Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

add support for locked bridge ports and locked fdb entries #457

Merged
merged 6 commits into from
Feb 12, 2025
Merged

add support for locked bridge ports and locked fdb entries #457

merged 6 commits into from
Feb 12, 2025

Conversation

KanjiMonster
Copy link
Contributor

@KanjiMonster KanjiMonster commented Jan 17, 2025
edited
Loading

Add support for the LOCKED flag of switch ports and fdb entries:

  • LOCKED ports do not learn and do not forward packets from unknown mac addresses, so disable learning and forwarding for them.
  • LOCKED fdb entries are not used for forwarding, but mark a mac address as "seen" on a port. Since this is basically like they weren't learnt, ignore these entries and only add them to OF-DPA once they lose their LOCKED flag.

To be able to do so, we need to enhance OF-DPA with the ability to do fine grained learning configuration. Since OF-DPA is old, model the internal interface after SAI [1], with a two modifications:

  • add a mode that corresponds to what we currently use, where we log and forward
  • add a method for configuring learning behavior for source port violations (i.e. a neighbor moved to a different port)

[1] https://github.com/opencomputeproject/SAI/blob/5ff3424512031258ed2431b06b64beea5bc36712/inc/saibridge.h#L39

@KanjiMonster KanjiMonster changed the title add supported for locked bridge ports and locked fdb entries add support for locked bridge ports and locked fdb entries Feb 10, 2025
@KanjiMonster
proto: update with OF-DPA port learn functions
ad25680 
Update proto for latest ofdpa.proto:

* a3d97dc40faf api: ofdpa: add functions to configure per port learning

Signed-off-by: Jonas Gorski <jonas.gorski@bisdn.de>
@KanjiMonster KanjiMonster mentioned this pull request Feb 11, 2025
Open
9 tasks
@KanjiMonster KanjiMonster force-pushed the jogo_port_locked branch 2 times, most recently from 559afbc to 8516c1d Compare February 11, 2025 10:02
@KanjiMonster
ofdpa_client: expose per port learning configuration
87b00ee 
Expose the newly added functions for configuring learning on a per port
basis.

To make it more SAI-ish, use the logical SAI states [1]. Since the
default learning behavior isn't covered by any of the states, add an
extra state for that.

[1] https://github.com/opencomputeproject/SAI/blob/5ff3424512031258ed2431b06b64beea5bc36712/inc/saibridge.h#L39

Signed-off-by: Jonas Gorski <jonas.gorski@bisdn.de>
@KanjiMonster
nbi_impl: initialize learning on connect
824632b 
To ensure that ports work as expected, initialize learning on connect.

Signed-off-by: Jonas Gorski <jonas.gorski@bisdn.de>
@KanjiMonster
nl_bridge: handle port locked
a299dd3 
Update learning mode for bridge ports based on lock state, and for bond
ports set the learning mode for all bonded ports.

Signed-off-by: Jonas Gorski <jonas.gorski@bisdn.de>
@KanjiMonster
cnetlink: properly handle ll neigh handable changes
3b3a65e 
With ae62117 ("cnetlink: pass on layer 2 neigh updates"), we make
sure to handle updates only on neighs we support, so we check both old
and new to be usable.

But this misses the transitions where a ll neigh becomes usable due to
updates or vice versa.

Fix this by treating those changes as a new or deleted ll neigh insted
of ignoring it alltogether.

Fixes: ae62117 ("cnetlink: pass on layer 2 neigh updates")
Signed-off-by: Jonas Gorski <jonas.gorski@bisdn.de>
@KanjiMonster
cnetlink: ignore locked fdb entries as well
dcab584 
Treat locked fdb entries like they don't exist, so let check_ll_neigh()
also return false for them.

Signed-off-by: Jonas Gorski <jonas.gorski@bisdn.de>
@KanjiMonster KanjiMonster marked this pull request as ready for review February 12, 2025 09:23
@jklare
Copy link
Contributor

jklare commented Feb 12, 2025

Is it wise to use the term "sai" within our code here, while actually just miming certain behaviours of it and not using SAI in any way, shape or form? I would think that this might be pretty confusing for somebody stumbling over this function. Maybe it would be better to only use "sai" in a comment?

@jklare
Copy link
Contributor

jklare commented Feb 12, 2025

nvm, we seem to have used this before, so this is not the point to discuss it

@jklare jklare merged commit 1e28461 into main Feb 12, 2025
5 checks passed
@jklare jklare deleted the jogo_port_locked branch February 12, 2025 09:31
@KanjiMonster KanjiMonster mentioned this pull request Feb 14, 2025
Draft
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jklare jklare jklare approved these changes

@rubensfig rubensfig Awaiting requested review from rubensfig

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@KanjiMonster @jklare