From: Roopa Prabhu <roopa@nvidia.com>
To: <davem@davemloft.net>, <kuba@kernel.org>
Cc: <netdev@vger.kernel.org>, <stephen@networkplumber.org>,
<nikolay@cumulusnetworks.com>, <idosch@nvidia.com>,
<dsahern@gmail.com>
Subject: [PATCH net-next 00/12] vxlan metadata device vnifiltering support
Date: Sun, 20 Feb 2022 14:03:53 +0000 [thread overview]
Message-ID: <20220220140405.1646839-1-roopa@nvidia.com> (raw)
This series adds vnifiltering support to vxlan collect metadata device.
Motivation:
You can only use a single vxlan collect metadata device for a given
vxlan udp port in the system today. The vxlan collect metadata device
terminates all received vxlan packets. As shown in the below diagram,
there are use-cases where you need to support multiple such vxlan devices in
independent bridge domains. Each vxlan device must terminate the vni's
it is configured for.
Example usecase: In a service provider network a service provider
typically supports multiple bridge domains with overlapping vlans.
One bridge domain per customer. Vlans in each bridge domain are
mapped to globally unique vxlan ranges assigned to each customer.
This series adds vnifiltering support to collect metadata devices to
terminate only configured vnis. This is similar to vlan filtering in
bridge driver. The vni filtering capability is provided by a new flag on
collect metadata device.
In the below pic:
- customer1 is mapped to br1 bridge domain
- customer2 is mapped to br2 bridge domain
- customer1 vlan 10-11 is mapped to vni 1001-1002
- customer2 vlan 10-11 is mapped to vni 2001-2002
- br1 and br2 are vlan filtering bridges
- vxlan1 and vxlan2 are collect metadata devices with
vnifiltering enabled
┌──────────────────────────────────────────────────────────────────┐
│ switch │
│ │
│ ┌───────────┐ ┌───────────┐ │
│ │ │ │ │ │
│ │ br1 │ │ br2 │ │
│ └┬─────────┬┘ └──┬───────┬┘ │
│ vlans│ │ vlans │ │ │
│ 10,11│ │ 10,11│ │ │
│ │ vlanvnimap: │ vlanvnimap: │
│ │ 10-1001,11-1002 │ 10-2001,11-2002 │
│ │ │ │ │ │
│ ┌──────┴┐ ┌──┴─────────┐ ┌───┴────┐ │ │
│ │ swp1 │ │vxlan1 │ │ swp2 │ ┌┴─────────────┐ │
│ │ │ │ vnifilter:│ │ │ │vxlan2 │ │
│ └───┬───┘ │ 1001,1002│ └───┬────┘ │ vnifilter: │ │
│ │ └────────────┘ │ │ 2001,2002 │ │
│ │ │ └──────────────┘ │
│ │ │ │
└───────┼──────────────────────────────────┼───────────────────────┘
│ │
│ │
┌─────┴───────┐ │
│ customer1 │ ┌─────┴──────┐
│ host/VM │ │customer2 │
└─────────────┘ │ host/VM │
└────────────┘
Benjamin Poirier (1):
selinux: add support for RTM_NEWTUNNEL, RTM_DELTUNNEL, and
RTM_GETTUNNEL
Nikolay Aleksandrov (2):
drivers: vxlan: vnifilter: per vni stats
drivers: vxlan: vnifilter: add support for stats dumping
Roopa Prabhu (9):
vxlan: move to its own directory
vxlan_core: move common declarations to private header file
vxlan_core: move some fdb helpers to non-static
vxlan_core: make multicast helper take rip and ifindex explicitly
vxlan_core: add helper vxlan_vni_in_use
rtnetlink: add new rtm tunnel api for tunnel id filtering
vxlan_multicast: Move multicast helpers to a separate file
vxlan: vni filtering support on collect metadata device
selftests: add new tests for vxlan vnifiltering
drivers/net/Makefile | 2 +-
drivers/net/vxlan/Makefile | 7 +
drivers/net/{vxlan.c => vxlan/vxlan_core.c} | 420 +++-----
drivers/net/vxlan/vxlan_multicast.c | 274 +++++
drivers/net/vxlan/vxlan_private.h | 178 ++++
drivers/net/vxlan/vxlan_vnifilter.c | 958 ++++++++++++++++++
include/net/vxlan.h | 54 +-
include/uapi/linux/if_link.h | 54 +
include/uapi/linux/rtnetlink.h | 9 +
security/selinux/nlmsgtab.c | 5 +-
.../selftests/net/test_vxlan_vnifiltering.sh | 581 +++++++++++
11 files changed, 2275 insertions(+), 267 deletions(-)
create mode 100644 drivers/net/vxlan/Makefile
rename drivers/net/{vxlan.c => vxlan/vxlan_core.c} (94%)
create mode 100644 drivers/net/vxlan/vxlan_multicast.c
create mode 100644 drivers/net/vxlan/vxlan_private.h
create mode 100644 drivers/net/vxlan/vxlan_vnifilter.c
create mode 100755 tools/testing/selftests/net/test_vxlan_vnifiltering.sh
--
2.25.1
next reply other threads:[~2022-02-20 14:05 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-02-20 14:03 Roopa Prabhu [this message]
2022-02-20 14:03 ` [PATCH net-next 01/12] vxlan: move to its own directory Roopa Prabhu
2022-02-20 14:03 ` [PATCH net-next 02/12] vxlan_core: move common declarations to private header file Roopa Prabhu
2022-02-20 14:03 ` [PATCH net-next 03/12] vxlan_core: move some fdb helpers to non-static Roopa Prabhu
2022-02-20 14:03 ` [PATCH net-next 04/12] vxlan_core: make multicast helper take rip and ifindex explicitly Roopa Prabhu
2022-02-20 14:03 ` [PATCH net-next 05/12] vxlan_core: add helper vxlan_vni_in_use Roopa Prabhu
2022-02-20 14:03 ` [PATCH net-next 06/12] rtnetlink: add new rtm tunnel api for tunnel id filtering Roopa Prabhu
2022-02-20 14:29 ` Roopa Prabhu
2022-02-20 14:04 ` [PATCH net-next 07/12] vxlan_multicast: Move multicast helpers to a separate file Roopa Prabhu
2022-02-20 14:04 ` [PATCH net-next 08/12] vxlan: vni filtering support on collect metadata device Roopa Prabhu
2022-02-20 22:24 ` kernel test robot
2022-02-20 14:04 ` [PATCH net-next 09/12] selftests: add new tests for vxlan vnifiltering Roopa Prabhu
2022-02-20 14:04 ` [PATCH net-next 10/12] selinux: add support for RTM_NEWTUNNEL, RTM_DELTUNNEL, and RTM_GETTUNNEL Roopa Prabhu
2022-02-21 1:47 ` Benjamin Poirier
2022-02-20 14:04 ` [PATCH net-next 11/12] drivers: vxlan: vnifilter: per vni stats Roopa Prabhu
2022-02-21 2:11 ` kernel test robot
2022-02-20 14:04 ` [PATCH net-next 12/12] drivers: vxlan: vnifilter: add support for stats dumping Roopa Prabhu
2022-02-20 14:12 ` Nikolay Aleksandrov
2022-02-20 14:27 ` Roopa Prabhu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220220140405.1646839-1-roopa@nvidia.com \
--to=roopa@nvidia.com \
--cc=davem@davemloft.net \
--cc=dsahern@gmail.com \
--cc=idosch@nvidia.com \
--cc=kuba@kernel.org \
--cc=netdev@vger.kernel.org \
--cc=nikolay@cumulusnetworks.com \
--cc=stephen@networkplumber.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).