From: Vlad Yasevich <vyasevic@redhat.com>
To: Stephen Hemminger <stephen@networkplumber.org>
Cc: netdev@vger.kernel.org, bridge@lists.linux-foundation.org,
mst@redhat.com
Subject: Re: [PATCH v2 net-next 0/6] Allow bridge to function in non-promisc mode
Date: Fri, 19 Apr 2013 17:48:02 -0400 [thread overview]
Message-ID: <5171BB92.2050003@redhat.com> (raw)
In-Reply-To: <20130419135800.221bea5a@nehalam.linuxnetplumber.net>
On 04/19/2013 04:58 PM, Stephen Hemminger wrote:
> On Fri, 19 Apr 2013 16:52:44 -0400
> Vlad Yasevich <vyasevic@redhat.com> wrote:
>
>> This series is an almost complete rework of the prior attempt
>> to make the bridge function in non-promisc mode. In this series
>> the "promiscuity" of an interface is dynamically determined and
>> the interface may transition from/to promiscuous mode based on
>> bridge configuration.
>>
>> The series keeps an idea of an "uplink" port. That is still user
>> designated.
>> The series also adds a concept of "dynamic" bridge port. This is
>> the default state of the port and means that the user has not
>> specified any static FDBs for that port.
>> Once a user has added a static FDB entry to port and also specified
>> an "uplink" flag for that FDB, the mac address from that FDB is
>> added to the bridge hw address list and synched down to uplinks.
>> "Uplinks" are always considered dynamic ports even if a static entry
>> has been added for them.
>> Promiscuity is determined by the number of dynamic ports. If there
>> are no dynamic ports (i.e all ports have static FDBs set), then we
>> know all the neighbors and can switch promisc off on all of the ports.
>> If we have only 1 dynamic port and its an uplink, we can synch all
>> static hw addresses to this port and mark it non-promisc.
>> If we have more then 1 dynamic port, then all ports have to be
>> promiscuouse.
>> This is the algorith that Michael Tsirkin proposed earlier.
>>
>
> It seems that this bridge with uplink port is just a flavor of macvlan.
> The only argument you made for not using macvlan is that user scripts
> are expecting bridge API for setup. Which sounds a lot like the original
> OVS fake-bridge which was dropped when merged upstream.
>
>
No, macvlans have limitations that are not trivial to solve. It isn't a
user script issue. I am not familiar with OVS fake-bridge, but from
what little I've found about it seems tied to handling for specific
vlans. I don't see how these two things are similar.
A bridge with just an Uplink defined and no other config, is still
just a bridge and doesn't do anything special at all.
Once a user adds a static FDB for say a VM that's connected to the
bridge, that's when the new code tries to do something. It will
add the mac of the VM to the bridge, synch it to the uplink and see
if it can turn off promisc on the uplink. If it can, great! We win
in that we now have to look at a lot less traffic. If not, then there
is no gain and no loss.
I can see how you could think that it is macvlan-like, but it's still
a bridge.
-vlad
next prev parent reply other threads:[~2013-04-19 21:48 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-04-19 20:52 [PATCH v2 net-next 0/6] Allow bridge to function in non-promisc mode Vlad Yasevich
2013-04-19 20:52 ` [PATCH v2 net-next 1/6] bridge: Allow an ability to designate an uplink port Vlad Yasevich
2013-04-19 20:52 ` [PATCH v2 net-next 2/6] bridge: make flags sysfs interface a little bit more extensible Vlad Yasevich
2013-04-19 20:54 ` Stephen Hemminger
2013-04-19 21:35 ` Vlad Yasevich
2013-04-19 20:55 ` Stephen Hemminger
2013-04-19 21:33 ` Vlad Yasevich
2013-04-19 20:52 ` [PATCH v2 net-next 3/6] bridge: Implement IFF_UNICAST_FLT Vlad Yasevich
2013-04-19 20:52 ` [PATCH v2 net-next 4/6] bridge: Allow user to program hw addresses to uplink devices Vlad Yasevich
2013-04-19 20:52 ` [PATCH v2 net-next 5/6] bridge: Automatically set promisc on uplink ports Vlad Yasevich
2013-04-19 20:52 ` [PATCH v2 net-next 6/6] bridge: Store bridge mac to uplinks Vlad Yasevich
2013-04-19 20:58 ` [PATCH v2 net-next 0/6] Allow bridge to function in non-promisc mode Stephen Hemminger
2013-04-19 21:48 ` Vlad Yasevich [this message]
2013-04-25 15:56 ` Stephen Hemminger
2013-04-25 16:45 ` Michael S. Tsirkin
2013-04-25 17:35 ` Stephen Hemminger
2013-04-25 21:13 ` Michael S. Tsirkin
2013-05-02 17:23 ` Stephen Hemminger
2013-05-02 17:41 ` Vlad Yasevich
2013-05-02 18:14 ` Stephen Hemminger
2013-05-02 18:37 ` Michael S. Tsirkin
2013-05-02 21:16 ` Stephen Hemminger
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5171BB92.2050003@redhat.com \
--to=vyasevic@redhat.com \
--cc=bridge@lists.linux-foundation.org \
--cc=mst@redhat.com \
--cc=netdev@vger.kernel.org \
--cc=stephen@networkplumber.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).