From: Vlad Yasevich <vyasevic@redhat.com>
To: Jamal Hadi Salim <jhs@mojatatu.com>, netdev@vger.kernel.org
Cc: john.r.fastabend@intel.com, shemminger@vyatta.com,
bridge@lists.linux-foundation.org, mst@redhat.com
Subject: Re: [PATCH RFC 0/7] Non-promisc bidge ports support
Date: Wed, 26 Feb 2014 22:37:55 -0500 [thread overview]
Message-ID: <530EB313.7090400@redhat.com> (raw)
In-Reply-To: <530E7FE1.5060705@mojatatu.com>
On 02/26/2014 06:59 PM, Jamal Hadi Salim wrote:
> On 02/26/14 10:18, Vlad Yasevich wrote:
>> This patch series is a complete re-design and re-implementation of
>> prior attempts to support non-promiscuous bridge ports.
>>
>> The basic design is as follows. The bridge keeps track of
>> all the ports that flood packets to unknown destinations. If
>> the flooding is disabled on the port, to get traffic to flow
>> through, user/management would need to add an fdb describing
>> such traffic. When such fdb is added, we save the address
>> to bridge private hardware address list.
>
> Entering the addresses in the uc list on other bridgeports seems
> reasonable for the scenario described.
> But would it _also_ need to be added to the fdb of the bridge?
> i.e how does the bridge (if the packet was to be handed to it)
> know where to forward?
The fdb described here is actually added to the bridge. In the case
when we are turning promiscuous mode off on a port, we program the
address from the fdb down to the port uc list as well. This allows
the bridge to continue receiving traffic destined for this address even
though the port is not in promiscuous mode.
> BTW: on the comment that flooding off implies learning off: I would like
> to be able to turn off flooding on a specific bridge port but
> still want to learn from it. I dont think those two are mutually
> exclusive.
No they are not, but it does lead to some very interesting traffic
hang-ups that I've experienced first hand. Everything works great
in the beginning. However, if you go idle for a long enough period
that the fdb times out, re-establishing the connection take a rather
long time due to unicast ARPs being dropped by the bridge. You end
up waiting until arp fails and switches to broadcast to restore the
connection. So, this mode isn't really recommended. Nothing currently
forbids it however.
-vlad
>
> cheers,
> jamal
next prev parent reply other threads:[~2014-02-27 3:37 UTC|newest]
Thread overview: 46+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-02-26 15:18 [PATCH RFC 0/7] Non-promisc bidge ports support Vlad Yasevich
2014-02-26 15:18 ` [PATCH 1/7] bridge: Turn flag change macro into a function Vlad Yasevich
2014-02-26 15:29 ` Michael S. Tsirkin
2014-02-26 15:36 ` Vlad Yasevich
2014-02-26 15:18 ` [PATCH 2/7] bridge: Keep track of ports capable of flooding Vlad Yasevich
2014-02-26 15:41 ` Michael S. Tsirkin
2014-02-26 15:41 ` Vlad Yasevich
2014-02-26 15:53 ` Michael S. Tsirkin
2014-02-27 11:59 ` Toshiaki Makita
2014-02-27 12:54 ` Vlad Yasevich
2014-02-26 15:18 ` [PATCH 3/7] bridge: Add addresses from static fdbs to bridge address list Vlad Yasevich
2014-02-26 15:46 ` Michael S. Tsirkin
2014-02-26 15:43 ` Vlad Yasevich
2014-02-26 16:23 ` Michael S. Tsirkin
2014-02-26 17:25 ` Vlad Yasevich
2014-02-26 17:33 ` Michael S. Tsirkin
2014-02-26 16:57 ` Stephen Hemminger
2014-02-26 17:35 ` Vlad Yasevich
2014-02-27 7:53 ` Michael S. Tsirkin
2014-02-27 13:08 ` Vlad Yasevich
2014-02-27 13:38 ` Michael S. Tsirkin
2014-02-26 15:18 ` [PATCH 4/7] bridge: Automatically manage port promiscuous mode Vlad Yasevich
2014-02-26 15:51 ` Michael S. Tsirkin
2014-02-26 16:02 ` Vlad Yasevich
2014-02-26 16:58 ` Stephen Hemminger
2014-02-26 17:32 ` Michael S. Tsirkin
2014-02-26 15:18 ` [PATCH 5/7] bridge: Correctly manage promiscuity when user requested it Vlad Yasevich
2014-02-26 15:18 ` [PATCH 6/7] bridge: Manage promisc mode when vlans are configured on top of a bridge Vlad Yasevich
2014-02-26 16:00 ` Michael S. Tsirkin
2014-02-26 16:05 ` Vlad Yasevich
2014-02-26 16:25 ` Michael S. Tsirkin
2014-02-27 12:06 ` Toshiaki Makita
2014-02-27 13:17 ` Vlad Yasevich
2014-02-28 19:34 ` Vlad Yasevich
2014-03-01 14:57 ` Toshiaki Makita
2014-03-03 12:12 ` Vlad Yasevich
2014-02-26 15:18 ` [PATCH 7/7] bridge: Support promisc management when all ports are non-flooding Vlad Yasevich
2014-02-26 15:57 ` Michael S. Tsirkin
2014-02-27 3:46 ` Vlad Yasevich
2014-02-27 7:29 ` Michael S. Tsirkin
2014-02-26 16:01 ` Michael S. Tsirkin
2014-02-26 16:34 ` [PATCH RFC 0/7] Non-promisc bidge ports support Michael S. Tsirkin
2014-02-26 23:59 ` Jamal Hadi Salim
2014-02-27 3:37 ` Vlad Yasevich [this message]
2014-02-27 8:54 ` [Bridge] " Amidu Sila
2014-02-27 7:20 ` Michael S. Tsirkin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=530EB313.7090400@redhat.com \
--to=vyasevic@redhat.com \
--cc=bridge@lists.linux-foundation.org \
--cc=jhs@mojatatu.com \
--cc=john.r.fastabend@intel.com \
--cc=mst@redhat.com \
--cc=netdev@vger.kernel.org \
--cc=shemminger@vyatta.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).