geneve.4: Add geneve manual
Reviewed by: ziaee, adrian Differential Revision: https://reviews.freebsd.org/D55182
This commit is contained in:
@@ -187,6 +187,7 @@ MAN= aac.4 \
|
|||||||
gem.4 \
|
gem.4 \
|
||||||
genet.4 \
|
genet.4 \
|
||||||
genetlink.4 \
|
genetlink.4 \
|
||||||
|
geneve.4 \
|
||||||
geom.4 \
|
geom.4 \
|
||||||
geom_linux_lvm.4 \
|
geom_linux_lvm.4 \
|
||||||
geom_uzip.4 \
|
geom_uzip.4 \
|
||||||
@@ -728,6 +729,7 @@ MLINKS+=fwip.4 if_fwip.4
|
|||||||
MLINKS+=fxp.4 if_fxp.4
|
MLINKS+=fxp.4 if_fxp.4
|
||||||
MLINKS+=gem.4 if_gem.4
|
MLINKS+=gem.4 if_gem.4
|
||||||
MLINKS+=genet.4 if_genet.4
|
MLINKS+=genet.4 if_genet.4
|
||||||
|
MLINKS+=geneve.4 if_geneve.4
|
||||||
MLINKS+=geom.4 GEOM.4
|
MLINKS+=geom.4 GEOM.4
|
||||||
MLINKS+=gif.4 if_gif.4
|
MLINKS+=gif.4 if_gif.4
|
||||||
MLINKS+=gpio.4 gpiobus.4
|
MLINKS+=gpio.4 gpiobus.4
|
||||||
|
|||||||
@@ -0,0 +1,384 @@
|
|||||||
|
.\"
|
||||||
|
.\" Copyright (c) 2025-2026 Pouria Mousavizadeh Tehrani <pouria@FreeBSD.org>
|
||||||
|
.\"
|
||||||
|
.\" SPDX-License-Identifier: BSD-2-Clause
|
||||||
|
.\"
|
||||||
|
.Dd March 31, 2026
|
||||||
|
.Dt GENEVE 4
|
||||||
|
.Os
|
||||||
|
.Sh NAME
|
||||||
|
.Nm geneve
|
||||||
|
.Nd Generic Network Virtualization Encapsulation interface
|
||||||
|
.Sh SYNOPSIS
|
||||||
|
To compile this driver into the kernel,
|
||||||
|
place the following line in your
|
||||||
|
kernel configuration file:
|
||||||
|
.Cd device geneve
|
||||||
|
.Pp
|
||||||
|
Alternatively, to load the driver as a
|
||||||
|
module at boot time, place the following line in
|
||||||
|
.Xr loader.conf 5 :
|
||||||
|
.Cd if_geneve_load="YES"
|
||||||
|
.Sh DESCRIPTION
|
||||||
|
The
|
||||||
|
.Nm
|
||||||
|
driver creates a generic network virtualization tunnel interfaces
|
||||||
|
for Tentant Systems over an L3 (IP/UDP) underlay network that provides
|
||||||
|
a Layer 2 (ethernet) or Layer 3 service using
|
||||||
|
.Nm
|
||||||
|
protocol.
|
||||||
|
.Pp
|
||||||
|
This driver corresponds to RFC 8926 for format specification and by default
|
||||||
|
uses the multicast-learning-based approach for its control plane.
|
||||||
|
To provide control plane independence all of the driver-specific operations
|
||||||
|
are implemented using
|
||||||
|
.Xr rtnetlink 4
|
||||||
|
and all the
|
||||||
|
.Xr ioctl 2
|
||||||
|
calls are implemented using the
|
||||||
|
.Xr nv 9
|
||||||
|
library.
|
||||||
|
Each
|
||||||
|
.Nm
|
||||||
|
interface is created at runtime using interface cloning.
|
||||||
|
This is most easily done with the
|
||||||
|
.Xr ifconfig 8
|
||||||
|
.Cm create
|
||||||
|
command or using the
|
||||||
|
.Va cloned_interfaces
|
||||||
|
variable in
|
||||||
|
.Xr rc.conf 5 .
|
||||||
|
The interface may be removed with the
|
||||||
|
.Xr ifconfig 8
|
||||||
|
.Cm destroy
|
||||||
|
command.
|
||||||
|
.Pp
|
||||||
|
The
|
||||||
|
.Nm
|
||||||
|
interface must be configured in either L2 or L3 mode.
|
||||||
|
An L2
|
||||||
|
.Nm
|
||||||
|
tunnel could be used as a backplane between the virtual switches
|
||||||
|
residing in hypervisors, switches, or other appliances.
|
||||||
|
.Pp
|
||||||
|
The L3
|
||||||
|
.Nm
|
||||||
|
tunnel provides virtualized IP forwarding service similar to IP/VRF.
|
||||||
|
.Pp
|
||||||
|
By default the
|
||||||
|
.Nm
|
||||||
|
driver creates an L2 interface that supports the usual network
|
||||||
|
.Xr ioctl 2 Ns s
|
||||||
|
and thus can be used with
|
||||||
|
.Xr ifconfig 8
|
||||||
|
like any other Ethernet interface.
|
||||||
|
An L2
|
||||||
|
.Nm
|
||||||
|
interface encapsulates the Ethernet frame by prepending IP/UDP and
|
||||||
|
.Nm
|
||||||
|
headers.
|
||||||
|
Thus, the encapsulated (inner) frame is able to be transmitted
|
||||||
|
over a routed, Layer 3 network to the remote host.
|
||||||
|
.Pp
|
||||||
|
The
|
||||||
|
.Nm
|
||||||
|
interface may be configured in either unicast or multicast mode.
|
||||||
|
When in unicast mode,
|
||||||
|
the interface creates a tunnel to a single remote host,
|
||||||
|
and all traffic is transmitted to that host.
|
||||||
|
When in multicast mode,
|
||||||
|
the interface joins an IP multicast group,
|
||||||
|
and receives packets sent to the group address,
|
||||||
|
and transmits packets to either the multicast group address,
|
||||||
|
or directly to the remote host if there is an appropriate
|
||||||
|
forwarding table entry.
|
||||||
|
.Pp
|
||||||
|
When the
|
||||||
|
.Nm
|
||||||
|
interface is brought up, a
|
||||||
|
.Xr udp 4
|
||||||
|
.Xr socket 9
|
||||||
|
is created based on the configuration,
|
||||||
|
such as the local address for unicast mode or
|
||||||
|
the group address for multicast mode,
|
||||||
|
and the listening (local) port number.
|
||||||
|
Since multiple
|
||||||
|
.Nm
|
||||||
|
interfaces may be created that either
|
||||||
|
use the same local address
|
||||||
|
or join the same group address,
|
||||||
|
and use the same port,
|
||||||
|
the driver may share a socket among multiple interfaces.
|
||||||
|
However, each interface within a socket must belong to
|
||||||
|
a unique
|
||||||
|
.Nm
|
||||||
|
segment per
|
||||||
|
.Xr vnet 9 .
|
||||||
|
The analogous
|
||||||
|
.Xr vlan 4
|
||||||
|
configuration would be a physical interface configured as
|
||||||
|
the parent device for multiple VLAN interfaces, each with
|
||||||
|
a unique VLAN tag.
|
||||||
|
Each
|
||||||
|
.Nm
|
||||||
|
segment is identified by a 24-bit value in the
|
||||||
|
.Nm
|
||||||
|
header called the
|
||||||
|
.Dq Virtual Network Identifier ,
|
||||||
|
or VNI.
|
||||||
|
This value can be set with
|
||||||
|
.Xr ifconfig 8
|
||||||
|
.Cm geneveid
|
||||||
|
parameter.
|
||||||
|
.Pp
|
||||||
|
When configured with the
|
||||||
|
.Xr ifconfig 8
|
||||||
|
.Cm genevelearn
|
||||||
|
parameter, the interface dynamically creates forwarding table entries
|
||||||
|
from received packets.
|
||||||
|
An entry in the forwarding table maps the inner source MAC address
|
||||||
|
to the outer remote IP address.
|
||||||
|
During transmit, the interface attempts to lookup an entry for
|
||||||
|
the encapsulated destination MAC address.
|
||||||
|
If an entry is found, the IP address in the entry is used to directly
|
||||||
|
transmit the encapsulated frame to the destination.
|
||||||
|
Otherwise, when configured in multicast mode,
|
||||||
|
the interface must flood the frame to all hosts in the group.
|
||||||
|
The maximum number of entries in the table is configurable with the
|
||||||
|
.Xr ifconfig 8
|
||||||
|
.Cm genevemaxaddr
|
||||||
|
command.
|
||||||
|
Stale entries in the table are periodically pruned.
|
||||||
|
The timeout is configurable with the
|
||||||
|
.Xr ifconfig 8
|
||||||
|
.Cm genevetimeout
|
||||||
|
command.
|
||||||
|
.Ss MTU
|
||||||
|
Since the
|
||||||
|
.Nm
|
||||||
|
interface encapsulates the Ethernet frame with an IP, UDP, and
|
||||||
|
.Nm
|
||||||
|
header, the resulting frame may be larger than the MTU of the
|
||||||
|
physical network.
|
||||||
|
The
|
||||||
|
.Nm
|
||||||
|
specification recommends the physical network MTU be configured
|
||||||
|
to use jumbo frames to accommodate the encapsulated frame size.
|
||||||
|
.Pp
|
||||||
|
By default, the
|
||||||
|
.Nm
|
||||||
|
driver sets its MTU to usual ethernet MTU of 1500 bytes, reduced by
|
||||||
|
the size of geneve headers prepended which is depends on
|
||||||
|
.Cm genevemode .
|
||||||
|
.Pp
|
||||||
|
Alternatively, the
|
||||||
|
.Xr ifconfig 8
|
||||||
|
.Cm mtu
|
||||||
|
command may be used to set the fixed MTU size on the
|
||||||
|
.Nm
|
||||||
|
interface to allow the encapsulated frame to fit in the
|
||||||
|
current MTU of the physical network.
|
||||||
|
If the
|
||||||
|
.Cm mtu
|
||||||
|
command was used, system no longer adjust the
|
||||||
|
.Nm
|
||||||
|
interface MTU on routing or address changes.
|
||||||
|
.Ss Hop Limit
|
||||||
|
TTL value of
|
||||||
|
.Nm
|
||||||
|
interface can change by using the
|
||||||
|
.Xr ifconfig 8
|
||||||
|
.Cm genevettl
|
||||||
|
command and it also can be inherited from carrying packet.
|
||||||
|
You can set the
|
||||||
|
.Cm genevettl
|
||||||
|
to a number value or
|
||||||
|
.Cm inherit
|
||||||
|
option to be inherited at the encapsulation and decapsulation point.
|
||||||
|
.Ss Traffic Class
|
||||||
|
Just like the TTL value, ToS value can be inherited at the encapsulation point
|
||||||
|
using
|
||||||
|
.Xr ifconfig 8
|
||||||
|
.Cm genevedscpinherit .
|
||||||
|
As defined in RFC 8926, ECN value follows the RFC 6040 for both ingress and
|
||||||
|
egress traffic.
|
||||||
|
.Ss Don't Fragment
|
||||||
|
To make sure fragmentation does not happing during transmission, you can
|
||||||
|
set the
|
||||||
|
.Xr ifconfig 8
|
||||||
|
.Cm genevedf
|
||||||
|
value to
|
||||||
|
.Cm set
|
||||||
|
value which sets the DF bit on IPv4 header and IP_DONTFRAG option on both IPv4
|
||||||
|
and IPv6 sockets.
|
||||||
|
Similar to other options, it can be set to
|
||||||
|
.Cm inherit
|
||||||
|
value.
|
||||||
|
.Ss Multicast
|
||||||
|
To create the
|
||||||
|
.Nm
|
||||||
|
interface with multicast underlay, one must use
|
||||||
|
.Xr ifconfig 8
|
||||||
|
.Cm genevegroup
|
||||||
|
instead of
|
||||||
|
.Cm geneveremote
|
||||||
|
and set it to a multicast address (e.g. ff08::db8:0:1, 239.0.0.1).
|
||||||
|
One can set the outbound multicast interface with
|
||||||
|
.Xr ifconfig 8
|
||||||
|
.Cm genevedev
|
||||||
|
to bound its multicast group to specific interface.
|
||||||
|
.Pp
|
||||||
|
The
|
||||||
|
.Cm ip_mroute
|
||||||
|
kernel module for IPv4 underlay and
|
||||||
|
.Cm ip6_mroute
|
||||||
|
for IPv6 underlay must be loaded for
|
||||||
|
.Xr multicast 4
|
||||||
|
to function.
|
||||||
|
.Sh HARDWARE
|
||||||
|
The
|
||||||
|
.Nm
|
||||||
|
driver supports hardware checksum offload (receive and transmit) and TSO on the
|
||||||
|
encapsulated traffic over physical interfaces that support these features.
|
||||||
|
The
|
||||||
|
.Nm
|
||||||
|
interface examines the
|
||||||
|
.Cm genevedev
|
||||||
|
interface, if one is specified, or the interface hosting the
|
||||||
|
.Cm genevelocal
|
||||||
|
address, and configures its capabilities based on the hardware offload
|
||||||
|
capabilities of that physical interface.
|
||||||
|
If multiple physical interfaces will transmit or receive traffic for the
|
||||||
|
.Nm
|
||||||
|
then they all must have the same hardware capabilities.
|
||||||
|
The transmit routine of a
|
||||||
|
.Nm
|
||||||
|
interface may fail with
|
||||||
|
.Er ENXIO
|
||||||
|
if an outbound physical interface does not support
|
||||||
|
an offload that the
|
||||||
|
.Nm
|
||||||
|
interface is requesting.
|
||||||
|
This can happen if there are multiple physical interfaces involved, with
|
||||||
|
different hardware capabilities, or an interface capability was disabled after
|
||||||
|
the
|
||||||
|
.Nm
|
||||||
|
interface had already started.
|
||||||
|
.Sh EXAMPLES
|
||||||
|
.Bd -literal
|
||||||
|
Host A (198.51.100.10)
|
||||||
|
+--------------------+
|
||||||
|
| VNI 100 10.1.1.0/24|
|
||||||
|
| VNI 200 10.2.2.0/24|
|
||||||
|
+---------+----------+
|
||||||
|
|
|
||||||
|
(198.51.100.0/24)
|
||||||
|
|
|
||||||
|
+---------------v---------------+
|
||||||
|
| Host B (203.0.113.1) |
|
||||||
|
| +------+-------+ |
|
||||||
|
| geneve0| |geneve1|
|
||||||
|
| +------v----+ +-----v-----+ |
|
||||||
|
| | bridge0 | | bridge1 | |
|
||||||
|
| | (VNI 100) | | (VNI 200) | |
|
||||||
|
| +------+----+ +----+------+ |
|
||||||
|
| | | |
|
||||||
|
+--------v-------------v--------+
|
||||||
|
epair0b| |epair1b
|
||||||
|
+------+----+ +----+------+
|
||||||
|
| Jail A | | Jail B |
|
||||||
|
| (10.1.1.x)| | (10.2.2.x)|
|
||||||
|
+-----------+ +-----------+
|
||||||
|
.Ed
|
||||||
|
Assume host A has the (external) IP address 198.51.100.10 and
|
||||||
|
two internal addresses of 10.1.1.1/24 and 10.2.2.1/24, while
|
||||||
|
host B has the external address of 203.0.113.10 and two jails
|
||||||
|
with their own separate
|
||||||
|
.Xr VNET 9 .
|
||||||
|
the following commands will configure the tunnel:
|
||||||
|
.Pp
|
||||||
|
On host A, create a l2
|
||||||
|
.Nm
|
||||||
|
interface in unicast mode:
|
||||||
|
.Bd -literal
|
||||||
|
ifconfig geneve0 create geneveid 100 genevelocal 198.51.100.10 geneveremote 203.0.113.1
|
||||||
|
ifconfig geneve1 create geneveid 200 genevelocal 198.51.100.10 geneveremote 203.0.113.1
|
||||||
|
.Ed
|
||||||
|
.Pp
|
||||||
|
On host B:
|
||||||
|
.Bd -literal
|
||||||
|
ifconfig geneve0 create geneveid 100 genevelocal 203.0.113.1 geneveremote 198.51.100.10
|
||||||
|
ifconfig geneve1 create geneveid 200 genevelocal 203.0.113.1 geneveremote 198.51.100.10
|
||||||
|
ifconfig bridge0 addm geneve0 addm epair0a
|
||||||
|
ifconfig bridge1 addm geneve1 addm epair1a
|
||||||
|
.Ed
|
||||||
|
.Pp
|
||||||
|
The example below demonstrate multicast configuration with IPv6:
|
||||||
|
.Bd -literal
|
||||||
|
----------- VNI 42 -----------
|
||||||
|
/ \\
|
||||||
|
2001:db8::1/64 --- Host A ------ Multicast ------- Host B --- 2001:db8::2/64
|
||||||
|
3fff::1 [em0] ff08::db8:1 [em0] 3fff::2
|
||||||
|
.Ed
|
||||||
|
.Pp
|
||||||
|
Create a
|
||||||
|
.Nm
|
||||||
|
interface in multicast mode,
|
||||||
|
with the
|
||||||
|
.Cm genevelocal
|
||||||
|
address of 3fff::1,
|
||||||
|
and the
|
||||||
|
.Cm genevegroup
|
||||||
|
address of ff08::db8:0:1.
|
||||||
|
The em0 interface will be used to transmit multicast packets.
|
||||||
|
On host A:
|
||||||
|
.Bd -literal
|
||||||
|
ifconfig geneve0 create geneveid 42 genevelocal 3fff::1 genevegroup ff08::db8:1 genevedev em0
|
||||||
|
.Ed
|
||||||
|
.Pp
|
||||||
|
On host B:
|
||||||
|
.Bd -literal
|
||||||
|
ifconfig geneve0 create geneveid 42 genevelocal 3fff::2 genevegroup ff08::db8:1 genevedev em0
|
||||||
|
.Ed
|
||||||
|
.Pp
|
||||||
|
Once created, the
|
||||||
|
.Nm
|
||||||
|
interface can be configured with
|
||||||
|
.Xr ifconfig 8 .
|
||||||
|
.Pp
|
||||||
|
The following when placed in the file
|
||||||
|
.Pa /etc/rc.conf
|
||||||
|
will cause a geneve interface called
|
||||||
|
.Dq Li geneve0
|
||||||
|
to be created, and will configure the interface in unicast mode.
|
||||||
|
.Bd -literal
|
||||||
|
cloned_interfaces="geneve0"
|
||||||
|
create_args_geneve0="geneveid 108 genevelocal 192.168.100.1 geneveremote 192.168.100.2"
|
||||||
|
.Ed
|
||||||
|
.Sh SEE ALSO
|
||||||
|
.Xr inet 4 ,
|
||||||
|
.Xr inet6 4 ,
|
||||||
|
.Xr multicast 4 ,
|
||||||
|
.Xr rtnetlink 4 ,
|
||||||
|
.Xr vlan 4 ,
|
||||||
|
.Xr rc.conf 5 ,
|
||||||
|
.Xr ifconfig 8 ,
|
||||||
|
.Xr sysctl 8
|
||||||
|
.Rs
|
||||||
|
.%A "J. Gross, Ed."
|
||||||
|
.%A "I. Gross, Ed."
|
||||||
|
.%A "T. Sridhar, Ed."
|
||||||
|
.%T "Geneve: Generic Network Virtualization Encapsulation"
|
||||||
|
.%D November 2020
|
||||||
|
.%O "RFC 8926"
|
||||||
|
.Re
|
||||||
|
.Sh AUTHORS
|
||||||
|
.An -nosplit
|
||||||
|
The
|
||||||
|
.Nm
|
||||||
|
driver was written by
|
||||||
|
.An Seyed Pouria Mousavizadeh Tehrani Aq info@spmzt.net
|
||||||
|
.Sh BUGS
|
||||||
|
Current geneve implementation with netlink can't set geneve options
|
||||||
|
other than genevemode during interface cloning in ifconfig without
|
||||||
|
specifying the interface index.
|
||||||
Reference in New Issue
Block a user