Giter Club home page Giter Club logo

srv6's Introduction

NextMN-SRv6

NextMN-SRv6 is an experimental implementation for some SRv6 MUP Endpoint Behaviors.

Warning

This project is still at the early stages of development and contains bugs and will crash in unexpected manners. Please do not use it for anything other than experimentation. Expect breaking changes until v1.0.0

Roadmap

Provider Behavior Implemented? Todo
NextMN End.MAP no -
NextMN End.M.GTP6.D no -
NextMN End.M.GTP6.D.Di no -
NextMN End.M.GTP6.E yes send ICMP when errors
NextMN End.M.GTP4.E yes send ICMP when errors
NextMN H.M.GTP4.D yes send ICMP when errors, optional: respond to GTP Echo Req
NextMN End.Limit no -
NextMN End.M.GTP6.E.Red no requires a map of gnbs addr; order of bit field considerations
NextMNWithCtrl H.M.GTP4.D partial src address should not be hardcoded
NextMNWithCtrl H.Encaps partial src address should not be hardcoded
Linux End yes -
Linux End.DX4 yes -
Linux H.Encaps yes -
Linux H.Inline untested -
PDU Session Type Supported?
IPv4 yes
IPv6 no
IPv4v6 no
Ethernet no
Unstructured no

Incoming packet flow

incoming packet flow

Getting started

Build dependencies

  • golang
  • make (optional)

Runtime dependencies

  • iproute2

Build and install

Simply run make build and make install.

Docker

If you plan using NextMN-SRv6 with Docker:

  • The container requires the NET_ADMIN capability;
  • The container should enable IPv6, and Segment Routing
  • The container requires the forwarding to be enabled (not enabled by the container itself);
  • The tun interface (/dev/net/tun) must be available in the container.

This can be done in docker-compose.yaml by defining the following for the service:

cap_add:
    - NET_ADMIN
devices:
    - "/dev/net/tun"
sysctls:
    - net.ipv6.conf.all.disable_ipv6=0
    - net.ipv4.ip_forward=1
    - net.ipv6.conf.all.forwarding=1
    - net.ipv6.conf.all.seg6_enabled=1
    - net.ipv6.conf.default.seg6_enabled=1

Author

Louis Royer

License

MIT

srv6's People

Contributors

dependabot[bot] avatar louisroyer avatar pre-commit-ci[bot] avatar

Stargazers

avatar avatar avatar

Watchers

avatar

srv6's Issues

GTP Echo

they should be handled correctly.

healthcheck subcommand

  • Add a healthcheck subcommand that returns 0 after a successful http get request to /status
  • Add a HEALTHCHECK in Dockerfile that use this subcommand

Send ICMP errors response

  • to follow the RFC
  • if no SR header, and contains ICMP message, handle the packet (response to ping, warn if ICMP error): this is to avoid infinite loop of ICMP error messages

Process all layers before SRH in packet order in endpoints

to follow RFC 8200. "a receiver must not, for example, scan through a packet looking for a particular kind of extension header and process that header prior to processing all preceding ones."

In particular before the SRH:

  • if Hop by Hop option -> don't process the header ("it is now expected that nodes along a packet's delivery path only examine and process the Hop-by-Hop Options header if explicitly configured to do so.")
  • if Fragments -> drop + icmp: routers must not fragment/reassemble packets
  • if Destination Options -> depends on 2 first bits of each included Option Type
  • if Authentication -> drop + icmp: unsupported
  • if Encapsulating Security Payload -> drop + icmp: unsupported
  • if unrecognized -> send an ICMP Parameter Problem message to the source of
    the packet, with an ICMP Code value of 1 ("unrecognized Next Header
    type encountered") and the ICMP Pointer field containing the offset
    of the unrecognized value within the original packet.

Layers after SRH are considered payload, independently of the Next Header, and therefore are not processed.

End.M.GTP6.Di/D/E

  • in source addr, optionally add the UDP source port and ipv6 prefix length
  • by default, use GTPU well known port (even if this is not ideal)

Drop icmp redirect on tun ifaces 

runIPTables("-A", "OUTPUT", "-o", iface.Name(), "-p", "icmp", "--icmp-type", "redirect", "-j", "DROP")
runIP6Tables("-A", "OUTPUT", "-o", iface.Name(), "-p", "icmpv6", "--icmpv6-type", "redirect", "-j", "DROP")

Update to go 1.23

  • Wait for golang 1.23 to be packaged in Debian stable-backports
  • Change

    srv6/internal/tasks/registry.go

    Line 45 in a312183

    for i := len(r.Tasks) - 1; i >= 0; i-- {
    to use for _, _ := range slice.Backward()
  • check go version for github action workflow
  • check go version for docker image

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.