DSA Mini-tutorial still marked as Work In Progress
Arınç ÜNAL
arinc.unal at arinc9.com
Thu Sep 8 12:05:34 PDT 2022
On 8.09.2022 02:54, Florian Fainelli wrote:
>
>
> On 9/7/2022 3:00 PM, Sebastian Moeller wrote:
>> Hi Jo,
>>
>> I was under the impression* that bridge-vlan filtering is something
>> that can be relegated to the switch hardware, while creating a bridge
>> between VLAN interfaces happens in software. Is that wrong?
>
> It is incorrect. DSA offloads the bridge to the switch hardware whether
> you have VLAN filtering or not.
>
> When the bridge is not VLAN aware (vlan_filtering=0) what it means is
> that the Linux bridge, and the underlying switch MUST accept both VLAN
> and non-VLAN tagged frames.
>
> If you do want VLAN tagged frames in that bridge, then you are supposed
> to terminate VLAN traffic by creating upper VLAN devices such as
> lan1.10, lan2.10 etc. but the switching between lan1.10 and lan2.10
> still happens in hardware because those VLAN devices are offloaded into
> the switch hardware.
>
> When vlan_filtering=1 is set, the hardware is configured to only accept
> untagged PVID frames as well as whichever VLAN tagged frames you have
> configured.
>
> For instance, if you configured your bridge this way with: lan1, lan2,
> lan3 and lan4 part of br-lan with vlan_filtering=1, each switch port
> will be programmed to be in the bridge's default_pvid (1, unless
> changed), and if you sent a VLAN tagged frame with VLAN ID 2 towards any
> of those ports, and assuming the switch hardware is capable of it, that
> VLAN ID 2 frame creates an egress VID violation and is discarded. If not
> discarded in hardware it would be discarded in software.
I've made a detailed write up of this here:
https://openwrt.org/playground/arinc9/bridge-vlan-filtering#egress_untagged_egress_tagged_and_pvid
Arınç
More information about the openwrt-devel
mailing list