diff options
author | Pablo Camarillo <pcamaril@cisco.com> | 2016-12-07 18:34:18 +0100 |
---|---|---|
committer | Dave Barach <openvpp@barachs.net> | 2017-03-04 00:55:42 +0000 |
commit | fb38095d1c9d1b84850f345f0344f82b9ae2c375 (patch) | |
tree | 374b98350db7c182c9493a219266f1229c52f1ae /src/vnet/sr/sr.h | |
parent | fa5231d75e1530a03a0c4f14706ec58067fa32d0 (diff) |
Evolving SRv6 (Segment Routing for IPv6)
Implements:
1.- SR Policies with several (weighted) SID lists
2.- Binding SID
3.- SR LocalSIDs with support for the following functions
- End
- End.X
- End.DX6
- End.DX4
- End.DX2
- End.DT6
- End.DT2
- End.B6
- End.B6.Encaps
4.- SR Steering policies (to steer a traffic through an SR Policy)
- Support for IPv6 traffic (IPv6 Encapsulation / SRH insertion)
- Support for IPv4 traffic (IPv6 Encapsulation)
- Support for L2 traffic
(T.Insert / T.Encaps)
5.- Doxygen documentation
6.- Framework (APIs) to allow the definition of new SR LocalSID behaviors by means of plugins
7.- Sample SRv6 LocalSID plugin
Change-Id: I2de3d126699d4f11f54c0f7f3b71420ea41fd389
Signed-off-by: Pablo Camarillo <pcamaril@cisco.com>
Diffstat (limited to 'src/vnet/sr/sr.h')
-rwxr-xr-x[-rw-r--r--] | src/vnet/sr/sr.h | 361 |
1 files changed, 194 insertions, 167 deletions
diff --git a/src/vnet/sr/sr.h b/src/vnet/sr/sr.h index 3c50b7358a1..eb781e4bcee 100644..100755 --- a/src/vnet/sr/sr.h +++ b/src/vnet/sr/sr.h @@ -12,256 +12,283 @@ * See the License for the specific language governing permissions and * limitations under the License. */ + /** * @file - * @brief Segment Routing header + * @brief Segment Routing data structures definitions + * */ + #ifndef included_vnet_sr_h #define included_vnet_sr_h #include <vnet/vnet.h> #include <vnet/sr/sr_packet.h> #include <vnet/ip/ip6_packet.h> +#include <vnet/ethernet/ethernet.h> -#include <openssl/opensslconf.h> #include <stdlib.h> #include <string.h> -#include <openssl/crypto.h> -#include <openssl/sha.h> -#include <openssl/opensslv.h> -#include <openssl/hmac.h> +#define IPv6_DEFAULT_HEADER_LENGTH 40 +#define IPv6_DEFAULT_HOP_LIMIT 64 +#define IPv6_DEFAULT_MAX_MASK_WIDTH 128 -/** - * @brief Segment Route tunnel key - */ -typedef struct -{ - ip6_address_t src; - ip6_address_t dst; -} ip6_sr_tunnel_key_t; +#define SR_BEHAVIOR_END 1 +#define SR_BEHAVIOR_X 2 +#define SR_BEHAVIOR_D_FIRST 3 /* Unused. Separator in between regular and D */ +#define SR_BEHAVIOR_DX2 4 +#define SR_BEHAVIOR_DX6 5 +#define SR_BEHAVIOR_DX4 6 +#define SR_BEHAVIOR_DT6 7 +#define SR_BEHAVIOR_DT4 8 +#define SR_BEHAVIOR_LAST 9 /* Must always be the last one */ + +#define SR_STEER_L2 2 +#define SR_STEER_IPV4 4 +#define SR_STEER_IPV6 6 + +#define SR_FUNCTION_SIZE 4 +#define SR_ARGUMENT_SIZE 4 + +#define SR_SEGMENT_LIST_WEIGHT_DEFAULT 1 /** - * @brief Segment Route tunnel + * @brief SR Segment List (SID list) */ typedef struct { - /** src, dst address */ - ip6_sr_tunnel_key_t key; - - /** Pptional tunnel name */ - u8 *name; + ip6_address_t *segments; /**< SIDs (key) */ - /** Mask width for FIB entry */ - u32 dst_mask_width; + u32 weight; /**< SID list weight (wECMP / UCMP) */ - /** First hop, to save 1 elt in the segment list */ - ip6_address_t first_hop; + u8 *rewrite; /**< Precomputed rewrite header */ + u8 *rewrite_bsid; /**< Precomputed rewrite header for bindingSID */ - /** RX Fib index */ - u32 rx_fib_index; - /** TX Fib index */ - u32 tx_fib_index; + dpo_id_t bsid_dpo; /**< DPO for Encaps/Insert for BSID */ + dpo_id_t ip6_dpo; /**< DPO for Encaps/Insert IPv6 */ + dpo_id_t ip4_dpo; /**< DPO for Encaps IPv6 */ +} ip6_sr_sl_t; - /** The actual ip6 SR header */ - u8 *rewrite; +/* SR policy types */ +#define SR_POLICY_TYPE_DEFAULT 0 +#define SR_POLICY_TYPE_SPRAY 1 +/** + * @brief SR Policy + */ +typedef struct +{ + u32 *segments_lists; /**< SID lists indexes (vector) */ - /** Indicates that this tunnel is part of a policy comprising - of multiple tunnels. If == ~0 tunnel is not part of a policy */ - u32 policy_index; + ip6_address_t bsid; /**< BindingSID (key) */ - /** - * The FIB node graph linkage - */ - fib_node_t node; + u8 type; /**< Type (default is 0) */ - /** - * The FIB entry index for the first hop. We track this so we - * don't need an extra lookup for it in the data plane - */ - fib_node_index_t fib_entry_index; + /* SR Policy specific DPO */ + /* IF Type = DEFAULT Then Load Balancer DPO among SID lists */ + /* IF Type = SPRAY then Spray DPO with all SID lists */ + dpo_id_t bsid_dpo; /**< SR Policy specific DPO - BSID */ + dpo_id_t ip4_dpo; /**< SR Policy specific DPO - IPv6 */ + dpo_id_t ip6_dpo; /**< SR Policy specific DPO - IPv4 */ - /** - * This tunnel's sibling index in the children of the FIB entry - */ - u32 sibling_index; + u32 fib_table; /**< FIB table */ - /** - * The DPO contributed by the first-hop FIB entry. - */ - dpo_id_t first_hop_dpo; -} ip6_sr_tunnel_t; + u8 is_encap; /**< Mode (0 is SRH insert, 1 Encaps) */ +} ip6_sr_policy_t; /** - * @brief Shared secret for keyed-hash message authentication code (HMAC). + * @brief SR LocalSID */ typedef struct { - u8 *shared_secret; -} ip6_sr_hmac_key_t; + ip6_address_t localsid; /**< LocalSID IPv6 address */ -/** - * @brief Args required for add/del tunnel. - * - * Else we end up passing a LOT of parameters around. - */ -typedef struct -{ - /** Key (header imposition case) */ - ip6_address_t *src_address; - ip6_address_t *dst_address; - u32 dst_mask_width; - u32 rx_table_id; - u32 tx_table_id; + char end_psp; /**< Combined with End.PSP? */ - /** optional name argument - for referencing SR tunnel/policy by name */ - u8 *name; + u16 behavior; /**< Behavior associated to this localsid */ - /** optional policy name */ - u8 *policy_name; + union + { + u32 sw_if_index; /**< xconnect only */ + u32 vrf_index; /**< vrf only */ + }; - /** segment list, when inserting an ip6 SR header */ - ip6_address_t *segments; + u32 fib_table; /**< FIB table where localsid is registered */ - /** - * "Tag" list, aka segments inserted at the end of the list, - * past last_seg - */ - ip6_address_t *tags; + u32 vlan_index; /**< VLAN tag (not an index) */ - /** Shared secret => generate SHA-256 HMAC security fields */ - u8 *shared_secret; + ip46_address_t next_hop; /**< Next_hop for xconnect usage only */ - /** Flags, e.g. cleanup, policy-list flags */ - u16 flags_net_byte_order; + u32 nh_adj; /**< Next_adj for xconnect usage only */ - /** Delete the tunnnel? */ - u8 is_del; -} ip6_sr_add_del_tunnel_args_t; + void *plugin_mem; /**< Memory to be used by the plugin callback functions */ +} ip6_sr_localsid_t; + +typedef int (sr_plugin_callback_t) (ip6_sr_localsid_t * localsid); /** - * @brief Args for creating a policy. - * - * Typically used for multicast replication. - * ie a multicast address can be associated with a policy, - * then replicated across a number of unicast SR tunnels. + * @brief SR LocalSID behavior registration */ typedef struct { - /** policy name */ - u8 *name; + u16 sr_localsid_function_number; /**< SR LocalSID plugin function (>SR_BEHAVIOR_LAST) */ - /** tunnel names */ - u8 **tunnel_names; + u8 *function_name; /**< Function name. (key). */ - /** Delete the policy? */ - u8 is_del; -} ip6_sr_add_del_policy_args_t; + u8 *keyword_str; /**< Behavior keyword (i.e. End.X) */ + + u8 *def_str; /**< Behavior definition (i.e. Endpoint with cross-connect) */ + + u8 *params_str; /**< Behavior parameters (i.e. <oif> <IP46next_hop>) */ + + dpo_type_t dpo; /**< DPO type registration */ + + format_function_t *ls_format; /**< LocalSID format function */ + + unformat_function_t *ls_unformat; /**< LocalSID unformat function */ + + sr_plugin_callback_t *creation; /**< Function within plugin that will be called after localsid creation*/ + + sr_plugin_callback_t *removal; /**< Function within plugin that will be called before localsid removal */ +} sr_localsid_fn_registration_t; /** - * @brief Segment Routing policy. + * @brief Steering db key * - * Typically used for multicast replication. - * ie a multicast address can be associated with a policy, - * then replicated across a number of unicast SR tunnels. + * L3 is IPv4/IPv6 + mask + * L2 is sf_if_index + vlan */ typedef struct { - /** name of policy */ - u8 *name; - - /** vector to SR tunnel index */ - u32 *tunnel_indices; + union + { + struct + { + ip46_address_t prefix; /**< IP address of the prefix */ + u32 mask_width; /**< Mask width of the prefix */ + u32 fib_table; /**< VRF of the prefix */ + } l3; + struct + { + u32 sw_if_index; /**< Incoming software interface */ + } l2; + }; + u8 traffic_type; /**< Traffic type (IPv4, IPv6, L2) */ +} sr_steering_key_t; -} ip6_sr_policy_t; +typedef struct +{ + sr_steering_key_t classify; /**< Traffic classification */ + u32 sr_policy; /**< SR Policy index */ +} ip6_sr_steering_policy_t; /** - * @brief Args for mapping of multicast address to policy name. - * - * Typically used for multicast replication. - * ie a multicast address can be associated with a policy, - * then replicated across a number of unicast SR tunnels. + * @brief Segment Routing main datastructure */ typedef struct { - /** multicast IP6 address */ - ip6_address_t *multicast_address; + /* ip6-lookup next index for imposition FIB entries */ + u32 ip6_lookup_sr_next_index; - /** name of policy to map to */ - u8 *policy_name; + /* ip6-replicate next index for multicast tunnel */ + u32 ip6_lookup_sr_spray_index; - /** Delete the mapping */ - u8 is_del; + /* IP4-lookup -> SR rewrite next index */ + u32 ip4_lookup_sr_policy_rewrite_encaps_index; + u32 ip4_lookup_sr_policy_rewrite_insert_index; -} ip6_sr_add_del_multicastmap_args_t; + /* IP6-lookup -> SR rewrite next index */ + u32 ip6_lookup_sr_policy_rewrite_encaps_index; + u32 ip6_lookup_sr_policy_rewrite_insert_index; -/** - * @brief Segment Routing state. - */ -typedef struct -{ - /** pool of tunnel instances, sr entry only */ - ip6_sr_tunnel_t *tunnels; + /* L2-input -> SR rewrite next index */ + u32 l2_sr_policy_rewrite_index; + + /* IP6-lookup -> SR LocalSID (SR End processing) index */ + u32 ip6_lookup_sr_localsid_index; - /** find an sr "tunnel" by its outer-IP src/dst */ - uword *tunnel_index_by_key; + /* SR SID lists */ + ip6_sr_sl_t *sid_lists; - /** find an sr "tunnel" by its name */ - uword *tunnel_index_by_name; + /* SR policies */ + ip6_sr_policy_t *sr_policies; - /** policy pool */ - ip6_sr_policy_t *policies; + /* Find an SR policy by its BindingSID */ + ip6_address_t *sr_policy_index_by_key; - /** find a policy by name */ - uword *policy_index_by_policy_name; + /* Pool of SR localsid instances */ + ip6_sr_localsid_t *localsids; - /** multicast address to policy mapping */ - uword *policy_index_by_multicast_address; + /* Find a SR localsid instance based on its functionID */ + ip6_address_t *localsids_index_by_key; - /** hmac key id by shared secret */ - uword *hmac_key_by_shared_secret; + /* Pool of SR steer policies instances */ + ip6_sr_steering_policy_t *steer_policies; - /** ip6-rewrite next index for reinstalling the original dst address */ - u32 ip6_rewrite_sr_next_index; + /* Find a steer policy based on its classifier */ + sr_steering_key_t *steer_policies_index_by_key; - /** application API callback */ - void *sr_local_cb; + /* L2 steering ifaces - sr_policies */ + u32 *sw_iface_sr_policies; - /** validate hmac keys */ - u8 validate_hmac; + /* Spray DPO */ + dpo_type_t sr_pr_spray_dpo_type; - /** pool of hmac keys */ - ip6_sr_hmac_key_t *hmac_keys; + /* Plugin functions */ + sr_localsid_fn_registration_t *plugin_functions; - /** Openssl var */ - EVP_MD *md; - /** Openssl var */ - HMAC_CTX *hmac_ctx; + /* Find plugin function by name */ + uword *plugin_functions_by_key; - /** enable debug spew */ - u8 is_debug; + /* Counters */ + vlib_combined_counter_main_t sr_ls_valid_counters; + vlib_combined_counter_main_t sr_ls_invalid_counters; - /** convenience */ + /* SR Policies FIBs */ + u32 fib_table_ip6; + u32 fib_table_ip4; + + /* convenience */ vlib_main_t *vlib_main; - /** convenience */ vnet_main_t *vnet_main; } ip6_sr_main_t; ip6_sr_main_t sr_main; -format_function_t format_ip6_sr_header; -format_function_t format_ip6_sr_header_with_length; - -vlib_node_registration_t ip6_sr_input_node; - -int ip6_sr_add_del_tunnel (ip6_sr_add_del_tunnel_args_t * a); -int ip6_sr_add_del_policy (ip6_sr_add_del_policy_args_t * a); -int ip6_sr_add_del_multicastmap (ip6_sr_add_del_multicastmap_args_t * a); - -void vnet_register_sr_app_callback (void *cb); - -void sr_fix_hmac (ip6_sr_main_t * sm, ip6_header_t * ip, - ip6_sr_header_t * sr); +extern vlib_node_registration_t sr_policy_rewrite_encaps_node; +extern vlib_node_registration_t sr_policy_rewrite_insert_node; +extern vlib_node_registration_t sr_localsid_node; +extern vlib_node_registration_t sr_localsid_d_node; + +void sr_dpo_lock (dpo_id_t * dpo); +void sr_dpo_unlock (dpo_id_t * dpo); + +int sr_localsid_register_function (vlib_main_t * vm, u8 * fn_name, + u8 * keyword_str, u8 * def_str, + u8 * params_str, dpo_type_t * dpo, + format_function_t * ls_format, + unformat_function_t * ls_unformat, + sr_plugin_callback_t * creation_fn, + sr_plugin_callback_t * removal_fn); + +int +sr_policy_add (ip6_address_t * bsid, ip6_address_t * segments, + u32 weight, u8 behavior, u32 fib_table, u8 is_encap); +int +sr_policy_mod (ip6_address_t * bsid, u32 index, u32 fib_table, + u8 operation, ip6_address_t * segments, u32 sl_index, + u32 weight); +int sr_policy_del (ip6_address_t * bsid, u32 index); + +int sr_cli_localsid (char is_del, ip6_address_t * localsid_addr, + char end_psp, u8 behavior, u32 sw_if_index, + u32 vlan_index, u32 fib_table, ip46_address_t * nh_addr, + void *ls_plugin_mem); + +int +sr_steering_policy (int is_del, ip6_address_t * bsid, u32 sr_policy_index, + u32 table_id, ip46_address_t * prefix, u32 mask_width, + u32 sw_if_index, u8 traffic_type); #endif /* included_vnet_sr_h */ |