--- /dev/null
+.. SPDX-License-Identifier: GPL-2.0
+
+===================================
+Identifier Locator Addressing (ILA)
+===================================
+
+
+Introduction
+============
+
+Identifier-locator addressing (ILA) is a technique used with IPv6 that
+differentiates between location and identity of a network node. Part of an
+address expresses the immutable identity of the node, and another part
+indicates the location of the node which can be dynamic. Identifier-locator
+addressing can be used to efficiently implement overlay networks for
+network virtualization as well as solutions for use cases in mobility.
+
+ILA can be thought of as means to implement an overlay network without
+encapsulation. This is accomplished by performing network address
+translation on destination addresses as a packet traverses a network. To
+the network, an ILA translated packet appears to be no different than any
+other IPv6 packet. For instance, if the transport protocol is TCP then an
+ILA translated packet looks like just another TCP/IPv6 packet. The
+advantage of this is that ILA is transparent to the network so that
+optimizations in the network, such as ECMP, RSS, GRO, GSO, etc., just work.
+
+The ILA protocol is described in Internet-Draft draft-herbert-intarea-ila.
+
+
+ILA terminology
+===============
+
+ - Identifier
+ A number that identifies an addressable node in the network
+ independent of its location. ILA identifiers are sixty-four
+ bit values.
+
+ - Locator
+ A network prefix that routes to a physical host. Locators
+ provide the topological location of an addressed node. ILA
+ locators are sixty-four bit prefixes.
+
+ - ILA mapping
+ A mapping of an ILA identifier to a locator (or to a
+ locator and meta data). An ILA domain maintains a database
+ that contains mappings for all destinations in the domain.
+
+ - SIR address
+ An IPv6 address composed of a SIR prefix (upper sixty-
+ four bits) and an identifier (lower sixty-four bits).
+ SIR addresses are visible to applications and provide a
+ means for them to address nodes independent of their
+ location.
+
+ - ILA address
+ An IPv6 address composed of a locator (upper sixty-four
+ bits) and an identifier (low order sixty-four bits). ILA
+ addresses are never visible to an application.
+
+ - ILA host
+ An end host that is capable of performing ILA translations
+ on transmit or receive.
+
+ - ILA router
+ A network node that performs ILA translation and forwarding
+ of translated packets.
+
+ - ILA forwarding cache
+ A type of ILA router that only maintains a working set
+ cache of mappings.
+
+ - ILA node
+ A network node capable of performing ILA translations. This
+ can be an ILA router, ILA forwarding cache, or ILA host.
+
+
+Operation
+=========
+
+There are two fundamental operations with ILA:
+
+ - Translate a SIR address to an ILA address. This is performed on ingress
+ to an ILA overlay.
+
+ - Translate an ILA address to a SIR address. This is performed on egress
+ from the ILA overlay.
+
+ILA can be deployed either on end hosts or intermediate devices in the
+network; these are provided by "ILA hosts" and "ILA routers" respectively.
+Configuration and datapath for these two points of deployment is somewhat
+different.
+
+The diagram below illustrates the flow of packets through ILA as well
+as showing ILA hosts and routers::
+
+ +--------+ +--------+
+ | Host A +-+ +--->| Host B |
+ | | | (2) ILA (') | |
+ +--------+ | ...addressed.... ( ) +--------+
+ V +---+--+ . packet . +---+--+ (_)
+ (1) SIR | | ILA |----->-------->---->| ILA | | (3) SIR
+ addressed +->|router| . . |router|->-+ addressed
+ packet +---+--+ . IPv6 . +---+--+ packet
+ / . Network .
+ / . . +--+-++--------+
+ +--------+ / . . |ILA || Host |
+ | Host +--+ . .- -|host|| |
+ | | . . +--+-++--------+
+ +--------+ ................
+
+
+Transport checksum handling
+===========================
+
+When an address is translated by ILA, an encapsulated transport checksum
+that includes the translated address in a pseudo header may be rendered
+incorrect on the wire. This is a problem for intermediate devices,
+including checksum offload in NICs, that process the checksum. There are
+three options to deal with this:
+
+- no action Allow the checksum to be incorrect on the wire. Before
+ a receiver verifies a checksum the ILA to SIR address
+ translation must be done.
+
+- adjust transport checksum
+ When ILA translation is performed the packet is parsed
+ and if a transport layer checksum is found then it is
+ adjusted to reflect the correct checksum per the
+ translated address.
+
+- checksum neutral mapping
+ When an address is translated the difference can be offset
+ elsewhere in a part of the packet that is covered by
+ the checksum. The low order sixteen bits of the identifier
+ are used. This method is preferred since it doesn't require
+ parsing a packet beyond the IP header and in most cases the
+ adjustment can be precomputed and saved with the mapping.
+
+Note that the checksum neutral adjustment affects the low order sixteen
+bits of the identifier. When ILA to SIR address translation is done on
+egress the low order bits are restored to the original value which
+restores the identifier as it was originally sent.
+
+
+Identifier types
+================
+
+ILA defines different types of identifiers for different use cases.
+
+The defined types are:
+
+ 0: interface identifier
+
+ 1: locally unique identifier
+
+ 2: virtual networking identifier for IPv4 address
+
+ 3: virtual networking identifier for IPv6 unicast address
+
+ 4: virtual networking identifier for IPv6 multicast address
+
+ 5: non-local address identifier
+
+In the current implementation of kernel ILA only locally unique identifiers
+(LUID) are supported. LUID allows for a generic, unformatted 64 bit
+identifier.
+
+
+Identifier formats
+==================
+
+Kernel ILA supports two optional fields in an identifier for formatting:
+"C-bit" and "identifier type". The presence of these fields is determined
+by configuration as demonstrated below.
+
+If the identifier type is present it occupies the three highest order
+bits of an identifier. The possible values are given in the above list.
+
+If the C-bit is present, this is used as an indication that checksum
+neutral mapping has been done. The C-bit can only be set in an
+ILA address, never a SIR address.
+
+In the simplest format the identifier types, C-bit, and checksum
+adjustment value are not present so an identifier is considered an
+unstructured sixty-four bit value::
+
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ | Identifier |
+ + +
+ | |
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+
+The checksum neutral adjustment may be configured to always be
+present using neutral-map-auto. In this case there is no C-bit, but the
+checksum adjustment is in the low order 16 bits. The identifier is
+still sixty-four bits::
+
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ | Identifier |
+ | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ | | Checksum-neutral adjustment |
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+
+The C-bit may used to explicitly indicate that checksum neutral
+mapping has been applied to an ILA address. The format is::
+
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ | |C| Identifier |
+ | +-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ | | Checksum-neutral adjustment |
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+
+The identifier type field may be present to indicate the identifier
+type. If it is not present then the type is inferred based on mapping
+configuration. The checksum neutral adjustment may automatically
+used with the identifier type as illustrated below::
+
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ | Type| Identifier |
+ +-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ | | Checksum-neutral adjustment |
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+
+If the identifier type and the C-bit can be present simultaneously so
+the identifier format would be::
+
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ | Type|C| Identifier |
+ +-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ | | Checksum-neutral adjustment |
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+
+
+Configuration
+=============
+
+There are two methods to configure ILA mappings. One is by using LWT routes
+and the other is ila_xlat (called from NFHOOK PREROUTING hook). ila_xlat
+is intended to be used in the receive path for ILA hosts .
+
+An ILA router has also been implemented in XDP. Description of that is
+outside the scope of this document.
+
+The usage of for ILA LWT routes is:
+
+ip route add DEST/128 encap ila LOC csum-mode MODE ident-type TYPE via ADDR
+
+Destination (DEST) can either be a SIR address (for an ILA host or ingress
+ILA router) or an ILA address (egress ILA router). LOC is the sixty-four
+bit locator (with format W:X:Y:Z) that overwrites the upper sixty-four
+bits of the destination address. Checksum MODE is one of "no-action",
+"adj-transport", "neutral-map", and "neutral-map-auto". If neutral-map is
+set then the C-bit will be present. Identifier TYPE one of "luid" or
+"use-format." In the case of use-format, the identifier type field is
+present and the effective type is taken from that.
+
+The usage of ila_xlat is:
+
+ip ila add loc_match MATCH loc LOC csum-mode MODE ident-type TYPE
+
+MATCH indicates the incoming locator that must be matched to apply
+a the translaiton. LOC is the locator that overwrites the upper
+sixty-four bits of the destination address. MODE and TYPE have the
+same meanings as described above.
+
+
+Some examples
+=============
+
+::
+
+ # Configure an ILA route that uses checksum neutral mapping as well
+ # as type field. Note that the type field is set in the SIR address
+ # (the 2000 implies type is 1 which is LUID).
+ ip route add 3333:0:0:1:2000:0:1:87/128 encap ila 2001:0:87:0 \
+ csum-mode neutral-map ident-type use-format
+
+ # Configure an ILA LWT route that uses auto checksum neutral mapping
+ # (no C-bit) and configure identifier type to be LUID so that the
+ # identifier type field will not be present.
+ ip route add 3333:0:0:1:2000:0:2:87/128 encap ila 2001:0:87:1 \
+ csum-mode neutral-map-auto ident-type luid
+
+ ila_xlat configuration
+
+ # Configure an ILA to SIR mapping that matches a locator and overwrites
+ # it with a SIR address (3333:0:0:1 in this example). The C-bit and
+ # identifier field are used.
+ ip ila add loc_match 2001:0:119:0 loc 3333:0:0:1 \
+ csum-mode neutral-map-auto ident-type use-format
+
+ # Configure an ILA to SIR mapping where checksum neutral is automatically
+ # set without the C-bit and the identifier type is configured to be LUID
+ # so that the identifier type field is not present.
+ ip ila add loc_match 2001:0:119:0 loc 3333:0:0:1 \
+ csum-mode neutral-map-auto ident-type use-format
+++ /dev/null
-Identifier Locator Addressing (ILA)
-
-
-Introduction
-============
-
-Identifier-locator addressing (ILA) is a technique used with IPv6 that
-differentiates between location and identity of a network node. Part of an
-address expresses the immutable identity of the node, and another part
-indicates the location of the node which can be dynamic. Identifier-locator
-addressing can be used to efficiently implement overlay networks for
-network virtualization as well as solutions for use cases in mobility.
-
-ILA can be thought of as means to implement an overlay network without
-encapsulation. This is accomplished by performing network address
-translation on destination addresses as a packet traverses a network. To
-the network, an ILA translated packet appears to be no different than any
-other IPv6 packet. For instance, if the transport protocol is TCP then an
-ILA translated packet looks like just another TCP/IPv6 packet. The
-advantage of this is that ILA is transparent to the network so that
-optimizations in the network, such as ECMP, RSS, GRO, GSO, etc., just work.
-
-The ILA protocol is described in Internet-Draft draft-herbert-intarea-ila.
-
-
-ILA terminology
-===============
-
- - Identifier A number that identifies an addressable node in the network
- independent of its location. ILA identifiers are sixty-four
- bit values.
-
- - Locator A network prefix that routes to a physical host. Locators
- provide the topological location of an addressed node. ILA
- locators are sixty-four bit prefixes.
-
- - ILA mapping
- A mapping of an ILA identifier to a locator (or to a
- locator and meta data). An ILA domain maintains a database
- that contains mappings for all destinations in the domain.
-
- - SIR address
- An IPv6 address composed of a SIR prefix (upper sixty-
- four bits) and an identifier (lower sixty-four bits).
- SIR addresses are visible to applications and provide a
- means for them to address nodes independent of their
- location.
-
- - ILA address
- An IPv6 address composed of a locator (upper sixty-four
- bits) and an identifier (low order sixty-four bits). ILA
- addresses are never visible to an application.
-
- - ILA host An end host that is capable of performing ILA translations
- on transmit or receive.
-
- - ILA router A network node that performs ILA translation and forwarding
- of translated packets.
-
- - ILA forwarding cache
- A type of ILA router that only maintains a working set
- cache of mappings.
-
- - ILA node A network node capable of performing ILA translations. This
- can be an ILA router, ILA forwarding cache, or ILA host.
-
-
-Operation
-=========
-
-There are two fundamental operations with ILA:
-
- - Translate a SIR address to an ILA address. This is performed on ingress
- to an ILA overlay.
-
- - Translate an ILA address to a SIR address. This is performed on egress
- from the ILA overlay.
-
-ILA can be deployed either on end hosts or intermediate devices in the
-network; these are provided by "ILA hosts" and "ILA routers" respectively.
-Configuration and datapath for these two points of deployment is somewhat
-different.
-
-The diagram below illustrates the flow of packets through ILA as well
-as showing ILA hosts and routers.
-
- +--------+ +--------+
- | Host A +-+ +--->| Host B |
- | | | (2) ILA (') | |
- +--------+ | ...addressed.... ( ) +--------+
- V +---+--+ . packet . +---+--+ (_)
- (1) SIR | | ILA |----->-------->---->| ILA | | (3) SIR
- addressed +->|router| . . |router|->-+ addressed
- packet +---+--+ . IPv6 . +---+--+ packet
- / . Network .
- / . . +--+-++--------+
- +--------+ / . . |ILA || Host |
- | Host +--+ . .- -|host|| |
- | | . . +--+-++--------+
- +--------+ ................
-
-
-Transport checksum handling
-===========================
-
-When an address is translated by ILA, an encapsulated transport checksum
-that includes the translated address in a pseudo header may be rendered
-incorrect on the wire. This is a problem for intermediate devices,
-including checksum offload in NICs, that process the checksum. There are
-three options to deal with this:
-
-- no action Allow the checksum to be incorrect on the wire. Before
- a receiver verifies a checksum the ILA to SIR address
- translation must be done.
-
-- adjust transport checksum
- When ILA translation is performed the packet is parsed
- and if a transport layer checksum is found then it is
- adjusted to reflect the correct checksum per the
- translated address.
-
-- checksum neutral mapping
- When an address is translated the difference can be offset
- elsewhere in a part of the packet that is covered by
- the checksum. The low order sixteen bits of the identifier
- are used. This method is preferred since it doesn't require
- parsing a packet beyond the IP header and in most cases the
- adjustment can be precomputed and saved with the mapping.
-
-Note that the checksum neutral adjustment affects the low order sixteen
-bits of the identifier. When ILA to SIR address translation is done on
-egress the low order bits are restored to the original value which
-restores the identifier as it was originally sent.
-
-
-Identifier types
-================
-
-ILA defines different types of identifiers for different use cases.
-
-The defined types are:
-
- 0: interface identifier
-
- 1: locally unique identifier
-
- 2: virtual networking identifier for IPv4 address
-
- 3: virtual networking identifier for IPv6 unicast address
-
- 4: virtual networking identifier for IPv6 multicast address
-
- 5: non-local address identifier
-
-In the current implementation of kernel ILA only locally unique identifiers
-(LUID) are supported. LUID allows for a generic, unformatted 64 bit
-identifier.
-
-
-Identifier formats
-==================
-
-Kernel ILA supports two optional fields in an identifier for formatting:
-"C-bit" and "identifier type". The presence of these fields is determined
-by configuration as demonstrated below.
-
-If the identifier type is present it occupies the three highest order
-bits of an identifier. The possible values are given in the above list.
-
-If the C-bit is present, this is used as an indication that checksum
-neutral mapping has been done. The C-bit can only be set in an
-ILA address, never a SIR address.
-
-In the simplest format the identifier types, C-bit, and checksum
-adjustment value are not present so an identifier is considered an
-unstructured sixty-four bit value.
-
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- | Identifier |
- + +
- | |
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-
-The checksum neutral adjustment may be configured to always be
-present using neutral-map-auto. In this case there is no C-bit, but the
-checksum adjustment is in the low order 16 bits. The identifier is
-still sixty-four bits.
-
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- | Identifier |
- | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- | | Checksum-neutral adjustment |
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-
-The C-bit may used to explicitly indicate that checksum neutral
-mapping has been applied to an ILA address. The format is:
-
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- | |C| Identifier |
- | +-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- | | Checksum-neutral adjustment |
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-
-The identifier type field may be present to indicate the identifier
-type. If it is not present then the type is inferred based on mapping
-configuration. The checksum neutral adjustment may automatically
-used with the identifier type as illustrated below.
-
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- | Type| Identifier |
- +-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- | | Checksum-neutral adjustment |
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-
-If the identifier type and the C-bit can be present simultaneously so
-the identifier format would be:
-
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- | Type|C| Identifier |
- +-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- | | Checksum-neutral adjustment |
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-
-
-Configuration
-=============
-
-There are two methods to configure ILA mappings. One is by using LWT routes
-and the other is ila_xlat (called from NFHOOK PREROUTING hook). ila_xlat
-is intended to be used in the receive path for ILA hosts .
-
-An ILA router has also been implemented in XDP. Description of that is
-outside the scope of this document.
-
-The usage of for ILA LWT routes is:
-
-ip route add DEST/128 encap ila LOC csum-mode MODE ident-type TYPE via ADDR
-
-Destination (DEST) can either be a SIR address (for an ILA host or ingress
-ILA router) or an ILA address (egress ILA router). LOC is the sixty-four
-bit locator (with format W:X:Y:Z) that overwrites the upper sixty-four
-bits of the destination address. Checksum MODE is one of "no-action",
-"adj-transport", "neutral-map", and "neutral-map-auto". If neutral-map is
-set then the C-bit will be present. Identifier TYPE one of "luid" or
-"use-format." In the case of use-format, the identifier type field is
-present and the effective type is taken from that.
-
-The usage of ila_xlat is:
-
-ip ila add loc_match MATCH loc LOC csum-mode MODE ident-type TYPE
-
-MATCH indicates the incoming locator that must be matched to apply
-a the translaiton. LOC is the locator that overwrites the upper
-sixty-four bits of the destination address. MODE and TYPE have the
-same meanings as described above.
-
-
-Some examples
-=============
-
-# Configure an ILA route that uses checksum neutral mapping as well
-# as type field. Note that the type field is set in the SIR address
-# (the 2000 implies type is 1 which is LUID).
-ip route add 3333:0:0:1:2000:0:1:87/128 encap ila 2001:0:87:0 \
- csum-mode neutral-map ident-type use-format
-
-# Configure an ILA LWT route that uses auto checksum neutral mapping
-# (no C-bit) and configure identifier type to be LUID so that the
-# identifier type field will not be present.
-ip route add 3333:0:0:1:2000:0:2:87/128 encap ila 2001:0:87:1 \
- csum-mode neutral-map-auto ident-type luid
-
-ila_xlat configuration
-
-# Configure an ILA to SIR mapping that matches a locator and overwrites
-# it with a SIR address (3333:0:0:1 in this example). The C-bit and
-# identifier field are used.
-ip ila add loc_match 2001:0:119:0 loc 3333:0:0:1 \
- csum-mode neutral-map-auto ident-type use-format
-
-# Configure an ILA to SIR mapping where checksum neutral is automatically
-# set without the C-bit and the identifier type is configured to be LUID
-# so that the identifier type field is not present.
-ip ila add loc_match 2001:0:119:0 loc 3333:0:0:1 \
- csum-mode neutral-map-auto ident-type use-format