Create Vxlan_kernel_routes.md

Bharath Veeranna · Bharath Veeranna · commit 0adfddc5ee16 · 2025-10-15T11:20:49.000-07:00
diff --git a/doc/vxlan/Vxlan_kernel_routes.md b/doc/vxlan/Vxlan_kernel_routes.md
@@ -0,0 +1,246 @@
+# Vxlan configs for CPU traffic
+# High Level Design Document
+### Rev 1.3
+
+# Table of Contents
+  * [List of Tables](#list-of-tables)
+
+  * [Revision](#revision)
+
+  * [Scope](#scope)
+
+  * [Definitions/Abbreviation](#definitionsabbreviation)
+
+  * [Overview](#overview)
+ 
+  * [Requirements Overview](#5-requirements-overview)
+
+  * [Architecture design](#6-architecture-design)
+
+  * [Cofiguration and management](#7-configuration-and-management)
+
+# 1 Revision
+| Rev |     Date    |       Author       | Change Description                |
+|:---:|:-----------:|:------------------:|-----------------------------------|
+| 0.1 |             |  Bharath Veeranna  | Initial version                   |
+
+
+# 2 Scope
+This documents specifically deals with kernel routes and interfaces that are required by the CPU to communicate to a VxLAN endpoint. This is for a specific use case where CPU generated packets (such as BGP, ping etc) shoud be encapped/decapped with VxLAN. Transit traffic (which are not destined to CPU) are not in the scope of this document. NPU config required for transit traffic are discussed in [VxLAN HLD](https://github.com/sonic-net/SONiC/blob/master/doc/vxlan/Vxlan_hld.md).
+
+# 3 Definitions/Abbreviation
+###### Table 1: Abbreviations
+|                          |                                |
+|--------------------------|--------------------------------|
+| VNI                      | Vxlan Network Identifier       |
+| VTEP                     | Vxlan Tunnel End Point         |
+| VNet                     | Virtual Network                |
+
+# 4 Overview
+This document provides information about kernel routes required for SONiC to encap/decap VxLAN traffic originated/destined to CPU. For scenarios where SONiC needs to communicate to an endpoint that is behind a VTEP, the kernel needs to be aware of the VTEP and have routes to encap/decap the packets before sending it over the wire. For example, if SONiC needs to establish BGP over VxLAN, the kernel should know the VTEP and overlay routes to send and receive the packet. If the kernel is unaware of the VTEP, it will treat it as unreachable and drop the packets in kernel. 
+
+Additionally, SONiC may need Loopback interfaces attached to the VNET which can be used as the overlay source for any communication to external VTEPs. 
+
+# 5 Requirements Overview
+## 5.1 Functional requirements
+This section describes the SONiC requirements for Vxlan kernel interface and routes required for the OS to handle VxLAN encap/decap for traffic originated/destined to CPU.
+ - SONiC should be able to encap/decap VxLAN traffic originated/destined to CPU
+ - Processes on CPU could leverage these routes to communicate to VxLAN endpoints (establish BGP, ping etc)
+
+## 5.2 Orchagent requirements
+
+### Vnet Route orchagent:
+ - Should be able to create kernel interface and routes for VxLAN endpoints
+ - Should be able to create Loopback interfaces and attach it to VNET.
+
+ 
+## 5.3 CLI requirements
+- User should be able to specify if vnet tunnel routes should be installed on kernel.
+- User should be able to bind the loopback interface to a VNET
+
+```
+  - config vnet add-route <vnet-name> <prefix> <endpoint> <vni> <mac_address> <install_on_kernel>
+  - config interface vnet bind <interface> <vnet>
+```
+
+# 6 Architecture Design
+
+## 6.1 Config DB
+Following new flag will be added to VNET_ROUTE_TUNNEL table to indicate if the flag has to installed on the kernel. By default the flag would be false.
+
+### 6.1.1 VXLAN ROUTE TUNNEL
+```
+VNET_ROUTE_TUNNEL_TABLE:{{vnet_name}}:{{prefix}} 
+    "endpoint": {{ip_address}} 
+    "mac_address":{{mac_address}} (OPTIONAL) 
+    "vni": {{vni}}(OPTIONAL) 
+    "install_on_kernel": "true" / "false" (OPTIONAL)
+```
+
+### 6.1.2 Loopback interfaces
+```
+LOOPBACK_INTERFACE_TABLE:{{loopback_name}} 
+    "vnet_name": {{vnet_name}}   (OPTIONAL)
+
+LOOPBACK_INTERFACE_TABLE:{{loopback_name}}:{{ip_address}}
+```
+
+### 6.1.3 ConfigDB Schemas
+```
+; Defines schema for VNet Route tunnel table attributes
+key                                   = VNET_ROUTE_TUNNEL_TABLE:vnet_name:prefix ; Vnet route tunnel table with prefix
+; field                               = value
+ENDPOINT                              = ipv4                          ; Host VM IP address
+MAC_ADDRESS                           = 12HEXDIG                      ; Inner dest mac in encapsulated packet (Optional)
+VNI                                   = DIGITS                        ; VNI value in encapsulated packet (Optional)
+INSTALL_ON_KERNEL                     = true/false                    ; Indicates if this route should be installed on kernel
+```
+
+```
+; Defines schema for Loopback interface table
+key                                   = LOOPBACK_INTERFACE_TABLE:loopback_name:prefix ; Loopback interface with prefix
+; field                               = value
+vnet_name                             = string                        ; vnet name
+```
+
+Please refer to the [schema](https://github.com/sonic-net/sonic-swss/blob/master/doc/swss-schema.md) document for details on value annotations. 
+
+
+### 6.2.1 APP DB Schemas
+
+```
+; Defines schema for VNet Route tunnel table attributes
+key                                   = VNET_ROUTE_TUNNEL_TABLE:vnet_name:prefix ; Vnet route tunnel table with prefix
+; field                               = value
+ENDPOINT                              = ipv4                          ; Host VM IP address
+MAC_ADDRESS                           = 12HEXDIG                      ; Inner dest mac in encapsulated packet (Optional)
+VNI                                   = DIGITS                        ; VNI value in encapsulated packet (Optional)
+INSTALL_ON_KERNEL                     = true/false                    ; Indicates if this route should be installed on kernel
+```
+
+## 6.3 Orchestration Agent
+Following orchagents shall be modified.
+
+ ### VnetOrch/VnetRouteOrch
+VnetRouteOrch is reponsible for programming VNET_ROUTE_TUNNEL_TABLE in SAI. When VnetRouteOrch programs the tunnel routes in NPU, it will also install the kernel routes if the `install_on_kernel` flag is set to true. 
+
+For the config below:
+
+```
+VXLAN_TUNNEL|{{tunnel_name}} 
+    "src_ip": {{ip_address}} 
+    "dst_ip": {{ip_address}} (OPTIONAL)
+
+VNET|{{vnet_name}} 
+    "vxlan_tunnel": {{tunnel_name}}
+    "vni": {{vni}} 
+    "src_mac": {{src_mac}}
+
+VNET_ROUTE_TUNNEL_TABLE:{{vnet_name}}:{{prefix}} 
+    "endpoint": {{endpoint_ip_address}} 
+    "mac_address":{{overlay_dmac_address}} (OPTIONAL) 
+    "vni": {{route_vni}}(OPTIONAL) 
+    "install_on_kernel": "true"
+```
+
+the following linux kernel interface and routes will be added:
+
+```
+sudo ip link add Vxlan{{route_vni}} address {{src_mac}} type vxlan id {{route_vni}} local {{tunnel_src_ip}} remote {{endpoint_ip_address}}
+sudo ip link set Vxlan_{{vnet_name}}_{{prefix}} vrf {{vnet_name}}
+sudo ip link set Vxlan_{{vnet_name}}_{{prefix}} up
+sudo ip route add {{prefix}} dev Vxlan_{{vnet_name}}_{{prefix}} vrf {{vnet_name}}
+sudo ip neigh add {{prefix}} lladdr {{overlay_dmac_address}} dev Vxlan_{{vnet_name}}_{{prefix}}
+```
+ 
+# 7 Configuration and management
+
+## 7.1 YANG model
+Yang model for vnet and loopback will be changed to include the new fields. In [sonic-vnet.yang](https://github.com/sonic-net/sonic-buildimage/blob/master/src/sonic-yang-models/yang-models/sonic-vnet.yang), VNET_ROUTE_TUNNEL will include `install_on_kernel` flag:
+
+```
+        container VNET_ROUTE_TUNNEL {
+
+            description "ConfigDB VNET_ROUTE_TUNNEL table";
+            
+            list VNET_ROUTE_TUNNEL_LIST {
+                key "vnet_name prefix";
+
+                leaf vnet_name {
+                    description "VNET name";
+                    type leafref {
+                        path "/svnet:sonic-vnet/svnet:VNET/svnet:VNET_LIST/svnet:name";
+                    }
+                }
+                
+                leaf prefix {
+                    description "IPv4 prefix in CIDR format";
+                    type stypes:sonic-ip4-prefix;
+                }
+                
+                leaf endpoint {
+                    description "Endpoint/nexthop tunnel IP";
+                    type inet:ipv4-address;
+                    mandatory true;
+                }
+
+                leaf mac_address {
+                    description "Inner dest mac in encapsulated packet";
+                    type yang:mac-address;
+                }
+
+                leaf vni {
+                    description "A valid and active vni value in encapsulated packet";
+                    type stypes:vnid_type;
+                }
+
+                leaf install_on_kernel {
+                    description "Flag to install this route on kernel.";
+                    type  boolean;
+                }
+            }
+            /* end of list VNET_ROUTE_TUNNEL_LIST */
+        }
+```
+
+The yang model for loopback interface [sonic-loopback-interface.yang](https://github.com/sonic-net/sonic-buildimage/blob/master/src/sonic-yang-models/yang-models/sonic-loopback-interface.yang) will include vnet_name field:
+
+```
+            list LOOPBACK_INTERFACE_LIST {
+                key "name";
+
+                leaf name{
+                    type stypes:interface_name;
+                }
+
+                leaf vrf_name {
+                    type leafref {
+                        path "/vrf:sonic-vrf/vrf:VRF/vrf:VRF_LIST/vrf:name";
+                    }
+                }
+
+                leaf vnet_name {
+                    type leafref {
+                        path "/svnet:sonic-vnet/svnet:VNET/svnet:VNET_LIST/svnet:name";
+                    }
+                }
+
+                leaf nat_zone {
+                    description "NAT Zone for the loopback interface";
+                    type uint8 {
+                        range "0..3" {
+                            error-message "Invalid nat zone for the loopback interface.";
+                            error-app-tag nat-zone-invalid;
+                        }
+                    }
+                    default "0";
+                }
+
+                leaf admin_status {
+                    type stypes:admin_status;
+                    default up;
+                }
+            }
+```
+
+
