Linus Lüssing
2019-Feb-15 17:13 UTC
[Bridge] [PATCH RFC] net: bridge: don't flood known multicast traffic when snooping is enabled
On Fri, Feb 15, 2019 at 03:04:27PM +0200, Nikolay Aleksandrov wrote:> Every user would expect to have traffic forwarded only to the configured > mdb destination when snooping is enabled, instead now to get that one > needs to enable both snooping and querier. Enabling querier on all > switches could be problematic and is not a good solution,There is no need to set the querier on all snooping switches. br_multicast_querier_exists() checks if a querier exists on the link in general, not if this particular host/bridge is a querier.> for example as summarized by our multicast experts: > "every switch would send an IGMP queryWhat? RFC3810, section 7.1 says: "If it is the case, a querier election mechanism (described in section 7.6.2) is used to elect a single multicast router to be in Querier state. [...] Nevertheless, it is only the [elected] Querier that sends periodical or triggered query messages on the subnet."> for any random multicast traffic it > received across the entire domain and it would send it forever as long as a > host exists wanting that stream even if it has no downstream/directly > connected receivers"Queries are not send for "any random multicast traffic", but either periodically (general query) or in response to changes on multicast address listener state (multicast address specific query). More precisely, if a host leaves a group and sends an IGMPv3/MLDv2 report or IGMPv2/MLDv1 "Leave Group"/"Done" message for that.> Sending as an RFC to get the discussion going, but I'm strongly for > removing this behaviour and would like to send this patch officially.While reading the code I'm getting confused with the mrouters_only flag again... (if I remember correctly it never did what its name implied) I'd have to test / play with your change to check, but maybe you have tested these scenarios already: What happens if: - no querier exists on the link - you have added static MDB entries from userspace => will only ports with statically configured MDB entries receive multicast traffic? what happens to other ports? => with no queries, those other ports will stay rather silent, they will not send any reports => do they miss multicast traffic / will IPv6 (ND) break for them? And what happens if: - no querier exists on the link - one port gets an unsolicited MLD report, i.e. because a host has just started to listen to a particular multicast address => will only this port receive multicast traffic? what happens to other ports that have listeners for the same multicast group? (and what currently confuses me while reading the code if a - a querier exists - but no listener for a particular IPv6 group / no mdst - for IPv6 link-local multicast traffic (so mrouters_only = 0?) => will this result in always flooding multicast traffic for this particular IPv6 link-local multicast group to all ports? => reading the code it seems like, but I had remembered it differently; for IPv4 this makes sense, as IGMP is not mandatory for link-local addresse, however for IPv6 this seems unnecessary, dropping should be the correct approach if an MLD querier exists) Have you done some tests with this change yet, Nikolay? Regards, Linus
Nikolay Aleksandrov
2019-Feb-16 08:05 UTC
[Bridge] [PATCH RFC] net: bridge: don't flood known multicast traffic when snooping is enabled
On 15/02/2019 19:13, Linus L?ssing wrote:> On Fri, Feb 15, 2019 at 03:04:27PM +0200, Nikolay Aleksandrov wrote: >> Every user would expect to have traffic forwarded only to the configured >> mdb destination when snooping is enabled, instead now to get that one >> needs to enable both snooping and querier. Enabling querier on all >> switches could be problematic and is not a good solution, > > There is no need to set the querier on all snooping switches. > br_multicast_querier_exists() checks if a querier exists on the > link in general, not if this particular host/bridge is a querier. >We need a generic solution for the case of existing mdst and no querier. More below.> >> for example as summarized by our multicast experts: >> "every switch would send an IGMP query > > What? RFC3810, section 7.1 says: > > "If it is the case, a querier election mechanism (described in > section 7.6.2) is used to elect a single multicast router to be > in Querier state. [...] Nevertheless, it is only the [elected] Querier > that sends periodical or triggered query messages on the subnet." > >> for any random multicast traffic it >> received across the entire domain and it would send it forever as long as a >> host exists wanting that stream even if it has no downstream/directly >> connected receivers" >This was taken out of context and it's my bad, I think everyone is aware of the election process, please nevermind the above statement. [snip]>> > Have you done some tests with this change yet, Nikolay? >You've raised good questions, IPv6 indeed needs more work - we'll have to flood link-local packets etc. but I wanted to have a discussion about no querier/existing mdst. To simplify we can modify the patch and have traffic forwarded to the proper ports when an mdst exists and there is no querier for both unsolicited report and user-added entry. We can keep the current behaviour for unknown traffic with and without querier. This would align it closer to what other vendors currently do as well IIRC. What do you think ? Thanks, Nik