VLAN Isolation For BCM 5650

1.1 SRS

1.1.1 Function The system shall support VLAN isolation per subscriber port and VLAN as follows.

- The user-isolation shall be per subscriber port and VLAN.

- Two isolation behaviors shall be supported and configurable per VLAN. One is limited-isolation. The other is full-isolation. Following is the definitions to the two kinds isolation behaviors:

? Limited-isolation: Any packets ingress an isolated subscriber port in a VLAN shall not be forwarded to the other subscriber ports with isolation enabled but the uplink ports and the other subscriber ports with isolation disabled, where the subscriber ports and the uplink ports are the member port of the VLAN associated by the ingress packets.

? Full-isolation: Any packets ingress an isolated subscriber port in a VLAN shall not be forwarded to the other ports but the uplink ports only, where the subscriber ports and the uplink ports are the member ports of the VLAN associated by the ingress packets

1.1.2 OAMP

1.2 Overview

BCM 5650 support flexible filter mechanism to support Vlan Isolation function with BCM5650 chipset FFP IRULE/IMASK tables.

The related fields of IRULE/IMASK tables are listed below:

IRULE Table:

Field

Description

Value Set

Remark

ACTION

Filter Action. We need to filter egress mask.

0x80000

Bit 19,

EGRESS_MASK

Mask the ports that will be isolated. Bit N value 1 means the Nth port is isolated. N is 0-based.

IPORT_MODE

0 means IRULE entry use IPORT, 1 means IRULE entry use IPORT_MASK.

For BCM5650, we use ingress port mask, so we should set this value to 1.

IPORT_BITMAP

Bit N is 1 neams the ingress port should be included in vlan isolation. If a port is not included in vlan isolation, it can communicate to any other ports except the port which is bit valued 1 in EGRESS_MASK.

N is 0-based.

IFILTER

IRULE filter data field.

BCM_FILTER_QUALIFY_VID(unit, tempfilter, vlanId);

We should set VLAN ID in filter field for specified VLAN.

IMASK Table:

Field

Description

Value Set

Remark

IMASK

Set VLAN Filter MASK

Offset 14 in Ethernet packet.

See the following figure for a complete port inter-communiation rule:

figure 1

Complete

Port Inter-communication rule

According to these rules, we can get our filter rules for limited isolation and full isolation. See the following two figures for easy understanding.

figure 3 limited filter rule

figure 4 Full Isolation rule

1.3 Data Structures and Functions

Vlan Isolation Module implementation is based on BCM5650 SDK4.2.6.

There need two types of functions: API and Functional.

Figure 5 Vlan Isolation

Main Functions

The main types are:

VLAN Isolation Entry Type

VLAN Isolation Filter Type

Defined as:

struct

vlan_isolation_entry_s

struct

vlan_isolation_filter_s

typedef vlan_isolation_entry_s

vlan_isolation_entry_t

typedef vlan_isolation_filter_s

vlan_isolation_filter_t

VLAN Isolation Entry is used to store VLAN isolation information about each VLAN, it is defined as following:

NODE

int

int

vlan_isolation_filter_t

filter

All VLAN isolation entry data is stored in a LIST defined as below:

LIST

vlan_isolation_pbm_list

VLAN Isolation Filter Type is used to uncoupling VLAN Isolation common codes with BCM SDK specified codes. Its usage is just same as bcm_filter_t. It is defined as following:

int

filter_opaque_type

The main defines are:

#define

VLAN_ISOLATION_LIMITED 1

#define

VLAN_ISOLATION_FULL 0

There also a serials of error code definition as below:

#define

E_VLAN_ISOLATION_NO_ERROR OK

#define

E_VLAN_ISOLATION_NOT_CHANGE E_VLAN_ISOLATION_NO_ERROR