1 .. SPDX-License-Identifier: GPL-2.0
2
3 ===================================
4 Identifier Locator Addressing (ILA)
5 ===================================
6
7
8 Introduction
9 ============
10
11 Identifier-locator addressing (ILA) is a technique used with IPv6 that
12 differentiates between location and identity of a network node. Part of an
13 address expresses the immutable identity of the node, and another part
14 indicates the location of the node which can be dynamic. Identifier-locator
15 addressing can be used to efficiently implement overlay networks for
16 network virtualization as well as solutions for use cases in mobility.
17
18 ILA can be thought of as means to implement an overlay network without
19 encapsulation. This is accomplished by performing network address
20 translation on destination addresses as a packet traverses a network. To
21 the network, an ILA translated packet appears to be no different than any
22 other IPv6 packet. For instance, if the transport protocol is TCP then an
23 ILA translated packet looks like just another TCP/IPv6 packet. The
24 advantage of this is that ILA is transparent to the network so that
25 optimizations in the network, such as ECMP, RSS, GRO, GSO, etc., just work.
26
27 The ILA protocol is described in Internet-Draft draft-herbert-intarea-ila.
28
29
30 ILA terminology
31 ===============
32
33 - Identifier
34 A number that identifies an addressable node in the network
35 independent of its location. ILA identifiers are sixty-four
36 bit values.
37
38 - Locator
39 A network prefix that routes to a physical host. Locators
40 provide the topological location of an addressed node. ILA
41 locators are sixty-four bit prefixes.
42
43 - ILA mapping
44 A mapping of an ILA identifier to a locator (or to a
45 locator and meta data). An ILA domain maintains a database
46 that contains mappings for all destinations in the domain.
47
48 - SIR address
49 An IPv6 address composed of a SIR prefix (upper sixty-
50 four bits) and an identifier (lower sixty-four bits).
51 SIR addresses are visible to applications and provide a
52 means for them to address nodes independent of their
53 location.
54
55 - ILA address
56 An IPv6 address composed of a locator (upper sixty-four
57 bits) and an identifier (low order sixty-four bits). ILA
58 addresses are never visible to an application.
59
60 - ILA host
61 An end host that is capable of performing ILA translations
62 on transmit or receive.
63
64 - ILA router
65 A network node that performs ILA translation and forwarding
66 of translated packets.
67
68 - ILA forwarding cache
69 A type of ILA router that only maintains a working set
70 cache of mappings.
71
72 - ILA node
73 A network node capable of performing ILA translations. This
74 can be an ILA router, ILA forwarding cache, or ILA host.
75
76
77 Operation
78 =========
79
80 There are two fundamental operations with ILA:
81
82 - Translate a SIR address to an ILA address. This is performed on ingress
83 to an ILA overlay.
84
85 - Translate an ILA address to a SIR address. This is performed on egress
86 from the ILA overlay.
87
88 ILA can be deployed either on end hosts or intermediate devices in the
89 network; these are provided by "ILA hosts" and "ILA routers" respectively.
90 Configuration and datapath for these two points of deployment is somewhat
91 different.
92
93 The diagram below illustrates the flow of packets through ILA as well
94 as showing ILA hosts and routers::
95
96 +--------+ +--------+
97 | Host A +-+ +--->| Host B |
98 | | | (2) ILA (') | |
99 +--------+ | ...addressed.... ( ) +--------+
100 V +---+--+ . packet . +---+--+ (_)
101 (1) SIR | | ILA |----->-------->---->| ILA | | (3) SIR
102 addressed +->|router| . . |router|->-+ addressed
103 packet +---+--+ . IPv6 . +---+--+ packet
104 / . Network .
105 / . . +--+-++--------+
106 +--------+ / . . |ILA || Host |
107 | Host +--+ . .- -|host|| |
108 | | . . +--+-++--------+
109 +--------+ ................
110
111
112 Transport checksum handling
113 ===========================
114
115 When an address is translated by ILA, an encapsulated transport checksum
116 that includes the translated address in a pseudo header may be rendered
117 incorrect on the wire. This is a problem for intermediate devices,
118 including checksum offload in NICs, that process the checksum. There are
119 three options to deal with this:
120
121 - no action Allow the checksum to be incorrect on the wire. Before
122 a receiver verifies a checksum the ILA to SIR address
123 translation must be done.
124
125 - adjust transport checksum
126 When ILA translation is performed the packet is parsed
127 and if a transport layer checksum is found then it is
128 adjusted to reflect the correct checksum per the
129 translated address.
130
131 - checksum neutral mapping
132 When an address is translated the difference can be offset
133 elsewhere in a part of the packet that is covered by
134 the checksum. The low order sixteen bits of the identifier
135 are used. This method is preferred since it doesn't require
136 parsing a packet beyond the IP header and in most cases the
137 adjustment can be precomputed and saved with the mapping.
138
139 Note that the checksum neutral adjustment affects the low order sixteen
140 bits of the identifier. When ILA to SIR address translation is done on
141 egress the low order bits are restored to the original value which
142 restores the identifier as it was originally sent.
143
144
145 Identifier types
146 ================
147
148 ILA defines different types of identifiers for different use cases.
149
150 The defined types are:
151
152 0: interface identifier
153
154 1: locally unique identifier
155
156 2: virtual networking identifier for IPv4 address
157
158 3: virtual networking identifier for IPv6 unicast address
159
160 4: virtual networking identifier for IPv6 multicast address
161
162 5: non-local address identifier
163
164 In the current implementation of kernel ILA only locally unique identifiers
165 (LUID) are supported. LUID allows for a generic, unformatted 64 bit
166 identifier.
167
168
169 Identifier formats
170 ==================
171
172 Kernel ILA supports two optional fields in an identifier for formatting:
173 "C-bit" and "identifier type". The presence of these fields is determined
174 by configuration as demonstrated below.
175
176 If the identifier type is present it occupies the three highest order
177 bits of an identifier. The possible values are given in the above list.
178
179 If the C-bit is present, this is used as an indication that checksum
180 neutral mapping has been done. The C-bit can only be set in an
181 ILA address, never a SIR address.
182
183 In the simplest format the identifier types, C-bit, and checksum
184 adjustment value are not present so an identifier is considered an
185 unstructured sixty-four bit value::
186
187 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
188 | Identifier |
189 + +
190 | |
191 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
192
193 The checksum neutral adjustment may be configured to always be
194 present using neutral-map-auto. In this case there is no C-bit, but the
195 checksum adjustment is in the low order 16 bits. The identifier is
196 still sixty-four bits::
197
198 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
199 | Identifier |
200 | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
201 | | Checksum-neutral adjustment |
202 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
203
204 The C-bit may used to explicitly indicate that checksum neutral
205 mapping has been applied to an ILA address. The format is::
206
207 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
208 | |C| Identifier |
209 | +-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
210 | | Checksum-neutral adjustment |
211 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
212
213 The identifier type field may be present to indicate the identifier
214 type. If it is not present then the type is inferred based on mapping
215 configuration. The checksum neutral adjustment may automatically
216 used with the identifier type as illustrated below::
217
218 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
219 | Type| Identifier |
220 +-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
221 | | Checksum-neutral adjustment |
222 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
223
224 If the identifier type and the C-bit can be present simultaneously so
225 the identifier format would be::
226
227 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
228 | Type|C| Identifier |
229 +-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
230 | | Checksum-neutral adjustment |
231 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
232
233
234 Configuration
235 =============
236
237 There are two methods to configure ILA mappings. One is by using LWT routes
238 and the other is ila_xlat (called from NFHOOK PREROUTING hook). ila_xlat
239 is intended to be used in the receive path for ILA hosts .
240
241 An ILA router has also been implemented in XDP. Description of that is
242 outside the scope of this document.
243
244 The usage of for ILA LWT routes is:
245
246 ip route add DEST/128 encap ila LOC csum-mode MODE ident-type TYPE via ADDR
247
248 Destination (DEST) can either be a SIR address (for an ILA host or ingress
249 ILA router) or an ILA address (egress ILA router). LOC is the sixty-four
250 bit locator (with format W:X:Y:Z) that overwrites the upper sixty-four
251 bits of the destination address. Checksum MODE is one of "no-action",
252 "adj-transport", "neutral-map", and "neutral-map-auto". If neutral-map is
253 set then the C-bit will be present. Identifier TYPE one of "luid" or
254 "use-format." In the case of use-format, the identifier type field is
255 present and the effective type is taken from that.
256
257 The usage of ila_xlat is:
258
259 ip ila add loc_match MATCH loc LOC csum-mode MODE ident-type TYPE
260
261 MATCH indicates the incoming locator that must be matched to apply
262 a the translaiton. LOC is the locator that overwrites the upper
263 sixty-four bits of the destination address. MODE and TYPE have the
264 same meanings as described above.
265
266
267 Some examples
268 =============
269
270 ::
271
272 # Configure an ILA route that uses checksum neutral mapping as well
273 # as type field. Note that the type field is set in the SIR address
274 # (the 2000 implies type is 1 which is LUID).
275 ip route add 3333:0:0:1:2000:0:1:87/128 encap ila 2001:0:87:0 \
276 csum-mode neutral-map ident-type use-format
277
278 # Configure an ILA LWT route that uses auto checksum neutral mapping
279 # (no C-bit) and configure identifier type to be LUID so that the
280 # identifier type field will not be present.
281 ip route add 3333:0:0:1:2000:0:2:87/128 encap ila 2001:0:87:1 \
282 csum-mode neutral-map-auto ident-type luid
283
284 ila_xlat configuration
285
286 # Configure an ILA to SIR mapping that matches a locator and overwrites
287 # it with a SIR address (3333:0:0:1 in this example). The C-bit and
288 # identifier field are used.
289 ip ila add loc_match 2001:0:119:0 loc 3333:0:0:1 \
290 csum-mode neutral-map-auto ident-type use-format
291
292 # Configure an ILA to SIR mapping where checksum neutral is automatically
293 # set without the C-bit and the identifier type is configured to be LUID
294 # so that the identifier type field is not present.
295 ip ila add loc_match 2001:0:119:0 loc 3333:0:0:1 \
296 csum-mode neutral-map-auto ident-type use-format
Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.