2 ;; Copyright (c) 2010-2017 Intel Corporation
4 ;; Licensed under the Apache License, Version 2.0 (the "License");
5 ;; you may not use this file except in compliance with the License.
6 ;; You may obtain a copy of the License at
8 ;; http://www.apache.org/licenses/LICENSE-2.0
10 ;; Unless required by applicable law or agreed to in writing, software
11 ;; distributed under the License is distributed on an "AS IS" BASIS,
12 ;; WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 ;; See the License for the specific language governing permissions and
14 ;; limitations under the License.
18 ; This configuration creates the functionality of a lwAFTR component of the
19 ; lw4over6 architecture as described in IETF draft available at:
20 ; http://tools.ietf.org/id/draft-ietf-softwire-lw4over6-13.txt
21 ; The lwAFTR simply terminates IPv6 tunnels that carry IPv4 traffic for many
22 ; customers (one tunnel per customer). It consists of two tasks:
23 ; 1) ipv6_encap that encapsulates IPv4 packets into IPv6 and sends those tunnel
24 ; packets towards the customer tunnel endpoint. For this, it must use a
25 ; binding table that associates with each tunnel, a public IPv4 address and a
27 ; 2) ipv6_decap which handles packets arriving from the tunnel, checks they use
28 ; a source IPv4 address and port combination that matches their originating
29 ; tunnel (based on the same binding table as used by ipv6_encap), removes the
30 ; IPv6 encapsulation and sends them out its "internet" interface.
31 ; The binding table must be loaded in the [lua] section and assigned to the
32 ; tasks using the "tun_bindings" parameter. This configuration loads its binding
33 ; table from the provided ip6_tun_bind.lua but other binding tables can be used.
35 ; Binding tables of different sizes and different ranges of addresses and ports
36 ; can be generated by a provided helper script:
37 ; helper-scripts/ipv6_tun/ipv6_tun_bindings.pl -n <num_entries>
38 ; Most other parameters of the generated binding table can be tweaked through
39 ; script command-line switches. For more details, refer to the documentation of
40 ; the script obtained by running it with -help as argument.
41 ; The same script can also generate tables for testing tools to generate packets
42 ; with addresses and ports that match entries from the binding table (randomly
43 ; selecting entries from the binding table).
44 ; Additionally, the helper-scripts/ipv6_tun/gen_4over6.pl script can be used to
45 ; generate pcap files with IPv6 (tunnel) and IPv4 (internet) traffic matching a
46 ; given binding table.
48 ; ./helper-scripts/ipv6_tun/ipv6_tun_bindings.pl -n 100000 -suffix _100k
49 ; ./helper-scripts/ipv6_tun/gen_4over6.pl -tun -count=200000 \
50 ; -in ip6_tun_bind_100k.lua -out lwAFTR_tun_100k.pcap
51 ; ./helper-scripts/ipv6_tun/gen_4over6.pl -inet -count=200000 \
52 ; -in ip6_tun_bind_100k.lua -out lwAFTR_inet_100k.pcap
53 ; The above sequence of invocations generates a binding table with 100k entries,
54 ; written to file ip6_tun_bind_100k.lua (which the PROX configuration file needs
55 ; to load in the [lua] section then assign using the "tun_bindings" parameter),
56 ; and two pcap files to be used to generate traffic that will hit valid entries
57 ; from the binding table. Each pcap file contains 200k packets of either IPv4 or
62 -n=4 ; force number of memory channels
63 no-output=no ; disable DPDK debug output
74 $local_ipv6=fe80:0000:0000:0000:0100:00ff:fe00:0000
75 $lookup_port_mask=0xffc0
78 bindings = dofile("ip6_tun_bind.lua")
90 ;*****************************************************************************************
91 ;##### Send Internet IPv4 traffic into IPv6 tunnels, according to binding table ####
98 local ipv6=$local_ipv6
99 tunnel hop limit=$tun_hop_limit
100 lookup port mask=$lookup_port_mask
101 tun_bindings=bindings
102 ;*****************************************************************************************
103 ;##### Terminate IPv6 tunnels and transmit IPv4 out to Internet ####
104 ;# Binding table is checked to ensure src IPv4 address and port combo is allocated to the originating tunnel
111 dst mac=fe:80:00:ee:00:01
112 local ipv6=$local_ipv6
113 tunnel hop limit=$tun_hop_limit
114 lookup port mask=$lookup_port_mask
115 tun_bindings=bindings