Documentation/networking/ila.rst

.. SPDX-License-Identifier: GPL-2.0

===================================
Identifier Locator Addressing (ILA)
===================================


Introduction
============

Identifier-locator addressing (ILA) is a technique used with IPv6 that
differentiates between location and identity of a network node. Part of an
address expresses the immutable identity of the node, and another part
indicates the location of the node which can be dynamic. Identifier-locator
addressing can be used to efficiently implement overlay networks for
network virtualization as well as solutions for use cases in mobility.

ILA can be thought of as means to implement an overlay network without
encapsulation. This is accomplished by performing network address
translation on destination addresses as a packet traverses a network. To
the network, an ILA translated packet appears to be no different than any
other IPv6 packet. For instance, if the transport protocol is TCP then an
ILA translated packet looks like just another TCP/IPv6 packet. The
advantage of this is that ILA is transparent to the network so that
optimizations in the network, such as ECMP, RSS, GRO, GSO, etc., just work.

The ILA protocol is described in Internet-Draft draft-herbert-intarea-ila.


ILA terminology
===============

  - Identifier
		A number that identifies an addressable node in the network
		independent of its location. ILA identifiers are sixty-four
		bit values.

  - Locator
		A network prefix that routes to a physical host. Locators
		provide the topological location of an addressed node. ILA
		locators are sixty-four bit prefixes.

  - ILA mapping
		A mapping of an ILA identifier to a locator (or to a
		locator and meta data). An ILA domain maintains a database
		that contains mappings for all destinations in the domain.

  - SIR address
		An IPv6 address composed of a SIR prefix (upper sixty-
		four bits) and an identifier (lower sixty-four bits).
		SIR addresses are visible to applications and provide a
		means for them to address nodes independent of their
		location.

  - ILA address
		An IPv6 address composed of a locator (upper sixty-four
		bits) and an identifier (low order sixty-four bits). ILA
		addresses are never visible to an application.

  - ILA host
		An end host that is capable of performing ILA translations
		on transmit or receive.

  - ILA router
		A network node that performs ILA translation and forwarding
		of translated packets.

  - ILA forwarding cache
		A type of ILA router that only maintains a working set
		cache of mappings.

  - ILA node
		A network node capable of performing ILA translations. This
		can be an ILA router, ILA forwarding cache, or ILA host.


Operation
=========

There are two fundamental operations with ILA:

  - Translate a SIR address to an ILA address. This is performed on ingress
    to an ILA overlay.

  - Translate an ILA address to a SIR address. This is performed on egress
    from the ILA overlay.

ILA can be deployed either on end hosts or intermediate devices in the
network; these are provided by "ILA hosts" and "ILA routers" respectively.
Configuration and datapath for these two points of deployment is somewhat
different.

The diagram below illustrates the flow of packets through ILA as well
as showing ILA hosts and routers::

    +--------+                                                +--------+
    | Host A +-+                                         +--->| Host B |
    |        | |              (2) ILA                   (')   |        |
    +--------+ |            ...addressed....           (   )  +--------+
	       V  +---+--+  .  packet      .  +---+--+  (_)
   (1) SIR     |  | ILA  |----->-------->---->| ILA  |   |   (3) SIR
    addressed  +->|router|  .              .  |router|->-+    addressed
    packet        +---+--+  .     IPv6     .  +---+--+        packet
		   /        .    Network   .
		  /         .              .   +--+-++--------+
    +--------+   /          .              .   |ILA ||  Host  |
    |  Host  +--+           .              .- -|host||        |
    |        |              .              .   +--+-++--------+
    +--------+              ................


Transport checksum handling
===========================

When an address is translated by ILA, an encapsulated transport checksum
that includes the translated address in a pseudo header may be rendered
incorrect on the wire. This is a problem for intermediate devices,
including checksum offload in NICs, that process the checksum. There are
three options to deal with this:

- no action	Allow the checksum to be incorrect on the wire. Before
		a receiver verifies a checksum the ILA to SIR address
		translation must be done.

- adjust transport checksum
		When ILA translation is performed the packet is parsed
		and if a transport layer checksum is found then it is
		adjusted to reflect the correct checksum per the
		translated address.

- checksum neutral mapping
		When an address is translated the difference can be offset
		elsewhere in a part of the packet that is covered by
		the checksum. The low order sixteen bits of the identifier
		are used. This method is preferred since it doesn't require
		parsing a packet beyond the IP header and in most cases the
		adjustment can be precomputed and saved with the mapping.

Note that the checksum neutral adjustment affects the low order sixteen
bits of the identifier. When ILA to SIR address translation is done on
egress the low order bits are restored to the original value which
restores the identifier as it was originally sent.


Identifier types
================

ILA defines different types of identifiers for different use cases.

The defined types are:

      0: interface identifier

      1: locally unique identifier

      2: virtual networking identifier for IPv4 address

      3: virtual networking identifier for IPv6 unicast address

      4: virtual networking identifier for IPv6 multicast address

      5: non-local address identifier

In the current implementation of kernel ILA only locally unique identifiers
(LUID) are supported. LUID allows for a generic, unformatted 64 bit
identifier.


Identifier formats
==================

Kernel ILA supports two optional fields in an identifier for formatting:
"C-bit" and "identifier type". The presence of these fields is determined
by configuration as demonstrated below.

If the identifier type is present it occupies the three highest order
bits of an identifier. The possible values are given in the above list.

If the C-bit is present,  this is used as an indication that checksum
neutral mapping has been done. The C-bit can only be set in an
ILA address, never a SIR address.

In the simplest format the identifier types, C-bit, and checksum
adjustment value are not present so an identifier is considered an
unstructured sixty-four bit value::

     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     |                            Identifier                         |
     +                                                               +
     |                                                               |
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

The checksum neutral adjustment may be configured to always be
present using neutral-map-auto. In this case there is no C-bit, but the
checksum adjustment is in the low order 16 bits. The identifier is
still sixty-four bits::

     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     |                            Identifier                         |
     |                               +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     |                               |  Checksum-neutral adjustment  |
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

The C-bit may used to explicitly indicate that checksum neutral
mapping has been applied to an ILA address. The format is::

     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     |     |C|                    Identifier                         |
     |     +-+                       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     |                               |  Checksum-neutral adjustment  |
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

The identifier type field may be present to indicate the identifier
type. If it is not present then the type is inferred based on mapping
configuration. The checksum neutral adjustment may automatically
used with the identifier type as illustrated below::

     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     | Type|                      Identifier                         |
     +-+-+-+                         +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     |                               |  Checksum-neutral adjustment  |
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

If the identifier type and the C-bit can be present simultaneously so
the identifier format would be::

     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     | Type|C|                    Identifier                         |
     +-+-+-+-+                       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     |                               |  Checksum-neutral adjustment  |
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+


Configuration
=============

There are two methods to configure ILA mappings. One is by using LWT routes
and the other is ila_xlat (called from NFHOOK PREROUTING hook). ila_xlat
is intended to be used in the receive path for ILA hosts .

An ILA router has also been implemented in XDP. Description of that is
outside the scope of this document.

The usage of for ILA LWT routes is:

ip route add DEST/128 encap ila LOC csum-mode MODE ident-type TYPE via ADDR

Destination (DEST) can either be a SIR address (for an ILA host or ingress
ILA router) or an ILA address (egress ILA router). LOC is the sixty-four
bit locator (with format W:X:Y:Z) that overwrites the upper sixty-four
bits of the destination address.  Checksum MODE is one of "no-action",
"adj-transport", "neutral-map", and "neutral-map-auto". If neutral-map is
set then the C-bit will be present. Identifier TYPE one of "luid" or
"use-format." In the case of use-format, the identifier type field is
present and the effective type is taken from that.

The usage of ila_xlat is:

ip ila add loc_match MATCH loc LOC csum-mode MODE ident-type TYPE

MATCH indicates the incoming locator that must be matched to apply
a the translaiton. LOC is the locator that overwrites the upper
sixty-four bits of the destination address. MODE and TYPE have the
same meanings as described above.


Some examples
=============

::

     # Configure an ILA route that uses checksum neutral mapping as well
     # as type field. Note that the type field is set in the SIR address
     # (the 2000 implies type is 1 which is LUID).
     ip route add 3333:0:0:1:2000:0:1:87/128 encap ila 2001:0:87:0 \
	  csum-mode neutral-map ident-type use-format

     # Configure an ILA LWT route that uses auto checksum neutral mapping
     # (no C-bit) and configure identifier type to be LUID so that the
     # identifier type field will not be present.
     ip route add 3333:0:0:1:2000:0:2:87/128 encap ila 2001:0:87:1 \
	  csum-mode neutral-map-auto ident-type luid

     ila_xlat configuration

     # Configure an ILA to SIR mapping that matches a locator and overwrites
     # it with a SIR address (3333:0:0:1 in this example). The C-bit and
     # identifier field are used.
     ip ila add loc_match 2001:0:119:0 loc 3333:0:0:1 \
	 csum-mode neutral-map-auto ident-type use-format

     # Configure an ILA to SIR mapping where checksum neutral is automatically
     # set without the C-bit and the identifier type is configured to be LUID
     # so that the identifier type field is not present.
     ip ila add loc_match 2001:0:119:0 loc 3333:0:0:1 \
	 csum-mode neutral-map-auto ident-type use-format