1Identifier Locator Addressing (ILA)
2
3
4Introduction
5============
6
7Identifier-locator addressing (ILA) is a technique used with IPv6 that
8differentiates between location and identity of a network node. Part of an
9address expresses the immutable identity of the node, and another part
10indicates the location of the node which can be dynamic. Identifier-locator
11addressing can be used to efficiently implement overlay networks for
12network virtualization as well as solutions for use cases in mobility.
13
14ILA can be thought of as means to implement an overlay network without
15encapsulation. This is accomplished by performing network address
16translation on destination addresses as a packet traverses a network. To
17the network, an ILA translated packet appears to be no different than any
18other IPv6 packet. For instance, if the transport protocol is TCP then an
19ILA translated packet looks like just another TCP/IPv6 packet. The
20advantage of this is that ILA is transparent to the network so that
21optimizations in the network, such as ECMP, RSS, GRO, GSO, etc., just work.
22
23The ILA protocol is described in Internet-Draft draft-herbert-intarea-ila.
24
25
26ILA terminology
27===============
28
29  - Identifier	A number that identifies an addressable node in the network
30		independent of its location. ILA identifiers are sixty-four
31		bit values.
32
33  - Locator	A network prefix that routes to a physical host. Locators
34		provide the topological location of an addressed node. ILA
35		locators are sixty-four bit prefixes.
36
37  - ILA mapping
38		A mapping of an ILA identifier to a locator (or to a
39		locator and meta data). An ILA domain maintains a database
40		that contains mappings for all destinations in the domain.
41
42  - SIR address
43		An IPv6 address composed of a SIR prefix (upper sixty-
44		four bits) and an identifier (lower sixty-four bits).
45		SIR addresses are visible to applications and provide a
46		means for them to address nodes independent of their
47		location.
48
49  - ILA address
50		An IPv6 address composed of a locator (upper sixty-four
51		bits) and an identifier (low order sixty-four bits). ILA
52		addresses are never visible to an application.
53
54  - ILA host	An end host that is capable of performing ILA translations
55		on transmit or receive.
56
57  - ILA router	A network node that performs ILA translation and forwarding
58		of translated packets.
59
60  - ILA forwarding cache
61		A type of ILA router that only maintains a working set
62		cache of mappings.
63
64  - ILA node	A network node capable of performing ILA translations. This
65		can be an ILA router, ILA forwarding cache, or ILA host.
66
67
68Operation
69=========
70
71There are two fundamental operations with ILA:
72
73  - Translate a SIR address to an ILA address. This is performed on ingress
74    to an ILA overlay.
75
76  - Translate an ILA address to a SIR address. This is performed on egress
77    from the ILA overlay.
78
79ILA can be deployed either on end hosts or intermediate devices in the
80network; these are provided by "ILA hosts" and "ILA routers" respectively.
81Configuration and datapath for these two points of deployment is somewhat
82different.
83
84The diagram below illustrates the flow of packets through ILA as well
85as showing ILA hosts and routers.
86
87    +--------+                                                +--------+
88    | Host A +-+                                         +--->| Host B |
89    |        | |              (2) ILA                   (')   |        |
90    +--------+ |            ...addressed....           (   )  +--------+
91               V  +---+--+  .  packet      .  +---+--+  (_)
92   (1) SIR     |  | ILA  |----->-------->---->| ILA  |   |   (3) SIR
93    addressed  +->|router|  .              .  |router|->-+    addressed
94    packet        +---+--+  .     IPv6     .  +---+--+        packet
95                   /        .    Network   .
96                  /         .              .   +--+-++--------+
97    +--------+   /          .              .   |ILA ||  Host  |
98    |  Host  +--+           .              .- -|host||        |
99    |        |              .              .   +--+-++--------+
100    +--------+              ................
101
102
103Transport checksum handling
104===========================
105
106When an address is translated by ILA, an encapsulated transport checksum
107that includes the translated address in a pseudo header may be rendered
108incorrect on the wire. This is a problem for intermediate devices,
109including checksum offload in NICs, that process the checksum. There are
110three options to deal with this:
111
112- no action	Allow the checksum to be incorrect on the wire. Before
113		a receiver verifies a checksum the ILA to SIR address
114		translation must be done.
115
116- adjust transport checksum
117		When ILA translation is performed the packet is parsed
118		and if a transport layer checksum is found then it is
119		adjusted to reflect the correct checksum per the
120		translated address.
121
122- checksum neutral mapping
123		When an address is translated the difference can be offset
124		elsewhere in a part of the packet that is covered by
125		the checksum. The low order sixteen bits of the identifier
126		are used. This method is preferred since it doesn't require
127		parsing a packet beyond the IP header and in most cases the
128		adjustment can be precomputed and saved with the mapping.
129
130Note that the checksum neutral adjustment affects the low order sixteen
131bits of the identifier. When ILA to SIR address translation is done on
132egress the low order bits are restored to the original value which
133restores the identifier as it was originally sent.
134
135
136Identifier types
137================
138
139ILA defines different types of identifiers for different use cases.
140
141The defined types are:
142
143      0: interface identifier
144
145      1: locally unique identifier
146
147      2: virtual networking identifier for IPv4 address
148
149      3: virtual networking identifier for IPv6 unicast address
150
151      4: virtual networking identifier for IPv6 multicast address
152
153      5: non-local address identifier
154
155In the current implementation of kernel ILA only locally unique identifiers
156(LUID) are supported. LUID allows for a generic, unformatted 64 bit
157identifier.
158
159
160Identifier formats
161==================
162
163Kernel ILA supports two optional fields in an identifier for formatting:
164"C-bit" and "identifier type". The presence of these fields is determined
165by configuration as demonstrated below.
166
167If the identifier type is present it occupies the three highest order
168bits of an identifier. The possible values are given in the above list.
169
170If the C-bit is present,  this is used as an indication that checksum
171neutral mapping has been done. The C-bit can only be set in an
172ILA address, never a SIR address.
173
174In the simplest format the identifier types, C-bit, and checksum
175adjustment value are not present so an identifier is considered an
176unstructured sixty-four bit value.
177
178     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
179     |                            Identifier                         |
180     +                                                               +
181     |                                                               |
182     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
183
184The checksum neutral adjustment may be configured to always be
185present using neutral-map-auto. In this case there is no C-bit, but the
186checksum adjustment is in the low order 16 bits. The identifier is
187still sixty-four bits.
188
189     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
190     |                            Identifier                         |
191     |                               +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
192     |                               |  Checksum-neutral adjustment  |
193     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
194
195The C-bit may used to explicitly indicate that checksum neutral
196mapping has been applied to an ILA address. The format is:
197
198     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
199     |     |C|                    Identifier                         |
200     |     +-+                       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
201     |                               |  Checksum-neutral adjustment  |
202     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
203
204The identifier type field may be present to indicate the identifier
205type. If it is not present then the type is inferred based on mapping
206configuration. The checksum neutral adjustment may automatically
207used with the identifier type as illustrated below.
208
209     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
210     | Type|                      Identifier                         |
211     +-+-+-+                         +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
212     |                               |  Checksum-neutral adjustment  |
213     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
214
215If the identifier type and the C-bit can be present simultaneously so
216the identifier format would be:
217
218     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
219     | Type|C|                    Identifier                         |
220     +-+-+-+-+                       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
221     |                               |  Checksum-neutral adjustment  |
222     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
223
224
225Configuration
226=============
227
228There are two methods to configure ILA mappings. One is by using LWT routes
229and the other is ila_xlat (called from NFHOOK PREROUTING hook). ila_xlat
230is intended to be used in the receive path for ILA hosts .
231
232An ILA router has also been implemented in XDP. Description of that is
233outside the scope of this document.
234
235The usage of for ILA LWT routes is:
236
237ip route add DEST/128 encap ila LOC csum-mode MODE ident-type TYPE via ADDR
238
239Destination (DEST) can either be a SIR address (for an ILA host or ingress
240ILA router) or an ILA address (egress ILA router). LOC is the sixty-four
241bit locator (with format W:X:Y:Z) that overwrites the upper sixty-four
242bits of the destination address.  Checksum MODE is one of "no-action",
243"adj-transport", "neutral-map", and "neutral-map-auto". If neutral-map is
244set then the C-bit will be present. Identifier TYPE one of "luid" or
245"use-format." In the case of use-format, the identifier type field is
246present and the effective type is taken from that.
247
248The usage of ila_xlat is:
249
250ip ila add loc_match MATCH loc LOC csum-mode MODE ident-type TYPE
251
252MATCH indicates the incoming locator that must be matched to apply
253a the translaiton. LOC is the locator that overwrites the upper
254sixty-four bits of the destination address. MODE and TYPE have the
255same meanings as described above.
256
257
258Some examples
259=============
260
261# Configure an ILA route that uses checksum neutral mapping as well
262# as type field. Note that the type field is set in the SIR address
263# (the 2000 implies type is 1 which is LUID).
264ip route add 3333:0:0:1:2000:0:1:87/128 encap ila 2001:0:87:0 \
265     csum-mode neutral-map ident-type use-format
266
267# Configure an ILA LWT route that uses auto checksum neutral mapping
268# (no C-bit) and configure identifier type to be LUID so that the
269# identifier type field will not be present.
270ip route add 3333:0:0:1:2000:0:2:87/128 encap ila 2001:0:87:1 \
271     csum-mode neutral-map-auto ident-type luid
272
273ila_xlat configuration
274
275# Configure an ILA to SIR mapping that matches a locator and overwrites
276# it with a SIR address (3333:0:0:1 in this example). The C-bit and
277# identifier field are used.
278ip ila add loc_match 2001:0:119:0 loc 3333:0:0:1 \
279    csum-mode neutral-map-auto ident-type use-format
280
281# Configure an ILA to SIR mapping where checksum neutral is automatically
282# set without the C-bit and the identifier type is configured to be LUID
283# so that the identifier type field is not present.
284ip ila add loc_match 2001:0:119:0 loc 3333:0:0:1 \
285    csum-mode neutral-map-auto ident-type use-format
286