From patchwork Thu Apr 13 09:58:21 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: Ido Schimmel <idosch@nvidia.com>
X-Patchwork-Id: 13210059
Return-Path: <netdev-owner@vger.kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by smtp.lore.kernel.org (Postfix) with ESMTP id C8A3AC77B61
	for <netdev@archiver.kernel.org>; Thu, 13 Apr 2023 09:59:10 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S230131AbjDMJ7I (ORCPT <rfc822;netdev@archiver.kernel.org>);
        Thu, 13 Apr 2023 05:59:08 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48664 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S230085AbjDMJ7H (ORCPT
        <rfc822;netdev@vger.kernel.org>); Thu, 13 Apr 2023 05:59:07 -0400
Received: from NAM02-SN1-obe.outbound.protection.outlook.com
 (mail-sn1nam02on2089.outbound.protection.outlook.com [40.107.96.89])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 64DEA7285
        for <netdev@vger.kernel.org>; Thu, 13 Apr 2023 02:59:06 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=VbsIUVbTWB1GqFp5j2uTeJs4lsGBzTGdwX56y940DrN+JMM1eppkPC79Ckmzt/HLkTw0yP3VfetjTQAgyiWJlSjpV1dCtL51U8KbuC0qt/oFQ4G5nvyCoZxE+JYBxJW95PgFuUsU1jbTFx9sJfUAXGs3+97V+Ozk6NiD4BgTdoarxV/jwcNrfnH1xCG4BK5O+oOc43GaQxlTlUsm4YAGNjrDmvVNqeBFbyP1Bi3StlPKV7fruR52poP2TctMeapynsHZ/acN9s2cOEspLvGAVGWSV9RvSz3qP0Oa5ZrqPKrPXT9hrNaokwviDO/fVUgegkNlpk4+pPbvmXynzgfq/w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
 bh=dXlAMXX7PsgaqpiH81XPYfgT7bIykepEEew2TSQ9Avg=;
 b=TVdmDiRr09lznu4k5mMUv5wvM4IJlnpPSx4g9dBLcD7hW1ql1pCaueklpGzCpjJNIr622sNvrdWs0VR18q9H0u/4ZTMYvmh+EyDJ4NJmmAUzyvqyvFCWJ8HsEtrpl/hDlhJ5BEMMkewjGgNai2ENlqdMrY9s6lyX3mi6VW1shnfQfnE4M+0fr8RPQ1Wxql1YVgBvOv+1y+vjSskvc1+y6n/TA2uGZ28TZXY81TSizvtlw2sKfkloUzDKHa1swDFnx8rqurC/D3JxK8m9nNcoWqViks8KMcDnKZVZFEfH4XUMbopB0lgGUfTqAZgpEyCm4PwTetrfyQ0l7tGA/W0Eog==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=nvidia.com; dmarc=pass action=none header.from=nvidia.com;
 dkim=pass header.d=nvidia.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Nvidia.com;
 s=selector2;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=dXlAMXX7PsgaqpiH81XPYfgT7bIykepEEew2TSQ9Avg=;
 b=daYkTwF2csHYJDytDC4XuTJYReyX8Gg6FT9vvaDIXg1D2oxar1c1zGBEdL+SZrrKUQKC0ymzgzHulRZpPrzZ6TF+0l2G8OSRvjhZTox46fB5WR7WdQzwQQ2Fw25vMYg6LDt4VD7LqsmQ7gW5SJ0M4BeRAJdGt3cbU9lOKfeHQqbN/QYXhU3PiyvFzFJavMn0KKI7KQG7UTWLjn8nCZVyPzkuMAd69etkRPaqZ0txr5fP3uijKVlwi8j0PXVDaeRBm9NcdnBAmmR2paCcDuN1TbGj7gHoRDS1G8uhcVB8l3YR8mRrzuSgxeYVPLiCqRCajoleNU2ykz//xcMby8Kw5g==
Authentication-Results: dkim=none (message not signed)
 header.d=none;dmarc=none action=none header.from=nvidia.com;
Received: from CY5PR12MB6179.namprd12.prod.outlook.com (2603:10b6:930:24::22)
 by MW6PR12MB7070.namprd12.prod.outlook.com (2603:10b6:303:238::7) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6277.38; Thu, 13 Apr
 2023 09:59:04 +0000
Received: from CY5PR12MB6179.namprd12.prod.outlook.com
 ([fe80::d228:dfe5:a8a8:28b3]) by CY5PR12MB6179.namprd12.prod.outlook.com
 ([fe80::d228:dfe5:a8a8:28b3%5]) with mapi id 15.20.6277.036; Thu, 13 Apr 2023
 09:59:03 +0000
From: Ido Schimmel <idosch@nvidia.com>
To: netdev@vger.kernel.org, bridge@lists.linux-foundation.org
Cc: davem@davemloft.net, kuba@kernel.org, pabeni@redhat.com,
        edumazet@google.com, razor@blackwall.org, roopa@nvidia.com,
        petrm@nvidia.com, mlxsw@nvidia.com,
        Ido Schimmel <idosch@nvidia.com>
Subject: [RFC PATCH net-next 0/9] bridge: Add per-{Port,
 VLAN} neighbor suppression
Date: Thu, 13 Apr 2023 12:58:21 +0300
Message-Id: <20230413095830.2182382-1-idosch@nvidia.com>
X-Mailer: git-send-email 2.37.3
X-ClientProxiedBy: VI1P195CA0004.EURP195.PROD.OUTLOOK.COM
 (2603:10a6:800:d0::14) To CY5PR12MB6179.namprd12.prod.outlook.com
 (2603:10b6:930:24::22)
MIME-Version: 1.0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: CY5PR12MB6179:EE_|MW6PR12MB7070:EE_
X-MS-Office365-Filtering-Correlation-Id: 7c4f33c5-ec74-4bd7-5ab0-08db3c05b64a
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: 
 xuRQQDvdir0ASQBgR+eODipZqNe9JE1TCbvS1G2ENN9Fp37WNJMkoHRlhskKho7A5zqiFhWX+JSRSfqXCArdSpCzS2Ivqq5zqhyX/yEeCnp66tv5rfhz67B7YpeqzVywaIMtOMraB7sp1qJ5CDYrIBLGQtYfMidDWbDhJK7UjifG+IbQCHqVJvZh3w1q/+7a+HNTPlAcc09X0bC62QEe42iqpFfETM3bGIU/2p0grcLc2tRn1H81It9ryQK6z1be+zCkvS4o/iuc8ArceR0x5xw1ln/Qe52dJo9lX9JJaXmbGA3Ax4u4UfTphWv1sCD6b6r0jMcqC1koqeDkbzJsOHe8ADSUop8NH4vNZQQ4uLiGemFWhrlrlTHJpJAm6bfKW6+h3/pz2vGqFlDg1WdkndwWbKf2WNMSUdMGfr44aUyF/ZJByWeRUULDHEo+17g1L/3JrU7Q747v7P62o/yL8wJSG3k1f7pg1eU7a6DviAFXuR4W8j1uvrec22qbG1HykqSi21WvRKMTVqU07fMrHS+2AqdXQBr2M07ccpus2AtblOrU8VHYEl5azjF8aKtGpeGSk2VnNW/yMM+yjBGs3U/QWHylq+cHxy5++B1hu/AVoqS2NFDo6PEa2Hjzr4bL037JUJwiHIvFGsC/H1/KVg==
X-Forefront-Antispam-Report: 
 CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:CY5PR12MB6179.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230028)(4636009)(39860400002)(366004)(346002)(376002)(136003)(396003)(451199021)(36756003)(2906002)(26005)(478600001)(8936002)(38100700002)(2616005)(66574015)(6486002)(966005)(1076003)(6512007)(6506007)(83380400001)(186003)(5660300002)(86362001)(66476007)(4326008)(66946007)(8676002)(66556008)(316002)(107886003)(6666004)(41300700001);DIR:OUT;SFP:1101;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?q?Kzz6j8HS+hSpXd7q05eq55CeZ73w?=
	=?utf-8?q?e0NRVMDuSJt82F/yVllsr5YzRI1dvSq8hTFSWjGPxwVfrEN9+Cnaa3wBy/OJBa/Et?=
	=?utf-8?q?ad+GDV1QLFLscDGDf+d/wvN9kFIBpZcMkmE0S5y1IuQx+jrpAyZ6UhHPoNTi1P4Ba?=
	=?utf-8?q?ePQW+QaOF6/nTW4qu3wgXDrxyZmv+x1gLTt+nHaVmIz2+34nD/Z7YlySC9TlDzdCg?=
	=?utf-8?q?EAJhjHmHCzrL3bHZWKZaWTAic2oYTUIRJ/eAmeTFywb7Z/jNC3tXvS7R40VZANYDD?=
	=?utf-8?q?ew6HfXq01KlAxwOeiw5TGfCvQP2IBANpZdsAANDULIVTRv/taAQ4xoclCzaqAR03a?=
	=?utf-8?q?K2v0k+JuYR4v5XGLr3ZPy+KhmWqX2G5Btl/yTEE4fvP786ep4AoOAWyqoU1OjGj1A?=
	=?utf-8?q?3XxWD42uUI72mk4N7h/gMEn+ZxzQVo5sXWvriSdp4HUbR61EorVH0O/Ck8jrA1B8q?=
	=?utf-8?q?dd0fcCqHB3y4tTblTzjZDWFWmbuAZCyEootbKayNjlaHoKzPbjeYECT4L5oGVqI/L?=
	=?utf-8?q?qVV4wayfGVWXIlK8hJ3LKvwa5LaGAEbV9fQsLgW2jk+tfFqyxQq/QdqBiOts1Q1yX?=
	=?utf-8?q?HtNCGXfJGjanHIbhT937v3LRmVeDDU69TaVipNdt2RhpD7vbCHNYq+hlAVN8Hne5M?=
	=?utf-8?q?et7q5DrycAySnM2Oey9RSjagzWwFgTi6zTHcnr/anbu+nzphcnCE78KaEOJHnWpw7?=
	=?utf-8?q?ONN+3vPrgtI+0MFKwKJENj7H6SoqCEW8HmzIK+GoZ1AvxVhxhMIRd3tQLcRnNCgNa?=
	=?utf-8?q?EsGW2o3OYLJzbEDV0QOurBUSSiY+RcyQfHL7foAtgsVCd8u50o7iVX5IRaAIy9oqL?=
	=?utf-8?q?CqTG5qb4HGj849JIlVrrpyhn9Yq9TZKq+AsQdBTBtA0r3jYvH/bTEVI+80Se/kKgM?=
	=?utf-8?q?/vH4HwdbB/VMO+kTfT7/93Brm7N5+aNBtKcLq24w4bOWGs7rxIWr6dupHsrMb6QKa?=
	=?utf-8?q?HuKDHk/K/Xh8TRmucuIffiW1XmWaONHGCfhnEFMeWrOBOh2Q3S0tMPrs498dq1dq8?=
	=?utf-8?q?XP4RlWVnWhXadiFcXtGUPkHfC8HIrP28Nv9vCbSRBvQn4itDJAGQfAC8aQ3/hbdkV?=
	=?utf-8?q?Q8y1/HuAWdIJ+ChB/NdkKzcqRMvrivPYmOljTQG/hrM41dsWPPXHu47d8KM2luyMi?=
	=?utf-8?q?Ky6qX4H0GCkAdGXZXwimouUqxCjJcIejFW7Kc1/9qf3aChmUjlXoaKGUuMMJJEMaB?=
	=?utf-8?q?qa3AY8If3QRh2d1bNjen0ne9pPapgyZifX+4Mutl0RQwfxlzUlfkEF3xbrZkW1j7H?=
	=?utf-8?q?6Bwr+q8tQpL9Ua68122A6Czq4rB9sEGl9zSL503dzBI4fwtngxhQcqhtXyX/tsJR7?=
	=?utf-8?q?+p9GQmYKVoUvYInFb9UMMRu+N666SvsCuZIXVqEd0Oqvyf0wrX9OrI0mEZQZ9ybRA?=
	=?utf-8?q?SzR5k7+0bzXl9veTycD1hTudPtGae3VwDPeyA1SVxDHptJX4PFzw83mUk/FmC5a1m?=
	=?utf-8?q?yLImVxwD7gu8+nI60X8wVNAlKMmr/G7Vmslo7p19n3HfuHtNWOT5nPOsoSte19gbB?=
	=?utf-8?q?MKPbATFLaFJi?=
X-OriginatorOrg: Nvidia.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 7c4f33c5-ec74-4bd7-5ab0-08db3c05b64a
X-MS-Exchange-CrossTenant-AuthSource: CY5PR12MB6179.namprd12.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 13 Apr 2023 09:59:03.8386
 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 43083d15-7273-40c1-b7db-39efd9ccc17a
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: 
 cz02nuiwol89kFPddSieXHz7rouNV4+f9XySOZBkl30qVkHsK/+DYRjgiPdILkRZhoVJKikhUwtElOvhYpllkQ==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MW6PR12MB7070
Precedence: bulk
List-ID: <netdev.vger.kernel.org>
X-Mailing-List: netdev@vger.kernel.org
X-Patchwork-Delegate: kuba@kernel.org
X-Patchwork-State: RFC

Background
==========

In order to minimize the flooding of ARP and ND messages in the VXLAN
network, EVPN includes provisions [1] that allow participating VTEPs to
suppress such messages in case they know the MAC-IP binding and can
reply on behalf of the remote host. In Linux, the above is implemented
in the bridge driver using a per-port option called "neigh_suppress"
that was added in kernel version 4.15 [2].

Motivation
==========

Some applications use ARP messages as keepalives between the application
nodes in the network. This works perfectly well when two nodes are
connected to the same VTEP. When a node goes down it will stop
responding to ARP requests and the other node will notice it
immediately.

However, when the two nodes are connected to different VTEPs and
neighbor suppression is enabled, the local VTEP will reply to ARP
requests even after the remote node went down, until certain timers
expire and the EVPN control plane decides to withdraw the MAC/IP
Advertisement route for the address. Therefore, some users would like to
be able to disable neighbor suppression on VLANs where such applications
reside and keep it enabled on the rest.

Implementation
==============

The proposed solution is to allow user space to control neighbor
suppression on a per-{Port, VLAN} basis, in a similar fashion to other
per-port options that gained per-{Port, VLAN} counterparts such as
"mcast_router". This allows users to benefit from the operational
simplicity and scalability associated with shared VXLAN devices (i.e.,
external / collect-metadata mode), while still allowing for per-VLAN/VNI
neighbor suppression control.

The user interface is extended with a new "neigh_vlan_suppress" bridge
port option that allows user space to enable per-{Port, VLAN} neighbor
suppression on the bridge port. When enabled, the existing
"neigh_suppress" option has no effect and neighbor suppression is
controlled using a new "neigh_suppress" VLAN option. Example usage:

 # bridge link set dev vxlan0 neigh_vlan_suppress on
 # bridge vlan add vid 10 dev vxlan0
 # bridge vlan set vid 10 dev vxlan0 neigh_suppress on

Testing
=======

Tested using existing bridge selftests. Added a dedicated selftest in
the last patch.

Patchset overview
=================

Patches #1-#5 are preparations.

Patch #6 adds per-{Port, VLAN} neighbor suppression support to the
bridge's data path.

Patches #7-#8 add the required netlink attributes to enable the feature.

Patch #9 adds a selftest.

iproute2 patches can be found here [3].

[1] https://www.rfc-editor.org/rfc/rfc7432#section-10
[2] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a42317785c898c0ed46db45a33b0cc71b671bf29
[3] https://github.com/idosch/iproute2/tree/submit/neigh_suppress_v1

Ido Schimmel (9):
  bridge: Reorder neighbor suppression check when flooding
  bridge: Pass VLAN ID to br_flood()
  bridge: Add internal flags for per-{Port, VLAN} neighbor suppression
  bridge: Take per-{Port, VLAN} neighbor suppression into account
  bridge: Encapsulate data path neighbor suppression logic
  bridge: Add per-{Port, VLAN} neighbor suppression data path support
  bridge: vlan: Allow setting VLAN neighbor suppression state
  bridge: Allow setting per-{Port, VLAN} neighbor suppression state
  selftests: net: Add bridge neighbor suppression test

 include/linux/if_bridge.h                     |   1 +
 include/uapi/linux/if_bridge.h                |   1 +
 include/uapi/linux/if_link.h                  |   1 +
 net/bridge/br_arp_nd_proxy.c                  |  33 +-
 net/bridge/br_device.c                        |   8 +-
 net/bridge/br_forward.c                       |   8 +-
 net/bridge/br_if.c                            |   2 +-
 net/bridge/br_input.c                         |   2 +-
 net/bridge/br_netlink.c                       |   8 +-
 net/bridge/br_private.h                       |   5 +-
 net/bridge/br_vlan.c                          |   1 +
 net/bridge/br_vlan_options.c                  |  20 +-
 net/core/rtnetlink.c                          |   2 +-
 tools/testing/selftests/net/Makefile          |   1 +
 .../net/test_bridge_neigh_suppress.sh         | 862 ++++++++++++++++++
 15 files changed, 936 insertions(+), 19 deletions(-)
 create mode 100755 tools/testing/selftests/net/test_bridge_neigh_suppress.sh
Acked-by: Nikolay Aleksandrov <razor@blackwall.org>