Help about enabling QinQ about basebox HOT 6 OPEN

Please provide the exact configuration you used.

Also be aware that while we do support using 802.1AD tags instead of 802.1Q tags / ethertype, we currently do not support stacked VLANs (so no actual Q-in-Q).

from basebox.

Also be aware that while we do support using 802.1AD tags instead of 802.1Q tags / ethertype, we currently do not support stacked VLANs (so no actual Q-in-Q).

I think it's better to mention this on the doc. The doc clearly says about "qinq and multiple VLAN tags". Also, could you confirm when you plan to implement the actual QinQ?

from basebox.

After a bit more investigation, it partially works, but not fully as expected.

Here are the results with a bridge in 802.1AD mode:

All learning happens according to the S-TAG / 802.1AD tag.

My first guess would be you stumbled upon the case where PVID does not add the 802.1AD tag to an already 802.1Q tagged frame.

If my guess is wrong, then please share your configuration (or a minimal example) and I can try to figure out where it breaks, and if there is any workaround.

from basebox.

Configs as follow:

ip link del dev swbridge
ip addr flush dev port1
ip addr flush dev port2

ip link add name swbridge type bridge vlan_filtering 1 vlan_protocol 802.1ad vlan_default_pvid 0

ip link set dev port1 master swbridge up
ip link set dev port2 master swbridge up

bridge vlan add vid 11 dev port1 pvid untagged
bridge vlan add vid 11 dev port2

ip link set dev swbridge up

with this scenario:

We test the setup with running a ping on Client.port1

We plan to tag the ingress packets that are already tagged from MySwitch.port1. Then, we expect that any packet that egresses from port2 will be a 802.1ad doubly tagged (vlan 11 as s-tag) packet.

I can see ingress packets on MySwitch.port1 (802.1q arps), but no packets captured on swbridge nor port2. Is there any configurations needed in order to 802.1ad on swbridge works? Required kernel modules is already present and active (8021q).

from basebox.

We plan to tag the ingress packets that are already tagged from MySwitch.port1. Then, we expect that any packet that egresses from port2 will be a 802.1ad doubly tagged (vlan 11 as s-tag) packet.

Unfortunately this is exactly the scenario that does not currently work, i.e. converting single tagged to double tagged and vice versa. Only converting untagged to single tagged works.

I can see ingress packets on MySwitch.port1 (802.1q arps), but no packets captured on swbridge nor port2. Is there any configurations needed in order to 802.1ad on swbridge works? Required kernel modules is already present and active (8021q).

By default you won't see any packets that get forwarded by the ASIC. You can force all packets recieved on a port to be copied to the switch by using the switch_tcpdump utility, which dynamically installs an appropriate ACL flow.

from basebox.

Unfortunately this is exactly the scenario that does not currently work, i.e. converting single tagged to double tagged and vice versa. Only converting untagged to single tagged works.

Could you share more info about the future plan? Is it on the road map?

from basebox.