[RFC PATCH v2 0/1] Introduce UCI support for configuring DSA VLAN filter rules

Perry isprotejesvalkata at gmail.com
Tue Jul 28 12:02:35 EDT 2020 

Hi all,

A couple things which I think seem to still be missing are:

port mirroring (src port, dst port)
flow control (enable/disable)
stp (type, enable/disable)
igmp snooping

And some other features, which as far as I can tell should be possible
with DSA:

LAG
LLDP
Jumbo Frames

Greets,
P

On 7/14/20 5:34 PM, Josh Bendavid wrote:
> Hi,
> I have a somewhat radical comment on this.
> 
> As far as I understand, the vlan filtering support in the linux bridge
> subsystem is not specific to dsa, but can equally be configured for a
> pure software bridge.  The fact that the switch supports dsa/switchdev
> then simply allows this to be transparently handled in hardware, just
> like the simple bridging of the switch port interfaces.
> 
> Isn't it conceptually more correct in this case for the vlan filtering
> to be configured as part of the "interface" in uci?
> Ie I configure an interface of type "bridge" which bridges the switch
> ports, then the vlan filtering is a configuration property of this
> interface (just like enabling igmp_snooping on a bridge interface)
> 
> Thanks,
> Josh
> 
> On Tue, 7 Jul 2020 at 22:13, Jo-Philipp Wich <jo at mein.io> wrote:
>>
>> This patch series introduces a new package "dsaconfig" which provides the
>> necessary logic to allow configuration of bridge vlan filter rules for
>> DSA switches.
>>
>> While well supported DSA switches can be programmed by solely bridging
>> per-port netdevices together, explicit bridge VLAN filter rules are needed
>> for more complex scenarios or for DSA switches that do not support a
>> tagging protocol.
>>
>> The UCI configuration interpreted by the dsaconfig package closely follows
>> the structure and semantics of the legacy swconfig architecture, honouring
>> "dsa", "dsa_vlan" and "dsa_port" sections within the
>> /etc/config/network file. The only difference compared to swconfig is
>> that "dsa" sections are optional and that the syntax of ports within
>> the "dsa_vlan" section differs, instead of <portnumber><tag>?, e.g.
>> "0t", "1u" or "2", it is now <portname>(.<tag>)?, e.g. "wan.u", "lan1.t"
>> or "lan2".
>>
>> The dsaconfig package will spawn a bridge device named "switchN" for each
>> DSA switch, where N denotes the number of the switch. In contrast to
>> swconfig, interfaces do not use the CPU port to target VLAN port groups on
>> the switch but reference a VLAN on top of the switch, e.g.
>> "option ifname switch0.1" to use the VLAN 1 port group on the first DSA
>> switch.
>>
>> A complete configuration example for a simple LAN/WAN setup might look
>> like below. Note that this configuration should be equivalent to just
>> bridging lan1..lan4 without any VLAN filter rules.
>>
>> -- 8< --
>> config dsa_vlan
>>   option vlan 1
>>   option ports 'lan1 lan2 lan3 lan4'
>>
>> config dsa_vlan
>>   option vlan 2
>>   option ports 'wan'
>>
>> config interface lan
>>   option ifname switch0.1
>>   option proto static
>>   option ipaddr 192.168.1.1/24
>>
>> config interface wan
>>   option ifname switch0.2
>>   option proto dhcp
>> -- >8 --
>>
>> A slightly more complex example that uses multiple tagged VLANs on different
>> ports would look like this:
>>
>> -- 8< --
>> config dsa switch0
>>   ## Override CPU port. Normally it is auto-discovered.
>>   #option cpu_port eth0
>>
>> config dsa_vlan
>>   ## Specify the switch this vlan belongs to.
>>   ## If there is only one switch on the system, it may be omitted.
>>   #option device switch0
>>   option vlan 1
>>   option ports 'lan1 lan2.t'
>>
>> config dsa_vlan
>>   #option device switch0
>>   option vlan 2
>>   option ports 'wan'
>>
>> config dsa_vlan
>>   #option device switch0
>>   option vlan 5
>>   option ports 'lan2.t lan3'
>>
>> config dsa_vlan
>>   #option device switch0
>>   option vlan 8
>>   option ports 'lan2.t lan4'
>>
>> config dsa_vlan
>>   #option device switch0
>>   option vlan 11
>>   option ports 'lan2.t lan4.t'
>>
>> config dsa_port
>>   #option device switch0
>>   option port lan2
>>   ## By default, the port PVID is set to the ID of the first
>>   ## untagged VLAN the port is member of. It can be overriden here.
>>   option pvid 5
>>
>> config interface lan
>>   option type bridge
>>   option ifname 'switch0.1 wlan0'
>>   option proto static
>>   option ipaddr 192.168.1.1/24
>>
>> config interface wan
>>   option ifname switch0.2
>>   option proto dhcp
>>
>> config interface vlan5
>>   option ifname switch0.5
>>   option proto static
>>   option ipaddr 10.255.5.1/24
>>
>> config interface vlan8
>>   option ifname switch0.8
>>   option proto static
>>   option ipaddr 10.255.8.1/24
>>
>> config interface vlan11
>>   option ifname switch0.11
>>   option proto static
>>   option ipaddr 10.255.11.1/24
>> -- >8 --
>>
>> Additionally, the "dsaconfig" executable provided by this package implements
>> a "show" option to display the current switch port states and their VLAN
>> memberships in a compact manner. For the latter configuration example above,
>> the utility would produce an output similar to the following:
>>
>> -- 8< --
>> root at OpenWrt:~# dsaconfig show
>> Switch: switch0
>> VLAN/ | lan1  | lan2  | lan3  | lan4  | wan   |
>> Link: | down  | 1000F | down  | 1000F | down  |
>>    1  |  u*   |  t    |       |       |       |
>>    2  |       |       |       |       |  u*   |
>>    5  |       |  t*   |  u*   |       |       |
>>    8  |  t    |  t    |       |  u*   |       |
>>   11  |       |  t    |       |  t    |       |
>>
>> -- >8 --
>>
>> This code has been tested on a WRT3200ACM and a Mir3G but is supposed to
>> work with any DSA switch. It requires wider testing before it is suitable
>> for inclusion.
>>
>> Once the configuration format is and rule logic is finalized, the shell
>> script code provided by this package should be implemented directly in
>> netifd C code to reduce the amount of required external dependencies and
>> to allow for improved performance when processing large configurations.
>>
>> Open questions/topics:
>>
>>  - Ensure that the chosen configuration approach actually works with
>>    DSA_TAG_PROTO_NONE switches
>>
>>  - Investigate potential MTU issues regarding the CPU port
>>
>> Changes since v1:
>>
>>  - Rename switch, switch_vlan and switch_port sections to dsa, dsa_vlan
>>    and dsa_port respectively
>>
>>  - Forcibly move DSA ports to the switch bridge if they're part of another
>>    bridge yet
>>
>>  - Disallow VLAN ID 0
>>
>>  - Properly display unassigned ports as empty in "dsaconfig show"
>>
>>  - Handle implicit switch0 in "dsaconfig show"
>>
>> Jo-Philipp Wich (1):
>>   dsaconfig: introduce package for UCI configuration of VLAN filter
>>     rules
>>
>>  package/network/config/dsaconfig/Makefile     |  40 +++
>>  .../config/dsaconfig/files/dsaconfig.hotplug  |   7 +
>>  .../config/dsaconfig/files/dsaconfig.include  |  11 +
>>  .../config/dsaconfig/files/dsaconfig.sh       | 306 ++++++++++++++++++
>>  4 files changed, 364 insertions(+)
>>  create mode 100644 package/network/config/dsaconfig/Makefile
>>  create mode 100644 package/network/config/dsaconfig/files/dsaconfig.hotplug
>>  create mode 100755 package/network/config/dsaconfig/files/dsaconfig.include
>>  create mode 100755 package/network/config/dsaconfig/files/dsaconfig.sh
>>
>> --
>> 2.27.0
>>
>>
>> _______________________________________________
>> openwrt-devel mailing list
>> openwrt-devel at lists.openwrt.org
>> https://lists.openwrt.org/mailman/listinfo/openwrt-devel
> 
> _______________________________________________
> openwrt-devel mailing list
> openwrt-devel at lists.openwrt.org
> https://lists.openwrt.org/mailman/listinfo/openwrt-devel
> .
>

More information about the openwrt-devel mailing list