Skip to content

Commit

Permalink
Merge branch 'scionproto:master' into router_multi_io_3
Browse files Browse the repository at this point in the history
  • Loading branch information
jiceatscion authored Jan 16, 2025
2 parents 1443c95 + f6ef864 commit c37767a
Show file tree
Hide file tree
Showing 44 changed files with 1,039 additions and 315 deletions.
2 changes: 1 addition & 1 deletion acceptance/router_benchmark/test.py
Original file line number Diff line number Diff line change
Expand Up @@ -41,7 +41,7 @@

# Those values are valid expectations only when running in the CI environment.
TEST_CASES = {
"in": 720000,
"in": 700000,
"out": 730000,
"in_transit": 700000,
"out_transit": 720000,
Expand Down
51 changes: 23 additions & 28 deletions control/cmd/control/main.go
Original file line number Diff line number Diff line change
Expand Up @@ -100,11 +100,13 @@ var globalCfg config.Config

func main() {
application := launcher.Application{
TOMLConfig: &globalCfg,
ShortName: "SCION Control Service",
// TODO(scrye): Deprecated additional sampler, remove once Anapaya/scion#5000 is in.
Samplers: []func(command.Pather) *cobra.Command{newSamplePolicy},
Main: realMain,
ApplicationBase: launcher.ApplicationBase{
TOMLConfig: &globalCfg,
ShortName: "SCION Control Service",
// TODO(scrye): Deprecated additional sampler, remove once Anapaya/scion#5000 is in.
Samplers: []func(command.Pather) *cobra.Command{newSamplePolicy},
Main: realMain,
},
}
application.Run()
}
Expand Down Expand Up @@ -220,7 +222,7 @@ func realMain(ctx context.Context) error {
SCIONNetworkMetrics: metrics.SCIONNetworkMetrics,
SCIONPacketConnMetrics: metrics.SCIONPacketConnMetrics,
MTU: topo.MTU(),
Topology: cpInfoProvider{topo: topo},
Topology: adaptTopology(topo),
}
quicStack, err := nc.QUICStack()
if err != nil {
Expand Down Expand Up @@ -943,29 +945,22 @@ func (h *healther) GetCAHealth(ctx context.Context) (api.CAHealthStatus, bool) {
return api.Unavailable, false
}

type cpInfoProvider struct {
topo *topology.Loader
}

func (c cpInfoProvider) LocalIA(_ context.Context) (addr.IA, error) {
return c.topo.IA(), nil
}

func (c cpInfoProvider) PortRange(_ context.Context) (uint16, uint16, error) {
start, end := c.topo.PortRange()
return start, end, nil
}

func (c cpInfoProvider) Interfaces(_ context.Context) (map[uint16]netip.AddrPort, error) {
ifMap := c.topo.InterfaceInfoMap()
ifsToUDP := make(map[uint16]netip.AddrPort, len(ifMap))
for i, v := range ifMap {
if i > (1<<16)-1 {
return nil, serrors.New("invalid interface id", "id", i)
}
ifsToUDP[uint16(i)] = v.InternalAddr
func adaptTopology(topo *topology.Loader) snet.Topology {
start, end := topo.PortRange()
return snet.Topology{
LocalIA: topo.IA(),
PortRange: snet.TopologyPortRange{
Start: start,
End: end,
},
Interface: func(ifID uint16) (netip.AddrPort, bool) {
a := topo.UnderlayNextHop(ifID)
if a == nil {
return netip.AddrPort{}, false
}
return a.AddrPort(), true
},
}
return ifsToUDP, nil
}

func getCAHealth(
Expand Down
8 changes: 5 additions & 3 deletions daemon/cmd/daemon/main.go
Original file line number Diff line number Diff line change
Expand Up @@ -75,9 +75,11 @@ var globalCfg config.Config

func main() {
application := launcher.Application{
TOMLConfig: &globalCfg,
ShortName: "SCION Daemon",
Main: realMain,
ApplicationBase: launcher.ApplicationBase{
TOMLConfig: &globalCfg,
ShortName: "SCION Daemon",
Main: realMain,
},
}
application.Run()
}
Expand Down
10 changes: 6 additions & 4 deletions dispatcher/cmd/dispatcher/main.go
Original file line number Diff line number Diff line change
Expand Up @@ -47,10 +47,12 @@ var globalCfg config.Config

func main() {
application := launcher.Application{
TOMLConfig: &globalCfg,
ShortName: "SCION Dispatcher",
RequiredIPs: requiredIPs,
Main: realMain,
ApplicationBase: launcher.ApplicationBase{
TOMLConfig: &globalCfg,
ShortName: "SCION Dispatcher",
RequiredIPs: requiredIPs,
Main: realMain,
},
}
application.Run()
}
Expand Down
1 change: 1 addition & 0 deletions doc/conf.py
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,7 @@
"sphinx_rtd_theme",
"sphinx.ext.extlinks",
"sphinxcontrib.openapi",
"sphinxcontrib.mermaid",
]

copybutton_prompt_text = r"\w*\$ " # matches e.g. <hostname>$
Expand Down
16 changes: 13 additions & 3 deletions doc/dev/contribute.rst
Original file line number Diff line number Diff line change
Expand Up @@ -45,6 +45,15 @@ No matter what language you want to contribute to, one of the first steps to tak
up a development environment. See :ref:`setting-up-the-development-environment` for the needed steps.
If you encounter issues, please visit our :ref:`Slack <slack>` and ask for help.

.. _code-map:

Souce code map
==============

Because the code is mostly written in Go and hosted on a public repository, its inline documentation
is rendered automatically at `<https://pkg.go.dev/github.com/scionproto/scion>`__ and includes a helpful
index.

.. _finding-an-issue-to-contribute-to:

Finding an issue to contribute to
Expand Down Expand Up @@ -93,12 +102,13 @@ implementation projects.

The current members of the TC Implementation are:

* Jean-Christophe Hugly (|span-github| `@jiceatscion <https://github.com/jiceatscion>`_, |span-slack| @Jean-Christophe Hugly)
* Dominik Roos (|span-github| `@oncilla <https://github.com/oncilla>`_, |span-slack| @roosd)
* Jean-Christophe Hugly (|span-github| `@jiceatscion <https://github.com/jiceatscion>`_, |span-slack| @jiceatscion)
* Dominik Roos (|span-github| `@oncilla <https://github.com/oncilla>`_, |span-slack| @Dominik Roos)
* François Wirz (|span-github| `@FR4NK-W <https://github.com/FR4NK-W>`_, |span-slack| @frank)
* Lukas Vogel (|span-github| `@lukedirtwalker <https://github.com/lukedirtwalker>`_, |span-slack| @luke)
* Marc Frei (|span-github| `@marcfrei <https://github.com/marcfrei>`_, |span-slack| @marcfrei)
* Jordi Subirà (|span-github| `@JordiSubira <https://github.com/JordiSubira>`_, |span-slack| @jordisubira)
* Jordi Subirà (|span-github| `@JordiSubira <https://github.com/JordiSubira>`_, |span-slack| @Jordi Subirà-Nieto)
* Markus Legner (|span-github| `@mlegner <https://github.com/mlegner>`_, |span-slack| @Markus Legner)


.. rubric:: Responsibilities and Tasks
Expand Down
2 changes: 1 addition & 1 deletion doc/dev/design/router-port-dispatch.rst
Original file line number Diff line number Diff line change
Expand Up @@ -179,7 +179,7 @@ With these mechanisms, the update procedure for an individual AS is:

The recommended initial port range for the transition is ``31000-32767``.
This range is just below the range of ephemeral ports that is assigned by the old dispatcher (32768-65535), ensuring that UDP traffic from legacy end hosts will be unaffected by the port dispatching in the router.
On legacy hosts, SCMP echo and error requests currently use random IDs, and thus have a low chance (~2.5%) to pick an ID in the range that is port dispatched by the router. As a preparatory change, the range of IDs can reduced, so that there is no intersection.
On legacy hosts, SCMP echo and traceroute requests currently use random ports, and thus have a low chance (~2.5%) to pick a port in the range that is dispatched by the router. As a preparatory change, the range of ephemeral ports of the operating system can be reduced, so that there is no intersection.

2. Update devices, **in any order**, without requiring synchronisation:

Expand Down
3 changes: 2 additions & 1 deletion doc/requirements.in
Original file line number Diff line number Diff line change
Expand Up @@ -5,4 +5,5 @@ sphinx_design
sphinx-autobuild
sphinx-lint
sphinx-rtd-theme
sphinxcontrib-openapi
sphinxcontrib-openapi
sphinxcontrib-mermaid
25 changes: 16 additions & 9 deletions doc/requirements.txt
Original file line number Diff line number Diff line change
Expand Up @@ -310,11 +310,13 @@ pyyaml==6.0.1 \
--hash=sha256:fca0e3a251908a499833aa292323f32437106001d436eca0e6e7833256674585 \
--hash=sha256:fd1592b3fdf65fff2ad0004b5e363300ef59ced41c2e6b3a99d4089fa8c5435d \
--hash=sha256:fd66fc5d0da6d9815ba2cebeb4205f95818ff4b79c3ebe268e75d961704af52f
# via sphinxcontrib-openapi
# via
# sphinxcontrib-mermaid
# sphinxcontrib-openapi
recommonmark==0.7.1 \
--hash=sha256:1b1db69af0231efce3fa21b94ff627ea33dee7079a01dd0a7f8482c3da148b3f \
--hash=sha256:bdb4db649f2222dcd8d2d844f0006b958d627f732415d399791ee436a3686d67
# via -r requirements.in
# via -r doc/requirements.in
referencing==0.34.0 \
--hash=sha256:5773bd84ef41799a5a8ca72dc34590c041eb01bf9aa02632b4a973fb0181a844 \
--hash=sha256:d53ae300ceddd3169f1ffa9caf2cb7b769e92657e4fafb23d34b93679116dfd4
Expand Down Expand Up @@ -539,39 +541,40 @@ sphinx==7.3.7 \
--hash=sha256:413f75440be4cacf328f580b4274ada4565fb2187d696a84970c23f77b64d8c3 \
--hash=sha256:a4a7db75ed37531c05002d56ed6948d4c42f473a36f46e1382b0bd76ca9627bc
# via
# -r requirements.in
# -r doc/requirements.in
# recommonmark
# sphinx-autobuild
# sphinx-copybutton
# sphinx-design
# sphinx-rtd-theme
# sphinxcontrib-httpdomain
# sphinxcontrib-jquery
# sphinxcontrib-mermaid
# sphinxcontrib-openapi
sphinx-autobuild==2024.4.16 \
--hash=sha256:1c0ed37a1970eed197f9c5a66d65759e7c4e4cba7b5a5d77940752bf1a59f2c7 \
--hash=sha256:f2522779d30fcbf0253e09714f274ce8c608cb6ebcd67922b1c54de59faba702
# via -r requirements.in
# via -r doc/requirements.in
sphinx-copybutton==0.5.2 \
--hash=sha256:4cf17c82fb9646d1bc9ca92ac280813a3b605d8c421225fd9913154103ee1fbd \
--hash=sha256:fb543fd386d917746c9a2c50360c7905b605726b9355cd26e9974857afeae06e
# via -r requirements.in
# via -r doc/requirements.in
sphinx-design==0.6.0 \
--hash=sha256:e9bd07eecec82eb07ff72cb50fc3624e186b04f5661270bc7b62db86c7546e95 \
--hash=sha256:ec8e3c5c59fed4049b3a5a2e209360feab31829346b5f6a0c7c342b894082192
# via -r requirements.in
# via -r doc/requirements.in
sphinx-lint==0.9.1 \
--hash=sha256:185cee19ff1129549c45e15a3b25404daeb47c54d15112dda589cedad82957aa \
--hash=sha256:df34271ab65ce43676cbd90726f4dea5cd200b43b01448b2aee8f06e609edcbb
# via -r requirements.in
# via -r doc/requirements.in
sphinx-mdinclude==0.6.0 \
--hash=sha256:764b6aeee28002b9d02060758266761a2c724805594d264b19e6ceeaa3bad393 \
--hash=sha256:b1cb4dfa22ce17ca20e90e34d4349d8a97c5052709d9c4eed051cdabb615b20b
# via sphinxcontrib-openapi
sphinx-rtd-theme==2.0.0 \
--hash=sha256:bd5d7b80622406762073a04ef8fadc5f9151261563d47027de09910ce03afe6b \
--hash=sha256:ec93d0856dc280cf3aee9a4c9807c60e027c7f7b461b77aeffed682e68f0e586
# via -r requirements.in
# via -r doc/requirements.in
sphinxcontrib-applehelp==1.0.8 \
--hash=sha256:c40a4f96f3776c4393d933412053962fac2b84f4c99a7982ba42e09576a70619 \
--hash=sha256:cb61eb0ec1b61f349e5cc36b2028e9e7ca765be05e49641c97241274753067b4
Expand All @@ -596,10 +599,14 @@ sphinxcontrib-jsmath==1.0.1 \
--hash=sha256:2ec2eaebfb78f3f2078e73666b1415417a116cc848b72e5172e596c871103178 \
--hash=sha256:a9925e4a4587247ed2191a22df5f6970656cb8ca2bd6284309578f2153e0c4b8
# via sphinx
sphinxcontrib-mermaid==1.0.0 \
--hash=sha256:2e8ab67d3e1e2816663f9347d026a8dee4a858acdd4ad32dd1c808893db88146 \
--hash=sha256:60b72710ea02087f212028feb09711225fbc2e343a10d34822fe787510e1caa3
# via -r doc/requirements.in
sphinxcontrib-openapi==0.8.4 \
--hash=sha256:50911c18d452d9390ee3a384ef8dc8bde6135f542ba55691f81e1fbc0b71014e \
--hash=sha256:df883808a5b5e4b4113ad697185c43a3f42df3dce70453af78ba7076907e9a20
# via -r requirements.in
# via -r doc/requirements.in
sphinxcontrib-qthelp==1.0.7 \
--hash=sha256:053dedc38823a80a7209a80860b16b722e9e0209e32fea98c90e4e6624588ed6 \
--hash=sha256:e2ae3b5c492d58fcbd73281fbd27e34b8393ec34a073c792642cd8e529288182
Expand Down
84 changes: 43 additions & 41 deletions doc/sig.rst
Original file line number Diff line number Diff line change
Expand Up @@ -2,37 +2,47 @@
SCION-IP Gateway
****************

The SCION-IP Gateway (SIG) tunnels IP packets over the SCION Internet.
Introduction
============

An ingress SIG encapsulates IP packets in a SCION packet and sends it to an egress SIG determined
by the configured routing rules, where the packet is decapsulated and forwarded toward its
destination IP address.
From the perspective of IP, a SIG looks like a router.
From the perspective of SCION, a SIG is a regular application.
The SCION IP Gateway (SIG) enables IP packets to be tunneled over SCION to support communication between hosts that do not run a SCION implementation. A SIG acts as a router from the perspective of IP, whilst acting as SCION endpoint from the perspective of the SCION network. It is typically deployed inside the same AS-internal network as its non-SCION hosts, or at the edge of an enterprise network.

.. admonition:: TODO
Tunneling IP traffic over SCION requires a pair of SIGs and it involves the following steps:

1. A sender sends an IP packet towards an IP destination.

2. The IP packet reaches a SIG in the sender’s network via standard IP routing.

3. Based on the destination IP address, the source (ingress) SIG determines the destination (egress) SIG's ISD-AS endpoint address. To achieve this, SIGs are administratively configured with a set of partner ASes and discover SIGs present at these ASes. They then exchange IP prefixes. The description of that protocol is yet to be written.

4. The ingress SIG encapsulates the original IP packet within one or more SCION packets and sends them to the egress SIG. If necessary, the ingress SIG performs SCION path lookups and selects a SCION path to the egress SIG.

5. The egress SIG receives the SCION packet or packets and decapsulates the original IP packet. It then forwards the packet to the final IP destination using standard IP routing.

This protocol is designed to:

- provide independence from the underlying SCION path MTU which can increase and decrease over time.
- provide fast detection of packet loss and subsequent recovery of decapsulation for packets that weren't lost.
- support for multiple streams within a framing session such that independent packet sequences be tunneled in parallel.

SIG Overview and introduction

SIG Framing Protocol
====================

SIG Framing Protocol describes frames sent between two SIG instances.
The IP packets transported via SIG are encapsulated in SIG frames.
There can be multiple IP packets in a single SIG frame.
A single IP packet can also be split into multiple SIG frames.
IP packets are encapsulated into SIG frames, which are sent as SCION/UDP datagrams.

SIG traffic can be sent over multiple SIG sessions. SIG uses different
sessions to transport different classes of traffic (e.g. priority vs. normal.)
There may be multiple IP packets in a single SIG frame, and a single IP packet may be split into multiple SIG frames.

Within each session there may be multiple streams. Streams are useful to
distinguish between traffic sent by different SIG instances. For example,
if SIG is restarted, it will create a new stream ID for each session. That way,
the peer SIG will know that the new frame with a new stream ID does not
carry trailing part of the unfinished IP packet from a different stream.
The ingress SIG initiates unidirectional packet flows to the egress SIG simply by sending the corresponding SIG frames. There is no handshake. The egress SIG, should it accept the traffic, instantiates the necessary resources on-demand to process each flow. Each such flow forms an independent sequence of packets (a stream) ordered by an incrementing sequence number. Between a given SIG ingress/egress pair, a (session ID, stream ID) pair uniquely identifies a stream.

Each SIG frame has a sequence number. The remote SIG uses the sequence
number to reassemble the contained IP packets.
To preserve performance, IP packets that form a sequence leave the egress SIG in the order in which they entered the ingress SIG. To that end:

- The ingress SIG encapsulates IP packets that cannot be proven independent (e.g., with the same IP 6-tuple) in the same stream.
- The ingress SIG encapsulates IP packets to a given stream in the order in which they were received.
- The ingress SIG sends all frames of a given stream over the same SCION path.
- The egress SIG reassembles and forward packets from each stream, ordered by frame sequence number and by packet within each frame.

The session ID part of the (session ID, stream ID) pair has an implementation defined meaning. Existing implementations use different session IDs for different traffic classes: the ingress SIG is responsible for assigning a traffic class. On the egress SIG side, the session ID may inform the processing of frames and enables per-class metrics.

The Stack
---------
Expand All @@ -57,9 +67,9 @@ Each SIG frame starts with SIG frame header with the following format::
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Version | Session | Index |
| Version | Session ID | Index |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Reserved (12 bits) | Stream (20 bits) |
| Reserved (12 bits) | Stream ID (20 bits) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
+ Sequence number +
Expand All @@ -68,35 +78,27 @@ Each SIG frame starts with SIG frame header with the following format::

All fields within SIG frame header are in network byte order.

- The ``Version`` field indicates the SIG framing version. It must be set to zero.

- The ``Session`` field indicates the SIG session to be used.

- The ``Index`` field is the byte offset of the first beginning of an IP packet
within the payload. If no IP packet starts in the payload, for example, if
the frame contains only a trailing part of an IP packet, the field must be set
to 0xFFFF.

- The ``Reserved`` field is reserved and must be set to zero.

- The ``Stream`` field, along with the session identifies a unique sequence of
SIG frames.
- ``Version`` (8 bits) indicates the SIG framing version. It MUST be set to zero if following this specification.
- ``Session ID`` (8 bits) identifies a tunneling session between a pair of SIGs.
- ``Index`` (16 bits) is the byte offset of the first beginning of an IP packet within the payload. If no IP packet starts in the payload, e.g. if the frame contains only the middle or trailing part of an IP packet, the field MUST be set to 0xFFFF.
- ``Reserved`` (12 bits): it MUST be set to zero.
- ``Stream ID`` (20 bits), along with the session, it identifies a unique sequence of SIG frames. Frames from the same stream are, on the egress SIG, put into the same reassembly queue. There may be multiple streams per session.
- ``Sequence Number`` (64 bits) indicates the position of the frame within a stream. Consecutive frames of a given stream have consecutive sequence numbers. IP packets split among multiple frames are re-assembled by concatenating the payloads of consecutive frames.

- The ``Sequence number`` field indicates a position of the frame within a
stream. Consecutive frames can be used to reassemble IP packets split among
multiple frames.
A SIG MAY drop frames. In the current implementation, the egress SIG does not buffer frames that are received out-ot-order. Instead it drops any out-of-order and following frames until it finds the begining of a new encapsulated IP packet.

SIG frame payload
-----------------

SIG frame payload may contain multiple IPv4 or IPv6 packets, or parts
The SIG frame payload may contain multiple IPv4 or IPv6 packets, or parts
thereof. No other types of packets can be encapsulated. The packets are
placed one directly after another, with no padding.
Multicast traffic is not supported yet.

SIG uses IPv4/6 "payload length" field to determine the size of the packet.
To make the processing easier, it is required that the fixed part of the IP header
is in the frame where the IP packet begins. In other words, the initial fragment
of an IPv4 packet must be at least 20 bytes long. Initial fragment of an IPv6
of an IPv4 packet must be at least 20 bytes long. The initial fragment of an IPv6
packet must be at least 40 bytes long.

Example
Expand Down
Loading

0 comments on commit c37767a

Please sign in to comment.