quickly update bridge-vids and bridge-access on vlan-aware bridges and interfaces


Hi,

First, thanks for the wonderful product. We really like using Cumulus Linux in our environment.

We have an environment were we rapidly setup and tear down large vlans across our switching fabric. The the following setup is a mini representation of what we are doing on the Cumulus switches

auto swp1
iface swp1
bridge-allow-untagged no
bridge-vids 4 7 15

auto swp2
iface swp2
bridge-allow-untagged yes
bridge-access 7

auto uplinkA
iface uplinkA
bond-slaves swp3 swp4
bridge-allow-untagged no
bridge-vids 4 7 15

auto bridge
iface bridge
bridge-vlan-aware yes
bridge-ports swp1 swp2 uplinkA
bridge-vids 4 7 15

We have our own code running on the switch that accepts commands from elsewhere in our infrastructure to set up vlans. This code is using Augeas to update the /etc/network/interfaces file and then calls ifup on any interfaces that have had their bridge-vids or bridge-access changed, this program also adds and removes bridge-vids from the bridge itself calling ifup on the bridge of its vlan config has changed.

Question: Calling ifup on the interfaces that have had a vlan configuration change is quite slow (several seconds in some cases). In our environment where vlan churn is quite rapid this slows things down tremendously. Is there a faster way to update an interface if the only thing that has changed is the vlan configuration than ifup? Also note that trunk ports can change to access ports and vice-versa as a part of the vlan churn.

Thanks!

~ ry

2 replies

Userlevel 3
Ryan,

Thanks for the kind words about our product!

There is a much faster way to add/remove VLANs from an interface. Take a look at the "bridge vlan" command:

# bridge vlan help
Usage: bridge vlan { add | del } vid VLAN_ID dev DEV [ pvid] [ untagged ]
[ self ] [ master ]
bridge vlan { show } [ dev DEV ] [ vid VLAN_ID ]
The main difference between doing it this way and doing it with ifupdown2 is that your changes will not survive a reboot of the switch. If that's important to you, then maybe your code should modify /etc/network/interfaces and then call the "bridge vlan" command(s) instead of "ifup".

All of these user space tools (bridge, ifup, etc.) use Netlink to communicate with the kernel and change the configuration. If you are really hard-core your code can use Netlink directly to make these config changes. That would be the fastest, but also the most work to get functioning.

Hope this helps,

Scott

Thank you so much for your quick reply! Looks like using the bridge command directly will work out great. Thanks for the suggestion about netlink too. We have a fair amount of netlink client code of our own, so sometime down the road we may look into using that directly.

cheers

~ ry