2019-07-05 11:57:18 +02:00
|
|
|
.. SPDX-License-Identifier: GPL-2.0
|
|
|
|
|
|
|
|
|
|
=======================================
|
|
|
|
|
DSA switch configuration from userspace
|
|
|
|
|
=======================================
|
|
|
|
|
|
|
|
|
|
The DSA switch configuration is not integrated into the main userspace
|
2023-01-29 15:10:48 -08:00
|
|
|
network configuration suites by now and has to be performed manually.
|
2019-07-05 11:57:18 +02:00
|
|
|
|
|
|
|
|
.. _dsa-config-showcases:
|
|
|
|
|
|
|
|
|
|
Configuration showcases
|
|
|
|
|
-----------------------
|
|
|
|
|
|
|
|
|
|
To configure a DSA switch a couple of commands need to be executed. In this
|
|
|
|
|
documentation some common configuration scenarios are handled as showcases:
|
|
|
|
|
|
|
|
|
|
*single port*
|
|
|
|
|
Every switch port acts as a different configurable Ethernet port
|
|
|
|
|
|
|
|
|
|
*bridge*
|
|
|
|
|
Every switch port is part of one configurable Ethernet bridge
|
|
|
|
|
|
|
|
|
|
*gateway*
|
|
|
|
|
Every switch port except one upstream port is part of a configurable
|
|
|
|
|
Ethernet bridge.
|
|
|
|
|
The upstream port acts as different configurable Ethernet port.
|
|
|
|
|
|
|
|
|
|
All configurations are performed with tools from iproute2, which is available
|
|
|
|
|
at https://www.kernel.org/pub/linux/utils/net/iproute2/
|
|
|
|
|
|
|
|
|
|
Through DSA every port of a switch is handled like a normal linux Ethernet
|
|
|
|
|
interface. The CPU port is the switch port connected to an Ethernet MAC chip.
|
2023-10-23 11:17:28 -07:00
|
|
|
The corresponding linux Ethernet interface is called the conduit interface.
|
|
|
|
|
All other corresponding linux interfaces are called user interfaces.
|
2019-07-05 11:57:18 +02:00
|
|
|
|
2023-10-23 11:17:28 -07:00
|
|
|
The user interfaces depend on the conduit interface being up in order for them
|
|
|
|
|
to send or receive traffic. Prior to kernel v5.12, the state of the conduit
|
2021-03-17 19:44:58 +02:00
|
|
|
interface had to be managed explicitly by the user. Starting with kernel v5.12,
|
|
|
|
|
the behavior is as follows:
|
|
|
|
|
|
2023-10-23 11:17:28 -07:00
|
|
|
- when a DSA user interface is brought up, the conduit interface is
|
2021-03-17 19:44:58 +02:00
|
|
|
automatically brought up.
|
2023-10-23 11:17:28 -07:00
|
|
|
- when the conduit interface is brought down, all DSA user interfaces are
|
2021-03-17 19:44:58 +02:00
|
|
|
automatically brought down.
|
2019-07-05 11:57:18 +02:00
|
|
|
|
|
|
|
|
In this documentation the following Ethernet interfaces are used:
|
|
|
|
|
|
|
|
|
|
*eth0*
|
2023-10-23 11:17:28 -07:00
|
|
|
the conduit interface
|
2019-07-05 11:57:18 +02:00
|
|
|
|
2022-09-11 04:07:05 +03:00
|
|
|
*eth1*
|
2023-10-23 11:17:28 -07:00
|
|
|
another conduit interface
|
2022-09-11 04:07:05 +03:00
|
|
|
|
2019-07-05 11:57:18 +02:00
|
|
|
*lan1*
|
2023-10-23 11:17:28 -07:00
|
|
|
a user interface
|
2019-07-05 11:57:18 +02:00
|
|
|
|
|
|
|
|
*lan2*
|
2023-10-23 11:17:28 -07:00
|
|
|
another user interface
|
2019-07-05 11:57:18 +02:00
|
|
|
|
|
|
|
|
*lan3*
|
2023-10-23 11:17:28 -07:00
|
|
|
a third user interface
|
2019-07-05 11:57:18 +02:00
|
|
|
|
|
|
|
|
*wan*
|
2023-10-23 11:17:28 -07:00
|
|
|
A user interface dedicated for upstream traffic
|
2019-07-05 11:57:18 +02:00
|
|
|
|
|
|
|
|
Further Ethernet interfaces can be configured similar.
|
|
|
|
|
The configured IPs and networks are:
|
|
|
|
|
|
|
|
|
|
*single port*
|
|
|
|
|
* lan1: 192.0.2.1/30 (192.0.2.0 - 192.0.2.3)
|
|
|
|
|
* lan2: 192.0.2.5/30 (192.0.2.4 - 192.0.2.7)
|
|
|
|
|
* lan3: 192.0.2.9/30 (192.0.2.8 - 192.0.2.11)
|
|
|
|
|
|
|
|
|
|
*bridge*
|
|
|
|
|
* br0: 192.0.2.129/25 (192.0.2.128 - 192.0.2.255)
|
|
|
|
|
|
|
|
|
|
*gateway*
|
|
|
|
|
* br0: 192.0.2.129/25 (192.0.2.128 - 192.0.2.255)
|
|
|
|
|
* wan: 192.0.2.1/30 (192.0.2.0 - 192.0.2.3)
|
|
|
|
|
|
|
|
|
|
.. _dsa-tagged-configuration:
|
|
|
|
|
|
|
|
|
|
Configuration with tagging support
|
|
|
|
|
----------------------------------
|
|
|
|
|
|
|
|
|
|
The tagging based configuration is desired and supported by the majority of
|
|
|
|
|
DSA switches. These switches are capable to tag incoming and outgoing traffic
|
|
|
|
|
without using a VLAN based configuration.
|
|
|
|
|
|
2021-03-17 19:44:57 +02:00
|
|
|
*single port*
|
|
|
|
|
.. code-block:: sh
|
2019-07-05 11:57:18 +02:00
|
|
|
|
2021-03-17 19:44:57 +02:00
|
|
|
# configure each interface
|
|
|
|
|
ip addr add 192.0.2.1/30 dev lan1
|
|
|
|
|
ip addr add 192.0.2.5/30 dev lan2
|
|
|
|
|
ip addr add 192.0.2.9/30 dev lan3
|
2019-07-05 11:57:18 +02:00
|
|
|
|
2023-10-23 11:17:28 -07:00
|
|
|
# For kernels earlier than v5.12, the conduit interface needs to be
|
|
|
|
|
# brought up manually before the user ports.
|
2021-03-17 19:44:57 +02:00
|
|
|
ip link set eth0 up
|
2019-07-05 11:57:18 +02:00
|
|
|
|
2023-10-23 11:17:28 -07:00
|
|
|
# bring up the user interfaces
|
2021-03-17 19:44:57 +02:00
|
|
|
ip link set lan1 up
|
|
|
|
|
ip link set lan2 up
|
|
|
|
|
ip link set lan3 up
|
2019-07-05 11:57:18 +02:00
|
|
|
|
2021-03-17 19:44:57 +02:00
|
|
|
*bridge*
|
|
|
|
|
.. code-block:: sh
|
2019-07-05 11:57:18 +02:00
|
|
|
|
2023-10-23 11:17:28 -07:00
|
|
|
# For kernels earlier than v5.12, the conduit interface needs to be
|
|
|
|
|
# brought up manually before the user ports.
|
2021-03-17 19:44:57 +02:00
|
|
|
ip link set eth0 up
|
2019-07-05 11:57:18 +02:00
|
|
|
|
2023-10-23 11:17:28 -07:00
|
|
|
# bring up the user interfaces
|
2021-03-17 19:44:57 +02:00
|
|
|
ip link set lan1 up
|
|
|
|
|
ip link set lan2 up
|
|
|
|
|
ip link set lan3 up
|
2019-07-05 11:57:18 +02:00
|
|
|
|
2021-03-17 19:44:57 +02:00
|
|
|
# create bridge
|
|
|
|
|
ip link add name br0 type bridge
|
2019-07-05 11:57:18 +02:00
|
|
|
|
2021-03-17 19:44:57 +02:00
|
|
|
# add ports to bridge
|
|
|
|
|
ip link set dev lan1 master br0
|
|
|
|
|
ip link set dev lan2 master br0
|
|
|
|
|
ip link set dev lan3 master br0
|
2019-07-05 11:57:18 +02:00
|
|
|
|
2021-03-17 19:44:57 +02:00
|
|
|
# configure the bridge
|
|
|
|
|
ip addr add 192.0.2.129/25 dev br0
|
2019-07-05 11:57:18 +02:00
|
|
|
|
2021-03-17 19:44:57 +02:00
|
|
|
# bring up the bridge
|
|
|
|
|
ip link set dev br0 up
|
2019-07-05 11:57:18 +02:00
|
|
|
|
2021-03-17 19:44:57 +02:00
|
|
|
*gateway*
|
|
|
|
|
.. code-block:: sh
|
2019-07-05 11:57:18 +02:00
|
|
|
|
2023-10-23 11:17:28 -07:00
|
|
|
# For kernels earlier than v5.12, the conduit interface needs to be
|
|
|
|
|
# brought up manually before the user ports.
|
2021-03-17 19:44:57 +02:00
|
|
|
ip link set eth0 up
|
2019-07-05 11:57:18 +02:00
|
|
|
|
2023-10-23 11:17:28 -07:00
|
|
|
# bring up the user interfaces
|
2021-03-17 19:44:57 +02:00
|
|
|
ip link set wan up
|
|
|
|
|
ip link set lan1 up
|
|
|
|
|
ip link set lan2 up
|
2019-07-05 11:57:18 +02:00
|
|
|
|
2021-03-17 19:44:57 +02:00
|
|
|
# configure the upstream port
|
|
|
|
|
ip addr add 192.0.2.1/30 dev wan
|
2019-07-05 11:57:18 +02:00
|
|
|
|
2021-03-17 19:44:57 +02:00
|
|
|
# create bridge
|
|
|
|
|
ip link add name br0 type bridge
|
2019-07-05 11:57:18 +02:00
|
|
|
|
2021-03-17 19:44:57 +02:00
|
|
|
# add ports to bridge
|
|
|
|
|
ip link set dev lan1 master br0
|
|
|
|
|
ip link set dev lan2 master br0
|
2019-07-05 11:57:18 +02:00
|
|
|
|
2021-03-17 19:44:57 +02:00
|
|
|
# configure the bridge
|
|
|
|
|
ip addr add 192.0.2.129/25 dev br0
|
2019-07-05 11:57:18 +02:00
|
|
|
|
2021-03-17 19:44:57 +02:00
|
|
|
# bring up the bridge
|
|
|
|
|
ip link set dev br0 up
|
2019-07-05 11:57:18 +02:00
|
|
|
|
|
|
|
|
.. _dsa-vlan-configuration:
|
|
|
|
|
|
|
|
|
|
Configuration without tagging support
|
|
|
|
|
-------------------------------------
|
|
|
|
|
|
|
|
|
|
A minority of switches are not capable to use a taging protocol
|
|
|
|
|
(DSA_TAG_PROTO_NONE). These switches can be configured by a VLAN based
|
|
|
|
|
configuration.
|
|
|
|
|
|
2021-03-17 19:44:57 +02:00
|
|
|
*single port*
|
|
|
|
|
The configuration can only be set up via VLAN tagging and bridge setup.
|
2019-07-05 11:57:18 +02:00
|
|
|
|
2021-03-17 19:44:57 +02:00
|
|
|
.. code-block:: sh
|
2019-07-05 11:57:18 +02:00
|
|
|
|
2021-03-17 19:44:57 +02:00
|
|
|
# tag traffic on CPU port
|
|
|
|
|
ip link add link eth0 name eth0.1 type vlan id 1
|
|
|
|
|
ip link add link eth0 name eth0.2 type vlan id 2
|
|
|
|
|
ip link add link eth0 name eth0.3 type vlan id 3
|
2019-07-05 11:57:18 +02:00
|
|
|
|
2023-10-23 11:17:28 -07:00
|
|
|
# For kernels earlier than v5.12, the conduit interface needs to be
|
|
|
|
|
# brought up manually before the user ports.
|
2021-03-17 19:44:57 +02:00
|
|
|
ip link set eth0 up
|
|
|
|
|
ip link set eth0.1 up
|
|
|
|
|
ip link set eth0.2 up
|
|
|
|
|
ip link set eth0.3 up
|
2019-07-05 11:57:18 +02:00
|
|
|
|
2023-10-23 11:17:28 -07:00
|
|
|
# bring up the user interfaces
|
2021-03-17 19:44:57 +02:00
|
|
|
ip link set lan1 up
|
|
|
|
|
ip link set lan2 up
|
|
|
|
|
ip link set lan3 up
|
2019-07-05 11:57:18 +02:00
|
|
|
|
2021-03-17 19:44:57 +02:00
|
|
|
# create bridge
|
|
|
|
|
ip link add name br0 type bridge
|
2019-07-05 11:57:18 +02:00
|
|
|
|
2021-03-17 19:44:57 +02:00
|
|
|
# activate VLAN filtering
|
|
|
|
|
ip link set dev br0 type bridge vlan_filtering 1
|
2019-07-05 11:57:18 +02:00
|
|
|
|
2021-03-17 19:44:57 +02:00
|
|
|
# add ports to bridges
|
|
|
|
|
ip link set dev lan1 master br0
|
|
|
|
|
ip link set dev lan2 master br0
|
|
|
|
|
ip link set dev lan3 master br0
|
2019-07-05 11:57:18 +02:00
|
|
|
|
2021-03-17 19:44:57 +02:00
|
|
|
# tag traffic on ports
|
|
|
|
|
bridge vlan add dev lan1 vid 1 pvid untagged
|
|
|
|
|
bridge vlan add dev lan2 vid 2 pvid untagged
|
|
|
|
|
bridge vlan add dev lan3 vid 3 pvid untagged
|
2019-07-05 11:57:18 +02:00
|
|
|
|
2021-03-17 19:44:57 +02:00
|
|
|
# configure the VLANs
|
|
|
|
|
ip addr add 192.0.2.1/30 dev eth0.1
|
|
|
|
|
ip addr add 192.0.2.5/30 dev eth0.2
|
|
|
|
|
ip addr add 192.0.2.9/30 dev eth0.3
|
2019-07-05 11:57:18 +02:00
|
|
|
|
2021-03-17 19:44:57 +02:00
|
|
|
# bring up the bridge devices
|
|
|
|
|
ip link set br0 up
|
2019-07-05 11:57:18 +02:00
|
|
|
|
|
|
|
|
|
2021-03-17 19:44:57 +02:00
|
|
|
*bridge*
|
|
|
|
|
.. code-block:: sh
|
2019-07-05 11:57:18 +02:00
|
|
|
|
2021-03-17 19:44:57 +02:00
|
|
|
# tag traffic on CPU port
|
|
|
|
|
ip link add link eth0 name eth0.1 type vlan id 1
|
2019-07-05 11:57:18 +02:00
|
|
|
|
2023-10-23 11:17:28 -07:00
|
|
|
# For kernels earlier than v5.12, the conduit interface needs to be
|
|
|
|
|
# brought up manually before the user ports.
|
2021-03-17 19:44:57 +02:00
|
|
|
ip link set eth0 up
|
|
|
|
|
ip link set eth0.1 up
|
2019-07-05 11:57:18 +02:00
|
|
|
|
2023-10-23 11:17:28 -07:00
|
|
|
# bring up the user interfaces
|
2021-03-17 19:44:57 +02:00
|
|
|
ip link set lan1 up
|
|
|
|
|
ip link set lan2 up
|
|
|
|
|
ip link set lan3 up
|
2019-07-05 11:57:18 +02:00
|
|
|
|
2021-03-17 19:44:57 +02:00
|
|
|
# create bridge
|
|
|
|
|
ip link add name br0 type bridge
|
2019-07-05 11:57:18 +02:00
|
|
|
|
2021-03-17 19:44:57 +02:00
|
|
|
# activate VLAN filtering
|
|
|
|
|
ip link set dev br0 type bridge vlan_filtering 1
|
2019-07-05 11:57:18 +02:00
|
|
|
|
2021-03-17 19:44:57 +02:00
|
|
|
# add ports to bridge
|
|
|
|
|
ip link set dev lan1 master br0
|
|
|
|
|
ip link set dev lan2 master br0
|
|
|
|
|
ip link set dev lan3 master br0
|
|
|
|
|
ip link set eth0.1 master br0
|
2019-07-05 11:57:18 +02:00
|
|
|
|
2021-03-17 19:44:57 +02:00
|
|
|
# tag traffic on ports
|
|
|
|
|
bridge vlan add dev lan1 vid 1 pvid untagged
|
|
|
|
|
bridge vlan add dev lan2 vid 1 pvid untagged
|
|
|
|
|
bridge vlan add dev lan3 vid 1 pvid untagged
|
2019-07-05 11:57:18 +02:00
|
|
|
|
2021-03-17 19:44:57 +02:00
|
|
|
# configure the bridge
|
|
|
|
|
ip addr add 192.0.2.129/25 dev br0
|
2019-07-05 11:57:18 +02:00
|
|
|
|
2021-03-17 19:44:57 +02:00
|
|
|
# bring up the bridge
|
|
|
|
|
ip link set dev br0 up
|
2019-07-05 11:57:18 +02:00
|
|
|
|
2021-03-17 19:44:57 +02:00
|
|
|
*gateway*
|
|
|
|
|
.. code-block:: sh
|
2019-07-05 11:57:18 +02:00
|
|
|
|
2021-03-17 19:44:57 +02:00
|
|
|
# tag traffic on CPU port
|
|
|
|
|
ip link add link eth0 name eth0.1 type vlan id 1
|
|
|
|
|
ip link add link eth0 name eth0.2 type vlan id 2
|
2019-07-05 11:57:18 +02:00
|
|
|
|
2023-10-23 11:17:28 -07:00
|
|
|
# For kernels earlier than v5.12, the conduit interface needs to be
|
|
|
|
|
# brought up manually before the user ports.
|
2021-03-17 19:44:57 +02:00
|
|
|
ip link set eth0 up
|
|
|
|
|
ip link set eth0.1 up
|
|
|
|
|
ip link set eth0.2 up
|
2019-07-05 11:57:18 +02:00
|
|
|
|
2023-10-23 11:17:28 -07:00
|
|
|
# bring up the user interfaces
|
2021-03-17 19:44:57 +02:00
|
|
|
ip link set wan up
|
|
|
|
|
ip link set lan1 up
|
|
|
|
|
ip link set lan2 up
|
2019-07-05 11:57:18 +02:00
|
|
|
|
2021-03-17 19:44:57 +02:00
|
|
|
# create bridge
|
|
|
|
|
ip link add name br0 type bridge
|
2019-07-05 11:57:18 +02:00
|
|
|
|
2021-03-17 19:44:57 +02:00
|
|
|
# activate VLAN filtering
|
|
|
|
|
ip link set dev br0 type bridge vlan_filtering 1
|
2019-07-05 11:57:18 +02:00
|
|
|
|
2021-03-17 19:44:57 +02:00
|
|
|
# add ports to bridges
|
|
|
|
|
ip link set dev wan master br0
|
|
|
|
|
ip link set eth0.1 master br0
|
|
|
|
|
ip link set dev lan1 master br0
|
|
|
|
|
ip link set dev lan2 master br0
|
2019-07-05 11:57:18 +02:00
|
|
|
|
2021-03-17 19:44:57 +02:00
|
|
|
# tag traffic on ports
|
|
|
|
|
bridge vlan add dev lan1 vid 1 pvid untagged
|
|
|
|
|
bridge vlan add dev lan2 vid 1 pvid untagged
|
|
|
|
|
bridge vlan add dev wan vid 2 pvid untagged
|
2019-07-05 11:57:18 +02:00
|
|
|
|
2021-03-17 19:44:57 +02:00
|
|
|
# configure the VLANs
|
|
|
|
|
ip addr add 192.0.2.1/30 dev eth0.2
|
|
|
|
|
ip addr add 192.0.2.129/25 dev br0
|
2019-07-05 11:57:18 +02:00
|
|
|
|
2021-03-17 19:44:57 +02:00
|
|
|
# bring up the bridge devices
|
|
|
|
|
ip link set br0 up
|
net: dsa: delete dsa_legacy_fdb_add and dsa_legacy_fdb_del
We want to add reference counting for FDB entries in cross-chip
topologies, and in order for that to have any chance of working and not
be unbalanced (leading to entries which are never deleted), we need to
ensure that higher layers are sane, because if they aren't, it's garbage
in, garbage out.
For example, if we add a bridge FDB entry twice, the bridge properly
errors out:
$ bridge fdb add dev swp0 00:01:02:03:04:07 master static
$ bridge fdb add dev swp0 00:01:02:03:04:07 master static
RTNETLINK answers: File exists
However, the same thing cannot be said about the bridge bypass
operations:
$ bridge fdb add dev swp0 00:01:02:03:04:07
$ bridge fdb add dev swp0 00:01:02:03:04:07
$ bridge fdb add dev swp0 00:01:02:03:04:07
$ bridge fdb add dev swp0 00:01:02:03:04:07
$ echo $?
0
But one 'bridge fdb del' is enough to remove the entry, no matter how
many times it was added.
The bridge bypass operations are impossible to maintain in these
circumstances and lack of support for reference counting the cross-chip
notifiers is holding us back from making further progress, so just drop
support for them. The only way left for users to install static bridge
FDB entries is the proper one, using the "master static" flags.
With this change, rtnl_fdb_add() falls back to calling
ndo_dflt_fdb_add() which uses the duplicate-exclusive variant of
dev_uc_add(): dev_uc_add_excl(). Because DSA does not (yet) declare
IFF_UNICAST_FLT, this results in us going to promiscuous mode:
$ bridge fdb add dev swp0 00:01:02:03:04:05
[ 28.206743] device swp0 entered promiscuous mode
$ bridge fdb add dev swp0 00:01:02:03:04:05
RTNETLINK answers: File exists
So even if it does not completely fail, there is at least some indication
that it is behaving differently from before, and closer to user space
expectations, I would argue (the lack of a "local|static" specifier
defaults to "local", or "host-only", so dev_uc_add() is a reasonable
default implementation). If the generic implementation of .ndo_fdb_add
provided by Vlad Yasevich is a proof of anything, it only proves that
the implementation provided by DSA was always wrong, by not looking at
"ndm->ndm_state & NUD_NOARP" (the "static" flag which means that the FDB
entry points outwards) and "ndm->ndm_state & NUD_PERMANENT" (the "local"
flag which means that the FDB entry points towards the host). It all
used to mean the same thing to DSA.
Update the documentation so that the users are not confused about what's
going on.
Signed-off-by: Vladimir Oltean <vladimir.oltean@nxp.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2021-06-29 17:06:47 +03:00
|
|
|
|
|
|
|
|
Forwarding database (FDB) management
|
|
|
|
|
------------------------------------
|
|
|
|
|
|
|
|
|
|
The existing DSA switches do not have the necessary hardware support to keep
|
|
|
|
|
the software FDB of the bridge in sync with the hardware tables, so the two
|
|
|
|
|
tables are managed separately (``bridge fdb show`` queries both, and depending
|
|
|
|
|
on whether the ``self`` or ``master`` flags are being used, a ``bridge fdb
|
|
|
|
|
add`` or ``bridge fdb del`` command acts upon entries from one or both tables).
|
|
|
|
|
|
|
|
|
|
Up until kernel v4.14, DSA only supported user space management of bridge FDB
|
|
|
|
|
entries using the bridge bypass operations (which do not update the software
|
|
|
|
|
FDB, just the hardware one) using the ``self`` flag (which is optional and can
|
|
|
|
|
be omitted).
|
|
|
|
|
|
|
|
|
|
.. code-block:: sh
|
|
|
|
|
|
|
|
|
|
bridge fdb add dev swp0 00:01:02:03:04:05 self static
|
|
|
|
|
# or shorthand
|
|
|
|
|
bridge fdb add dev swp0 00:01:02:03:04:05 static
|
|
|
|
|
|
|
|
|
|
Due to a bug, the bridge bypass FDB implementation provided by DSA did not
|
|
|
|
|
distinguish between ``static`` and ``local`` FDB entries (``static`` are meant
|
|
|
|
|
to be forwarded, while ``local`` are meant to be locally terminated, i.e. sent
|
|
|
|
|
to the host port). Instead, all FDB entries with the ``self`` flag (implicit or
|
|
|
|
|
explicit) are treated by DSA as ``static`` even if they are ``local``.
|
|
|
|
|
|
|
|
|
|
.. code-block:: sh
|
|
|
|
|
|
|
|
|
|
# This command:
|
|
|
|
|
bridge fdb add dev swp0 00:01:02:03:04:05 static
|
|
|
|
|
# behaves the same for DSA as this command:
|
|
|
|
|
bridge fdb add dev swp0 00:01:02:03:04:05 local
|
|
|
|
|
# or shorthand, because the 'local' flag is implicit if 'static' is not
|
|
|
|
|
# specified, it also behaves the same as:
|
|
|
|
|
bridge fdb add dev swp0 00:01:02:03:04:05
|
|
|
|
|
|
|
|
|
|
The last command is an incorrect way of adding a static bridge FDB entry to a
|
|
|
|
|
DSA switch using the bridge bypass operations, and works by mistake. Other
|
|
|
|
|
drivers will treat an FDB entry added by the same command as ``local`` and as
|
|
|
|
|
such, will not forward it, as opposed to DSA.
|
|
|
|
|
|
|
|
|
|
Between kernel v4.14 and v5.14, DSA has supported in parallel two modes of
|
|
|
|
|
adding a bridge FDB entry to the switch: the bridge bypass discussed above, as
|
|
|
|
|
well as a new mode using the ``master`` flag which installs FDB entries in the
|
|
|
|
|
software bridge too.
|
|
|
|
|
|
|
|
|
|
.. code-block:: sh
|
|
|
|
|
|
|
|
|
|
bridge fdb add dev swp0 00:01:02:03:04:05 master static
|
|
|
|
|
|
|
|
|
|
Since kernel v5.14, DSA has gained stronger integration with the bridge's
|
|
|
|
|
software FDB, and the support for its bridge bypass FDB implementation (using
|
|
|
|
|
the ``self`` flag) has been removed. This results in the following changes:
|
|
|
|
|
|
|
|
|
|
.. code-block:: sh
|
|
|
|
|
|
|
|
|
|
# This is the only valid way of adding an FDB entry that is supported,
|
|
|
|
|
# compatible with v4.14 kernels and later:
|
|
|
|
|
bridge fdb add dev swp0 00:01:02:03:04:05 master static
|
|
|
|
|
# This command is no longer buggy and the entry is properly treated as
|
|
|
|
|
# 'local' instead of being forwarded:
|
|
|
|
|
bridge fdb add dev swp0 00:01:02:03:04:05
|
|
|
|
|
# This command no longer installs a static FDB entry to hardware:
|
|
|
|
|
bridge fdb add dev swp0 00:01:02:03:04:05 static
|
|
|
|
|
|
|
|
|
|
Script writers are therefore encouraged to use the ``master static`` set of
|
|
|
|
|
flags when working with bridge FDB entries on DSA switch interfaces.
|
2022-09-11 04:07:05 +03:00
|
|
|
|
|
|
|
|
Affinity of user ports to CPU ports
|
|
|
|
|
-----------------------------------
|
|
|
|
|
|
|
|
|
|
Typically, DSA switches are attached to the host via a single Ethernet
|
|
|
|
|
interface, but in cases where the switch chip is discrete, the hardware design
|
|
|
|
|
may permit the use of 2 or more ports connected to the host, for an increase in
|
|
|
|
|
termination throughput.
|
|
|
|
|
|
|
|
|
|
DSA can make use of multiple CPU ports in two ways. First, it is possible to
|
|
|
|
|
statically assign the termination traffic associated with a certain user port
|
|
|
|
|
to be processed by a certain CPU port. This way, user space can implement
|
|
|
|
|
custom policies of static load balancing between user ports, by spreading the
|
|
|
|
|
affinities according to the available CPU ports.
|
|
|
|
|
|
|
|
|
|
Secondly, it is possible to perform load balancing between CPU ports on a per
|
|
|
|
|
packet basis, rather than statically assigning user ports to CPU ports.
|
2023-10-23 11:17:28 -07:00
|
|
|
This can be achieved by placing the DSA conduits under a LAG interface (bonding
|
2022-09-11 04:07:05 +03:00
|
|
|
or team). DSA monitors this operation and creates a mirror of this software LAG
|
2023-10-23 11:17:28 -07:00
|
|
|
on the CPU ports facing the physical DSA conduits that constitute the LAG slave
|
2022-09-11 04:07:05 +03:00
|
|
|
devices.
|
|
|
|
|
|
|
|
|
|
To make use of multiple CPU ports, the firmware (device tree) description of
|
2023-10-23 11:17:28 -07:00
|
|
|
the switch must mark all the links between CPU ports and their DSA conduits
|
2022-09-11 04:07:05 +03:00
|
|
|
using the ``ethernet`` reference/phandle. At startup, only a single CPU port
|
2023-10-23 11:17:28 -07:00
|
|
|
and DSA conduit will be used - the numerically first port from the firmware
|
2022-09-11 04:07:05 +03:00
|
|
|
description which has an ``ethernet`` property. It is up to the user to
|
2023-10-23 11:17:28 -07:00
|
|
|
configure the system for the switch to use other conduits.
|
2022-09-11 04:07:05 +03:00
|
|
|
|
|
|
|
|
DSA uses the ``rtnl_link_ops`` mechanism (with a "dsa" ``kind``) to allow
|
2023-10-23 11:17:29 -07:00
|
|
|
changing the DSA conduit of a user port. The ``IFLA_DSA_CONDUIT`` u32 netlink
|
2023-10-23 11:17:28 -07:00
|
|
|
attribute contains the ifindex of the conduit device that handles each user
|
|
|
|
|
device. The DSA conduit must be a valid candidate based on firmware node
|
2022-09-11 04:07:05 +03:00
|
|
|
information, or a LAG interface which contains only slaves which are valid
|
|
|
|
|
candidates.
|
|
|
|
|
|
|
|
|
|
Using iproute2, the following manipulations are possible:
|
|
|
|
|
|
|
|
|
|
.. code-block:: sh
|
|
|
|
|
|
2023-10-23 11:17:28 -07:00
|
|
|
# See the DSA conduit in current use
|
2022-09-11 04:07:05 +03:00
|
|
|
ip -d link show dev swp0
|
|
|
|
|
(...)
|
|
|
|
|
dsa master eth0
|
|
|
|
|
|
|
|
|
|
# Static CPU port distribution
|
|
|
|
|
ip link set swp0 type dsa master eth1
|
|
|
|
|
ip link set swp1 type dsa master eth0
|
|
|
|
|
ip link set swp2 type dsa master eth1
|
|
|
|
|
ip link set swp3 type dsa master eth0
|
|
|
|
|
|
2023-10-23 11:17:28 -07:00
|
|
|
# CPU ports in LAG, using explicit assignment of the DSA conduit
|
2022-09-11 04:07:05 +03:00
|
|
|
ip link add bond0 type bond mode balance-xor && ip link set bond0 up
|
|
|
|
|
ip link set eth1 down && ip link set eth1 master bond0
|
|
|
|
|
ip link set swp0 type dsa master bond0
|
|
|
|
|
ip link set swp1 type dsa master bond0
|
|
|
|
|
ip link set swp2 type dsa master bond0
|
|
|
|
|
ip link set swp3 type dsa master bond0
|
|
|
|
|
ip link set eth0 down && ip link set eth0 master bond0
|
|
|
|
|
ip -d link show dev swp0
|
|
|
|
|
(...)
|
|
|
|
|
dsa master bond0
|
|
|
|
|
|
2023-10-23 11:17:28 -07:00
|
|
|
# CPU ports in LAG, relying on implicit migration of the DSA conduit
|
2022-09-11 04:07:05 +03:00
|
|
|
ip link add bond0 type bond mode balance-xor && ip link set bond0 up
|
|
|
|
|
ip link set eth0 down && ip link set eth0 master bond0
|
|
|
|
|
ip link set eth1 down && ip link set eth1 master bond0
|
|
|
|
|
ip -d link show dev swp0
|
|
|
|
|
(...)
|
|
|
|
|
dsa master bond0
|
|
|
|
|
|
|
|
|
|
Notice that in the case of CPU ports under a LAG, the use of the
|
2023-10-23 11:17:29 -07:00
|
|
|
``IFLA_DSA_CONDUIT`` netlink attribute is not strictly needed, but rather, DSA
|
2023-10-23 11:17:28 -07:00
|
|
|
reacts to the ``IFLA_MASTER`` attribute change of its present conduit (``eth0``)
|
2022-09-11 04:07:05 +03:00
|
|
|
and migrates all user ports to the new upper of ``eth0``, ``bond0``. Similarly,
|
|
|
|
|
when ``bond0`` is destroyed using ``RTM_DELLINK``, DSA migrates the user ports
|
2023-10-23 11:17:28 -07:00
|
|
|
that were assigned to this interface to the first physical DSA conduit which is
|
2022-09-11 04:07:05 +03:00
|
|
|
eligible, based on the firmware description (it effectively reverts to the
|
|
|
|
|
startup configuration).
|
|
|
|
|
|
|
|
|
|
In a setup with more than 2 physical CPU ports, it is therefore possible to mix
|
2023-10-23 11:17:28 -07:00
|
|
|
static user to CPU port assignment with LAG between DSA conduits. It is not
|
|
|
|
|
possible to statically assign a user port towards a DSA conduit that has any
|
|
|
|
|
upper interfaces (this includes LAG devices - the conduit must always be the LAG
|
2022-09-11 04:07:05 +03:00
|
|
|
in this case).
|
|
|
|
|
|
2023-10-23 11:17:28 -07:00
|
|
|
Live changing of the DSA conduit (and thus CPU port) affinity of a user port is
|
2022-09-11 04:07:05 +03:00
|
|
|
permitted, in order to allow dynamic redistribution in response to traffic.
|
|
|
|
|
|
2023-10-23 11:17:28 -07:00
|
|
|
Physical DSA conduits are allowed to join and leave at any time a LAG interface
|
|
|
|
|
used as a DSA conduit; however, DSA will reject a LAG interface as a valid
|
|
|
|
|
candidate for being a DSA conduit unless it has at least one physical DSA conduit
|
2022-09-11 04:07:05 +03:00
|
|
|
as a slave device.
|