This document describes how to play SRv6 PSP and End.AM with a modified linux kernel, which was implemented for Interop Tokyo 2019 ShowNet.
The enhancements are:
- End.AM (Masquerading proxy)
- PSP (penultimate segment POP of the SRH) for End, End.X, and End.T
- End.AC (Caching proxy, designed in ShowNet 2019, and its detail will be presented soon)
We are currently working for brushing up patches to try upstream ;)
- kernel source: https://github.com/upa/linux/tree/seg6-shownet
- iproutee2: https://github.com/upa/iproute2/tree/seg6-shownet
To install the kernel, please follow the instructions provided by distributions you use. If you use debian-based distributions, we provide a kernel deb package http://web.sfc.wide.ad.jp/~upa/linux-image-5.1.0-rc7-seg6-shownet+_034_amd64.deb.
# on debian-based distribution,
$ wget http://web.sfc.wide.ad.jp/~upa/linux-image-5.1.0-rc7-seg6-shownet+_034_amd64.deb
$ sudo dpkg -i linux-image-5.1.0-rc7-seg6-shownet+_034_amd64.deb
$ sudo reboot
# then your machine will boot with the modified kernel.
# install the modified iproute2 that is capable of seg6local PSP and End.AM configurations.
$ sudo apt install flex bison pkg-config
$ git clone https://github.com/upa/iproute2 -b seg6-shownet
$ cd iproute2
$ ./configure
$ make
$ sudo make install
# then, the ip command is installed on /sbin/ip.
# Please use it instead of the default ip command installed on /bin/ip.
The modified iproute2 and kernel accept endflavor option for seg6local action End, End.X, and End.T.
Argument is none or psp. none means SRH is not popped, and psp means SRH is popped if updated SL is 0.
For example,
$ sudo ip -6 route add 2001:db8:6:e2:: encap seg6local action End.T table 254 endflavor psp dev ve2a
$ sudo ip -6 route add 2001:db8:6:ef:: encap seg6local action End.T table 254 endflavor none dev ve2a
$ ip -6 r s | grep seg6local
2001:db8:6:e2:: encap seg6local action End.T table 254 endflavor psp dev ve2a metric 1024 pref medium
2001:db8:6:ef:: encap seg6local action End.T table 254 endflavor none dev ve2a metric 1024 pref medium
End.AM is composed of two parts: Masquerading and De-masquerading. These two parts cannot be implemented as a single route entry, therefore, we implemented it as two seperated seg6local actions.
End.AM.E is the masquerading part (.E means Egress). IF NH = SRH & SL > 0, update the IPv6 DA with SRH[0]. It is configured by:
$ sudo ip -6 route add 2001:db8:6:1:: encap seg6local action End.AM.E oif v11a mac 0a:c3:b8:cb:8d:84 dev v11a
$ ip -6 r s | grep AM
2001:db8:6:1:: encap seg6local action End.AM.E oif v11a mac 0a:c3:b8:cb:8d:84 dev v11a metric 1024 pref medium
Masqueraded IPv6 packets are tranmistted through oif v11a to dst mac 0a:c3:b8:cb:8d:84.
End.AM.I.T is the de-masqueading part (.I means Ingress). IF NH=SRH & SL > 0, decrement SL and update the IPv6 DA with SRH[SL]. It is configured by:
$ sudo ip -6 route add table 101 default encap seg6local action End.AM.I.T table 254 dev v12a
$ ip -6 r s table 101
default encap seg6local action End.AM.I.T table 254 dev v12a metric 1024 pref medium
$ sudo ip -6 rule add iif v12a table 101
The configuration of End.AM.I.T requires two steps. Masqueraded IPv6 packets may have arbitrary destination IPv6 addresses,
which are the original destinations. Thus, we need to use ::/0 for the destination prefix of the End.AM.I.T route entry.
To isolated the default route from the default routing table (254), the End.AM.I.T route should be installed on other routing tables,
table 101 for instance in the example. In addition, use ip rule to use the table for incoming masqueraded IPv6 packets.
ip -6 rule add iif v12a table 101 means incoming IPv6 packets are processed on table 101 that has the End.AM.I.T route
as the default route. l3mdev (VRF) could achieve this isolation (but I have not tested yet).
by using these enhancements, you can play End.AM with inline SRH mode.