linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Carmine Scarpitta <carmine.scarpitta@uniroma2.it>
To: David Ahern <dsahern@gmail.com>
Cc: davem@davemloft.net, kuznet@ms2.inr.ac.ru,
	yoshfuji@linux-ipv6.org, kuba@kernel.org, netdev@vger.kernel.org,
	linux-kernel@vger.kernel.org, ahmed.abdelsalam@gssi.it,
	dav.lebrun@gmail.com, andrea.mayer@uniroma2.it,
	paolo.lungaroni@cnit.it, hiroki.shirokura@linecorp.com
Subject: Re: [net-next 1/2] Perform IPv4 FIB lookup in a predefined FIB table
Date: Thu, 20 Feb 2020 23:33:36 +0100	[thread overview]
Message-ID: <20200220233336.53eda87e7a76ed24317e0165@uniroma2.it> (raw)
In-Reply-To: <a39867b0-c40f-e588-6cf9-1524581bb145@gmail.com>

Hi David,

Regarding your question. 

Our use-case is more than doing lookup into a VRF. 

What we are working on a multi-tenant automated DC fabric that supports 
overlay, traffic engineering (TE) and service function chaining (SFC). 
We are leveraging the SRv6 implementation in Linux. 
 
For the overlay we leverage: 
- SRv6 T.Encaps to encapsulate both IPv4 and IPv6 traffic of the tenant 
   (T.Encaps is supported since kernel 4.10) 
- SRv6 End.DT4 to decapsulate the overlay encapsulation and does the 
lookup inside the tenants VRF (this is the only missing piece)

For TE we leverage: 
- SRv6 End and End.X functions to steer traffic through one or more midpoints
to avoid congested links, etc. (End and End.X are supported since kernel 4.14)

For SFC we leverage some network functions that supports SRv6: 
- iptables already supports matching SRv6 header since kernel 4.16. 
- There is some work in progress of adding support to nftables as well. 

On top of that we are using BGP as a control plane to advertise the VPN/Egress 
tunnel endpoints. 

Part of this is already running in production at LINE corporation [1]. 

As you can see, what is missing is having SRv6 End.DT4 supported to do 
decapsulation and VRF lookup.  

We introduced this flag to avoid duplicating the IPv4 FIB lookup code. 

For the "tbl_known" flag, we can wrap the check of the flag inside 
a "#ifdef CONFIG_IP_MULTIPLE_TABLES" directive. 
If CONFIG_IP_MULTIPLE_TABLES is not set, we won't do any check.  

Thanks, 
Carmine 


[1] https://speakerdeck.com/line_developers/line-data-center-networking-with-srv6


On Tue, 18 Feb 2020 21:29:31 -0700
David Ahern <dsahern@gmail.com> wrote:

> On 2/18/20 7:49 PM, Carmine Scarpitta wrote:
> > Hi David,
> > Thanks for the reply.
> > 
> > The problem is not related to the table lookup. Calling fib_table_lookup and then rt_dst_alloc from seg6_local.c is good.
> > 
> 
> you did not answer my question. Why do all of the existing policy
> options (mark, L3 domains, uid) to direct the lookup to the table of
> interest not work for this use case?
> 
> What you want is not unique. There are many ways to make it happen.
> Bleeding policy details to route.c and adding a flag that is always
> present and checked even when not needed (e.g.,
> CONFIG_IP_MULTIPLE_TABLES is disabled) is not the right way to do it.


-- 
Carmine Scarpitta <carmine.scarpitta@uniroma2.it>

  reply	other threads:[~2020-02-20 22:38 UTC|newest]

Thread overview: 13+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-02-13  1:09 [net-next 0/2] Add support for SRv6 End.DT4 action Carmine Scarpitta
2020-02-13  1:09 ` [net-next 1/2] Perform IPv4 FIB lookup in a predefined FIB table Carmine Scarpitta
2020-02-15 18:06   ` David Ahern
2020-02-18 23:50     ` Carmine Scarpitta
2020-02-19  1:05       ` David Ahern
2020-02-19  2:49         ` Carmine Scarpitta
2020-02-19  4:29           ` David Ahern
2020-02-20 22:33             ` Carmine Scarpitta [this message]
2020-02-21 17:31               ` David Ahern
2020-03-06 16:45             ` Ahmed Abdelsalam
2020-03-09 15:36               ` David Ahern
2020-03-10 16:26                 ` Ahmed Abdelsalam
2020-02-13  1:09 ` [net-next 2/2] Add support for SRv6 End.DT4 action Carmine Scarpitta

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20200220233336.53eda87e7a76ed24317e0165@uniroma2.it \
    --to=carmine.scarpitta@uniroma2.it \
    --cc=ahmed.abdelsalam@gssi.it \
    --cc=andrea.mayer@uniroma2.it \
    --cc=dav.lebrun@gmail.com \
    --cc=davem@davemloft.net \
    --cc=dsahern@gmail.com \
    --cc=hiroki.shirokura@linecorp.com \
    --cc=kuba@kernel.org \
    --cc=kuznet@ms2.inr.ac.ru \
    --cc=linux-kernel@vger.kernel.org \
    --cc=netdev@vger.kernel.org \
    --cc=paolo.lungaroni@cnit.it \
    --cc=yoshfuji@linux-ipv6.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).