From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-1.1 required=3.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_PASS autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 529ADC43381 for ; Tue, 19 Feb 2019 13:31:49 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 066B021773 for ; Tue, 19 Feb 2019 13:31:49 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=cumulusnetworks.com header.i=@cumulusnetworks.com header.b="gn+fKGe9" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728823AbfBSNbs (ORCPT ); Tue, 19 Feb 2019 08:31:48 -0500 Received: from mail-wm1-f68.google.com ([209.85.128.68]:35956 "EHLO mail-wm1-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728784AbfBSNbr (ORCPT ); Tue, 19 Feb 2019 08:31:47 -0500 Received: by mail-wm1-f68.google.com with SMTP id j125so2827921wmj.1 for ; Tue, 19 Feb 2019 05:31:45 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cumulusnetworks.com; s=google; h=subject:to:cc:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-language:content-transfer-encoding; bh=EycVL/yRJf9l/jhEd/DHiUNShu4F20ew7k72y+Oiwcg=; b=gn+fKGe90SO0vy/hbXvumClU530kfTDF9lboSmIiQOOq7AShrAd8LYDHXA/HGhV8Iy RYXmSLgzzEKHJrjUk4qNif7+kcQ5TjySHuradUyrU02menBiaEaDoTwgd35cNvZMj7NI uDP/I3mcZN9KiXNpqwNr+Df3hBlvebhNNiGNM= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=EycVL/yRJf9l/jhEd/DHiUNShu4F20ew7k72y+Oiwcg=; b=iXS61yrZZjJR3bYi34vx2iel7rUkkYCjwuc0HN00SDBf9NtAq9VqVW8F2sHSTnDb7L nPIWEtxLK7S3xekKJCyk7ddre3Zoo5w+q4IcO3zyhF/PzuDD7kWo91Wn1fdyU2bbcfMU DkKk5XV6f8Njjnp+W+uaEGp/+IpX4/KzFI6BeFA+bG/f/faRCY4fCiNHShQ+38stQ2YH kU3Txlx8BVYh8WLew5jP2ujCb5SI/7IG+oZgydVtEgD3nz0pk8kom6hoMYw4AA/8qs9L BZRE8Zw3XTzRWsv7ZaQ3XNLIeFRz+4pjG/T7bgqf6xyl56mvLP7AFgmUJjHnDQkhJNzR 35mg== X-Gm-Message-State: AHQUAuavli/aCfAorgwZD0KV2Pqsm2wDK6l6zXKktMB+jTHxmgXycZ4q bYwJLCnKUGvFdmvtK91xcgU7hg== X-Google-Smtp-Source: AHgI3IbvDq1ivpp22ujalG6Bx4ZP3W+ZihoiZnSSWEl4wrv6K5SxPvmU4SihDG49VI04+m4NpX7bRA== X-Received: by 2002:a1c:23c4:: with SMTP id j187mr2854737wmj.13.1550583104644; Tue, 19 Feb 2019 05:31:44 -0800 (PST) Received: from [192.168.0.107] (79-100-158-105.ip.btc-net.bg. [79.100.158.105]) by smtp.gmail.com with ESMTPSA id n6sm2210716wmk.9.2019.02.19.05.31.43 (version=TLS1_3 cipher=AEAD-AES128-GCM-SHA256 bits=128/128); Tue, 19 Feb 2019 05:31:43 -0800 (PST) Subject: Re: [Bridge] [RFC v2] net: bridge: don't flood known multicast traffic when snooping is enabled To: =?UTF-8?Q?Linus_L=c3=bcssing?= Cc: bridge@lists.linux-foundation.org, netdev@vger.kernel.org, roopa@cumulusnetworks.com, f.fainelli@gmail.com, idosch@idosch.org References: <20190215130427.29824-1-nikolay@cumulusnetworks.com> <20190218122107.10097-1-nikolay@cumulusnetworks.com> <20190219085716.GD10191@otheros> <20190219092125.GE10191@otheros> From: Nikolay Aleksandrov Message-ID: <7a95e759-12dd-7e7b-f2ce-f9e7f3d473f2@cumulusnetworks.com> Date: Tue, 19 Feb 2019 15:31:42 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.4.0 MIME-Version: 1.0 In-Reply-To: <20190219092125.GE10191@otheros> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 8bit Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org On 19/02/2019 11:21, Linus Lüssing wrote: > On Tue, Feb 19, 2019 at 09:57:16AM +0100, Linus Lüssing wrote: >> On Mon, Feb 18, 2019 at 02:21:07PM +0200, Nikolay Aleksandrov wrote: >>> This is v2 of the RFC patch which aims to forward packets to known >>> mdsts' ports only (the no querier case). After v1 I've kept >>> the previous behaviour when it comes to unregistered traffic or when >>> a querier is present. All of this is of course only with snooping >>> enabled. So with this patch the following changes should occur: >>> - No querier: forward known mdst traffic to its registered ports, >>> no change about unknown mcast (flood) >>> - Querier present: no change >>> >>> The reason to do this is simple - we want to respect the user's mdb >>> configuration in both cases, that is if the user adds static mdb entries >>> manually then we should use that information about forwarding traffic. >>> >>> What do you think ? >>> >>> * Notes >>> Traffic that is currently marked as mrouters_only: >>> - IPv4: non-local mcast traffic, igmp reports >>> - IPv6: non-all-nodes-dst mcast traffic, mldv1 reports >>> >>> Simple use case: >>> $ echo 1 > /sys/class/net/bridge/bridge/multicast_snooping >>> $ bridge mdb add dev bridge port swp1 grp 239.0.0.1 >>> - without a querier currently traffic for 239.0.0.1 will still be flooded, >>> with this change it will be forwarded only to swp1 >> >> There is still the issue with unsolicited reports adding mdst >> entries here, too. Leading to unwanted packet loss and connectivity issues. > > Or in other words, an unsolicited report will turn a previously > unregistered multicast group into a registered one. However in the > absence of a querier the knowledge about this newly registered multicast group > will be incomplete. And therefore still needs to be flooded to avoid packet > loss. > Right, this is expected. If the user has enabled igmp snooping and doesn't have a querier present then such behaviour is to be expected. What is surprising is the user explicitly enabling igmp snooping, adding an mdst and then still getting it flooded. :) An alternative is to drop all unregistered traffic when a querier is not present. But that will surely break setups and at best should be a configurable option that is disabled by default. So in effect and to try and make everybody happy we can add an option to control this behaviour with keeping the current as default and adding the following options: - no querier: flood all (default, current) - no querier: flood unregistered, forward registered - no querier: drop unregistered, forward registered From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cumulusnetworks.com; s=google; h=subject:to:cc:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-language:content-transfer-encoding; bh=EycVL/yRJf9l/jhEd/DHiUNShu4F20ew7k72y+Oiwcg=; b=gn+fKGe90SO0vy/hbXvumClU530kfTDF9lboSmIiQOOq7AShrAd8LYDHXA/HGhV8Iy RYXmSLgzzEKHJrjUk4qNif7+kcQ5TjySHuradUyrU02menBiaEaDoTwgd35cNvZMj7NI uDP/I3mcZN9KiXNpqwNr+Df3hBlvebhNNiGNM= References: <20190215130427.29824-1-nikolay@cumulusnetworks.com> <20190218122107.10097-1-nikolay@cumulusnetworks.com> <20190219085716.GD10191@otheros> <20190219092125.GE10191@otheros> From: Nikolay Aleksandrov Message-ID: <7a95e759-12dd-7e7b-f2ce-f9e7f3d473f2@cumulusnetworks.com> Date: Tue, 19 Feb 2019 15:31:42 +0200 MIME-Version: 1.0 In-Reply-To: <20190219092125.GE10191@otheros> Content-Type: text/plain; charset="utf-8" Content-Language: en-US Content-Transfer-Encoding: 8bit Subject: Re: [Bridge] [RFC v2] net: bridge: don't flood known multicast traffic when snooping is enabled List-Id: Linux Ethernet Bridging List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: =?UTF-8?Q?Linus_L=c3=bcssing?= Cc: netdev@vger.kernel.org, roopa@cumulusnetworks.com, bridge@lists.linux-foundation.org, f.fainelli@gmail.com, idosch@idosch.org On 19/02/2019 11:21, Linus Lüssing wrote: > On Tue, Feb 19, 2019 at 09:57:16AM +0100, Linus Lüssing wrote: >> On Mon, Feb 18, 2019 at 02:21:07PM +0200, Nikolay Aleksandrov wrote: >>> This is v2 of the RFC patch which aims to forward packets to known >>> mdsts' ports only (the no querier case). After v1 I've kept >>> the previous behaviour when it comes to unregistered traffic or when >>> a querier is present. All of this is of course only with snooping >>> enabled. So with this patch the following changes should occur: >>> - No querier: forward known mdst traffic to its registered ports, >>> no change about unknown mcast (flood) >>> - Querier present: no change >>> >>> The reason to do this is simple - we want to respect the user's mdb >>> configuration in both cases, that is if the user adds static mdb entries >>> manually then we should use that information about forwarding traffic. >>> >>> What do you think ? >>> >>> * Notes >>> Traffic that is currently marked as mrouters_only: >>> - IPv4: non-local mcast traffic, igmp reports >>> - IPv6: non-all-nodes-dst mcast traffic, mldv1 reports >>> >>> Simple use case: >>> $ echo 1 > /sys/class/net/bridge/bridge/multicast_snooping >>> $ bridge mdb add dev bridge port swp1 grp 239.0.0.1 >>> - without a querier currently traffic for 239.0.0.1 will still be flooded, >>> with this change it will be forwarded only to swp1 >> >> There is still the issue with unsolicited reports adding mdst >> entries here, too. Leading to unwanted packet loss and connectivity issues. > > Or in other words, an unsolicited report will turn a previously > unregistered multicast group into a registered one. However in the > absence of a querier the knowledge about this newly registered multicast group > will be incomplete. And therefore still needs to be flooded to avoid packet > loss. > Right, this is expected. If the user has enabled igmp snooping and doesn't have a querier present then such behaviour is to be expected. What is surprising is the user explicitly enabling igmp snooping, adding an mdst and then still getting it flooded. :) An alternative is to drop all unregistered traffic when a querier is not present. But that will surely break setups and at best should be a configurable option that is disabled by default. So in effect and to try and make everybody happy we can add an option to control this behaviour with keeping the current as default and adding the following options: - no querier: flood all (default, current) - no querier: flood unregistered, forward registered - no querier: drop unregistered, forward registered