DSA Mini-tutorial still marked as Work In Progress

Sebastian Moeller moeller0 at gmx.de
Wed Sep 7 15:00:07 PDT 2022 

Hi Jo,

I was under the impression* that bridge-vlan filtering is something that can be relegated to the switch hardware, while creating a bridge between VLAN interfaces happens in software. Is that wrong?

Regards
	Sebastian


*) Not sure where I got that impression from


> On Sep 7, 2022, at 23:48, Jo-Philipp Wich <jo at mein.io> wrote:
> 
> Hi Rich,
> 
> that tutorial is good ground work imho. One thing I repeatedly noticed (not in
> the document, but in forum and irc chatter) is that over the time, DSA and
> bridge VLAN filtering became conflated into one concept while they're actually
> different pieces; one can do bridge VLAN filtering without DSA and one can
> utilize DSA without doing bridge VLAN filtering.
> 
> Bluntly speaking, DSA is the thing that gives you one Linux network device per
> switch port and bridge VLAN filtering is the stuff that allows you declaring
> swconfig-esque VLAN port groups on top of an arbitrary bridge interface.
> 
> I think this is something we should try to better convey in the documentation.
> 
> For example simple common use cases like:
> 
> - Making each switch port it's own independent interface with own subnet
> 
> or
> 
> - Break out one switch port to turn it into some kind of restricted IoT or
>   guest network access port
> 
> or
> 
> - Bridge each ethernet port to another SSID
> 
> don't require bridge VLAN filtering or touching VLANs in general at all (in
> contrast to former swconfig). The per-port net devices just have to be taken
> out of the br-lan bridge and either be put into another bridge or configured
> as independent network devices.
> 
> Bridge VLAN filtering on the other hand is only actually needed if you want to
> deal with VLAN tagged traffic inside the bridge. And even then there's
> sometimes alternative ways, for example the following two scenarios should be
> functionally equivalent:
> 
> - Bridge device "br-vlan10" containing "lan1.10 lan2.10 lan3.10"
>  - VLAN filtering disabled
> 
> vs.
> 
> - Bridge device "br-lan" containing "lan1 lan2 lan3"
>  - VLAN filtering enabled
>  - Bridge VLAN #10 containing lan1 as tagged, lan2 as tagged, lan3 as tagged
> - VLAN device br-lan.10 on top of br-lan
> 
> 
> In the former case you would put your IP address settings onto the dedicated
> "br-vlan10" bridge device while in the latter case you would configure the IP
> addressing on the "br-lan.10" subinterface of the "br-lan" bridge.
> 
> So maybe it makes sense to focus on the "with DSA, your switch just becomes a
> linux bridge over a bunch of netdevs" aspect in the mini tutorial and break
> out any bridge-VLAN related information into a separate advanced VLAN tutorial.
> 
> Another conceptual issue I see is that people came to expect a dedicated
> "switch" configuration ui which is something that does not really work with
> DSA devices anymore since there is no dedicated switch hardware entity to
> interact with anymore (DSA takes care of completely abstracting this away from
> the user point of view) and that bridge-vlans just happen to be a
> configuration detail of a bridge, and that there happens to be a bridge
> "br-lan" by default, but a system could have multiple bridges, or none at all.
> 
> So we should also explain why there is no central "switch configuration"
> anymore and that this does not translate into a loss of functionality, but
> that the former semi opague swconfig switch configuration entity was dissolved
> into a bunch of ethernet devices inside a bridge...
> 
> 
> 
> ~ Jo
> 
> _______________________________________________
> openwrt-devel mailing list
> openwrt-devel at lists.openwrt.org
> https://lists.openwrt.org/mailman/listinfo/openwrt-devel

More information about the openwrt-devel mailing list