Received: by 2002:a25:6193:0:0:0:0:0 with SMTP id v141csp1478402ybb; Sun, 29 Mar 2020 05:51:04 -0700 (PDT) X-Google-Smtp-Source: ADFU+vsznwTU8NaMCH0s1LHT9AL4LXD/hApqUKoJkicv4IvYL70Rb1q8FkTgmz3Lckp6KrwrDzOK X-Received: by 2002:a54:4519:: with SMTP id l25mr4789770oil.92.1585486264079; Sun, 29 Mar 2020 05:51:04 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1585486264; cv=none; d=google.com; s=arc-20160816; b=WzDoPN3YpufGSg6LF8iTn27tOMnUT/Mv1RttT18GB3ZpRa5kPmC0u6cvsNWCou+x0X 75yAxaEVgTUpB1omj9HMjoPejV9/rRp2jOzhK6LaGUuiQhD7yGNdlLsW1NwcTb7B43VE RjWG5hnybGTAi3JlHfGZ268nCIyEBB+mFNOsRW2UN6ezeA4J/yp04+jJnkxNgWqL78Es 6TCwLvqOrQz1BVhTIGt5OKC375y7WikeZ5tNF6FPX50ltBRKBWt69ORAzUpBGcTXlAoZ kRT/YEStBiW/4VKWNBRNIDtE3TLqqF0P7j+gFaKjGf0mN4660xFHKfcYTlQKsHsjxB1W mhDg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:references:cc:to:from:subject:dkim-signature; bh=hep468mUU9yjlk0lo8Ll5NEANamiPkdiFkjeWP+RKOo=; b=mwhLITB13yfkeiEyC1jDNl4PqZMQezAxrAHnsdXCXKcvZy0a8ddHmqFfb59BHGDOAN auF2I0lRkvyWTbAgo+isA9TDzjF8w4m9feFh2OdXOTFptsAOIq1gOxHQjnjkmoWsuASy hg4Kycjr02gY/laaDFWFkJX3maKlQ20vdQPoIxE3aTtpuFeM5tCekuL9d2Hqc5lAwdIR cHPZGoFwuPY/4fSQBqqfjR1x/SSslBsMocfYBGqjdY97U7tXquFULl0rby5UW5xYTD7C XJpzUuY+E8CWJJ4XmbMHVwbRpGxnLvcg2sWtjnyXW3+L7QPmjAkVlgPx2xo2gTKFXA/F 4YNg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@cumulusnetworks.com header.s=google header.b=CyeDmqtM; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=cumulusnetworks.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id y5si4011262oiy.150.2020.03.29.05.50.51; Sun, 29 Mar 2020 05:51:04 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@cumulusnetworks.com header.s=google header.b=CyeDmqtM; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=cumulusnetworks.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728214AbgC2Mte (ORCPT + 99 others); Sun, 29 Mar 2020 08:49:34 -0400 Received: from mail-lf1-f67.google.com ([209.85.167.67]:35861 "EHLO mail-lf1-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728087AbgC2Mtd (ORCPT ); Sun, 29 Mar 2020 08:49:33 -0400 Received: by mail-lf1-f67.google.com with SMTP id u15so2512383lfi.3 for ; Sun, 29 Mar 2020 05:49:31 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cumulusnetworks.com; s=google; h=subject:from:to:cc:references:message-id:date:user-agent :mime-version:in-reply-to:content-language:content-transfer-encoding; bh=hep468mUU9yjlk0lo8Ll5NEANamiPkdiFkjeWP+RKOo=; b=CyeDmqtM4uJuQfEsdFN2pxNtv24FmO35iNKb9pPGIpeJC8n4rN8U7q15dMWHoZMDO+ ywVrdsftEj1zMNJWgoLCkqXyE92t8IRXh/LjHnCsqB8IGlbwr6PA6d1wushJAYORhEZf lm5u0E1xYZc85rd7FFTC3pBUaFsYqoWIPEZY0= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:from:to:cc:references:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=hep468mUU9yjlk0lo8Ll5NEANamiPkdiFkjeWP+RKOo=; b=JgnXgBBQP7nl7czKFXg0OlO6LrJyrf9Roc70wXkA5p/jD+SYnwNGf/pxq9OKqF60AA puBukMTXJXQ/VXwgapUzGheKg6MhozUBWcSHA+pU8YrR2LPBHIc2NXxtbwDA++qjoPfj hCMv1Vsk5f5XJ5WGMmocvoSibYTGoGgZD/rfrUJmDplry1rCl62fHEHAzvmA54dtGnOm c/OwScmIc5IxYUG2xq7p+GGJwijJ49K30TXAjm4/f3f/8VQ3MtEq08UOX1zniDB2M9Pi SDERf8L3AEvJhScZR1I/MRDDEle4BVy8Y4iDHZgNLv409Q00SDkV4SuJGAuwtt5/0dGD WBYg== X-Gm-Message-State: AGi0Pua4n2HZ72PaTznH8bxi1nl7HNGesyW3aQGqBpK+LR8k7L0aNYdZ mbOhz0Csb9hwUuz88WGGpmvyMQ== X-Received: by 2002:ac2:48b3:: with SMTP id u19mr5166575lfg.84.1585486170611; Sun, 29 Mar 2020 05:49:30 -0700 (PDT) Received: from [192.168.0.109] (84-238-136-197.ip.btc-net.bg. [84.238.136.197]) by smtp.gmail.com with ESMTPSA id n23sm5416058lji.59.2020.03.29.05.49.28 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Sun, 29 Mar 2020 05:49:29 -0700 (PDT) Subject: Re: [PATCH net-next 6/6] net: dsa: sja1105: add broadcast and per-traffic class policers From: Nikolay Aleksandrov To: Vladimir Oltean , Ido Schimmel Cc: Roopa Prabhu , Andrew Lunn , Florian Fainelli , Vivien Didelot , "David S. Miller" , Jiri Pirko , Jakub Kicinski , netdev , Xiaoliang Yang , lkml , Horatiu Vultur , Alexandre Belloni , "Allan W. Nielsen" , Joergen Andreasen , Microchip Linux Driver Support , "Y.b. Lu" , Alexandru Marginean , Po Liu , Claudiu Manoil , Li Yang References: <20200329005202.17926-1-olteanv@gmail.com> <20200329005202.17926-7-olteanv@gmail.com> <20200329095712.GA2188467@splinter> Message-ID: <469feba1-6e3a-712b-e080-681f3addf74c@cumulusnetworks.com> Date: Sun, 29 Mar 2020 15:49:27 +0300 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.5.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 29/03/2020 15:02, Nikolay Aleksandrov wrote: > On 29/03/2020 14:46, Vladimir Oltean wrote: >> On Sun, 29 Mar 2020 at 14:37, Vladimir Oltean wrote: >>> >>> On Sun, 29 Mar 2020 at 12:57, Ido Schimmel wrote: >>>> >>>> + Nik, Roopa >>>> >>>> On Sun, Mar 29, 2020 at 02:52:02AM +0200, Vladimir Oltean wrote: >>>>> From: Vladimir Oltean > [snip] >>>> In the past I was thinking about ways to implement this in Linux. The >>>> only place in the pipeline where packets are actually classified to >>>> broadcast / unknown unicast / multicast is at bridge ingress. Therefore, >>> >>> Actually I think only 'unknown unicast' is tricky here, and indeed the >>> bridge driver is the only place in the software datapath that would >>> know that. > > Yep, unknown unicast is hard to pass outside of the bridge, especially at ingress > where the bridge hasn't been hit yet. One possible solution is to expose a function > from the bridge which can make such a decision at the cost of 1 more fdb hash lookup, > but if the packet is going to hit the bridge anyway that cost won't be that high > since it will have to do the same. We already have some internal bridge functionality > exposed for netfilter, tc and some drivers so it would be in line with that. > I haven't looked into how feasible the above is, so I'm open to other ideas (the > bridge_slave functions for example, we've discussed such extensions before in other > contexts). But I think this can be much simpler if we just expose the unknown unicast > information, the mcast/bcast can be decided by the classifier already or with very > little change. I think such exposed function can be useful to netfilter as well. > Of course along with the unknown unicast, we should include unknown multicast. >>> I know very little about frame classification in the Linux network >>> stack, but would it be possible to introduce a match key in tc-flower >>> for whether packets have a known destination or not? >>> >>>> my thinking was to implement these storm control policers as a >>>> "bridge_slave" operation. It can then be offloaded to capable drivers >>>> via the switchdev framework. >>>> >>> >>> I think it would be a bit odd to duplicate tc functionality in the >>> bridge sysfs. I don't have a better suggestion though. >>> >> >> Not to mention that for hardware like this, to have the same level of >> flexibility via a switchdev control would mean to duplicate quite a >> lot of tc functionality. On this 5-port switch I can put a shared >> broadcast policer on 2 ports (via the ingress_block functionality), >> and individual policers on the other 3, and the bandwidth budgeting is >> separate. I can only assume that there are more switches out there >> that allow this. >>>>>> I think that if we have this implemented in the Linux bridge, then your >>>> patch can be used to support the policing of broadcast packets while >>>> returning an error if user tries to police unknown unicast or multicast >>>> packets. >>> >>> So even if the Linux bridge gains these knobs for flood policers, >>> still have the dst_mac ff:ff:ff:ff:ff:ff as a valid way to configure >>> one of those knobs? >>> >>>> Or maybe the hardware you are working with supports these types >>>> as well? >>> >>> Nope, on this hardware it's just broadcast, I just checked that. Which >>> simplifies things quite a bit. >>> >>>> >>>> WDYT? >>>> >>> >>> I don't know. >>> >>> Thanks, >>> -Vladimir >> >> -Vladimir >> >