vl{_q9-o{Cg&l5ADX9ndt113^%i$Jk@~`3C=d zuo8qRDdv`n|C`|v|3jVxzV0pgf9RI~wfxNi zka$%@NV`*m;;pObjpavCr;m5c7wt@q3m+UXsZGQl$NE-AGFZ=~3+&Y4(w=zPz@=}O z{-?DXxP|}g9R{eGDgVvl7}Jo|r=>Csl~%Vj zBp%3WONgDI&E+m}K`Ow{$5*x!R@xyD0_x?pGmDp!58HkYR4Ug0ZN~);;&T=NE!JVp zciYWzMf{%2^4P85zl+tLEe-L&*cxe-Wp{Igbj~gHTjP>aLJrNSCf`ESsZMq}Pwelh zyv;~l`;^wVJ@?KX8$>_?5t7BI5V1tvgxiZ?{>7oLuXj3}Qsg`MaG@gS z{dED00fU53$i6{}I9ZGWtz9A-Qs* zT2Kl$+VO@Y!TZZ4OsyRYJEfj+ybh#Px5Pt~8$-3>W9v}${&51OtiAg(*JFO|w6rt- zoL8Fus0z&fdo}#W z2LW2cStr!!hGPerCeH{uOn>|5P5<{HYoLTJ&K3S7%gBaf)~SA|%JNY8qjVo)vjh)v zl|PeA_pY#r(Z0zWw7M7(ed-VTKEJn%JnP($vpD{Rx4AEW0wD5hPPL;TAtKp*bq1}%$^TbRcOozXfmV3+&zPa#H)@$#X{!u}jMcp@e7H=txD{I6GP7>)Y$*D5*!*|~!Sny}#*b{QbK z=;xR*jqdn4uoXqb_m_W@*#|XQ&guPjuHq=+W_ce7V#WdY47F74WR5L9r!Or{mjhY6atnt$3*&!$g8tL+wbH~9S2EL zQmC$|%+p>1;6p4r#HevDaHcSSY-0`R#X9qvga1JV2DRU&2<5*j^Dj3UzW;qDSu*4C zKR40yhhQ%Xhuo6*CMxl{=r-fC%!eZTstmza0K?%+h8G=wT=-Yu7@3x{Jd^lM}F_Sc1kMh8c$2;DeadGeoMFD{+f@33Xrg^kvP8=I`D=Oi(u zQft0EHGP59`?&>A3btJo5hKP9X6_gzS5nuE1IAz}GeaCX3D zp4~HT5j1)q2x8A}cAR5YUJHnI1P$z+liQMO;lo=H0NP*FeOqh0f8Q|4^842{j{H-!W4p^%Aowmrc?`FP3s==& zi)rAtLx~`F=|zg(lEs1~wh2Polq4 zlYh{mqMgKPaUgPM<89q=N*8I1qMQRux`I6EtR!c{N8~~`G6%gV#Co#^W?HNsyCP_z zaB!S~G95`7l3fRoe7A1@#$bh2q7N1Yy3P@Pc$LV_t zy^y*L+7gxDd~2JEn+ZK^vQa;7#OYT&By!7uidP8CWAnvqnDq0`r#|x}K+2AbB%HO1 zPU%gfiar?V{Hgl>cu&^^@)p)L;7=uaWXSZNLW??U=!2m=d6TE zj7hAHwSE-pjO&~m>BTT!-mMyHUBh*6;7R?f6HfmK?Q^A4uOkN+7x(AEIdvSrQXS42 zA0P+G7Hc!QL+@Wdk>5DhFQ?cZQ7(gmVmdh`g>bm^fuIDC64sE0-;kc^n^oa^OyjbI ze1dv(cT-&-t%2;yYQ#8_CU_08vNvMz{YQ1dLH3k?-#4Ee1C^I=j210KAS65!+1 zjXrpQGrMXF{o*jDrz9 z?iyJLkhQ+gn?sO?Oy0md#EFkL6!B*}d~_;ZwG5lNIv$yf>z=;b@~x`HD)&8(sP$U_ zENumFqWGSTJn&aB*A8Y%ZSFxV%6laD9hB{A-v3y5ZCJn4vDmTntN2;IbxBoio=BabzbQrVqvtCvEv*s*7gwzKP8iQo+N>IU zs<)Sj57GsTt7fZluJlOuLE^IaXCHCF(GhNUwQeDKt7F|Y38{h9$sQJ!L5(xdnO6*u#^}4(h-VxQ@w<0#(qx zm0*fq8|NxSfP9!vg>`(@a@whU>H#o+oE{uAgOD)=-l|ziE@IX5$@XOxKn&{u_L^(m z)1-BtYUk9T_<|&tW8DV`GLSCgC@?yY&E~5*6`ou$11X@Hz0}mb`Ew#K)vC_u2&Qa= zu|&H#Ho^H_1?ISS)j+kS$E4?o5TCa(Vk}qV^JphOt`p=63x7;UY`%^HeMr;g89}Iv z-8^(M`>10TBut5V`{#k*Hj$^2G`A}FPHhcgSkMR@0mtK2^5hQCJ&x6}41V7OSKhHa z6*u=0`LmTTRlm@Y%mxx@--avN&D%{~Qbz}6j)v>0@%>>(GsVFdgF1DRND|{kV!a?( z>f%w)?)PENBtz-D&Bxcje&>WdeJ%m_BLc@JlHXrP38yGtXC%2+fcJQ?B%u}oxc>zJj04!1M zQTcBbPR5UYM@BKg`CbdkLVEZK2G&Wv#65)R@63O#*&ff#O8VUZcQX@YJ!E^w1Q<1*wrZ zHNZOqu9FWThWbxXnMz z6wt0C1;p#mZk%_``i!`09s$>=6b2o+<2k^-uOgg76gU_I&0HXm4CTF5l{f1F4x_`r z^z|&J)bv~feS$6W^g^2rvB{VIYuNLqoWS}XD)z1}Ko<)btiPmgI zejrA2s!fZquC%R9#(8rGUvk<=H#^C(#UOafZ4l9htl<~9IDMaK;h)i-occ+9bXzN} zr1-M-pJcul3kwA;1}-N0wAb3X-Z1t!hy-DtpQrCe9QTO9tfhNwng=4v59)*|{38)L z17BO^4M)!n&gxb{3{~m~fpK~EiRgD!Mc0J~0Z{o!h#QP4S^p5z*fk-f5bBalk!SUY z08{OEyDEpj@w@Cm?7(odK*0Ip>Ot+QlDS7N$ufC2@EWt(Vv;2m=wyk}(R)B|8DseK z{fzf-xPT{preQVaWV!f~&ZXR^xO=UL>X~i5Ew~mNPa38-0N1YmvRYOWFZn|*Z9*Qy zvfsbvpN?~6_{{!4Ql)cCkD=P@RbjeYOl5AErci2t|2*E*(I%bPC1CIPzV;QVtNWR>_%ZH_lb6?50eA1J>EDXaQFRdB z^$9C8uNMXFDp$KLK%9TIUP#)=>K7`H0dfr%iF>sT=81TbXe*Hkmv{Qgn4A|bY9WNc z^;dERugw+8SypkFj#E4=F=Q}XFWCr`WMKR0RhuU*f3(s`@UNsLjC7f8#dA83wB>F^ z)?!|`wEWy@zs7>Eoz{ShuY zRYC4?*LNNy#6>l!v$b*c1|>KE^r9KT}=1+$d>3~6nL$( zk&}rxT8~m0qri-~joghB7Nu|5M=mIZvQ#yf0bkgdl~IvYl(Sn6k?I^~nhpzg+*txe zIV7|F6AvH~3RZ5#(R>3U+t|FWS_tCa@?`kec6Sd;=R6NJ};$zV=P{pd8!Yf_0zG~`y z$u78HTPdb>`;>vFVronQtE=LBHnUz&L^?MYYu;8U$7Zc@TDAUR2Ucx2@s}_t7B8?d zJo7D{;AcbGo#IKvCvr!+MEl2H5E<7}H`vt)!DN@~?wvV_dLAY1a>;zJ=_5~qsnZS}o^yKApRwv^-3*~NwD=kOz zR8q%ne+EI>$RvlASiF2H8O4HR@saX#BpdDmva#cbY)Qo@aj)(H8++_*k=jz+k^ty% zQ%;zHlBt^c#U8z$B^!sU>cqT~o}S(ucuTY~Ya))#RjP`tabbCK=SYQviBM|Q?g_qb zi8^`O_yJ`$>o6bc$mxf`(rJES8SnW6$?ef~@+W8XbhAw6Mn!k4#lCrnKm6euPNg z?sh{gznnouVcFEk8`dv)k!8POCpa(|@a;45!Bqdnw7q3^F+(DV?doV*t(JW9Ja9qwY~PT^J(TQU)(@)E7SZ8)9gExi6ll*wriB3s!& z`2D$b;)f@2JCrh?@E7(hPa150sMr|Dog~X0#7#xrruRM%^rQP@+oFgUnD5pBaE(y*+%#2_c9=%kXhsFs&>~MPgE)* zXRipHYuAjB$t-b_mGQYB;Zm6pM|?97-oc5$E!?1HA**w~#3F`rn5~t}XF|n|qMJDB ziOhC37v`!8IC811|A82rk@dBKUmx4c%2Zd z3z2TY*IqjznmVcdkveE${O!@pt66zz{8n1I@F4K_d~kHOe<@doxHGE{4Sv|tGF?qx zKUr9E<(inPh${0VUVk~iPT9x?_|86j?UuRRr6=DQa61$-?U>P32gY7H-fvnPL}Sh? zW30K{>2Mh}?&7Ge6c~Qylf%T8FBc`-e7(YFJO7q#8*i2mw(bpRTd+x^F_k^EhmWN9 zQH)q2YZ~%J)-DNQpX&OpmGbV^$V*O_Xa#ME=@r(D(yPy&L;?QJJn^}LBDu%zY^bV+ z{pRNqnj*P6HfwbI=jOZmm>M+~A!Mp)3Dp0N8RVMhe+~=VGfbDV*nUCeT8xdIJApWj)xFF zCc7X-wFds^hU*~$3((*HLISgBR$hR{PrPys(I+;7_4-$U9YnwzqABeuh*3sV1iA$a z_hi{nmTV7Ek5P%9-PLa-nbDhJRr)PV4MLxic$k3hMJ64>b3}U;2lb2fAu3Tt0CQ8% z5kH{}SN>W^mrVlc^m(ZR7anYACny7LA$ODFq5RElUsj)YAD*WR@G=HFC6qXDD~NvJRFCLVCuY@z>^`2z0@Grjhw%#7~UY>$6#fL6P^EEk_j;gUR4! zcK;$rl=NGY0=om>2~Fk3wozOmsryk^vzg)X;*rN&CPA^^Wt4Q-{+dW4!^m@TCnGAn z{&5>Gx|ni3zIa3{aAxvfcc3-ubb5Nk#- zbg!TuTp%pQk*Rpyh-<)f;!N#K5TW5p4HTRM=z!k~3FRfV=v_xLVj#mZlL z-z7yXhZ3$AN|D4cdI1oU1jtTbDln(sOxyq?zWeT=3`&8!wJ&AGX7EWZcXo}BKSsS$ zA?`c7o@RYr2cI@`s!3#V@klvLHQ-6c>x4qou{;grK3yQRzcU>{HY+^s=e`Nn5r&Cc z2D>nJtxIAomZo?;OK5$}?yGO8JtMJvrUP@ToOgVV#~NiPS=Bl-k0T5zB9q!T2k6>|#OF~xWEpWFx&82-5i2K2&+<;3r9=YTj& zFB_+-=xj)g>zw6U?geLn6HUs!B##c<1s0xbc{Tr;KKe6KJFjF&vIa_zYF!^-Z>=#A zC>WRPJ1u`=jZ=vgEprKV@45EDu<&DpTE*utV*4Po8cPMO$(u2^3{3-KNdS=w*D2Vr zh_=f5F`d_|k!cXtTW5t*Dh*M_GtNXxk8Yip6Ezhuo$>0Z<-8tsb=@QOocer{B2Dkm zhl7qUhfv+r#S@`RKNM`;QjVv)+0mZFBSE{qelzf_p z_TBx(Ps(AY9I(DBcYh~Xr#*U)Y1mL+5aXJ)0bD}}EJ0k}JeBKLNZh}vl`p%?9XaguOx)GN^ zzE45SsXHESCv_&SQLMQGvaw~NYvmd|G^K7an0|oFfJ}mPa8*)sJ~2L-cPwZjoFn}* zVnOAvNDG<4a%*`tCrOV1TNxNgPL`F1pVK^vLywPn#u;^9P<*OvA+IsqWjQ>+Vc;OF zdcvN%9Z78H$^;UrGJcWQKJJWjssjh7oEylY^(fa0D!`WkzK5ySZ8PyHohrNjLY$eFyK1(9bUnXt0 zScp-`PWZGLGW!l2u8M zc#%3a7k?QW;PBV-Lx%bo|6G1!b z!4%?k91W%+SsC9pA}%l33}4^voySMw1VcNnDhLRl-}T1pnT*z!`ktp3|BTG`95&XH z$4MibML!sfZWWn?Hw&85{En@?e5u2a*8TBTnY_3<6Ag&YvPp3tB?y}K1EQgL(&{g}f zcH2!6aM+>AjT~WDOK|1Z-{^;>%Me^;J{o6zt3$pd)dhtvsw!FBQFg=KI6n$MYMs2QdANKfn-h@Z`hl-65Be=w>(>BGhG9qMhaLH4KxW_cU`CgVXa{x;P(XGOp$_g zu^s+fkl9ql)IA)#T@PRDLd^Si-P|~IJ~CrJUcWJH#l4(@4U&t`WJ|3KjQ zxF475(XTkU-MlWvbDfHu z4%%RE!{H7`-k|vPtKK{zQ7ATfr0q%|IShDL3+lciExpwe(5iKqF%|XY(%c17xZGh zx?mbHEt)*wv{ulk?Sv@pA4WPGRPoazqIdvJfcumEA!>yBM|PNF%f{W^4VNxK2CSid zb$0oALigFvUJcw1GM}RZa%=@SyS}w#+2!^yqbb!188&;Gszv0fKB-pBMMKavlA*M! zJdHs1jt2q;_qkjHN%=6MO?$jb+J=zotx2ktWtLfz%z_UU-T0#j-mRdEy1{Q8zw{*Q zhWLUutQ$-*U)XWwRus9PdjobnlQ?;V7Nl(0@baDch`7bM$=v0$kPw7RUzEqVph`H& z{TnQOWVzVjR?f)hYvi(fZxwNmR_c9!J87@Z#f$*(f~9%ihiV%obfOQkK1#k;ce1xI zr<0eW+7PkI>^e4H>r}-_Y2`?oE9RsRn~&dsT~+kL`Q?+c#yUkZO3UK1XrL+^+bk zja@%$yQe~j`o#!!LV9+<)1O{Us-z>4a>? zJj_a}2_+thOO9p7_`mq0>*_jOJregh@13FEP5vaMsZ5FN&ama3u(AbC5;dH3^DbNG zd9sw0N6_ z4U6}_0nybXh5?GIo07PVq?{?JM6d5*F1CskujrX4)Z<9iniykphDf77WHID5NVHnw zFHxVp%CmBL(Px?Wiy(uKY8ft>nrK!Uy>|oU1WNwBbENxC&%(u_1YsqyAKEe3i|L7B z%&)0|eO)GsqvF&1b(cUtHW%BbxDKQ*i*(nF_(T;9etle4I~knDxHQ&5jTTi3alcrB z&97BFT<||Gv8YrB@UO35&oOp-ZWhD$LiFvT_{bYRkq0do{MM4S>dHCir?R7&(fPQd zyGbR=siO619UUsZVr!*X{Q55hMHlLSk`j}7-{MmH>E!abVebekLyNp*JMKsg6C$zC zo@}XnLU!f9A%+-GX~e&JpJK0$GYR$t(`hec4sQotp`)(j#$NlOvFl9ktJYO570E2OmBP=L5U-hW`=-MkBc6kg zY`UAIJ^hBe)8uW_Vz6!DrFqZsy3;O?t9DBa^dZ z>V@savtZ5pjpT;D@8!FN;HqSQ(V(k7`xPg_{cKXJQA#$f;+_7$$DRD#<@j`4=`L7& zUBB4f$C1T(FFYcmct`Z8c+}>ej}7fz0|NtJ-gv?F0_than{-xHvD~XlFSA?mBR1K+ zjY1#0!f0ITHB|~Rc|T9a^)~V?S}2PKAB_#RH1OCd&uhP+)H{z%btX^=e5j67LoqwS z{*ssGR7RZ1R_!t`cEOYRBIRB`yAS8ym~HKYD4d3d?x*7uqRK*Px0gLs_;beIF5N_P z`0PEnhb%E-z2%@WnQ3n`h(V`xoD~AU0&hLnpu`EXSYA4ihSS(<=4&b72k`SG*sG+F zg@l)7Y4<55ME&eHPKu#61a=BL$;ew!CV394qUGpCYG#WwNupHQ$-zELRdi7oq3 zS{8E^<>pB;i_O?)UOlQ-&y;a}2-E35 zt}C-iD!$OdklyEO_hr&gja(_veA)1ZeyeHh_UZmRUb=V9b^$x24ma&+UzXzwRnz>c zLnq5KoV<6<@0ZKUFg0%_t=5D^xEHuWdVHZu$2M|KM8;~ir`2l4+>8j3wi5G%>++dm z`)jZze7(Oo);o*Y>1z>vw?4WITL0=pB1*avWo_*TLA=^`5$Adf?Fmr=TtBjcQdFYw zyI|*;>O_@HIEjP78n3HzLqbKnRnp>wZ4NX~8rS@e*?$k>{g$?k(-pNS^g@Ru1es!AuxvHx3I_7z3 zCLup98`dANok<*er7j#av7OtfiYuY)n|y`6R} zef(x`br0n|XW>606Xu>;U3Y-sM_)WMZ?r42C*?574h;zL^D4cnoPz9ZqYFHGDM#BN zlQzqHVII-G3%M1~>&IzM4d1#T{hKK6Y5uc)Y22xIO)I|o@ybZKsbxyk)BxUc`8ti0 z!1;&gpTsW+PDtU~AkE}MmVmheA5FGG^#%pM_p-BA)HMqhr30X!oE2{!HNW_qO+$o) zU+JuU-HAo(vrJ`+V^IW4Mbt{B{E1ri_RG)JrFJTbQ|<)eui9p*EU+biv^1t+eV>JL zD#*qaNc3Z(mD`1$c~yQ?Wu?}*YpxE7T1q0c)+f``J3@u|Pn3tq#}`1jXbL?J2MxpF zo?<6;Rme(a4+0YV4X*}@g}Zb|IHR0Ct`w9B8B#1nSkviwlJH-0j?|ST@+6%zoNcWE z46+`wLnbVR6W)ko2%&SB;Klp+E-m3iAMgr`|GWQ?K3Dgs`Z)?k%7Bi<-mU5F7 zk+QVsJb<(<@_@frVg$PUPOh4V?Ql7$g=pPIQTfUZKT_gmqQXi1G6yx>l?VfGfLX?+ z`0qH)HdQZaaN*+;F&TaoH{NQwdDz3ceeJ~~dY(E~!^RDisAgFb#!ddSx3*3QPxij; zOLf)nuj_9m`1tiRoj8g5#f$)di}rl??eqDW(VDoTBCejqbIJHi%fC3;L(OdpLdYmM zF(r{~SuZGNf01YgC7By?wmpu(+2oE+oxrp7r0V*db5<9C#JCunuV@p5?UNvn0r$j@ z6VUGX3WFYM3fE{T-ZyH!HIlfa_@wLjsRksbAv2=U`t+Wz&z|%PIr--|?2@De#=@7K zO@#%u?STY6TN&moV=p3CXZV1(@!Zt==bhZ`p0}SAXQT8^uhbR5nAOF#m$z=fi)sNn zz_gf|-+&q|q)BCcnZ#seX}^r@U!P}2>wo8#)j)R}YBxua^5oR$Y;O)3oN8#`v5L=o z9E=PPMMGIB(eQGn5(b**d#-4w*0{vjx|ra7i{c@rh-cf$dQ2bjl9m^{B?key} zUJe=lg-ZTVF_f!$EL&!=1!tcfP^g}GOlr>T%kKRLU?{~drQ^oM4lpv$IU9p_i1^HF;vn?i6ng>z9fc=B*5{! z5X(3;!?qa9p7dBz(MYIDb$h&!rd+`^mdq6~Vng}NA{#z+H5>#@yWTH-T;iW2i6DT2 z5Nw`ssTi&clIbRj>5$K6-^RWso67F7*ALT@Dy~f8;dbA{JBj*oGm`)!_^jHCJENs{ zej1TX6l&pS@6gOPeQ~{@??uAD8emxC!i;iF+Y50sMM=Nq2rOZqcv=2bAo$GA_GoCA z^g)>Q(q}d)77w|oDK5r=6lOXxl?|I zXvzNcxz)R;&n=C6DPNPr^pqw}tfMJl3qI5KDwZ^FU8p^%CxI3r%=ihmH$bn^)Mv!H zFy)87b97^RW=Sz}o{7I0ssHC^&%WtDTi!iE=t*1*CzD!vjfKRQ%HDc> z=-^z(v6aVU-FOCoLCZi=eQ?$^<}B(t#vdNYStf$wlm#-N0!k~d{0?*bD);k9L17|+K1 zOebVzFu3*wAm94U6t?nxiC!c&tZl!^jguka!ld2WD49=XtZO|>NOSl@XHb2ywph3r zGosQ-z{JnT1-vF4d8TK&A?}Bs<`YXJQr(sp^HZvL}p@4JDFomYY3uy3Xqz@EDv7=>NH=Cs=buz3D3(KMjmZ1t)RJy?z*-Ilvx zQSD$YFydMvxzV`kkO94~1i1kD!roh9n{2W*+*mvV#cD_(Qz_=G(FF?|;f*`V;9;3p z4}e|w`Rl89z=*E$v(@$k%s7Qi4#aR3Y$JcjIQyxPN!X(ZSvQQKNfi z4`eN0-Ee(OE{Qjm?ROr5_%#A>4CFE2!{T4bu%%XKktBKPe~_OfA}MQKsd~bU9vZ;j z@MzU=zg z!lLa-1oME>HP>c@K$hzF^JBRG1tGiV&~<-Lwz8lp zGuHu$ro%-ipyu44=pUDu3lTLvlOZXOnaN~pm-zAL#rnom>-i5gdou}E%*c#+p0aNO z#h;wC?}Mu2xVHwMvc|-@96Dq>*S)gC*{_PpJzMex&Vc1N*}MjnYm$p*eGslCpU_-S zg|J4m(rfcz9b)748$W*=Pd(|hyKeD;3A@mgdNBFQff=1<;T9qykt(*gPuoih%VvUO zz&FeK_G1y7Vi@60!{}qj5rt7a(Wo2I_>k)~#NefblqhnfRgbhHBYm!vH~(q44}*of zpc~TfGIt5MWbUgK9}Mj=(5rlHW^C|{7kr6oqj~2n`-B0X-Nk%`)}>HGa|d`7TAv59 z4*kaUzDr6Wgwqq-Yq0;W0`*kgm&zrs^g4+eHoJtZQ+Mv_sZR5Xp?-c6{?Fx{bvuH( z)shTjv7!?2`xKbRfFSBrtaK~m-dwmZdIuUj$t}TW#y<^_+@wA3E%MYNPIAJD#$HLk z5g+s8_T6F82ttfasrn>&{o63#8wN>QuZv#(21>Pq*Z3bvr{Hff{Ly%Ny-~#cxA1h# z*A%wivW?9WO1HIF(aPkr)fGB@wpVlYaRF`%#VfdK!2T=!2NFqoM2yFRPvDNpFcza0 z_lUg&I{QV!-3&^;V3|`dMP~5&?`ZBqV?hMEIL+69QPc&;qW`7hT`mzQU+i__v@640 z0Ot>``Opzy8WaK zCQ7?-vny@H0@>`)wxwTE<8??=1lQizw#Ql$Sc&MfU5yTa{yM!4jJ6+{;sHmbWqWpKAz80vwm-l~tK0#% zGK|m3L1ew@8N~zY_*YiOFB^i-Yzc|1_ibJm);GoJ?{#m>QAim~r~WzG>{XrUX%fpz zl|tuixPlSv8c<WV`|+8lhwBlo0LB2D3AY*Yr2!I9_Q9`SH>y4XgDTC5wCETPZSvld=vFd(1p^S~6P@N9g zcjU1P4L!?&<=ROx@A~#i$*HU|I|WdfH(@TMOoL~(-&2IsMuaYY^#Dwxs(D_ZNA%@k z+8+oRB^L_yJ(1DqZ&dsfQ!+%`jlTm$A-D8puqgfur9X^jY9mA!ueKV}bx0uNeuNPk z_O-7sEV!Al@&@nlmxRm)-Z_dDnQWs2!13rXo`QANc{W5s6-B#-f)-7>^RSq z2>lL2wPE)TC9XP|a8}Y^=-6=J9rs5sz|}06e8ylQUWh$)pEtBr&R>7#%zKH9Aa53X z(S3iCTVsqrRNotPoNhkjx5Kr3{i8w2>D|9G2Hx%@? zFSzxe@)+B2SeD7u!c8WrMVk&_7_3QRV#hkUnHMJ0F>>`=ZQYKyk1A{P_Y`sThyR?T z?j4~QXT^6m7?w+}iAE(px-GLpt`lNEa>{5>uzkxkh0y@Z*RYiRHH1v<6^(0sQUkLd zjU#sZL|^-Dwe3yvSr4fYOi%!3NtX!6b|R#bQQ1!2vHnbn;M$%`sN1gMK!X2wBg+** z|GW9hXZHX`L0+Ju=Om3p?fz!9=S7rp1Nm5pmKjtjPa6XwVykNsFVc6{$L;JUIJ zDr&?D>0j;(x?0r1w+#@`sx=MetOtYD`FNUT#A(-fed|b)D8s9Mk>$th8h$)j)@!aTcLv?lWEZQ0T`K8?h1dub)tiUoY}n8Z z%0FuOgw8E{GLdCo5B`*ch=_%VpwzoQrGc4Hsa_2zjEB|`iK{R1%!cz`+BUrXEd-S> zc`eK9n`fN>k$Sb=Qzv!<9JZ+NU8Y_|99NvwVb9p5Sg*Cat`@YCmbG%b!wUZAt5n9* z%OWG|DIEky3(Qcox`m<8Ivv;{%7WUnT9j?IeCxpH~Q3`66;7 za+kjdm3UVJ?M?as!SK%2n15S^z+K-pO1`xkQODh%x1 z4b*GiH6LmE{rJV0uz0(fdyR4iF*y`0W53gGjT75El71dfy;6TMHm#ohm(f5+lN#kC zZUf$_iLe@z{)o5+g=YCN=cUU9nld3PUCBS)M#QVMa@Sna*H0|R2_HtxGp~q9uyTr) zp;ggcR70*b&JwMh#psv)_`q`t?@UgXufD|-#EO4A`sv0_tT}e6$$)-tpqlClO`P>P zj&RAQaicH&8Rnw7T()f~xe}8Cwv7hkn|yn$r7gTG^7E?885=*W9WU87ra5i=4`tsS zPxbr$&*{)XbdHf7PF802YA7o+A~KQ@kr6VA2-z|kHYExndmOTo9mxe2wB^h~iU)21-)HL5R;xj#(7Q?=Ug2d}m0+OBgEZ%X+hKH>@2Q7` z(G`_7(&c6qBL`htIBaV&C=7Vo&J730#9zhb8BPlBJKFKsI_LfxxHuiBFWo1xdK=bV z%5UJvy4_aomHjM3G)yJ;5}S*9pWkQ1RUZvRng_V$b@nNT*4_wrI%%qv9C0mJeOkYt z&p0m_N(|0+GOa0Hm)UG`Bv8-6sk5vK^h!8)ox=2y$g6Fa-~bOU;wfNLk_k82s- zpSW`SkW|maLampk$OYO=WhD`pOPVXeCw_3ayrQi-lc`8pu`Tr)Y}wLI%4~_2jCP5> zn!eoyt9?}~kkrj-GdVTb7Vxph4>+#J3leb6M@lHcPCxC7p^Dd9KtmwcpR zS4^|%UWZB_FOuv_+}EVOuiwpE``&)Tm(O@5ClNOE`=Kp~=jzKx%DEENtMoOLy_F>{ zx|GH?S{KYm8=mqwV(iSnnrX*O7VEt1)DUbJBReps$!<^9%+%>cYV_h_G2TRM%9y|2 z*y%xt)ANoShx3GrFmcVdqlR;rh);c%G||~dZ%8%os*^eF`Sz`yYzoxu4>5N-AhRFT z^4V_YvE-H1=uZ4Y8oqXzpT1fsGjWIw+3Mc zjUs{lVdg>3`{O!iq!*f-4V$_9R^L7Jv7_C;{Jp%kDDP*4#)k_VJ<2~RnriKoZ-$3a z(9O8dZACYK(&@e_zFLzzyjFMIaYWi~U9yo@*HtS0dK&e+?X7`Y_vVM5P@~SJ$e~KT zM8eB2rrEAH`x^`3!9Z72dvI-CKEDASF}n(V7owL_++uZxi>~VmNLaDQIME4FuOV?d zxP_|GOfiTe>2cZ5FZ<5*4#a55J4!YB-#5f5@O~>|{ds3~Cr?BJ3_?DQc=sJ%PIYxKD?Ml}cV{ zk^icj{1Dt>R_n1F-}xw8oN`B>e99GfsFdB(P-BT52;4~3QF0EE8Z_JULKtD{evxA{ z+FEMtd@!Xi>-ZTX-7vdc{E|lbfmaSotIMMJ%L~^Cd9zw~*2=@a&KGCZ-X35W@)$CPVDI+MTDe(1Cv{6;2B zulB;vZSMB}lvMXhT*@;0Iw=vo!NDGZxhKh;ycK<}F@)y2}KDjUj&w8Nv~Jn*qv?H8#~m+@V+wBS?!0@KH6ZdY5nor zGmvjs)T(DcPOVUH8NT#rE6x4(UeA|hF*9fL0#$SGH6;&x|42I_9+ZnWc@bECWT4>f zlTB~$z32hMk(*bl7tg$1@9pbbqV6w!cxf{Ba_g1D3|tN7st@MwI16KXljMzXLh7U= z?wG5S)mh&=Y{k7om$TL%ZdpXtgy54yWN17dWkyXVXg8HXj$pW{@UG#lg855`vUB;e zMA1E689;VEHxAE5z0YP6pk6~zAH}_A)n^{E_N^Z}oSu8N3;(QIz+bKK1lJlB3TqSN zdj==@sfykL1bGDR|{noUbXC24x2Lm!C~g^!!(5Q>^Z?E}@% z`>I>gG1BRVr*1rNM-4!Z(h&2NdU8mxilg2tp^v;*5ImKQJv|?2=Q)iF4cB;V7TN6I zSgBnrbab7{zb+BBSp-0n;dYxIO{tU{pwG|_ZE|L#H)t_KhV`xfT4^Q)8b?1jSi@1= z@S$E_B`!D2Fo9+pdG<*8oN*nkwKMlC1}d{N+Vxrb#+4nPWk+F~W%EV-sw@s!(@n~@ zvT)>O&RFz+dRY)iM#dytkys&xUR0^O5hfw45mq!r_v~n+l$6-mh|ZE!-weo}C`se? zIeOlFRCgRe1O464yIwsoQK8i^5|J}8GpWGxW;7vLg6YO*Ese^Ba(ZVzJ71#9ye=kW zs&ZW-V0xgW(x{%N|0sKz+JhyiWR0UCD@&`O!`1pl-|ePR3n!VgTUpTOYDt@X2K1N6 z(DU55&JJy-i$X?H*}}$g#XddrSx}lPfbhg{<|iLEB+UB&OWYf8gORzMl+U-k-{_3yPWi{) zwH-O*y_#_h^ZsNV$@@kB3 zDt5_ri=n)vzW=KI9km}EPnNJ*#D4A}P9Leq>w9oM^HjBOuAZel;G`7HK=-|aQbK6@ zsW7b-G+tQd-^S99c@@7|EB#`dX@jm`?*0^UzQ*RllM{l}E%^G<>p3REDgm$Q%Eyyp zP6mVzt@W-y-n%4KyY#3Zswy`zm*^(n2Qkg~CrZA4_DN^qg$D?mC{Ks*FE^aspF@kG zO_0C0p7aUJt|QPUP;Yy5a`48vp*WYf#_!Jvd#|dp^Bv-T=jBZ;q--4G)EK|l6UVO2 zjnf*as6p|jUmV`=$?S}2yJ*>ZvcDT@tivsB(@9^wmF!DlH9w(%JGA zD6`Ck1fBWVwoHmOIgD-;T%HSh2!)4t7(JbUaIddg3Zy56D7hBJ71*DzWR$Iz`A~dv zE(z8>tn1!OkO`eK4cars`+DpsiS*}vM?l(T!hEgkI&~-Y6-V| zfAM_u0rjX3ZgS`tNk{o7MS`es8y{&iW%K*2dxXIsS7y|p{V5mizu(hpyE=6GQ6Hbs zAeFy~p@Ez8R*KT~rIN3+S?5}*g$UI3<0L7xviJ3E^xQ|PHj{K5{UE6z*8IJLIwX8g zF!PmS#n;ZP_>lthnfPZ+>qX@FEc^Uc8e5X?v;Xed4N&B8W z>+|@Tdh&KidJ;Oj>62Ybg?E&(hpjWMDmFVCLto0%XQxygMnU0}V#2JG=NE#vJ<-?u z`jl^JY@oi|B7V2VFJYjBZ1x8t%i1yiarBObJsj{lmgq(HdKtp;2I+y=;(LcG&Nat6 zs$3ljo0ydyQ+0ldtAhSS#}TDt?2*(Hmxu?Ror-PKx|=`l{R+=warIcg{5wTyZ$c^MmUtoXFsj+gV9m zXQR5NEXzqKt1{&!V(7UV7E049h|zKT$Qaaq5T`9cv78U(28A+~V<9<&o({dYXZ2n1 z;UniSIOo%y^Hr58Y15+!yK=m-Y~^O$%-b%q2+y}!l~9|aa(c9*^-(pPuTDl;=M>8+ zRjV3OMhse3nFvSa(HkjPLtr-03E;nvrSDWb*XTPFXuRf%L19}`Y`O*+s9h?P9!+6veLLWuu;MpX?c+vtD0?XM7#D!o*UF1fNrx5Cv^?ZZX+TMOPkU0NMn;anGEp{1uFa9ULDhl*Xys%4cPbOIyYc?FeWPLXF;QVA*F zyP>KXTWvikNEg>z@`w+q6zZU_EJe1t@Cx~5L&xh)X)5J0N1~T>*aH&<bEps1QJBaogB}mD6!}}J-s-~%IIs7w0Hl9;k#bfdZuvDoiLW%TcZNlEb%U#TU zUirh%)*HMz*grcoq*!*OU%gX&B!s6W5lg&jtb4%DY(&Sdz%fPCB#v!ft0|O%+-WG9 zUWC_?GWMuK02IfeCnHZ`Vo$kXqLq7^>&6ehUpx7!m?oqxJ4b(vx$x#j6Cv#^+W*buIk|XPtj}i!jZ^F0 zQ>h%U-@Iyqofs0aEFpuPco%je<7L4|$D7HnowTcZg5KY7;q~Rbn`42;Y{WZwIXe4X zmyRxr^|Urv9v>ieILR*PCrwPnPbfj>T*&XoC;MCqy>+ggq?2?$^M-BkIg_`~Q?Imn zi5Q4gLpNBMT3yAS72or{jA<9KEsu!CDL%I|lQ}yZ^v!(lt6;?!z28X?9Ad>ygh?K1 zT#Aw-(tnd38~WlgSMqm1r2yWsG`%S7q-SUN{v3jn?}dIJk%8mL*M2!Pp@m=i5*^QG zxQzDuLXBx!d^YszZoVN|b0~$;P15I+i`2`U0+rb7;{$5^7v~Ks%0akjcY3G z4We=m-Us%r3;aC6?zl-$1;<9d$dVNq0V79Zn2<={VNBo5$wF5e#bA!N9H@psb<$6w znaUNZTU6=yMv^-F*}wW+{zkvBtfTJ~QlymlxO4OAqWNR&q-<>yw53AVSS2rq5FfAO z%A%7spTI<-X{-qbIz;clOgC~rn3S)hAuiwFs3ysn1u#Ay9TDm!hP@)4TMJF2^r8R` z(F{5r(T1Hr@#C?nB?nHyDr4ZaynkNSxua<1fYl-m*&dA0sfY@dr{Vje;M&nZORpU6vF|bfbc!#eD+=@4Qd$BGV-oBgSj=-y2MqRK*Z;UE%h1eTA9KC0 z=$q=pD#8STdbmE1_?+Im`(!$MkY-y;)Ux=!Pp9?C(d=06i5j*Qb~A@3T-cdd5VSV( z?0d#@(*3RPBLVipfZWciEe6%W=nM^K6)yI+MZ?pNM=5%ph9BZp}kkUr^L ztXUv1t+!@&`1A8TXPF|MbV(@R8=wM?Wi7RfIbxn1!qP4l2B|mSF=}e4csdo^vgj*c zO@_978LF6&JJEYlk&u{sQH$M9v}+#?@?Lu}*!_8X-d1p-)s*W3x7klBv~uUY8s##+ z63pW}tdMGkZgV7=(+tp6=(NZ(yQb)|jZC7zF0TaEhMxG;!IE%+kEc?N&|mYi`ftuk zBo<)HKSjSo-2INFjS<9G!}t{tWje-mkaq$}Mf8ow%pz!~J!ZDQx|roKXemXj5lrcA zG6#sly3hqdmR8~l@}DPn<8qg|^9n9O)|dmEOdTIXEK`r2kH_`=B?_Dr@0rJwb zY=zr=qJ<6&$`6PPX5W&AI60i>RC1uUBcyfi`-!ySYiprS@=GfcTsk?bgXG81{@=TR zhLF+QLmNDIPh5yvrC*F?b-(;jmok}CWm)?eJz(E2*W%Zuy>nX>MfV{iAYq@FlH;hO zGZURhq160+W2R{_cFvw}xTHRNP>QHL*?I~z`Xl4AEQO_0Im$kOA zxVV^IceLLJWAAyT7EOe_Q5}WfL{rv>Bo1MD8#H(Wigk^_*XYgZ;>g%yIJAv+{o0&Q z=U>LS%MN!t+aB18cso9MHuD${-o!Z8;4%}Xqvzm?t2GsYA2FpxG8AH+`YaJ;>N zGM75E@igTTjVFEB*NJs8|p$*-C6N8+spns zxvZ)y1+s%ql11Z6Q)v{+*|pE2&Ns%mPLX#z#2q^~`VIhABnxz-7@Cl$*KS)m!hRrw;bH zF`7_y`WhRiH_kVF5AC}4fqfPq5Bd*(JMzKU7xFdwt@B;!!yOIdeNaDhEYk9w)VT=cl#s-KYu zEvsH<72QKDpP2U3u1hIhd^%Oj6Lq0BdEjPk{o`sO`4IItN1_tVaa6=Y`xj>_f@wyu zO`bfRk!t!zu3qwuUe6T9ciG-H$I;9BZ zd>Swi7tCb4E-Z-`cN3?-3dC!#jblUgQh1f-y2-dl5K9kpg;imnkCnYHfAQM%K?-92 zyJ(H{uS>!h7@=HQetq(n0Yx4HDX5&>9~ojFNbh`2VDnnmI}XF2NfPq} zh~%yTN7mriU+1O$vH}@Pd=H>kW?oD^yWuEEJfA6jqd@?lzJtf+Wucvb^o7dF= zH=NFjd$-U0-(Q%DMq?+`j;Oj8Mx(Wkt?LcvgZY*CaPd(d{5cirs|8N{?pysmR`zIM zIwqJLxpqGhSQc`=q0GMi=M!yO@?^|cn@j((^#Xn_T%3_Q04>f?M(al_J-6dNY2LtLaetPI1DySZJQ8X%><}!b&g#I z&Dzfqej9ws?Dj8}J`{bRVYy7QITkWgEY(B@TT8$%2tR^QdA=Wzb$Ndp3pedQriK`W zP)E=uJcRE0(>V31A?T;GQOZOb;!Rw;lmMF%DFUU;s01LQXy=MEv51si!iPRfZNpm+7go=xd9T#^Y%BSjT^yF z&8FU_5)BtDi~qKmlb`$61Gq@zp&hr_Se#-^Ti+gpio?Gl(z^YIms!8ZQY|79yTyokhE;5qQgicK!F6+dbCoE1(~ngfP9ssyAfw*waHDk&vX0GG)k<70~lT#zn#HxSq$J+){x2OI3PI?w?8g6aO* zR_uy(hK?5i&2-G-RW(p0SOe3hq}(zgT?RVQKc2G{m^4{MhzD+f8ge@{O<5y!CS}fS zKzV9t^Ej{_gn(_1nROp9Y;1kL4ziYNUZD|6u(5^{5PCoRqE>Fo{QJzgx$6Z1>JjA| zbm_U1XcCUR4fQ=lSYBG_kUOQhH)WU1=htT7r6K0A5QGDHY>F2kP+hZA;lh%Dijns~ z-G=n=J+3wc)bi3_m_znJ+GQE+6G!B9E`sQ3Jt5D?7caYFcJ2OT^{ zoP*sy{`g%v1x{T`yPvaa$(Zu_wD82k8S(Y{_pK5vo*m{+yvH?P?Q}Oh+vMbQm__L` zHdQ5yc(hzankkU1SwoYHdS%1SwJsHR6F!eox3~m21vL3Ofq-CrZB&O;*d%LA&c38Z z$fufdAuiAa#Vu(^le`UbEjIROlOjzS5csLNBz(S zqz+E0KV|rp+-1$3JTC-RPmXMUQ-=hXM{Gr=yJs&|Nm@66q*)ACL1I`0=xK8$7UGQk z+Lxa?@|op^iJC9azI_@qU?=48Le!|W1Q8fslN{)H;&qjqwHk%u&xxUU%dBB}0`R28 z(Bsw|sd_SO#>W|m@7~GEG9I9S(D1LjD2tEyBMu?DT?G@FNGUm3w@hipNH1VJqSLc- zSA7l$MQM%Qz${AD0$Ym3xIwZE*)6pLB3F8Oz1}A3mDI+xdfvYTyH z*{|#)PB`3@QzUQ}RgH(p>)n*Lc*S@~=+H9DZhyfBt0;ds-fb|*FY=Zg~HmRt_@Zn!? zoQrlds(`Lc!$}<>>Y}h=XjON}5K4I{TOPV{zCqE?#)1q z5gqHz`_$PF-pjXA`8UR4q~K1w20ic1X*&8{03cSW$@i{SJVo~rXXO^B2YSbLFZT8p zzeMhp>eJm15JFdbpp`BYu5|2H<q4Pbo9B^kVXS=2ASGsPj_ppBetWeQEuDt1y@RxcS8l zU$)YigTY$vlDY^qT6?x(ne2~Bebg-f~S~l&- zNFT61?Yy>JyW{g>@`_%Gp+bP2n|sBJ7{No*}3x7 z9O3)O_2~%rooq!)*^pQpUT5b(I{ku&Se+RJ=J{f|GN%H}Tf0azi={#pZ*O?+2cS)P z)MCeZmhV-z#p?xjlZS_k;&tBvM9pDeg;OYvL7odkXwPuI-E~}K zK9+I&7LJ`)pcU{~k1F^(Oa|H|66BgluvsF0S)6o)wEpWSkF1qJ0{FFWKba#U0)GRP zF~7G;SAlnEPLHB{>%@LLD%xp@qS8nP35lK zg)z5U>+UZ8cm5Wy4r869dkk2vC=&LCM`!=ujDLCEN2wV+HyBpunWsHVPiLHuinb+3 z?HmH{!1=KBKo2xwj5Z}X6$(ED7O8Xsohm-LLB@cyl9J&_U2er}qN!MVP;jqCmjYrv$XVQ97(~cb>piHae8({hwP8--u*pa1JtDAzC7mA$&Zy5H+VBt3Z6KtXx`Qpk$muuFS~^rkt+}bQk|>zx_{Z1 z*x)HwgolfJJ}=4o4kS-@3wyt#1n^Ji(SF(74)VTB4Of6h@HB9;2-T^!%|Lf_e~QsI zaJ_tpDI1N$cq~0HPlTo#8U27^z~x)$Hc7z+mEgLzI6}sgY({%RNT}>Wx>XP+Zdu{9 z;NQ+YtTOvW)JcPm?260Ep-$)PW?n$u1w9232}uh$o_i%(U$jMYDBLMZ3kny;<-Oy2 z2lFMqFpu1ifn^B8xApOJb!JZ!Pr$x&FqjEq52l6(Qc6*9%YE{ffc;G(N#g$;2_f5RUmt@??e;T9@q$N4 z5+~(Uhd02>u@FNfn}~7Mx5g9-DdF!;y;2Pb<7=bNmPKeByybrEq&Z!Y9DQ-`$Q@wb zNeJrtP%Szd(Dvs&e}x=Ju^8j93hqLNRiZdS)C-6P@gY(5mk*+n|9J~+7KtBWU*7q;K8r2JOR8{y zVlJi4bN_d45$MYin(Q0}Wxak1beIxUsm`ySy!zW|`aPei4d_dEV?DY_sYM=KfBAOZ z2p5gXyh;8lh|*4adAG~26#vQ$0fzj0E)SCh1QsxRT;!D!5o)88c=J6|QBeZUIKuMs zAoX7%;qIgBhmNd$5Si_gYI56u^s0e24{EXIRd9Q364CkE1nUN@%?WsLLu{7nzcT`9 zPIH{rEB3>uRC(?@Dx|(bGle-t9ovYP0m`Zl5Xq4n(R74*=D&vrNhNs`_p>9XRv%F; zV<7$dubA~+v+BVy_#g~+aPpH z9TR@uNmJdozA9Aby<#mr{J;e57fJKagHtxWCvDGvR}b0GA#Eku&ZX4GdE_Pxdw`u5 zT;|M|>LJF^dfC?I=L4M2_AfU{q0!iJ#PV^nSMx{sdUx!fQ!{vTH)rPV>MQxbqqX8r zRScY@UNq}Y5cz*W&wNoiVkjdAMTJrxyvXfHj%m*nb zR>WZI{22M4tm93Z=n!}4eH^kj#`PvH#N|$KHjt(^w^-yoUc5tP zG%O)GX_NJDmrQ)!Y5>3@=?sj}$g&!>AsOv>u{LL6UsYHY*PcF)*R>PhcdL7pfmo5f%l4h$w#ydIG=ia;OGjAg#ZJmWM=+?|Bg3mZ+S-#-(LKK4$uL3{|hMFU^bl z`;K5IuM{va;GunAJ_(3^&e0F}63(+E?wxXWwUBT*^ZRYGmDz1bGLL1TrPYoS2T1Gh zMGvXhv66Fo({t39dK|Q2MU@`HmigpBlY~?ky7~F2iZAi+GyB#Widnsdmd$0~BKvHP z3p8+;>RXyJDv4m)A-N#APv@T8O$A(M!q+cP_3x-YrN{Eh`mKaMq1ZNB^O@_aV{4q;3Dr_s-4K6J9ms|u75r~TuM zDbm!@^^Lb-DxbK-FGukU_Qm-g*WD5*eZX2;^OXVk1)_t9mWgb6CGuW{Ixg+Ag^~aD za#$xkORVwpHy%#=!!QG~XN-L1jZof|@TXfpWA{o@@x6cggdH)ibH9qw?=)WO7J7vE z$U%nZZ``DXSRU&bT~?#Oo>qX!0C0IQu4;@lF7keHKYj4Ey}njU0)PMDA~pP=|J_G2 zR84`mpRr|>p!_&dP=P#1<<>2ad_9)amp{999ebzsC20$r!7dd$a``}I8$0=HZjl zaf$jCj<@2(==6-PMpKOLj)pDn_rii|YryJ>xDco9gl-FOvXL&5Sr zFpNZHV8~%(1#!qwXz7Br zzsGi+W^yq+`Yu=wXJm=wipJ$j0i!|b1&0sR7l)$&OMFB-YK z%Cf&!`L9!&4Tq!i_pf1313^)oV#p?3ET+hZg~{Xpy|G|YcPcnV;$hV>a6q6Tez!jr z(i-NJ?DaE53C6!qKL8G3@-t!gAOn`C_EW@Zv9&`1iRT&X7(`%K6p3E8>|FZq`@ls1 zwX2Ztr&N-T6AYY)Q)RfphFZt_n!UeOW4`$4@ZYc(P2m0tw9BIsKpJqDu|6ZgIx$H5k=L@!D&(QoveK8J z-`dFQr=G56-*h!Xo<9PV5xW&H2xl(X51%>uIp7cMUAAZ%>X|j3M;*NCNb}xX`+)w->UufpsNL*vamDX$R3i zkS)=CFP2@K8JUDkrvDhL=mFCOsOyOGKQFmQ;sHM}Tzd;@*LIAXpi`I_e9*I{hC7@P zE?hGx03F$*(YFU4BBa3iJ5U@KL6~lD0BOkwJCLEPs(@5fJ7kD2cOG5Uxb~%$Ckd&W zvp}w`kOpY#R}+M5e{@3?ZV0I7tQ-*^d}-z|#lIsrX3;$C%`3?(lMiK+HhuqSr?WyH@Vaw=#3dJ%~7wHKgs!*6-!Te~HvS83FE8sxb^X@aJ|{m~dLqVRo5y z6@ESm3g~0@K(+uOg-OT0%1$^7i$}lTVTEwM#g66)dnpuGE$xM8NSzR-2>BLb0t@ zr5c3&x=jFsP&lC0BDa{8-VRAk`xGFw=t5HQ8{;tRMG3HGhw`gIP@#Qg^3^V_5W<2h zrCP9Qbwgym-<%1-BmD}-W#H%XA3zIq!HgE4M;}t=K={+2DG?$hhgyufY}uauh`tYjhN8xJjrXC<8ANmO zvn=r8P^>ne*zOwcooVbf4z`7Y*k3O0`_t_C)n|=x%ZN+?45Egt@;Ubf<~xj10Eb}y zLWUD+R%&?8u1y5D8c9655&&{InAP{c3X}**ef5#UbsrJ&iLqNd-o>Arn1@r#@}zOg zz(Fv7U}eOs$aB~#?m|0kX{$Zcroe+2h?^{7?8&(Ek96;fm|xXB3@4dwo(fOU4>LU`oVQBO(7CRLYRj1 zD_{AC=rDY}ZF?9akDXKu!k8ieY*ZWL5sK2)V3L6(V(ECbKo}Pb-sB;Fg4Z9{?f^=O zW^xP&K8lgl@Xh?HFJU?(lc`UQSqxZ-UMHRU9C1$8mJDP+G81&q9P1S)dT8I+_=24|n>AzhV*v>yR*o9y6KF4G>kcX*O0ZA>x zoM+<3&_vZDyW!rp+k5v*g5aLR`v?4MVH>&BsuZw+HjZ=}5Wdd5-$SFBbW7axE?{EiM+R((BDZDy%eLwGPoeB)23B#u$9r zzjyR^t~yl^{e}8YH^x?N?dhwFF$fh$Zb3cy#<*=B<*Qxo7ue#q7k!{E@x0W8fM|p$ z$GQRDCKBx1wW`k@;m^vcda$r0aDT^15={II-$M4YPRuVY)Tzy>5(r%q5c%E_Kzg{B zbao3m&bM8110m7`826C=OX|*5{9~ElQ7`+%U3pV~okJWSfoohujfH#vKDtIOeGLhN zMBJq7=_=3>WIW~}3Fo;*;P=`YtJ-PPa$ltk`-@HJ^0{V zFCFXqgHCnC)!1}^-2v9!*R%>zz#Xh6M^tb-HqnHE12ElugU!b>W+yrAXnFpP)X%*S*b)^ z*;OL`h%U|zT4DvI;#pv05k&~i5Ri*h`~P7@)sJk!9crI-52~=m&GWQT4qy$%5S=-% zy1)ZQSp)MYzJCxaMr3Qk%Rm%Zh9)KI_*P3Yknkv*>n9KLyorFKd3P>Act*#V6PPr! zlIe9Hd1nY>Xk!3YuX8!b=VU5scVC4#AtYUN<0Yy$;Bv5^eP*pBopR*Lbb9Wy&JK3z z3m`UAQJUS;blQ2wRc#^XePge|EnC2D|F)j0sRI6YH$p*Zr!WDiWD}djp!fX6c(QpA zBXXk;xXP*0#|GMVO9PvY5)hUf1Q@37$7b;&#~o}WcrD^UZWk#7xF-h_s+ivhp3#P+ z!hmbcI0+ZHiUvzo5iunP-8`Z&4iDhDc-O9nNOGtr<*anKgxe~`alZO}3#CpW;ma8( zQ=yt|FRgGa??Ldzr#i@v`O8~j-g7a?;I#A|k!suzgnD;L6xfRc5Cnr)GOZ*a0yN1S zgpO4$=bUGE5xfqBQXd7m>LNf6U8T;1jV6g+m(BYr<)5<BQ4H3;zj$LQ)SDplg!*~iH-AD4r z_^%pZC)?ya)~c#tb0U9XL9rg1K&M0YbLhdWlHenst!D^-Vb7>;cQ8T^BpJR4L|k32 za<)R3XdVPnyZtf4V#F0*ggx?}t>6d>SS**n#fZ^lm!vBrftR zZo7Zaa@O|wZs5QBebv;Q|C|Xh|d`fQM}0kqh9z%0bv5FjIZ-) z9lv>xu@A{+$RB{q+0aIZ9&sw{dYGJeUYw^dBRc}ht$*bbJRw@t)v!2PYLuk4@$mWQ z=_?p`z&J^ra?3w+HJ)gHp$D8aHV!`TUY9pT<#1rRQ$J;jt5V=5 z&&$E;>Y_thyJ*V>!zUKvc%J{cL^V;4ZvrGtR#(IMudIF`P(u!3ZS=vc6Zopv*tEOl ziw7Z6XD1eYvSqwKd2!296~rfhO`Bel@9^y_500iwN)22$6K{^l0bp+3u{Rv`h05?u z8IGMh_(aKafr4Phx2X+}%YU*sKu`-po>eT6h|xKELCq8O(whfw?db^mFo$4bav^7# z`Vrj{y|`b5r}AHO&NCrUAzjygeBk^`tIG&n4?l4(pr@moG+up?0a14A!^^XXomf@1 zr#Zo5i)?CSr~sUlhKg2%K&4&?Wt>lEp}+c@utaRjsk#@KxS3gG(SS8K4n*u^35@sT z0!R3Gf4?K#un}bFV`NV1nx=vuWbQLU6HN!CQ0!t^24D&kFlb8`tS+9Wa=FbuByqaw z-0ug0Jiv*Kj~e6rdCBjmb@d7UJ2gLHw-3FEmxJ%zIW%E%_}$k_7pY%T-px~PY442Y z|Ffrs{Zfsy)9W6t&8@SW%LDZTdESflpSefAY#=`@e9;K5S`^wpiA~hY+L$R>&3anN z;m;YzazmNTOEaKR%HVdj>?1Zz2?WI^UIY;3V8<%3$3G^w%X58=<|nu&XZ@XazlTvI zbFOS^96C2LnoZABWt-gjMNrxrO~}qCYBD(RE1%icZMX&4b=vzxjM+sU>e4}EWQ;|h zk-nW@CjuLS$MQ6hkjPYA$|lslRy+G$^(S)Wv7UOcGTU@mr0B!6;L_2qtC#?AI0~U; zPArV}XUrZ^&ZNqW?5LwCI^}B@#6IxHsqwpx5~4CnK0;R|nj;;Pp~-fwC+ni^R_YRN z{AN4a0bo;ppc;0N;TzF+k~4PLEIe@lp{bZD@{J#nLE{->%ReUeG@7&Jne^*I{5p^Y za#k(8fv(_!o2!&@8witd8YYgbE;;jf*FGpYTA<81v=p9s#b#$s5HKJj_TCk0MZb1Y zH_d5F&Hi@w6fc`}yW$Z!8yt_bVBV$Dc{^)+q#K|FkvMS+DuLMuz+hQ6=Ljq>OIGRw z?1~Xc|>`c)I z0`TGfHNU@xaSC<;|ND}+hcSBLzTu6|;NEgk2?#WO!}d^L9hxO4JS<~8((${D@YkdB z?8L{)GeiV{Eop+&*$&ftSN=#$Wz)q*_6l_4^XWG0_TL+KclzZokReqD?ua>{Kf7Rn znGTXCCgU`$mLPXca&-`UrOAwu8gx(WiL&0Rm-yF{aNe|!q711M!L`1+Jr8`q{~Y}9 z+z1&`eKor`|HnT5>pOsA{W{%b0N%m3!o@Ou^I!k>m&FD^~vm0OqK}WhH0T6(5Dc+2yF-pBM&3_XAg3=7ZoB@urO#nTu3Zua`SNRC~F7T3+Q=9!!zB)+zQXWplgJczd&U1p?V%fB?%r zd;tnqLBNdpbcG>hrq0;0f-CPT=(gq!KVZ8);rI5rad`na@x2Zjd+*5?W3|EH$Sufn zvJ;b?mPb)X`=XJ*isSr1Chr)z4FLU22O(zTHhu@lC%Q6-wwxf^4n&X_MW6OkGSMO` zy7FQIvbY0V>#NthEn7l^>Elxw)Wz;&|hod6jR!=CF0 z1^o2cQ!xYN9`7X7{+?~*4dySQhYr<`LPR?WIj~3&LWK(Ho%k0Z)0snk9pLpAi%Zbg zKuaY(;TzV>jic%!|D1gQGHz$S0>*y(8g4l~>Nq(}s*m)?lAe0-5)VQU{&NLnIs=|% zBxbL;fGk9j6R1)**zB_7uG~1t>!;5htw{Jh-8^RzKLx0#ZMjX}{eNwN-_r`aq2#{2 zv68fp!zgGr)B_}x0h$mV$}=4$XQwU@ID+vA=Ku_fDb%zGn@?OGc4KLkQIu$2$!Gg~r-?X|O z@^;kFEb%42UX^wnIyzXQKJhw-V`|{_jz@p_4iQNZG!WeY|w-%dm5B}>aM=& ziZq`RW$+AWK}5&}t-d*N>*nM9qBcIIGgrS(JDENN0bQb62;e39511Pi#a?Lf6sDdF z?hOF-K4Ge#06ix?E4>YQtI)Va_^3kE!DID6v&;ImnETIZT-0O_b*lE-6f#yoQk>zo zX-_34L+0_`bUNX#`b+}3pnvfAVy(~PTRYq5GAp24L-FOlTlPkD>JkA>7egHjE6&0MS(kgm_1M#Wsw>Y@6GgY?|6ykcr4?RRbA2o8Xz zo5RYrbebxSXRL0=*hpW=G@t3#!Htkou}G^v86!APTj(+2+yUskdc}N=KMex=K{!2zHR__}2+(p<6Xz zXs3SO0M0PW9?HC0$Wu0b!f}1x{FXemrmt`t-64br;}RPX%Shlnzxs4hZ2Ug-t- zPMO<7SN0cxy5x3mRoguNg1NPmU+#g*!5f#V%0q$@cP}5r@?`P&l|4y6JA7we6fMy3 z@DgCh&eJ|z5&o7U@n(h2w#C=R1Jv%&KMab{r*m>S>+eeVnl-Z2>}-FBV}1gCr3V+N zlE|m86)-J!Qy$-QZ;~EQs=xRnQEEqRT+9RCk7X$C;DCGk1;aNL#e@FrK~XBb2Mw8L za-k{m?CsC2q1rzn3u=+L0ELZ%pH!G`FJ(BEm{8neyU6fJ@4kEvH7{qq+o!Q=?f9!X zr(8#==W`MB%?jA*NvL+*>9PyxqzQVXUXwT(uu|U~dN^(@u~Rcp5a;Ja8)nqS+MYJu z=V?OCh@&$wvV9tsxkJAyfUkc_rkfw2hjkZ`_~%Y@z)fOX?@gR@6za85h)!~8J8YM@ zST^j)94L+NUD0esnf1`#6=1YY2vJddEC@zkB;EJH>!UcT+IY$#pd7ZmCv!Kit>Vcm zYs#HyH+?k~tKy`>qBMQkNBi!+x0?# zW^HmW&*_hTX}IT!H#|J8Nn@ldbd zKcYL8v5jj+pdYRKujY z)xwaLcdkYVeR$r*?$Y90RaJAlTn8^6liF?)N5q7QSy4|!jVEKZ@{1*|l14E`Vt85R zFnV{=n2WY({Ktwbwa@&Du_YhLOanhofwPwKOhM2k>th9KW-Uqo1P(dB@^Lg-(Dvq+ zs`(DBJJpdFv{s*3Yh+!2o@2uO$iMKF`LviH46dX&f~cEgd4Niqbl;T6mcP4(Pp0IG zL@OrY9JIAqiIe0l=7IWtH6DfH5EaY0V+%lOD~$2A0n_u#;Z%a}>YF79g;Wo8Q%$UI z?vv$O-e=hx>VUaDStoqSUqg%y+aE>>DB0q0fweRGkXU@@iMlOPpS`YRmSiYjAG?yI zX&YD@pzJQcwIR(I@D4j!iEhoiT!F1T-OrOGVrEnmOw6!6to*E0Pfo()IOy^^3fyyS zvs>~qmz3#LJn64v8#K3B}^R;Hk2sj|;d=qf7BNcGB5BR{TLCEpgho$Il4M zX)EVZF|q;oO<=TId8&U2@074kk{%vb6IeZ{8amCOZ+V!Hawr^fDTJH_8LjA(FKT&V z2Vv^$F<07Da0LD>3g!yyE$O-H#a{Y%2T-@pafHUVV|hxgZ*0pmt7 zF$DX~1&`I``JiNQ)jdB~bxmkZGMgXAcTjwuHa;gbpXSig`DPK1bjkr*W`>IA)Lw+6mDeC7#_^rh#;8*l3x6+Eu|gLDUv;&d-v%CJM+(ED+iju=-O zKU)%u!P@<_E8^C*VBaisq~eETay!dnlTF%Ggo%Y+fwB6BbYC7R!|}F+Xm_~nJ$5u$H6AV+Ki^Y^K)xU~Qd7;EnkvTJ3n6J(UrWP#sFXYp zds<|MBFg6o=1amhUWLD+!*OWO#L~C0-%{bD^|C~Y?oY3@JMWx)eVHbL<{YjXHg{No zLj&_QQkRLG2w7ck%ReBNQ78*<>9zcjx$!ya!GxxC_?Xz>4r=svhUm?k-UNkKm80oi z1AjDqX`h~MKx?q5=4QF+_L-pxrR^=6Mn=oyR1eoHb|sT^p_6+XlM`Zo#-d>in1#Wv z2%oKzHdvMJvjJfaN>K$h0Y&cs6p_2wByV)Csl0N!QSW#6$~3*v39qF3AdvTI8b<=> z#%0cQtY0W|;a0S@wJHHY2ow+egR7v!Q9v}R22Wh2-)GxoNQGyW%d$@@bnuV9tGgA% z1Fji$s7ER~r&tt~_rxer!z}z%6J0pzHkmitVq6Aa8S?+8YNNsXh7w9q{0v>R@ZMp! zql55Tq_>aNU_~+80&hb|BQYa<=ezBLAP(0(4Wd?5K`PX{_w=EcwnXt;xX_4X4I8*SFyR>93IcWS7#L8kantsVhGx$F*1!O?uiYrw%d5>CvdB z0ZwSKH@*2xB||b>=NbsA*|Tl!G4uMuWNjA)@9?!5(Zi1ZFKX)yZN?!l9kj8?^V&Bn z^8JrL3RpQ_iSO2@$2JIU9auQ~(v5H~YT@DOY5e@>gg|n(0RSvcrF@w+c3@A*6;p^L zw_mP{xYt z_fYz8I4LyJ;N@E1scWrBLZOe)-OGApyjj4P@UmGY0hH8>V?_0sw-kwEQ_)ObMkNF03XCC{U5KCt4Q;c?&^g?`J--F6x$YQD}tJKw9(|6=FJnfU;Fv^pyfjb zY`@()IQ<)$7*|3q8yYlO$mf}7j6@6ekO}6fCJppn{*qL!3Tq;t(jzy}qn_F0AWF0w~MNe^BuAxFea@an54ZKU?ZoR$mlXO7MI%2Olh+Ey}n1;0%T$6D5UVoor6e$o&Aacj@cJO zFcXp*xtv7xG}DAj%l0$3AB<=!zOlN+Q02WW)-JJK04facz22&2IzFvrUMh^=H3hO> z&UL9{OwPgFbi_EW^2!OOGD~Nh5Y$@Wb+=OH2ZwHT4YbW|*Vh@iS^7%gqAuDJAMD#| zj1Z$(;!i@^sFor*<2#42X;qFqz-QR#~ z`800XGm`~smcFG>V0}8=7Cx&akEo~A%B8k&{ekl{8LwOKTx%G7% z6jWE%V8dGCWThS+&hG@34mjy6*8InPcK7EPEn0*D9p`)^H=J3RlpyaWSYslt731*)#aThDwFJ#n17N}Qd){b2Kn zV(G<><$Hu6=Wd-C4x>`7u&|f^Ext9SyrMtfa;IEA>R$J)HVMwLp}f0Frjw<)^-H(L zYW^VChMpTqF0gV(aJuhY8RfO-gL0^(q6S28u|JK?$bC^?WRhp%+c85I&Zc@p*IbVEQ!5OLRp z`?@Fi%1#(S$pSo5!juz96g01s2a<+iK^y$nhpZ3U- z=1ar0&Z>MB;JfLR?W2sB-n}quxbz8hoBW=X`o>5+#ew>56xlt;Z55j0O+zSyzTXe? zZE#~9?yEgGiBTHYqWXGB{q4`M(p?t?0acJELT(2du@1Vwv(wdsJOe)Q!`E=l-4@mL^DCD42oO*x!w!qb{+lGHXA?OKY~6$ zkwJ^8Z4b%;8PtzvV3l04PIK-*cxQTiT)ODL7H6bZmS&Ik(8NdmSd+hP5O!TC5D}H) zNOO3KfA3xPna$_spuaprBOyKh+`fZLAf!tQ7uW(1Osgdxok{%38;@2v@Ub{e`hFNLc1jV#rK+MiiB@ zbqrLBQlkY-=7VrJBM`2bvgl;vfv{aojU%7ks>VUe}s_c@Z zeDVQ=dDz5@w2r+NSqo`PvnsPb&O;wv8!G9)xi0iM+^d@SXkz}dOPU?&3$L4!nH&zx zog>L7uXzVhrXI9j^c6q)JbZOQ@EAPr*~&vq;_#^j8D~l9+&#YA!dHGO=@Kle-xW*8 zdBeCHKV!Q}Kj`~Gpk*0mH-v=#2)Rx}xfEIut0L^ft?wm$MsZ zaq}uBG0k^{Onf_qgY$KSclu%kh8IbKG&)&~_;&bh1JWWZ*}+?WaeMBKu(?x#0P{$! zJ^tik3torJF~J*lpHUy_pMKAi?=0*bn2_aafB&eoWnpxC@_`-ZLxbTBnEVe+zt6sv z%QGeAgMIk7k0hYv_gU8*Vep&CBQdA4vXX0V4|WajtAq4+ZGrvkS58ZEhs!2~$NQY` zjCSym&TV}eFm&#HSZL}LJA6HM-OeLEDl>inCGZ3FRRv6U)4u+Et4)*}q!_k=J(JD+ zxnpyukrTtG&O*+&pZUS&9%llw06OokRQ^D9J-KNl?1d2Gf85{SW?<~~CGkQ3Yh>p) hUEerNMtb8K*UA0ziq92uvbTVrmAM_d%+&qz{{Yw%NY4NO literal 0 HcmV?d00001 diff --git a/doc/smart-switch/high-availability/images/eni_redirect_overview.png b/doc/smart-switch/high-availability/images/eni_redirect_overview.png deleted file mode 100644 index f1af3edba6b41fa924121636f7e676a62099c2c7..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 31291 zcmeEuXH-*Lv@RkDf(R<0f)qun7?j?Ng(6jY2c?(Li_G1 zPC#%vihzJnmGlfSGHD)Q1N=MXsxEhrAg}G(Jn-Rxg|337vN8b|@Sc?5REP}$5&jb3 zj}G_)evUXra2oi33O|M*{OjA(QHaxjy(d(~U-(6(VTpi1nn2-!jOMdbi=$^hQ1_N^ zuUQRHn_svhbEe^OGGTnck64PA@2*^r|3>5*Mf!6g^n$a(Ia!l@HjcnocjFP;Su&yJ zH8T9(ms|znCobMR^-1=D6V#dMu6@f5EEg`xzx6{}+I-S--28Ip@ZzVLIAx%8#^5au0S#H2{$I?{lI~kG)#<#Dcs9b6)Jyy`eWn*3O+`-qTNfd|tkDFfYN+>IJc8lYC$c!RP zWmM7@YcI#_CY&wtqgGC~rxVcZ*t`U*U0Od4qI4MySK^ALTR^JDZ=Z?@lnTAG=dJ1J z+T~r^c?qQIR-T#s=KhFag5ef4vqWbYNBW6!q^GZGp)gFu$bcqR#Z|A)EQ?vkBBs)C z-X(2bMrYLxmf-y%u1{6uI2&1il;$LfBGaU%0y*hHqXHi?iQ6O+Hf4hBs2yIQ#+`TN zK!=T80mp-#cQjBrpk zyffn?VcoFdR-LJ%kW|CWV^F@kh>`v*S=E$_*XuxDwF3Qwrx0XAmPV$@=yU%I$9S9B zmJs}@47vnd6T;D9%ej31ITADl!RCnl_;Z&Sj_}P*rYzdw=o;q26p} zkY4;8?Ox|S<@CyH=fwqD(!XdYCrPfl7lyKd#~Un)A1mb32xl|)mUhfo8TE1GcGcOZdCH)4GBv*35SL?|z#PE>^$^J_rOMJ;b@PIpFV&F=4~$)& z47QoAPj-#YTf7LvWsJ!SF`aLtt?bVl&-W}`OL_d&Tt-KDr^nkO^qOU4(bC6{f!;<} zy>q{Sy?$Xtg_s;1t+l!azwK#q^g7?n4G2DdKecCssiM4@kE@+Qw|;fbq_>c*o~g(| zNzf?edWv+X1lZ@HSPUh<&J2REZXpSezszh$?Wi%BBf{Qh;Y}{5p#o(GPj0m#=Hcr99Jw!gllwWSIxR$4b30Zi& zn%+N&tAMRh*YtOci)Bvm>v=cd?#ZxXQ-H>Y4W=ict*E8#;NH?|Y;_31gr7*qgpz(% zq=r!&e`ZceXGxaasnRVTA^2Wzd-MC}e@Xst9nkTJkZvAZj-n&xe$M}0fLDvkh;%7E z^w>U8S4$_bF-~^0C5nxYRr_oUiMstN7zNXJ_f-37phoQo1K0v*Gs|R+Ry=kMVKln3 zBD>pa&r*0>mQumTreW@Q`314QzFtm4LqngYl1S$>8)x;DUeNv}r%hJBejbKv4*h+) z?oQ}pnAY*10b3XhLZrWFbg0>#Wqzi#9o~{zg&GR`*K?=^5?WO%>Xuqhf96z}DNfwD zf#9waq6m3={BcunBNVlQ6m=6W%I_h`IEt%LhU@x6D=cA*#|_RS1?g?cw8|p)miL^W zeO9Xbo5Hb5#Somt`_uY2xGh8DQMC zv%fr9_`H6pRG zn=AR^ag8cX0F@`bNx?=bJQ1)R!>tz?eI|=hXS^1vel_|Z3v=}D!98Z1JLPu$dF*g+ zbY>2}8m4S7sriwGX5jJtA!Vkrffm*BWwIArM(!kjmxo)?g`Bv6UlDlBlx&+CAL};7 z(h(QMLM{xwjSoP$ecrTxJ!-@4JIxHnt77ls-b%B@bgn4c`oOd(&mP}uDrv-XqPFF+ zYAh}B3uOha{G|`wgRJHaA5ZQw>2o4#sv`z``%@uW!wYuy=KYsHPF|DBaVMjy$~TWO zjn5t3Gtt#gK`%&DmzqZRs>dZ)M}*{CYHsQdXfpP=1wfb+wZuP5xi99qEM5Y^Zl&7~ zB4?vSW>u|XZpP8RfxPZun7oZqB9??lyPr)!cNa| z{4ux8JcLW}Ww2e4sXY~UMS!}hJ@~1>?ya%IBI4cQt3G&+xp6~nL)ZO*{yn}wzd`5{ ztK<0PKQr<)1)m@_a|H3J!0+75>L>Y8&6bcTD%GP=#P|d&Fp~qrdeSLmCq@xHM5Jtr zOK)APPV9{|EihadAWw60H1jN#Qq0iRxo5{|L;&R`rBbpy^^WVfPeA}xzr-BNUCd{E zqp8vZcZObI)<;|WF@t%lonD&F!Nwc#R~o5e@UZ7Vk4XBFwCjUdf7bnxMMCjb$h=1ZPBD9#$4lbMg&z4&k!h2U6{X1L z<>(HvP^rOQA(hfXP!cs$qUIgpo$0%EFRgycPY4K&zVo>0R`-)N4WYVQCzo_?=%YWK zoo8!8@tTXDWncGULCbyYz%LECori0?!94xnV0VN5*=A`Fuo12wA0_5;b>y$qc|5Bn zTaem+%dD$u=Iya!S-6blp})KNocU!o#PMN=tTIgmXGAw^ZbFGYnCiJ7c2mQ?W#-c2 zm_ho`K&J_rtRQ=3z#3F6k5X0~%Q%8!+}l`00+4^8>QnFroW3IX%ArrR~$*)si2_RA>YRz>oGE>T)SW zzS06Kla=6s`MJiGgw5o4(IMJI&{#rb?r_O4O!k~WDD9r23QbSyBf9I0eZ_^lyisg^ zLZrM}e$#VOW;iMBtA=#hkDJUnt0;-f$YgODW)&Xn*{V(Vj_Fi{06-dp`-za*htkQe z2T9-K%l!*DYpZTOdlpJ4nYyi=Q=+w!UtE8F-fSgbkLj(7hX_I=d0S!cLMtNhxj+Bc z!OW?Hvx@XJnjPL#OSQ!+a_1-l4UO)J`HXE)kfqvs2HnH((AlXX*SYWiqkEYR05KYj zOi5}cwI)*EmV6Oa`&<)NX!~F_mgN?Bo_asYae&?`YCCY%wZ{Jby>A=~^)~z_l z@A3$cRpJ^}DnV8W5>YwZTRRllKYl)N#BJ%kkZf`+9j+%ekM0QtJ3}Q?Fa?j*F_Q|QtaVQnN8M&y39adfwQ8YrRnr3Ks4`TkrVklnb!)mkf!h0RNBqRXq2 zUx)96ALG6fyc%Ftka%}N%}IEpWFe5b{jhENq0ShUIR9KM3nlqbCVO?>c){I+0tVvf z3jfE$Y-ud#7wG-tvrB6Cx;6qsuo(^#(sM}iMplQ&&0>&MFKf;uWaolxs4iEkooCro z{|`fbOzE>)a?hA1!Lf2D2yHQ##qk=$U5$E*Q#GJ!Nb6(+bQg0vp+LCSaKJ`RhSZcR znf%NjxsA{cc=x^N0rfHe9Y2{oHFK;I^`yYROtwD2ssG82TB#w+b;-mC%$(DnbmOYt_#r@01 zzoP&(Ye2F%+hPgpLzw&qR77T|4GIvGmvm^j!x+T+8bj%=yq&_=S10SiKfk?N3*dcN z%qp&k3z{*T!_c53M&fV+cA1*pX%J~q7k}5RaUeNd(w2-F z5-(sEqou7q^s6%&_i1PU-Zt#w(YlzUr3V>3?>4z(>?+GRWh}V3Vt!MD%K2y_`Q&#& zXDG-(t_;FXh~AzaB36N?BA&}5rZjR5+Rtmu~~TXwb?+_Ne5L+mWKu9_gb^OG8sRMCX~t#REaT1{YN zR=DFM`>^U&m&-nrG&qXxJDjG5RnI;r`Ye~%y}rOAJFqxdNKf>dF7AiNquwOVrS`3Z zWcBgay$p+;gELtE^mZAs#arwv4A-}aIZW80s)?spLiP@?-fDN|+wQ3y5Odz<)Go2J znp-qd7b>+1?*$p^dZ_+f*PPL6gS4rtaQiQQ{@k`)S&X^}3t52krQ4S-Q0BRMl8z** zfk?SVkt>w}>#)2;A*pS{!N%vjRex9w`jWJWBi5~H)oZ)yi@>XBmLBZY}mD{hUlS8jdW8zFc=&( z!E0PV%tvM)Rm`r1H7LlIx393UGY~^`%VCQwX0TXR_bWevz?oJ_y(WwbE=n>+>3$xE z{V-*@oau96ubEcSy;hm}Qa0t6Xl9N-SmwmKB^3H;BJia zuSO5qwS+S=y;Wkf3zyxe&PY7GS6@sixr0b_ZoFDz-T7(fHSj#~%h5eSo|^>>M(8Xb zwt84a)?3-T*zFaj@jOnx8i`lK)?UcXklJhJ1|`MCg>w0iN<_O*e!C0zmr~uY1maB5k@sQ05tjBOau2CU|dy|Ywxl`R*`5YI%jFoC6wk`%qR|z_YlHakr z1e;TL6nhZvM#Rha=i1_Vdah!r8 zpGr2Sdg|pI+EBp1#V;@aTTZG|uW8k>eRwFVQG?@+1=_arWxt%0`R z_ruFk28YoFVX!|2fa>lk#xGG$_x6K4F3Mfb&dy#Mw1NvrU^3@$J2HBEAbPOP;G<@%LE>T#(>cX=54QBD}z+e4_UKQ8Za$R zZ(W7BRu4S^4ok$-+VsvkxcK{9}^x zP$=HctDy;RLkLteu@8Ul@Ce%lV?g6JCQRjQ7nc-zNk{uLzmy)n8&;=zB0@;|J|KYn z1|D$82qz5crE93yY^a?^TXAcDJm-Kk^uTwRi%UU zh1dVs-v^HX>%-zMYJKj{!0#|r?Fyj#gPoJCSx*d8ah?LX=1MVmBf0(+6*BXk3RIY* zHu%iUcl*(C6bX1JB0|Gi{hN-@r6hX08%?~5Z0H)?=5RFHxM;5Kljuq?53u;1xjVvv z(M*e0yB#L>_^`^I$>Chu2HfOBv_$n*U!}(^vCiNS zh90TT^slhL^@6E6Qp8qyAZ_XZJGe=oXZw|w`j3VB!)~8=0Cr=UlTQv{X|ED)PHyz& zxkAx{tYZ)VjC^gof%2uHg8%`v2|ij_D_Iiz$r7cU%TvV@>H;#^tuf-AXTy%xs}2mj z@musnQU96rH<6nwfe?;vy_YGcFq=oB-Ewr>L`H$wwbaNzxIvq{;3NAvBol5?P~%I+ zmz7Vq91FZC$HDF5d*da}-LokIR{C&|S)y+@!`2sueiAI&$B8Fl;|IA1st2_=oDP4= z=U54{!EvATe%7x`--(kg-42njlj}2&JD=aee6!_l2RsJ&c5K#?!8EEBK)5Q4Z)}PgNCDw5G!dj+ebV z>g6A-<)7NZ&w89Wq$kOp+Rfu#2d2K{t(mGnWP)$Jjb_3I?`Q{|VPqhREMBqLD!e?H z*Dho}LxLUrs#BqhVUG-dx#yyElJ)F?SX=P%+P-r#c&J$FoGep)f~~pBvMbMv%NG3b zr9Ivu&ft?QOiShzXLpIf-OFyt=N5PpB~Yimw@Z0Qm9#24dS7H}J3KX4q$-pwWT88? zc!k^G2`VO^3>_!B)Ssqwl4CzH1HRz%!j3|p(uq^T-W_2{LqOof7YJa3Ias=oM87je{aQn(QKg+;sFtnDQr3?PP$0P(`B^m0Ki)T852M02sU zUY=)1Jcj4DzuytB+&o-^F-;I#SumSw$|+j2vh+B#9HX1_pvG*?bO%DNM^HlJo3g-P zytI4ZYr9V7On-zTLO;NVO=Fn4C!Qx<*9`ARNmhG2K#r0*C107Az4%7<*v_aC0Fp)Q z6v=Dz^x;b4zaM%1`WK0)T{X+UX8sKqO1}ee5Zb}BGfpQd?F;P9?EN^%NoegM8zBGY z?CKOCPr^{s3s?+R0kf$D&OE^9|!UkBU^2TfX`TrzUWerg$}hcFJZ;xHHKUYAU%%+gNr{b;c6YaT(bD2hvq|z8 zOc{Mp4N(@oLUvr^1w=mq)Kw5k6W4HYVasS`u1Du5``R?hgG$TJ%aq!&*U+XsGCO3zAptad%8leaUg98X(OE zP&|&~@kt6uBcOoNI(^>wZ|~>tT3VlD z)8<={$H0eEM1TocQIb8pX3_Ii5S)X|`JvLopG?7V65uZaFf%0aGyB*7zz4v)_gMh7 zGLyW*@B!pMTWpOdBKhjTNqfMd1%z4Z5*ycqPIv(wgis`{Ju2y|NiL{KO|F{^u6|+3#LP{LNI)<7pfp{VfN+*N;Po%xVRM`)%fRNfj?B9J?F2 zP%VoOl3ocfUEH zb`3bmwOhn3NE23pk{4el>OQx4EakXtJ7gObW#p6y41JM2VNCw(C2u&dnWL4n*vQcyDIiutNqPb$k3E0$Dc@zA5RolE)l8|kI(E64DS|Nsvf^K zK)Mr0de1K_KtQuWuEPB2!)X<+yoLj9z7t+oh|u)*(zh~)7p zq?t*8VG-%n6V_Q8F+kk%8b_cwv-5A2mFhBbjs3*!ep|^Cdf;E$^8fW?2R|Nynky5R z>rMm5!MpzEtldEtpX2rwYDflfR(VgW*(i8O*FrBYF~f$@6P0(IEf5a?2~ynr<~nea zhZOO+@~5VMS%X&q1RL|~)m*^|5rW153|I0X9DH*0A`Qo_&M8nuJ>$PL7VYRM7wHqX z`>!Aqegle12vl9c4SWTgpf?tF+y4Gb*RVdVB3tDL+XHi9m+||=xr+N{y^{`KRF=)$VLR~|2U}m z{M9yT*$gf=Z@u6@)S#Eimk|BFaw|@(XFa*8atk7IORHa8J2Be(QF)|&_2Hw=h;0+j zB=@kZe`Me*A^0oLaoG3B#4%q2_*LmW$FW2Ro=hEh6LX4$=lCW9*YjQg!mbCec>hIK z3ZiEOs;9%gLe^$3*yW(hl>5^A!{iyi?eOWu@}3AMU*8Aj6>dw`+8nz&eM98h`D3mE zkdOm?vBDGf&f(8fylWq(?1bHY}$$11!?AfV77AFG`|z~K#=0?#A=F*{0aI< z=K;g6x0P@wM=t>Dq@7fl`2z#}St}3*7ojlcGo+*lO&C8nW`zx#L%f%o+s`MI!Pczu z?pU0tSfUOADC7J=F8fzCU-Ls3;cI7(YljDhcm%*N(3AqZ6j* z>t!H@-*>%ot*(V~t1vjM+HeQ$H<9h^bX znP;lq@JY*wedRb0Q0Av_xOS(HRm7WVC*gC)_xEKP0jykhpQuy(_^34VYk(IXi{C0b z!RS=L)ph3IRH<5zWwZcx`~*N0R~rh|&B1$3UalP4W@oZ65nB-+E{mI!c!-|vxbpYUfNTTv7nAMVU*2@3 z&5U{u<DCRPp&Oh6Ns6yYZQ=vD)a3<)-zK8$o|t(Pb7b6%onsds|)37u#z2PAeD zg-g6|<1s>1W9{XlDSe@PUJdPG1^%FA+t0cO32BP@D>ySpu?3RT_8T!Jg41QK9tT(a z%y0Yr$Ml4WzXO4yE<3)eSW8g8)P`$2|X*k6`8zy|Te6SjVHn}a}pw6t8j zJiNmfMFLUgto79*soWI`8SrD+8VH`!9?&x}0fTpjo-*0d9y4QV%>coJeYYZuaJSg= z1!h7lqlXK5JQV5VZ41R#^5v1mspr`e)DB+y4F`EskHi2_pqtbQa02=jfRDHrH(*E% z+4OsjR8u0}@6G0YE#Z1`S$`!Wek)?>3wST5PQkwI`di1R1^qqitu~j2k1ZxZdXm(M z-C**=E&Y@3_ybu$oOsg%UmU*}sNZ1$LR8_o*D=RP1>EW#pjhAj$V6N}DP@!RySJ5p zNjR;0tlB9 z3KA!ff6&Vaaaoo;Wo|~2A-!%eXJWG;WN({uW#N$;Gi*hQIET;gFm_%ddpmzCl}B{v zUNX_R^)=oDQr+{3Y_bExyK9HS-7L>RPl+IM)1L4m#>NS^oQ+F2PCF4w0lT)ND4 zM~m5OX=ct~+rj9f&ITQ{OuA&;U!u~pa9+sJBAyF#sB3X2*Q-!4cAfHXPLSRL6n3Gb z{v82rN;+$LL5C8cK7bv(ft<-+OtiR#hv*dg*+JKUQVxU79>|*1^re1a>H_@KlNA_Z zd2U+NPBr~ljMv{P2l|6($U^(AdMb0lUXXjA|ISs4^I9-+TWZcV1mN0;H`{Q+@2~pz zzwQC06OCa9>UosVzky+BB<%!m|3yh$@k%bfq9b-WR0-ymX%~LFQjjA}Y6Pe~sjcHR zW{$|jFW!5gt-sbaj^eOqP0;42Cm;CC%s+lXJU-{DRCaG%36?wd40{eJZ0XJc@Yz&} zYd~ok36mGEu?GO-Z7q`L$1X!yu6IyF?Q0J=8yds?JQ94Q;4LrBHB^W!{_;qnw4?w4 zNWMx2?tYREA4YtyU{a@S{eF{k;)BN$Wso8%#=!3pfI@;PN1P?LQ!NPPucBtKs&$z) z17&87_dWU=qJ9o3dxbX%J^cp?VP=6M-#&WG!A_{Sg48|irkze%R?jG!{cKBr$M`p2_(z=Z z@4Nt?;D?xq*hvJ23=lNr|M{Y!9>M;k!4M(ou0{ zD=gGEC0mHnGDHED(^DD@w{4QQN}Fe#u$!Xx@r%M=m$ob!Mm;2hhx01@mR+7z^E4g7 zYRp4~=+iwsmg`p;4;FR2!2OYuEnvo*z1e>3BRV!?+d6*LLv$)=_&zV@;dW&X^1Hg= zUY0p7b-Z?KemL&gwVJmkaBEu0^SK){Q4Ay~KtDktL_>>(Dg3m*?z^X<_zXeW?eYCc z%|xgHO{QD1U8rLvJPRio>c*G6|AtKkV#QbcYM7PQWQlgubFg&fhR|UE3atxyBz`_I zgdEqx-`zj5*8mDv(Fp53;`z>tYEm7gH43=+fg*6;J`v1dNG{k@>__z~Bswj~NSkS@ z`>F%mi0AIid>WZ=yZf#Ktamvk#mRs0yVlLxZxcMez?xUOyO)N2EcGRgAUQx1`63lZ zuPJgQ(ZHRS{N9}IxDpqI%Pu>}f7pU)XUB1KU&!yE-hcsx11-?2*Mj!1=Xf1bq@yX) z%|^+kT!c#eg3*`_{gmBRyW1%K(O+aqOD-B>QtrO#mHP;kB!xTQ!H!!FS8~eML7PP` zDkTw}aWJtiWTX;pJNmi?goUJV&A}F`C_Ky6YKT^sEb-3Rd!%%+*iJb{8**{!hx9}C^EB)gH$`Wl#3+dMgNvY$cfr@t2h?j5E z3>^$dva2tY|E_8fbl7Y`tT67PXVLr0=9|(fYkych)7a?|JNK9R>5ddlD= zE#!)dcW&FgaqTRMUeK*FEp_%Osb(CBPr;4Nc50!O;oQs`2!qw0$HVR+AT)5U=}vIM3JOQt3xwyoHlqAbpN4{l-It?=Y#6 z(j3qJ!mFhY_x;^pav0dzzkx8w_wKD_Q=F_N?nzhi6uI_n&(AP9spe2oTlHC7$;waU zP)15WdaCCzTk?n=J%_jESI(LU>UO;K|JwAiq9}h?IYVx#Yn%X$#fQ7n`cQQWHi@^A zrkK!Fq-avMk;=K|kx$H5HlPWTA4sg9K-5j+7VB%fF3aD|RYr=BWM;W`{(71vtqjJ1 z``rpq2fTDb^f!CcRR+Ri`fh{w$6KEFzRGvcS-5X8cD~h$*C0-fV@;T?43ilq@1_y{w~ z1>>Ga%{am1b9lPO&$T2+YDJjG5%%A|kHS>&Zt6ou*E<$8{Z*g8=8sj*QN493+{`lQ z_A@9TZsvLj%^-!)ocZAfCo)g@$(g+~>J~VXBGFH&lZ2eJb{gE+qx2)z%i}CbmL1PUrEOsvmgVM!FE-RUg#X zF|~0uE`;Wm!nTa>(2N^X%bqN+IPZL^>IYkesMVaE3>2H!?iwL9r0IQND{^WSfkI&yy*hiv$UK6*-(5L9hYl`!GVn;_1(YUE0wLLVIQnr*NWcdB3bcUi z`<5LU*&7YC<~;t>nu8GvXgiI^F63`@uz_FwSpU|+*OJa z^ON%vbV$(P%@Amejnol71GOf9>(r{ae@`7ghu)wz=QR3>JRIpqGL=`gSrC6fA2kW} zIA)rh@6WE`H*BB5sNaRnlf%0=#Sih4SFe^aE)Q^UmZhBENPiO zxU`tceqS}#5FM)x9T=0lNVg+bRDTaL^}wJd1J3R>Uqb^?{LK^1h5>$}uGul~domVA zLGT46A&P^2d=6WC>eGn!&_cyYP36Yw{!{v~RYJ!)NT7QRA&C%V__kPqjvJb(te2Mh1ToJ%$RxQ5sWH1l0noSv zbn+hTG60<`zTD0X`F}-V^Ms+8ZrmQG@RF+d-HalQbd{|(u@zlCJ-wc2Lmh%j!e8|WP>-rblp zu&}Ub5uH!h=qfmhsSzTC45DrW%l>k_y%u-%^H7#LmFQ>%8&eW{m zIM*}L4@p!)Preelss<_Q8{=E9cQ+Vhc@obe>Q76gUR&QHm>n4H}V*?;M|sx zN{oE*yECViT7DO+HK}OD8#lL|9q)B!;CGcEw1;rBI}@yXltAgY2c->Fs(`e6){^gb z-7X#J`ebR1@5s{Eyg>gaD3#U)1SO~L=$WLaiO!VMHsGaI=?wEWXYx`}H7YCQFJOL< z1_5u&V?Ux6U|uH{mq#ldZEU48*N57QXBN3jL(sp4Puet}0JmvOK6~`>1_vVGj>kr; z&^T=z$HeTA`Ld=^5?Bq|GxI%v zuY3w#XO!Qc>+1U{dU%cENKq6K|4L7W_*pXmpVZU{EktaW@M?WN`$z)g5yVEV-?CcAydnn^ep^?*4Y z$B%PlOAi2&N@_WTsXd1!s7{3sD};?_>OPTkV7~QTTLQTk=imgOkx0?eYk-bF7B@#Q0K<#I z>PM>eZ$v>&9YAJT-77?NPXH;*V!-gAa|-Q=QA7%W?kb|)U~P4IMzwXap}R@ZTACz4 z@ET(if4KiN!KpzN3;=_I?nC+D+57%BZrx71vgCdFnu#?BPP>gmx$aiRPSN;k#5LuM zDE4eVBT(ae^bQ>#rz}ZW<}1QixQjT) zOQ$%)q@no2tAVr0<@3Zn??S78H3=@$r|aXfPdj5&5h#j(^SO*5?nO2pF0)XtQm~*t z2QtC<6|@3~;?H5h;?eIdlz7Z-E#8Dk#;NM*pN6vLAZeuEs{SokIo7lKij021O+q_BOhx~oZK-J;Y%>Iv@^us67 zAzPn2)5BKZ{M;Zn$$Q0Pb_RO!Qb+UP4VW2d1=s#K1kovYTW2fzHJx5hRUfAfwMO#0 ztfutB(YGa!t0!mts`KmnmloC+>bsq=mgO{lJ(|PTwJqPb1WNqM`)rIkoof$bizs{f zI%mw?%Nt}`iaw0DV;r=c|Bd_iEkvFDWVcyQ zSJG(ZU=H>GC3{ZdI_Xc_af1ugeVV7@M5T?oDr``FXJmers!BDa8A{eISG#A0GT>58 z&0Ue?SD4DC_DsJOuGCd8ew1oIkFLN&ihIqMzzf40L86YebN+!dlm12F4T@u=TOSE@ zSl;^;6@B)wOX2^Z**-F7d@hVt+&jxFG=nXM(h((2_>dd%MX9bW6a-_vmQI*HY{)q4 zlD_8->s6&sIOlXrtTJa$GoO&3SZ6ZDJEk&+H_HUud2lhxar~h}a7&vf5c^~Is8dGK z$f4~V)VQ0T0(901R$MhQ!vp-X9^1SA2o_S7^IoBnk24*j;_CGRrBmVi3RUYmNK)hw z^ISUdh*~@=7l~eL;Iqc+SL>*dF^ z&U^mfGezq)6d_Or8^Qu_JNKO(HrP`Tp?EL&27&M?_@mz;iOI(ucM^_%H9XLo^dpe{olJ zej9xj)nC?6Cf=Ruo)^%Prnq5v%1Av6vFr;#97)s27*0E5n-o-*DvDazmZ*~?so24I zI7CBk`;+4{8EfO@sDnu3T9aDQZVw@Cm8P{cAga?AlP5L58Ii@5eAxOj{2nPaUdhTN zg6I-n1;{eHub2t%DmuD}WXlqTiy*sVYSzNsJ?f@D(o};BE2}V*O^22&FA}N7?BTmH zZ;8+@eOGG_3vIsjkd)gQ{@S)P9kM*;MVILjFaDH zM#{3l*!40eRA3`}ir!l3=q=7Dk8FFh8O`x?FrjksAt3J_N|v(F^vj=q#*CGa7)TuG zMWlzy3b7#^C3`;xpXQQ?m>s-q{CS;`u0i&i>LcFhp{L9^$RPxO-;5pz8?tJxhukbN$nat7b%^d2ggc9T z&`g)T2zk`Moc6wZrp&}c#7GR1sHCXL9Od`+p!C7`wQC-o_?m^K%-f@V4xg@^~J)j3{%5Z=MK)ACj_2GAH zzo~N?Ro45gHD!Wv&bG$x&$lm(z3?J>Z77}mtlO|=#KK6nVsJ(u7R|qxPBQ+>r6(73 zYjhepJ`0@00`@Mi>al?H1HH)Uhl^4!dc)77(4DCnT*(2ClY_}LFGVeTR(-ROK*(A2 zs#N!_H+CtNx|E}AO9P*V(xMral~>&L+&Qn*49z@(MfW%mBSMSCx?PYyJu~D+eFrp% zY-K=7Nq77dOptqk=_);SfrpAi^pugMMv=|D5iL-R6ZlC&@;u%hlxGDx%8Mz4dCK1N zYF&uAoF5=7$6o3C85K&L6&K^$%YPe?^wu|BfU6@;nA&&9%d028ViZPn?rce<;nrH1&f#4{75$b~&f} zpy=(9&lzEacVE2K>Hj!2DO75!p5Idv7T3v}h^5|9gVIb@Ye{m(iO2RlMmOF#>_sQt z)!a_8RmK!P()V9*WGtAuHC~GEB*3?bPod^;u8+m74fkZhtA(mVve*QVxgTfhGSR)SZQ&{ZV@i5D;7?`&H^!>ACQ9&xR!x-y~3H*Sf$Sd45Ib$)1s^#Ju;2kP3NH zZ1r+|Xq_W^Z~RoBM)AsFuWGI%+!*hQ*f0L#vDuhNhkIWe5Qy!Us-{F==*jn5a;$G` zU4y%K@gCLANTZ0$tdKJ=dj3j`T_xp+HLQK2(GuzT<5}~22;J^(d#o%UCZXbcB*>G& zW3PNo3*R~b*D;;T+X0x4@H zxsUq~UUwh@jFcqS{u8stwtSn<&N5;#UgyyEbXe9~Soh1cKpj?PO#J_b`W>t}fE6pz zQ$1wiSesx`ZIt86CZQ-=l?W%J#!xY)){t!T9u_c;8i)W1?WI=FG4j4$f6eses7)IT z$wHu_6-LzeY_3WBQI-NR1Gt;Fg;LJ^aW|W#rMK^?T$Ac^sDj9@zVB@#aeEyuiZ*V> zcZlp!O0npsE9&~MGhHU$RyFphE1Nh_kSNw#&|22GA4bktlZ-Mf_C@u9x8}2^ekQ-8 zOZ|Wyc~e&bC~McMymRpi7mlcOj<|)FTPLC+X3XOALHccu=8|q};0pxnvDRXPpY zG}cQ8I?1po$BKFf+&oPm(E2dK$X$%*?CVhV1^=sY=MsG_PvjPXdbCRuHhFO(kIDWx z?qmDO!}fr8F2m=)y?V)G&9lbBU_6OQ{Mmig7n=C4p}r1E`a6E02@dl zj0amEU(5g!{MIV}?x*ot)t9o)bN9YCy{gK<#I1qIWET#*;&E?v$Yi;%AE!MEG#(*8 zC)ZMQ_pgl3%e6w#5H(5-+@oZbJ^KQ<1xjbP7wCfda`xNPyNu{>VyEzQWd;GA8O~&Y z0}qrsg|~Y(wuIyERoUQ0!hf^YuenO22{*OCpDbOtRUJ(cvwOK>L`#ZgA_~2(08J(Q z!IA0@DQk+!8v#4!-Zdz;2?vkty;~ZpZW6ew-LHf*g0HJ$)0cjl>;*m+d(R6+2@ta2b%OPpLVepR>-*kl^Y2lSntA{{EF+w_M;*6LCnA^5fzw< z;x2NO$MA=KDI|phK?%}PRcvwfG+2IHr7v~LuP@KY0BhaOIE)0R=MES2YWo&^x7Ep^ zh!_2pK_<3kMpCL>IOzC_v~1f%Z2RDr=SuDROt#Q@KeIuS%SPS{BN(xgl^P%bP|2#i zQ2u~hSP9SkJwT>h5y$XljfLvTDWk7hj~jv0D2PrWmV(SgRM9Itcrf2TIk?w3ZF&FHy(q1 zMoZw1fcmB8`#yWK0u=R(^lIju9>`nHLLeenIJhuF6-X4k)oZ?}Q4gE_bR(pNqT?!CXx zdHTC1SU5-36Fa2PH29^SvV;U~XrEuxfJ@5E(M^J!sy?g{aB&KM5){5u7F`UnoX^uJ zti5D=RAKP)gLF$J_(p%1CBO9_n{8?Toei+Vz?o0gAAr_2j|J8I0yn5_o*|n=#i+{e z;%5&hFO(ehxJl{Yfw*HPg=odsu$6Hk9pyA*qDV5Lm0FR*q9_u#&rxAE@S=0%fM$X| z#Um3#XFkC8UY%+17%`khw`IuQ(7!dGP7VYZY88ZZ?|e6V!xyJjDVrZLbAC6L5G6@| ze~8_@)%Ou%Ahy-KZ=7dPVHL#^UVB)xbJb^hzM-V{4Xc#v19U*-0c;!J$*DGg@456p z7@2CrG;dVRe)U`E@FsdKhgW=Ju|KWKFIXOAp&6n7e@c1q9%)TgC^&SDVi)v@x zQ_`W^O52=T^I)M~qU1@X!0wz>{H;tlSWSPou5nho&V!WSKzgNCqOWhvILb>};c(dA z;ppTCLTCwiX*4Tq;JqP9G;qMem=oDKCcm90Vl(eG?CSzws2XY&2zxB*(hE5l?n5Q& zLnupMU1D!M-9p`qymE@@wVG+qtA(67XysCW?Sff4&SwwdGT$<)Jy>dG%*u7kTYsqq z<2A}IcK-|cW;RDD>oNqc@aeGicRjYWEi{;XNwUlS$PSEt`&U%!uHK0sQ4<2FW0jmm`RPQgI}kvv7W6cUzOu5in)-Mw02uc3UmOIW)}6k1xFn>4fjD#CTn)NMVnqmLr+k&u2|^!QD?%R@3zR``P-#tWMy;bkAO zF@9}<#1^g>VRM!HOi8tUEkc^Qm?j~;Xw<9uU|8hHm*ZQQuLV-SUde=Q{iSvS7U#eNX3x!}y-J8>*9tF9>p0fzctOv~1 zfIKCXEPWPR8OLt^%$nL-f^7^Qz8L<*qUIBc%Z)hrMOOIj@AD>V{+u@<_Eu?El*<== z?U@w+fu9p_$V3H6CR{_ucBK~NkY!X>u$WY>h@MrC?$^Jpp`3TCczfI|Jk;G|N*A^S zoJ4Us&%f;haul>x(S|Ep9z8n~i0HbFts&>|pC9ttaBYtkz;>n55=W8U9Hl}FoTcC| zHMCJ#b^OIty8n$W#_=)E-?vU+DY)Xy%>`y^`7w8YxElF_rTeQ^Am{N!XzZDp?`ZQo zmLNqVG50Kb<&4~1FqL5=d5I~TmXD?da%+Kd#e7Lst0ohp;kWW#X*OJS!?&$4T4B6B zQ=B|?{}2mt94-^V$f0L*!AoISuEp?hCi9SU{&hpec0=7J+qOcEdAZn_m1GHu)7aVG zo~m5N-FisLM7fto?|YMh1MEt57E7;7EsU~1znIBbxD6D)V@ALJy?w8NB5kX3&;eH5iWo4z9Q>s>Ctnq0=C)P0>`)0NcyR}t5wVf2XGdWv$NKyKb0@y)F zUlY9!g3n;Ys{K^r76Xm(?tvdgTZmNEbx?*1{x}U4(xc-vLTi}}1GMKQ*SB818`1W6 z-A$^<-97*g(x8d2Dm5SdKrSa*S;hs%Ee#Lj#5{*?J7hy@bA`HppP}&_I70(6+i)2* zraYp`malO*6IIto2X!Mswwtg!lq0qj^p{&yRSY}jcWHb58_!0u!;@d)x9bMSpAd zG|d@3WA@B;s2|)?+$CKYxb4qi=cv{pmaq*6hT2isj<+csetq%U63v{ zK!}Z^2!eos5Tr_f>78IBbdeG|K|yMYlmtjfa&`dy@VVc;_j%9x&VPHati5K|%x`9` znZ4JFaUJ=DcF8TQTtO86y_hzJrB_%B(pvkLSYl8OFAKuB!N@^D z9`R%xwe#=zj>O?_>iisqM(pqQloRzoax=ar-GAfoJ~q*E|BXV+$`40^MD{*ps|R7c zh19U+iaM2r-5G!hxsFx0O(D>j^4KWtZRv+47b=-jwkmy$HTF10OEjRI$v;ZiDifU# z{tb4^uQyajOzFcc6}aC-uY1W!CDF=!s0zik9adg{jN+0275LD7ul#18>__L|`dz9~ z*HGESXl$d`G+cRU=2yL!XzBm9a9F^jXf5%{!4rsIIf4qX zSi!r4Y3=zBDVjxbB0A3JmoItGbP9&Pk#$X0fSLhG5<`!?EWETsCv#3<(T@lpr+`cI zj;c0id#fcI4y*tfN*%hj>at+hO;3{f%t(_(XOpsXRO(8UA+lh$JAFwd#I7Ki{Onrc zA{}WKV=e18>;~~)7ACEg1WUP-_TyTk`OkQ)Widh(x}AR98i zUs9>Z1+rH&!?;Zhf67nERWpUH4N;Y?$YQ3Z|6pg|yty2m-T1ib^ZS>Qj!UO{H6>AI{OKrp3>s)dS_d=(?g}GIO z-7R}3S47XaX7K@E0h`fr)j54S%d6pRY?0V-r;c=9vRh3sPsj<_#pkCF#iq67cbIVW zT|n^mO_mukMYXlxt8YOHBRgDxRXvC<>c)bcNW6Rn$`*AA&p=v(nAwll3sWr`KaTt9 zo>dvLjz6lj?ECYq@{nC)NBxW|q|G-=%K{d%d||YyNFwHrb>3HXVWt$SECGc{fLZYb z?aL)`N^82qmrTzuytDS8zVOMk{HAr!5CK&R9MQB=?4pofm^}o`O6SR09FMX*6N?DgQm=t%xeG%qxRGrZC>v0pb| z*-91ZJgwX0Ii15UHu(6vUQ0*8|E7!37IX}bfNU|+vlPrY$mgT>Jr z=390Db8>_HK(Vn)d~n^Y4=h5V&py3w+5j4_CXfg>;$bT`xU+Vf->0)#@TXP-?n0>q z)ikkcA+|S@&CL<^4s8Q(BIj6t>ML36)7K>ho?pb3tahX*V8BlHivBu zz`%=8yDYt90L~&F`7xUh6*B^PX5I+G?5n40QXin>8@B^H#yJ@bKnLc))O- zudedpq@hnj?W3kVqxQIBbN8?xCz|_0UJ-fwfx0`~pZkDnV|&h|V%3B{UdhDrjg zd*tP-T_8USeE30=@>RH0a?`s>Ntrs}Zvug3@z-$Zj#R5%aZmA06=U!3Gf#=7{GdlA zLSVVW`Q3OI>et?Up~l7u2-f6-@AUwZMzyrXlmt*|hi9BtY3Ddba?b;+TzV8m zeYw7DzFTbZ&}j!cuIv1SPHFo^ui)p;cgoKI$Gvrx?pd@zvk>c>h>?-+$@Ua`-CRke zc=Z)^!|4YCNq36>`r&ly*4p7S)~lLpM;2x;v_NpnlU{?=qz%+PoM^vNV%VyJqW{mR zl3Z}K*J#b%;Pb@!#Em@c`~JpAI0=&)aw}6mir4vw;hObA>{!Ani;4V~#wt?zuRg0Ndg(bUGf6R%Gm@`SKrf-QUMj^VUgpK`t_@!ur?!0-U_S4 zsRbW@JK3prmUq@aDZaRsNwOsflasfVMo8LseX_JNNv7g*cJfM}VArsoclEd2E6HaO zzRX9$n(JLu%B(0pDZwkR-XjatXA1@TNsF?h40_^a?jfErc)8W zYC(MR!q@oAv{2kP*xq}E#rI2qmrzxw@h3tE|ya>|u20Q2R z0f+J=(pCP3TQtJDlGh@GYsBi;8>Ax+V!KDRfm*mo)bw@Fch3;Q-G0+ zQHdxy{jHccVc*X^{IgtUrRnyOTe<9u`jgV?71bClGDkhl@_y!1zQp)LH=>xuVt5}s zc)|y^yC~uAD#Dg>G#&JllCq+w5CG!pBh{B)r;ffpxJV15=UC569VdHV2eJyldpceD zoW@l7zg;~vt+jA(`w4Xw_{X+vl~W{jlIZ@(&5DHSZ%jBif(w&Zm7;@Nw9$eD=I2Ji zm!0}9M$UJW&K45S8s>=6KK^J8+avU=$O?#?E^5-?fr~91Qi_}ibgw+HfGW{c;mLqm z_2`@7|K`KK)PB^pP{;}h7OjOVCVBKBe{hoK>KR6;8<)$)Oi+3*Mm5Wi$oIdUwJ0QV zq?pxM9fWUjbr&aDlL!{| zgSeq45^+>QVSZ44nH6_tVrsT^>%$BJ@P-OoX?<{ukI)dcD;pRYf#KMAoS9A+sVZ`XUImU$K33r3*r^nwu&RxPQ&tY>i=2qjg38)gjRxl}-5r&+cfUW1|7z9IZd2}- zddVh4Voh^=JMBd~4?7d^))2T0<-0W@+uHT^bftQn93tFxivu9PXHTyfn!D@8#@2(( zn^Xc;Nv(K6anHKk=()X*T{oLsw6xSt`Rw=U@O8|%bF%fQFq1P!WSsJS4||!rV$h20 z6B#1e7qVHdXsTwiu!!8Frca98h&X*klUvR9zUBw#Du7>V`I_%RBNfE|e0=fx;XeV@uoB|OQr)jqy2FzQUMoFq$yn?*1p(mUzXW-5*>h#d1UYgk^OXpi(U1HJ1sn^W7|xLt#V zL7@Nxm$@!s`b|8k!rGq=%1Bz2n*>2M^pR@A0&Fu4jJJ#+c2=_kPtNL zdomBzX7g{LRx>mE>zq(KujHGuLR%a#I!OFno(Nt_g!oznZM=jR$R@jy ztKw?TD=#mBg@m7rE!BH|9ACmClsWVuO9E5P@2~0e2i0M+5yo;M%g}W+gP&ovPxtUM zo5j8_pK`Gc!Xear)blVLc~NY%I+iBv33HIt#*D1xiEYACoW?=OP2)?{PUixJCI$1N z#Kt1yBFNe}E|UD$!Ozi_5Fs@}BPaZhDL(_eLcBM#XmO&xtgdSsk~3;4j~u(~_^EdG zjfLxXLJCS?u&~L-%Ug7lymXG$#^YnJhL1vmP6{a_$X@Jr5um;F*r>+guM{@}2_=&(azc`8(CnLX@RLd1T z8VLs|TAZ1@Fet(2KQ6MxKoO@#boD`ag+dhstS<9v6)!L)@IiX1a+SY5Oqu#g^J8j_ z-iW^qc>e1M4qkKCa;!FYq&syjNWM2?3yWm>*ft^tt+_QB=1!3H`-a*9wq{L%ia6y; zJja?6@Y!>bo>rjMltM|M)titB)qyqL?xf(BebK%dgb50=+CXL9ariSXkKbiBO`zqR zTw#H-7iod=NVyCDxXkhtD73ksp5HrlmqISD8f+D3S$=cHeqhTQ`rs(#dV6xdnUrI6hxJaVM*euFHjH*|i)o+B0sgjN031+?oay z$*Lh@rn2|sZz8}22+MdXu9ioNjs}lkVoApXSVl$z`R<+h)214u0KJMm$$5SU0_jZj zWOBTXyZaG!bz6U@cjw0*vh!{^mE8~hYs}w+|MxF0vmZP5u28_NDyNR`;h5k}1tz%Ch zU7Ot^0>rpmnXRb+p!}|hSpNYiO8`*B3+!~eO~6a^W~;>~`fUfo$Xo$Rhr@59F;U;= zoc6OFIQrC#{oyr$^nZWKyV?48;{dgK7#QO5wjD@=YTKIs!*V9UA`0%>c$&8ZMsf-T z>FFI|ePaA_VeiEfO`vI77bKNbe}dzeQnwg2l@v_6Pd*m@2iN}uP%O32jGK2j2M!;v zt{Fu(Hs0dpi~9EV?FSFms~#G=1-lDk{~19|gRHI7%R=rCColN!uQo5fFCKp;9uQBE z%}G%D3S-b0yV0!Pc|*s5Erz$8-EXDR_ya96or)_G zU^uj!*?$5k&WTR%(!MaC`j4QbfcaXg9}CrMOhNoWSeba=i#j&lQb) za=_r)mE_%lUZ69gcvF-#RQIZuD_u!2v7oNt;p)=2Bj`I;dtK!VPCd_kV%!7nV+xX zBTJlr#+xf=$HyOU7*W?#Ao$VYIFJH!zcjZFv?N|_K2WzV6o_m^#zL2(gp?U4Fx}ozHWMic6$lfO&Li; ze=Q+fVsqw<(MD=J0QJOn@ere(%&_}j@MbvxBnK&lUAh5B4|#yPfYmFx4gIGX#A*x|T{lrwC@Vdpmuk*;6&%@-N@QDuUA<;0_a1!1_NRzFsE~{LF0>6Y#uqI9odeo`$m8Fm_Eg-=A4bXCFD{r=nACZ2 z$1b3R!|N^5-rs*7q87Q7+&Xjs+Rf#GoZq~Fyta)~K?W$7Un(~QpJy}XgQ`7Vkzm1r z3i8$6TxzijM>V+x@LrlOKUy9)aF~u>l*6Ota#GCTFVAgD&pOK&AxR}QTw0z=n}bi@ zG+$aInPSTvabioeelVk`sc{^4#AV0lRf-~Xz}NpnZBI%`vI< z+m%lgTCg`Kh)XNq;b|!x@$LJ$i@XO{H5OHZ?|Pb(a%T~5spO<%#v!MRtritT7N;wC z=;(b|YNSm>-;8gA35w+~4&Kn%yzefIh15tk5&9bzmIYv7+1nYHYwrizX?O)BBJmE^4pB|+@&|N zB;LsS!D?l44CU{DeHCH1u$}T5xltXWO!NT!iO`HV6wSV4#B2Mq6v8TBnO2u% zyN&`|%=AO_X~pi3^JRZYp4PAD8{jk!3RsWtBo?-$01^V6c+|}SkzYnZLx(&qT>8dP z2;Kq3)^ARa0mpnOe*}m;e%jJtP)Pq8suLK9HD$uhZ~HGG=>Z(r<@$%=m27B;*jjr zVxO#wTTM~m*pklz_NWtbQ)?yQJ1^`Kyxz#_%RY9eY*2YOWGeUpnJ@9CDAb`#We|l; zbB}G4;HH+S5R%@ZNA6hoDsD)6PCc!+{SK+&g2|}#5|>=nC?uDq&n3zm`unCMT6>?M z*NRc>C0G^zjIIXc6Z)t(kokujJ+rXzi;jJpI*1#PIgLfyVp3t6{&E(+)Kp7(q4iFb z^`aN0mZFQqHlc*$#^q)P_~GOt_XswKwFO>f5=i{`-+0oeryw)aeVLXsk^Qk4XO#2l zqHwHV&^qz8oF8F2k*quU8iZVN2l528bdzenz6qhqrgCCw{F^gIfJX5d2ssPymmEa- z9v>$}3oUNU5=SYv6LZYMaZ#LZQ-lsKOLh_)Z=^sYrRCMFrW$X(AnIp}QV&X!ev@** z4_dD1X_cZET4g!TYE1zeL2vQ}9^sm+5^8WJ{@$1I2of=graaD8;wCWi+@ZxnLU|g5 z!^a#V>ihulrE&bLPUD*w%^l#i&t=b0-eWoQU&B|83Rl;kUrm2WZ_)*SkV{U}VM7RP zcDFB#x!QG(0Fe-glinniS{AO#GcFo4u<1?4G}XohiYKAFJxd7kWW3XNFb@JHofND7 z1eD3deSr$7U?!TP^TwNyQR9F=8ijpG06=^*5hT5UgY{bMpYiU(0;60Dia{ zwMm(OdKWm`#(dF2aB;<|Phm2&ma{bw(Be#>eCH+qw&~~lR)#@=_i4GBBS2zHN>{-L zsi|;*a#s;X8Z6-l&hk|IeUgI(DEF4Hu|Q23%hDk8Y&-%R>y5T68`Wbk3+)B(YlVXP zn97u?GK~xeU%NmHXJL!(#kto+-h(@3I9h@(E_WA9_?f5AlVj#}NPS{r-x_9Luo()R z&_?}8Y=6Qf9`!}pBXKQT=dT{wudN%25-$J>Y>KN+=HNaIqQWI<3gNpx{nrwguyw_O_XoP0fC|-Sv3YkcAG$KZAGHifhIr^`jeQVBZ?G zJ_#bdQZ5I*!*Yq*rH$HfcL@5Cp7)YS8P_+`M`1E^Fs083IeBTQ$p8VYeT$BO3MTc|w zN`Q)f(|G^|ToCJC6RzEEEv6EP&s}a|c0#zV?&++6SF Date: Tue, 8 Oct 2024 22:48:50 -0700 Subject: [PATCH 12/33] Update Limitations --- doc/smart-switch/high-availability/eni-based-forwarding.md | 1 + 1 file changed, 1 insertion(+) diff --git a/doc/smart-switch/high-availability/eni-based-forwarding.md b/doc/smart-switch/high-availability/eni-based-forwarding.md index 099a9d391f..47466f3d52 100644 --- a/doc/smart-switch/high-availability/eni-based-forwarding.md +++ b/doc/smart-switch/high-availability/eni-based-forwarding.md @@ -279,6 +279,7 @@ No Changes here. ## Restrictions/Limitations ## - HaMgrd will be writing the ACL rules to APPL_DB and so Configuration/CLI/Yang model to support TUNNEL_NH_TABLE is not in the scope of this feature +- ACL Orchagent will not perform any checks if the Tunnel NH or NHG is already created for the given parameters. This would be a problem if NH or NHG is created by VnetOrch, EVPN etc. However, this is out of scope of this feature ## Testing Requirements/Design ## From f50e6efe39f2360f0e073758aef0b5367c1e6bcf Mon Sep 17 00:00:00 2001 From: Vivek Date: Tue, 8 Oct 2024 22:50:52 -0700 Subject: [PATCH 13/33] Updated Requirements --- doc/smart-switch/high-availability/eni-based-forwarding.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/smart-switch/high-availability/eni-based-forwarding.md b/doc/smart-switch/high-availability/eni-based-forwarding.md index 47466f3d52..5178d58905 100644 --- a/doc/smart-switch/high-availability/eni-based-forwarding.md +++ b/doc/smart-switch/high-availability/eni-based-forwarding.md @@ -121,7 +121,7 @@ The existing design has a few shortcomings 1) It is not equipped to handle redirect action to a Tunnel NH or NG Group 2) It follows fire and forget and doesn't keep track of the updates made to that next-hop object. This has to be fixed for the DPU to have uninterrupted traffic flow after an event which triggers an update of next-hop object -3) Update ACL Orchagent to match on INNER_SRC_MAC and INNER_DST_MAC +3) ACL Orchagent doesn't support matching on INNER_SRC_MAC and INNER_DST_MAC **Proposed design when Nexthop is programmed** From 9cff2e6af8e92d250dea79c794c5524f800f24ac Mon Sep 17 00:00:00 2001 From: Vivek Date: Wed, 16 Oct 2024 18:06:05 -0700 Subject: [PATCH 14/33] Updated Design --- .../high-availability/eni-based-forwarding.md | 228 +++++++++++++----- .../images/new_acl_redirect_flow.svg | 13 - .../images/old_acl_redirect_flow.svg | 13 - .../images/tunn_term_problem.png | Bin 0 -> 23812 bytes .../images/tunn_term_solution.png | Bin 0 -> 21816 bytes 5 files changed, 173 insertions(+), 81 deletions(-) delete mode 100644 doc/smart-switch/high-availability/images/new_acl_redirect_flow.svg delete mode 100644 doc/smart-switch/high-availability/images/old_acl_redirect_flow.svg create mode 100644 doc/smart-switch/high-availability/images/tunn_term_problem.png create mode 100644 doc/smart-switch/high-availability/images/tunn_term_solution.png diff --git a/doc/smart-switch/high-availability/eni-based-forwarding.md b/doc/smart-switch/high-availability/eni-based-forwarding.md index 5178d58905..2bad42cb53 100644 --- a/doc/smart-switch/high-availability/eni-based-forwarding.md +++ b/doc/smart-switch/high-availability/eni-based-forwarding.md @@ -8,11 +8,16 @@ - [Scope](#scope) - [Definitions/Abbreviations](#definitionsabbreviations) - [Overview](#overview) + - [Packet Flow](#packet-flow) - [Requirements](#requirements) - - [Packet Flow](#packet-flow) + - [Phase 1](#phase-1) + - [Phase 2](#phase-2) - [Architecture Design](#architecture-design) - - [Programming ACL Rules](#programming-acl-rules) - - [ACL Orchagent Design Changes](#acl-orchagent-design-changes) + - [ACL Table Configuration](#acl-table-configuration) + - [ACL Rules](#acl-rules) + - [Handling path loops after Tunnel decap](#handling-path-loops-after-tunnel-decap) + - [Nexthop resolution](#nexthop-resolution) + - [Dash ENI Forward Orch](#dash-eni-forward-orch) - [Existing Design](#existing-design) - [Updated Design](#Updated-design) - [ACL Configuration](#acl-configuration) @@ -59,7 +64,20 @@ There are two possible NPU-DPU Traffic forwarding models. * The host has the switch VIP as the gateway address for its traffic. * Cheaper, since only VIP per switch is needed (or even per a row of switches). ENI placement can be directed even across smart switches. -ENI Based Forwarding is the preferred approach because of cost constraints. +ENI Based Forwarding is the preferred approach because of cost constraints. + +Packet Forwarding from NPU to local and remote DPU's are clearly explained in the HA HLD https://github.com/sonic-net/SONiC/blob/master/doc/smart-switch/high-availability/smart-switch-ha-hld.md#42-data-path-ha + +### Packet Flow ### + +**Case 1: Packet lands directly on NPU which has the currrent Active ENI** + +![Active ENI case](./images/active_eni.png) + +**Case 2: Packet lands NPU which has the currrent Standby ENI** + +![Active Standby ENI case](./images/active_standby_eni.png) + ## Requirements ## @@ -69,32 +87,164 @@ ENI based forwarding requires the switch to understand the relationship between * Each ENI belongs to a certain DPU (local or remote) * Each packet can be identified as belonging to that switch using VIP and VNI * Forwarding can be to local DPU PA or remote DPU PA over L3 VxLAN -* Scale: [# of DPUs] * [# of ENIs per DPU] * 2 (inbound and outbound) in case of one VIP per switch +* Scale: + - One VIP per HA pair: [# of DPUs] * [# of ENIs per DPU] * 2 (inbound and outbound) * 2 (One with/without Tunnel Termination) + +### Phase 1 ### + +- Only HaMgrd will make decision on where to route the packet and write to ENI_DASH_TUNNEL_TABLE table +- Orchagent will only process the primary endpoint and translate the requirement into ACL Rules +- Orchagent should also program ACL Rules with Tunnel termination entries +- No BFD sessions are created to local DPU or the remote DPU. + +### Phase 2 ### + +- BFD sessions are created to local DPU or the remote DPU for faster reactivity to card level failures +- Orchagent will switch between primary and secondary endpoint based on BFD status ## Architecture Design ## -### Programming ACL Rules ### +### ACL Table Configuration ### +``` +{ + "ACL_TABLE_TYPE": { + "ENI_REDIRECT": { + "MATCHES": [ + "TUNNEL_VNI", + "DST_IP", + "DST_IPV6", + "INNER_SRC_MAC", + "INNER_DST_MAC", + "TUNNEL_TERM" + ], + "ACTIONS": [ + "REDIRECT_ACTION", + ], + "BIND_POINTS": [ + "PORT" + ] + } + }, + "ACL_TABLE": { + "ENI": { + "STAGE": "INGRESS", + "TYPE": "ENI_REDIRECT", + "PORTS": [ + "" + ] + } + } +} +``` +### ACL Rules ### -* Packet Forwarding from NPU to local and remote DPU's are clearly explained in the HA HLD https://github.com/sonic-net/SONiC/blob/master/doc/smart-switch/high-availability/smart-switch-ha-hld.md#42-data-path-ha -* In a nutshell, the ACL rule for a ENI depends on the role of its DPU in the corresponding HA pair i.e. local or standby -* Thus, ACL rules must be dynamically updated on the NPU. This should be handled by HaMgrd as it will have all the necessary information to make the decision. -* The format on how the rules must be writted will be explained further in the document +Assume the following ENI attributes +``` +MAC: aa:bb:cc:dd:ee:ff +TUNNEL_VNI: 4000 +VIP: 1.1.1.1/32 +``` -## Packet Flow ## +**ACL Rule for outbound traffic** -**Case 1: Packet lands directly on NPU which has the currrent Active ENI** +``` +{ + "ACL_RULE": { + "ENI:aa:bb:cc:ff:fe:dd:ee:ff:OUT0": { + "PRIORITY": "999", + "TUNNEL_VNI": "4000", + "DST_IP": "1.1.1.1/32", + "INNER_SRC_MAC": "aa:bb:cc:dd:ee:ff" + "REDIRECT": "" + } + } +} +``` -![Active ENI case](./images/active_eni.png) +**ACL Rule for inbound traffic** -**Case 2: Packet lands NPU which has the currrent Standby ENI** +``` +{ + "ACL_RULE": { + "ENI:aa:bb:cc:ff:fe:dd:ee:ff:IN0": { + "PRIORITY": "999", + "TUNNEL_VNI": "4000", + "DST_IP": "1.1.1.1/32", + "INNER_DST_MAC": "aa:bb:cc:dd:ee:ff" + "REDIRECT": "" + } + } +} +``` -![Active Standby ENI case](./images/active_standby_eni.png) +### Handling path loops after Tunnel decap ### -**Case 3: Packet lands a NPU which has the same VIP but it doesn't host the ENI** +During HA failover, the HA pair will end up in a transitional state that makes it ambiguous to the switch if it is active or backup. -![Case for Tunnel NHG](./images/case_for_tunnel_nhg.png) +When the HA failover happens, the used-to-be active becomes standby, but the used-to-be standby is still unchanged. + +This state, although brief in time, may lead to congestion, and packet drops on a switch. + +![Tunnel Termination Problem](./images/tunn_term_problem.png) + +To solve this, ACL rules with high priority are added and the redirect should always be to local nexthop + +![Tunnel Termination Solution](./images/tunn_term_solution.png) + +**ACL Rule for outbound traffic with Tunnel Termination** + +``` +{ + "ACL_RULE": { + "ENI:aa:bb:cc:ff:fe:dd:ee:ff:OUT1": { + "PRIORITY": "9999", + "TUNNEL_VNI": "4000", + "DST_IP": "1.1.1.1/32", + "INNER_SRC_MAC": "aa:bb:cc:dd:ee:ff", + "TUNN_TERM": "true", + "REDIRECT": "" + } + } +} +``` + +**ACL Rule for inbound traffic with Tunnel Termination** + +``` +{ + "ACL_RULE": { + "ENI:aa:bb:cc:ff:fe:dd:ee:ff:IN1": { + "PRIORITY": "9999", + "TUNNEL_VNI": "4000", + "DST_IP": "1.1.1.1/32", + "INNER_DST_MAC": "aa:bb:cc:dd:ee:ff", + "TUNN_TERM": "true", + "REDIRECT": "" + } + } +} +``` + +### Nexthop resolution ### + +Nexthop can be to a local DPU or a remote DPU. Orchagent must figure out if the endpoint is either local or remote and handle it accordingly + +### Dash ENI Forward Orch ### + +A new orchagent DashEniFwdOrch is added which runs on NPU to translate the requirements into ACL Rules + + +```mermaid +flowchart LR + ENI_TABLE[ENI_DASH_TUNNEL_TABLE] + + HaMgrD --> ENI_TABLE + ENI_TABLE --> DashEniFwdOrch + DashEniFwdOrch --> ACL_RULE_TABLE + ACL_RULE_TABLE --> AclOrch + RouteOrch --> DashEniFwdOrch +``` -### ACL Orchagent Design Changes ### #### Existing Design #### @@ -123,46 +273,10 @@ The existing design has a few shortcomings 2) It follows fire and forget and doesn't keep track of the updates made to that next-hop object. This has to be fixed for the DPU to have uninterrupted traffic flow after an event which triggers an update of next-hop object 3) ACL Orchagent doesn't support matching on INNER_SRC_MAC and INNER_DST_MAC -**Proposed design when Nexthop is programmed** - -

Proposed ACL Orchagent Redirect Flow

- -**Proposed design when Tunnel NH or NHG is programmed** - -

Proposed ACL Orchagent Redirect Flow

### ACL Configuration ### -**ACL Table Type and ACL Table Configuration** - { - "ACL_TABLE_TYPE": { - "ENI": { - "MATCHES": [ - "TUNNEL_VNI", - "DST_IP", - "DST_IPV6", - "INNER_SRC_MAC", - "INNER_DST_MAC", - ], - "ACTIONS": [ - "REDIRECT_ACTION", - ], - "BIND_POINTS": [ - "PORT" - ] - } - }, - "ACL_TABLE": { - "ENI": { - "STAGE": "INGRESS", - "TYPE": "ENI", - "PORTS": [ - "" - ] - } - } - } **Example: ACL Rule for Inbound Traffic and Local DPU** @@ -287,4 +401,8 @@ No Changes here. - Add individual test cases which verify next hop forwarding - Add individual test cases to verify tunnel next hop forwarding regardless of HA availability -## Open/Action items - if any ## \ No newline at end of file +## Open/Action items - if any ## + +- Will there be a packet coming to T1 which doesn't host its ENI? Theoretically possible if all the T1's in a cluster share the same VIP + +![Case for Tunnel NHG](./images/case_for_tunnel_nhg.png) \ No newline at end of file diff --git a/doc/smart-switch/high-availability/images/new_acl_redirect_flow.svg b/doc/smart-switch/high-availability/images/new_acl_redirect_flow.svg deleted file mode 100644 index 20e4b1afb9..0000000000 --- a/doc/smart-switch/high-availability/images/new_acl_redirect_flow.svg +++ /dev/null @@ -1,13 +0,0 @@ - - - - - - - - ACL_RULE with REDIRECT = nexthopWait until redirect object is foundProgram ACL Rule with REDIRECT=oidAPPL/CONF DBNextHop RemoveACL Orchagent SAI/SDKRoute Orchagent Delete ACL RuleNextHop Object Remove Re-create ACL Rule with new oidNextHop Object CreateNextHop Create \ No newline at end of file diff --git a/doc/smart-switch/high-availability/images/old_acl_redirect_flow.svg b/doc/smart-switch/high-availability/images/old_acl_redirect_flow.svg deleted file mode 100644 index 99d699b0f9..0000000000 --- a/doc/smart-switch/high-availability/images/old_acl_redirect_flow.svg +++ /dev/null @@ -1,13 +0,0 @@ - - - - - - - - ACL_RULE with REDIRECT = {port lag, nexthop, nexthop group}Wait until redirect object is foundProgram ACL Rule with REDIRECT=oidAPPL/CONF DBNextHop Object UpdateACL Orchagent SAI/SDKVNet/Route Orch \ No newline at end of file diff --git a/doc/smart-switch/high-availability/images/tunn_term_problem.png b/doc/smart-switch/high-availability/images/tunn_term_problem.png new file mode 100644 index 0000000000000000000000000000000000000000..18a3b39d0d604266079bee3296d7f789b010279d GIT binary patch literal 23812 zcmZ_0by(F+^9KyaBaI$PN~Ajujgp5FkOt}QJSa+v2uJBuI;2~=kyZf(q(d5|q!Fa^ z-J|#YJiq6?-uDkLxz2ZYXLojHc6R178>*qEK!`_$hk=1XsH7;Tg@JJmj)8$`fP)2o zdD9K+1pi?^)l!hbDC@tyhJitcp(H2$(93iy4R^*xyXEsYBBhzf@}y~6{P*$Fv`Gos zT#}z?1%<^aHVh$Q^2_<^L4{8C3}lTmF>6$h)U+H(Dc1#Yhjb`Ez0a5*zp9+=kxxv)`2OfF?NXqli8U5X8?b%EW&>W``ca?vV8O%vFBR~C z&eZ6Yj_xug%`SyCmU*__w&&xcuYv(#=15{UwFs05jAn+$8`DMg`$a;Duad)UUgaYAP^) z{6vob^k;t>hY1Y>L)r`7F$G+@UNf7XVr5xHrCWbk`%DgFcbL&iiwp-rCkd&0k{x6B z-e;@r>Qb}RQlF-V%KF1)J{cY4FEh=F!6cPdce&7{aB=K4%E|DJ(gv^U9JM}&bwlNy zE;OyOB7AR@jMuo}@duzcP7ttVa3$+8%pVZ}JtvEME&oOKro<9Y^DmkDg)q)WLXnw@ zr=w3$+FwKwh}%|1f$O)~uA{enP!`a-Llw^$-`pQnMY!7{A)ea2*Ks)jcfb~FTZgRQay>gt5bwP3m{xL=lgb@8}F zjOYh<=*t?#kH5d#{=yjT#+v3fOqw~SYt(1*q?@_#n$uluqskvO)j`s+;^=kWz@;-4 z4NxBkD`!Ls$0NF;y0eLB;6w!M*H{6wk#;&8f2TkT%wfqb+5vNATEK5tXS zBbK=xO6Fj&me(vm{#4QOM*%~%T^^Kgi_M=zO+WwLH~Z+tZ|eF!;pzSR%}JDfz60d^ zrz)0M^a7b(YC7~7C{toY^ZszjLp%tqP^NvpDLdmgk7r4Yg5rSvyfSTP_`t-x2qRyt z=cKLTVHVdPf#8h=Qm2cFi9?WrFs#4{+DcwMTlqyFk|-_W!f_KVjKM%)Bm_BhUSdG^ za3_{uvzW@v+h>^N?D4_i0?B>p5e;!rbM*@^+Auya6|3i7j27;4q zSV!;Ie21-%ZN;Cb6bZ2Tp(i#u8ff~CO#WU)L@Y{Z{)dEOEZ8*HRtaAo`O-dA*-ESe zTJ#Atpv<2w5`sQcZQnj?-?D2?CW3diVX;`R^rulTT}X5~$*7=J-<1T>+<}yO049AN z>kkcof4-{zWOs<`o&}f@e(AM80&L0X?-kl-8AlF*B{7(Da{c}}pnh1MWKX##nZVz7 zZC5Kux3b~)O5an%G)?p6atZ-U^vu{~F~FBwu7JhnIIA_hPnRoWKTc?*JxW)Gw~W&G zY*ua$DbTw6olVcrl-AFsh}Xt#3>{^;=;hmLKn4&HVu86J zBmiFz9y0+|%Cv!8I%tF>Ec_a{yGY>q9fckB9Ko^9ZYrOGqz1ASD8}Qi*=HE^SC}3IGa^RvWaC7Cujh!0Q8J$x#8*OpE zrb~z^>6h7TMmq%Y6@lIP56@ABxU2dGQFo)J0!UkJA(xjFBz&i|^x6XUF|RP7+020J z<8Gw4L5J7&Z@hjaEjDZ^uB9@*cHiV@$iFw2OMr>ffi}g#X>81YtOr3HMnOE`=&y&= z5ZD(W16daTKL#0fjPr$C`e^LW= zGfZxMI;Gt8rgtdi%}ZGfh!xs~-vNv6fDUH|sveUtGGpRAWcdDQ@7s}vLR9ss0WR}R zAOa|$Sx`rcurJQY_mUBrq^SKCzJiPwqTAMaIK-4dIU+F@m<7W%?)*Kr5Z9ng)=Ad(7+gw# zucd%oO<3yJ|2@Cn0RlSRySJfO2!!PCxB7w@vfA=!VKW zqF*8li;VMch`!u{aFYxky_jqERw{G;^@vh(5-cbX*eSdm1_tPzd?O5&ld5l}{)SN^)Tq<2jv z2z)f~aQ5Rd7V^py@=RgJteD0U_IP0C)KIstRj1TXrEQ-2QIB?CgM0#7Pnq6Vw2Qzw zW(}$A_Mp38kOEsx@^5=@#>orLyybwZD5T6GY?T^JaGvXdFP6H0lOfhT6axd*k9*8; zKk!FuQopJUCfy)4IB4dQV!{a0FtTk{x&2RN>BJ$Id5JT$Wa++aL{Lj0tf51Wag-2t z$fXH40Sql(fSD6MPOV^>?kR8u2*6Ohn+SHg?=Wsb z$X|g5v*k?(XUi=J3W1Z9O2K1^q6o13SBYV_0iz$YWFh{VF-)8|`pj3VONL#oN&KTB z_^7);oEB=R^McS^01Ww_0iBpp*Y9Lk8$itiaNq|jg~&Pzf-{g^qGuF z^^u|N=A=abT3R+R&1_zhz=%+cVs1WzaP(33cLzzp!d1qzOFocPkddDkzY-z4j&^-s z!;&O?JQl`_+t;iG@o)mv!SJn-Z1jJZj{zYhQk*Ax72<#+*e#RE0+yJ9h(VtRf7q}~ zjOgfa5_=%Y1wL3zrcV7!jW-Bk*zx_r{ii5|K2T?i$ydWrHH44hesrS2_n_=QJ|PQ} zIfE_GP?G$PMIfnZpq=|LQ>iJ*FLk1kpy&TMbLib6QnND|569?mjZ$EDd3;{*aXoup{%Uw8g*b5fbme6+3E5aUJN-SWKLl zHTeFzRCe+|-=q9PDQ-Lq?RO)+3jyD7BIJlRSlex44+NOy|0C9e|9Ci3Y>>;{&uc>1ob08!G!?UB~k*wn&A=rMAneJM7h_Ub_gL4(| zs(_lyKpPnIVJr;N=2*a2iOl{6Js-O@JIQa?|JL+dVh`E}@kfY*Ml5%XG>6eT@Uikb zb5XLtuCZV>^M{W%u|l7i@BNu!VIUxd)^IG~tMk)YY3uwu@sCXH94bj3Sr2~z%Mf5k z@&Njer2)qKvBFmbp?WPoFtw!j<>mhE@|Ua1fE7Gzu_Aw&{Er}OB!MmGycy zNLo3_CF}jSxe{cCXoSgR_(mEy;oR^wTPdOEK1PSrkEH6aF3)6f0XyEdn_Zpi9fg~n zf1G``QM&y`;f||QN#*^$9d>o^2TMXZ$FRbT_RY!aSh<7C5ueu>D0(nwg6=7a!s61p z)nhC7shR2FYdKnh(j;EMUz+(Tb>;1OzWce!XQ#!JDx5jdcsR{#A=G6tQsj;xBgajY zAZowc`t&xDtQaL8W=F3E7mc@s0Wx&PpOhBDi1XHMSZVv$r<>}MvsTd(F=GkSkJ@HU z+=k@0S*1>t_KvPD=C9m~ORDe)fD1^98Ksx6MDPZ9t0B74CHc z`RCP5#|z=JH^er-Cz!oBDVn$`b^f?&;mI_z{yk%~`0!T4VpIiC`TM{U4+;jMcZtbK z!B|h2^}e%s*bP(|6m;eF-0Nm#-R9jy7UR76j3wVLM}R#^(6jlfm}|l2F-yTmwB~(e z&5S26?K1Y9b>9vkQG0CU^4{h+FhAgrRu0|;lC~Jq{dc>I$S3BLGJZ$pHL2Wj|bZfY}X#5e*`$#Y+_UM2apgB-$={bO{98h)nx z%*^@hY?U>xbJQP<8?hd>!+^GQ<38q}Tq01)LLXr+CpU#Xw~>@3YejdVcqF`f{3g2I zU}fYlqC$YuNMg#VNHSUmC;@w#Z}QB9!w9L#e6PRqTYml%SW<|;8r8IID)Q}N>-nmJ zR0^pNX8 zq?ZX0XE*s5{wEJ=6q^V6ZVVnjqy%z!+ig%FD_yOnpF+HU%hfA1bBT{Z-KabEBh!F`^V`eMe`#f2O&-k-z2I3vYWKp_BRbuMF`5S@`6y zbm#Bc1q5Or<$q(wLe`I#i_((@26vr?Hw-VrsoyHG!TvG9w;+w*wNT1DP9KyQ$iOMi z@p7>;8M?{DC%iNw`iDLS1vNu^e%xx=~?(d$?cQsiZ*HXcFn=MG~4Syw(+ zJu?{i`M%_MU?5qbz?monxPPQf{vqr*VfMAaOpQjl>EliX#!@jU*6`|6BwQ46L!U!h zA6I1j9LUI!8|t=L3<#FOx)d-SG zG`pdy=5bAlcxgZP$lN*^xZakITc@SlLWuZCvMku2*g!mzuu@Ms8JDD^fwQ)P_9y5p zAqG5Vmn`1GLmrQ2YBmhsNXX45rVt}CO(C~Sjo}0I1wmevRR^C(O|CK6VmaJ~;bi!~ ze?EC9LSLjOSiNzUcv|xdm(iUq7m`M)}Q`fYfXX5;{$E17QoYB&OmDeFFWQ_ zpXEa}cx2=h+n06No}ajU>c9W5G0v9F;4Al$F-R@Pm!Au|E*!QJ_1T zX@3Y;gm?&+<0ZO_iGSY1a;VeA%cFF3B44ZfV3S&!4_qB(p71x{)7f8Hy&hVJT{%iZbzSVWy6Gi z#Ivu$EZ>tQUj|0O1&$kY)hqqZ@ctV&Z>@Vn&#z ztD^?|hK)B=oQA7v4w`SkD|=0QmnILxJf=_LEr#kFLK0gI;!c4ul)@_Fm3=JebqznL zv5?_Tgk`2}=USh>_^3UO@EiSZc5Nv;tHi(XsfLlAq5KB5jCkAZEwVYAEkOr~)UV~Z zO?pHDk~utjPl@2Mb-L;3kQ3N;Il1a3~i&pF&sXLLVAtta1Ej4fuK37OaLVK-k;!f!;`=ks~W-smOPu2wEH5jF^@ zNnrX7gk8)WC9lm<$K$EV(P7nF_I;U7Q`9ve%#<<0O|yPIy<+}68*60Y)1t2B6seCp zUgWJ^ot_>RiTw&(>bA>M0}qE!LhgeLc@ONgmMJM4!}|*y4SH+V%UT=UJ=9`HEn@6? zAG5d!K&uW*j$OM6H#sU%VRd~@`(oL2KjKA&B`dL3^SZ4;lmyf$7k5}93C%iGD0 z;TD`b2vpG&XIguvW!p;(*V^AT^H6 z=@RQRi)fVOM2DJ{mWj;UqOEII>o5__REL9Eg?*FCrjVXPtJvW$#N5UUqU>W08AsQh zXN1-i*0zQq&`~bJHt=T3j;9_EUjwM>hHNwRf$^ zNg)=Lj$D%6q|@7p`r}q=d85rHMTsv0U1BZ70rn14Q@J-$ z>(F6NE8#4|M1KdJ=7~+!1iyEED-&Gy?$)1tWAIsnoz66c)ZuHVyHmHlYHTR|WSE#l z66@C0C1LjA{-?K$P!6K%b4XPZ7GE4e1#@($z${CLq9tb|$;;ljImvuiJ(L%vrEopv z6OCSv<88~nz*yJG(yihAXysa^SBoYwcD;nR&8aS{>5ESt3#vH23R|tOdj}Wq~xYy;YGP$ENb(bdBC5UB$+vKoxR5fXz zj+YYiENZH$sHBPGqYeM1_|{A=5*Bno#QRNs1DnbGUC>l#xD@_78;0LM?95HZ%MgpRY_R;=+uNB9? z7Gnu-8aNHyk?rj!=WDiWtZemrW==*u%3xZOlPu(vpq*2w_1fiEXDp|{(C!4sVT@tH z@VkdBWj$b3%dLm4<8aihDdmi zDyys_Lp#E;=tS!csBLxptCAJeTYlgjUlV`sM;)ZPCx9c!ZLY7HI|QyFK(pS3`(>L) zurgSh;Dli8G!AXGOQA}>u3YpibRISo%1SqkUR^&>xB5Q#>hvVWk`H2IC-2-Aw&lZ_ zfdA(}y8E-dks?}?HDT?kuC=`oA55dkWr|P?>qbtG{bB@vS$2F!xD;dffFQZ#2*$UjvkY`({OT| z>br;5I%sU`;|4soFp9UC)%VtR0f)K?MBcdTU7X^YA)DAlNeu14erkJeqVa;HaI3F9 zB&X2H#9`NxI{I#K%eWJECH)Fttm7EM|h+&U=$nIgPq zNA%q!WtPX8zc!?mjoI|8O$13-k1xIN5v^$Nlg%K~roNFC=TE*v%!bvkPB8*GdY5IZ znBCF-840Ut=9w75Il|K-5+7c-{$_sI8ixGzX z)B{%f*LVCmN|ksx-sWEr<-ZurYr(Aj8w|>gqRt-!MH7C)wlo+BJk#D?wIX z=-BYL&ySY#-9>S0tjUN%rv~C z4*hB+M+CPqy0uF`2*EV-QdyYFi&FEfblY91A-9U!Ynt&z zJ@32~-Lts1h%4%1$6R2%Lg9%pmt&WD?>E%Ybykgzv_V^&Mi{fa)7RF-?A#D+Oq>Wt za~}sHjGEXa+)?j}PlMN0N;%;niAim`aS~9-;$gk@mI>}8GyX2IOn5c{h>0NPqm^{c ziu`7_ZuuF}=v!Y5L zgC-Sn$E3*dUWc;I6LCQL7<$TM>I`#qUm2~sth?Gzzco2Ew_zi}KK#;Nkuz5QD1v;d zV!(Xab;z>!m8_%6#g15#r_a#R}-)P*{ObWO6i}fjMqvZ-N}!sjg_i}T>-GUNjCb_%C9I*!*caYmIg3&R!Dygkwqa4C)4?HFpD!Ua>? zXzELizeZLlMp0eMl@JIT)O93-3&W^WfM=2!lE7dlvT!Vbbd+)r*mqXN`3PLBU>hY6 z*k<9C+vRr-*Y;ujj!)8rF;}qY=fWveXZX!7tTvqd1I^3z-_!|G2z-n7iJw@?vv*SC zE5Cc%=GZzlHggf~%7g=jVgUiGUxN7VBK!QO8Lz*vzF1IP3-;VOM^7}QdTU+K~-=dO0 zlztE=fWh?nkL*^RSEJ(6ngykMb9$^_POlPg49k$jRogtb`Bf!j`}U@z zF3oS#yNeChlim-TcI|rO^8H{4y_dIkhjofs&2aXE5ksg4u|kK@WwZ+yNa4D{lEyjI zvvT+4sF~cf;{4Le{2Rqorw15^Cdfu#(k&9a@Wj``o5fEqZL{g$wr9fA*PVm%p1La8 z#njfA)y9Ucy)WqWYTcU9JXEymSiI{@*C^K+EC?>W=8r9IBeQj zMe6sMdfr2x7rCX1dpFo;z|y>S?UaJ<`YW`HAI5V{wQpQPg5%O_ulwHI->Y1{67C7{ za(Kn>jmVsbHg10&iw+dzo6f6MZ7(E{HAeMVK3eRfZw#~9tq6R@a?}cDn@tRtCFdDW zavq$@J>9Az>FZ4;?_Uh~>aLcilqz5wlGv=<^Ak7#cTm~a;+x&xz36|}>-OX_)KGTU zp7NW=sAP(%L*bN1lUEt{Zg%4`x0)QgX^^P>5w#N=HBHkogzs_s$;YAa`vP{zz9frR zJcg3qGMQ#j85lf*6~Ivl-L;>Mi{QJ8rG@Qmy{SKHa#Xj0G>R;AW>!8w(vSURH&ZMe zqo1K2JiJt8<7`~Q{RLT4dX@x(SJo2u;G=$l*ldN87xWITRgo`)OMy}0+OFPC2mY(P zWV2o2*#Mb!^PuK+!JZpPuAisgzkLbTsHF|)V5}$}ySiX;%)4c^gY{DPv2RS4=7Nr; z3!PZ^O*jU5#NKO|;j4-;tkZCyl9wHQXdiwP$luiuiUCpc92~b3Q-x+XfxD5*)9rIp zE>jBdPUXY}_73=rh8;^x0-fZm1el>XNE5h>)YIWx$EDab&0h8NI$G8VD@VRfybDA zp0@KRo;xi^EDOtdaNi=ag%HM=20XvZ-x;&ibHA`W2PBSEmd`+7bMoS>?doiFN3?MH zBR>4?smXv#W#_H#cnAm@8y0zdI6L4o_J}r~>vE+nbN-$&%pxYf<2~>c9lVR}Q+b}d zW#jP0R@CeB$8T+y?ni)D_r+dfo604VQR^bjj^fm-z=7v00^2nsYEN&1sM;QDZI-}* z_(*BPLRk0CGmo>a`i!uvTviEoC50{RleHuMtTj)+@(z3frb$)&UH*cvo@H+up8epe z>>%zgQT&$GheC|d=zrtt24D&MbVRDJZlkbH7ui}b>O!!*?ebauMp;uM?fG|XZNJvl z?C_cO;_`HY0B&Q~PO@!-foBP4o$wcL2xJa!CDP29rCrOx_)`#nb=ljH#-@q$HvX03RJO*`@ckvb&jSi2iZf}X4~S^1Uhb#uJpbJC zJ8kD{P1~^63-#vMCd}fd25OE3sKdiuHcFwpW6t%br!<~3 zu2Y#07lYw1cEbfadO3?8A5qfc(Inv-3NVNyq{Bu76!Y1{5J)Eq5l1r~;W0-%GWO^hmr}N^ukM-BRTl)uPKxYoM zyalI5)@UxIF9w$!1+$bmBk~)l%+4>5+SI$KZ<${1C9-bcSAVe=J6mE^(ka$8ueAC0<95t#380vQ0Vxk#z)<;@`AYqIt$Xp?E2)pvSng*03Sec*NOSF? z+-|>i^DWA3+fnNL$IaNfrSj(0ohOe3zdkZj8 zm7Feg+KL@cIh8vs*nrFizDJOC$h9x;5}6`N;Ep1D)MF|WgCeaz1|)`ewYyM4{6Bg;5qMR~9fO!2ID| z2DiSbL7lef3VUw1wx6>lPq@QwwuC_=N&gJl{MF@Av>Rt{56Q09lF|Oa-Po|i63Q4Z z*BrvfjvALe;R(jFY4nr}>4~Bp;WO{kcO&fXmev`(_NzRP@ZF6`CmKrhEv+3-d3L|d z?ipq&P?znSe#fu0#i}z6YO4E1o$hlc(!L9|HEUL6a!Q^!Qq?Uepp0R_+|>#ob_K58 zYaBOj)2~mnR*^q)Smcq}?2lqpHicSWPd7>p-e%@GN0kd-Df`>An0+uFV@mIOA351n zS~yDtKL{g#pQs$C-vAh$29iK^f(W&+(7o zSseV*tU{zVxY~A-d zVm+Xys7JWfA;Gw}JgfgTooU#ki6b)(+LJE|Ge&cJx9Wk>R7)GQqzR^lOE6|@i@7;Q zTn~+|Z`nc$wC+a(ToAvqtpGK^j0KCGEX5X>-rajTj&)Vz<-JHfpLDEZ^h@u_-m_ax z)rhNl*L_w_xc99eXpBWPV&qzu>&bMGv#OvD5u8e|`BxxZMb}vJ==}h5YWl@d@ErSE zf@|qxn-^bP|eXNbnk5gzoAgAGKE$F`Of3!QNO~u*Q4o#Snij%|Ms# zY1`K`L8oQ;ofq@hjd%ParBs^jU!K1o@O9zG<(9ri7dR#mLoqtOI_}cnvzW# zEK(waD_ny^$AK!4yr;cbRZ#wcJQWM~y0>2F;9_A*lSMa5roOcbpH$C$xm=XGv`QJM zR>K=&r(K-sdU)rgWSyy+0TrLf5ElaOQ2}z9YbcG_1?ER!n{Q?ucd*)S>J9buf@6Y{ zRfHD*fpR+S6a0}RS)Q+=6!%%M+PJ9`T$iQOd)KjOOwL3jBl0hOBlPTfIr z!xx`hy_5z*?60K>4;xgFE1ZVIE1f_FEOrn}%*b2Q_@s?v$8{lZb2lL*k$)DBh8@Ci z1SMdOTFq=o5-iS=3YjOlmAV7S`xof6FB*0j^P!lQ$&}QrK+Xo)p=XTj7{_ZJu72*U zQE(AghiUwI$q~ZS^0U+I1Ki1OrfZ!DZZN~Fv3!}B&Q$A>J0>JXId*isJ2K3X)tp(g zc6By?^8t znP)7e*u1K;tzoAKgO7EDtBnt)lV1hg6mxZ+Nlye$p3ju#7h)07I*rSsJ&`fTaNP%P zx3iJ&zOFMnQ{Lq^9c6dOM}oZc1KayO0q>{@dY68DMmAn6HsnDY)CKxM8!1cb!`_BZ z(Z44YA9W;n4SlV{O7Q5;0_V(fC86p<~e->}$!1!H3oMunc$dh~croLb!Lga()%q z(wF*{lTydh9}RdM>h}1HyegHn4x34x&2-K;M$%NC1<9qoM84I<&W=<~X;BO(M`qqY zi}`~5VG+MTT>YD2Q*&Wg;)V|m%?U&48xtaUZ#Fr4B zUG_CzZ==#4+Wc6{B1YDsY)}jX-XMiSrt+?(9&a2Gys_JuM0bsD=f;-wphI3=N_hj7 z*cTm>o$FijgLmb8V1GPirSts)Db=WNN9v5R#g#LCHGF0y?;f1tn;m}~ZN2S{u?nM~ zo_>6J@{_grM0oH3-cT}p3Xb98C6YY>9SKUeuo<4FO@1ArNi`pX8kzh`|3d}#+T z;+yBMmik_=5-XcE-v(XPuH3TXu8WNek5UplDcT6f=^$(9CG_&1(y*GIR4KZhq(G@NUy{ z&f9KbEK4VqK^m#?VJhpzHz^uYL5D*AOODtAn%p;@a_&Dyx*AF0E5xySl(ZUi1fioP zTgnxL+Iv!C=~!tnhR%{PN@SxJj%!dreBy$ORZ6EQz%=BigxK=BiDyRf93EAYCKG8Y zFeJkLuHToDFBo5a?(3v?d9p?<_Jp<~&vz?F%ed*bwt&afgqaYX>ARRk0NcsrgqVbp z8R!e>~zWt8#sD`Ls-*X3n zw*jxCy19slt8J#@ig?!|6vwnD!s706swKXPdS|l&hNk0!m>e?79vFXd!pv$m``t6S z|5K-qQ_v(IHXQw+xv(NdXB=U6RZo*b3P*m+>pu_j8VK(TiMyBDrnZumALxZU#*YqH zQpjgI?J^wg@!z45tyt3dOy)3s!~MzK@<>M0Jsj^0M$;+_!rEAi`%Fy|HQthbfIhJa zwkEJ#{&7@tI#hVp4eMI231)Kc5sk>t}o(tEdz9thEZA7&d ztA!+IB`-~zrrma&-gws+3x}R6W^TO5bs$foK#td{%2;&u7^`=LCxkZc-&|e_cHSLc z+B0EGQ*68)lDMfRe}r4J+}4NBGx`X7`6a+vHEt_V=&3y76t0%+aFrjg$3jN~yx0W2 zWz4oX;U?jUbs|i`a~C&Hk`zquPA=s2T@z}&;}&pvk^3ACIYE`3z2P9&S^35>N6}!d zUQc5c`PqBIGjA=t!iUu~;C0Zxm+X4u$WE1y?L846va&U`&H?u?TjjlV>T|GF5_I=L z9>&e#I^?F^YSjy!J=@{)%2)VH?lxK7I^@ekz%mdj0h697Jj%PILtgzpU~}gEQ|#Fr z5%T2J_)T}*2o9RmTj&Q_A@uu|w-O}MRRl^32SgvcqR#t5t zz0um)P!}0l3n?6OwF-Kx#XDp@Pt<}Tcxg*u{rINa=XTHPdtd9s?bH6vKpKwic zw6q+>XUv@;ME8PyQQ3n@+>%lBIB4yQ%GsJ}6CRT7SJoNRO>ninO* z6;EaV!l5vyTo_(O-mRVXuu;P8o>7n&yQRr)nW0bPGiZ2 z*Ks^21VN>TCACxXB!CxCaCmnR!vhTh(D%Iw+tudRN0MKB(gzlqzx(L#o75!5W3igP z6C5bPw4Q6P{?hLG(BNE+P2v|fzkZpPLV7pr>u)#qy(zDTv+MS!5kq!+P9tgr9m-;F zyRSohnR(rIW9FQ+yZRkODzX~-6D>%6jHg+6Nr#4$yoPq|sVW40RSY)?qxO!15#P=p z$gqU|gB|}tLec2;Ch%M$HK$8g_0g-(O0ReC5#zsn$jmKRAR4rPBNmu$NiwR)l2q(uT z_@p_65TvkK5gB6D@)5+m#$RU2A4N-P8hV^hz=;K%UU@lu__zp-pt2hqBQe^mO?_ch zh-Uy${+RB(Asbp>LI6&O*CK8jOQk)R_5KJszaEX*(yh!zocdXh)TZ4o>RAx+T1YUk zrK|@ru_kmm5qInH0!^ax-e$1ZzN>*_NMcn7M;9%#xi!Xh+}Euh{A6!-^>2dU;xlu( zcjz*siama+OE%0L)>95kCc}sICGjCTdM0CO&(@1vmgDudD>`)tsD`xO(k$fNEe^H1 z;hS%5>CXhC0SFg2mK=aK4?|bm-0Sl8Nb(Fy;~Edv`DNlcJ7xl6OD-U6^h9i{Cf3L% zUS}rS@7xL;oIl?;Z8vhBG#PK&^`($K6zk_CU`<>hO1ZqZkaxR0)as^den;@(C)&%w zKUgw!ATNm-_rEx1bZJ6&z1rNIVWb%8>ErB)PI9x&n$xPqD6vLXi8Uqd$1V*&uQm1zOue78}jaze5s5*PoxnpaC)&kw`uU$tiRy#QO>XyP&1i3DM_ZEWDE@^ZpU>PR2u z=vXoQ<5eJlhAdA@lVMsd!j^AMuN8m_!lr5G>b@AAM8>GQ43l4IwJMMpZ`q78bU-Om zCf1EZ^tv2tK=Wa3xvFRqi1_LwlMCP9dO@+PML|Xc4rVmw-?8r_ zRD}{wapkqFFZcE0Xnw~72#U3(+wVRRPu91OUm97zk$)#$e8SG6=!CV-9PH%~g-iU5E0f@=_kPp2AH~N(WJ|gRSBMp>>y? z%C)D&%$eDA<4>g{bZ1@x;jrN8rvnnRd5NYe#v0xLb=j1cVE9h7A|-vPH6aBNrG&LR zEWW69FOH0NeCRk$g^l5U>I#Vb!0WqNQkl+71gVL`yx46>8T5c~7DYs1gL2B5E*8gY z-mIxB%-i7RSZnS8>MiWaq*14H@W7 z9Y5$lV$gxAB!p<%jf|}{iETH0LN>1D<5D1VeNIO*($6D+?J5mOr}~47mIUc_|M^_TU;h5(ah=#{_z zq#SP9D88px@ItZ1Ufv!=V$&GFX_B=Ijk~_UOlPG*iX#V#82H~0F-dmt<;KSH190>ssuUs$QO_;XIA@Z}{7B+qCt3`qzj z5>5cHW4;wezDcjhEAUD$d@ z>EvxUY@%Onrb%Bbfh{m2ax|FG;JFU`3m@_O;k&I#f+l7)s{)~XJZ3iw2pIrUU!Ik@ zGM+}v(IC+N$)qR9MLdzZIvJP+#jM{G^esa}*S|*0$Q>JcQ|u1o+47?hkI=<0LZwoz zt9uw(*-#=bc_nw+o4dm;gfH2ppH0?>CYJ@@dG=-P`JqyvGVdVU7kyAAL4^Y#l|WH? znfATv2rz#ynaAf5)VeG%m^S{n^Sq3h-+iYVw{@7b!UHJo)SDPOD3&}B5Q3+@{T`!_ z^^QgeU%5#+hI*|9(})$xlh~zjs$Rb`ekNL__SHx^KP1tRHwFh3$)LN8oSo_ESWW+W zB&A1*J>m6n=G*CG|8`zO*%#bI@RNv;H`47=RGPGB#ez1%7X_VRHa0Y5M>QR@=V-ui z^ssEE6PQ97_n^z=N~;Se-(?crBk|0ZCebvV4_&t|f3MsacZvK`iVGUC6y9J`P3^0Q zVwg2pLZ0g>Skc6Xl95R3*cxEHlz8XJV4BTO9vFyt3{2gJN>lqFp71VMKPLS;ny zUd(>{V<0~HijHz9w|+(Y+9-|-LtjqkPuQvy82SpSLP$Tz1pbP3Q=*2rffcJC07M0P5h+10r85P<()$Nv`9N_VfYmMHNAax1gEpRHT+H9Uf@L z_EnCa9tJR`$`$!p=CIWWAkhN*)&!_afRWyx?;3?cRMGy9Qeq7~j1@F{>ya}G3qh+O zo`9wz4ixMtaft&P1ymH2=ByD&P|9Xr0SXuOd_n>LEhg z?dCXzv>%Ypyes+H|CZf=lC?~9@#kMy2n8snK>|eiFZ38U!5CK1mA=%Uhx2}ZBH&Wg zwMSe5t-ir z!4_e7{40b5q@+3SeiwK|0HFzJ|HaY#(>@HCB+@K7P?Z4+c{`Muoy9@Dju%wlJL?{x zBMFuU@ZvCg^oIX2VIM$yg09hrq>wB8_BZxrQT$R*LxdY+TR< zuw9|Org66*XqPC!o~#Fo+6JT>t0G%E-M|% z?8b7S;H3wMPF$9}F}UEXV(iMK0%-+ehJFI0l!#4KY}gR>1=Ns-0D)%ac&e$7QzMhP zI$`nCYII{`7^)LgTk9b(v4npQHjX;@H zL1zoPrsz7k@ps`#Ymy@nH1)L>1ulQN*wM_>Sx&Q)2L*2T13|KF?Be*dlt;PG?8Z!X zI8Tb)NcA^UpHg(zsNjyz0!hZIuBrF(QpSrrWL4=pGt3G4A0>X?8*t?;YgnjJKtmIn zQe7Im(WzX|aIUH^U)<0+Sk~Jj6XvgEHbWkwwU&Yv{kT95Fc>LF8g%w^Hd176^~F)s z{CnWhPK6$cZj>y7_aeHPtRf}$@4zd3=tA4NsGOK~o=CCXY&p8xn!n`sHjBnHw1_SK zj;^m0vi%Y!=6Cu02;A8|wQSnJQ%{f8{Z3=iI03%Wx9>g)WSo4pb_VHFaSQ8Kg8_~` z;6!btpUwPaF+P6`{35jf+|!pP=4qXBH1F3YhJLj|+3ZvcT|Xq~)Pc&2@(OMLPPIhq zKB@@4lY_28GsMnn!L>_sPcQ;^m|1W+l6uk(|B>B1 z`hop&Asn8bjLyWFdafkfHG)L>fCO-d)E92QIR3E>Qm#}6YI)wjK47zM2d}+8DiM8$ z23>>}YI$uK&9C#c>}wsRA2olb0a@Z??-$FQX0B+2#O!@)WL#Xl1}%^eUoItFh%9sF zhnnrE-e;@?@k%rYt$@yKR`8va=8O^P9j%tdgBuc?6`$VD#mawDHr*pWsx9|Lax`}F zQa@_0MAy5`-0|6b(>$+my(K*Un@iKyiX=#VL`BqtD+)77R;$>L1S6NV7a+G7_1rd` zyY4aV>0mH1U+fL<0Y{bn$$=N+rH$+F(1ndkmwI=%YDQujZ301Un3zRzWpEc=z$ws- zb*oAJ2bcaPGV%-v0UX1zV*oaJ`y6HVJLOx$)%n1c%EQ*Sy*-d~8}bDLrEaS+{K~Vm z1brn-vJVjk~OglGP{aI`%;9QIGlVAxgUA=j#j4-HiA^>44Izs50KQ) zU~*NLJh46kAc`pmkCn(r&#m_AOA<5EwSyDB;R@N#q_akNt-VJT-GLec`&dL^Wt=) zTkMnE>9!I;qljW?(v%tyfk+iWrS~L&G!yDalU|h2At0Tg z(jy>UIw)Pi2&nWTT@VD6CZLF+O1~4|=l!00f8YE|GG}JaoH?`iUVH6@f!EyGemoWh zqce4_GqS%~cRFI`VDY+vO*m`Q?}#qpgmx~ha zVB6;M{?q+2{NdPqKf4adPbz4yh&^HTypt*IO@Zvc6e%1!f`Z1L8x`-D@CxG>wfdL* zHsVWW5kYTT<)40NN zmu{fYngFtp9-UwQl|b~&?3E=aj)po!s{2jE5#&yZUN)_K>}pt4n8sUi#ue->H1)j* zPzfr5sk`%iUEz2`p-ZCj;ke^zQ#ZS{!0+-?ApLgKVyY6@rt(kCSLgs`v%HFiGj9cd z3eYd3cDzoe6sQJmWXvGpJ6VA5(k~POSKG?^Xv#Af2D=Uuk*WXFa_aWiY4T$qTjOq4 zM6Ac|0`cCW0-Dr0sq8i%{HMqAX!iDQmo7R+;!%{#mMR%Z3Iut-Y#u2ov4ne(;R!;dn$=@7tKau3WWO*uvm(}wZ2ev}owVyvbxPYP zEqfuH>7h@~V~YXd&9$_&Kg+uKbm*l%DF^j$e*FQ{ae*jOXPeHxwmMG2u8m;F@5$?# zkD=>(`n1_G%U55c=;H{h^Ex5r#GUUYqgjl)H^tLR2G^^MiH4_eLvz~`$tU}%fmNoX z2fokKWB_5^c_^8EJW_N!<@Md343#o^I~9HMIt7Mu1z20xSIeXXY+Hg=V#dBTK~#nh z)B{b9EC0f#=L8KUWl4#;VaV3!*MKpJA*xT*xjyq9tkK}~3<&xyalKLFP(_F(0(l<+ zvPvBy!&u=q;HEtJIgTV1=O-}e6+K6*^R~>ynHZ6ZspIJ~?B$xk(XZQ3vk*h1kf(k% zAN^=fWD|&Cq{Ct<=S$Xs@b#Nq5|zMk!JCWjS;bZhSOD)&2UN8J8#xEe$BH{o$7OtA zbu4#64z+W4WZvw8`I^5;V$*cbefP0|9l(V{h8s*wA?+%CNN^SbmU-Glfy&ZY)|fM^ z?)n2fwD8zT|Ryt0JiWmen+m11CI*oM9VU><|bf8;BM}pV#)z;WcZ@i z-Bkcv4IjaY)qt2)#h}BR0@nLVf1DujW0!&Rxb+I^cem3OtF(r9?HzMc)juE3JF8}M z=8>gTaJ+mfnlt6%XUC#U^;md7hx3Q#cHaA@!+*Yy+dM%TONkgVBku1=5G7`6T3ZP; zQLDNMW07dgFip|9jRe7Hc*5{0CN5Bt8`F_+c|Nsh*y?m2@RX!J)O|9nBQ*ktK)}+9 z?mpkJy$?O9j#FNk=>h^K0&?B^adw6kBnMh`j*Y`U@9rK;zXa}q5&=+)!Z#^1>5|0c z2qRnX?w1KU;>XMVpO|V@-4gdli`mYhZkV*oLVb^J#_n%1NTd+w-J_yD<&}tMfRx81_iz(7KDHM_V=ZGKWqVe!n?Ox zPSRAo>M^S3#*qbQ=HQD%vDs=+$SiPFl8(|om3h;;D67PP(}#$vILYZ?9Zd{n&vH`9 zQ3tLa`+o`(hgPD^vNw-LS0eP!lX09m1j5h15!sH~~8HE9?+1=Tzj}xK=57R9P6?G% zgUS22y(}zxOjElka{VVrtS3xZ615z6jfxzWbqeTLU}ul2-j`ytdu17i5w`;}L>$tZ#Kd}bQvC)@1${{+q*HksPP3k;EL6FMm%!<^2VV$oN zIyQOVfj#U0nat-3Q)1yD!=7V=m}v4SaYKjM{gOnwdXhLl3zK>#JXO%5X|n(!kTJd` z_9@0R_zyVwvs~Ov;@>pj*R%o0;f?u%o*6y1&ZMZ+ckoJnqpE?DH7Y5y$+t_+6}j89 zug2K9er+&UVcF`JhnyT%FbkG00Kzvig5IhA&+}h|^Fe-Iw$+!x+g;%{pD<#7K#@K( zAuZ{M&0sPYdA@Dnk9Y7Xtv!G(xIb@+<}_B9`YT zR&XAj+%LaZ(@Mxn=^$)xYR5UwGLjSTeYRK7AW8MSB99#Q-NU%)&9xFfdcHc8kQ3#5 zd&M%sWUroTMgbBq(yh~&Bz^)zG<=Np^8?XEQhTMDEA4_=QMwj9aw1M^#-M!C*XKkH8rw0zaCu7Yq9yOe)uLX*3mfLw9)ncm~7iQ z9(DnXvH^1r){uaet-|#mnG+Ud3A>1 zV@)oQ^Y$DBv;bmPHdOFkTeCCBeKz{M8iel=fR5YJWdpD!%fd5vB`MtNREG)^n6c{J2b#@J)p zQi+kqT0b8%wXq3WY&HyS_86#=91!Izc|GC+X7hz`AMayq6ku$x#xGtUzsBb;$K58oha3NG`twfVK<(dNJ{ zvaZ{!w4+oq{;ba2FLHcpzqH{HSh+YDqLEI`Cok?z^w7|duX0imc1k~My|R-L(d67X z)CEIKP#++U*AZGW_my^ZokmXvnK%Fbc~2n#n}Q@Q@z(-jk1m7kDUg8Zy4!P33wHj| zhatc~#B*>Ftp}@U!2^GT>_LUCBLctCp?gw~h!9sv(8bn|(aO&r4y-l4 z<)!yzdN4TtX+lxd^o;j+EjfV)^utb((+w;xx-o9KV~6f@52rf-bZ>tD+LN0CsTTgr z^EoH{bZu8Lb+uCG5*3F6zU;_$O?+^EkF=qCWbXAIvuDLuAn$hk5`AO1H2ceE*Z0!q zFM&YInATn+LEUGFAzeVv%SHb#$zeuquR6=V?Ao)D(a%fknuo(JMi zjJl+LwJC8fFEHYOt7R0Kd%1-AI!?3913vc!p^0~!FJ=t^WKj%6)(T{j`DsEe7=+~N z0bck1iy;IkM1m%@rot5AAZrSW)rC!FhV(K1Z6f7PcRxgN4a&4?zynJ;4O$A{YY784vUZy3?Qrf6cQH3b(Md=yH`F)x z9cWVk94BqQISRO;rbx|9dyYEK5&X=Xb5%aptmmO`?%V&<2w*T2#IPMW8v{3ipVJQ2 zBzXk-+xTi-goJVDq!8DF)&e5zv8SlQwUw<}Xhv8$K|mg1Y)$u)bWM-VgOInvpa~G4 z0e*0?78n~Y(7C~|bUsvK?o6u={wEs6J-|*CIBKebQfB}XT8xN^jl7JHrvcjOaXQ&k z10iBjn`~gq*ymAY@Bn%?D&*jf^te_2s)q|2#iMr}IG&!Sji@L26|O0YXV3V>WW(By_^)qovoo9Z1_Egcc6C`i+bziiHeI ztW-1f%wtu-pHn9kbD*Ks`{v2^xhbq_wvMl&Pe)US1~dNNr#i`gST7AgXbzfQQFAey z@}^p)XE(VSSVAQ<_=y&NN~CZ*7j5cLG3ZlEC(QAPShsc-*m0aRy*T8rWuRe)o6yw& zn`Tcpr@K_AB!%^{)K5HLUL>FrwyfC#(48VQDF%^gvRczISJgTN@nk5LOBMPlv*;t1 z&h^bOUY7l2LAathjmwsiWd0@{-|JaikhO zj}^@UJemrGI8wPK>e&mA4?Zm`)57;+ETK$6f8Q(=hmrp?y^`qI!i?v_$I6cF!p z2n(4K6zo5DSkCwPGim0e-+G8*0F6}Pz)nD7K&Cc<)!1@E^4bk0kX(}CaLSBZ4H#_4 zQgnnu8&5yof2vA2elWEg4{-T`+feYXy^;*pE5B=o?)Z3PEfMH zbe(F_@+vE?p~R^=ocU?+aJs8ST2k83Fn{gA!|~(2%hlvF;H)UlA1uVk!)_f0EQI?3 zDW4EUDhRtx@r?N3>{`^7-?I9kvlGy9>!_nKZ71`wazhq`we?Xk`@F|hw-XiNyoxy| zA(;1eLwz`DCIUZb9C|_XW#e<&z7`KXbAV+7F-Ku9t{2w93xY6&cIRU~>B~k3ck&%g znV2AwP}_=1jgkPfr+C>rR-oTb7;-al5{exmyQ?!1Il3`pxpX|=R-urs8+@!xabE03Wv zNZR6cg|@1K6b;AmWH3w6?br})>=Pfhdh zmFE+#-~fI-!IPtu_^^UBuGprDZ!=Bc!v z!WDbG?qoqpN~%;pwvB+hw1Vs%do)MCKNMb~kqx!wGF>91HKJ*j86{T$8Xd0H5*|li zihLc%@q4oSQA0L!1*Vuc&tW%a3<1Frib~YF{R$*S-Oh~HmbbcXr`8?*F_l}Ftf7nKvXck9zM_um|Il_v`JQ!WI@1lT$C zr)zmF4zzcvui{%$q^&q#g-^CsbLQo)E`EM;u)?HrsQ$u_{|EkADqPd}D2`@f9{J+2a)qmp7 z26=?+3*vvj{C74d0LBHm22uNWlz;wM2gYli?ZQ9ez5iYS4FMgT;M4o7Px;TyP^R_& c@3!Tb`s_|UDu^iQd;)y5)X=Igl&v2A4|aaau>b%7 literal 0 HcmV?d00001 diff --git a/doc/smart-switch/high-availability/images/tunn_term_solution.png b/doc/smart-switch/high-availability/images/tunn_term_solution.png new file mode 100644 index 0000000000000000000000000000000000000000..ea2ffc37e2450ac01a811dc88c9bb8ce9a2e04ab GIT binary patch literal 21816 zcmce;WkA$h^fpS2gwzm{B8?z1G)i}eAR&!(mo!om(jXloA)V4SgbGME(xO91w;<`= zqvxFW|K9uF`|+L+=ggV-?Y-7s>sf2>=h;L)R+GoOO?evy1qDx0K}Hh=1s#Thf~tpw z0p5At5A6Z}L4B?%FNIPya(5F2g%(9oMpDb$csCn6nMpP!{GA>ojF8-F7DA~ZBk|!@ z{Q$MB3zh6+eG(T**U#aE)MSffaw4A5B@E3k4c>(WMbP46-LoYmS(Jo02wITbm6d^( zJPH&zBTPxzUpsP(9QuWLBQ~uK=VUR>Yg9f2MXi-qHB*06o zH(m7I%HK%yz5nOCK@w6Zhf>o2<9pzxuO!Oh1P-r;!k-`h_t~Ko)qk)5Jo^9N?{RUV zEuW8gtxwxnSy`FkdH7%4`yF1WoQ59*oeoCY8Qei60Y8~`OQr&|3wrK!ezfMaHjqNx z^Ev7c+ae=sokf3Qq;XY2xwT>{f(mQIkuU#|z-V$m8G<$Z2P{%;X&u4KCoyMu?6xZ`v| z+?^!Ws4o|ly;20HkKXG~wz7KDBCX2BrZs*kKoAy!0=ZD=GLgjA3tjZxuH37r8*$5W zY|L12Y+4eM=OBAnSb>6um~GN7841=zK^lh6801Znt5He>p&jEyC1$(%X23L77L2h- zSELMUpP~-<^?h%vyxLQE=Y5Fq@epqaTTyf7WyWqBc8ayj0Sgp4dNA-Q?$moN95krS z+aSXZhr+J6R&0<9(QfTD1E-cAYX6h*y61;?=26jeOVuZ5jOoXb7{?zi?$a~fL^NYdgZrgsxUMR7ei!>oj z|6CIVqHINWI(%~GC)ZC0Lbw2U!G;*=HG2Akw9cy@|LbiNFTcH(;>$Hy;O6O9zx@vp zWW4WM_Rpo{aukPXE$HobwCT; z@SdIxD-5ktH&P_}v*7&67k1#dJZ<1X4Ppfx(hu)NiKUnC-V5=LY;}F&^MCVff_fMJ zE51Xb3%ScH%9KvD!`g&7L{GH*kD+g7IvuL6m`E=cf!Sv=tK5L_N`TbEq&_mO*GWTR zI9WvvIKM0I*)#ZK^+8wDVx^EtTk;yXOD^5w7D(J&bqExeRGHFn7`SnndodNj$_Al@ z-bd|Le&bpE1xn6`D!h;0l+$k|2PgSWnVyi5osD;N^%lYZT?skQYvv&D&8BM>Q3$Qe zeN=4H=jY=&tB7}cZWG>U5oG$vxuIg6#DejhN#DVtL0u6+mG3JITX^O=&GMPn{n;%u zF%gBhm1Z-XdbQoQ9&(W>on}MLw~={50dj_?z8NF|R(Mc;SO#0X>}_*tj}D&^(KAD@ zA@0x3!h6l1mb_PDkwK>BG;f(^l$ZnFdndeA^6rQi5v77=mvr+zoz#hnPC5jc!jB1n zVWM~YZ-HRT2%^EeJ+688M)7|3YTQFaM2(@Z|q_E zWF!uQa2P{D#in4UphQtl1r93*^RGm#Kl|Tp)&|}#TWuylBZMZ5iV#NAbMa}1c4b3W zZx3JuW}<_o;{i+8_a)B(x)Bl7Nk~I;9v9PPPB+Gb>c5}Hu9qm1f_KC5>4z&A;Td?= z$C73!+Nb;9qDene6D)t7f}+`?ZQ|WTkk4a*XHkM@*^uUmKsSOUgjTuBIjG5l<)vt8 z(YAtC_e$9^d`5ghbqRb#+cw zRz;I;2QF9=w79@zt{n+h+HX(}KD56H2rS~tKtY6&q6JG}rDu_Ingx@Gn*C=in4Gc; zbDqS%#wOF{b}_qgn473j*csvk2OxW!NvC8`L;r?=F!uYFoFbH9Z{$MO@biZu0|ONc zH#G75l^pO&bc;zvNf^Yv)NM0B7VI zABf-IA-gIM5xjFN6xfmgeG2z>MSLljap$4D1^IX%K*O?JGW1{j!?6lRBP6@|Aejzy zkBNcvRB8J${{8TVNTT~>#xq%j6D&mYj;bTFg+RJGU4oXw%!TP)iv%q@_~`wPq%GS0 zTv3jT&x7nP(i(sI!6!sqgmre)WvtH;o?vy=!1sh~6K8U>pHe*X~*fCP_N%)WGG76Zr#WJ`%7B1(|{lh0CD%g6Z|TC zG~=<@O*%vfIhE#@&8$&QN^X;Y-UX~QC9~;Xx3Bzrvf5{}76ienq#nDBjyZ{<8&4G}LF`jhNj5GyZvFvI?|%SiC4 zhB)LDoPJ~>v}&nNEm))juoCJ(J%I5K)=2DQrAN?>DetSu2m67*pFn5O=)S;qnYFl9 z=_mYW5L7HaRqzqtvm=72Aex(W7Bk6=@Q?q-HA=7{@SmZKAr}c+sQA4orqVwR(GBsp znDm>41WI>+9us(8Z|CVz@v|HV1>#>K<2YCf@{pkj%FOw)3k@_Xls&-t1v(8*6e=%0dqs`G^!FhWd=OHY@tY~_eerfoMQ8*_3npfJg50Xc`TT>=TlJ5c zEK%eNZ~vM4<0uIso(w0s?qsRH9#LeES956gK&YI9TQ93s3JIS8utIe?r6TRaU6WRW&JheW7+xohC&^a@OodPIatHt4y54beZV zw}(Y*)@nYQR1A+1r)GW(MmtCZ*2+GWSsG^DL#?y?=6^MI{J5 z59b}?BR)t&q0rHH|EBxjctQZD^ys-V{VzWOmyOYZ5PEgs!}s628#t)97N1E6npE&F zy3rel+b^iug?BpKpY>t+`<+}@G@);rkzHo=5Sljl!@fbL5+ z==j-79{J=jNw|#dsV|$OMt5>~Y7#$#^grK_Fl`19|Ea-ogI^lNU0&CqHKy9g&=6z3 zthnO8tA?8c>IE~`PXgWA?+e1ol=Q|@H8P_Ed2s_m96AQRRw7Y2f1|wQbxnWvqW!lql>#3bO+bZa{a{mS%a%4Lu)8Ifpjk0>Pp4%VU zXOz5WGw6)N9hWs57$9z}hK9KRWOf$`#Nmz{rlE3I0`22aU>R0nu*s+3By>TpX;35o z84;ZhG!7AT>9G(n)&x3P(D<=dmIpFU)qd&7HfE|M;Q4&ImMD|qRvFKwwM``RFyK{Niv2e7p3Jtyjdp_oBu1u->_`tj6<{op{1zF zcuw1QvDBWN+hVjh;`bJpnrEG<=||c=*$JEIm^XDMM)ys{rs}-8=-e?|ZqH}4&>pzg z;9WYAq17TEzL|eqs{e%tue2QIl$|}v=aIhtmFG>%-%}VJ;)73@+g@3_(|*BXkK%O9 z%DDudI=SWE#T>V5;1f7qj)kio~Kj!gnIOz z?o65GgHKKoGpP-VdNu3LE)MxCri>AjqlP%!hs+Mu%y%Eo-P`UEVQnwiPBSnos){RsiLl%Ucq5JmU%0U5Rl-GO z$W_EtEwH~MCzKmEJ<;0}jZG@91mV5^Q_zkdzh=Fw|6&fGRX$LlyW`cC7L;4Mmd7Kw z%LOal<@=Jr-K<7E;>Cga0?`}2bu}y9il;SZ54=WuyOrk!?|hgrMCbY9Q8Kr#q&SjC zcp#i4kRKAN6NrTNP*s%gM2-FzkA<>k8x9Gp!k6@h4aJ8sh`6+$>>_%WpXX5+9e=kr zHJX-L#0<8=E|A47=Ndj@_5y8l4$4QS970_ZhA!bM^5VuS9!XZhC)!<84~$=QYJ~*Z z*p@#!xQnGC-xW{vGAJXC$qSU9Y3x~Cjw-Wh3b!9pXc6fy`eB{)I+k#aEbp3-{Lt`r zvhRFQCA4532$ajx#+3s&2!e{|a23Lw<&ELftK3D#J-OE&k%n;RKYNF%QzOZN=n=}4 zjV67>ANAl?2L7jm{nWg}>AM}-(j|Ew4`di{K2Rp3qPY@s5yWYi>-1>5+ATal#WDW$ zp{UX<=ZuT^wf5rYB2pMunibwYrkDhYz+mR$KD{YgxPW{)K%RNV_uhwQ`BshCZ>%MA zrP0>KbUZ7#Q@qDd8?@`Wl?b0WnqJ26WlB%N200hy|D{dCV+kIFjP^-d+D@fC$$sB*gre;_e&ImgdhrluoE*+^7!Adwfq z1#V(4b$sFH53ES1L~+p?i5^xSyl@3}>ieX@wQMSE9b zZ)AIDMip-nnt!`=7o+zWw3!#!$wpr)J0Yu}!NUc|Zk7=`)K1wdp;{E^#1QKjZP2WI z17@X2vTf6oq~X<1*Jhf$SQdo2lZ8gWJ*vwd70#~y48Z}jKCiGa5~4!wsCm(@hSa9ezG@r8aI7R z%4KbaHrHeBsJv?PPkYTkWG0X{bS}r>UP(+N`S*xS5Vp-K|_-K{UVdpJ$)jC>^Fp%*E6hESUvP{;k(MF`QP z870zJ>Gb)lgyt?EH>3uE!&BAMaP=fJQm)ttvPBs~M0H8H$LzCL(?#{gwyTRc!HuBr zn`a(5rsYxrh5gw)f3JSwS-nk+&C8;lG8KJjPd$&G`>1yw-X*Ti9uY^Q2>BE9s2Ya+ zktA%JBo3#7dLnQPK?#0pyW#3w0>}bJBQb*vZVmIC;vUtDoAkH^mihb1L@;hSvZGOZ z4QcZ(QadlnmU+gm-w+c@e%pHa;N}pMQFf0h=^h#mek{ zxZ<&XPqZvqlq&pbJ0XXU39nc@IKp8Phz4EQlsd|xruY-L9ZXb{^jXw{fd1=IRd_m^ zzPR1f%H)Pu4Y~tuw`c{u{c_sA8aTn>VP4${2@?$i`1rm|Ow5h~)CLe1~RE zhzI)x!9N(It?($z*QebFYedN}9_^YoZPt2bcg~k3wmi>J-Coy`514FhaxEA0Nah%g zll@E@b_ypMX0Lvn=WpEIIDvNTZ-`-=OV~A;tYVk#+vVNi6poICGh2 zfJS*AhDBfK;AtL1WV4fxzUrzb_h5YYbiU?2*)tN!VLBSx8D?B7vO_ zb@Y0chjVK7=LV|4Mirk@-iE1^Tv@pL^p+1NBwRXoL!z*s(!liX)3c`eS*f}$U(Bs` z(#e~3cw=Er(M#=~0FfYn-7F^>*~`$62&MwO%d$6}87!&o4+Eg6LS$*~%r%`Ztwh`r zX>i?pIiRlkK%(%qj*c?ck7qFp&3;t3&YJpD7D>0ve0@&oH}}+>#e>a&fGTjSgPDPV zY?s*gzVVe_B01&(R{FF_OFkZahpb+G#=v0gOaew@aO3zVv=3 z!X3!N{zY|DZ<)P&_r-&bCi$;l_sc|6ur~n16w-UNw8i{=v{~1Y(Z5}tS}AET)qlmz zQPRoWG5d3<_oe|`9vq4lkAk?B6)OL&iaT}wKEksjEc0FoCv*@d-$J`)99tXm93l=%(#P??v=egab7E4B@3gxE6X4p?4ECJs z54+H}X(iOye~it}uDfuV+xnJ!H{Ozk6`U=`Nu=$2bSn#nOm@7Wnl)HZy(BO2-qaKc z`xO@LVMY7J_eaAA0bK+X=JVy-a{#dM5^0DYG?Xx|s)V-v<(pH%rmw!+YjpNk$4~Fe zPMSvJ=TiwrJl{(-aB{V;s0lal+ih6zUhKB!TM~ zgsDqjeK7h`4=Xcy2F^0qizT2N)WIE*X|NaHarUzJU;IEDIfMTYT?!*J-Y~x2(rr5) z5gy$<`yqDLvNtA8pjzcWk@R*o;Ago>ORV76S^x7v6VEKCR@@EMkUY74KnhA6T4&K%GhDkG3r=?dg>H^ZA%spCFi=!&i~Z#nVPN-LhTPCglHNM&F*}EVT*V zlO1re8A-SN`{u0ev-r(n|L+Vs*2PAu&i4biLmd1+V&9J$Xao*#yIlMs=Ct2_=BfSy zK`b8#<6$^D>-@ds{|%i+q2t7kOvz5#Ip8>JDTLI<=KM&s^pLFo7{V4d4ON0C*A-t}5^-Fx$V#1)g~g$r||V8>x>|5o%w zb>OxAS&6);-3Je%9?H)3NHYHbB%5k2vO*E2I#u6Ho$Os&m-IS}PdXoi-otJa#JhTJ zMR5kP$89B^4ob;BUPjdi-#%8htl^ZqSFKnHX}SBm{=B6#kVSaDZSs5T?avD9*i_f+ zvd&c|m?9)*Vn6WrrA$!4WK-w0W7Ary0dru$w!v~HJGM1b!zcE$P}h=j&qi(4SKg&c zahKrCgJI12@aX+3QFhnS!zW)ZrHOR}XeS#eO|I4jI~9AWQtw^PerDd2J8S+dx|lB; zO{B}fv>WELAx*PY1-ACLV%Pom{gzowOyC>)g3B+S9|hDDaI24B^J#yrmbM?)UM}wN z9uFVYL< zkMPeJ@}BP$B&oT{-*xRqyK>XL{Cd`rR?if;CL5R*jaa#N)~u1`yT)dcQE^0~+D-y9 z%C6MViab9!wo>4G`m-l`*b{!W2Ftl`d^%^HV`{Bnc2`12l+iZPTchpua*5T)UL$K> z`Yo9_@ta>m`z@)Vj%(my=TVaxGMg4Jp9bbI8lRjGq_8cK8aQZ_sF%*qkq(Hg-<=Ii@n0XXg1QH9kr{rA z6FKS|U+y?L#ZIa~V_ zxzfE~%ZJZL7-BbAE4|eI-DGiYF{gH(UYx+Jeq9sU!d}!9eQL3(^6mMo`f9f8rQEFYWA}# z)YN$yWr@JK8&ee^Eu`qj8oaqj!}5#6;IB%Z%%KEUjlzk;FW zXS`r~uAStaxhi0_-_Fx%Xz8}%f@-4umUsw<@50AP0`@Er@018DWL z+N;{ThmACSzj49ox$r*xSRu4;+NEj9lgjA6BnLs9qMxyQP4_4|&9AQfVFuS=hokqu z@>i}k$9peYj}rN%d8&vfiXJTdD$;Y~=nNN;?1wfU`*V>Ml>z zm>Kn}KqKG@4Pg@g-o){w0(d{r-W6l{-0&{PRRnMIccEbQ}3qrAtP5p)DT3blx% z@%R9~xs#nv@e?&g=K_Jld_C7)|Gw>QlV2anTAz=K3bv^59=M?&y^EUbdj7^+gTf=W zmtXct7TsBNYU%E_gF|7C<=0|8Hkj|(CFeKa-}YC}5VFLpXYKp`Ns5mnGZ&mY{ol6p z1+x-nsihft&e>E)?Nl7bG)m7lf0Ef|Jj{<=^n$NY7aj;)XUoFb4FpCxhAPZ?8GWeA z-P^&&-%&c7F7hy;Qb@;G1rFa-byl+KNh+|eU%}g> z1m@#s%opGd zkfzPFGfKxe;O00-xaIt*rt#4g5J&Xhb$g~`N-p~#EBOR}GIyE`Ha|lv$f%lYo8Ul~ z7CldWSnIncyJs*NL3YdjadPzx$V3LhEdG(c`D6O;u4^f}aVkaa^|#pz8eM;1E{p43 zCk*DE3aTp2GrSxA9Z=8RfD%+3u&SEc+ee=Dj8 zPsVeO^k$vBb^~WwP_*D8OexhUvNgw#rb(&-ic*yJKNqd0#7}GDTd17j+!XK&MTG1O zo08TSxfe#|v9tOgbOTQBQcc;47doQorW>ku6`sL=vHh~#jahgqieQRvgOn})o=7VA z5?9}9^;*L}o<qg7}SPB<~>1R&Ay~VMHoB($VSZhhR7BMWUB2N?+5K0jJP{4L{5KnNC3r14g9s7}V zKwSH#NZ)Z>De@!Te9=IK@yFEQNrY^6qSgHAa^P)(`K8c(3fU_PWYaqd_GK zzJYGk($wHxS}uOS@8eJ)Xr>Ieu`)nc7PfetS_A#;hB-OQz-C)ycxezPdOEvmzT7Tf zx7(;;l4BHbzSiINd2y-X8OkAN}44zc@1x2w3nmW|eT~DgSBM&W=|Um8ET-{x zH>$^7C^#th2msF^Z`SZ%);^+P9 zai?p2=n|5l4$hw_tlzw@SYMEs5&u@Jv|WA_P$(^{J_ z6?4?xc+I1Cq33t6`pm#?!JdbCEP$-8VLm?2?(xZ!Sc>EcREjJ3T0qGiO131QbS=we z<-_~|PmdynaZAQ!S|46Uq3#JXn6ux)!ke2-307s&F9K5(MD_}n0?FEr^>j!I-^f4*c zNsa^-qHyo5_*BWp+&{y8kfZ5g<&OR7;>bZ?n+a9hwLQOq3E$nL0(cgFSe9-zRIK`e zapr?dnwx`H-R08d0_F5-cT$_C{>W&AoNaESBY*U;r)^3qN7UPQ_y!}%B#xolHVpM8SA+b zOQi>WgTm_3T6LE~35#7UV%wnYXr)+rr_aAD^|T>gX=eU=dS=aJ?@bx@p=Qe6GjL#H zL-@L{2}atG*R_6fn$Y zJ(;6BS2gCIA=THZi;xYQuBgShxR~>_(}dR>r3vMbtvrGWFlaIh1ZEFO591sXm07Zo z{n>NQAY}K}EJcLO-dj|xMAbW*XWt#MUx`Q)k^1^0BF*7xjVI4gghkUUft6#gM;k2T z9xh<73grssyd=~yuBF1*pP4pZJm8{VzI z5BL1C?o}`-DSr=B>=jZKm%ANMFf3L_Luz{i{n+6m0cWq*qS8>syl;H)$#6EIb?;Z( zR%kkfzCy?DbpO)@V_nC$Kcq|}Agz1ynV!L$?}l3&67_VkMn4x-Q>vx^pV0; zIhVsGA`1qCz5DmH+}}zV+$_MqNnLwB=EORA1x_unR-(=wd#t{g-_^D7w}&|08Ftyib$~tww zC5kS4#_;bUo-L;o5q!M&#+y)za>59&bX%=+a4%zRaYwtkNchh0QtqZs&IPg2@U8?b z_oetyPx5DJjgIEx(rG`-j~tkXbul>;W>N~7b&XD9B%{de6>cY$2kTd`u4|LkwS?~M z>^MyAc0F~ksd>LGDPOVdzl9e}M~Ib2Q$w+qk&(f&%u1;{x9XBbZ0c|OnX-ACnrgCn z@^nmpA))f*+GZsp3Oo}vriSj^ z*p!mJ^_(riv)8Kx2T_L0>->~1YDzk%jTl9aU)o2k=b9%m4)uJRmhfvG3<_~KUrfA| z^>CD~C!hQfMOK~*GlPilE9+ZJ?>&H}dXOca3E#PV*)v9ZmGPR>YEX*Y-TkNNDv~2R zfwX3NQ|P)qk3GaZ(O=RXAm&NJh?T`ip6sZb7*+UT-D%)op>}#%Kbq6Qf5L#d>_1>V zC%3tq?L0c+*BQ%Gza)SGGoGODO??q9kY9_z>gPZ1HtVrDBHwB7YBTUlk3@rmQET&8 zp*z?jS*(2zd9CaDkECrG2< zxV^)^B!mh{1K-4j%kR<+rP3K^+O@CZ1V02)1;l&ah6=f^Wfqzc8*ZiX$g~H;4E87) zf(Pt82h_TxfwYy|Q{trC|^;3sc4H$I+94WMH2RS$5SZ$Uepz_)&j7MzEa zZ%x-umE)rwF^`kyIh%*rZi6#g4R1cndH3{sTegvF5TnO{jUMJ*$A*#v$>d-{rScN( zW27{gQg9Ej*0+HUfh4G#2`s`>q$Eea0&Gcpb?(OD0PMUCQb@vGZ-E=k0_L92 z#hY@1^^59Y4ZjhP?7s@Ydr0YqggF=`Hjl|1O9p6LiNZ48Ra?Xmek$S?LReDzE&{QE z3Q~L>49<-w!H6o-@qW_xgKSEz=(?5pofd&6nuInNUrzaJjjR-FP`EN^0?@z{Z_&zn z_k%N@?W$(PZLeu<-4@VVj5&5*p8{2SQ+sJo=dK-=G zc&6$u;0H8bte#+y)3nCn7OGol!KX-8!TR12@u=9PL-BOl_36TBCD_Kj%QpsXic@v_ zsZxMA*pa-^dDg0OV@zsTyxjyr6b2L_X{$vbMv{60tSJI2gp6=w!?V4b&-eBQ*s9$> zgT0nQU%g_`@Y(LT9K8N>=6y+8q*i)EMJ%H}dF5a|nUhtRwue zcP~Gh(+!-}d9umsb-eH)l8_+eClKD@qPK69T56H&9!z9X<}y>pSmlOd0VyPt#r9(X ztWZEo5Ou`1a(?%iG5X=T?0;r4y;kxrPD$XXDPv0R5q_>JA|lPx_LvV#28fx6GCq`Y zLhOL(sgz=)tG4ZYJ!=US^X@m!mQ|vrA8-9y}g((9cRXMUyKzxB?C;W&tQL)^CQhS2+=G(o154Xsg(FsIcw5q^{%~F!0Y0+&^ zW|3s6*%|$r6g8&xUd=5j_{nFTWD>M?q@pvspM?wZ5>P+b19!8@)<5FFhVa5FM7e%s zd%ZQVuWS&4!EV`vgT$w(S_KN_=INT*xg7;$IF^Cr(qj7T4q248BRI_)P1(d$wGiaw&6&Vk?T`_3;0Lm1!c(wZ7vf~%IgXfkmg9!0^MX9 zR*cFWx-nYd^$-`oRQ^kSU#s^R(d9L_5QUOm7I?ww0C>zA#XMetx(c?UymzJWJp%^8 zZK>IGaY%@o9%lDoGD-_Ipzc5@Np1fJGGDp&8U%7}%!pu&00(T){|~T!Uq{n`a0kiS zibn`0wYDerSoPq-+QeSVTDOI9d2s_ zt3wh*kO}bH|0j4*RAo4N+qMr;6s_>D*t%Mv86^IW&u4$$i{yL*G z{@A2Z!XyI^wWAog6^shj8@DS$3l)u;__6rMofn_wY`z_0O=9HAB{CtHh@_vWV!0!) zd))GPiyiz77=SzYRws++1G)R-wV@$gKhy9z5~Z2jhnkcWf=E^sdn4=}UYhS_0#b#h z1;D>lisQ;JDvFFgKFoQrQ8@wx;lt4o2^nAoAw^c1R4yF|iSRDZH;#mdFI_fg6@ta? z{d0jM9Ef{)AZ(hLSndEmCOCcq1d9yj^w&QOKFN3fe7pfZBN) zNc;qguAz+QH@fNdE0BCqX z)`s;WVF@^ghvNg+zTn}=rE`6cEZxP*t1zPs&XM30Df@?&0FdB85fq$-M+p zTyR>NjMT%GfUAO<*i^{NM?m*I$dwfWGj<`PDvHfQTFP3x3fiBCKhZ(lnBz%6mg9qGKipB_pc`XE?Ils2*cEW5R(T{W zob_f~>ZODR8l^$W@TzQ~G@OKK0LhO3@0LjJy#lH;(1uv5+o1>lrw*5ZfmQak6}XM} zzx)#fTp;kD3;y4JxR3Qz=E28}(-C(Pa0@M*_dl)$NrE+p zJj1w+8vGTk?8z5*a04lpu*3)s1ZN*vPqG6N!74R_`5+p_8(wwQgY}#wS`EO$1=w%t zEl?;2Zl3`#A%F51igkj#=apvlZVYMzuHF=Cz%B6q&p(x@MD*}Hu?|_7J)p$le<`5{ zyja`a3~tjLfRStn0G?$c?L`IJcF=N6kn8h=OOSw}HPSPbq;g3>!2T79CWEwNm5#Ot z$FTpxxary-Kh?|SZtN)7-$F=&hgBnU#gg+jPOuIZ3AF)xW>!|#ARD2d@e$S`kS@`` ze{t?sT($E46Ml3#VhRWvfo2_1NE%~-7A%SMMFddo;)bM1@)JKm54HpIm~M6j+iw@L z;GSr*HXuU_h9LFQ|6b*#1eN9(DW$FGFo+2*J)|-oMBp1eTR&H|rfOSk@ z!C|FwIl!+8@T$z6%Wi`lf0{Vt=}sP+b8SDf6SCBM?dJTxvi4ffux^zXzZiFl=4d3( z8dVisT2&L?(wCaR^PCZ#-pgC7)n$|Jkx9{$AlZT&leWP5388i-2`|Z?Z6p8{aa53-Iy-ch$ z-Oh{YLOXY`X&K(8trz^hnxy{sO72PwZ!i8YCc_hU50}<}KP=Iny~(BiSs~27A4!$& z1rxk5bsKK``jgY^>hN5!cQR}7)4kL81r-GsAV#;$71f{-DM1*MLc*Ne*-*A5p{;Acjecm~ zb#zw#I=WflRr>YN_f^Mn_P)EXI;ko+6lGW>>o^D-U!(javZWF4He>8p>30}y@&>;A znW;VcX9XbT&-bYJy+6-xdoH?uwxFN#y8q%2&ktr0+ineZH*QF-mY6$9&F9Qc<>Ynz zi*83G_k6nGtRC>dAJFW|Td66==L5RT4*aKMz-UZR-b;e(xq$e2N{B2W3ZAhjeNsZ8pR)=0dn{g&9C*z^tW0Pa$s zM>!WZR!{(|7s46NH1z%+w&xn}XGkAcn+P*z_TWkCR@TAHr=S#_v@)D}WOF{7=;5#; z#6L`8tG$si`l4vEOK)@IUA&r3X(J3j-y_-T}*+X@~65yFT+AaWI%&-MT{4Pyynmi_s5#DH!*mPn9@ zU7*o>g=%@j_+lc>N@su!*7^+yQLNUF??;mP81%(1ss{qNTSQXLuURI&`*hUZvm?`x zEI&?YcrVk@Py(0cJ<5mM&KExYOlgefg-D?VgZdqxdJ!NUP`_8*x$t|t$qfGJ3#ajF zdEb$fKismM%sv?08{ z+QRVu6CL<$2%{RK6Q6w^1@W=qFfnXvV=CjqOf{f}NMcK*Vg5PDJ|(Nb`F@R50}zwh`#iU4$a8q`z_m1_ZdT)F zWOrcq-?&I2UfG!lR0hD;IGiaKYBIbv{4JFlosIhTUHP?77=g zw-%Xp1}47Od9&S_NWm0ItgNpeuwzb>b@f0{?$G zl(nIsbD)j~H{r7S%HB-S8k=DFAO7rV1L7sUl2zI6Xn`EtxhHHKM?a>X-yEfN#t6&~ z{&@aIyjY0xyjJPN#&V-&)W0ez=)IOUd?O%>&S%u`>&jc8u42;D|I93IxE-`Q^I)bL zuOt2*xs96HSp1NuHfCk|R;16idz!pz4FgoE?*kV!2 z$<0jfi%L0?pAsze#(YI%zhqZ1Tg+JzCEa~Dm;2&6d~?FaR5$#juNN|V#XsMDu2P%- zthCJgbz53X^7&gP&}=_+2#kUYkXWh`zq!56pbk}~FGeS6-}9(e7KyuJY!ZzS7k8XIlp$%vUetb68HBj@jx@mv6zC%ydb}k$PU@ottB+3fK`upq;z`(5SXJeZ3k@ z7Rf5U5!abkSmr%mhdh~DJtv)&59B@Msp=r&)Yls)yt7%LXeBFN$0#ULN%}ey*?7e{ zRzBLky2H_6S0urPOUf@z@Y;La?v>f=;wOZM`Et4K{FHt663&}QwHjiyRFBwyZ?vzV zCwi~u`q4$F2M=JJaq22YhICXa%qJbzVQ0D2pPLM{W#B!WlUe2-%$e9u+_LdZKrImTsy!a`5!W<6Ci%#Kh~}xzT`A zkx^2|6W#M3MZzh*M_Ei;4mnjvM+~|A)-BD?<=`h%H$o~(gVj;_g|HNX5@oJm&%(4D zz<>!6q?~%xQPhmKPlpPXLLSQ=)Fv|-*9uW&i}P}7x#`q%FW=Q~A1A8ZrxLaujb2=4 z>|$JL$H?Wp@Gfa@3CB~X!X60Ut?+VbV=9A z_l+Gq7~%^AR&spSGg=U`CT`~=4>Dhcjsn5qZ*3x2=lQU6;uG5xJ~j*9hdxxN*K_w4 zI#*`!4il|6eZ_$kWiV-x7Rmr1=TfIBSCn$GSl2=;QxVZ4p3GCdy7^5=4d#{b^A?P#p8Y*{J;?ZFYVydvw;;^KVPO^zQaiG{yK-c90udewFU3JoAo+& z!4g2WyDmC*#^hTT2(FbM3@i(LyQF*nxe{I=Oo5)@p|IARl7`fpJo1vQy9>^k?Q1oV zhouU&0JOGd>#xcge@~qh`FAU?sJeYchr)J`)@`BW^nd1?G7|!)DT^R$Z{x@;&QG^u zYAIY`_KJPNjy3-9Fkj@wjQe0+jQ99zQGT4=o80T_On5^wnWKtz_ne)^7le_1#QbR&K#O#7dDuQfUo=q`|k(uU6;mKA%<01X{yM$pk-pQSa{L+G@Z%|la);BFd@Hcio zejY~t6`;uSgo~Su3<~cl840#~ZsIfDg@&K6y$VH`Nebkh^nK&m9#{*h>idiz;`_cD ztX!hcw7g?rOsUUQ!>j2&3??(0Qf%@TV3FT5Z8GXO*6;L!{4I6=R~6?T&-DJsan@ox zl1ayHCpPz7BAIg%nah+BQ|5lZbj-aPXO-Jxj1h9pqM1u5p`1cuxs|L;E}?du9JI(O zmr@G9&pN+;kMsL?kI(n>`R?=mzCVxe`}KOipI;uD*zeLmjmeA7#X1!SjhdB$$ir|i zOnl4kPSELBD!E3ez6jlH=cU2nSMjqQRr+OO>n7wOm7J_Y^5iR&A(RhuaJ6boH~n+c z$pU-in9?dsTwU2a`oZ?}22vSi=y%y8K3jvk^mlmy%uev7hO+YehYFpK;NDWWfl3D& zj&6#&B#dNtg6g9Fasv43jyS#1f_MZPnIal4>M&vrVoVvPAa(W^imOqs=Isp{Uz+8d zMZ;J3jbXiP--Wa?7QC9tikd!T*^H;wm&u5#*{Y=!4aeWxDt>+3t>W1J>E@fqnxLLS z>b?2Ku(^76u0)%1EfKjI^R)|90KGd)G+bgI4G|Xk*<9sEcT4uW4O~!5PwVr4lR~NO z%yM|#Bp3${)J^X>vt!B2jtR?o4g-aoMFct0O0jY8i?ST@{wEmw+`BW~p|(S?g?$4mNfVJc4BW5Pj{`n)U&> z(rh_Vo1s;hKzI3dxAuj(juzjKkBM|PM~tRCHQ|BT*5*{)K{hLtG|_50atpbSvWAlp>kc-${pjgZu? zdF$g141&K^*3(Kf#*QTzXE#!YIvA_|W=~wuWiLl31n-Y-40ASpH)nkfJ5xw1%PS+xA(J%x zt0GW^veC7TV)pzu&*5jwsmRFU7Y9lG7@d&-*TOF#H!U+Q$%|s%#SZPP{(R{@6sV^S z;P`*y;c(s)qr{uP@W&gR)PphYCpO54W>)lHn`J}^GfyRHW1GfP7gM;EmFLwgGnDEk zbRUeihTW(lA~kT#Yu@B=Duwiitf?p@S(VV7tl-sK3n)+oBnbZqt$r9J8AT8dQAla6 zg+eFQ!4T42XCZDtAS5tcy@7K_^GvDiK#3l^l{Q48ER!~ zgOG=UA&jnR+-62Bg@=MU2@M)UFw%ZjJX#f~@DvDckSuQs(+2*Q8Z^Tp1c)*QK;Qt% zchR#)EkI>GD$T><(*3YTk}xb5N)9@b8|V(iS~)Ng5Mt~|K`((;^^Y{ofdaj}1W*Tn z(3mdQb?xWWqD(XZ`qa0_y*@Ox*JxOAJ3<>yrNe9V-GDVvUNGLJqrbyhCDO@x4+IGC zawR}(H_!umT{E;*8Pbg=ob&=)aFJgNhkB?cHJl5pIg5ab*>QRpAKL|$X8>&reApTO zEui%>3QuQ*v(x1cVbZXs(3zsT2V%&GznTtWXjndYSTQo{=CD;Ev!U}&#SB6qgbe9( ztqf5$+8kFRwQKZLI$Olsr%W2We(*sD{A_*)O?Cbi;mk^ zm57j%q=;L=h83h|Gg8!7GL06DK82R@o!^K#?$8V+2hy4>&_9j){Er)%fM-;idGg5I z+?-qbHzd;u=^TnvBKsSy4;SV(J~`6YPo5}V;ZDfxH|7%HU*gU%7qh>7+w zX%dm50ip6!WKGLO$$>i~Vh|iGpZ|_+DpB7quq=#a6eoqD48kD^<{WI`_?_xlL`ZT{ zYt=w-=4g>I9WcoWm zwGA?8TJrk@t-H~d?{OAg`RYAV8k53NgCuAsQ_AZ>rW7OHxU~Je@4O2BFhU?stqV-= ziVRG6&7P2EUs$d1C*WZtIF5@i<^W!qAV*vVb*t7KuOn{p!2bh!Ez#8*5AHg^T$|n_ zA&&1I;?$@^zdD>O*(rWW*r|C777|yUE}f+_{>2hW<-CW7bg}1iC1|cbDMK#4Bdv(M z_)n4yMN1Aa*XQf@tyszc>5uaZWV3Grbc!4Hv1+k?9B6eZR8QToH5N_fSVQ}0MmW3=_a6{JCqDIDT0(>Os`2nwHK z7>@x3RundJjPvrLn#b3z=NmsQgVy&+O~0<-$$HJIUWx1ai%6!XB})ggS!d_*h)mQd z13LB&X3}Cq0i*4uGseB^2X148!(yrL%`ad6H=YlQXGUGcGw_w~YF{2^{=!QL zU1CGlOMloG#Q#|ZF9JH4zrtY>)VFEYn!2YIO1!`x8`*ODkcx=Q_s*?Ht=~u&J(2f8 zB?`8hp4103-n_e^yMB27-gsrmew*Lvas%9toDdoFG`kPA3dhIf;l)@d{>DUZ+jQf@ zNBJfo0v8cHlx@F@PdF-=-K$KPn3~*eWZZI{VZ;ACO1yce_|AtbZ7n<0l{@*D2dd{! zCOW>Tsx2rq8U*czF-r6H+~-;EQ>{o{BY{Vux4LB4K}$LvWffrK4NiUocyUgXMFG6X zc3XmH>;ARdY>WiadbghWb4do4&vv-3`LXm-*uux~m8UiLbn|qH_b5x-Gq?P#xs4qL zBh`t}KAP_8)*n56ZJW9598x4@>p;2mdfd)(19fV|>b@91vf_2HoR%U`E* zZ@wU^PWL92DA#R7&S%ntyp0Z)DX3DL{hHMIrxLSsrDMM1Ou*Tu_@jOYeQ0a8E}*|K ze8SDOqsa*4N$61PZm(ESplLgA82j(rO}ZMzOmFV|GW9@va7Ibk*Z7U{z%!=0^e}w) zCi=}vwcHZR%qxt(=T>NC)XX>R7Lx zY`%6!ZF~|kKtbA%?@<*wl=Hg6du^qy>f!Krwg|lxi_%0hyR}dnBGMqnON!Xcl2#AH4gk5XX6E|kAKY! z1*+t(Bxw*h{~nwJB!f$Xbe(_yCPEc~eKk)^U07)~J-!{FP(^HU4%Rm<{Vx0mHM1oZ literal 0 HcmV?d00001 From bb5e3448b14d4e27c1316729b1924a465cc66b70 Mon Sep 17 00:00:00 2001 From: Vivek Date: Wed, 16 Oct 2024 18:09:27 -0700 Subject: [PATCH 15/33] Add the notify observe dependency --- doc/smart-switch/high-availability/eni-based-forwarding.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/doc/smart-switch/high-availability/eni-based-forwarding.md b/doc/smart-switch/high-availability/eni-based-forwarding.md index 2bad42cb53..a0517e6739 100644 --- a/doc/smart-switch/high-availability/eni-based-forwarding.md +++ b/doc/smart-switch/high-availability/eni-based-forwarding.md @@ -242,7 +242,8 @@ flowchart LR ENI_TABLE --> DashEniFwdOrch DashEniFwdOrch --> ACL_RULE_TABLE ACL_RULE_TABLE --> AclOrch - RouteOrch --> DashEniFwdOrch + RouteOrch --> |NotifyNextHop| DashEniFwdOrch + DashEniFwdOrch --> |ObserveNextHop| RouteOrch ``` From ad760f2542d57c91f0263fcf74a7ed65276610b6 Mon Sep 17 00:00:00 2001 From: Vivek Date: Wed, 16 Oct 2024 18:57:46 -0700 Subject: [PATCH 16/33] Update WR/FR considerations --- .../high-availability/eni-based-forwarding.md | 161 +++--------------- 1 file changed, 21 insertions(+), 140 deletions(-) diff --git a/doc/smart-switch/high-availability/eni-based-forwarding.md b/doc/smart-switch/high-availability/eni-based-forwarding.md index a0517e6739..a2f9150966 100644 --- a/doc/smart-switch/high-availability/eni-based-forwarding.md +++ b/doc/smart-switch/high-availability/eni-based-forwarding.md @@ -18,10 +18,7 @@ - [Handling path loops after Tunnel decap](#handling-path-loops-after-tunnel-decap) - [Nexthop resolution](#nexthop-resolution) - [Dash ENI Forward Orch](#dash-eni-forward-orch) - - [Existing Design](#existing-design) - - [Updated Design](#Updated-design) - - [ACL Configuration](#acl-configuration) - - [Tunnel Next Hop](#tunnel-next-hop) + - [Schema Change in ACL_RULE](#schema-change-in-acl-rule) - [Warmboot and Fastboot Design Impact](#warmboot-and-fastboot-design-impact) - [Restrictions/Limitations](#restrictionslimitations) - [Testing Requirements/Design](#testing-requirementsdesign) @@ -231,8 +228,7 @@ Nexthop can be to a local DPU or a remote DPU. Orchagent must figure out if the ### Dash ENI Forward Orch ### -A new orchagent DashEniFwdOrch is added which runs on NPU to translate the requirements into ACL Rules - +A new orchagent DashEniFwdOrch is added which runs on NPU to translate the requirements into ACL Rules. ```mermaid flowchart LR @@ -240,17 +236,20 @@ flowchart LR HaMgrD --> ENI_TABLE ENI_TABLE --> DashEniFwdOrch - DashEniFwdOrch --> ACL_RULE_TABLE - ACL_RULE_TABLE --> AclOrch - RouteOrch --> |NotifyNextHop| DashEniFwdOrch - DashEniFwdOrch --> |ObserveNextHop| RouteOrch -``` + DashEniFwdOrch --> Ques1{Remote Endpoint} + DashEniFwdOrch --> |Observe| RouteOrch -#### Existing Design #### + Ques1 --> CREATE_TUNNEL_NH + RouteOrch --> |Notify Local NH| DashEniFwdOrch + DashEniFwdOrch --> AclOrch +``` -Current Design on ACL Orchagent is equipped to infer and program "REDIRECT" action for an ACL Rule. Here is the schema expected for the field +#### Schema Change in ACL_RULE #### +Current Schema for REDIRECT field in ACL_RULE_TABLE + +``` key: ACL_RULE_TABLE:table_name:rule_name redirect_action = 1*255CHAR ; redirect parameter @@ -262,148 +261,30 @@ Current Design on ACL Orchagent is equipped to infer and program "REDIRECT" acti : next-hop ip address and vrf Example: "10.0.0.2@Vrf2" : next-hop ip address and ifname Example: "10.0.0.3@Ethernet1" : next-hop group set of next-hop Example: "10.0.0.1,10.0.0.3@Ethernet1" - -**Current ACL Orchagent Redirect Flow** -

- -#### Updated Design #### - -The existing design has a few shortcomings - -1) It is not equipped to handle redirect action to a Tunnel NH or NG Group -2) It follows fire and forget and doesn't keep track of the updates made to that next-hop object. This has to be fixed for the DPU to have uninterrupted traffic flow after an event which triggers an update of next-hop object -3) ACL Orchagent doesn't support matching on INNER_SRC_MAC and INNER_DST_MAC - - -### ACL Configuration ### - - - -**Example: ACL Rule for Inbound Traffic and Local DPU** - - { - "ACL_RULE": { - "ENI|RULE_INBOUND_ENI0": { - "PRIORITY": "999", - "TUNNEL_VNI": "4000", - "DST_IP": "1.1.1.1/32", # Switch VIP - "INNER_DST_MAC": "aa:bb:cc:dd:ee:ff" - "REDIRECT": "2.2.2.2" # PA Address for local DPU - } - } - } - -**Example: ACL Rule for Outbound Traffic and Local DPU** - - { - "ACL_RULE": { - "ENI|RULE_OUTBOUND_ENI0": { - "PRIORITY": "999", - "TUNNEL_VNI": "4000", - "DST_IP": "3.3.3.3/32", - "INNER_SRC_MAC": "aa:bb:cc:11:22:33" - "REDIRECT": "2.2.2.2" # PA Address for local DPU - } - } - } - -### Tunnel Next Hop ### - -An example flow which creates a Tunnel Next Hop would be programming a VNET route with Tunnel Hop. Ref for Schema: https://github.com/sonic-net/SONiC/blob/master/doc/vxlan/Vxlan_hld.md#22-app-db - - VNET_ROUTE_TUNNEL_TABLE:{{vnet_name}}:{{prefix}} - "endpoint": {{ip_address}} - "mac_address":{{mac_address}} (OPTIONAL) - "vni": {{vni}}(OPTIONAL) - -To create a Tunnel NH or NHG, a combination of these parameters are required -- Tunnel Name -- Endpoint IP -- MAC (OPTIONAL) -- VNI (OPTIONAL) - -ACL_RULE_TABLE should be equipped to accept these new paremeters. Thus, a new table to represent the tunnel NH or NHG is added. -Key for this table should be an input to redirect_action field in the ACL_RULE_TABLE - -``` -key = "TUNNEL_NH_TABLE:nh_object_name" - -tunnel_name = STRING ; Name of the Tunnel which has the NH or NHG associated -endpoint_ip = List of IP's separated by comma ; Endpoint IP's. When there are multiple IP's it is assumed to be a next hop group -mac_address = List of MAC's separated by comma ; Inner Destination MAC's (Optional) -vni = List of VNI's separated by comma ; Next Hop Entry VNI's (Optional) -description = STRING ; Additional Information explaining the NH (Optional) ``` +This is enhanced to accept an object oid. AclOrch will verify if the object is of type SAI_OBJECT_TYPE_NEXT_HOP and only then permit the rule ``` -key: ACL_RULE_TABLE:table_name:rule_name - -redirect_action = 1*255CHAR : - : next hop for tunnel Example: npu2npu_tunnel0, this should be a key in the TUNNEL_NH_TABLE +redirect_action = 1*255CHAR : oid of type SAI_OBJECT_NEXT_HOP Example: oid:0x400000000064d ``` -**Exmaple: ACL Rule for outbound traffic and remote DPU in the same HA pair** - - { - "TUNNEL_NH_TABLE": { - "ha_tunnel_nh0":{ - "DESCRIPTION": "NH to Active NPU with ENI 1000" - "TUNNEL_NAME": "npu_tunnel", - "ENDPOINT_IP": "3.3.3.3", - "VNI": "100" - } - } - "ACL_RULE": { - "ENI|INBOUND_REMOTE_ENI1000": { - "PRIORITY": "999", - "TUNNEL_VNI": "4000", - "DST_IP": "1.1.1.1/32", - "INNER_DST_MAC": "aa:bb:cc:dd:ee:ff" - "REDIRECT": "ha_tunnel_nh0" - } - } - } +## Warmboot and Fastboot Design Impact ## -**Exmaple: ACL Rule for outbound traffic and remote DPU in a different HA pair** +DashEniFwdOrch will directly call AclOrch API's to create ACL_RULES. This it to simplify the process of reconciliation during WR/FR. - { - "TUNNEL_NH_TABLE": { - "npu2npu_tunnel_nhg0":{ - "DESCRIPTION": "NHG to HA Pair with ENI 2000" - "TUNNEL_NAME": "npu_tunnel", - "ENDPOINT_IP": "1.1.1.1,2.2.2.2", - "VNI": "200,200" - } - } - "ACL_RULE": { - "ENI|INBOUND_REMOTE_ENI2000": { - "PRIORITY": "999", - "TUNNEL_VNI": "4000", - "DST_IP": "1.1.1.1/32", - "INNER_DST_MAC": "aa:bb:cc:dd:ee:ff" - "REDIRECT": "npu2npu_tunnel_nhg0" - } - } - } +During the reconciliation phase, DashEniFwdOrch will first read all the entries in the ENI_DASH_TUNNEL_TABLE. It'll create the Tunnel NH objects or read the local NH from RouteOrch and program the exact rules to AclOrch. -## Warmboot and Fastboot Design Impact ## - -No Changes here. +ACL Rules in ASIC should be same before and after warm-reboot. ## Restrictions/Limitations ## -- HaMgrd will be writing the ACL rules to APPL_DB and so Configuration/CLI/Yang model to support TUNNEL_NH_TABLE is not in the scope of this feature -- ACL Orchagent will not perform any checks if the Tunnel NH or NHG is already created for the given parameters. This would be a problem if NH or NHG is created by VnetOrch, EVPN etc. However, this is out of scope of this feature - ## Testing Requirements/Design ## -- Migrate existing Private Link tests to use ENI Forwarding Approach. Until HaMgrd is available, test should progran ACL rules in APPL_DB -- Add individual test cases which verify next hop forwarding -- Add individual test cases to verify tunnel next hop forwarding regardless of HA availability +- Migrate existing Private Link tests to use ENI Forwarding Approach. Until HaMgrd is available, test should write to the ENI_DASH_TUNNEL_TABLE +- Add individual test cases which verify forwarding to remote endpoint. This should not require HA availability +- HA test cases should work ## Open/Action items - if any ## - Will there be a packet coming to T1 which doesn't host its ENI? Theoretically possible if all the T1's in a cluster share the same VIP - -![Case for Tunnel NHG](./images/case_for_tunnel_nhg.png) \ No newline at end of file From 8630e953432cd0faa0aa069e3169b34161fbc7c7 Mon Sep 17 00:00:00 2001 From: Vivek Date: Wed, 16 Oct 2024 19:02:26 -0700 Subject: [PATCH 17/33] Add test cases --- doc/smart-switch/high-availability/eni-based-forwarding.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/smart-switch/high-availability/eni-based-forwarding.md b/doc/smart-switch/high-availability/eni-based-forwarding.md index a2f9150966..b47a1b26e0 100644 --- a/doc/smart-switch/high-availability/eni-based-forwarding.md +++ b/doc/smart-switch/high-availability/eni-based-forwarding.md @@ -283,7 +283,7 @@ ACL Rules in ASIC should be same before and after warm-reboot. - Migrate existing Private Link tests to use ENI Forwarding Approach. Until HaMgrd is available, test should write to the ENI_DASH_TUNNEL_TABLE - Add individual test cases which verify forwarding to remote endpoint. This should not require HA availability -- HA test cases should work +- HA test cases should work by just writing the expected configuration to ENI_DASH_TUNNEL_TABLE ## Open/Action items - if any ## From feb09bf7bfcadd7331be4d233380ae1a4b2f1f24 Mon Sep 17 00:00:00 2001 From: Vivek Date: Wed, 16 Oct 2024 19:13:28 -0700 Subject: [PATCH 18/33] Update eni-based-forwarding.md --- doc/smart-switch/high-availability/eni-based-forwarding.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/doc/smart-switch/high-availability/eni-based-forwarding.md b/doc/smart-switch/high-availability/eni-based-forwarding.md index b47a1b26e0..1a46195948 100644 --- a/doc/smart-switch/high-availability/eni-based-forwarding.md +++ b/doc/smart-switch/high-availability/eni-based-forwarding.md @@ -241,7 +241,8 @@ flowchart LR DashEniFwdOrch --> |Observe| RouteOrch Ques1 --> CREATE_TUNNEL_NH - RouteOrch --> |Notify Local NH| DashEniFwdOrch + CREATE_TUNNEL_NH --> |oid| DashEniFwdOrch + RouteOrch --> |Notify NH for Local Endpoint| DashEniFwdOrch DashEniFwdOrch --> AclOrch ``` @@ -266,7 +267,7 @@ Current Schema for REDIRECT field in ACL_RULE_TABLE This is enhanced to accept an object oid. AclOrch will verify if the object is of type SAI_OBJECT_TYPE_NEXT_HOP and only then permit the rule ``` -redirect_action = 1*255CHAR : oid of type SAI_OBJECT_NEXT_HOP Example: oid:0x400000000064d + redirect_action = 1*255CHAR : oid of type SAI_OBJECT_NEXT_HOP Example: oid:0x400000000064d ``` ## Warmboot and Fastboot Design Impact ## From 94493c2df23e50786bc4fba594f6b61a7ab6c1a7 Mon Sep 17 00:00:00 2001 From: Vivek Date: Thu, 17 Oct 2024 14:56:21 -0700 Subject: [PATCH 19/33] Update eni-based-forwarding.md --- .../high-availability/eni-based-forwarding.md | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/doc/smart-switch/high-availability/eni-based-forwarding.md b/doc/smart-switch/high-availability/eni-based-forwarding.md index 1a46195948..cf8eff2ec8 100644 --- a/doc/smart-switch/high-availability/eni-based-forwarding.md +++ b/doc/smart-switch/high-availability/eni-based-forwarding.md @@ -228,7 +228,9 @@ Nexthop can be to a local DPU or a remote DPU. Orchagent must figure out if the ### Dash ENI Forward Orch ### -A new orchagent DashEniFwdOrch is added which runs on NPU to translate the requirements into ACL Rules. +A new orchagent DashEniFwdOrch is added which runs on NPU to translate the requirements into ACL Rules. + +DashEniFwdOrch should infer the type of endpoint (local or remote) by parsing the DPU/vDPU table and saving the local DPU PA's in a set. ```mermaid flowchart LR @@ -244,6 +246,7 @@ flowchart LR CREATE_TUNNEL_NH --> |oid| DashEniFwdOrch RouteOrch --> |Notify NH for Local Endpoint| DashEniFwdOrch DashEniFwdOrch --> AclOrch + DPU/vDPU --> DashEniFwdOrch ``` #### Schema Change in ACL_RULE #### @@ -267,25 +270,23 @@ Current Schema for REDIRECT field in ACL_RULE_TABLE This is enhanced to accept an object oid. AclOrch will verify if the object is of type SAI_OBJECT_TYPE_NEXT_HOP and only then permit the rule ``` - redirect_action = 1*255CHAR : oid of type SAI_OBJECT_NEXT_HOP Example: oid:0x400000000064d + redirect_action = 1*255CHAR : oid of type SAI_OBJECT_NEXT_HOP Example: oid:0x400000000064d ``` ## Warmboot and Fastboot Design Impact ## -DashEniFwdOrch will directly call AclOrch API's to create ACL_RULES. This it to simplify the process of reconciliation during WR/FR. - -During the reconciliation phase, DashEniFwdOrch will first read all the entries in the ENI_DASH_TUNNEL_TABLE. It'll create the Tunnel NH objects or read the local NH from RouteOrch and program the exact rules to AclOrch. - -ACL Rules in ASIC should be same before and after warm-reboot. +No impact here ## Restrictions/Limitations ## ## Testing Requirements/Design ## - Migrate existing Private Link tests to use ENI Forwarding Approach. Until HaMgrd is available, test should write to the ENI_DASH_TUNNEL_TABLE -- Add individual test cases which verify forwarding to remote endpoint. This should not require HA availability +- Add individual test cases which verify forwarding to remote endpoint and also Tunnel Termination. This should not require HA availability - HA test cases should work by just writing the expected configuration to ENI_DASH_TUNNEL_TABLE ## Open/Action items - if any ## - Will there be a packet coming to T1 which doesn't host its ENI? Theoretically possible if all the T1's in a cluster share the same VIP +- Will the endpoint for local DPU is PA of the interface address of the DPU +- ENI_DASH_TUNNEL_TABLE schema From 512de08a33da580ef9dc29fcf5206a97d2026c30 Mon Sep 17 00:00:00 2001 From: Vivek Date: Thu, 17 Oct 2024 14:57:11 -0700 Subject: [PATCH 20/33] Remove schema definition for oid --- doc/smart-switch/high-availability/eni-based-forwarding.md | 4 ---- 1 file changed, 4 deletions(-) diff --git a/doc/smart-switch/high-availability/eni-based-forwarding.md b/doc/smart-switch/high-availability/eni-based-forwarding.md index cf8eff2ec8..41e59101f6 100644 --- a/doc/smart-switch/high-availability/eni-based-forwarding.md +++ b/doc/smart-switch/high-availability/eni-based-forwarding.md @@ -269,10 +269,6 @@ Current Schema for REDIRECT field in ACL_RULE_TABLE This is enhanced to accept an object oid. AclOrch will verify if the object is of type SAI_OBJECT_TYPE_NEXT_HOP and only then permit the rule -``` - redirect_action = 1*255CHAR : oid of type SAI_OBJECT_NEXT_HOP Example: oid:0x400000000064d -``` - ## Warmboot and Fastboot Design Impact ## No impact here From 38a58250e8b84c43b7582623aa93dfa574db0d7c Mon Sep 17 00:00:00 2001 From: Vivek Date: Fri, 18 Oct 2024 14:46:09 -0700 Subject: [PATCH 21/33] Update doc --- .../high-availability/eni-based-forwarding.md | 288 ------------------ .../images/case_for_tunnel_nhg.png | Bin 65680 -> 0 bytes 2 files changed, 288 deletions(-) delete mode 100644 doc/smart-switch/high-availability/eni-based-forwarding.md delete mode 100644 doc/smart-switch/high-availability/images/case_for_tunnel_nhg.png diff --git a/doc/smart-switch/high-availability/eni-based-forwarding.md b/doc/smart-switch/high-availability/eni-based-forwarding.md deleted file mode 100644 index 41e59101f6..0000000000 --- a/doc/smart-switch/high-availability/eni-based-forwarding.md +++ /dev/null @@ -1,288 +0,0 @@ -# SmartSwitch ENI Based Forwarding - -## Table of Content ## - -- [SmartSwitch ENI Based Forwarding](#smartswitch-eni-based-forwarding) - - [Table of Content](#table-of-content) - - [Revision](#revision) - - [Scope](#scope) - - [Definitions/Abbreviations](#definitionsabbreviations) - - [Overview](#overview) - - [Packet Flow](#packet-flow) - - [Requirements](#requirements) - - [Phase 1](#phase-1) - - [Phase 2](#phase-2) - - [Architecture Design](#architecture-design) - - [ACL Table Configuration](#acl-table-configuration) - - [ACL Rules](#acl-rules) - - [Handling path loops after Tunnel decap](#handling-path-loops-after-tunnel-decap) - - [Nexthop resolution](#nexthop-resolution) - - [Dash ENI Forward Orch](#dash-eni-forward-orch) - - [Schema Change in ACL_RULE](#schema-change-in-acl-rule) - - [Warmboot and Fastboot Design Impact](#warmboot-and-fastboot-design-impact) - - [Restrictions/Limitations](#restrictionslimitations) - - [Testing Requirements/Design](#testing-requirementsdesign) - - [System Test cases](#system-test-cases) - - [Open/Action items - if any](#openaction-items---if-any) - -## Revision ## - -| Rev | Date | Author | Change Description | -| --- | ---- | ------ | ------------------ | -| 0.1 | 10/05/2024 | Vivek Reddy Karri | Initial version | - -## Scope ## - -This document provides a high-level design for Smart Switch ENI based Packet Forwarding using ACL rules - -## Definitions/Abbreviations ## - -| Term | Meaning | -| ---- | ------------------------------------------------------- | -| NPU | Network Processing Unit | -| DPU | Data Processing Unit | -| VIP | Virtual IP | -| PA | Physical Address | -| NH | Next Hop | -| NHG | Next Hop Group | -| HA | High Availability | - -## Overview ## - -There are two possible NPU-DPU Traffic forwarding models. - -1) VIP based model - * Controller allocates VIP per DPU, which is advertised and visible from anywhere in the cloud infrastructure. - * The host has the DPU VIP as the gateway address for its traffic. - * Simple, decouples a DPU from switch. - * Costly, since you need VIP per DPU. - -2) ENI Based Forwarding - * The host has the switch VIP as the gateway address for its traffic. - * Cheaper, since only VIP per switch is needed (or even per a row of switches). ENI placement can be directed even across smart switches. - -ENI Based Forwarding is the preferred approach because of cost constraints. - -Packet Forwarding from NPU to local and remote DPU's are clearly explained in the HA HLD https://github.com/sonic-net/SONiC/blob/master/doc/smart-switch/high-availability/smart-switch-ha-hld.md#42-data-path-ha - -### Packet Flow ### - -**Case 1: Packet lands directly on NPU which has the currrent Active ENI** - -![Active ENI case](./images/active_eni.png) - -**Case 2: Packet lands NPU which has the currrent Standby ENI** - -![Active Standby ENI case](./images/active_standby_eni.png) - - -## Requirements ## - -ENI based forwarding requires the switch to understand the relationship between the packet and ENI, and ENI and DPU. - -* Each DPU is represented as a PA (public address). Unlike VIP, PA does't have to be visible from the entire cloud infrastructure -* Each ENI belongs to a certain DPU (local or remote) -* Each packet can be identified as belonging to that switch using VIP and VNI -* Forwarding can be to local DPU PA or remote DPU PA over L3 VxLAN -* Scale: - - One VIP per HA pair: [# of DPUs] * [# of ENIs per DPU] * 2 (inbound and outbound) * 2 (One with/without Tunnel Termination) - -### Phase 1 ### - -- Only HaMgrd will make decision on where to route the packet and write to ENI_DASH_TUNNEL_TABLE table -- Orchagent will only process the primary endpoint and translate the requirement into ACL Rules -- Orchagent should also program ACL Rules with Tunnel termination entries -- No BFD sessions are created to local DPU or the remote DPU. - -### Phase 2 ### - -- BFD sessions are created to local DPU or the remote DPU for faster reactivity to card level failures -- Orchagent will switch between primary and secondary endpoint based on BFD status - -## Architecture Design ## - -### ACL Table Configuration ### -``` -{ - "ACL_TABLE_TYPE": { - "ENI_REDIRECT": { - "MATCHES": [ - "TUNNEL_VNI", - "DST_IP", - "DST_IPV6", - "INNER_SRC_MAC", - "INNER_DST_MAC", - "TUNNEL_TERM" - ], - "ACTIONS": [ - "REDIRECT_ACTION", - ], - "BIND_POINTS": [ - "PORT" - ] - } - }, - "ACL_TABLE": { - "ENI": { - "STAGE": "INGRESS", - "TYPE": "ENI_REDIRECT", - "PORTS": [ - "" - ] - } - } -} -``` -### ACL Rules ### - -Assume the following ENI attributes -``` -MAC: aa:bb:cc:dd:ee:ff -TUNNEL_VNI: 4000 -VIP: 1.1.1.1/32 -``` - -**ACL Rule for outbound traffic** - -``` -{ - "ACL_RULE": { - "ENI:aa:bb:cc:ff:fe:dd:ee:ff:OUT0": { - "PRIORITY": "999", - "TUNNEL_VNI": "4000", - "DST_IP": "1.1.1.1/32", - "INNER_SRC_MAC": "aa:bb:cc:dd:ee:ff" - "REDIRECT": "" - } - } -} -``` - -**ACL Rule for inbound traffic** - -``` -{ - "ACL_RULE": { - "ENI:aa:bb:cc:ff:fe:dd:ee:ff:IN0": { - "PRIORITY": "999", - "TUNNEL_VNI": "4000", - "DST_IP": "1.1.1.1/32", - "INNER_DST_MAC": "aa:bb:cc:dd:ee:ff" - "REDIRECT": "" - } - } -} -``` - -### Handling path loops after Tunnel decap ### - -During HA failover, the HA pair will end up in a transitional state that makes it ambiguous to the switch if it is active or backup. - -When the HA failover happens, the used-to-be active becomes standby, but the used-to-be standby is still unchanged. - -This state, although brief in time, may lead to congestion, and packet drops on a switch. - -![Tunnel Termination Problem](./images/tunn_term_problem.png) - -To solve this, ACL rules with high priority are added and the redirect should always be to local nexthop - -![Tunnel Termination Solution](./images/tunn_term_solution.png) - -**ACL Rule for outbound traffic with Tunnel Termination** - -``` -{ - "ACL_RULE": { - "ENI:aa:bb:cc:ff:fe:dd:ee:ff:OUT1": { - "PRIORITY": "9999", - "TUNNEL_VNI": "4000", - "DST_IP": "1.1.1.1/32", - "INNER_SRC_MAC": "aa:bb:cc:dd:ee:ff", - "TUNN_TERM": "true", - "REDIRECT": "" - } - } -} -``` - -**ACL Rule for inbound traffic with Tunnel Termination** - -``` -{ - "ACL_RULE": { - "ENI:aa:bb:cc:ff:fe:dd:ee:ff:IN1": { - "PRIORITY": "9999", - "TUNNEL_VNI": "4000", - "DST_IP": "1.1.1.1/32", - "INNER_DST_MAC": "aa:bb:cc:dd:ee:ff", - "TUNN_TERM": "true", - "REDIRECT": "" - } - } -} -``` - -### Nexthop resolution ### - -Nexthop can be to a local DPU or a remote DPU. Orchagent must figure out if the endpoint is either local or remote and handle it accordingly - -### Dash ENI Forward Orch ### - -A new orchagent DashEniFwdOrch is added which runs on NPU to translate the requirements into ACL Rules. - -DashEniFwdOrch should infer the type of endpoint (local or remote) by parsing the DPU/vDPU table and saving the local DPU PA's in a set. - -```mermaid -flowchart LR - ENI_TABLE[ENI_DASH_TUNNEL_TABLE] - - HaMgrD --> ENI_TABLE - ENI_TABLE --> DashEniFwdOrch - - DashEniFwdOrch --> Ques1{Remote Endpoint} - DashEniFwdOrch --> |Observe| RouteOrch - - Ques1 --> CREATE_TUNNEL_NH - CREATE_TUNNEL_NH --> |oid| DashEniFwdOrch - RouteOrch --> |Notify NH for Local Endpoint| DashEniFwdOrch - DashEniFwdOrch --> AclOrch - DPU/vDPU --> DashEniFwdOrch -``` - -#### Schema Change in ACL_RULE #### - -Current Schema for REDIRECT field in ACL_RULE_TABLE - -``` - key: ACL_RULE_TABLE:table_name:rule_name - - redirect_action = 1*255CHAR ; redirect parameter - ; This parameter defines a destination for redirected packets - ; it could be: - : name of physical port. Example: "Ethernet10" - : name of LAG port Example: "PortChannel5" - : next-hop ip address (in global) Example: "10.0.0.1" - : next-hop ip address and vrf Example: "10.0.0.2@Vrf2" - : next-hop ip address and ifname Example: "10.0.0.3@Ethernet1" - : next-hop group set of next-hop Example: "10.0.0.1,10.0.0.3@Ethernet1" -``` - -This is enhanced to accept an object oid. AclOrch will verify if the object is of type SAI_OBJECT_TYPE_NEXT_HOP and only then permit the rule - -## Warmboot and Fastboot Design Impact ## - -No impact here - -## Restrictions/Limitations ## - -## Testing Requirements/Design ## - -- Migrate existing Private Link tests to use ENI Forwarding Approach. Until HaMgrd is available, test should write to the ENI_DASH_TUNNEL_TABLE -- Add individual test cases which verify forwarding to remote endpoint and also Tunnel Termination. This should not require HA availability -- HA test cases should work by just writing the expected configuration to ENI_DASH_TUNNEL_TABLE - -## Open/Action items - if any ## - -- Will there be a packet coming to T1 which doesn't host its ENI? Theoretically possible if all the T1's in a cluster share the same VIP -- Will the endpoint for local DPU is PA of the interface address of the DPU -- ENI_DASH_TUNNEL_TABLE schema diff --git a/doc/smart-switch/high-availability/images/case_for_tunnel_nhg.png b/doc/smart-switch/high-availability/images/case_for_tunnel_nhg.png deleted file mode 100644 index bf593f2f42cfd1cee1d974c79eee717aa15f085a..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 65680 zcmZ_0cOcb!{6CJY2q!aS)vavGjEuNaWMpKMhQ0U5CJmt!+1s(n-m9YGNVa1q*_2u4 z@A*FJ-uwA|KHq=t4d=YiYdq)U@pzs`>Z*zqWK3jucz6`ouKulohetSxheu#YN({eg zOfB|;|KU4pD9Yg#cAlKW!(+$0_V;Bi597sAl2>$ndj~&?h%WQq>b-UC@29Q0r?iQ@ zk8*EP*QRmu529#mTL<^unkn;$>6kaiirp#tl61dVol27-Zw-9B>L-1!Q$n(%UTABq zdaHB9GkNBRo~e0f!kWaJlAXyHp5HoRh1xht+5Pbd{?~uhMFKoYCv(k|-~F#YAukul zmlHQ8Bt*&L;s5{tlglehs&nsFuHygx6H3+}74H6j{T?rXn;g}m&G>5m`2X=p6npR# z%m4Lz*_4k2!4BHQSzgF00v1W@zPFHzSljR=YnQ72NKp@v_Sw#mJIl9pm5BK1KM$B^ zhZT~zus(u~+*L{GZOZOlNcP+R_4ulikFf&Plo=uF;TiQOT}Afe4X?2p%L;w7@*?xR zm3||kzfY>1jy*W9Kuk>@_M*Wt5pr{Tmgp9tUd{<7rT}TbbZu=8Al27+eggAM{}}%M;><*d^=ZZMGAkn6jeU;du}=clx2kgZ3Hr8$)MGjcS+VbZl!NT! zhEs|HjK#%l28)HoURH46?kUn5U#`lKN+wYeFW?GY7u6Kms8)-w;FcWE0hJx0-qUT- zE&)Q+`&@s&iju93OLl`2_kTK^j%=TQ-(!b6q${v?>)vOXCZz0<%J>5Jd1&kALNByb z7&b7uFyRw2U2ob6jlPk7g>H$_)G&zR(kN~N@5}Hw46{NbT2I3&4rn-O8@L=!dra{m ze`GRfia)Qz8+kg+dePl~47bj^^8P4(=BdAV;64M?1LP*-quJ+3_{k7UlWiarmM>I4 zp@@npat|0gh3qRs4PNhaNA3x7kGcfg9PI|-Uq@47?WfuzB3xw{a1RwOluZ>3Z#>83 z-Z96Bd(t)$>14Oel`<5V;VWhK6HTudU&Ih1HpzaSoj2_C!zrV~^G}h6^WSis$w5AU zh`<#8Wa;?FZ(py#D^n(kNWU=oKAdC6J@N`6>EwkA>cTYelt?`MlPmbRUtc7^%DYsK zx>-B(c)xvl`h(P=U%U_iTWVl&M>ZkCFpDj>UJ%k#)pGV_eF(d{tIy8+(Av`SgG;i- zCFC)91bWo$!R_4^pKrn?mCHKNpOg`w-gZq{L)N87(99k_KWqK%cUK;aOgRlaFB(U#FpjYVyw6)s3u7# ztdu^zL5}qS%`H*GHxyhf$lp-!AHt1ZA%1Lj%3s!(NcTb9_-phG@fLGfu6yZ5Z4Oj}t7CxA7c4 zQg#Up!pa;Ig&g5?!ofWBU;O;Y_E4PiO$Y82p+Yb4-}B+#M*0GYEClp1$QH_JCrHxu zt=4$q>Fmh_yGBu;9MJ=~*KHh!HAYCPDZo=s5$(#Hc&(=P7Xt(CSYB|zBZ!$Qf1gnn zTvDvV$OG7&mVv)KV=mwIJ=`;PgQ!-1Z@C=Va-xVDa;-|#-{qb=^WOYK!`YP77@ zPx&!BTvHVK~46Jf8uZKR(Z`hs}J=k44ho$K| z*j^|amRQKYL(X4y>y)eC-o}92xX;!Q{Mx>qxAgic*IeolRtTBZ8!O{7HxrY6w{z-O zKk{tu@2u1=#F+Sc8r*xSov$3jZ@YZ($#4J8C+VGh+xm_EiY__wkp8_7=aL5v?CbB@ zH||wn#K!O2UAk%Hs%>!p$Gbb_Ay1eznJ2=-*sxB9m=(Je+|wK*xju3sWyinE ziHAtN38hj*w-W5fJ`7n+iYs6{!C{g&D^<{cag)k4!pjj=)Hy!8v5Yat5|p@FT4pXSPF-ecG1?KRXekEFAFd88f2Otd9PbDN4{hjowFl zO{Gi+H_M&adh(FqHBV7pwmH3*nFzruWJ4=1q@iMlT&hWuySTY{PBB`9cYZiWbD&4Y9g->_^ zZcJwPgtK`o(^eVt0zC0yrw&(a>NHSw;_kz$c> zdAO+aJ+Pg>wgaQlvnUb5sxMKC5gi`Pj4_tbF&Z=b6?ggPdXHM0*G*m0t@o!R2JuNw zPAoUhBzfClL6jjvBw$PJQ9~>ypxcyNsCl3OXSq_P47k{A_NPUbS>vH z0@FF<9}GISvFNz4)0GrdV6FJS9%GeFV^<4E+6>q9pB7M)+IX>4`bpX@HoH}|U9|kZ zX6YNV&V;#5M{*u4kBWCzjs=a^(neOwN1o9d*V6O|X)NZ_TBt)@LDrcRth=g$vV;KC zXVqpe>E`n{vozVt|5|^?U{dyu-k<~HuX!M%tRjTnz4ztqql&do$=dPfZ;E_3^4`m! zOgR$7cpSm9?2WKYddC^Qsy2~NzVb}0O+~-K8I=eI`AB-DI?Zonzzuxy%@B z0x`C?_b!#xy86N-@mP6WY&N^fPKKp`Fp;kQgE^K5#hX~`;lkSG`AzNNyHP5Jqh8-2 z09c#&{>n5c%t`a_B%iF?%w`R-_bPNB4?aqBJ8|8sjm5o6{*thex)7muT|Ehv#4Nic z`0;Sv`_;i)K@^4-XrGNn7q+wBH8mVuEUenN`%8kzT9L(7YvI9x zu?ejU*UxSa{C&Z>uTg3hc|{FazMfuc6*~I|3GPLOLw*N)qXOlBm3eP1+u4_Yh&orB znYxd%gLS(M&>4j1#yY88`VnkEnR|XsRXtJKr)KWfBiDXCvM(n3CI+M-T9idyl$fwpPMMhmO z>ai6Z;^0NncMkK{^;KakZ)0+qj~)Jg!(_qlBrOX5SMKP_6I5`TZ^oz3N5>o zLxaAYw3_Ah^2W+VJZekNyB;n~BZH+ON-*4Xd&; z%Oa#UUy<{_krV%9HPIBXIncN-vigab;j1Qi<nBRHX ze(A_vW<+xFPtHX^#IB+MC5f^%-wnzyF^KyMV^BFO( z^H7l99j79?t$#K*g1bEK$MIud)))VZX*ipw6_0hX2#mh544Gp&{c+`|I5V`RO{e%& zSig1IUz(v}y!Gqd1?SR|Jia{2Vl;avCr;#ny`vg>A&f<`LS@E9JviD;R7`A`-oWNK z_Qzjx;(RfEm+82%I{f*Z_j?*_$yn=yIMc4k?JVytyEi(=cq&`L3H#}~L&h7PXbwux z{kC?I7HYe?6hL>|qh2&9lqgKeb+fAJfW*->%t0gw^Rihucd1R)sIW zhrZR|^(q}>&v$(I+DAJ**5);3#mqWh^#?Kb7DmYI50?2EWO5`huxNwC;|)FrY7Bj*WHS3d(-VC*hrrCZa>p91uu;p62YW>Z+w)6w zXa}W@c@~M81ZQkrq+@h?t{*zV>9OQXEp!w;kA(Q;ojS|vC8P#(A8`yNe^Q^OuD;Xy zLC1T+^IX>U_>3G!!n}GSgUNkIYoA=@z57tH>HDn&)2KQq2XOs@>b-sZRnHyVR<}t} zEq!f?XrzO92B!J!Zv_ET{v!qb_{XNpy4hMqz64N^Rnbz;O$0xpIak5a{ak}cDsFUI z##W1At^vx#ZXyrxmAr!Te*JF7*;x++RyRsM3^oJ(b5`Wl0~WYCP)jhGG<-)M^Gw=E>;t?I&j8Mjn$P{AC8_ ziLP=cL5;i90&Y-fRK4LWOQ_KO>|{t3ATifFT&sc~8(62v=2KSgW6TnV5p|hW7qjl< z84LU5IMrIcxznC-(Rn0Hth~)W)mn7Sj_n+oj{+ zpAVsUWO%~0o;I=CBfRYVmFi3PV8iOh@L0~RrL|8oVoRnKZ>g1aLn&Dv-z->gi7>My zdLq5Gw>56i7S1BS@N+(|$YwHxfpTvI+Kj2de3OIif&K=co$A70kd_SV_wOaw%svrl zDDF&@4DHujbgsF))aM-JN>A`g#5!7XT6j>J$O6gjJ8Hg8y{@Kba#d;+8%it&3XMM3 zJoh5WKDP&#G{<&YA8Gg5yH3DQPtS+1696ir4%=A2Ou^ca!ZiQ-z+fbr#C)O8Imc#1 z)R~2VR5;1sZ^&0!S$WDelJz&VLk;og#W6w*lKFNC_8rb*I5gs}@QLs6E#W7OcOD#Z zIL)u7(&H^>fReps2N2vC8Dcch=%0r0%50v5G)RY`HfC7d#LW0w&%V8*w;YN==kWsc zQI_!h422x1WD&1&Kpt=m{>dH!tNuZJ#^#r0^p?))hflAZU{hlXm3?#cr+n3wZGEi65rt6PJ}v;767!2A;|Lt(LwHz- zqKNnr{wF()?>x=-E}xX4Z96{21dX>29IfHSWu)GNj}?Y(b=Oq^c!kP-1fOL3tM9wakJcBE^hsxY%XVW#5wKtDY?J{O~ z^}4TY;Xr(w^YQngcqVsN&v&j<;}*CNTiIYcqK{a2$C=11Mw4cFg5E)WVy9;L6RY%1 zo&qGHBHu&6XmY{cb@=q=k$?_6E5PG8X-^1-6)6`W3@Mu^@cUoiX$!P}ldo602(h-rZ+D7q6KS;Veb<-`tP9F*`m}Xy>t~R%2dam$ z8rOxJFDoCj7joxoJ(gW2+T}1bj^3W}?ZU^^UD;3IAdLn+IpM?A4cVV^80wxtk26c( z_xK_-6<9i+OV^Y$X5=>X4uH%nVbDWM^19qI_FfW^-2MJ$3DR}k!Wy*rRXY_fx!6p? zRtC;pJ3ej}Z@bv7EbvsQ{FGo7#dbRxu zf((nACP?daHaME%8;ZnSVe$O>Y_sVIm9DdMDO4H8Zp}mtgV0BhnB{j$Eb!LuuC^~h zbg7W1yqGa7-p?JZd7AW#()Q_hfTgSd4G{Ri5#)C90b@X6IC`1RF#{3R^ zdd83r$;3)dJg_QT?D415{<4N(@KqXyhoH6WJut$TzZ}Jo3#ALlf8fCSphcX{KF2CS zw(~$frLgGRG4Z}4J$nXYk5s9x5$6h|X@-RIWizC9@&U6Az&FlI1E$CF@=G3XERPNY zs!;L%b>Z}N@kZBf<-pUD9|2_RQio5W5J_-B{7RPn9sI<_dNK~+t09`M?v89~5uWR= z9_NB``HhMg@9k4-hZa7yQaHg zfu2^P({eo;E8&O-2VdVAU74fRB64ut^2}2tMZ0aAv)`N|9Ljc&Lv~&PuyBc#Zy76Y z75{SGb9p~NVbI@_o@m|wqJ*uT`tlk~0e!Gqaj_>G3?Y9<(dZ2^<>MM}j z%M+|wTj#D8kkuN3#N)RR2cPh~b3F{BT2T7y#Im`=B9#d1rXxb)dMfS5-}`*1J3`Ez zBfoX_{1LvNN1kC<1YUOBUYpO!2p8X?cj7JU?PuH877E@0pa$xAQD^TuI&MI(ipXcR z9vox*LTUd>*z!5w>$lVj;~tPi?q5z}gnNDtPW%TeMPTn>hkHGarx6Q~3dmnM%JAYx z^ne$BX60Ma6W{u7iw@AJT{0yb+8pz?-!dsac2c}6OD)+>6Rlc~^yteCJ9dCYy%{O# zT_|cClW>{s@@m&H@wq2Zzy92|?DLi7t_NNr4o^25v{uyU0f3c#1Elr3NEL7tn{eiWD|i9K4DYQ-XJph**?p%! z`O%8l5%IQhsL9>FK2yYk6UvXLU3C677%sUyyBSdXEzVlM=(Ds_g!Fc{)XrilzlY|K z$JEo&N4ZG+9W8=V%-VaSPe*>C{>x(?8}LxIMGQqJzt+1O-s@*J9k}HHmWRx0ojsW$ zgtHJXsC<=wOmqnYLSG~sEmu`6_}(wg`r=L-5tYl;3x?a@;_dVAw1q2}@Q1i=e`;Ls zt-ahRF-Zzbds#1tb$Eo+_6cYph1*r`jc7xnt z_?mXC2$KDl=Bg&?jQtaa3T+_|a+=(4(vCl_WHjgywWaj$Z!Afv0k>s^@PP)ewsCJp z{Y*wOA;CYHkgREYb7|p4uE-Q$C+e%Cr|OJszp6>hbCxD> z%pg=_Mv(76E56$2@RvPH)J@xxNznz>^s2NY0FQ(Ymfkd$R0L0XH=@zRTYhVV zq!V8n$qj*{oJL5XnO392TX=z-WA2Fo`j3eqG}>%BxUqO|y!TG4)L4}>9qfc3$f7~N5+^k)Tm>MT z5{bAkG49Oq{YYb83UX0|HM8?Cq0!V$nUe*nzz6}3A&FEq&^-SS90Qi1^u@~A@g}7W zyFZU#ST(R|&mj;h_eWuIhl}Eb-L};t7)SwbipDXpyb{KTFYi z|1J3&Oo8dWcjzo{#ce*~p=~<9_E)?830p<>9fGlOv6G}xd#^J{aHlc-+AbA8ro_JtQY~ z;FVEvv&o^rC*(%RnvRIt!~1^-HPB&kju*g0?$J!qej_Rf+GnyUwFqUVKU#qG8=3SZ zqJ&4p%^J^$CG`TJ@`3bwg!Bh-4RYk@@d$1}IJ+TtA4zxFQLxU9iM`SfZGX8fq z4K`Y%;=tuE;0pu;7nzfPY8gjg!D`dseRb@}?I}UV%#{>up3b?}DSoW83f|`0_8g0Q zn_Sh$-74n8{Z+v`95bsZkxzQ<&(LywLW^Nc#(?k9bk07FdhFg!AT*$9zj_6HpHb23 zkbGrFns%j!keTraT&cgeoCMyF%HQv%VfEz%vqrA2H6@Xl>YFCP=U^emgmpzm_c0&a zANHu>PSgt=sZTT69C@<>A>dp$MqXP4kXO+fk=1c{ii)8)7}f*l1W$sbNVfc)eN?wEIE z`%^^S*Us~zPG33W_r}Buo~oZfukNmWif=uuOFA(xW_*bei2@UUE&s=A;PjQ~rjS?# zPCE9;6>D;xgDP{IARTRNosJH3ri$Bmi{4zKNv`m;h;UoV_pWtY-fHz-Ym5xXE8L!H zfsm6TL68up&!S^>*gLRaheC4;0uJixYdj%ZD=~2znYeE)Vm|9Jw@_QXU!GL{+GQTC z8H&Es)?b)<=_vBTtNus)sRJ{ZkaNc;yp15~!Cx*Qi((}>*{RO#N@O3zdgAzY@tCq} zDbG&w%;sZ*jp-QMK1*A9iIptXAQFR_<{;~yTewE_FZL#1hokHozYBmfQ0%_+f0v0^ zTLIA^L*e$9{b_VF+7mxvYp3+AY8j)7iUPC337x(3Q%51>hWS_0x(*hbep~X6y^iTU zBxCUiOc9f1KpyguNcXvZJw7*m6UE%?2#PuBTZN&1=gq<}CxyKcAk}uRKW{62)4x-pfmhbF@+{~Ru#}Vn|{~h8;HbMIq zA=(3k$%<)3o~Fyi<4)zjiR2q@1suK74*NkTXzMJA4YlxQ>~FjlEL`~dq0jo#Aqh=d zOj}NH$?kVccO5M4!ekXh0#tUU|JEDo(#hxAI(Ret@%v66CJl=#1PPkVuGyIKFTp;|yEq%467R&UE&$ zfQbHzv2?nDGy&)Vxl$YmnFS+-H`$XSk3`?x-qR zfZ^O<;S!3AyDl`@LS|~nrx<9?5y^&6P_-K-B85A;t3|K_ueJx#h>trT4LfBIa+cdH%G@4>}bizhYgUuL+Y{9lp}Vswd=$kB>~)NlmIdv zQ-3}k`mso7{DTs$%~0!|3&BJVHMg%u_}Euf`whHnin%{ z*{Z6Ft_g;nh8Cm^3K@3%CFa~lw%rg$hdO3l>LATPlsYU^vH;-V1(Xo3vc7d?8y4v0 z!?deSQI=8KcWG!L`4@EtW$31a$8e@~<}h{r*P1c)(+Xn;_FqtuV}1iU*-&r@kiv&` zu@h_uEJDTauKbLQZcp~xo&$Z|*(WmDzhcs@e&v`o&D}9p!kHeXeYWS*6^8GWn(8w3 zMJr<~ETMh1{0Mp6kNrLL-Z| zvDtnM1XGnw(#u`Uu%_QXI4^QoVHCS<{ z30_Tv?5n0QMxn)4X8W?e&EZcH?#m}13wv+cSliiEAUH0fVyK zZS&2yG-|JwjU1YZY|Hy@mQsj~bbSL~6zfXL20XR$W-bdPD(@+-Z8!1bVpS}_-{S85&QsqOje>g1iejw;1Ykz)u zGP+^hg-ArI5%zwdVB;hJEz4sW9|1F7ggul2*3+q-WA61y^2@{1i?DbqpI*TJZGh(N zHQchPnae6P0qXqKg7nZym#)jAKHKY}pY-girx&436!YQLYWVquTyk%{X9?kZW9k5? z>Ce$bXPjUvWL?@4b=+?6_ns3OmA3c9E)*m*9~)-tG>K5vU+Nw)RP7sq&f?HxkUbuS zY<9-~DjlhCoWERw@80$h&<+++VCq6|0~G>>0k>E(bK%O@n63Ct+t2e;?CT57xD?1` z1C2N|>OQ_?mV4%gFtaUCr4{>oJHx=n+#(mKD~=z^ioGBAbPH=;R6R~kPvlOvKufm& zO|0>?n)I)?s?xvi0`9kCGg9Sf=Vnkm0-U|u8w#<(*KMrUQr??o_6@&U3#-2|NkTu0 zu%NaS8-ZIs(1aE?sLAY=ZD)DL~}304ZE#>RvhLCJxT3ay;B!hrLAMsCkpI$|By#BbK}9j zx8y>8sSPyzWs)m(J%x3vN@gt~v)mrc>#{!=+jEYbd&@+{zn$za6V}69wOQ|_2bIR; zVR?yLD_(#E^hte3liE&2x&CKz*f~Iou_3bX(SU@1{{0?@;mw>S>UjXF= z!sV5MpymxmTG{EE)ho1|03VMJ5N@LlwvLZCy_m%vQbIx^LY9*+I%gGBe~YW=QI(8U zJ@b?s*fS;$L(=Eb$yUUMx{Td-*qFP0WNG=5sgA!AalAci>~QN4(g#aHN)=nE@2nOu zJ*f9D{0TBaTsidf#}sDRK|fS9zkU;20XmOC&zZfFOMS<_n{xaZM_6JxHR3*FNBuFzoAkQ3@ZEpPzm8INO>VigM1dB>u(4mED92_nI!J`cg=)Oz zB3mdk)KR`s1jnFj%EmDwQ1UK1d7gXeNL#=$$Fa8`3y%&fhD&|r7MlLu(Bk57AQ)yH z4Wvx1CIheS#nMmM=gRz+QeNv0lkx5?Xm@8_P$tNU4ciF0KQc?3^JQr*2HyOpic#rM zS#mrUU2NUt@1cC6Uh2C`Q&3BlIQZp6kQpIA1cumZ=`371TAGmsd87HEC=qu?IRcZmDykjUE+Lhk4kxO`3tF;x;LlFE^R*MDHOz1 zJ>j;m--xzt+}o@GX-Li9k1}`T5joPWCt6#tZO2dhJeWp1j%R!=FghKKC{SF4=sK@X34uh;@Ut+XITcD6jB9FR+X(u7N%CFHzx zi*sdqOYT6Hj8|voA&4c5-|i3KOcV_u*Vu;8-OSF|iEYrioDiK@vM$W>2C3aF?Y@=u zxg4YWEk!}%%zMBz4O@xBzMWF1!snyuTkVMzGRJDFN%fu0U&W>$IpH$Vl7mi~_vQJy zU{$$OH5FdUY*)pxexBL3>>2q)S=ddEFMv(XZC3Q~R+zqd5Hgm2rikX8sxYRrCzTxG z(3Q18YH5UMi^$w&fV(XRCbymC*m+2#-rr))4ZAishwUquBN*y_3HbebQkxVg8%Icn zREH`(oS*6cIr0Cn=B~8rD6~8k*-}gvqwx}Gl%=}Ze=bOf)??D)5ESDfV<=gvUfi0+ zUw!P{B!BJckM;uy}2WVuI8EwRW(rIdH(tct;XkcsmyGh)t#Rvu3N_ zO6EWr$LLg|26MVT|9_)1i08QA{y&(e}yHMBbKF3ZJMVK{WEUdT(m0PNa{qSd5{{%dL*$lYYzm6Y@ zaQ{9^7?ZqRWX@&v!g%VwF-Jm6)$I_$LdVwlq<>H01p?*AG3em1RYF4H9X<%G{C9{A z_l+46vm~55UcC=@PrP(-m5KkqIrSOzQ%sh^a|m>!ekb6z(1Z&r$gKIsDi;c8aut;I z-ZM0zhg>-B)4pmzg&y-p6%8e1z+J+ch$S%{1+p>WBjL~kOyv(~aE9H{v+7rj-o!2C z@Z|mj6OxvZ5yqsI?7oOekMwV;T7e?PyVa67!K~%CkQ}$X_Xu#5bS1t4Y1_0>UC(U}AKL33ZT_}QmJ!f76+lL&P5Rm^wM6)ZTZPtH&$f3qv z)+VYo)9N8~Qh#11%LtcsFU1i#ibw{;h=lgUGIspyTw;Cu^<=$UaaTpwQYAr!iuiY) zgwp_4U?X9NU^h%UvO9H8lP(mN2T9DWf83vWH~$?3o@OhJ2fhpCYaK!n2q{w0%4Dqz zoc*1?(M& zH|9AvI*wLLe!tV>bUBqqdvED%>l!8MFFClCUvAB?ZNr+fdwZL`U z?t518B(0^2AA`vf{70RStN{yYsasmE3~A7^0}efu^Jhj?>4es0!QeISdibD4M7@{V z4OEW7jiTqIlfWFGk_2`7s7)0RI$FI+84$C+#V=*2hnK|L)qDUpfVp=2%CX71P6o26 z8r7te!=dDd9T(2Hvk`@f)P^S@_Uw@a0dnnXePtSEO`b+vv@JNY6X?9EdoT5kb26hr zNLGYM#_c|2ZeHrKxoFS0fQWU?>_XYVew^G+4^CE39)ih;7fmlf*-+UgQp z=$Eo43V=&m-mco-?l*|knSP*28eJ5o3z3Zbk!6kOz`Y@P zFF_+$S-V`*PCM(#F#_UF`ygTpr$+RUEi_#9--SV#>&G4Nu!ImnjEp!+Dt$Z`v6if5bi=xTn?6jV{xb-fixz(o`&xl|SH6yo>G89@} zGwY)I3h$)tyv+KNYET{a_KXDhu34?WQ!w6&YRX3$u{zS_xZ41}n+)ycc zr_4;>lK$o6&Br~)HgRX@d5;huD+Xq^Z;1`9XCrZ4HXtsr{ML`?^f8ci*_nu8j)A5= z%(i+udRc?WF8#_=tJ20~dz zKyXwW?C{%m!7Vk@F+}?;20AW_L{JK5Cc-=df;J42@#Iew4uQ6Lq%D-yE8F#3yxA;Q z-HTAOkME97(vEO-^mK?|NVR@}K5GP@Ay?jYE?65=qDh)IvIrrlc$|aN3OGqlxE0v5s)_M` z;!I}6AsXVKADuH~zzw0ih_CwVbGx&z0?+wHrr(RvU(ShjBJpCS z6VN%?;Q5jPOVfGaU@v-eWvqVG38TPZ)ElBq)=S%B`2j7LBo`{~!7&1z>xY5z|!p^!dV#A`3N%jW+UMUxFRtQqe;X$*4q5f8xRB ztw4|!!JO!|%paRXkqv%LxtH&xgUWX7Ua_>7>_f-;S@MF2bU?MGN;v$4EpD0(aT6w_ zE_mG*gDW6K7#`BJu-yONY-cZO-~W;+htWv?TQ*8n=wn^1v#GLZJxVq8nVGBQw}eU; z4OdU0!LlMOcV0fVRfw*viUuN<0B3wnTnxQ{(*GNV}n`qA7bd_Ve(UB;-5Sgv!J@NpR5eWqZwpY+c27E)$xQMbN( z_VqU*gIM=pP(40Z&%o6k0XGB0ITALlHM7$llsO_)uW3hSq@h&bNxr(AJa9b^8k3sL zq;$myx70{?!Jy4sJ-qyUvAw2Lkn8dh(9b0`$?T)0W$vbgH^6O1vaYR+=7TWyH5L8J z>WV%L2ibt*yQaSMyOxJdVKf0ZqA@HlD>rHMi(pW6xK)u9rlzOc1Y>0l`daIztm5k=nieKfd@R}qu0_~#s1GFKAsux=*V9a< zZ_OFPJ3A}CnMJ+e+M+F;j}u~E#T#$fsdD019A{LPFl zKjb`aIft3(hD=GK()^iPnb#B>uTqLB6H9PULsQC$14uYJW^R0AFzeQb`08nviIh(~ z31kMW+aRf{DpvlaaRZfEk;kV`iO693gU->?&%e0AqMstGx@GmDz}+EmfO2U(OPWiU zoJWFXBf+`T@l&scQPHgWBSe&JS9Fms#EOj0Z)bSC#-tsJ&pqpfeXk3z&fj^!Odk6| zuU&b=dp@c~vPf-Jt7}$9cnZK$w{tbz`D+48+CFjDvhTf%d;Kbeny!^ASo4J9e>$xc zeen0b=b6Sx{}WC?Hhu+QK4Vh!8~O(>Z0b?;mX_(!%JZ@hvM)ecQb}6^J+i2I=gFR; zayGrijk^l%m&*m>8#z0AcqK3{bZ!CRXBkk3cHBI>F9(7g^opsi%xzAb91F7$DB}gObL;jJV< zcqxtqGIY+jO_7vCxgt{6{Fm1eMhMNXaTC~o{H}& zAjCFj8Oh0ZHD;?iW*3Dw_oTUN!Wdpg9xn;%ZwBbq&dBPVh%K?U-g>eDbPTN;-e8sMRvHX)(JFp zG$;Rz`Xb>d1(Ap#0#)3htET}Cgm9l{`rl6fdy$?X{c3N&ddTPFpA!Tx^oFU(ML;eq zjoe53=pkF`UO-whKA6<&hc-)h06lqX!*zZ3a|I-hVSDfsVd0!fY>J@jG++|>nwm5~ zQQ8I1q5gbyWC9fUPSJ=q0xEo`0MJli5Mdkv4rnIQf+T%E{-z(4kjNyfUZd}x4FE}& zdm~nP1!f>;YY;)Zd@2GN*L!2Hxig5kQGa+B#vHL{<85xEle}`50CVSJOS~_vhAt>E z6k)rgBJj^S|8okF8u$kv&#Htk@wXErPgJOh+439Q~(L zdTx2WrQFcz!x=XKq_G*-qHG?WiFPRW<{05ZC)|eK!lXqlqeg?sOjsmVPMl6vlTSP1 zUz1t{M(Up5u{mH@g+=mP}N_eOpS zT+yCjf5^VML5)S6gXSbzm0jbWTfC@k93sN40FV{SXr5roQ&^Q|eE`Bdn@^Y4!jSsj zu42gflax6!83;7cATo_Y{aTCpb9l-ufwSqqoNS`3J7-zNF(d+xwgfou+SIv=s#U<1QFjN^sr8@7BUsca2U4Io=w8n zd+~KBqH~RgnO|lZ-@3g8lLIH^t1ubZ)j#9~Gcrj=-T;i7wh&gnxVbmr>sE8cXB4(L z>a*HE1N@q=X1(8bPqLvAuv0IP>A2AYFnDAD$TW_nvWbBF?w3TX;44;toc^ic$94Qa zp2!KnR~s{;dC2%XMHesT<#cwb8OA9UQ8-&M+Y|?IozV2poKS54YbMs5m08s075N~o zx@A^u3mO^jBQg zfd$Jj`D+YOfg@&FvuR_swrJI;(p|$Q&wWEI2FrbzmH5D6uk39@I4fYvuwAw zmX`$h?U&Sd!CNSHSPw?ZGlccdI{VkOP*GE2WgG_ySu*- z2w}7|Bk6hL=CX#&a^)vuKO(AEIOiHkjFwP`mT;+R>PxeCblmTv(?RUrmBoHtVG;{P zvn4X%4)km%g1&2_Jb^o_92pj0FVv;$z$};8#K+r2=z}K;J!n9h4=|&#LvAI zzm-7gr6Xt!n~S+4bo|_e+UzwjU|$=#4h`4Tr#nxHKt(T6m8z^ng_m=l0XO-Ii{VTl zwJJ<~5Y-9!iJpj9O7M2!-guqwT}QSmC`OwQ#qth}fR0=j4^iiitM1FwDe6b5wqK+x z&aohdnKrJlp0EmN+1|&+#f@ASAaWx6LHq4j5ch#@GW3IXmN_!)YoT}JjIz}8yHTpj zy7hYYxd(yd{KY_Ac7=o>^yS_pm7fC!3jm2h{1yzbS7la*PzI@!R(31#RG%p|js-R? z{zF!jYWe*wFb|i~5!%fU>oA1lu!BWp#CEY(TBPU+O`-9+v|@FkU&5*{wn;&dV{}ff zQ0d)TPB-&Cc8dn-VDiCdfeFB>&=m7#t24Lpv+xPc;Q5g zrCYoXZ6P8LF5nnh94fVifaShr?UvAjOjdUgX_zXMHoHh<2XbRpS3f>eWSv{~17cy6 zx?f4YYGN)Mk(EHTwHN1!PTT9>y@!AxLf^?S!9ADB_GPc9#z&*MBeeu`&Sb@vXQ|sg z73p^f82{16#wHm|o)n&YYwciv<$!cj<9jF%Z`hq{R%FBv&i>vB0=R;9jDTAksSF&6 z%4oHPCU?)Yx2uWpEC5|(MKRJVfHBkbxT!=6-9CC4p%|hK$L_CTZ0C<{&o>2J4k9ks zYsfhhFY!uNLD^IrX{o9a>bdI8F_-TFI(0#eWis(PyU;IG^su^1uwV8b_5?m^jL80C zZge?+J6Doj>Xq1ImA33qJQaDA%kwhKp$Ot1{-PF=HyOc6vdW>b~l>AM!?O+v%@w%bXA@5n~< z9R&Q~9%BdjP)gTOkww5~`L%j1izI|6;p-AQ_&M}JWd3?H_i&tT~ugNcvxL%#A|)l6p_;N!3d3Zx6wRN!XRP4@m=VKmMWK%R1+oW ze3JZP^RR_GEoL1#)Qoe#tUe(K?7qw_rwPkg%Kn10e)KR*@rl}YIRhSpe$IP4-O*H= zh>T@c_JoeM8}~n40X3AK%E8Z+aIx_@{r6}c6C`pU18EcY1jfJ%TxD|t>^xgQa^T9)o;k- z2oS%VKxsD%Qj@v#Dn!V2Sdp`HKpzv#o`cNOMEaZ61J%*#bBx~X&5v-ngKmNwriKF_ zqN05N+V~d>djU+F&e@Zd$Zsy=<20K$P-gQ@M^ljBXdfpfp91A1ofY??BoTJ^5fnQ- z@!`x+(FT~nh)l9qav!x8pF$>L`+fB4CuUw!)_cW9XK4Ih7QCk$83zb=Ore8%+ce-d z{z+wZp-aWWECDA;XUnwdT53)n6E!-N*Wv}#K$Y6(Luvt@bk`_lXV5p*XoCGgegyB5 zV#;eGeXmWMrIhHxT$lY{ckXN@{L29T`%O6k#K%d8NmL;s9tn?9XTBRbM@&G$sXi-9 z0!-dXn;Kl<539{VZXBcDg#ssqFTuJ9El;V$<1*%e`$sJp=fkqH0u#@MwGZsb9)2$d zG|B(@f`LOv&n3ilQ_pE`YKq(y#!WK8elI{t7V`r?=yK&x;I$w_ONFM6ncSCuD4z7qBn)K25#tA!atO z0iDt$fkc%l$U6H|bp(2xaQeN&b;wQwI`EQN;|S6%$m-&u`JGlRgD8YYK`Q;0kQSSR z8a#7FN#XYvyZqtR6yn(~AU*v^^Br^@W(y^o&zAObasjuzUSrd-!@om&8uMh_6AxFy3ri}%}8=dy_bT88hXpW-8J9} zElk3^y^)E$;JIw-G&(n9OJnpp{$a}r6R&*oiJyD5A|D8bSN^#c)K3_p2(N_7*-45fD&zoR?!te;iStEGUDp8q0LZDbn4Z#9>zG?OetfY=yr8Nz|E;L~BJd>{-|6Vl>%)r}@1BSF^* z!VKKaYH*@}V>?UTn(0t%0b+RE+g`w+%+(22>i9?goPtX#u4{8a5y)-Jz6HN(c%FNQZPvZxBJYh)78zT_Q-TloImJ8_#*3 z_x--}<6P%l)V|lf)?9OrImVbWFG02fmUVpc$cyWJc$t5s{7l;451wg;fDP81-+=LX zD^ue{{--Ns(cXwt*sXHutWlRglB4q6ApjH`6Qkzx4?rx7xJ=h&@>2&EYd_w{nHQ!$q$&iU2_lwjqm{u!3^ZZ*^C68 z8UTjCqdMS|6V4+f=LCf0eEggN5Jl!4;cH!l$0!XEl35bW{54A)B|na!$=ww>Lw{F* z@eZ`Rjo^qSQF00rMla+i(d$wp1m9|s-j;JffUQKr=l|-r2lB$}v2q=>5jb`W> z&2`LteP((R=k-Cfgv8%90%Zeu5iu~0frv8(M~q~M2M9?=KW{@RA1Z9THjuAwITE~! z>)ftIr%72E{!@cabNeifFs~b0A&OdOE4e@{*5;<+GO--XeYtZ1gV*!+UrtpNh-I%o z-7nJ{OJp6>?3yPU$m{kjIMt~Kji6(R2C~+r@NVqby4~HFh_~O#4-zRV9%fPuMH?Po zmU8>jo;@$=_v?H1$;SaGVEQeR6~BDe3C(Plagw3LlEDgqPvrkx&WLYXIxO%&$9@mf zdi+o0H1_+v~zl*qcwxsz^!S;`)M zY5cm^YwsP#@Xd-Qy<#;>_%2J&bRDp!YRsplS_@xNKG?`#U?77BB%P+pD~xWx#E3?s z+!q8J4m>@|aM_Y;HGGe$A=de`IN1=%c9ezo_3Wk?wdItV0x!A4??wCbfYVT-Saoh{ zUntlWETYr&lzYRl9I1CRON#3K*o^-sHOE=rodr3^TMg$ArOA0~epO}UIWN7OdTMxI zu-BB$BbNZj_P+XNZ}h7qmlh_S3%k~JPV&v{D=YScBToyO%Li^h-eXwYs4w{Q{O7J? zmXw0xAjz)pWAhDP-KNB%q1^=A-}H65Yhjy*`V~?~LuXSDr^knu8Msdh1gN_D;zd5nuf&f ziRJCI74j5G4E^!zz9G6n7-_OzV7mtP826+#A6%Flq*x?09yB%2^=nb}(TzSbRhw({ z)ASG5x>;kYvHYp-AuudK0KkJC3?%z`PIluMPBX{n4AbJGY~u<8aFVuIlK;57!^!)s z^;3NOaE#n7i_ZUjFP{iBB&^Tu@Kei#1bNOtAA*qX5W?EWm&?*w zTC4s7sRdCFd&GLpUM7TCbA{#4Lr+Dmf!3^Far@5LB`;d zOCT@^(9>#xWwPzS{^?&`8#keiZt8i5TglLa!#CO!H(15{U>>t_28g9q=*+$O_;NaBQ^MUmu zyxFDicnL48-IiXYDG z+9Mxg8w}#u>({+NW^rjUFXMRk!MkSGa6^6I6`f)M#T$EOZhrD%-qV)sIQ7RK3?~@> zUf=b^sAGn$+m$VkW1<)18Jvy}9%`~&xnGE*-^?h@E*RqeWFr>d?83Ut$rAjMkQJhbJ;v87m&tTnY65IrYU%Ax@J zB>0GSe8920!csQOg5CUQbyYG`*$N>iPI3olgcqZkXB4Whg#{i?-{brH4Jay3@-{Fn zZTp+3J(CE$otOiE!}*Er6`Vq{?`m>7@2U^9nf}ujAt1zkhbfEWc=vBwb&;$$Ry!WE zk0rrcIXtxG|GVtS_MJy9&75At|94*ouHrv$V2vl{_q9-o{Cg&l5ADX9ndt113^%i$Jk@~`3C=d zuo8qRDdv`n|C`|v|3jVxzV0pgf9RI~wfxNi zka$%@NV`*m;;pObjpavCr;m5c7wt@q3m+UXsZGQl$NE-AGFZ=~3+&Y4(w=zPz@=}O z{-?DXxP|}g9R{eGDgVvl7}Jo|r=>Csl~%Vj zBp%3WONgDI&E+m}K`Ow{$5*x!R@xyD0_x?pGmDp!58HkYR4Ug0ZN~);;&T=NE!JVp zciYWzMf{%2^4P85zl+tLEe-L&*cxe-Wp{Igbj~gHTjP>aLJrNSCf`ESsZMq}Pwelh zyv;~l`;^wVJ@?KX8$>_?5t7BI5V1tvgxiZ?{>7oLuXj3}Qsg`MaG@gS z{dED00fU53$i6{}I9ZGWtz9A-Qs* zT2Kl$+VO@Y!TZZ4OsyRYJEfj+ybh#Px5Pt~8$-3>W9v}${&51OtiAg(*JFO|w6rt- zoL8Fus0z&fdo}#W z2LW2cStr!!hGPerCeH{uOn>|5P5<{HYoLTJ&K3S7%gBaf)~SA|%JNY8qjVo)vjh)v zl|PeA_pY#r(Z0zWw7M7(ed-VTKEJn%JnP($vpD{Rx4AEW0wD5hPPL;TAtKp*bq1}%$^TbRcOozXfmV3+&zPa#H)@$#X{!u}jMcp@e7H=txD{I6GP7>)Y$*D5*!*|~!Sny}#*b{QbK z=;xR*jqdn4uoXqb_m_W@*#|XQ&guPjuHq=+W_ce7V#WdY47F74WR5L9r!Or{mjhY6atnt$3*&!$g8tL+wbH~9S2EL zQmC$|%+p>1;6p4r#HevDaHcSSY-0`R#X9qvga1JV2DRU&2<5*j^Dj3UzW;qDSu*4C zKR40yhhQ%Xhuo6*CMxl{=r-fC%!eZTstmza0K?%+h8G=wT=-Yu7@3x{Jd^lM}F_Sc1kMh8c$2;DeadGeoMFD{+f@33Xrg^kvP8=I`D=Oi(u zQft0EHGP59`?&>A3btJo5hKP9X6_gzS5nuE1IAz}GeaCX3D zp4~HT5j1)q2x8A}cAR5YUJHnI1P$z+liQMO;lo=H0NP*FeOqh0f8Q|4^842{j{H-!W4p^%Aowmrc?`FP3s==& zi)rAtLx~`F=|zg(lEs1~wh2Polq4 zlYh{mqMgKPaUgPM<89q=N*8I1qMQRux`I6EtR!c{N8~~`G6%gV#Co#^W?HNsyCP_z zaB!S~G95`7l3fRoe7A1@#$bh2q7N1Yy3P@Pc$LV_t zy^y*L+7gxDd~2JEn+ZK^vQa;7#OYT&By!7uidP8CWAnvqnDq0`r#|x}K+2AbB%HO1 zPU%gfiar?V{Hgl>cu&^^@)p)L;7=uaWXSZNLW??U=!2m=d6TE zj7hAHwSE-pjO&~m>BTT!-mMyHUBh*6;7R?f6HfmK?Q^A4uOkN+7x(AEIdvSrQXS42 zA0P+G7Hc!QL+@Wdk>5DhFQ?cZQ7(gmVmdh`g>bm^fuIDC64sE0-;kc^n^oa^OyjbI ze1dv(cT-&-t%2;yYQ#8_CU_08vNvMz{YQ1dLH3k?-#4Ee1C^I=j210KAS65!+1 zjXrpQGrMXF{o*jDrz9 z?iyJLkhQ+gn?sO?Oy0md#EFkL6!B*}d~_;ZwG5lNIv$yf>z=;b@~x`HD)&8(sP$U_ zENumFqWGSTJn&aB*A8Y%ZSFxV%6laD9hB{A-v3y5ZCJn4vDmTntN2;IbxBoio=BabzbQrVqvtCvEv*s*7gwzKP8iQo+N>IU zs<)Sj57GsTt7fZluJlOuLE^IaXCHCF(GhNUwQeDKt7F|Y38{h9$sQJ!L5(xdnO6*u#^}4(h-VxQ@w<0#(qx zm0*fq8|NxSfP9!vg>`(@a@whU>H#o+oE{uAgOD)=-l|ziE@IX5$@XOxKn&{u_L^(m z)1-BtYUk9T_<|&tW8DV`GLSCgC@?yY&E~5*6`ou$11X@Hz0}mb`Ew#K)vC_u2&Qa= zu|&H#Ho^H_1?ISS)j+kS$E4?o5TCa(Vk}qV^JphOt`p=63x7;UY`%^HeMr;g89}Iv z-8^(M`>10TBut5V`{#k*Hj$^2G`A}FPHhcgSkMR@0mtK2^5hQCJ&x6}41V7OSKhHa z6*u=0`LmTTRlm@Y%mxx@--avN&D%{~Qbz}6j)v>0@%>>(GsVFdgF1DRND|{kV!a?( z>f%w)?)PENBtz-D&Bxcje&>WdeJ%m_BLc@JlHXrP38yGtXC%2+fcJQ?B%u}oxc>zJj04!1M zQTcBbPR5UYM@BKg`CbdkLVEZK2G&Wv#65)R@63O#*&ff#O8VUZcQX@YJ!E^w1Q<1*wrZ zHNZOqu9FWThWbxXnMz z6wt0C1;p#mZk%_``i!`09s$>=6b2o+<2k^-uOgg76gU_I&0HXm4CTF5l{f1F4x_`r z^z|&J)bv~feS$6W^g^2rvB{VIYuNLqoWS}XD)z1}Ko<)btiPmgI zejrA2s!fZquC%R9#(8rGUvk<=H#^C(#UOafZ4l9htl<~9IDMaK;h)i-occ+9bXzN} zr1-M-pJcul3kwA;1}-N0wAb3X-Z1t!hy-DtpQrCe9QTO9tfhNwng=4v59)*|{38)L z17BO^4M)!n&gxb{3{~m~fpK~EiRgD!Mc0J~0Z{o!h#QP4S^p5z*fk-f5bBalk!SUY z08{OEyDEpj@w@Cm?7(odK*0Ip>Ot+QlDS7N$ufC2@EWt(Vv;2m=wyk}(R)B|8DseK z{fzf-xPT{preQVaWV!f~&ZXR^xO=UL>X~i5Ew~mNPa38-0N1YmvRYOWFZn|*Z9*Qy zvfsbvpN?~6_{{!4Ql)cCkD=P@RbjeYOl5AErci2t|2*E*(I%bPC1CIPzV;QVtNWR>_%ZH_lb6?50eA1J>EDXaQFRdB z^$9C8uNMXFDp$KLK%9TIUP#)=>K7`H0dfr%iF>sT=81TbXe*Hkmv{Qgn4A|bY9WNc z^;dERugw+8SypkFj#E4=F=Q}XFWCr`WMKR0RhuU*f3(s`@UNsLjC7f8#dA83wB>F^ z)?!|`wEWy@zs7>Eoz{ShuY zRYC4?*LNNy#6>l!v$b*c1|>KE^r9KT}=1+$d>3~6nL$( zk&}rxT8~m0qri-~joghB7Nu|5M=mIZvQ#yf0bkgdl~IvYl(Sn6k?I^~nhpzg+*txe zIV7|F6AvH~3RZ5#(R>3U+t|FWS_tCa@?`kec6Sd;=R6NJ};$zV=P{pd8!Yf_0zG~`y z$u78HTPdb>`;>vFVronQtE=LBHnUz&L^?MYYu;8U$7Zc@TDAUR2Ucx2@s}_t7B8?d zJo7D{;AcbGo#IKvCvr!+MEl2H5E<7}H`vt)!DN@~?wvV_dLAY1a>;zJ=_5~qsnZS}o^yKApRwv^-3*~NwD=kOz zR8q%ne+EI>$RvlASiF2H8O4HR@saX#BpdDmva#cbY)Qo@aj)(H8++_*k=jz+k^ty% zQ%;zHlBt^c#U8z$B^!sU>cqT~o}S(ucuTY~Ya))#RjP`tabbCK=SYQviBM|Q?g_qb zi8^`O_yJ`$>o6bc$mxf`(rJES8SnW6$?ef~@+W8XbhAw6Mn!k4#lCrnKm6euPNg z?sh{gznnouVcFEk8`dv)k!8POCpa(|@a;45!Bqdnw7q3^F+(DV?doV*t(JW9Ja9qwY~PT^J(TQU)(@)E7SZ8)9gExi6ll*wriB3s!& z`2D$b;)f@2JCrh?@E7(hPa150sMr|Dog~X0#7#xrruRM%^rQP@+oFgUnD5pBaE(y*+%#2_c9=%kXhsFs&>~MPgE)* zXRipHYuAjB$t-b_mGQYB;Zm6pM|?97-oc5$E!?1HA**w~#3F`rn5~t}XF|n|qMJDB ziOhC37v`!8IC811|A82rk@dBKUmx4c%2Zd z3z2TY*IqjznmVcdkveE${O!@pt66zz{8n1I@F4K_d~kHOe<@doxHGE{4Sv|tGF?qx zKUr9E<(inPh${0VUVk~iPT9x?_|86j?UuRRr6=DQa61$-?U>P32gY7H-fvnPL}Sh? zW30K{>2Mh}?&7Ge6c~Qylf%T8FBc`-e7(YFJO7q#8*i2mw(bpRTd+x^F_k^EhmWN9 zQH)q2YZ~%J)-DNQpX&OpmGbV^$V*O_Xa#ME=@r(D(yPy&L;?QJJn^}LBDu%zY^bV+ z{pRNqnj*P6HfwbI=jOZmm>M+~A!Mp)3Dp0N8RVMhe+~=VGfbDV*nUCeT8xdIJApWj)xFF zCc7X-wFds^hU*~$3((*HLISgBR$hR{PrPys(I+;7_4-$U9YnwzqABeuh*3sV1iA$a z_hi{nmTV7Ek5P%9-PLa-nbDhJRr)PV4MLxic$k3hMJ64>b3}U;2lb2fAu3Tt0CQ8% z5kH{}SN>W^mrVlc^m(ZR7anYACny7LA$ODFq5RElUsj)YAD*WR@G=HFC6qXDD~NvJRFCLVCuY@z>^`2z0@Grjhw%#7~UY>$6#fL6P^EEk_j;gUR4! zcK;$rl=NGY0=om>2~Fk3wozOmsryk^vzg)X;*rN&CPA^^Wt4Q-{+dW4!^m@TCnGAn z{&5>Gx|ni3zIa3{aAxvfcc3-ubb5Nk#- zbg!TuTp%pQk*Rpyh-<)f;!N#K5TW5p4HTRM=z!k~3FRfV=v_xLVj#mZlL z-z7yXhZ3$AN|D4cdI1oU1jtTbDln(sOxyq?zWeT=3`&8!wJ&AGX7EWZcXo}BKSsS$ zA?`c7o@RYr2cI@`s!3#V@klvLHQ-6c>x4qou{;grK3yQRzcU>{HY+^s=e`Nn5r&Cc z2D>nJtxIAomZo?;OK5$}?yGO8JtMJvrUP@ToOgVV#~NiPS=Bl-k0T5zB9q!T2k6>|#OF~xWEpWFx&82-5i2K2&+<;3r9=YTj& zFB_+-=xj)g>zw6U?geLn6HUs!B##c<1s0xbc{Tr;KKe6KJFjF&vIa_zYF!^-Z>=#A zC>WRPJ1u`=jZ=vgEprKV@45EDu<&DpTE*utV*4Po8cPMO$(u2^3{3-KNdS=w*D2Vr zh_=f5F`d_|k!cXtTW5t*Dh*M_GtNXxk8Yip6Ezhuo$>0Z<-8tsb=@QOocer{B2Dkm zhl7qUhfv+r#S@`RKNM`;QjVv)+0mZFBSE{qelzf_p z_TBx(Ps(AY9I(DBcYh~Xr#*U)Y1mL+5aXJ)0bD}}EJ0k}JeBKLNZh}vl`p%?9XaguOx)GN^ zzE45SsXHESCv_&SQLMQGvaw~NYvmd|G^K7an0|oFfJ}mPa8*)sJ~2L-cPwZjoFn}* zVnOAvNDG<4a%*`tCrOV1TNxNgPL`F1pVK^vLywPn#u;^9P<*OvA+IsqWjQ>+Vc;OF zdcvN%9Z78H$^;UrGJcWQKJJWjssjh7oEylY^(fa0D!`WkzK5ySZ8PyHohrNjLY$eFyK1(9bUnXt0 zScp-`PWZGLGW!l2u8M zc#%3a7k?QW;PBV-Lx%bo|6G1!b z!4%?k91W%+SsC9pA}%l33}4^voySMw1VcNnDhLRl-}T1pnT*z!`ktp3|BTG`95&XH z$4MibML!sfZWWn?Hw&85{En@?e5u2a*8TBTnY_3<6Ag&YvPp3tB?y}K1EQgL(&{g}f zcH2!6aM+>AjT~WDOK|1Z-{^;>%Me^;J{o6zt3$pd)dhtvsw!FBQFg=KI6n$MYMs2QdANKfn-h@Z`hl-65Be=w>(>BGhG9qMhaLH4KxW_cU`CgVXa{x;P(XGOp$_g zu^s+fkl9ql)IA)#T@PRDLd^Si-P|~IJ~CrJUcWJH#l4(@4U&t`WJ|3KjQ zxF475(XTkU-MlWvbDfHu z4%%RE!{H7`-k|vPtKK{zQ7ATfr0q%|IShDL3+lciExpwe(5iKqF%|XY(%c17xZGh zx?mbHEt)*wv{ulk?Sv@pA4WPGRPoazqIdvJfcumEA!>yBM|PNF%f{W^4VNxK2CSid zb$0oALigFvUJcw1GM}RZa%=@SyS}w#+2!^yqbb!188&;Gszv0fKB-pBMMKavlA*M! zJdHs1jt2q;_qkjHN%=6MO?$jb+J=zotx2ktWtLfz%z_UU-T0#j-mRdEy1{Q8zw{*Q zhWLUutQ$-*U)XWwRus9PdjobnlQ?;V7Nl(0@baDch`7bM$=v0$kPw7RUzEqVph`H& z{TnQOWVzVjR?f)hYvi(fZxwNmR_c9!J87@Z#f$*(f~9%ihiV%obfOQkK1#k;ce1xI zr<0eW+7PkI>^e4H>r}-_Y2`?oE9RsRn~&dsT~+kL`Q?+c#yUkZO3UK1XrL+^+bk zja@%$yQe~j`o#!!LV9+<)1O{Us-z>4a>? zJj_a}2_+thOO9p7_`mq0>*_jOJregh@13FEP5vaMsZ5FN&ama3u(AbC5;dH3^DbNG zd9sw0N6_ z4U6}_0nybXh5?GIo07PVq?{?JM6d5*F1CskujrX4)Z<9iniykphDf77WHID5NVHnw zFHxVp%CmBL(Px?Wiy(uKY8ft>nrK!Uy>|oU1WNwBbENxC&%(u_1YsqyAKEe3i|L7B z%&)0|eO)GsqvF&1b(cUtHW%BbxDKQ*i*(nF_(T;9etle4I~knDxHQ&5jTTi3alcrB z&97BFT<||Gv8YrB@UO35&oOp-ZWhD$LiFvT_{bYRkq0do{MM4S>dHCir?R7&(fPQd zyGbR=siO619UUsZVr!*X{Q55hMHlLSk`j}7-{MmH>E!abVebekLyNp*JMKsg6C$zC zo@}XnLU!f9A%+-GX~e&JpJK0$GYR$t(`hec4sQotp`)(j#$NlOvFl9ktJYO570E2OmBP=L5U-hW`=-MkBc6kg zY`UAIJ^hBe)8uW_Vz6!DrFqZsy3;O?t9DBa^dZ z>V@savtZ5pjpT;D@8!FN;HqSQ(V(k7`xPg_{cKXJQA#$f;+_7$$DRD#<@j`4=`L7& zUBB4f$C1T(FFYcmct`Z8c+}>ej}7fz0|NtJ-gv?F0_than{-xHvD~XlFSA?mBR1K+ zjY1#0!f0ITHB|~Rc|T9a^)~V?S}2PKAB_#RH1OCd&uhP+)H{z%btX^=e5j67LoqwS z{*ssGR7RZ1R_!t`cEOYRBIRB`yAS8ym~HKYD4d3d?x*7uqRK*Px0gLs_;beIF5N_P z`0PEnhb%E-z2%@WnQ3n`h(V`xoD~AU0&hLnpu`EXSYA4ihSS(<=4&b72k`SG*sG+F zg@l)7Y4<55ME&eHPKu#61a=BL$;ew!CV394qUGpCYG#WwNupHQ$-zELRdi7oq3 zS{8E^<>pB;i_O?)UOlQ-&y;a}2-E35 zt}C-iD!$OdklyEO_hr&gja(_veA)1ZeyeHh_UZmRUb=V9b^$x24ma&+UzXzwRnz>c zLnq5KoV<6<@0ZKUFg0%_t=5D^xEHuWdVHZu$2M|KM8;~ir`2l4+>8j3wi5G%>++dm z`)jZze7(Oo);o*Y>1z>vw?4WITL0=pB1*avWo_*TLA=^`5$Adf?Fmr=TtBjcQdFYw zyI|*;>O_@HIEjP78n3HzLqbKnRnp>wZ4NX~8rS@e*?$k>{g$?k(-pNS^g@Ru1es!AuxvHx3I_7z3 zCLup98`dANok<*er7j#av7OtfiYuY)n|y`6R} zef(x`br0n|XW>606Xu>;U3Y-sM_)WMZ?r42C*?574h;zL^D4cnoPz9ZqYFHGDM#BN zlQzqHVII-G3%M1~>&IzM4d1#T{hKK6Y5uc)Y22xIO)I|o@ybZKsbxyk)BxUc`8ti0 z!1;&gpTsW+PDtU~AkE}MmVmheA5FGG^#%pM_p-BA)HMqhr30X!oE2{!HNW_qO+$o) zU+JuU-HAo(vrJ`+V^IW4Mbt{B{E1ri_RG)JrFJTbQ|<)eui9p*EU+biv^1t+eV>JL zD#*qaNc3Z(mD`1$c~yQ?Wu?}*YpxE7T1q0c)+f``J3@u|Pn3tq#}`1jXbL?J2MxpF zo?<6;Rme(a4+0YV4X*}@g}Zb|IHR0Ct`w9B8B#1nSkviwlJH-0j?|ST@+6%zoNcWE z46+`wLnbVR6W)ko2%&SB;Klp+E-m3iAMgr`|GWQ?K3Dgs`Z)?k%7Bi<-mU5F7 zk+QVsJb<(<@_@frVg$PUPOh4V?Ql7$g=pPIQTfUZKT_gmqQXi1G6yx>l?VfGfLX?+ z`0qH)HdQZaaN*+;F&TaoH{NQwdDz3ceeJ~~dY(E~!^RDisAgFb#!ddSx3*3QPxij; zOLf)nuj_9m`1tiRoj8g5#f$)di}rl??eqDW(VDoTBCejqbIJHi%fC3;L(OdpLdYmM zF(r{~SuZGNf01YgC7By?wmpu(+2oE+oxrp7r0V*db5<9C#JCunuV@p5?UNvn0r$j@ z6VUGX3WFYM3fE{T-ZyH!HIlfa_@wLjsRksbAv2=U`t+Wz&z|%PIr--|?2@De#=@7K zO@#%u?STY6TN&moV=p3CXZV1(@!Zt==bhZ`p0}SAXQT8^uhbR5nAOF#m$z=fi)sNn zz_gf|-+&q|q)BCcnZ#seX}^r@U!P}2>wo8#)j)R}YBxua^5oR$Y;O)3oN8#`v5L=o z9E=PPMMGIB(eQGn5(b**d#-4w*0{vjx|ra7i{c@rh-cf$dQ2bjl9m^{B?key} zUJe=lg-ZTVF_f!$EL&!=1!tcfP^g}GOlr>T%kKRLU?{~drQ^oM4lpv$IU9p_i1^HF;vn?i6ng>z9fc=B*5{! z5X(3;!?qa9p7dBz(MYIDb$h&!rd+`^mdq6~Vng}NA{#z+H5>#@yWTH-T;iW2i6DT2 z5Nw`ssTi&clIbRj>5$K6-^RWso67F7*ALT@Dy~f8;dbA{JBj*oGm`)!_^jHCJENs{ zej1TX6l&pS@6gOPeQ~{@??uAD8emxC!i;iF+Y50sMM=Nq2rOZqcv=2bAo$GA_GoCA z^g)>Q(q}d)77w|oDK5r=6lOXxl?|I zXvzNcxz)R;&n=C6DPNPr^pqw}tfMJl3qI5KDwZ^FU8p^%CxI3r%=ihmH$bn^)Mv!H zFy)87b97^RW=Sz}o{7I0ssHC^&%WtDTi!iE=t*1*CzD!vjfKRQ%HDc> z=-^z(v6aVU-FOCoLCZi=eQ?$^<}B(t#vdNYStf$wlm#-N0!k~d{0?*bD);k9L17|+K1 zOebVzFu3*wAm94U6t?nxiC!c&tZl!^jguka!ld2WD49=XtZO|>NOSl@XHb2ywph3r zGosQ-z{JnT1-vF4d8TK&A?}Bs<`YXJQr(sp^HZvL}p@4JDFomYY3uy3Xqz@EDv7=>NH=Cs=buz3D3(KMjmZ1t)RJy?z*-Ilvx zQSD$YFydMvxzV`kkO94~1i1kD!roh9n{2W*+*mvV#cD_(Qz_=G(FF?|;f*`V;9;3p z4}e|w`Rl89z=*E$v(@$k%s7Qi4#aR3Y$JcjIQyxPN!X(ZSvQQKNfi z4`eN0-Ee(OE{Qjm?ROr5_%#A>4CFE2!{T4bu%%XKktBKPe~_OfA}MQKsd~bU9vZ;j z@MzU=zg z!lLa-1oME>HP>c@K$hzF^JBRG1tGiV&~<-Lwz8lp zGuHu$ro%-ipyu44=pUDu3lTLvlOZXOnaN~pm-zAL#rnom>-i5gdou}E%*c#+p0aNO z#h;wC?}Mu2xVHwMvc|-@96Dq>*S)gC*{_PpJzMex&Vc1N*}MjnYm$p*eGslCpU_-S zg|J4m(rfcz9b)748$W*=Pd(|hyKeD;3A@mgdNBFQff=1<;T9qykt(*gPuoih%VvUO zz&FeK_G1y7Vi@60!{}qj5rt7a(Wo2I_>k)~#NefblqhnfRgbhHBYm!vH~(q44}*of zpc~TfGIt5MWbUgK9}Mj=(5rlHW^C|{7kr6oqj~2n`-B0X-Nk%`)}>HGa|d`7TAv59 z4*kaUzDr6Wgwqq-Yq0;W0`*kgm&zrs^g4+eHoJtZQ+Mv_sZR5Xp?-c6{?Fx{bvuH( z)shTjv7!?2`xKbRfFSBrtaK~m-dwmZdIuUj$t}TW#y<^_+@wA3E%MYNPIAJD#$HLk z5g+s8_T6F82ttfasrn>&{o63#8wN>QuZv#(21>Pq*Z3bvr{Hff{Ly%Ny-~#cxA1h# z*A%wivW?9WO1HIF(aPkr)fGB@wpVlYaRF`%#VfdK!2T=!2NFqoM2yFRPvDNpFcza0 z_lUg&I{QV!-3&^;V3|`dMP~5&?`ZBqV?hMEIL+69QPc&;qW`7hT`mzQU+i__v@640 z0Ot>``Opzy8WaK zCQ7?-vny@H0@>`)wxwTE<8??=1lQizw#Ql$Sc&MfU5yTa{yM!4jJ6+{;sHmbWqWpKAz80vwm-l~tK0#% zGK|m3L1ew@8N~zY_*YiOFB^i-Yzc|1_ibJm);GoJ?{#m>QAim~r~WzG>{XrUX%fpz zl|tuixPlSv8c<WV`|+8lhwBlo0LB2D3AY*Yr2!I9_Q9`SH>y4XgDTC5wCETPZSvld=vFd(1p^S~6P@N9g zcjU1P4L!?&<=ROx@A~#i$*HU|I|WdfH(@TMOoL~(-&2IsMuaYY^#Dwxs(D_ZNA%@k z+8+oRB^L_yJ(1DqZ&dsfQ!+%`jlTm$A-D8puqgfur9X^jY9mA!ueKV}bx0uNeuNPk z_O-7sEV!Al@&@nlmxRm)-Z_dDnQWs2!13rXo`QANc{W5s6-B#-f)-7>^RSq z2>lL2wPE)TC9XP|a8}Y^=-6=J9rs5sz|}06e8ylQUWh$)pEtBr&R>7#%zKH9Aa53X z(S3iCTVsqrRNotPoNhkjx5Kr3{i8w2>D|9G2Hx%@? zFSzxe@)+B2SeD7u!c8WrMVk&_7_3QRV#hkUnHMJ0F>>`=ZQYKyk1A{P_Y`sThyR?T z?j4~QXT^6m7?w+}iAE(px-GLpt`lNEa>{5>uzkxkh0y@Z*RYiRHH1v<6^(0sQUkLd zjU#sZL|^-Dwe3yvSr4fYOi%!3NtX!6b|R#bQQ1!2vHnbn;M$%`sN1gMK!X2wBg+** z|GW9hXZHX`L0+Ju=Om3p?fz!9=S7rp1Nm5pmKjtjPa6XwVykNsFVc6{$L;JUIJ zDr&?D>0j;(x?0r1w+#@`sx=MetOtYD`FNUT#A(-fed|b)D8s9Mk>$th8h$)j)@!aTcLv?lWEZQ0T`K8?h1dub)tiUoY}n8Z z%0FuOgw8E{GLdCo5B`*ch=_%VpwzoQrGc4Hsa_2zjEB|`iK{R1%!cz`+BUrXEd-S> zc`eK9n`fN>k$Sb=Qzv!<9JZ+NU8Y_|99NvwVb9p5Sg*Cat`@YCmbG%b!wUZAt5n9* z%OWG|DIEky3(Qcox`m<8Ivv;{%7WUnT9j?IeCxpH~Q3`66;7 za+kjdm3UVJ?M?as!SK%2n15S^z+K-pO1`xkQODh%x1 z4b*GiH6LmE{rJV0uz0(fdyR4iF*y`0W53gGjT75El71dfy;6TMHm#ohm(f5+lN#kC zZUf$_iLe@z{)o5+g=YCN=cUU9nld3PUCBS)M#QVMa@Sna*H0|R2_HtxGp~q9uyTr) zp;ggcR70*b&JwMh#psv)_`q`t?@UgXufD|-#EO4A`sv0_tT}e6$$)-tpqlClO`P>P zj&RAQaicH&8Rnw7T()f~xe}8Cwv7hkn|yn$r7gTG^7E?885=*W9WU87ra5i=4`tsS zPxbr$&*{)XbdHf7PF802YA7o+A~KQ@kr6VA2-z|kHYExndmOTo9mxe2wB^h~iU)21-)HL5R;xj#(7Q?=Ug2d}m0+OBgEZ%X+hKH>@2Q7` z(G`_7(&c6qBL`htIBaV&C=7Vo&J730#9zhb8BPlBJKFKsI_LfxxHuiBFWo1xdK=bV z%5UJvy4_aomHjM3G)yJ;5}S*9pWkQ1RUZvRng_V$b@nNT*4_wrI%%qv9C0mJeOkYt z&p0m_N(|0+GOa0Hm)UG`Bv8-6sk5vK^h!8)ox=2y$g6Fa-~bOU;wfNLk_k82s- zpSW`SkW|maLampk$OYO=WhD`pOPVXeCw_3ayrQi-lc`8pu`Tr)Y}wLI%4~_2jCP5> zn!eoyt9?}~kkrj-GdVTb7Vxph4>+#J3leb6M@lHcPCxC7p^Dd9KtmwcpR zS4^|%UWZB_FOuv_+}EVOuiwpE``&)Tm(O@5ClNOE`=Kp~=jzKx%DEENtMoOLy_F>{ zx|GH?S{KYm8=mqwV(iSnnrX*O7VEt1)DUbJBReps$!<^9%+%>cYV_h_G2TRM%9y|2 z*y%xt)ANoShx3GrFmcVdqlR;rh);c%G||~dZ%8%os*^eF`Sz`yYzoxu4>5N-AhRFT z^4V_YvE-H1=uZ4Y8oqXzpT1fsGjWIw+3Mc zjUs{lVdg>3`{O!iq!*f-4V$_9R^L7Jv7_C;{Jp%kDDP*4#)k_VJ<2~RnriKoZ-$3a z(9O8dZACYK(&@e_zFLzzyjFMIaYWi~U9yo@*HtS0dK&e+?X7`Y_vVM5P@~SJ$e~KT zM8eB2rrEAH`x^`3!9Z72dvI-CKEDASF}n(V7owL_++uZxi>~VmNLaDQIME4FuOV?d zxP_|GOfiTe>2cZ5FZ<5*4#a55J4!YB-#5f5@O~>|{ds3~Cr?BJ3_?DQc=sJ%PIYxKD?Ml}cV{ zk^icj{1Dt>R_n1F-}xw8oN`B>e99GfsFdB(P-BT52;4~3QF0EE8Z_JULKtD{evxA{ z+FEMtd@!Xi>-ZTX-7vdc{E|lbfmaSotIMMJ%L~^Cd9zw~*2=@a&KGCZ-X35W@)$CPVDI+MTDe(1Cv{6;2B zulB;vZSMB}lvMXhT*@;0Iw=vo!NDGZxhKh;ycK<}F@)y2}KDjUj&w8Nv~Jn*qv?H8#~m+@V+wBS?!0@KH6ZdY5nor zGmvjs)T(DcPOVUH8NT#rE6x4(UeA|hF*9fL0#$SGH6;&x|42I_9+ZnWc@bECWT4>f zlTB~$z32hMk(*bl7tg$1@9pbbqV6w!cxf{Ba_g1D3|tN7st@MwI16KXljMzXLh7U= z?wG5S)mh&=Y{k7om$TL%ZdpXtgy54yWN17dWkyXVXg8HXj$pW{@UG#lg855`vUB;e zMA1E689;VEHxAE5z0YP6pk6~zAH}_A)n^{E_N^Z}oSu8N3;(QIz+bKK1lJlB3TqSN zdj==@sfykL1bGDR|{noUbXC24x2Lm!C~g^!!(5Q>^Z?E}@% z`>I>gG1BRVr*1rNM-4!Z(h&2NdU8mxilg2tp^v;*5ImKQJv|?2=Q)iF4cB;V7TN6I zSgBnrbab7{zb+BBSp-0n;dYxIO{tU{pwG|_ZE|L#H)t_KhV`xfT4^Q)8b?1jSi@1= z@S$E_B`!D2Fo9+pdG<*8oN*nkwKMlC1}d{N+Vxrb#+4nPWk+F~W%EV-sw@s!(@n~@ zvT)>O&RFz+dRY)iM#dytkys&xUR0^O5hfw45mq!r_v~n+l$6-mh|ZE!-weo}C`se? zIeOlFRCgRe1O464yIwsoQK8i^5|J}8GpWGxW;7vLg6YO*Ese^Ba(ZVzJ71#9ye=kW zs&ZW-V0xgW(x{%N|0sKz+JhyiWR0UCD@&`O!`1pl-|ePR3n!VgTUpTOYDt@X2K1N6 z(DU55&JJy-i$X?H*}}$g#XddrSx}lPfbhg{<|iLEB+UB&OWYf8gORzMl+U-k-{_3yPWi{) zwH-O*y_#_h^ZsNV$@@kB3 zDt5_ri=n)vzW=KI9km}EPnNJ*#D4A}P9Leq>w9oM^HjBOuAZel;G`7HK=-|aQbK6@ zsW7b-G+tQd-^S99c@@7|EB#`dX@jm`?*0^UzQ*RllM{l}E%^G<>p3REDgm$Q%Eyyp zP6mVzt@W-y-n%4KyY#3Zswy`zm*^(n2Qkg~CrZA4_DN^qg$D?mC{Ks*FE^aspF@kG zO_0C0p7aUJt|QPUP;Yy5a`48vp*WYf#_!Jvd#|dp^Bv-T=jBZ;q--4G)EK|l6UVO2 zjnf*as6p|jUmV`=$?S}2yJ*>ZvcDT@tivsB(@9^wmF!DlH9w(%JGA zD6`Ck1fBWVwoHmOIgD-;T%HSh2!)4t7(JbUaIddg3Zy56D7hBJ71*DzWR$Iz`A~dv zE(z8>tn1!OkO`eK4cars`+DpsiS*}vM?l(T!hEgkI&~-Y6-V| zfAM_u0rjX3ZgS`tNk{o7MS`es8y{&iW%K*2dxXIsS7y|p{V5mizu(hpyE=6GQ6Hbs zAeFy~p@Ez8R*KT~rIN3+S?5}*g$UI3<0L7xviJ3E^xQ|PHj{K5{UE6z*8IJLIwX8g zF!PmS#n;ZP_>lthnfPZ+>qX@FEc^Uc8e5X?v;Xed4N&B8W z>+|@Tdh&KidJ;Oj>62Ybg?E&(hpjWMDmFVCLto0%XQxygMnU0}V#2JG=NE#vJ<-?u z`jl^JY@oi|B7V2VFJYjBZ1x8t%i1yiarBObJsj{lmgq(HdKtp;2I+y=;(LcG&Nat6 zs$3ljo0ydyQ+0ldtAhSS#}TDt?2*(Hmxu?Ror-PKx|=`l{R+=warIcg{5wTyZ$c^MmUtoXFsj+gV9m zXQR5NEXzqKt1{&!V(7UV7E049h|zKT$Qaaq5T`9cv78U(28A+~V<9<&o({dYXZ2n1 z;UniSIOo%y^Hr58Y15+!yK=m-Y~^O$%-b%q2+y}!l~9|aa(c9*^-(pPuTDl;=M>8+ zRjV3OMhse3nFvSa(HkjPLtr-03E;nvrSDWb*XTPFXuRf%L19}`Y`O*+s9h?P9!+6veLLWuu;MpX?c+vtD0?XM7#D!o*UF1fNrx5Cv^?ZZX+TMOPkU0NMn;anGEp{1uFa9ULDhl*Xys%4cPbOIyYc?FeWPLXF;QVA*F zyP>KXTWvikNEg>z@`w+q6zZU_EJe1t@Cx~5L&xh)X)5J0N1~T>*aH&<bEps1QJBaogB}mD6!}}J-s-~%IIs7w0Hl9;k#bfdZuvDoiLW%TcZNlEb%U#TU zUirh%)*HMz*grcoq*!*OU%gX&B!s6W5lg&jtb4%DY(&Sdz%fPCB#v!ft0|O%+-WG9 zUWC_?GWMuK02IfeCnHZ`Vo$kXqLq7^>&6ehUpx7!m?oqxJ4b(vx$x#j6Cv#^+W*buIk|XPtj}i!jZ^F0 zQ>h%U-@Iyqofs0aEFpuPco%je<7L4|$D7HnowTcZg5KY7;q~Rbn`42;Y{WZwIXe4X zmyRxr^|Urv9v>ieILR*PCrwPnPbfj>T*&XoC;MCqy>+ggq?2?$^M-BkIg_`~Q?Imn zi5Q4gLpNBMT3yAS72or{jA<9KEsu!CDL%I|lQ}yZ^v!(lt6;?!z28X?9Ad>ygh?K1 zT#Aw-(tnd38~WlgSMqm1r2yWsG`%S7q-SUN{v3jn?}dIJk%8mL*M2!Pp@m=i5*^QG zxQzDuLXBx!d^YszZoVN|b0~$;P15I+i`2`U0+rb7;{$5^7v~Ks%0akjcY3G z4We=m-Us%r3;aC6?zl-$1;<9d$dVNq0V79Zn2<={VNBo5$wF5e#bA!N9H@psb<$6w znaUNZTU6=yMv^-F*}wW+{zkvBtfTJ~QlymlxO4OAqWNR&q-<>yw53AVSS2rq5FfAO z%A%7spTI<-X{-qbIz;clOgC~rn3S)hAuiwFs3ysn1u#Ay9TDm!hP@)4TMJF2^r8R` z(F{5r(T1Hr@#C?nB?nHyDr4ZaynkNSxua<1fYl-m*&dA0sfY@dr{Vje;M&nZORpU6vF|bfbc!#eD+=@4Qd$BGV-oBgSj=-y2MqRK*Z;UE%h1eTA9KC0 z=$q=pD#8STdbmE1_?+Im`(!$MkY-y;)Ux=!Pp9?C(d=06i5j*Qb~A@3T-cdd5VSV( z?0d#@(*3RPBLVipfZWciEe6%W=nM^K6)yI+MZ?pNM=5%ph9BZp}kkUr^L ztXUv1t+!@&`1A8TXPF|MbV(@R8=wM?Wi7RfIbxn1!qP4l2B|mSF=}e4csdo^vgj*c zO@_978LF6&JJEYlk&u{sQH$M9v}+#?@?Lu}*!_8X-d1p-)s*W3x7klBv~uUY8s##+ z63pW}tdMGkZgV7=(+tp6=(NZ(yQb)|jZC7zF0TaEhMxG;!IE%+kEc?N&|mYi`ftuk zBo<)HKSjSo-2INFjS<9G!}t{tWje-mkaq$}Mf8ow%pz!~J!ZDQx|roKXemXj5lrcA zG6#sly3hqdmR8~l@}DPn<8qg|^9n9O)|dmEOdTIXEK`r2kH_`=B?_Dr@0rJwb zY=zr=qJ<6&$`6PPX5W&AI60i>RC1uUBcyfi`-!ySYiprS@=GfcTsk?bgXG81{@=TR zhLF+QLmNDIPh5yvrC*F?b-(;jmok}CWm)?eJz(E2*W%Zuy>nX>MfV{iAYq@FlH;hO zGZURhq160+W2R{_cFvw}xTHRNP>QHL*?I~z`Xl4AEQO_0Im$kOA zxVV^IceLLJWAAyT7EOe_Q5}WfL{rv>Bo1MD8#H(Wigk^_*XYgZ;>g%yIJAv+{o0&Q z=U>LS%MN!t+aB18cso9MHuD${-o!Z8;4%}Xqvzm?t2GsYA2FpxG8AH+`YaJ;>N zGM75E@igTTjVFEB*NJs8|p$*-C6N8+spns zxvZ)y1+s%ql11Z6Q)v{+*|pE2&Ns%mPLX#z#2q^~`VIhABnxz-7@Cl$*KS)m!hRrw;bH zF`7_y`WhRiH_kVF5AC}4fqfPq5Bd*(JMzKU7xFdwt@B;!!yOIdeNaDhEYk9w)VT=cl#s-KYu zEvsH<72QKDpP2U3u1hIhd^%Oj6Lq0BdEjPk{o`sO`4IItN1_tVaa6=Y`xj>_f@wyu zO`bfRk!t!zu3qwuUe6T9ciG-H$I;9BZ zd>Swi7tCb4E-Z-`cN3?-3dC!#jblUgQh1f-y2-dl5K9kpg;imnkCnYHfAQM%K?-92 zyJ(H{uS>!h7@=HQetq(n0Yx4HDX5&>9~ojFNbh`2VDnnmI}XF2NfPq} zh~%yTN7mriU+1O$vH}@Pd=H>kW?oD^yWuEEJfA6jqd@?lzJtf+Wucvb^o7dF= zH=NFjd$-U0-(Q%DMq?+`j;Oj8Mx(Wkt?LcvgZY*CaPd(d{5cirs|8N{?pysmR`zIM zIwqJLxpqGhSQc`=q0GMi=M!yO@?^|cn@j((^#Xn_T%3_Q04>f?M(al_J-6dNY2LtLaetPI1DySZJQ8X%><}!b&g#I z&Dzfqej9ws?Dj8}J`{bRVYy7QITkWgEY(B@TT8$%2tR^QdA=Wzb$Ndp3pedQriK`W zP)E=uJcRE0(>V31A?T;GQOZOb;!Rw;lmMF%DFUU;s01LQXy=MEv51si!iPRfZNpm+7go=xd9T#^Y%BSjT^yF z&8FU_5)BtDi~qKmlb`$61Gq@zp&hr_Se#-^Ti+gpio?Gl(z^YIms!8ZQY|79yTyokhE;5qQgicK!F6+dbCoE1(~ngfP9ssyAfw*waHDk&vX0GG)k<70~lT#zn#HxSq$J+){x2OI3PI?w?8g6aO* zR_uy(hK?5i&2-G-RW(p0SOe3hq}(zgT?RVQKc2G{m^4{MhzD+f8ge@{O<5y!CS}fS zKzV9t^Ej{_gn(_1nROp9Y;1kL4ziYNUZD|6u(5^{5PCoRqE>Fo{QJzgx$6Z1>JjA| zbm_U1XcCUR4fQ=lSYBG_kUOQhH)WU1=htT7r6K0A5QGDHY>F2kP+hZA;lh%Dijns~ z-G=n=J+3wc)bi3_m_znJ+GQE+6G!B9E`sQ3Jt5D?7caYFcJ2OT^{ zoP*sy{`g%v1x{T`yPvaa$(Zu_wD82k8S(Y{_pK5vo*m{+yvH?P?Q}Oh+vMbQm__L` zHdQ5yc(hzankkU1SwoYHdS%1SwJsHR6F!eox3~m21vL3Ofq-CrZB&O;*d%LA&c38Z z$fufdAuiAa#Vu(^le`UbEjIROlOjzS5csLNBz(S zqz+E0KV|rp+-1$3JTC-RPmXMUQ-=hXM{Gr=yJs&|Nm@66q*)ACL1I`0=xK8$7UGQk z+Lxa?@|op^iJC9azI_@qU?=48Le!|W1Q8fslN{)H;&qjqwHk%u&xxUU%dBB}0`R28 z(Bsw|sd_SO#>W|m@7~GEG9I9S(D1LjD2tEyBMu?DT?G@FNGUm3w@hipNH1VJqSLc- zSA7l$MQM%Qz${AD0$Ym3xIwZE*)6pLB3F8Oz1}A3mDI+xdfvYTyH z*{|#)PB`3@QzUQ}RgH(p>)n*Lc*S@~=+H9DZhyfBt0;ds-fb|*FY=Zg~HmRt_@Zn!? zoQrlds(`Lc!$}<>>Y}h=XjON}5K4I{TOPV{zCqE?#)1q z5gqHz`_$PF-pjXA`8UR4q~K1w20ic1X*&8{03cSW$@i{SJVo~rXXO^B2YSbLFZT8p zzeMhp>eJm15JFdbpp`BYu5|2H<q4Pbo9B^kVXS=2ASGsPj_ppBetWeQEuDt1y@RxcS8l zU$)YigTY$vlDY^qT6?x(ne2~Bebg-f~S~l&- zNFT61?Yy>JyW{g>@`_%Gp+bP2n|sBJ7{No*}3x7 z9O3)O_2~%rooq!)*^pQpUT5b(I{ku&Se+RJ=J{f|GN%H}Tf0azi={#pZ*O?+2cS)P z)MCeZmhV-z#p?xjlZS_k;&tBvM9pDeg;OYvL7odkXwPuI-E~}K zK9+I&7LJ`)pcU{~k1F^(Oa|H|66BgluvsF0S)6o)wEpWSkF1qJ0{FFWKba#U0)GRP zF~7G;SAlnEPLHB{>%@LLD%xp@qS8nP35lK zg)z5U>+UZ8cm5Wy4r869dkk2vC=&LCM`!=ujDLCEN2wV+HyBpunWsHVPiLHuinb+3 z?HmH{!1=KBKo2xwj5Z}X6$(ED7O8Xsohm-LLB@cyl9J&_U2er}qN!MVP;jqCmjYrv$XVQ97(~cb>piHae8({hwP8--u*pa1JtDAzC7mA$&Zy5H+VBt3Z6KtXx`Qpk$muuFS~^rkt+}bQk|>zx_{Z1 z*x)HwgolfJJ}=4o4kS-@3wyt#1n^Ji(SF(74)VTB4Of6h@HB9;2-T^!%|Lf_e~QsI zaJ_tpDI1N$cq~0HPlTo#8U27^z~x)$Hc7z+mEgLzI6}sgY({%RNT}>Wx>XP+Zdu{9 z;NQ+YtTOvW)JcPm?260Ep-$)PW?n$u1w9232}uh$o_i%(U$jMYDBLMZ3kny;<-Oy2 z2lFMqFpu1ifn^B8xApOJb!JZ!Pr$x&FqjEq52l6(Qc6*9%YE{ffc;G(N#g$;2_f5RUmt@??e;T9@q$N4 z5+~(Uhd02>u@FNfn}~7Mx5g9-DdF!;y;2Pb<7=bNmPKeByybrEq&Z!Y9DQ-`$Q@wb zNeJrtP%Szd(Dvs&e}x=Ju^8j93hqLNRiZdS)C-6P@gY(5mk*+n|9J~+7KtBWU*7q;K8r2JOR8{y zVlJi4bN_d45$MYin(Q0}Wxak1beIxUsm`ySy!zW|`aPei4d_dEV?DY_sYM=KfBAOZ z2p5gXyh;8lh|*4adAG~26#vQ$0fzj0E)SCh1QsxRT;!D!5o)88c=J6|QBeZUIKuMs zAoX7%;qIgBhmNd$5Si_gYI56u^s0e24{EXIRd9Q364CkE1nUN@%?WsLLu{7nzcT`9 zPIH{rEB3>uRC(?@Dx|(bGle-t9ovYP0m`Zl5Xq4n(R74*=D&vrNhNs`_p>9XRv%F; zV<7$dubA~+v+BVy_#g~+aPpH z9TR@uNmJdozA9Aby<#mr{J;e57fJKagHtxWCvDGvR}b0GA#Eku&ZX4GdE_Pxdw`u5 zT;|M|>LJF^dfC?I=L4M2_AfU{q0!iJ#PV^nSMx{sdUx!fQ!{vTH)rPV>MQxbqqX8r zRScY@UNq}Y5cz*W&wNoiVkjdAMTJrxyvXfHj%m*nb zR>WZI{22M4tm93Z=n!}4eH^kj#`PvH#N|$KHjt(^w^-yoUc5tP zG%O)GX_NJDmrQ)!Y5>3@=?sj}$g&!>AsOv>u{LL6UsYHY*PcF)*R>PhcdL7pfmo5f%l4h$w#ydIG=ia;OGjAg#ZJmWM=+?|Bg3mZ+S-#-(LKK4$uL3{|hMFU^bl z`;K5IuM{va;GunAJ_(3^&e0F}63(+E?wxXWwUBT*^ZRYGmDz1bGLL1TrPYoS2T1Gh zMGvXhv66Fo({t39dK|Q2MU@`HmigpBlY~?ky7~F2iZAi+GyB#Widnsdmd$0~BKvHP z3p8+;>RXyJDv4m)A-N#APv@T8O$A(M!q+cP_3x-YrN{Eh`mKaMq1ZNB^O@_aV{4q;3Dr_s-4K6J9ms|u75r~TuM zDbm!@^^Lb-DxbK-FGukU_Qm-g*WD5*eZX2;^OXVk1)_t9mWgb6CGuW{Ixg+Ag^~aD za#$xkORVwpHy%#=!!QG~XN-L1jZof|@TXfpWA{o@@x6cggdH)ibH9qw?=)WO7J7vE z$U%nZZ``DXSRU&bT~?#Oo>qX!0C0IQu4;@lF7keHKYj4Ey}njU0)PMDA~pP=|J_G2 zR84`mpRr|>p!_&dP=P#1<<>2ad_9)amp{999ebzsC20$r!7dd$a``}I8$0=HZjl zaf$jCj<@2(==6-PMpKOLj)pDn_rii|YryJ>xDco9gl-FOvXL&5Sr zFpNZHV8~%(1#!qwXz7Br zzsGi+W^yq+`Yu=wXJm=wipJ$j0i!|b1&0sR7l)$&OMFB-YK z%Cf&!`L9!&4Tq!i_pf1313^)oV#p?3ET+hZg~{Xpy|G|YcPcnV;$hV>a6q6Tez!jr z(i-NJ?DaE53C6!qKL8G3@-t!gAOn`C_EW@Zv9&`1iRT&X7(`%K6p3E8>|FZq`@ls1 zwX2Ztr&N-T6AYY)Q)RfphFZt_n!UeOW4`$4@ZYc(P2m0tw9BIsKpJqDu|6ZgIx$H5k=L@!D&(QoveK8J z-`dFQr=G56-*h!Xo<9PV5xW&H2xl(X51%>uIp7cMUAAZ%>X|j3M;*NCNb}xX`+)w->UufpsNL*vamDX$R3i zkS)=CFP2@K8JUDkrvDhL=mFCOsOyOGKQFmQ;sHM}Tzd;@*LIAXpi`I_e9*I{hC7@P zE?hGx03F$*(YFU4BBa3iJ5U@KL6~lD0BOkwJCLEPs(@5fJ7kD2cOG5Uxb~%$Ckd&W zvp}w`kOpY#R}+M5e{@3?ZV0I7tQ-*^d}-z|#lIsrX3;$C%`3?(lMiK+HhuqSr?WyH@Vaw=#3dJ%~7wHKgs!*6-!Te~HvS83FE8sxb^X@aJ|{m~dLqVRo5y z6@ESm3g~0@K(+uOg-OT0%1$^7i$}lTVTEwM#g66)dnpuGE$xM8NSzR-2>BLb0t@ zr5c3&x=jFsP&lC0BDa{8-VRAk`xGFw=t5HQ8{;tRMG3HGhw`gIP@#Qg^3^V_5W<2h zrCP9Qbwgym-<%1-BmD}-W#H%XA3zIq!HgE4M;}t=K={+2DG?$hhgyufY}uauh`tYjhN8xJjrXC<8ANmO zvn=r8P^>ne*zOwcooVbf4z`7Y*k3O0`_t_C)n|=x%ZN+?45Egt@;Ubf<~xj10Eb}y zLWUD+R%&?8u1y5D8c9655&&{InAP{c3X}**ef5#UbsrJ&iLqNd-o>Arn1@r#@}zOg zz(Fv7U}eOs$aB~#?m|0kX{$Zcroe+2h?^{7?8&(Ek96;fm|xXB3@4dwo(fOU4>LU`oVQBO(7CRLYRj1 zD_{AC=rDY}ZF?9akDXKu!k8ieY*ZWL5sK2)V3L6(V(ECbKo}Pb-sB;Fg4Z9{?f^=O zW^xP&K8lgl@Xh?HFJU?(lc`UQSqxZ-UMHRU9C1$8mJDP+G81&q9P1S)dT8I+_=24|n>AzhV*v>yR*o9y6KF4G>kcX*O0ZA>x zoM+<3&_vZDyW!rp+k5v*g5aLR`v?4MVH>&BsuZw+HjZ=}5Wdd5-$SFBbW7axE?{EiM+R((BDZDy%eLwGPoeB)23B#u$9r zzjyR^t~yl^{e}8YH^x?N?dhwFF$fh$Zb3cy#<*=B<*Qxo7ue#q7k!{E@x0W8fM|p$ z$GQRDCKBx1wW`k@;m^vcda$r0aDT^15={II-$M4YPRuVY)Tzy>5(r%q5c%E_Kzg{B zbao3m&bM8110m7`826C=OX|*5{9~ElQ7`+%U3pV~okJWSfoohujfH#vKDtIOeGLhN zMBJq7=_=3>WIW~}3Fo;*;P=`YtJ-PPa$ltk`-@HJ^0{V zFCFXqgHCnC)!1}^-2v9!*R%>zz#Xh6M^tb-HqnHE12ElugU!b>W+yrAXnFpP)X%*S*b)^ z*;OL`h%U|zT4DvI;#pv05k&~i5Ri*h`~P7@)sJk!9crI-52~=m&GWQT4qy$%5S=-% zy1)ZQSp)MYzJCxaMr3Qk%Rm%Zh9)KI_*P3Yknkv*>n9KLyorFKd3P>Act*#V6PPr! zlIe9Hd1nY>Xk!3YuX8!b=VU5scVC4#AtYUN<0Yy$;Bv5^eP*pBopR*Lbb9Wy&JK3z z3m`UAQJUS;blQ2wRc#^XePge|EnC2D|F)j0sRI6YH$p*Zr!WDiWD}djp!fX6c(QpA zBXXk;xXP*0#|GMVO9PvY5)hUf1Q@37$7b;&#~o}WcrD^UZWk#7xF-h_s+ivhp3#P+ z!hmbcI0+ZHiUvzo5iunP-8`Z&4iDhDc-O9nNOGtr<*anKgxe~`alZO}3#CpW;ma8( zQ=yt|FRgGa??Ldzr#i@v`O8~j-g7a?;I#A|k!suzgnD;L6xfRc5Cnr)GOZ*a0yN1S zgpO4$=bUGE5xfqBQXd7m>LNf6U8T;1jV6g+m(BYr<)5<BQ4H3;zj$LQ)SDplg!*~iH-AD4r z_^%pZC)?ya)~c#tb0U9XL9rg1K&M0YbLhdWlHenst!D^-Vb7>;cQ8T^BpJR4L|k32 za<)R3XdVPnyZtf4V#F0*ggx?}t>6d>SS**n#fZ^lm!vBrftR zZo7Zaa@O|wZs5QBebv;Q|C|Xh|d`fQM}0kqh9z%0bv5FjIZ-) z9lv>xu@A{+$RB{q+0aIZ9&sw{dYGJeUYw^dBRc}ht$*bbJRw@t)v!2PYLuk4@$mWQ z=_?p`z&J^ra?3w+HJ)gHp$D8aHV!`TUY9pT<#1rRQ$J;jt5V=5 z&&$E;>Y_thyJ*V>!zUKvc%J{cL^V;4ZvrGtR#(IMudIF`P(u!3ZS=vc6Zopv*tEOl ziw7Z6XD1eYvSqwKd2!296~rfhO`Bel@9^y_500iwN)22$6K{^l0bp+3u{Rv`h05?u z8IGMh_(aKafr4Phx2X+}%YU*sKu`-po>eT6h|xKELCq8O(whfw?db^mFo$4bav^7# z`Vrj{y|`b5r}AHO&NCrUAzjygeBk^`tIG&n4?l4(pr@moG+up?0a14A!^^XXomf@1 zr#Zo5i)?CSr~sUlhKg2%K&4&?Wt>lEp}+c@utaRjsk#@KxS3gG(SS8K4n*u^35@sT z0!R3Gf4?K#un}bFV`NV1nx=vuWbQLU6HN!CQ0!t^24D&kFlb8`tS+9Wa=FbuByqaw z-0ug0Jiv*Kj~e6rdCBjmb@d7UJ2gLHw-3FEmxJ%zIW%E%_}$k_7pY%T-px~PY442Y z|Ffrs{Zfsy)9W6t&8@SW%LDZTdESflpSefAY#=`@e9;K5S`^wpiA~hY+L$R>&3anN z;m;YzazmNTOEaKR%HVdj>?1Zz2?WI^UIY;3V8<%3$3G^w%X58=<|nu&XZ@XazlTvI zbFOS^96C2LnoZABWt-gjMNrxrO~}qCYBD(RE1%icZMX&4b=vzxjM+sU>e4}EWQ;|h zk-nW@CjuLS$MQ6hkjPYA$|lslRy+G$^(S)Wv7UOcGTU@mr0B!6;L_2qtC#?AI0~U; zPArV}XUrZ^&ZNqW?5LwCI^}B@#6IxHsqwpx5~4CnK0;R|nj;;Pp~-fwC+ni^R_YRN z{AN4a0bo;ppc;0N;TzF+k~4PLEIe@lp{bZD@{J#nLE{->%ReUeG@7&Jne^*I{5p^Y za#k(8fv(_!o2!&@8witd8YYgbE;;jf*FGpYTA<81v=p9s#b#$s5HKJj_TCk0MZb1Y zH_d5F&Hi@w6fc`}yW$Z!8yt_bVBV$Dc{^)+q#K|FkvMS+DuLMuz+hQ6=Ljq>OIGRw z?1~Xc|>`c)I z0`TGfHNU@xaSC<;|ND}+hcSBLzTu6|;NEgk2?#WO!}d^L9hxO4JS<~8((${D@YkdB z?8L{)GeiV{Eop+&*$&ftSN=#$Wz)q*_6l_4^XWG0_TL+KclzZokReqD?ua>{Kf7Rn znGTXCCgU`$mLPXca&-`UrOAwu8gx(WiL&0Rm-yF{aNe|!q711M!L`1+Jr8`q{~Y}9 z+z1&`eKor`|HnT5>pOsA{W{%b0N%m3!o@Ou^I!k>m&FD^~vm0OqK}WhH0T6(5Dc+2yF-pBM&3_XAg3=7ZoB@urO#nTu3Zua`SNRC~F7T3+Q=9!!zB)+zQXWplgJczd&U1p?V%fB?%r zd;tnqLBNdpbcG>hrq0;0f-CPT=(gq!KVZ8);rI5rad`na@x2Zjd+*5?W3|EH$Sufn zvJ;b?mPb)X`=XJ*isSr1Chr)z4FLU22O(zTHhu@lC%Q6-wwxf^4n&X_MW6OkGSMO` zy7FQIvbY0V>#NthEn7l^>Elxw)Wz;&|hod6jR!=CF0 z1^o2cQ!xYN9`7X7{+?~*4dySQhYr<`LPR?WIj~3&LWK(Ho%k0Z)0snk9pLpAi%Zbg zKuaY(;TzV>jic%!|D1gQGHz$S0>*y(8g4l~>Nq(}s*m)?lAe0-5)VQU{&NLnIs=|% zBxbL;fGk9j6R1)**zB_7uG~1t>!;5htw{Jh-8^RzKLx0#ZMjX}{eNwN-_r`aq2#{2 zv68fp!zgGr)B_}x0h$mV$}=4$XQwU@ID+vA=Ku_fDb%zGn@?OGc4KLkQIu$2$!Gg~r-?X|O z@^;kFEb%42UX^wnIyzXQKJhw-V`|{_jz@p_4iQNZG!WeY|w-%dm5B}>aM=& ziZq`RW$+AWK}5&}t-d*N>*nM9qBcIIGgrS(JDENN0bQb62;e39511Pi#a?Lf6sDdF z?hOF-K4Ge#06ix?E4>YQtI)Va_^3kE!DID6v&;ImnETIZT-0O_b*lE-6f#yoQk>zo zX-_34L+0_`bUNX#`b+}3pnvfAVy(~PTRYq5GAp24L-FOlTlPkD>JkA>7egHjE6&0MS(kgm_1M#Wsw>Y@6GgY?|6ykcr4?RRbA2o8Xz zo5RYrbebxSXRL0=*hpW=G@t3#!Htkou}G^v86!APTj(+2+yUskdc}N=KMex=K{!2zHR__}2+(p<6Xz zXs3SO0M0PW9?HC0$Wu0b!f}1x{FXemrmt`t-64br;}RPX%Shlnzxs4hZ2Ug-t- zPMO<7SN0cxy5x3mRoguNg1NPmU+#g*!5f#V%0q$@cP}5r@?`P&l|4y6JA7we6fMy3 z@DgCh&eJ|z5&o7U@n(h2w#C=R1Jv%&KMab{r*m>S>+eeVnl-Z2>}-FBV}1gCr3V+N zlE|m86)-J!Qy$-QZ;~EQs=xRnQEEqRT+9RCk7X$C;DCGk1;aNL#e@FrK~XBb2Mw8L za-k{m?CsC2q1rzn3u=+L0ELZ%pH!G`FJ(BEm{8neyU6fJ@4kEvH7{qq+o!Q=?f9!X zr(8#==W`MB%?jA*NvL+*>9PyxqzQVXUXwT(uu|U~dN^(@u~Rcp5a;Ja8)nqS+MYJu z=V?OCh@&$wvV9tsxkJAyfUkc_rkfw2hjkZ`_~%Y@z)fOX?@gR@6za85h)!~8J8YM@ zST^j)94L+NUD0esnf1`#6=1YY2vJddEC@zkB;EJH>!UcT+IY$#pd7ZmCv!Kit>Vcm zYs#HyH+?k~tKy`>qBMQkNBi!+x0?# zW^HmW&*_hTX}IT!H#|J8Nn@ldbd zKcYL8v5jj+pdYRKujY z)xwaLcdkYVeR$r*?$Y90RaJAlTn8^6liF?)N5q7QSy4|!jVEKZ@{1*|l14E`Vt85R zFnV{=n2WY({Ktwbwa@&Du_YhLOanhofwPwKOhM2k>th9KW-Uqo1P(dB@^Lg-(Dvq+ zs`(DBJJpdFv{s*3Yh+!2o@2uO$iMKF`LviH46dX&f~cEgd4Niqbl;T6mcP4(Pp0IG zL@OrY9JIAqiIe0l=7IWtH6DfH5EaY0V+%lOD~$2A0n_u#;Z%a}>YF79g;Wo8Q%$UI z?vv$O-e=hx>VUaDStoqSUqg%y+aE>>DB0q0fweRGkXU@@iMlOPpS`YRmSiYjAG?yI zX&YD@pzJQcwIR(I@D4j!iEhoiT!F1T-OrOGVrEnmOw6!6to*E0Pfo()IOy^^3fyyS zvs>~qmz3#LJn64v8#K3B}^R;Hk2sj|;d=qf7BNcGB5BR{TLCEpgho$Il4M zX)EVZF|q;oO<=TId8&U2@074kk{%vb6IeZ{8amCOZ+V!Hawr^fDTJH_8LjA(FKT&V z2Vv^$F<07Da0LD>3g!yyE$O-H#a{Y%2T-@pafHUVV|hxgZ*0pmt7 zF$DX~1&`I``JiNQ)jdB~bxmkZGMgXAcTjwuHa;gbpXSig`DPK1bjkr*W`>IA)Lw+6mDeC7#_^rh#;8*l3x6+Eu|gLDUv;&d-v%CJM+(ED+iju=-O zKU)%u!P@<_E8^C*VBaisq~eETay!dnlTF%Ggo%Y+fwB6BbYC7R!|}F+Xm_~nJ$5u$H6AV+Ki^Y^K)xU~Qd7;EnkvTJ3n6J(UrWP#sFXYp zds<|MBFg6o=1amhUWLD+!*OWO#L~C0-%{bD^|C~Y?oY3@JMWx)eVHbL<{YjXHg{No zLj&_QQkRLG2w7ck%ReBNQ78*<>9zcjx$!ya!GxxC_?Xz>4r=svhUm?k-UNkKm80oi z1AjDqX`h~MKx?q5=4QF+_L-pxrR^=6Mn=oyR1eoHb|sT^p_6+XlM`Zo#-d>in1#Wv z2%oKzHdvMJvjJfaN>K$h0Y&cs6p_2wByV)Csl0N!QSW#6$~3*v39qF3AdvTI8b<=> z#%0cQtY0W|;a0S@wJHHY2ow+egR7v!Q9v}R22Wh2-)GxoNQGyW%d$@@bnuV9tGgA% z1Fji$s7ER~r&tt~_rxer!z}z%6J0pzHkmitVq6Aa8S?+8YNNsXh7w9q{0v>R@ZMp! zql55Tq_>aNU_~+80&hb|BQYa<=ezBLAP(0(4Wd?5K`PX{_w=EcwnXt;xX_4X4I8*SFyR>93IcWS7#L8kantsVhGx$F*1!O?uiYrw%d5>CvdB z0ZwSKH@*2xB||b>=NbsA*|Tl!G4uMuWNjA)@9?!5(Zi1ZFKX)yZN?!l9kj8?^V&Bn z^8JrL3RpQ_iSO2@$2JIU9auQ~(v5H~YT@DOY5e@>gg|n(0RSvcrF@w+c3@A*6;p^L zw_mP{xYt z_fYz8I4LyJ;N@E1scWrBLZOe)-OGApyjj4P@UmGY0hH8>V?_0sw-kwEQ_)ObMkNF03XCC{U5KCt4Q;c?&^g?`J--F6x$YQD}tJKw9(|6=FJnfU;Fv^pyfjb zY`@()IQ<)$7*|3q8yYlO$mf}7j6@6ekO}6fCJppn{*qL!3Tq;t(jzy}qn_F0AWF0w~MNe^BuAxFea@an54ZKU?ZoR$mlXO7MI%2Olh+Ey}n1;0%T$6D5UVoor6e$o&Aacj@cJO zFcXp*xtv7xG}DAj%l0$3AB<=!zOlN+Q02WW)-JJK04facz22&2IzFvrUMh^=H3hO> z&UL9{OwPgFbi_EW^2!OOGD~Nh5Y$@Wb+=OH2ZwHT4YbW|*Vh@iS^7%gqAuDJAMD#| zj1Z$(;!i@^sFor*<2#42X;qFqz-QR#~ z`800XGm`~smcFG>V0}8=7Cx&akEo~A%B8k&{ekl{8LwOKTx%G7% z6jWE%V8dGCWThS+&hG@34mjy6*8InPcK7EPEn0*D9p`)^H=J3RlpyaWSYslt731*)#aThDwFJ#n17N}Qd){b2Kn zV(G<><$Hu6=Wd-C4x>`7u&|f^Ext9SyrMtfa;IEA>R$J)HVMwLp}f0Frjw<)^-H(L zYW^VChMpTqF0gV(aJuhY8RfO-gL0^(q6S28u|JK?$bC^?WRhp%+c85I&Zc@p*IbVEQ!5OLRp z`?@Fi%1#(S$pSo5!juz96g01s2a<+iK^y$nhpZ3U- z=1ar0&Z>MB;JfLR?W2sB-n}quxbz8hoBW=X`o>5+#ew>56xlt;Z55j0O+zSyzTXe? zZE#~9?yEgGiBTHYqWXGB{q4`M(p?t?0acJELT(2du@1Vwv(wdsJOe)Q!`E=l-4@mL^DCD42oO*x!w!qb{+lGHXA?OKY~6$ zkwJ^8Z4b%;8PtzvV3l04PIK-*cxQTiT)ODL7H6bZmS&Ik(8NdmSd+hP5O!TC5D}H) zNOO3KfA3xPna$_spuaprBOyKh+`fZLAf!tQ7uW(1Osgdxok{%38;@2v@Ub{e`hFNLc1jV#rK+MiiB@ zbqrLBQlkY-=7VrJBM`2bvgl;vfv{aojU%7ks>VUe}s_c@Z zeDVQ=dDz5@w2r+NSqo`PvnsPb&O;wv8!G9)xi0iM+^d@SXkz}dOPU?&3$L4!nH&zx zog>L7uXzVhrXI9j^c6q)JbZOQ@EAPr*~&vq;_#^j8D~l9+&#YA!dHGO=@Kle-xW*8 zdBeCHKV!Q}Kj`~Gpk*0mH-v=#2)Rx}xfEIut0L^ft?wm$MsZ zaq}uBG0k^{Onf_qgY$KSclu%kh8IbKG&)&~_;&bh1JWWZ*}+?WaeMBKu(?x#0P{$! zJ^tik3torJF~J*lpHUy_pMKAi?=0*bn2_aafB&eoWnpxC@_`-ZLxbTBnEVe+zt6sv z%QGeAgMIk7k0hYv_gU8*Vep&CBQdA4vXX0V4|WajtAq4+ZGrvkS58ZEhs!2~$NQY` zjCSym&TV}eFm&#HSZL}LJA6HM-OeLEDl>inCGZ3FRRv6U)4u+Et4)*}q!_k=J(JD+ zxnpyukrTtG&O*+&pZUS&9%llw06OokRQ^D9J-KNl?1d2Gf85{SW?<~~CGkQ3Yh>p) hUEerNMtb8K*UA0ziq92uvbTVrmAM_d%+&qz{{Yw%NY4NO From fedd1c3cdfede2deb8cf01d06b93671b26b8b06e Mon Sep 17 00:00:00 2001 From: Vivek Date: Fri, 18 Oct 2024 21:53:19 +0000 Subject: [PATCH 22/33] Revert "Update doc" This reverts commit 38a58250e8b84c43b7582623aa93dfa574db0d7c. --- .../high-availability/eni-based-forwarding.md | 288 ++++++++++++++++++ .../images/case_for_tunnel_nhg.png | Bin 0 -> 65680 bytes 2 files changed, 288 insertions(+) create mode 100644 doc/smart-switch/high-availability/eni-based-forwarding.md create mode 100644 doc/smart-switch/high-availability/images/case_for_tunnel_nhg.png diff --git a/doc/smart-switch/high-availability/eni-based-forwarding.md b/doc/smart-switch/high-availability/eni-based-forwarding.md new file mode 100644 index 0000000000..41e59101f6 --- /dev/null +++ b/doc/smart-switch/high-availability/eni-based-forwarding.md @@ -0,0 +1,288 @@ +# SmartSwitch ENI Based Forwarding + +## Table of Content ## + +- [SmartSwitch ENI Based Forwarding](#smartswitch-eni-based-forwarding) + - [Table of Content](#table-of-content) + - [Revision](#revision) + - [Scope](#scope) + - [Definitions/Abbreviations](#definitionsabbreviations) + - [Overview](#overview) + - [Packet Flow](#packet-flow) + - [Requirements](#requirements) + - [Phase 1](#phase-1) + - [Phase 2](#phase-2) + - [Architecture Design](#architecture-design) + - [ACL Table Configuration](#acl-table-configuration) + - [ACL Rules](#acl-rules) + - [Handling path loops after Tunnel decap](#handling-path-loops-after-tunnel-decap) + - [Nexthop resolution](#nexthop-resolution) + - [Dash ENI Forward Orch](#dash-eni-forward-orch) + - [Schema Change in ACL_RULE](#schema-change-in-acl-rule) + - [Warmboot and Fastboot Design Impact](#warmboot-and-fastboot-design-impact) + - [Restrictions/Limitations](#restrictionslimitations) + - [Testing Requirements/Design](#testing-requirementsdesign) + - [System Test cases](#system-test-cases) + - [Open/Action items - if any](#openaction-items---if-any) + +## Revision ## + +| Rev | Date | Author | Change Description | +| --- | ---- | ------ | ------------------ | +| 0.1 | 10/05/2024 | Vivek Reddy Karri | Initial version | + +## Scope ## + +This document provides a high-level design for Smart Switch ENI based Packet Forwarding using ACL rules + +## Definitions/Abbreviations ## + +| Term | Meaning | +| ---- | ------------------------------------------------------- | +| NPU | Network Processing Unit | +| DPU | Data Processing Unit | +| VIP | Virtual IP | +| PA | Physical Address | +| NH | Next Hop | +| NHG | Next Hop Group | +| HA | High Availability | + +## Overview ## + +There are two possible NPU-DPU Traffic forwarding models. + +1) VIP based model + * Controller allocates VIP per DPU, which is advertised and visible from anywhere in the cloud infrastructure. + * The host has the DPU VIP as the gateway address for its traffic. + * Simple, decouples a DPU from switch. + * Costly, since you need VIP per DPU. + +2) ENI Based Forwarding + * The host has the switch VIP as the gateway address for its traffic. + * Cheaper, since only VIP per switch is needed (or even per a row of switches). ENI placement can be directed even across smart switches. + +ENI Based Forwarding is the preferred approach because of cost constraints. + +Packet Forwarding from NPU to local and remote DPU's are clearly explained in the HA HLD https://github.com/sonic-net/SONiC/blob/master/doc/smart-switch/high-availability/smart-switch-ha-hld.md#42-data-path-ha + +### Packet Flow ### + +**Case 1: Packet lands directly on NPU which has the currrent Active ENI** + +![Active ENI case](./images/active_eni.png) + +**Case 2: Packet lands NPU which has the currrent Standby ENI** + +![Active Standby ENI case](./images/active_standby_eni.png) + + +## Requirements ## + +ENI based forwarding requires the switch to understand the relationship between the packet and ENI, and ENI and DPU. + +* Each DPU is represented as a PA (public address). Unlike VIP, PA does't have to be visible from the entire cloud infrastructure +* Each ENI belongs to a certain DPU (local or remote) +* Each packet can be identified as belonging to that switch using VIP and VNI +* Forwarding can be to local DPU PA or remote DPU PA over L3 VxLAN +* Scale: + - One VIP per HA pair: [# of DPUs] * [# of ENIs per DPU] * 2 (inbound and outbound) * 2 (One with/without Tunnel Termination) + +### Phase 1 ### + +- Only HaMgrd will make decision on where to route the packet and write to ENI_DASH_TUNNEL_TABLE table +- Orchagent will only process the primary endpoint and translate the requirement into ACL Rules +- Orchagent should also program ACL Rules with Tunnel termination entries +- No BFD sessions are created to local DPU or the remote DPU. + +### Phase 2 ### + +- BFD sessions are created to local DPU or the remote DPU for faster reactivity to card level failures +- Orchagent will switch between primary and secondary endpoint based on BFD status + +## Architecture Design ## + +### ACL Table Configuration ### +``` +{ + "ACL_TABLE_TYPE": { + "ENI_REDIRECT": { + "MATCHES": [ + "TUNNEL_VNI", + "DST_IP", + "DST_IPV6", + "INNER_SRC_MAC", + "INNER_DST_MAC", + "TUNNEL_TERM" + ], + "ACTIONS": [ + "REDIRECT_ACTION", + ], + "BIND_POINTS": [ + "PORT" + ] + } + }, + "ACL_TABLE": { + "ENI": { + "STAGE": "INGRESS", + "TYPE": "ENI_REDIRECT", + "PORTS": [ + "" + ] + } + } +} +``` +### ACL Rules ### + +Assume the following ENI attributes +``` +MAC: aa:bb:cc:dd:ee:ff +TUNNEL_VNI: 4000 +VIP: 1.1.1.1/32 +``` + +**ACL Rule for outbound traffic** + +``` +{ + "ACL_RULE": { + "ENI:aa:bb:cc:ff:fe:dd:ee:ff:OUT0": { + "PRIORITY": "999", + "TUNNEL_VNI": "4000", + "DST_IP": "1.1.1.1/32", + "INNER_SRC_MAC": "aa:bb:cc:dd:ee:ff" + "REDIRECT": "" + } + } +} +``` + +**ACL Rule for inbound traffic** + +``` +{ + "ACL_RULE": { + "ENI:aa:bb:cc:ff:fe:dd:ee:ff:IN0": { + "PRIORITY": "999", + "TUNNEL_VNI": "4000", + "DST_IP": "1.1.1.1/32", + "INNER_DST_MAC": "aa:bb:cc:dd:ee:ff" + "REDIRECT": "" + } + } +} +``` + +### Handling path loops after Tunnel decap ### + +During HA failover, the HA pair will end up in a transitional state that makes it ambiguous to the switch if it is active or backup. + +When the HA failover happens, the used-to-be active becomes standby, but the used-to-be standby is still unchanged. + +This state, although brief in time, may lead to congestion, and packet drops on a switch. + +![Tunnel Termination Problem](./images/tunn_term_problem.png) + +To solve this, ACL rules with high priority are added and the redirect should always be to local nexthop + +![Tunnel Termination Solution](./images/tunn_term_solution.png) + +**ACL Rule for outbound traffic with Tunnel Termination** + +``` +{ + "ACL_RULE": { + "ENI:aa:bb:cc:ff:fe:dd:ee:ff:OUT1": { + "PRIORITY": "9999", + "TUNNEL_VNI": "4000", + "DST_IP": "1.1.1.1/32", + "INNER_SRC_MAC": "aa:bb:cc:dd:ee:ff", + "TUNN_TERM": "true", + "REDIRECT": "" + } + } +} +``` + +**ACL Rule for inbound traffic with Tunnel Termination** + +``` +{ + "ACL_RULE": { + "ENI:aa:bb:cc:ff:fe:dd:ee:ff:IN1": { + "PRIORITY": "9999", + "TUNNEL_VNI": "4000", + "DST_IP": "1.1.1.1/32", + "INNER_DST_MAC": "aa:bb:cc:dd:ee:ff", + "TUNN_TERM": "true", + "REDIRECT": "" + } + } +} +``` + +### Nexthop resolution ### + +Nexthop can be to a local DPU or a remote DPU. Orchagent must figure out if the endpoint is either local or remote and handle it accordingly + +### Dash ENI Forward Orch ### + +A new orchagent DashEniFwdOrch is added which runs on NPU to translate the requirements into ACL Rules. + +DashEniFwdOrch should infer the type of endpoint (local or remote) by parsing the DPU/vDPU table and saving the local DPU PA's in a set. + +```mermaid +flowchart LR + ENI_TABLE[ENI_DASH_TUNNEL_TABLE] + + HaMgrD --> ENI_TABLE + ENI_TABLE --> DashEniFwdOrch + + DashEniFwdOrch --> Ques1{Remote Endpoint} + DashEniFwdOrch --> |Observe| RouteOrch + + Ques1 --> CREATE_TUNNEL_NH + CREATE_TUNNEL_NH --> |oid| DashEniFwdOrch + RouteOrch --> |Notify NH for Local Endpoint| DashEniFwdOrch + DashEniFwdOrch --> AclOrch + DPU/vDPU --> DashEniFwdOrch +``` + +#### Schema Change in ACL_RULE #### + +Current Schema for REDIRECT field in ACL_RULE_TABLE + +``` + key: ACL_RULE_TABLE:table_name:rule_name + + redirect_action = 1*255CHAR ; redirect parameter + ; This parameter defines a destination for redirected packets + ; it could be: + : name of physical port. Example: "Ethernet10" + : name of LAG port Example: "PortChannel5" + : next-hop ip address (in global) Example: "10.0.0.1" + : next-hop ip address and vrf Example: "10.0.0.2@Vrf2" + : next-hop ip address and ifname Example: "10.0.0.3@Ethernet1" + : next-hop group set of next-hop Example: "10.0.0.1,10.0.0.3@Ethernet1" +``` + +This is enhanced to accept an object oid. AclOrch will verify if the object is of type SAI_OBJECT_TYPE_NEXT_HOP and only then permit the rule + +## Warmboot and Fastboot Design Impact ## + +No impact here + +## Restrictions/Limitations ## + +## Testing Requirements/Design ## + +- Migrate existing Private Link tests to use ENI Forwarding Approach. Until HaMgrd is available, test should write to the ENI_DASH_TUNNEL_TABLE +- Add individual test cases which verify forwarding to remote endpoint and also Tunnel Termination. This should not require HA availability +- HA test cases should work by just writing the expected configuration to ENI_DASH_TUNNEL_TABLE + +## Open/Action items - if any ## + +- Will there be a packet coming to T1 which doesn't host its ENI? Theoretically possible if all the T1's in a cluster share the same VIP +- Will the endpoint for local DPU is PA of the interface address of the DPU +- ENI_DASH_TUNNEL_TABLE schema diff --git a/doc/smart-switch/high-availability/images/case_for_tunnel_nhg.png b/doc/smart-switch/high-availability/images/case_for_tunnel_nhg.png new file mode 100644 index 0000000000000000000000000000000000000000..bf593f2f42cfd1cee1d974c79eee717aa15f085a GIT binary patch literal 65680 zcmZ_0cOcb!{6CJY2q!aS)vavGjEuNaWMpKMhQ0U5CJmt!+1s(n-m9YGNVa1q*_2u4 z@A*FJ-uwA|KHq=t4d=YiYdq)U@pzs`>Z*zqWK3jucz6`ouKulohetSxheu#YN({eg zOfB|;|KU4pD9Yg#cAlKW!(+$0_V;Bi597sAl2>$ndj~&?h%WQq>b-UC@29Q0r?iQ@ zk8*EP*QRmu529#mTL<^unkn;$>6kaiirp#tl61dVol27-Zw-9B>L-1!Q$n(%UTABq zdaHB9GkNBRo~e0f!kWaJlAXyHp5HoRh1xht+5Pbd{?~uhMFKoYCv(k|-~F#YAukul zmlHQ8Bt*&L;s5{tlglehs&nsFuHygx6H3+}74H6j{T?rXn;g}m&G>5m`2X=p6npR# z%m4Lz*_4k2!4BHQSzgF00v1W@zPFHzSljR=YnQ72NKp@v_Sw#mJIl9pm5BK1KM$B^ zhZT~zus(u~+*L{GZOZOlNcP+R_4ulikFf&Plo=uF;TiQOT}Afe4X?2p%L;w7@*?xR zm3||kzfY>1jy*W9Kuk>@_M*Wt5pr{Tmgp9tUd{<7rT}TbbZu=8Al27+eggAM{}}%M;><*d^=ZZMGAkn6jeU;du}=clx2kgZ3Hr8$)MGjcS+VbZl!NT! zhEs|HjK#%l28)HoURH46?kUn5U#`lKN+wYeFW?GY7u6Kms8)-w;FcWE0hJx0-qUT- zE&)Q+`&@s&iju93OLl`2_kTK^j%=TQ-(!b6q${v?>)vOXCZz0<%J>5Jd1&kALNByb z7&b7uFyRw2U2ob6jlPk7g>H$_)G&zR(kN~N@5}Hw46{NbT2I3&4rn-O8@L=!dra{m ze`GRfia)Qz8+kg+dePl~47bj^^8P4(=BdAV;64M?1LP*-quJ+3_{k7UlWiarmM>I4 zp@@npat|0gh3qRs4PNhaNA3x7kGcfg9PI|-Uq@47?WfuzB3xw{a1RwOluZ>3Z#>83 z-Z96Bd(t)$>14Oel`<5V;VWhK6HTudU&Ih1HpzaSoj2_C!zrV~^G}h6^WSis$w5AU zh`<#8Wa;?FZ(py#D^n(kNWU=oKAdC6J@N`6>EwkA>cTYelt?`MlPmbRUtc7^%DYsK zx>-B(c)xvl`h(P=U%U_iTWVl&M>ZkCFpDj>UJ%k#)pGV_eF(d{tIy8+(Av`SgG;i- zCFC)91bWo$!R_4^pKrn?mCHKNpOg`w-gZq{L)N87(99k_KWqK%cUK;aOgRlaFB(U#FpjYVyw6)s3u7# ztdu^zL5}qS%`H*GHxyhf$lp-!AHt1ZA%1Lj%3s!(NcTb9_-phG@fLGfu6yZ5Z4Oj}t7CxA7c4 zQg#Up!pa;Ig&g5?!ofWBU;O;Y_E4PiO$Y82p+Yb4-}B+#M*0GYEClp1$QH_JCrHxu zt=4$q>Fmh_yGBu;9MJ=~*KHh!HAYCPDZo=s5$(#Hc&(=P7Xt(CSYB|zBZ!$Qf1gnn zTvDvV$OG7&mVv)KV=mwIJ=`;PgQ!-1Z@C=Va-xVDa;-|#-{qb=^WOYK!`YP77@ zPx&!BTvHVK~46Jf8uZKR(Z`hs}J=k44ho$K| z*j^|amRQKYL(X4y>y)eC-o}92xX;!Q{Mx>qxAgic*IeolRtTBZ8!O{7HxrY6w{z-O zKk{tu@2u1=#F+Sc8r*xSov$3jZ@YZ($#4J8C+VGh+xm_EiY__wkp8_7=aL5v?CbB@ zH||wn#K!O2UAk%Hs%>!p$Gbb_Ay1eznJ2=-*sxB9m=(Je+|wK*xju3sWyinE ziHAtN38hj*w-W5fJ`7n+iYs6{!C{g&D^<{cag)k4!pjj=)Hy!8v5Yat5|p@FT4pXSPF-ecG1?KRXekEFAFd88f2Otd9PbDN4{hjowFl zO{Gi+H_M&adh(FqHBV7pwmH3*nFzruWJ4=1q@iMlT&hWuySTY{PBB`9cYZiWbD&4Y9g->_^ zZcJwPgtK`o(^eVt0zC0yrw&(a>NHSw;_kz$c> zdAO+aJ+Pg>wgaQlvnUb5sxMKC5gi`Pj4_tbF&Z=b6?ggPdXHM0*G*m0t@o!R2JuNw zPAoUhBzfClL6jjvBw$PJQ9~>ypxcyNsCl3OXSq_P47k{A_NPUbS>vH z0@FF<9}GISvFNz4)0GrdV6FJS9%GeFV^<4E+6>q9pB7M)+IX>4`bpX@HoH}|U9|kZ zX6YNV&V;#5M{*u4kBWCzjs=a^(neOwN1o9d*V6O|X)NZ_TBt)@LDrcRth=g$vV;KC zXVqpe>E`n{vozVt|5|^?U{dyu-k<~HuX!M%tRjTnz4ztqql&do$=dPfZ;E_3^4`m! zOgR$7cpSm9?2WKYddC^Qsy2~NzVb}0O+~-K8I=eI`AB-DI?Zonzzuxy%@B z0x`C?_b!#xy86N-@mP6WY&N^fPKKp`Fp;kQgE^K5#hX~`;lkSG`AzNNyHP5Jqh8-2 z09c#&{>n5c%t`a_B%iF?%w`R-_bPNB4?aqBJ8|8sjm5o6{*thex)7muT|Ehv#4Nic z`0;Sv`_;i)K@^4-XrGNn7q+wBH8mVuEUenN`%8kzT9L(7YvI9x zu?ejU*UxSa{C&Z>uTg3hc|{FazMfuc6*~I|3GPLOLw*N)qXOlBm3eP1+u4_Yh&orB znYxd%gLS(M&>4j1#yY88`VnkEnR|XsRXtJKr)KWfBiDXCvM(n3CI+M-T9idyl$fwpPMMhmO z>ai6Z;^0NncMkK{^;KakZ)0+qj~)Jg!(_qlBrOX5SMKP_6I5`TZ^oz3N5>o zLxaAYw3_Ah^2W+VJZekNyB;n~BZH+ON-*4Xd&; z%Oa#UUy<{_krV%9HPIBXIncN-vigab;j1Qi<nBRHX ze(A_vW<+xFPtHX^#IB+MC5f^%-wnzyF^KyMV^BFO( z^H7l99j79?t$#K*g1bEK$MIud)))VZX*ipw6_0hX2#mh544Gp&{c+`|I5V`RO{e%& zSig1IUz(v}y!Gqd1?SR|Jia{2Vl;avCr;#ny`vg>A&f<`LS@E9JviD;R7`A`-oWNK z_Qzjx;(RfEm+82%I{f*Z_j?*_$yn=yIMc4k?JVytyEi(=cq&`L3H#}~L&h7PXbwux z{kC?I7HYe?6hL>|qh2&9lqgKeb+fAJfW*->%t0gw^Rihucd1R)sIW zhrZR|^(q}>&v$(I+DAJ**5);3#mqWh^#?Kb7DmYI50?2EWO5`huxNwC;|)FrY7Bj*WHS3d(-VC*hrrCZa>p91uu;p62YW>Z+w)6w zXa}W@c@~M81ZQkrq+@h?t{*zV>9OQXEp!w;kA(Q;ojS|vC8P#(A8`yNe^Q^OuD;Xy zLC1T+^IX>U_>3G!!n}GSgUNkIYoA=@z57tH>HDn&)2KQq2XOs@>b-sZRnHyVR<}t} zEq!f?XrzO92B!J!Zv_ET{v!qb_{XNpy4hMqz64N^Rnbz;O$0xpIak5a{ak}cDsFUI z##W1At^vx#ZXyrxmAr!Te*JF7*;x++RyRsM3^oJ(b5`Wl0~WYCP)jhGG<-)M^Gw=E>;t?I&j8Mjn$P{AC8_ ziLP=cL5;i90&Y-fRK4LWOQ_KO>|{t3ATifFT&sc~8(62v=2KSgW6TnV5p|hW7qjl< z84LU5IMrIcxznC-(Rn0Hth~)W)mn7Sj_n+oj{+ zpAVsUWO%~0o;I=CBfRYVmFi3PV8iOh@L0~RrL|8oVoRnKZ>g1aLn&Dv-z->gi7>My zdLq5Gw>56i7S1BS@N+(|$YwHxfpTvI+Kj2de3OIif&K=co$A70kd_SV_wOaw%svrl zDDF&@4DHujbgsF))aM-JN>A`g#5!7XT6j>J$O6gjJ8Hg8y{@Kba#d;+8%it&3XMM3 zJoh5WKDP&#G{<&YA8Gg5yH3DQPtS+1696ir4%=A2Ou^ca!ZiQ-z+fbr#C)O8Imc#1 z)R~2VR5;1sZ^&0!S$WDelJz&VLk;og#W6w*lKFNC_8rb*I5gs}@QLs6E#W7OcOD#Z zIL)u7(&H^>fReps2N2vC8Dcch=%0r0%50v5G)RY`HfC7d#LW0w&%V8*w;YN==kWsc zQI_!h422x1WD&1&Kpt=m{>dH!tNuZJ#^#r0^p?))hflAZU{hlXm3?#cr+n3wZGEi65rt6PJ}v;767!2A;|Lt(LwHz- zqKNnr{wF()?>x=-E}xX4Z96{21dX>29IfHSWu)GNj}?Y(b=Oq^c!kP-1fOL3tM9wakJcBE^hsxY%XVW#5wKtDY?J{O~ z^}4TY;Xr(w^YQngcqVsN&v&j<;}*CNTiIYcqK{a2$C=11Mw4cFg5E)WVy9;L6RY%1 zo&qGHBHu&6XmY{cb@=q=k$?_6E5PG8X-^1-6)6`W3@Mu^@cUoiX$!P}ldo602(h-rZ+D7q6KS;Veb<-`tP9F*`m}Xy>t~R%2dam$ z8rOxJFDoCj7joxoJ(gW2+T}1bj^3W}?ZU^^UD;3IAdLn+IpM?A4cVV^80wxtk26c( z_xK_-6<9i+OV^Y$X5=>X4uH%nVbDWM^19qI_FfW^-2MJ$3DR}k!Wy*rRXY_fx!6p? zRtC;pJ3ej}Z@bv7EbvsQ{FGo7#dbRxu zf((nACP?daHaME%8;ZnSVe$O>Y_sVIm9DdMDO4H8Zp}mtgV0BhnB{j$Eb!LuuC^~h zbg7W1yqGa7-p?JZd7AW#()Q_hfTgSd4G{Ri5#)C90b@X6IC`1RF#{3R^ zdd83r$;3)dJg_QT?D415{<4N(@KqXyhoH6WJut$TzZ}Jo3#ALlf8fCSphcX{KF2CS zw(~$frLgGRG4Z}4J$nXYk5s9x5$6h|X@-RIWizC9@&U6Az&FlI1E$CF@=G3XERPNY zs!;L%b>Z}N@kZBf<-pUD9|2_RQio5W5J_-B{7RPn9sI<_dNK~+t09`M?v89~5uWR= z9_NB``HhMg@9k4-hZa7yQaHg zfu2^P({eo;E8&O-2VdVAU74fRB64ut^2}2tMZ0aAv)`N|9Ljc&Lv~&PuyBc#Zy76Y z75{SGb9p~NVbI@_o@m|wqJ*uT`tlk~0e!Gqaj_>G3?Y9<(dZ2^<>MM}j z%M+|wTj#D8kkuN3#N)RR2cPh~b3F{BT2T7y#Im`=B9#d1rXxb)dMfS5-}`*1J3`Ez zBfoX_{1LvNN1kC<1YUOBUYpO!2p8X?cj7JU?PuH877E@0pa$xAQD^TuI&MI(ipXcR z9vox*LTUd>*z!5w>$lVj;~tPi?q5z}gnNDtPW%TeMPTn>hkHGarx6Q~3dmnM%JAYx z^ne$BX60Ma6W{u7iw@AJT{0yb+8pz?-!dsac2c}6OD)+>6Rlc~^yteCJ9dCYy%{O# zT_|cClW>{s@@m&H@wq2Zzy92|?DLi7t_NNr4o^25v{uyU0f3c#1Elr3NEL7tn{eiWD|i9K4DYQ-XJph**?p%! z`O%8l5%IQhsL9>FK2yYk6UvXLU3C677%sUyyBSdXEzVlM=(Ds_g!Fc{)XrilzlY|K z$JEo&N4ZG+9W8=V%-VaSPe*>C{>x(?8}LxIMGQqJzt+1O-s@*J9k}HHmWRx0ojsW$ zgtHJXsC<=wOmqnYLSG~sEmu`6_}(wg`r=L-5tYl;3x?a@;_dVAw1q2}@Q1i=e`;Ls zt-ahRF-Zzbds#1tb$Eo+_6cYph1*r`jc7xnt z_?mXC2$KDl=Bg&?jQtaa3T+_|a+=(4(vCl_WHjgywWaj$Z!Afv0k>s^@PP)ewsCJp z{Y*wOA;CYHkgREYb7|p4uE-Q$C+e%Cr|OJszp6>hbCxD> z%pg=_Mv(76E56$2@RvPH)J@xxNznz>^s2NY0FQ(Ymfkd$R0L0XH=@zRTYhVV zq!V8n$qj*{oJL5XnO392TX=z-WA2Fo`j3eqG}>%BxUqO|y!TG4)L4}>9qfc3$f7~N5+^k)Tm>MT z5{bAkG49Oq{YYb83UX0|HM8?Cq0!V$nUe*nzz6}3A&FEq&^-SS90Qi1^u@~A@g}7W zyFZU#ST(R|&mj;h_eWuIhl}Eb-L};t7)SwbipDXpyb{KTFYi z|1J3&Oo8dWcjzo{#ce*~p=~<9_E)?830p<>9fGlOv6G}xd#^J{aHlc-+AbA8ro_JtQY~ z;FVEvv&o^rC*(%RnvRIt!~1^-HPB&kju*g0?$J!qej_Rf+GnyUwFqUVKU#qG8=3SZ zqJ&4p%^J^$CG`TJ@`3bwg!Bh-4RYk@@d$1}IJ+TtA4zxFQLxU9iM`SfZGX8fq z4K`Y%;=tuE;0pu;7nzfPY8gjg!D`dseRb@}?I}UV%#{>up3b?}DSoW83f|`0_8g0Q zn_Sh$-74n8{Z+v`95bsZkxzQ<&(LywLW^Nc#(?k9bk07FdhFg!AT*$9zj_6HpHb23 zkbGrFns%j!keTraT&cgeoCMyF%HQv%VfEz%vqrA2H6@Xl>YFCP=U^emgmpzm_c0&a zANHu>PSgt=sZTT69C@<>A>dp$MqXP4kXO+fk=1c{ii)8)7}f*l1W$sbNVfc)eN?wEIE z`%^^S*Us~zPG33W_r}Buo~oZfukNmWif=uuOFA(xW_*bei2@UUE&s=A;PjQ~rjS?# zPCE9;6>D;xgDP{IARTRNosJH3ri$Bmi{4zKNv`m;h;UoV_pWtY-fHz-Ym5xXE8L!H zfsm6TL68up&!S^>*gLRaheC4;0uJixYdj%ZD=~2znYeE)Vm|9Jw@_QXU!GL{+GQTC z8H&Es)?b)<=_vBTtNus)sRJ{ZkaNc;yp15~!Cx*Qi((}>*{RO#N@O3zdgAzY@tCq} zDbG&w%;sZ*jp-QMK1*A9iIptXAQFR_<{;~yTewE_FZL#1hokHozYBmfQ0%_+f0v0^ zTLIA^L*e$9{b_VF+7mxvYp3+AY8j)7iUPC337x(3Q%51>hWS_0x(*hbep~X6y^iTU zBxCUiOc9f1KpyguNcXvZJw7*m6UE%?2#PuBTZN&1=gq<}CxyKcAk}uRKW{62)4x-pfmhbF@+{~Ru#}Vn|{~h8;HbMIq zA=(3k$%<)3o~Fyi<4)zjiR2q@1suK74*NkTXzMJA4YlxQ>~FjlEL`~dq0jo#Aqh=d zOj}NH$?kVccO5M4!ekXh0#tUU|JEDo(#hxAI(Ret@%v66CJl=#1PPkVuGyIKFTp;|yEq%467R&UE&$ zfQbHzv2?nDGy&)Vxl$YmnFS+-H`$XSk3`?x-qR zfZ^O<;S!3AyDl`@LS|~nrx<9?5y^&6P_-K-B85A;t3|K_ueJx#h>trT4LfBIa+cdH%G@4>}bizhYgUuL+Y{9lp}Vswd=$kB>~)NlmIdv zQ-3}k`mso7{DTs$%~0!|3&BJVHMg%u_}Euf`whHnin%{ z*{Z6Ft_g;nh8Cm^3K@3%CFa~lw%rg$hdO3l>LATPlsYU^vH;-V1(Xo3vc7d?8y4v0 z!?deSQI=8KcWG!L`4@EtW$31a$8e@~<}h{r*P1c)(+Xn;_FqtuV}1iU*-&r@kiv&` zu@h_uEJDTauKbLQZcp~xo&$Z|*(WmDzhcs@e&v`o&D}9p!kHeXeYWS*6^8GWn(8w3 zMJr<~ETMh1{0Mp6kNrLL-Z| zvDtnM1XGnw(#u`Uu%_QXI4^QoVHCS<{ z30_Tv?5n0QMxn)4X8W?e&EZcH?#m}13wv+cSliiEAUH0fVyK zZS&2yG-|JwjU1YZY|Hy@mQsj~bbSL~6zfXL20XR$W-bdPD(@+-Z8!1bVpS}_-{S85&QsqOje>g1iejw;1Ykz)u zGP+^hg-ArI5%zwdVB;hJEz4sW9|1F7ggul2*3+q-WA61y^2@{1i?DbqpI*TJZGh(N zHQchPnae6P0qXqKg7nZym#)jAKHKY}pY-girx&436!YQLYWVquTyk%{X9?kZW9k5? z>Ce$bXPjUvWL?@4b=+?6_ns3OmA3c9E)*m*9~)-tG>K5vU+Nw)RP7sq&f?HxkUbuS zY<9-~DjlhCoWERw@80$h&<+++VCq6|0~G>>0k>E(bK%O@n63Ct+t2e;?CT57xD?1` z1C2N|>OQ_?mV4%gFtaUCr4{>oJHx=n+#(mKD~=z^ioGBAbPH=;R6R~kPvlOvKufm& zO|0>?n)I)?s?xvi0`9kCGg9Sf=Vnkm0-U|u8w#<(*KMrUQr??o_6@&U3#-2|NkTu0 zu%NaS8-ZIs(1aE?sLAY=ZD)DL~}304ZE#>RvhLCJxT3ay;B!hrLAMsCkpI$|By#BbK}9j zx8y>8sSPyzWs)m(J%x3vN@gt~v)mrc>#{!=+jEYbd&@+{zn$za6V}69wOQ|_2bIR; zVR?yLD_(#E^hte3liE&2x&CKz*f~Iou_3bX(SU@1{{0?@;mw>S>UjXF= z!sV5MpymxmTG{EE)ho1|03VMJ5N@LlwvLZCy_m%vQbIx^LY9*+I%gGBe~YW=QI(8U zJ@b?s*fS;$L(=Eb$yUUMx{Td-*qFP0WNG=5sgA!AalAci>~QN4(g#aHN)=nE@2nOu zJ*f9D{0TBaTsidf#}sDRK|fS9zkU;20XmOC&zZfFOMS<_n{xaZM_6JxHR3*FNBuFzoAkQ3@ZEpPzm8INO>VigM1dB>u(4mED92_nI!J`cg=)Oz zB3mdk)KR`s1jnFj%EmDwQ1UK1d7gXeNL#=$$Fa8`3y%&fhD&|r7MlLu(Bk57AQ)yH z4Wvx1CIheS#nMmM=gRz+QeNv0lkx5?Xm@8_P$tNU4ciF0KQc?3^JQr*2HyOpic#rM zS#mrUU2NUt@1cC6Uh2C`Q&3BlIQZp6kQpIA1cumZ=`371TAGmsd87HEC=qu?IRcZmDykjUE+Lhk4kxO`3tF;x;LlFE^R*MDHOz1 zJ>j;m--xzt+}o@GX-Li9k1}`T5joPWCt6#tZO2dhJeWp1j%R!=FghKKC{SF4=sK@X34uh;@Ut+XITcD6jB9FR+X(u7N%CFHzx zi*sdqOYT6Hj8|voA&4c5-|i3KOcV_u*Vu;8-OSF|iEYrioDiK@vM$W>2C3aF?Y@=u zxg4YWEk!}%%zMBz4O@xBzMWF1!snyuTkVMzGRJDFN%fu0U&W>$IpH$Vl7mi~_vQJy zU{$$OH5FdUY*)pxexBL3>>2q)S=ddEFMv(XZC3Q~R+zqd5Hgm2rikX8sxYRrCzTxG z(3Q18YH5UMi^$w&fV(XRCbymC*m+2#-rr))4ZAishwUquBN*y_3HbebQkxVg8%Icn zREH`(oS*6cIr0Cn=B~8rD6~8k*-}gvqwx}Gl%=}Ze=bOf)??D)5ESDfV<=gvUfi0+ zUw!P{B!BJckM;uy}2WVuI8EwRW(rIdH(tct;XkcsmyGh)t#Rvu3N_ zO6EWr$LLg|26MVT|9_)1i08QA{y&(e}yHMBbKF3ZJMVK{WEUdT(m0PNa{qSd5{{%dL*$lYYzm6Y@ zaQ{9^7?ZqRWX@&v!g%VwF-Jm6)$I_$LdVwlq<>H01p?*AG3em1RYF4H9X<%G{C9{A z_l+46vm~55UcC=@PrP(-m5KkqIrSOzQ%sh^a|m>!ekb6z(1Z&r$gKIsDi;c8aut;I z-ZM0zhg>-B)4pmzg&y-p6%8e1z+J+ch$S%{1+p>WBjL~kOyv(~aE9H{v+7rj-o!2C z@Z|mj6OxvZ5yqsI?7oOekMwV;T7e?PyVa67!K~%CkQ}$X_Xu#5bS1t4Y1_0>UC(U}AKL33ZT_}QmJ!f76+lL&P5Rm^wM6)ZTZPtH&$f3qv z)+VYo)9N8~Qh#11%LtcsFU1i#ibw{;h=lgUGIspyTw;Cu^<=$UaaTpwQYAr!iuiY) zgwp_4U?X9NU^h%UvO9H8lP(mN2T9DWf83vWH~$?3o@OhJ2fhpCYaK!n2q{w0%4Dqz zoc*1?(M& zH|9AvI*wLLe!tV>bUBqqdvED%>l!8MFFClCUvAB?ZNr+fdwZL`U z?t518B(0^2AA`vf{70RStN{yYsasmE3~A7^0}efu^Jhj?>4es0!QeISdibD4M7@{V z4OEW7jiTqIlfWFGk_2`7s7)0RI$FI+84$C+#V=*2hnK|L)qDUpfVp=2%CX71P6o26 z8r7te!=dDd9T(2Hvk`@f)P^S@_Uw@a0dnnXePtSEO`b+vv@JNY6X?9EdoT5kb26hr zNLGYM#_c|2ZeHrKxoFS0fQWU?>_XYVew^G+4^CE39)ih;7fmlf*-+UgQp z=$Eo43V=&m-mco-?l*|knSP*28eJ5o3z3Zbk!6kOz`Y@P zFF_+$S-V`*PCM(#F#_UF`ygTpr$+RUEi_#9--SV#>&G4Nu!ImnjEp!+Dt$Z`v6if5bi=xTn?6jV{xb-fixz(o`&xl|SH6yo>G89@} zGwY)I3h$)tyv+KNYET{a_KXDhu34?WQ!w6&YRX3$u{zS_xZ41}n+)ycc zr_4;>lK$o6&Br~)HgRX@d5;huD+Xq^Z;1`9XCrZ4HXtsr{ML`?^f8ci*_nu8j)A5= z%(i+udRc?WF8#_=tJ20~dz zKyXwW?C{%m!7Vk@F+}?;20AW_L{JK5Cc-=df;J42@#Iew4uQ6Lq%D-yE8F#3yxA;Q z-HTAOkME97(vEO-^mK?|NVR@}K5GP@Ay?jYE?65=qDh)IvIrrlc$|aN3OGqlxE0v5s)_M` z;!I}6AsXVKADuH~zzw0ih_CwVbGx&z0?+wHrr(RvU(ShjBJpCS z6VN%?;Q5jPOVfGaU@v-eWvqVG38TPZ)ElBq)=S%B`2j7LBo`{~!7&1z>xY5z|!p^!dV#A`3N%jW+UMUxFRtQqe;X$*4q5f8xRB ztw4|!!JO!|%paRXkqv%LxtH&xgUWX7Ua_>7>_f-;S@MF2bU?MGN;v$4EpD0(aT6w_ zE_mG*gDW6K7#`BJu-yONY-cZO-~W;+htWv?TQ*8n=wn^1v#GLZJxVq8nVGBQw}eU; z4OdU0!LlMOcV0fVRfw*viUuN<0B3wnTnxQ{(*GNV}n`qA7bd_Ve(UB;-5Sgv!J@NpR5eWqZwpY+c27E)$xQMbN( z_VqU*gIM=pP(40Z&%o6k0XGB0ITALlHM7$llsO_)uW3hSq@h&bNxr(AJa9b^8k3sL zq;$myx70{?!Jy4sJ-qyUvAw2Lkn8dh(9b0`$?T)0W$vbgH^6O1vaYR+=7TWyH5L8J z>WV%L2ibt*yQaSMyOxJdVKf0ZqA@HlD>rHMi(pW6xK)u9rlzOc1Y>0l`daIztm5k=nieKfd@R}qu0_~#s1GFKAsux=*V9a< zZ_OFPJ3A}CnMJ+e+M+F;j}u~E#T#$fsdD019A{LPFl zKjb`aIft3(hD=GK()^iPnb#B>uTqLB6H9PULsQC$14uYJW^R0AFzeQb`08nviIh(~ z31kMW+aRf{DpvlaaRZfEk;kV`iO693gU->?&%e0AqMstGx@GmDz}+EmfO2U(OPWiU zoJWFXBf+`T@l&scQPHgWBSe&JS9Fms#EOj0Z)bSC#-tsJ&pqpfeXk3z&fj^!Odk6| zuU&b=dp@c~vPf-Jt7}$9cnZK$w{tbz`D+48+CFjDvhTf%d;Kbeny!^ASo4J9e>$xc zeen0b=b6Sx{}WC?Hhu+QK4Vh!8~O(>Z0b?;mX_(!%JZ@hvM)ecQb}6^J+i2I=gFR; zayGrijk^l%m&*m>8#z0AcqK3{bZ!CRXBkk3cHBI>F9(7g^opsi%xzAb91F7$DB}gObL;jJV< zcqxtqGIY+jO_7vCxgt{6{Fm1eMhMNXaTC~o{H}& zAjCFj8Oh0ZHD;?iW*3Dw_oTUN!Wdpg9xn;%ZwBbq&dBPVh%K?U-g>eDbPTN;-e8sMRvHX)(JFp zG$;Rz`Xb>d1(Ap#0#)3htET}Cgm9l{`rl6fdy$?X{c3N&ddTPFpA!Tx^oFU(ML;eq zjoe53=pkF`UO-whKA6<&hc-)h06lqX!*zZ3a|I-hVSDfsVd0!fY>J@jG++|>nwm5~ zQQ8I1q5gbyWC9fUPSJ=q0xEo`0MJli5Mdkv4rnIQf+T%E{-z(4kjNyfUZd}x4FE}& zdm~nP1!f>;YY;)Zd@2GN*L!2Hxig5kQGa+B#vHL{<85xEle}`50CVSJOS~_vhAt>E z6k)rgBJj^S|8okF8u$kv&#Htk@wXErPgJOh+439Q~(L zdTx2WrQFcz!x=XKq_G*-qHG?WiFPRW<{05ZC)|eK!lXqlqeg?sOjsmVPMl6vlTSP1 zUz1t{M(Up5u{mH@g+=mP}N_eOpS zT+yCjf5^VML5)S6gXSbzm0jbWTfC@k93sN40FV{SXr5roQ&^Q|eE`Bdn@^Y4!jSsj zu42gflax6!83;7cATo_Y{aTCpb9l-ufwSqqoNS`3J7-zNF(d+xwgfou+SIv=s#U<1QFjN^sr8@7BUsca2U4Io=w8n zd+~KBqH~RgnO|lZ-@3g8lLIH^t1ubZ)j#9~Gcrj=-T;i7wh&gnxVbmr>sE8cXB4(L z>a*HE1N@q=X1(8bPqLvAuv0IP>A2AYFnDAD$TW_nvWbBF?w3TX;44;toc^ic$94Qa zp2!KnR~s{;dC2%XMHesT<#cwb8OA9UQ8-&M+Y|?IozV2poKS54YbMs5m08s075N~o zx@A^u3mO^jBQg zfd$Jj`D+YOfg@&FvuR_swrJI;(p|$Q&wWEI2FrbzmH5D6uk39@I4fYvuwAw zmX`$h?U&Sd!CNSHSPw?ZGlccdI{VkOP*GE2WgG_ySu*- z2w}7|Bk6hL=CX#&a^)vuKO(AEIOiHkjFwP`mT;+R>PxeCblmTv(?RUrmBoHtVG;{P zvn4X%4)km%g1&2_Jb^o_92pj0FVv;$z$};8#K+r2=z}K;J!n9h4=|&#LvAI zzm-7gr6Xt!n~S+4bo|_e+UzwjU|$=#4h`4Tr#nxHKt(T6m8z^ng_m=l0XO-Ii{VTl zwJJ<~5Y-9!iJpj9O7M2!-guqwT}QSmC`OwQ#qth}fR0=j4^iiitM1FwDe6b5wqK+x z&aohdnKrJlp0EmN+1|&+#f@ASAaWx6LHq4j5ch#@GW3IXmN_!)YoT}JjIz}8yHTpj zy7hYYxd(yd{KY_Ac7=o>^yS_pm7fC!3jm2h{1yzbS7la*PzI@!R(31#RG%p|js-R? z{zF!jYWe*wFb|i~5!%fU>oA1lu!BWp#CEY(TBPU+O`-9+v|@FkU&5*{wn;&dV{}ff zQ0d)TPB-&Cc8dn-VDiCdfeFB>&=m7#t24Lpv+xPc;Q5g zrCYoXZ6P8LF5nnh94fVifaShr?UvAjOjdUgX_zXMHoHh<2XbRpS3f>eWSv{~17cy6 zx?f4YYGN)Mk(EHTwHN1!PTT9>y@!AxLf^?S!9ADB_GPc9#z&*MBeeu`&Sb@vXQ|sg z73p^f82{16#wHm|o)n&YYwciv<$!cj<9jF%Z`hq{R%FBv&i>vB0=R;9jDTAksSF&6 z%4oHPCU?)Yx2uWpEC5|(MKRJVfHBkbxT!=6-9CC4p%|hK$L_CTZ0C<{&o>2J4k9ks zYsfhhFY!uNLD^IrX{o9a>bdI8F_-TFI(0#eWis(PyU;IG^su^1uwV8b_5?m^jL80C zZge?+J6Doj>Xq1ImA33qJQaDA%kwhKp$Ot1{-PF=HyOc6vdW>b~l>AM!?O+v%@w%bXA@5n~< z9R&Q~9%BdjP)gTOkww5~`L%j1izI|6;p-AQ_&M}JWd3?H_i&tT~ugNcvxL%#A|)l6p_;N!3d3Zx6wRN!XRP4@m=VKmMWK%R1+oW ze3JZP^RR_GEoL1#)Qoe#tUe(K?7qw_rwPkg%Kn10e)KR*@rl}YIRhSpe$IP4-O*H= zh>T@c_JoeM8}~n40X3AK%E8Z+aIx_@{r6}c6C`pU18EcY1jfJ%TxD|t>^xgQa^T9)o;k- z2oS%VKxsD%Qj@v#Dn!V2Sdp`HKpzv#o`cNOMEaZ61J%*#bBx~X&5v-ngKmNwriKF_ zqN05N+V~d>djU+F&e@Zd$Zsy=<20K$P-gQ@M^ljBXdfpfp91A1ofY??BoTJ^5fnQ- z@!`x+(FT~nh)l9qav!x8pF$>L`+fB4CuUw!)_cW9XK4Ih7QCk$83zb=Ore8%+ce-d z{z+wZp-aWWECDA;XUnwdT53)n6E!-N*Wv}#K$Y6(Luvt@bk`_lXV5p*XoCGgegyB5 zV#;eGeXmWMrIhHxT$lY{ckXN@{L29T`%O6k#K%d8NmL;s9tn?9XTBRbM@&G$sXi-9 z0!-dXn;Kl<539{VZXBcDg#ssqFTuJ9El;V$<1*%e`$sJp=fkqH0u#@MwGZsb9)2$d zG|B(@f`LOv&n3ilQ_pE`YKq(y#!WK8elI{t7V`r?=yK&x;I$w_ONFM6ncSCuD4z7qBn)K25#tA!atO z0iDt$fkc%l$U6H|bp(2xaQeN&b;wQwI`EQN;|S6%$m-&u`JGlRgD8YYK`Q;0kQSSR z8a#7FN#XYvyZqtR6yn(~AU*v^^Br^@W(y^o&zAObasjuzUSrd-!@om&8uMh_6AxFy3ri}%}8=dy_bT88hXpW-8J9} zElk3^y^)E$;JIw-G&(n9OJnpp{$a}r6R&*oiJyD5A|D8bSN^#c)K3_p2(N_7*-45fD&zoR?!te;iStEGUDp8q0LZDbn4Z#9>zG?OetfY=yr8Nz|E;L~BJd>{-|6Vl>%)r}@1BSF^* z!VKKaYH*@}V>?UTn(0t%0b+RE+g`w+%+(22>i9?goPtX#u4{8a5y)-Jz6HN(c%FNQZPvZxBJYh)78zT_Q-TloImJ8_#*3 z_x--}<6P%l)V|lf)?9OrImVbWFG02fmUVpc$cyWJc$t5s{7l;451wg;fDP81-+=LX zD^ue{{--Ns(cXwt*sXHutWlRglB4q6ApjH`6Qkzx4?rx7xJ=h&@>2&EYd_w{nHQ!$q$&iU2_lwjqm{u!3^ZZ*^C68 z8UTjCqdMS|6V4+f=LCf0eEggN5Jl!4;cH!l$0!XEl35bW{54A)B|na!$=ww>Lw{F* z@eZ`Rjo^qSQF00rMla+i(d$wp1m9|s-j;JffUQKr=l|-r2lB$}v2q=>5jb`W> z&2`LteP((R=k-Cfgv8%90%Zeu5iu~0frv8(M~q~M2M9?=KW{@RA1Z9THjuAwITE~! z>)ftIr%72E{!@cabNeifFs~b0A&OdOE4e@{*5;<+GO--XeYtZ1gV*!+UrtpNh-I%o z-7nJ{OJp6>?3yPU$m{kjIMt~Kji6(R2C~+r@NVqby4~HFh_~O#4-zRV9%fPuMH?Po zmU8>jo;@$=_v?H1$;SaGVEQeR6~BDe3C(Plagw3LlEDgqPvrkx&WLYXIxO%&$9@mf zdi+o0H1_+v~zl*qcwxsz^!S;`)M zY5cm^YwsP#@Xd-Qy<#;>_%2J&bRDp!YRsplS_@xNKG?`#U?77BB%P+pD~xWx#E3?s z+!q8J4m>@|aM_Y;HGGe$A=de`IN1=%c9ezo_3Wk?wdItV0x!A4??wCbfYVT-Saoh{ zUntlWETYr&lzYRl9I1CRON#3K*o^-sHOE=rodr3^TMg$ArOA0~epO}UIWN7OdTMxI zu-BB$BbNZj_P+XNZ}h7qmlh_S3%k~JPV&v{D=YScBToyO%Li^h-eXwYs4w{Q{O7J? zmXw0xAjz)pWAhDP-KNB%q1^=A-}H65Yhjy*`V~?~LuXSDr^knu8Msdh1gN_D;zd5nuf&f ziRJCI74j5G4E^!zz9G6n7-_OzV7mtP826+#A6%Flq*x?09yB%2^=nb}(TzSbRhw({ z)ASG5x>;kYvHYp-AuudK0KkJC3?%z`PIluMPBX{n4AbJGY~u<8aFVuIlK;57!^!)s z^;3NOaE#n7i_ZUjFP{iBB&^Tu@Kei#1bNOtAA*qX5W?EWm&?*w zTC4s7sRdCFd&GLpUM7TCbA{#4Lr+Dmf!3^Far@5LB`;d zOCT@^(9>#xWwPzS{^?&`8#keiZt8i5TglLa!#CO!H(15{U>>t_28g9q=*+$O_;NaBQ^MUmu zyxFDicnL48-IiXYDG z+9Mxg8w}#u>({+NW^rjUFXMRk!MkSGa6^6I6`f)M#T$EOZhrD%-qV)sIQ7RK3?~@> zUf=b^sAGn$+m$VkW1<)18Jvy}9%`~&xnGE*-^?h@E*RqeWFr>d?83Ut$rAjMkQJhbJ;v87m&tTnY65IrYU%Ax@J zB>0GSe8920!csQOg5CUQbyYG`*$N>iPI3olgcqZkXB4Whg#{i?-{brH4Jay3@-{Fn zZTp+3J(CE$otOiE!}*Er6`Vq{?`m>7@2U^9nf}ujAt1zkhbfEWc=vBwb&;$$Ry!WE zk0rrcIXtxG|GVtS_MJy9&75At|94*ouHrv$V2vl{_q9-o{Cg&l5ADX9ndt113^%i$Jk@~`3C=d zuo8qRDdv`n|C`|v|3jVxzV0pgf9RI~wfxNi zka$%@NV`*m;;pObjpavCr;m5c7wt@q3m+UXsZGQl$NE-AGFZ=~3+&Y4(w=zPz@=}O z{-?DXxP|}g9R{eGDgVvl7}Jo|r=>Csl~%Vj zBp%3WONgDI&E+m}K`Ow{$5*x!R@xyD0_x?pGmDp!58HkYR4Ug0ZN~);;&T=NE!JVp zciYWzMf{%2^4P85zl+tLEe-L&*cxe-Wp{Igbj~gHTjP>aLJrNSCf`ESsZMq}Pwelh zyv;~l`;^wVJ@?KX8$>_?5t7BI5V1tvgxiZ?{>7oLuXj3}Qsg`MaG@gS z{dED00fU53$i6{}I9ZGWtz9A-Qs* zT2Kl$+VO@Y!TZZ4OsyRYJEfj+ybh#Px5Pt~8$-3>W9v}${&51OtiAg(*JFO|w6rt- zoL8Fus0z&fdo}#W z2LW2cStr!!hGPerCeH{uOn>|5P5<{HYoLTJ&K3S7%gBaf)~SA|%JNY8qjVo)vjh)v zl|PeA_pY#r(Z0zWw7M7(ed-VTKEJn%JnP($vpD{Rx4AEW0wD5hPPL;TAtKp*bq1}%$^TbRcOozXfmV3+&zPa#H)@$#X{!u}jMcp@e7H=txD{I6GP7>)Y$*D5*!*|~!Sny}#*b{QbK z=;xR*jqdn4uoXqb_m_W@*#|XQ&guPjuHq=+W_ce7V#WdY47F74WR5L9r!Or{mjhY6atnt$3*&!$g8tL+wbH~9S2EL zQmC$|%+p>1;6p4r#HevDaHcSSY-0`R#X9qvga1JV2DRU&2<5*j^Dj3UzW;qDSu*4C zKR40yhhQ%Xhuo6*CMxl{=r-fC%!eZTstmza0K?%+h8G=wT=-Yu7@3x{Jd^lM}F_Sc1kMh8c$2;DeadGeoMFD{+f@33Xrg^kvP8=I`D=Oi(u zQft0EHGP59`?&>A3btJo5hKP9X6_gzS5nuE1IAz}GeaCX3D zp4~HT5j1)q2x8A}cAR5YUJHnI1P$z+liQMO;lo=H0NP*FeOqh0f8Q|4^842{j{H-!W4p^%Aowmrc?`FP3s==& zi)rAtLx~`F=|zg(lEs1~wh2Polq4 zlYh{mqMgKPaUgPM<89q=N*8I1qMQRux`I6EtR!c{N8~~`G6%gV#Co#^W?HNsyCP_z zaB!S~G95`7l3fRoe7A1@#$bh2q7N1Yy3P@Pc$LV_t zy^y*L+7gxDd~2JEn+ZK^vQa;7#OYT&By!7uidP8CWAnvqnDq0`r#|x}K+2AbB%HO1 zPU%gfiar?V{Hgl>cu&^^@)p)L;7=uaWXSZNLW??U=!2m=d6TE zj7hAHwSE-pjO&~m>BTT!-mMyHUBh*6;7R?f6HfmK?Q^A4uOkN+7x(AEIdvSrQXS42 zA0P+G7Hc!QL+@Wdk>5DhFQ?cZQ7(gmVmdh`g>bm^fuIDC64sE0-;kc^n^oa^OyjbI ze1dv(cT-&-t%2;yYQ#8_CU_08vNvMz{YQ1dLH3k?-#4Ee1C^I=j210KAS65!+1 zjXrpQGrMXF{o*jDrz9 z?iyJLkhQ+gn?sO?Oy0md#EFkL6!B*}d~_;ZwG5lNIv$yf>z=;b@~x`HD)&8(sP$U_ zENumFqWGSTJn&aB*A8Y%ZSFxV%6laD9hB{A-v3y5ZCJn4vDmTntN2;IbxBoio=BabzbQrVqvtCvEv*s*7gwzKP8iQo+N>IU zs<)Sj57GsTt7fZluJlOuLE^IaXCHCF(GhNUwQeDKt7F|Y38{h9$sQJ!L5(xdnO6*u#^}4(h-VxQ@w<0#(qx zm0*fq8|NxSfP9!vg>`(@a@whU>H#o+oE{uAgOD)=-l|ziE@IX5$@XOxKn&{u_L^(m z)1-BtYUk9T_<|&tW8DV`GLSCgC@?yY&E~5*6`ou$11X@Hz0}mb`Ew#K)vC_u2&Qa= zu|&H#Ho^H_1?ISS)j+kS$E4?o5TCa(Vk}qV^JphOt`p=63x7;UY`%^HeMr;g89}Iv z-8^(M`>10TBut5V`{#k*Hj$^2G`A}FPHhcgSkMR@0mtK2^5hQCJ&x6}41V7OSKhHa z6*u=0`LmTTRlm@Y%mxx@--avN&D%{~Qbz}6j)v>0@%>>(GsVFdgF1DRND|{kV!a?( z>f%w)?)PENBtz-D&Bxcje&>WdeJ%m_BLc@JlHXrP38yGtXC%2+fcJQ?B%u}oxc>zJj04!1M zQTcBbPR5UYM@BKg`CbdkLVEZK2G&Wv#65)R@63O#*&ff#O8VUZcQX@YJ!E^w1Q<1*wrZ zHNZOqu9FWThWbxXnMz z6wt0C1;p#mZk%_``i!`09s$>=6b2o+<2k^-uOgg76gU_I&0HXm4CTF5l{f1F4x_`r z^z|&J)bv~feS$6W^g^2rvB{VIYuNLqoWS}XD)z1}Ko<)btiPmgI zejrA2s!fZquC%R9#(8rGUvk<=H#^C(#UOafZ4l9htl<~9IDMaK;h)i-occ+9bXzN} zr1-M-pJcul3kwA;1}-N0wAb3X-Z1t!hy-DtpQrCe9QTO9tfhNwng=4v59)*|{38)L z17BO^4M)!n&gxb{3{~m~fpK~EiRgD!Mc0J~0Z{o!h#QP4S^p5z*fk-f5bBalk!SUY z08{OEyDEpj@w@Cm?7(odK*0Ip>Ot+QlDS7N$ufC2@EWt(Vv;2m=wyk}(R)B|8DseK z{fzf-xPT{preQVaWV!f~&ZXR^xO=UL>X~i5Ew~mNPa38-0N1YmvRYOWFZn|*Z9*Qy zvfsbvpN?~6_{{!4Ql)cCkD=P@RbjeYOl5AErci2t|2*E*(I%bPC1CIPzV;QVtNWR>_%ZH_lb6?50eA1J>EDXaQFRdB z^$9C8uNMXFDp$KLK%9TIUP#)=>K7`H0dfr%iF>sT=81TbXe*Hkmv{Qgn4A|bY9WNc z^;dERugw+8SypkFj#E4=F=Q}XFWCr`WMKR0RhuU*f3(s`@UNsLjC7f8#dA83wB>F^ z)?!|`wEWy@zs7>Eoz{ShuY zRYC4?*LNNy#6>l!v$b*c1|>KE^r9KT}=1+$d>3~6nL$( zk&}rxT8~m0qri-~joghB7Nu|5M=mIZvQ#yf0bkgdl~IvYl(Sn6k?I^~nhpzg+*txe zIV7|F6AvH~3RZ5#(R>3U+t|FWS_tCa@?`kec6Sd;=R6NJ};$zV=P{pd8!Yf_0zG~`y z$u78HTPdb>`;>vFVronQtE=LBHnUz&L^?MYYu;8U$7Zc@TDAUR2Ucx2@s}_t7B8?d zJo7D{;AcbGo#IKvCvr!+MEl2H5E<7}H`vt)!DN@~?wvV_dLAY1a>;zJ=_5~qsnZS}o^yKApRwv^-3*~NwD=kOz zR8q%ne+EI>$RvlASiF2H8O4HR@saX#BpdDmva#cbY)Qo@aj)(H8++_*k=jz+k^ty% zQ%;zHlBt^c#U8z$B^!sU>cqT~o}S(ucuTY~Ya))#RjP`tabbCK=SYQviBM|Q?g_qb zi8^`O_yJ`$>o6bc$mxf`(rJES8SnW6$?ef~@+W8XbhAw6Mn!k4#lCrnKm6euPNg z?sh{gznnouVcFEk8`dv)k!8POCpa(|@a;45!Bqdnw7q3^F+(DV?doV*t(JW9Ja9qwY~PT^J(TQU)(@)E7SZ8)9gExi6ll*wriB3s!& z`2D$b;)f@2JCrh?@E7(hPa150sMr|Dog~X0#7#xrruRM%^rQP@+oFgUnD5pBaE(y*+%#2_c9=%kXhsFs&>~MPgE)* zXRipHYuAjB$t-b_mGQYB;Zm6pM|?97-oc5$E!?1HA**w~#3F`rn5~t}XF|n|qMJDB ziOhC37v`!8IC811|A82rk@dBKUmx4c%2Zd z3z2TY*IqjznmVcdkveE${O!@pt66zz{8n1I@F4K_d~kHOe<@doxHGE{4Sv|tGF?qx zKUr9E<(inPh${0VUVk~iPT9x?_|86j?UuRRr6=DQa61$-?U>P32gY7H-fvnPL}Sh? zW30K{>2Mh}?&7Ge6c~Qylf%T8FBc`-e7(YFJO7q#8*i2mw(bpRTd+x^F_k^EhmWN9 zQH)q2YZ~%J)-DNQpX&OpmGbV^$V*O_Xa#ME=@r(D(yPy&L;?QJJn^}LBDu%zY^bV+ z{pRNqnj*P6HfwbI=jOZmm>M+~A!Mp)3Dp0N8RVMhe+~=VGfbDV*nUCeT8xdIJApWj)xFF zCc7X-wFds^hU*~$3((*HLISgBR$hR{PrPys(I+;7_4-$U9YnwzqABeuh*3sV1iA$a z_hi{nmTV7Ek5P%9-PLa-nbDhJRr)PV4MLxic$k3hMJ64>b3}U;2lb2fAu3Tt0CQ8% z5kH{}SN>W^mrVlc^m(ZR7anYACny7LA$ODFq5RElUsj)YAD*WR@G=HFC6qXDD~NvJRFCLVCuY@z>^`2z0@Grjhw%#7~UY>$6#fL6P^EEk_j;gUR4! zcK;$rl=NGY0=om>2~Fk3wozOmsryk^vzg)X;*rN&CPA^^Wt4Q-{+dW4!^m@TCnGAn z{&5>Gx|ni3zIa3{aAxvfcc3-ubb5Nk#- zbg!TuTp%pQk*Rpyh-<)f;!N#K5TW5p4HTRM=z!k~3FRfV=v_xLVj#mZlL z-z7yXhZ3$AN|D4cdI1oU1jtTbDln(sOxyq?zWeT=3`&8!wJ&AGX7EWZcXo}BKSsS$ zA?`c7o@RYr2cI@`s!3#V@klvLHQ-6c>x4qou{;grK3yQRzcU>{HY+^s=e`Nn5r&Cc z2D>nJtxIAomZo?;OK5$}?yGO8JtMJvrUP@ToOgVV#~NiPS=Bl-k0T5zB9q!T2k6>|#OF~xWEpWFx&82-5i2K2&+<;3r9=YTj& zFB_+-=xj)g>zw6U?geLn6HUs!B##c<1s0xbc{Tr;KKe6KJFjF&vIa_zYF!^-Z>=#A zC>WRPJ1u`=jZ=vgEprKV@45EDu<&DpTE*utV*4Po8cPMO$(u2^3{3-KNdS=w*D2Vr zh_=f5F`d_|k!cXtTW5t*Dh*M_GtNXxk8Yip6Ezhuo$>0Z<-8tsb=@QOocer{B2Dkm zhl7qUhfv+r#S@`RKNM`;QjVv)+0mZFBSE{qelzf_p z_TBx(Ps(AY9I(DBcYh~Xr#*U)Y1mL+5aXJ)0bD}}EJ0k}JeBKLNZh}vl`p%?9XaguOx)GN^ zzE45SsXHESCv_&SQLMQGvaw~NYvmd|G^K7an0|oFfJ}mPa8*)sJ~2L-cPwZjoFn}* zVnOAvNDG<4a%*`tCrOV1TNxNgPL`F1pVK^vLywPn#u;^9P<*OvA+IsqWjQ>+Vc;OF zdcvN%9Z78H$^;UrGJcWQKJJWjssjh7oEylY^(fa0D!`WkzK5ySZ8PyHohrNjLY$eFyK1(9bUnXt0 zScp-`PWZGLGW!l2u8M zc#%3a7k?QW;PBV-Lx%bo|6G1!b z!4%?k91W%+SsC9pA}%l33}4^voySMw1VcNnDhLRl-}T1pnT*z!`ktp3|BTG`95&XH z$4MibML!sfZWWn?Hw&85{En@?e5u2a*8TBTnY_3<6Ag&YvPp3tB?y}K1EQgL(&{g}f zcH2!6aM+>AjT~WDOK|1Z-{^;>%Me^;J{o6zt3$pd)dhtvsw!FBQFg=KI6n$MYMs2QdANKfn-h@Z`hl-65Be=w>(>BGhG9qMhaLH4KxW_cU`CgVXa{x;P(XGOp$_g zu^s+fkl9ql)IA)#T@PRDLd^Si-P|~IJ~CrJUcWJH#l4(@4U&t`WJ|3KjQ zxF475(XTkU-MlWvbDfHu z4%%RE!{H7`-k|vPtKK{zQ7ATfr0q%|IShDL3+lciExpwe(5iKqF%|XY(%c17xZGh zx?mbHEt)*wv{ulk?Sv@pA4WPGRPoazqIdvJfcumEA!>yBM|PNF%f{W^4VNxK2CSid zb$0oALigFvUJcw1GM}RZa%=@SyS}w#+2!^yqbb!188&;Gszv0fKB-pBMMKavlA*M! zJdHs1jt2q;_qkjHN%=6MO?$jb+J=zotx2ktWtLfz%z_UU-T0#j-mRdEy1{Q8zw{*Q zhWLUutQ$-*U)XWwRus9PdjobnlQ?;V7Nl(0@baDch`7bM$=v0$kPw7RUzEqVph`H& z{TnQOWVzVjR?f)hYvi(fZxwNmR_c9!J87@Z#f$*(f~9%ihiV%obfOQkK1#k;ce1xI zr<0eW+7PkI>^e4H>r}-_Y2`?oE9RsRn~&dsT~+kL`Q?+c#yUkZO3UK1XrL+^+bk zja@%$yQe~j`o#!!LV9+<)1O{Us-z>4a>? zJj_a}2_+thOO9p7_`mq0>*_jOJregh@13FEP5vaMsZ5FN&ama3u(AbC5;dH3^DbNG zd9sw0N6_ z4U6}_0nybXh5?GIo07PVq?{?JM6d5*F1CskujrX4)Z<9iniykphDf77WHID5NVHnw zFHxVp%CmBL(Px?Wiy(uKY8ft>nrK!Uy>|oU1WNwBbENxC&%(u_1YsqyAKEe3i|L7B z%&)0|eO)GsqvF&1b(cUtHW%BbxDKQ*i*(nF_(T;9etle4I~knDxHQ&5jTTi3alcrB z&97BFT<||Gv8YrB@UO35&oOp-ZWhD$LiFvT_{bYRkq0do{MM4S>dHCir?R7&(fPQd zyGbR=siO619UUsZVr!*X{Q55hMHlLSk`j}7-{MmH>E!abVebekLyNp*JMKsg6C$zC zo@}XnLU!f9A%+-GX~e&JpJK0$GYR$t(`hec4sQotp`)(j#$NlOvFl9ktJYO570E2OmBP=L5U-hW`=-MkBc6kg zY`UAIJ^hBe)8uW_Vz6!DrFqZsy3;O?t9DBa^dZ z>V@savtZ5pjpT;D@8!FN;HqSQ(V(k7`xPg_{cKXJQA#$f;+_7$$DRD#<@j`4=`L7& zUBB4f$C1T(FFYcmct`Z8c+}>ej}7fz0|NtJ-gv?F0_than{-xHvD~XlFSA?mBR1K+ zjY1#0!f0ITHB|~Rc|T9a^)~V?S}2PKAB_#RH1OCd&uhP+)H{z%btX^=e5j67LoqwS z{*ssGR7RZ1R_!t`cEOYRBIRB`yAS8ym~HKYD4d3d?x*7uqRK*Px0gLs_;beIF5N_P z`0PEnhb%E-z2%@WnQ3n`h(V`xoD~AU0&hLnpu`EXSYA4ihSS(<=4&b72k`SG*sG+F zg@l)7Y4<55ME&eHPKu#61a=BL$;ew!CV394qUGpCYG#WwNupHQ$-zELRdi7oq3 zS{8E^<>pB;i_O?)UOlQ-&y;a}2-E35 zt}C-iD!$OdklyEO_hr&gja(_veA)1ZeyeHh_UZmRUb=V9b^$x24ma&+UzXzwRnz>c zLnq5KoV<6<@0ZKUFg0%_t=5D^xEHuWdVHZu$2M|KM8;~ir`2l4+>8j3wi5G%>++dm z`)jZze7(Oo);o*Y>1z>vw?4WITL0=pB1*avWo_*TLA=^`5$Adf?Fmr=TtBjcQdFYw zyI|*;>O_@HIEjP78n3HzLqbKnRnp>wZ4NX~8rS@e*?$k>{g$?k(-pNS^g@Ru1es!AuxvHx3I_7z3 zCLup98`dANok<*er7j#av7OtfiYuY)n|y`6R} zef(x`br0n|XW>606Xu>;U3Y-sM_)WMZ?r42C*?574h;zL^D4cnoPz9ZqYFHGDM#BN zlQzqHVII-G3%M1~>&IzM4d1#T{hKK6Y5uc)Y22xIO)I|o@ybZKsbxyk)BxUc`8ti0 z!1;&gpTsW+PDtU~AkE}MmVmheA5FGG^#%pM_p-BA)HMqhr30X!oE2{!HNW_qO+$o) zU+JuU-HAo(vrJ`+V^IW4Mbt{B{E1ri_RG)JrFJTbQ|<)eui9p*EU+biv^1t+eV>JL zD#*qaNc3Z(mD`1$c~yQ?Wu?}*YpxE7T1q0c)+f``J3@u|Pn3tq#}`1jXbL?J2MxpF zo?<6;Rme(a4+0YV4X*}@g}Zb|IHR0Ct`w9B8B#1nSkviwlJH-0j?|ST@+6%zoNcWE z46+`wLnbVR6W)ko2%&SB;Klp+E-m3iAMgr`|GWQ?K3Dgs`Z)?k%7Bi<-mU5F7 zk+QVsJb<(<@_@frVg$PUPOh4V?Ql7$g=pPIQTfUZKT_gmqQXi1G6yx>l?VfGfLX?+ z`0qH)HdQZaaN*+;F&TaoH{NQwdDz3ceeJ~~dY(E~!^RDisAgFb#!ddSx3*3QPxij; zOLf)nuj_9m`1tiRoj8g5#f$)di}rl??eqDW(VDoTBCejqbIJHi%fC3;L(OdpLdYmM zF(r{~SuZGNf01YgC7By?wmpu(+2oE+oxrp7r0V*db5<9C#JCunuV@p5?UNvn0r$j@ z6VUGX3WFYM3fE{T-ZyH!HIlfa_@wLjsRksbAv2=U`t+Wz&z|%PIr--|?2@De#=@7K zO@#%u?STY6TN&moV=p3CXZV1(@!Zt==bhZ`p0}SAXQT8^uhbR5nAOF#m$z=fi)sNn zz_gf|-+&q|q)BCcnZ#seX}^r@U!P}2>wo8#)j)R}YBxua^5oR$Y;O)3oN8#`v5L=o z9E=PPMMGIB(eQGn5(b**d#-4w*0{vjx|ra7i{c@rh-cf$dQ2bjl9m^{B?key} zUJe=lg-ZTVF_f!$EL&!=1!tcfP^g}GOlr>T%kKRLU?{~drQ^oM4lpv$IU9p_i1^HF;vn?i6ng>z9fc=B*5{! z5X(3;!?qa9p7dBz(MYIDb$h&!rd+`^mdq6~Vng}NA{#z+H5>#@yWTH-T;iW2i6DT2 z5Nw`ssTi&clIbRj>5$K6-^RWso67F7*ALT@Dy~f8;dbA{JBj*oGm`)!_^jHCJENs{ zej1TX6l&pS@6gOPeQ~{@??uAD8emxC!i;iF+Y50sMM=Nq2rOZqcv=2bAo$GA_GoCA z^g)>Q(q}d)77w|oDK5r=6lOXxl?|I zXvzNcxz)R;&n=C6DPNPr^pqw}tfMJl3qI5KDwZ^FU8p^%CxI3r%=ihmH$bn^)Mv!H zFy)87b97^RW=Sz}o{7I0ssHC^&%WtDTi!iE=t*1*CzD!vjfKRQ%HDc> z=-^z(v6aVU-FOCoLCZi=eQ?$^<}B(t#vdNYStf$wlm#-N0!k~d{0?*bD);k9L17|+K1 zOebVzFu3*wAm94U6t?nxiC!c&tZl!^jguka!ld2WD49=XtZO|>NOSl@XHb2ywph3r zGosQ-z{JnT1-vF4d8TK&A?}Bs<`YXJQr(sp^HZvL}p@4JDFomYY3uy3Xqz@EDv7=>NH=Cs=buz3D3(KMjmZ1t)RJy?z*-Ilvx zQSD$YFydMvxzV`kkO94~1i1kD!roh9n{2W*+*mvV#cD_(Qz_=G(FF?|;f*`V;9;3p z4}e|w`Rl89z=*E$v(@$k%s7Qi4#aR3Y$JcjIQyxPN!X(ZSvQQKNfi z4`eN0-Ee(OE{Qjm?ROr5_%#A>4CFE2!{T4bu%%XKktBKPe~_OfA}MQKsd~bU9vZ;j z@MzU=zg z!lLa-1oME>HP>c@K$hzF^JBRG1tGiV&~<-Lwz8lp zGuHu$ro%-ipyu44=pUDu3lTLvlOZXOnaN~pm-zAL#rnom>-i5gdou}E%*c#+p0aNO z#h;wC?}Mu2xVHwMvc|-@96Dq>*S)gC*{_PpJzMex&Vc1N*}MjnYm$p*eGslCpU_-S zg|J4m(rfcz9b)748$W*=Pd(|hyKeD;3A@mgdNBFQff=1<;T9qykt(*gPuoih%VvUO zz&FeK_G1y7Vi@60!{}qj5rt7a(Wo2I_>k)~#NefblqhnfRgbhHBYm!vH~(q44}*of zpc~TfGIt5MWbUgK9}Mj=(5rlHW^C|{7kr6oqj~2n`-B0X-Nk%`)}>HGa|d`7TAv59 z4*kaUzDr6Wgwqq-Yq0;W0`*kgm&zrs^g4+eHoJtZQ+Mv_sZR5Xp?-c6{?Fx{bvuH( z)shTjv7!?2`xKbRfFSBrtaK~m-dwmZdIuUj$t}TW#y<^_+@wA3E%MYNPIAJD#$HLk z5g+s8_T6F82ttfasrn>&{o63#8wN>QuZv#(21>Pq*Z3bvr{Hff{Ly%Ny-~#cxA1h# z*A%wivW?9WO1HIF(aPkr)fGB@wpVlYaRF`%#VfdK!2T=!2NFqoM2yFRPvDNpFcza0 z_lUg&I{QV!-3&^;V3|`dMP~5&?`ZBqV?hMEIL+69QPc&;qW`7hT`mzQU+i__v@640 z0Ot>``Opzy8WaK zCQ7?-vny@H0@>`)wxwTE<8??=1lQizw#Ql$Sc&MfU5yTa{yM!4jJ6+{;sHmbWqWpKAz80vwm-l~tK0#% zGK|m3L1ew@8N~zY_*YiOFB^i-Yzc|1_ibJm);GoJ?{#m>QAim~r~WzG>{XrUX%fpz zl|tuixPlSv8c<WV`|+8lhwBlo0LB2D3AY*Yr2!I9_Q9`SH>y4XgDTC5wCETPZSvld=vFd(1p^S~6P@N9g zcjU1P4L!?&<=ROx@A~#i$*HU|I|WdfH(@TMOoL~(-&2IsMuaYY^#Dwxs(D_ZNA%@k z+8+oRB^L_yJ(1DqZ&dsfQ!+%`jlTm$A-D8puqgfur9X^jY9mA!ueKV}bx0uNeuNPk z_O-7sEV!Al@&@nlmxRm)-Z_dDnQWs2!13rXo`QANc{W5s6-B#-f)-7>^RSq z2>lL2wPE)TC9XP|a8}Y^=-6=J9rs5sz|}06e8ylQUWh$)pEtBr&R>7#%zKH9Aa53X z(S3iCTVsqrRNotPoNhkjx5Kr3{i8w2>D|9G2Hx%@? zFSzxe@)+B2SeD7u!c8WrMVk&_7_3QRV#hkUnHMJ0F>>`=ZQYKyk1A{P_Y`sThyR?T z?j4~QXT^6m7?w+}iAE(px-GLpt`lNEa>{5>uzkxkh0y@Z*RYiRHH1v<6^(0sQUkLd zjU#sZL|^-Dwe3yvSr4fYOi%!3NtX!6b|R#bQQ1!2vHnbn;M$%`sN1gMK!X2wBg+** z|GW9hXZHX`L0+Ju=Om3p?fz!9=S7rp1Nm5pmKjtjPa6XwVykNsFVc6{$L;JUIJ zDr&?D>0j;(x?0r1w+#@`sx=MetOtYD`FNUT#A(-fed|b)D8s9Mk>$th8h$)j)@!aTcLv?lWEZQ0T`K8?h1dub)tiUoY}n8Z z%0FuOgw8E{GLdCo5B`*ch=_%VpwzoQrGc4Hsa_2zjEB|`iK{R1%!cz`+BUrXEd-S> zc`eK9n`fN>k$Sb=Qzv!<9JZ+NU8Y_|99NvwVb9p5Sg*Cat`@YCmbG%b!wUZAt5n9* z%OWG|DIEky3(Qcox`m<8Ivv;{%7WUnT9j?IeCxpH~Q3`66;7 za+kjdm3UVJ?M?as!SK%2n15S^z+K-pO1`xkQODh%x1 z4b*GiH6LmE{rJV0uz0(fdyR4iF*y`0W53gGjT75El71dfy;6TMHm#ohm(f5+lN#kC zZUf$_iLe@z{)o5+g=YCN=cUU9nld3PUCBS)M#QVMa@Sna*H0|R2_HtxGp~q9uyTr) zp;ggcR70*b&JwMh#psv)_`q`t?@UgXufD|-#EO4A`sv0_tT}e6$$)-tpqlClO`P>P zj&RAQaicH&8Rnw7T()f~xe}8Cwv7hkn|yn$r7gTG^7E?885=*W9WU87ra5i=4`tsS zPxbr$&*{)XbdHf7PF802YA7o+A~KQ@kr6VA2-z|kHYExndmOTo9mxe2wB^h~iU)21-)HL5R;xj#(7Q?=Ug2d}m0+OBgEZ%X+hKH>@2Q7` z(G`_7(&c6qBL`htIBaV&C=7Vo&J730#9zhb8BPlBJKFKsI_LfxxHuiBFWo1xdK=bV z%5UJvy4_aomHjM3G)yJ;5}S*9pWkQ1RUZvRng_V$b@nNT*4_wrI%%qv9C0mJeOkYt z&p0m_N(|0+GOa0Hm)UG`Bv8-6sk5vK^h!8)ox=2y$g6Fa-~bOU;wfNLk_k82s- zpSW`SkW|maLampk$OYO=WhD`pOPVXeCw_3ayrQi-lc`8pu`Tr)Y}wLI%4~_2jCP5> zn!eoyt9?}~kkrj-GdVTb7Vxph4>+#J3leb6M@lHcPCxC7p^Dd9KtmwcpR zS4^|%UWZB_FOuv_+}EVOuiwpE``&)Tm(O@5ClNOE`=Kp~=jzKx%DEENtMoOLy_F>{ zx|GH?S{KYm8=mqwV(iSnnrX*O7VEt1)DUbJBReps$!<^9%+%>cYV_h_G2TRM%9y|2 z*y%xt)ANoShx3GrFmcVdqlR;rh);c%G||~dZ%8%os*^eF`Sz`yYzoxu4>5N-AhRFT z^4V_YvE-H1=uZ4Y8oqXzpT1fsGjWIw+3Mc zjUs{lVdg>3`{O!iq!*f-4V$_9R^L7Jv7_C;{Jp%kDDP*4#)k_VJ<2~RnriKoZ-$3a z(9O8dZACYK(&@e_zFLzzyjFMIaYWi~U9yo@*HtS0dK&e+?X7`Y_vVM5P@~SJ$e~KT zM8eB2rrEAH`x^`3!9Z72dvI-CKEDASF}n(V7owL_++uZxi>~VmNLaDQIME4FuOV?d zxP_|GOfiTe>2cZ5FZ<5*4#a55J4!YB-#5f5@O~>|{ds3~Cr?BJ3_?DQc=sJ%PIYxKD?Ml}cV{ zk^icj{1Dt>R_n1F-}xw8oN`B>e99GfsFdB(P-BT52;4~3QF0EE8Z_JULKtD{evxA{ z+FEMtd@!Xi>-ZTX-7vdc{E|lbfmaSotIMMJ%L~^Cd9zw~*2=@a&KGCZ-X35W@)$CPVDI+MTDe(1Cv{6;2B zulB;vZSMB}lvMXhT*@;0Iw=vo!NDGZxhKh;ycK<}F@)y2}KDjUj&w8Nv~Jn*qv?H8#~m+@V+wBS?!0@KH6ZdY5nor zGmvjs)T(DcPOVUH8NT#rE6x4(UeA|hF*9fL0#$SGH6;&x|42I_9+ZnWc@bECWT4>f zlTB~$z32hMk(*bl7tg$1@9pbbqV6w!cxf{Ba_g1D3|tN7st@MwI16KXljMzXLh7U= z?wG5S)mh&=Y{k7om$TL%ZdpXtgy54yWN17dWkyXVXg8HXj$pW{@UG#lg855`vUB;e zMA1E689;VEHxAE5z0YP6pk6~zAH}_A)n^{E_N^Z}oSu8N3;(QIz+bKK1lJlB3TqSN zdj==@sfykL1bGDR|{noUbXC24x2Lm!C~g^!!(5Q>^Z?E}@% z`>I>gG1BRVr*1rNM-4!Z(h&2NdU8mxilg2tp^v;*5ImKQJv|?2=Q)iF4cB;V7TN6I zSgBnrbab7{zb+BBSp-0n;dYxIO{tU{pwG|_ZE|L#H)t_KhV`xfT4^Q)8b?1jSi@1= z@S$E_B`!D2Fo9+pdG<*8oN*nkwKMlC1}d{N+Vxrb#+4nPWk+F~W%EV-sw@s!(@n~@ zvT)>O&RFz+dRY)iM#dytkys&xUR0^O5hfw45mq!r_v~n+l$6-mh|ZE!-weo}C`se? zIeOlFRCgRe1O464yIwsoQK8i^5|J}8GpWGxW;7vLg6YO*Ese^Ba(ZVzJ71#9ye=kW zs&ZW-V0xgW(x{%N|0sKz+JhyiWR0UCD@&`O!`1pl-|ePR3n!VgTUpTOYDt@X2K1N6 z(DU55&JJy-i$X?H*}}$g#XddrSx}lPfbhg{<|iLEB+UB&OWYf8gORzMl+U-k-{_3yPWi{) zwH-O*y_#_h^ZsNV$@@kB3 zDt5_ri=n)vzW=KI9km}EPnNJ*#D4A}P9Leq>w9oM^HjBOuAZel;G`7HK=-|aQbK6@ zsW7b-G+tQd-^S99c@@7|EB#`dX@jm`?*0^UzQ*RllM{l}E%^G<>p3REDgm$Q%Eyyp zP6mVzt@W-y-n%4KyY#3Zswy`zm*^(n2Qkg~CrZA4_DN^qg$D?mC{Ks*FE^aspF@kG zO_0C0p7aUJt|QPUP;Yy5a`48vp*WYf#_!Jvd#|dp^Bv-T=jBZ;q--4G)EK|l6UVO2 zjnf*as6p|jUmV`=$?S}2yJ*>ZvcDT@tivsB(@9^wmF!DlH9w(%JGA zD6`Ck1fBWVwoHmOIgD-;T%HSh2!)4t7(JbUaIddg3Zy56D7hBJ71*DzWR$Iz`A~dv zE(z8>tn1!OkO`eK4cars`+DpsiS*}vM?l(T!hEgkI&~-Y6-V| zfAM_u0rjX3ZgS`tNk{o7MS`es8y{&iW%K*2dxXIsS7y|p{V5mizu(hpyE=6GQ6Hbs zAeFy~p@Ez8R*KT~rIN3+S?5}*g$UI3<0L7xviJ3E^xQ|PHj{K5{UE6z*8IJLIwX8g zF!PmS#n;ZP_>lthnfPZ+>qX@FEc^Uc8e5X?v;Xed4N&B8W z>+|@Tdh&KidJ;Oj>62Ybg?E&(hpjWMDmFVCLto0%XQxygMnU0}V#2JG=NE#vJ<-?u z`jl^JY@oi|B7V2VFJYjBZ1x8t%i1yiarBObJsj{lmgq(HdKtp;2I+y=;(LcG&Nat6 zs$3ljo0ydyQ+0ldtAhSS#}TDt?2*(Hmxu?Ror-PKx|=`l{R+=warIcg{5wTyZ$c^MmUtoXFsj+gV9m zXQR5NEXzqKt1{&!V(7UV7E049h|zKT$Qaaq5T`9cv78U(28A+~V<9<&o({dYXZ2n1 z;UniSIOo%y^Hr58Y15+!yK=m-Y~^O$%-b%q2+y}!l~9|aa(c9*^-(pPuTDl;=M>8+ zRjV3OMhse3nFvSa(HkjPLtr-03E;nvrSDWb*XTPFXuRf%L19}`Y`O*+s9h?P9!+6veLLWuu;MpX?c+vtD0?XM7#D!o*UF1fNrx5Cv^?ZZX+TMOPkU0NMn;anGEp{1uFa9ULDhl*Xys%4cPbOIyYc?FeWPLXF;QVA*F zyP>KXTWvikNEg>z@`w+q6zZU_EJe1t@Cx~5L&xh)X)5J0N1~T>*aH&<bEps1QJBaogB}mD6!}}J-s-~%IIs7w0Hl9;k#bfdZuvDoiLW%TcZNlEb%U#TU zUirh%)*HMz*grcoq*!*OU%gX&B!s6W5lg&jtb4%DY(&Sdz%fPCB#v!ft0|O%+-WG9 zUWC_?GWMuK02IfeCnHZ`Vo$kXqLq7^>&6ehUpx7!m?oqxJ4b(vx$x#j6Cv#^+W*buIk|XPtj}i!jZ^F0 zQ>h%U-@Iyqofs0aEFpuPco%je<7L4|$D7HnowTcZg5KY7;q~Rbn`42;Y{WZwIXe4X zmyRxr^|Urv9v>ieILR*PCrwPnPbfj>T*&XoC;MCqy>+ggq?2?$^M-BkIg_`~Q?Imn zi5Q4gLpNBMT3yAS72or{jA<9KEsu!CDL%I|lQ}yZ^v!(lt6;?!z28X?9Ad>ygh?K1 zT#Aw-(tnd38~WlgSMqm1r2yWsG`%S7q-SUN{v3jn?}dIJk%8mL*M2!Pp@m=i5*^QG zxQzDuLXBx!d^YszZoVN|b0~$;P15I+i`2`U0+rb7;{$5^7v~Ks%0akjcY3G z4We=m-Us%r3;aC6?zl-$1;<9d$dVNq0V79Zn2<={VNBo5$wF5e#bA!N9H@psb<$6w znaUNZTU6=yMv^-F*}wW+{zkvBtfTJ~QlymlxO4OAqWNR&q-<>yw53AVSS2rq5FfAO z%A%7spTI<-X{-qbIz;clOgC~rn3S)hAuiwFs3ysn1u#Ay9TDm!hP@)4TMJF2^r8R` z(F{5r(T1Hr@#C?nB?nHyDr4ZaynkNSxua<1fYl-m*&dA0sfY@dr{Vje;M&nZORpU6vF|bfbc!#eD+=@4Qd$BGV-oBgSj=-y2MqRK*Z;UE%h1eTA9KC0 z=$q=pD#8STdbmE1_?+Im`(!$MkY-y;)Ux=!Pp9?C(d=06i5j*Qb~A@3T-cdd5VSV( z?0d#@(*3RPBLVipfZWciEe6%W=nM^K6)yI+MZ?pNM=5%ph9BZp}kkUr^L ztXUv1t+!@&`1A8TXPF|MbV(@R8=wM?Wi7RfIbxn1!qP4l2B|mSF=}e4csdo^vgj*c zO@_978LF6&JJEYlk&u{sQH$M9v}+#?@?Lu}*!_8X-d1p-)s*W3x7klBv~uUY8s##+ z63pW}tdMGkZgV7=(+tp6=(NZ(yQb)|jZC7zF0TaEhMxG;!IE%+kEc?N&|mYi`ftuk zBo<)HKSjSo-2INFjS<9G!}t{tWje-mkaq$}Mf8ow%pz!~J!ZDQx|roKXemXj5lrcA zG6#sly3hqdmR8~l@}DPn<8qg|^9n9O)|dmEOdTIXEK`r2kH_`=B?_Dr@0rJwb zY=zr=qJ<6&$`6PPX5W&AI60i>RC1uUBcyfi`-!ySYiprS@=GfcTsk?bgXG81{@=TR zhLF+QLmNDIPh5yvrC*F?b-(;jmok}CWm)?eJz(E2*W%Zuy>nX>MfV{iAYq@FlH;hO zGZURhq160+W2R{_cFvw}xTHRNP>QHL*?I~z`Xl4AEQO_0Im$kOA zxVV^IceLLJWAAyT7EOe_Q5}WfL{rv>Bo1MD8#H(Wigk^_*XYgZ;>g%yIJAv+{o0&Q z=U>LS%MN!t+aB18cso9MHuD${-o!Z8;4%}Xqvzm?t2GsYA2FpxG8AH+`YaJ;>N zGM75E@igTTjVFEB*NJs8|p$*-C6N8+spns zxvZ)y1+s%ql11Z6Q)v{+*|pE2&Ns%mPLX#z#2q^~`VIhABnxz-7@Cl$*KS)m!hRrw;bH zF`7_y`WhRiH_kVF5AC}4fqfPq5Bd*(JMzKU7xFdwt@B;!!yOIdeNaDhEYk9w)VT=cl#s-KYu zEvsH<72QKDpP2U3u1hIhd^%Oj6Lq0BdEjPk{o`sO`4IItN1_tVaa6=Y`xj>_f@wyu zO`bfRk!t!zu3qwuUe6T9ciG-H$I;9BZ zd>Swi7tCb4E-Z-`cN3?-3dC!#jblUgQh1f-y2-dl5K9kpg;imnkCnYHfAQM%K?-92 zyJ(H{uS>!h7@=HQetq(n0Yx4HDX5&>9~ojFNbh`2VDnnmI}XF2NfPq} zh~%yTN7mriU+1O$vH}@Pd=H>kW?oD^yWuEEJfA6jqd@?lzJtf+Wucvb^o7dF= zH=NFjd$-U0-(Q%DMq?+`j;Oj8Mx(Wkt?LcvgZY*CaPd(d{5cirs|8N{?pysmR`zIM zIwqJLxpqGhSQc`=q0GMi=M!yO@?^|cn@j((^#Xn_T%3_Q04>f?M(al_J-6dNY2LtLaetPI1DySZJQ8X%><}!b&g#I z&Dzfqej9ws?Dj8}J`{bRVYy7QITkWgEY(B@TT8$%2tR^QdA=Wzb$Ndp3pedQriK`W zP)E=uJcRE0(>V31A?T;GQOZOb;!Rw;lmMF%DFUU;s01LQXy=MEv51si!iPRfZNpm+7go=xd9T#^Y%BSjT^yF z&8FU_5)BtDi~qKmlb`$61Gq@zp&hr_Se#-^Ti+gpio?Gl(z^YIms!8ZQY|79yTyokhE;5qQgicK!F6+dbCoE1(~ngfP9ssyAfw*waHDk&vX0GG)k<70~lT#zn#HxSq$J+){x2OI3PI?w?8g6aO* zR_uy(hK?5i&2-G-RW(p0SOe3hq}(zgT?RVQKc2G{m^4{MhzD+f8ge@{O<5y!CS}fS zKzV9t^Ej{_gn(_1nROp9Y;1kL4ziYNUZD|6u(5^{5PCoRqE>Fo{QJzgx$6Z1>JjA| zbm_U1XcCUR4fQ=lSYBG_kUOQhH)WU1=htT7r6K0A5QGDHY>F2kP+hZA;lh%Dijns~ z-G=n=J+3wc)bi3_m_znJ+GQE+6G!B9E`sQ3Jt5D?7caYFcJ2OT^{ zoP*sy{`g%v1x{T`yPvaa$(Zu_wD82k8S(Y{_pK5vo*m{+yvH?P?Q}Oh+vMbQm__L` zHdQ5yc(hzankkU1SwoYHdS%1SwJsHR6F!eox3~m21vL3Ofq-CrZB&O;*d%LA&c38Z z$fufdAuiAa#Vu(^le`UbEjIROlOjzS5csLNBz(S zqz+E0KV|rp+-1$3JTC-RPmXMUQ-=hXM{Gr=yJs&|Nm@66q*)ACL1I`0=xK8$7UGQk z+Lxa?@|op^iJC9azI_@qU?=48Le!|W1Q8fslN{)H;&qjqwHk%u&xxUU%dBB}0`R28 z(Bsw|sd_SO#>W|m@7~GEG9I9S(D1LjD2tEyBMu?DT?G@FNGUm3w@hipNH1VJqSLc- zSA7l$MQM%Qz${AD0$Ym3xIwZE*)6pLB3F8Oz1}A3mDI+xdfvYTyH z*{|#)PB`3@QzUQ}RgH(p>)n*Lc*S@~=+H9DZhyfBt0;ds-fb|*FY=Zg~HmRt_@Zn!? zoQrlds(`Lc!$}<>>Y}h=XjON}5K4I{TOPV{zCqE?#)1q z5gqHz`_$PF-pjXA`8UR4q~K1w20ic1X*&8{03cSW$@i{SJVo~rXXO^B2YSbLFZT8p zzeMhp>eJm15JFdbpp`BYu5|2H<q4Pbo9B^kVXS=2ASGsPj_ppBetWeQEuDt1y@RxcS8l zU$)YigTY$vlDY^qT6?x(ne2~Bebg-f~S~l&- zNFT61?Yy>JyW{g>@`_%Gp+bP2n|sBJ7{No*}3x7 z9O3)O_2~%rooq!)*^pQpUT5b(I{ku&Se+RJ=J{f|GN%H}Tf0azi={#pZ*O?+2cS)P z)MCeZmhV-z#p?xjlZS_k;&tBvM9pDeg;OYvL7odkXwPuI-E~}K zK9+I&7LJ`)pcU{~k1F^(Oa|H|66BgluvsF0S)6o)wEpWSkF1qJ0{FFWKba#U0)GRP zF~7G;SAlnEPLHB{>%@LLD%xp@qS8nP35lK zg)z5U>+UZ8cm5Wy4r869dkk2vC=&LCM`!=ujDLCEN2wV+HyBpunWsHVPiLHuinb+3 z?HmH{!1=KBKo2xwj5Z}X6$(ED7O8Xsohm-LLB@cyl9J&_U2er}qN!MVP;jqCmjYrv$XVQ97(~cb>piHae8({hwP8--u*pa1JtDAzC7mA$&Zy5H+VBt3Z6KtXx`Qpk$muuFS~^rkt+}bQk|>zx_{Z1 z*x)HwgolfJJ}=4o4kS-@3wyt#1n^Ji(SF(74)VTB4Of6h@HB9;2-T^!%|Lf_e~QsI zaJ_tpDI1N$cq~0HPlTo#8U27^z~x)$Hc7z+mEgLzI6}sgY({%RNT}>Wx>XP+Zdu{9 z;NQ+YtTOvW)JcPm?260Ep-$)PW?n$u1w9232}uh$o_i%(U$jMYDBLMZ3kny;<-Oy2 z2lFMqFpu1ifn^B8xApOJb!JZ!Pr$x&FqjEq52l6(Qc6*9%YE{ffc;G(N#g$;2_f5RUmt@??e;T9@q$N4 z5+~(Uhd02>u@FNfn}~7Mx5g9-DdF!;y;2Pb<7=bNmPKeByybrEq&Z!Y9DQ-`$Q@wb zNeJrtP%Szd(Dvs&e}x=Ju^8j93hqLNRiZdS)C-6P@gY(5mk*+n|9J~+7KtBWU*7q;K8r2JOR8{y zVlJi4bN_d45$MYin(Q0}Wxak1beIxUsm`ySy!zW|`aPei4d_dEV?DY_sYM=KfBAOZ z2p5gXyh;8lh|*4adAG~26#vQ$0fzj0E)SCh1QsxRT;!D!5o)88c=J6|QBeZUIKuMs zAoX7%;qIgBhmNd$5Si_gYI56u^s0e24{EXIRd9Q364CkE1nUN@%?WsLLu{7nzcT`9 zPIH{rEB3>uRC(?@Dx|(bGle-t9ovYP0m`Zl5Xq4n(R74*=D&vrNhNs`_p>9XRv%F; zV<7$dubA~+v+BVy_#g~+aPpH z9TR@uNmJdozA9Aby<#mr{J;e57fJKagHtxWCvDGvR}b0GA#Eku&ZX4GdE_Pxdw`u5 zT;|M|>LJF^dfC?I=L4M2_AfU{q0!iJ#PV^nSMx{sdUx!fQ!{vTH)rPV>MQxbqqX8r zRScY@UNq}Y5cz*W&wNoiVkjdAMTJrxyvXfHj%m*nb zR>WZI{22M4tm93Z=n!}4eH^kj#`PvH#N|$KHjt(^w^-yoUc5tP zG%O)GX_NJDmrQ)!Y5>3@=?sj}$g&!>AsOv>u{LL6UsYHY*PcF)*R>PhcdL7pfmo5f%l4h$w#ydIG=ia;OGjAg#ZJmWM=+?|Bg3mZ+S-#-(LKK4$uL3{|hMFU^bl z`;K5IuM{va;GunAJ_(3^&e0F}63(+E?wxXWwUBT*^ZRYGmDz1bGLL1TrPYoS2T1Gh zMGvXhv66Fo({t39dK|Q2MU@`HmigpBlY~?ky7~F2iZAi+GyB#Widnsdmd$0~BKvHP z3p8+;>RXyJDv4m)A-N#APv@T8O$A(M!q+cP_3x-YrN{Eh`mKaMq1ZNB^O@_aV{4q;3Dr_s-4K6J9ms|u75r~TuM zDbm!@^^Lb-DxbK-FGukU_Qm-g*WD5*eZX2;^OXVk1)_t9mWgb6CGuW{Ixg+Ag^~aD za#$xkORVwpHy%#=!!QG~XN-L1jZof|@TXfpWA{o@@x6cggdH)ibH9qw?=)WO7J7vE z$U%nZZ``DXSRU&bT~?#Oo>qX!0C0IQu4;@lF7keHKYj4Ey}njU0)PMDA~pP=|J_G2 zR84`mpRr|>p!_&dP=P#1<<>2ad_9)amp{999ebzsC20$r!7dd$a``}I8$0=HZjl zaf$jCj<@2(==6-PMpKOLj)pDn_rii|YryJ>xDco9gl-FOvXL&5Sr zFpNZHV8~%(1#!qwXz7Br zzsGi+W^yq+`Yu=wXJm=wipJ$j0i!|b1&0sR7l)$&OMFB-YK z%Cf&!`L9!&4Tq!i_pf1313^)oV#p?3ET+hZg~{Xpy|G|YcPcnV;$hV>a6q6Tez!jr z(i-NJ?DaE53C6!qKL8G3@-t!gAOn`C_EW@Zv9&`1iRT&X7(`%K6p3E8>|FZq`@ls1 zwX2Ztr&N-T6AYY)Q)RfphFZt_n!UeOW4`$4@ZYc(P2m0tw9BIsKpJqDu|6ZgIx$H5k=L@!D&(QoveK8J z-`dFQr=G56-*h!Xo<9PV5xW&H2xl(X51%>uIp7cMUAAZ%>X|j3M;*NCNb}xX`+)w->UufpsNL*vamDX$R3i zkS)=CFP2@K8JUDkrvDhL=mFCOsOyOGKQFmQ;sHM}Tzd;@*LIAXpi`I_e9*I{hC7@P zE?hGx03F$*(YFU4BBa3iJ5U@KL6~lD0BOkwJCLEPs(@5fJ7kD2cOG5Uxb~%$Ckd&W zvp}w`kOpY#R}+M5e{@3?ZV0I7tQ-*^d}-z|#lIsrX3;$C%`3?(lMiK+HhuqSr?WyH@Vaw=#3dJ%~7wHKgs!*6-!Te~HvS83FE8sxb^X@aJ|{m~dLqVRo5y z6@ESm3g~0@K(+uOg-OT0%1$^7i$}lTVTEwM#g66)dnpuGE$xM8NSzR-2>BLb0t@ zr5c3&x=jFsP&lC0BDa{8-VRAk`xGFw=t5HQ8{;tRMG3HGhw`gIP@#Qg^3^V_5W<2h zrCP9Qbwgym-<%1-BmD}-W#H%XA3zIq!HgE4M;}t=K={+2DG?$hhgyufY}uauh`tYjhN8xJjrXC<8ANmO zvn=r8P^>ne*zOwcooVbf4z`7Y*k3O0`_t_C)n|=x%ZN+?45Egt@;Ubf<~xj10Eb}y zLWUD+R%&?8u1y5D8c9655&&{InAP{c3X}**ef5#UbsrJ&iLqNd-o>Arn1@r#@}zOg zz(Fv7U}eOs$aB~#?m|0kX{$Zcroe+2h?^{7?8&(Ek96;fm|xXB3@4dwo(fOU4>LU`oVQBO(7CRLYRj1 zD_{AC=rDY}ZF?9akDXKu!k8ieY*ZWL5sK2)V3L6(V(ECbKo}Pb-sB;Fg4Z9{?f^=O zW^xP&K8lgl@Xh?HFJU?(lc`UQSqxZ-UMHRU9C1$8mJDP+G81&q9P1S)dT8I+_=24|n>AzhV*v>yR*o9y6KF4G>kcX*O0ZA>x zoM+<3&_vZDyW!rp+k5v*g5aLR`v?4MVH>&BsuZw+HjZ=}5Wdd5-$SFBbW7axE?{EiM+R((BDZDy%eLwGPoeB)23B#u$9r zzjyR^t~yl^{e}8YH^x?N?dhwFF$fh$Zb3cy#<*=B<*Qxo7ue#q7k!{E@x0W8fM|p$ z$GQRDCKBx1wW`k@;m^vcda$r0aDT^15={II-$M4YPRuVY)Tzy>5(r%q5c%E_Kzg{B zbao3m&bM8110m7`826C=OX|*5{9~ElQ7`+%U3pV~okJWSfoohujfH#vKDtIOeGLhN zMBJq7=_=3>WIW~}3Fo;*;P=`YtJ-PPa$ltk`-@HJ^0{V zFCFXqgHCnC)!1}^-2v9!*R%>zz#Xh6M^tb-HqnHE12ElugU!b>W+yrAXnFpP)X%*S*b)^ z*;OL`h%U|zT4DvI;#pv05k&~i5Ri*h`~P7@)sJk!9crI-52~=m&GWQT4qy$%5S=-% zy1)ZQSp)MYzJCxaMr3Qk%Rm%Zh9)KI_*P3Yknkv*>n9KLyorFKd3P>Act*#V6PPr! zlIe9Hd1nY>Xk!3YuX8!b=VU5scVC4#AtYUN<0Yy$;Bv5^eP*pBopR*Lbb9Wy&JK3z z3m`UAQJUS;blQ2wRc#^XePge|EnC2D|F)j0sRI6YH$p*Zr!WDiWD}djp!fX6c(QpA zBXXk;xXP*0#|GMVO9PvY5)hUf1Q@37$7b;&#~o}WcrD^UZWk#7xF-h_s+ivhp3#P+ z!hmbcI0+ZHiUvzo5iunP-8`Z&4iDhDc-O9nNOGtr<*anKgxe~`alZO}3#CpW;ma8( zQ=yt|FRgGa??Ldzr#i@v`O8~j-g7a?;I#A|k!suzgnD;L6xfRc5Cnr)GOZ*a0yN1S zgpO4$=bUGE5xfqBQXd7m>LNf6U8T;1jV6g+m(BYr<)5<BQ4H3;zj$LQ)SDplg!*~iH-AD4r z_^%pZC)?ya)~c#tb0U9XL9rg1K&M0YbLhdWlHenst!D^-Vb7>;cQ8T^BpJR4L|k32 za<)R3XdVPnyZtf4V#F0*ggx?}t>6d>SS**n#fZ^lm!vBrftR zZo7Zaa@O|wZs5QBebv;Q|C|Xh|d`fQM}0kqh9z%0bv5FjIZ-) z9lv>xu@A{+$RB{q+0aIZ9&sw{dYGJeUYw^dBRc}ht$*bbJRw@t)v!2PYLuk4@$mWQ z=_?p`z&J^ra?3w+HJ)gHp$D8aHV!`TUY9pT<#1rRQ$J;jt5V=5 z&&$E;>Y_thyJ*V>!zUKvc%J{cL^V;4ZvrGtR#(IMudIF`P(u!3ZS=vc6Zopv*tEOl ziw7Z6XD1eYvSqwKd2!296~rfhO`Bel@9^y_500iwN)22$6K{^l0bp+3u{Rv`h05?u z8IGMh_(aKafr4Phx2X+}%YU*sKu`-po>eT6h|xKELCq8O(whfw?db^mFo$4bav^7# z`Vrj{y|`b5r}AHO&NCrUAzjygeBk^`tIG&n4?l4(pr@moG+up?0a14A!^^XXomf@1 zr#Zo5i)?CSr~sUlhKg2%K&4&?Wt>lEp}+c@utaRjsk#@KxS3gG(SS8K4n*u^35@sT z0!R3Gf4?K#un}bFV`NV1nx=vuWbQLU6HN!CQ0!t^24D&kFlb8`tS+9Wa=FbuByqaw z-0ug0Jiv*Kj~e6rdCBjmb@d7UJ2gLHw-3FEmxJ%zIW%E%_}$k_7pY%T-px~PY442Y z|Ffrs{Zfsy)9W6t&8@SW%LDZTdESflpSefAY#=`@e9;K5S`^wpiA~hY+L$R>&3anN z;m;YzazmNTOEaKR%HVdj>?1Zz2?WI^UIY;3V8<%3$3G^w%X58=<|nu&XZ@XazlTvI zbFOS^96C2LnoZABWt-gjMNrxrO~}qCYBD(RE1%icZMX&4b=vzxjM+sU>e4}EWQ;|h zk-nW@CjuLS$MQ6hkjPYA$|lslRy+G$^(S)Wv7UOcGTU@mr0B!6;L_2qtC#?AI0~U; zPArV}XUrZ^&ZNqW?5LwCI^}B@#6IxHsqwpx5~4CnK0;R|nj;;Pp~-fwC+ni^R_YRN z{AN4a0bo;ppc;0N;TzF+k~4PLEIe@lp{bZD@{J#nLE{->%ReUeG@7&Jne^*I{5p^Y za#k(8fv(_!o2!&@8witd8YYgbE;;jf*FGpYTA<81v=p9s#b#$s5HKJj_TCk0MZb1Y zH_d5F&Hi@w6fc`}yW$Z!8yt_bVBV$Dc{^)+q#K|FkvMS+DuLMuz+hQ6=Ljq>OIGRw z?1~Xc|>`c)I z0`TGfHNU@xaSC<;|ND}+hcSBLzTu6|;NEgk2?#WO!}d^L9hxO4JS<~8((${D@YkdB z?8L{)GeiV{Eop+&*$&ftSN=#$Wz)q*_6l_4^XWG0_TL+KclzZokReqD?ua>{Kf7Rn znGTXCCgU`$mLPXca&-`UrOAwu8gx(WiL&0Rm-yF{aNe|!q711M!L`1+Jr8`q{~Y}9 z+z1&`eKor`|HnT5>pOsA{W{%b0N%m3!o@Ou^I!k>m&FD^~vm0OqK}WhH0T6(5Dc+2yF-pBM&3_XAg3=7ZoB@urO#nTu3Zua`SNRC~F7T3+Q=9!!zB)+zQXWplgJczd&U1p?V%fB?%r zd;tnqLBNdpbcG>hrq0;0f-CPT=(gq!KVZ8);rI5rad`na@x2Zjd+*5?W3|EH$Sufn zvJ;b?mPb)X`=XJ*isSr1Chr)z4FLU22O(zTHhu@lC%Q6-wwxf^4n&X_MW6OkGSMO` zy7FQIvbY0V>#NthEn7l^>Elxw)Wz;&|hod6jR!=CF0 z1^o2cQ!xYN9`7X7{+?~*4dySQhYr<`LPR?WIj~3&LWK(Ho%k0Z)0snk9pLpAi%Zbg zKuaY(;TzV>jic%!|D1gQGHz$S0>*y(8g4l~>Nq(}s*m)?lAe0-5)VQU{&NLnIs=|% zBxbL;fGk9j6R1)**zB_7uG~1t>!;5htw{Jh-8^RzKLx0#ZMjX}{eNwN-_r`aq2#{2 zv68fp!zgGr)B_}x0h$mV$}=4$XQwU@ID+vA=Ku_fDb%zGn@?OGc4KLkQIu$2$!Gg~r-?X|O z@^;kFEb%42UX^wnIyzXQKJhw-V`|{_jz@p_4iQNZG!WeY|w-%dm5B}>aM=& ziZq`RW$+AWK}5&}t-d*N>*nM9qBcIIGgrS(JDENN0bQb62;e39511Pi#a?Lf6sDdF z?hOF-K4Ge#06ix?E4>YQtI)Va_^3kE!DID6v&;ImnETIZT-0O_b*lE-6f#yoQk>zo zX-_34L+0_`bUNX#`b+}3pnvfAVy(~PTRYq5GAp24L-FOlTlPkD>JkA>7egHjE6&0MS(kgm_1M#Wsw>Y@6GgY?|6ykcr4?RRbA2o8Xz zo5RYrbebxSXRL0=*hpW=G@t3#!Htkou}G^v86!APTj(+2+yUskdc}N=KMex=K{!2zHR__}2+(p<6Xz zXs3SO0M0PW9?HC0$Wu0b!f}1x{FXemrmt`t-64br;}RPX%Shlnzxs4hZ2Ug-t- zPMO<7SN0cxy5x3mRoguNg1NPmU+#g*!5f#V%0q$@cP}5r@?`P&l|4y6JA7we6fMy3 z@DgCh&eJ|z5&o7U@n(h2w#C=R1Jv%&KMab{r*m>S>+eeVnl-Z2>}-FBV}1gCr3V+N zlE|m86)-J!Qy$-QZ;~EQs=xRnQEEqRT+9RCk7X$C;DCGk1;aNL#e@FrK~XBb2Mw8L za-k{m?CsC2q1rzn3u=+L0ELZ%pH!G`FJ(BEm{8neyU6fJ@4kEvH7{qq+o!Q=?f9!X zr(8#==W`MB%?jA*NvL+*>9PyxqzQVXUXwT(uu|U~dN^(@u~Rcp5a;Ja8)nqS+MYJu z=V?OCh@&$wvV9tsxkJAyfUkc_rkfw2hjkZ`_~%Y@z)fOX?@gR@6za85h)!~8J8YM@ zST^j)94L+NUD0esnf1`#6=1YY2vJddEC@zkB;EJH>!UcT+IY$#pd7ZmCv!Kit>Vcm zYs#HyH+?k~tKy`>qBMQkNBi!+x0?# zW^HmW&*_hTX}IT!H#|J8Nn@ldbd zKcYL8v5jj+pdYRKujY z)xwaLcdkYVeR$r*?$Y90RaJAlTn8^6liF?)N5q7QSy4|!jVEKZ@{1*|l14E`Vt85R zFnV{=n2WY({Ktwbwa@&Du_YhLOanhofwPwKOhM2k>th9KW-Uqo1P(dB@^Lg-(Dvq+ zs`(DBJJpdFv{s*3Yh+!2o@2uO$iMKF`LviH46dX&f~cEgd4Niqbl;T6mcP4(Pp0IG zL@OrY9JIAqiIe0l=7IWtH6DfH5EaY0V+%lOD~$2A0n_u#;Z%a}>YF79g;Wo8Q%$UI z?vv$O-e=hx>VUaDStoqSUqg%y+aE>>DB0q0fweRGkXU@@iMlOPpS`YRmSiYjAG?yI zX&YD@pzJQcwIR(I@D4j!iEhoiT!F1T-OrOGVrEnmOw6!6to*E0Pfo()IOy^^3fyyS zvs>~qmz3#LJn64v8#K3B}^R;Hk2sj|;d=qf7BNcGB5BR{TLCEpgho$Il4M zX)EVZF|q;oO<=TId8&U2@074kk{%vb6IeZ{8amCOZ+V!Hawr^fDTJH_8LjA(FKT&V z2Vv^$F<07Da0LD>3g!yyE$O-H#a{Y%2T-@pafHUVV|hxgZ*0pmt7 zF$DX~1&`I``JiNQ)jdB~bxmkZGMgXAcTjwuHa;gbpXSig`DPK1bjkr*W`>IA)Lw+6mDeC7#_^rh#;8*l3x6+Eu|gLDUv;&d-v%CJM+(ED+iju=-O zKU)%u!P@<_E8^C*VBaisq~eETay!dnlTF%Ggo%Y+fwB6BbYC7R!|}F+Xm_~nJ$5u$H6AV+Ki^Y^K)xU~Qd7;EnkvTJ3n6J(UrWP#sFXYp zds<|MBFg6o=1amhUWLD+!*OWO#L~C0-%{bD^|C~Y?oY3@JMWx)eVHbL<{YjXHg{No zLj&_QQkRLG2w7ck%ReBNQ78*<>9zcjx$!ya!GxxC_?Xz>4r=svhUm?k-UNkKm80oi z1AjDqX`h~MKx?q5=4QF+_L-pxrR^=6Mn=oyR1eoHb|sT^p_6+XlM`Zo#-d>in1#Wv z2%oKzHdvMJvjJfaN>K$h0Y&cs6p_2wByV)Csl0N!QSW#6$~3*v39qF3AdvTI8b<=> z#%0cQtY0W|;a0S@wJHHY2ow+egR7v!Q9v}R22Wh2-)GxoNQGyW%d$@@bnuV9tGgA% z1Fji$s7ER~r&tt~_rxer!z}z%6J0pzHkmitVq6Aa8S?+8YNNsXh7w9q{0v>R@ZMp! zql55Tq_>aNU_~+80&hb|BQYa<=ezBLAP(0(4Wd?5K`PX{_w=EcwnXt;xX_4X4I8*SFyR>93IcWS7#L8kantsVhGx$F*1!O?uiYrw%d5>CvdB z0ZwSKH@*2xB||b>=NbsA*|Tl!G4uMuWNjA)@9?!5(Zi1ZFKX)yZN?!l9kj8?^V&Bn z^8JrL3RpQ_iSO2@$2JIU9auQ~(v5H~YT@DOY5e@>gg|n(0RSvcrF@w+c3@A*6;p^L zw_mP{xYt z_fYz8I4LyJ;N@E1scWrBLZOe)-OGApyjj4P@UmGY0hH8>V?_0sw-kwEQ_)ObMkNF03XCC{U5KCt4Q;c?&^g?`J--F6x$YQD}tJKw9(|6=FJnfU;Fv^pyfjb zY`@()IQ<)$7*|3q8yYlO$mf}7j6@6ekO}6fCJppn{*qL!3Tq;t(jzy}qn_F0AWF0w~MNe^BuAxFea@an54ZKU?ZoR$mlXO7MI%2Olh+Ey}n1;0%T$6D5UVoor6e$o&Aacj@cJO zFcXp*xtv7xG}DAj%l0$3AB<=!zOlN+Q02WW)-JJK04facz22&2IzFvrUMh^=H3hO> z&UL9{OwPgFbi_EW^2!OOGD~Nh5Y$@Wb+=OH2ZwHT4YbW|*Vh@iS^7%gqAuDJAMD#| zj1Z$(;!i@^sFor*<2#42X;qFqz-QR#~ z`800XGm`~smcFG>V0}8=7Cx&akEo~A%B8k&{ekl{8LwOKTx%G7% z6jWE%V8dGCWThS+&hG@34mjy6*8InPcK7EPEn0*D9p`)^H=J3RlpyaWSYslt731*)#aThDwFJ#n17N}Qd){b2Kn zV(G<><$Hu6=Wd-C4x>`7u&|f^Ext9SyrMtfa;IEA>R$J)HVMwLp}f0Frjw<)^-H(L zYW^VChMpTqF0gV(aJuhY8RfO-gL0^(q6S28u|JK?$bC^?WRhp%+c85I&Zc@p*IbVEQ!5OLRp z`?@Fi%1#(S$pSo5!juz96g01s2a<+iK^y$nhpZ3U- z=1ar0&Z>MB;JfLR?W2sB-n}quxbz8hoBW=X`o>5+#ew>56xlt;Z55j0O+zSyzTXe? zZE#~9?yEgGiBTHYqWXGB{q4`M(p?t?0acJELT(2du@1Vwv(wdsJOe)Q!`E=l-4@mL^DCD42oO*x!w!qb{+lGHXA?OKY~6$ zkwJ^8Z4b%;8PtzvV3l04PIK-*cxQTiT)ODL7H6bZmS&Ik(8NdmSd+hP5O!TC5D}H) zNOO3KfA3xPna$_spuaprBOyKh+`fZLAf!tQ7uW(1Osgdxok{%38;@2v@Ub{e`hFNLc1jV#rK+MiiB@ zbqrLBQlkY-=7VrJBM`2bvgl;vfv{aojU%7ks>VUe}s_c@Z zeDVQ=dDz5@w2r+NSqo`PvnsPb&O;wv8!G9)xi0iM+^d@SXkz}dOPU?&3$L4!nH&zx zog>L7uXzVhrXI9j^c6q)JbZOQ@EAPr*~&vq;_#^j8D~l9+&#YA!dHGO=@Kle-xW*8 zdBeCHKV!Q}Kj`~Gpk*0mH-v=#2)Rx}xfEIut0L^ft?wm$MsZ zaq}uBG0k^{Onf_qgY$KSclu%kh8IbKG&)&~_;&bh1JWWZ*}+?WaeMBKu(?x#0P{$! zJ^tik3torJF~J*lpHUy_pMKAi?=0*bn2_aafB&eoWnpxC@_`-ZLxbTBnEVe+zt6sv z%QGeAgMIk7k0hYv_gU8*Vep&CBQdA4vXX0V4|WajtAq4+ZGrvkS58ZEhs!2~$NQY` zjCSym&TV}eFm&#HSZL}LJA6HM-OeLEDl>inCGZ3FRRv6U)4u+Et4)*}q!_k=J(JD+ zxnpyukrTtG&O*+&pZUS&9%llw06OokRQ^D9J-KNl?1d2Gf85{SW?<~~CGkQ3Yh>p) hUEerNMtb8K*UA0ziq92uvbTVrmAM_d%+&qz{{Yw%NY4NO literal 0 HcmV?d00001 From cb3c6ddc940ef4ace2c47f78800254d251876dd7 Mon Sep 17 00:00:00 2001 From: Vivek Date: Fri, 18 Oct 2024 21:56:00 +0000 Subject: [PATCH 23/33] Update doc --- .../high-availability/eni-based-forwarding.md | 2 +- .../images/case_for_tunnel_nhg.png | Bin 65680 -> 0 bytes 2 files changed, 1 insertion(+), 1 deletion(-) delete mode 100644 doc/smart-switch/high-availability/images/case_for_tunnel_nhg.png diff --git a/doc/smart-switch/high-availability/eni-based-forwarding.md b/doc/smart-switch/high-availability/eni-based-forwarding.md index 41e59101f6..97698dd719 100644 --- a/doc/smart-switch/high-availability/eni-based-forwarding.md +++ b/doc/smart-switch/high-availability/eni-based-forwarding.md @@ -285,4 +285,4 @@ No impact here - Will there be a packet coming to T1 which doesn't host its ENI? Theoretically possible if all the T1's in a cluster share the same VIP - Will the endpoint for local DPU is PA of the interface address of the DPU -- ENI_DASH_TUNNEL_TABLE schema +- ENI_DASH_TUNNEL_TABLE schema. Will VIP, Tunnel VNI be part of ENI_DASH_TUNNEL_TABLE diff --git a/doc/smart-switch/high-availability/images/case_for_tunnel_nhg.png b/doc/smart-switch/high-availability/images/case_for_tunnel_nhg.png deleted file mode 100644 index bf593f2f42cfd1cee1d974c79eee717aa15f085a..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 65680 zcmZ_0cOcb!{6CJY2q!aS)vavGjEuNaWMpKMhQ0U5CJmt!+1s(n-m9YGNVa1q*_2u4 z@A*FJ-uwA|KHq=t4d=YiYdq)U@pzs`>Z*zqWK3jucz6`ouKulohetSxheu#YN({eg zOfB|;|KU4pD9Yg#cAlKW!(+$0_V;Bi597sAl2>$ndj~&?h%WQq>b-UC@29Q0r?iQ@ zk8*EP*QRmu529#mTL<^unkn;$>6kaiirp#tl61dVol27-Zw-9B>L-1!Q$n(%UTABq zdaHB9GkNBRo~e0f!kWaJlAXyHp5HoRh1xht+5Pbd{?~uhMFKoYCv(k|-~F#YAukul zmlHQ8Bt*&L;s5{tlglehs&nsFuHygx6H3+}74H6j{T?rXn;g}m&G>5m`2X=p6npR# z%m4Lz*_4k2!4BHQSzgF00v1W@zPFHzSljR=YnQ72NKp@v_Sw#mJIl9pm5BK1KM$B^ zhZT~zus(u~+*L{GZOZOlNcP+R_4ulikFf&Plo=uF;TiQOT}Afe4X?2p%L;w7@*?xR zm3||kzfY>1jy*W9Kuk>@_M*Wt5pr{Tmgp9tUd{<7rT}TbbZu=8Al27+eggAM{}}%M;><*d^=ZZMGAkn6jeU;du}=clx2kgZ3Hr8$)MGjcS+VbZl!NT! zhEs|HjK#%l28)HoURH46?kUn5U#`lKN+wYeFW?GY7u6Kms8)-w;FcWE0hJx0-qUT- zE&)Q+`&@s&iju93OLl`2_kTK^j%=TQ-(!b6q${v?>)vOXCZz0<%J>5Jd1&kALNByb z7&b7uFyRw2U2ob6jlPk7g>H$_)G&zR(kN~N@5}Hw46{NbT2I3&4rn-O8@L=!dra{m ze`GRfia)Qz8+kg+dePl~47bj^^8P4(=BdAV;64M?1LP*-quJ+3_{k7UlWiarmM>I4 zp@@npat|0gh3qRs4PNhaNA3x7kGcfg9PI|-Uq@47?WfuzB3xw{a1RwOluZ>3Z#>83 z-Z96Bd(t)$>14Oel`<5V;VWhK6HTudU&Ih1HpzaSoj2_C!zrV~^G}h6^WSis$w5AU zh`<#8Wa;?FZ(py#D^n(kNWU=oKAdC6J@N`6>EwkA>cTYelt?`MlPmbRUtc7^%DYsK zx>-B(c)xvl`h(P=U%U_iTWVl&M>ZkCFpDj>UJ%k#)pGV_eF(d{tIy8+(Av`SgG;i- zCFC)91bWo$!R_4^pKrn?mCHKNpOg`w-gZq{L)N87(99k_KWqK%cUK;aOgRlaFB(U#FpjYVyw6)s3u7# ztdu^zL5}qS%`H*GHxyhf$lp-!AHt1ZA%1Lj%3s!(NcTb9_-phG@fLGfu6yZ5Z4Oj}t7CxA7c4 zQg#Up!pa;Ig&g5?!ofWBU;O;Y_E4PiO$Y82p+Yb4-}B+#M*0GYEClp1$QH_JCrHxu zt=4$q>Fmh_yGBu;9MJ=~*KHh!HAYCPDZo=s5$(#Hc&(=P7Xt(CSYB|zBZ!$Qf1gnn zTvDvV$OG7&mVv)KV=mwIJ=`;PgQ!-1Z@C=Va-xVDa;-|#-{qb=^WOYK!`YP77@ zPx&!BTvHVK~46Jf8uZKR(Z`hs}J=k44ho$K| z*j^|amRQKYL(X4y>y)eC-o}92xX;!Q{Mx>qxAgic*IeolRtTBZ8!O{7HxrY6w{z-O zKk{tu@2u1=#F+Sc8r*xSov$3jZ@YZ($#4J8C+VGh+xm_EiY__wkp8_7=aL5v?CbB@ zH||wn#K!O2UAk%Hs%>!p$Gbb_Ay1eznJ2=-*sxB9m=(Je+|wK*xju3sWyinE ziHAtN38hj*w-W5fJ`7n+iYs6{!C{g&D^<{cag)k4!pjj=)Hy!8v5Yat5|p@FT4pXSPF-ecG1?KRXekEFAFd88f2Otd9PbDN4{hjowFl zO{Gi+H_M&adh(FqHBV7pwmH3*nFzruWJ4=1q@iMlT&hWuySTY{PBB`9cYZiWbD&4Y9g->_^ zZcJwPgtK`o(^eVt0zC0yrw&(a>NHSw;_kz$c> zdAO+aJ+Pg>wgaQlvnUb5sxMKC5gi`Pj4_tbF&Z=b6?ggPdXHM0*G*m0t@o!R2JuNw zPAoUhBzfClL6jjvBw$PJQ9~>ypxcyNsCl3OXSq_P47k{A_NPUbS>vH z0@FF<9}GISvFNz4)0GrdV6FJS9%GeFV^<4E+6>q9pB7M)+IX>4`bpX@HoH}|U9|kZ zX6YNV&V;#5M{*u4kBWCzjs=a^(neOwN1o9d*V6O|X)NZ_TBt)@LDrcRth=g$vV;KC zXVqpe>E`n{vozVt|5|^?U{dyu-k<~HuX!M%tRjTnz4ztqql&do$=dPfZ;E_3^4`m! zOgR$7cpSm9?2WKYddC^Qsy2~NzVb}0O+~-K8I=eI`AB-DI?Zonzzuxy%@B z0x`C?_b!#xy86N-@mP6WY&N^fPKKp`Fp;kQgE^K5#hX~`;lkSG`AzNNyHP5Jqh8-2 z09c#&{>n5c%t`a_B%iF?%w`R-_bPNB4?aqBJ8|8sjm5o6{*thex)7muT|Ehv#4Nic z`0;Sv`_;i)K@^4-XrGNn7q+wBH8mVuEUenN`%8kzT9L(7YvI9x zu?ejU*UxSa{C&Z>uTg3hc|{FazMfuc6*~I|3GPLOLw*N)qXOlBm3eP1+u4_Yh&orB znYxd%gLS(M&>4j1#yY88`VnkEnR|XsRXtJKr)KWfBiDXCvM(n3CI+M-T9idyl$fwpPMMhmO z>ai6Z;^0NncMkK{^;KakZ)0+qj~)Jg!(_qlBrOX5SMKP_6I5`TZ^oz3N5>o zLxaAYw3_Ah^2W+VJZekNyB;n~BZH+ON-*4Xd&; z%Oa#UUy<{_krV%9HPIBXIncN-vigab;j1Qi<nBRHX ze(A_vW<+xFPtHX^#IB+MC5f^%-wnzyF^KyMV^BFO( z^H7l99j79?t$#K*g1bEK$MIud)))VZX*ipw6_0hX2#mh544Gp&{c+`|I5V`RO{e%& zSig1IUz(v}y!Gqd1?SR|Jia{2Vl;avCr;#ny`vg>A&f<`LS@E9JviD;R7`A`-oWNK z_Qzjx;(RfEm+82%I{f*Z_j?*_$yn=yIMc4k?JVytyEi(=cq&`L3H#}~L&h7PXbwux z{kC?I7HYe?6hL>|qh2&9lqgKeb+fAJfW*->%t0gw^Rihucd1R)sIW zhrZR|^(q}>&v$(I+DAJ**5);3#mqWh^#?Kb7DmYI50?2EWO5`huxNwC;|)FrY7Bj*WHS3d(-VC*hrrCZa>p91uu;p62YW>Z+w)6w zXa}W@c@~M81ZQkrq+@h?t{*zV>9OQXEp!w;kA(Q;ojS|vC8P#(A8`yNe^Q^OuD;Xy zLC1T+^IX>U_>3G!!n}GSgUNkIYoA=@z57tH>HDn&)2KQq2XOs@>b-sZRnHyVR<}t} zEq!f?XrzO92B!J!Zv_ET{v!qb_{XNpy4hMqz64N^Rnbz;O$0xpIak5a{ak}cDsFUI z##W1At^vx#ZXyrxmAr!Te*JF7*;x++RyRsM3^oJ(b5`Wl0~WYCP)jhGG<-)M^Gw=E>;t?I&j8Mjn$P{AC8_ ziLP=cL5;i90&Y-fRK4LWOQ_KO>|{t3ATifFT&sc~8(62v=2KSgW6TnV5p|hW7qjl< z84LU5IMrIcxznC-(Rn0Hth~)W)mn7Sj_n+oj{+ zpAVsUWO%~0o;I=CBfRYVmFi3PV8iOh@L0~RrL|8oVoRnKZ>g1aLn&Dv-z->gi7>My zdLq5Gw>56i7S1BS@N+(|$YwHxfpTvI+Kj2de3OIif&K=co$A70kd_SV_wOaw%svrl zDDF&@4DHujbgsF))aM-JN>A`g#5!7XT6j>J$O6gjJ8Hg8y{@Kba#d;+8%it&3XMM3 zJoh5WKDP&#G{<&YA8Gg5yH3DQPtS+1696ir4%=A2Ou^ca!ZiQ-z+fbr#C)O8Imc#1 z)R~2VR5;1sZ^&0!S$WDelJz&VLk;og#W6w*lKFNC_8rb*I5gs}@QLs6E#W7OcOD#Z zIL)u7(&H^>fReps2N2vC8Dcch=%0r0%50v5G)RY`HfC7d#LW0w&%V8*w;YN==kWsc zQI_!h422x1WD&1&Kpt=m{>dH!tNuZJ#^#r0^p?))hflAZU{hlXm3?#cr+n3wZGEi65rt6PJ}v;767!2A;|Lt(LwHz- zqKNnr{wF()?>x=-E}xX4Z96{21dX>29IfHSWu)GNj}?Y(b=Oq^c!kP-1fOL3tM9wakJcBE^hsxY%XVW#5wKtDY?J{O~ z^}4TY;Xr(w^YQngcqVsN&v&j<;}*CNTiIYcqK{a2$C=11Mw4cFg5E)WVy9;L6RY%1 zo&qGHBHu&6XmY{cb@=q=k$?_6E5PG8X-^1-6)6`W3@Mu^@cUoiX$!P}ldo602(h-rZ+D7q6KS;Veb<-`tP9F*`m}Xy>t~R%2dam$ z8rOxJFDoCj7joxoJ(gW2+T}1bj^3W}?ZU^^UD;3IAdLn+IpM?A4cVV^80wxtk26c( z_xK_-6<9i+OV^Y$X5=>X4uH%nVbDWM^19qI_FfW^-2MJ$3DR}k!Wy*rRXY_fx!6p? zRtC;pJ3ej}Z@bv7EbvsQ{FGo7#dbRxu zf((nACP?daHaME%8;ZnSVe$O>Y_sVIm9DdMDO4H8Zp}mtgV0BhnB{j$Eb!LuuC^~h zbg7W1yqGa7-p?JZd7AW#()Q_hfTgSd4G{Ri5#)C90b@X6IC`1RF#{3R^ zdd83r$;3)dJg_QT?D415{<4N(@KqXyhoH6WJut$TzZ}Jo3#ALlf8fCSphcX{KF2CS zw(~$frLgGRG4Z}4J$nXYk5s9x5$6h|X@-RIWizC9@&U6Az&FlI1E$CF@=G3XERPNY zs!;L%b>Z}N@kZBf<-pUD9|2_RQio5W5J_-B{7RPn9sI<_dNK~+t09`M?v89~5uWR= z9_NB``HhMg@9k4-hZa7yQaHg zfu2^P({eo;E8&O-2VdVAU74fRB64ut^2}2tMZ0aAv)`N|9Ljc&Lv~&PuyBc#Zy76Y z75{SGb9p~NVbI@_o@m|wqJ*uT`tlk~0e!Gqaj_>G3?Y9<(dZ2^<>MM}j z%M+|wTj#D8kkuN3#N)RR2cPh~b3F{BT2T7y#Im`=B9#d1rXxb)dMfS5-}`*1J3`Ez zBfoX_{1LvNN1kC<1YUOBUYpO!2p8X?cj7JU?PuH877E@0pa$xAQD^TuI&MI(ipXcR z9vox*LTUd>*z!5w>$lVj;~tPi?q5z}gnNDtPW%TeMPTn>hkHGarx6Q~3dmnM%JAYx z^ne$BX60Ma6W{u7iw@AJT{0yb+8pz?-!dsac2c}6OD)+>6Rlc~^yteCJ9dCYy%{O# zT_|cClW>{s@@m&H@wq2Zzy92|?DLi7t_NNr4o^25v{uyU0f3c#1Elr3NEL7tn{eiWD|i9K4DYQ-XJph**?p%! z`O%8l5%IQhsL9>FK2yYk6UvXLU3C677%sUyyBSdXEzVlM=(Ds_g!Fc{)XrilzlY|K z$JEo&N4ZG+9W8=V%-VaSPe*>C{>x(?8}LxIMGQqJzt+1O-s@*J9k}HHmWRx0ojsW$ zgtHJXsC<=wOmqnYLSG~sEmu`6_}(wg`r=L-5tYl;3x?a@;_dVAw1q2}@Q1i=e`;Ls zt-ahRF-Zzbds#1tb$Eo+_6cYph1*r`jc7xnt z_?mXC2$KDl=Bg&?jQtaa3T+_|a+=(4(vCl_WHjgywWaj$Z!Afv0k>s^@PP)ewsCJp z{Y*wOA;CYHkgREYb7|p4uE-Q$C+e%Cr|OJszp6>hbCxD> z%pg=_Mv(76E56$2@RvPH)J@xxNznz>^s2NY0FQ(Ymfkd$R0L0XH=@zRTYhVV zq!V8n$qj*{oJL5XnO392TX=z-WA2Fo`j3eqG}>%BxUqO|y!TG4)L4}>9qfc3$f7~N5+^k)Tm>MT z5{bAkG49Oq{YYb83UX0|HM8?Cq0!V$nUe*nzz6}3A&FEq&^-SS90Qi1^u@~A@g}7W zyFZU#ST(R|&mj;h_eWuIhl}Eb-L};t7)SwbipDXpyb{KTFYi z|1J3&Oo8dWcjzo{#ce*~p=~<9_E)?830p<>9fGlOv6G}xd#^J{aHlc-+AbA8ro_JtQY~ z;FVEvv&o^rC*(%RnvRIt!~1^-HPB&kju*g0?$J!qej_Rf+GnyUwFqUVKU#qG8=3SZ zqJ&4p%^J^$CG`TJ@`3bwg!Bh-4RYk@@d$1}IJ+TtA4zxFQLxU9iM`SfZGX8fq z4K`Y%;=tuE;0pu;7nzfPY8gjg!D`dseRb@}?I}UV%#{>up3b?}DSoW83f|`0_8g0Q zn_Sh$-74n8{Z+v`95bsZkxzQ<&(LywLW^Nc#(?k9bk07FdhFg!AT*$9zj_6HpHb23 zkbGrFns%j!keTraT&cgeoCMyF%HQv%VfEz%vqrA2H6@Xl>YFCP=U^emgmpzm_c0&a zANHu>PSgt=sZTT69C@<>A>dp$MqXP4kXO+fk=1c{ii)8)7}f*l1W$sbNVfc)eN?wEIE z`%^^S*Us~zPG33W_r}Buo~oZfukNmWif=uuOFA(xW_*bei2@UUE&s=A;PjQ~rjS?# zPCE9;6>D;xgDP{IARTRNosJH3ri$Bmi{4zKNv`m;h;UoV_pWtY-fHz-Ym5xXE8L!H zfsm6TL68up&!S^>*gLRaheC4;0uJixYdj%ZD=~2znYeE)Vm|9Jw@_QXU!GL{+GQTC z8H&Es)?b)<=_vBTtNus)sRJ{ZkaNc;yp15~!Cx*Qi((}>*{RO#N@O3zdgAzY@tCq} zDbG&w%;sZ*jp-QMK1*A9iIptXAQFR_<{;~yTewE_FZL#1hokHozYBmfQ0%_+f0v0^ zTLIA^L*e$9{b_VF+7mxvYp3+AY8j)7iUPC337x(3Q%51>hWS_0x(*hbep~X6y^iTU zBxCUiOc9f1KpyguNcXvZJw7*m6UE%?2#PuBTZN&1=gq<}CxyKcAk}uRKW{62)4x-pfmhbF@+{~Ru#}Vn|{~h8;HbMIq zA=(3k$%<)3o~Fyi<4)zjiR2q@1suK74*NkTXzMJA4YlxQ>~FjlEL`~dq0jo#Aqh=d zOj}NH$?kVccO5M4!ekXh0#tUU|JEDo(#hxAI(Ret@%v66CJl=#1PPkVuGyIKFTp;|yEq%467R&UE&$ zfQbHzv2?nDGy&)Vxl$YmnFS+-H`$XSk3`?x-qR zfZ^O<;S!3AyDl`@LS|~nrx<9?5y^&6P_-K-B85A;t3|K_ueJx#h>trT4LfBIa+cdH%G@4>}bizhYgUuL+Y{9lp}Vswd=$kB>~)NlmIdv zQ-3}k`mso7{DTs$%~0!|3&BJVHMg%u_}Euf`whHnin%{ z*{Z6Ft_g;nh8Cm^3K@3%CFa~lw%rg$hdO3l>LATPlsYU^vH;-V1(Xo3vc7d?8y4v0 z!?deSQI=8KcWG!L`4@EtW$31a$8e@~<}h{r*P1c)(+Xn;_FqtuV}1iU*-&r@kiv&` zu@h_uEJDTauKbLQZcp~xo&$Z|*(WmDzhcs@e&v`o&D}9p!kHeXeYWS*6^8GWn(8w3 zMJr<~ETMh1{0Mp6kNrLL-Z| zvDtnM1XGnw(#u`Uu%_QXI4^QoVHCS<{ z30_Tv?5n0QMxn)4X8W?e&EZcH?#m}13wv+cSliiEAUH0fVyK zZS&2yG-|JwjU1YZY|Hy@mQsj~bbSL~6zfXL20XR$W-bdPD(@+-Z8!1bVpS}_-{S85&QsqOje>g1iejw;1Ykz)u zGP+^hg-ArI5%zwdVB;hJEz4sW9|1F7ggul2*3+q-WA61y^2@{1i?DbqpI*TJZGh(N zHQchPnae6P0qXqKg7nZym#)jAKHKY}pY-girx&436!YQLYWVquTyk%{X9?kZW9k5? z>Ce$bXPjUvWL?@4b=+?6_ns3OmA3c9E)*m*9~)-tG>K5vU+Nw)RP7sq&f?HxkUbuS zY<9-~DjlhCoWERw@80$h&<+++VCq6|0~G>>0k>E(bK%O@n63Ct+t2e;?CT57xD?1` z1C2N|>OQ_?mV4%gFtaUCr4{>oJHx=n+#(mKD~=z^ioGBAbPH=;R6R~kPvlOvKufm& zO|0>?n)I)?s?xvi0`9kCGg9Sf=Vnkm0-U|u8w#<(*KMrUQr??o_6@&U3#-2|NkTu0 zu%NaS8-ZIs(1aE?sLAY=ZD)DL~}304ZE#>RvhLCJxT3ay;B!hrLAMsCkpI$|By#BbK}9j zx8y>8sSPyzWs)m(J%x3vN@gt~v)mrc>#{!=+jEYbd&@+{zn$za6V}69wOQ|_2bIR; zVR?yLD_(#E^hte3liE&2x&CKz*f~Iou_3bX(SU@1{{0?@;mw>S>UjXF= z!sV5MpymxmTG{EE)ho1|03VMJ5N@LlwvLZCy_m%vQbIx^LY9*+I%gGBe~YW=QI(8U zJ@b?s*fS;$L(=Eb$yUUMx{Td-*qFP0WNG=5sgA!AalAci>~QN4(g#aHN)=nE@2nOu zJ*f9D{0TBaTsidf#}sDRK|fS9zkU;20XmOC&zZfFOMS<_n{xaZM_6JxHR3*FNBuFzoAkQ3@ZEpPzm8INO>VigM1dB>u(4mED92_nI!J`cg=)Oz zB3mdk)KR`s1jnFj%EmDwQ1UK1d7gXeNL#=$$Fa8`3y%&fhD&|r7MlLu(Bk57AQ)yH z4Wvx1CIheS#nMmM=gRz+QeNv0lkx5?Xm@8_P$tNU4ciF0KQc?3^JQr*2HyOpic#rM zS#mrUU2NUt@1cC6Uh2C`Q&3BlIQZp6kQpIA1cumZ=`371TAGmsd87HEC=qu?IRcZmDykjUE+Lhk4kxO`3tF;x;LlFE^R*MDHOz1 zJ>j;m--xzt+}o@GX-Li9k1}`T5joPWCt6#tZO2dhJeWp1j%R!=FghKKC{SF4=sK@X34uh;@Ut+XITcD6jB9FR+X(u7N%CFHzx zi*sdqOYT6Hj8|voA&4c5-|i3KOcV_u*Vu;8-OSF|iEYrioDiK@vM$W>2C3aF?Y@=u zxg4YWEk!}%%zMBz4O@xBzMWF1!snyuTkVMzGRJDFN%fu0U&W>$IpH$Vl7mi~_vQJy zU{$$OH5FdUY*)pxexBL3>>2q)S=ddEFMv(XZC3Q~R+zqd5Hgm2rikX8sxYRrCzTxG z(3Q18YH5UMi^$w&fV(XRCbymC*m+2#-rr))4ZAishwUquBN*y_3HbebQkxVg8%Icn zREH`(oS*6cIr0Cn=B~8rD6~8k*-}gvqwx}Gl%=}Ze=bOf)??D)5ESDfV<=gvUfi0+ zUw!P{B!BJckM;uy}2WVuI8EwRW(rIdH(tct;XkcsmyGh)t#Rvu3N_ zO6EWr$LLg|26MVT|9_)1i08QA{y&(e}yHMBbKF3ZJMVK{WEUdT(m0PNa{qSd5{{%dL*$lYYzm6Y@ zaQ{9^7?ZqRWX@&v!g%VwF-Jm6)$I_$LdVwlq<>H01p?*AG3em1RYF4H9X<%G{C9{A z_l+46vm~55UcC=@PrP(-m5KkqIrSOzQ%sh^a|m>!ekb6z(1Z&r$gKIsDi;c8aut;I z-ZM0zhg>-B)4pmzg&y-p6%8e1z+J+ch$S%{1+p>WBjL~kOyv(~aE9H{v+7rj-o!2C z@Z|mj6OxvZ5yqsI?7oOekMwV;T7e?PyVa67!K~%CkQ}$X_Xu#5bS1t4Y1_0>UC(U}AKL33ZT_}QmJ!f76+lL&P5Rm^wM6)ZTZPtH&$f3qv z)+VYo)9N8~Qh#11%LtcsFU1i#ibw{;h=lgUGIspyTw;Cu^<=$UaaTpwQYAr!iuiY) zgwp_4U?X9NU^h%UvO9H8lP(mN2T9DWf83vWH~$?3o@OhJ2fhpCYaK!n2q{w0%4Dqz zoc*1?(M& zH|9AvI*wLLe!tV>bUBqqdvED%>l!8MFFClCUvAB?ZNr+fdwZL`U z?t518B(0^2AA`vf{70RStN{yYsasmE3~A7^0}efu^Jhj?>4es0!QeISdibD4M7@{V z4OEW7jiTqIlfWFGk_2`7s7)0RI$FI+84$C+#V=*2hnK|L)qDUpfVp=2%CX71P6o26 z8r7te!=dDd9T(2Hvk`@f)P^S@_Uw@a0dnnXePtSEO`b+vv@JNY6X?9EdoT5kb26hr zNLGYM#_c|2ZeHrKxoFS0fQWU?>_XYVew^G+4^CE39)ih;7fmlf*-+UgQp z=$Eo43V=&m-mco-?l*|knSP*28eJ5o3z3Zbk!6kOz`Y@P zFF_+$S-V`*PCM(#F#_UF`ygTpr$+RUEi_#9--SV#>&G4Nu!ImnjEp!+Dt$Z`v6if5bi=xTn?6jV{xb-fixz(o`&xl|SH6yo>G89@} zGwY)I3h$)tyv+KNYET{a_KXDhu34?WQ!w6&YRX3$u{zS_xZ41}n+)ycc zr_4;>lK$o6&Br~)HgRX@d5;huD+Xq^Z;1`9XCrZ4HXtsr{ML`?^f8ci*_nu8j)A5= z%(i+udRc?WF8#_=tJ20~dz zKyXwW?C{%m!7Vk@F+}?;20AW_L{JK5Cc-=df;J42@#Iew4uQ6Lq%D-yE8F#3yxA;Q z-HTAOkME97(vEO-^mK?|NVR@}K5GP@Ay?jYE?65=qDh)IvIrrlc$|aN3OGqlxE0v5s)_M` z;!I}6AsXVKADuH~zzw0ih_CwVbGx&z0?+wHrr(RvU(ShjBJpCS z6VN%?;Q5jPOVfGaU@v-eWvqVG38TPZ)ElBq)=S%B`2j7LBo`{~!7&1z>xY5z|!p^!dV#A`3N%jW+UMUxFRtQqe;X$*4q5f8xRB ztw4|!!JO!|%paRXkqv%LxtH&xgUWX7Ua_>7>_f-;S@MF2bU?MGN;v$4EpD0(aT6w_ zE_mG*gDW6K7#`BJu-yONY-cZO-~W;+htWv?TQ*8n=wn^1v#GLZJxVq8nVGBQw}eU; z4OdU0!LlMOcV0fVRfw*viUuN<0B3wnTnxQ{(*GNV}n`qA7bd_Ve(UB;-5Sgv!J@NpR5eWqZwpY+c27E)$xQMbN( z_VqU*gIM=pP(40Z&%o6k0XGB0ITALlHM7$llsO_)uW3hSq@h&bNxr(AJa9b^8k3sL zq;$myx70{?!Jy4sJ-qyUvAw2Lkn8dh(9b0`$?T)0W$vbgH^6O1vaYR+=7TWyH5L8J z>WV%L2ibt*yQaSMyOxJdVKf0ZqA@HlD>rHMi(pW6xK)u9rlzOc1Y>0l`daIztm5k=nieKfd@R}qu0_~#s1GFKAsux=*V9a< zZ_OFPJ3A}CnMJ+e+M+F;j}u~E#T#$fsdD019A{LPFl zKjb`aIft3(hD=GK()^iPnb#B>uTqLB6H9PULsQC$14uYJW^R0AFzeQb`08nviIh(~ z31kMW+aRf{DpvlaaRZfEk;kV`iO693gU->?&%e0AqMstGx@GmDz}+EmfO2U(OPWiU zoJWFXBf+`T@l&scQPHgWBSe&JS9Fms#EOj0Z)bSC#-tsJ&pqpfeXk3z&fj^!Odk6| zuU&b=dp@c~vPf-Jt7}$9cnZK$w{tbz`D+48+CFjDvhTf%d;Kbeny!^ASo4J9e>$xc zeen0b=b6Sx{}WC?Hhu+QK4Vh!8~O(>Z0b?;mX_(!%JZ@hvM)ecQb}6^J+i2I=gFR; zayGrijk^l%m&*m>8#z0AcqK3{bZ!CRXBkk3cHBI>F9(7g^opsi%xzAb91F7$DB}gObL;jJV< zcqxtqGIY+jO_7vCxgt{6{Fm1eMhMNXaTC~o{H}& zAjCFj8Oh0ZHD;?iW*3Dw_oTUN!Wdpg9xn;%ZwBbq&dBPVh%K?U-g>eDbPTN;-e8sMRvHX)(JFp zG$;Rz`Xb>d1(Ap#0#)3htET}Cgm9l{`rl6fdy$?X{c3N&ddTPFpA!Tx^oFU(ML;eq zjoe53=pkF`UO-whKA6<&hc-)h06lqX!*zZ3a|I-hVSDfsVd0!fY>J@jG++|>nwm5~ zQQ8I1q5gbyWC9fUPSJ=q0xEo`0MJli5Mdkv4rnIQf+T%E{-z(4kjNyfUZd}x4FE}& zdm~nP1!f>;YY;)Zd@2GN*L!2Hxig5kQGa+B#vHL{<85xEle}`50CVSJOS~_vhAt>E z6k)rgBJj^S|8okF8u$kv&#Htk@wXErPgJOh+439Q~(L zdTx2WrQFcz!x=XKq_G*-qHG?WiFPRW<{05ZC)|eK!lXqlqeg?sOjsmVPMl6vlTSP1 zUz1t{M(Up5u{mH@g+=mP}N_eOpS zT+yCjf5^VML5)S6gXSbzm0jbWTfC@k93sN40FV{SXr5roQ&^Q|eE`Bdn@^Y4!jSsj zu42gflax6!83;7cATo_Y{aTCpb9l-ufwSqqoNS`3J7-zNF(d+xwgfou+SIv=s#U<1QFjN^sr8@7BUsca2U4Io=w8n zd+~KBqH~RgnO|lZ-@3g8lLIH^t1ubZ)j#9~Gcrj=-T;i7wh&gnxVbmr>sE8cXB4(L z>a*HE1N@q=X1(8bPqLvAuv0IP>A2AYFnDAD$TW_nvWbBF?w3TX;44;toc^ic$94Qa zp2!KnR~s{;dC2%XMHesT<#cwb8OA9UQ8-&M+Y|?IozV2poKS54YbMs5m08s075N~o zx@A^u3mO^jBQg zfd$Jj`D+YOfg@&FvuR_swrJI;(p|$Q&wWEI2FrbzmH5D6uk39@I4fYvuwAw zmX`$h?U&Sd!CNSHSPw?ZGlccdI{VkOP*GE2WgG_ySu*- z2w}7|Bk6hL=CX#&a^)vuKO(AEIOiHkjFwP`mT;+R>PxeCblmTv(?RUrmBoHtVG;{P zvn4X%4)km%g1&2_Jb^o_92pj0FVv;$z$};8#K+r2=z}K;J!n9h4=|&#LvAI zzm-7gr6Xt!n~S+4bo|_e+UzwjU|$=#4h`4Tr#nxHKt(T6m8z^ng_m=l0XO-Ii{VTl zwJJ<~5Y-9!iJpj9O7M2!-guqwT}QSmC`OwQ#qth}fR0=j4^iiitM1FwDe6b5wqK+x z&aohdnKrJlp0EmN+1|&+#f@ASAaWx6LHq4j5ch#@GW3IXmN_!)YoT}JjIz}8yHTpj zy7hYYxd(yd{KY_Ac7=o>^yS_pm7fC!3jm2h{1yzbS7la*PzI@!R(31#RG%p|js-R? z{zF!jYWe*wFb|i~5!%fU>oA1lu!BWp#CEY(TBPU+O`-9+v|@FkU&5*{wn;&dV{}ff zQ0d)TPB-&Cc8dn-VDiCdfeFB>&=m7#t24Lpv+xPc;Q5g zrCYoXZ6P8LF5nnh94fVifaShr?UvAjOjdUgX_zXMHoHh<2XbRpS3f>eWSv{~17cy6 zx?f4YYGN)Mk(EHTwHN1!PTT9>y@!AxLf^?S!9ADB_GPc9#z&*MBeeu`&Sb@vXQ|sg z73p^f82{16#wHm|o)n&YYwciv<$!cj<9jF%Z`hq{R%FBv&i>vB0=R;9jDTAksSF&6 z%4oHPCU?)Yx2uWpEC5|(MKRJVfHBkbxT!=6-9CC4p%|hK$L_CTZ0C<{&o>2J4k9ks zYsfhhFY!uNLD^IrX{o9a>bdI8F_-TFI(0#eWis(PyU;IG^su^1uwV8b_5?m^jL80C zZge?+J6Doj>Xq1ImA33qJQaDA%kwhKp$Ot1{-PF=HyOc6vdW>b~l>AM!?O+v%@w%bXA@5n~< z9R&Q~9%BdjP)gTOkww5~`L%j1izI|6;p-AQ_&M}JWd3?H_i&tT~ugNcvxL%#A|)l6p_;N!3d3Zx6wRN!XRP4@m=VKmMWK%R1+oW ze3JZP^RR_GEoL1#)Qoe#tUe(K?7qw_rwPkg%Kn10e)KR*@rl}YIRhSpe$IP4-O*H= zh>T@c_JoeM8}~n40X3AK%E8Z+aIx_@{r6}c6C`pU18EcY1jfJ%TxD|t>^xgQa^T9)o;k- z2oS%VKxsD%Qj@v#Dn!V2Sdp`HKpzv#o`cNOMEaZ61J%*#bBx~X&5v-ngKmNwriKF_ zqN05N+V~d>djU+F&e@Zd$Zsy=<20K$P-gQ@M^ljBXdfpfp91A1ofY??BoTJ^5fnQ- z@!`x+(FT~nh)l9qav!x8pF$>L`+fB4CuUw!)_cW9XK4Ih7QCk$83zb=Ore8%+ce-d z{z+wZp-aWWECDA;XUnwdT53)n6E!-N*Wv}#K$Y6(Luvt@bk`_lXV5p*XoCGgegyB5 zV#;eGeXmWMrIhHxT$lY{ckXN@{L29T`%O6k#K%d8NmL;s9tn?9XTBRbM@&G$sXi-9 z0!-dXn;Kl<539{VZXBcDg#ssqFTuJ9El;V$<1*%e`$sJp=fkqH0u#@MwGZsb9)2$d zG|B(@f`LOv&n3ilQ_pE`YKq(y#!WK8elI{t7V`r?=yK&x;I$w_ONFM6ncSCuD4z7qBn)K25#tA!atO z0iDt$fkc%l$U6H|bp(2xaQeN&b;wQwI`EQN;|S6%$m-&u`JGlRgD8YYK`Q;0kQSSR z8a#7FN#XYvyZqtR6yn(~AU*v^^Br^@W(y^o&zAObasjuzUSrd-!@om&8uMh_6AxFy3ri}%}8=dy_bT88hXpW-8J9} zElk3^y^)E$;JIw-G&(n9OJnpp{$a}r6R&*oiJyD5A|D8bSN^#c)K3_p2(N_7*-45fD&zoR?!te;iStEGUDp8q0LZDbn4Z#9>zG?OetfY=yr8Nz|E;L~BJd>{-|6Vl>%)r}@1BSF^* z!VKKaYH*@}V>?UTn(0t%0b+RE+g`w+%+(22>i9?goPtX#u4{8a5y)-Jz6HN(c%FNQZPvZxBJYh)78zT_Q-TloImJ8_#*3 z_x--}<6P%l)V|lf)?9OrImVbWFG02fmUVpc$cyWJc$t5s{7l;451wg;fDP81-+=LX zD^ue{{--Ns(cXwt*sXHutWlRglB4q6ApjH`6Qkzx4?rx7xJ=h&@>2&EYd_w{nHQ!$q$&iU2_lwjqm{u!3^ZZ*^C68 z8UTjCqdMS|6V4+f=LCf0eEggN5Jl!4;cH!l$0!XEl35bW{54A)B|na!$=ww>Lw{F* z@eZ`Rjo^qSQF00rMla+i(d$wp1m9|s-j;JffUQKr=l|-r2lB$}v2q=>5jb`W> z&2`LteP((R=k-Cfgv8%90%Zeu5iu~0frv8(M~q~M2M9?=KW{@RA1Z9THjuAwITE~! z>)ftIr%72E{!@cabNeifFs~b0A&OdOE4e@{*5;<+GO--XeYtZ1gV*!+UrtpNh-I%o z-7nJ{OJp6>?3yPU$m{kjIMt~Kji6(R2C~+r@NVqby4~HFh_~O#4-zRV9%fPuMH?Po zmU8>jo;@$=_v?H1$;SaGVEQeR6~BDe3C(Plagw3LlEDgqPvrkx&WLYXIxO%&$9@mf zdi+o0H1_+v~zl*qcwxsz^!S;`)M zY5cm^YwsP#@Xd-Qy<#;>_%2J&bRDp!YRsplS_@xNKG?`#U?77BB%P+pD~xWx#E3?s z+!q8J4m>@|aM_Y;HGGe$A=de`IN1=%c9ezo_3Wk?wdItV0x!A4??wCbfYVT-Saoh{ zUntlWETYr&lzYRl9I1CRON#3K*o^-sHOE=rodr3^TMg$ArOA0~epO}UIWN7OdTMxI zu-BB$BbNZj_P+XNZ}h7qmlh_S3%k~JPV&v{D=YScBToyO%Li^h-eXwYs4w{Q{O7J? zmXw0xAjz)pWAhDP-KNB%q1^=A-}H65Yhjy*`V~?~LuXSDr^knu8Msdh1gN_D;zd5nuf&f ziRJCI74j5G4E^!zz9G6n7-_OzV7mtP826+#A6%Flq*x?09yB%2^=nb}(TzSbRhw({ z)ASG5x>;kYvHYp-AuudK0KkJC3?%z`PIluMPBX{n4AbJGY~u<8aFVuIlK;57!^!)s z^;3NOaE#n7i_ZUjFP{iBB&^Tu@Kei#1bNOtAA*qX5W?EWm&?*w zTC4s7sRdCFd&GLpUM7TCbA{#4Lr+Dmf!3^Far@5LB`;d zOCT@^(9>#xWwPzS{^?&`8#keiZt8i5TglLa!#CO!H(15{U>>t_28g9q=*+$O_;NaBQ^MUmu zyxFDicnL48-IiXYDG z+9Mxg8w}#u>({+NW^rjUFXMRk!MkSGa6^6I6`f)M#T$EOZhrD%-qV)sIQ7RK3?~@> zUf=b^sAGn$+m$VkW1<)18Jvy}9%`~&xnGE*-^?h@E*RqeWFr>d?83Ut$rAjMkQJhbJ;v87m&tTnY65IrYU%Ax@J zB>0GSe8920!csQOg5CUQbyYG`*$N>iPI3olgcqZkXB4Whg#{i?-{brH4Jay3@-{Fn zZTp+3J(CE$otOiE!}*Er6`Vq{?`m>7@2U^9nf}ujAt1zkhbfEWc=vBwb&;$$Ry!WE zk0rrcIXtxG|GVtS_MJy9&75At|94*ouHrv$V2vl{_q9-o{Cg&l5ADX9ndt113^%i$Jk@~`3C=d zuo8qRDdv`n|C`|v|3jVxzV0pgf9RI~wfxNi zka$%@NV`*m;;pObjpavCr;m5c7wt@q3m+UXsZGQl$NE-AGFZ=~3+&Y4(w=zPz@=}O z{-?DXxP|}g9R{eGDgVvl7}Jo|r=>Csl~%Vj zBp%3WONgDI&E+m}K`Ow{$5*x!R@xyD0_x?pGmDp!58HkYR4Ug0ZN~);;&T=NE!JVp zciYWzMf{%2^4P85zl+tLEe-L&*cxe-Wp{Igbj~gHTjP>aLJrNSCf`ESsZMq}Pwelh zyv;~l`;^wVJ@?KX8$>_?5t7BI5V1tvgxiZ?{>7oLuXj3}Qsg`MaG@gS z{dED00fU53$i6{}I9ZGWtz9A-Qs* zT2Kl$+VO@Y!TZZ4OsyRYJEfj+ybh#Px5Pt~8$-3>W9v}${&51OtiAg(*JFO|w6rt- zoL8Fus0z&fdo}#W z2LW2cStr!!hGPerCeH{uOn>|5P5<{HYoLTJ&K3S7%gBaf)~SA|%JNY8qjVo)vjh)v zl|PeA_pY#r(Z0zWw7M7(ed-VTKEJn%JnP($vpD{Rx4AEW0wD5hPPL;TAtKp*bq1}%$^TbRcOozXfmV3+&zPa#H)@$#X{!u}jMcp@e7H=txD{I6GP7>)Y$*D5*!*|~!Sny}#*b{QbK z=;xR*jqdn4uoXqb_m_W@*#|XQ&guPjuHq=+W_ce7V#WdY47F74WR5L9r!Or{mjhY6atnt$3*&!$g8tL+wbH~9S2EL zQmC$|%+p>1;6p4r#HevDaHcSSY-0`R#X9qvga1JV2DRU&2<5*j^Dj3UzW;qDSu*4C zKR40yhhQ%Xhuo6*CMxl{=r-fC%!eZTstmza0K?%+h8G=wT=-Yu7@3x{Jd^lM}F_Sc1kMh8c$2;DeadGeoMFD{+f@33Xrg^kvP8=I`D=Oi(u zQft0EHGP59`?&>A3btJo5hKP9X6_gzS5nuE1IAz}GeaCX3D zp4~HT5j1)q2x8A}cAR5YUJHnI1P$z+liQMO;lo=H0NP*FeOqh0f8Q|4^842{j{H-!W4p^%Aowmrc?`FP3s==& zi)rAtLx~`F=|zg(lEs1~wh2Polq4 zlYh{mqMgKPaUgPM<89q=N*8I1qMQRux`I6EtR!c{N8~~`G6%gV#Co#^W?HNsyCP_z zaB!S~G95`7l3fRoe7A1@#$bh2q7N1Yy3P@Pc$LV_t zy^y*L+7gxDd~2JEn+ZK^vQa;7#OYT&By!7uidP8CWAnvqnDq0`r#|x}K+2AbB%HO1 zPU%gfiar?V{Hgl>cu&^^@)p)L;7=uaWXSZNLW??U=!2m=d6TE zj7hAHwSE-pjO&~m>BTT!-mMyHUBh*6;7R?f6HfmK?Q^A4uOkN+7x(AEIdvSrQXS42 zA0P+G7Hc!QL+@Wdk>5DhFQ?cZQ7(gmVmdh`g>bm^fuIDC64sE0-;kc^n^oa^OyjbI ze1dv(cT-&-t%2;yYQ#8_CU_08vNvMz{YQ1dLH3k?-#4Ee1C^I=j210KAS65!+1 zjXrpQGrMXF{o*jDrz9 z?iyJLkhQ+gn?sO?Oy0md#EFkL6!B*}d~_;ZwG5lNIv$yf>z=;b@~x`HD)&8(sP$U_ zENumFqWGSTJn&aB*A8Y%ZSFxV%6laD9hB{A-v3y5ZCJn4vDmTntN2;IbxBoio=BabzbQrVqvtCvEv*s*7gwzKP8iQo+N>IU zs<)Sj57GsTt7fZluJlOuLE^IaXCHCF(GhNUwQeDKt7F|Y38{h9$sQJ!L5(xdnO6*u#^}4(h-VxQ@w<0#(qx zm0*fq8|NxSfP9!vg>`(@a@whU>H#o+oE{uAgOD)=-l|ziE@IX5$@XOxKn&{u_L^(m z)1-BtYUk9T_<|&tW8DV`GLSCgC@?yY&E~5*6`ou$11X@Hz0}mb`Ew#K)vC_u2&Qa= zu|&H#Ho^H_1?ISS)j+kS$E4?o5TCa(Vk}qV^JphOt`p=63x7;UY`%^HeMr;g89}Iv z-8^(M`>10TBut5V`{#k*Hj$^2G`A}FPHhcgSkMR@0mtK2^5hQCJ&x6}41V7OSKhHa z6*u=0`LmTTRlm@Y%mxx@--avN&D%{~Qbz}6j)v>0@%>>(GsVFdgF1DRND|{kV!a?( z>f%w)?)PENBtz-D&Bxcje&>WdeJ%m_BLc@JlHXrP38yGtXC%2+fcJQ?B%u}oxc>zJj04!1M zQTcBbPR5UYM@BKg`CbdkLVEZK2G&Wv#65)R@63O#*&ff#O8VUZcQX@YJ!E^w1Q<1*wrZ zHNZOqu9FWThWbxXnMz z6wt0C1;p#mZk%_``i!`09s$>=6b2o+<2k^-uOgg76gU_I&0HXm4CTF5l{f1F4x_`r z^z|&J)bv~feS$6W^g^2rvB{VIYuNLqoWS}XD)z1}Ko<)btiPmgI zejrA2s!fZquC%R9#(8rGUvk<=H#^C(#UOafZ4l9htl<~9IDMaK;h)i-occ+9bXzN} zr1-M-pJcul3kwA;1}-N0wAb3X-Z1t!hy-DtpQrCe9QTO9tfhNwng=4v59)*|{38)L z17BO^4M)!n&gxb{3{~m~fpK~EiRgD!Mc0J~0Z{o!h#QP4S^p5z*fk-f5bBalk!SUY z08{OEyDEpj@w@Cm?7(odK*0Ip>Ot+QlDS7N$ufC2@EWt(Vv;2m=wyk}(R)B|8DseK z{fzf-xPT{preQVaWV!f~&ZXR^xO=UL>X~i5Ew~mNPa38-0N1YmvRYOWFZn|*Z9*Qy zvfsbvpN?~6_{{!4Ql)cCkD=P@RbjeYOl5AErci2t|2*E*(I%bPC1CIPzV;QVtNWR>_%ZH_lb6?50eA1J>EDXaQFRdB z^$9C8uNMXFDp$KLK%9TIUP#)=>K7`H0dfr%iF>sT=81TbXe*Hkmv{Qgn4A|bY9WNc z^;dERugw+8SypkFj#E4=F=Q}XFWCr`WMKR0RhuU*f3(s`@UNsLjC7f8#dA83wB>F^ z)?!|`wEWy@zs7>Eoz{ShuY zRYC4?*LNNy#6>l!v$b*c1|>KE^r9KT}=1+$d>3~6nL$( zk&}rxT8~m0qri-~joghB7Nu|5M=mIZvQ#yf0bkgdl~IvYl(Sn6k?I^~nhpzg+*txe zIV7|F6AvH~3RZ5#(R>3U+t|FWS_tCa@?`kec6Sd;=R6NJ};$zV=P{pd8!Yf_0zG~`y z$u78HTPdb>`;>vFVronQtE=LBHnUz&L^?MYYu;8U$7Zc@TDAUR2Ucx2@s}_t7B8?d zJo7D{;AcbGo#IKvCvr!+MEl2H5E<7}H`vt)!DN@~?wvV_dLAY1a>;zJ=_5~qsnZS}o^yKApRwv^-3*~NwD=kOz zR8q%ne+EI>$RvlASiF2H8O4HR@saX#BpdDmva#cbY)Qo@aj)(H8++_*k=jz+k^ty% zQ%;zHlBt^c#U8z$B^!sU>cqT~o}S(ucuTY~Ya))#RjP`tabbCK=SYQviBM|Q?g_qb zi8^`O_yJ`$>o6bc$mxf`(rJES8SnW6$?ef~@+W8XbhAw6Mn!k4#lCrnKm6euPNg z?sh{gznnouVcFEk8`dv)k!8POCpa(|@a;45!Bqdnw7q3^F+(DV?doV*t(JW9Ja9qwY~PT^J(TQU)(@)E7SZ8)9gExi6ll*wriB3s!& z`2D$b;)f@2JCrh?@E7(hPa150sMr|Dog~X0#7#xrruRM%^rQP@+oFgUnD5pBaE(y*+%#2_c9=%kXhsFs&>~MPgE)* zXRipHYuAjB$t-b_mGQYB;Zm6pM|?97-oc5$E!?1HA**w~#3F`rn5~t}XF|n|qMJDB ziOhC37v`!8IC811|A82rk@dBKUmx4c%2Zd z3z2TY*IqjznmVcdkveE${O!@pt66zz{8n1I@F4K_d~kHOe<@doxHGE{4Sv|tGF?qx zKUr9E<(inPh${0VUVk~iPT9x?_|86j?UuRRr6=DQa61$-?U>P32gY7H-fvnPL}Sh? zW30K{>2Mh}?&7Ge6c~Qylf%T8FBc`-e7(YFJO7q#8*i2mw(bpRTd+x^F_k^EhmWN9 zQH)q2YZ~%J)-DNQpX&OpmGbV^$V*O_Xa#ME=@r(D(yPy&L;?QJJn^}LBDu%zY^bV+ z{pRNqnj*P6HfwbI=jOZmm>M+~A!Mp)3Dp0N8RVMhe+~=VGfbDV*nUCeT8xdIJApWj)xFF zCc7X-wFds^hU*~$3((*HLISgBR$hR{PrPys(I+;7_4-$U9YnwzqABeuh*3sV1iA$a z_hi{nmTV7Ek5P%9-PLa-nbDhJRr)PV4MLxic$k3hMJ64>b3}U;2lb2fAu3Tt0CQ8% z5kH{}SN>W^mrVlc^m(ZR7anYACny7LA$ODFq5RElUsj)YAD*WR@G=HFC6qXDD~NvJRFCLVCuY@z>^`2z0@Grjhw%#7~UY>$6#fL6P^EEk_j;gUR4! zcK;$rl=NGY0=om>2~Fk3wozOmsryk^vzg)X;*rN&CPA^^Wt4Q-{+dW4!^m@TCnGAn z{&5>Gx|ni3zIa3{aAxvfcc3-ubb5Nk#- zbg!TuTp%pQk*Rpyh-<)f;!N#K5TW5p4HTRM=z!k~3FRfV=v_xLVj#mZlL z-z7yXhZ3$AN|D4cdI1oU1jtTbDln(sOxyq?zWeT=3`&8!wJ&AGX7EWZcXo}BKSsS$ zA?`c7o@RYr2cI@`s!3#V@klvLHQ-6c>x4qou{;grK3yQRzcU>{HY+^s=e`Nn5r&Cc z2D>nJtxIAomZo?;OK5$}?yGO8JtMJvrUP@ToOgVV#~NiPS=Bl-k0T5zB9q!T2k6>|#OF~xWEpWFx&82-5i2K2&+<;3r9=YTj& zFB_+-=xj)g>zw6U?geLn6HUs!B##c<1s0xbc{Tr;KKe6KJFjF&vIa_zYF!^-Z>=#A zC>WRPJ1u`=jZ=vgEprKV@45EDu<&DpTE*utV*4Po8cPMO$(u2^3{3-KNdS=w*D2Vr zh_=f5F`d_|k!cXtTW5t*Dh*M_GtNXxk8Yip6Ezhuo$>0Z<-8tsb=@QOocer{B2Dkm zhl7qUhfv+r#S@`RKNM`;QjVv)+0mZFBSE{qelzf_p z_TBx(Ps(AY9I(DBcYh~Xr#*U)Y1mL+5aXJ)0bD}}EJ0k}JeBKLNZh}vl`p%?9XaguOx)GN^ zzE45SsXHESCv_&SQLMQGvaw~NYvmd|G^K7an0|oFfJ}mPa8*)sJ~2L-cPwZjoFn}* zVnOAvNDG<4a%*`tCrOV1TNxNgPL`F1pVK^vLywPn#u;^9P<*OvA+IsqWjQ>+Vc;OF zdcvN%9Z78H$^;UrGJcWQKJJWjssjh7oEylY^(fa0D!`WkzK5ySZ8PyHohrNjLY$eFyK1(9bUnXt0 zScp-`PWZGLGW!l2u8M zc#%3a7k?QW;PBV-Lx%bo|6G1!b z!4%?k91W%+SsC9pA}%l33}4^voySMw1VcNnDhLRl-}T1pnT*z!`ktp3|BTG`95&XH z$4MibML!sfZWWn?Hw&85{En@?e5u2a*8TBTnY_3<6Ag&YvPp3tB?y}K1EQgL(&{g}f zcH2!6aM+>AjT~WDOK|1Z-{^;>%Me^;J{o6zt3$pd)dhtvsw!FBQFg=KI6n$MYMs2QdANKfn-h@Z`hl-65Be=w>(>BGhG9qMhaLH4KxW_cU`CgVXa{x;P(XGOp$_g zu^s+fkl9ql)IA)#T@PRDLd^Si-P|~IJ~CrJUcWJH#l4(@4U&t`WJ|3KjQ zxF475(XTkU-MlWvbDfHu z4%%RE!{H7`-k|vPtKK{zQ7ATfr0q%|IShDL3+lciExpwe(5iKqF%|XY(%c17xZGh zx?mbHEt)*wv{ulk?Sv@pA4WPGRPoazqIdvJfcumEA!>yBM|PNF%f{W^4VNxK2CSid zb$0oALigFvUJcw1GM}RZa%=@SyS}w#+2!^yqbb!188&;Gszv0fKB-pBMMKavlA*M! zJdHs1jt2q;_qkjHN%=6MO?$jb+J=zotx2ktWtLfz%z_UU-T0#j-mRdEy1{Q8zw{*Q zhWLUutQ$-*U)XWwRus9PdjobnlQ?;V7Nl(0@baDch`7bM$=v0$kPw7RUzEqVph`H& z{TnQOWVzVjR?f)hYvi(fZxwNmR_c9!J87@Z#f$*(f~9%ihiV%obfOQkK1#k;ce1xI zr<0eW+7PkI>^e4H>r}-_Y2`?oE9RsRn~&dsT~+kL`Q?+c#yUkZO3UK1XrL+^+bk zja@%$yQe~j`o#!!LV9+<)1O{Us-z>4a>? zJj_a}2_+thOO9p7_`mq0>*_jOJregh@13FEP5vaMsZ5FN&ama3u(AbC5;dH3^DbNG zd9sw0N6_ z4U6}_0nybXh5?GIo07PVq?{?JM6d5*F1CskujrX4)Z<9iniykphDf77WHID5NVHnw zFHxVp%CmBL(Px?Wiy(uKY8ft>nrK!Uy>|oU1WNwBbENxC&%(u_1YsqyAKEe3i|L7B z%&)0|eO)GsqvF&1b(cUtHW%BbxDKQ*i*(nF_(T;9etle4I~knDxHQ&5jTTi3alcrB z&97BFT<||Gv8YrB@UO35&oOp-ZWhD$LiFvT_{bYRkq0do{MM4S>dHCir?R7&(fPQd zyGbR=siO619UUsZVr!*X{Q55hMHlLSk`j}7-{MmH>E!abVebekLyNp*JMKsg6C$zC zo@}XnLU!f9A%+-GX~e&JpJK0$GYR$t(`hec4sQotp`)(j#$NlOvFl9ktJYO570E2OmBP=L5U-hW`=-MkBc6kg zY`UAIJ^hBe)8uW_Vz6!DrFqZsy3;O?t9DBa^dZ z>V@savtZ5pjpT;D@8!FN;HqSQ(V(k7`xPg_{cKXJQA#$f;+_7$$DRD#<@j`4=`L7& zUBB4f$C1T(FFYcmct`Z8c+}>ej}7fz0|NtJ-gv?F0_than{-xHvD~XlFSA?mBR1K+ zjY1#0!f0ITHB|~Rc|T9a^)~V?S}2PKAB_#RH1OCd&uhP+)H{z%btX^=e5j67LoqwS z{*ssGR7RZ1R_!t`cEOYRBIRB`yAS8ym~HKYD4d3d?x*7uqRK*Px0gLs_;beIF5N_P z`0PEnhb%E-z2%@WnQ3n`h(V`xoD~AU0&hLnpu`EXSYA4ihSS(<=4&b72k`SG*sG+F zg@l)7Y4<55ME&eHPKu#61a=BL$;ew!CV394qUGpCYG#WwNupHQ$-zELRdi7oq3 zS{8E^<>pB;i_O?)UOlQ-&y;a}2-E35 zt}C-iD!$OdklyEO_hr&gja(_veA)1ZeyeHh_UZmRUb=V9b^$x24ma&+UzXzwRnz>c zLnq5KoV<6<@0ZKUFg0%_t=5D^xEHuWdVHZu$2M|KM8;~ir`2l4+>8j3wi5G%>++dm z`)jZze7(Oo);o*Y>1z>vw?4WITL0=pB1*avWo_*TLA=^`5$Adf?Fmr=TtBjcQdFYw zyI|*;>O_@HIEjP78n3HzLqbKnRnp>wZ4NX~8rS@e*?$k>{g$?k(-pNS^g@Ru1es!AuxvHx3I_7z3 zCLup98`dANok<*er7j#av7OtfiYuY)n|y`6R} zef(x`br0n|XW>606Xu>;U3Y-sM_)WMZ?r42C*?574h;zL^D4cnoPz9ZqYFHGDM#BN zlQzqHVII-G3%M1~>&IzM4d1#T{hKK6Y5uc)Y22xIO)I|o@ybZKsbxyk)BxUc`8ti0 z!1;&gpTsW+PDtU~AkE}MmVmheA5FGG^#%pM_p-BA)HMqhr30X!oE2{!HNW_qO+$o) zU+JuU-HAo(vrJ`+V^IW4Mbt{B{E1ri_RG)JrFJTbQ|<)eui9p*EU+biv^1t+eV>JL zD#*qaNc3Z(mD`1$c~yQ?Wu?}*YpxE7T1q0c)+f``J3@u|Pn3tq#}`1jXbL?J2MxpF zo?<6;Rme(a4+0YV4X*}@g}Zb|IHR0Ct`w9B8B#1nSkviwlJH-0j?|ST@+6%zoNcWE z46+`wLnbVR6W)ko2%&SB;Klp+E-m3iAMgr`|GWQ?K3Dgs`Z)?k%7Bi<-mU5F7 zk+QVsJb<(<@_@frVg$PUPOh4V?Ql7$g=pPIQTfUZKT_gmqQXi1G6yx>l?VfGfLX?+ z`0qH)HdQZaaN*+;F&TaoH{NQwdDz3ceeJ~~dY(E~!^RDisAgFb#!ddSx3*3QPxij; zOLf)nuj_9m`1tiRoj8g5#f$)di}rl??eqDW(VDoTBCejqbIJHi%fC3;L(OdpLdYmM zF(r{~SuZGNf01YgC7By?wmpu(+2oE+oxrp7r0V*db5<9C#JCunuV@p5?UNvn0r$j@ z6VUGX3WFYM3fE{T-ZyH!HIlfa_@wLjsRksbAv2=U`t+Wz&z|%PIr--|?2@De#=@7K zO@#%u?STY6TN&moV=p3CXZV1(@!Zt==bhZ`p0}SAXQT8^uhbR5nAOF#m$z=fi)sNn zz_gf|-+&q|q)BCcnZ#seX}^r@U!P}2>wo8#)j)R}YBxua^5oR$Y;O)3oN8#`v5L=o z9E=PPMMGIB(eQGn5(b**d#-4w*0{vjx|ra7i{c@rh-cf$dQ2bjl9m^{B?key} zUJe=lg-ZTVF_f!$EL&!=1!tcfP^g}GOlr>T%kKRLU?{~drQ^oM4lpv$IU9p_i1^HF;vn?i6ng>z9fc=B*5{! z5X(3;!?qa9p7dBz(MYIDb$h&!rd+`^mdq6~Vng}NA{#z+H5>#@yWTH-T;iW2i6DT2 z5Nw`ssTi&clIbRj>5$K6-^RWso67F7*ALT@Dy~f8;dbA{JBj*oGm`)!_^jHCJENs{ zej1TX6l&pS@6gOPeQ~{@??uAD8emxC!i;iF+Y50sMM=Nq2rOZqcv=2bAo$GA_GoCA z^g)>Q(q}d)77w|oDK5r=6lOXxl?|I zXvzNcxz)R;&n=C6DPNPr^pqw}tfMJl3qI5KDwZ^FU8p^%CxI3r%=ihmH$bn^)Mv!H zFy)87b97^RW=Sz}o{7I0ssHC^&%WtDTi!iE=t*1*CzD!vjfKRQ%HDc> z=-^z(v6aVU-FOCoLCZi=eQ?$^<}B(t#vdNYStf$wlm#-N0!k~d{0?*bD);k9L17|+K1 zOebVzFu3*wAm94U6t?nxiC!c&tZl!^jguka!ld2WD49=XtZO|>NOSl@XHb2ywph3r zGosQ-z{JnT1-vF4d8TK&A?}Bs<`YXJQr(sp^HZvL}p@4JDFomYY3uy3Xqz@EDv7=>NH=Cs=buz3D3(KMjmZ1t)RJy?z*-Ilvx zQSD$YFydMvxzV`kkO94~1i1kD!roh9n{2W*+*mvV#cD_(Qz_=G(FF?|;f*`V;9;3p z4}e|w`Rl89z=*E$v(@$k%s7Qi4#aR3Y$JcjIQyxPN!X(ZSvQQKNfi z4`eN0-Ee(OE{Qjm?ROr5_%#A>4CFE2!{T4bu%%XKktBKPe~_OfA}MQKsd~bU9vZ;j z@MzU=zg z!lLa-1oME>HP>c@K$hzF^JBRG1tGiV&~<-Lwz8lp zGuHu$ro%-ipyu44=pUDu3lTLvlOZXOnaN~pm-zAL#rnom>-i5gdou}E%*c#+p0aNO z#h;wC?}Mu2xVHwMvc|-@96Dq>*S)gC*{_PpJzMex&Vc1N*}MjnYm$p*eGslCpU_-S zg|J4m(rfcz9b)748$W*=Pd(|hyKeD;3A@mgdNBFQff=1<;T9qykt(*gPuoih%VvUO zz&FeK_G1y7Vi@60!{}qj5rt7a(Wo2I_>k)~#NefblqhnfRgbhHBYm!vH~(q44}*of zpc~TfGIt5MWbUgK9}Mj=(5rlHW^C|{7kr6oqj~2n`-B0X-Nk%`)}>HGa|d`7TAv59 z4*kaUzDr6Wgwqq-Yq0;W0`*kgm&zrs^g4+eHoJtZQ+Mv_sZR5Xp?-c6{?Fx{bvuH( z)shTjv7!?2`xKbRfFSBrtaK~m-dwmZdIuUj$t}TW#y<^_+@wA3E%MYNPIAJD#$HLk z5g+s8_T6F82ttfasrn>&{o63#8wN>QuZv#(21>Pq*Z3bvr{Hff{Ly%Ny-~#cxA1h# z*A%wivW?9WO1HIF(aPkr)fGB@wpVlYaRF`%#VfdK!2T=!2NFqoM2yFRPvDNpFcza0 z_lUg&I{QV!-3&^;V3|`dMP~5&?`ZBqV?hMEIL+69QPc&;qW`7hT`mzQU+i__v@640 z0Ot>``Opzy8WaK zCQ7?-vny@H0@>`)wxwTE<8??=1lQizw#Ql$Sc&MfU5yTa{yM!4jJ6+{;sHmbWqWpKAz80vwm-l~tK0#% zGK|m3L1ew@8N~zY_*YiOFB^i-Yzc|1_ibJm);GoJ?{#m>QAim~r~WzG>{XrUX%fpz zl|tuixPlSv8c<WV`|+8lhwBlo0LB2D3AY*Yr2!I9_Q9`SH>y4XgDTC5wCETPZSvld=vFd(1p^S~6P@N9g zcjU1P4L!?&<=ROx@A~#i$*HU|I|WdfH(@TMOoL~(-&2IsMuaYY^#Dwxs(D_ZNA%@k z+8+oRB^L_yJ(1DqZ&dsfQ!+%`jlTm$A-D8puqgfur9X^jY9mA!ueKV}bx0uNeuNPk z_O-7sEV!Al@&@nlmxRm)-Z_dDnQWs2!13rXo`QANc{W5s6-B#-f)-7>^RSq z2>lL2wPE)TC9XP|a8}Y^=-6=J9rs5sz|}06e8ylQUWh$)pEtBr&R>7#%zKH9Aa53X z(S3iCTVsqrRNotPoNhkjx5Kr3{i8w2>D|9G2Hx%@? zFSzxe@)+B2SeD7u!c8WrMVk&_7_3QRV#hkUnHMJ0F>>`=ZQYKyk1A{P_Y`sThyR?T z?j4~QXT^6m7?w+}iAE(px-GLpt`lNEa>{5>uzkxkh0y@Z*RYiRHH1v<6^(0sQUkLd zjU#sZL|^-Dwe3yvSr4fYOi%!3NtX!6b|R#bQQ1!2vHnbn;M$%`sN1gMK!X2wBg+** z|GW9hXZHX`L0+Ju=Om3p?fz!9=S7rp1Nm5pmKjtjPa6XwVykNsFVc6{$L;JUIJ zDr&?D>0j;(x?0r1w+#@`sx=MetOtYD`FNUT#A(-fed|b)D8s9Mk>$th8h$)j)@!aTcLv?lWEZQ0T`K8?h1dub)tiUoY}n8Z z%0FuOgw8E{GLdCo5B`*ch=_%VpwzoQrGc4Hsa_2zjEB|`iK{R1%!cz`+BUrXEd-S> zc`eK9n`fN>k$Sb=Qzv!<9JZ+NU8Y_|99NvwVb9p5Sg*Cat`@YCmbG%b!wUZAt5n9* z%OWG|DIEky3(Qcox`m<8Ivv;{%7WUnT9j?IeCxpH~Q3`66;7 za+kjdm3UVJ?M?as!SK%2n15S^z+K-pO1`xkQODh%x1 z4b*GiH6LmE{rJV0uz0(fdyR4iF*y`0W53gGjT75El71dfy;6TMHm#ohm(f5+lN#kC zZUf$_iLe@z{)o5+g=YCN=cUU9nld3PUCBS)M#QVMa@Sna*H0|R2_HtxGp~q9uyTr) zp;ggcR70*b&JwMh#psv)_`q`t?@UgXufD|-#EO4A`sv0_tT}e6$$)-tpqlClO`P>P zj&RAQaicH&8Rnw7T()f~xe}8Cwv7hkn|yn$r7gTG^7E?885=*W9WU87ra5i=4`tsS zPxbr$&*{)XbdHf7PF802YA7o+A~KQ@kr6VA2-z|kHYExndmOTo9mxe2wB^h~iU)21-)HL5R;xj#(7Q?=Ug2d}m0+OBgEZ%X+hKH>@2Q7` z(G`_7(&c6qBL`htIBaV&C=7Vo&J730#9zhb8BPlBJKFKsI_LfxxHuiBFWo1xdK=bV z%5UJvy4_aomHjM3G)yJ;5}S*9pWkQ1RUZvRng_V$b@nNT*4_wrI%%qv9C0mJeOkYt z&p0m_N(|0+GOa0Hm)UG`Bv8-6sk5vK^h!8)ox=2y$g6Fa-~bOU;wfNLk_k82s- zpSW`SkW|maLampk$OYO=WhD`pOPVXeCw_3ayrQi-lc`8pu`Tr)Y}wLI%4~_2jCP5> zn!eoyt9?}~kkrj-GdVTb7Vxph4>+#J3leb6M@lHcPCxC7p^Dd9KtmwcpR zS4^|%UWZB_FOuv_+}EVOuiwpE``&)Tm(O@5ClNOE`=Kp~=jzKx%DEENtMoOLy_F>{ zx|GH?S{KYm8=mqwV(iSnnrX*O7VEt1)DUbJBReps$!<^9%+%>cYV_h_G2TRM%9y|2 z*y%xt)ANoShx3GrFmcVdqlR;rh);c%G||~dZ%8%os*^eF`Sz`yYzoxu4>5N-AhRFT z^4V_YvE-H1=uZ4Y8oqXzpT1fsGjWIw+3Mc zjUs{lVdg>3`{O!iq!*f-4V$_9R^L7Jv7_C;{Jp%kDDP*4#)k_VJ<2~RnriKoZ-$3a z(9O8dZACYK(&@e_zFLzzyjFMIaYWi~U9yo@*HtS0dK&e+?X7`Y_vVM5P@~SJ$e~KT zM8eB2rrEAH`x^`3!9Z72dvI-CKEDASF}n(V7owL_++uZxi>~VmNLaDQIME4FuOV?d zxP_|GOfiTe>2cZ5FZ<5*4#a55J4!YB-#5f5@O~>|{ds3~Cr?BJ3_?DQc=sJ%PIYxKD?Ml}cV{ zk^icj{1Dt>R_n1F-}xw8oN`B>e99GfsFdB(P-BT52;4~3QF0EE8Z_JULKtD{evxA{ z+FEMtd@!Xi>-ZTX-7vdc{E|lbfmaSotIMMJ%L~^Cd9zw~*2=@a&KGCZ-X35W@)$CPVDI+MTDe(1Cv{6;2B zulB;vZSMB}lvMXhT*@;0Iw=vo!NDGZxhKh;ycK<}F@)y2}KDjUj&w8Nv~Jn*qv?H8#~m+@V+wBS?!0@KH6ZdY5nor zGmvjs)T(DcPOVUH8NT#rE6x4(UeA|hF*9fL0#$SGH6;&x|42I_9+ZnWc@bECWT4>f zlTB~$z32hMk(*bl7tg$1@9pbbqV6w!cxf{Ba_g1D3|tN7st@MwI16KXljMzXLh7U= z?wG5S)mh&=Y{k7om$TL%ZdpXtgy54yWN17dWkyXVXg8HXj$pW{@UG#lg855`vUB;e zMA1E689;VEHxAE5z0YP6pk6~zAH}_A)n^{E_N^Z}oSu8N3;(QIz+bKK1lJlB3TqSN zdj==@sfykL1bGDR|{noUbXC24x2Lm!C~g^!!(5Q>^Z?E}@% z`>I>gG1BRVr*1rNM-4!Z(h&2NdU8mxilg2tp^v;*5ImKQJv|?2=Q)iF4cB;V7TN6I zSgBnrbab7{zb+BBSp-0n;dYxIO{tU{pwG|_ZE|L#H)t_KhV`xfT4^Q)8b?1jSi@1= z@S$E_B`!D2Fo9+pdG<*8oN*nkwKMlC1}d{N+Vxrb#+4nPWk+F~W%EV-sw@s!(@n~@ zvT)>O&RFz+dRY)iM#dytkys&xUR0^O5hfw45mq!r_v~n+l$6-mh|ZE!-weo}C`se? zIeOlFRCgRe1O464yIwsoQK8i^5|J}8GpWGxW;7vLg6YO*Ese^Ba(ZVzJ71#9ye=kW zs&ZW-V0xgW(x{%N|0sKz+JhyiWR0UCD@&`O!`1pl-|ePR3n!VgTUpTOYDt@X2K1N6 z(DU55&JJy-i$X?H*}}$g#XddrSx}lPfbhg{<|iLEB+UB&OWYf8gORzMl+U-k-{_3yPWi{) zwH-O*y_#_h^ZsNV$@@kB3 zDt5_ri=n)vzW=KI9km}EPnNJ*#D4A}P9Leq>w9oM^HjBOuAZel;G`7HK=-|aQbK6@ zsW7b-G+tQd-^S99c@@7|EB#`dX@jm`?*0^UzQ*RllM{l}E%^G<>p3REDgm$Q%Eyyp zP6mVzt@W-y-n%4KyY#3Zswy`zm*^(n2Qkg~CrZA4_DN^qg$D?mC{Ks*FE^aspF@kG zO_0C0p7aUJt|QPUP;Yy5a`48vp*WYf#_!Jvd#|dp^Bv-T=jBZ;q--4G)EK|l6UVO2 zjnf*as6p|jUmV`=$?S}2yJ*>ZvcDT@tivsB(@9^wmF!DlH9w(%JGA zD6`Ck1fBWVwoHmOIgD-;T%HSh2!)4t7(JbUaIddg3Zy56D7hBJ71*DzWR$Iz`A~dv zE(z8>tn1!OkO`eK4cars`+DpsiS*}vM?l(T!hEgkI&~-Y6-V| zfAM_u0rjX3ZgS`tNk{o7MS`es8y{&iW%K*2dxXIsS7y|p{V5mizu(hpyE=6GQ6Hbs zAeFy~p@Ez8R*KT~rIN3+S?5}*g$UI3<0L7xviJ3E^xQ|PHj{K5{UE6z*8IJLIwX8g zF!PmS#n;ZP_>lthnfPZ+>qX@FEc^Uc8e5X?v;Xed4N&B8W z>+|@Tdh&KidJ;Oj>62Ybg?E&(hpjWMDmFVCLto0%XQxygMnU0}V#2JG=NE#vJ<-?u z`jl^JY@oi|B7V2VFJYjBZ1x8t%i1yiarBObJsj{lmgq(HdKtp;2I+y=;(LcG&Nat6 zs$3ljo0ydyQ+0ldtAhSS#}TDt?2*(Hmxu?Ror-PKx|=`l{R+=warIcg{5wTyZ$c^MmUtoXFsj+gV9m zXQR5NEXzqKt1{&!V(7UV7E049h|zKT$Qaaq5T`9cv78U(28A+~V<9<&o({dYXZ2n1 z;UniSIOo%y^Hr58Y15+!yK=m-Y~^O$%-b%q2+y}!l~9|aa(c9*^-(pPuTDl;=M>8+ zRjV3OMhse3nFvSa(HkjPLtr-03E;nvrSDWb*XTPFXuRf%L19}`Y`O*+s9h?P9!+6veLLWuu;MpX?c+vtD0?XM7#D!o*UF1fNrx5Cv^?ZZX+TMOPkU0NMn;anGEp{1uFa9ULDhl*Xys%4cPbOIyYc?FeWPLXF;QVA*F zyP>KXTWvikNEg>z@`w+q6zZU_EJe1t@Cx~5L&xh)X)5J0N1~T>*aH&<bEps1QJBaogB}mD6!}}J-s-~%IIs7w0Hl9;k#bfdZuvDoiLW%TcZNlEb%U#TU zUirh%)*HMz*grcoq*!*OU%gX&B!s6W5lg&jtb4%DY(&Sdz%fPCB#v!ft0|O%+-WG9 zUWC_?GWMuK02IfeCnHZ`Vo$kXqLq7^>&6ehUpx7!m?oqxJ4b(vx$x#j6Cv#^+W*buIk|XPtj}i!jZ^F0 zQ>h%U-@Iyqofs0aEFpuPco%je<7L4|$D7HnowTcZg5KY7;q~Rbn`42;Y{WZwIXe4X zmyRxr^|Urv9v>ieILR*PCrwPnPbfj>T*&XoC;MCqy>+ggq?2?$^M-BkIg_`~Q?Imn zi5Q4gLpNBMT3yAS72or{jA<9KEsu!CDL%I|lQ}yZ^v!(lt6;?!z28X?9Ad>ygh?K1 zT#Aw-(tnd38~WlgSMqm1r2yWsG`%S7q-SUN{v3jn?}dIJk%8mL*M2!Pp@m=i5*^QG zxQzDuLXBx!d^YszZoVN|b0~$;P15I+i`2`U0+rb7;{$5^7v~Ks%0akjcY3G z4We=m-Us%r3;aC6?zl-$1;<9d$dVNq0V79Zn2<={VNBo5$wF5e#bA!N9H@psb<$6w znaUNZTU6=yMv^-F*}wW+{zkvBtfTJ~QlymlxO4OAqWNR&q-<>yw53AVSS2rq5FfAO z%A%7spTI<-X{-qbIz;clOgC~rn3S)hAuiwFs3ysn1u#Ay9TDm!hP@)4TMJF2^r8R` z(F{5r(T1Hr@#C?nB?nHyDr4ZaynkNSxua<1fYl-m*&dA0sfY@dr{Vje;M&nZORpU6vF|bfbc!#eD+=@4Qd$BGV-oBgSj=-y2MqRK*Z;UE%h1eTA9KC0 z=$q=pD#8STdbmE1_?+Im`(!$MkY-y;)Ux=!Pp9?C(d=06i5j*Qb~A@3T-cdd5VSV( z?0d#@(*3RPBLVipfZWciEe6%W=nM^K6)yI+MZ?pNM=5%ph9BZp}kkUr^L ztXUv1t+!@&`1A8TXPF|MbV(@R8=wM?Wi7RfIbxn1!qP4l2B|mSF=}e4csdo^vgj*c zO@_978LF6&JJEYlk&u{sQH$M9v}+#?@?Lu}*!_8X-d1p-)s*W3x7klBv~uUY8s##+ z63pW}tdMGkZgV7=(+tp6=(NZ(yQb)|jZC7zF0TaEhMxG;!IE%+kEc?N&|mYi`ftuk zBo<)HKSjSo-2INFjS<9G!}t{tWje-mkaq$}Mf8ow%pz!~J!ZDQx|roKXemXj5lrcA zG6#sly3hqdmR8~l@}DPn<8qg|^9n9O)|dmEOdTIXEK`r2kH_`=B?_Dr@0rJwb zY=zr=qJ<6&$`6PPX5W&AI60i>RC1uUBcyfi`-!ySYiprS@=GfcTsk?bgXG81{@=TR zhLF+QLmNDIPh5yvrC*F?b-(;jmok}CWm)?eJz(E2*W%Zuy>nX>MfV{iAYq@FlH;hO zGZURhq160+W2R{_cFvw}xTHRNP>QHL*?I~z`Xl4AEQO_0Im$kOA zxVV^IceLLJWAAyT7EOe_Q5}WfL{rv>Bo1MD8#H(Wigk^_*XYgZ;>g%yIJAv+{o0&Q z=U>LS%MN!t+aB18cso9MHuD${-o!Z8;4%}Xqvzm?t2GsYA2FpxG8AH+`YaJ;>N zGM75E@igTTjVFEB*NJs8|p$*-C6N8+spns zxvZ)y1+s%ql11Z6Q)v{+*|pE2&Ns%mPLX#z#2q^~`VIhABnxz-7@Cl$*KS)m!hRrw;bH zF`7_y`WhRiH_kVF5AC}4fqfPq5Bd*(JMzKU7xFdwt@B;!!yOIdeNaDhEYk9w)VT=cl#s-KYu zEvsH<72QKDpP2U3u1hIhd^%Oj6Lq0BdEjPk{o`sO`4IItN1_tVaa6=Y`xj>_f@wyu zO`bfRk!t!zu3qwuUe6T9ciG-H$I;9BZ zd>Swi7tCb4E-Z-`cN3?-3dC!#jblUgQh1f-y2-dl5K9kpg;imnkCnYHfAQM%K?-92 zyJ(H{uS>!h7@=HQetq(n0Yx4HDX5&>9~ojFNbh`2VDnnmI}XF2NfPq} zh~%yTN7mriU+1O$vH}@Pd=H>kW?oD^yWuEEJfA6jqd@?lzJtf+Wucvb^o7dF= zH=NFjd$-U0-(Q%DMq?+`j;Oj8Mx(Wkt?LcvgZY*CaPd(d{5cirs|8N{?pysmR`zIM zIwqJLxpqGhSQc`=q0GMi=M!yO@?^|cn@j((^#Xn_T%3_Q04>f?M(al_J-6dNY2LtLaetPI1DySZJQ8X%><}!b&g#I z&Dzfqej9ws?Dj8}J`{bRVYy7QITkWgEY(B@TT8$%2tR^QdA=Wzb$Ndp3pedQriK`W zP)E=uJcRE0(>V31A?T;GQOZOb;!Rw;lmMF%DFUU;s01LQXy=MEv51si!iPRfZNpm+7go=xd9T#^Y%BSjT^yF z&8FU_5)BtDi~qKmlb`$61Gq@zp&hr_Se#-^Ti+gpio?Gl(z^YIms!8ZQY|79yTyokhE;5qQgicK!F6+dbCoE1(~ngfP9ssyAfw*waHDk&vX0GG)k<70~lT#zn#HxSq$J+){x2OI3PI?w?8g6aO* zR_uy(hK?5i&2-G-RW(p0SOe3hq}(zgT?RVQKc2G{m^4{MhzD+f8ge@{O<5y!CS}fS zKzV9t^Ej{_gn(_1nROp9Y;1kL4ziYNUZD|6u(5^{5PCoRqE>Fo{QJzgx$6Z1>JjA| zbm_U1XcCUR4fQ=lSYBG_kUOQhH)WU1=htT7r6K0A5QGDHY>F2kP+hZA;lh%Dijns~ z-G=n=J+3wc)bi3_m_znJ+GQE+6G!B9E`sQ3Jt5D?7caYFcJ2OT^{ zoP*sy{`g%v1x{T`yPvaa$(Zu_wD82k8S(Y{_pK5vo*m{+yvH?P?Q}Oh+vMbQm__L` zHdQ5yc(hzankkU1SwoYHdS%1SwJsHR6F!eox3~m21vL3Ofq-CrZB&O;*d%LA&c38Z z$fufdAuiAa#Vu(^le`UbEjIROlOjzS5csLNBz(S zqz+E0KV|rp+-1$3JTC-RPmXMUQ-=hXM{Gr=yJs&|Nm@66q*)ACL1I`0=xK8$7UGQk z+Lxa?@|op^iJC9azI_@qU?=48Le!|W1Q8fslN{)H;&qjqwHk%u&xxUU%dBB}0`R28 z(Bsw|sd_SO#>W|m@7~GEG9I9S(D1LjD2tEyBMu?DT?G@FNGUm3w@hipNH1VJqSLc- zSA7l$MQM%Qz${AD0$Ym3xIwZE*)6pLB3F8Oz1}A3mDI+xdfvYTyH z*{|#)PB`3@QzUQ}RgH(p>)n*Lc*S@~=+H9DZhyfBt0;ds-fb|*FY=Zg~HmRt_@Zn!? zoQrlds(`Lc!$}<>>Y}h=XjON}5K4I{TOPV{zCqE?#)1q z5gqHz`_$PF-pjXA`8UR4q~K1w20ic1X*&8{03cSW$@i{SJVo~rXXO^B2YSbLFZT8p zzeMhp>eJm15JFdbpp`BYu5|2H<q4Pbo9B^kVXS=2ASGsPj_ppBetWeQEuDt1y@RxcS8l zU$)YigTY$vlDY^qT6?x(ne2~Bebg-f~S~l&- zNFT61?Yy>JyW{g>@`_%Gp+bP2n|sBJ7{No*}3x7 z9O3)O_2~%rooq!)*^pQpUT5b(I{ku&Se+RJ=J{f|GN%H}Tf0azi={#pZ*O?+2cS)P z)MCeZmhV-z#p?xjlZS_k;&tBvM9pDeg;OYvL7odkXwPuI-E~}K zK9+I&7LJ`)pcU{~k1F^(Oa|H|66BgluvsF0S)6o)wEpWSkF1qJ0{FFWKba#U0)GRP zF~7G;SAlnEPLHB{>%@LLD%xp@qS8nP35lK zg)z5U>+UZ8cm5Wy4r869dkk2vC=&LCM`!=ujDLCEN2wV+HyBpunWsHVPiLHuinb+3 z?HmH{!1=KBKo2xwj5Z}X6$(ED7O8Xsohm-LLB@cyl9J&_U2er}qN!MVP;jqCmjYrv$XVQ97(~cb>piHae8({hwP8--u*pa1JtDAzC7mA$&Zy5H+VBt3Z6KtXx`Qpk$muuFS~^rkt+}bQk|>zx_{Z1 z*x)HwgolfJJ}=4o4kS-@3wyt#1n^Ji(SF(74)VTB4Of6h@HB9;2-T^!%|Lf_e~QsI zaJ_tpDI1N$cq~0HPlTo#8U27^z~x)$Hc7z+mEgLzI6}sgY({%RNT}>Wx>XP+Zdu{9 z;NQ+YtTOvW)JcPm?260Ep-$)PW?n$u1w9232}uh$o_i%(U$jMYDBLMZ3kny;<-Oy2 z2lFMqFpu1ifn^B8xApOJb!JZ!Pr$x&FqjEq52l6(Qc6*9%YE{ffc;G(N#g$;2_f5RUmt@??e;T9@q$N4 z5+~(Uhd02>u@FNfn}~7Mx5g9-DdF!;y;2Pb<7=bNmPKeByybrEq&Z!Y9DQ-`$Q@wb zNeJrtP%Szd(Dvs&e}x=Ju^8j93hqLNRiZdS)C-6P@gY(5mk*+n|9J~+7KtBWU*7q;K8r2JOR8{y zVlJi4bN_d45$MYin(Q0}Wxak1beIxUsm`ySy!zW|`aPei4d_dEV?DY_sYM=KfBAOZ z2p5gXyh;8lh|*4adAG~26#vQ$0fzj0E)SCh1QsxRT;!D!5o)88c=J6|QBeZUIKuMs zAoX7%;qIgBhmNd$5Si_gYI56u^s0e24{EXIRd9Q364CkE1nUN@%?WsLLu{7nzcT`9 zPIH{rEB3>uRC(?@Dx|(bGle-t9ovYP0m`Zl5Xq4n(R74*=D&vrNhNs`_p>9XRv%F; zV<7$dubA~+v+BVy_#g~+aPpH z9TR@uNmJdozA9Aby<#mr{J;e57fJKagHtxWCvDGvR}b0GA#Eku&ZX4GdE_Pxdw`u5 zT;|M|>LJF^dfC?I=L4M2_AfU{q0!iJ#PV^nSMx{sdUx!fQ!{vTH)rPV>MQxbqqX8r zRScY@UNq}Y5cz*W&wNoiVkjdAMTJrxyvXfHj%m*nb zR>WZI{22M4tm93Z=n!}4eH^kj#`PvH#N|$KHjt(^w^-yoUc5tP zG%O)GX_NJDmrQ)!Y5>3@=?sj}$g&!>AsOv>u{LL6UsYHY*PcF)*R>PhcdL7pfmo5f%l4h$w#ydIG=ia;OGjAg#ZJmWM=+?|Bg3mZ+S-#-(LKK4$uL3{|hMFU^bl z`;K5IuM{va;GunAJ_(3^&e0F}63(+E?wxXWwUBT*^ZRYGmDz1bGLL1TrPYoS2T1Gh zMGvXhv66Fo({t39dK|Q2MU@`HmigpBlY~?ky7~F2iZAi+GyB#Widnsdmd$0~BKvHP z3p8+;>RXyJDv4m)A-N#APv@T8O$A(M!q+cP_3x-YrN{Eh`mKaMq1ZNB^O@_aV{4q;3Dr_s-4K6J9ms|u75r~TuM zDbm!@^^Lb-DxbK-FGukU_Qm-g*WD5*eZX2;^OXVk1)_t9mWgb6CGuW{Ixg+Ag^~aD za#$xkORVwpHy%#=!!QG~XN-L1jZof|@TXfpWA{o@@x6cggdH)ibH9qw?=)WO7J7vE z$U%nZZ``DXSRU&bT~?#Oo>qX!0C0IQu4;@lF7keHKYj4Ey}njU0)PMDA~pP=|J_G2 zR84`mpRr|>p!_&dP=P#1<<>2ad_9)amp{999ebzsC20$r!7dd$a``}I8$0=HZjl zaf$jCj<@2(==6-PMpKOLj)pDn_rii|YryJ>xDco9gl-FOvXL&5Sr zFpNZHV8~%(1#!qwXz7Br zzsGi+W^yq+`Yu=wXJm=wipJ$j0i!|b1&0sR7l)$&OMFB-YK z%Cf&!`L9!&4Tq!i_pf1313^)oV#p?3ET+hZg~{Xpy|G|YcPcnV;$hV>a6q6Tez!jr z(i-NJ?DaE53C6!qKL8G3@-t!gAOn`C_EW@Zv9&`1iRT&X7(`%K6p3E8>|FZq`@ls1 zwX2Ztr&N-T6AYY)Q)RfphFZt_n!UeOW4`$4@ZYc(P2m0tw9BIsKpJqDu|6ZgIx$H5k=L@!D&(QoveK8J z-`dFQr=G56-*h!Xo<9PV5xW&H2xl(X51%>uIp7cMUAAZ%>X|j3M;*NCNb}xX`+)w->UufpsNL*vamDX$R3i zkS)=CFP2@K8JUDkrvDhL=mFCOsOyOGKQFmQ;sHM}Tzd;@*LIAXpi`I_e9*I{hC7@P zE?hGx03F$*(YFU4BBa3iJ5U@KL6~lD0BOkwJCLEPs(@5fJ7kD2cOG5Uxb~%$Ckd&W zvp}w`kOpY#R}+M5e{@3?ZV0I7tQ-*^d}-z|#lIsrX3;$C%`3?(lMiK+HhuqSr?WyH@Vaw=#3dJ%~7wHKgs!*6-!Te~HvS83FE8sxb^X@aJ|{m~dLqVRo5y z6@ESm3g~0@K(+uOg-OT0%1$^7i$}lTVTEwM#g66)dnpuGE$xM8NSzR-2>BLb0t@ zr5c3&x=jFsP&lC0BDa{8-VRAk`xGFw=t5HQ8{;tRMG3HGhw`gIP@#Qg^3^V_5W<2h zrCP9Qbwgym-<%1-BmD}-W#H%XA3zIq!HgE4M;}t=K={+2DG?$hhgyufY}uauh`tYjhN8xJjrXC<8ANmO zvn=r8P^>ne*zOwcooVbf4z`7Y*k3O0`_t_C)n|=x%ZN+?45Egt@;Ubf<~xj10Eb}y zLWUD+R%&?8u1y5D8c9655&&{InAP{c3X}**ef5#UbsrJ&iLqNd-o>Arn1@r#@}zOg zz(Fv7U}eOs$aB~#?m|0kX{$Zcroe+2h?^{7?8&(Ek96;fm|xXB3@4dwo(fOU4>LU`oVQBO(7CRLYRj1 zD_{AC=rDY}ZF?9akDXKu!k8ieY*ZWL5sK2)V3L6(V(ECbKo}Pb-sB;Fg4Z9{?f^=O zW^xP&K8lgl@Xh?HFJU?(lc`UQSqxZ-UMHRU9C1$8mJDP+G81&q9P1S)dT8I+_=24|n>AzhV*v>yR*o9y6KF4G>kcX*O0ZA>x zoM+<3&_vZDyW!rp+k5v*g5aLR`v?4MVH>&BsuZw+HjZ=}5Wdd5-$SFBbW7axE?{EiM+R((BDZDy%eLwGPoeB)23B#u$9r zzjyR^t~yl^{e}8YH^x?N?dhwFF$fh$Zb3cy#<*=B<*Qxo7ue#q7k!{E@x0W8fM|p$ z$GQRDCKBx1wW`k@;m^vcda$r0aDT^15={II-$M4YPRuVY)Tzy>5(r%q5c%E_Kzg{B zbao3m&bM8110m7`826C=OX|*5{9~ElQ7`+%U3pV~okJWSfoohujfH#vKDtIOeGLhN zMBJq7=_=3>WIW~}3Fo;*;P=`YtJ-PPa$ltk`-@HJ^0{V zFCFXqgHCnC)!1}^-2v9!*R%>zz#Xh6M^tb-HqnHE12ElugU!b>W+yrAXnFpP)X%*S*b)^ z*;OL`h%U|zT4DvI;#pv05k&~i5Ri*h`~P7@)sJk!9crI-52~=m&GWQT4qy$%5S=-% zy1)ZQSp)MYzJCxaMr3Qk%Rm%Zh9)KI_*P3Yknkv*>n9KLyorFKd3P>Act*#V6PPr! zlIe9Hd1nY>Xk!3YuX8!b=VU5scVC4#AtYUN<0Yy$;Bv5^eP*pBopR*Lbb9Wy&JK3z z3m`UAQJUS;blQ2wRc#^XePge|EnC2D|F)j0sRI6YH$p*Zr!WDiWD}djp!fX6c(QpA zBXXk;xXP*0#|GMVO9PvY5)hUf1Q@37$7b;&#~o}WcrD^UZWk#7xF-h_s+ivhp3#P+ z!hmbcI0+ZHiUvzo5iunP-8`Z&4iDhDc-O9nNOGtr<*anKgxe~`alZO}3#CpW;ma8( zQ=yt|FRgGa??Ldzr#i@v`O8~j-g7a?;I#A|k!suzgnD;L6xfRc5Cnr)GOZ*a0yN1S zgpO4$=bUGE5xfqBQXd7m>LNf6U8T;1jV6g+m(BYr<)5<BQ4H3;zj$LQ)SDplg!*~iH-AD4r z_^%pZC)?ya)~c#tb0U9XL9rg1K&M0YbLhdWlHenst!D^-Vb7>;cQ8T^BpJR4L|k32 za<)R3XdVPnyZtf4V#F0*ggx?}t>6d>SS**n#fZ^lm!vBrftR zZo7Zaa@O|wZs5QBebv;Q|C|Xh|d`fQM}0kqh9z%0bv5FjIZ-) z9lv>xu@A{+$RB{q+0aIZ9&sw{dYGJeUYw^dBRc}ht$*bbJRw@t)v!2PYLuk4@$mWQ z=_?p`z&J^ra?3w+HJ)gHp$D8aHV!`TUY9pT<#1rRQ$J;jt5V=5 z&&$E;>Y_thyJ*V>!zUKvc%J{cL^V;4ZvrGtR#(IMudIF`P(u!3ZS=vc6Zopv*tEOl ziw7Z6XD1eYvSqwKd2!296~rfhO`Bel@9^y_500iwN)22$6K{^l0bp+3u{Rv`h05?u z8IGMh_(aKafr4Phx2X+}%YU*sKu`-po>eT6h|xKELCq8O(whfw?db^mFo$4bav^7# z`Vrj{y|`b5r}AHO&NCrUAzjygeBk^`tIG&n4?l4(pr@moG+up?0a14A!^^XXomf@1 zr#Zo5i)?CSr~sUlhKg2%K&4&?Wt>lEp}+c@utaRjsk#@KxS3gG(SS8K4n*u^35@sT z0!R3Gf4?K#un}bFV`NV1nx=vuWbQLU6HN!CQ0!t^24D&kFlb8`tS+9Wa=FbuByqaw z-0ug0Jiv*Kj~e6rdCBjmb@d7UJ2gLHw-3FEmxJ%zIW%E%_}$k_7pY%T-px~PY442Y z|Ffrs{Zfsy)9W6t&8@SW%LDZTdESflpSefAY#=`@e9;K5S`^wpiA~hY+L$R>&3anN z;m;YzazmNTOEaKR%HVdj>?1Zz2?WI^UIY;3V8<%3$3G^w%X58=<|nu&XZ@XazlTvI zbFOS^96C2LnoZABWt-gjMNrxrO~}qCYBD(RE1%icZMX&4b=vzxjM+sU>e4}EWQ;|h zk-nW@CjuLS$MQ6hkjPYA$|lslRy+G$^(S)Wv7UOcGTU@mr0B!6;L_2qtC#?AI0~U; zPArV}XUrZ^&ZNqW?5LwCI^}B@#6IxHsqwpx5~4CnK0;R|nj;;Pp~-fwC+ni^R_YRN z{AN4a0bo;ppc;0N;TzF+k~4PLEIe@lp{bZD@{J#nLE{->%ReUeG@7&Jne^*I{5p^Y za#k(8fv(_!o2!&@8witd8YYgbE;;jf*FGpYTA<81v=p9s#b#$s5HKJj_TCk0MZb1Y zH_d5F&Hi@w6fc`}yW$Z!8yt_bVBV$Dc{^)+q#K|FkvMS+DuLMuz+hQ6=Ljq>OIGRw z?1~Xc|>`c)I z0`TGfHNU@xaSC<;|ND}+hcSBLzTu6|;NEgk2?#WO!}d^L9hxO4JS<~8((${D@YkdB z?8L{)GeiV{Eop+&*$&ftSN=#$Wz)q*_6l_4^XWG0_TL+KclzZokReqD?ua>{Kf7Rn znGTXCCgU`$mLPXca&-`UrOAwu8gx(WiL&0Rm-yF{aNe|!q711M!L`1+Jr8`q{~Y}9 z+z1&`eKor`|HnT5>pOsA{W{%b0N%m3!o@Ou^I!k>m&FD^~vm0OqK}WhH0T6(5Dc+2yF-pBM&3_XAg3=7ZoB@urO#nTu3Zua`SNRC~F7T3+Q=9!!zB)+zQXWplgJczd&U1p?V%fB?%r zd;tnqLBNdpbcG>hrq0;0f-CPT=(gq!KVZ8);rI5rad`na@x2Zjd+*5?W3|EH$Sufn zvJ;b?mPb)X`=XJ*isSr1Chr)z4FLU22O(zTHhu@lC%Q6-wwxf^4n&X_MW6OkGSMO` zy7FQIvbY0V>#NthEn7l^>Elxw)Wz;&|hod6jR!=CF0 z1^o2cQ!xYN9`7X7{+?~*4dySQhYr<`LPR?WIj~3&LWK(Ho%k0Z)0snk9pLpAi%Zbg zKuaY(;TzV>jic%!|D1gQGHz$S0>*y(8g4l~>Nq(}s*m)?lAe0-5)VQU{&NLnIs=|% zBxbL;fGk9j6R1)**zB_7uG~1t>!;5htw{Jh-8^RzKLx0#ZMjX}{eNwN-_r`aq2#{2 zv68fp!zgGr)B_}x0h$mV$}=4$XQwU@ID+vA=Ku_fDb%zGn@?OGc4KLkQIu$2$!Gg~r-?X|O z@^;kFEb%42UX^wnIyzXQKJhw-V`|{_jz@p_4iQNZG!WeY|w-%dm5B}>aM=& ziZq`RW$+AWK}5&}t-d*N>*nM9qBcIIGgrS(JDENN0bQb62;e39511Pi#a?Lf6sDdF z?hOF-K4Ge#06ix?E4>YQtI)Va_^3kE!DID6v&;ImnETIZT-0O_b*lE-6f#yoQk>zo zX-_34L+0_`bUNX#`b+}3pnvfAVy(~PTRYq5GAp24L-FOlTlPkD>JkA>7egHjE6&0MS(kgm_1M#Wsw>Y@6GgY?|6ykcr4?RRbA2o8Xz zo5RYrbebxSXRL0=*hpW=G@t3#!Htkou}G^v86!APTj(+2+yUskdc}N=KMex=K{!2zHR__}2+(p<6Xz zXs3SO0M0PW9?HC0$Wu0b!f}1x{FXemrmt`t-64br;}RPX%Shlnzxs4hZ2Ug-t- zPMO<7SN0cxy5x3mRoguNg1NPmU+#g*!5f#V%0q$@cP}5r@?`P&l|4y6JA7we6fMy3 z@DgCh&eJ|z5&o7U@n(h2w#C=R1Jv%&KMab{r*m>S>+eeVnl-Z2>}-FBV}1gCr3V+N zlE|m86)-J!Qy$-QZ;~EQs=xRnQEEqRT+9RCk7X$C;DCGk1;aNL#e@FrK~XBb2Mw8L za-k{m?CsC2q1rzn3u=+L0ELZ%pH!G`FJ(BEm{8neyU6fJ@4kEvH7{qq+o!Q=?f9!X zr(8#==W`MB%?jA*NvL+*>9PyxqzQVXUXwT(uu|U~dN^(@u~Rcp5a;Ja8)nqS+MYJu z=V?OCh@&$wvV9tsxkJAyfUkc_rkfw2hjkZ`_~%Y@z)fOX?@gR@6za85h)!~8J8YM@ zST^j)94L+NUD0esnf1`#6=1YY2vJddEC@zkB;EJH>!UcT+IY$#pd7ZmCv!Kit>Vcm zYs#HyH+?k~tKy`>qBMQkNBi!+x0?# zW^HmW&*_hTX}IT!H#|J8Nn@ldbd zKcYL8v5jj+pdYRKujY z)xwaLcdkYVeR$r*?$Y90RaJAlTn8^6liF?)N5q7QSy4|!jVEKZ@{1*|l14E`Vt85R zFnV{=n2WY({Ktwbwa@&Du_YhLOanhofwPwKOhM2k>th9KW-Uqo1P(dB@^Lg-(Dvq+ zs`(DBJJpdFv{s*3Yh+!2o@2uO$iMKF`LviH46dX&f~cEgd4Niqbl;T6mcP4(Pp0IG zL@OrY9JIAqiIe0l=7IWtH6DfH5EaY0V+%lOD~$2A0n_u#;Z%a}>YF79g;Wo8Q%$UI z?vv$O-e=hx>VUaDStoqSUqg%y+aE>>DB0q0fweRGkXU@@iMlOPpS`YRmSiYjAG?yI zX&YD@pzJQcwIR(I@D4j!iEhoiT!F1T-OrOGVrEnmOw6!6to*E0Pfo()IOy^^3fyyS zvs>~qmz3#LJn64v8#K3B}^R;Hk2sj|;d=qf7BNcGB5BR{TLCEpgho$Il4M zX)EVZF|q;oO<=TId8&U2@074kk{%vb6IeZ{8amCOZ+V!Hawr^fDTJH_8LjA(FKT&V z2Vv^$F<07Da0LD>3g!yyE$O-H#a{Y%2T-@pafHUVV|hxgZ*0pmt7 zF$DX~1&`I``JiNQ)jdB~bxmkZGMgXAcTjwuHa;gbpXSig`DPK1bjkr*W`>IA)Lw+6mDeC7#_^rh#;8*l3x6+Eu|gLDUv;&d-v%CJM+(ED+iju=-O zKU)%u!P@<_E8^C*VBaisq~eETay!dnlTF%Ggo%Y+fwB6BbYC7R!|}F+Xm_~nJ$5u$H6AV+Ki^Y^K)xU~Qd7;EnkvTJ3n6J(UrWP#sFXYp zds<|MBFg6o=1amhUWLD+!*OWO#L~C0-%{bD^|C~Y?oY3@JMWx)eVHbL<{YjXHg{No zLj&_QQkRLG2w7ck%ReBNQ78*<>9zcjx$!ya!GxxC_?Xz>4r=svhUm?k-UNkKm80oi z1AjDqX`h~MKx?q5=4QF+_L-pxrR^=6Mn=oyR1eoHb|sT^p_6+XlM`Zo#-d>in1#Wv z2%oKzHdvMJvjJfaN>K$h0Y&cs6p_2wByV)Csl0N!QSW#6$~3*v39qF3AdvTI8b<=> z#%0cQtY0W|;a0S@wJHHY2ow+egR7v!Q9v}R22Wh2-)GxoNQGyW%d$@@bnuV9tGgA% z1Fji$s7ER~r&tt~_rxer!z}z%6J0pzHkmitVq6Aa8S?+8YNNsXh7w9q{0v>R@ZMp! zql55Tq_>aNU_~+80&hb|BQYa<=ezBLAP(0(4Wd?5K`PX{_w=EcwnXt;xX_4X4I8*SFyR>93IcWS7#L8kantsVhGx$F*1!O?uiYrw%d5>CvdB z0ZwSKH@*2xB||b>=NbsA*|Tl!G4uMuWNjA)@9?!5(Zi1ZFKX)yZN?!l9kj8?^V&Bn z^8JrL3RpQ_iSO2@$2JIU9auQ~(v5H~YT@DOY5e@>gg|n(0RSvcrF@w+c3@A*6;p^L zw_mP{xYt z_fYz8I4LyJ;N@E1scWrBLZOe)-OGApyjj4P@UmGY0hH8>V?_0sw-kwEQ_)ObMkNF03XCC{U5KCt4Q;c?&^g?`J--F6x$YQD}tJKw9(|6=FJnfU;Fv^pyfjb zY`@()IQ<)$7*|3q8yYlO$mf}7j6@6ekO}6fCJppn{*qL!3Tq;t(jzy}qn_F0AWF0w~MNe^BuAxFea@an54ZKU?ZoR$mlXO7MI%2Olh+Ey}n1;0%T$6D5UVoor6e$o&Aacj@cJO zFcXp*xtv7xG}DAj%l0$3AB<=!zOlN+Q02WW)-JJK04facz22&2IzFvrUMh^=H3hO> z&UL9{OwPgFbi_EW^2!OOGD~Nh5Y$@Wb+=OH2ZwHT4YbW|*Vh@iS^7%gqAuDJAMD#| zj1Z$(;!i@^sFor*<2#42X;qFqz-QR#~ z`800XGm`~smcFG>V0}8=7Cx&akEo~A%B8k&{ekl{8LwOKTx%G7% z6jWE%V8dGCWThS+&hG@34mjy6*8InPcK7EPEn0*D9p`)^H=J3RlpyaWSYslt731*)#aThDwFJ#n17N}Qd){b2Kn zV(G<><$Hu6=Wd-C4x>`7u&|f^Ext9SyrMtfa;IEA>R$J)HVMwLp}f0Frjw<)^-H(L zYW^VChMpTqF0gV(aJuhY8RfO-gL0^(q6S28u|JK?$bC^?WRhp%+c85I&Zc@p*IbVEQ!5OLRp z`?@Fi%1#(S$pSo5!juz96g01s2a<+iK^y$nhpZ3U- z=1ar0&Z>MB;JfLR?W2sB-n}quxbz8hoBW=X`o>5+#ew>56xlt;Z55j0O+zSyzTXe? zZE#~9?yEgGiBTHYqWXGB{q4`M(p?t?0acJELT(2du@1Vwv(wdsJOe)Q!`E=l-4@mL^DCD42oO*x!w!qb{+lGHXA?OKY~6$ zkwJ^8Z4b%;8PtzvV3l04PIK-*cxQTiT)ODL7H6bZmS&Ik(8NdmSd+hP5O!TC5D}H) zNOO3KfA3xPna$_spuaprBOyKh+`fZLAf!tQ7uW(1Osgdxok{%38;@2v@Ub{e`hFNLc1jV#rK+MiiB@ zbqrLBQlkY-=7VrJBM`2bvgl;vfv{aojU%7ks>VUe}s_c@Z zeDVQ=dDz5@w2r+NSqo`PvnsPb&O;wv8!G9)xi0iM+^d@SXkz}dOPU?&3$L4!nH&zx zog>L7uXzVhrXI9j^c6q)JbZOQ@EAPr*~&vq;_#^j8D~l9+&#YA!dHGO=@Kle-xW*8 zdBeCHKV!Q}Kj`~Gpk*0mH-v=#2)Rx}xfEIut0L^ft?wm$MsZ zaq}uBG0k^{Onf_qgY$KSclu%kh8IbKG&)&~_;&bh1JWWZ*}+?WaeMBKu(?x#0P{$! zJ^tik3torJF~J*lpHUy_pMKAi?=0*bn2_aafB&eoWnpxC@_`-ZLxbTBnEVe+zt6sv z%QGeAgMIk7k0hYv_gU8*Vep&CBQdA4vXX0V4|WajtAq4+ZGrvkS58ZEhs!2~$NQY` zjCSym&TV}eFm&#HSZL}LJA6HM-OeLEDl>inCGZ3FRRv6U)4u+Et4)*}q!_k=J(JD+ zxnpyukrTtG&O*+&pZUS&9%llw06OokRQ^D9J-KNl?1d2Gf85{SW?<~~CGkQ3Yh>p) hUEerNMtb8K*UA0ziq92uvbTVrmAM_d%+&qz{{Yw%NY4NO From 0376dc11d0cb671b46bfd006174a123371e3b652 Mon Sep 17 00:00:00 2001 From: Vivek Date: Thu, 24 Oct 2024 18:43:46 -0700 Subject: [PATCH 24/33] Addressing comments in progress --- .../high-availability/eni-based-forwarding.md | 59 +++++++++++------- .../high-availability/images/t1_cluster.png | Bin 0 -> 62302 bytes 2 files changed, 37 insertions(+), 22 deletions(-) create mode 100644 doc/smart-switch/high-availability/images/t1_cluster.png diff --git a/doc/smart-switch/high-availability/eni-based-forwarding.md b/doc/smart-switch/high-availability/eni-based-forwarding.md index 97698dd719..b9cf15ce4d 100644 --- a/doc/smart-switch/high-availability/eni-based-forwarding.md +++ b/doc/smart-switch/high-availability/eni-based-forwarding.md @@ -44,8 +44,8 @@ This document provides a high-level design for Smart Switch ENI based Packet For | VIP | Virtual IP | | PA | Physical Address | | NH | Next Hop | -| NHG | Next Hop Group | | HA | High Availability | +| ENI | Elastic Network Interface | ## Overview ## @@ -59,9 +59,10 @@ There are two possible NPU-DPU Traffic forwarding models. 2) ENI Based Forwarding * The host has the switch VIP as the gateway address for its traffic. - * Cheaper, since only VIP per switch is needed (or even per a row of switches). ENI placement can be directed even across smart switches. + * Cheaper, since only VIP per switch is needed (or even per a row of switches). + * ENI placement can be directed even across smart switches. -ENI Based Forwarding is the preferred approach because of cost constraints. +Due to cost constraints, ENI Based Forwarding is the preferred approach. Packet Forwarding from NPU to local and remote DPU's are clearly explained in the HA HLD https://github.com/sonic-net/SONiC/blob/master/doc/smart-switch/high-availability/smart-switch-ha-hld.md#42-data-path-ha @@ -75,6 +76,9 @@ Packet Forwarding from NPU to local and remote DPU's are clearly explained in th ![Active Standby ENI case](./images/active_standby_eni.png) +**Case 3: Packet lands on NPU which doesn't host the corresponding ENI** + +![T1 Cluster View](./images/t1_cluster.png) ## Requirements ## @@ -83,17 +87,27 @@ ENI based forwarding requires the switch to understand the relationship between * Each DPU is represented as a PA (public address). Unlike VIP, PA does't have to be visible from the entire cloud infrastructure * Each ENI belongs to a certain DPU (local or remote) * Each packet can be identified as belonging to that switch using VIP and VNI -* Forwarding can be to local DPU PA or remote DPU PA over L3 VxLAN -* Scale: - - One VIP per HA pair: [# of DPUs] * [# of ENIs per DPU] * 2 (inbound and outbound) * 2 (One with/without Tunnel Termination) +* Forwarding can be to local DPU or remote DPU over L3 VxLAN +* Scale: + - [# of ENIs hosted] * 2 (inbound and outbound) * 2 (with/without Tunnel Termination) + [# of ENIs not hosted] * 2 (Inbound and outbound) +* Scale Example: + - T1 per cluster: 8 + - DPU per T1: 4 + - ENI per DPU: 32 + - HA Scaling factor: 2 + - Total ENI's in this Cluster: (8 * 4 * 32) / 2 = 512 + - ENI's hosted on a T1: 128 + - Number of ACL Rules: 128 * (2 * 2) + (512 - 128) * 2 = 1280 ### Phase 1 ### -- Only HaMgrd will make decision on where to route the packet and write to ENI_DASH_TUNNEL_TABLE table +- Only HaMgrd will make decision on where to route the packet and write to ENI_DASH_FORWARD_TABLE table - Orchagent will only process the primary endpoint and translate the requirement into ACL Rules - Orchagent should also program ACL Rules with Tunnel termination entries - No BFD sessions are created to local DPU or the remote DPU. +ENI_DAS + ### Phase 2 ### - BFD sessions are created to local DPU or the remote DPU for faster reactivity to card level failures @@ -140,6 +154,7 @@ Assume the following ENI attributes MAC: aa:bb:cc:dd:ee:ff TUNNEL_VNI: 4000 VIP: 1.1.1.1/32 +VNET: Vnet1000 ``` **ACL Rule for outbound traffic** @@ -147,12 +162,12 @@ VIP: 1.1.1.1/32 ``` { "ACL_RULE": { - "ENI:aa:bb:cc:ff:fe:dd:ee:ff:OUT0": { - "PRIORITY": "999", + "ENI:Vnet1000_AABBCCDDEEFF_OUT": { + "PRIORITY": "9997", "TUNNEL_VNI": "4000", "DST_IP": "1.1.1.1/32", "INNER_SRC_MAC": "aa:bb:cc:dd:ee:ff" - "REDIRECT": "" + "REDIRECT": "" } } } @@ -160,15 +175,16 @@ VIP: 1.1.1.1/32 **ACL Rule for inbound traffic** +Inbound Traffic can have any ENI expect the outbound VNI, no need to match on TUNNEL_VNI + ``` { "ACL_RULE": { - "ENI:aa:bb:cc:ff:fe:dd:ee:ff:IN0": { - "PRIORITY": "999", - "TUNNEL_VNI": "4000", + "ENI:Vnet1000_AABBCCDDEEFF_IN": { + "PRIORITY": "9996", "DST_IP": "1.1.1.1/32", "INNER_DST_MAC": "aa:bb:cc:dd:ee:ff" - "REDIRECT": "" + "REDIRECT": "" } } } @@ -193,11 +209,11 @@ To solve this, ACL rules with high priority are added and the redirect should al ``` { "ACL_RULE": { - "ENI:aa:bb:cc:ff:fe:dd:ee:ff:OUT1": { + "ENI:Vnet1000_AABBCCDDEEFF_OUT_TERM": { "PRIORITY": "9999", "TUNNEL_VNI": "4000", "DST_IP": "1.1.1.1/32", - "INNER_SRC_MAC": "aa:bb:cc:dd:ee:ff", + "INNER_SRC_MAC/INNER_DST_MAC": "aa:bb:cc:dd:ee:ff", "TUNN_TERM": "true", "REDIRECT": "" } @@ -211,8 +227,7 @@ To solve this, ACL rules with high priority are added and the redirect should al { "ACL_RULE": { "ENI:aa:bb:cc:ff:fe:dd:ee:ff:IN1": { - "PRIORITY": "9999", - "TUNNEL_VNI": "4000", + "PRIORITY": "9998", "DST_IP": "1.1.1.1/32", "INNER_DST_MAC": "aa:bb:cc:dd:ee:ff", "TUNN_TERM": "true", @@ -234,7 +249,7 @@ DashEniFwdOrch should infer the type of endpoint (local or remote) by parsing th ```mermaid flowchart LR - ENI_TABLE[ENI_DASH_TUNNEL_TABLE] + ENI_TABLE[ENI_DASH_FORWARD_TABLE] HaMgrD --> ENI_TABLE ENI_TABLE --> DashEniFwdOrch @@ -277,12 +292,12 @@ No impact here ## Testing Requirements/Design ## -- Migrate existing Private Link tests to use ENI Forwarding Approach. Until HaMgrd is available, test should write to the ENI_DASH_TUNNEL_TABLE +- Migrate existing Private Link tests to use ENI Forwarding Approach. Until HaMgrd is available, test should write to the ENI_DASH_FORWARD_TABLE - Add individual test cases which verify forwarding to remote endpoint and also Tunnel Termination. This should not require HA availability -- HA test cases should work by just writing the expected configuration to ENI_DASH_TUNNEL_TABLE +- HA test cases should work by just writing the expected configuration to ENI_DASH_FORWARD_TABLE ## Open/Action items - if any ## - Will there be a packet coming to T1 which doesn't host its ENI? Theoretically possible if all the T1's in a cluster share the same VIP - Will the endpoint for local DPU is PA of the interface address of the DPU -- ENI_DASH_TUNNEL_TABLE schema. Will VIP, Tunnel VNI be part of ENI_DASH_TUNNEL_TABLE +- ENI_DASH_FORWARD_TABLE schema. Will VIP, Tunnel VNI be part of ENI_DASH_FORWARD_TABLE diff --git a/doc/smart-switch/high-availability/images/t1_cluster.png b/doc/smart-switch/high-availability/images/t1_cluster.png new file mode 100644 index 0000000000000000000000000000000000000000..3ac482f8ee80c2e07c4f7c6b6435c065e848bfdf GIT binary patch literal 62302 zcmZ^LcRZEv|3BiLkw`{1Ei$tS$B9BIJDZY~y|Rz2P>G`w*^2DF_pC_v-n&C~I2`+T z-G|2K@$L7|;hb|{>$S)8I?t6AsCP{qL^V8+40izfUJe1eeMj{$#h z9aZI|akASOe&FD+;M}@#UES4SarERn29wFgpAqB~(%w(Uo|4?dlP5%c8jf3}pU*Iixj%Q$BxSD^E!*Ou&|IbS; zF*(fP!vAONdAz5{=eZ85|92QP6$@g9>7R4r_}suJWIk*7J?a1M2ihYX(t$T+wzNex+;vGvpAKN}1 zWroc@OJuN*X?R-{6``b$Xjf@fSen$05N(_6KDg!Hqc+YTcA?E9v)5Wd-@RJ@%jB8a zafPgYWNJTObLX!8*DWXUd8f=s=jZNH8foiY#rAtupC->Visi3uQKXnNtnk{8EZB!# z2yqPi$Wxu;X#eiA=jr*bbx$ruWTw~Ujjudin9OCh)89`Q!B$e7LfDal&697?m~a`F z8rx#3w-MWV02DjVo?v1w zgwzb5f19YI@0+7$m@^E^F+vwA(B2uf3?0M&W=w}(oLF~>p4nGv_mE-uF29B@%yfEQ z-iR>RT3=(BQHx0RXqja&cf|mzl;4O=9I^~G$Vi06C+!akhU_JFj?`@xxMwk3=A2a? z7LGpoSwAB84y#t1XaV(+ zvG`%jKsCwmZ!w+Vop9gRpzodYN}l()%mkBl!VONOh&k~OEdm0V&lc*6c~`}ucK)C1 zlFQ3@ukw+aWc&P6OGEHSKFG9Eixsb`5OjU{z}G5F)Og`vI?{0s_d7!8Qgt84TJ^^u zZiJPkr9h%=Fn^*Pa5j9lYs|9uYjT%1WGANq*&e=gN=8@IkuW8TsFpM#0H;25omFCQ)bx%8(?S4~^aRZKjV z)Rmb`q<+^ag*M2H^UdS^hgkzeG?syDPc*%{5KJ9oV{5y`qb@UPq^lcUMVO)MAzpCd zpM%P%l`p5ZJ%fmqEjK!8lz1h@<@vywe{+N=%0rnm)8RvwSUNSL~^(i zZt!_|3x&0jTVZ7d1p?2zFFUt|goJ!*8=XJfFJP-gVPcI&zeznid*inWyBe_issj6t z#Sstv-y`($_??M+D@FW)3O?lUglwWN`pMh;Ns8x_?oP!7m)f5?J`|;z_iEm|rQ2D+ zocpv8m#!)vIaI`iN4qs4sK0bkfzpCBRW>j?Aq{d|9K zie{4`IN+tZSLxkd_q(``c4_!@`}EEHs%I9$Oja&7C->i>k+(oA2p=Dxz1ll&5+Nnh zO9cy|75KuF(i(u3Ww;P7%|&**Olpo&k+jZ4IhXh^Tfro5&?ukB_#>9Cxe?_`T8jq5 z+asZh;`UTW)9J8w^!1qv)K8d|TYO(V%}gaR?`I5b4(I$QA*}W1=b3O94e-2rFE>@> z65f}WBIiHLfWt@-=pmgwWmAjKNV`AGr$3^I7^VD0#A8Rt?Tb-jf{9I7@ggNwCt)OF zpvV6XNivHWp33!$tj2A0VN>U^9GhSb9musrS{9H%bHJbD>*Zh`yd`2(czi+7OQtf?&2J-#?WEFzSzmBr77SJ$Rii5%meu3P$W`x z6MP#*p}d;Pgsf|I@h?c`X{o~=tBi`pyT!U&#SXg`{=+jYh?oAa-ax~@lczFR++EcQ zaZU+`j#PkWhSt)sc!3Fp=g&CF8zH*^gqjU?HUxUu2Giz|S0efoU9jSq|Yilo6tUsI=^V)?QE zu26JV?&wssxcy=uGcq{W@C+ssqsN0jT)UnU0-M+!@vDe8nRqmd6WWDpf` zd^QLku57=1LRESm%S{b@-zp{|rh+bxFvwmvmB8(A1>B`j72H=Ou@8tr&ub~lS_DIk zW$~F<6-A+@;;>=IGZ~hFjJQ?4(<*JpEZo6!m)fGev?Mf}sF>V3`}BwATTZMLUAzR( zX-qN}!`dkL>NoEA?GNNfoW=1$5WD&#xkTTzfBD#R#E+-QR$>PU>;{Bn5;iuh{UJOvQ57(ZcQiKwM4YICQFbBlVCWUxetLhm z(kXN5DltpPLygo7uK|di{9ps&W#}|wolC5B@uKj{Mv9;d=bxyFe!Qrp4Tb)27wisG#pLJWU5HUWb;&!#3hMjt2|(5BYg( z_VTy4Y7VXcBc(GI>>s1E%ryM(G{eBOtF}^<;MbSu_|9)s7MQl?&$=!Z^|yR_ezvuq zgx4zI6zxL|UF)KOmP(FKivA#A=DH!EdhAUsAmMOl@AwjUVfiwkV}b+-wp&Y_>@M}| zm|gJB%ywLF6^RyTm*}oMJlL&r9&()yZp~|Cvh34yY(>#8c$p124_mh?@KzazNUX^_ z_Nd4?#c!>*ONs37pe^UFvBf@qO)Fv(Q?{7@tz~oAcDzH3gDmQ*q3$r*j^t3# zDm<(%xl*xGZK)`=|9E{?>aeUIM$AMewP#l_{$w}OZ8o<5z#yC0o$4J=K?}cR$gALG z&HV}oUE^0b7YnB1JeJLOHkarXB*kw1Bp_rC8voKmj%6}#&Z-JCyvUs5*0J&umQu-k zUMA-Wl=m#k>>bV$9XdZEFmqgW`AS;wo??_g@gB#&KdL;~j?$umcnbITwky+5j z->>fyyFJ+cq>qsjwmD#AS~BV^z!vBFL2NF;Z@%KpOFpTcPGk$Z|Gw>GrNzqiHYa9g z=i0Aq@m5a`cgKhClQP3b+@D%^rznZIhp5@g5(MuqSLA5BeSg~;c15j)gtziRcGaei z$GiEecG&K~p@GLzk@bMbO4ZipoWA=)R>@F8m$j}<*+*@!eRQyUGVJH4vnZdFOu04X zb030Q6vdY)|9SeKAiMB?+ZA~J_xV@(+8(4ZID84Xvs_h>-xhWDb5*>vv-6OrA3g3& z1RZe+<<)>z@$~mKTca-VZeZn>F^`qlxh$vYV38q%P~x9$;wzQqIaDqfOx;Q5fm#*A zsV)Ux>tIUQyxH4m5<9A)^x4EsGMkmk^^me3$BVEpQ9^J`cF5Q%GAo$qRGwd1(>-vk3t5PcwoAXU>UM$SZ^E! z{EXF|9Gz9IjFV};%?}8F;N6b@8cok>vWZk}`Y489B)Qgf!Sw5;h?iW2C_lXiJ_OQR z8R!Znsr{Z7sl&a|#@2Uy4J|;PM-Nx%Ve_S1V;=2X#RCr|0~iDSk;MDd`j1rvwniM~ z`Z62>fmHXzcr2F*llP9N1w6BaeO2HoOX@G{@mrq?;w{Eq8Z?Vva>~kG{n;pWkXJVK zg0qE~GxI@1bDiHwkJzAC@@EvlEmBNv9s9lez*-zy%acN;Wq`ofk*aIGGhT$tHPftU zwV6D>rHaL@EoM-1#$|CJZ*-kr!;;jconwyVG-=-faVupUK_GR-dZ}F-DWCIhI@_ci zv!`+OR@I8Xfoj7Gp-Qc2l&pI0*4}!%%Sy)8)wx7uv0*F;bGy_bqGICPQpvcDhm}RQ z+s1mc!PDOPv@$lT+m>2|(u4lgI!&9d>RR-|a*24i(0x7i{N>s0)YPzYgVdB*=cqxi z!+lT11{k3$5jo7AFYhd53vuuwDLZDFG&n=xG;?b{T6hUpDD> zVT~_*DPy81wp-t2uH(J1U=M6){>R%?gFyG%Vf#i#Yox68@|gHcs7%YxM&|Kpl;`H4 zS*u9R_TAlryCS1KJY0#B-9^;xX{VU|uIHkj?d|l}7#uPa%CRWl1i8NMQK|*}Xz7++ zJn$FH>w{my=pgg24gz4<*n`!9J9FnMIjUHK-FBBsg7KOjAf*YsiMM56o-;fo%1*Bw zG>wjYewJ;BU~MGS34K~!eoh#DpaxG}I@nz)k)+p`PmT8{eU&Y|sMAnHCCyPOf$mYW z)*em1s*W2^?LriQ^xEl;Z@IRRY2;F|-X?CHntn}kd*+RSNUUz~E>NkfKvCl)WfkeI za(zh6sVe8k>+Y@##5puyk$iI555zCxQi;(I>z0&hVHQ5|!NNmL2Rof|%t8uWc~3R9 z2Z?Z*aqH!nFa6Rv54>f`5wj$QNu$jnBn9N0xoKDs8@71d(&u@t(Wmk@tE5-=Ocn{! z3|xqbR>~K6#9J`IB4cyOz(#$48GvgkpIgkCQ`vPoYYf=dR*eSHf1Qy{ zz_{of&n3%EulOfB=EL;)eW>h|xHoHrHgp!*y{QcW;g(WmS6ttIthhh=Q|Ie0Q1Qjn z+?)-Kx87VHOi+z>4@p0Hg&xnIX!Xh2h>Nqw#-##^3q9ny*FS9yT1(%C!ktgNwSjey zx)WY)ZqnM2d-knLHZ#HhyI0s%;J&rLSyHpaRJ@3~)^na`{&{Mg7v1G7*8X`DQDE+d zI;>iS`U|U0^?KM26`Gp@|537=-v55HQ$q>kI_lIvXxLWA+F{5&*S7s8e(%#_QNMwt zv;FmW4Ooue^YS&llT5A&o%6j>N)GX!n?HV9jv{IF?0i(n)4lWhq=kte7fBZf6k4_^ zSkL38DPPG)&8+gd^+} z^dSomF6>lacxKEv-`9!Gw-?XB%eQ9uy{@FLDziogNZfaw^hfEA?}UGJSifO0`Hr_5 zQ@{CGolK7V;6q#@-Daj637b-!l}Gx2G9rxkl`wOt`aIqPKOEL|(-y+!{= z^v3bVK&0NlG2Z)e18Zksc!+bE*_5Yn(POC-d|AP6EFQNrw&DZCEql#LGy0Mzn@%!5 z4vi&KC23AgNpQ!c&5n&99=M1%zDIeh^WI|2FzmO?D$>|`-ry@;l6uF^MxODiVLiV1 z{UqOtlgxggUW-Qg(@2bH2FO{dMa3X zs45$2o5&BRGtSZp0r1uR%fY-3k4|Bu&kcNo7{Sk#dz+LwByFQ+JOw|S{aU3@%>F1k z9Br?$z3jDCwr$g>YA~BVV%}$EbotIfOXVsmW{s;DE>*Bbu^w48OnvplZu@A}E?al? z)qcsf;z9S|n=PR?Q7>N@2FcZOB3{m_#t>k+$O~e$D&2I4cTPifiJU6hc=D}2sb%y+ z%MkKx;p}Re5g~0%$F~~YS zWI@^yv@ZQ4OcXTlS`z4|9DMw`b#RbI$aw zt2hs72F*N5-Qo4xR{2Aqd?;bp`P zn8V_PyLb6dTIatMvrgfi4SzE2XO5Z}-;a0O307JZixV#x<>L2RvCHoxh;yGlTX1-f zH_8QeP}y&@zq`pNXH%3ZW));|cO2#zX&-AFZIt8HyI9)y5T&`BIj_Gg>k{+xvz5na z8Ombg)V5g2DxZ|~O{nVY(}VBZ@WNArS0U>Gce(QSs|y#Y!_!JE>d5n-k#tsW4q2K8 zaTm{-swk&!pW5A8v7O~qFHN~y7e}p2WRnvAq?}gVIdfm-J06$LGn8h{&fEP_C>o?} zBPhvDQ1(ft*0X>A5#_4B>bhJu8>MOB_8BsPo0Rl6rSD0J?m452)mOfO@T2g@>d*9y zY<{yCd)cjRi&0Kua;j5Lc8AA{*TtAT7V}1{9I5EC^P4$@$@f9FFf3`7jH**dc7CS0 zKN5G13(?d5J$I#g*O@sb{>sSyVnKWPu#A*ijsn3OD?$t?a__L`kwFQN5-wT`ff|qB zWZ&y0t1>wdHwoC@x$W2L{*8BFzXIk+TQKad@OVqKa?eMk6=}O05t(KabT}M$&GSUT zC*S=_KD~Eyr?o802wM6z>5P-x-kC7Pt-exezhf;mYJI7oJwPEcBWmAQz^2VYS%rW;mww=N0qb}MO`!BZQxfwWLHN#;?MMyiJGr*FJ9 zBO@U69<3QRjkaEVC`f!)i0vb_-*yA@K}VHE;jleO2857O2c=LFSD_i5E!Z3Ll5P_* zY+d5C<(-Mjo}7ucE{@bT|M+%sz8`c&iobVBL=fNbi#`QX2eM%!$LE*A=MLU-b{Dk6 zEI}^UGkp%7-m_}UjhU|3T1s$S0trOlBM`&hSu36xAvg;XHZ4C@M#z3kKiK6{8jgD@ z#axy@XymtQ7SKN)Zz?RY%jc22FJdqh;5#%=#5}(HI6!-ML(a;ztZQmLvI0qG^WVlo zcjDti#FC8T=!KPc7mD@zGV?zn(ty#fUXL7{8DU$@UD0eGyc)3;>_N5_DeS+>7jgH_ zdq@|IK~fc*wz$M@A1~5ptedvy7D#nJI zR#Yixy#FjramTKl+pDHpvO!H>ZgPI37A^ITzaiZ0M_pCC&vdmeA@el#cLcPDulT-o zy3{91lA;qGOnyjgaB%HhT}&E|S-;>7UjT(TU9*30DZEi#*`iINX$eY9xgEj^=`)o!Y#E`@w`WEtmdfgOj&0)>5;b?hjKoE1u zD0u;zjwITt&9&!FyjX^2WDm*Opumtd+1*wZx2fQq$eNn9_mTYjBo!+iAODN`wyE8_ z+4Xo>c2>e>%+)JuY0zyCJk)rA&fD)@nDvwt%-rxzHDU|U@AvtfjdjD41kH3XQ_pu! zJ)XC5XfJ(QIRj@20@hmFimLf32%9cm2$jX8`s)paxOHeeSUkvxwCP%;ll`TT>*P0#d`CRO_8)0xjWEUd@&0$;b4fHfz29ix#6^Za+^{z*{e{ z<(P%<+;9K#9l4)E%HP|d=4hTCI3v=p(-Kql?ZsEY2YzN~I_E61_d|k|zNC;RO~Bxp zoMLVW(4Ms?WWhE5c?e5m#k&b9oKBD`GxR_?oNjXZ=~uPZFH)W()KhtCeInnuW<>CT zulQMPHYRXVfB!Wp>7jGW&?vdi15}xaRFPp)u}(wwR`rydC!q%=m~fU8cqT;5oPLcG zrwg*3D#+oc6UgW1fx0Du?OZ$~4(-POjQj-zW#2V3n8oa!5hK4#t?hEzi{Ja@F{Sg* zV^P!Q0>RPiDl}0-!|&*syc+j5<832n57*OT7gUB#GkA=%x9jLOYcl+i%d@8;Vc>Gv6t<%6WL{Sv%Y4=*}htk;=;AtP( zh#|DLmU+VTAV4BA>biA8n%zkx7W3w(BWx+%&o?#H*b%4tq;Bd)dx9Sf*1Sj%)H3uGnh(WuL*Ei*|PC*SE z$3!Kz)9$e3!;&vlkdbX6p%g=8o?`lz|BepV7Q%7|km!R(Ud7v?pgg1Nn_*&C-`EAAu02cNX432!(K ztNQImn+urIg1F*I_WKSxiY#li8dGu2!gvXC&}vQ^_34aEi>lvFbdjRhr%gR|@`36p z7JB*e$)0O%XvD~DGfm6=`+K$7xmB%nLGN(aH~3=D!uXY(Js-~6AvR{vEwu-Z)UQ-T z)5pzqjUu;O@z&d{L&lO@GfOcz1-EXyDD3NiP|iHKPN zvn7LdG15ez7-8kMpPwe(OA;!1I27HSfTMWWr%|}g=qd4w-CfjnlZn~Gy+UTs7_iMO zI3K|i(Pb0I?l*5*naQ@J1|NN|d;bX?=gk=o7{n;MF!@cT@ETEBafA7S1_S+Mn%cfjpp(G^Mw z(_vx9>9cRFy)mEC7U&704-XzhRmHVU*WdCF);*;^z)<{I)2eB%SSiKJa1(=GM?LSC zT0R(jyL(z_IHxRCrM<=I5R>j^Jk?mt_Hnp)cj!Ez__twiRjhBjTrJ)!;iXZbEo$r& zC7%%HygI*~YH*$|JQ-Ww2TcTCau*CcAHn^hjkpiot>pO*Pa66ELoR1u^5!}i=M}oa zVhennn$LFHxw9Na-sV=pa2*Ov7_?D|AWQ+9WuM5RhWj-A4kN=QO zjE%@36s0m%jOF_lfE=Q{su<6gQ6Z8j9yl+y{ieP3C9i384p&c&sZ$|R`kOzBgtxyU z9$^EE7aIYtmFtr+1g*dDdZ6;b?_5u>PIR}XdR$yTh+_pwfEDsIqXW+ z6R#2b#z+}5$({o}=1(p|=4_52X8hb4^M01a`_9Yovmh>t1*CTJ&BOLuaPY*=t`ajl zYOuY4D9_T71lIv)HoZ#N-5$mGT3@VX$Uo|uEyeIXO?{I#(dknHb`$V|PFea$5WZLT zo9LZO_f#Ku>euf-#UwFMxig=E0u@_fX2hyb*>d?pc|#+k^FW=R!`DlBdnz@|Ri+_wmX_`tYY<~mQwJrkE~cO z|HkmR<2owJGMg_WyF6XnEY_(7G=)4Jo3Eri)||~M8OyhAj<&5X11YH0jAW=OMvE3M zJiH*7@306hqYlzO2ZiGmm2j&9EjQHFac*JWwQnBv2S4Cx6Ef=)aB6<-YadZZUZKgAy*Mh2NM@Xp&=S?UQ-iKM-GhI6C z6ermBp2?fID&3lqk@4PwD(!@j!)cd00^d_5zKGkF*G1a1VRH6PwJP%^&DVGym-);fB{F$6aC>_Q87$;d++ z(A8Tu2-(>NNu?>Zw(*&DP@#{i_S}tv3d8ZBKK}%@(XE86e4J4)N7Yi~smkdmrxC{p zqKn5s20vOlaJ+mTZ-rrFDdXdm1g@!>5r#mf_k)!9pz#-?+_eYWAI>en-DV_Pt3X z?tarMQ6|74!n3J+_1s_kt#z=Cbnv2cVFFaZSglm5bam7SvR^=ZAuoYbH^_OyNjJUK z&n*V%X!c13uf@BJxuISw@bJ;xN8~{*E)PmWP!Gk{74`RZs?Hb1KJL0@I#O!y%w8N| zd{TrU@^HJ|t7T^)$JT4)#VX&Dzx!0RnHV!3;fz`WKcZ!d#$Y=PE1F?FJUlcrZ2`c4w(a2w@Tu-~FHIX`pEWgPMZQCmJqLk)+Pp3!scq&(= z9qR~a23A#AXI|0@EOHENjeFJ53R}G!gqoVbKG=X(qL|}8x<8sqL#uAYW!!Uga=PQa z%+h(Gy1OJpR-jX93Uc?=$@Q_oiO%R3j35az^+~#)W5mOg@~hqcAAV(h<9}`6Sh0DN z81a6skvZqs-zx zO|wgi#I3X}YzFT@;gcpJ#u9ml*Wv7KsZmey51F1yE)ONs8Hvb|OO-aXq>Q8ilEr$8fC zvw%=7MNtT}Y)N9LRb&cMl;X#X-bbbGeA?b^Cff_fue1*jbY%60i-9S>4KDX!wK(A% zo;x$ZBizMkz1&QuhL+64yA_DE5iKHKs+XgA^1}>f`=FXCd+!0g8O{&gfXt=Fs|%S$ zgx{|xRN`@os*M$=ps-ZhrsPRh-XXNGhr=LA2EJIV|I477V(>pTdyAw zY6ln&)J^1NR>6$Qo{JGdTZ3cHiC@9)1DI$>sE1%H(%jM;f_H>txCpjBpnRP|BK1^5 zE@z;2&>JQs(U>}9`sS%w5Sh_0Phi(3Z;AywUygc-2krbTNf;|4?BOe##I(%l`2_*m z$7?P$n$RArDS<<>Id(`Gs2}>1HkB32V&w-jO|M2XlpBQ>uYIe(NgtpuR+G3$YZLoj zJT#wG*#N+J)`}&Cuy7c5Bv{RDC@KnqjEv!#kT4Udg&7XuBgaa_#LokC9=`A7h5N6K z6Rxx4L6hU)IT2#o7L+hrCpjvhF(zl&jUZ<-f4E+J?r!erNL6#-cK%+ksuKR%6*zDp z&WRAf1aMCt-tDyAazzQ#w2zg=4uyow$wU^AzZh$+rtV-QPOY**&lTPV4YYe}dccZ7 zP60)Lph>-quo{aJfTr<3%kGGISAxTDWk}n5U6QHSQSHzaQnP#xuv%~Ud%dI8Zjd~h z=kP>58zN**e2Rg9HOkUH`GLsnuYRYs8LIU-UDc6tPzRi40k5t-&C~mHP=Z)P$gK+YxYNUT7|MFt192v&BbFHSp2#P zKNMa>AG4$!;9r0U(Lcf-;vpfvUlx#`hwACib=3b0%`$ivFp>BC%ZxGzsKNjXlB4|U zvCFcAJ_93D$@GU1U+mdbZ!2PrYG^um#&$UqKh&`9!n%0!&TQRhuyt7ge|h&d?mM3b zQVlC+EZ*LHUpNsru$gg!9?<;BrO|mDelAzzcTQyo!fD+9Q^^2ia|dV^2hF1sQxHBm zXFTAf#5BnMw5O)%V-fjXtyOtm)&o~y(^l{*$7iYtu1H~JERq1x|BMyEwXQEc3Z+vV zpd<6LTFAGGl6ZeOmj)PlncAxH)sMGfLqV!XkT`NmfM-i$B%&^oJvDh@ixj&H zUO@958{(=T<%R?HSx-mPCr8n}F;&pKC}0et*Qc@M$HiY`0gh_^J^a??qeR9HzsKKz z-VwG_>n=*k^f>9)76 z3^TOPO6)X2MfMqO(EV@Ek{djVtyiJ=mezSG@T&n3Lij8E5s3h3ISaeCJB<34=bW`{ zR(S}C7%(GLVDN(Em0c|UZ{~ijC(A{A%Svub?i*^{k1x7f zjYMAneDuQG$Z!8MD#qK^>}I{(GA&k4l>tFrZC*}XwQ`Z=o*qR-kr9ewhvpuVCtXEn-pt#YjB@&3Z z6dsrGoA}}n$9VmxM04xGs1oE~YORXvo^-K))%{IhGTGSB2z{}%JfznNT!2$1=H~Oy zA;+ie4B>v(pZxH9tZ{>$?VNNz&fT2@J%H@(I`g2(=~|l}wtnx8NIO)m(b?rmqC|5*WBcFo)Kvp#^dbu_x38u;Xd-ey zZ(Uc}l!q9nQwe-=(vx-oBieb=!dS9Hdu-1L5uV2Md^g{*~biyRZll=^y2^EVgm*qD#+an60Aa*@CGP^83 z&6EB3p(8X{t`y<>)+KHl4V_-5IeN624S>t5g;TzOuiU^EbxH=%6uv167nM|Eo4`< zVm3csJ`w~`+^jRx>rBAAN@DTA9ice5#xhosqVi-!#6d-QSMOeqdMeGLOo;0rGS8Uf zby6gr?2#nruscWU_Pu+#aWfzaS1|pQVI$RGIZpJe51hd|RQ` z-I(W=egOb|MFHI3_$gZcBvjGmJMSJyg*iDn4d#>43%8tNhE<~Y1Wa45g6uN~3$-dW~U^|7z2k#D!!KIx8eY!fqWm)sHr@UTiKDU`IDsP)+#S4+P0C9D_{YX(5+UCrzvWZpEa=83SjdL#hvoYpw+V2rxVrODqaVspmLg7#L|3B6hh@F@1%nVzG-+D?9HC9SWdcksl9Y zE=u7&&FQp$+iPIedC3eZL6|gpHr$(+%!R<@_$r2v1#n{{^nehl-tMxG<~BeL&o=!2 zlWnGc2gwUUi#p6Rh~&4Xa0HL_4P51MU~Wn65IPZmimu7Z=xUs zZQ0K+^sVI!*$YlD@#N9QBOt}C@KDuY!hk$`*gYc<1>ggQJ6kIN#q;r-qCL@^tq;pZ zp1W;FHw+;A3IZJh!SR~*4{t$QW^Hsk1kQu6myqhltR(h5Y?er!qvt$mf&zpra1`6IV)op4rR~@% zWZf=X;;N7}-D4EC+9?9+ZqrjOp# zp`G;tQ4RJ!1k|}sr2tFYO7>*+1U9=TFf9Z~r1|}=*cC+Mf4(~BpxTtAo`EO&9#pa# zzNuGVd{0CBGv`Qm9!E)Y3TtmloO^mi4Ju^BA|uNxH$5&==VGH-H$ym`vnQyXf>!?E ziN;h&um&d9?V&-Sc$wi4)P%{@hmS*X8w0XHBhWO;#7l>kPg z1-83rl<{-P)@!&eFm>!HfbZG1uBu3$EUGUm78yr$--!|JJaAb>T#r_QZGYNKjuEod zU>^hplpjUPtpJB$RtyBwBLu)u8@T}5_to75rdVPQp_a-xgGi*r+Ot8=th4KAm z7XzP5lSamlxiY?Z*)G}ctd@yv#=Zl`B{#@A;`lI-08iGk5;jepJV$5@hx?4k(pwv& zBF&iSo6U<*)+M8T>e>J4XU!%Cm{qtj3e95Sy_)R?0L?&=5gPzs(2W6wq^~2Ocx0MY z)c2w?yk0R&+7lE_G)ZL}6hDw_7%rX<;(BOPu_P?ux;oKhX@0U^j`yVaGG zuDO{r$LfR#DIW}=mOOemvsYCbJ~jr^YYHLunl-B*dI$wrL*)|))2%qJBXQx`bEJh1Sy?d1O9K|OUljm#F(yw@TbEIv~KdbTR;ymJ-JgAmtHazyh`cK({sQ0AnN`pG4i-dFX}C zxW5FuBlE4OzW5+(Rjr|ow|wsWu1Bkz8$j03p$i{7E}4HeBsCv53}h^)*)ad&ZFCd? zVq;hA%QFR#+wk0ijK?dy`5!4|bU?D#m&y5ELpAcoKyjIZn+VTfr5J+aL>eFyW zUJ)+&0*%CT#Dd_Dg$~@sIf}ftZOm>X;mi1fnPvBDo|pnS)@kmFCplwJZ8G)_Gu5?% zzJcaRO7_&F)6Ev>Z08TMA!!-Pi!b3X@S>LCWb8V$y7a8ZFEB?9YHSFC(U>7tF3Nh$0v1N@i4JF38jrUF#) z<)`h66)F@*k;q^A1I@(G3uZE{rlvf;ih)neJ)zNLY8WLgBJlRORti>ThuQ+T^lv$i zNTe)?tI^1F48AxfOeIOG9~@kto{=}NZ>%g4{C;$~E8!v@F-uXIL8#6tWL)Sab3{5e z`#Z`p#BjNlv#j?pKZU-@V&0V{C&G_Upse6c{(ASX%dd$bNP_@1Lcy|7kR1C#iYekx0)>kRC#`% z;qN)~*?@?4t@C-1$~`~k42v6X)r-6(W}b<-V4-_PS;4D$i!Q|IV>;s6 z`ZSX}0FmWtn$2nq`7`THiVnfxp^ZCtFj`6BA9;?y=y1TLkxpmfYU*D@B|tYPk4eEz zZrA=vrM+PTVRe1l?$$pK-VBw-^*}$uu=#ru3Ua&q6XjxdA2e|9BoM|>{GmCx?Rg^r z$-z24R8kqs{)>4t%J4UKNN|@oT#xl4uJLL5SLd-680?t@FM+)ZI}x0Qic8q--R6N4 zYOm3I&;NdifO2&yQy!yL`z7VLR>Bf`7gxH;s+i>C@wUO()cbJDPmj8<@f8V!Qlhok zZy|eh8_t>}EW&K8#y0)nFM{c?B&_CDRY|TzhOg!k1UFpzC!LxKa2m4LN8H00|D5yB ze?EAGu4sh1$Zb**Rn6OfJdn=}LE&xT3?sIc7OFo)e@*r56mze?>SW?&#*OZyeZmSH%wNNg@|>%&pqs@x(@BB zmI(L)yJK$z$X_VyO`b2btVi{G!z@ftS&%{Ow+jhPgV&O$Q$p_&r-!}b_~KRfs>x1erEj4Q$~ zM{=Z#SJ94@`d*V*Cw=Em-FEs>U0XX3xIsM5$NBsoFxnCZ0 zEB;BbI?e+nwjeA{?l%0hD|iAe?s(e^a1E2)k?YrfLIrTg13$&w3p&0w4y}{Kl_2!6 z@TO-Th#DLk?8N>O-9MCH<4IUmNwg5GaRv5ylvt)Hn7-T>k!0<*J@LnsQ{IH^&P_B9osgTc3Ox0Xfvsi0 zm6l(||9wm!Q&2i;H07;7zE=*((l!-gKq% z@ufRIeo@+|g%A+ZiC6WU(B5SM|Ky{K)K~#}4plY5P1js=TU(_?Q9OW z?kC#T60xk0#)Tc#LBaRnV)(ITrmMM&Lwize_P6PM!3}KV;^s%^-_j`wq5|}zzka>K zy99?dNrVb?{EiRlk2N8V0s1t>`)TKX3tTBkj%aVa5f!5OJv%?-Fio?2D4~+y?@#~y zr*nB?So_s#p2^)${=d%tKTkHLc=tW)Ozz}{OfaID_v3G){$~G*6%H@LT?iKVL7a)F% zFFDUdfa&xfgA*EpWk6Y(rS((fkHV9hM;GBB?Uk3WP$!pYdlb;jf z6`3^3U#dNBUO{_MCGTj+q2Eb7IgvUkb%pZzF{B8Rs&hu5q#KZDm-AbF2xqQ)lk<~h z-Jm^|i-bFPuO<`ezkK*Pe9G`jch+_NUjpN^M@%k_Dp_I&P%P|tN|0RUX)WEd{&RFZ zylTfYK1aX%0i8AUCEOU3`i+0_8ZDv?+eQ5)+`s4ue+Ai!^Cy%={y{N0&}#lQ zIP@%T*6Y^!0Wou~7r!!#$TJ-RVa2Jl;BHEbAT7aP#M7MFLUcl=|6j;RH38yly3J39@5KobD~ zM>rP1am02O0ua_vhL+(U(fUVS?4|cyDB$u2J62}{PMh^<+b2#=$ljpCL1X8b4cuzz5SR6q097|>P7^p4JdI>Z>{4*q| z{;&(qVgvm3{I;0IIn|MV6m-)AOAL4)J_rFsB7&J>2w4jH5MkIRDWp_zz)y?p&$Yj&!5m8rWie={wFHKPIdI+^A55V@3KFe|2=%d3(wlx z+S#cI*ha(OW{6S)Xin~31%My;HA6mE?fihY4P)~!BGhxnw?LbM;nACtgB&YeK6O18F>0)C-o2j@@z0Df|(cU@(aJ+WNbv@(wJ z=%-b%JMtMJWJkQ5zZn|ctPJ23N8BocbpIqX4QvfZecr>r`Hu$twU%-O#M4RU4MgU* zx3Rw@{C{`=T9?KcEq7L&Khz>`3iYOsOnRFq#Q(hW7Oe%ti(j;@f>OOJe?J-NEqgf_ zN@8?aXHr!X9W+iHL05r@xY5|PpI2#T1yEvJ^JeUiA7KSYSqErym#`$&aYf@hmQ+3J z!NC35a{P%UfrvT+5&eU#Anf5ym?g8O^H;IFfXEyVzwq})l7Qo`C@<&Nh7n`?q+qG< z5ZFK{P3Ww4#0n|_YEAyH5<_nVFObv1%6m5ipG4#2(^`Z;%zk~g!_q0MbrvnYFl+aH zU3>7}ZeO~R&aB1#O)uca#Ck^9QMGF)-%Sp0GWDD17{; zOT#h@+(e1G{;YWd75;32!LV8-Baox^8HXI*tlfQzoBqh6%eb3jfkQ=odQ5KD0+*d6 zsw<7U9t}?*9``QyraFAG56K)!vG2JQ;)row-Rcs5d3OihFuQ*#-3YET`^-IFVS#C# zTP~}kn5v!GFegyudk3F;c-NC6VBqsoc^^)>@@z=T^$6VQ@k3Cwe}&kJyJ0mlYb7E%zQyiy{Y%p49xv z9tirHFOYBQOs!vgjqaE3_igR@EXjORvY~XVS;ytB&WfXb)wnGB1v2WY6lReeMSGCrouB-KrlN9HcGR?IA&YkG`QQ zSvKYR?z#K=rrR|7id+x9ZBK*#)r9oT%dh%mTqta#Dt`*CX}0qnN!yHWtt4}qS$pc$ z3*$u}H?(Qwr)W!buIhdJkk9Zo{%e;z3c0g4r5j@E>m0wzH}9yf7eCuYSlYc~6(y_x z!Jyr5Np)e}nr^aiJ+&`rIA!+n|6}W~!>a1G_i-4u8)>BxknRvfQewLS0TDsEL!}#} z8>DlC3P?(KNH>U5(j^@N(k&?=zqx!q&pGFPukU|e>RNlPxyBrG#C_jGZ_!CBL=?f< zb+IdPrnR{7<#F@WdTUm2)%tCgO?)8Yw}w$Ntw3`Oqs8l)72vcZUl1z#v^+cL^#?2K znb!c}Udh0JG8%OF8?e7-Z-cP#roS*Exzjn?k~(VaR+Nv%?V6X(Yx#mt=?W(t)t=DA z>BDdATGk*^qcUN0!UKeT8kr)2af^Ee717*i(Mg*D`v<;XdpJXs>K>6T#PnUYo$VTS zCchQ=uTwI9{!bsI$AF$4QYiv^4;woWBfTwM`0PSwG>2KO>Dk9|jL*v4Ik#x_r)ltR z#qAT*nV!$*+W&XoVq?|uEN3B*O!gLv{{$yUdia-Md-BXz>Kqwnm>+3s!PRp&$o!3B zuSxR%ABT5Lv0t((pXF}9v3zWQrDqUoQ|6mc`jj>D>Az0nzrO}>2_ERquZ<*X=XW3{ z@l()pF>YLlm-#=(3h+PvOc=9Ek;=rqtlBpR{>oYTA;&>!(6c5+^Nfw(17UhKp8KC8 z6F3|u&U8X$96Ab>_+mb@zaEe+7;P`vahmsm7nh8qD(?RrDj?_ao4@P8_WBm|m;M!4 zb*BnZltT%wCbKxSh=%eLJbd=$9fkjK>~D$a0-rsNKl~d}lPIL;7rnSJwGFyO8=X`XV3)@!waRA_941AMwYMnhgGb{+5Y7{pHGZX09cd)7d1@hy&3WBjHq^&+1 z)ADe>GOlwLv=jM%F2B+(;BbbI=|KCeC+Z1JZwi$j&i{nDAf#$}HzH(jdF%foQhz+C z&Q?nPGVP0O|M8QuF1!V2lK+-(0HVA&TEBrM@5|p;6@b65-S{XL#cx|B!T41+RrtC5 zo6)WEVO{^_|2bDcBB1bW&qKoU&G`eb^`{zfm49ver}Ag#6V9(X%%IjiPs#iIrNz88 z`~PYs_JeR<}Xarh$sFie8hI_Z;76c z#=q&*XY5Jvz`#KF{`-C2w2Pq1|2@2r0kB9tOM>XHe;@QUPr9=_^qp=racPXzuCV}; zqAu#ee`DPLUP@x{S?F^wLtu;8Snhrml+<^OXFdC$hoO5x-qLrW5h(Jr8K3PDtQwvv zNqlsP@#&}*XIDEo=p9(7g@c(WLPwJSM4iAS-fJTlQ~nI6DBCiA;yk35m;)%hLC~iV z6%nz1F8t+5Ykc2D6ADp%1dd}uCr!jEM?L0KlTRq6XX2jy?iMsaqpQ<$qqo_zChO zI|&dlG{--QR<@(C`Hr}}so6EY_D%-TH-6Eky@GwxV;x@|yA`6(S9-{=OB*ca))aLykrgSW?r@L3}ckG}=QEO(($)x>YoD3-a* z9CVYCAX`|3wef^~IY}os=H0#9ykHeU83r(0kteo=WXA)|qhlSy5LOFGCxCt$beGsC zPi7zp!nJAHbumeHWoLXZ_rKjK$LZ(;DqaD|5(1UI+vmSR@3q1xgNpAJQe)E|&U7lo z&5GaIWUBVKq2aTf+-2uiIV)dKAoKG_JWlqURc%gO|5-=GSXTY~#N>-P@4IJosRzl4 zOY||0{-5Tf-Ki6QBDfA45)YH#E&*bcDZDT!1|E}Wkr|A$L>3c48Kf7wUyj%NR>+Aw z@b1rI4&N1z4z~QF)30`VCd*=fzy1MM9rouUg+Kiv8*V93HP?$>i9&3(yw=FX6X-mK zKzsK9H!vthEV*+prJBzJ6!boXQnt?Zgo7+#Yl0G%m4$sb3;!>u50ot~WJdbGEp4_1 z7#Qfjf6W+k&;Qd8UduD}Bmw&stDgcWv9{7$=z4_fr~u&M)q{j zRz%jK-S(Wt1NguY^czFf6oA}F2T)N&rZNkwP!H&>|QcVAqSk-sdF3BTXDky zV&v-1t(+!Mf57zbL3_Zn$Lugegy_7N^!Yayt!L)yvBZ6U-2m0UN6=#|0_1Cu;v=)5 zOl>a2)S=EEZSD4vb%p& z#_jM`TCwY)my9t&r#X8)>qbKDPlm1LGnKl+p0vb-gRnYGq0Zx4lZ2EDV~qMJ9E#0; zH8t1P{eGWCR&YY;l6w3I_N9wQm+cJwft`@e_#PibiNGS!_Cu@aE|H%j2sNbJ1JF=H z2U>#OY0*3i(Z6XxA-0-gSnSHfz<1^yO~I&hyo`H=%{YXJ2GZ0lj^uXyw>geCTm4zw z`c!(A$e^8b0rOf;xf09_#4?snFK(s@_ygGM^;GPjmP;ZBls4V8J;oYOdacg#hw8Gj zzOLie>*&&h^2}AafGYVZz7x&btVQnpUjQT>0SYJTj(TS=$n<^Ln(Yvv=@hT8!z zIgN;sWY-3H!C*N`k%@UV-BxGoo+04eJ2wSDL%s^!oIQ*w9t!^-LPI7O!E_YLe~UZs zRq2G^zcn~oX~N7GfGNXFJX5iJcvUHY`l-y^Jt*EL0QltQuJ;a>xZj)e2NwXGaNZuf zYV#sM&eP6AJonzfF=WE8aMW(Ku3oi%*m+h$U@k*<2NAy^kg0>U;bYKwyQhCv_V3dN zV%NG z!W7iIs$lxzF-h)>^*X+IlmmCsNM{7wpzG>oyv3yao0NYrM4#`d);yducY+h_6SMV% zQjy;+96$fkVbgYfi`aoa8<+j~y6weVw2?i;D;{X?#-mXe|8n$QuSX_}eEkmEI)|gV z8O+YN{f?e}bC>$tS*A0BwHZiwZKafVW(Z?dDbbxxD;@E)=o1vM=f6qzp&?V*bl1zs zKAG5a-?3hd>d65I>ICfP-QN}nadPufPZ~h|nJ(FV+wkaVu-=417y4iCCjh_W(Z2&! zQ(wYNKwrD>Yd@-NAt>mr^lkIsoKTGP7IaB7oGPA53e7ueC`zd8YzM9X&PP*RxG%$8 zazJFZY~2?W6XlXl0yz{yjGl%}8^W2lBJ>0aAY-jEz8_;eJYdfAw`9Qq;QtY>&q2Cm zdB#;%vpmyZY2Hu19rvZSP})j=6RN#d8Te&Pl-S*P3L;|ohmfK_WZ1Wc2Y#6qo?CSi zLcj0;W=#F9uI5)UR1+OfUa>DKUSvF^tNQgk#0qi=9pqSuGu~#|gPCMXh98WeU!TQq zM%x^0DXeqf%SoI*i)Hn+6~`0$@Es&CUe3L$wgNRigd31gEn7_7iyen^84AY`7W%7*NfRzS2gQy_weTJaM3R;*pw2M}eZ@w&DT z`Ml2dyAKD_#Ag85m2VY5W`*9dJ{N=p6_r0!0$^z};6k1V8?2=ATf7B`)W_@YK(En} z&td8D;bu`;65vP9a5W!|n0Cj|L%1J40Qb@~)}BQ7mx1@(0n#L64vahN(P4PB)kfp! zJ@bdL^KAW>*!F)rXvll$r$4$p@lQedA4s;ApLi2oj&!a?zm(pde+r;Vl@Gx)^5vC-=)=>%I&k?L+w-Wzk4vaqa;! zv~j$)X(CO?ED$(d1#D132z~2ZDlo3~HQoYX#G-PdQ{evTNQ#MCrPPS?z8%nfxq1$m zRE)QMwOjev|6*o+(dVsxEd-CD`3qyrTEQ~3?bL-h3JmPhUV0D7m1gOz{zj}G>27Nbj5|V&)-vopk zt&ufuPKGI9Bm)h{^quOd?OX#C1aRB&&ffu=p0((&CUb`zf&5YR%S8w(*K%B9H#PsZ zaQV^o@8^yHL^k~u+?bosXPhJ$4IHOWJw(d$(~fsr7P& zXKsg(Oh-`HELs+-`=5dh7d`VXr1h>4jWm=czGnE`Q}fV*Ej$eQ6ei{yEER$Q^o>eh z@YZ!l>SF6&U<$#yA5ubqVEn2t9)H;UfUxYvw*6}J>AdK$s6pF2q|!R32xLqh=O)5M zy&#Bl|7pvqI8`7(#Vwou#X$qnTf?%7ROfN+Rq#gq$<`HNzk!aW4Up>{GWxjo(RW@1 zQg+?@qpx*#*3F3e0BKUvTtE_0C&Ku)hF%9j`1b{jb(?8{IGABAF(w@V9s$wo(+~qz zQBl#TmiNT~ZM2#tE+wzs`KZ%0N&dFyuK)A3jrH|Uw*!hrCL=kz03~l2Lu7J#Z&gPk-I_4$^WRGdhFz;zup`x5X>%`9h-3g z11IL%AYsrLvJ}i=AuqMWM^{IxqE#Zor!Rqkpq0;l8z%nkHjT-1l<(!&%f;Ki_aSk{ zot*zj6gF?>rA6bwffV4YO2DUQU*6+`-Z;?1ZdZVZKe#wmsdeEd;KtGI)1CMw3?mZ0?7T6Q9j!Sj>pCA zfZBETWe7H=P>`dJ@haHuRgcD7a6~`4EnzzXb>~E&;Cuh50x)-Lb{q;`I6~xR^BRwr z4LdPXw|LKG2Yb2u8W)49A~!SBB0L60hgKkE)DxzoITADutTDZ)!goC-LDu~5&jBG} zofM}b{TBe;3qs(?2@{U5T|e|bcnE&4d_)Da035#Dd-IdWv#%_bQyV}KCMfg%Itwr# zXYOzNE6HMLQaPE?2X1c^)a(66O_{vvjcmU_R!B8)G(rvZVkc(@C|_%c^B|h?_;9OE z;dUn2>#kCq8x{gB_=1z45ycj6a(9z^vc7d6e=1nyNa|}G*BH#+02uiq=Q#l7?|Tju zNon%FJM+~4B!Y0)fd;l<8<&55N%FXYo*)lwT1ZgB{}Mc|&s1>SU?QTKx@Zo4K)sdc zkgwoPJ^1=%C-SyIW z_*1K6y<#9G({9QA%;x&k_j>Kv#Pg5gT)xCO)QBBt=#OK4;N{fZxxO=W*NI4$7%{Ga zk7y6_#@+GgdoY_*y9_X+JC^a36&WG90G>U8$lh3#yKOUJ;8`O6#IXnH@FB`)=W*tb z?wd9eu!5AFsS#N3Wb$co*xtOttXocF;?I$L6)sKR|3c`5{mSZ@B%P<4pkO z?OWpN&F^v>)$#t-(Qy8#`Zair#44hk@pyCXJTdJf1QT!k*fOiWCqquOY4-AvPlL*(#LVb8Wh|HH!(2Bd{>=DAj?8|3 zQyU=J=gBOZJL1-{O*(#*w!FI60w^%1z@u)c%O0<*@yJKTJ4obM%jO?X;6}BK%dy zi(Z*~ShQbf=+7i`#4}rhOzY(BWXY4jdN2HGz+|b-qd7TJ%Cz&GEA*4QROhFn5%l!Z zO67Nrrg?RYmKS%WD0cAJaYzC)NTYRLZWQP~wS}yIva2H%v%E#uFHi*z2i9Sdl*)GC zFPLq;3Zs#sz_tf}@NPb=oKFs2Q!ye*v-nU!#y4zlUNXNeh%cbwmuJRhQ<|6EQuRHd zHmOzFaA@<6cpe}N&CNC6a5e~vqg1(sv>%w`wZ5cfrR^(E{0905wjqXq^jY1Xs%luw z$>fx*D=gE@uHKs8uV41MO5qcCn|e{enyOME{iqHW!<|)*7;!*q@$^bG0O|0s@Hy8$ zuyz^JcMFUJjexqmKB=JV{iS<9HVsu`o4Gl`>a}e%x?VdJcPJTuJY&jQ_}h`hO>}mhz zN*+)2v0f2@;`QE%vt~Z4mlzP!*nYzUsp$Gv@22?v?ltV=C@LOlj#$NCa2i!;mMJnH zuuqj8e2*g{@Qb-_!(E@ga5oNEbJ=P{NLu~zO1;d!dCOBsL6?4gn&YdiS~@7@l;b4@fVtj9Pe$a1$min17ExmZi{ z96*d=NQsvq*H>qU^@MNS#9K$iefa`(kSDFdW_DSBi+jTFItU>8rXfM*AA1y}A_VGP zfadwm*GWhfm1KIOwR+=}lC0#RL)DXLu#@bfzqjmWsDFKO)L&17<}Ktc&xJAs0@$XF zJ2iZd&f0Eo3vIqUJQ)+UXy_pTqbV*Mq6Ni2Rg9$DS(O_?3~&dz*EH~OdZlro6&A6{ z6d>!Gx34#SXvcD=(?a>@>Dr;ZgY0ms`r@~M zaF?6O*%>7K3e-2J4lOpbJkk=HaoQBI9%H>1@Z$OvC2{s)d7RlRWz;S1YjJWa@f%EW zqcp&-YkXTNC~j^3k^-Oa)>d=Aw;opBXBFC~vt(Z8g{*h<@{Hq0vVv70Nq4J&lUmG*#;(nV8xc91J@M){-v0I%Z zX@>N`8ODQ<>JspheOcfkvZ-r&Jgyc~fLUuvZzKLLwp-ZVb_0;N0|bN8*Zt^6M!dyFyoQ6^?~5X@C3 zwPgQU;qkTbyp;wNPEOpFzJ>p#g{il1~4D2&hW0fwqEF$#ifu|Z0H)}Upb$C+}#5K z?`Y|h{18TrXj|M98TH$;C8j%q3U^BFGDwL^tH*U*f~?394H=Bp!TNx6wsIn&B7TQ- zy57zc_(JpO;K!}MSCi)!vw~;W(X9Y6uC{IEmgx2i1CI^niy!%z-TD0`oh8^!b8q-O z?vD*oW26hs+6P>@h}V7RvuKFM#igAS+Kwv{kcmqGJ_<^sA*E{nS6J`wc||%(Z^`WW zRls8aTd#_`K9lhNIZWuRn7#3bc}(l|)!tm|Z6Ax$EB>y`FH$y;7(D*LY_2rPpzv}e zjRGMVNdsxt@o!1odzO~8HafqjF#L6fI_}-fGLwumlqx2*7oNhB<=y5qZKbz9?JGyjnKL_hqn908w8tQD z>k5Jme14ly!4`ln%n7Yfh-ud8!!CLP60DXJ!I^rjDPs)1wXA%eE)bJ#2E@+a>8Xi( z2wLD&>pfQQ9cZ2aGyhQTfvHhSR)Q&YtTgsj(Y`w(*ucs^=^u&m+u}Ir-y@U{_qm$( zznFdr#1^c=Elt<719|*qAildx83uRL*fl0C!SOZlJ*D+WBl7(aeN|JexZ2{Zj;5wc z{g&16jSXzploy@`o5??WO48&;zkZSRmM^P!_tKQ+n%SZ|RxtQ1e%bLGal_yT7sP?B1ytodYmm&m=@e4+4$wYIj$OO=ls_jSuznaMmRY_-i?I1!ey9R4Ofya;o@R*_Afeg@0j4_5JhP+hJn4T~_}T(2MFnBn~S*A!0bD zZo7WwEKe8LMTh~jAVhjSi!eSpUU$uDVSU15q0T{%cpA91VoGI~>TT2h?%u_AcQ)%AIQu zn{6dbbd_OR0$zw~}u!B7?_bDR3Q zzFm@k%>jY)yI=^4x+iz#$Az9yXphLDV>^Ij(|&rWrq8f+Dp8?@&V!C z?4RKT0Lh$r6>)F%3k9emm?#+X6R84Tt<>oJ0}tO>d_+J^?b&-}zZTk_Mz-lkbDZRs zLGmh->E>J~(Ch_$PR^0e>_}*|&7pzi&%y>{xx&30!wqhpl63g6P?Uudmj<=OQWgv1 zn{Q*nS4pp?%(dhUvDHV4Sbg$Nwqn0ai_kXKrn;=ga=+?6_DCSd_9ud0VOJ3in==+% z_u{DReya!_lTl25u$MVpdX~?FR=AuQ!M*8NVyhQYGFv0nAsbfudhvv6P{T^RJ$z(= zmYiQ)(d&rn=^ShPsG_J14T{PJnT|qRVvInCfq@?R4QG>X-TM4RdsRlM^0xz++Frp`}8Nu+knIzDN8pX*K35Q(gelr)UR zcT!E)GL-S2Yv_Ts=}1jh^o(aioXbrloMn==cWp+XqNwhbbTkFZw(b(rU7y~J=?#8> zC(|M8y@?^KEy^L7Im`c(tc1uJJJyZ!G%la?Wy%?wt4%6iQMbBigWL?r>}JDCU%}X= zT=e9mydpcvRp<`uGTkH*ozkMPmqtTJ!UxJ!njP(9GIn6Tfspol7Mqrc^U_?y6()kY zOHy|pCB=p#O4tgclF0$@^SvZn(-uXTu~14KIgEgf2fe-P*MNRy8f!S}Pl9f2t34e; zL)XiC7VAXP&6)*Cw!<%0qWPZd3?l2!0OqF+n3|A^+@=(;eDA0qOZCJkw-u^Md5w!7 zOOw6ri7x^AeF>9*0X{n+-65-%^4M^xT{iV`@0^x&DZ4@F*tN+4Tdhq;qO$eJMAM{i z`gy9l*nZ*qS-fmB&RI_iw^lJ{f)9PZ=0B zBcK9ghB?XAQ6)&UdpkxCPQQ`P=x%&7kuHCIX@)|aufumKd)}6yEloeUu%2kpDEI#J zE1|XSg2|X;vbJ5Qqc;|-@Y&2}78fUJo@}`r37YPk>{%-krAE~QW&f|F*?LCaKm0Mz zD=s>&I5fwlP0%%UUu7c~c5W)zu^Wcq0wC8Uus1vRq*yP3 zA5t4^n0Q&QvAtA!sbFD+QuTtsGp%vV!Wkb;IWI2HPj>KbTTQ-GDKwZgv)`H4SYn1D z!8*QwMK~(zfOudIb5m{are`GFjzrrPeEPei=Fschb*1%a@}CihlCB z66|FDg`p^Q>=S*#go9TlrXDxYu}I?3mW-6mf_)^?h2TAG2$|C)_0YXL4-S>VX~|ac zR4%-WRE1{(i3S5Y8c5M4qa)8ct`_y9dHIU=UZcA^HOig`%B@YIhhw`H-~OC)fcuLE z$@um8%#Fg}bTN>F^Ku`hgoi7BZYAzvSo*H)c4U>$TYk%SQrfp+ofb~_1G|b5u}Nd0 z!GZW4R@M~}Yx2;mp!zJ|P^ZG{=w0Ws(p{JdIc=7qd2fY3e(IHs&^7~WKQ=Y-gal{| zGlBIObT=CV{l@fXOGa_0Njt?uY?yN)SW~yeOM}42mPpq>C@)7jyvm;UmaYvwx+=~5 z6Tj{<7ZD_r{1V>7fe=jlqM`ml$`4Ps3uqBxktBl!DPIejmjIv-69U@9X)8bvZype} z2Kunp5Ai|qK2011eV|k}IQ4)6S{13L-mqz!yQ%BKWVz7}r~_AnI(gonnZDSYX`O_BiMkU+2#har0 zpKt5{d5OgJL#UMM0yITDfhLI!R7G1xJ(~CV_3oo_#g8QH7%d6YH_1=IcIC#-W=9C( z#Cp(fqMlC8Ry4LJecMSYB8X6F?|QbsrfMrvV)ePTceU{?OvLrDr(CTO10Id^)X=p?rPt*RJ zRG;&W6ENjz1|q;idb~ED+HMLutq(os?6K8=fwS=lIvcy+AvKnavIr=m2)~^k4VVh^ zE1EEa$H`W=b1m#;LJ&E2arO9->oyjpLY~I}gsI!4?$bd?UThL|uRc|`OHfHq{lV7T z1yz-x$x4ktjUZLDn#a)lIL-!W04Qo%n@|*N9TL%gC*z*%@G4y=h11=q_ZMrIU3itH z>q7BLip-+f+>oxfD_b}&hn)6`XGo-zi#_0MvaYQ_=T)K$?Rh?xAk4V&sE!6ku#N$2 z-9RZ%0gEI7soWuZEv;_oS5f6Q*7tYbSE|eOH*QcG*0pcLuqnuiulRViZRWC`5ptq1 z3mR;TEs-S+n}sf*a9ou#B-SD8%+x@uPTNc`J3brUShzs}r&HpGxrd{M%Y}RlC(KN~ zz1OdLXubVB<}5#qhr_u43R7$p#XA8_8g0l`d++F~qZlJkr)d_|^ zQ>I{SimrJ^kTp=*sr0!zukWRG|4HZxMuS*`(4v2PikVQs)EtnW2)h0Jp4;XYZn+I5 zpsN%HA`7rdl)WN%A0CF5HG?sB(;z6=DWOHd*+m)e#DPQkY%LIiOVRC50iM4RAXrJ|>iXeHKo_9wKo6%IG6Er^ zcp6$#2(k?eyxh@VftZ*zP=VoHQ}l+EQO0%cc1*jjw?WII9JD)zueO1TLJiazj21u9 zngQx4IIM_5so_&m!&2On^x;%BY`1cyz0iDFSv^L%LCMM?jNyine8!*NWI|-s)c54b z`p*q0NvD@S9A!q!96Z13DWZ+~V&AQo-SC1_M?3RuotC@3YpKL9vq682UCam66l#9H zm2dbKi;*qp5y4f_{rKIAHnjU~Z`6H;;Z6eov)xH$SH(9V{1t?1!sLx+pfFYm=4R13 z9w<{=lh8SQ<(}u0LD8Z4W4ETf`rRGwhX!q07VpL9Mkmnll}0eoX$MlpseG;0TvS{U zt^oRBCy>x;_B%yOMwv+aN2BwUX_-gV!a#Br4BY7tN7dvZ;5|H%8 z8n-tXfu^v}1nE-OfT5R@P_uL`)irH~K#&s{y912LaQo0Lb@V3qTDQ=-XlF7ystNKD z{tOYQ%#SMuo1k;)`bDqkHAuXsA;BA}M?OvWfF{g96{eYmqS zZIq*^3a^cMzZ7Gc)4uC!d#rI)X4UK-igI|9r?|o=@P_FFvliVnFLGTFw|M%buT{0RwzTewC2FX;d@j9Mw=5ixn?=ab+=oa29`h)6YNp z>;#nNlbT#t(>!gV>3tXNvf9s{Mn=Z7=YIH7m0+_{Kf2q_67=L3jEUZVnz{E_n&HR9 z!`*S|q`3W-Y-WTY@m+7CWP>{O+Ds)G5PtYdrSY|Q?H?P~aYk?vDGVA~i z@5IOQY=3c}qWnAk0VonK-}*vI{u-F2%Qgb^iq{geq#UV(i=K%ekJSK8sm86JC5)Wi zpj$WB!Gq!qmqqk)Rc2REQW2~1Q=w3p-!j}dCJUI%VA9^tS0XdU`kgruf)R^sY|_Mc zvxtMh;B}KNa`nVMmC-NS#s|DxQ9ThnE#^ffHAz5CNXG@FCnxmHS0^*67uB<`E(3~G zXCUD+rY8gUzvA6HIDP7+mUl^hStZnKQ6jYIj|SiTp8|;AwWL=2)l)sPY5vn}BBHz` z%fk4GWzcMM3|VsErCCWT2@C*uz;RG~Ayd|mODCOZ{ z)+qLdA6hO4<$|^o-`%Q2sH6!yy4G`9dZT(WLTD_ZURBbYcT^F9-O!1$<#YvliOcOh z8abLvMwNA*3Z_q$ANCQsDBP|tTcp);qdns#;s(-2Y<03-rW#~tx#SdpFb+=br zLN~>)|J0W)tQYYufnc`No~Zd5 zI-M>Na1KfydR3!3*iI;FIN)tXcyyZKPKWH(hy;P$g~Mh`OJ+DqyNd@ByxIoS09+H{ z%#wofAY<)@2C9-fcInEV|Kum4BULqnq5*(kt`~u(W16M8=dyR#a?$S9E#DFasWxk& zE6C}q_Po|a=br0j2d~SkKT;eOVEZ1e0tE%SFsAmxoiRRptac){2%x%4OG>|Giau4x z%5#zMnnn(UkO=rRA?=lfe5}#K-~qi7=piWutta7A0a9%a`an{T192X*@JQGq!g9vC zGK$?)u}JtMG|LwVXth>CBI!J$KOp5bAQc$Z%W($0M*TN!D2M)8@6D~Y1WM)tit zb&4A%8+SB+Hi!dvG703A;x9(bAC!1o z5VG=|&)s@O~Qb%$JOtFG>tnzo&cq-)eXp zSwH}8+G|2cOC{u~j?r9JFX+@<{dyoXm?X9;b1}ojNuG8W;7&jLw&DowS=TwFr zLH9=_X}hd)Q8?OEL=3{`k>Rno*PrL)_kxM`_cBB*(J~@?e5jX z98E!V+E6@bBI<697pRZnn$X$BDI%k|Qh55y_%T5~E^rGCef-OT$U9Ji>JYMYuAK<4 zUcb=x9&~Ko=$LtMfTO#pr|ty%bKy(TdV@UGCiWb}f7w${@_53QjD|a!Gf#O^EyBxk zBI8lRvHZ3l3M+uhl0 zI{zhWP3L5fA!93GD_rWc@9Elwy2C0{Q5rB==^EE#mT;8MNQC7`lY=@_Eugi=hhOi-S#hxKsj8DFa+M* zl$O~VQr{?%`AtpuG;(X2`G*v~nsSUqf^=$WS=L$pLb-u`$+R9LBHm4=h|Da9YnMAp zK9|@1Rx648rP8o7D19-&hIyK#@!P&sfj#q^FhAgI-9qLxx0!^_Gj_OPj#T<&(IpHJ z!RcZi1N#e8;zdkcJZe9~IVit#_+6Q&kOk41%D-jSJiE=T0G0xJeKdHFA~>M8`JPGge$ej;Y>7?)xAlLtBzI~GPw1o=>5;(S1yF$8(nzab3uYN&3n*UIpzm_r(H9_a(n zzT>_4MRezZai~0Eyzsq&7gv{)@n~-$u!VPP%hYZj?lwnnO^cN8;w%4txB1f%3)&_B zTb>aKN2NKX*-l0sv}13LCLb#n0W;jgQq$fum#H4-r7cRa$#X?1i`<)7d>Ppw5TU~} ztDjjJwEtmXI)@BAgBUz>uenfrI>C%=ogEJBGUAo9xL3cFUnCC7c||XU^!an(cMQNP z&kuLkoGfMeeESuYrHRrzblLiKzmqw0Lt0Qguxm;D#t|0C=F|oB~m!;KbT5BJ|rG00&7!Z~; z9;w*LA4H{nDWS4W3@KQ_;%*flc#oW)>z9ecc$d3RPLfuOj7BHBGVW0j;W{V{pMXkSR>W*&I7*ehn`w?gm+5H z!pRKpzF4{TiZ78qp)g4<_d4J59n2R1<*^U0)8VTeOfn9jhIpkSuc9rAq5bn>@=W0_ zZiT*Pg6UzzzShsU=L_I#i(&8Q&^@27!tj4hu${H)7L;SJp z%t~&y6%sV2D4u!O?gl=K2K?;R=W~!OQevMq6B**L8c_Am7G!;SHMUvKjTg4o<;fK7 z*D^T1Lh%A4koYqJTZ(#ODIO86z;9^Ac*vi%A$+17z!v^6%6mt3WSLUXY$+Ax1AIP=;iV)cdMPZpZ+*TQL z*7;aF{qu2u10hYszE0+Cuw`ShUYHnWPo?t^u-!s0&WzwAH`xp$H!64G94#K!#QG_l ze$eQy?3~XPrY4XlmwCpPFHPf>+950GT|)a?*fn8Yu5#h>Os9}$TeO#)$r)5}ze8?f zuHM9$U_BVkfwnQDs~K7vIs)1BUG53#Q?Xss?>ECxbNn&K&7mkmv-8!X`#w2A?K8uv z?Qgr!<#K$0%|*g5Z-y@LnWTuH|V=#6)zX0-P{V%a%slk{!ncu?#v^wltmPalXjb z`fGiVULBIX<-2jfTf&-ydHnc!iWEyDraqVPyJ5eDAkdSA0(&I_m=Cd5*Sobh&(P=m zkQvyY$nPB;4L!sn2}b6dsJ#?khJ4hkr6$v1+`f! zFIW}eqL5C1@3M^zYR82VXj@&DeT-RtNDcU<=$q!p8iBorc3J!Rgx{T;-z$5)XCcq* ziUWT6I%|9mYjWSY3)M&u9v(@ThQ>Wnj0gS@h&GO*e_wYKq}!hjGSd#{2lBI8r7pec zHJo;;lyj|m*$~0M6i8?V+(_@CJw3qsw8%N1GQEH9Fd7KUh}{Z{a6 zQNKguY(TqNTiUI7J|$N?Q+Tm_w^i1X2Vp6ttXVlxMf-_s^XoY;Zs8cPGbp&s+~sK} zDcuu!@sq$j1npwj#oWP$5uHbJUo?->>c(O@<>7}FwxvMXYE9R zdMRUbDd6FYZ$ZyO@Z=qu2FhY2n;UB^0O|CoaPqmE!gr(j(Yws$=%d+FjSZKL>APgs z&B^{twX@IMiYptdKUQ;W*@0}S!?58<2`+47N)6q}4@n7s!vF53^d=M$J#JNE5F2yE zcjB{rTx7dWx@O?(r|pVcv()#b+=D1VPe%N)8`rp)$uL!W7gzpCx}svTCt4~Cw8&~P z;E706)PmuFxyG+k^#UW2@e+rBWjUn6w&!7@#~<%iU23EfDDIzCXS8NXZ#^Cq-O6dQ zl73UM%42bhkhWK}i}-lJsU)@T9Ql&0FKq;z{q{C&w*HcI(9(fU%m2Dq5ZC^aq8zEt#uZ z=2cEd_zrb39KX^ua!;#kU)X$)9f?3u=7*E9^(w z4?%5;+h2xoWP#^7HR;HQtfSPS!Squor;Z)Pl)Eju^g=NR#S zGM$s`;N)mGy=

LeNG?zU30Cu{TWz3Yz4;jiH3J%VCR~BfC$RJfNQfU5@>Kx*VX! zY=<%WY(30pBN_)b{4tN6sG2b_X#Z)Y9sQ02K9q>C`MU)5x&&z&whnd|*GSEKhDH~w z5f4&?u|`wi zP$Z#sHU!b|iqYg-3o=quf+OQTmVou6j+`2Mb2dpcp}~-C`D=Cf&%#b;lzEwu9{%5Jv@FE@;*#)+d(@4gqKL8NRI1T7TvN|M+9e><^q+g8!8zp67R%p`_N3!HPLEt# z22&8P6I*ndy!Re^aScgsscTYJs^&a3tyWGgzm^9ozv<6u~K|94%`u};!dv>=D1i&e>_yhLS!jhU#_ z7+4`=3A&B3Qal?Et2u*6W?aNyrv%=X0G-EgqmdS7++rm;u7HL5{UERUoRBT+j7@?2 zF^aSKOsjRJJGAH-T1Hh*W$$DroS;JsoP*FKp<_8oe(w4t>$e?fV0PNQq`aUismCd5 z<=+VY4Z6i05l4{J+~g?|T9OK4SP}VmDWFTCmF^Bld!?me%vw63n;cxHzB<9F^9Ct^ zJqGsh#t4uuDtg!$i32{!KR@>O+n~XpN}~z=xXk6`Pqy(9&t%3@dxr!yjE|8_?IDdx zql5YX-u&OI(x1RXuR(GMPHf2E6&ANLH|Xb~$B6v@|3@^K1=0QiZJ6{27WK`)1u6uH zX^#?B82`TO|NT64)lVc6_7jYY)MGKl`TK7_<&mXJ9@i|*0fe-NspLA)R`|bn{P!{b z8rB9j+aKE}l7+yDz+3NK>6oDX=jGC!;GI!aW?)!hd`Zo;WzCQzuE5SUM8yFGxzrNC zCUXH|>oZ`?nH4nlzVQ##!U2{27jHbBccAeI5X%3-%U@6{P2Y9Sgs1uFE&iSRpUDi| zUg|n@klKLKy3O=FG+n`U)*(b3H0W|2K*45qHx0DktGAb-;h4|G4g#A&1=jXiFLz^c zKd9SDEQ8w62l4autQx>$n`V0VjL7LWImqYc2!Av>yI$5&!JL`)vuLlnwZ&Oh!q}V7 z?i5yxI}qOgkKF^)wZ?i9^Dd?i%+;I(m3{J=Zcwo_1%R+q8;BB-6)nm#|8c7x+^qsVE4JFhUfY_V`P481EP4Va#HKV8Uk?KS4>1hjctd9K&xifa zY7YRtGoY^}3lUeW!KnL>=AR)#N-8M(pCq(ic97{>^RgmJ0aV4Mlftads&>X!)a>_J zAK&27+y&Gxrv0;z$=X5dU`Im=>HVNZHo%~4R0rB>+W?C7dOR{}WzhFe zrM|~T4pjf02HN))AAQaXNJ_iwoM`4M>7sl!k4rB_D#B3oX^sH<}{xr~_r)E6} z=cM($EZ+)fmp24Zl_c*?f1s9R;D+ar8VH%TzakcBq)9(Qm+;y)p03CI?}kg)g@KOG zCukag;FK}3>PUq7Z$QnkhANcOWZKz-;XIGM)Tk>SyvH5Yu_{?9rmf^6!dQ85+-vw} z#0Bu((sP-RJ>R{8NHsozBDU~4jefSvSX%oxVWB;M_?m_oDG-~mk_FhIW4RYzZf_95 zdZeE(CY_i|CknU`|NAiDL3}Bq?mm1_+?i4)>D5Oe+z-s}-+gmL7;~JtM2`Sie?b5& zJHDE26qXlzADU0Zf#?xYF2BQ!GyvA0IHIv25KR1BY*-M;r>EBdoTe1{y9bI+HtPPx zbj-yZ@kS~Sfsqr^zN0&Emxs0U;OWwN@T?q^VsGIC4M3Q>w<|Ny5IP6ltAp4O;{W_U zGF=l6mK*^A{8Bg%LAP+R;Q-YBrzow8U%qC9I2{+omy%FNBMr=bRK!!Ohy(rj7jH74 z*$E&qb?zeVuz}j;0ZUBL0EB~$dWvK`-2;siW~?l|Z!0d;q#EyRy@0LR07p;_5y}9n z_)~T-{sAu`A$b+u4}5c`d3mj@cH;fc zIo71)gzW^AD!rnH3$JZC*c6-T)fr0x8-H)K^OppCz4_MgYJ)8`?MQ9z7=lSLE$V#VnBLXle}~YD zdR7%|;qS7r$9YtarTiP?EXvj0fq$4QsM)2y|H994MH#uLL8WTrC(r_M6M?5)6Kre9 zqbTY;feK}_mQI#D+<$}4zbm994V&*cuNqaXj1rvg_W5)8ac1GqiI6AY6Iv%(RRmbG*E95_Byk# zl^ByNQ}kL67nFOQ@eni+^fW$$b72AM@U9tTEn##*Ad4$QUJtLZhK20%D(8w)t{}vx z+UcX69njl>+U}i#%R&j~_dN!|?1jxv=F^l;2EoSdiin6_;$}181U~_qar=>Lxjj3Uj4-A70^@Ic%KfIvmRhtL1LSX&OvX7x(HsC;*^s+#291r@^vXftIDsg2eyV z*>}fN+5d5KP)21_#6ebwTSY}UWo7TZ%HBoxCS^PJNHVi2dyiyg%ih_W>=mBxrF8eZ z>v{fo`lHu*IoEZr@AaLZ@qWKQPML=VQb(VqT(lwJ$1tC-nBfDb3v~6?*_e#@VO6aF zTr-y9$rN^ik6Ebb0n!^ma46hPjg=|N#=A(Xkg9U<@{74o+2{KpG15-+A-BnF22c;J zNSwgI_U5_H6_A7QD@^)Q;?wg=x?j|(TS&~DJx^Rbsp&vEwHqo}!%K%B7w448W+4GlDR;-K0;m+pTq?7uRJD z`@!fqdZ4W_l4AJ~@J?Ndv>pXzZp|TlC8&sN$;zoaa$FpoUtt#Jt}5tQhqp$Fl{b_m z`c;}6qytsey1n)WNLX3TAGnpgV!;J24GRR>GCmfB?+p-nTMe8qFNQW!b|8{5prza3lnKM80c&7d z`@7vzO9OdhAcYA)TUQLnYl0d@y4Nqzv^A9A{Hv*c478wg-Gut@B0%-3T z>Xdw@kBRD8Nv`#={t=@-H4)-P(WlL5-V;#NG}KQ;-1+RVlx@KEMlqPdCl6tQ8z~&z zt9`3quGA=#&9^PB@@<8#F7-X_I!raaaD~@4YXCuGlUrwfx3Wi8?A{#!;BO|RCnM!i z{Row10y8t8JGsxLYcr%+<`#~KUQ@&zE(RO?ZXPWZdKkw6;*ELROJAhuYGSvp-ezcK-sFOSpL)J^A`9tE3C*1=rK#e8SLkD+ zvD#*mmHUcN_$jC*75{hw2nE^JCJ}Tp>P)cYw}uP^vfhOdG{c3G8`g<&@_6u2Ovv~B zVI3*ZP<2V1AI|IXW6qnGBe)VbBIx*VG*nMJT5^x6M+$JfhRX^=9eWU|yM?{?SYQ1x ztHRtMQ$Cj9^9DOG=Fy*D85U%_%@mR7;hD*(Hu0GuZW+B2*d298SpEL`n=rNB@_fX|PXy9B+G$POdE9w-(EnEZyt*DO zm!@^Ef-~l8A7u0QWeow^<^`AfVi~HnEZ;0r;`cH~p-sg==HWcYjE*`JFH)ch4`0T| zR2P-&Xsf$?j~lSLv5j#~H~-%(8R)5xV%?DN{=fv$#n||VP?Pju?d^^0#rwAc_*NBU z+ZI73dcYR4FxlDkZZJ~1cquuY&aWP5B^0C&ZxhLhKYf3k?rzLpt&-80+j|L=b%PY$>0%1nEXfNjz8Rt0=z^ zoJbEg7jl@xX|4DpBLzJ8H7m|hD>+hKH4+yl>|+XRXGt-qFgrVNz6}F=oq+oe0S53g zgyohSOA<@`e5*@<^H4SrLOla&ec3+vq!*BG7XtWzk18ZAc*D1)1yP&B6LMpLr+(>1 z4uEO?oJFS%>f}LQJfH#KdNGrhTLQzS;Le!crz2NTL2JHT*duGCC>&212570gi=L`jud(xT z>>{w!SjAdEP3q3x^qQp>w(1ISoBHU5ILFh#<8K`rkAX^;-MKr>#1No|3c9zRDt@os<;9x&juV_;#6OZQ~||IPYo26S_aj7@_^ga-&R1-#+cg* z3de`Hw89}=8vs%^6uqkwu?s6Nsp|$^++Lp()|(hMUqaKr3XZM;6({q&&-CrFY9t{) z4f%HqQ8`ry#%chUqh3pn6$zEyBfJbSN%d8GkpXw$HUm#q9ey~q&@?#pUfpT%f?6Ku zuZarIYn3}wwd<7EK?p|x01g6KU{cF89|J~ltRT_ZFD#UaEQg7#EqUL7AjD@6f@04d z>VPH4uRS{4eVUmexhjJ;NgPs=lHLA{{eMOol&{2^KTKw^$)G|I%&||^KimfHdLudk z$V9`KGd|l4P3kn#mg4`HX?v>M>&Ui8xN z<^}yeo1pC}-Wc77ZRqMPO3W~Kx3^Ei3pQR88MOj`gG+5X@^UJ-psM5+ z#{WJLQHmKvQKr5r_>@{&0mg+Xldc_c0PO50LcgC0@!$P@U^PkA-~=i7oG3d@ZsCEb zIxPSwokrnh{=L4CLHgYuvM^2@1rhHFo#f3_|Iq4UOzL2f(rWzNA^#ndEv!dw z^1&FiPy-QfA>{HZfL{2lwSpP-`s$H(nl_^SKIuKP|Ey~_#5$H|**y|hTBtqV1RzS2 zh87d_={2~GMd8m~kOK3K!(w_0+aa}ip!L^}m#L-cP7l<5Kv8ihy-3cP6*6e^klKRc ze@7GQ5 z;QUS{nfH$V3;|Jfa>EGdwnneoE{(OJ-r%P)fhkDZh0oi>a;PstNsk|g(68rEy>&xw zUJj8Vc?JE+_Yue-d*?rl`|oA(c<4@9^_t2QH1|ogu{yE9J7A$!CY{5jTs|%UP<9sT zKl=vZu)w!HZY;KN z$m?DF^ikpW>rZcWw}a`%>gz#M#V`(91!yCISMTK=4LvUbd7JZ1w|_*ef4eUb@qUue z0}jn36)X@7;4K2PP9-(Ut! zDK_dWSDH%!+l`UJ{U+!xT>*k+aGwa;kG%hHJqvm?7?bKgi4o^K4!Z9H$j@ag6gZF^++Q+9$rF#Ia@}DV7OBnQR z{*%Y&@G=z{k8^YeH8l*;*Od_QlF)71`^u^B+Lix!aXFZ;D?QrVpyl_mMIW6(3pudn zj}j6q=oOeDJRSKzQ_x`j?-BxNA%hPMj{h*%_TWHCQ-DSp)b~Gr_`lQD4Y7zmy*=l5 zvI`Pd^o9%$66F*@nbtZW!`LLi=ch?(D^>4`?pc^kU)0vplWmD7brf$Qeq=m< zduHb?m?q;^j{hj87Z15W^2B`PVVdEUjrwZLqf{sjyN${CDqDMmzSK8T)9J!zdd12G zJ%Rt}c<>H*!ZqbQ1`-UPzcd!dMb0l&e=iob3FRP!_J~En8iqkp2RKL=g*A)*GwyK1 zTnN0{?}HH^>^5>z5w3HK>li2Rc&G1$h}LVrhpIICJr~tap3<9&dJA~6G`DsE*NX}u zg7d7Or1>z&{m3l*)|B3B@oSj`6fsy91f+Bg;exuRwyzQslhFqZKa%BXyjBO184#QY zIqg(o!M2{4Kxj2DUJ`RF0+An}L&?gV&G}AY^uvx#kr9YU{@fd^B;%tCb$T%x73*m0 z8hnD3AKFy4mw>3$d>~lxX>5lZ6GBeQmu}mF1w1R6M6U5<1CJ*Ee2R*eACAj3*e3MC>3FWSPwI7$<7S7LCb!Wmi z95D&;EZAReQ1K24N)eSp(@DpMR$W4aFJKp`yz@tcVbH`!>dS{^CLQ|WejmO3G&PU~ zyWsZ1FEfUis*~|P35S4kuymsef@Xlk=oMIwtuOD(Uk{y0x&Y%Jqw_{)Jp;qY0SjR5 zE2(k{AhC_?iMUMs@9F7Rrj|c`K?^V7988(-RsNJHsMryoHL26&Sh5A!x58{~d1a=v zxo$>iFnc`jw+Nk4QmG0V&kOgcn{`$V(S8kG*h_>}$CZtj#Vk|JNpTjd{mKEe58iT8 z;R!*TgV{*Vr<9;fus~R_K44u)9WGhW`9#_t$oy*+yA?b1Jh6>dC-l4dJiu#0nU6$I zfBrmr^MVZp7v!sq1%!|~GRo$>07x;a`$c@?GP_os?JJv8zalw{Vl{q9WgeTVbBX3l z%Yxi+Bta!wwhcj0R_An}(*S5J z;m)`ecidsa0P@4~8#>#ER1&a45_qnY`19*Br05xfRAs0F2oqQH%3&Oa_LcnKo-SOo z#*^!?Y`#kV2_+Y~7RX@BPjv%!;F6a33=`}?5y+oA&=+dF(Si@C%Wu+)uhNZ4&Rr-y zi@Lfy;ML4o(3K(YPk?_O#|Ui8)+fmF(mToj%ZRntapQ{PKqk(gmlOV#-4QP1}7@8&q&pqY($ z+CKlwvfc+tTJg9$jt4((>`d63*V+)gxahan^yL-e82v7tL?nn)mEBJVP{1Fy!y?4* zca_A4cN>TXfPL0$G6{*{zSl$mG9UL*wTV*7Nt(u@Sfz~5&g^&x^a^Pq|K+V&l67{T zh#qv{o)HZ$l?<;>*o@wIu5u21S5h^OPjM)9CTqj9#+-auRPS506l zxRJvB$O02gyTQp{bS0_!YyhSu+&-;s`Apfw^2!-|B2M{@i=$TwE}?-qdHBalytM03 zzK?-2W#QI4p zROWB8QRh4+Z=U^tu?X}7-GO^iXO9J#+ANT<^6j1u5nZ?e4?Wj32kt%qcYnO?3l_b(2M&d@8e@QG;4dqxPn^Hv`EU{>RUbcunI3=9!v9ACy6oqX zEPWAH*VwL4i4V`85Y5J$4?E40qWaYl#InLyUw{LYD(oF!>VNO?Mh>=Ko7CY{PbY@O z5~LOGdC%yiw!Au|lGcD>>MeBK5dSeTepm?dFFwwtA$13hj!i@(lJp3{Sk3NisG>%kDBqCf&A zA@v1r7lh;Nc^rC9CDO;>4aAjssB)0}RG5iGbz~<;7wTZS6i*Ld4=4i)n@14t>743^=o2hUt||BeL)q2ua*ZUd7(#$Ldw^%Zj=7)?S# zfYt!3X%*w~DWR~fj1a*n=892sx^jNb6$A$+Kqucqg6??+l*|yI8#%!4k&FP{f#H2o z;jb6FoLmWEp^2fCW(KAbowV-zDRTp+t__)sL|0HEkfW@qVDTP;Q5!OdusSdPdw9

n2{IKidw?2oX-E3`o1CoK4>l#NQ@Gn02&yfAxL}wVF7GM222RfmZF8O)pSsV-eJT9dvh}hd+%I-o( zKb&Z=~$4q_@Z#tROpiW-Abelek3mibtz|@?` z8Y(4N&!tcW#fyHdVMOfdxD5Xs7b{Wdke^q6F_NRF(S#*;dQJmvMKE;LrpI~ELj7ss zg~b6AoAY_o@hxa&fPMl#u_=R_ZmL@;F7P{WPuGoao7U+<{keBK!Ehu+t?B-*yM$XmM>^OIbTmA@_5at_~2* z18VXL_>Q9&|Aw68y?0Pvd$j}52)RBQKw+lZ1Dkd#p-st*(Sz(6X^n9~lu~F28J*GNDifZ)C(WklvvtQ+V3d*TNij;j; zEKt^s;#m#q4x~1Eu)D_h(OUSbg{KCf+Dfd2yV*mDPAFZSa|O@?p^)9`_zBQCGOck# z&E3@mvbjYayoUpjc9R!{jk58ZLDy5(3gFhHzIDi0fx;|P!cO7>br_(7!Vqs`s=0y< zHkDEb^|Q`~uYjMb<7f^fzl?xnMRgmHmfe|xpA1-UZg%h$2VWB&y47)CM~Y`V>~Ihe z1Ijr-6$HU1=+z8o6f?Dh$91I#&k?rA#LaB8c}7%KX=i+ z9c#LDf2ksJraZJwYk$_C^32l@!i9!b(`f`$4_^UdP%8px6@b693>ctAP(T!5KVwf_oK4*aZ1;9x62XV=?NaqN)J@Y6= z@*rOqEE%vsm$9a=^MX`H%np>DRnl_qz4MP*AINoHiqVTuq4&)vq&RXt-h`8KGdR5G zjpX+8a9%nVp^r{pBQZNRuUHp4rD`XLNPe?a;LGw7n3^9Pt^n`_6@WMBaPy8-B7FA- za25+x3?NcBlA*%&Ez`riQ#`rpy6v{A;hr%E2%Xvo~JtX1ERM@fLkN zM;_&p6F=70e42~j0<5-s&L3;Lm2n|;pyXe6e}*X4`$}2wnWW2*ys_;%X}{W29_}gs zTOdvJ^vd;5lvg@{@``ogO;&JP2LnAH69@l8MzoHqC@3kj#AG)cPE?iv(R15D7IKM<>OI;Jt`o)W`b+D+FI% zFbjm^Nhgygr}o6%s*2%G-`tPDa_7`Lkt+pQCo>?WvP$kx3ZGg%`U!5aoSZ>DfAuS8 zpf_?Q8!hMG*sDDO9}7k%5hPd=Tv7-pckx_od-=C>p951!9+w4hxXR)gS>FqeMuOp`B}q#h{Xr zS*Wg&DMzsZY<{PP4?+QxNW$rR+f$dRoggT2N&#>im-0#Bh1K7I-b25a3y{w)cnYQ( zYtbG^f(-9IR}lm<6mM2fHWs7JiUze)m%xh^CGdN_W?{kwvY0(7x7kwCt)qOYq%BTu z$^c?~ICGWV6-x9k^wPK2W!R~S$z^9s=ic5jTa{N;;a%JW8+bh=KC1@S;0get@jHn- zCP)L~$Im0-Q7}UDp^Eo#Aqz?2i4)MHU513OK{ne3ww|j}v~>6CkYC1I!@lK)C710? ztwE5cHwAMi&#Y`AC0!<*8o9HhVt^-={Yf6(-Iws!iSEm$`RcrT0T$>0|FX;xfGOex zP#F+=hD4*lvTdjjg#-u8kUTrUO8#$)g6n|V_&QS3DvZ4F{xhI;&=6QJ{PINR`y;)N zim;f54RAW$V-|ghBRle_K1w_j_$h)R4pc#x!0BprS6|l86E8YVsf&S^@Uc8LkjDV6 z=y~R(zXWM4^(pHFVAVB3kRnLVyEG0eZ5O*b1|U~EfVN%|cLX;4XM=eb<*SxYo^k)` zsHPyOqi(e{u1_^W%w7G|IG3^oGUAn6;E>p?l5s3vvSEQIIWB=r(-4>{aDMI6xA*2i{?iFlb+Q*U^4pfCg|=` z(;@Daf>6i?FzY3?WS`W*q|0$fxIp34B0|K?>gx%R=!z1$FFh}lP@wiq8iYXLgm6c$ z40LadrWq)>@E6Xo0L3JuNgF`zg~QrN1ssHLT6Vy`ucP^oxDG48-NiqmIO}xzaD?Wh zPVsl405Uz03|=fDtG@+Fc#pd8*SMo`=P*ozEdWnc9Sszc26i8je(V^Y9D6l}uoxcW zO?Mg}Bz8^Z7g6R?ySqTTy&PI(&htaWaO?I|{w zbsTbbZBMg`^@fx-)z@@vDMmZdWoKK48$uIu2^j+7V}5vClfV$py9ti!BCKh;F#B~2 zurn7Kr9?Mu%c-2ByL*s`ev9AhQY_;oNrnidFT4~;RqSFAMW&_ialNlP$RMOp=otgL zv3%~GgPb){2Mbawl`(oevA=)|fbUm6c zhFYv0z*MU~%m+x*VPMu0E*)1uGAE#*gDHfP1=4(0AM@|pEGtKf&qCS`z&J`;tAfO3 zqHET28!0(^<>fH?NgbYOit`_SvOXJn1b`z~?4=z=g(S$9G1MIAJ3^HSxCjjygfC3$ z#42Iycp<#dn?K0Nd{|}IX(-wAkB#WyI~f7$$QqGt|Gd6Z-hH4ts&p1Y2E=;W4&R|L>WBYg_TKtYgZ_>P3!+f3B|bvA*Wn(Wn^(C0*3 zlH30z0@x(J{2;s}!{!kC4{@q-6}Z=J+8i@kwoAef7)6Oty_v7^%n*ozYI1{!rgkK&qsA$9^Pg^U9X9;AK43>R*5 z0jm2B*8Cug8l&eaNnocR%@&;6`a&LITM?+Kd#B#w=`oH1C~h@t4=gHIP2b+zTJ7{e&jDv&2czp8I@2S!$&I zv*1Iie#eytpG>Mwu~Wmr9-~x4>E4tiBV!H-2-4Gk9p$`hvFc=P_bTJbbW?DwQeEuX z_#xtjKr7M!q;HtcD87!+8yo3em_-1|BLUo}4eSw#EjFZU6oi2af9@qAZeW!}{s4rq zE?bhG9iH2?o%1f)M`;3&jwJTss5>!P=P<*(pumn&HLx05GKDXdFNU zZp#;)>2=U9GdLBJ zOF<&`S;7^kh6fWh?~=9?y;c1zvD?tj%s~`DY3vmDl*i$vJmny~7_IX%rQdqT9+K>0 z%DY<%U^@6*Tny+1-CEI-jyo z+Ux)OelF-0mlxE;^T?Ky4ODurtO#fF6!L}&G90c->IVWWo_iJ+q<~n=l4Z%YkwuEK z4TZ|HCs#b{JRX(vRpzjdAuH%+bXGIVO{ZuQ?@BDb*Rip5wxi*%n&B3zi@F4w9)34o?3 zXj-8t^V;O21BtSIJa7FO6JbPas_kHb$9&X9CFB1fnWQ;j3hf3EBj5QUa0qz$w{T(W z=nrq4KcarbcJEcguu-FLe&kew+1Zes^({!f-85D^O?cI-7;K?~JYNukBqA(9TgOXd z_E${(>~c2*fXVtG!Pq}=(oHz??9b-mS!B}-Y`2b>e91;|vG#KAS0kS|e($NDn=Ujr z<~iJLvM?P-`wb5ZEz4O6><-R0hMzwL3gw||+RqT5@*sdNPLT*htW~0)rsE0+@ZOe8 zfpq{3ycpBO4q>2Z0uIj5l@FgTogR=n5P)+99GCgPh#A(8bG89>bLt_20d`e23#m2Iwc7flEx6s#sXfBc*iUl&;?` zfFIvMzqjf-V$nDV+Thq|40L>&6Nh`S+=mF$0Kdu_rBG`E<+l!pJ_ZrGLmE;xt?Z2h z0E#<{Uf!?)l}@?@l!KMm*8$=?5B~k@dCu(~x$@yxxNvhhadyF$w{aE?S9XA}JftGJ zT77a1w3<-JxoxuYb1Hzlz5+zgW7|OFV5gHGcM#WgkDnVf&I|;!E~TskXxtD)BLb|A zSPF|e{ExeO7Ec(Q$PU*-`g9=b~!A?dcGZH8k$ma;+2@2*W9zR0c7lhUjnRUL6p1fE%FA-^`>nl#e+q z4PrBAJ%*SLIrMsBaJOT1WX2V@B(F^07A7f*ZF8ff-G=W{sHS6=N7RQI&7b?1b8cEWA<}} zplMu1>&)*fzL+sp?N+YUyRa$|*B7Y(8T%L9?uz-0Wtdh5XfP;b1AZ0DbqFs$j!zUhp<$0XA0GqDcrLjj5kI56#zl;d&E)LbNr& zh%p!)xV$N&cq+&@>Uwgtll|1WC8unWiNRasYbf`#{K*?+ba_XBFk*cu2}G$cJC}lG zwgP(Dg0&y2p5?q-K5l)O2#IN88T*o#f~|zBMWk>S1Qxhk5I`7rh@h9&zu63uwY2q7 zp;dotH|Ybh)XFLgcDyW6pX#fm)803(Rv837pG04Hn%J4hHj$3Az!qLBhBQnawt4meoP2^#^vwhlOM zGXi~pH&<#Gld%f`h!*|Eno|T96($z!_D4IG`%=e?k8^r*V)rC0fc&Hv9WKRT?;7*` z6)NYhKbmRYahu?w;^z9a34FL5?)rrJ#Df(P} zYFC4#&Y~dJMZ+;a7h_6mhwOlCU((Bkxr$x%n?Om_;-rra_sB?3uoI`M0HU-*OB}I} zWw*|5L@To{gC!jnt$KdUvQ%-MFZ6>gBwd*$dC0GFFbcZRx&OL_FAF80A6o3@OBb8? zm_Q}N2)nmz-wYR`^I*Lp*t!HFQ&pUF0>*qSOEnFN{7<$MRAl(32)+rZcz#VRFeg?Yav+V)qcC`79J6D(;dFX(oP_jAhu3moCIF_5l`Fhx;XtG%Q{l4~yQqec+Ps^d~ zQ>LNs^z+8eN)c*JHl_1gHb>uVUyog5-yD#b&25YHDL!XzGo_Z)I7A?P|0{3R;=xs?T$+T8|QpE!TB`M22mi2wSim)Moa37F&g6i*#R6R;e*vTGZ zyZ&k#s-pn79b#E~mkWz}G>1s-FQ)qgPF{MZnKNaxuveSkjiM+>TedxxE639txsew9 zZVH$I)1Hr37z%MCOb$%*+h%v7wBswQ*&rr?Vv@1aic;?P>E+br)j8e|{QYq)HY$2M zDf}a|BdIGz24lr&{juFU%16Vw{Tdq`cg#+ht8Lts>?hMca(=4$?2)@))x>2ngHb)P zO3ru8?6^16Wz(1sABbXWERWOJ*c3DiKXIXyEfwgRdBv-n#C!C`d_>1W?OEUZP(GPO zk(%nIhhs+Jc<^mYxpd>l?GCIuLb2!FCF>iZ@I?{u`nhc{nC%r{h1v}?zkI0ZZn@s) zY`J2nz;)5;2#~@0T%f47|3WBTf2Z4Q<-9@2-hAm^TQXc-6A>(UU1^{PXkGm9+Ts0o0M6xf<8btz0_lKcr13VAL3+&K`9kdi{NZ*d^mTk%W5V!)K%94 z@79(U-vSimALo6x%ovClFlD+kM9SXY_hrT z`$5SK*0kawh-xGsNIMwXLWnxQ zL!p;Jsd`pfs;8x~CRbZ-6u*HY;m!>EL!CxRS#mb@=(4TXO20CW$@Dl2M))15uiF!K z$i--xZ7IA~;dQt)#w5q?Jgu12mULH8dW&$N32JVk<&+1Dnl#ZSQ^Y8l}e+B8}lYW|d#8#koHY%iIg zs2pyblv~guJk?b)eU1kxZ2ByAS7|yn0qS0R${S13UHhcrLKhowl$SckceFDrS=I;3 z-vim7*qCw_abl?oR=OMO>+lX_9{lK7gfw!!mVzXgIM8(lAenqL=SW{Ph7U{Ucv{ZAS}nFO!vzCN32zA`;W|py3|}O=9tH%cKPedW!LiD| z8%!`tRG~`#$jn@(lY_#sddmvIzQ=`vy?V2Id1io6sNK0>Qnu)DE3z~vv_8y6Cn#tJ{L z#@fqO()Xm$^X5u^!5pBQM5`xWrl>Wp&TxLeD0fwOB@=`LcdWi<^FPsZe+xW_Q68?& zUKdeE&J`_)Oj(Q!UCQ??FAyzva;m)&U*dzI%afAu1{L$x7R_ST0psBIf<% zC#zVFkL$c_nvrw1B1U~DD^oj7ElDe$ZL@`Omy9UIZgQKx`g*kn7*P~B2PTS=rK&5cfttynWKiMv1Y*8Yglac6*<6~Emp&e;g( z$T-T`Hqgj4j$`fve~$BKP5YDQYIa5GD{F^O6b3W5l?!ZM0LZo*Fag&Rx5u~7ujdAJ zKTH)xP|;>uB<;=L@$ZUqJ2n`y+KV5x_!KF9eO)Yu?CEIQQh`tR^-S%$G|w^(ll*tO zcYvg3S~**LtO_hCi>9{`oTJ?u3=gDYsE*VXUjzs~e3!*I<=b)4&yu412(bw)k=V;i z)5;bv3$E`>CasQxw714Ctu!TIFSXAIM!fS)dJdw{T=WLqo-e>-@gQ#RMv3n??$G2avaG zj!T33?5+JQyM5%mfrX$&Cf(`+9w%!-2OyVDXMLOQ#UEW`BnsNO(?!b)9OLqQr=E{F zz6WV9G<lbzEmLap2=Z-_ohLUZ=X zt7`I4n8Fp2k3JVyvGmO&E~L%0n`WZby}!Z`_sG%8w6&3R{J2N){xQD6!rpg_mU~OJ z!*5;2i|(x%#aMR|?KC}UId_p+#Az$8gS%Varo&xqug}lowN~|K-tfBtds_5$d z^;?v;-Ck?TTLGw23Y1ypLaA#sk3iY&i$;{2_YZw-dM!6$264891%zgpJ7UB^pcG$T*BXDdom1l+;({l{Vhhju-cRRNo zB)c%TmrimC`DLN&Sw!Csw7IuVQs6IzTwfYLB(bqBUfw-bq`HLtx1CRW&4HaHoc#o4ofmSw_FwS26g+fNWF|U@O#lq3jgt)5o0uP!uTzT%3z*coUFTUW4p7>#U}n@HmWN5? z6?Bp6U)scETZPvi=7ZCS8|M*mePY`;q(+K_mWf8AOroX}eF_0HS{G}Ghg zYEB|=<`bs{{<)zMMqZ{DTeV(J6bB+Cfq7P2GydF~`8p>XPu28uj8+Z+1iUVm*0WjE zBCc@uLuFr7lAcD)+jY;2jtl(U&oeR1lIRSqKhHgpaQQniR- zMG?U1xH78$l}v!bi(gG(B024E_oLc)cC$YT(5TJW)58DDeK zCwMrcn$5>lJ!Z-~Y~0k(+LJw!b8@t_)<~cJB!HF>V1NfC;{g0z6HOh}y_vvJ*h&7e zImX)v=`>ne3q61-yH#%+Y+{vk_^N{{t)|4q}9-t<_)UGKcfP?XeaVprju+XNlD4+bwsRdjzg zXNb2~=c8+4QZCJ-@qI6#2sbFESeMbx5>Qc*24;B$op#`5c5Rws6FqSv2I6h4+B^X< zJ^w8WdLG=|UDj=aJKeqtJ=dT9Pox>}hODmfHW#Xhs1fO~r+PO7{W3f8<0{l6cy(IkRx?C9hs=7{LL%dYDeJzfNel+URuhV z{wsy0&%604q|?}D>Za?Gbk|-{f@GVF}!%?H`$t1IaG<%j6l(Yd_duEgR=Tq zypA9^tZ}5BaV*cHFQsbY;qWUI4v0PvsN}!-7b?l|jg+tw|N z`?kh1H~5*MmeqL4y4GOD`LVUEt4~L5vE*KvXhra?J|SOkH}FQ@W0|n=thic6I3i#e z7$xeB{3u@n=#x=yZUn(iUp_)c5l%Ce}drSdp^;3`^ zF9ea+o6J@aPwQu92c%wP2{4JjPu4X8U)Yqb`Y<}SWZ&t=ErIvW8_ygk3z24!S$5QS zT%Gdf;b9_nqK{tA;0iaV?%M_R%I2oZi3Mc2tImGZQ3wkV8xsZP59Bw_s}MJ1`~JuT zY+s{_d{(N*2Sj)XbuYe$V+jEm-oFp`!Scj*37AYG-JdS{KGI3exu4vY?=k+pu6!q- zkJm&_s%!i$dD)xoLoW7h0lEUVW1(?|-tq<6TZ01@Q!9&JV?ePzw61Y({GdmXcLM*@ zN?Cbo;$o>dz^&E43>Bj_ZyUWqzY2NW(uy!Hry+n6lJg5zQM|N8{*%^l+8PUV7wZ)< zn~#<6hf9Z9b(dTWUZn&DmbiGvKHqg+-c@5WBzLkEDqnWLV>ZsL`N6sWfN$6~yKgY{ z9R{oIGXGBVVcc-2@WrBq^9_#AU+&b~%Ch!Xm+ak(eAYm^y)r!hrZ&vzFeHx6IFn_s zuyJUSfycO`dOw}#`7$2)T|w8#H$p09b9=L4J01KHPb{ne3$?42&R#l;4d8Rt1xG;s z{8yL#{D^pmRdKjZ%E?do;2*AU4NGJDhFNWQ+om6w>IUpBL|JgIxQVD~!iORa>3mQ2 z7SHRL_ASucM))%YY|p>$sJ^_G#pW!N_~!G0)R!;Dw+x?gRAH{?HiUL`{z|a@3f-QD z%!BAqUvkTrPWm$EnWh+6pD)$e&9c4y`&jaM zqyC=+*3WbtiaQJ+lK|eLEu*Xm--l(NFZ&}q_2c*5doV$wKyRJrY2)~P4i5-h{NMim z(HnIHX<>V5_>&H8qGu4}vuB-+3p?~v_4CHcY|{=maGHYLBA;+rf^tEBZ(=8wd$SL+ zMAJ6!0;J9HpG?n>dnV8yKChFPbRwcrfB%UTTj>l9`=4Kor+}?oK2eZ$qFu7)Zh2|) z_krA?e+DqILm&YcZkwN8pag1i5%Ej#$x%zv{r%~9n6y+A>mZJO-MT$QdL=s~0_ncl zs`r1nxGC1{;ko8T3n0(aUb#|14s?FsHC&>+KX8=r_Z|g*jm1y%=+)uAhD!inN^U4Z zL;hcyPK760(SQhV$AJe`p8(?8O3p#5otHYr=u1b49XRn%P0h~8SV<9T7en^@^0 z?*N=8KCMUMiKHsJ)4zFhs&6MNqwW@&LU`vM+fH&Wi;ld~@ELu@v~I#5tJ@bUmTd5m z^@}^Y)9cT=1QRo>XbI(TbaYHSDuf#fDr^(Gz;AL^qvdAra3wSIm0|PRMj<$=E=v6o z^VIBH&0p93_Mr!ZM$ONlu4KcahUM9$?GCKzKvGWx_S+Rde_IYiREgJoA+PgX53FhL zDfM*EXv4;zm!Vs_%kGsFl54-sE5OU!Am4t|P4MScj)aDM{4UPU)-l!9oG#a${10gx z2otBUKi;S+veTO*DGueu|M5!y-b*P+wUN9xcX)U>H@@yW=V!{nSKe1i#EU)m_ITI_ z#^s^R_D8ebov{j-uc{3USSDg#oe_-OeF+-(estdU>G0GiwtEE>%&eI_&U#W`%op~e zvdQMSc6SVixwxa=P`bS;TD#WMG=yiSmB_|3l-oxZZnJi@mwEE5L7UjRI>*gXfV6H_ z;3;K;5RvF)k~1HaZR}ElD2+A z`ElxdcUOy!Slm75dnXm&22#A%55Czs8^(1sT;dVe8C8kRq9~86LyJ;~$2hKSREZ{L zIGyFcMgaQoK?;?xd~D99-{gGMwzsMuLYd zqI)7Uhjq!s|7^k6D%iSzRP*K&Pvq{XWS``pS3FjL;oomCBSSXo44F^pi0c0F63}bC zu8HGweLIQTTPu8s{YJDDLU7+D4$P@|W3z zh^M7;VqsVD{__R?zi-3yPSvQcs0jN=j0wl}`jqj{?TEj%xC%DvYBO4FpYhj+op=Az zk+X}Efc#rGZxQ41?rh5k{OxC5F+7nr7=P<^eSAFL_Sy`_KWCf!3Z}SyQ>)Q?1~26L z-4)OWD@_Yne_n?QOM-QDbVzx9npl{b(F^HG{>DzwUR+$9sdzhGfrS1qi|H#h`lNOp zxG8mN{cb5wXl-K}<%ACH8#o*usx*uHxAm(WSEJ2Wt_cqyAv{~IKaVx2FP`DLe^%lh zOA782`CHc?fTg=Mtgrf)rTdr|Of3ad`T*KL+xdalJ?2wm$)N7{&Ew;$sxcGxzrDQy ztoZ)u!P91Nsa>nh?fGYSzu(6g_WRo~SYy`-zIyufDIY1Bi<8sHh!42O@Bw#r&4djZ$-9V^IYl_f^`1NL80$Z{sbQ~{ByeF48Hz8cQ zhzc_yn&(I$i)m71C__qL{jm=!#z`_JK_V^!Qsw86u! z9nJGebTDt8m*>|p_;w?0ks^*As5Jw1d=LF830IrHn)`?xzNT;CXE0|9_2=As-_t}N zwVQ=MoO!X#Yp6@o>f(w{s%C#*TEUbR5C6o2cWf(%I*il4$3;3D@6J~i?haSEER^5O z?4rjDC*z;cDGE#*jri=*Gf>2jTezf%ER*gi7R@pi36VGf!-s3Cg34AHm zAGKLBR+Y~@9?st)zCRY1FQj)NG~k_se`6k5c<#)CNTX?%a|_ldVXW`W4;)EC44zMm z){NdvNqAOPsfAUtM!~Y%THcVC$`ZNQ8(97dX;yoe9U+6ix+JoHqN{t@N6|5P`2`i)@N#50zkX&63$^18>cX_PvrQY2TbDmu#<5lDp zPgNqQ+YnQ?m)?J-z&owt@us(F?ET(0HhaVnb+*@kSLC-en2KU(rPgOlRT563zM>H( z;{c6hIinVWc3WI{ Date: Thu, 24 Oct 2024 23:35:47 -0700 Subject: [PATCH 25/33] Update eni-based-forwarding.md --- .../high-availability/eni-based-forwarding.md | 55 +++++++++++++++++-- 1 file changed, 49 insertions(+), 6 deletions(-) diff --git a/doc/smart-switch/high-availability/eni-based-forwarding.md b/doc/smart-switch/high-availability/eni-based-forwarding.md index b9cf15ce4d..11589ab092 100644 --- a/doc/smart-switch/high-availability/eni-based-forwarding.md +++ b/doc/smart-switch/high-availability/eni-based-forwarding.md @@ -245,7 +245,9 @@ Nexthop can be to a local DPU or a remote DPU. Orchagent must figure out if the A new orchagent DashEniFwdOrch is added which runs on NPU to translate the requirements into ACL Rules. -DashEniFwdOrch should infer the type of endpoint (local or remote) by parsing the DPU/vDPU table and saving the local DPU PA's in a set. +DashEniFwdOrch should infer the type of endpoint (local or remote) by parsing the DPU table. + +#### Remote NextHop Flow #### ```mermaid flowchart LR @@ -253,15 +255,56 @@ flowchart LR HaMgrD --> ENI_TABLE ENI_TABLE --> DashEniFwdOrch + DPU --> DashEniFwdOrch DashEniFwdOrch --> Ques1{Remote Endpoint} - DashEniFwdOrch --> |Observe| RouteOrch + Ques1 --> |Create Tunnel NH| VxLanTunnOrch + + DashEniFwdOrch --> ACL_RULE_TABLE + + AclOrch --> |Get oid| VxLanTunnOrch + ACL_RULE_TABLE --> AclOrch +``` + +#### Local NextHop Flow (Option 1) #### + +```mermaid +flowchart LR + ENI_TABLE[ENI_DASH_FORWARD_TABLE] - Ques1 --> CREATE_TUNNEL_NH - CREATE_TUNNEL_NH --> |oid| DashEniFwdOrch - RouteOrch --> |Notify NH for Local Endpoint| DashEniFwdOrch + HaMgrD --> ENI_TABLE + ENI_TABLE --> DashEniFwdOrch + DPU --> DashEniFwdOrch + + DashEniFwdOrch --> |Observe| NeighOrch + NeighOrch --> |Notify Local NH| DashEniFwdOrch + + DashEniFwdOrch --> | SET/DEL | ACL_RULE_TABLE + ACL_RULE_TABLE --> AclOrch DashEniFwdOrch --> AclOrch - DPU/vDPU --> DashEniFwdOrch +``` + +#### Local NextHop Flow (Option 2) #### + +```mermaid +flowchart LR + ENI_TABLE[ENI_DASH_FORWARD_TABLE] + + HaMgrD --> ENI_TABLE + ENI_TABLE --> DashEniFwdOrch + DPU --> DashEniFwdOrch + + DashEniFwdOrch --> Ques1{Remote Endpoint} + Ques1 --> |Create Tunnel NH| VxLanTunnOrch + VxLanTunnOrch --> |oid| DashEniFwdOrch + + AclOrch --> |Observe| NeighOrch + NeighOrch --> |Notify NH for Local Endpoint| AclOrch + + DashEniFwdOrch --> | DEL | ACL_RULE_TABLE + DashEniFwdOrch --> | SET | ACL_RULE_TABLE + + ACL_RULE_TABLE --> AclOrch ``` #### Schema Change in ACL_RULE #### From 7cb21232492486620df4dc3883e03b5c68e7288b Mon Sep 17 00:00:00 2001 From: Vivek Date: Fri, 25 Oct 2024 09:32:24 -0700 Subject: [PATCH 26/33] Update the flowchart --- .../high-availability/eni-based-forwarding.md | 32 +++++++++---------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/doc/smart-switch/high-availability/eni-based-forwarding.md b/doc/smart-switch/high-availability/eni-based-forwarding.md index 11589ab092..6eb61cc48f 100644 --- a/doc/smart-switch/high-availability/eni-based-forwarding.md +++ b/doc/smart-switch/high-availability/eni-based-forwarding.md @@ -106,7 +106,7 @@ ENI based forwarding requires the switch to understand the relationship between - Orchagent should also program ACL Rules with Tunnel termination entries - No BFD sessions are created to local DPU or the remote DPU. -ENI_DAS +ENI_DASH_FORWARD_TABLE schema is available here https://github.com/r12f/SONiC/blob/user/r12f/ha2/doc/smart-switch/high-availability/smart-switch-ha-detailed-design.md#2321-dash_eni_forward_table ### Phase 2 ### @@ -159,6 +159,8 @@ VNET: Vnet1000 **ACL Rule for outbound traffic** +MacDirection for outbound rules depends on the outbound_eni_mac_lookup field in the ENI_DASH_FORWARD_TABLE + ``` { "ACL_RULE": { @@ -166,7 +168,7 @@ VNET: Vnet1000 "PRIORITY": "9997", "TUNNEL_VNI": "4000", "DST_IP": "1.1.1.1/32", - "INNER_SRC_MAC": "aa:bb:cc:dd:ee:ff" + "INNER_SRC_MAC/INNER_DST_MAC": "aa:bb:cc:dd:ee:ff" "REDIRECT": "" } } @@ -294,17 +296,11 @@ flowchart LR ENI_TABLE --> DashEniFwdOrch DPU --> DashEniFwdOrch - DashEniFwdOrch --> Ques1{Remote Endpoint} - Ques1 --> |Create Tunnel NH| VxLanTunnOrch - VxLanTunnOrch --> |oid| DashEniFwdOrch - - AclOrch --> |Observe| NeighOrch - NeighOrch --> |Notify NH for Local Endpoint| AclOrch - - DashEniFwdOrch --> | DEL | ACL_RULE_TABLE - DashEniFwdOrch --> | SET | ACL_RULE_TABLE - + DashEniFwdOrch --> | SET/DEL | ACL_RULE_TABLE ACL_RULE_TABLE --> AclOrch + + AclOrch --> |Observe| NeighOrch + NeighOrch --> |Notify Local NH| AclOrch ``` #### Schema Change in ACL_RULE #### @@ -325,7 +321,13 @@ Current Schema for REDIRECT field in ACL_RULE_TABLE : next-hop group set of next-hop Example: "10.0.0.1,10.0.0.3@Ethernet1" ``` -This is enhanced to accept an object oid. AclOrch will verify if the object is of type SAI_OBJECT_TYPE_NEXT_HOP and only then permit the rule +This is enhanced to accept a representation for tunnel next-hop. + +``` + key: ACL_RULE_TABLE:table_name:rule_name + + redirect_action = 1*255CHAR ; tunnel next-hop Example: "2.2.2.1@tunnel" +``` ## Warmboot and Fastboot Design Impact ## @@ -341,6 +343,4 @@ No impact here ## Open/Action items - if any ## -- Will there be a packet coming to T1 which doesn't host its ENI? Theoretically possible if all the T1's in a cluster share the same VIP -- Will the endpoint for local DPU is PA of the interface address of the DPU -- ENI_DASH_FORWARD_TABLE schema. Will VIP, Tunnel VNI be part of ENI_DASH_FORWARD_TABLE + From 4b8385f728602c25b71af61df36048fff9e2797d Mon Sep 17 00:00:00 2001 From: Vivek Date: Fri, 25 Oct 2024 09:47:28 -0700 Subject: [PATCH 27/33] Update eni-based-forwarding.md --- .../high-availability/eni-based-forwarding.md | 25 ++++++++++++++----- 1 file changed, 19 insertions(+), 6 deletions(-) diff --git a/doc/smart-switch/high-availability/eni-based-forwarding.md b/doc/smart-switch/high-availability/eni-based-forwarding.md index 6eb61cc48f..975b8afa15 100644 --- a/doc/smart-switch/high-availability/eni-based-forwarding.md +++ b/doc/smart-switch/high-availability/eni-based-forwarding.md @@ -266,6 +266,7 @@ flowchart LR AclOrch --> |Get oid| VxLanTunnOrch ACL_RULE_TABLE --> AclOrch + AclOrch --> SAI/SDK ``` #### Local NextHop Flow (Option 1) #### @@ -279,13 +280,23 @@ flowchart LR DPU --> DashEniFwdOrch DashEniFwdOrch --> |Observe| NeighOrch - NeighOrch --> |Notify Local NH| DashEniFwdOrch + NeighOrch --> |NH Update| DashEniFwdOrch - DashEniFwdOrch --> | SET/DEL | ACL_RULE_TABLE - ACL_RULE_TABLE --> AclOrch - DashEniFwdOrch --> AclOrch + DashEniFwdOrch --> | Eni CRUD op | ACL_RULE_TABLE + DashEniFwdOrch --> | NH Update | ACL_RULE_TABLE + DashEniFwdOrch --> | NH Delete| AclOrch + + ACL_RULE_TABLE --> AclOrch + AclOrch --> SAI/SDK ``` +**Implementation Nuance** + +During ENI Create/Delete Flows, DashEniFwdOrch will just write the ACL_RULES to DB. + +However, when there is a Neigh Delete, DashEniFwdOrch will need to directly call AclOrch API's to delete the RULES. +This is required because DB update is async in nature + #### Local NextHop Flow (Option 2) #### ```mermaid @@ -300,7 +311,9 @@ flowchart LR ACL_RULE_TABLE --> AclOrch AclOrch --> |Observe| NeighOrch - NeighOrch --> |Notify Local NH| AclOrch + NeighOrch --> |NH Update| AclOrch + + AclOrch --> SAI/SDK ``` #### Schema Change in ACL_RULE #### @@ -326,7 +339,7 @@ This is enhanced to accept a representation for tunnel next-hop. ``` key: ACL_RULE_TABLE:table_name:rule_name - redirect_action = 1*255CHAR ; tunnel next-hop Example: "2.2.2.1@tunnel" + redirect_action = 1*255CHAR ; tunnel next-hop Example: "2.2.2.1@tunnel_name" ``` ## Warmboot and Fastboot Design Impact ## From 3036291390553cc2548a9c05f3eca9ba3318519d Mon Sep 17 00:00:00 2001 From: Vivek Date: Fri, 25 Oct 2024 10:59:29 -0700 Subject: [PATCH 28/33] Update eni-based-forwarding.md --- doc/smart-switch/high-availability/eni-based-forwarding.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/doc/smart-switch/high-availability/eni-based-forwarding.md b/doc/smart-switch/high-availability/eni-based-forwarding.md index 975b8afa15..99b9780141 100644 --- a/doc/smart-switch/high-availability/eni-based-forwarding.md +++ b/doc/smart-switch/high-availability/eni-based-forwarding.md @@ -287,6 +287,7 @@ flowchart LR DashEniFwdOrch --> | NH Delete| AclOrch ACL_RULE_TABLE --> AclOrch + AclOrch --> |Get oid| NeighOrch AclOrch --> SAI/SDK ``` @@ -314,6 +315,7 @@ flowchart LR NeighOrch --> |NH Update| AclOrch AclOrch --> SAI/SDK + AclOrch --> |Get oid| NeighOrch ``` #### Schema Change in ACL_RULE #### From 1075ab1a20d650a7d8c6b41172c924e1e34db90f Mon Sep 17 00:00:00 2001 From: Vivek Date: Fri, 25 Oct 2024 16:35:30 -0700 Subject: [PATCH 29/33] Update design --- .../high-availability/eni-based-forwarding.md | 35 ++++--------------- 1 file changed, 7 insertions(+), 28 deletions(-) diff --git a/doc/smart-switch/high-availability/eni-based-forwarding.md b/doc/smart-switch/high-availability/eni-based-forwarding.md index 99b9780141..78d79b0214 100644 --- a/doc/smart-switch/high-availability/eni-based-forwarding.md +++ b/doc/smart-switch/high-availability/eni-based-forwarding.md @@ -112,6 +112,7 @@ ENI_DASH_FORWARD_TABLE schema is available here https://github.com/r12f/SONiC/bl - BFD sessions are created to local DPU or the remote DPU for faster reactivity to card level failures - Orchagent will switch between primary and secondary endpoint based on BFD status +- Handle the local NEIGH down possibility. ## Architecture Design ## @@ -241,7 +242,9 @@ To solve this, ACL rules with high priority are added and the redirect should al ### Nexthop resolution ### -Nexthop can be to a local DPU or a remote DPU. Orchagent must figure out if the endpoint is either local or remote and handle it accordingly +Nexthop can be to a local DPU or a remote DPU. Orchagent must figure out if the endpoint is either local or remote and handle it accordingly. + +It is also DashEniFwdOrch's responsibility to resolve the neighbor. This can be achieved by writing the entry to APP_NEIGH_RESOLVE_TABLE_NAME table. ### Dash ENI Forward Orch ### @@ -279,44 +282,20 @@ flowchart LR ENI_TABLE --> DashEniFwdOrch DPU --> DashEniFwdOrch - DashEniFwdOrch --> |Observe| NeighOrch + DashEniFwdOrch --> |Observe|Resolve| NeighOrch NeighOrch --> |NH Update| DashEniFwdOrch - DashEniFwdOrch --> | Eni CRUD op | ACL_RULE_TABLE - DashEniFwdOrch --> | NH Update | ACL_RULE_TABLE - DashEniFwdOrch --> | NH Delete| AclOrch + DashEniFwdOrch --> ACL_RULE_TABLE + DashEniFwdOrch --> AclOrch ACL_RULE_TABLE --> AclOrch AclOrch --> |Get oid| NeighOrch AclOrch --> SAI/SDK ``` -**Implementation Nuance** - -During ENI Create/Delete Flows, DashEniFwdOrch will just write the ACL_RULES to DB. - -However, when there is a Neigh Delete, DashEniFwdOrch will need to directly call AclOrch API's to delete the RULES. -This is required because DB update is async in nature #### Local NextHop Flow (Option 2) #### -```mermaid -flowchart LR - ENI_TABLE[ENI_DASH_FORWARD_TABLE] - - HaMgrD --> ENI_TABLE - ENI_TABLE --> DashEniFwdOrch - DPU --> DashEniFwdOrch - - DashEniFwdOrch --> | SET/DEL | ACL_RULE_TABLE - ACL_RULE_TABLE --> AclOrch - - AclOrch --> |Observe| NeighOrch - NeighOrch --> |NH Update| AclOrch - - AclOrch --> SAI/SDK - AclOrch --> |Get oid| NeighOrch -``` #### Schema Change in ACL_RULE #### From 8d9f4ec4f7d22748bde79b54c5475dc4121279b3 Mon Sep 17 00:00:00 2001 From: Vivek Date: Fri, 25 Oct 2024 16:48:54 -0700 Subject: [PATCH 30/33] Update eni-based-forwarding.md --- .../high-availability/eni-based-forwarding.md | 11 +++-------- 1 file changed, 3 insertions(+), 8 deletions(-) diff --git a/doc/smart-switch/high-availability/eni-based-forwarding.md b/doc/smart-switch/high-availability/eni-based-forwarding.md index 78d79b0214..889f8162cf 100644 --- a/doc/smart-switch/high-availability/eni-based-forwarding.md +++ b/doc/smart-switch/high-availability/eni-based-forwarding.md @@ -229,7 +229,7 @@ To solve this, ACL rules with high priority are added and the redirect should al ``` { "ACL_RULE": { - "ENI:aa:bb:cc:ff:fe:dd:ee:ff:IN1": { + "ENI:Vnet1000_AABBCCDDEEFF_IN_TERM": { "PRIORITY": "9998", "DST_IP": "1.1.1.1/32", "INNER_DST_MAC": "aa:bb:cc:dd:ee:ff", @@ -272,7 +272,7 @@ flowchart LR AclOrch --> SAI/SDK ``` -#### Local NextHop Flow (Option 1) #### +#### Local NextHop Flow #### ```mermaid flowchart LR @@ -282,21 +282,16 @@ flowchart LR ENI_TABLE --> DashEniFwdOrch DPU --> DashEniFwdOrch - DashEniFwdOrch --> |Observe|Resolve| NeighOrch + DashEniFwdOrch --> |Observe/Resolve| NeighOrch NeighOrch --> |NH Update| DashEniFwdOrch DashEniFwdOrch --> ACL_RULE_TABLE - DashEniFwdOrch --> AclOrch ACL_RULE_TABLE --> AclOrch AclOrch --> |Get oid| NeighOrch AclOrch --> SAI/SDK ``` - -#### Local NextHop Flow (Option 2) #### - - #### Schema Change in ACL_RULE #### Current Schema for REDIRECT field in ACL_RULE_TABLE From ab08fb518be98ae6e23c6eea0e3a9f905fe33964 Mon Sep 17 00:00:00 2001 From: Vivek Date: Tue, 29 Oct 2024 20:47:37 -0700 Subject: [PATCH 31/33] Update eni-based-forwarding.md --- doc/smart-switch/high-availability/eni-based-forwarding.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/doc/smart-switch/high-availability/eni-based-forwarding.md b/doc/smart-switch/high-availability/eni-based-forwarding.md index 889f8162cf..1977daaa25 100644 --- a/doc/smart-switch/high-availability/eni-based-forwarding.md +++ b/doc/smart-switch/high-availability/eni-based-forwarding.md @@ -260,7 +260,7 @@ flowchart LR HaMgrD --> ENI_TABLE ENI_TABLE --> DashEniFwdOrch - DPU --> DashEniFwdOrch + DPU/vDPU --> DashEniFwdOrch DashEniFwdOrch --> Ques1{Remote Endpoint} Ques1 --> |Create Tunnel NH| VxLanTunnOrch @@ -280,7 +280,7 @@ flowchart LR HaMgrD --> ENI_TABLE ENI_TABLE --> DashEniFwdOrch - DPU --> DashEniFwdOrch + DPU/vDPU --> DashEniFwdOrch DashEniFwdOrch --> |Observe/Resolve| NeighOrch NeighOrch --> |NH Update| DashEniFwdOrch From cab5cd14599a0f602fb5d86b28fdae3987d86857 Mon Sep 17 00:00:00 2001 From: Vivek Date: Tue, 29 Oct 2024 21:32:42 -0700 Subject: [PATCH 32/33] Update eni-based-forwarding.md --- doc/smart-switch/high-availability/eni-based-forwarding.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/smart-switch/high-availability/eni-based-forwarding.md b/doc/smart-switch/high-availability/eni-based-forwarding.md index 1977daaa25..1f942b28fa 100644 --- a/doc/smart-switch/high-availability/eni-based-forwarding.md +++ b/doc/smart-switch/high-availability/eni-based-forwarding.md @@ -85,7 +85,7 @@ Packet Forwarding from NPU to local and remote DPU's are clearly explained in th ENI based forwarding requires the switch to understand the relationship between the packet and ENI, and ENI and DPU. * Each DPU is represented as a PA (public address). Unlike VIP, PA does't have to be visible from the entire cloud infrastructure -* Each ENI belongs to a certain DPU (local or remote) +* Every ENI should be a part of T1 cluster * Each packet can be identified as belonging to that switch using VIP and VNI * Forwarding can be to local DPU or remote DPU over L3 VxLAN * Scale: From 75c1e61bd25a3148763ce71fece7488cd6faec84 Mon Sep 17 00:00:00 2001 From: Vivek Date: Thu, 31 Oct 2024 09:52:40 -0700 Subject: [PATCH 33/33] Update eni-based-forwarding.md --- .../high-availability/eni-based-forwarding.md | 22 +++++++++---------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/doc/smart-switch/high-availability/eni-based-forwarding.md b/doc/smart-switch/high-availability/eni-based-forwarding.md index 1f942b28fa..ca21e72967 100644 --- a/doc/smart-switch/high-availability/eni-based-forwarding.md +++ b/doc/smart-switch/high-availability/eni-based-forwarding.md @@ -93,20 +93,20 @@ ENI based forwarding requires the switch to understand the relationship between * Scale Example: - T1 per cluster: 8 - DPU per T1: 4 - - ENI per DPU: 32 + - ENI per DPU: 64 - HA Scaling factor: 2 - - Total ENI's in this Cluster: (8 * 4 * 32) / 2 = 512 - - ENI's hosted on a T1: 128 - - Number of ACL Rules: 128 * (2 * 2) + (512 - 128) * 2 = 1280 + - Total ENI's in this Cluster: (8 * 4 * 64) / 2 = 1024 + - ENI's hosted on a T1: 256 + - Number of ACL Rules: 256 * (2 * 2) + (1024 - 256) * 2 = 2560 ### Phase 1 ### -- Only HaMgrd will make decision on where to route the packet and write to ENI_DASH_FORWARD_TABLE table +- Only HaMgrd will make decision on where to route the packet and write to DASH_ENI_FORWARD_TABLE table - Orchagent will only process the primary endpoint and translate the requirement into ACL Rules - Orchagent should also program ACL Rules with Tunnel termination entries - No BFD sessions are created to local DPU or the remote DPU. -ENI_DASH_FORWARD_TABLE schema is available here https://github.com/r12f/SONiC/blob/user/r12f/ha2/doc/smart-switch/high-availability/smart-switch-ha-detailed-design.md#2321-dash_eni_forward_table +DASH_ENI_FORWARD_TABLE schema is available here https://github.com/r12f/SONiC/blob/user/r12f/ha2/doc/smart-switch/high-availability/smart-switch-ha-detailed-design.md#2321-dash_eni_forward_table ### Phase 2 ### @@ -160,7 +160,7 @@ VNET: Vnet1000 **ACL Rule for outbound traffic** -MacDirection for outbound rules depends on the outbound_eni_mac_lookup field in the ENI_DASH_FORWARD_TABLE +MacDirection for outbound rules depends on the outbound_eni_mac_lookup field in the DASH_ENI_FORWARD_TABLE ``` { @@ -256,7 +256,7 @@ DashEniFwdOrch should infer the type of endpoint (local or remote) by parsing th ```mermaid flowchart LR - ENI_TABLE[ENI_DASH_FORWARD_TABLE] + ENI_TABLE[DASH_ENI_FORWARD_TABLE] HaMgrD --> ENI_TABLE ENI_TABLE --> DashEniFwdOrch @@ -276,7 +276,7 @@ flowchart LR ```mermaid flowchart LR - ENI_TABLE[ENI_DASH_FORWARD_TABLE] + ENI_TABLE[DASH_ENI_FORWARD_TABLE] HaMgrD --> ENI_TABLE ENI_TABLE --> DashEniFwdOrch @@ -326,9 +326,9 @@ No impact here ## Testing Requirements/Design ## -- Migrate existing Private Link tests to use ENI Forwarding Approach. Until HaMgrd is available, test should write to the ENI_DASH_FORWARD_TABLE +- Migrate existing Private Link tests to use ENI Forwarding Approach. Until HaMgrd is available, test should write to the DASH_ENI_FORWARD_TABLE - Add individual test cases which verify forwarding to remote endpoint and also Tunnel Termination. This should not require HA availability -- HA test cases should work by just writing the expected configuration to ENI_DASH_FORWARD_TABLE +- HA test cases should work by just writing the expected configuration to DASH_ENI_FORWARD_TABLE ## Open/Action items - if any ##