diff options
author | Francois Clad <fclad@cisco.com> | 2018-01-16 17:52:24 +0100 |
---|---|---|
committer | Damjan Marion <dmarion.lists@gmail.com> | 2018-01-19 20:34:48 +0000 |
commit | ba7992aa62523d014b55802463fb3357c7099b70 (patch) | |
tree | 59f9913c83bd7ab68feec9bab8778151a1b32cc4 /src | |
parent | b4cd4ff74b3493824f35e67a4128f459333fa50a (diff) |
SRv6 static proxy plugin
Change-Id: Ia0654461d9fa36503323a8375997719c873d23b9
Signed-off-by: Francois Clad <fclad@cisco.com>
Diffstat (limited to 'src')
-rw-r--r-- | src/configure.ac | 1 | ||||
-rw-r--r-- | src/plugins/Makefile.am | 4 | ||||
-rw-r--r-- | src/plugins/srv6-as/as.c | 502 | ||||
-rw-r--r-- | src/plugins/srv6-as/as.h | 80 | ||||
-rw-r--r-- | src/plugins/srv6-as/as_plugin_doc.md | 165 | ||||
-rw-r--r-- | src/plugins/srv6-as/node.c | 492 | ||||
-rw-r--r-- | src/plugins/srv6_as.am | 23 |
7 files changed, 1267 insertions, 0 deletions
diff --git a/src/configure.ac b/src/configure.ac index bfd59372084..d28b6c1ccfd 100644 --- a/src/configure.ac +++ b/src/configure.ac @@ -221,6 +221,7 @@ PLUGIN_ENABLED(marvell) PLUGIN_ENABLED(memif) PLUGIN_ENABLED(pppoe) PLUGIN_ENABLED(sixrd) +PLUGIN_ENABLED(srv6as) PLUGIN_ENABLED(nat) PLUGIN_ENABLED(stn) PLUGIN_ENABLED(l2e) diff --git a/src/plugins/Makefile.am b/src/plugins/Makefile.am index 5e54d0e504a..1e3f8764218 100644 --- a/src/plugins/Makefile.am +++ b/src/plugins/Makefile.am @@ -83,6 +83,10 @@ if ENABLE_SIXRD_PLUGIN include sixrd.am endif +if ENABLE_SRV6AS_PLUGIN +include srv6_as.am +endif + if ENABLE_NAT_PLUGIN include nat.am endif diff --git a/src/plugins/srv6-as/as.c b/src/plugins/srv6-as/as.c new file mode 100644 index 00000000000..d027656b6fc --- /dev/null +++ b/src/plugins/srv6-as/as.c @@ -0,0 +1,502 @@ +/* + * Copyright (c) 2015 Cisco and/or its affiliates. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at: + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/* + *------------------------------------------------------------------ + * as.c - SRv6 Static Proxy (AS) function + *------------------------------------------------------------------ + */ + +#include <vnet/vnet.h> +#include <vnet/adj/adj.h> +#include <vnet/plugin/plugin.h> +#include <srv6-as/as.h> + +#define SID_CREATE_IFACE_FEATURE_ERROR -1 +#define SID_CREATE_INVALID_IFACE_TYPE -3 +#define SID_CREATE_INVALID_IFACE_INDEX -4 +#define SID_CREATE_INVALID_ADJ_INDEX -5 + +unsigned char function_name[] = "SRv6-AS-plugin"; +unsigned char keyword_str[] = "End.AS"; +unsigned char def_str[] = + "Endpoint with static proxy to SR-unaware appliance"; +unsigned char params_str[] = + "nh <next-hop> oif <iface-out> iif <iface-in> src <src-addr> next <sid> [next <sid> ...]"; + + +static inline u8 * +prepare_rewrite (ip6_address_t src_addr, ip6_address_t * sid_list, + u8 protocol) +{ + u8 *rewrite_str = NULL; + u32 rewrite_len = IPv6_DEFAULT_HEADER_LENGTH; + + u8 num_sids = vec_len (sid_list); + u32 sr_hdr_len = 0; + + if (num_sids > 1) + { + sr_hdr_len = + sizeof (ip6_sr_header_t) + num_sids * sizeof (ip6_address_t); + rewrite_len += sr_hdr_len; + } + + vec_validate (rewrite_str, rewrite_len - 1); + + /* Fill IP header */ + ip6_header_t *iph = (ip6_header_t *) rewrite_str; + iph->ip_version_traffic_class_and_flow_label = + clib_host_to_net_u32 (0 | ((6 & 0xF) << 28)); + iph->src_address = src_addr; + iph->dst_address = sid_list[0]; + iph->payload_length = sr_hdr_len; + iph->hop_limit = IPv6_DEFAULT_HOP_LIMIT; + + if (num_sids > 1) + { + /* Set Next Header value to Routing Extension */ + iph->protocol = IP_PROTOCOL_IPV6_ROUTE; + + /* Fill SR header */ + ip6_sr_header_t *srh = (ip6_sr_header_t *) (iph + 1); + srh->protocol = protocol; + srh->length = sr_hdr_len / 8 - 1; + srh->type = ROUTING_HEADER_TYPE_SR; + srh->segments_left = num_sids - 1; + srh->first_segment = num_sids - 1; + srh->flags = 0x00; + srh->reserved = 0x00; + + /* Fill segment list */ + ip6_address_t *this_address; + ip6_address_t *addrp = srh->segments + srh->first_segment; + vec_foreach (this_address, sid_list) + { + *addrp = *this_address; + addrp--; + } + } + else + { + /* Set Next Header value to inner protocol */ + iph->protocol = protocol; + } + + return rewrite_str; +} + +static inline void +free_ls_mem (srv6_as_localsid_t * ls_mem) +{ + vec_free (ls_mem->rewrite); + vec_free (ls_mem->sid_list); + clib_mem_free (ls_mem); +} + + +/*****************************************/ +/* SRv6 LocalSID instantiation and removal functions */ +static int +srv6_as_localsid_creation_fn (ip6_sr_localsid_t * localsid) +{ + ip6_sr_main_t *srm = &sr_main; + srv6_as_main_t *sm = &srv6_as_main; + srv6_as_localsid_t *ls_mem = localsid->plugin_mem; + u32 localsid_index = localsid - srm->localsids; + + /* Step 1: Prepare xconnect adjacency for sending packets to the VNF */ + + /* Retrieve the adjacency corresponding to the (OIF, next_hop) */ + adj_index_t nh_adj_index = ADJ_INDEX_INVALID; + if (ls_mem->ip_version == DA_IP4) + nh_adj_index = adj_nbr_add_or_lock (FIB_PROTOCOL_IP4, + VNET_LINK_IP4, &ls_mem->nh_addr, + ls_mem->sw_if_index_out); + else if (ls_mem->ip_version == DA_IP6) + nh_adj_index = adj_nbr_add_or_lock (FIB_PROTOCOL_IP6, + VNET_LINK_IP6, &ls_mem->nh_addr, + ls_mem->sw_if_index_out); + if (nh_adj_index == ADJ_INDEX_INVALID) + { + free_ls_mem (ls_mem); + return SID_CREATE_INVALID_ADJ_INDEX; + } + + ls_mem->nh_adj = nh_adj_index; + + + /* Step 2: Prepare inbound policy for packets returning from the VNF */ + + /* Make sure the provided incoming interface index is valid */ + if (pool_is_free_index (sm->vnet_main->interface_main.sw_interfaces, + ls_mem->sw_if_index_in)) + { + adj_unlock (ls_mem->nh_adj); + free_ls_mem (ls_mem); + return SID_CREATE_INVALID_IFACE_INDEX; + } + + /* Retrieve associated interface structure */ + vnet_sw_interface_t *sw = vnet_get_sw_interface (sm->vnet_main, + ls_mem->sw_if_index_in); + if (sw->type != VNET_SW_INTERFACE_TYPE_HARDWARE) + { + adj_unlock (ls_mem->nh_adj); + free_ls_mem (ls_mem); + return SID_CREATE_INVALID_IFACE_TYPE; + } + + if (ls_mem->ip_version == DA_IP4) + { + /* Enable End.AS4 rewrite node for this interface */ + int ret = + vnet_feature_enable_disable ("ip4-unicast", "srv6-as4-rewrite", + ls_mem->sw_if_index_in, 1, 0, 0); + if (ret != 0) + { + adj_unlock (ls_mem->nh_adj); + free_ls_mem (ls_mem); + return SID_CREATE_IFACE_FEATURE_ERROR; + } + + /* Prepare rewrite string */ + ls_mem->rewrite = prepare_rewrite (ls_mem->src_addr, ls_mem->sid_list, + IP_PROTOCOL_IP_IN_IP); + + /* Associate local SID index to this interface (resize vector if needed) */ + if (ls_mem->sw_if_index_in >= vec_len (sm->sw_iface_localsid4)) + { + vec_resize (sm->sw_iface_localsid4, + (pool_len (sm->vnet_main->interface_main.sw_interfaces) + - vec_len (sm->sw_iface_localsid4))); + } + sm->sw_iface_localsid4[ls_mem->sw_if_index_in] = localsid_index; + } + else if (ls_mem->ip_version == DA_IP6) + { + /* Enable End.AS6 rewrite node for this interface */ + int ret = + vnet_feature_enable_disable ("ip6-unicast", "srv6-as6-rewrite", + ls_mem->sw_if_index_in, 1, 0, 0); + if (ret != 0) + { + adj_unlock (ls_mem->nh_adj); + free_ls_mem (ls_mem); + return SID_CREATE_IFACE_FEATURE_ERROR; + } + + /* Prepare rewrite string */ + ls_mem->rewrite = prepare_rewrite (ls_mem->src_addr, ls_mem->sid_list, + IP_PROTOCOL_IPV6); + + /* Associate local SID index to this interface (resize vector if needed) */ + if (ls_mem->sw_if_index_in >= vec_len (sm->sw_iface_localsid6)) + { + vec_resize (sm->sw_iface_localsid6, + (pool_len (sm->vnet_main->interface_main.sw_interfaces) + - vec_len (sm->sw_iface_localsid6))); + } + sm->sw_iface_localsid6[ls_mem->sw_if_index_in] = localsid_index; + } + + return 0; +} + +static int +srv6_as_localsid_removal_fn (ip6_sr_localsid_t * localsid) +{ + srv6_as_main_t *sm = &srv6_as_main; + srv6_as_localsid_t *ls_mem = localsid->plugin_mem; + + if (ls_mem->ip_version == DA_IP4) + { + /* Disable End.AS4 rewrite node for this interface */ + int ret; + ret = vnet_feature_enable_disable ("ip4-unicast", "srv6-as4-rewrite", + ls_mem->sw_if_index_in, 0, 0, 0); + if (ret != 0) + return -1; + + /* Remove local SID index from interface table */ + sm->sw_iface_localsid4[ls_mem->sw_if_index_in] = ~(u32) 0; + } + else if (ls_mem->ip_version == DA_IP6) + { + /* Disable End.AS6 rewrite node for this interface */ + int ret; + ret = vnet_feature_enable_disable ("ip6-unicast", "srv6-as6-rewrite", + ls_mem->sw_if_index_in, 0, 0, 0); + if (ret != 0) + return -1; + + /* Remove local SID index from interface table */ + sm->sw_iface_localsid6[ls_mem->sw_if_index_in] = ~(u32) 0; + } + + + /* Unlock (OIF, NHOP) adjacency (from sr_localsid.c:103) */ + adj_unlock (ls_mem->nh_adj); + + /* Clean up local SID memory */ + free_ls_mem (ls_mem); + + return 0; +} + +/**********************************/ +/* SRv6 LocalSID format functions */ +/* + * Prints nicely the parameters of a localsid + * Example: print "Table 5" + */ +u8 * +format_srv6_as_localsid (u8 * s, va_list * args) +{ + srv6_as_localsid_t *ls_mem = va_arg (*args, void *); + + vnet_main_t *vnm = vnet_get_main (); + + if (ls_mem->ip_version == DA_IP4) + { + s = + format (s, "Next-hop:\t%U\n", format_ip4_address, + &ls_mem->nh_addr.ip4); + } + else + { + s = + format (s, "Next-hop:\t%U\n", format_ip6_address, + &ls_mem->nh_addr.ip6); + } + + s = format (s, "\tOutgoing iface:\t%U\n", format_vnet_sw_if_index_name, vnm, + ls_mem->sw_if_index_out); + s = format (s, "\tIncoming iface:\t%U\n", format_vnet_sw_if_index_name, vnm, + ls_mem->sw_if_index_in); + s = format (s, "\tSource address:\t%U\n", format_ip6_address, + &ls_mem->src_addr); + + s = format (s, "\tSegment list:\t< "); + ip6_address_t *addr; + vec_foreach (addr, ls_mem->sid_list) + { + s = format (s, "%U, ", format_ip6_address, addr); + } + s = format (s, "\b\b > "); + + return s; +} + +/* + * Process the parameters of a localsid + * Example: process from: + * sr localsid address cafe::1 behavior new_srv6_localsid 5 + * everything from behavior on... so in this case 'new_srv6_localsid 5' + * Notice that it MUST match the keyword_str and params_str defined above. + */ +uword +unformat_srv6_as_localsid (unformat_input_t * input, va_list * args) +{ + void **plugin_mem_p = va_arg (*args, void **); + srv6_as_localsid_t *ls_mem; + + vnet_main_t *vnm = vnet_get_main (); + + u8 ip_version = 0; + ip46_address_t nh_addr; + u32 sw_if_index_out; + u32 sw_if_index_in; + ip6_address_t src_addr; + ip6_address_t next_sid; + ip6_address_t *sid_list = NULL; + + u8 params = 0; +#define PARAM_AS_NH (1 << 0) +#define PARAM_AS_OIF (1 << 1) +#define PARAM_AS_IIF (1 << 2) +#define PARAM_AS_SRC (1 << 3) + + if (!unformat (input, "end.as")) + return 0; + + while (unformat_check_input (input) != UNFORMAT_END_OF_INPUT) + { + if (!(params & PARAM_AS_NH) && unformat (input, "nh %U", + unformat_ip4_address, + &nh_addr.ip4)) + { + ip_version = DA_IP4; + params |= PARAM_AS_NH; + } + if (!(params & PARAM_AS_NH) && unformat (input, "nh %U", + unformat_ip6_address, + &nh_addr.ip6)) + { + ip_version = DA_IP6; + params |= PARAM_AS_NH; + } + else if (!(params & PARAM_AS_OIF) && unformat (input, "oif %U", + unformat_vnet_sw_interface, + vnm, &sw_if_index_out)) + { + params |= PARAM_AS_OIF; + } + else if (!(params & PARAM_AS_IIF) && unformat (input, "iif %U", + unformat_vnet_sw_interface, + vnm, &sw_if_index_in)) + { + params |= PARAM_AS_IIF; + } + else if (!(params & PARAM_AS_SRC) && unformat (input, "src %U", + unformat_ip6_address, + &src_addr)) + { + params |= PARAM_AS_SRC; + } + else if (unformat (input, "next %U", unformat_ip6_address, &next_sid)) + { + vec_add1 (sid_list, next_sid); + } + else + { + break; + } + } + + /* Make sure that all parameters are supplied */ + u8 params_chk = (PARAM_AS_NH | PARAM_AS_OIF | PARAM_AS_IIF | PARAM_AS_SRC); + if ((params & params_chk) != params_chk || sid_list == NULL) + { + vec_free (sid_list); + return 0; + } + + /* Allocate and initialize memory block for local SID parameters */ + ls_mem = clib_mem_alloc_aligned_at_offset (sizeof *ls_mem, 0, 0, 1); + memset (ls_mem, 0, sizeof *ls_mem); + *plugin_mem_p = ls_mem; + + /* Set local SID parameters */ + ls_mem->ip_version = ip_version; + if (ip_version == DA_IP4) + ls_mem->nh_addr.ip4 = nh_addr.ip4; + else + ls_mem->nh_addr.ip6 = nh_addr.ip6; + ls_mem->sw_if_index_out = sw_if_index_out; + ls_mem->sw_if_index_in = sw_if_index_in; + ls_mem->src_addr = src_addr; + ls_mem->sid_list = sid_list; + + return 1; +} + +/*************************/ +/* SRv6 LocalSID FIB DPO */ +static u8 * +format_srv6_as_dpo (u8 * s, va_list * args) +{ + index_t index = va_arg (*args, index_t); + CLIB_UNUSED (u32 indent) = va_arg (*args, u32); + + return (format (s, "SR: static_proxy_index:[%u]", index)); +} + +void +srv6_as_dpo_lock (dpo_id_t * dpo) +{ +} + +void +srv6_as_dpo_unlock (dpo_id_t * dpo) +{ +} + +const static dpo_vft_t srv6_as_vft = { + .dv_lock = srv6_as_dpo_lock, + .dv_unlock = srv6_as_dpo_unlock, + .dv_format = format_srv6_as_dpo, +}; + +const static char *const srv6_as_ip6_nodes[] = { + "srv6-as-localsid", + NULL, +}; + +const static char *const *const srv6_as_nodes[DPO_PROTO_NUM] = { + [DPO_PROTO_IP6] = srv6_as_ip6_nodes, +}; + +/**********************/ +static clib_error_t * +srv6_as_init (vlib_main_t * vm) +{ + srv6_as_main_t *sm = &srv6_as_main; + int rv = 0; + + sm->vlib_main = vm; + sm->vnet_main = vnet_get_main (); + + /* Create DPO */ + sm->srv6_as_dpo_type = dpo_register_new_type (&srv6_as_vft, srv6_as_nodes); + + /* Register SRv6 LocalSID */ + rv = sr_localsid_register_function (vm, + function_name, + keyword_str, + def_str, + params_str, + &sm->srv6_as_dpo_type, + format_srv6_as_localsid, + unformat_srv6_as_localsid, + srv6_as_localsid_creation_fn, + srv6_as_localsid_removal_fn); + if (rv < 0) + clib_error_return (0, "SRv6 LocalSID function could not be registered."); + else + sm->srv6_localsid_behavior_id = rv; + + return 0; +} + +/* *INDENT-OFF* */ +VNET_FEATURE_INIT (srv6_as4_rewrite, static) = +{ + .arc_name = "ip4-unicast", + .node_name = "srv6-as4-rewrite", + .runs_before = 0, +}; + +VNET_FEATURE_INIT (srv6_as6_rewrite, static) = +{ + .arc_name = "ip6-unicast", + .node_name = "srv6-as6-rewrite", + .runs_before = 0, +}; + +VLIB_INIT_FUNCTION (srv6_as_init); + +VLIB_PLUGIN_REGISTER () = { + .version = "1.0", + .description = "Static SRv6 proxy", +}; +/* *INDENT-ON* */ + +/* +* fd.io coding-style-patch-verification: ON +* +* Local Variables: +* eval: (c-set-style "gnu") +* End: +*/ diff --git a/src/plugins/srv6-as/as.h b/src/plugins/srv6-as/as.h new file mode 100644 index 00000000000..8f059187151 --- /dev/null +++ b/src/plugins/srv6-as/as.h @@ -0,0 +1,80 @@ +/* + * Copyright (c) 2015 Cisco and/or its affiliates. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at: + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +#ifndef __included_srv6_as_h__ +#define __included_srv6_as_h__ + +#include <vnet/vnet.h> +#include <vnet/ip/ip.h> +#include <vnet/srv6/sr.h> +#include <vnet/srv6/sr_packet.h> + +#include <vppinfra/error.h> +#include <vppinfra/elog.h> + +#define DA_IP4 4 +#define DA_IP6 6 + +typedef struct +{ + u16 msg_id_base; /**< API message ID base */ + + vlib_main_t *vlib_main; /**< [convenience] vlib main */ + vnet_main_t *vnet_main; /**< [convenience] vnet main */ + + dpo_type_t srv6_as_dpo_type; /**< DPO type */ + + u32 srv6_localsid_behavior_id; /**< SRv6 LocalSID behavior number */ + + u32 *sw_iface_localsid4; /**< Retrieve local SID from iface */ + u32 *sw_iface_localsid6; /**< Retrieve local SID from iface */ +} srv6_as_main_t; + +/* + * This is the memory that will be stored per each localsid + * the user instantiates + */ +typedef struct +{ + ip46_address_t nh_addr; /**< Proxied device address */ + u32 sw_if_index_out; /**< Outgoing iface to proxied dev. */ + u32 nh_adj; /**< Adjacency index for out. iface */ + u8 ip_version; + + u32 sw_if_index_in; /**< Incoming iface from proxied dev. */ + u8 *rewrite; /**< Headers to be rewritten */ + ip6_address_t src_addr; /**< Source address to be restored */ + ip6_address_t *sid_list; /**< SID list to be restored */ + char *sid_list_str; +} srv6_as_localsid_t; + +srv6_as_main_t srv6_as_main; + +format_function_t format_srv6_as_localsid; +unformat_function_t unformat_srv6_as_localsid; + +void srv6_as_dpo_lock (dpo_id_t * dpo); +void srv6_as_dpo_unlock (dpo_id_t * dpo); + +extern vlib_node_registration_t srv6_as_localsid_node; + +#endif /* __included_srv6_as_h__ */ + +/* +* fd.io coding-style-patch-verification: ON +* +* Local Variables: +* eval: (c-set-style "gnu") +* End: +*/ diff --git a/src/plugins/srv6-as/as_plugin_doc.md b/src/plugins/srv6-as/as_plugin_doc.md new file mode 100644 index 00000000000..d8a39496a3d --- /dev/null +++ b/src/plugins/srv6-as/as_plugin_doc.md @@ -0,0 +1,165 @@ +# SRv6 endpoint to SR-unaware appliance via static proxy (End.AS) {#srv6_as_plugin_doc} + +## Overview + +The static proxy is an SR endpoint behavior for processing SR-MPLS or SRv6 +encapsulated traffic on behalf of an SR-unaware service. This proxy thus +receives SR traffic that is formed of an MPLS label stack or an IPv6 header on +top of an inner packet, which can be Ethernet, IPv4 or IPv6. + +A static SR proxy segment is associated with the following mandatory parameters: + +- INNER-TYPE: Inner packet type +- S-ADDR: Ethernet or IP address of the service (only for inner type IPv4 and + IPv6) +- IFACE-OUT: Local interface for sending traffic towards the service +- IFACE-IN: Local interface receiving the traffic coming back from the service +- CACHE: SR information to be attached on the traffic coming back from the + service + +A static SR proxy segment is thus defined for a specific service, inner packet +type and cached SR information. It is also bound to a pair of directed +interfaces on the proxy. These may be both directions of a single interface, or +opposite directions of two different interfaces. The latter is recommended in +case the service is to be used as part of a bi-directional SR SC policy. If the +proxy and the service both support 802.1Q, IFACE-OUT and IFACE-IN can also +represent sub-interfaces. + +The first part of this behavior is triggered when the proxy node receives a +packet whose active segment matches a segment associated with the static proxy +behavior. It removes the SR information from the packet then sends it on a +specific interface towards the associated service. This SR information +corresponds to the full label stack for SR-MPLS or to the encapsulation IPv6 +header with any attached extension header in the case of SRv6. + +The second part is an inbound policy attached to the proxy interface receiving +the traffic returning from the service, IFACE-IN. This policy attaches to the +incoming traffic the cached SR information associated with the SR proxy segment. +If the proxy segment uses the SR-MPLS data plane, CACHE contains a stack of +labels to be pushed on top the packets. With the SRv6 data plane, CACHE is +defined as a source address, an active segment and an optional SRH (tag, +segments left, segment list and metadata). The proxy encapsulates the packets +with an IPv6 header that has the source address, the active segment as +destination address and the SRH as a routing extension header. After the SR +information has been attached, the packets are forwarded according to the active +segment, which is represented by the top MPLS label or the IPv6 Destination +Address. + +In this scenario, there are no restrictions on the operations that can be +performed by the service on the stream of packets. It may operate at all +protocol layers, terminate transport layer connections, generate new packets and +initiate transport layer connections. This behavior may also be used to +integrate an IPv4-only service into an SRv6 policy. However, a static SR proxy +segment can be used in only one service chain at a time. As opposed to most +other segment types, a static SR proxy segment is bound to a unique list of +segments, which represents a directed SR SC policy. This is due to the cached +SR information being defined in the segment configuration. This limitation only +prevents multiple segment lists from using the same static SR proxy segment at +the same time, but a single segment list can be shared by any number of traffic +flows. Besides, since the returning traffic from the service is re- classified +based on the incoming interface, an interface can be used as receiving interface +(IFACE-IN) only for a single SR proxy segment at a time. In the case of a +bi-directional SR SC policy, a different SR proxy segment and receiving +interface are required for the return direction. + +## SRv6 pseudocode + +### Static proxy for inner type Ethernet - End.AS2 + +Upon receiving an IPv6 packet destined for S, where S is an End.AS2 SID, a node +N does: + +``` + 1. IF ENH == 59 THEN ;; Ref1 + 2. Remove the (outer) IPv6 header and its extension headers + 3. Forward the exposed frame on IFACE-OUT + 4. ELSE + 5. Drop the packet +``` + +Ref1: 59 refers to "no next header" as defined by IANA allocation for Internet +Protocol Numbers. + +Upon receiving on IFACE-IN an Ethernet frame with a destination address +different than the interface address, a node N does: + +``` + 1. IF CACHE.SRH THEN ;; Ref2 + 2. Push CACHE.SRH on top of the existing Ethernet header + 3. Set NH value of the pushed SRH to 59 + 4. Push outer IPv6 header with SA, DA and traffic class from CACHE + 5. Set outer payload length and flow label + 6. Set NH value to 43 if an SRH was added, or 59 otherwise + 7. Lookup outer DA in appropriate table and proceed accordingly +``` + +Ref2: CACHE.SRH represents the SRH defined in CACHE, if any, for the static SR +proxy segment associated with IFACE-IN. + +The receiving interface must be configured in promiscuous mode in order to +accept those Ethernet frames. + +### Static proxy for inner type IPv4 - End.AS4 + +Upon receiving an IPv6 packet destined for S, where S is an End.AS4 SID, a node +N does: + +``` + 1. IF ENH == 4 THEN ;; Ref1 + 2. Remove the (outer) IPv6 header and its extension headers + 3. Forward the exposed packet on IFACE-OUT towards S-ADDR + 4. ELSE + 5. Drop the packet +``` + +Ref1: 4 refers to IPv4 encapsulation as defined by IANA allocation for Internet +Protocol Numbers. + +Upon receiving a non link-local IPv4 packet on IFACE-IN, a node N does: + +``` + 1. IF CACHE.SRH THEN ;; Ref2 + 2. Push CACHE.SRH on top of the existing IPv4 header + 3. Set NH value of the pushed SRH to 4 + 4. Push outer IPv6 header with SA, DA and traffic class from CACHE + 5. Set outer payload length and flow label + 6. Set NH value to 43 if an SRH was added, or 4 otherwise + 7. Decrement inner TTL and update checksum + 8. Lookup outer DA in appropriate table and proceed accordingly +``` + +Ref2: CACHE.SRH represents the SRH defined in CACHE, if any, for the static SR +proxy segment associated with IFACE-IN. + +### Static proxy for inner type IPv6 - End.AS6 + +Upon receiving an IPv6 packet destined for S, where S is an End.AS6 SID, a node +N does: + +``` + 1. IF ENH == 41 THEN ;; Ref1 + 2. Remove the (outer) IPv6 header and its extension headers + 3. Forward the exposed packet on IFACE-OUT towards S-ADDR + 4. ELSE + 5. Drop the packet +``` + +Ref1: 41 refers to IPv6 encapsulation as defined by IANA allocation for Internet +Protocol Numbers. + +Upon receiving a non-link-local IPv6 packet on IFACE-IN, a node N does: + +``` + 1. IF CACHE.SRH THEN ;; Ref2 + 2. Push CACHE.SRH on top of the existing IPv6 header + 3. Set NH value of the pushed SRH to 41 + 4. Push outer IPv6 header with SA, DA and traffic class from CACHE + 5. Set outer payload length and flow label + 6. Set NH value to 43 if an SRH was added, or 41 otherwise + 7. Decrement inner Hop Limit + 8. Lookup outer DA in appropriate table and proceed accordingly +``` + +Ref2: CACHE.SRH represents the SRH defined in CACHE, if any, for the static SR +proxy segment associated with IFACE-IN. + diff --git a/src/plugins/srv6-as/node.c b/src/plugins/srv6-as/node.c new file mode 100644 index 00000000000..921799fb7a5 --- /dev/null +++ b/src/plugins/srv6-as/node.c @@ -0,0 +1,492 @@ +/* + * Copyright (c) 2015 Cisco and/or its affiliates. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at: + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +#include <vlib/vlib.h> +#include <vnet/vnet.h> +#include <vppinfra/error.h> +#include <srv6-as/as.h> + + +/******************************* Packet tracing *******************************/ + +typedef struct +{ + u32 localsid_index; +} srv6_as_localsid_trace_t; + +typedef struct +{ + ip6_address_t src, dst; +} srv6_as_rewrite_trace_t; + +static u8 * +format_srv6_as_localsid_trace (u8 * s, va_list * args) +{ + CLIB_UNUSED (vlib_main_t * vm) = va_arg (*args, vlib_main_t *); + CLIB_UNUSED (vlib_node_t * node) = va_arg (*args, vlib_node_t *); + srv6_as_localsid_trace_t *t = va_arg (*args, srv6_as_localsid_trace_t *); + + return format (s, "SRv6-AS-localsid: localsid_index %d", t->localsid_index); +} + +static u8 * +format_srv6_as_rewrite_trace (u8 * s, va_list * args) +{ + CLIB_UNUSED (vlib_main_t * vm) = va_arg (*args, vlib_main_t *); + CLIB_UNUSED (vlib_node_t * node) = va_arg (*args, vlib_node_t *); + srv6_as_rewrite_trace_t *t = va_arg (*args, srv6_as_rewrite_trace_t *); + + return format (s, "SRv6-AS-rewrite: src %U dst %U", + format_ip6_address, &t->src, format_ip6_address, &t->dst); +} + + +/***************************** Nodes registration *****************************/ + +vlib_node_registration_t srv6_as4_rewrite_node; +vlib_node_registration_t srv6_as6_rewrite_node; + + +/****************************** Packet counters *******************************/ + +#define foreach_srv6_as_rewrite_counter \ +_(PROCESSED, "srv6-as rewritten packets") \ +_(NO_RW, "(Error) No header for rewriting.") + +typedef enum +{ +#define _(sym,str) SRV6_AS_REWRITE_COUNTER_##sym, + foreach_srv6_as_rewrite_counter +#undef _ + SRV6_AS_REWRITE_N_COUNTERS, +} srv6_as_rewrite_counters; + +static char *srv6_as_rewrite_counter_strings[] = { +#define _(sym,string) string, + foreach_srv6_as_rewrite_counter +#undef _ +}; + + +/********************************* Next nodes *********************************/ + +typedef enum +{ + SRV6_AS_LOCALSID_NEXT_ERROR, + SRV6_AS_LOCALSID_NEXT_REWRITE4, + SRV6_AS_LOCALSID_NEXT_REWRITE6, + SRV6_AS_LOCALSID_N_NEXT, +} srv6_as_localsid_next_t; + +typedef enum +{ + SRV6_AS_REWRITE_NEXT_ERROR, + SRV6_AS_REWRITE_NEXT_LOOKUP, + SRV6_AS_REWRITE_N_NEXT, +} srv6_as_rewrite_next_t; + + +/******************************* Local SID node *******************************/ + +/** + * @brief Function doing SRH processing for AS behavior + */ +static_always_inline void +end_as_processing (vlib_buffer_t * b0, + ip6_header_t * ip0, + srv6_as_localsid_t * ls0_mem, u32 * next0) +{ + u16 encap_len; + ip6_ext_header_t *ext_hdr; + u8 hdr_type; + + /* Compute encapsulation headers length */ + encap_len = sizeof (ip6_header_t); + ext_hdr = (ip6_ext_header_t *) (ip0 + 1); + hdr_type = ip0->protocol; + + while (ip6_ext_hdr (hdr_type)) + { + encap_len += ip6_ext_header_len (ext_hdr); + hdr_type = ext_hdr->next_hdr; + ext_hdr = ip6_ext_next_header (ext_hdr); + } + + /* Make sure next header is IP */ + if (PREDICT_FALSE (hdr_type != IP_PROTOCOL_IPV6 && + hdr_type != IP_PROTOCOL_IP_IN_IP)) + { + return; + } + + /* Remove IP header and extensions */ + vlib_buffer_advance (b0, encap_len); + + /* Set Xconnect adjacency to VNF */ + vnet_buffer (b0)->ip.adj_index[VLIB_TX] = ls0_mem->nh_adj; + + if (ls0_mem->ip_version == DA_IP4) + *next0 = SRV6_AS_LOCALSID_NEXT_REWRITE4; + else if (ls0_mem->ip_version == DA_IP6) + *next0 = SRV6_AS_LOCALSID_NEXT_REWRITE6; +} + +/** + * @brief SRv6 AS Localsid graph node + */ +static uword +srv6_as_localsid_fn (vlib_main_t * vm, + vlib_node_runtime_t * node, vlib_frame_t * frame) +{ + ip6_sr_main_t *sm = &sr_main; + u32 n_left_from, next_index, *from, *to_next; + u32 cnt_packets = 0; + + from = vlib_frame_vector_args (frame); + n_left_from = frame->n_vectors; + next_index = node->cached_next_index; + + u32 thread_index = vlib_get_thread_index (); + + while (n_left_from > 0) + { + u32 n_left_to_next; + + vlib_get_next_frame (vm, node, next_index, to_next, n_left_to_next); + + /* TODO: Dual/quad loop */ + + while (n_left_from > 0 && n_left_to_next > 0) + { + u32 bi0; + vlib_buffer_t *b0; + ip6_header_t *ip0 = 0; + ip6_sr_localsid_t *ls0; + u32 next0 = SRV6_AS_LOCALSID_NEXT_ERROR; + + bi0 = from[0]; + to_next[0] = bi0; + from += 1; + to_next += 1; + n_left_from -= 1; + n_left_to_next -= 1; + + b0 = vlib_get_buffer (vm, bi0); + ip0 = vlib_buffer_get_current (b0); + + /* Lookup the SR End behavior based on IP DA (adj) */ + ls0 = pool_elt_at_index (sm->localsids, + vnet_buffer (b0)->ip.adj_index[VLIB_TX]); + + /* SRH processing */ + end_as_processing (b0, ip0, ls0->plugin_mem, &next0); + + if (PREDICT_FALSE (b0->flags & VLIB_BUFFER_IS_TRACED)) + { + srv6_as_localsid_trace_t *tr = + vlib_add_trace (vm, node, b0, sizeof *tr); + tr->localsid_index = ls0 - sm->localsids; + } + + /* This increments the SRv6 per LocalSID counters. */ + vlib_increment_combined_counter (((next0 == + SRV6_AS_LOCALSID_NEXT_ERROR) ? + &(sm->sr_ls_invalid_counters) : + &(sm->sr_ls_valid_counters)), + thread_index, ls0 - sm->localsids, + 1, vlib_buffer_length_in_chain (vm, + b0)); + + vlib_validate_buffer_enqueue_x1 (vm, node, next_index, to_next, + n_left_to_next, bi0, next0); + + cnt_packets++; + } + + vlib_put_next_frame (vm, node, next_index, n_left_to_next); + } + + return frame->n_vectors; +} + +/* *INDENT-OFF* */ +VLIB_REGISTER_NODE (srv6_as_localsid_node) = { + .function = srv6_as_localsid_fn, + .name = "srv6-as-localsid", + .vector_size = sizeof (u32), + .format_trace = format_srv6_as_localsid_trace, + .type = VLIB_NODE_TYPE_INTERNAL, + .n_next_nodes = SRV6_AS_LOCALSID_N_NEXT, + .next_nodes = { + [SRV6_AS_LOCALSID_NEXT_REWRITE4] = "ip4-rewrite", + [SRV6_AS_LOCALSID_NEXT_REWRITE6] = "ip6-rewrite", + [SRV6_AS_LOCALSID_NEXT_ERROR] = "error-drop", + }, +}; +/* *INDENT-ON* */ + + +/******************************* Rewriting node *******************************/ + +/** + * @brief Graph node for applying a SR policy into an IPv6 packet. Encapsulation + */ +static uword +srv6_as4_rewrite_fn (vlib_main_t * vm, + vlib_node_runtime_t * node, vlib_frame_t * frame) +{ + ip6_sr_main_t *srm = &sr_main; + srv6_as_main_t *sm = &srv6_as_main; + u32 n_left_from, next_index, *from, *to_next; + u32 cnt_packets = 0; + + from = vlib_frame_vector_args (frame); + n_left_from = frame->n_vectors; + next_index = node->cached_next_index; + + while (n_left_from > 0) + { + u32 n_left_to_next; + + vlib_get_next_frame (vm, node, next_index, to_next, n_left_to_next); + + /* TODO: Dual/quad loop */ + + while (n_left_from > 0 && n_left_to_next > 0) + { + u32 bi0; + vlib_buffer_t *b0; + ip4_header_t *ip0_encap = 0; + ip6_header_t *ip0 = 0; + ip6_sr_localsid_t *ls0; + srv6_as_localsid_t *ls0_mem; + u32 next0 = SRV6_AS_REWRITE_NEXT_LOOKUP; + u16 new_l0 = 0; + + bi0 = from[0]; + to_next[0] = bi0; + from += 1; + to_next += 1; + n_left_from -= 1; + n_left_to_next -= 1; + + b0 = vlib_get_buffer (vm, bi0); + ip0_encap = vlib_buffer_get_current (b0); + ls0 = pool_elt_at_index (srm->localsids, + sm->sw_iface_localsid4[vnet_buffer + (b0)->sw_if_index + [VLIB_RX]]); + ls0_mem = ls0->plugin_mem; + + if (PREDICT_FALSE (ls0_mem == NULL || ls0_mem->rewrite == NULL)) + { + next0 = SRV6_AS_REWRITE_NEXT_ERROR; + b0->error = node->errors[SRV6_AS_REWRITE_COUNTER_NO_RW]; + } + else + { + ASSERT (VLIB_BUFFER_PRE_DATA_SIZE >= + (vec_len (ls0_mem->rewrite) + b0->current_data)); + + clib_memcpy (((u8 *) ip0_encap) - vec_len (ls0_mem->rewrite), + ls0_mem->rewrite, vec_len (ls0_mem->rewrite)); + vlib_buffer_advance (b0, -(word) vec_len (ls0_mem->rewrite)); + + ip0 = vlib_buffer_get_current (b0); + + /* Update inner IPv4 TTL and checksum */ + u32 checksum0; + ip0_encap->ttl -= 1; + checksum0 = ip0_encap->checksum + clib_host_to_net_u16 (0x0100); + checksum0 += checksum0 >= 0xffff; + ip0_encap->checksum = checksum0; + + /* Update outer IPv6 length (in case it has changed) */ + new_l0 = vec_len (ls0_mem->rewrite) - sizeof (ip6_header_t) + + clib_net_to_host_u16 (ip0_encap->length); + ip0->payload_length = clib_host_to_net_u16 (new_l0); + } + + if (PREDICT_FALSE (node->flags & VLIB_NODE_FLAG_TRACE) && + PREDICT_FALSE (b0->flags & VLIB_BUFFER_IS_TRACED)) + { + srv6_as_rewrite_trace_t *tr = + vlib_add_trace (vm, node, b0, sizeof *tr); + clib_memcpy (tr->src.as_u8, ip0->src_address.as_u8, + sizeof tr->src.as_u8); + clib_memcpy (tr->dst.as_u8, ip0->dst_address.as_u8, + sizeof tr->dst.as_u8); + } + + vlib_validate_buffer_enqueue_x1 (vm, node, next_index, to_next, + n_left_to_next, bi0, next0); + + cnt_packets++; + } + + vlib_put_next_frame (vm, node, next_index, n_left_to_next); + } + + /* Update counters */ + vlib_node_increment_counter (vm, srv6_as4_rewrite_node.index, + SRV6_AS_REWRITE_COUNTER_PROCESSED, + cnt_packets); + + return frame->n_vectors; +} + +/* *INDENT-OFF* */ +VLIB_REGISTER_NODE (srv6_as4_rewrite_node) = { + .function = srv6_as4_rewrite_fn, + .name = "srv6-as4-rewrite", + .vector_size = sizeof (u32), + .format_trace = format_srv6_as_rewrite_trace, + .type = VLIB_NODE_TYPE_INTERNAL, + .n_errors = SRV6_AS_REWRITE_N_COUNTERS, + .error_strings = srv6_as_rewrite_counter_strings, + .n_next_nodes = SRV6_AS_REWRITE_N_NEXT, + .next_nodes = { + [SRV6_AS_REWRITE_NEXT_LOOKUP] = "ip6-lookup", + [SRV6_AS_REWRITE_NEXT_ERROR] = "error-drop", + }, +}; +/* *INDENT-ON* */ + + +/** + * @brief Graph node for applying a SR policy into an IPv6 packet. Encapsulation + */ +static uword +srv6_as6_rewrite_fn (vlib_main_t * vm, + vlib_node_runtime_t * node, vlib_frame_t * frame) +{ + ip6_sr_main_t *srm = &sr_main; + srv6_as_main_t *sm = &srv6_as_main; + u32 n_left_from, next_index, *from, *to_next; + u32 cnt_packets = 0; + + from = vlib_frame_vector_args (frame); + n_left_from = frame->n_vectors; + next_index = node->cached_next_index; + + while (n_left_from > 0) + { + u32 n_left_to_next; + + vlib_get_next_frame (vm, node, next_index, to_next, n_left_to_next); + + /* TODO: Dual/quad loop */ + + while (n_left_from > 0 && n_left_to_next > 0) + { + u32 bi0; + vlib_buffer_t *b0; + ip6_header_t *ip0 = 0, *ip0_encap = 0; + ip6_sr_localsid_t *ls0; + srv6_as_localsid_t *ls0_mem; + u32 next0 = SRV6_AS_REWRITE_NEXT_LOOKUP; + u16 new_l0 = 0; + + bi0 = from[0]; + to_next[0] = bi0; + from += 1; + to_next += 1; + n_left_from -= 1; + n_left_to_next -= 1; + + b0 = vlib_get_buffer (vm, bi0); + ip0_encap = vlib_buffer_get_current (b0); + ls0 = pool_elt_at_index (srm->localsids, + sm->sw_iface_localsid6[vnet_buffer + (b0)->sw_if_index + [VLIB_RX]]); + ls0_mem = ls0->plugin_mem; + + if (PREDICT_FALSE (ls0_mem == NULL || ls0_mem->rewrite == NULL)) + { + next0 = SRV6_AS_REWRITE_NEXT_ERROR; + b0->error = node->errors[SRV6_AS_REWRITE_COUNTER_NO_RW]; + } + else + { + ASSERT (VLIB_BUFFER_PRE_DATA_SIZE >= + (vec_len (ls0_mem->rewrite) + b0->current_data)); + + clib_memcpy (((u8 *) ip0_encap) - vec_len (ls0_mem->rewrite), + ls0_mem->rewrite, vec_len (ls0_mem->rewrite)); + vlib_buffer_advance (b0, -(word) vec_len (ls0_mem->rewrite)); + + ip0 = vlib_buffer_get_current (b0); + + /* Update inner IPv6 hop limit */ + ip0_encap->hop_limit -= 1; + + /* Update outer IPv6 length (in case it has changed) */ + new_l0 = vec_len (ls0_mem->rewrite) + + clib_net_to_host_u16 (ip0_encap->payload_length); + ip0->payload_length = clib_host_to_net_u16 (new_l0); + } + + if (PREDICT_FALSE (node->flags & VLIB_NODE_FLAG_TRACE) && + PREDICT_FALSE (b0->flags & VLIB_BUFFER_IS_TRACED)) + { + srv6_as_rewrite_trace_t *tr = + vlib_add_trace (vm, node, b0, sizeof *tr); + clib_memcpy (tr->src.as_u8, ip0->src_address.as_u8, + sizeof tr->src.as_u8); + clib_memcpy (tr->dst.as_u8, ip0->dst_address.as_u8, + sizeof tr->dst.as_u8); + } + + vlib_validate_buffer_enqueue_x1 (vm, node, next_index, to_next, + n_left_to_next, bi0, next0); + + cnt_packets++; + } + + vlib_put_next_frame (vm, node, next_index, n_left_to_next); + } + + /* Update counters */ + vlib_node_increment_counter (vm, srv6_as6_rewrite_node.index, + SRV6_AS_REWRITE_COUNTER_PROCESSED, + cnt_packets); + + return frame->n_vectors; +} + +/* *INDENT-OFF* */ +VLIB_REGISTER_NODE (srv6_as6_rewrite_node) = { + .function = srv6_as6_rewrite_fn, + .name = "srv6-as6-rewrite", + .vector_size = sizeof (u32), + .format_trace = format_srv6_as_rewrite_trace, + .type = VLIB_NODE_TYPE_INTERNAL, + .n_errors = SRV6_AS_REWRITE_N_COUNTERS, + .error_strings = srv6_as_rewrite_counter_strings, + .n_next_nodes = SRV6_AS_REWRITE_N_NEXT, + .next_nodes = { + [SRV6_AS_REWRITE_NEXT_LOOKUP] = "ip6-lookup", + [SRV6_AS_REWRITE_NEXT_ERROR] = "error-drop", + }, +}; +/* *INDENT-ON* */ + +/* +* fd.io coding-style-patch-verification: ON +* +* Local Variables: +* eval: (c-set-style "gnu") +* End: +*/ diff --git a/src/plugins/srv6_as.am b/src/plugins/srv6_as.am new file mode 100644 index 00000000000..09a41b9239e --- /dev/null +++ b/src/plugins/srv6_as.am @@ -0,0 +1,23 @@ +# Copyright (c) 2016 Cisco Systems, Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at: +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +vppplugins_LTLIBRARIES += srv6as_plugin.la + +srv6as_plugin_la_SOURCES = \ + srv6-as/as.c \ + srv6-as/node.c + +noinst_HEADERS += srv6-as/as.h + +# vi:syntax=automake + |