|
| 1 | +Identifier Locator Addressing (ILA) |
| 2 | + |
| 3 | + |
| 4 | +Introduction |
| 5 | +============ |
| 6 | + |
| 7 | +Identifier-locator addressing (ILA) is a technique used with IPv6 that |
| 8 | +differentiates between location and identity of a network node. Part of an |
| 9 | +address expresses the immutable identity of the node, and another part |
| 10 | +indicates the location of the node which can be dynamic. Identifier-locator |
| 11 | +addressing can be used to efficiently implement overlay networks for |
| 12 | +network virtualization as well as solutions for use cases in mobility. |
| 13 | + |
| 14 | +ILA can be thought of as means to implement an overlay network without |
| 15 | +encapsulation. This is accomplished by performing network address |
| 16 | +translation on destination addresses as a packet traverses a network. To |
| 17 | +the network, an ILA translated packet appears to be no different than any |
| 18 | +other IPv6 packet. For instance, if the transport protocol is TCP then an |
| 19 | +ILA translated packet looks like just another TCP/IPv6 packet. The |
| 20 | +advantage of this is that ILA is transparent to the network so that |
| 21 | +optimizations in the network, such as ECMP, RSS, GRO, GSO, etc., just work. |
| 22 | + |
| 23 | +The ILA protocol is described in Internet-Draft draft-herbert-intarea-ila. |
| 24 | + |
| 25 | + |
| 26 | +ILA terminology |
| 27 | +=============== |
| 28 | + |
| 29 | + - Identifier A number that identifies an addressable node in the network |
| 30 | + independent of its location. ILA identifiers are sixty-four |
| 31 | + bit values. |
| 32 | + |
| 33 | + - Locator A network prefix that routes to a physical host. Locators |
| 34 | + provide the topological location of an addressed node. ILA |
| 35 | + locators are sixty-four bit prefixes. |
| 36 | + |
| 37 | + - ILA mapping |
| 38 | + A mapping of an ILA identifier to a locator (or to a |
| 39 | + locator and meta data). An ILA domain maintains a database |
| 40 | + that contains mappings for all destinations in the domain. |
| 41 | + |
| 42 | + - SIR address |
| 43 | + An IPv6 address composed of a SIR prefix (upper sixty- |
| 44 | + four bits) and an identifier (lower sixty-four bits). |
| 45 | + SIR addresses are visible to applications and provide a |
| 46 | + means for them to address nodes independent of their |
| 47 | + location. |
| 48 | + |
| 49 | + - ILA address |
| 50 | + An IPv6 address composed of a locator (upper sixty-four |
| 51 | + bits) and an identifier (low order sixty-four bits). ILA |
| 52 | + addresses are never visible to an application. |
| 53 | + |
| 54 | + - ILA host An end host that is capable of performing ILA translations |
| 55 | + on transmit or receive. |
| 56 | + |
| 57 | + - ILA router A network node that performs ILA translation and forwarding |
| 58 | + of translated packets. |
| 59 | + |
| 60 | + - ILA forwarding cache |
| 61 | + A type of ILA router that only maintains a working set |
| 62 | + cache of mappings. |
| 63 | + |
| 64 | + - ILA node A network node capable of performing ILA translations. This |
| 65 | + can be an ILA router, ILA forwarding cache, or ILA host. |
| 66 | + |
| 67 | + |
| 68 | +Operation |
| 69 | +========= |
| 70 | + |
| 71 | +There are two fundamental operations with ILA: |
| 72 | + |
| 73 | + - Translate a SIR address to an ILA address. This is performed on ingress |
| 74 | + to an ILA overlay. |
| 75 | + |
| 76 | + - Translate an ILA address to a SIR address. This is performed on egress |
| 77 | + from the ILA overlay. |
| 78 | + |
| 79 | +ILA can be deployed either on end hosts or intermediate devices in the |
| 80 | +network; these are provided by "ILA hosts" and "ILA routers" respectively. |
| 81 | +Configuration and datapath for these two points of deployment is somewhat |
| 82 | +different. |
| 83 | + |
| 84 | +The diagram below illustrates the flow of packets through ILA as well |
| 85 | +as showing ILA hosts and routers. |
| 86 | + |
| 87 | + +--------+ +--------+ |
| 88 | + | Host A +-+ +--->| Host B | |
| 89 | + | | | (2) ILA (') | | |
| 90 | + +--------+ | ...addressed.... ( ) +--------+ |
| 91 | + V +---+--+ . packet . +---+--+ (_) |
| 92 | + (1) SIR | | ILA |----->-------->---->| ILA | | (3) SIR |
| 93 | + addressed +->|router| . . |router|->-+ addressed |
| 94 | + packet +---+--+ . IPv6 . +---+--+ packet |
| 95 | + / . Network . |
| 96 | + / . . +--+-++--------+ |
| 97 | + +--------+ / . . |ILA || Host | |
| 98 | + | Host +--+ . .- -|host|| | |
| 99 | + | | . . +--+-++--------+ |
| 100 | + +--------+ ................ |
| 101 | + |
| 102 | + |
| 103 | +Transport checksum handling |
| 104 | +=========================== |
| 105 | + |
| 106 | +When an address is translated by ILA, an encapsulated transport checksum |
| 107 | +that includes the translated address in a pseudo header may be rendered |
| 108 | +incorrect on the wire. This is a problem for intermediate devices, |
| 109 | +including checksum offload in NICs, that process the checksum. There are |
| 110 | +three options to deal with this: |
| 111 | + |
| 112 | +- no action Allow the checksum to be incorrect on the wire. Before |
| 113 | + a receiver verifies a checksum the ILA to SIR address |
| 114 | + translation must be done. |
| 115 | + |
| 116 | +- adjust transport checksum |
| 117 | + When ILA translation is performed the packet is parsed |
| 118 | + and if a transport layer checksum is found then it is |
| 119 | + adjusted to reflect the correct checksum per the |
| 120 | + translated address. |
| 121 | + |
| 122 | +- checksum neutral mapping |
| 123 | + When an address is translated the difference can be offset |
| 124 | + elsewhere in a part of the packet that is covered by the |
| 125 | + the checksum. The low order sixteen bits of the identifier |
| 126 | + are used. This method is preferred since it doesn't require |
| 127 | + parsing a packet beyond the IP header and in most cases the |
| 128 | + adjustment can be precomputed and saved with the mapping. |
| 129 | + |
| 130 | +Note that the checksum neutral adjustment affects the low order sixteen |
| 131 | +bits of the identifier. When ILA to SIR address translation is done on |
| 132 | +egress the low order bits are restored to the original value which |
| 133 | +restores the identifier as it was originally sent. |
| 134 | + |
| 135 | + |
| 136 | +Identifier types |
| 137 | +================ |
| 138 | + |
| 139 | +ILA defines different types of identifiers for different use cases. |
| 140 | + |
| 141 | +The defined types are: |
| 142 | + |
| 143 | + 0: interface identifier |
| 144 | + |
| 145 | + 1: locally unique identifier |
| 146 | + |
| 147 | + 2: virtual networking identifier for IPv4 address |
| 148 | + |
| 149 | + 3: virtual networking identifier for IPv6 unicast address |
| 150 | + |
| 151 | + 4: virtual networking identifier for IPv6 multicast address |
| 152 | + |
| 153 | + 5: non-local address identifier |
| 154 | + |
| 155 | +In the current implementation of kernel ILA only locally unique identifiers |
| 156 | +(LUID) are supported. LUID allows for a generic, unformatted 64 bit |
| 157 | +identifier. |
| 158 | + |
| 159 | + |
| 160 | +Identifier formats |
| 161 | +================== |
| 162 | + |
| 163 | +Kernel ILA supports two optional fields in an identifier for formatting: |
| 164 | +"C-bit" and "identifier type". The presence of these fields is determined |
| 165 | +by configuration as demonstrated below. |
| 166 | + |
| 167 | +If the identifier type is present it occupies the three highest order |
| 168 | +bits of an identifier. The possible values are given in the above list. |
| 169 | + |
| 170 | +If the C-bit is present, this is used as an indication that checksum |
| 171 | +neutral mapping has been done. The C-bit can only be set in an |
| 172 | +ILA address, never a SIR address. |
| 173 | + |
| 174 | +In the simplest format the identifier types, C-bit, and checksum |
| 175 | +adjustment value are not present so an identifier is considered an |
| 176 | +unstructured sixty-four bit value. |
| 177 | + |
| 178 | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
| 179 | + | Identifier | |
| 180 | + + + |
| 181 | + | | |
| 182 | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
| 183 | + |
| 184 | +The checksum neutral adjustment may be configured to always be |
| 185 | +present using neutral-map-auto. In this case there is no C-bit, but the |
| 186 | +checksum adjustment is in the low order 16 bits. The identifier is |
| 187 | +still sixty-four bits. |
| 188 | + |
| 189 | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
| 190 | + | Identifier | |
| 191 | + | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
| 192 | + | | Checksum-neutral adjustment | |
| 193 | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
| 194 | + |
| 195 | +The C-bit may used to explicitly indicate that checksum neutral |
| 196 | +mapping has been applied to an ILA address. The format is: |
| 197 | + |
| 198 | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
| 199 | + | |C| Identifier | |
| 200 | + | +-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
| 201 | + | | Checksum-neutral adjustment | |
| 202 | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
| 203 | + |
| 204 | +The identifier type field may be present to indicate the identifier |
| 205 | +type. If it is not present then the type is inferred based on mapping |
| 206 | +configuration. The checksum neutral adjustment may automatically |
| 207 | +used with the identifier type as illustrated below. |
| 208 | + |
| 209 | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
| 210 | + | Type| Identifier | |
| 211 | + +-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
| 212 | + | | Checksum-neutral adjustment | |
| 213 | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
| 214 | + |
| 215 | +If the identifier type and the C-bit can be present simultaneously so |
| 216 | +the identifier format would be: |
| 217 | + |
| 218 | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
| 219 | + | Type|C| Identifier | |
| 220 | + +-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
| 221 | + | | Checksum-neutral adjustment | |
| 222 | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
| 223 | + |
| 224 | + |
| 225 | +Configuration |
| 226 | +============= |
| 227 | + |
| 228 | +There are two methods to configure ILA mappings. One is by using LWT routes |
| 229 | +and the other is ila_xlat (called from NFHOOK PREROUTING hook). ila_xlat |
| 230 | +is intended to be used in the receive path for ILA hosts . |
| 231 | + |
| 232 | +An ILA router has also been implemented in XDP. Description of that is |
| 233 | +outside the scope of this document. |
| 234 | + |
| 235 | +The usage of for ILA LWT routes is: |
| 236 | + |
| 237 | +ip route add DEST/128 encap ila LOC csum-mode MODE ident-type TYPE via ADDR |
| 238 | + |
| 239 | +Destination (DEST) can either be a SIR address (for an ILA host or ingress |
| 240 | +ILA router) or an ILA address (egress ILA router). LOC is the sixty-four |
| 241 | +bit locator (with format W:X:Y:Z) that overwrites the upper sixty-four |
| 242 | +bits of the destination address. Checksum MODE is one of "no-action", |
| 243 | +"adj-transport", "neutral-map", and "neutral-map-auto". If neutral-map is |
| 244 | +set then the C-bit will be present. Identifier TYPE one of "luid" or |
| 245 | +"use-format." In the case of use-format, the identifier type field is |
| 246 | +present and the effective type is taken from that. |
| 247 | + |
| 248 | +The usage of ila_xlat is: |
| 249 | + |
| 250 | +ip ila add loc_match MATCH loc LOC csum-mode MODE ident-type TYPE |
| 251 | + |
| 252 | +MATCH indicates the incoming locator that must be matched to apply |
| 253 | +a the translaiton. LOC is the locator that overwrites the upper |
| 254 | +sixty-four bits of the destination address. MODE and TYPE have the |
| 255 | +same meanings as described above. |
| 256 | + |
| 257 | + |
| 258 | +Some examples |
| 259 | +============= |
| 260 | + |
| 261 | +# Configure an ILA route that uses checksum neutral mapping as well |
| 262 | +# as type field. Note that the type field is set in the SIR address |
| 263 | +# (the 2000 implies type is 1 which is LUID). |
| 264 | +ip route add 3333:0:0:1:2000:0:1:87/128 encap ila 2001:0:87:0 \ |
| 265 | + csum-mode neutral-map ident-type use-format |
| 266 | + |
| 267 | +# Configure an ILA LWT route that uses auto checksum neutral mapping |
| 268 | +# (no C-bit) and configure identifier type to be LUID so that the |
| 269 | +# identifier type field will not be present. |
| 270 | +ip route add 3333:0:0:1:2000:0:2:87/128 encap ila 2001:0:87:1 \ |
| 271 | + csum-mode neutral-map-auto ident-type luid |
| 272 | + |
| 273 | +ila_xlat configuration |
| 274 | + |
| 275 | +# Configure an ILA to SIR mapping that matches a locator and overwrites |
| 276 | +# it with a SIR address (3333:0:0:1 in this example). The C-bit and |
| 277 | +# identifier field are used. |
| 278 | +ip ila add loc_match 2001:0:119:0 loc 3333:0:0:1 \ |
| 279 | + csum-mode neutral-map-auto ident-type use-format |
| 280 | + |
| 281 | +# Configure an ILA to SIR mapping where checksum neutral is automatically |
| 282 | +# set without the C-bit and the identifier type is configured to be LUID |
| 283 | +# so that the identifier type field is not present. |
| 284 | +ip ila add loc_match 2001:0:119:0 loc 3333:0:0:1 \ |
| 285 | + csum-mode neutral-map-auto ident-type use-format |
0 commit comments