Linus Lüssing
2019-Jun-30 16:56 UTC
[Bridge] [RFC net-next] net: dsa: add support for MC_DISABLED attribute
On Sat, Jun 29, 2019 at 07:29:45PM +0300, Ido Schimmel wrote:> I would like to avoid having drivers take the querier state into account > as it will only complicate things further.I absolutely share your pain. Initially in the early prototypes of multicast awareness in batman-adv we did not consider the querier state. And doing so later did indeed complicate the code a good bit in batman-adv (together with the IGMP/MLD suppression issues). I would have loved to avoid that.> Is there anything we can do about it? Enable the bridge querier if no > other querier was detected? Commit c5c23260594c ("bridge: Add > multicast_querier toggle and disable queries by default") disabled > queries by default, but I'm only suggesting to turn them on if no other > querier was detected on the link. Do you think it's still a problem?As soon as you start becoming the querier, you will not be able to reliably detect anymore whether you are the only querier candidate. If any random Linux host using a bridge device were potentially becoming a querier, that would cause quite some trouble when this host is behind some bad, bottleneck connection. This host will receive all multicast traffic, not just IGMP/MLD reports. And with a congested connection and then unreliable IGMP/MLD, multicast would become unreliable overall in this domain. So it's important that your querier is not running in the "dark, remote, dusty closet" of your network (topologically speaking).> On Sun, Jun 23, 2019 at 10:44:27AM +0300, Ido Schimmel wrote: > > See commit b00589af3b04 ("bridge: disable snooping if there is no > > querier"). I think that's unfortunate behavior that we need because > > multicast snooping is enabled by default. If it weren't enabled by > > default, then anyone enabling it would also make sure there's a querier > > in the network.I do not quite understand that point. In a way, that's what we have right now, isn't it? By default it's disabled, because by default there is no querier on the link. So anyone wanting to use multicast snooping will need to make sure there's a querier in the network. Overall I think the querier (election) mechanism in the standards could need an update. While the lowest-address first might have worked well back then, in uniform, fully wired networks where the position of the querier did not matter, this is not a good solution anymore in networks involving wireless, dynamic connections. Especially in wireless mesh networks this is a bit of an issue for us. Ideally, the querier mechanism were dismissed in favour of simply unsolicited, periodic IGMP/MLD reports... But of course, updating IETF standards is no solution for now. While more complicated, it would not be impossible to consider the querier state, would it? I mean you probably already need to consider the case of a user disabling multicast snooping during runtime, right? So similarly, you could react to appearing or disappearing queriers? Cheers, Linus
Nikolay Aleksandrov
2019-Jul-02 14:27 UTC
[Bridge] [RFC net-next] net: dsa: add support for MC_DISABLED attribute
On 30/06/2019 19:56, Linus L?ssing wrote:> On Sat, Jun 29, 2019 at 07:29:45PM +0300, Ido Schimmel wrote: >> I would like to avoid having drivers take the querier state into account >> as it will only complicate things further. > > I absolutely share your pain. Initially in the early prototypes of > multicast awareness in batman-adv we did not consider the querier state. > And doing so later did indeed complicate the code a good bit in batman-adv > (together with the IGMP/MLD suppression issues). I would have loved to > avoid that. > > >> Is there anything we can do about it? Enable the bridge querier if no >> other querier was detected? Commit c5c23260594c ("bridge: Add >> multicast_querier toggle and disable queries by default") disabled >> queries by default, but I'm only suggesting to turn them on if no other >> querier was detected on the link. Do you think it's still a problem? > > As soon as you start becoming the querier, you will not be able to reliably > detect anymore whether you are the only querier candidate. > > If any random Linux host using a bridge device were potentially becoming > a querier, that would cause quite some trouble when this host is > behind some bad, bottleneck connection. This host will receive > all multicast traffic, not just IGMP/MLD reports. And with a > congested connection and then unreliable IGMP/MLD, multicast would > become unreliable overall in this domain. So it's important that > your querier is not running in the "dark, remote, dusty closet" of > your network (topologically speaking). >+1 We definitely don't want random hosts becoming queriers>> On Sun, Jun 23, 2019 at 10:44:27AM +0300, Ido Schimmel wrote: >>> See commit b00589af3b04 ("bridge: disable snooping if there is no >>> querier"). I think that's unfortunate behavior that we need because >>> multicast snooping is enabled by default. If it weren't enabled by >>> default, then anyone enabling it would also make sure there's a querier >>> in the network. > > I do not quite understand that point. In a way, that's what we > have right now, isn't it? By default it's disabled, because by > default there is no querier on the link. So anyone wanting to use > multicast snooping will need to make sure there's a querier in the > network. >Indeed, also you could create the bridge with explicit mcast parameters if you need different behaviour on start. Unfortunately I think you'll have to handle the querier state.> > Overall I think the querier (election) mechanism in the standards could > need an update. While the lowest-address first might have > worked well back then, in uniform, fully wired networks where the > position of the querier did not matter, this is not a good > solution anymore in networks involving wireless, dynamic connections. > Especially in wireless mesh networks this is a bit of an issue for > us. Ideally, the querier mechanism were dismissed in favour of simply > unsolicited, periodic IGMP/MLD reports... > > But of course, updating IETF standards is no solution for now. > > While more complicated, it would not be impossible to consider the > querier state, would it? I mean you probably already need to > consider the case of a user disabling multicast snooping during > runtime, right? So similarly, you could react to appearing or > disappearing queriers? > > Cheers, Linus >Thanks, Nik
Ido Schimmel
2019-Jul-02 17:11 UTC
[Bridge] [RFC net-next] net: dsa: add support for MC_DISABLED attribute
On Sun, Jun 30, 2019 at 06:56:01PM +0200, Linus L?ssing wrote:> > On Sun, Jun 23, 2019 at 10:44:27AM +0300, Ido Schimmel wrote: > > > See commit b00589af3b04 ("bridge: disable snooping if there is no > > > querier"). I think that's unfortunate behavior that we need because > > > multicast snooping is enabled by default. If it weren't enabled by > > > default, then anyone enabling it would also make sure there's a querier > > > in the network. > > I do not quite understand that point. In a way, that's what we > have right now, isn't it? By default it's disabled, because by > default there is no querier on the link. So anyone wanting to use > multicast snooping will need to make sure there's a querier in the > network.Hi Linus, Querier state is not reflected to drivers ATM, so drivers believe the bridge is multicast aware and unregistered multicast packets are only flooded to mrouter ports. Hosts that are silent (because there is no querier) never get the traffic addressed to them (f.e., IPv6 neighbour solicitation).> Overall I think the querier (election) mechanism in the standards could > need an update. While the lowest-address first might have > worked well back then, in uniform, fully wired networks where the > position of the querier did not matter, this is not a good > solution anymore in networks involving wireless, dynamic connections. > Especially in wireless mesh networks this is a bit of an issue for > us. Ideally, the querier mechanism were dismissed in favour of simply > unsolicited, periodic IGMP/MLD reports... > > But of course, updating IETF standards is no solution for now. > > While more complicated, it would not be impossible to consider the > querier state, would it? I mean you probably already need to > consider the case of a user disabling multicast snooping during > runtime, right?Sure, this is implemented.> So similarly, you could react to appearing or disappearing queriers?Yes, but it's a bit more complicated since we need to differentiate between IPv4 and IPv6. If the bridge is multicast aware, but there is only IPv4 querier on the link, then: 1. All the IPv6 MDB entries need to be removed from the device. At least in mlxsw, we do not have a way to ignore only IPv6 entries. From the device's perspective, an MDB entry is just a multicast DMAC with a bitmap of ports packets should be replicated to. 2. We need to split the flood tables used for IPv4 and IPv6 unregistered multicast packets. For IPv4, packets should only be flooded to mrouter ports whereas for IPv6 packets should be flooded to all the member ports. Do you differentiate between IPv4 and IPv6 in batman-adv?> Cheers, LinusThanks for the feedback!