INTERNET-DRAFT Tom Herbert
Intended Status: Informational Facebook
Expires: September 15, 2016 March 14, 2016
Identifier-locator addressing for network virtualization
draft-herbert-nvo3-ila-02
Abstract
This specification describes identifier-locator addressing (ILA) in
IPv6 for network virtualization. Identifier-locator addressing
differentiates between location and identity of a network node. Part
of an address expresses the immutable identity of the node, and
another part indicates the location of the node which can be dynamic.
Identifier-locator addressing can be used to efficiently implement
overlay networks for network virtualization
Status of this Memo
This Internet-Draft is submitted to IETF in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as
Internet-Drafts.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/1id-abstracts.html
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html
Copyright and License Notice
Copyright (c) 2016 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
Herbert Expires September 15, 2016 [Page 1]
INTERNET DRAFT draft-herbert-nvo3-ila-02 March 14, 2016
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Table of Contents
1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . 3
2 Motivation . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
2.1 Network virtualization . . . . . . . . . . . . . . . . . . . 5
2.1.1 Architecture . . . . . . . . . . . . . . . . . . . . . . 5
2.1.2 Multi-tenant virtualization . . . . . . . . . . . . . . 6
2.2 Data center virtualization . . . . . . . . . . . . . . . . . 6
2.2.1 Address per task . . . . . . . . . . . . . . . . . . . . 6
2.2.2 Job scheduling . . . . . . . . . . . . . . . . . . . . . 7
2.3 Alternative solutions in IPv6 . . . . . . . . . . . . . . . 8
2.3.1 Use flow label for VNID . . . . . . . . . . . . . . . . 8
2.3.2 Using an extension header . . . . . . . . . . . . . . . 8
3 Address formats . . . . . . . . . . . . . . . . . . . . . . . . 9
3.1 ILA format . . . . . . . . . . . . . . . . . . . . . . . . . 9
3.2 Identifier format . . . . . . . . . . . . . . . . . . . . . 10
3.3 Identifier types . . . . . . . . . . . . . . . . . . . . . . 11
3.4 Interface identifiers . . . . . . . . . . . . . . . . . . . 11
3.5 Locally unique identifiers . . . . . . . . . . . . . . . . . 11
3.6 Virtual networking identifiers for IPv4 . . . . . . . . . . 12
3.7 Virtual networking identifiers for IPv6 . . . . . . . . . . 12
3.7.1 Virtual networking identifiers for IPv6 unicast . . . . 12
3.7.2 Virtual networking identifiers for IPv6 multicast . . . 13
3.8 Standard identifier representation addresses . . . . . . . . 14
3.8.1 SIR for locally unique identifiers . . . . . . . . . . . 15
3.8.2 SIR for virtual addresses . . . . . . . . . . . . . . . 15
3.9 Locators . . . . . . . . . . . . . . . . . . . . . . . . . . 16
4 Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
4.1 Identifier to locator mapping . . . . . . . . . . . . . . . 17
4.2 Address translations . . . . . . . . . . . . . . . . . . . . 17
4.2.1 SIR to ILA address translation . . . . . . . . . . . . . 17
4.2.2 ILA to SIR address translation . . . . . . . . . . . . . 18
4.3 Virtual networking operation . . . . . . . . . . . . . . . . 18
4.3.1 Crossing virtual networks . . . . . . . . . . . . . . . 18
4.3.2 IPv4/IPv6 protocol translation . . . . . . . . . . . . . 19
4.4 Transport layer checksums . . . . . . . . . . . . . . . . . 19
4.4.1 Checksum-neutral mapping . . . . . . . . . . . . . . . . 19
4.4.2 Sending an unmodified checksum . . . . . . . . . . . . . 21
Herbert Expires September 15, 2016 [Page 2]
INTERNET DRAFT draft-herbert-nvo3-ila-02 March 14, 2016
4.5 Address selection . . . . . . . . . . . . . . . . . . . . . 21
4.6 SIR address routing . . . . . . . . . . . . . . . . . . . . 21
4.7 Duplicate identifier detection . . . . . . . . . . . . . . . 22
5. Communication scenarios . . . . . . . . . . . . . . . . . . . . 22
5.1 Terminology . . . . . . . . . . . . . . . . . . . . . . . . 22
5.2 Identifier objects . . . . . . . . . . . . . . . . . . . . . 23
5.3 Reference network for scenarios . . . . . . . . . . . . . . 24
5.4 Scenario 1: Task to task . . . . . . . . . . . . . . . . . . 25
5.5 Scenario 2: Task to Internet . . . . . . . . . . . . . . . . 25
5.6 Scenario 3: Internet to task . . . . . . . . . . . . . . . . 25
5.7 Scenario 4: TS to service task . . . . . . . . . . . . . . . 26
5.8 Scenario 5: Task to TS . . . . . . . . . . . . . . . . . . . 26
5.9 Scenario 6: TS to Internet . . . . . . . . . . . . . . . . . 26
5.10 Scenario 7: Internet to TS . . . . . . . . . . . . . . . . 26
5.11 Scenario 8: IPv4 TS to service . . . . . . . . . . . . . . 27
5.12 TS to TS in the same virtual network . . . . . . . . . . . 28
5.12.1 Scenario 9: TS to TS in same VN using IPV6 . . . . . . 28
5.12.2 Scenario 10: TS to TS in same VN using IPv4 . . . . . . 28
5.13 TS to TS in a different virtual networks . . . . . . . . . 28
5.13.1 Scenario 11: TS to TS in a different VNs using IPV6 . . 28
5.13.2 Scenario 12: TS to TS in a different VNs using IPv4 . . 28
5.13.3 Scenario 13: IPv4 TS to IPv6 TS in different VNs . . . 29
6 Security Considerations . . . . . . . . . . . . . . . . . . . . 29
7 IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 30
8 References . . . . . . . . . . . . . . . . . . . . . . . . . . 30
8.1 Normative References . . . . . . . . . . . . . . . . . . . 30
8.2 Informative References . . . . . . . . . . . . . . . . . . 30
9 Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . 31
Appendix A: Task identifier generation . . . . . . . . . . . . . . 31
A.1 Globally unique identifiers method . . . . . . . . . . . . . 31
A.2 Universally Unique Identifiers method . . . . . . . . . . . 33
Appendix B: Task migration considerations . . . . . . . . . . . . 33
B.1 Address migration . . . . . . . . . . . . . . . . . . . . . 33
B.2 Connection migration . . . . . . . . . . . . . . . . . . . . 34
1 Introduction
This specification describes the data path, address formats, and
expected use cases of identifier-locator addressing in IPv6
([RFC2460]). The Identifier-Locator Network Protocol (ILNP)
([RFC6740], [RFC6741]) defines a protocol and operations model for
identifier-locator addressing in IPv6. Many concepts here are taken
from ILNP, however there are some differences in the context of
network virtualization-- for instance in ILA a method to encode a
virtual network identifier and virtual address within an identifier
is defined.
In identifier-locator addressing, an IPv6 address is split into a
Herbert Expires September 15, 2016 [Page 3]
INTERNET DRAFT draft-herbert-nvo3-ila-02 March 14, 2016
locator and an identifier component. The locator indicates the
topological location in the network for a node, and the identifier
indicates the node's identity which refers to the logical or virtual
node in communications. Locators are routable within a network, but
identifiers typically are not. An application addresses a destination
by identifier. Identifiers are mapped to locators for transit in the
network. The on-the-wire address is composed of a locator and an
identifier: the locator is sufficient to route the packet to a
physical host, and the identifier allows the receiving host to
forward the packet to the addressed application.
Identifiers are not statically bound to a host on the network, and in
fact their binding (or location) may change. This is the basis for
network virtualization and address migration. An identifier is mapped
to a locator at any given time, and a set of identifier to locator
mappings is propagated throughout a network to allow communications.
The mappings are kept synchronized so that if an identifier migrates
to a new physical host, its identifier to locator mapping is updated.
In network virtualization, an identifier may further be split into a
virtual network identifier and virtual host address. With identifier-
locator addressing network virtualization can be implemented in an
IPv6 network without any additional encapsulation headers. Packets
sent with identifier-locator addresses look like plain unencapsulated
packets (e.g. TCP/IP packets). This "encapsulation" is transparent to
the network, so protocol specific mechanisms in network hardware work
seamlessly. These mechanisms include hash calculation for ECMP, NIC
large segment offload, checksum offload, etc.
ILA exhibits properties of different networking techniques:
o Network Address Translation
o Source routing
o Encapsulation
Herbert Expires September 15, 2016 [Page 4]
INTERNET DRAFT draft-herbert-nvo3-ila-02 March 14, 2016
2 Motivation
This section highlights the motivation for identifier-locator
addressing.
2.1 Network virtualization
Identifier-locator addressing allows a data plane method to implement
network virtualization without encapsulation and its related
overheads. The service ILA provides is explicitly layer 3 over layer
3 network virtualization (IPv4 or IPv6 over IPv6).
2.1.1 Architecture
The architecture for Network Virtualization over Layer 3 ([NVO3ARCH])
can be applied to network virtualization with ILA.
+--------+ +--------+
| Tenant +--+ +----| Tenant |
| System | | (') | System |
+--------+ | ................ ( ) +--------+
| +-+--+ . . +--+-+ (_)
| | NVE|--. .--| NVE| |
+--| | . . | |---+
+-+--+ . . +--+-+
/ . .
/ . Ipv6 Overlay . +--+-++--------+
+--------+ / . Network . | NVE|| Tenant |
| Tenant +--+ . .- -| || System |
| System | . . +--+-++--------+
+--------+ ................
A Network Virtualization Edge (NVE) [RFC7365] is the entity that
implements the overlay functionality using ILA. An NVE resides at
the boundary between a Tenant System and the IPV6 overlay network as
shown above. An NVE creates and maintains local state about each
Virtual Network for which it is providing service on behalf of a
Tenant System.
As in traditional network virtualization, NVEs are responsible for
transit of tenant's packets through the overlay network. With ILA,
the NVEs perform address translation on packets as opposed to
encapsulation. The ingress NVE will translate the virtual address of
a destination to an ILA address. At the egress NVE, the reverse
translation is performed.
Herbert Expires September 15, 2016 [Page 5]
INTERNET DRAFT draft-herbert-nvo3-ila-02 March 14, 2016
2.1.2 Multi-tenant virtualization
Identifier-locator addressing may be used as an alternative to nvo3
encapsulation protocols (such as GUE [GUE]). In multi-tenant
virtualization, overlay networks are established for various tenants
to create virtual networks and a tenant's nodes are assigned virtual
addresses. Virtual networking identifiers are used to encode a
virtual network identifier and a virtual address in an ILA address.
An advantage of identifier-locator addressing is that the overhead of
encapsulation is reduced and use of virtualization can be transparent
to the underlying network. A downside is that some features that use
additional data in an encapsulation aren't available (security option
in GUE for instance [GUESEC]).
Identifier-locator addressing may be appropriate in network
virtualization where the users are trusted, for instance if virtual
networks were assigned to different departments within an enterprise.
Network virtualization in this context provides a means of isolation
of traffic belonging to different departments of a single tenant. In
this scenario, if the isolation breaks and packets unintentionally
crosses between virtual networks, it would not be considered a
security risk.
2.2 Data center virtualization
A primary motivation for identifier-locator addressing is data center
virtualization. Virtualization within a data center permits
malleability and flexibility in using data center resources. In
particular, identifier-locator addressing virtualizes networking to
allow flexible job scheduling and possibility of live task migration.
2.2.1 Address per task
Managing the port number space for services within a data center is a
nontrivial problem. When a service task is created, it may run on
arbitrary hosts. The typical scenario is that the task will be
started on some machine and will be assigned a port number for its
service. The port number must be chosen dynamically to not conflict
with any other port numbers already assigned to tasks on the same
machine (possibly even other instances of the same service). A
canonical name for the service is entered into a database with the
host address and assigned port. When a client wishes to connect to
the service, it queries the database with the service name to get
both the address of an instance as well as its port number. Note that
DNS is not adequate for the service lookup since it does not provide
port numbers.
Herbert Expires September 15, 2016 [Page 6]
INTERNET DRAFT draft-herbert-nvo3-ila-02 March 14, 2016
With ILA, each service task can be assigned its own IPv6 address and
therefore will logically be assigned the full port space for that
address. This a dramatic simplification since each service can now
use a publicly known port number that does not need to unique between
services or instances. A client can perform a lookup on the service
name to get an IP address of an instance and then connect to that
address using a well known port number. In this case, DNS is
sufficient for directing clients to instances of a service.
Algorithms for the creation of unique address per task are described
in Appendix A.
2.2.2 Job scheduling
In the usual data center model, jobs are scheduled to run as tasks on
some number of machines. A distributed job scheduler provides the
scheduling which may entail considerable complexity since jobs will
often have a variety of resource constraints. The scheduler takes
these constraints into account while trying to maximize utility of
the data center in terms utilization, cost, latency, etc. Data center
jobs do not typically run in virtual machines (VMs), but may run
within containers. Containers are mechanisms that provide resource
isolation between tasks running on the same host OS. These resources
can include CPU, disk, memory, and networking.
A fundamental problem arises in that once a task for a job is
scheduled on a machine, it often needs to run to completion. If the
scheduler needs to schedule a higher priority job or change resource
allocations, there may be little recourse but to kill tasks and
restart them on a different machine. In killing a task, progress is
lost which results in increased latency and wasted CPU cycles. Some
tasks may checkpoint progress to minimize the amount of progress
lost, but this is not a very transparent or general solution.
An alternative approach is to allow transparent job migration. The
scheduler may migrate running jobs from one machine to another.
Under the orchestration of the job scheduler, the steps to migrate a
job may be:
1) Stop running tasks for the job.
2) Package the runtime state of the job. The runtime state is
derived from the containers for the jobs.
3) Send the runtime state of the job to the new machine where the
job is to run.
4) Instantiate the job's state on the new machine.
5) Start the tasks for the job continuing from the point at which
it was stopped.
Herbert Expires September 15, 2016 [Page 7]
INTERNET DRAFT draft-herbert-nvo3-ila-02 March 14, 2016
This model similar to virtual machine (VM) migration except that the
runtime state is typically much less data-- just task state as
opposed to a full OS image. Task state may be compressed to reduce
latency in migration.
The networking state of interest to migrate are the addresses used by
the task and open transport connections. The handling of these at
task migration is discussed in Appendix B.
2.3 Alternative solutions in IPv6
A few alternative solutions have been proposed to provide network
virtualization without encapsulation in IPv6.
2.3.1 Use flow label for VNID
The IPv6 flow label could be used as a 20-bit Virtual Network
Identifier. In this model the addresses may be virtual address within
the specified virtual network. Presumably, the flow-label/addresses
could be used by switches to forward virtually addressed packets.
This has some issues:
o Forwarding virtual packets to their physical location would
require specialized switch support.
o The flow label is only twenty bits, this is too small to be a
discriminator in forwarding a virtual packet to a specific
destination. Conceptually, the flow label might be used in a
type of label switching to solve that.
o The flow label is not considered immutable in transit,
intermediate devices may change it.
o The flow label is not part of the pseudo header for transport
checksum calculation, so it is not be covered by any transport
(or other) checksums.
2.3.2 Using an extension header
To accomplish network virtualization an extension header, probably as
a destination option, could be used that contains the virtual
(destination) address of a packet. The destination address in the
IPv6 header would be the physical address for the location of the
virtual node.
This technique also has some issues:
o Intermediate devices must not insert extension headers
Herbert Expires September 15, 2016 [Page 8]
INTERNET DRAFT draft-herbert-nvo3-ila-02 March 14, 2016
[RFC2460bis]. This would preclude using extension headers in an
NVE that is not co-located with a source host.
o Extension headers introduce additional packet overhead which may
impact performance.
o Extension headers are not covered by transport checksums (as the
address would be) nor any other checksum.
o Extension headers are not widely supported in network hardware
or devices. For instance, several NIC offloads don't work in the
presence of extension headers
3 Address formats
This section describes the address formats associated with
identifier-locator addressing in network virtualization.
3.1 ILA format
As described in ILNP ([RFC6741]) an IPv6 address may be encoded to
hold a locator and identifier where each occupies sixty-four bits. In
ILA, the upper three bits of the identifier indicate an identifier
type. The fourth upper bit of the identifier, the C bit, is used to
indicate that checksum-neutral mapping has been done (see section
4.4).
The IPv6 canonical address format is:
| 64 bits | 64 bits |
+--------------------------------+-------------------------------+
| IPv6 Unicast Routing Prefix | Interface Identifier |
+--------------------------------+-------------------------------+
The address format using ILA is:
| 64 bits |3 bits|1| 60 bits |
+--------------------------------+-------------------------------+
| Locator | Type |C| Identifier |
+----------------------------------------------------------------+
Herbert Expires September 15, 2016 [Page 9]
INTERNET DRAFT draft-herbert-nvo3-ila-02 March 14, 2016
An IPv6 header with an ILA address would then have the format:
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|Version| Traffic Class | Flow Label |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Payload Length | Next Header | Hop Limit |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Source Address |
+ +
| |
+ +
| |
+ +
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Destination Locator |
+ +
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|Type |C| Destination Identifier |
+-+-+-+-+ +
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
3.2 Identifier format
The format of an ILA identifier is:
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type|C| Identifier |
+-+-+-+-+ |
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
o Type: Type of the identifier (see section 3.3).
o C: Checksum-neutral mapping applied
o Identifier: Identifier value.
If the C-bit is set the low order 16-bits of an identifier contain
the adjustment for checksum-neutral mapping. The format of an
identifier with checksum neutral mapping is:
Herbert Expires September 15, 2016 [Page 10]
INTERNET DRAFT draft-herbert-nvo3-ila-02 March 14, 2016
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type|1| Identifier |
+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| | Checksum-neutral adjustment |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
3.3 Identifier types
Defined identifier types are:
0: interface identifier
1: locally unique identifier
2: virtual networking identifier for IPv4 address
3: virtual networking identifier for IPv6 unicast address
4: virtual networking identifier for IPv6 multicast address
5-7: Reserved
3.4 Interface identifiers
The interface identifier type indicates a plain local scope interface
identifier. When this type is used the address is a normal IPv6
address without identifier-locator semantics. The pupose of this type
is to allow normal IPv6 addresses to be defined within the same
networking prefix as ILA addresses. The type bits and C-bit must be
zero, and the format of the other bits (subnetting) would be site-
defined. For example, the format of an interface identifier might be:
/* Local scope interface identifier */
| 64 bits |3 bits|1| 60 bits |
+----------------------------+------+---------------------------+
| Prefix | 0x0 |0| IID |
+---------------------------------------------------------------+
3.5 Locally unique identifiers
Locally unique identifiers (LUI) can be created for various
addressable nodes within a network. These identifiers are in a flat
sixty bit space and must be unique within a domain (unique within a
site for instance). To simplify administration, hierarchical
allocation of locally unique identifiers may be performed.
Herbert Expires September 15, 2016 [Page 11]
INTERNET DRAFT draft-herbert-nvo3-ila-02 March 14, 2016
/* ILA with locally unique identifiers */
| 64 bits |3 bits|1| 60 bits |
+----------------------------+------+---------------------------+
| Locator | 0x1 |C| Locally unique ident. |
+---------------------------------------------------------------+
3.6 Virtual networking identifiers for IPv4
This type defines a format for encoding an IPv4 virtual address and
virtual network identifier within an identifier.
/* ILA for IPv4 virtual networking */
| 64 bits |3 bits|1| 28 bits | 32 bits |
+----------------------------+------+---------------+-----------+
| Locator | 0x2 |C| VNID | VADDR |
+---------------------------------------------------------------+
VNID is a virtual network identifier and VADDR is a virtual address
within the virtual network indicated by the VNID. The VADDR can be an
IPv4 unicast or multicast address, and may often be in a private
address space (i.e. [RFC1918]) used in the virtual network.
3.7 Virtual networking identifiers for IPv6
A virtual network identifier and an IPv6 virtual host address (tenant
visible address) can be encoded within an identifier. Encoding the
virtual host address involves mapping the 128 bit address into a
sixty bit identifier. Different encodings are used for unicast and
multicast addresses.
3.7.1 Virtual networking identifiers for IPv6 unicast
In this format, the virtual network identifier and virtual IPv6
unicast address are encoded within an identifier. To facilitate
encoding of virtual addresses, there is a unique mapping between a
VNID and a ninety-six bit prefix of the virtual address.
/* IPv6 unicast encoding with VNID in ILA */
| 64 bits |3 bits|1| 28 bits | 32 bits |
+------------------------------+------+--------------+-----------+
| Locator | 0x3 |C| VNID | VADDR6L |
+----------------------------------------------------------------+
VADDR6L contains the low order 32 bits of the IPv6 virtual address.
The upper 96 bits of the virtual address inferred from the VNID to
prefix mapping.
The figure below illustrates encoding a tenant IPv6 virtual unicast
Herbert Expires September 15, 2016 [Page 12]
INTERNET DRAFT draft-herbert-nvo3-ila-02 March 14, 2016
address into a ILA address.
/* IPv6 virtual address seen by tenant */
+----------------------------------------------+-----------------+
| Tenant prefix | VADDR6L |
+-----------------------+-------------------------------+--------+
| |
+-prefix to VNID-+ |
| |
v v
+---------------------------+------+-----------+-----------------+
| Locator | 0x3 |C| VNID | VADDR6L |
+----------------------------------------------------------------+
/* Encoded IPv6 virtual address with VNID in ILA */
This encoding is reversible, given an ILA address, the virtual
address visible to the tenant can be deduced:
/* ILA encoded virtual networking address */
+---------------------------+------+-----------+-----------------+
| Locator | 0x3 |C| VNID | VADDR6L |
+----------------------------------------+-----------------------+
| |
+-VNID to prefix-+ |
| |
v v
+----------------------------------------------+-----------------+
| Tenant prefix | VADDR6L |
+----------------------------------------------------------------+
/* IPv6 virtual address seen by tenant */
3.7.2 Virtual networking identifiers for IPv6 multicast
In this format, a virtual network identifier and virtual IPv6
multicast address are encoded within an identifier.
/* IPv6 multicast address with VNID encoding in ILA */
| 64 bits |3 bits|1|28 bits |4 bits| 28 bits |
+--------------------------+------+------------------------------+
| Locator | 0x4 |C| VNID |Scope | MADDR6L |
+----------------------------------------------------------------+
This format encodes an IPv6 multicast address in an identifier. The
scope indicates multicast address scope as defined in [RFC7346].
MADDR6L is the low order 28 bits of the multicast address. The full
multicast address is thus:
ff0<Scope>::0<MADDRL6 high 12 bits>:<MADDRL6 low 16 bits>
Herbert Expires September 15, 2016 [Page 13]
INTERNET DRAFT draft-herbert-nvo3-ila-02 March 14, 2016
And so can encode multicast addresses of the form:
ff0X::0 to ff0X::0fff:ffff
The figure below illustrates encoding a tenant IPv6 virtual multicast
address into an ILA address.
/* IPv6 multicast address */
| 12 bits | 4 bits| 84 bits | 28 bits |
+---------+-------+-----------------------------------+----------+
| 0xfff | Scope | 0's | MADDR6L |
+-------------+---------------------------------------------+----+
| |
+------------------------------------+ |
| |
v v
+--------------------------+------+------------------------------+
| Locator | 0x4 |C| VNID |Scope | MADDR6L |
+----------------------------------------------------------------+
/* IPv6 multicast address with VNID encoding in ILA */
3.8 Standard identifier representation addresses
An identifier serves as the external representation of a network
node. For instance, an identifier may refer to a specific host,
virtual machine, or tenant system. When a host initiates a connection
or sends a packet, it uses the identifier to indicate the peer
endpoint of the communication. The endpoints of an established
connection context also referenced by identifiers. It is only when
the packet is actually being sent over a network that the locator for
the identifier needs to be resolved.
In order to maintain compatibility with existing networking stacks
and applications, identifiers are encoded in IPv6 addresses using a
standard identifier representation (SIR) address. A SIR address is a
combination of a prefix which occupies what would be the locator
portion of an ILA address, and the identifier in its usual location.
/* SIR address in IPv6 */
| 64 bits |3 bits|1| 60 bits |
+--------------------------------+-------------------------------+
| SIR prefix | Type |0| Identifier |
+----------------------------------------------------------------+
Note that the C-bit (checksum-neutral translation) is always 0 for a
SIR address.
A SIR prefix may be site-local, or globally routable. A globally
Herbert Expires September 15, 2016 [Page 14]
INTERNET DRAFT draft-herbert-nvo3-ila-02 March 14, 2016
routable SIR prefix facilitates connectivity between hosts on the
Internet and ILA endpoints. A gateway between a site's network and
the Internet can translate between SIR prefix and locator for an
identifier. A network may have multiple SIR prefixes where each
prefix defines a unique identifier space.
Locators must only be associated with one SIR prefix. This ensures
that if a translation from a SIR address to an ILA address is
performed when sending a packet, the reverse translation at the
receiver yields the same SIR address that was seen at the
transmitter. This also ensures that a reverse checksum-neutral
translation can be performed at a receiver to restore the addresses
that were included in a pseudo header for setting a transport
checksum.
The standard identifier representation address can be used as the
externally visible address for a node. This can used throughout the
network, returned in DNS AAAA records ([RFC3363]), used in logging,
etc. An application can use a SIR address without knowledge that it
encodes an identifier.
3.8.1 SIR for locally unique identifiers
The SIR address for a locally unique identifier has format:
/* SIR address with locally unique identifiers */
| 64 bits |3 bits|1| 60 bits |
+--------------------------------+-------------------------------+
| SIR prefix | 0x1 |0|Locally unique ident. |
+----------------------------------------------------------------+
When using ILA with locally unique identifiers a flow tuple logically
has the form:
(source address, source port,
destination identifier, destination port)
Using standard identifier representation the flow is then represented
with IPv6 addresses:
(source address, source port,
destination SIR address, destination port)
3.8.2 SIR for virtual addresses
An ILA virtual address may be encoded using the standard identifier
representation. For example, the SIR address for an IPv6 virtual
address may be:
Herbert Expires September 15, 2016 [Page 15]
INTERNET DRAFT draft-herbert-nvo3-ila-02 March 14, 2016
/* SIR with IPv6 virtual network encoding */
| 64 bits |3 bits|1| 28 bits | 32 bits |
+------------------------------+------+-------------+------------+
| SIR prefix | 0x3 |0| VNID | VADDRL6 |
+----------------------------------------------------------------+
In a tenant system, a flow tuple would have the form:
(local VADDR, local port, remote VADDR, remote port)
After translating packets for the flow into ILA, the flow would be
identified on-the-wire as:
((local VNID, local VADDR), local port,
(remote VNID, remote VADDR), remote port
A tenant may communicate with a peer in the network which is not in
its virtual network, for instance to reach a network service (see
section 5). In this case the flow tuple at the peer may be:
(local address, local port,
remote SIR address, remote port)
In this example, the remote SIR address is a SIR address for a
virtual networking identifier, however from peer's connectivity
perspective this is not distinguishable from a SIR address with a
locally unique identifier or even a non-ILA address.
3.9 Locators
Locators are routable network address prefixes that address physical
hosts within the network. They may be assigned from a global address
block [RFC3587], or be based on unique local IPv6 unicast addresses
as described in [RFC4193].
/* ILA with a global unicast locator */
|<--------------- Locator --------------->|
|3 bits| N bits | M bits | 61-N-M | 64 bits |
+------+-------------+---------+---------------------------------+
| 001 | Global prefix | Subnet | Host | Identifier |
+------+---------------+---------+--------+----------------------+
/* ILA with a unique local IPv6 unicast locator */
|<--------------- Locator --------->|
| 7 bits |1| 40 bits | 16 bits | 64 bits |
+--------+-+------------+-----------+----------------------------+
| FC00 |L| Global ID | Host | Identifier |
+--------+-+------------+-----------+----------------------------+
Herbert Expires September 15, 2016 [Page 16]
INTERNET DRAFT draft-herbert-nvo3-ila-02 March 14, 2016
4 Operation
This section describes operation methods for using identifier-locator
addressing with network virtualization.
4.1 Identifier to locator mapping
An application initiates a communication or flow using a SIR address
or virtual address for a destination. In order to send a packet on
the network, the destination identifier is mapped to a locator. The
mappings are not expected to change frequently, so it is likely that
locator mappings can be cached in the flow contexts.
Identifier to locator mapping is nearly identical to the mechanism
needed in virtual networking to map a virtual network and virtual
host address to a physical host. These mechanisms should leverage a
common solution.
The mechanisms of propagating and maintaining identifier to locator
mappings are outside the scope of this document.
4.2 Address translations
With ILA, address translation is performed to convert SIR addresses
to ILA addresses, and ILA addresses to SIR addresses. Translation is
done on a destination address as a form of source routing.
4.2.1 SIR to ILA address translation
When transmitting a packet, the locator for the destination ILA
address might need to be set before the packet is sent on the wire.
In the case that packet was created using a standard identifier
representation, the SIR prefix is overridden with a locator. Since
this operation is potentially done for every packet the process
should be very efficient. Presumably, a host will maintain a cache of
identifier locator mappings with a fast lookup function. If there is
a connection state associated with the communication, the locator
information may be cached with the connection state to obviate the
need to perform a lookup per packet.
The typical steps to transmit a packet using ILA are:
1) Host stack creates a packet with source address set to a local
address (possibly a SIR address) for the local identity, and
the destination address is set to the SIR address for the peer.
The peer SIR address may have been discovered through DNS or
other means.
Herbert Expires September 15, 2016 [Page 17]
INTERNET DRAFT draft-herbert-nvo3-ila-02 March 14, 2016
2) An NVE overwrites the SIR prefix in the destination address
with a locator for the peer. This locator is discovered by a
lookup in the locator to identifier mappings.
3) The NVE peforms checksum-neutral mapping if configured for that
(section 4.4).
4) Packet is forwarded on the wire. The network routes the packet
to the host indicated by the locator.
4.2.2 ILA to SIR address translation
Upon reception, an ILA address must be translated back to a SIR
address before upper layer processing.
Receive processing may be:
1) Packet is received, the destination locator matches an
interface address prefix on the host.
2) A lookup is performed on the destination identifier to find if
it addresses a local identifier. If match is found, a SIR
address can be created for the destination (overwrite locator
with a SIR prefix).
3) Perform reverse checksum-neutral mapping if C-bit is set
(section 4.4).
4) Perform any checks as necessary. Validate locators,
identifiers, and check that packet is not illegitimately
crossing virtual networks (see below).
5) Forward packet to application processing. If necessary, the
addresses in the packet can be converted to SIR addresses in
place.
4.3 Virtual networking operation
When using ILA with virtual networking identifiers, address
translation is performed to convert tenant virtual network and
virtual addresses to ILA addresses, and ILA addresses back to a
virtual network and tenant's virtual addresses. Translation may occur
on either source address, destination address, or both (see scenarios
for virtual networking in section 5). Address translation is
performed similar to the SIR translation cases described above.
4.3.1 Crossing virtual networks
Herbert Expires September 15, 2016 [Page 18]
INTERNET DRAFT draft-herbert-nvo3-ila-02 March 14, 2016
With explicit configuration, virtual network hosts may communicate
directly with virtual hosts in another virtual network by using ILA
addresses for virtualization in both the source and destination
addresses. This might be done to allow services in one virtual
network to be accessed from another (by prior agreement between
tenants).
4.3.2 IPv4/IPv6 protocol translation
An IPv4 tenant may send a packet that is converted to an IPv6 packet
with ILA addresses having IPv4 virtual networking identifiers.
Similarly, an IPv6 packet with ILA addresses may be converted to an
IPv4 packet to be received by an IPv4-only tenant. These are
IPv4/IPv6 stateless protocol translations as described in [RFC6144]
and [RFC6145].
4.4 Transport layer checksums
Packets undergoing ILA translation may include transport layer
checksums (e.g. TCP or UDP) that include a pseudo header that is
affected by the translation.
ILA provides two alternatives do deal with this:
o Perform a checksum-neutral mapping by performing a complementary
change modification to a different 16-bit field covered by the
checksum (as described in [RFC6296]).
o Send the checksum as-is, that is send the checksum value based
on the pseudo header before translation.
Some intermediate devices that are not the actual end point of a
transport protocol may attempt to validate transport layer checksums.
In particular, many Network Interface Cards (NICs) have offload
capabilities to validate transport layer checksums (including any
pseudo header) and return a result of validation to the host.
Typically, these devices will not drop packets with bad checksums,
they just pass a result to the host. Checksum offload is a
performance benefit, so if packets have incorrect checksums on the
wire this benefit is lost. With this incentive, applying a checksum-
neutral translation is the recommended alternative. If it is known
that the addresses of a packet are not included in a transport
checksum, for instance a GRE packet is being encapsulated, then a
source may choose not to perform checksum-neutral mapping.
4.4.1 Checksum-neutral mapping
When a change is made to one of the IP header fields in the IPv6
Herbert Expires September 15, 2016 [Page 19]
INTERNET DRAFT draft-herbert-nvo3-ila-02 March 14, 2016
pseudo-header checksum (such as one of the IP addresses), the
checksum field in the transport layer header may become invalid.
Fortunately, an incremental change in the area covered by the
Internet standard checksum [RFC1071] will result in a well-defined
change to the checksum value [RFC1624]. So, a checksum change caused
by modifying part of the area covered by the checksum can be
corrected by making a complementary change to a different 16-bit
field covered by the same checksum.
ILA performs a checksum-neutral mapping when a SIR prefix is
translated to a locator in an IPv6 address, and performs the reverse
mapping when translating a locator back to a SIR prefix. The low
order sixteens bits of the identifier contain the offset to produce a
checksum-neutral translation in ILA.
On transmission, the translation process is:
1) Compute the one's complement difference between the SIR prefix
and the locator. Fold this value to 16 bits (add-with-carry
four 16-bit words of the difference).
2) Add-with-carry the bit-wise not of the 0x1000 (i.e. 0xefff) to
the value from #1. This compensates the checksum for setting
the C-bit.
3) Add-with-carry the bit-wise not of the value from #2 to the low
order sixteen bits of the identifier.
4) Set the resultant value from #3 in the low order sixteen bits
of the identifier and set the C-bit.
Note that the "adjustment" (the 16-bit value set in the identifier in
set #3) is fixed for a given SIR to locator mapping, so the
adjustment value can be saved in an associated data structure for a
mapping and does not need to be computed for each translation.
On reception, if the C-bit is set in an ILA address:
1) Compute the one's complement difference between the locator in
the address and the SIR prefix that the locator is being
translated to. Fold this value to 16 bits (add-with-carry four
16-bit words of the difference).
2) Add-with-carry 0x1000 to the value from #1. This compensates
the checksum for clearing the C-bit.
3) Add-with-carry the bit-wise not of the value from #2 to the low
order sixteen bits of the identifier.
Herbert Expires September 15, 2016 [Page 20]
INTERNET DRAFT draft-herbert-nvo3-ila-02 March 14, 2016
4) Set the resultant value from #3 in the low order sixteen bits
of the identifier and clear the C-bit. This restores the
original identifier sent in the packet.
4.4.2 Sending an unmodified checksum
When sending an unmodified checksum, the checksum is technically
incorrect as viewed in the packet on the wire. At the receiver, ILA
translation of the destination ILA address back to the SIR address
occurs before transport layer processing. In this way when the
transport layer validates the checksum the pseudo header is based on
that of the orignal used to set the checksum. As mentioned above,
intermediate devices are not expected to drop packets due to a bad
transport layer checksum.
4.5 Address selection
There may be multiple possibilities for creating either a source or
destination address. A node may be associated with more than one
identifier, and there may be multiple locators for a particular
identifier. The selection of an identifier occurs at flow creation
and must be invariant for the duration of the flow. Locator selection
should be done once per flow, however may change (in the case of a
migrating connection it will change). ILA address selection should
follow guidelines in Default Address Selection for Internet Protocol
Version 6 (IPv6) ([RFC6724]).
4.6 SIR address routing
ILA is intended to be sufficiently lightweight so that all the hosts
in a data center could potentially send and receive ILA addressed
packets. In order to scale this model and allow for hosts that do not
participate in ILA, a routing topology may be applied. A simple
topology is illustrated below.
+---+-+---+-+
(1) Default SIR route |ILA router |
+->->->->->->->->->| |->->->->-+
| +---+-+---+-+ |
^ . (2) ILA V
| . redirect |
+--------++--+--+ . +--+--++--------+
| || |<........... | || |
| Host || NVE | | NVE || Host |
| || |->->->->->->->->->->->->->| || |
+--------++--+--+ (3) Direct route +--+--++--------+
An ILA router is a node that implements both NVE and NVA (Network
Herbert Expires September 15, 2016 [Page 21]
INTERNET DRAFT draft-herbert-nvo3-ila-02 March 14, 2016
Virtualization Authority). Packets sent with a destination SIR
address are routed to an ILA router (the SIR prefixes may "anycast"
address prefixes to facilitate this routing). When an ILA router
receives a SIR addressed packet it will perform the ILA translation
and send the ILA addressed packet to the destination NVE.
Host NVEs might not be initialized with ILA identifier to locator
mappings. When a host sends a SIR addressed packet, the packet is
routed to an ILA router based on the SIR prefix. The ILA router
provides ILA translation for the SIR prefix (this is shown in (1)
above). In addition to forwarding the ILA packet, the ILA router may
send an "ILA redirect" back to the source (at (2) above). The
redirect indicates the locator to use for the associated identifier.
Subsequently, the NVE at the source host can perform ILA translation
to send directly to the destination NVE thus eliminating triangular
routing (as shown in (3)). The specification of the ILA redirect
message is outside the scope of this document.
4.7 Duplicate identifier detection
As part of implementing the locator to identifier mapping, duplicate
identifier detection may be implemented in a centralized control
plane. A registry of identifiers could be maintained (possibly in
association the identifier to locator mapping database). When a node
creates an identifier it registers the identifier, and when the
identifier is no longer in use (e.g. task completes) the identifier
is unregistered. The control plane should able to detect a
registration attempt for an existing identifier and deny the request.
5. Communication scenarios
This section describes the use of identifier-locator addressing in
several scenarios.
5.1 Terminology
A formal notation for identifier-locator addressing with ILNP is
described in [RFC6740]. We extend this to include for network
virtualization cases.
Basic terms are:
A = IP Address
I = Identifier
L = Locator
LUI = Locally unique identifier
VNI = Virtual network identifier
VA = An IPv4 or IPv6 virtual address
Herbert Expires September 15, 2016 [Page 22]
INTERNET DRAFT draft-herbert-nvo3-ila-02 March 14, 2016
VAX = An IPv6 networking identifier (IPv6 VA mapped to VAX)
SIR = Prefix for standard identifier representation
VNET = IPv6 prefix for a tenant (assumed to be globally routable)
Iaddr = IPv6 address of an Internet host
An ILA IPv6 address is denoted by
L:I
A transport endpoint IPv6 address with a locally unique identifier
with SIR prefix is denoted by
SIR:LUI
A virtual identifier with a virtual network identifier and a virtual
IPv4 address is denoted by
VNI:VA
An ILA IPv6 address with a virtual networking identifier for IPv4
would then be denoted
L:(VNI:VA)
The local and remote address pair in a packet or endpoint is denoted
A,A
An address translation sequence from transport visible addresses to
ILA addresses for transmission on the network and back to transport
endpoint addresses at the receiver has notation:
A,A -> L:I,A -> A,A
5.2 Identifier objects
Identifier-locator addressing is broad enough in scope to address
many different types of networking objects within a data center. For
descriptive purposes we classify these objects as tasks or tenant
systems.
A task is a unit of execution that runs in the data center networks.
These do not run in a virtual machine, but typically run in the
native host context perhaps within containers. Tasks are the
execution mechanism for native jobs in the data center.
A network service is a task that provides some network wide service
such as DNS, remote storage, remote logging, etc. A network service
Herbert Expires September 15, 2016 [Page 23]
INTERNET DRAFT draft-herbert-nvo3-ila-02 March 14, 2016
may be accessed by tenant systems as well as other tasks.
A tenant system, or TS, is a unit of execution which runs on behalf
of a tenant in network virtualization. A TS may be implemented as a
virtual machine or possibly using containers mechanisms. In either
case, a virtual overlay network is implemented on behalf of a tenant,
and isolation between tenants' virtual networks is paramount.
5.3 Reference network for scenarios
Several communication scenarios can be considered:
1) Task to task (service)
2) Task to Internet
3) Internet to task
4) TS to service
5) Task to TS
6) TS to Internet
7) Internet to TS
8) IPv4 TS to service
9) TS to TS in same virtual network using IPv6
10) TS to TS in same virtual network using IPv4
11) TS to TS in different virtual network using IPv6
12) TS to TS in different virtual network using IPv4
13) IPv4 TS to IPv6 TS in different virtual networks
The figure below provides an example network topology with ILA
addressing in use. In this example, there are four hosts in the
network with locators L1, L2, L3, and L4. There three tasks with
identifiers T1, T2, and T3, as well as a networking service task with
identifier T4. The identifiers for these tasks may be locally unique
identifiers. There are two virtual networks VNI1 and VNI2, and four
tenant systems addressed as: VA1 and VA2 in VNI1, VA3 and VA4 in
VNI2. The network is connected to the Internet via a gateway.
` .............
. .
+-----------------+ . Internet . +-----------------+
| Host L1 | . . | Host L2 |
| +-------------+ | ............. | +-------------+ |
| | TS VNI1:VA1 | | | | | TS VNI1:VA2 | |
| +-------------+ +---+ +-----+-----+ +---+ +-------------+ |
| +-------------+ | | | Gateway | | | +-------------+ |
| | Task T1 | | | +-----+-----+ | | | TS VNI2:VA3 | |
| +-------------+ | | | | | +-------------+ |
+-----------------+ | ............. | +-----------------+
+-----. Data .-----+
+-----------------+ . Center . +-----------------+
Herbert Expires September 15, 2016 [Page 24]
INTERNET DRAFT draft-herbert-nvo3-ila-02 March 14, 2016
| Host L3 | +-----. Network .---+ | Host L4 |
| +-------------+ | | ............. | | +-------------+ |
| | Task T2 | | | | | | VM VNI2:VA4 | |
| +-------------+ +---+ +-----| +-------------+ |
| +-------------+ | | +-------------+ |
| | Task T3 | | | | Serv. T4 | |
| +-------------+ | | +-------------+ |
+-----------------+ +-----------------+
5.4 Scenario 1: Task to task
The transport endpoints for task to task communication are the SIR
addresses for the tasks. When a packet is sent on the wire, the
locator is set in the destination address of the packet. On reception
the destination addresses is converted back to SIR representation for
processing at the transport layer.
If task T1 is communicating with task T2, the ILA translation
sequence would be:
SIR:T1,SIR:T2 -> // Transport endpoints on T1
SIR:T1,L3:T2 -> // ILA used on the wire
SIR:T1,SIR:T2 // Received at T2
5.5 Scenario 2: Task to Internet
Communication from a task to the Internet is accomplished through use
of a SIR address (globally routable) in the source address of
packets. No ILA translation is needed in this path.
If task T1 is sending to an address Iaddr on the Internet, the packet
addresses would be:
SIR:T1,Iaddr
5.6 Scenario 3: Internet to task
An Internet host transmits packet to a task using an externally
routable SIR address. The SIR prefix routes the packet to a gateway
for the data center. The gateway translates the destination to an ILA
address.
If a host on the Internet with address Iaddr sends a packet to task
T3, the ILA translation sequence would be:
Iaddr,SIR:T3 -> // Transport endpoint at Iaddr
Iaddr,L1:T3 -> // On the wire in data center
Iaddr,SIR:T3 // Received at T3
Herbert Expires September 15, 2016 [Page 25]
INTERNET DRAFT draft-herbert-nvo3-ila-02 March 14, 2016
5.7 Scenario 4: TS to service task
A tenant can communicate with a data center service using the SIR
address of the service.
If TS VA1 is communicating with service task T4, the ILA translation
sequence would be:
VNET:VA1,SIR:T4-> // Transport endpoints in TS
VNET:VA1,L3:T4-> // On the wire
VNET:VA1,SIR:T4 // Received at T4
Where VNET is the address prefix for the tenant.
Note that from the point of view of the service task there is no
material difference between a peer that is a tenant system versus one
which is another task.
5.8 Scenario 5: Task to TS
A task can communicate with a TS through it's externally visible
address.
If task T2 is communicating with TS VA4, the ILA translation sequence
would be:
SIR:T2,VNET:VA4 -> // Transport endpoints at T2
SIR:T2,L4:(VNI2:VAX4) -> // On the wire
SIR:T2,VNET:VA4 // Received at TS
5.9 Scenario 6: TS to Internet
Communication from a TS to the Internet assumes that the VNET for the
TS is globally routable, hence no ILA translation would be needed.
If TS VA4 sends a packet to the Internet, the addresses would be:
VNET:VA4,Iaddr
5.10 Scenario 7: Internet to TS
An Internet host transmits a packet to a tenant system using an
externally routable tenant prefix and address. The prefix routes the
packet to a gateway for the data center. The gateway translates the
destination to an ILA address.
If a host on the Internet with address Iaddr is sending to TS VA4,
the ILA translation sequence would be:
Herbert Expires September 15, 2016 [Page 26]
INTERNET DRAFT draft-herbert-nvo3-ila-02 March 14, 2016
Iaddr,VNET:VA4 -> // Endpoint at Iaddr
Iaddr,L4:(VNI2:VAX4) -> // On the wire in data center
Iaddr,VNET:VA4 // Received at TS
5.11 Scenario 8: IPv4 TS to service
A TS that is IPv4-only may communicate with a data center network
service using protocol translation. The network service would be
represented as an IPv4 address in the tenant's address space, and
stateless NAT64 should be usable as described in [RFC6145].
If TS VA2 communicates with service task T4, the ILA translation
sequence would be:
VA2,ADDR4 -> // IPv4 endpoints at TS
SIR:(VNI1:VA2),L4:T4 -> // On the wire in data center
SIR:(VNI1:VA2),SIR:T4 // Received at task
VA2 is the IPv4 address in the tenant's virtual network, ADDR4 is an
address in the tenant's address space that maps to the network
service.
The reverse path, task sending to a TS with an IPv4 address, requires
a similar protocol translation.
For service task T4 to communicate with TS VA2, the ILA translation
sequence would be:
SIR:T4,SIR:(VNI1:VA2) -> // Endpoints at T4
SIR:T4,L2:(VNI1:VA2) -> // On the wire in data center
ADDR4,VA2 // IPv4 endpoint at TS
Herbert Expires September 15, 2016 [Page 27]
INTERNET DRAFT draft-herbert-nvo3-ila-02 March 14, 2016
5.12 TS to TS in the same virtual network
ILA may be used to allow tenants within a virtual network to
communicate without the need for explicit encapsulation headers.
5.12.1 Scenario 9: TS to TS in same VN using IPV6
If TS VA1 sends a packet to TS VA2, the ILA translation sequence
would be:
VNET:VA1,VNET:VA2 -> // Endpoints at VA1
VNET:VA1,L2:(VNI1,VAX2) -> // On the wire
VNET:VA1,VNET:VA2 -> // Received at VA2
5.12.2 Scenario 10: TS to TS in same VN using IPv4
For two tenant systems to communicate using IPv4 and ILA, IPv4/IPv6
protocol translation is done both on the transmit and receive.
If TS VA1 sends an IPv4 packet to TS VA2, the ILA translation
sequence would be:
VA1,VA2 -> // Endpoints at VA1
SIR:(VNI1:VA1),L2:(VNI1,VA2) -> // On the wire
VA1,VA2 // Received at VA2
5.13 TS to TS in a different virtual networks
A tenant system may be allowed to communicate with another tenant
system in a different virtual network. This should only be allowed
with explicit policy configuration.
5.13.1 Scenario 11: TS to TS in a different VNs using IPV6
For TS VA4 to communicate with TS VA1 using IPv6 the translation
sequence would be:
VNET2:VA4,VNET1:VA1-> // Endpoint at VA4
VNET2:VA4,L1:(VNI1,VAX1)-> // On the wire
VNET2:VA4,VNET1:VA1 // Received at VA1
Note that this assumes that VNET1 and VNET2 are globally routable
between the two virtual networks.
5.13.2 Scenario 12: TS to TS in a different VNs using IPv4
To allow IPv4 tenant systems in different virtual networks to
communicate with each other, an address representing the peer would
Herbert Expires September 15, 2016 [Page 28]
INTERNET DRAFT draft-herbert-nvo3-ila-02 March 14, 2016
be mapped into the tenant's address space. IPv4/IPv6 protocol
translation is done on transmit and receive.
For TS VA4 to communicate with TS VA1 using IPv4 the translation
sequence may be:
VA4,SADDR1 -> // IPv4 endpoint at VA4
SIR:(VNI2:VA4),L1:(VNI1,VA1)-> // On the wire
SADDR4,VA1 // Received at VA1
SADDR1 is the mapped address for VA1 in VA4's address space, and
SADDR4 is the mapped address for VA4 in VA1's address space.
5.13.3 Scenario 13: IPv4 TS to IPv6 TS in different VNs
Communication may also be mixed so that an IPv4 tenant system can
communicate with an IPv6 tenant system in another virtual network.
IPv4/IPv6 protocol translation is done on transmit.
For VM VA4 using IPv4 to communicate with VM VA1 using IPv6 the
translation sequence may be:
VA4,SADDR1 -> // IPv4 endpoint at VA4
SIR:(VNI2:VA4),L1:(VNI1,VAX1)-> // On the wire
SIR:(VNI2:VA4),VNET1:VA1 // Received at VA1
SADDR1 is the mapped IPv4 address for VA1 in VA4's address space.
6 Security Considerations
Security must be considered when using identifier-locator addressing.
In particular, the risk of address spoofing or address corruption
must be addressed. To classify this risk the set possible
destinations for a packet are classified as trusted or untrusted. The
set of possible destinations includes those that a packet may
inadvertently be sent due to address or header corruption.
If the set of possible destinations are trusted then packet
misdelivery is considered relatively innocuous. This might be the
case in a data center if all nodes were tightly controlled under
single management. Identifier-locator addressing can be used in this
case without further additional security.
If the set of possible destinations contains untrusted hosts, then
packet misdelivery could be a risk. This may be the case that virtual
machines with untrusted third party applications or OSes are running
in the network. A malicious user may be snooping for misdelivered
packets, or may attempt to spoof addresses. Identifier-locator
Herbert Expires September 15, 2016 [Page 29]
INTERNET DRAFT draft-herbert-nvo3-ila-02 March 14, 2016
addressing should be used with stronger security and isolation
mechanisms such as IPsec or GUESEC.
7 IANA Considerations
There are no IANA considerations in this specification.
8 References
8.1 Normative References
[RFC2460] Deering, S. and R. Hinden, "Internet Protocol, Version 6
(IPv6) Specification", RFC 2460, December 1998.
[RFC2460bis] Deering, S. and R. Hinden, "Internet Protocol, Version 6
(IPv6) Specification", draft-ietf-6man-rfc2460bis-03,
January 2016.
[RFC4291] Hinden, R. and S. Deering, "IP Version 6 Addressing
Architecture", RFC 4291, February 2006.
[RFC6296] Wasserman, M. and F. Baker, "IPv6-to-IPv6 Network Prefix
Translation", RFC 6296, June 2011.
[RFC1071] Braden, R., Borman, D., Partridge, C., and W. Plummer,
"Computing the Internet checksum", RFC 1071, September
1988.
[RFC1624] Rijsinghani, A., "Computation of the Internet Checksum
via Incremental Update", RFC 1624, May 1994.
[RFC6724] Thaler, D., Ed., Draves, R., Matsumoto, A., and T. Chown,
"Default Address Selection for Internet Protocol Version
6 (IPv6)", RFC 6724, September 2012.
8.2 Informative References
[RFC6740] RJ Atkinson and SN Bhatti, "Identifier-Locator Network
Protocol (ILNP) Architectural Description", RFC 6740,
November 2012.
[RFC6741] RJ Atkinson and SN Bhatti, "Identifier-Locator Network
Protocol (ILNP) Engineering Considerations", RFC 6741,
November 2012.
[RFC1918] Rekhter, Y., Moskowitz, B., Karrenberg, D., de Groot, G.,
and E. Lear, "Address Allocation for Private Internets",
BCP 5, RFC 1918, February 1996.
Herbert Expires September 15, 2016 [Page 30]
INTERNET DRAFT draft-herbert-nvo3-ila-02 March 14, 2016
[RFC3363] Bush, R., Durand, A., Fink, B., Gudmundsson, O., and T.
Hain, "Representing Internet Protocol version 6 (IPv6)
Addresses in the Domain Name System (DNS)", RFC 3363,
August 2002.
[RFC3587] Hinden, R., Deering, S., and E. Nordmark, "IPv6 Global
Unicast Address Format", RFC 3587, August 2003.
[RFC4193] Hinden, R. and B. Haberman, "Unique Local IPv6 Unicast
Addresses", RFC 4193, October 2005.
[RFC6144] Baker, F., Li, X., Bao, C., and K. Yin, "Framework for
IPv4/IPv6 Translation", RFC 6144, April 2011.
[NVO3ARCH] Black, D., Hudson, J., Kreeger, L., Lasserre, M., and
Narten, T., "An Architecture for Overlay Networks
(NVO3)", draft-ietf-nvo3-arch-03
[GUE] Herbert, T., and Yong, L., "Generic UDP Encapsulation",
draft-herbert-gue-02, work in progress.
[GUESEC] Yong, L., and Herbert, T. "Generic UDP Encapsulation (GUE)
for Secure Transport", draft-hy-gue-4-secure-transport-
00, work in progress
9 Acknowledgments
The author would like to thank Mark Smith, Lucy Yong, Erik Kline,
Saleem Bhatti, Petr Lapukhov, Blake Matheny,Doug Porter, and Fred
Baker for their insightful comments for this draft; Roy Bryant,
Lorenzo Colitti, Mahesh Bandewar, and Erik Kline for their work on
defining and applying ILA.
Appendix A: Task identifier generation
Potentially every task in a data center could be migratable as long
as each task is assigned a unique identifier. Since an ILA identifier
is sixty bits it is conceivable that identifiers could be allocated
using a shared counter or based on a timestamp.
A.1 Globally unique identifiers method
For small to moderate sized deployments the technique for creating
locally assigned global identifiers described in [RFC4193] could be
used. In this technique a SHA-1 digest of the time of day in NTP
format and an EUI-64 identifier of the local host is performed. N
bits of the result are used as the globally unique identifier.
Herbert Expires September 15, 2016 [Page 31]
INTERNET DRAFT draft-herbert-nvo3-ila-02 March 14, 2016
The probability that two or more of these IDs will collide can be
approximated using the formula:
P = 1 - exp(-N**2 / 2**(L+1))
where P is the probability of collision, N is the number of
identifiers, and L is the length of an identifier.
The following table shows the probability of a collision for a range
of identifiers using a 60-bit length.
Herbert Expires September 15, 2016 [Page 32]
INTERNET DRAFT draft-herbert-nvo3-ila-02 March 14, 2016
Identifiers Probability of Collision
1000 4.3368*10^-13
10000 4.3368*10^-11
100000 4.3368*10^-09
1000000 4.3368*10^-07
Note that locally unique identifiers may be ephemeral, for instance a
task may only exist for a few seconds. This should be considered when
determining the probability of identifier collision.
A.2 Universally Unique Identifiers method
For larger deployments, hierarchical allocation may be desired. The
techniques in Universally Unique Identifier (UUID) URN ([RFC4122])
can be adapted for allocating unique task identifiers in sixty bits.
An identifier is split into two components: a registrar prefix and
sub-identifier. The registrar prefix defines an identifier block
which is managed by an agent, the sub-identifier is a unique value
within the registrar block.
For instance, each host in a network could be an agent so that a task
identifier could be created on the host that initially runs a task.
The identifier might be composed of a twenty-four bit host identifier
followed by a thirty-six bit timestamp. Assuming that a host can
start up to 100 tasks per second, this allows about 21.8 years before
wrap around.
/* Task identifier with host registrar and timestamp */
|3 bits|1| 24 bits | 36 bits |
+------+-------------------+-------------------------------------+
| 0x1 |C| Host identifier | Timestamp Identifier |
+----------------------------------------------------------------+
Appendix B: Task migration considerations
B.1 Address migration
ILA facilitates address (specifically identifier) migration between
hosts as part of task migration or for other purposes. The steps in
migrating an address might be:
1) Configure address on the target host.
2) Suspend use of the address on the old host. This includes
handling established connections (see next section). A state
may be established to drop packets or send an ILA redirect when
packets to the migrated address are received.
Herbert Expires September 15, 2016 [Page 33]
INTERNET DRAFT draft-herbert-nvo3-ila-02 March 14, 2016
3) Update the identifier to locator mapping database. Depending on
the control plane implementation this may include pushing the
new mapping to hosts.
4) Communicating hosts will learn of the new mapping via a control
plane either by participation in a protocol for mapping
propagation or by the ILA redirect mechanism.
B.2 Connection migration
When a task and its addresses are migrated between machines, the
disposition of existing TCP connections needs to be considered.
The simplest course of action is to drop TCP connections across a
migration. Since migrations should be relatively rare events, it is
conceivable that TCP connections could be automatically closed in the
network stack during a migration event. If the applications running
are known to handle this gracefully (i.e. reopen dropped connections)
then this may be viable.
For seamless migration, open connections may be migrated between
hosts. Migration of these entails pausing the connection, packaging
connection state and sending to target, instantiating connection
state in the peer stack, and restarting the connection. From the time
the connection is paused to the time it is running again in the new
stack, packets received for the connection should be silently
dropped. For some period of time, the old stack will need to keep a
record of the migrated connection. If it receives a packet, it should
either silently drop the packet or forward it to the new location.
Author's Address
Tom Herbert
Facebook
1 Hacker Way
Menlo Park, CA
EMail: tom@herbertland.com
Herbert Expires September 15, 2016 [Page 34]