158dd7a8dSBenedikt Spranger.. SPDX-License-Identifier: GPL-2.0 258dd7a8dSBenedikt Spranger 358dd7a8dSBenedikt Spranger======================================= 458dd7a8dSBenedikt SprangerDSA switch configuration from userspace 558dd7a8dSBenedikt Spranger======================================= 658dd7a8dSBenedikt Spranger 758dd7a8dSBenedikt SprangerThe DSA switch configuration is not integrated into the main userspace 8*a266ef69SRandy Dunlapnetwork configuration suites by now and has to be performed manually. 958dd7a8dSBenedikt Spranger 1058dd7a8dSBenedikt Spranger.. _dsa-config-showcases: 1158dd7a8dSBenedikt Spranger 1258dd7a8dSBenedikt SprangerConfiguration showcases 1358dd7a8dSBenedikt Spranger----------------------- 1458dd7a8dSBenedikt Spranger 1558dd7a8dSBenedikt SprangerTo configure a DSA switch a couple of commands need to be executed. In this 1658dd7a8dSBenedikt Sprangerdocumentation some common configuration scenarios are handled as showcases: 1758dd7a8dSBenedikt Spranger 1858dd7a8dSBenedikt Spranger*single port* 1958dd7a8dSBenedikt Spranger Every switch port acts as a different configurable Ethernet port 2058dd7a8dSBenedikt Spranger 2158dd7a8dSBenedikt Spranger*bridge* 2258dd7a8dSBenedikt Spranger Every switch port is part of one configurable Ethernet bridge 2358dd7a8dSBenedikt Spranger 2458dd7a8dSBenedikt Spranger*gateway* 2558dd7a8dSBenedikt Spranger Every switch port except one upstream port is part of a configurable 2658dd7a8dSBenedikt Spranger Ethernet bridge. 2758dd7a8dSBenedikt Spranger The upstream port acts as different configurable Ethernet port. 2858dd7a8dSBenedikt Spranger 2958dd7a8dSBenedikt SprangerAll configurations are performed with tools from iproute2, which is available 3058dd7a8dSBenedikt Sprangerat https://www.kernel.org/pub/linux/utils/net/iproute2/ 3158dd7a8dSBenedikt Spranger 3258dd7a8dSBenedikt SprangerThrough DSA every port of a switch is handled like a normal linux Ethernet 3358dd7a8dSBenedikt Sprangerinterface. The CPU port is the switch port connected to an Ethernet MAC chip. 3458dd7a8dSBenedikt SprangerThe corresponding linux Ethernet interface is called the master interface. 3558dd7a8dSBenedikt SprangerAll other corresponding linux interfaces are called slave interfaces. 3658dd7a8dSBenedikt Spranger 370929ff71SVladimir OlteanThe slave interfaces depend on the master interface being up in order for them 380929ff71SVladimir Olteanto send or receive traffic. Prior to kernel v5.12, the state of the master 390929ff71SVladimir Olteaninterface had to be managed explicitly by the user. Starting with kernel v5.12, 400929ff71SVladimir Olteanthe behavior is as follows: 410929ff71SVladimir Oltean 420929ff71SVladimir Oltean- when a DSA slave interface is brought up, the master interface is 430929ff71SVladimir Oltean automatically brought up. 440929ff71SVladimir Oltean- when the master interface is brought down, all DSA slave interfaces are 450929ff71SVladimir Oltean automatically brought down. 4658dd7a8dSBenedikt Spranger 4758dd7a8dSBenedikt SprangerIn this documentation the following Ethernet interfaces are used: 4858dd7a8dSBenedikt Spranger 4958dd7a8dSBenedikt Spranger*eth0* 5058dd7a8dSBenedikt Spranger the master interface 5158dd7a8dSBenedikt Spranger 520773e3a8SVladimir Oltean*eth1* 530773e3a8SVladimir Oltean another master interface 540773e3a8SVladimir Oltean 5558dd7a8dSBenedikt Spranger*lan1* 5658dd7a8dSBenedikt Spranger a slave interface 5758dd7a8dSBenedikt Spranger 5858dd7a8dSBenedikt Spranger*lan2* 5958dd7a8dSBenedikt Spranger another slave interface 6058dd7a8dSBenedikt Spranger 6158dd7a8dSBenedikt Spranger*lan3* 6258dd7a8dSBenedikt Spranger a third slave interface 6358dd7a8dSBenedikt Spranger 6458dd7a8dSBenedikt Spranger*wan* 6558dd7a8dSBenedikt Spranger A slave interface dedicated for upstream traffic 6658dd7a8dSBenedikt Spranger 6758dd7a8dSBenedikt SprangerFurther Ethernet interfaces can be configured similar. 6858dd7a8dSBenedikt SprangerThe configured IPs and networks are: 6958dd7a8dSBenedikt Spranger 7058dd7a8dSBenedikt Spranger*single port* 7158dd7a8dSBenedikt Spranger * lan1: 192.0.2.1/30 (192.0.2.0 - 192.0.2.3) 7258dd7a8dSBenedikt Spranger * lan2: 192.0.2.5/30 (192.0.2.4 - 192.0.2.7) 7358dd7a8dSBenedikt Spranger * lan3: 192.0.2.9/30 (192.0.2.8 - 192.0.2.11) 7458dd7a8dSBenedikt Spranger 7558dd7a8dSBenedikt Spranger*bridge* 7658dd7a8dSBenedikt Spranger * br0: 192.0.2.129/25 (192.0.2.128 - 192.0.2.255) 7758dd7a8dSBenedikt Spranger 7858dd7a8dSBenedikt Spranger*gateway* 7958dd7a8dSBenedikt Spranger * br0: 192.0.2.129/25 (192.0.2.128 - 192.0.2.255) 8058dd7a8dSBenedikt Spranger * wan: 192.0.2.1/30 (192.0.2.0 - 192.0.2.3) 8158dd7a8dSBenedikt Spranger 8258dd7a8dSBenedikt Spranger.. _dsa-tagged-configuration: 8358dd7a8dSBenedikt Spranger 8458dd7a8dSBenedikt SprangerConfiguration with tagging support 8558dd7a8dSBenedikt Spranger---------------------------------- 8658dd7a8dSBenedikt Spranger 8758dd7a8dSBenedikt SprangerThe tagging based configuration is desired and supported by the majority of 8858dd7a8dSBenedikt SprangerDSA switches. These switches are capable to tag incoming and outgoing traffic 8958dd7a8dSBenedikt Sprangerwithout using a VLAN based configuration. 9058dd7a8dSBenedikt Spranger 91e322bacbSVladimir Oltean*single port* 9258dd7a8dSBenedikt Spranger .. code-block:: sh 9358dd7a8dSBenedikt Spranger 9458dd7a8dSBenedikt Spranger # configure each interface 9558dd7a8dSBenedikt Spranger ip addr add 192.0.2.1/30 dev lan1 9658dd7a8dSBenedikt Spranger ip addr add 192.0.2.5/30 dev lan2 9758dd7a8dSBenedikt Spranger ip addr add 192.0.2.9/30 dev lan3 9858dd7a8dSBenedikt Spranger 990929ff71SVladimir Oltean # For kernels earlier than v5.12, the master interface needs to be 1000929ff71SVladimir Oltean # brought up manually before the slave ports. 10158dd7a8dSBenedikt Spranger ip link set eth0 up 10258dd7a8dSBenedikt Spranger 10358dd7a8dSBenedikt Spranger # bring up the slave interfaces 10458dd7a8dSBenedikt Spranger ip link set lan1 up 10558dd7a8dSBenedikt Spranger ip link set lan2 up 10658dd7a8dSBenedikt Spranger ip link set lan3 up 10758dd7a8dSBenedikt Spranger 108e322bacbSVladimir Oltean*bridge* 10958dd7a8dSBenedikt Spranger .. code-block:: sh 11058dd7a8dSBenedikt Spranger 1110929ff71SVladimir Oltean # For kernels earlier than v5.12, the master interface needs to be 1120929ff71SVladimir Oltean # brought up manually before the slave ports. 11358dd7a8dSBenedikt Spranger ip link set eth0 up 11458dd7a8dSBenedikt Spranger 11558dd7a8dSBenedikt Spranger # bring up the slave interfaces 11658dd7a8dSBenedikt Spranger ip link set lan1 up 11758dd7a8dSBenedikt Spranger ip link set lan2 up 11858dd7a8dSBenedikt Spranger ip link set lan3 up 11958dd7a8dSBenedikt Spranger 12058dd7a8dSBenedikt Spranger # create bridge 12158dd7a8dSBenedikt Spranger ip link add name br0 type bridge 12258dd7a8dSBenedikt Spranger 12358dd7a8dSBenedikt Spranger # add ports to bridge 12458dd7a8dSBenedikt Spranger ip link set dev lan1 master br0 12558dd7a8dSBenedikt Spranger ip link set dev lan2 master br0 12658dd7a8dSBenedikt Spranger ip link set dev lan3 master br0 12758dd7a8dSBenedikt Spranger 12858dd7a8dSBenedikt Spranger # configure the bridge 12958dd7a8dSBenedikt Spranger ip addr add 192.0.2.129/25 dev br0 13058dd7a8dSBenedikt Spranger 13158dd7a8dSBenedikt Spranger # bring up the bridge 13258dd7a8dSBenedikt Spranger ip link set dev br0 up 13358dd7a8dSBenedikt Spranger 134e322bacbSVladimir Oltean*gateway* 13558dd7a8dSBenedikt Spranger .. code-block:: sh 13658dd7a8dSBenedikt Spranger 1370929ff71SVladimir Oltean # For kernels earlier than v5.12, the master interface needs to be 1380929ff71SVladimir Oltean # brought up manually before the slave ports. 13958dd7a8dSBenedikt Spranger ip link set eth0 up 14058dd7a8dSBenedikt Spranger 14158dd7a8dSBenedikt Spranger # bring up the slave interfaces 14258dd7a8dSBenedikt Spranger ip link set wan up 14358dd7a8dSBenedikt Spranger ip link set lan1 up 14458dd7a8dSBenedikt Spranger ip link set lan2 up 14558dd7a8dSBenedikt Spranger 14658dd7a8dSBenedikt Spranger # configure the upstream port 14758dd7a8dSBenedikt Spranger ip addr add 192.0.2.1/30 dev wan 14858dd7a8dSBenedikt Spranger 14958dd7a8dSBenedikt Spranger # create bridge 15058dd7a8dSBenedikt Spranger ip link add name br0 type bridge 15158dd7a8dSBenedikt Spranger 15258dd7a8dSBenedikt Spranger # add ports to bridge 15358dd7a8dSBenedikt Spranger ip link set dev lan1 master br0 15458dd7a8dSBenedikt Spranger ip link set dev lan2 master br0 15558dd7a8dSBenedikt Spranger 15658dd7a8dSBenedikt Spranger # configure the bridge 15758dd7a8dSBenedikt Spranger ip addr add 192.0.2.129/25 dev br0 15858dd7a8dSBenedikt Spranger 15958dd7a8dSBenedikt Spranger # bring up the bridge 16058dd7a8dSBenedikt Spranger ip link set dev br0 up 16158dd7a8dSBenedikt Spranger 16258dd7a8dSBenedikt Spranger.. _dsa-vlan-configuration: 16358dd7a8dSBenedikt Spranger 16458dd7a8dSBenedikt SprangerConfiguration without tagging support 16558dd7a8dSBenedikt Spranger------------------------------------- 16658dd7a8dSBenedikt Spranger 16758dd7a8dSBenedikt SprangerA minority of switches are not capable to use a taging protocol 16858dd7a8dSBenedikt Spranger(DSA_TAG_PROTO_NONE). These switches can be configured by a VLAN based 16958dd7a8dSBenedikt Sprangerconfiguration. 17058dd7a8dSBenedikt Spranger 171e322bacbSVladimir Oltean*single port* 17258dd7a8dSBenedikt Spranger The configuration can only be set up via VLAN tagging and bridge setup. 17358dd7a8dSBenedikt Spranger 17458dd7a8dSBenedikt Spranger .. code-block:: sh 17558dd7a8dSBenedikt Spranger 17658dd7a8dSBenedikt Spranger # tag traffic on CPU port 17758dd7a8dSBenedikt Spranger ip link add link eth0 name eth0.1 type vlan id 1 17858dd7a8dSBenedikt Spranger ip link add link eth0 name eth0.2 type vlan id 2 17958dd7a8dSBenedikt Spranger ip link add link eth0 name eth0.3 type vlan id 3 18058dd7a8dSBenedikt Spranger 1810929ff71SVladimir Oltean # For kernels earlier than v5.12, the master interface needs to be 1820929ff71SVladimir Oltean # brought up manually before the slave ports. 18358dd7a8dSBenedikt Spranger ip link set eth0 up 18458dd7a8dSBenedikt Spranger ip link set eth0.1 up 18558dd7a8dSBenedikt Spranger ip link set eth0.2 up 18658dd7a8dSBenedikt Spranger ip link set eth0.3 up 18758dd7a8dSBenedikt Spranger 18858dd7a8dSBenedikt Spranger # bring up the slave interfaces 18958dd7a8dSBenedikt Spranger ip link set lan1 up 190af0ae997SPaul Barker ip link set lan2 up 19158dd7a8dSBenedikt Spranger ip link set lan3 up 19258dd7a8dSBenedikt Spranger 19358dd7a8dSBenedikt Spranger # create bridge 19458dd7a8dSBenedikt Spranger ip link add name br0 type bridge 19558dd7a8dSBenedikt Spranger 19658dd7a8dSBenedikt Spranger # activate VLAN filtering 19758dd7a8dSBenedikt Spranger ip link set dev br0 type bridge vlan_filtering 1 19858dd7a8dSBenedikt Spranger 19958dd7a8dSBenedikt Spranger # add ports to bridges 20058dd7a8dSBenedikt Spranger ip link set dev lan1 master br0 20158dd7a8dSBenedikt Spranger ip link set dev lan2 master br0 20258dd7a8dSBenedikt Spranger ip link set dev lan3 master br0 20358dd7a8dSBenedikt Spranger 20458dd7a8dSBenedikt Spranger # tag traffic on ports 20558dd7a8dSBenedikt Spranger bridge vlan add dev lan1 vid 1 pvid untagged 20658dd7a8dSBenedikt Spranger bridge vlan add dev lan2 vid 2 pvid untagged 20758dd7a8dSBenedikt Spranger bridge vlan add dev lan3 vid 3 pvid untagged 20858dd7a8dSBenedikt Spranger 20958dd7a8dSBenedikt Spranger # configure the VLANs 21058dd7a8dSBenedikt Spranger ip addr add 192.0.2.1/30 dev eth0.1 21158dd7a8dSBenedikt Spranger ip addr add 192.0.2.5/30 dev eth0.2 21258dd7a8dSBenedikt Spranger ip addr add 192.0.2.9/30 dev eth0.3 21358dd7a8dSBenedikt Spranger 21458dd7a8dSBenedikt Spranger # bring up the bridge devices 21558dd7a8dSBenedikt Spranger ip link set br0 up 21658dd7a8dSBenedikt Spranger 21758dd7a8dSBenedikt Spranger 218e322bacbSVladimir Oltean*bridge* 21958dd7a8dSBenedikt Spranger .. code-block:: sh 22058dd7a8dSBenedikt Spranger 22158dd7a8dSBenedikt Spranger # tag traffic on CPU port 22258dd7a8dSBenedikt Spranger ip link add link eth0 name eth0.1 type vlan id 1 22358dd7a8dSBenedikt Spranger 2240929ff71SVladimir Oltean # For kernels earlier than v5.12, the master interface needs to be 2250929ff71SVladimir Oltean # brought up manually before the slave ports. 22658dd7a8dSBenedikt Spranger ip link set eth0 up 22758dd7a8dSBenedikt Spranger ip link set eth0.1 up 22858dd7a8dSBenedikt Spranger 22958dd7a8dSBenedikt Spranger # bring up the slave interfaces 23058dd7a8dSBenedikt Spranger ip link set lan1 up 23158dd7a8dSBenedikt Spranger ip link set lan2 up 23258dd7a8dSBenedikt Spranger ip link set lan3 up 23358dd7a8dSBenedikt Spranger 23458dd7a8dSBenedikt Spranger # create bridge 23558dd7a8dSBenedikt Spranger ip link add name br0 type bridge 23658dd7a8dSBenedikt Spranger 23758dd7a8dSBenedikt Spranger # activate VLAN filtering 23858dd7a8dSBenedikt Spranger ip link set dev br0 type bridge vlan_filtering 1 23958dd7a8dSBenedikt Spranger 24058dd7a8dSBenedikt Spranger # add ports to bridge 24158dd7a8dSBenedikt Spranger ip link set dev lan1 master br0 24258dd7a8dSBenedikt Spranger ip link set dev lan2 master br0 24358dd7a8dSBenedikt Spranger ip link set dev lan3 master br0 24458dd7a8dSBenedikt Spranger ip link set eth0.1 master br0 24558dd7a8dSBenedikt Spranger 24658dd7a8dSBenedikt Spranger # tag traffic on ports 24758dd7a8dSBenedikt Spranger bridge vlan add dev lan1 vid 1 pvid untagged 24858dd7a8dSBenedikt Spranger bridge vlan add dev lan2 vid 1 pvid untagged 24958dd7a8dSBenedikt Spranger bridge vlan add dev lan3 vid 1 pvid untagged 25058dd7a8dSBenedikt Spranger 25158dd7a8dSBenedikt Spranger # configure the bridge 25258dd7a8dSBenedikt Spranger ip addr add 192.0.2.129/25 dev br0 25358dd7a8dSBenedikt Spranger 25458dd7a8dSBenedikt Spranger # bring up the bridge 25558dd7a8dSBenedikt Spranger ip link set dev br0 up 25658dd7a8dSBenedikt Spranger 257e322bacbSVladimir Oltean*gateway* 25858dd7a8dSBenedikt Spranger .. code-block:: sh 25958dd7a8dSBenedikt Spranger 26058dd7a8dSBenedikt Spranger # tag traffic on CPU port 26158dd7a8dSBenedikt Spranger ip link add link eth0 name eth0.1 type vlan id 1 26258dd7a8dSBenedikt Spranger ip link add link eth0 name eth0.2 type vlan id 2 26358dd7a8dSBenedikt Spranger 2640929ff71SVladimir Oltean # For kernels earlier than v5.12, the master interface needs to be 2650929ff71SVladimir Oltean # brought up manually before the slave ports. 26658dd7a8dSBenedikt Spranger ip link set eth0 up 26758dd7a8dSBenedikt Spranger ip link set eth0.1 up 26858dd7a8dSBenedikt Spranger ip link set eth0.2 up 26958dd7a8dSBenedikt Spranger 27058dd7a8dSBenedikt Spranger # bring up the slave interfaces 27158dd7a8dSBenedikt Spranger ip link set wan up 27258dd7a8dSBenedikt Spranger ip link set lan1 up 27358dd7a8dSBenedikt Spranger ip link set lan2 up 27458dd7a8dSBenedikt Spranger 27558dd7a8dSBenedikt Spranger # create bridge 27658dd7a8dSBenedikt Spranger ip link add name br0 type bridge 27758dd7a8dSBenedikt Spranger 27858dd7a8dSBenedikt Spranger # activate VLAN filtering 27958dd7a8dSBenedikt Spranger ip link set dev br0 type bridge vlan_filtering 1 28058dd7a8dSBenedikt Spranger 28158dd7a8dSBenedikt Spranger # add ports to bridges 28258dd7a8dSBenedikt Spranger ip link set dev wan master br0 28358dd7a8dSBenedikt Spranger ip link set eth0.1 master br0 28458dd7a8dSBenedikt Spranger ip link set dev lan1 master br0 28558dd7a8dSBenedikt Spranger ip link set dev lan2 master br0 28658dd7a8dSBenedikt Spranger 28758dd7a8dSBenedikt Spranger # tag traffic on ports 28858dd7a8dSBenedikt Spranger bridge vlan add dev lan1 vid 1 pvid untagged 28958dd7a8dSBenedikt Spranger bridge vlan add dev lan2 vid 1 pvid untagged 29058dd7a8dSBenedikt Spranger bridge vlan add dev wan vid 2 pvid untagged 29158dd7a8dSBenedikt Spranger 29258dd7a8dSBenedikt Spranger # configure the VLANs 29358dd7a8dSBenedikt Spranger ip addr add 192.0.2.1/30 dev eth0.2 29458dd7a8dSBenedikt Spranger ip addr add 192.0.2.129/25 dev br0 29558dd7a8dSBenedikt Spranger 29658dd7a8dSBenedikt Spranger # bring up the bridge devices 29758dd7a8dSBenedikt Spranger ip link set br0 up 298b117e1e8SVladimir Oltean 299b117e1e8SVladimir OlteanForwarding database (FDB) management 300b117e1e8SVladimir Oltean------------------------------------ 301b117e1e8SVladimir Oltean 302b117e1e8SVladimir OlteanThe existing DSA switches do not have the necessary hardware support to keep 303b117e1e8SVladimir Olteanthe software FDB of the bridge in sync with the hardware tables, so the two 304b117e1e8SVladimir Olteantables are managed separately (``bridge fdb show`` queries both, and depending 305b117e1e8SVladimir Olteanon whether the ``self`` or ``master`` flags are being used, a ``bridge fdb 306b117e1e8SVladimir Olteanadd`` or ``bridge fdb del`` command acts upon entries from one or both tables). 307b117e1e8SVladimir Oltean 308b117e1e8SVladimir OlteanUp until kernel v4.14, DSA only supported user space management of bridge FDB 309b117e1e8SVladimir Olteanentries using the bridge bypass operations (which do not update the software 310b117e1e8SVladimir OlteanFDB, just the hardware one) using the ``self`` flag (which is optional and can 311b117e1e8SVladimir Olteanbe omitted). 312b117e1e8SVladimir Oltean 313b117e1e8SVladimir Oltean .. code-block:: sh 314b117e1e8SVladimir Oltean 315b117e1e8SVladimir Oltean bridge fdb add dev swp0 00:01:02:03:04:05 self static 316b117e1e8SVladimir Oltean # or shorthand 317b117e1e8SVladimir Oltean bridge fdb add dev swp0 00:01:02:03:04:05 static 318b117e1e8SVladimir Oltean 319b117e1e8SVladimir OlteanDue to a bug, the bridge bypass FDB implementation provided by DSA did not 320b117e1e8SVladimir Olteandistinguish between ``static`` and ``local`` FDB entries (``static`` are meant 321b117e1e8SVladimir Olteanto be forwarded, while ``local`` are meant to be locally terminated, i.e. sent 322b117e1e8SVladimir Olteanto the host port). Instead, all FDB entries with the ``self`` flag (implicit or 323b117e1e8SVladimir Olteanexplicit) are treated by DSA as ``static`` even if they are ``local``. 324b117e1e8SVladimir Oltean 325b117e1e8SVladimir Oltean .. code-block:: sh 326b117e1e8SVladimir Oltean 327b117e1e8SVladimir Oltean # This command: 328b117e1e8SVladimir Oltean bridge fdb add dev swp0 00:01:02:03:04:05 static 329b117e1e8SVladimir Oltean # behaves the same for DSA as this command: 330b117e1e8SVladimir Oltean bridge fdb add dev swp0 00:01:02:03:04:05 local 331b117e1e8SVladimir Oltean # or shorthand, because the 'local' flag is implicit if 'static' is not 332b117e1e8SVladimir Oltean # specified, it also behaves the same as: 333b117e1e8SVladimir Oltean bridge fdb add dev swp0 00:01:02:03:04:05 334b117e1e8SVladimir Oltean 335b117e1e8SVladimir OlteanThe last command is an incorrect way of adding a static bridge FDB entry to a 336b117e1e8SVladimir OlteanDSA switch using the bridge bypass operations, and works by mistake. Other 337b117e1e8SVladimir Olteandrivers will treat an FDB entry added by the same command as ``local`` and as 338b117e1e8SVladimir Olteansuch, will not forward it, as opposed to DSA. 339b117e1e8SVladimir Oltean 340b117e1e8SVladimir OlteanBetween kernel v4.14 and v5.14, DSA has supported in parallel two modes of 341b117e1e8SVladimir Olteanadding a bridge FDB entry to the switch: the bridge bypass discussed above, as 342b117e1e8SVladimir Olteanwell as a new mode using the ``master`` flag which installs FDB entries in the 343b117e1e8SVladimir Olteansoftware bridge too. 344b117e1e8SVladimir Oltean 345b117e1e8SVladimir Oltean .. code-block:: sh 346b117e1e8SVladimir Oltean 347b117e1e8SVladimir Oltean bridge fdb add dev swp0 00:01:02:03:04:05 master static 348b117e1e8SVladimir Oltean 349b117e1e8SVladimir OlteanSince kernel v5.14, DSA has gained stronger integration with the bridge's 350b117e1e8SVladimir Olteansoftware FDB, and the support for its bridge bypass FDB implementation (using 351b117e1e8SVladimir Olteanthe ``self`` flag) has been removed. This results in the following changes: 352b117e1e8SVladimir Oltean 353b117e1e8SVladimir Oltean .. code-block:: sh 354b117e1e8SVladimir Oltean 355b117e1e8SVladimir Oltean # This is the only valid way of adding an FDB entry that is supported, 356b117e1e8SVladimir Oltean # compatible with v4.14 kernels and later: 357b117e1e8SVladimir Oltean bridge fdb add dev swp0 00:01:02:03:04:05 master static 358b117e1e8SVladimir Oltean # This command is no longer buggy and the entry is properly treated as 359b117e1e8SVladimir Oltean # 'local' instead of being forwarded: 360b117e1e8SVladimir Oltean bridge fdb add dev swp0 00:01:02:03:04:05 361b117e1e8SVladimir Oltean # This command no longer installs a static FDB entry to hardware: 362b117e1e8SVladimir Oltean bridge fdb add dev swp0 00:01:02:03:04:05 static 363b117e1e8SVladimir Oltean 364b117e1e8SVladimir OlteanScript writers are therefore encouraged to use the ``master static`` set of 365b117e1e8SVladimir Olteanflags when working with bridge FDB entries on DSA switch interfaces. 3660773e3a8SVladimir Oltean 3670773e3a8SVladimir OlteanAffinity of user ports to CPU ports 3680773e3a8SVladimir Oltean----------------------------------- 3690773e3a8SVladimir Oltean 3700773e3a8SVladimir OlteanTypically, DSA switches are attached to the host via a single Ethernet 3710773e3a8SVladimir Olteaninterface, but in cases where the switch chip is discrete, the hardware design 3720773e3a8SVladimir Olteanmay permit the use of 2 or more ports connected to the host, for an increase in 3730773e3a8SVladimir Olteantermination throughput. 3740773e3a8SVladimir Oltean 3750773e3a8SVladimir OlteanDSA can make use of multiple CPU ports in two ways. First, it is possible to 3760773e3a8SVladimir Olteanstatically assign the termination traffic associated with a certain user port 3770773e3a8SVladimir Olteanto be processed by a certain CPU port. This way, user space can implement 3780773e3a8SVladimir Olteancustom policies of static load balancing between user ports, by spreading the 3790773e3a8SVladimir Olteanaffinities according to the available CPU ports. 3800773e3a8SVladimir Oltean 3810773e3a8SVladimir OlteanSecondly, it is possible to perform load balancing between CPU ports on a per 3820773e3a8SVladimir Olteanpacket basis, rather than statically assigning user ports to CPU ports. 3830773e3a8SVladimir OlteanThis can be achieved by placing the DSA masters under a LAG interface (bonding 3840773e3a8SVladimir Olteanor team). DSA monitors this operation and creates a mirror of this software LAG 3850773e3a8SVladimir Olteanon the CPU ports facing the physical DSA masters that constitute the LAG slave 3860773e3a8SVladimir Olteandevices. 3870773e3a8SVladimir Oltean 3880773e3a8SVladimir OlteanTo make use of multiple CPU ports, the firmware (device tree) description of 3890773e3a8SVladimir Olteanthe switch must mark all the links between CPU ports and their DSA masters 3900773e3a8SVladimir Olteanusing the ``ethernet`` reference/phandle. At startup, only a single CPU port 3910773e3a8SVladimir Olteanand DSA master will be used - the numerically first port from the firmware 3920773e3a8SVladimir Olteandescription which has an ``ethernet`` property. It is up to the user to 3930773e3a8SVladimir Olteanconfigure the system for the switch to use other masters. 3940773e3a8SVladimir Oltean 3950773e3a8SVladimir OlteanDSA uses the ``rtnl_link_ops`` mechanism (with a "dsa" ``kind``) to allow 3960773e3a8SVladimir Olteanchanging the DSA master of a user port. The ``IFLA_DSA_MASTER`` u32 netlink 3970773e3a8SVladimir Olteanattribute contains the ifindex of the master device that handles each slave 3980773e3a8SVladimir Olteandevice. The DSA master must be a valid candidate based on firmware node 3990773e3a8SVladimir Olteaninformation, or a LAG interface which contains only slaves which are valid 4000773e3a8SVladimir Olteancandidates. 4010773e3a8SVladimir Oltean 4020773e3a8SVladimir OlteanUsing iproute2, the following manipulations are possible: 4030773e3a8SVladimir Oltean 4040773e3a8SVladimir Oltean .. code-block:: sh 4050773e3a8SVladimir Oltean 4060773e3a8SVladimir Oltean # See the DSA master in current use 4070773e3a8SVladimir Oltean ip -d link show dev swp0 4080773e3a8SVladimir Oltean (...) 4090773e3a8SVladimir Oltean dsa master eth0 4100773e3a8SVladimir Oltean 4110773e3a8SVladimir Oltean # Static CPU port distribution 4120773e3a8SVladimir Oltean ip link set swp0 type dsa master eth1 4130773e3a8SVladimir Oltean ip link set swp1 type dsa master eth0 4140773e3a8SVladimir Oltean ip link set swp2 type dsa master eth1 4150773e3a8SVladimir Oltean ip link set swp3 type dsa master eth0 4160773e3a8SVladimir Oltean 4170773e3a8SVladimir Oltean # CPU ports in LAG, using explicit assignment of the DSA master 4180773e3a8SVladimir Oltean ip link add bond0 type bond mode balance-xor && ip link set bond0 up 4190773e3a8SVladimir Oltean ip link set eth1 down && ip link set eth1 master bond0 4200773e3a8SVladimir Oltean ip link set swp0 type dsa master bond0 4210773e3a8SVladimir Oltean ip link set swp1 type dsa master bond0 4220773e3a8SVladimir Oltean ip link set swp2 type dsa master bond0 4230773e3a8SVladimir Oltean ip link set swp3 type dsa master bond0 4240773e3a8SVladimir Oltean ip link set eth0 down && ip link set eth0 master bond0 4250773e3a8SVladimir Oltean ip -d link show dev swp0 4260773e3a8SVladimir Oltean (...) 4270773e3a8SVladimir Oltean dsa master bond0 4280773e3a8SVladimir Oltean 4290773e3a8SVladimir Oltean # CPU ports in LAG, relying on implicit migration of the DSA master 4300773e3a8SVladimir Oltean ip link add bond0 type bond mode balance-xor && ip link set bond0 up 4310773e3a8SVladimir Oltean ip link set eth0 down && ip link set eth0 master bond0 4320773e3a8SVladimir Oltean ip link set eth1 down && ip link set eth1 master bond0 4330773e3a8SVladimir Oltean ip -d link show dev swp0 4340773e3a8SVladimir Oltean (...) 4350773e3a8SVladimir Oltean dsa master bond0 4360773e3a8SVladimir Oltean 4370773e3a8SVladimir OlteanNotice that in the case of CPU ports under a LAG, the use of the 4380773e3a8SVladimir Oltean``IFLA_DSA_MASTER`` netlink attribute is not strictly needed, but rather, DSA 4390773e3a8SVladimir Olteanreacts to the ``IFLA_MASTER`` attribute change of its present master (``eth0``) 4400773e3a8SVladimir Olteanand migrates all user ports to the new upper of ``eth0``, ``bond0``. Similarly, 4410773e3a8SVladimir Olteanwhen ``bond0`` is destroyed using ``RTM_DELLINK``, DSA migrates the user ports 4420773e3a8SVladimir Olteanthat were assigned to this interface to the first physical DSA master which is 4430773e3a8SVladimir Olteaneligible, based on the firmware description (it effectively reverts to the 4440773e3a8SVladimir Olteanstartup configuration). 4450773e3a8SVladimir Oltean 4460773e3a8SVladimir OlteanIn a setup with more than 2 physical CPU ports, it is therefore possible to mix 4470773e3a8SVladimir Olteanstatic user to CPU port assignment with LAG between DSA masters. It is not 4480773e3a8SVladimir Olteanpossible to statically assign a user port towards a DSA master that has any 4490773e3a8SVladimir Olteanupper interfaces (this includes LAG devices - the master must always be the LAG 4500773e3a8SVladimir Olteanin this case). 4510773e3a8SVladimir Oltean 4520773e3a8SVladimir OlteanLive changing of the DSA master (and thus CPU port) affinity of a user port is 4530773e3a8SVladimir Olteanpermitted, in order to allow dynamic redistribution in response to traffic. 4540773e3a8SVladimir Oltean 4550773e3a8SVladimir OlteanPhysical DSA masters are allowed to join and leave at any time a LAG interface 4560773e3a8SVladimir Olteanused as a DSA master; however, DSA will reject a LAG interface as a valid 4570773e3a8SVladimir Olteancandidate for being a DSA master unless it has at least one physical DSA master 4580773e3a8SVladimir Olteanas a slave device. 459