lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CAFSKS=PKnhfTVb6Wv+bP-Gs6fNq6EVOXo6Ws9sh-bqaG=8sCxg@mail.gmail.com>
Date:   Mon, 1 Feb 2021 15:25:19 -0600
From:   George McCollister <george.mccollister@...il.com>
To:     Vladimir Oltean <olteanv@...il.com>
Cc:     Jakub Kicinski <kuba@...nel.org>, Andrew Lunn <andrew@...n.ch>,
        Vivien Didelot <vivien.didelot@...il.com>,
        Florian Fainelli <f.fainelli@...il.com>,
        Jonathan Corbet <corbet@....net>, netdev@...r.kernel.org
Subject: Re: [RESEND PATCH net-next 4/4] net: dsa: xrs700x: add HSR offloading support

On Mon, Feb 1, 2021 at 9:29 AM Vladimir Oltean <olteanv@...il.com> wrote:
>
> On Mon, Feb 01, 2021 at 08:05:03AM -0600, George McCollister wrote:
> > Add offloading for HSR/PRP (IEC 62439-3) tag insertion, tag removal
> > forwarding and duplication supported by the xrs7000 series switches.
> >
> > Only HSR v1 and PRP v1 are supported by the xrs7000 series switches (HSR
> > v0 is not).
> >
> > Signed-off-by: George McCollister <george.mccollister@...il.com>
> > ---
>
> Does this switch discard duplicates or does it not? If it does, what
> algorithm does it use? Does it not need some sort of runtime
> communication with the hsr master, like for the nodes table?
> How many streams can it keep track of? What happens when the ring is
> larger than the switch can keep track of in its internal Link Redundancy
> Entity?

It does discard duplicates.

The datasheet says:
"For HSR frames received from a HSR port, it is first checked if the
source MAC address exists in the MAC address table and if the source
node is located in non-HSR/PRP port. The duplicate detection is then
done by first looking at the stored HSR sequence numbers for the other
HSR redundant port: if one matches with the incoming frame’s HSR Tag’s
sequence number, we have a duplicate. Additionally, it is checked
whether a frame with this same sequence number and source MAC address,
that in from this same port has already been forwarded, in which case
the frame is circulating in the ring/network and has to be deleted. If
the frame is neither duplicate nor circulating, it is forwarded
towards its destination(s)."

The datasheet is publicly available here:
https://www.flexibilis.com/downloads/xrs/SpeedChip_XRS7000_3000_User_Manual.pdf

The IEC 62439-3:2016 spec makes it sound like it's the responsibility
of the network designer to make sure it's not possible :
"The maximum time t skewMax between two copies is a network property,
estimated by the
network designer based on the number of bridges and the traffic for a
particular application, e.g. 12 ms."

I don't see how large the table is in the switch. It shows a per model
"HSR proxy node table size" in the datasheet but I think that is just
the table used for the RedBox use case. It also says "Recommended HSR
network size" is up to 512 hops.

The switch does let you change ProxyNodeTableForgetTime (RedBox use
case only I think) and EntryForgetTime in the ADDRESS_AGING register.
The Linux software HSR implementation currently has all of this sort
of thing hardcoded and doesn't implement EntryForgetTime according to
the spec. In the future I can see adding support for this in software
HSR and then later in hardware as well.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ