How physical ports of WR3000 all mapped to wan/lan1/lan2/lan3 logical interfaces? By using 802.1q tagging on the switch side and feeding into eth0, then untagging on kernel side? Or there is some other magic packet taging handled by eth0 driver? Does it means packet switching between for example lan1 and lan3 is done software way by configuring bridge or there is hidden layer on switch which handle mac learning and packet forwarding?
I could not found any reference to switch configuration, I would expect there is a tool like swconfig or visible somewhere switch port allocations to vlan.
What I want to achieve is to run WAN port bridge to LAN1 interface to connect other router. Technically it works by configuring bridges, but the question is does this wan-bridged traffic affect CPU load on router.
According to the DTS file, all ports are part of the same switch. This means that if you add the wan port to the existing br-lan (which contains lan1-lan3), you will not have any negative performance impacts.
#1, How could you read this from the file? There nothing about HW switching, It does only cover mapping between names like wan, lan1, lan2, etc and port numbers. As I read it, this will lead into creation the local interfaces like lan1@eth0, nothing more.
#2, The scenario described by you (adding wan to br-lan) is not what I want, but it would share same problem, so lets not focus on this.
By oldschool approach, bridges created on linux are handled by software.
If packet is received on any bridge interfaces and does not match match local MAC, it is it is distributed to all parts (except incoming) or to single port (if MAC is known).
My question is if bridged interfaces are created also on the physical switch, so kernel does not need to handle every packet between external interfaces. I am not saying it does not work like that and personally do not see a reason why this should not be doable, but if I were architect I would not hide this inside DSA or hook into bridge module in kernel.
Illustrative drawing from internet from the times before DSA:
If I bridge wan and lan, will WR3000 handle traffic between lan and wan without kernel? (lets ignore the situation that traffic may be delivered to CPU).
We see in the DTS file a switch configuration (and associated labels). There is one switch with port 0 (at the switch chip) mapping to the wan, ports 1-3 mapping to lan1-lan3, and then port 6 goes to the CPU.
It creates this for all of the ports, including the wan port which maps to eth0 because it's on the same switch.
Actually, with DSA, you should operate with a single bridge and then bridge-vlans if you need to separate the ports into other logical groups and/or VLANs.
In the cases where the one or more of the physical ports are individually routed (i.e. not part of the switch chip) and added to a bridge, yes the CPU would need to be involved in the bridge (which is then happening at the software level).
But we can see from the DTS file that all of the ports on this device are indeed part of the same switch. Fundamentally, when ports are present on the bridge and the DTS file indicates that those ports exist on the switch, the switch chip itself is configured such that it handles all the switching between the ports without the need for kernel/CPU intervention.
Actually valid even with DSA, when you consider this as a simplified hardware block diagram. DSA is really about the presentation of the ports to the user space as individually addressable ports, but under the hood, the kernel understands that they are connected to the switch and addresses the ports via the switch. DSA can be thought of as an abstraction of the switch ports.
[EDIT: in your example (from swconfig days), if you bridge the wan and lan by putting eth0.1 and eth0.2 into the same bridge, the kernel/CPU will be responsible for the bridging. However, if you instead remove the logical port associated with the wan port from the swconfig stanza that relates to the wan -- I think that would be eth0.2 in this example -- and add it to the stanza that creates eth0.1, then it would be the switch chip that handles the switching. In the case of DSA, though, this is all handled automatically under the hood and on the switch chip itself when the DTS file indicates all of the relevant ports are under the same switch]
Correct. And the same thing is happening With DSA, that the kernel will configure the switch accordingly instead of the user directly manipulating the switch config via the old swconfig syntax.
WR3000 has 4 ethernet ports for user and one internal 2.5gbit for CPU. It's working under DSA not swconfig. If you set bridge between wan and lan1-3 it will be all in hardware via switch.
Thank you for explanation, I haven't find any clear reference in the DSA neither MTK drivers
Maybe I could do some happy testing and try to sniff some traffic on kernel level, but if everything is handled automatic it could be enabling promiscuous mode will lead to switch reconfiguration
Last side question, is there any software way to rename lan1 into wan2. I meant without rewriting DTS file and rebuilding the whole package.
Option 1, bridge wan to lan1 to connect secondary router
I just made few tests, sent ping flood between wan and lan1 (bridged with wan). In general full success!
If traffic is forwarded between lan1 and wan, no sign on CPU!
I made also a kind of negative test, to prove test scenario works.
If traffic is sent to not existent IP, brodcasted ARP who-has are received by CPU.
Beside of packets, I tried to observe other signs of cpu load just to make sure if this traffic is not hidden from interface. Nothing visible on top, nothing on /proc/loadavg, no increased number of CPU interrupts.
I tried also to sniff on eth0, it seams openwrt tcpdump does not understand DSA L2 header, but at least I could see no packets (or packet flow for any other traffic).
Sounds like you’ve got both the functionality you desire and the answer and evidence to prove that the cpu is not taxed for the l2 traffic through the switch with the wan port included in the bridge.
If your problem is solved, please consider marking this topic as [Solved]. See How to mark a topic as [Solved] for a short how-to.
Thanks!
I can confirm this.
I'm using this device as an AP, and I have grouped all ports into the same bridge. I'm using the 2.5Gb 'wan' port as link to the network (whole network is 2.5Gb). Goal is that the device receives data as fast as possible for retransmitting to wifi. Result is terrific!
