From: Dariusz Sosnowski <dsosnowski@nvidia.com>
To: narsimharaj pentam <pnarsimharaj@gmail.com>
Cc: "users@dpdk.org" <users@dpdk.org>
Subject: RE: VLAN filtering in mlx5
Date: Mon, 19 Feb 2024 16:50:33 +0000 [thread overview]
Message-ID: <IA1PR12MB83115DCED7B9276893F675EDA4512@IA1PR12MB8311.namprd12.prod.outlook.com> (raw)
In-Reply-To: <CAFLDJDrkHoFNfK8xsiwa+z2Bmtc2ncGvSwS8+Fo4b53sxieGBw@mail.gmail.com>
Hi,
I apologize for the very late response.
> From: narsimharaj pentam <pnarsimharaj@gmail.com>
> Sent: Friday, August 18, 2023 05:34
> To: users@dpdk.org
> Subject: VLAN filtering in mlx5
>
> Hi
>
> We are using a mellanox mlx5 card (firmware version: 16.35.1012) with mlx5_pci driver. Enabled multiple ports DPDK port 0 (internally referred as slot 1 port 0: s1p0) and DPDK port 1(slot 0 port 0 : s0p0). Multiple vlans are created on each of these interfaces , s0p0.100,
> s0p0.101,s0p0.102 and s0p1.200,s0p1.201,s0p1.202.
Are these kernel VLAN interfaces?
> In our network we receive broadcast (ARP) and multicast(ICMPV6 for neighbour discovery) on port 0 and port 1. At the DPDK application we are observing the packets intended for interface s0p0.100 are landing on other vlan interfaces s0p0.101,sop0.102.
> The VLAN traffic is not segregated accordingly.
>
> Do we support VLAN filtering in mlx5 ?
>
> Came across VLAN filtering "vlan_filter_set" , will this help to drop unintended VLAN traffic ? or Do we need to create any VLAN specific rte flows in addition to the vlan filter set ?
VLAN filtering is supported by mlx5 PMD.
It's important to note that:
- VLAN configuration in the kernel is not inherited by the mlx5 PMD.
- When DPDK application is started on mlx5 devices, application will intercept the traffic - unless flow isolation is enabled (https://doc.dpdk.org/guides/howto/flow_bifurcation.html).
- Which packets are intercepted by an application depends on:
- Promiscuous mode.
- All multicast mode:
- If enabled ALL multicast packets from ALL VLANs are received.
- If disabled, only broadcast and IPv6 multicast traffic from registered VLANs is received.
- Registered MAC Addresses - default one and additional registered through rte_eth_dev_mac_addr_add()
- Registered VLANs - registered through rte_eth_dev_vlan_filter()
VLAN filtering itself does not require any additional flow rules.
So, if I understand the requirement correctly, then in your case it would be required to:
- Disable promiscuous mode on both ports
- Disable all multicast mode on both ports
- On s0p0 explicitly enable VLANs 100, 101 and 102 through rte_eth_dev_vlan_filter().
- On s1p0 explicitly enable VLANs 200, 201 and 202 through rte_eth_dev_vlan_filter().
Best regards,
Dariusz Sosnowski
next prev parent reply other threads:[~2024-02-19 16:50 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-08-18 3:33 narsimharaj pentam
2024-02-19 16:50 ` Dariusz Sosnowski [this message]
2024-02-28 3:09 ` narsimharaj pentam
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=IA1PR12MB83115DCED7B9276893F675EDA4512@IA1PR12MB8311.namprd12.prod.outlook.com \
--to=dsosnowski@nvidia.com \
--cc=pnarsimharaj@gmail.com \
--cc=users@dpdk.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).