• Andrea Mayer's avatar
    seg6: add VRF support for SRv6 End.DT6 behavior · 20a081b7
    Andrea Mayer authored
    SRv6 End.DT6 is defined in the SRv6 Network Programming [1].
    
    The Linux kernel already offers an implementation of the SRv6
    End.DT6 behavior which permits IPv6 L3 VPNs over SRv6 networks. This
    implementation is not particularly suitable in contexts where we need to
    deploy IPv6 L3 VPNs among different tenants which share the same network
    address schemes. The underlying problem lies in the fact that the
    current version of DT6 (called legacy DT6 from now on) needs a complex
    configuration to be applied on routers which requires ad-hoc routes and
    routing policy rules to ensure the correct isolation of tenants.
    
    Consequently, a new implementation of DT6 has been introduced with the
    aim of simplifying the construction of IPv6 L3 VPN services in the
    multi-tenant environment using SRv6 networks. To accomplish this task,
    we reused the same VRF infrastructure and SRv6 core components already
    exploited for implementing the SRv6 End.DT4 behavior.
    
    Currently the two End.DT6 implementations coexist seamlessly and can be
    used depending on the context and the user preferences. So, in order to
    support both versions of DT6 a new attribute (vrftable) has been
    introduced which allows us to differentiate the implementation of the
    behavior to be used.
    
    A SRv6 End.DT6 legacy behavior is still instantiated using a command
    like the following one:
    
     $ ip -6 route add 2001:db8::1 encap seg6local action End.DT6 table 100 dev eth0
    
    While to instantiate the SRv6 End.DT6 in VRF mode, the command is still
    pretty straight forward:
    
     $ ip -6 route add 2001:db8::1 encap seg6local action End.DT6 vrftable 100 dev eth0.
    
    Obviously as in the case of SRv6 End.DT4, the VRF strict_mode parameter
    must be set (net.vrf.strict_mode=1) and the VRF associated with table
    100 must exist.
    
    Please note that the instances of SRv6 End.DT6 legacy and End.DT6 VRF
    mode can coexist in the same system/configuration without problems.
    
    [1] https://tools.ietf.org/html/draft-ietf-spring-srv6-network-programmingSigned-off-by: default avatarAndrea Mayer <andrea.mayer@uniroma2.it>
    Signed-off-by: default avatarJakub Kicinski <kuba@kernel.org>
    20a081b7
seg6_local.c 38.5 KB