/* * Copyright (c) 2016 Cisco and/or its affiliates. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at: * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ /** * lb-plugin implements a MagLev-like load balancer. * http://research.google.com/pubs/pub44824.html * * It hasn't been tested for interoperability with the original MagLev * but intends to provide similar functionality. * The load-balancer receives traffic destined to VIP (Virtual IP) * addresses from one or multiple(ECMP) routers. * The load-balancer tunnels the traffic toward many application servers * ensuring session stickiness (i.e. that a single sessions is tunneled * towards a single application server). * */ #ifndef LB_PLUGIN_LB_LB_H_ #define LB_PLUGIN_LB_LB_H_ #include #include #include #include #include #include #include #include #include #include #include #define LB_DEFAULT_PER_CPU_STICKY_BUCKETS 1 << 10 #define LB_DEFAULT_FLOW_TIMEOUT 40 #define LB_MAPPING_BUCKETS 1024 #define LB_MAPPING_MEMORY_SIZE 64<<20 #define LB_VIP_PER_PORT_BUCKETS 1024 #define LB_VIP_PER_PORT_MEMORY_SIZE 64<<20 typedef enum { LB_NEXT_DROP, LB_N_NEXT, } lb_next_t; typedef enum { LB_NAT4_IN2OUT_NEXT_DROP, LB_NAT4_IN2OUT_NEXT_LOOKUP, LB_NAT4_IN2OUT_N_NEXT, } LB_nat4_in2out_next_t; typedef enum { LB_NAT6_IN2OUT_NEXT_DROP, LB_NAT6_IN2OUT_NEXT_LOOKUP, LB_NAT6_IN2OUT_N_NEXT, } LB_nat6_in2out_next_t; #define foreach_lb_nat_in2out_error \ _(UNSUPPORTED_PROTOCOL, "Unsupported protocol") \ _(IN2OUT_PACKETS, "Good in2out packets processed") \ _(NO_TRANSLATION, "No translation") typedef enum { #define _(sym,str) LB_NAT_IN2OUT_ERROR_##sym, foreach_lb_nat_in2out_error #undef _ LB_NAT_IN2OUT_N_ERROR, } lb_nat_in2out_error_t; /** * lb for kube-proxy supports three types of service */ typedef enum { LB_SRV_TYPE_CLUSTERIP, LB_SRV_TYPE_NODEPORT, LB_SRV_N_TYPES, } lb_svr_type_t; typedef enum { LB4_NODEPORT_NEXT_IP4_NAT4, LB4_NODEPORT_NEXT_DROP, LB4_NODEPORT_N_NEXT, } lb4_nodeport_next_t; typedef enum { LB6_NODEPORT_NEXT_IP6_NAT6, LB6_NODEPORT_NEXT_DROP, LB6_NODEPORT_N_NEXT, } lb6_nodeport_next_t; /** * Each VIP is configured with a set of * application server. */ typedef struct { /** * Registration to FIB event. */ fib_node_t fib_node; /** * Destination address used to tunnel traffic towards * that application server. * The address is also used as ID and pseudo-random * seed for the load-balancing process. */ ip46_address_t address; /** * ASs are indexed by address and VIP Index. * Which means there will be duplicated if the same server * address is used for multiple VIPs. */ u32 vip_index; /** * Some per-AS flags. * For now only LB_AS_FLAGS_USED is defined. */ u8 flags; #define LB_AS_FLAGS_USED 0x1 /** * Rotating timestamp of when LB_AS_FLAGS_USED flag was last set. * * AS removal is based on garbage collection and reference counting. * When an AS is removed, there is a race between configuration core * and worker cores which may still add a reference while it should not * be used. This timestamp is used to not remove the AS while a race condition * may happen. */ u32 last_used; /** * The FIB entry index for the next-hop */ fib_node_index_t next_hop_fib_entry_index; /** * The child index on the FIB entry */ u32 next_hop_child_index; /** * The next DPO in the graph to follow. */ dpo_id_t dpo; } lb_as_t; format_function_t format_lb_as; typedef struct { u32 as_index; } lb_new_flow_entry_t; #define lb_foreach_vip_counter \ _(NEXT_PACKET, "packet from existing sessions", 0) \ _(FIRST_PACKET, "first session packet", 1) \ _(UNTRACKED_PACKET, "untracked packet", 2) \ _(NO_SERVER, "no server configured", 3) typedef enum { #define _(a,b,c) LB_VIP_COUNTER_##a = c, lb_foreach_vip_counter #undef _ LB_N_VIP_COUNTERS } lb_vip_counter_t; typedef enum { LB_ENCAP_TYPE_GRE4, LB_ENCAP_TYPE_GRE6, LB_ENCAP_TYPE_L3DSR, LB_ENCAP_TYPE_NAT4, LB_ENCAP_TYPE_NAT6, LB_ENCAP_N_TYPES, } lb_encap_type_t; /** * Lookup type */ typedef enum { LB_LKP_SAME_IP_PORT, LB_LKP_DIFF_IP_PORT, LB_LKP_ALL_PORT_IP, LB_LKP_N_TYPES, } lb_lkp_type_t; /** * The load balancer supports IPv4 and IPv6 traffic * and GRE4, GRE6, L3DSR and NAT4, NAT6 encap. */ typedef enum { LB_VIP_TYPE_IP6_GRE6, LB_VIP_TYPE_IP6_GRE4, LB_VIP_TYPE_IP4_GRE6, LB_VIP_TYPE_IP4_GRE4, LB_VIP_TYPE_IP4_L3DSR, LB_VIP_TYPE_IP4_NAT4, LB_VIP_TYPE_IP6_NAT6, LB_VIP_N_TYPES, } lb_vip_type_t; format_function_t format_lb_vip_type; unformat_function_t unformat_lb_vip_type; /* args for different vip encap types */ typedef struct { union { struct { /* Service type. clusterip or nodeport */ u8 srv_type; /* Pod's port corresponding to specific service. network byte order */ u16 target_port; }; /* DSCP bits for L3DSR */ u8 dscp; u64 as_u64; }; } lb_vip_encap_args_t; typedef struct { /* all fields in NET byte order */ union { struct { u32 vip_prefix_index; u16 port; u8 protocol; u8 rsv; }; u64 as_u64; }; } vip_port_key_t; /** * Load balancing service is
.. _2017_11_15_dpdkvppandpfsense:

.. toctree::

#########################
DPDK, VPP and pfSense 3.0
#########################

Event
-----

pfSense is a open source firewall/vpn appliance,
based on FreeBSD, started in 2006 with over 1M active installs.
We are basing pfSense release 3.0 on FD.io's VPP,
leveraging key DPDK components including cryptodev,
while adding a CLI and RESTCONF layer, 
leveraging FRRouting and Strongswan.

This presentation was held during the 2017 DPDK Summit
 on September 26th, 2017.

Speakers
--------

* Jim Thompson

Slideshow
---------

`Presentation PDF <dpdksummit.com/Archive/pdf/2017Userspace/DPDK-Userspace2017-Day2-9-pfSense.pdf>`_

Video
-----

`Video Presentation <https://www.youtube.com/watch?v=lMJy8vKm47E>`_
dpo_gre6_port_type; dpo_type_t dpo_l3dsr_type; dpo_type_t dpo_l3dsr_port_type; dpo_type_t dpo_nat4_port_type; dpo_type_t dpo_nat6_port_type; /** * Node type for registering to fib changes. */ fib_node_type_t fib_node_type; /* lookup per_port vip by key */ clib_bihash_8_8_t vip_index_per_port; /* Find a static mapping by AS IP : target_port */ clib_bihash_8_8_t mapping_by_as4; clib_bihash_24_8_t mapping_by_as6; /* Static mapping pool */ lb_snat_mapping_t * snat_mappings; /** * API dynamically registered base ID. */ u16 msg_id_base; clib_spinlock_t writer_lock; /* convenience */ vlib_main_t *vlib_main; vnet_main_t *vnet_main; } lb_main_t; /* args for different vip encap types */ typedef struct { ip46_address_t prefix; u8 plen; u8 protocol; u16 port; lb_vip_type_t type; u32 new_length; lb_vip_encap_args_t encap_args; } lb_vip_add_args_t; extern lb_main_t lb_main; extern vlib_node_registration_t lb4_node; extern vlib_node_registration_t lb6_node; extern vlib_node_registration_t lb4_nodeport_node; extern vlib_node_registration_t lb6_nodeport_node; extern vlib_node_registration_t lb_nat4_in2out_node; extern vlib_node_registration_t lb_nat6_in2out_node; /** * Fix global load-balancer parameters. * @param ip4_address IPv4 source address used for encapsulated traffic * @param ip6_address IPv6 source address used for encapsulated traffic * @param sticky_buckets FIXME * @param flow_timeout FIXME * @return 0 on success. VNET_LB_ERR_XXX on error */ int lb_conf(ip4_address_t *ip4_address, ip6_address_t *ip6_address, u32 sticky_buckets, u32 flow_timeout); int lb_vip_add(lb_vip_add_args_t args, u32 *vip_index); int lb_vip_del(u32 vip_index); int lb_vip_find_index(ip46_address_t *prefix, u8 plen, u8 protocol, u16 port, u32 *vip_index); #define lb_vip_get_by_index(index) (pool_is_free_index(lb_main.vips, index)?NULL:pool_elt_at_index(lb_main.vips, index)) int lb_vip_add_ass(u32 vip_index, ip46_address_t *addresses, u32 n); int lb_vip_del_ass(u32 vip_index, ip46_address_t *addresses, u32 n, u8 flush); int lb_flush_vip_as (u32 vip_index, u32 as_index); u32 lb_hash_time_now(vlib_main_t * vm); void lb_garbage_collection(); int lb_nat4_interface_add_del (u32 sw_if_index, int is_del); int lb_nat6_interface_add_del (u32 sw_if_index, int is_del); format_function_t format_lb_main; #endif /* LB_PLUGIN_LB_LB_H_ */