From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <users-bounces@dpdk.org>
Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124])
	by inbox.dpdk.org (Postfix) with ESMTP id 8A41243C14
	for <public@inbox.dpdk.org>; Wed, 28 Feb 2024 04:09:15 +0100 (CET)
Received: from mails.dpdk.org (localhost [127.0.0.1])
	by mails.dpdk.org (Postfix) with ESMTP id 7A32940ED3;
	Wed, 28 Feb 2024 04:09:15 +0100 (CET)
Received: from mail-qt1-f177.google.com (mail-qt1-f177.google.com
 [209.85.160.177])
 by mails.dpdk.org (Postfix) with ESMTP id 8DFA340ECF
 for <users@dpdk.org>; Wed, 28 Feb 2024 04:09:13 +0100 (CET)
Received: by mail-qt1-f177.google.com with SMTP id
 d75a77b69052e-4280f3ec702so12954611cf.0
 for <users@dpdk.org>; Tue, 27 Feb 2024 19:09:13 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=gmail.com; s=20230601; t=1709089753; x=1709694553; darn=dpdk.org;
 h=cc:to:subject:message-id:date:from:in-reply-to:references
 :mime-version:from:to:cc:subject:date:message-id:reply-to;
 bh=3sFpeM18ck+dgc4V/U6AFOYkbXC4/+9oq6SoO4Uy9t0=;
 b=hi/aKJbVqcLc7pWoC7yEtzLe98MnsC3WEAhv126b4q60yt+6cpJMpJ9d6zUMdnweBQ
 NUX2scnjbh7ISkufjhmvYV8cYpB979KappRYcCfevQ0QGjswyxUNYaYCGrdNmhyLfAcr
 EzaHVz4uPPh/ZsTwAilDl/52tSCSLdmyZJyQ8xyhPnc3tP60t7rZs63Cpw6hoKHaVzzm
 /BVpbeSjA0jjfov0NfWS5NBkLy90ku2l9D/zP+7qif6ZrjfKu8PEcz+ZaTeNdnra8Ya2
 tpUtsfuk2NXEMk6xrGpn9ybHZhS/9iQb1wOA6t7r2n2BTbwChk7Q4FV+DBJRvCAkNi9u
 AwqA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1709089753; x=1709694553;
 h=cc:to:subject:message-id:date:from:in-reply-to:references
 :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id
 :reply-to;
 bh=3sFpeM18ck+dgc4V/U6AFOYkbXC4/+9oq6SoO4Uy9t0=;
 b=Fxxd1E43Mm8ylZNdJ3AIV0MLTJTxsLfnyqZygUPhPWWy03AV1EFuQYxxSmZuT5xy89
 0WC9hT5pexkc+8TKKLCjs5/t4fugc7e46UIxye/4KSnZbHvGEsppDtuWLQLg/3RqudVR
 Pb0dQeA1HrKQdkF6R3njpIikuaJKFPoknb3eSjnjjbCmToxyHYmDaSfQem9IorUUJsnf
 RySALxEqQdSVunzqQyE4wBijQV3AD1tNIbnnPma/Xy4uppTRF76/Zhy+QCs8mRXw492y
 jw/2JpvF/5c0UPFdhMoU2mWDBolZOxBxtYsEWSGAXS+71xdV4AKE7WAzFRz3NPZtDFTa
 rXag==
X-Gm-Message-State: AOJu0YyQCeq7cN8x5tapbygt8cK+TYv6bVJLIdN4RvqTnT0Xy69Du8U3
 YRXAJAF4cgzp11wlS5NFFgQ/EMLsyYx/cM4uiTq+RLXM2MS7jO7BLl09Oa/9zeVib2FM2DcDhvA
 mpSLcU6IdPrsiPiRBsfAkltbozEA5bwdI
X-Google-Smtp-Source: AGHT+IG4bF8owtGt0X8k87oMNxanKd4QZe1Htzv5iO85889qrhz3lme99R5tqqXStINd7NMnt+HyHOsiNQTW8ruOB8U=
X-Received: by 2002:a05:622a:190a:b0:42e:7e8d:7d33 with SMTP id
 w10-20020a05622a190a00b0042e7e8d7d33mr9584317qtc.3.1709089753016; Tue, 27 Feb
 2024 19:09:13 -0800 (PST)
MIME-Version: 1.0
References: <CAFLDJDrkHoFNfK8xsiwa+z2Bmtc2ncGvSwS8+Fo4b53sxieGBw@mail.gmail.com>
 <IA1PR12MB83115DCED7B9276893F675EDA4512@IA1PR12MB8311.namprd12.prod.outlook.com>
In-Reply-To: <IA1PR12MB83115DCED7B9276893F675EDA4512@IA1PR12MB8311.namprd12.prod.outlook.com>
From: narsimharaj pentam <pnarsimharaj@gmail.com>
Date: Wed, 28 Feb 2024 08:39:01 +0530
Message-ID: <CAFLDJDqcvs2579S+HGqmwVnbzwK5_0gfVOVnrr06QKWHSwtXOg@mail.gmail.com>
Subject: Re: VLAN filtering in mlx5
To: Dariusz Sosnowski <dsosnowski@nvidia.com>
Cc: "users@dpdk.org" <users@dpdk.org>
Content-Type: multipart/alternative; boundary="0000000000009e306b06126877ee"
X-BeenThere: users@dpdk.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DPDK usage discussions <users.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/users>,
 <mailto:users-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/users/>
List-Post: <mailto:users@dpdk.org>
List-Help: <mailto:users-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/users>,
 <mailto:users-request@dpdk.org?subject=subscribe>
Errors-To: users-bounces@dpdk.org

--0000000000009e306b06126877ee
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

Thanks  Dariusz Sosnowski.

BR
Narsimha

On Mon, Feb 19, 2024 at 10:20=E2=80=AFPM Dariusz Sosnowski <dsosnowski@nvid=
ia.com>
wrote:

> Hi,
>
> I apologize for the very late response.
>
> > From: narsimharaj pentam <pnarsimharaj@gmail.com>
> > Sent: Friday, August 18, 2023 05:34
> > To: users@dpdk.org
> > Subject: VLAN filtering in mlx5
> >
> > Hi
> >
> > We are using a mellanox mlx5 card (firmware version: 16.35.1012) with
> mlx5_pci driver.  Enabled multiple ports  DPDK port 0 (internally referre=
d
> as slot 1 port 0: s1p0)  and DPDK port 1(slot 0 port 0 : s0p0). Multiple
> vlans are created on each of these interfaces , s0p0.100,
> > s0p0.101,s0p0.102  and s0p1.200,s0p1.201,s0p1.202.
> Are these kernel VLAN interfaces?
>
> > In our network we receive broadcast (ARP) and multicast(ICMPV6 for
> neighbour discovery) on port 0 and port 1. At the DPDK application we are
> observing the packets intended for interface s0p0.100 are  landing on oth=
er
> vlan interfaces s0p0.101,sop0.102.
> > The VLAN traffic is not segregated accordingly.
> >
> > Do we support VLAN filtering in mlx5 ?
> >
> > Came across VLAN filtering "vlan_filter_set" , will this help to drop
> unintended VLAN traffic ? or  Do we need to create any VLAN specific rte
> flows in addition to the vlan filter set ?
> VLAN filtering is supported by mlx5 PMD.
>
> It's important to note that:
> - VLAN configuration in the kernel is not inherited by the mlx5 PMD.
> - When DPDK application is started on mlx5 devices, application will
> intercept the traffic - unless flow isolation is enabled (
> https://doc.dpdk.org/guides/howto/flow_bifurcation.html).
> - Which packets are intercepted by an application depends on:
>     - Promiscuous mode.
>     - All multicast mode:
>         - If enabled ALL multicast packets from ALL VLANs are received.
>         - If disabled, only broadcast and IPv6 multicast traffic from
> registered VLANs is received.
>     - Registered MAC Addresses - default one and additional registered
> through rte_eth_dev_mac_addr_add()
>     - Registered VLANs - registered through rte_eth_dev_vlan_filter()
> VLAN filtering itself does not require any additional flow rules.
>
> So, if I understand the requirement correctly, then in your case it would
> be required to:
> - Disable promiscuous mode on both ports
> - Disable all multicast mode on both ports
> - On s0p0 explicitly enable VLANs 100, 101 and 102 through
> rte_eth_dev_vlan_filter().
> - On s1p0 explicitly enable VLANs 200, 201 and 202 through
> rte_eth_dev_vlan_filter().
>
> Best regards,
> Dariusz Sosnowski
>

--0000000000009e306b06126877ee
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div>Thanks=C2=A0 Dariusz Sosnowski.</div><div><br></div>B=
R<div>Narsimha</div><div><br><div class=3D"gmail_quote"><div dir=3D"ltr" cl=
ass=3D"gmail_attr">On Mon, Feb 19, 2024 at 10:20=E2=80=AFPM Dariusz Sosnows=
ki &lt;<a href=3D"mailto:dsosnowski@nvidia.com">dsosnowski@nvidia.com</a>&g=
t; wrote:<br></div><blockquote class=3D"gmail_quote" style=3D"margin:0px 0p=
x 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Hi,<br=
>
<br>
I apologize for the very late response.<br>
<br>
&gt; From: narsimharaj pentam &lt;<a href=3D"mailto:pnarsimharaj@gmail.com"=
 target=3D"_blank">pnarsimharaj@gmail.com</a>&gt; <br>
&gt; Sent: Friday, August 18, 2023 05:34<br>
&gt; To: <a href=3D"mailto:users@dpdk.org" target=3D"_blank">users@dpdk.org=
</a><br>
&gt; Subject: VLAN filtering in mlx5<br>
&gt; <br>
&gt; Hi <br>
&gt; <br>
&gt; We are using a mellanox mlx5 card (firmware version: 16.35.1012) with =
mlx5_pci driver.=C2=A0 Enabled multiple ports =C2=A0DPDK port 0 (internally=
 referred as slot 1 port 0: s1p0) =C2=A0and DPDK port 1(slot 0 port 0 : s0p=
0). Multiple vlans are created on each of these interfaces , s0p0.100,<br>
&gt; s0p0.101,s0p0.102 =C2=A0and s0p1.200,s0p1.201,s0p1.202.<br>
Are these kernel VLAN interfaces?<br>
<br>
&gt; In our network we receive broadcast (ARP) and multicast(ICMPV6 for nei=
ghbour discovery) on port 0 and port 1. At the DPDK application we are obse=
rving the packets intended for interface s0p0.100 are =C2=A0landing on othe=
r vlan interfaces s0p0.101,sop0.102.<br>
&gt; The VLAN traffic is not segregated accordingly.<br>
&gt; <br>
&gt; Do we support VLAN filtering in mlx5 ?<br>
&gt; <br>
&gt; Came across VLAN filtering &quot;vlan_filter_set&quot; , will this hel=
p to drop unintended VLAN traffic ? or=C2=A0 Do we need to create any VLAN =
specific rte flows in addition to the vlan filter set ?=C2=A0<br>
VLAN filtering is supported by mlx5 PMD.<br>
<br>
It&#39;s important to note that:<br>
- VLAN configuration in the kernel is not inherited by the mlx5 PMD.<br>
- When DPDK application is started on mlx5 devices, application will interc=
ept the traffic - unless flow isolation is enabled (<a href=3D"https://doc.=
dpdk.org/guides/howto/flow_bifurcation.html" rel=3D"noreferrer" target=3D"_=
blank">https://doc.dpdk.org/guides/howto/flow_bifurcation.html</a>).<br>
- Which packets are intercepted by an application depends on:<br>
=C2=A0 =C2=A0 - Promiscuous mode.<br>
=C2=A0 =C2=A0 - All multicast mode:<br>
=C2=A0 =C2=A0 =C2=A0 =C2=A0 - If enabled ALL multicast packets from ALL VLA=
Ns are received.<br>
=C2=A0 =C2=A0 =C2=A0 =C2=A0 - If disabled, only broadcast and IPv6 multicas=
t traffic from registered VLANs is received.<br>
=C2=A0 =C2=A0 - Registered MAC Addresses - default one and additional regis=
tered through rte_eth_dev_mac_addr_add()<br>
=C2=A0 =C2=A0 - Registered VLANs - registered through rte_eth_dev_vlan_filt=
er()<br>
VLAN filtering itself does not require any additional flow rules.<br>
<br>
So, if I understand the requirement correctly, then in your case it would b=
e required to:<br>
- Disable promiscuous mode on both ports<br>
- Disable all multicast mode on both ports<br>
- On s0p0 explicitly enable VLANs 100, 101 and 102 through rte_eth_dev_vlan=
_filter().<br>
- On s1p0 explicitly enable VLANs 200, 201 and 202 through rte_eth_dev_vlan=
_filter().<br>
<br>
Best regards,<br>
Dariusz Sosnowski<br>
</blockquote></div></div></div>

--0000000000009e306b06126877ee--