edgerouter-x DSA switch does not forward bridge-in-bridge packets correctly

Fabian Bläse fabian at blaese.de
Sun Aug 29 10:09:33 PDT 2021 

Hi,

I am having issues with a bridge-in-bridge configuration on the Edgerouter X with DSA on OpenWrt 21.02 rc4.

If a vlan-aware bridge is configured for the build-in ethernet ports, and a vlan-interface on that bridge is then put into a different bridge (to include wifi radios for example), then frames between tagged and untagged ethernet ports of the edgerouter x are not forwarded correctly.

Example setup:

 ┌────┐ ┌────┐ ┌────┐ ┌────┐ ┌────┐
 │eth0│ │eth1│ │eth2│ │eth3│ │eth4│
 └─┬──┘ └─┬──┘ └─┬──┘ └─┬──┘ └─┬──┘
   2      2      2      2t     2t
  ┌┴──────┴──────┴──────┴──────┴─┐   ┌─────┐   ┌─────┐
  │           bridge1            │   │wlan0│   │wlan1│
  └─────────┬───────────┬────────┘   └─┬───┘   └─┬───┘
            │ bridge1.4 │              │         │
            └────┬──────┘              │         │
                 └─────────────┐   ┌───┘         │
                             ┌─┴───┴─┐           │
                             │bridge2├───────────┘
                             └───────┘

config device 'bridge1'
	option name 'bridge1'
	option type 'bridge'

config bridge-vlan 'bridge1_2'
	option device 'bridge1'
	option vlan '2'
	list ports 'eth0:*'
	list ports 'eth1:*'
	list ports 'eth2:*'
	list ports 'eth3:t'
	list ports 'eth4:t'

config device 'bridge2'
	option name 'bridge2'
	option type 'bridge'
	list ports 'bridge1.2'

config interface 'lan'
	option proto 'static'
	option ipaddr '192.168.1.1/24'
	option device 'bridge2'


In the above configuration, frames between Ethernet port eth0 (vlan2 untagged) and port eth4 (vlan2 tagged) are not forwarded. Interestingly, the router itself is able to reach devices connected to eth0 and eth4, when pinging on the 'bridge2' interface.

Frames between untagged ports (e.g. eth0 and eth1) are forwarded correctly and frames between tagged ports (eg. eth3 and eth4) are forwarded correctly.

Also, tagged frames are incorrectly forwarded on untagged ports, so it is possible to reach a device connected to eth3 (tagged) on eth2 (tagged).

This issue does not appear, if the 'bridge1.4' interface is configured without an additional bridge, so the second bridge seems to be interfering with the hardware offloading.

I have also created a bug report for this behavior here: https://bugs.openwrt.org/index.php?do=details&task_id=3996

Best regards,
Fabian

More information about the openwrt-devel mailing list