Page MenuHomeVyOS Platform
Create Task
Maniphest T4498

bridge: Add option to enable/disable IGMP/MLD snooping
Closed, ResolvedPublicFEATURE REQUEST
Actions

Description

Currently, there's no option to enable/disable snooping in VyOS's configuration system. When adding a bridge, igmp_snooping is automatically enabled:

$ cat /sys/class/net/br0/bridge/multicast_snooping
1

However, when enable-vlan is also enabled on the bridge, multicast traffic might be blocked because Linux kernel's multicast snooping/querier is not VLAN-aware until 5.15-rc1 (See patches https://lwn.net/ml/netdev/[email protected]/ and https://lwn.net/ml/linux-kernel/[email protected]/).

I've met an issue that IPv6 is broken on bridged VLAN trunk interfaces. This is because IPv6 requires multicast for neighbor discovery, however the kernel VyOS is using doesn't support VLAN-aware multicast snooping and querier. Disabling multicast snooping on the bridge can solve this issue. I think before VyOS is moved to a kernel that support VLAN multicast snooping, we can add a config option to allow users to enable/disable multicast snooping.

I think we can have an option like set interfaces bridge brN igmp snooping to enable multicast snooping. Unless this option is set, multicast snooping should be disabled. Disabling multicast snooping should not break things except that all multicast traffic will be treated as broadcast on the bridge. It may degrade the performance on a network with very busy multicast traffic but I think that kind of network is rare.

I am looking forward to hear more thoughts about this. Thank you.

Details

Difficulty level
Normal (likely a few hours)
Version
-
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Perfectly compatible
Issue type
Improvement (missing useful functionality)

Event Timeline

vfreex created this task.Jun 29 2022, 9:53 AM

PR to add the option: https://github.com/vyos/vyos-1x/pull/1378

Viacheslav added a subscriber: Viacheslav.Jun 29 2022, 10:23 AM

If the default option is enabled or 1
Maybe it makes sense to create disable option like:

set interfaces bridge br0 ip disable-multicast-snooping
pasik added a subscriber: pasik.Jun 29 2022, 11:12 AM
vfreex added a comment.Jun 30 2022, 4:21 AM

@Viacheslav There is already a set interfaces bridge brN igmp node. If the default option is enabled, I think set interfaces bridge brN igmp disable-snooping would sound better.
I prefer to have IGMP snooping disabled as the default option, since improper IGMP snooping causes issues while disabling IGMP snooping doesn't.

Viacheslav changed the task status from Open to Needs testing.Jun 30 2022, 5:55 AM
Viacheslav assigned this task to vfreex.
vfreex added a comment.EditedJul 3 2022, 6:17 AM

I already tested the PR before submitting:

# set interfaces bridge br0 igmp snooping
# commit
# cat /sys/class/net/br0/bridge/multicast_snooping
1

# delete interfaces bridge br0 igmp snooping
# commit
# cat /sys/class/net/br0/bridge/multicast_snooping
0

Is there any further testing needed by me or someone else will do that?

c-po added a subscriber: c-po.Jul 4 2022, 7:54 AM

Is there any further testing needed by me or someone else will do that?

I have added a smoketest which runs on every ISO build to test your set/delete commands. Other then that, an update to the documentation would be appreciated.

https://github.com/vyos/vyos-documentation/blob/master/docs/configuration/interfaces/bridge.rst

c-po closed this task as Resolved.Jul 4 2022, 7:54 AM
c-po triaged this task as Normal priority.
c-po changed Difficulty level from Unknown (require assessment) to Normal (likely a few hours).
vfreex added a comment.Jul 7 2022, 5:52 PM

@c-po I opened https://github.com/vyos/vyos-documentation/pull/805