Skip to content

Commit

Permalink
[Sonic-HLD] Update for Fastpath design and requirements (#366)
Browse files Browse the repository at this point in the history 
* [Sonic-HLD] Update for Fastpath design and requirements (#366)
  • Loading branch information
@prsunny
prsunny authored Jul 12, 2023
1 parent ac329c8 commit fa6df8e
Show file tree
Hide file tree
Showing 2 changed files with 74 additions and 1 deletion.
5 changes: 5 additions & 0 deletions .wordlist.txt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -139,6 +139,7 @@ DemoDays
designator
DEST
dest
DestinationPort
dev
DHCP
dir
Expand Down Expand Up @@ -262,6 +263,7 @@ impactful
incrementing
inband
InbfromLB
INET
INIT
Init
initializer
Expand Down Expand Up @@ -500,6 +502,7 @@ SDK
SDKs
SDN
sdn
SequenceNumber
SetRequest
Sflow
SHA
Expand All @@ -524,6 +527,7 @@ SoCs
Sommers
SONiC
SONiC's
SourcePort
SpoofingPacket
SRC
src
Expand Down Expand Up @@ -685,6 +689,7 @@ testability
autogeneration
IpAddress
IpPrefix
Ipv
bool
uint
AclRule
Expand Down
70 changes: 69 additions & 1 deletion documentation/general/dash-sonic-hld.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -46,6 +46,7 @@
| 1.3 | 04/12/2023 | Ze Gan | AppDB protobuf design |
| 1.4 | 05/03/2023 | Prince Sunny | ACL Tagging, ACL Requirements |
| 1.5 | 05/22/2023 | Oleksandr Ivantsiv | Update configuration examples |
| 1.6 | 06/01/2023 | Prince Sunny | Added FastPath |

# About this Manual
This document provides more detailed design of DASH APIs, DASH orchestration agent, Config and APP DB Schemas and other SONiC buildimage changes required to bring up SONiC image on an appliance card. General DASH HLD can be found at [dash_hld](./dash-high-level-design.md).
Expand Down Expand Up @@ -264,6 +265,73 @@ It is possible that a given packet can get a hit in route table and/or mapping t

![dash-outbound-meter](./images/dash-hld-outbound-meter-pipeline.png)

## 2.5 FastPath

This section captures the Sonic-Dash specifics of FastPath use-case. Detailed document on FastPath is captured here ([FastPath](https://github.com/sonic-net/DASH/blob/main/documentation/load-bal-service/load-balancer-v3.md))

The following are the salient points and requirements. Detailed design for FastPath feature shall come as a separate PR. FastPath redirect packets shall be handled by a standalone application and use SAI APIs to update the appliance/dpu flows.
- FastPath kicks in when appliance receives an ICMP redirect that matches an existing unified flow
- Each ICMP redirect shall only update one side of the flow.
- ICMP packet is generated only for TCP. It is not generated for UDP traffic.
- FastPath example for Service Tunnel. *Notice that this is an example scenario and can be extended later for other packet formats*
- After the first SYN pkt, appliance shall create two flows (one Outbound and another Inbound)
- Original Outbound packet shall have an inner IPv6 header and outer IPv4 (Src VIP-A and Dst VIP-B)
- After an ICMP redirect is received from VIP-B hosting MUX, the Outbound flow shall be fixed-up to have outer IPV4 dst address to use the Redirect IP of VIP-B. Same fixup for Inbound flow to change VIP-B to Redirect IP
- After an ICMP redirect is received from VIP-A hosting MUX, the Outbound flow shall be fixed-up to have outer IPV4 src address to use the Redirect IP of VIP-A. Same fixup for Inbound flow to change VIP-A to Redirect IP
- ICMP redirect shall have the original inner IPv6 address as the IP header's src and dst address.
- Redirect info shall contain the transposed IPv6 address, src and dst ports, sequence number and the encap type (NVGRE in this case) in addition to redirect address.
```
struct
{
uint32 Reserved;
in6_addr Target;
in6_addr Destination;
            uint8 Type;
            uint8 Length;
            uint8 Reserved2[6];            
            IPV6_HEADER Ipv6Header;
            uint16 SourcePort;
            uint16 DestinationPort;
            uint32 SequenceNumber;
        } Redirect;
struct
{
uint32 Version;
uint16 AddrFamily;
uint16 EncapType;
uint32 EncapId;
union {
struct {
in_addr DipPAv4;
char VMMac[MAC_ADDR_SIZE];
} Info4;
struct {
in6_addr DipPAv6;
char VMMac[MAC_ADDR_SIZE];
} Info6;
} Redirect_Info;
```
- Implementation can use the above struct as a type-cast reference (packed as metadata in the redirect packet) and map it to a flow. Full packet capture is available in this ([doc](https://github.com/sonic-net/DASH/blob/main/documentation/load-bal-service/load-balancer-v3.md))
- Redirect packet format is as below:


|SLB IP|APPL IP|GRE|SLB MAC|VM MAC|IP|Inner Src IP|Inner Dst IP|ICMP|Target Addr|Dst Addr|Redirect Header|Custom format|
|------|-------|---|-------|------|--|------------|------------|----|-----------|--------|---------------|-------------|

- The following shall be used for translations

| Field | Mapping |
| ----------------------------- | ----------------------------- |
| VM Mac | Source ENI |
| Inner Src IP | Original Src IP |
| Inner Dst IP | Original Dst IP |
| Target Address | Original Dst IP |
| Redirect Header | Original IPv6 Header + TCP ports (5 tuple) |
| Addr Family | AF_INET/AF_INET6 |
| Encap Type | NVGRE 1/VXLAN 2 |
| Encap Id | Redirect GRE Key/ VXLAN Id |
| Custom Redirect Info | Redirect DIP and Dst Mac |

# 3 Modules Design

Expand Down Expand Up @@ -1268,7 +1336,7 @@ For the example configuration above, the following is a brief explanation of loo
h.4 Appliance shall first decapsulate the outer header and map it to a flow
h.5 Second header's dst mac shall correspond to ENI MAC, as overwritten by SLB MUX
h.6 Third header shall be the transpositioned IPv6 header
i. Note: This flow fixup shall be done when Fastpath kicks in with ICMP Redirect, and packets ingress with two headers.
i. Note: This flow fixup shall be done when FastPath kicks in with ICMP Redirect, and packets ingress with two headers.

3. Packet destined to 70.1.2.1 from 10.1.1.1:
a. LPM lookup hits for entry 70.1.2.0/24
Expand Down

0 comments on commit fa6df8e

Please sign in to comment.