;; ;; Copyright (c) 2010-2017 Intel Corporation ;; ;; Licensed under the Apache License, Version 2.0 (the "License"); ;; you may not use this file except in compliance with the License. ;; You may obtain a copy of the License at ;; ;; http://www.apache.org/licenses/LICENSE-2.0 ;; ;; Unless required by applicable law or agreed to in writing, software ;; distributed under the License is distributed on an "AS IS" BASIS, ;; WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. ;; See the License for the specific language governing permissions and ;; limitations under the License. ;; ;; ; This configuration creates the functionality of a lwAFTR component of the ; lw4over6 architecture as described in IETF draft available at: ; http://tools.ietf.org/id/draft-ietf-softwire-lw4over6-13.txt ; The lwAFTR simply terminates IPv6 tunnels that carry IPv4 traffic for many ; customers (one tunnel per customer). It consists of two tasks: ; 1) ipv6_encap that encapsulates IPv4 packets into IPv6 and sends those tunnel ; packets towards the customer tunnel endpoint. For this, it must use a ; binding table that associates with each tunnel, a public IPv4 address and a ; set of ports. ; 2) ipv6_decap which handles packets arriving from the tunnel, checks they use ; a source IPv4 address and port combination that matches their originating ; tunnel (based on the same binding table as used by ipv6_encap), removes the ; IPv6 encapsulation and sends them out its "internet" interface. ; The binding table must be loaded in the [lua] section and assigned to the ; tasks using the "tun_bindings" parameter. This configuration loads its binding ; table from the provided ip6_tun_bind.lua but other binding tables can be used. ; ; Binding tables of different sizes and different ranges of addresses and ports ; can be generated by a provided helper script: ; helper-scripts/ipv6_tun/ipv6_tun_bindings.pl -n ; Most other parameters of the generated binding table can be tweaked through ; script command-line switches. For more details, refer to the documentation of ; the script obtained by running it with -help as argument. ; The same script can also generate tables for testing tools to generate packets ; with addresses and ports that match entries from the binding table (randomly ; selecting entries from the binding table). ; Additionally, the helper-scripts/ipv6_tun/gen_4over6.pl script can be used to ; generate pcap files with IPv6 (tunnel) and IPv4 (internet) traffic matching a ; given binding table. ; Example usage: ; ./helper-scripts/ipv6_tun/ipv6_tun_bindings.pl -n 100000 -suffix _100k ; ./helper-scripts/ipv6_tun/gen_4over6.pl -tun -count=200000 \ ; -in ip6_tun_bind_100k.lua -out lwAFTR_tun_100k.pcap ; ./helper-scripts/ipv6_tun/gen_4over6.pl -inet -count=200000 \ ; -in ip6_tun_bind_100k.lua -out lwAFTR_inet_100k.pcap ; The above sequence of invocations generates a binding table with 100k entries, ; written to file ip6_tun_bind_100k.lua (which the PROX configuration file needs ; to load in the [lua] section then assign using the "tun_bindings" parameter), ; and two pcap files to be used to generate traffic that will hit valid entries ; from the binding table. Each pcap file contains 200k packets of either IPv4 or ; IPv6 traffic. ;; [eal options] -n=4 ; force number of memory channels no-output=no ; disable DPDK debug output [port 0] name=inet_0 mac=00:00:00:00:00:01 [port 1] name=lwB4_0 mac=00:00:00:00:00:03 [variables] $tun_hop_limit=5 $local_ipv6=fe80:0000:0000:0000:0100:00ff:fe00:0000 $lookup_port_mask=0xffc0 [lua] bindings = dofile("ip6_tun_bind.lua") [defaults] mempool size=16K [global] start time=20 name=lwAFTR [core 0s0] mode=master ;***************************************************************************************** ;##### Send Internet IPv4 traffic into IPv6 tunnels, according to binding table #### [core 1s0] name=v6_encap task=0 mode=ipv6_encap rx port=inet_0 tx port=lwB4_0 local ipv6=$local_ipv6 tunnel hop limit=$tun_hop_limit lookup port mask=$lookup_port_mask tun_bindings=bindings ;***************************************************************************************** ;##### Terminate IPv6 tunnels and transmit IPv4 out to Internet #### ;# Binding table is checked to ensure src IPv4 address and port combo is allocated to the originating tunnel [core 2s0] name=v6_decap task=0 mode=ipv6_decap rx port=lwB4_0 tx port=inet_0 dst mac=fe:80:00:ee:00:01 local ipv6=$local_ipv6 tunnel hop limit=$tun_hop_limit lookup port mask=$lookup_port_mask tun_bindings=bindings