Upload
masakazu-asama
View
649
Download
5
Embed Size (px)
DESCRIPTION
2012年12月20日にあった JANOG Softwire WG Interim Meeting での発表資料です。
Citation preview
ASAMAP Update浅間 正和 @ 有限会社 銀座堂
Maximum IPv6 packet size
• Encapsulation/Translation 後の IPv6 packet の maximum
size が 1280 byte 固定でしたが以下の command で変更できるようになりました
•
• 未設定時の default 値は 1280 です
# set interfaces map map0 ipv6-fragment-size 1500
Fragment inner IPv4 packet
• Encapsulation の時 IPv6 stack で fragment する方法しか利用できませんでしたが以下の command で IPv4
stack で fragment するか IPv6 stack で fragment するかを選択できるようになりました
•
• true を指定すると IPv4 stack で fragment します• false を指定すると IPv6 stack で fragment します• 未設定時の default 値は true です
# set interfaces map map0 ipv4-fragment-inner true
Fragment inner IPv4 packet
IPv4 Header(offset 0)
UDP Header
DATA(1~1432)
IPv6 Header40 byte
20 byte
8 byte
1432 byte
1460 byte
IPv4 Header(offset 1432)
DATA(1433~2000)
20 byte
568 byte
IPv6 Header40 byte
IPv4 Header(offset 0)
UDP Header
DATA(1~1204)
IPv6 Header40 byte
20 byte
8 byte
1204 byte
DATA(1205~2000)796 byte
IPv6 Header40 byte
IPv6 Frag Hdr(offset 0)
IPv6 Frag Hdr(offset 1232) 8 byte8 byte
1280 byte
IPv4 Header(offset 0)
UDP Header
DATA(1~1432)
IPv6 Header40 byte
20 byte
8 byte
1432 byte
1460 byte
IPv4 Header(offset 1432)DATA
(1433~1472)
20 byte
40 byte
IPv6 Header40 byte
IPv4 Header(offset 1472)
DATA(1473~2000)
20 byte
528 byte
IPv6 Header40 byte
1280 byte
IPv4 Header(offset 0)
UDP Header
DATA(1~1204)
IPv6 Header40 byte
20 byte
8 byte
1204 byte
DATA(1205~1472)268 byte
IPv6 Header40 byte
IPv6 Frag Hdr(offset 0)
IPv6 Frag Hdr(offset 1232) 8 byte8 byte
DATA(1473~2000)528 byte
IPv6 Header40 byte
IPv4 Header(offset 1472)20 byte
IPv4 Header(offset 1472)
IPv4 Header(offset 0)
UDP Header
DATA(1~1472)
DATA(1473~2000)
20 byte
8 byte
1472 byte
20 byte
528 byte
1500 byte
←これにしてます。
Fragment inner IPv4 packet
IPv4 Header(offset 0)
UDP Header
DATA(1~1432)
IPv6 Header40 byte
20 byte
8 byte
1432 byte
1460 byte
IPv4 Header(offset 1432)
DATA(1433~2000)
20 byte
568 byte
IPv6 Header40 byte
IPv4 Header(offset 0)
UDP Header
DATA(1~1204)
IPv6 Header40 byte
20 byte
8 byte
1204 byte
DATA(1205~2000)796 byte
IPv6 Header40 byte
IPv6 Frag Hdr(offset 0)
IPv6 Frag Hdr(offset 1232) 8 byte8 byte
1280 byte
IPv4 Header(offset 0)
UDP Header
DATA(1~1432)
IPv6 Header40 byte
20 byte
8 byte
1432 byte
1460 byte
IPv4 Header(offset 1432)DATA
(1433~1472)
20 byte
40 byte
IPv6 Header40 byte
IPv4 Header(offset 1472)
DATA(1473~2000)
20 byte
528 byte
IPv6 Header40 byte
1280 byte
IPv4 Header(offset 0)
UDP Header
DATA(1~1204)
IPv6 Header40 byte
20 byte
8 byte
1204 byte
DATA(1205~1472)268 byte
IPv6 Header40 byte
IPv6 Frag Hdr(offset 0)
IPv6 Frag Hdr(offset 1232) 8 byte8 byte
DATA(1473~2000)528 byte
IPv6 Header40 byte
IPv4 Header(offset 1472)20 byte
IPv4 Header(offset 1472)
IPv4 Header(offset 0)
UDP Header
DATA(1~1472)
DATA(1473~2000)
20 byte
8 byte
1472 byte
20 byte
528 byte
1500 byte
←この中から 選べます。
Fragment inner IPv4 packet
• ipv4-fragment-inner false の時の例
• ipv4-fragment-inner true の時の例
13:21:41.890828 IP6 2001:db8:100:0:ac:1001:0:8800 > 2001:db8::1: frag (0|1232) IP truncated-ip - 796 bytes missing! 172.16.1.0 > 10.1.1.11: ICMP echo request, id 10382, seq 4, length 200813:21:41.890862 IP6 2001:db8:100:0:ac:1001:0:8800 > 2001:db8::1: frag (1232|796)13:21:41.891638 IP6 2001:db8::1 > 2001:db8:100:0:ac:1001:0:8800: frag (0|1232) IP truncated-ip - 796 bytes missing! 10.1.1.11 > 172.16.1.0: ICMP echo reply, id 10382, seq 4, length 200813:21:41.891658 IP6 2001:db8::1 > 2001:db8:100:0:ac:1001:0:8800: frag (1232|796)
13:17:58.244688 IP6 2001:db8:100:0:ac:1001:0:8800 > 2001:db8::1: IP 172.16.1.0 > 10.1.1.11: ICMP echo request, id 47244, seq 32, length 121613:17:58.245059 IP6 2001:db8:100:0:ac:1001:0:8800 > 2001:db8::1: IP 172.16.1.0 > 10.1.1.11: icmp13:17:58.247150 IP6 2001:db8::1 > 2001:db8:100:0:ac:1001:0:8800: IP 10.1.1.11 > 172.16.1.0: ICMP echo reply, id 47244, seq 32, length 121613:17:58.247175 IP6 2001:db8::1 > 2001:db8:100:0:ac:1001:0:8800: IP 10.1.1.11 > 172.16.1.0: icmp
Path MTU discovery
• ICMPv6 packet too big を受け取った際に埋め込まれた MTU 値を pMTU として設定するようにしました
13:26:07.303972 IP6 2001:db8:100:0:ac:1001:0:8800 > 2001:db8::1: IP 172.16.1.0 > 10.1.1.11: ICMP echo request, id 55433, seq 2, length 144013:26:07.304019 IP6 2001:db8:100:0:ac:1001:0:8800 > 2001:db8::1: IP 172.16.1.0 > 10.1.1.11: icmp13:26:07.304926 IP6 2001:db8:ffff:ffff::1 > 2001:db8:100:0:ac:1001:0:8800: ICMP6, packet too big, mtu 1280, length 124013:26:08.310210 IP6 2001:db8:100:0:ac:1001:0:8800 > 2001:db8::1: IP 172.16.1.0 > 10.1.1.11: ICMP echo request, id 55433, seq 3, length 121613:26:08.310597 IP6 2001:db8:100:0:ac:1001:0:8800 > 2001:db8::1: IP 172.16.1.0 > 10.1.1.11: icmp13:26:08.311739 IP6 2001:db8::1 > 2001:db8:100:0:ac:1001:0:8800: IP 10.1.1.11 > 172.16.1.0: ICMP echo reply, id 55433, seq 3, length 121613:26:08.311758 IP6 2001:db8::1 > 2001:db8:100:0:ac:1001:0:8800: IP 10.1.1.11 > 172.16.1.0: icmp
MAP 1:15.2. Basic mapping rule (BMR)
| n bits | o bits | s bits | 128-n-o-s bits | +--------------------+-----------+---------+------------+----------+ | Rule IPv6 prefix | EA bits |subnet ID| interface ID | +--------------------+-----------+---------+-----------------------+ |<--- End-user IPv6 prefix --->|
Figure 3: IPv6 address format... snip ... Shared IPv4 address:
| r bits | p bits | | q bits | +-------------+---------------------+ +------------+ | Rule IPv4 | IPv4 Address suffix | |Port-Set ID | +-------------+---------------------+ +------------+ | 32 bits |
Figure 4: Shared IPv4 address... snip ... The length of r MAY be 32, with no part of the IPv4 address embedded in the EA bits. This results in a mapping with no dependence between the IPv4 address and the IPv6 address. In addition the length of o MAY be zero (no EA bits embedded in the End-User IPv6 prefix), meaning that also the PSID is provisioned using e.g. the DHCP option.
MAP 1:1
Rule IPv6 prefix
Rule IPv4 prefix PSID
EA bits
Rule IPv6 prefix
Rule IPv4 prefix PSID
EAbits
↑ Rule PSID prefix?
MAP 1:1
• Rule IPv4 prefix が /32 の時に限り Rule PSID prefix として PSID の一部を設定出来るようにしました• その上で EA bits length が 0 の場合は MAP 1:1 として利用することができます
# set interfaces map map0 rule 1 ipv6-prefix 2001:db8:1234::/48# set interfaces map map0 rule 1 ipv4-prefix 192.0.2.18/32# set interfaces map map0 rule 1 psid-prefix 0x34/8# set interfaces map map0 rule 1 ea-length 0
# set interfaces map map0 rule 2 ipv6-prefix 2001:db8:5678::/48# set interfaces map map0 rule 2 ipv4-prefix 192.0.2.18/32# set interfaces map map0 rule 2 psid-prefix 0x56/8# set interfaces map map0 rule 2 ea-length 0
# set interfaces map map0 rule 3 ...
MAP 1:1struct map_rule *map_rule_find_by_ipv6addr(struct map *m, struct in6_addr *ipv6addr){ struct map_rule *mr = NULL, *tmp; read_lock(&m->rule_lock); list_for_each_entry (tmp, &m->rule_list, list) { if (ipv6_prefix_equal(&tmp->p.ipv6_prefix, ipv6addr, tmp->p.ipv6_prefix_length)) { if (!mr || (tmp->p.ipv6_prefix_length > mr->p.ipv6_prefix_length)) mr = tmp; } } read_unlock(&m->rule_lock); return mr;}
n 個の Mapping Rule に対してO(n) の計算量!!!
0kpps
200kpps
400kpps
600kpps
800kpps
1,000kpps
1,200kpps
1 16 256 4096
IPv6 → IPv4 pps 64 byte packet
Installed Mapping Rules
Radix tree for IPv6 addr. and IPv4 addr. + PSID
• IPv6 → IPv4 変換時の探索用に Rule IPv6 prefix から、
IPv4 → IPv6 変換時の探索用に Rule IPv4 prefix と Rule
PSID prefix から、それぞれ Radix tree を生成することで Mapping Rule の探索を高速化しました
Mapping Rule の数に依らずO(k) の計算量!!!
※ IPv6 addr. からの探索の場合: k = max(Rule IPv6 prefix length)
※ IPv4 addr. + port num. からの探索の場合: k = max(Rule IPv4 prefix length + Rule PSID prefix length)
0kpps
200kpps
400kpps
600kpps
800kpps
1,000kpps
1,200kpps
1 16 256 4096
IPv6 → IPv4 pps 64 byte packet
Installed Mapping Rules
List Tree
0kpps
200kpps
400kpps
600kpps
800kpps
1,000kpps
1,200kpps
1 16 256 4096
IPv6 → IPv4 pps 64 byte packet
Installed Mapping Rules
List Tree
0kpps
200kpps
400kpps
600kpps
800kpps
1,000kpps
1,200kpps
1 16 256 4096
IPv4 → IPv6 pps 64 byte packet
Installed Mapping Rules
List Tree
0Mbps
1,000Mbps
2,000Mbps
3,000Mbps
4,000Mbps
5,000Mbps
6,000Mbps
7,000Mbps
8,000Mbps
9,000Mbps
10,000Mbps
1 16 256 4096
IPv6 → IPv4 bps 1478 byte packet
Installed Mapping Rules
List Tree
0Mbps
1,000Mbps
2,000Mbps
3,000Mbps
4,000Mbps
5,000Mbps
6,000Mbps
7,000Mbps
8,000Mbps
9,000Mbps
10,000Mbps
1 16 256 4096
IPv4 → IPv6 bps 1478 byte packet
Installed Mapping Rules
List Tree
PSID et cetera
• こんなときどうする?
• 現状は psid-length の長いものが採用される• 明らかに miss configuration 状態なので rule 2 を reject
すべき?
# set interfaces map map0 rule 1 ea-length 0# set interfaces map map0 rule 1 ipv4-prefix 192.0.2.18/32# set interfaces map map0 rule 1 ipv6-prefix 2001:db8:100::/64# set interfaces map map0 rule 1 psid 0x23# set interfaces map map0 rule 1 psid-length 8# set interfaces map map0 rule 1 psid-offset 4
# set interfaces map map0 rule 2 ea-length 0# set interfaces map map0 rule 2 ipv4-prefix 192.0.2.18/32# set interfaces map map0 rule 2 ipv6-prefix 2001:db8:200::/64# set interfaces map map0 rule 2 psid 0x234# set interfaces map map0 rule 2 psid-length 12# set interfaces map map0 rule 2 psid-offset 4
PSID et cetera
• こんなときどうする?
• 現状は psid-offset の小さいものが採用される• 明らかに miss configuration 状態なので rule 2 を reject
すべき?
# set interfaces map map0 rule 1 ea-length 0# set interfaces map map0 rule 1 ipv4-prefix 192.0.2.18/32# set interfaces map map0 rule 1 ipv6-prefix 2001:db8:100::/64# set interfaces map map0 rule 1 psid 0x12# set interfaces map map0 rule 1 psid-length 8# set interfaces map map0 rule 1 psid-offset 0
# set interfaces map map0 rule 2 ea-length 0# set interfaces map map0 rule 2 ipv4-prefix 192.0.2.18/32# set interfaces map map0 rule 2 ipv6-prefix 2001:db8:200::/64# set interfaces map map0 rule 2 psid 0x23# set interfaces map map0 rule 2 psid-length 8# set interfaces map map0 rule 2 psid-offset 4
PSID et cetera
192.0.2.18/32
192.0.2.18:0x12/40
192.0.2.18:0x34/40
192.0.2.18:0x89/40
192.0.2.18:0xab/40
192.0.2.18:0x0/34
192.0.2.18:0x8/34
192.0.2.137/32
192.0.2.0/24
192.0.137.0/24
192.0.0.0/16
Node w/ Mapping Rule
Node w/o Mapping Rule
PSID offset # of Mapping Rule
0 1
1 0
: :
4 4
: :
16 0
まとめ?• Encapsulation/Translation 後の IPv6 packet の maximum
size の変更に対応しました• IPv4 stack での fragment に対応しました• Path MTU discovery に対応しました• MAP 1:1 に対応しました
• 質問☞ Path MTU discovery は実施すべき?
☞ MAP 1:1 どうします? PSID の重複対策は?
☞ PSID offset って Mapping Rule 毎に必要?
0Mbps
500Mbps
1,000Mbps
1,500Mbps
2,000Mbps
2,500Mbps
3,000Mbps
3,500Mbps
4,000Mbps
4,500Mbps
5,000Mbps
64 128 256 512 1024 1280 1472
IPv4 → IPv6 bps
IPv4 Packet Size [byte]
List 1-Rules List 16-Rules List 256-Rules List 4096-RulesTree 1-Rules Tree 16-Rules Tree 256-Rules Tree 4096-Rules
0Mbps
1,000Mbps
2,000Mbps
3,000Mbps
4,000Mbps
5,000Mbps
6,000Mbps
7,000Mbps
8,000Mbps
9,000Mbps
10,000Mbps
64 128 256 512 1024 1280 1472
IPv6 → IPv4 bps
IPv4 Packet Size [byte]
List 1-Rules List 16-Rules List 256-Rules List 4096-RulesTree 1-Rules Tree 16-Rules Tree 256-Rules Tree 4096-Rules
0Mbps
1,000Mbps
2,000Mbps
3,000Mbps
4,000Mbps
5,000Mbps
6,000Mbps
7,000Mbps
8,000Mbps
9,000Mbps
10,000Mbps
1 16 256 4096
IPv4 → IPv6 bps 1478 byte packet
Installed Mapping Rules
List Tree
0Mbps
1,000Mbps
2,000Mbps
3,000Mbps
4,000Mbps
5,000Mbps
6,000Mbps
7,000Mbps
8,000Mbps
9,000Mbps
10,000Mbps
1 16 256 4096
IPv6 → IPv4 bps 1478 byte packet
Installed Mapping Rules
List Tree
0kpps
50kpps
100kpps
150kpps
200kpps
250kpps
300kpps
350kpps
400kpps
64 128 256 512 1024 1280 1472
IPv4 → IPv6 pps
IPv4 Packet Size [byte]
List 1-Rules List 16-Rules List 256-Rules List 4096-RulesTree 1-Rules Tree 16-Rules Tree 256-Rules Tree 4096-Rules
0kpps
250kpps
500kpps
750kpps
1,000kpps
1,250kpps
1,500kpps
64 128 256 512 1024 1280 1472
IPv6 → IPv4 pps
IPv4 Packet Size [byte]
List 1-Rules List 16-Rules List 256-Rules List 4096-RulesTree 1-Rules Tree 16-Rules Tree 256-Rules Tree 4096-Rules
0kpps
200kpps
400kpps
600kpps
800kpps
1,000kpps
1,200kpps
1 16 256 4096
IPv4 → IPv6 pps 64 byte packet
Installed Mapping Rules
List Tree
0kpps
200kpps
400kpps
600kpps
800kpps
1,000kpps
1,200kpps
1 16 256 4096
IPv6 → IPv4 pps 64 byte packet
Installed Mapping Rules
List Tree