swconfig, DSA and Bridge VLAN Filtering

Arınç ÜNAL

Distributed Switch Architecture (DSA)

The philosophy:

Have each switch port work transparently with Linux tools; bridge, iproute2, etc.

Therefore, create a network interface for each switch port.

Bridge VLAN Filtering

The Bridge VLAN filtering feature provides the ability to configure VLANs on interfaces in a bridge. This feature was introduced in Linux kernel 3.8.

Enabled on kernel on 25 November 2018 on OpenWrt.

Implemented on netifd on 19 July 2020.

Included in OpenWrt on 8 September 2020 with the latest netifd.

Implemented on LuCI on 18 March 2021.

Primary VLAN ID (PVID):

For advanced configurations. Out of the scope.

Bridge VLAN Filtering

Egress untagged: Frames leave the interface as untagged. Untagged ingress is assigned to the VLAN ID.

Bridge VLAN Filtering

Egress tagged: Frames leave the interface as tagged with the VLAN ID. Untagged ingress is discarded. Tagged ingress is discarded if the VLAN ID on the tag doesn't match the VLAN ID(s) assigned to the interface.

Bridge VLAN Filtering

Local: Make CPU involved in the VLAN.

Convert UCI config

swconfig to DSA interfaces with Bridge VLAN Filtering

config switch

option name 'switch0'

option reset '1'

option enable_vlan '1'

​

config switch_vlan

option device 'switch0'

option vlan '1'

option ports '0 1 2 3 5t'

option vid '1'

​

config switch_vlan

option device 'switch0'

option vlan '2'

option ports '4 6t'

option vid '2'

config device

option type 'bridge'

option name 'br0'

list ports 'lan1'

list ports 'lan2'

list ports 'lan3'

list ports 'lan4'

list ports 'wan'

​

config bridge-vlan

option device 'br0'

option vlan '1'

list ports 'lan1'

list ports 'lan2'

list ports 'lan3'

list ports 'lan4'

​

config bridge-vlan

option device 'br0'

option vlan '2'

list ports 'wan'

Convert UCI config

swconfig to DSA interfaces with Bridge VLAN Filtering

• Set egress untagged, egress tagged for DSA interfaces.
• If there’s no CPU port tagged on a VLAN, disable Local option on that VLAN.
• Convert swconfig ports to DSA.
• Port addresses on swconfig and DSA are the same.
• Map user ports to DSA interface labels.
• Find addresses of CPU ports.

For user ports, check for label on each DSA port node.

# cat /proc/device-tree/soc/internal-regs/mdio@72004/switch@0/ports/port@0/label

wan

For CPU, check for ethernet property on each DSA port node.

# ls /proc/device-tree/soc/internal-regs/mdio@72004/switch@0/ports/port@6/ethernet

Last Words & More Information

We need help from the OpenWrt community to write a shell script to automatically convert swconfig configuration to DSA.

DSA in more detail:

www.kernel.org/doc/html/latest/networking/dsa/index.html

Bridge VLAN filtering in more detail:

openwrt.org/playground/arinc9/bridge-vlan-filtering