Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bridge Port Isolation not working on DSA #2679

Open
6 tasks
mweinelt opened this issue Oct 18, 2022 · 8 comments
Open
6 tasks

Bridge Port Isolation not working on DSA #2679

mweinelt opened this issue Oct 18, 2022 · 8 comments
Labels
0. type: bug This is a bug 9. meta: known issue Known issue which should be mentioned in release notes
Milestone
v2024.1

Comments

@mweinelt
Copy link
Contributor

mweinelt commented Oct 18, 2022
edited by neocturne
Loading

The current working theory is that this may be caused by offloading of the bridge port forwarding.

We would need someone to test this theory by disabling the relevant offloading features.

See #2600 (comment)

List of DSA drivers to test/implement:
@mweinelt mweinelt added the 9. meta: known issue Known issue which should be mentioned in release notes label Oct 18, 2022
@AiyionPrime

This comment was marked as outdated.

Sign in to view
@AiyionPrime AiyionPrime mentioned this issue Nov 30, 2022
Merged
16 tasks
@AiyionPrime
Copy link
Member

Note: Bridge Port Isolation does not work on D-Link DGS-1210-10P either.

@AiyionPrime AiyionPrime added the 1. severity: blocker This issue/pr is required for the next release label Dec 13, 2022
@AiyionPrime
Copy link
Member

While this just simply does not work in Hanover, it randomly breaks mesh connections in Darmstadt.
We concluded, either we get this resolved before an upcoming release or this (as well as it's backport will be reverted, as much as that'd suck).

@NeoRaider intends to experiment on the isolation feature on a FB4040 in the next days/weeks.

@mweinelt mweinelt changed the title Bridge Port Isolation not working on UBNT ER-X Bridge Port Isolation not working on DSA Jan 29, 2023
@mweinelt
Copy link
Contributor Author

The current thinking is that the DSA stack does not support bridge port isolation and fails to signal back its incapacity.

@neocturne neocturne mentioned this issue Jun 15, 2024
Open
@neocturne
Copy link
Member

The bridge core supports passing these flags to DSA since Linux 5.19, however very few DSA drivers implement port isolation so far. I've added list of relevant drivers to the issue description.

@olerem
Copy link

olerem commented Jun 15, 2024

Hm.. there is still some work to do. I added isolation support for KSZ switches:
https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next.git/commit/drivers/net/dsa/microchip?id=a7f08029e2e84ecafbfff50fcff976fafee72799

@neocturne neocturne added 0. type: bug This is a bug and removed 1. severity: blocker This issue/pr is required for the next release labels Jun 15, 2024
@neocturne
Copy link
Member

@AiyionPrime Missing bridge port isolation should not break any mesh connections, unless you build a ring or similar topology of multiple nodes and STP does not work to prevent a forwarding loop. I would be good to know if that is the case, or something else is going wrong in your deployment.

@neocturne neocturne added this to the v2024.1 milestone Jun 15, 2024
@AiyionPrime
Copy link
Member

I'm from Hanover, the finding was from FF Darmstadt, I think.
I only reported it here, in order not to lose the intel.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
0. type: bug This is a bug 9. meta: known issue Known issue which should be mentioned in release notes
Projects
None yet
Milestone
v2024.1
Development

No branches or pull requests
4 participants
@mweinelt @neocturne @olerem @AiyionPrime