summaryrefslogtreecommitdiff
path: root/Documentation/networking/ila.rst
blob: 5ac0a6270b1755f5e9c7ba333e0dc20a23243ab1 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
.. SPDX-License-Identifier: GPL-2.0

===================================
Identifier Locator Addressing (ILA)
===================================


Introduction
============

Identifier-locator addressing (ILA) is a technique used with IPv6 that
differentiates between location and identity of a network node. Part of an
address expresses the immutable identity of the node, and another part
indicates the location of the node which can be dynamic. Identifier-locator
addressing can be used to efficiently implement overlay networks for
network virtualization as well as solutions for use cases in mobility.

ILA can be thought of as means to implement an overlay network without
encapsulation. This is accomplished by performing network address
translation on destination addresses as a packet traverses a network. To
the network, an ILA translated packet appears to be no different than any
other IPv6 packet. For instance, if the transport protocol is TCP then an
ILA translated packet looks like just another TCP/IPv6 packet. The
advantage of this is that ILA is transparent to the network so that
optimizations in the network, such as ECMP, RSS, GRO, GSO, etc., just work.

The ILA protocol is described in Internet-Draft draft-herbert-intarea-ila.


ILA terminology
===============

  - Identifier
		A number that identifies an addressable node in the network
		independent of its location. ILA identifiers are sixty-four
		bit values.

  - Locator
		A network prefix that routes to a physical host. Locators
		provide the topological location of an addressed node. ILA
		locators are sixty-four bit prefixes.

  - ILA mapping
		A mapping of an ILA identifier to a locator (or to a
		locator and meta data). An ILA domain maintains a database
		that contains mappings for all destinations in the domain.

  - SIR address
		An IPv6 address composed of a SIR prefix (upper sixty-
		four bits) and an identifier (lower sixty-four bits).
		SIR addresses are visible to applications and provide a
		means for them to address nodes independent of their
		location.

  - ILA address
		An IPv6 address composed of a locator (upper sixty-four
		bits) and an identifier (low order sixty-four bits). ILA
		addresses are never visible to an application.

  - ILA host
		An end host that is capable of performing ILA translations
		on transmit or receive.

  - ILA router
		A network node that performs ILA translation and forwarding
		of translated packets.

  - ILA forwarding cache
		A type of ILA router that only maintains a working set
		cache of mappings.

  - ILA node
		A network node capable of performing ILA translations. This
		can be an ILA router, ILA forwarding cache, or ILA host.


Operation
=========

There are two fundamental operations with ILA:

  - Translate a SIR address to an ILA address. This is performed on ingress
    to an ILA overlay.

  - Translate an ILA address to a SIR address. This is performed on egress
    from the ILA overlay.

ILA can be deployed either on end hosts or intermediate devices in the
network; these are provided by "ILA hosts" and "ILA routers" respectively.
Configuration and datapath for these two points of deployment is somewhat
different.

The diagram below illustrates the flow of packets through ILA as well
as showing ILA hosts and routers::

    +--------+                                                +--------+
    | Host A +-+                                         +--->| Host B |
    |        | |              (2) ILA                   (')   |        |
    +--------+ |            ...addressed....           (   )  +--------+
	       V  +---+--+  .  packet      .  +---+--+  (_)
   (1) SIR     |  | ILA  |----->-------->---->| ILA  |   |   (3) SIR
    addressed  +->|router|  .              .  |router|->-+    addressed
    packet        +---+--+  .     IPv6     .  +---+--+        packet
		   /        .    Network   .
		  /         .              .   +--+-++--------+
    +--------+   /          .              .   |ILA ||  Host  |
    |  Host  +--+           .              .- -|host||        |
    |        |              .              .   +--+-++--------+
    +--------+              ................


Transport checksum handling
===========================

When an address is translated by ILA, an encapsulated transport checksum
that includes the translated address in a pseudo header may be rendered
incorrect on the wire. This is a problem for intermediate devices,
including checksum offload in NICs, that process the checksum. There are
three options to deal with this:

- no action	Allow the checksum to be incorrect on the wire. Before
		a receiver verifies a checksum the ILA to SIR address
		translation must be done.

- adjust transport checksum
		When ILA translation is performed the packet is parsed
		and if a transport layer checksum is found then it is
		adjusted to reflect the correct checksum per the
		translated address.

- checksum neutral mapping
		When an address is translated the difference can be offset
		elsewhere in a part of the packet that is covered by
		the checksum. The low order sixteen bits of the identifier
		are used. This method is preferred since it doesn't require
		parsing a packet beyond the IP header and in most cases the
		adjustment can be precomputed and saved with the mapping.

Note that the checksum neutral adjustment affects the low order sixteen
bits of the identifier. When ILA to SIR address translation is done on
egress the low order bits are restored to the original value which
restores the identifier as it was originally sent.


Identifier types
================

ILA defines different types of identifiers for different use cases.

The defined types are:

      0: interface identifier

      1: locally unique identifier

      2: virtual networking identifier for IPv4 address

      3: virtual networking identifier for IPv6 unicast address

      4: virtual networking identifier for IPv6 multicast address

      5: non-local address identifier

In the current implementation of kernel ILA only locally unique identifiers
(LUID) are supported. LUID allows for a generic, unformatted 64 bit
identifier.


Identifier formats
==================

Kernel ILA supports two optional fields in an identifier for formatting:
"C-bit" and "identifier type". The presence of these fields is determined
by configuration as demonstrated below.

If the identifier type is present it occupies the three highest order
bits of an identifier. The possible values are given in the above list.

If the C-bit is present,  this is used as an indication that checksum
neutral mapping has been done. The C-bit can only be set in an
ILA address, never a SIR address.

In the simplest format the identifier types, C-bit, and checksum
adjustment value are not present so an identifier is considered an
unstructured sixty-four bit value::

     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     |                            Identifier                         |
     +                                                               +
     |                                                               |
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

The checksum neutral adjustment may be configured to always be
present using neutral-map-auto. In this case there is no C-bit, but the
checksum adjustment is in the low order 16 bits. The identifier is
still sixty-four bits::

     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     |                            Identifier                         |
     |                               +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     |                               |  Checksum-neutral adjustment  |
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

The C-bit may used to explicitly indicate that checksum neutral
mapping has been applied to an ILA address. The format is::

     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     |     |C|                    Identifier                         |
     |     +-+                       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     |                               |  Checksum-neutral adjustment  |
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

The identifier type field may be present to indicate the identifier
type. If it is not present then the type is inferred based on mapping
configuration. The checksum neutral adjustment may automatically
used with the identifier type as illustrated below::

     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     | Type|                      Identifier                         |
     +-+-+-+                         +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     |                               |  Checksum-neutral adjustment  |
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

If the identifier type and the C-bit can be present simultaneously so
the identifier format would be::

     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     | Type|C|                    Identifier                         |
     +-+-+-+-+                       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     |                               |  Checksum-neutral adjustment  |
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+


Configuration
=============

There are two methods to configure ILA mappings. One is by using LWT routes
and the other is ila_xlat (called from NFHOOK PREROUTING hook). ila_xlat
is intended to be used in the receive path for ILA hosts .

An ILA router has also been implemented in XDP. Description of that is
outside the scope of this document.

The usage of for ILA LWT routes is:

ip route add DEST/128 encap ila LOC csum-mode MODE ident-type TYPE via ADDR

Destination (DEST) can either be a SIR address (for an ILA host or ingress
ILA router) or an ILA address (egress ILA router). LOC is the sixty-four
bit locator (with format W:X:Y:Z) that overwrites the upper sixty-four
bits of the destination address.  Checksum MODE is one of "no-action",
"adj-transport", "neutral-map", and "neutral-map-auto". If neutral-map is
set then the C-bit will be present. Identifier TYPE one of "luid" or
"use-format." In the case of use-format, the identifier type field is
present and the effective type is taken from that.

The usage of ila_xlat is:

ip ila add loc_match MATCH loc LOC csum-mode MODE ident-type TYPE

MATCH indicates the incoming locator that must be matched to apply
a the translaiton. LOC is the locator that overwrites the upper
sixty-four bits of the destination address. MODE and TYPE have the
same meanings as described above.


Some examples
=============

::

     # Configure an ILA route that uses checksum neutral mapping as well
     # as type field. Note that the type field is set in the SIR address
     # (the 2000 implies type is 1 which is LUID).
     ip route add 3333:0:0:1:2000:0:1:87/128 encap ila 2001:0:87:0 \
	  csum-mode neutral-map ident-type use-format

     # Configure an ILA LWT route that uses auto checksum neutral mapping
     # (no C-bit) and configure identifier type to be LUID so that the
     # identifier type field will not be present.
     ip route add 3333:0:0:1:2000:0:2:87/128 encap ila 2001:0:87:1 \
	  csum-mode neutral-map-auto ident-type luid

     ila_xlat configuration

     # Configure an ILA to SIR mapping that matches a locator and overwrites
     # it with a SIR address (3333:0:0:1 in this example). The C-bit and
     # identifier field are used.
     ip ila add loc_match 2001:0:119:0 loc 3333:0:0:1 \
	 csum-mode neutral-map-auto ident-type use-format

     # Configure an ILA to SIR mapping where checksum neutral is automatically
     # set without the C-bit and the identifier type is configured to be LUID
     # so that the identifier type field is not present.
     ip ila add loc_match 2001:0:119:0 loc 3333:0:0:1 \
	 csum-mode neutral-map-auto ident-type use-format