From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.5 required=3.0 tests=DKIM_SIGNED,DKIM_VALID, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_PASS,USER_AGENT_MUTT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1378BC43381 for ; Sat, 16 Feb 2019 18:44:11 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id C91D421924 for ; Sat, 16 Feb 2019 18:44:10 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=messagingengine.com header.i=@messagingengine.com header.b="hm8rGUE2" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731830AbfBPSoJ (ORCPT ); Sat, 16 Feb 2019 13:44:09 -0500 Received: from out2-smtp.messagingengine.com ([66.111.4.26]:36711 "EHLO out2-smtp.messagingengine.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726035AbfBPSoJ (ORCPT ); Sat, 16 Feb 2019 13:44:09 -0500 Received: from compute3.internal (compute3.nyi.internal [10.202.2.43]) by mailout.nyi.internal (Postfix) with ESMTP id C686D213B9; Sat, 16 Feb 2019 13:44:07 -0500 (EST) Received: from mailfrontend2 ([10.202.2.163]) by compute3.internal (MEProxy); Sat, 16 Feb 2019 13:44:07 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm2; bh=2UhKDSDgUihWj8j1NXQFr2vkI+UzaIow+SmjMUTH3 2E=; b=hm8rGUE2HS7o6TZqdxT5EUTRWKm5CaD3fDK6PvQQfnnlbKsTIHkDPZbeo t+jsPpwAj1069cq+jkrvC+DvG560uQKk8Dx9eEZ77MWLbQ8UA4gzPaz4FNn5jtVS eJIv9D+wOJRlbEXvLeuvtFJD64OV4rDs+AXxim2rb5rO3AKbL7G4HVouT/rV7adz 4EEhV7TtiUoEEyokyoY1MIhYZ+J58jJhyssNKdUePo7zTFIc9uSTtH39sq60bhvn Cj6tMC/rvSb7+S1oT2pREQF4fdZcGTmeoD4xO3Cd64aj73qFgi5+uIXNj1qTKZHI wU1M/AvjgQHZmfffu1AgSYOq6trdQ== X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedtledruddtledguddulecutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfhuthenuceurghilhhouhhtmecu fedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmnecujfgurhepfffhvffukf hfgggtugfgjggfsehtkeertddtredunecuhfhrohhmpefkughoucfutghhihhmmhgvlhcu oehiughoshgthhesihguohhstghhrdhorhhgqeenucfkphepjeejrddufeekrddvgeelrd dvtdelnecurfgrrhgrmhepmhgrihhlfhhrohhmpehiughoshgthhesihguohhstghhrdho rhhgnecuvehluhhsthgvrhfuihiivgeptd X-ME-Proxy: Received: from localhost (unknown [77.138.249.209]) by mail.messagingengine.com (Postfix) with ESMTPA id 4CB5710314; Sat, 16 Feb 2019 13:44:05 -0500 (EST) Date: Sat, 16 Feb 2019 20:43:53 +0200 From: Ido Schimmel To: Nikolay Aleksandrov Cc: Linus =?iso-8859-1?Q?L=FCssing?= , netdev@vger.kernel.org, roopa@cumulusnetworks.com, wkok@cumulusnetworks.com, anuradhak@cumulusnetworks.com, bridge@lists.linux-foundation.org, davem@davemloft.net, stephen@networkplumber.org Subject: Re: [PATCH RFC] net: bridge: don't flood known multicast traffic when snooping is enabled Message-ID: <20190216184353.GA10888@splinter> References: <20190215130427.29824-1-nikolay@cumulusnetworks.com> <20190215171332.GA1472@otheros> <479a1acf-c7f3-4e6f-4246-e1583e98d356@cumulusnetworks.com> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <479a1acf-c7f3-4e6f-4246-e1583e98d356@cumulusnetworks.com> User-Agent: Mutt/1.10.1 (2018-07-13) Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org On Sat, Feb 16, 2019 at 10:05:40AM +0200, Nikolay Aleksandrov wrote: > On 15/02/2019 19:13, Linus Lüssing wrote: > > On Fri, Feb 15, 2019 at 03:04:27PM +0200, Nikolay Aleksandrov wrote: > >> Every user would expect to have traffic forwarded only to the configured > >> mdb destination when snooping is enabled, instead now to get that one > >> needs to enable both snooping and querier. Enabling querier on all > >> switches could be problematic and is not a good solution, > > > > There is no need to set the querier on all snooping switches. > > br_multicast_querier_exists() checks if a querier exists on the > > link in general, not if this particular host/bridge is a querier. > > > > We need a generic solution for the case of existing mdst and no querier. > More below. > > > > >> for example as summarized by our multicast experts: > >> "every switch would send an IGMP query > > > > What? RFC3810, section 7.1 says: > > > > "If it is the case, a querier election mechanism (described in > > section 7.6.2) is used to elect a single multicast router to be > > in Querier state. [...] Nevertheless, it is only the [elected] Querier > > that sends periodical or triggered query messages on the subnet." > > >> for any random multicast traffic it > >> received across the entire domain and it would send it forever as long as a > >> host exists wanting that stream even if it has no downstream/directly > >> connected receivers" > > > > This was taken out of context and it's my bad, I think everyone is aware > of the election process, please nevermind the above statement. > > [snip]> > > > > Have you done some tests with this change yet, Nikolay? > > > > You've raised good questions, IPv6 indeed needs more work - we'll have to flood > link-local packets etc. but I wanted to have a discussion about no querier/existing mdst. > To simplify we can modify the patch and have traffic forwarded to the proper ports when an > mdst exists and there is no querier for both unsolicited report and user-added entry. > We can keep the current behaviour for unknown traffic with and without querier. > This would align it closer to what other vendors currently do as well IIRC. > What do you think ? The no querier condition is not currently reflected via switchdev, so the behavior you're proposing in your patch is what actually happens in the data plane. We already hit the problem Linus mentioned in commit b00589af3b04 ("bridge: disable snooping if there is no querier"). Namely, IPv6 ND broke because a port joined before the bridge was created. I introduced a workaround in commit 9d45deb04c59 ("mlxsw: spectrum: Treat IPv6 unregistered multicast as broadcast"). I'm interested to know what other vendors are doing. Can you elaborate? We can trap IPv6 ND packets at L2 (we'll eventually need to do for ND suppression) and let the bridge take care of flooding them correctly. I'm not sure it's good enough.