Hi,
I'm currently working on adding support for bridge-global VLAN options
to systemd-networkd.
Simply put, those options are multicast-related, set per VLAN and apply
to a bridge as a whole. That is unlike the existing [BridgeVLAN] options
which apply to just a single port.
These options also enable VLAN-aware multicast snooping and querying,
which is exactly my use-case. Without these options set, the kernel's
multicast querier will only inject untagged packets into the bridge.
I'm posting this RFC here because the implementation in systemd-networkd
maybe got a little bit messy. I chose to add a new [BridgeVLAN] section
to netdev. No other place felt quite right as these options apply to all
of the bridge. But the settings from that section cannot be applied
until after the bridge is aware of VLANs from one of more network units.
The kernel rejects BRIDGE_VLANDB_GLOBAL_OPTIONS until after
IFLA_BRIDGE_VLAN_INFO.
My approach right now is to use the async netlink completion handler of
SET_LINK_BRIDGE_VLAN and from there hook back into netdev. There, only
those global options will be set, which correspond to the VLANs of the
port that just had its SET_LINK_BRIDGE_VLAN complete.
As an example, consider:
# 10-br0.netdev
[NetDev]
Name=br0
Kind=bridge
[Bridge]
MulticastVLANSnooping=yes
VLANFiltering=yes
[BridgeVLAN]
VLAN=1-2
MulticastSnooping=yes
# 10-br0-port0.network
[Match]
Name=br0-port0
[Network]
Bridge=br0
[BridgeVLAN]
VLAN=1
Here, the bridge is supposed to do multicast snooping for both VLANs 1
and 2. This will not be configured immediately after the netdev has been
created. Instead, the port br0-port0 is configured first. That then
triggers configuration of the global VLAN options in netdev again.
However, multicast snooping is only configured for VLAN 1 in this case.
My work-in-progress state is at [0] (top 4 commits). I hope you don't
mind that it is based on an older state of systemd for this RFC. I'd
rebase them onto main of course if this feature gets into state suitable
for mainline systemd.
In Linux, these options exist since 5.15 [1].
I'd very much appreciate some input.
Cheers,
Dennis Hamester
[0]
https://github.com/dennis-hamester/systemd/commits/wip/bridge-global-vlan
[1]
https://lore.kernel.org/netdev/20210719170637.435541-1-razor@xxxxxxxxxxxxx/
--
Dennis Hamester
Software Engineering Lead
jusst.engineering
Wrangelstraße 111
D - 20253 Hamburg
tel: +49 40 521 600 10
fax: +49 40 1800 86 76
mobil: +49 152 310 698 27
mail: dhamester@xxxxxxxx
https://jusst.engineering/
jusst technologies GmbH, Ohlstedter Straße 12, D - 22397 Hamburg
Vertretungsberechtigte Geschäftsführer: Julian Scheel, Sebastian Scheel
Registergericht: Amtsgericht Hamburg
Registernummer: HRB 94300
-
Confidentiality notice:
The content of this email is confidential.
If you are not the intended addressee, or if the information provided in
this
email or in its attachments is evidently not destined for you, please notify
us immediately and delete the message received in error including all its
attachments. Any unauthorized review, processing, distribution, copying,
storage, printout or other use of this message or its attachments is
prohibited.
