Hi,
In the setup that I have (dsa), in addition to creating interfaces which
are managed, I also have vlans which are not managed at all, thus having
pure switching for these specific vlans.
With dsaconfig, all vlans get tagged on the switch to "self". I
understand this as tagging the cpu port.
It is exactly this step which I skip to have unmanageable switched
vlans. The devices do not show up with "ip l" but the vlans can be seen
with "bridge v".
I would propose adding an option something like this:
config dsa_vlan
option vlan 500
option ports 'lan3.t lan4.t'
option cpuport '0' # default value is 1
The CPU Port with the swconfig setup is always some number which changes
from router to router followed by a 't'. This way, tagging the cpu port
is the default but can be overridden.
Greets,
Perry
On 7/14/20 5:34 PM, Josh Bendavid wrote:
> Hi,
> I have a somewhat radical comment on this.
>
> As far as I understand, the vlan filtering support in the linux bridge
> subsystem is not specific to dsa, but can equally be configured for a
> pure software bridge. The fact that the switch supports dsa/switchdev
> then simply allows this to be transparently handled in hardware, just
> like the simple bridging of the switch port interfaces.
>
> Isn't it conceptually more correct in this case for the vlan filtering
> to be configured as part of the "interface" in uci?
> Ie I configure an interface of type "bridge" which bridges the switch
> ports, then the vlan filtering is a configuration property of this
> interface (just like enabling igmp_snooping on a bridge interface)
>
> Thanks,
> Josh
>
> On Tue, 7 Jul 2020 at 22:13, Jo-Philipp Wich <j...@mein.io> wrote:
>>
>> This patch series introduces a new package "dsaconfig" which provides the
>> necessary logic to allow configuration of bridge vlan filter rules for
>> DSA switches.
>>
>> While well supported DSA switches can be programmed by solely bridging
>> per-port netdevices together, explicit bridge VLAN filter rules are needed
>> for more complex scenarios or for DSA switches that do not support a
>> tagging protocol.
>>
>> The UCI configuration interpreted by the dsaconfig package closely follows
>> the structure and semantics of the legacy swconfig architecture, honouring
>> "dsa", "dsa_vlan" and "dsa_port" sections within the
>> /etc/config/network file. The only difference compared to swconfig is
>> that "dsa" sections are optional and that the syntax of ports within
>> the "dsa_vlan" section differs, instead of <portnumber><tag>?, e.g.
>> "0t", "1u" or "2", it is now <portname>(.<tag>)?, e.g. "wan.u", "lan1.t"
>> or "lan2".
>>
>> The dsaconfig package will spawn a bridge device named "switchN" for each
>> DSA switch, where N denotes the number of the switch. In contrast to
>> swconfig, interfaces do not use the CPU port to target VLAN port groups on
>> the switch but reference a VLAN on top of the switch, e.g.
>> "option ifname switch0.1" to use the VLAN 1 port group on the first DSA
>> switch.
>>
>> A complete configuration example for a simple LAN/WAN setup might look
>> like below. Note that this configuration should be equivalent to just
>> bridging lan1..lan4 without any VLAN filter rules.
>>
>> -- 8< --
>> config dsa_vlan
>> option vlan 1
>> option ports 'lan1 lan2 lan3 lan4'
>>
>> config dsa_vlan
>> option vlan 2
>> option ports 'wan'
>>
>> config interface lan
>> option ifname switch0.1
>> option proto static
>> option ipaddr 192.168.1.1/24
>>
>> config interface wan
>> option ifname switch0.2
>> option proto dhcp
>> -- >8 --
>>
>> A slightly more complex example that uses multiple tagged VLANs on different
>> ports would look like this:
>>
>> -- 8< --
>> config dsa switch0
>> ## Override CPU port. Normally it is auto-discovered.
>> #option cpu_port eth0
>>
>> config dsa_vlan
>> ## Specify the switch this vlan belongs to.
>> ## If there is only one switch on the system, it may be omitted.
>> #option device switch0
>> option vlan 1
>> option ports 'lan1 lan2.t'
>>
>> config dsa_vlan
>> #option device switch0
>> option vlan 2
>> option ports 'wan'
>>
>> config dsa_vlan
>> #option device switch0
>> option vlan 5
>> option ports 'lan2.t lan3'
>>
>> config dsa_vlan
>> #option device switch0
>> option vlan 8
>> option ports 'lan2.t lan4'
>>
>> config dsa_vlan
>> #option device switch0
>> option vlan 11
>> option ports 'lan2.t lan4.t'
>>
>> config dsa_port
>> #option device switch0
>> option port lan2
>> ## By default, the port PVID is set to the ID of the first
>> ## untagged VLAN the port is member of. It can be overriden here.
>> option pvid 5
>>
>> config interface lan
>> option type bridge
>> option ifname 'switch0.1 wlan0'
>> option proto static
>> option ipaddr 192.168.1.1/24
>>
>> config interface wan
>> option ifname switch0.2
>> option proto dhcp
>>
>> config interface vlan5
>> option ifname switch0.5
>> option proto static
>> option ipaddr 10.255.5.1/24
>>
>> config interface vlan8
>> option ifname switch0.8
>> option proto static
>> option ipaddr 10.255.8.1/24
>>
>> config interface vlan11
>> option ifname switch0.11
>> option proto static
>> option ipaddr 10.255.11.1/24
>> -- >8 --
>>
>> Additionally, the "dsaconfig" executable provided by this package implements
>> a "show" option to display the current switch port states and their VLAN
>> memberships in a compact manner. For the latter configuration example above,
>> the utility would produce an output similar to the following:
>>
>> -- 8< --
>> root@OpenWrt:~# dsaconfig show
>> Switch: switch0
>> VLAN/ | lan1 | lan2 | lan3 | lan4 | wan |
>> Link: | down | 1000F | down | 1000F | down |
>> 1 | u* | t | | | |
>> 2 | | | | | u* |
>> 5 | | t* | u* | | |
>> 8 | t | t | | u* | |
>> 11 | | t | | t | |
>>
>> -- >8 --
>>
>> This code has been tested on a WRT3200ACM and a Mir3G but is supposed to
>> work with any DSA switch. It requires wider testing before it is suitable
>> for inclusion.
>>
>> Once the configuration format is and rule logic is finalized, the shell
>> script code provided by this package should be implemented directly in
>> netifd C code to reduce the amount of required external dependencies and
>> to allow for improved performance when processing large configurations.
>>
>> Open questions/topics:
>>
>> - Ensure that the chosen configuration approach actually works with
>> DSA_TAG_PROTO_NONE switches
>>
>> - Investigate potential MTU issues regarding the CPU port
>>
>> Changes since v1:
>>
>> - Rename switch, switch_vlan and switch_port sections to dsa, dsa_vlan
>> and dsa_port respectively
>>
>> - Forcibly move DSA ports to the switch bridge if they're part of another
>> bridge yet
>>
>> - Disallow VLAN ID 0
>>
>> - Properly display unassigned ports as empty in "dsaconfig show"
>>
>> - Handle implicit switch0 in "dsaconfig show"
>>
>> Jo-Philipp Wich (1):
>> dsaconfig: introduce package for UCI configuration of VLAN filter
>> rules
>>
>> package/network/config/dsaconfig/Makefile | 40 +++
>> .../config/dsaconfig/files/dsaconfig.hotplug | 7 +
>> .../config/dsaconfig/files/dsaconfig.include | 11 +
>> .../config/dsaconfig/files/dsaconfig.sh | 306 ++++++++++++++++++
>> 4 files changed, 364 insertions(+)
>> create mode 100644 package/network/config/dsaconfig/Makefile
>> create mode 100644 package/network/config/dsaconfig/files/dsaconfig.hotplug
>> create mode 100755 package/network/config/dsaconfig/files/dsaconfig.include
>> create mode 100755 package/network/config/dsaconfig/files/dsaconfig.sh
>>
>> --
>> 2.27.0
>>
>>
>> _______________________________________________
>> openwrt-devel mailing list
>> openwrt-devel@lists.openwrt.org
>> https://lists.openwrt.org/mailman/listinfo/openwrt-devel
>
> _______________________________________________
> openwrt-devel mailing list
> openwrt-devel@lists.openwrt.org
> https://lists.openwrt.org/mailman/listinfo/openwrt-devel
> .
>
_______________________________________________
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
