On 8.09.2022 02:54, Florian Fainelli wrote:
On 9/7/2022 3:00 PM, Sebastian Moeller wrote:
Hi Jo,
I was under the impression* that bridge-vlan filtering is something
that can be relegated to the switch hardware, while creating a bridge
between VLAN interfaces happens in software. Is that wrong?
It is incorrect. DSA offloads the bridge to the switch hardware whether
you have VLAN filtering or not.
When the bridge is not VLAN aware (vlan_filtering=0) what it means is
that the Linux bridge, and the underlying switch MUST accept both VLAN
and non-VLAN tagged frames.
If you do want VLAN tagged frames in that bridge, then you are supposed
to terminate VLAN traffic by creating upper VLAN devices such as
lan1.10, lan2.10 etc. but the switching between lan1.10 and lan2.10
still happens in hardware because those VLAN devices are offloaded into
the switch hardware.
When vlan_filtering=1 is set, the hardware is configured to only accept
untagged PVID frames as well as whichever VLAN tagged frames you have
configured.
For instance, if you configured your bridge this way with: lan1, lan2,
lan3 and lan4 part of br-lan with vlan_filtering=1, each switch port
will be programmed to be in the bridge's default_pvid (1, unless
changed), and if you sent a VLAN tagged frame with VLAN ID 2 towards any
of those ports, and assuming the switch hardware is capable of it, that
VLAN ID 2 frame creates an egress VID violation and is discarded. If not
discarded in hardware it would be discarded in software.
I've made a detailed write up of this here:
https://openwrt.org/playground/arinc9/bridge-vlan-filtering#egress_untagged_egress_tagged_and_pvid
Arınç
_______________________________________________
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
