| Message ID | 20220301050439.31785-1-roopa@nvidia.com (mailing list archive) |
|---|---|
| Headers | show |
| Series | vxlan metadata device vnifiltering support | expand |
Hello: This series was applied to netdev/net-next.git (master) by David S. Miller <davem@davemloft.net>: On Tue, 1 Mar 2022 05:04:27 +0000 you wrote: > This series adds vnifiltering support to vxlan collect metadata device. > > Motivation: > You can only use a single vxlan collect metadata device for a given > vxlan udp port in the system today. The vxlan collect metadata device > terminates all received vxlan packets. As shown in the below diagram, > there are use-cases where you need to support multiple such vxlan devices in > independent bridge domains. Each vxlan device must terminate the vni's > it is configured for. > Example usecase: In a service provider network a service provider > typically supports multiple bridge domains with overlapping vlans. > One bridge domain per customer. Vlans in each bridge domain are > mapped to globally unique vxlan ranges assigned to each customer. > > [...] Here is the summary with links: - [net-next,v3,01/12] vxlan: move to its own directory https://git.kernel.org/netdev/net-next/c/6765393614ea - [net-next,v3,02/12] vxlan_core: fix build warnings in vxlan_xmit_one https://git.kernel.org/netdev/net-next/c/fba55a66e8ec - [net-next,v3,03/12] vxlan_core: move common declarations to private header file https://git.kernel.org/netdev/net-next/c/76fc217d7fb1 - [net-next,v3,04/12] vxlan_core: move some fdb helpers to non-static https://git.kernel.org/netdev/net-next/c/c63053e0cb5a - [net-next,v3,05/12] vxlan_core: make multicast helper take rip and ifindex explicitly https://git.kernel.org/netdev/net-next/c/a9508d121a0e - [net-next,v3,06/12] vxlan_core: add helper vxlan_vni_in_use https://git.kernel.org/netdev/net-next/c/efe0f94b333b - [net-next,v3,07/12] rtnetlink: add new rtm tunnel api for tunnel id filtering https://git.kernel.org/netdev/net-next/c/7b8135f4df98 - [net-next,v3,08/12] vxlan_multicast: Move multicast helpers to a separate file https://git.kernel.org/netdev/net-next/c/a498c5953a9c - [net-next,v3,09/12] vxlan: vni filtering support on collect metadata device https://git.kernel.org/netdev/net-next/c/f9c4bb0b245c - [net-next,v3,10/12] selftests: add new tests for vxlan vnifiltering https://git.kernel.org/netdev/net-next/c/3edf5f66c12a - [net-next,v3,11/12] drivers: vxlan: vnifilter: per vni stats https://git.kernel.org/netdev/net-next/c/4095e0e1328a - [net-next,v3,12/12] drivers: vxlan: vnifilter: add support for stats dumping https://git.kernel.org/netdev/net-next/c/445b2f36bb4e You are awesome, thank you!
This series adds vnifiltering support to vxlan collect metadata device. Motivation: You can only use a single vxlan collect metadata device for a given vxlan udp port in the system today. The vxlan collect metadata device terminates all received vxlan packets. As shown in the below diagram, there are use-cases where you need to support multiple such vxlan devices in independent bridge domains. Each vxlan device must terminate the vni's it is configured for. Example usecase: In a service provider network a service provider typically supports multiple bridge domains with overlapping vlans. One bridge domain per customer. Vlans in each bridge domain are mapped to globally unique vxlan ranges assigned to each customer. This series adds vnifiltering support to collect metadata devices to terminate only configured vnis. This is similar to vlan filtering in bridge driver. The vni filtering capability is provided by a new flag on collect metadata device. In the below pic: - customer1 is mapped to br1 bridge domain - customer2 is mapped to br2 bridge domain - customer1 vlan 10-11 is mapped to vni 1001-1002 - customer2 vlan 10-11 is mapped to vni 2001-2002 - br1 and br2 are vlan filtering bridges - vxlan1 and vxlan2 are collect metadata devices with vnifiltering enabled ┌──────────────────────────────────────────────────────────────────┐ │ switch │ │ │ │ ┌───────────┐ ┌───────────┐ │ │ │ │ │ │ │ │ │ br1 │ │ br2 │ │ │ └┬─────────┬┘ └──┬───────┬┘ │ │ vlans│ │ vlans │ │ │ │ 10,11│ │ 10,11│ │ │ │ │ vlanvnimap: │ vlanvnimap: │ │ │ 10-1001,11-1002 │ 10-2001,11-2002 │ │ │ │ │ │ │ │ ┌──────┴┐ ┌──┴─────────┐ ┌───┴────┐ │ │ │ │ swp1 │ │vxlan1 │ │ swp2 │ ┌┴─────────────┐ │ │ │ │ │ vnifilter:│ │ │ │vxlan2 │ │ │ └───┬───┘ │ 1001,1002│ └───┬────┘ │ vnifilter: │ │ │ │ └────────────┘ │ │ 2001,2002 │ │ │ │ │ └──────────────┘ │ │ │ │ │ └───────┼──────────────────────────────────┼───────────────────────┘ │ │ │ │ ┌─────┴───────┐ │ │ customer1 │ ┌─────┴──────┐ │ host/VM │ │customer2 │ └─────────────┘ │ host/VM │ └────────────┘ v2: - remove stale xstats declarations pointed out by Nikolay Aleksandrov - squash selinux patch with the tunnel api patch as pointed out by benjamin poirier - Fix various build issues: Reported-by: kernel test robot <lkp@intel.com> v3: - incorporate review feedback from Jakub - move rhashtable declarations to c file - define and use netlink policy for top level vxlan filter api - fix unused stats function warning - pass vninode from vnifilter lookup into stats count function to avoid another lookup (only applicable to vxlan_rcv) - fix missing vxlan vni delete notifications in vnifilter uninit function - misc cleanups - remote dev check for multicast groups added via vnifiltering api Nikolay Aleksandrov (2): drivers: vxlan: vnifilter: per vni stats drivers: vxlan: vnifilter: add support for stats dumping Roopa Prabhu (10): vxlan: move to its own directory vxlan_core: fix build warnings in vxlan_xmit_one vxlan_core: move common declarations to private header file vxlan_core: move some fdb helpers to non-static vxlan_core: make multicast helper take rip and ifindex explicitly vxlan_core: add helper vxlan_vni_in_use rtnetlink: add new rtm tunnel api for tunnel id filtering vxlan_multicast: Move multicast helpers to a separate file vxlan: vni filtering support on collect metadata device selftests: add new tests for vxlan vnifiltering drivers/net/Makefile | 2 +- drivers/net/vxlan/Makefile | 7 + drivers/net/{vxlan.c => vxlan/vxlan_core.c} | 434 +++----- drivers/net/vxlan/vxlan_multicast.c | 272 +++++ drivers/net/vxlan/vxlan_private.h | 162 +++ drivers/net/vxlan/vxlan_vnifilter.c | 999 ++++++++++++++++++ include/net/vxlan.h | 54 +- include/uapi/linux/if_link.h | 49 + include/uapi/linux/rtnetlink.h | 9 + security/selinux/nlmsgtab.c | 5 +- .../selftests/net/test_vxlan_vnifiltering.sh | 581 ++++++++++ 11 files changed, 2309 insertions(+), 265 deletions(-) create mode 100644 drivers/net/vxlan/Makefile rename drivers/net/{vxlan.c => vxlan/vxlan_core.c} (94%) create mode 100644 drivers/net/vxlan/vxlan_multicast.c create mode 100644 drivers/net/vxlan/vxlan_private.h create mode 100644 drivers/net/vxlan/vxlan_vnifilter.c create mode 100755 tools/testing/selftests/net/test_vxlan_vnifiltering.sh