From: roopa <roopa@cumulusnetworks.com>
To: Scott Feldman <sfeldma@gmail.com>
Cc: "stephen@networkplumber.org" <stephen@networkplumber.org>,
"David S. Miller" <davem@davemloft.net>,
"Jamal Hadi Salim" <jhs@mojatatu.com>,
"Jiří Pírko" <jiri@resnulli.us>,
"Arad, Ronen" <ronen.arad@intel.com>,
"Thomas Graf" <tgraf@suug.ch>,
"john fastabend" <john.fastabend@gmail.com>,
"vyasevic@redhat.com" <vyasevic@redhat.com>,
Netdev <netdev@vger.kernel.org>,
"Wilson Kok" <wkok@cumulusnetworks.com>,
"Andy Gospodarek" <gospo@cumulusnetworks.com>
Subject: Re: [RFC PATCH net-next] bridge: ability to disable forwarding on a port
Date: Sun, 18 Jan 2015 12:55:33 -0800 [thread overview]
Message-ID: <54BC1DC5.1000401@cumulusnetworks.com> (raw)
In-Reply-To: <54BB7874.90201@cumulusnetworks.com>
On 1/18/15, 1:10 AM, roopa wrote:
> On 1/17/15, 5:05 PM, Scott Feldman wrote:
>> On Fri, Jan 16, 2015 at 11:32 PM, <roopa@cumulusnetworks.com> wrote:
>>> From: Roopa Prabhu <roopa@cumulusnetworks.com>
>>>
>>> On a Linux bridge with bridge forwarding offloaded to a switch ASIC,
>>> there is a need to not re-forward the frames that come up to the
>>> kernel in software.
>>>
>>> Typically these are broadcast or multicast packets forwarded by the
>>> hardware to multiple destination ports including sending a copy of
>>> the packet to the kernel (e.g. an arp broadcast).
>>> The bridge driver will try to forward the packet again, resulting in
>>> two copies of the same packet.
>>>
>>> These packets can also come up to the kernel for logging when they hit
>>> a LOG acl in hardware.
>>>
>>> This patch makes forwarding a flag on the port similar to
>>> learn and flood and drops the packet just before forwarding.
>>> (The forwarding disable on a bridge is tested to work on our boxes.
>>> The bridge port flag addition is only compile tested.
>>> This will need to be further refined to cover cases where a
>>> non-switch port
>>> is bridged to a switch port etc. We will submit more patches to cover
>>> all cases if we agree on this approach).
>> Good topic to bring up, thanks for proposing a patch. There is indeed
>> duplicate pkts sent out in the case where both the bridge and the
>> offloaded device are flooding these non-unicast pkts, such as ARP
>> requests. We do have per-port control today over unicast flooding
>> using BR_FLOOD (IFLA_BRPORT_UNICAST_FLOOD).
>>
>> As you point out, this doesn't solve the case for non-offloaded ports
>> bridged with switch ports. If this port setting is enabled on an
>> offloaded switch port, for example, the non-offloaded port can't get
>> an ARP request resolved, if the MAC is behind the offloaded switch
>> port. But do we care? Is there a use-case for this one, mixing
>> offloaded and non-offloaded ports in a bridge?
>
> Not sure. I don't know the use case, but I think I might have heard
> that there could be a case
> where a switch port could be bridged with a vm's port running on the
> switch. (?)
Ignoring the above usecase for a bit. And thinking through this again,
It appears that this check should
be only on the ingress port, no ?
If the ingress bridge port is an offloaded port, don't flood or forward
because hardware has already done it.
And this is best done with the offload feature flag on the bridge port.
But, If we bring in the usecase, where a bridge has offloaded and
non-offloaded ports mixed,
there should be an option to disable this check and to achieve that its
better for this to be a
flag on the port maintained by the bridge driver like the one proposed
by this patch (BR_FORWARD).
Thanks,
Roopa
next prev parent reply other threads:[~2015-01-18 20:55 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-01-17 7:32 [RFC PATCH net-next] bridge: ability to disable forwarding on a port roopa
2015-01-17 21:14 ` Arad, Ronen
2015-01-18 8:48 ` roopa
2015-01-18 1:05 ` Scott Feldman
2015-01-18 9:10 ` roopa
2015-01-18 20:55 ` roopa [this message]
2015-01-19 7:37 ` Scott Feldman
2015-01-20 6:20 ` roopa
2015-01-20 7:09 ` Samudrala, Sridhar
2015-01-20 13:59 ` roopa
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=54BC1DC5.1000401@cumulusnetworks.com \
--to=roopa@cumulusnetworks.com \
--cc=davem@davemloft.net \
--cc=gospo@cumulusnetworks.com \
--cc=jhs@mojatatu.com \
--cc=jiri@resnulli.us \
--cc=john.fastabend@gmail.com \
--cc=netdev@vger.kernel.org \
--cc=ronen.arad@intel.com \
--cc=sfeldma@gmail.com \
--cc=stephen@networkplumber.org \
--cc=tgraf@suug.ch \
--cc=vyasevic@redhat.com \
--cc=wkok@cumulusnetworks.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.