Commit | Line | Data |
---|---|---|
1d2698fa MCC |
1 | .. SPDX-License-Identifier: GPL-2.0 |
2 | ||
3 | =================================== | |
7afc19bc | 4 | Identifier Locator Addressing (ILA) |
1d2698fa | 5 | =================================== |
7afc19bc TH |
6 | |
7 | ||
8 | Introduction | |
9 | ============ | |
10 | ||
11 | Identifier-locator addressing (ILA) is a technique used with IPv6 that | |
12 | differentiates between location and identity of a network node. Part of an | |
13 | address expresses the immutable identity of the node, and another part | |
14 | indicates the location of the node which can be dynamic. Identifier-locator | |
15 | addressing can be used to efficiently implement overlay networks for | |
16 | network virtualization as well as solutions for use cases in mobility. | |
17 | ||
18 | ILA can be thought of as means to implement an overlay network without | |
19 | encapsulation. This is accomplished by performing network address | |
20 | translation on destination addresses as a packet traverses a network. To | |
21 | the network, an ILA translated packet appears to be no different than any | |
22 | other IPv6 packet. For instance, if the transport protocol is TCP then an | |
23 | ILA translated packet looks like just another TCP/IPv6 packet. The | |
24 | advantage of this is that ILA is transparent to the network so that | |
25 | optimizations in the network, such as ECMP, RSS, GRO, GSO, etc., just work. | |
26 | ||
27 | The ILA protocol is described in Internet-Draft draft-herbert-intarea-ila. | |
28 | ||
29 | ||
30 | ILA terminology | |
31 | =============== | |
32 | ||
1d2698fa MCC |
33 | - Identifier |
34 | A number that identifies an addressable node in the network | |
7afc19bc TH |
35 | independent of its location. ILA identifiers are sixty-four |
36 | bit values. | |
37 | ||
1d2698fa MCC |
38 | - Locator |
39 | A network prefix that routes to a physical host. Locators | |
7afc19bc TH |
40 | provide the topological location of an addressed node. ILA |
41 | locators are sixty-four bit prefixes. | |
42 | ||
43 | - ILA mapping | |
44 | A mapping of an ILA identifier to a locator (or to a | |
45 | locator and meta data). An ILA domain maintains a database | |
46 | that contains mappings for all destinations in the domain. | |
47 | ||
48 | - SIR address | |
49 | An IPv6 address composed of a SIR prefix (upper sixty- | |
50 | four bits) and an identifier (lower sixty-four bits). | |
51 | SIR addresses are visible to applications and provide a | |
52 | means for them to address nodes independent of their | |
53 | location. | |
54 | ||
55 | - ILA address | |
56 | An IPv6 address composed of a locator (upper sixty-four | |
57 | bits) and an identifier (low order sixty-four bits). ILA | |
58 | addresses are never visible to an application. | |
59 | ||
1d2698fa MCC |
60 | - ILA host |
61 | An end host that is capable of performing ILA translations | |
7afc19bc TH |
62 | on transmit or receive. |
63 | ||
1d2698fa MCC |
64 | - ILA router |
65 | A network node that performs ILA translation and forwarding | |
7afc19bc TH |
66 | of translated packets. |
67 | ||
68 | - ILA forwarding cache | |
69 | A type of ILA router that only maintains a working set | |
70 | cache of mappings. | |
71 | ||
1d2698fa MCC |
72 | - ILA node |
73 | A network node capable of performing ILA translations. This | |
7afc19bc TH |
74 | can be an ILA router, ILA forwarding cache, or ILA host. |
75 | ||
76 | ||
77 | Operation | |
78 | ========= | |
79 | ||
80 | There are two fundamental operations with ILA: | |
81 | ||
82 | - Translate a SIR address to an ILA address. This is performed on ingress | |
83 | to an ILA overlay. | |
84 | ||
85 | - Translate an ILA address to a SIR address. This is performed on egress | |
86 | from the ILA overlay. | |
87 | ||
88 | ILA can be deployed either on end hosts or intermediate devices in the | |
89 | network; these are provided by "ILA hosts" and "ILA routers" respectively. | |
90 | Configuration and datapath for these two points of deployment is somewhat | |
91 | different. | |
92 | ||
93 | The diagram below illustrates the flow of packets through ILA as well | |
1d2698fa | 94 | as showing ILA hosts and routers:: |
7afc19bc TH |
95 | |
96 | +--------+ +--------+ | |
97 | | Host A +-+ +--->| Host B | | |
98 | | | | (2) ILA (') | | | |
99 | +--------+ | ...addressed.... ( ) +--------+ | |
1d2698fa | 100 | V +---+--+ . packet . +---+--+ (_) |
7afc19bc TH |
101 | (1) SIR | | ILA |----->-------->---->| ILA | | (3) SIR |
102 | addressed +->|router| . . |router|->-+ addressed | |
103 | packet +---+--+ . IPv6 . +---+--+ packet | |
1d2698fa MCC |
104 | / . Network . |
105 | / . . +--+-++--------+ | |
7afc19bc TH |
106 | +--------+ / . . |ILA || Host | |
107 | | Host +--+ . .- -|host|| | | |
108 | | | . . +--+-++--------+ | |
109 | +--------+ ................ | |
110 | ||
111 | ||
112 | Transport checksum handling | |
113 | =========================== | |
114 | ||
115 | When an address is translated by ILA, an encapsulated transport checksum | |
116 | that includes the translated address in a pseudo header may be rendered | |
117 | incorrect on the wire. This is a problem for intermediate devices, | |
118 | including checksum offload in NICs, that process the checksum. There are | |
119 | three options to deal with this: | |
120 | ||
121 | - no action Allow the checksum to be incorrect on the wire. Before | |
122 | a receiver verifies a checksum the ILA to SIR address | |
123 | translation must be done. | |
124 | ||
125 | - adjust transport checksum | |
126 | When ILA translation is performed the packet is parsed | |
127 | and if a transport layer checksum is found then it is | |
128 | adjusted to reflect the correct checksum per the | |
129 | translated address. | |
130 | ||
131 | - checksum neutral mapping | |
132 | When an address is translated the difference can be offset | |
bb38ccce | 133 | elsewhere in a part of the packet that is covered by |
7afc19bc TH |
134 | the checksum. The low order sixteen bits of the identifier |
135 | are used. This method is preferred since it doesn't require | |
136 | parsing a packet beyond the IP header and in most cases the | |
137 | adjustment can be precomputed and saved with the mapping. | |
138 | ||
139 | Note that the checksum neutral adjustment affects the low order sixteen | |
140 | bits of the identifier. When ILA to SIR address translation is done on | |
141 | egress the low order bits are restored to the original value which | |
142 | restores the identifier as it was originally sent. | |
143 | ||
144 | ||
145 | Identifier types | |
146 | ================ | |
147 | ||
148 | ILA defines different types of identifiers for different use cases. | |
149 | ||
150 | The defined types are: | |
151 | ||
152 | 0: interface identifier | |
153 | ||
154 | 1: locally unique identifier | |
155 | ||
156 | 2: virtual networking identifier for IPv4 address | |
157 | ||
158 | 3: virtual networking identifier for IPv6 unicast address | |
159 | ||
160 | 4: virtual networking identifier for IPv6 multicast address | |
161 | ||
162 | 5: non-local address identifier | |
163 | ||
164 | In the current implementation of kernel ILA only locally unique identifiers | |
165 | (LUID) are supported. LUID allows for a generic, unformatted 64 bit | |
166 | identifier. | |
167 | ||
168 | ||
169 | Identifier formats | |
170 | ================== | |
171 | ||
172 | Kernel ILA supports two optional fields in an identifier for formatting: | |
173 | "C-bit" and "identifier type". The presence of these fields is determined | |
174 | by configuration as demonstrated below. | |
175 | ||
176 | If the identifier type is present it occupies the three highest order | |
177 | bits of an identifier. The possible values are given in the above list. | |
178 | ||
179 | If the C-bit is present, this is used as an indication that checksum | |
180 | neutral mapping has been done. The C-bit can only be set in an | |
181 | ILA address, never a SIR address. | |
182 | ||
183 | In the simplest format the identifier types, C-bit, and checksum | |
184 | adjustment value are not present so an identifier is considered an | |
1d2698fa | 185 | unstructured sixty-four bit value:: |
7afc19bc TH |
186 | |
187 | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |
188 | | Identifier | | |
189 | + + | |
190 | | | | |
191 | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |
192 | ||
193 | The checksum neutral adjustment may be configured to always be | |
194 | present using neutral-map-auto. In this case there is no C-bit, but the | |
195 | checksum adjustment is in the low order 16 bits. The identifier is | |
1d2698fa | 196 | still sixty-four bits:: |
7afc19bc TH |
197 | |
198 | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |
199 | | Identifier | | |
200 | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |
201 | | | Checksum-neutral adjustment | | |
202 | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |
203 | ||
204 | The C-bit may used to explicitly indicate that checksum neutral | |
1d2698fa | 205 | mapping has been applied to an ILA address. The format is:: |
7afc19bc TH |
206 | |
207 | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |
208 | | |C| Identifier | | |
209 | | +-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |
210 | | | Checksum-neutral adjustment | | |
211 | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |
212 | ||
213 | The identifier type field may be present to indicate the identifier | |
214 | type. If it is not present then the type is inferred based on mapping | |
215 | configuration. The checksum neutral adjustment may automatically | |
1d2698fa | 216 | used with the identifier type as illustrated below:: |
7afc19bc TH |
217 | |
218 | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |
219 | | Type| Identifier | | |
220 | +-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |
221 | | | Checksum-neutral adjustment | | |
222 | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |
223 | ||
224 | If the identifier type and the C-bit can be present simultaneously so | |
1d2698fa | 225 | the identifier format would be:: |
7afc19bc TH |
226 | |
227 | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |
228 | | Type|C| Identifier | | |
229 | +-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |
230 | | | Checksum-neutral adjustment | | |
231 | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |
232 | ||
233 | ||
234 | Configuration | |
235 | ============= | |
236 | ||
237 | There are two methods to configure ILA mappings. One is by using LWT routes | |
238 | and the other is ila_xlat (called from NFHOOK PREROUTING hook). ila_xlat | |
239 | is intended to be used in the receive path for ILA hosts . | |
240 | ||
241 | An ILA router has also been implemented in XDP. Description of that is | |
242 | outside the scope of this document. | |
243 | ||
244 | The usage of for ILA LWT routes is: | |
245 | ||
246 | ip route add DEST/128 encap ila LOC csum-mode MODE ident-type TYPE via ADDR | |
247 | ||
248 | Destination (DEST) can either be a SIR address (for an ILA host or ingress | |
249 | ILA router) or an ILA address (egress ILA router). LOC is the sixty-four | |
250 | bit locator (with format W:X:Y:Z) that overwrites the upper sixty-four | |
251 | bits of the destination address. Checksum MODE is one of "no-action", | |
252 | "adj-transport", "neutral-map", and "neutral-map-auto". If neutral-map is | |
253 | set then the C-bit will be present. Identifier TYPE one of "luid" or | |
254 | "use-format." In the case of use-format, the identifier type field is | |
255 | present and the effective type is taken from that. | |
256 | ||
257 | The usage of ila_xlat is: | |
258 | ||
259 | ip ila add loc_match MATCH loc LOC csum-mode MODE ident-type TYPE | |
260 | ||
261 | MATCH indicates the incoming locator that must be matched to apply | |
262 | a the translaiton. LOC is the locator that overwrites the upper | |
263 | sixty-four bits of the destination address. MODE and TYPE have the | |
264 | same meanings as described above. | |
265 | ||
266 | ||
267 | Some examples | |
268 | ============= | |
269 | ||
1d2698fa MCC |
270 | :: |
271 | ||
272 | # Configure an ILA route that uses checksum neutral mapping as well | |
273 | # as type field. Note that the type field is set in the SIR address | |
274 | # (the 2000 implies type is 1 which is LUID). | |
275 | ip route add 3333:0:0:1:2000:0:1:87/128 encap ila 2001:0:87:0 \ | |
276 | csum-mode neutral-map ident-type use-format | |
277 | ||
278 | # Configure an ILA LWT route that uses auto checksum neutral mapping | |
279 | # (no C-bit) and configure identifier type to be LUID so that the | |
280 | # identifier type field will not be present. | |
281 | ip route add 3333:0:0:1:2000:0:2:87/128 encap ila 2001:0:87:1 \ | |
282 | csum-mode neutral-map-auto ident-type luid | |
283 | ||
284 | ila_xlat configuration | |
285 | ||
286 | # Configure an ILA to SIR mapping that matches a locator and overwrites | |
287 | # it with a SIR address (3333:0:0:1 in this example). The C-bit and | |
288 | # identifier field are used. | |
289 | ip ila add loc_match 2001:0:119:0 loc 3333:0:0:1 \ | |
290 | csum-mode neutral-map-auto ident-type use-format | |
291 | ||
292 | # Configure an ILA to SIR mapping where checksum neutral is automatically | |
293 | # set without the C-bit and the identifier type is configured to be LUID | |
294 | # so that the identifier type field is not present. | |
295 | ip ila add loc_match 2001:0:119:0 loc 3333:0:0:1 \ | |
296 | csum-mode neutral-map-auto ident-type use-format |