From: Ido Schimmel <idosch@idosch.org>
To: Florian Fainelli <f.fainelli@gmail.com>
Cc: Ido Schimmel <idosch@mellanox.com>,
"netdev@vger.kernel.org" <netdev@vger.kernel.org>,
"davem@davemloft.net" <davem@davemloft.net>,
"andrew@lunn.ch" <andrew@lunn.ch>, Jiri Pirko <jiri@mellanox.com>,
"vivien.didelot@gmail.com" <vivien.didelot@gmail.com>,
"nikolay@cumulusnetworks.com" <nikolay@cumulusnetworks.com>,
"roopa@cumulusnetworks.com" <roopa@cumulusnetworks.com>,
"bridge@lists.linux-foundation.org"
<bridge@lists.linux-foundation.org>,
"cphealy@gmail.com" <cphealy@gmail.com>
Subject: Re: [PATCH net-next] Documentation: networking: Clarify switchdev devices behavior
Date: Sat, 22 Dec 2018 22:29:12 +0200 [thread overview]
Message-ID: <20181222202912.GA20191@splinter> (raw)
In-Reply-To: <d8c02429-0cab-a798-f1c9-4b8d5cb2dd33@gmail.com>
On Tue, Dec 18, 2018 at 12:13:38PM -0800, Florian Fainelli wrote:
> On 12/17/18 11:01 PM, Ido Schimmel wrote:
> > On Sun, Dec 16, 2018 at 09:14:09AM -0800, Florian Fainelli wrote:
> >> Le 12/16/18 à 12:25 AM, Ido Schimmel a écrit :
> >>> On Wed, Dec 12, 2018 at 03:09:43PM -0800, Florian Fainelli wrote:
> >>>> +Non-bridged network ports of the same switch fabric must not be disturbed in any
> >>>> +way, shape or form by the enabling of VLAN filtering.
> >>>> +
> >>>> +VLAN devices configured on top of a switchdev network device (e.g: sw0p1.100)
> >>>> +which is a bridge port member must also observe the following behavior:
> >>>> +
> >>>> +- with VLAN filtering turned off, these VLAN devices must be fully functional
> >>>> + since the hardware is allowed VID frames
> >>>> +
> >>>> +- with VLAN filtering turned on, these VLAN devices are not going to be
> >>>> + functional unless the bridge's VLAN database is also configured to have that
> >>>> + VID enabled for the underlying network device/port
> >>>> + (e.g: bridge vlan add vid 100 dev sw0p1)
> >>>
> >>> mlxsw forbids the enslavement of VLAN devices to VLAN-aware bridges. It
> >>> doesn't really make sense to enable VLAN filtering when all the packets
> >>> are untagged.
> >>
> >> Did you mean VLAN-unaware here, otherwise that would contradict the
> >> statement that VLAN-aware bridges mean everything untagged, or am I
> >> incorrectly understanding things here?
> >
> > I meant VLAN-aware... In a VLAN-unaware bridge the VLAN is meaningless.
> > For example, there is no filtering based on VLAN at ingress/egress and
> > FDB entries are only searched based on MAC (VLAN is always 0). This is
> > in contrast to a VLAN-aware bridge.
> >
> > When you enslave VLAN netdevs to a bridge, the bridge sees untagged
> > packets. The VLAN tag is pulled from the packet in Rx path and then the
> > packet is injected to the bridge via the Rx handler configured on the
> > VLAN netdev. Therefore, there is point in enslaving these device to a
> > VLAN-aware bridge.
>
> I see what you describe and that is not quite what I was talking about,
> see below.
>
> >
> > Also, mlxsw only supports a single VLAN-aware bridge. You can however,
> > configure 1K VLAN-unaware bridges.
>
> OK, how do you enforce that in the driver? I was going to do something
> as basic as: loop around all ports that are not the one being changed by
> VLAN filtering attribute, if bridge device associated is non-NULL and
> br_vlan_enabled() returns true for that bridge and we want to turn off
> VLAN filtering, then this is not possible since that would break the
> other bridge devices we have which are VLAN filtering enabled.
See mlxsw_sp_bridge_device_create(). We basically keep a list of bridges
we care about. If one is already VLAN aware, then we fail the creation
of another bridge.
>
> >
> >>> But I disagree with the comment about the underlying port. When you
> >>> configured the VLAN device, it should have enabled the VLAN filters on
> >>> the real device via ndo_vlan_rx_add_vid().
> >>
> >> That is really why I submitted this patch, because right now I have a
> >> patch (yet to be submitted) which adds ndo_vlan_rx_{add,kill}_vid() and
> >> if the underlying device is enslaved into a bridge, I just do nothing
> >> and let the bridge control the VLAN membership, hence my comment and
> >> example here.
> >>
> >> What you are saying is that we should have these two cases:
> >>
> >> 1) VLAN devices on top of VLAN unaware bridge: allow the VLAN device and
> >> program VLAN filter on the underlying switch port to permit VLAN tagging
> >
> > When you say "on top" you mean enslaved to?
>
> I meant to write: a VLAN device created on (top of) a switch port, and
> this switch port being a bridge member. The VLAN device would not be
> added as a bridge member (did not really think about it).
>
> >
> >> 2) VLAN devices on top of a VLAN aware bridge: deny the VLAN device
> >> creation and let the bridge, which is VLAN aware manage the port VLAN
> >> membership
> >
> > mlxsw does not forbid the creation of the VLAN device. It only forbids
> > its enslavement to a VLAN-aware bridge.
>
> That's done in mlxsw_sp_netdevice_port_vlan_event() right?
Almost :) See mlxsw_sp_bridge_8021q_port_join()
next prev parent reply other threads:[~2018-12-22 20:29 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-12-12 23:09 [PATCH net-next] Documentation: networking: Clarify switchdev devices behavior Florian Fainelli
2018-12-13 9:26 ` Andrew Lunn
2018-12-15 19:35 ` David Miller
2018-12-16 8:25 ` Ido Schimmel
2018-12-16 17:14 ` Florian Fainelli
2018-12-18 7:01 ` Ido Schimmel
2018-12-18 20:13 ` Florian Fainelli
2018-12-22 20:29 ` Ido Schimmel [this message]
2018-12-17 3:36 ` Florian Fainelli
-- strict thread matches above, loose matches on Subject: below --
2020-07-22 22:52 Florian Fainelli
2020-07-23 2:25 ` Randy Dunlap
2020-07-23 22:11 ` Vladimir Oltean
2020-07-23 22:58 ` Florian Fainelli
2020-07-24 0:43 ` Vladimir Oltean
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20181222202912.GA20191@splinter \
--to=idosch@idosch.org \
--cc=andrew@lunn.ch \
--cc=bridge@lists.linux-foundation.org \
--cc=cphealy@gmail.com \
--cc=davem@davemloft.net \
--cc=f.fainelli@gmail.com \
--cc=idosch@mellanox.com \
--cc=jiri@mellanox.com \
--cc=netdev@vger.kernel.org \
--cc=nikolay@cumulusnetworks.com \
--cc=roopa@cumulusnetworks.com \
--cc=vivien.didelot@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).