| .. SPDX-License-Identifier: GPL-2.0 |
| |
| =================================== |
| Identifier Locator Addressing (ILA) |
| =================================== |
| |
| |
| Introduction |
| ============ |
| |
| Identifier-locator addressing (ILA) is a technique used with IPv6 that |
| differentiates between location and identity of a network node. Part of an |
| address expresses the immutable identity of the node, and another part |
| indicates the location of the node which can be dynamic. Identifier-locator |
| addressing can be used to efficiently implement overlay networks for |
| network virtualization as well as solutions for use cases in mobility. |
| |
| ILA can be thought of as means to implement an overlay network without |
| encapsulation. This is accomplished by performing network address |
| translation on destination addresses as a packet traverses a network. To |
| the network, an ILA translated packet appears to be no different than any |
| other IPv6 packet. For instance, if the transport protocol is TCP then an |
| ILA translated packet looks like just another TCP/IPv6 packet. The |
| advantage of this is that ILA is transparent to the network so that |
| optimizations in the network, such as ECMP, RSS, GRO, GSO, etc., just work. |
| |
| The ILA protocol is described in Internet-Draft draft-herbert-intarea-ila. |
| |
| |
| ILA terminology |
| =============== |
| |
| - Identifier |
| A number that identifies an addressable node in the network |
| independent of its location. ILA identifiers are sixty-four |
| bit values. |
| |
| - Locator |
| A network prefix that routes to a physical host. Locators |
| provide the topological location of an addressed node. ILA |
| locators are sixty-four bit prefixes. |
| |
| - ILA mapping |
| A mapping of an ILA identifier to a locator (or to a |
| locator and meta data). An ILA domain maintains a database |
| that contains mappings for all destinations in the domain. |
| |
| - SIR address |
| An IPv6 address composed of a SIR prefix (upper sixty- |
| four bits) and an identifier (lower sixty-four bits). |
| SIR addresses are visible to applications and provide a |
| means for them to address nodes independent of their |
| location. |
| |
| - ILA address |
| An IPv6 address composed of a locator (upper sixty-four |
| bits) and an identifier (low order sixty-four bits). ILA |
| addresses are never visible to an application. |
| |
| - ILA host |
| An end host that is capable of performing ILA translations |
| on transmit or receive. |
| |
| - ILA router |
| A network node that performs ILA translation and forwarding |
| of translated packets. |
| |
| - ILA forwarding cache |
| A type of ILA router that only maintains a working set |
| cache of mappings. |
| |
| - ILA node |
| A network node capable of performing ILA translations. This |
| can be an ILA router, ILA forwarding cache, or ILA host. |
| |
| |
| Operation |
| ========= |
| |
| There are two fundamental operations with ILA: |
| |
| - Translate a SIR address to an ILA address. This is performed on ingress |
| to an ILA overlay. |
| |
| - Translate an ILA address to a SIR address. This is performed on egress |
| from the ILA overlay. |
| |
| ILA can be deployed either on end hosts or intermediate devices in the |
| network; these are provided by "ILA hosts" and "ILA routers" respectively. |
| Configuration and datapath for these two points of deployment is somewhat |
| different. |
| |
| The diagram below illustrates the flow of packets through ILA as well |
| as showing ILA hosts and routers:: |
| |
| +--------+ +--------+ |
| | Host A +-+ +--->| Host B | |
| | | | (2) ILA (') | | |
| +--------+ | ...addressed.... ( ) +--------+ |
| V +---+--+ . packet . +---+--+ (_) |
| (1) SIR | | ILA |----->-------->---->| ILA | | (3) SIR |
| addressed +->|router| . . |router|->-+ addressed |
| packet +---+--+ . IPv6 . +---+--+ packet |
| / . Network . |
| / . . +--+-++--------+ |
| +--------+ / . . |ILA || Host | |
| | Host +--+ . .- -|host|| | |
| | | . . +--+-++--------+ |
| +--------+ ................ |
| |
| |
| Transport checksum handling |
| =========================== |
| |
| When an address is translated by ILA, an encapsulated transport checksum |
| that includes the translated address in a pseudo header may be rendered |
| incorrect on the wire. This is a problem for intermediate devices, |
| including checksum offload in NICs, that process the checksum. There are |
| three options to deal with this: |
| |
| - no action Allow the checksum to be incorrect on the wire. Before |
| a receiver verifies a checksum the ILA to SIR address |
| translation must be done. |
| |
| - adjust transport checksum |
| When ILA translation is performed the packet is parsed |
| and if a transport layer checksum is found then it is |
| adjusted to reflect the correct checksum per the |
| translated address. |
| |
| - checksum neutral mapping |
| When an address is translated the difference can be offset |
| elsewhere in a part of the packet that is covered by |
| the checksum. The low order sixteen bits of the identifier |
| are used. This method is preferred since it doesn't require |
| parsing a packet beyond the IP header and in most cases the |
| adjustment can be precomputed and saved with the mapping. |
| |
| Note that the checksum neutral adjustment affects the low order sixteen |
| bits of the identifier. When ILA to SIR address translation is done on |
| egress the low order bits are restored to the original value which |
| restores the identifier as it was originally sent. |
| |
| |
| Identifier types |
| ================ |
| |
| ILA defines different types of identifiers for different use cases. |
| |
| The defined types are: |
| |
| 0: interface identifier |
| |
| 1: locally unique identifier |
| |
| 2: virtual networking identifier for IPv4 address |
| |
| 3: virtual networking identifier for IPv6 unicast address |
| |
| 4: virtual networking identifier for IPv6 multicast address |
| |
| 5: non-local address identifier |
| |
| In the current implementation of kernel ILA only locally unique identifiers |
| (LUID) are supported. LUID allows for a generic, unformatted 64 bit |
| identifier. |
| |
| |
| Identifier formats |
| ================== |
| |
| Kernel ILA supports two optional fields in an identifier for formatting: |
| "C-bit" and "identifier type". The presence of these fields is determined |
| by configuration as demonstrated below. |
| |
| If the identifier type is present it occupies the three highest order |
| bits of an identifier. The possible values are given in the above list. |
| |
| If the C-bit is present, this is used as an indication that checksum |
| neutral mapping has been done. The C-bit can only be set in an |
| ILA address, never a SIR address. |
| |
| In the simplest format the identifier types, C-bit, and checksum |
| adjustment value are not present so an identifier is considered an |
| unstructured sixty-four bit value:: |
| |
| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
| | Identifier | |
| + + |
| | | |
| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
| |
| The checksum neutral adjustment may be configured to always be |
| present using neutral-map-auto. In this case there is no C-bit, but the |
| checksum adjustment is in the low order 16 bits. The identifier is |
| still sixty-four bits:: |
| |
| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
| | Identifier | |
| | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
| | | Checksum-neutral adjustment | |
| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
| |
| The C-bit may used to explicitly indicate that checksum neutral |
| mapping has been applied to an ILA address. The format is:: |
| |
| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
| | |C| Identifier | |
| | +-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
| | | Checksum-neutral adjustment | |
| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
| |
| The identifier type field may be present to indicate the identifier |
| type. If it is not present then the type is inferred based on mapping |
| configuration. The checksum neutral adjustment may automatically |
| used with the identifier type as illustrated below:: |
| |
| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
| | Type| Identifier | |
| +-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
| | | Checksum-neutral adjustment | |
| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
| |
| If the identifier type and the C-bit can be present simultaneously so |
| the identifier format would be:: |
| |
| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
| | Type|C| Identifier | |
| +-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
| | | Checksum-neutral adjustment | |
| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
| |
| |
| Configuration |
| ============= |
| |
| There are two methods to configure ILA mappings. One is by using LWT routes |
| and the other is ila_xlat (called from NFHOOK PREROUTING hook). ila_xlat |
| is intended to be used in the receive path for ILA hosts . |
| |
| An ILA router has also been implemented in XDP. Description of that is |
| outside the scope of this document. |
| |
| The usage of for ILA LWT routes is: |
| |
| ip route add DEST/128 encap ila LOC csum-mode MODE ident-type TYPE via ADDR |
| |
| Destination (DEST) can either be a SIR address (for an ILA host or ingress |
| ILA router) or an ILA address (egress ILA router). LOC is the sixty-four |
| bit locator (with format W:X:Y:Z) that overwrites the upper sixty-four |
| bits of the destination address. Checksum MODE is one of "no-action", |
| "adj-transport", "neutral-map", and "neutral-map-auto". If neutral-map is |
| set then the C-bit will be present. Identifier TYPE one of "luid" or |
| "use-format." In the case of use-format, the identifier type field is |
| present and the effective type is taken from that. |
| |
| The usage of ila_xlat is: |
| |
| ip ila add loc_match MATCH loc LOC csum-mode MODE ident-type TYPE |
| |
| MATCH indicates the incoming locator that must be matched to apply |
| a the translaiton. LOC is the locator that overwrites the upper |
| sixty-four bits of the destination address. MODE and TYPE have the |
| same meanings as described above. |
| |
| |
| Some examples |
| ============= |
| |
| :: |
| |
| # Configure an ILA route that uses checksum neutral mapping as well |
| # as type field. Note that the type field is set in the SIR address |
| # (the 2000 implies type is 1 which is LUID). |
| ip route add 3333:0:0:1:2000:0:1:87/128 encap ila 2001:0:87:0 \ |
| csum-mode neutral-map ident-type use-format |
| |
| # Configure an ILA LWT route that uses auto checksum neutral mapping |
| # (no C-bit) and configure identifier type to be LUID so that the |
| # identifier type field will not be present. |
| ip route add 3333:0:0:1:2000:0:2:87/128 encap ila 2001:0:87:1 \ |
| csum-mode neutral-map-auto ident-type luid |
| |
| ila_xlat configuration |
| |
| # Configure an ILA to SIR mapping that matches a locator and overwrites |
| # it with a SIR address (3333:0:0:1 in this example). The C-bit and |
| # identifier field are used. |
| ip ila add loc_match 2001:0:119:0 loc 3333:0:0:1 \ |
| csum-mode neutral-map-auto ident-type use-format |
| |
| # Configure an ILA to SIR mapping where checksum neutral is automatically |
| # set without the C-bit and the identifier type is configured to be LUID |
| # so that the identifier type field is not present. |
| ip ila add loc_match 2001:0:119:0 loc 3333:0:0:1 \ |
| csum-mode neutral-map-auto ident-type use-format |
