Commit | Line | Data |
---|---|---|
7afc19bc TH |
1 | Identifier Locator Addressing (ILA) |
2 | ||
3 | ||
4 | Introduction | |
5 | ============ | |
6 | ||
7 | Identifier-locator addressing (ILA) is a technique used with IPv6 that | |
8 | differentiates between location and identity of a network node. Part of an | |
9 | address expresses the immutable identity of the node, and another part | |
10 | indicates the location of the node which can be dynamic. Identifier-locator | |
11 | addressing can be used to efficiently implement overlay networks for | |
12 | network virtualization as well as solutions for use cases in mobility. | |
13 | ||
14 | ILA can be thought of as means to implement an overlay network without | |
15 | encapsulation. This is accomplished by performing network address | |
16 | translation on destination addresses as a packet traverses a network. To | |
17 | the network, an ILA translated packet appears to be no different than any | |
18 | other IPv6 packet. For instance, if the transport protocol is TCP then an | |
19 | ILA translated packet looks like just another TCP/IPv6 packet. The | |
20 | advantage of this is that ILA is transparent to the network so that | |
21 | optimizations in the network, such as ECMP, RSS, GRO, GSO, etc., just work. | |
22 | ||
23 | The ILA protocol is described in Internet-Draft draft-herbert-intarea-ila. | |
24 | ||
25 | ||
26 | ILA terminology | |
27 | =============== | |
28 | ||
29 | - Identifier A number that identifies an addressable node in the network | |
30 | independent of its location. ILA identifiers are sixty-four | |
31 | bit values. | |
32 | ||
33 | - Locator A network prefix that routes to a physical host. Locators | |
34 | provide the topological location of an addressed node. ILA | |
35 | locators are sixty-four bit prefixes. | |
36 | ||
37 | - ILA mapping | |
38 | A mapping of an ILA identifier to a locator (or to a | |
39 | locator and meta data). An ILA domain maintains a database | |
40 | that contains mappings for all destinations in the domain. | |
41 | ||
42 | - SIR address | |
43 | An IPv6 address composed of a SIR prefix (upper sixty- | |
44 | four bits) and an identifier (lower sixty-four bits). | |
45 | SIR addresses are visible to applications and provide a | |
46 | means for them to address nodes independent of their | |
47 | location. | |
48 | ||
49 | - ILA address | |
50 | An IPv6 address composed of a locator (upper sixty-four | |
51 | bits) and an identifier (low order sixty-four bits). ILA | |
52 | addresses are never visible to an application. | |
53 | ||
54 | - ILA host An end host that is capable of performing ILA translations | |
55 | on transmit or receive. | |
56 | ||
57 | - ILA router A network node that performs ILA translation and forwarding | |
58 | of translated packets. | |
59 | ||
60 | - ILA forwarding cache | |
61 | A type of ILA router that only maintains a working set | |
62 | cache of mappings. | |
63 | ||
64 | - ILA node A network node capable of performing ILA translations. This | |
65 | can be an ILA router, ILA forwarding cache, or ILA host. | |
66 | ||
67 | ||
68 | Operation | |
69 | ========= | |
70 | ||
71 | There are two fundamental operations with ILA: | |
72 | ||
73 | - Translate a SIR address to an ILA address. This is performed on ingress | |
74 | to an ILA overlay. | |
75 | ||
76 | - Translate an ILA address to a SIR address. This is performed on egress | |
77 | from the ILA overlay. | |
78 | ||
79 | ILA can be deployed either on end hosts or intermediate devices in the | |
80 | network; these are provided by "ILA hosts" and "ILA routers" respectively. | |
81 | Configuration and datapath for these two points of deployment is somewhat | |
82 | different. | |
83 | ||
84 | The diagram below illustrates the flow of packets through ILA as well | |
85 | as showing ILA hosts and routers. | |
86 | ||
87 | +--------+ +--------+ | |
88 | | Host A +-+ +--->| Host B | | |
89 | | | | (2) ILA (') | | | |
90 | +--------+ | ...addressed.... ( ) +--------+ | |
91 | V +---+--+ . packet . +---+--+ (_) | |
92 | (1) SIR | | ILA |----->-------->---->| ILA | | (3) SIR | |
93 | addressed +->|router| . . |router|->-+ addressed | |
94 | packet +---+--+ . IPv6 . +---+--+ packet | |
95 | / . Network . | |
96 | / . . +--+-++--------+ | |
97 | +--------+ / . . |ILA || Host | | |
98 | | Host +--+ . .- -|host|| | | |
99 | | | . . +--+-++--------+ | |
100 | +--------+ ................ | |
101 | ||
102 | ||
103 | Transport checksum handling | |
104 | =========================== | |
105 | ||
106 | When an address is translated by ILA, an encapsulated transport checksum | |
107 | that includes the translated address in a pseudo header may be rendered | |
108 | incorrect on the wire. This is a problem for intermediate devices, | |
109 | including checksum offload in NICs, that process the checksum. There are | |
110 | three options to deal with this: | |
111 | ||
112 | - no action Allow the checksum to be incorrect on the wire. Before | |
113 | a receiver verifies a checksum the ILA to SIR address | |
114 | translation must be done. | |
115 | ||
116 | - adjust transport checksum | |
117 | When ILA translation is performed the packet is parsed | |
118 | and if a transport layer checksum is found then it is | |
119 | adjusted to reflect the correct checksum per the | |
120 | translated address. | |
121 | ||
122 | - checksum neutral mapping | |
123 | When an address is translated the difference can be offset | |
bb38ccce | 124 | elsewhere in a part of the packet that is covered by |
7afc19bc TH |
125 | the checksum. The low order sixteen bits of the identifier |
126 | are used. This method is preferred since it doesn't require | |
127 | parsing a packet beyond the IP header and in most cases the | |
128 | adjustment can be precomputed and saved with the mapping. | |
129 | ||
130 | Note that the checksum neutral adjustment affects the low order sixteen | |
131 | bits of the identifier. When ILA to SIR address translation is done on | |
132 | egress the low order bits are restored to the original value which | |
133 | restores the identifier as it was originally sent. | |
134 | ||
135 | ||
136 | Identifier types | |
137 | ================ | |
138 | ||
139 | ILA defines different types of identifiers for different use cases. | |
140 | ||
141 | The defined types are: | |
142 | ||
143 | 0: interface identifier | |
144 | ||
145 | 1: locally unique identifier | |
146 | ||
147 | 2: virtual networking identifier for IPv4 address | |
148 | ||
149 | 3: virtual networking identifier for IPv6 unicast address | |
150 | ||
151 | 4: virtual networking identifier for IPv6 multicast address | |
152 | ||
153 | 5: non-local address identifier | |
154 | ||
155 | In the current implementation of kernel ILA only locally unique identifiers | |
156 | (LUID) are supported. LUID allows for a generic, unformatted 64 bit | |
157 | identifier. | |
158 | ||
159 | ||
160 | Identifier formats | |
161 | ================== | |
162 | ||
163 | Kernel ILA supports two optional fields in an identifier for formatting: | |
164 | "C-bit" and "identifier type". The presence of these fields is determined | |
165 | by configuration as demonstrated below. | |
166 | ||
167 | If the identifier type is present it occupies the three highest order | |
168 | bits of an identifier. The possible values are given in the above list. | |
169 | ||
170 | If the C-bit is present, this is used as an indication that checksum | |
171 | neutral mapping has been done. The C-bit can only be set in an | |
172 | ILA address, never a SIR address. | |
173 | ||
174 | In the simplest format the identifier types, C-bit, and checksum | |
175 | adjustment value are not present so an identifier is considered an | |
176 | unstructured sixty-four bit value. | |
177 | ||
178 | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |
179 | | Identifier | | |
180 | + + | |
181 | | | | |
182 | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |
183 | ||
184 | The checksum neutral adjustment may be configured to always be | |
185 | present using neutral-map-auto. In this case there is no C-bit, but the | |
186 | checksum adjustment is in the low order 16 bits. The identifier is | |
187 | still sixty-four bits. | |
188 | ||
189 | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |
190 | | Identifier | | |
191 | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |
192 | | | Checksum-neutral adjustment | | |
193 | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |
194 | ||
195 | The C-bit may used to explicitly indicate that checksum neutral | |
196 | mapping has been applied to an ILA address. The format is: | |
197 | ||
198 | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |
199 | | |C| Identifier | | |
200 | | +-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |
201 | | | Checksum-neutral adjustment | | |
202 | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |
203 | ||
204 | The identifier type field may be present to indicate the identifier | |
205 | type. If it is not present then the type is inferred based on mapping | |
206 | configuration. The checksum neutral adjustment may automatically | |
207 | used with the identifier type as illustrated below. | |
208 | ||
209 | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |
210 | | Type| Identifier | | |
211 | +-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |
212 | | | Checksum-neutral adjustment | | |
213 | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |
214 | ||
215 | If the identifier type and the C-bit can be present simultaneously so | |
216 | the identifier format would be: | |
217 | ||
218 | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |
219 | | Type|C| Identifier | | |
220 | +-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |
221 | | | Checksum-neutral adjustment | | |
222 | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |
223 | ||
224 | ||
225 | Configuration | |
226 | ============= | |
227 | ||
228 | There are two methods to configure ILA mappings. One is by using LWT routes | |
229 | and the other is ila_xlat (called from NFHOOK PREROUTING hook). ila_xlat | |
230 | is intended to be used in the receive path for ILA hosts . | |
231 | ||
232 | An ILA router has also been implemented in XDP. Description of that is | |
233 | outside the scope of this document. | |
234 | ||
235 | The usage of for ILA LWT routes is: | |
236 | ||
237 | ip route add DEST/128 encap ila LOC csum-mode MODE ident-type TYPE via ADDR | |
238 | ||
239 | Destination (DEST) can either be a SIR address (for an ILA host or ingress | |
240 | ILA router) or an ILA address (egress ILA router). LOC is the sixty-four | |
241 | bit locator (with format W:X:Y:Z) that overwrites the upper sixty-four | |
242 | bits of the destination address. Checksum MODE is one of "no-action", | |
243 | "adj-transport", "neutral-map", and "neutral-map-auto". If neutral-map is | |
244 | set then the C-bit will be present. Identifier TYPE one of "luid" or | |
245 | "use-format." In the case of use-format, the identifier type field is | |
246 | present and the effective type is taken from that. | |
247 | ||
248 | The usage of ila_xlat is: | |
249 | ||
250 | ip ila add loc_match MATCH loc LOC csum-mode MODE ident-type TYPE | |
251 | ||
252 | MATCH indicates the incoming locator that must be matched to apply | |
253 | a the translaiton. LOC is the locator that overwrites the upper | |
254 | sixty-four bits of the destination address. MODE and TYPE have the | |
255 | same meanings as described above. | |
256 | ||
257 | ||
258 | Some examples | |
259 | ============= | |
260 | ||
261 | # Configure an ILA route that uses checksum neutral mapping as well | |
262 | # as type field. Note that the type field is set in the SIR address | |
263 | # (the 2000 implies type is 1 which is LUID). | |
264 | ip route add 3333:0:0:1:2000:0:1:87/128 encap ila 2001:0:87:0 \ | |
265 | csum-mode neutral-map ident-type use-format | |
266 | ||
267 | # Configure an ILA LWT route that uses auto checksum neutral mapping | |
268 | # (no C-bit) and configure identifier type to be LUID so that the | |
269 | # identifier type field will not be present. | |
270 | ip route add 3333:0:0:1:2000:0:2:87/128 encap ila 2001:0:87:1 \ | |
271 | csum-mode neutral-map-auto ident-type luid | |
272 | ||
273 | ila_xlat configuration | |
274 | ||
275 | # Configure an ILA to SIR mapping that matches a locator and overwrites | |
276 | # it with a SIR address (3333:0:0:1 in this example). The C-bit and | |
277 | # identifier field are used. | |
278 | ip ila add loc_match 2001:0:119:0 loc 3333:0:0:1 \ | |
279 | csum-mode neutral-map-auto ident-type use-format | |
280 | ||
281 | # Configure an ILA to SIR mapping where checksum neutral is automatically | |
282 | # set without the C-bit and the identifier type is configured to be LUID | |
283 | # so that the identifier type field is not present. | |
284 | ip ila add loc_match 2001:0:119:0 loc 3333:0:0:1 \ | |
285 | csum-mode neutral-map-auto ident-type use-format |