mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/chenhuacai/linux-loongson
synced 2025-08-27 15:36:48 +00:00
03dc03fa04
tl;dr
=====
Add a new neighbor flag ("extern_valid") that can be used to indicate to
the kernel that a neighbor entry was learned and determined to be valid
externally. The kernel will not try to remove or invalidate such an
entry, leaving these decisions to the user space control plane. This is
needed for EVPN multi-homing where a neighbor entry for a multi-homed
host needs to be synced across all the VTEPs among which the host is
multi-homed.
Background
==========
In a typical EVPN multi-homing setup each host is multi-homed using a
set of links called ES (Ethernet Segment, i.e., LAG) to multiple leaf
switches (VTEPs). VTEPs that are connected to the same ES are called ES
peers.
When a neighbor entry is learned on a VTEP, it is distributed to both ES
peers and remote VTEPs using EVPN MAC/IP advertisement routes. ES peers
use the neighbor entry when routing traffic towards the multi-homed host
and remote VTEPs use it for ARP/NS suppression.
Motivation
==========
If the ES link between a host and the VTEP on which the neighbor entry
was locally learned goes down, the EVPN MAC/IP advertisement route will
be withdrawn and the neighbor entries will be removed from both ES peers
and remote VTEPs. Routing towards the multi-homed host and ARP/NS
suppression can fail until another ES peer locally learns the neighbor
entry and distributes it via an EVPN MAC/IP advertisement route.
"draft-rbickhart-evpn-ip-mac-proxy-adv-03" [1] suggests avoiding these
intermittent failures by having the ES peers install the neighbor
entries as before, but also injecting EVPN MAC/IP advertisement routes
with a proxy indication. When the previously mentioned ES link goes down
and the original EVPN MAC/IP advertisement route is withdrawn, the ES
peers will not withdraw their neighbor entries, but instead start aging
timers for the proxy indication.
If an ES peer locally learns the neighbor entry (i.e., it becomes
"reachable"), it will restart its aging timer for the entry and emit an
EVPN MAC/IP advertisement route without a proxy indication. An ES peer
will stop its aging timer for the proxy indication if it observes the
removal of the proxy indication from at least one of the ES peers
advertising the entry.
In the event that the aging timer for the proxy indication expired, an
ES peer will withdraw its EVPN MAC/IP advertisement route. If the timer
expired on all ES peers and they all withdrew their proxy
advertisements, the neighbor entry will be completely removed from the
EVPN fabric.
Implementation
==============
In the above scheme, when the control plane (e.g., FRR) advertises a
neighbor entry with a proxy indication, it expects the corresponding
entry in the data plane (i.e., the kernel) to remain valid and not be
removed due to garbage collection or loss of carrier. The control plane
also expects the kernel to notify it if the entry was learned locally
(i.e., became "reachable") so that it will remove the proxy indication
from the EVPN MAC/IP advertisement route. That is why these entries
cannot be programmed with dummy states such as "permanent" or "noarp".
Instead, add a new neighbor flag ("extern_valid") which indicates that
the entry was learned and determined to be valid externally and should
not be removed or invalidated by the kernel. The kernel can probe the
entry and notify user space when it becomes "reachable" (it is initially
installed as "stale"). However, if the kernel does not receive a
confirmation, have it return the entry to the "stale" state instead of
the "failed" state.
In other words, an entry marked with the "extern_valid" flag behaves
like any other dynamically learned entry other than the fact that the
kernel cannot remove or invalidate it.
One can argue that the "extern_valid" flag should not prevent garbage
collection and that instead a neighbor entry should be programmed with
both the "extern_valid" and "extern_learn" flags. There are two reasons
for not doing that:
1. Unclear why a control plane would like to program an entry that the
kernel cannot invalidate but can completely remove.
2. The "extern_learn" flag is used by FRR for neighbor entries learned
on remote VTEPs (for ARP/NS suppression) whereas here we are
concerned with local entries. This distinction is currently irrelevant
for the kernel, but might be relevant in the future.
Given that the flag only makes sense when the neighbor has a valid
state, reject attempts to add a neighbor with an invalid state and with
this flag set. For example:
# ip neigh add 192.0.2.1 nud none dev br0.10 extern_valid
Error: Cannot create externally validated neighbor with an invalid state.
# ip neigh add 192.0.2.1 lladdr 00:11:22:33:44:55 nud stale dev br0.10 extern_valid
# ip neigh replace 192.0.2.1 nud failed dev br0.10 extern_valid
Error: Cannot mark neighbor as externally validated with an invalid state.
The above means that a neighbor cannot be created with the
"extern_valid" flag and flags such as "use" or "managed" as they result
in a neighbor being created with an invalid state ("none") and
immediately getting probed:
# ip neigh add 192.0.2.1 lladdr 00:11:22:33:44:55 nud stale dev br0.10 extern_valid use
Error: Cannot create externally validated neighbor with an invalid state.
However, these flags can be used together with "extern_valid" after the
neighbor was created with a valid state:
# ip neigh add 192.0.2.1 lladdr 00:11:22:33:44:55 nud stale dev br0.10 extern_valid
# ip neigh replace 192.0.2.1 lladdr 00:11:22:33:44:55 nud stale dev br0.10 extern_valid use
One consequence of preventing the kernel from invalidating a neighbor
entry is that by default it will only try to determine reachability
using unicast probes. This can be changed using the "mcast_resolicit"
sysctl:
# sysctl net.ipv4.neigh.br0/10.mcast_resolicit
0
# tcpdump -nn -e -i br0.10 -Q out arp &
# ip neigh replace 192.0.2.1 lladdr 00:11:22:33:44:55 nud stale dev br0.10 extern_valid use
62:50:1d:11:93:6f > 00:11:22:33:44:55, ethertype ARP (0x0806), length 42: Request who-has 192.0.2.1 tell 192.0.2.2, length 28
62:50:1d:11:93:6f > 00:11:22:33:44:55, ethertype ARP (0x0806), length 42: Request who-has 192.0.2.1 tell 192.0.2.2, length 28
62:50:1d:11:93:6f > 00:11:22:33:44:55, ethertype ARP (0x0806), length 42: Request who-has 192.0.2.1 tell 192.0.2.2, length 28
# sysctl -wq net.ipv4.neigh.br0/10.mcast_resolicit=3
# ip neigh replace 192.0.2.1 lladdr 00:11:22:33:44:55 nud stale dev br0.10 extern_valid use
62:50:1d:11:93:6f > 00:11:22:33:44:55, ethertype ARP (0x0806), length 42: Request who-has 192.0.2.1 tell 192.0.2.2, length 28
62:50:1d:11:93:6f > 00:11:22:33:44:55, ethertype ARP (0x0806), length 42: Request who-has 192.0.2.1 tell 192.0.2.2, length 28
62:50:1d:11:93:6f > 00:11:22:33:44:55, ethertype ARP (0x0806), length 42: Request who-has 192.0.2.1 tell 192.0.2.2, length 28
62:50:1d:11:93:6f > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 42: Request who-has 192.0.2.1 tell 192.0.2.2, length 28
62:50:1d:11:93:6f > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 42: Request who-has 192.0.2.1 tell 192.0.2.2, length 28
62:50:1d:11:93:6f > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 42: Request who-has 192.0.2.1 tell 192.0.2.2, length 28
iproute2 patches can be found here [2].
[1] https://datatracker.ietf.org/doc/html/draft-rbickhart-evpn-ip-mac-proxy-adv-03
[2] https://github.com/idosch/iproute2/tree/submit/extern_valid_v1
Signed-off-by: Ido Schimmel <idosch@nvidia.com>
Acked-by: Daniel Borkmann <daniel@iogearbox.net>
Link: https://patch.msgid.link/20250626073111.244534-2-idosch@nvidia.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
230 lines
6.2 KiB
C
230 lines
6.2 KiB
C
/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
|
|
#ifndef _UAPI__LINUX_NEIGHBOUR_H
|
|
#define _UAPI__LINUX_NEIGHBOUR_H
|
|
|
|
#include <linux/types.h>
|
|
#include <linux/netlink.h>
|
|
|
|
struct ndmsg {
|
|
__u8 ndm_family;
|
|
__u8 ndm_pad1;
|
|
__u16 ndm_pad2;
|
|
__s32 ndm_ifindex;
|
|
__u16 ndm_state;
|
|
__u8 ndm_flags;
|
|
__u8 ndm_type;
|
|
};
|
|
|
|
enum {
|
|
NDA_UNSPEC,
|
|
NDA_DST,
|
|
NDA_LLADDR,
|
|
NDA_CACHEINFO,
|
|
NDA_PROBES,
|
|
NDA_VLAN,
|
|
NDA_PORT,
|
|
NDA_VNI,
|
|
NDA_IFINDEX,
|
|
NDA_MASTER,
|
|
NDA_LINK_NETNSID,
|
|
NDA_SRC_VNI,
|
|
NDA_PROTOCOL, /* Originator of entry */
|
|
NDA_NH_ID,
|
|
NDA_FDB_EXT_ATTRS,
|
|
NDA_FLAGS_EXT,
|
|
NDA_NDM_STATE_MASK,
|
|
NDA_NDM_FLAGS_MASK,
|
|
__NDA_MAX
|
|
};
|
|
|
|
#define NDA_MAX (__NDA_MAX - 1)
|
|
|
|
/*
|
|
* Neighbor Cache Entry Flags
|
|
*/
|
|
|
|
#define NTF_USE (1 << 0)
|
|
#define NTF_SELF (1 << 1)
|
|
#define NTF_MASTER (1 << 2)
|
|
#define NTF_PROXY (1 << 3) /* == ATF_PUBL */
|
|
#define NTF_EXT_LEARNED (1 << 4)
|
|
#define NTF_OFFLOADED (1 << 5)
|
|
#define NTF_STICKY (1 << 6)
|
|
#define NTF_ROUTER (1 << 7)
|
|
/* Extended flags under NDA_FLAGS_EXT: */
|
|
#define NTF_EXT_MANAGED (1 << 0)
|
|
#define NTF_EXT_LOCKED (1 << 1)
|
|
#define NTF_EXT_EXT_VALIDATED (1 << 2)
|
|
|
|
/*
|
|
* Neighbor Cache Entry States.
|
|
*/
|
|
|
|
#define NUD_INCOMPLETE 0x01
|
|
#define NUD_REACHABLE 0x02
|
|
#define NUD_STALE 0x04
|
|
#define NUD_DELAY 0x08
|
|
#define NUD_PROBE 0x10
|
|
#define NUD_FAILED 0x20
|
|
|
|
/* Dummy states */
|
|
#define NUD_NOARP 0x40
|
|
#define NUD_PERMANENT 0x80
|
|
#define NUD_NONE 0x00
|
|
|
|
/* NUD_NOARP & NUD_PERMANENT are pseudostates, they never change and make no
|
|
* address resolution or NUD.
|
|
*
|
|
* NUD_PERMANENT also cannot be deleted by garbage collectors. This holds true
|
|
* for dynamic entries with NTF_EXT_LEARNED flag as well. However, upon carrier
|
|
* down event, NUD_PERMANENT entries are not flushed whereas NTF_EXT_LEARNED
|
|
* flagged entries explicitly are (which is also consistent with the routing
|
|
* subsystem).
|
|
*
|
|
* When NTF_EXT_LEARNED is set for a bridge fdb entry the different cache entry
|
|
* states don't make sense and thus are ignored. Such entries don't age and
|
|
* can roam.
|
|
*
|
|
* NTF_EXT_MANAGED flagged neigbor entries are managed by the kernel on behalf
|
|
* of a user space control plane, and automatically refreshed so that (if
|
|
* possible) they remain in NUD_REACHABLE state.
|
|
*
|
|
* NTF_EXT_LOCKED flagged bridge FDB entries are entries generated by the
|
|
* bridge in response to a host trying to communicate via a locked bridge port
|
|
* with MAB enabled. Their purpose is to notify user space that a host requires
|
|
* authentication.
|
|
*
|
|
* NTF_EXT_EXT_VALIDATED flagged neighbor entries were externally validated by
|
|
* a user space control plane. The kernel will not remove or invalidate them,
|
|
* but it can probe them and notify user space when they become reachable.
|
|
*/
|
|
|
|
struct nda_cacheinfo {
|
|
__u32 ndm_confirmed;
|
|
__u32 ndm_used;
|
|
__u32 ndm_updated;
|
|
__u32 ndm_refcnt;
|
|
};
|
|
|
|
/*****************************************************************
|
|
* Neighbour tables specific messages.
|
|
*
|
|
* To retrieve the neighbour tables send RTM_GETNEIGHTBL with the
|
|
* NLM_F_DUMP flag set. Every neighbour table configuration is
|
|
* spread over multiple messages to avoid running into message
|
|
* size limits on systems with many interfaces. The first message
|
|
* in the sequence transports all not device specific data such as
|
|
* statistics, configuration, and the default parameter set.
|
|
* This message is followed by 0..n messages carrying device
|
|
* specific parameter sets.
|
|
* Although the ordering should be sufficient, NDTA_NAME can be
|
|
* used to identify sequences. The initial message can be identified
|
|
* by checking for NDTA_CONFIG. The device specific messages do
|
|
* not contain this TLV but have NDTPA_IFINDEX set to the
|
|
* corresponding interface index.
|
|
*
|
|
* To change neighbour table attributes, send RTM_SETNEIGHTBL
|
|
* with NDTA_NAME set. Changeable attribute include NDTA_THRESH[1-3],
|
|
* NDTA_GC_INTERVAL, and all TLVs in NDTA_PARMS unless marked
|
|
* otherwise. Device specific parameter sets can be changed by
|
|
* setting NDTPA_IFINDEX to the interface index of the corresponding
|
|
* device.
|
|
****/
|
|
|
|
struct ndt_stats {
|
|
__u64 ndts_allocs;
|
|
__u64 ndts_destroys;
|
|
__u64 ndts_hash_grows;
|
|
__u64 ndts_res_failed;
|
|
__u64 ndts_lookups;
|
|
__u64 ndts_hits;
|
|
__u64 ndts_rcv_probes_mcast;
|
|
__u64 ndts_rcv_probes_ucast;
|
|
__u64 ndts_periodic_gc_runs;
|
|
__u64 ndts_forced_gc_runs;
|
|
__u64 ndts_table_fulls;
|
|
};
|
|
|
|
enum {
|
|
NDTPA_UNSPEC,
|
|
NDTPA_IFINDEX, /* u32, unchangeable */
|
|
NDTPA_REFCNT, /* u32, read-only */
|
|
NDTPA_REACHABLE_TIME, /* u64, read-only, msecs */
|
|
NDTPA_BASE_REACHABLE_TIME, /* u64, msecs */
|
|
NDTPA_RETRANS_TIME, /* u64, msecs */
|
|
NDTPA_GC_STALETIME, /* u64, msecs */
|
|
NDTPA_DELAY_PROBE_TIME, /* u64, msecs */
|
|
NDTPA_QUEUE_LEN, /* u32 */
|
|
NDTPA_APP_PROBES, /* u32 */
|
|
NDTPA_UCAST_PROBES, /* u32 */
|
|
NDTPA_MCAST_PROBES, /* u32 */
|
|
NDTPA_ANYCAST_DELAY, /* u64, msecs */
|
|
NDTPA_PROXY_DELAY, /* u64, msecs */
|
|
NDTPA_PROXY_QLEN, /* u32 */
|
|
NDTPA_LOCKTIME, /* u64, msecs */
|
|
NDTPA_QUEUE_LENBYTES, /* u32 */
|
|
NDTPA_MCAST_REPROBES, /* u32 */
|
|
NDTPA_PAD,
|
|
NDTPA_INTERVAL_PROBE_TIME_MS, /* u64, msecs */
|
|
__NDTPA_MAX
|
|
};
|
|
#define NDTPA_MAX (__NDTPA_MAX - 1)
|
|
|
|
struct ndtmsg {
|
|
__u8 ndtm_family;
|
|
__u8 ndtm_pad1;
|
|
__u16 ndtm_pad2;
|
|
};
|
|
|
|
struct ndt_config {
|
|
__u16 ndtc_key_len;
|
|
__u16 ndtc_entry_size;
|
|
__u32 ndtc_entries;
|
|
__u32 ndtc_last_flush; /* delta to now in msecs */
|
|
__u32 ndtc_last_rand; /* delta to now in msecs */
|
|
__u32 ndtc_hash_rnd;
|
|
__u32 ndtc_hash_mask;
|
|
__u32 ndtc_hash_chain_gc;
|
|
__u32 ndtc_proxy_qlen;
|
|
};
|
|
|
|
enum {
|
|
NDTA_UNSPEC,
|
|
NDTA_NAME, /* char *, unchangeable */
|
|
NDTA_THRESH1, /* u32 */
|
|
NDTA_THRESH2, /* u32 */
|
|
NDTA_THRESH3, /* u32 */
|
|
NDTA_CONFIG, /* struct ndt_config, read-only */
|
|
NDTA_PARMS, /* nested TLV NDTPA_* */
|
|
NDTA_STATS, /* struct ndt_stats, read-only */
|
|
NDTA_GC_INTERVAL, /* u64, msecs */
|
|
NDTA_PAD,
|
|
__NDTA_MAX
|
|
};
|
|
#define NDTA_MAX (__NDTA_MAX - 1)
|
|
|
|
/* FDB activity notification bits used in NFEA_ACTIVITY_NOTIFY:
|
|
* - FDB_NOTIFY_BIT - notify on activity/expire for any entry
|
|
* - FDB_NOTIFY_INACTIVE_BIT - mark as inactive to avoid multiple notifications
|
|
*/
|
|
enum {
|
|
FDB_NOTIFY_BIT = (1 << 0),
|
|
FDB_NOTIFY_INACTIVE_BIT = (1 << 1)
|
|
};
|
|
|
|
/* embedded into NDA_FDB_EXT_ATTRS:
|
|
* [NDA_FDB_EXT_ATTRS] = {
|
|
* [NFEA_ACTIVITY_NOTIFY]
|
|
* ...
|
|
* }
|
|
*/
|
|
enum {
|
|
NFEA_UNSPEC,
|
|
NFEA_ACTIVITY_NOTIFY,
|
|
NFEA_DONT_REFRESH,
|
|
__NFEA_MAX
|
|
};
|
|
#define NFEA_MAX (__NFEA_MAX - 1)
|
|
|
|
#endif
|