Multicast traffic going out the non-primary interface can come back in
through the primary interface in alb mode. When there's a bridge sitting
on top of the bond, with virtual machines behind it, attached to vnetX
interfaces also acting as bridge ports, this can cause problems. The
multicast traffic ends up rewriting the bridge forwarding database
entries, replacing a vnetX entry in the fdb with the bond instead, at
which point, we lose traffic. If we don't tx balance multicast traffic, we
don't break connectivity.
Cc: Jay Vosburgh <[email protected]>
Cc: Veaceslav Falico <[email protected]>
Cc: Andy Gospodarek <[email protected]>
Cc: "David S. Miller" <[email protected]>
Cc: Jakub Kicinski <[email protected]>
Cc: Thomas Davis <[email protected]>
Cc: [email protected]
Signed-off-by: Jarod Wilson <[email protected]>
---
drivers/net/bonding/bond_alb.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/net/bonding/bond_alb.c b/drivers/net/bonding/bond_alb.c
index ce8257c7cbea..4df661b77252 100644
--- a/drivers/net/bonding/bond_alb.c
+++ b/drivers/net/bonding/bond_alb.c
@@ -1422,6 +1422,7 @@ struct slave *bond_xmit_alb_slave_get(struct bonding *bond,
const struct iphdr *iph;
if (is_broadcast_ether_addr(eth_data->h_dest) ||
+ is_multicast_ether_addr(eth_data->h_dest) ||
!pskb_network_may_pull(skb, sizeof(*iph))) {
do_tx_balance = false;
break;
@@ -1441,7 +1442,8 @@ struct slave *bond_xmit_alb_slave_get(struct bonding *bond,
/* IPv6 doesn't really use broadcast mac address, but leave
* that here just in case.
*/
- if (is_broadcast_ether_addr(eth_data->h_dest)) {
+ if (is_broadcast_ether_addr(eth_data->h_dest) ||
+ is_multicast_ether_addr(eth_data->h_dest)) {
do_tx_balance = false;
break;
}
--
2.30.2
Jarod Wilson <[email protected]> wrote:
>Multicast traffic going out the non-primary interface can come back in
>through the primary interface in alb mode. When there's a bridge sitting
>on top of the bond, with virtual machines behind it, attached to vnetX
>interfaces also acting as bridge ports, this can cause problems. The
>multicast traffic ends up rewriting the bridge forwarding database
>entries, replacing a vnetX entry in the fdb with the bond instead, at
>which point, we lose traffic. If we don't tx balance multicast traffic, we
>don't break connectivity.
Just so I'm clear, the rewrite happens because the "looped"
frame bears the source MAC of the VM behind the bridge, but is arriving
at the bridge via the bond, correct?
If so this change seems reasonable, with one minor nit, below.
>Cc: Jay Vosburgh <[email protected]>
>Cc: Veaceslav Falico <[email protected]>
>Cc: Andy Gospodarek <[email protected]>
>Cc: "David S. Miller" <[email protected]>
>Cc: Jakub Kicinski <[email protected]>
>Cc: Thomas Davis <[email protected]>
>Cc: [email protected]
>Signed-off-by: Jarod Wilson <[email protected]>
>---
> drivers/net/bonding/bond_alb.c | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
>
>diff --git a/drivers/net/bonding/bond_alb.c b/drivers/net/bonding/bond_alb.c
>index ce8257c7cbea..4df661b77252 100644
>--- a/drivers/net/bonding/bond_alb.c
>+++ b/drivers/net/bonding/bond_alb.c
>@@ -1422,6 +1422,7 @@ struct slave *bond_xmit_alb_slave_get(struct bonding *bond,
> const struct iphdr *iph;
>
> if (is_broadcast_ether_addr(eth_data->h_dest) ||
>+ is_multicast_ether_addr(eth_data->h_dest) ||
Note that is_multicast_ is a superset of is_broadcast_, so in
this case (and the one below) is_broadcast_ can simply be replaced by
is_multicast_. Granted, is_broadcast_ is cheap, but this is in the TX
path for every packet.
-J
> !pskb_network_may_pull(skb, sizeof(*iph))) {
> do_tx_balance = false;
> break;
>@@ -1441,7 +1442,8 @@ struct slave *bond_xmit_alb_slave_get(struct bonding *bond,
> /* IPv6 doesn't really use broadcast mac address, but leave
> * that here just in case.
> */
>- if (is_broadcast_ether_addr(eth_data->h_dest)) {
>+ if (is_broadcast_ether_addr(eth_data->h_dest) ||
>+ is_multicast_ether_addr(eth_data->h_dest)) {
> do_tx_balance = false;
> break;
> }
>--
>2.30.2
>
---
-Jay Vosburgh, [email protected]