0001 .. SPDX-License-Identifier: GPL-2.0
0002
0003 ===================================
0004 Identifier Locator Addressing (ILA)
0005 ===================================
0006
0007
0008 Introduction
0009 ============
0010
0011 Identifier-locator addressing (ILA) is a technique used with IPv6 that
0012 differentiates between location and identity of a network node. Part of an
0013 address expresses the immutable identity of the node, and another part
0014 indicates the location of the node which can be dynamic. Identifier-locator
0015 addressing can be used to efficiently implement overlay networks for
0016 network virtualization as well as solutions for use cases in mobility.
0017
0018 ILA can be thought of as means to implement an overlay network without
0019 encapsulation. This is accomplished by performing network address
0020 translation on destination addresses as a packet traverses a network. To
0021 the network, an ILA translated packet appears to be no different than any
0022 other IPv6 packet. For instance, if the transport protocol is TCP then an
0023 ILA translated packet looks like just another TCP/IPv6 packet. The
0024 advantage of this is that ILA is transparent to the network so that
0025 optimizations in the network, such as ECMP, RSS, GRO, GSO, etc., just work.
0026
0027 The ILA protocol is described in Internet-Draft draft-herbert-intarea-ila.
0028
0029
0030 ILA terminology
0031 ===============
0032
0033 - Identifier
0034 A number that identifies an addressable node in the network
0035 independent of its location. ILA identifiers are sixty-four
0036 bit values.
0037
0038 - Locator
0039 A network prefix that routes to a physical host. Locators
0040 provide the topological location of an addressed node. ILA
0041 locators are sixty-four bit prefixes.
0042
0043 - ILA mapping
0044 A mapping of an ILA identifier to a locator (or to a
0045 locator and meta data). An ILA domain maintains a database
0046 that contains mappings for all destinations in the domain.
0047
0048 - SIR address
0049 An IPv6 address composed of a SIR prefix (upper sixty-
0050 four bits) and an identifier (lower sixty-four bits).
0051 SIR addresses are visible to applications and provide a
0052 means for them to address nodes independent of their
0053 location.
0054
0055 - ILA address
0056 An IPv6 address composed of a locator (upper sixty-four
0057 bits) and an identifier (low order sixty-four bits). ILA
0058 addresses are never visible to an application.
0059
0060 - ILA host
0061 An end host that is capable of performing ILA translations
0062 on transmit or receive.
0063
0064 - ILA router
0065 A network node that performs ILA translation and forwarding
0066 of translated packets.
0067
0068 - ILA forwarding cache
0069 A type of ILA router that only maintains a working set
0070 cache of mappings.
0071
0072 - ILA node
0073 A network node capable of performing ILA translations. This
0074 can be an ILA router, ILA forwarding cache, or ILA host.
0075
0076
0077 Operation
0078 =========
0079
0080 There are two fundamental operations with ILA:
0081
0082 - Translate a SIR address to an ILA address. This is performed on ingress
0083 to an ILA overlay.
0084
0085 - Translate an ILA address to a SIR address. This is performed on egress
0086 from the ILA overlay.
0087
0088 ILA can be deployed either on end hosts or intermediate devices in the
0089 network; these are provided by "ILA hosts" and "ILA routers" respectively.
0090 Configuration and datapath for these two points of deployment is somewhat
0091 different.
0092
0093 The diagram below illustrates the flow of packets through ILA as well
0094 as showing ILA hosts and routers::
0095
0096 +--------+ +--------+
0097 | Host A +-+ +--->| Host B |
0098 | | | (2) ILA (') | |
0099 +--------+ | ...addressed.... ( ) +--------+
0100 V +---+--+ . packet . +---+--+ (_)
0101 (1) SIR | | ILA |----->-------->---->| ILA | | (3) SIR
0102 addressed +->|router| . . |router|->-+ addressed
0103 packet +---+--+ . IPv6 . +---+--+ packet
0104 / . Network .
0105 / . . +--+-++--------+
0106 +--------+ / . . |ILA || Host |
0107 | Host +--+ . .- -|host|| |
0108 | | . . +--+-++--------+
0109 +--------+ ................
0110
0111
0112 Transport checksum handling
0113 ===========================
0114
0115 When an address is translated by ILA, an encapsulated transport checksum
0116 that includes the translated address in a pseudo header may be rendered
0117 incorrect on the wire. This is a problem for intermediate devices,
0118 including checksum offload in NICs, that process the checksum. There are
0119 three options to deal with this:
0120
0121 - no action Allow the checksum to be incorrect on the wire. Before
0122 a receiver verifies a checksum the ILA to SIR address
0123 translation must be done.
0124
0125 - adjust transport checksum
0126 When ILA translation is performed the packet is parsed
0127 and if a transport layer checksum is found then it is
0128 adjusted to reflect the correct checksum per the
0129 translated address.
0130
0131 - checksum neutral mapping
0132 When an address is translated the difference can be offset
0133 elsewhere in a part of the packet that is covered by
0134 the checksum. The low order sixteen bits of the identifier
0135 are used. This method is preferred since it doesn't require
0136 parsing a packet beyond the IP header and in most cases the
0137 adjustment can be precomputed and saved with the mapping.
0138
0139 Note that the checksum neutral adjustment affects the low order sixteen
0140 bits of the identifier. When ILA to SIR address translation is done on
0141 egress the low order bits are restored to the original value which
0142 restores the identifier as it was originally sent.
0143
0144
0145 Identifier types
0146 ================
0147
0148 ILA defines different types of identifiers for different use cases.
0149
0150 The defined types are:
0151
0152 0: interface identifier
0153
0154 1: locally unique identifier
0155
0156 2: virtual networking identifier for IPv4 address
0157
0158 3: virtual networking identifier for IPv6 unicast address
0159
0160 4: virtual networking identifier for IPv6 multicast address
0161
0162 5: non-local address identifier
0163
0164 In the current implementation of kernel ILA only locally unique identifiers
0165 (LUID) are supported. LUID allows for a generic, unformatted 64 bit
0166 identifier.
0167
0168
0169 Identifier formats
0170 ==================
0171
0172 Kernel ILA supports two optional fields in an identifier for formatting:
0173 "C-bit" and "identifier type". The presence of these fields is determined
0174 by configuration as demonstrated below.
0175
0176 If the identifier type is present it occupies the three highest order
0177 bits of an identifier. The possible values are given in the above list.
0178
0179 If the C-bit is present, this is used as an indication that checksum
0180 neutral mapping has been done. The C-bit can only be set in an
0181 ILA address, never a SIR address.
0182
0183 In the simplest format the identifier types, C-bit, and checksum
0184 adjustment value are not present so an identifier is considered an
0185 unstructured sixty-four bit value::
0186
0187 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
0188 | Identifier |
0189 + +
0190 | |
0191 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
0192
0193 The checksum neutral adjustment may be configured to always be
0194 present using neutral-map-auto. In this case there is no C-bit, but the
0195 checksum adjustment is in the low order 16 bits. The identifier is
0196 still sixty-four bits::
0197
0198 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
0199 | Identifier |
0200 | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
0201 | | Checksum-neutral adjustment |
0202 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
0203
0204 The C-bit may used to explicitly indicate that checksum neutral
0205 mapping has been applied to an ILA address. The format is::
0206
0207 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
0208 | |C| Identifier |
0209 | +-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
0210 | | Checksum-neutral adjustment |
0211 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
0212
0213 The identifier type field may be present to indicate the identifier
0214 type. If it is not present then the type is inferred based on mapping
0215 configuration. The checksum neutral adjustment may automatically
0216 used with the identifier type as illustrated below::
0217
0218 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
0219 | Type| Identifier |
0220 +-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
0221 | | Checksum-neutral adjustment |
0222 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
0223
0224 If the identifier type and the C-bit can be present simultaneously so
0225 the identifier format would be::
0226
0227 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
0228 | Type|C| Identifier |
0229 +-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
0230 | | Checksum-neutral adjustment |
0231 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
0232
0233
0234 Configuration
0235 =============
0236
0237 There are two methods to configure ILA mappings. One is by using LWT routes
0238 and the other is ila_xlat (called from NFHOOK PREROUTING hook). ila_xlat
0239 is intended to be used in the receive path for ILA hosts .
0240
0241 An ILA router has also been implemented in XDP. Description of that is
0242 outside the scope of this document.
0243
0244 The usage of for ILA LWT routes is:
0245
0246 ip route add DEST/128 encap ila LOC csum-mode MODE ident-type TYPE via ADDR
0247
0248 Destination (DEST) can either be a SIR address (for an ILA host or ingress
0249 ILA router) or an ILA address (egress ILA router). LOC is the sixty-four
0250 bit locator (with format W:X:Y:Z) that overwrites the upper sixty-four
0251 bits of the destination address. Checksum MODE is one of "no-action",
0252 "adj-transport", "neutral-map", and "neutral-map-auto". If neutral-map is
0253 set then the C-bit will be present. Identifier TYPE one of "luid" or
0254 "use-format." In the case of use-format, the identifier type field is
0255 present and the effective type is taken from that.
0256
0257 The usage of ila_xlat is:
0258
0259 ip ila add loc_match MATCH loc LOC csum-mode MODE ident-type TYPE
0260
0261 MATCH indicates the incoming locator that must be matched to apply
0262 a the translaiton. LOC is the locator that overwrites the upper
0263 sixty-four bits of the destination address. MODE and TYPE have the
0264 same meanings as described above.
0265
0266
0267 Some examples
0268 =============
0269
0270 ::
0271
0272 # Configure an ILA route that uses checksum neutral mapping as well
0273 # as type field. Note that the type field is set in the SIR address
0274 # (the 2000 implies type is 1 which is LUID).
0275 ip route add 3333:0:0:1:2000:0:1:87/128 encap ila 2001:0:87:0 \
0276 csum-mode neutral-map ident-type use-format
0277
0278 # Configure an ILA LWT route that uses auto checksum neutral mapping
0279 # (no C-bit) and configure identifier type to be LUID so that the
0280 # identifier type field will not be present.
0281 ip route add 3333:0:0:1:2000:0:2:87/128 encap ila 2001:0:87:1 \
0282 csum-mode neutral-map-auto ident-type luid
0283
0284 ila_xlat configuration
0285
0286 # Configure an ILA to SIR mapping that matches a locator and overwrites
0287 # it with a SIR address (3333:0:0:1 in this example). The C-bit and
0288 # identifier field are used.
0289 ip ila add loc_match 2001:0:119:0 loc 3333:0:0:1 \
0290 csum-mode neutral-map-auto ident-type use-format
0291
0292 # Configure an ILA to SIR mapping where checksum neutral is automatically
0293 # set without the C-bit and the identifier type is configured to be LUID
0294 # so that the identifier type field is not present.
0295 ip ila add loc_match 2001:0:119:0 loc 3333:0:0:1 \
0296 csum-mode neutral-map-auto ident-type use-format
