ila.rst (11996B)
1.. SPDX-License-Identifier: GPL-2.0 2 3=================================== 4Identifier Locator Addressing (ILA) 5=================================== 6 7 8Introduction 9============ 10 11Identifier-locator addressing (ILA) is a technique used with IPv6 that 12differentiates between location and identity of a network node. Part of an 13address expresses the immutable identity of the node, and another part 14indicates the location of the node which can be dynamic. Identifier-locator 15addressing can be used to efficiently implement overlay networks for 16network virtualization as well as solutions for use cases in mobility. 17 18ILA can be thought of as means to implement an overlay network without 19encapsulation. This is accomplished by performing network address 20translation on destination addresses as a packet traverses a network. To 21the network, an ILA translated packet appears to be no different than any 22other IPv6 packet. For instance, if the transport protocol is TCP then an 23ILA translated packet looks like just another TCP/IPv6 packet. The 24advantage of this is that ILA is transparent to the network so that 25optimizations in the network, such as ECMP, RSS, GRO, GSO, etc., just work. 26 27The ILA protocol is described in Internet-Draft draft-herbert-intarea-ila. 28 29 30ILA terminology 31=============== 32 33 - Identifier 34 A number that identifies an addressable node in the network 35 independent of its location. ILA identifiers are sixty-four 36 bit values. 37 38 - Locator 39 A network prefix that routes to a physical host. Locators 40 provide the topological location of an addressed node. ILA 41 locators are sixty-four bit prefixes. 42 43 - ILA mapping 44 A mapping of an ILA identifier to a locator (or to a 45 locator and meta data). An ILA domain maintains a database 46 that contains mappings for all destinations in the domain. 47 48 - SIR address 49 An IPv6 address composed of a SIR prefix (upper sixty- 50 four bits) and an identifier (lower sixty-four bits). 51 SIR addresses are visible to applications and provide a 52 means for them to address nodes independent of their 53 location. 54 55 - ILA address 56 An IPv6 address composed of a locator (upper sixty-four 57 bits) and an identifier (low order sixty-four bits). ILA 58 addresses are never visible to an application. 59 60 - ILA host 61 An end host that is capable of performing ILA translations 62 on transmit or receive. 63 64 - ILA router 65 A network node that performs ILA translation and forwarding 66 of translated packets. 67 68 - ILA forwarding cache 69 A type of ILA router that only maintains a working set 70 cache of mappings. 71 72 - ILA node 73 A network node capable of performing ILA translations. This 74 can be an ILA router, ILA forwarding cache, or ILA host. 75 76 77Operation 78========= 79 80There are two fundamental operations with ILA: 81 82 - Translate a SIR address to an ILA address. This is performed on ingress 83 to an ILA overlay. 84 85 - Translate an ILA address to a SIR address. This is performed on egress 86 from the ILA overlay. 87 88ILA can be deployed either on end hosts or intermediate devices in the 89network; these are provided by "ILA hosts" and "ILA routers" respectively. 90Configuration and datapath for these two points of deployment is somewhat 91different. 92 93The diagram below illustrates the flow of packets through ILA as well 94as showing ILA hosts and routers:: 95 96 +--------+ +--------+ 97 | Host A +-+ +--->| Host B | 98 | | | (2) ILA (') | | 99 +--------+ | ...addressed.... ( ) +--------+ 100 V +---+--+ . packet . +---+--+ (_) 101 (1) SIR | | ILA |----->-------->---->| ILA | | (3) SIR 102 addressed +->|router| . . |router|->-+ addressed 103 packet +---+--+ . IPv6 . +---+--+ packet 104 / . Network . 105 / . . +--+-++--------+ 106 +--------+ / . . |ILA || Host | 107 | Host +--+ . .- -|host|| | 108 | | . . +--+-++--------+ 109 +--------+ ................ 110 111 112Transport checksum handling 113=========================== 114 115When an address is translated by ILA, an encapsulated transport checksum 116that includes the translated address in a pseudo header may be rendered 117incorrect on the wire. This is a problem for intermediate devices, 118including checksum offload in NICs, that process the checksum. There are 119three options to deal with this: 120 121- no action Allow the checksum to be incorrect on the wire. Before 122 a receiver verifies a checksum the ILA to SIR address 123 translation must be done. 124 125- adjust transport checksum 126 When ILA translation is performed the packet is parsed 127 and if a transport layer checksum is found then it is 128 adjusted to reflect the correct checksum per the 129 translated address. 130 131- checksum neutral mapping 132 When an address is translated the difference can be offset 133 elsewhere in a part of the packet that is covered by 134 the checksum. The low order sixteen bits of the identifier 135 are used. This method is preferred since it doesn't require 136 parsing a packet beyond the IP header and in most cases the 137 adjustment can be precomputed and saved with the mapping. 138 139Note that the checksum neutral adjustment affects the low order sixteen 140bits of the identifier. When ILA to SIR address translation is done on 141egress the low order bits are restored to the original value which 142restores the identifier as it was originally sent. 143 144 145Identifier types 146================ 147 148ILA defines different types of identifiers for different use cases. 149 150The defined types are: 151 152 0: interface identifier 153 154 1: locally unique identifier 155 156 2: virtual networking identifier for IPv4 address 157 158 3: virtual networking identifier for IPv6 unicast address 159 160 4: virtual networking identifier for IPv6 multicast address 161 162 5: non-local address identifier 163 164In the current implementation of kernel ILA only locally unique identifiers 165(LUID) are supported. LUID allows for a generic, unformatted 64 bit 166identifier. 167 168 169Identifier formats 170================== 171 172Kernel ILA supports two optional fields in an identifier for formatting: 173"C-bit" and "identifier type". The presence of these fields is determined 174by configuration as demonstrated below. 175 176If the identifier type is present it occupies the three highest order 177bits of an identifier. The possible values are given in the above list. 178 179If the C-bit is present, this is used as an indication that checksum 180neutral mapping has been done. The C-bit can only be set in an 181ILA address, never a SIR address. 182 183In the simplest format the identifier types, C-bit, and checksum 184adjustment value are not present so an identifier is considered an 185unstructured sixty-four bit value:: 186 187 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 188 | Identifier | 189 + + 190 | | 191 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 192 193The checksum neutral adjustment may be configured to always be 194present using neutral-map-auto. In this case there is no C-bit, but the 195checksum adjustment is in the low order 16 bits. The identifier is 196still sixty-four bits:: 197 198 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 199 | Identifier | 200 | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 201 | | Checksum-neutral adjustment | 202 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 203 204The C-bit may used to explicitly indicate that checksum neutral 205mapping has been applied to an ILA address. The format is:: 206 207 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 208 | |C| Identifier | 209 | +-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 210 | | Checksum-neutral adjustment | 211 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 212 213The identifier type field may be present to indicate the identifier 214type. If it is not present then the type is inferred based on mapping 215configuration. The checksum neutral adjustment may automatically 216used with the identifier type as illustrated below:: 217 218 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 219 | Type| Identifier | 220 +-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 221 | | Checksum-neutral adjustment | 222 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 223 224If the identifier type and the C-bit can be present simultaneously so 225the identifier format would be:: 226 227 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 228 | Type|C| Identifier | 229 +-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 230 | | Checksum-neutral adjustment | 231 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 232 233 234Configuration 235============= 236 237There are two methods to configure ILA mappings. One is by using LWT routes 238and the other is ila_xlat (called from NFHOOK PREROUTING hook). ila_xlat 239is intended to be used in the receive path for ILA hosts . 240 241An ILA router has also been implemented in XDP. Description of that is 242outside the scope of this document. 243 244The usage of for ILA LWT routes is: 245 246ip route add DEST/128 encap ila LOC csum-mode MODE ident-type TYPE via ADDR 247 248Destination (DEST) can either be a SIR address (for an ILA host or ingress 249ILA router) or an ILA address (egress ILA router). LOC is the sixty-four 250bit locator (with format W:X:Y:Z) that overwrites the upper sixty-four 251bits of the destination address. Checksum MODE is one of "no-action", 252"adj-transport", "neutral-map", and "neutral-map-auto". If neutral-map is 253set then the C-bit will be present. Identifier TYPE one of "luid" or 254"use-format." In the case of use-format, the identifier type field is 255present and the effective type is taken from that. 256 257The usage of ila_xlat is: 258 259ip ila add loc_match MATCH loc LOC csum-mode MODE ident-type TYPE 260 261MATCH indicates the incoming locator that must be matched to apply 262a the translaiton. LOC is the locator that overwrites the upper 263sixty-four bits of the destination address. MODE and TYPE have the 264same meanings as described above. 265 266 267Some examples 268============= 269 270:: 271 272 # Configure an ILA route that uses checksum neutral mapping as well 273 # as type field. Note that the type field is set in the SIR address 274 # (the 2000 implies type is 1 which is LUID). 275 ip route add 3333:0:0:1:2000:0:1:87/128 encap ila 2001:0:87:0 \ 276 csum-mode neutral-map ident-type use-format 277 278 # Configure an ILA LWT route that uses auto checksum neutral mapping 279 # (no C-bit) and configure identifier type to be LUID so that the 280 # identifier type field will not be present. 281 ip route add 3333:0:0:1:2000:0:2:87/128 encap ila 2001:0:87:1 \ 282 csum-mode neutral-map-auto ident-type luid 283 284 ila_xlat configuration 285 286 # Configure an ILA to SIR mapping that matches a locator and overwrites 287 # it with a SIR address (3333:0:0:1 in this example). The C-bit and 288 # identifier field are used. 289 ip ila add loc_match 2001:0:119:0 loc 3333:0:0:1 \ 290 csum-mode neutral-map-auto ident-type use-format 291 292 # Configure an ILA to SIR mapping where checksum neutral is automatically 293 # set without the C-bit and the identifier type is configured to be LUID 294 # so that the identifier type field is not present. 295 ip ila add loc_match 2001:0:119:0 loc 3333:0:0:1 \ 296 csum-mode neutral-map-auto ident-type use-format