linux DSA switch w/ Vlan-aware bridge setup

Kent2022

2/23/24, 3:03 AM

I'm working on a use case that SoC w/ only one ethnet port(eth1) connect to a SJA1105 switch chip. As mentioned in linux kernel documents, the DSA mechanism will take eth1 as management port and have limitation to open socket directly on this interface. For Vlan-unware case, I use the reference configuration from document as below:

ip link set eth1 up
ip link set swp1 up
ip link set swp2 up

ip link add name br0 type bridge

ip link set dev swp1 master br0
ip link set dev swp2 master br0

ip addr add 172.20.1.129/24 dev br0

ip link set dev br0 up

it works fine. I can use br0 as replacement of eth1 to access hosts behind swpN. But when it comes w/ Vlan-aware case, it doesn't work out. I still use the configuration revised from reference:

ip link set eth1 up

ip link set swp1 up
ip link set swp2 up

ip link add name br0 type bridge

ip link set dev br0 type bridge vlan_filtering 1

ip link set dev swp1 master br0
ip link set dev swp2 master br0

bridge vlan add dev swp1 vid 100 pvid untagged
bridge vlan add dev swp2 vid 100 pvid untagged
bridge vlan add dev br0 vid 100 pvid untagged self

ip addr add 172.20.1.129/24 dev br0

ip link set dev br0 up

The hosts behind swpN still can ping each other but can not ping br0, vice versa. tcpdump capture no packets on br0, but found packets on eth1.

is there anything wrong in my configuration? or any other methods to achieve the goal that cpu daemon can communicate w/ the hosts behind swpN w/ Vlan tagged in such setup?

Will really appreciate if any comments, thanks in advance!

206

1 + 5

linux

vlan

dsa

Nikita Kipriyanov

2/23/24, 6:11 AM

Please show your `bridge vlan show` you have after all configuration is made. Also, what is DSA?

Kent2022

2/23/24, 7:52 AM

DSA stands for Distributed Switch Architecture. It's a kind of new way to support switch chips connected/controlled by CPU.

Kent2022

2/23/24, 7:52 AM

@NikitaKipriyanov the output of bridge vlan show as below: bridge vlan show port vlan ids swp1 1 Egress Untagged 100 PVID Egress Untagged swp2 1 Egress Untagged 100 PVID Egress Untagged br0 1 Egress Untagged 100 PVID Egress Untagged

Nikita Kipriyanov

2/23/24, 7:57 AM

Remove vlan 1 from the br0 or make it tagged. The action of adding 100 as untagged & pvid doesn't automatically mean that something that it has before is removed. As you can guess from your output, it is currently confused by having two "egress" VLANs.

Kent2022

2/23/24, 10:24 AM

@NikitaKipriyanov, thanks for suggestion. I guess you mean to add line: bridge vlan del dev br0 vid 1 self. the output of bridge vlan show then looks like: bridge vlan show port vlan ids swp1 1 Egress Untagged 100 PVID Egress Untagged swp2 1 Egress Untagged 100 PVID Egress Untagged br0 100 PVID Egress Untagged but still can not ping from the hosts behind swpN to br0 interface。

Score:0

Server

Petr Mandys

6/21/24, 5:38 AM

You need to create a VLAN interface for your native br0 VLAN (marked as PVID) and assign the IP address to that interface instead of the bridge itself. This seems to be the difference against "common" bridges.

ip link add link br0 name br0.100 type vlan id 100
ip addr add 172.20.1.129/24 dev br0.100

I haven't found any documentation describing this behavior however this solution works and makes sence.

+ 0

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: linux DSA switch w/ Vlan-aware bridge setup

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.