Merge pull request #186 from zvfvrv/srv6-dev

Support SRv6

Author: sknat

Makefile

@@ -64,6 +64,11 @@ load-images:
 test-install-calicovpp:
 	kubectl apply -k yaml/overlays/test-vagrant
 
+# Allows to simply run calico-vpp from release images in a test cluster with SRv6 configured
+.PHONY: test-install-calicovpp-srv6
+test-install-calicovpp-srv6:
+	kubectl kustomize yaml/overlays/test-vagrant-srv6 | kubectl apply -f -
+
 # Allows to run calico-vpp in a test cluster with locally-built binaries for dev / debug
 .PHONY: test-install-calicovpp-dev
 test-install-calicovpp-dev:
@@ -77,6 +82,10 @@ test-install-calicovpp-v6:
 test-install-calicovpp-dev-v6:
 	kubectl apply -k yaml/overlays/test-vagrant-v6-mounts
 
+.PHONY: test-install-calicovpp-dev-srv6
+test-install-calicovpp-dev-srv6:
+	kubectl kustomize yaml/overlays/test-vagrant-srv6-mounts | kubectl apply -f -
+
 .PHONY: run-tests
 run-tests:
 	test/scripts/test.sh up iperf v4

calico-vpp-agent/Makefile

@@ -40,4 +40,4 @@ dev: build gobgp
 	docker build -t calicovpp/agent:$(TAG) .
 
 proto:
-	$(MAKE) -C proto $@
+	$(MAKE) -C proto $@

calico-vpp-agent/config/config.go

@@ -59,6 +59,9 @@ const (
 	IpsecNbAsyncCryptoThEnvVar = "CALICOVPP_IPSEC_NB_ASYNC_CRYPTO_THREAD"
 	LogLevelEnvVar             = "CALICO_LOG_LEVEL"
 	ServicePrefixEnvVar        = "SERVICE_PREFIX"
+	EnableSRv6EnvVar           = "CALICOVPP_SRV6_ENABLED"
+	SRv6LocalsidPoolEnvVar     = "CALICOVPP_SR_LS_POOL"
+	SRv6PolicyPoolEnvVar       = "CALICOVPP_SR_POLICY_POOL"
 
 	MemifSocketName      = "@vpp/memif"
 	DefaultVXLANVni      = 4096
@@ -80,6 +83,7 @@ var (
 	EnableServices           = true
 	EnablePolicies           = true
 	EnableIPSec              = false
+	EnableSRv6               = false
 	IpsecAddressCount        = 1
 	CrossIpsecTunnels        = false
 	IPSecIkev2Psk            = ""
@@ -93,6 +97,8 @@ var (
 	HostMtu                  int = 0
 	PodMtu                   int = 0
 	IpsecNbAsyncCryptoThread int = 0
+	SRv6policyIPPool             = ""
+	SRv6localSidIPPool           = ""
 
 	felixConfigReceived = false
 	felixConfigChan     = make(chan struct{})
@@ -126,6 +132,7 @@ func PrintAgentConfig(log *logrus.Logger) {
 	log.Infof("Config:HostMtu           %d", HostMtu)
 	log.Infof("Config:PodMtu            %d", PodMtu)
 	log.Infof("Config:IpsecNbAsyncCryptoThread  %d", IpsecNbAsyncCryptoThread)
+	log.Infof("Config:EnableSRv6        %t", EnableSRv6)
 }
 
 var supportedEnvVars map[string]bool
@@ -290,6 +297,22 @@ func LoadConfig(log *logrus.Logger) (err error) {
 		}
 	}
 
+	if conf := getEnvValue(EnableSRv6EnvVar); conf != "" {
+		enableSRv6, err := strconv.ParseBool(conf)
+		if err != nil {
+			return fmt.Errorf("Invalid %s configuration: %s parses to %v err %v", EnableSRv6EnvVar, conf, enableSRv6, err)
+		}
+		EnableSRv6 = enableSRv6
+	}
+
+	if conf := getEnvValue(SRv6PolicyPoolEnvVar); conf != "" {
+		SRv6policyIPPool = conf
+	}
+
+	if conf := getEnvValue(SRv6LocalsidPoolEnvVar); conf != "" {
+		SRv6localSidIPPool = conf
+	}
+
 	psk := getEnvValue(IPSecIkev2PskEnvVar)
 	if EnableIPSec && psk == "" {
 		return errors.New("IKEv2 PSK not configured: nothing found in CALICOVPP_IPSEC_IKEV2_PSK environment variable")

calico-vpp-agent/routing/common/common.go

@@ -28,7 +28,10 @@ import (
 	oldv3 "github.com/projectcalico/libcalico-go/lib/apis/v3"
 	calicocli "github.com/projectcalico/libcalico-go/lib/client"
 	calicov3cli "github.com/projectcalico/libcalico-go/lib/clientv3"
+	"github.com/projectcalico/vpp-dataplane/calico-vpp-agent/config"
 	"github.com/projectcalico/vpp-dataplane/vpplink"
+	"github.com/projectcalico/vpp-dataplane/vpplink/types"
+	"google.golang.org/protobuf/types/known/anypb"
 )
 
 const (
@@ -39,7 +42,9 @@ const (
 
 var (
 	BgpFamilyUnicastIPv4 = bgpapi.Family{Afi: bgpapi.Family_AFI_IP, Safi: bgpapi.Family_SAFI_UNICAST}
+	BgpFamilySRv6IPv4    = bgpapi.Family{Afi: bgpapi.Family_AFI_IP, Safi: bgpapi.Family_SAFI_SR_POLICY}
 	BgpFamilyUnicastIPv6 = bgpapi.Family{Afi: bgpapi.Family_AFI_IP6, Safi: bgpapi.Family_SAFI_UNICAST}
+	BgpFamilySRv6IPv6    = bgpapi.Family{Afi: bgpapi.Family_AFI_IP6, Safi: bgpapi.Family_SAFI_SR_POLICY}
 )
 
 // Data managed by the routing server and
@@ -115,9 +120,17 @@ func MakePath(prefix string, isWithdrawal bool, nodeIpv4 net.IP, nodeIpv6 net.IP
 
 	if v4 {
 		family = &BgpFamilyUnicastIPv4
-		nhAttr, err := ptypes.MarshalAny(&bgpapi.NextHopAttribute{
-			NextHop: nodeIpv4.String(),
-		})
+		var nhAttr *anypb.Any
+
+		if config.EnableSRv6 {
+			nhAttr, err = ptypes.MarshalAny(&bgpapi.NextHopAttribute{
+				NextHop: nodeIpv6.String(),
+			})
+		} else {
+			nhAttr, err = ptypes.MarshalAny(&bgpapi.NextHopAttribute{
+				NextHop: nodeIpv4.String(),
+			})
+		}
 		if err != nil {
 			return nil, err
 		}
@@ -147,6 +160,111 @@ func MakePath(prefix string, isWithdrawal bool, nodeIpv4 net.IP, nodeIpv6 net.IP
 	}, nil
 }
 
+func MakePathSRv6Tunnel(localSid net.IP, bSid net.IP, nodeIpv6 net.IP, trafficType int, isWithdrawal bool) (*bgpapi.Path, error) {
+	originAttr, err := ptypes.MarshalAny(&bgpapi.OriginAttribute{Origin: 0})
+	if err != nil {
+		return nil, err
+	}
+	attrs := []*any.Any{originAttr}
+
+	var family *bgpapi.Family
+	var nodeIP = nodeIpv6
+	var epbs = &bgpapi.SRv6EndPointBehavior{}
+	family = &BgpFamilySRv6IPv6
+	if trafficType == 4 {
+		epbs.Behavior = bgpapi.SRv6Behavior_END_DT4
+	} else {
+		epbs.Behavior = bgpapi.SRv6Behavior_END_DT6
+	}
+
+	nlrisr, err := ptypes.MarshalAny(&bgpapi.SRPolicyNLRI{
+		Length:   192,
+		Endpoint: nodeIP,
+	})
+
+	if err != nil {
+		return nil, err
+	}
+	nhAttr, err := ptypes.MarshalAny(&bgpapi.NextHopAttribute{
+		NextHop: nodeIP.String(),
+	})
+	if err != nil {
+		return nil, err
+	}
+	attrs = append(attrs, nhAttr)
+
+	sid, err := ptypes.MarshalAny(&bgpapi.SRBindingSID{
+		SFlag: true,
+		IFlag: false,
+		Sid:   bSid,
+	})
+
+	if err != nil {
+		return nil, err
+	}
+	bsid, err := ptypes.MarshalAny(&bgpapi.TunnelEncapSubTLVSRBindingSID{
+		Bsid: sid,
+	})
+	if err != nil {
+		return nil, err
+	}
+
+	segment, err := ptypes.MarshalAny(&bgpapi.SegmentTypeB{
+		Flags:                     &bgpapi.SegmentFlags{SFlag: true},
+		Sid:                       localSid,
+		EndpointBehaviorStructure: epbs,
+	})
+	if err != nil {
+		return nil, err
+	}
+	seglist, err := ptypes.MarshalAny(&bgpapi.TunnelEncapSubTLVSRSegmentList{
+		Weight: &bgpapi.SRWeight{
+			Flags:  0,
+			Weight: 12,
+		},
+		Segments: []*any.Any{segment},
+	})
+	if err != nil {
+		return nil, err
+	}
+	pref, err := ptypes.MarshalAny(&bgpapi.TunnelEncapSubTLVSRPreference{
+		Flags:      0,
+		Preference: 11,
+	})
+	if err != nil {
+		return nil, err
+	}
+
+	pri, err := ptypes.MarshalAny(&bgpapi.TunnelEncapSubTLVSRPriority{
+		Priority: 10,
+	})
+	if err != nil {
+		return nil, err
+	}
+	// Tunnel Encapsulation attribute for SR Policy
+	tun, err := ptypes.MarshalAny(&bgpapi.TunnelEncapAttribute{
+		Tlvs: []*bgpapi.TunnelEncapTLV{
+			{
+				Type: 15,
+				Tlvs: []*anypb.Any{bsid, seglist, pref, pri},
+			},
+		},
+	})
+	if err != nil {
+		return nil, err
+	}
+	attrs = append(attrs, tun)
+
+	return &bgpapi.Path{
+		Nlri:       nlrisr,
+		IsWithdraw: isWithdrawal,
+		Pattrs:     attrs,
+		Age:        ptypes.TimestampNow(),
+		Family:     family,
+	}, nil
+
+}
+
 type ChangeType int
 
 const (
@@ -181,6 +299,8 @@ const (
 	RescanState        ConnectivityEventType = "RescanState"
 	ConnectivtyAdded   ConnectivityEventType = "ConnectivtyAdded"
 	ConnectivtyDeleted ConnectivityEventType = "ConnectivtyDeleted"
+	SRv6PolicyAdded    ConnectivityEventType = "SRv6PolicyAdded"
+	SRv6PolicyDeleted  ConnectivityEventType = "SRv6PolicyDeleted"
 )
 
 type ConnectivityEvent struct {
@@ -194,8 +314,18 @@ type NodeConnectivity struct {
 	Dst              net.IPNet
 	NextHop          net.IP
 	ResolvedProvider string
+	Custom           interface{}
 }
 
 func (cn *NodeConnectivity) String() string {
 	return fmt.Sprintf("%s-%s", cn.Dst.String(), cn.NextHop.String())
 }
+
+type SRv6Tunnel struct {
+	Dst      net.IP
+	Bsid     net.IP
+	Policy   *types.SrPolicy
+	Sid      net.IP
+	Behavior uint8
+	Priority uint32
+}

calico-vpp-agent/routing/connectivity/connectivity.go

@@ -32,6 +32,7 @@ const (
 	VXLAN     = "vxlan"
 	IPIP      = "ipip"
 	WIREGUARD = "wireguard"
+	SRv6      = "srv6"
 )
 
 type ConnectivityProviderData struct {

calico-vpp-agent/routing/connectivity/connectivity_server.go

@@ -19,6 +19,7 @@ import (
 	"net"
 
 	calicov3 "github.com/projectcalico/api/pkg/apis/projectcalico/v3"
+	"github.com/projectcalico/vpp-dataplane/calico-vpp-agent/config"
 	"github.com/projectcalico/vpp-dataplane/calico-vpp-agent/routing/common"
 	"github.com/projectcalico/vpp-dataplane/calico-vpp-agent/routing/watchers"
 	"github.com/sirupsen/logrus"
@@ -72,6 +73,7 @@ func NewConnectivityServer(routingData *common.RoutingData,
 	server.providers[IPSEC] = NewIPsecProvider(providerData)
 	server.providers[VXLAN] = NewVXLanProvider(providerData)
 	server.providers[WIREGUARD] = NewWireguardProvider(providerData)
+	server.providers[SRv6] = NewSRv6Provider(providerData)
 
 	server.TunnelChangeChan = providerData.tunnelChangeChan
 
@@ -182,13 +184,29 @@ func (s *ConnectivityServer) ServeConnectivity() error {
 				s.log.Infof("VXLAN/IPIPMode Changed")
 				s.updateAllIPConnectivity()
 			}
+		case common.SRv6PolicyAdded:
+			new := evt.New.(*common.NodeConnectivity)
+
+			err := s.updateSRv6Policy(new, false /* isWithdraw */)
+			if err != nil {
+				s.log.Errorf("Error while adding SRv6 Policy %s", err)
+			}
+		case common.SRv6PolicyDeleted:
+			old := evt.Old.(*common.NodeConnectivity)
+			err := s.updateSRv6Policy(old, true /* isWithdraw */)
+			if err != nil {
+				s.log.Errorf("Error while deleting SRv6 Policy %s", err)
+			}
 		}
 	}
 	return nil
 }
 
 func (s *ConnectivityServer) getProviderType(cn *common.NodeConnectivity) string {
 	ipPool := s.ipam.GetPrefixIPPool(&cn.Dst)
+	if config.EnableSRv6 {
+		return SRv6
+	}
 	if ipPool == nil {
 		return FLAT
 	}
@@ -259,3 +277,14 @@ func (s *ConnectivityServer) updateIPConnectivity(cn *common.NodeConnectivity, I
 		}
 	}
 }
+
+func (s *ConnectivityServer) updateSRv6Policy(cn *common.NodeConnectivity, IsWithdraw bool) (err error) {
+	s.log.Infof("updateSRv6Policy")
+	providerType := SRv6
+	if IsWithdraw {
+		err = s.providers[providerType].DelConnectivity(cn)
+	} else {
+		err = s.providers[providerType].AddConnectivity(cn)
+	}
+	return err
+}