IGMP support on Marvell soho switch

ghost commented 7 years ago

Hello, I would like to modify pimd to support a Marvell Soho switch (88E6097 with DSA tag support). I already made a driver to create 'virtual' network interfaces to isolate IGMP packets. My Linux kernel version is 2.6.29.6 and I can't update it. My interfaces are :

eth0 : cpu interface 0 (the whole traffic)
eth0.cpu : normal interface for all traffic except management (BDPU, LLDP, IGMP, 802.1X)
eth0.lan1, eth0.lan2 ... : interfaces for management traffic
br0 : bridge with all eth0.lanX interface to support STP and RSTP I already set my switch to forward IGMP packet to management interface. I also blocked unknown multicast packets. I'm able to add a static multicast mac address in my switch to allow the data. How can I configure and modify pimd to support my hardware switch ? It seems that pimd need a multicast address on each interface. Do I need to set bridge (br0) with a multicast address ? Currently, my IP address is only set on eth0.cpu interface. Best Regards

troglobit commented 7 years ago

The DSA tag support in the kernel is for enabling a Linux interface per switchcore port. What you want is to use the Linux bridge to handle layer 2, using Marvell switch's support for IGMP snooping and the IGMP snooping support in the bridge. Then on the bridge set up layer 3 interfaces per VLAN (or however you partition the switch) which pimd then runs on.

With that setup you can let the bridge IGMP snooping handle per-port multicast distribution, and pimd to handle handle the routing per LAN segment.

So no, you should not need to modify pimd to support your case, but rather modify your setup to match a regular Linux router.

ghost commented 7 years ago

In fact I use the DSA tag to support management packets like BPDUs. So I have eth0.cpu interface for 'normal' traffic and eth0.lanX for special packets like BPDUs and IGMP. So it avoids the switch to broadcast BDPUs or IGMP packets to all ports. My linux bridge only handles BPDUs. I believed that I need to handle adding/removing multicast MAC address in switch hardware MAC table to allow multicast stream. I tried this configuration for pimd but it doesn't start :

default-route-distance 101
default-route-metric   1024
phyint usb0 disable
phyint br0 disable
#phyint eth0 disable
phyint eth0.cpu disable
phyint eth0.lan1 enable igmpv2 dr-priority 10 scoped 239.255.0.0 masklen 8
phyint eth0.lan2 enable igmpv2 dr-priority 10 scoped 239.255.0.0 masklen 8
phyint eth0.lan3 enable igmpv2 dr-priority 10 scoped 239.255.0.0 masklen 8
phyint eth0.lan4 enable igmpv2 dr-priority 10 scoped 239.255.0.0 masklen 8
phyint eth0.lan5 enable igmpv2 dr-priority 10 scoped 239.255.0.0 masklen 8
phyint eth0.lan6 enable igmpv2 dr-priority 10 scoped 239.255.0.0 masklen 8
phyint eth0.lan7 enable igmpv2 dr-priority 10 scoped 239.255.0.0 masklen 8
phyint eth0.lan8 enable igmpv2 dr-priority 10 scoped 239.255.0.0 masklen 8
phyint eth0.dsla enable igmpv2 dr-priority 10 scoped 239.255.0.0 masklen 8
phyint eth0.dslb enable igmpv2 dr-priority 10 scoped 239.255.0.0 masklen 8

bsr-candidate eth0.lan2
rp-candidate eth0.lan2
group-prefix 239.255.0.0 masklen 8
spt-threshold packets 0 interval 100

I start pimd with : pimd -c /etc/pimd.conf -f --disable-vifs --debug=igmp_proto,igmp,interfaces,pim_jp,kernel,pim_register -sdebug The result is

debug level 0x18c70 (igmp_proto,igmp_timers,igmp_members,interfaces,kernel,pim_register,pim_join_prune)
17:14:11.653 pimd version 2.3.2 starting ...
17:14:11.660 Got 262144 byte send buffer size in 0 iterations
17:14:11.661 Got 262144 byte recv buffer size in 0 iterations
17:14:11.661 Got 262144 byte send buffer size in 0 iterations
17:14:11.662 Got 262144 byte recv buffer size in 0 iterations
17:14:11.664 Getting vifs from kernel
17:14:11.665 Installing eth0.cpu (10.22.130.2 on subnet 10.22/16) as vif #0-13 - rate 0
17:14:11.666 Installing usb0 (192.168.0.1 on subnet 192.168) as vif #1-15 - rate 0
17:14:11.666 Disabling all vifs from kernel
17:14:11.667 Getting vifs from /etc/pimd.conf
17:14:11.668 default-route-distance is 101
17:14:11.668 default-route-metric is 1024
17:14:11.669 /etc/pimd.conf:20 - Invalid phyint address 'br0'
17:14:11.669 /etc/pimd.conf:23 - Invalid phyint address 'eth0.lan1'
17:14:11.670 /etc/pimd.conf:24 - Invalid phyint address 'eth0.lan2'
17:14:11.670 /etc/pimd.conf:25 - Invalid phyint address 'eth0.lan3'
17:14:11.671 /etc/pimd.conf:26 - Invalid phyint address 'eth0.lan4'
17:14:11.671 /etc/pimd.conf:27 - Invalid phyint address 'eth0.lan5'
17:14:11.672 /etc/pimd.conf:28 - Invalid phyint address 'eth0.lan6'
17:14:11.672 /etc/pimd.conf:29 - Invalid phyint address 'eth0.lan7'
17:14:11.673 /etc/pimd.conf:30 - Invalid phyint address 'eth0.lan8'
17:14:11.673 /etc/pimd.conf:31 - Invalid phyint address 'eth0.dsla'
17:14:11.674 /etc/pimd.conf:32 - Invalid phyint address 'eth0.dslb'
17:14:11.675 /etc/pimd.conf:49 - Invalid Cand-BSR address 'eth0.lan2', defaulting to 0.0.0.0
17:14:11.675 Local Cand-BSR address 0.0.0.0, priority 0
17:14:11.676 /etc/pimd.conf:52 - Invalid Cand-RP address 'eth0.lan2', defaulting to 0.0.0.0
17:14:11.676 Local Cand-RP address 0.0.0.0, priority 0, interval 60 sec
17:14:11.677 Adding Cand-RP group prefix 239.255.0.0/8
17:14:11.677 spt-threshold packets 0 interval 100
17:14:11.685 Local static RP: 169.254.0.1, group 232.0.0.0/8
17:14:11.686 IGMP query interval  : 12 sec
17:14:11.686 IGMP querier timeout : 41 sec
17:14:11.687 Cannot forward: no enabled vifs

[root@ /root]# ifconfig 
br0       Link encap:Ethernet  HWaddr 00:1B:7D:82:05:21  
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:4408 errors:0 dropped:0 overruns:0 frame:0
          TX packets:6 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:243928 (238.2 KiB)  TX bytes:468 (468.0 B)

eth0      Link encap:Ethernet  HWaddr 00:1B:7D:82:05:20  
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:4490 errors:0 dropped:0 overruns:0 frame:0
          TX packets:99 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:409904 (400.2 KiB)  TX bytes:16050 (15.6 KiB)
          Base address:0x6000 

eth0.cpu  Link encap:Ethernet  HWaddr 00:1B:7D:82:05:20  
          inet addr:10.22.130.2  Bcast:10.22.255.255  Mask:255.255.0.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:82 errors:0 dropped:0 overruns:0 frame:0
          TX packets:14 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:13316 (13.0 KiB)  TX bytes:1006 (1006.0 B)

eth0.dsla Link encap:Ethernet  HWaddr 00:1B:7D:82:05:21  
          UP BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

eth0.dslb Link encap:Ethernet  HWaddr 00:1B:7D:82:05:22  
          UP BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

eth0.lan1 Link encap:Ethernet  HWaddr 00:1B:7D:82:05:23  
          UP BROADCAST RUNNING PROMISC MULTICAST  MTU:1500  Metric:1
          RX packets:4408 errors:0 dropped:0 overruns:0 frame:0
          TX packets:172 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:243928 (238.2 KiB)  TX bytes:29228 (28.5 KiB)

eth0.lan2 Link encap:Ethernet  HWaddr 00:1B:7D:82:05:24  
          UP BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

eth0.lan3 Link encap:Ethernet  HWaddr 00:1B:7D:82:05:25  
          UP BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

eth0.lan4 Link encap:Ethernet  HWaddr 00:1B:7D:82:05:26  
          UP BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

eth0.lan5 Link encap:Ethernet  HWaddr 00:1B:7D:82:05:27  
          UP BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

eth0.lan6 Link encap:Ethernet  HWaddr 00:1B:7D:82:05:28  
          UP BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

eth0.lan7 Link encap:Ethernet  HWaddr 00:1B:7D:82:05:29  
          UP BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

eth0.lan8 Link encap:Ethernet  HWaddr 00:1B:7D:82:05:2A  
          UP BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

usb0      Link encap:Ethernet  HWaddr 00:1B:7D:82:05:2E  
          inet addr:192.168.0.1  Bcast:192.168.0.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:187 errors:0 dropped:0 overruns:0 frame:0
          TX packets:9 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:15168 (14.8 KiB)  TX bytes:1136 (1.1 KiB)

What's wrong with my configuration ? Regards.

troglobit commented 7 years ago

So, you just want to run pimd on your eth0.lanX interfaces, which are layer-2 ports on the switch (in the same VLAN?) with no IP address? How do you expect pimd to peer with other PIM routers?

I think you need to sit down and read up on routing protocols, maybe try running pimd on a simple PC with two NICs or something, to first build an understanding of what it is you are trying to achieve.

pimd works on layer-3, regular interfaces with IP addresses set. It's essentially an "automated" way of setting multicast routes you would otherwise have to set manually using, e.g. SMCRoute.

ghost commented 7 years ago

Yes, that's it. I understand that I need to set an IP address on my eth0.lanX interfaces. But I don't understand if I need to configure my bridge or my eth0.lanX ports. Do you have some links about routing to help me ? Regards.

troglobit commented 7 years ago

What you need to do is to conceptually take a step back and build a model that possible looks something like this:

      Layer-2          Layer-3              Layer-2
      -------          -------              -------
      RSTP             smcroute             RSTP
      LLDP               pimd               LLDP
P1---.                                           .---P4
P2----(br0)--(br0.1)---[routing]---(br0.2)--(br0)----P5
P3---'                                           `---P6
      IGMP-            OSPF/RIP             IGMP-
      snooping         ip route             snooping
      802.1X           iptables             802.1X

Notice the keyword model here. Because that drawing is not what your physical setup looks like, but you need to create that abstraction to solve problems later on.

In this example I've partitioned the switch into two separate LAN segments using VLANs 1 and 2. To keep things simple in the beginning you may want to use a single ATU db for both VLANs. The br0 on the left and right side is actually the same bridge, it's just conceptually easier, from a layer-3 perspective, to imagine them as separate. (In my setups I usually rename br0.1 and br0.2 to vlan1 and vlan2, respectively. To me it's just easier on the eyes.)

As you see, layer-2 protocols like LLDP, RSTP (mstpd) and IGMP snooping runs on top of the bridge ports. The kernel takes care of IGMP snooping, so multicast distribution on each LAN works as expected.

Layer-3 "protocols" or functions like static unicast/multicast routing (ip route, smcroute) and dynamic unicast/multicast protocols (OSPF/RIP and pimd) need interfaces with IP addresses (br0.1 and br0.2). They don't care so much about what happens on layer-2.

There are several sources of information online about this, but I'd definitely recommend an advanced 3-day routing course with an institute or something, it's really worth it.

ghost commented 7 years ago

Thanks for your advices. If I want to stay at L2 level only, which software should I use to act as an IGMP proxy ?

troglobit commented 7 years ago

No problem, a proxy is only needed if you need to "switch" multicast between VLANs, if you only have one VLAN all you need is the IGMP snooping in the kernel bridge. Also, the Marvell SOHO family support VLAN tunneling of multicast, which may be worth checking out as well.

The old igmpproxy or the newer mcproxy may be useful for such a scenario.

Good Luck!

ghost commented 7 years ago

Ok, it should be easier. I'm not sure if my old kernel 2.6.29.6 will work correctly. I read that CONFIG_BRIDGE_IGMP_SNOOPING is only available from kernel 2.6.32. Maybe I need to backport it.

troglobit commented 7 years ago

Why are you running such an old kernel? If you upgrade to Linux 4.4+ you can focus on writing a native Marvel DSA driver on top of the kernel switchdev support, like the existing DSA drivers, much improved bridge features, and more. At work we're currently running 4.4 and have our own 6097-driver and extended 6352 drivers. I cannot overstate the importance it has had in our simplifying the work we do in userspace.

Sometimes it is easier to forward port the BSP rather than backport all features and bugfixes ...

ghost commented 7 years ago

Because we started with the chip manufacturer BSP and we have no updates. If I need to upgrade, I will have to modify all my custom drivers and I'm not sure if all manufacturers patches will be present.

troglobit commented 7 years ago

Yeah, that's always a bit of an issue. We had the fortune of having the source for most of our drivers, as well as time and an understanding from mgmt, so we ported most stuff forward. Turned out much of what we needed was available as upstream drivers in newer kernels. Maybe we got lucky, dunno.

Anyway, with such an old kernel you will likely run into more problems the more advanced features you add to your userspace. And I suspect it will be a pain to maintain as well ...

troglobit / pimd

IGMP support on Marvell soho switch #85