Re: [RFC net-next 2/7] net: bridge: switchdev: Include local flag in FDB notifications

From: Nikolay Aleksandrov <nikolay@nvidia.com>
To: Vladimir Oltean <olteanv@gmail.com>
Cc: Tobias Waldekranz <tobias@waldekranz.com>, <davem@davemloft.net>,
	<kuba@kernel.org>, <andrew@lunn.ch>, <vivien.didelot@gmail.com>,
	<f.fainelli@gmail.com>, <roopa@nvidia.com>,
	<netdev@vger.kernel.org>, <jiri@resnulli.us>, <idosch@idosch.org>,
	<stephen@networkplumber.org>
Subject: Re: [RFC net-next 2/7] net: bridge: switchdev: Include local flag in FDB notifications
Date: Tue, 19 Jan 2021 00:42:04 +0200	[thread overview]
Message-ID: <32107e93-341f-aff8-a357-dd03e69d3839@nvidia.com> (raw)
In-Reply-To: <20210118220616.ql2i3uigyz6tiuhz@skbuf>

On 19/01/2021 00:06, Vladimir Oltean wrote:
> On Mon, Jan 18, 2021 at 11:53:18PM +0200, Nikolay Aleksandrov wrote:
>> On 18/01/2021 23:50, Vladimir Oltean wrote:
>>> On Mon, Jan 18, 2021 at 11:39:27PM +0200, Nikolay Aleksandrov wrote:
>>>> Apologies for the multiple emails, but wanted to leave an example:
>>>>
>>>> 00:11:22:33:44:55 dev ens16 master bridge permanent
>>>>
>>>> This must always exist and user-space must be able to create it, which
>>>> might be against what you want to achieve (no BR_FDB_LOCAL entries with
>>>> fdb->dst != NULL).
>>>
>>> Can you give me an example of why it would matter that fdb->dst in this
>>> case is set to ens16?
>>>
>>
>> Can you dump it as "dev ens16" without it? :)
>> Or alternatively can you send a notification with "dev ens16" without it?
>>
>> I'm in favor of removing it, but it is risky since some script somewhere might
>> be searching for it, or some user-space daemon might expect to see a notification
>> for such entries and react on it.
> 
> If "dev ens16" makes no difference to the forwarding and/or termination
> path of the bridge, just to user space reporting, then keeping
> appearances is a bit pointless.
> 
> For example, DSA switch interfaces inherit by default the MAC address of
> the host interface. Having multiple net devices with the same MAC
> address works because either they are in different L2 domains (case in
> which the MAC addresses should still be unique per domain), or they are
> in the same L2 domain, under the same bridge (case in which it is the
> bridge who should do IP neighbour resolution etc).
> Having that said, let there be these commands:
> 
> $ ip link add br0 type bridge
> $ ip link set swp0 master br0
> $ ip link set swp1 master br0
> $ ip link set swp2 master br0
> $ ip link set swp3 master br0
> $ bridge fdb | grep permanent
> 00:04:9f:05:de:0a dev swp0 vlan 1 master br0 permanent
> 00:04:9f:05:de:0a dev swp0 master br0 permanent
> 
> And these:
> 
> $ ip link add br0 type bridge
> $ ip link set swp3 master br0
> $ ip link set swp2 master br0
> $ ip link set swp1 master br0
> $ ip link set swp0 master br0
> $ bridge fdb | grep permanent
> 00:04:9f:05:de:0a dev swp0 vlan 1 master br0 permanent
> 00:04:9f:05:de:0a dev swp0 master br0 permanent
> 00:04:9f:05:de:0a dev swp3 vlan 1 master br0 permanent
> 00:04:9f:05:de:0a dev swp3 master br0 permanent
> 
> Preserving the reporting for permanent/local FDB entries added by user
> is one thing. But do we need to also preserve this behavior (i.e. report
> the first unique MAC address of an interface that joins the bridge as a
> permanent/local address on that brport, but not on the others, and not
> on br0)? If yes, then I'm afraid there's nothing we can do.
> 

No, it shouldn't be a problem to change that. We should be careful about the
way it's changed though because reporting it for all ports might become a scale
issue with 4k vlans, and also today you can't add the same mac for multiple ports.
Perhaps the best way is to report it for the bridge itself, while still allowing
such entries to be added/deleted by user-space.