From patchwork Thu Jan 10 19:32:06 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Florian Fainelli X-Patchwork-Id: 1023189 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming-netdev@ozlabs.org Delivered-To: patchwork-incoming-netdev@ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="ggATPE+t"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 43bGPl44tjz9sCr for ; Fri, 11 Jan 2019 06:33:31 +1100 (AEDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727865AbfAJTd3 (ORCPT ); Thu, 10 Jan 2019 14:33:29 -0500 Received: from mail-pl1-f195.google.com ([209.85.214.195]:43848 "EHLO mail-pl1-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727582AbfAJTd3 (ORCPT ); Thu, 10 Jan 2019 14:33:29 -0500 Received: by mail-pl1-f195.google.com with SMTP id gn14so5610300plb.10 for ; Thu, 10 Jan 2019 11:33:28 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id; bh=isczDxGeBReOhUnbdGWuKsRWWEI0IPvF1dFwr1ffIzQ=; b=ggATPE+tunEgcMYYKeTRLNjcNlFESpn824QRaLdv+2lS8GDdNuMV/OANx9Hh1PaCEW kpYUQwCPOdzGfOBz6SsPh08sPi9TE7tMgGhtPtCaS9ewLIK0nVz4ndfYYJsgJbYQkJwb QYXLGmO4nzF+bmD2TEiffdxnF6v57teAkbheEjWE9mVev6H/qYU2syiS3FzyuXAzI/WK 638CFi8FKzhata7CB75/7fOYWU7sq91aRQcFTJX4mmycx9F0AV5RytUS1r1sAm+NO85C lHkOhbMWW/d8vO1s1V76F8Cv6IjtXxwfKhtbLUrWU1VzSx/N/FdBz74HfNMQf8vDR9yV pdIw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=isczDxGeBReOhUnbdGWuKsRWWEI0IPvF1dFwr1ffIzQ=; b=YjRuz7lLzQH8aog7hIo0dtdIxS1gbCNOwxXJvL9NQBcN0jglHFesY+f5BKO/BWmYcz u7RCl+LnRuGNbwG6+3nmOIHnr+HI9QB290gX8baeHWzlugr7tzjqhoW2xkTgAi0xXKKp kDLFZQkgvOfHjdd4++ny6DrKijSnDl1vv4nxIb9he9TAl/o3GlcGaXTL0bIgGG28Rxij NHGJ2kxD3LnG79ad9t7nIqg7SNgL7GUt/kmtemTvz73fmoU+AJTcA2DVW9Wb2/KjmXFB JU/gQahqeazPRgcje/NuP63b6y3gDkXSds9hSHmQw92ccRzDqbE4zkgCtUdLQW7xJEua WKVA== X-Gm-Message-State: AJcUukfzeIAA+6j3k4mCfqD5bsh1HqGxstPYRgResv1/VIdHlEe85UXV UucENOKKtA+vs1WorAZ9CJcyxO/I X-Google-Smtp-Source: ALg8bN7krRpNwlHd7iV7rSlXh3OlblRYOj/4deIby8XXe439ALSKvAphrm1TrPyU2lF91WSgCVs7jQ== X-Received: by 2002:a17:902:2dc3:: with SMTP id p61mr11365397plb.166.1547148807731; Thu, 10 Jan 2019 11:33:27 -0800 (PST) Received: from fainelli-desktop.igp.broadcom.net ([192.19.223.250]) by smtp.gmail.com with ESMTPSA id y84sm139076356pfb.81.2019.01.10.11.33.25 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 10 Jan 2019 11:33:26 -0800 (PST) From: Florian Fainelli To: netdev@vger.kernel.org Cc: davem@davemloft.net, andrew@lunn.ch, vivien.didelot@gmail.com, cphealy@gmail.com, idosch@mellanox.com, jiri@mellanox.com, bridge@lists.linux-foundation.org, nikolay@cumulusnetworks.com, roopa@cumulusnetworks.com, rdunlap@infradead.org, ilias.apalodimas@linaro.org, ivan.khoronzhuk@linaro.org, Florian Fainelli Subject: [PATCH net-next v4] Documentation: networking: Clarify switchdev devices behavior Date: Thu, 10 Jan 2019 11:32:06 -0800 Message-Id: <20190110193206.9872-1-f.fainelli@gmail.com> X-Mailer: git-send-email 2.17.1 Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org This patch provides details on the expected behavior of switchdev enabled network devices when operating in a "stand alone" mode, as well as when being bridge members. This clarifies a number of things that recently came up during a bug fixing session on the b53 DSA switch driver. Signed-off-by: Florian Fainelli Reviewed-by: Randy Dunlap --- Changes in v4: - more spelling/grammar/sentence fixes (Randy) Changes in v3: - spell checks, past vs. present use (Randy) - clarified some behaviors a bit more regarding multicast flooding - added some missing sentence about multicast snopping knob being dynamically turned on/off Changes in v2: - clarified a few parts about VLAN devices wrt. VLAN filtering and their behavior during enslaving. Documentation/networking/switchdev.txt | 105 +++++++++++++++++++++++++ 1 file changed, 105 insertions(+) diff --git a/Documentation/networking/switchdev.txt b/Documentation/networking/switchdev.txt index 82236a17b5e6..dd58c957c557 100644 --- a/Documentation/networking/switchdev.txt +++ b/Documentation/networking/switchdev.txt @@ -392,3 +392,108 @@ switchdev_trans_item_dequeue() If a transaction is aborted during "prepare" phase, switchdev code will handle cleanup of the queued-up objects. + +Switchdev enabled network device expected behavior +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +Below is a set of defined behavior that switchdev enabled network devices must +adhere to. + +Configuration less state +------------------------ + +Upon driver bring up, the network devices must be fully operational, and the +backing driver must configure the network device such that it is possible to +send and receive traffic to this network device and it is properly separated +from other network devices/ports (e.g.: as is frequent with a switch ASIC). How +this is achieved is heavily hardware dependent, but a simple solution can be to +use per-port VLAN identifiers unless a better mechanism is available +(proprietary metadata for each network port for instance). + +The network device must be capable of running a full IP protocol stack +including multicast, DHCP, IPv4/6, etc. If necessary, it should be program the +appropriate filters for VLAN, multicast, unicast etc. The underlying device +driver must effectively be configured in a similar fashion to what it would do +when IGMP snooping is enabled for IP multicast over these switchdev network +devices and unsolicited multicast must be filtered as early as possible into +the hardware. + +When configuring VLANs on top of the network device, all VLANs must be working, +irrespective of the state of other network devices (e.g.: other ports being part +of a VLAN aware bridge doing ingress VID checking). See below for details. + +Bridged network devices +----------------------- + +When a switchdev enabled network device is added as a bridge member, it should +not disrupt any functionality of non-bridged network devices and they +should continue to behave as normal network devices. Depending on the bridge +configuration knobs below, the expected behavior is documented. + +VLAN filtering +~~~~~~~~~~~~~~ + +The Linux bridge allows the configuration of a VLAN filtering mode (compile and +run time) which must be observed by the underlying switchdev network +device/hardware: + +- with VLAN filtering turned off: frames ingressing the device with a VID that + is not programmed into the bridge/switch's VLAN table must be forwarded. + +- with VLAN filtering turned on: frames ingressing the device with a VID that is + not programmed into the bridges/switch's VLAN table must be dropped. + +Non-bridged network ports of the same switch fabric must not be disturbed in any +way, shape or form by the enabling of VLAN filtering. + +VLAN devices configured on top of a switchdev network device (e.g: sw0p1.100) +which is a bridge port member must also observe the following behavior: + +- with VLAN filtering turned off, these VLAN devices must be fully functional + since the hardware is allowed VID frames. Enslaving VLAN devices into the + bridge might be allowed provided that there is sufficient separation using + e.g.: a reserved VLAN ID (4095 for instance) for untagged traffic. + +- with VLAN filtering turned on, these VLAN devices should not be allowed to + be created because they duplicate functionality/use case with the bridge's + VLAN functionality. + +Because VLAN filtering can be turned on/off at runtime, the switchdev driver +must be able to re-configure the underlying hardware on the fly to honor the +toggling of that option and behave appropriately. + +A switchdev driver can also refuse to support dynamic toggling of the VLAN +filtering knob at runtime and require a destruction of the bridge device(s) and +creation of new bridge device(s) with a different VLAN filtering value to +ensure VLAN awareness is pushed down to the HW. + +IGMP snooping +~~~~~~~~~~~~~ + +The Linux bridge allows the configuration of IGMP snooping (compile and run +time) which must be observed by the underlying switchdev network device/hardware +in the following way: + +- when IGMP snooping is turned off, multicast traffic must be flooded to all + switch ports within the same broadcast domain. The CPU/management port + should ideally not be flooded and continue to learn multicast traffic through + the network stack notifications. If the hardware is not capable of doing that + then the CPU/management port must also be flooded and multicast filtering + happens in software. + +- when IGMP snooping is turned on, multicast traffic must selectively flow + to the appropriate network ports (including CPU/management port) and not flood + the switch. + +Note: reserved multicast addresses (e.g.: BPDUs) as well as Local Network +Control block (224.0.0.0 - 224.0.0.255) do not require IGMP and should always +be flooded. + +Because IGMP snooping can be turned on/off at runtime, the switchdev driver must +be able to re-configure the underlying hardware on the fly to honor the toggling +of that option and behave appropriately. + +A switchdev driver can also refuse to support dynamic toggling of the multicast +snooping knob at runtime and require the destruction of the bridge device(s) +and creation of a new bridge device(s) with a different multicast snooping +value.