VLAN Isolation For BCM 5650
1.1 SRS
1.1.1 Function The system shall support VLAN isolation per subscriber port and VLAN as follows.
- The user-isolation shall be per subscriber port and VLAN.
- Two isolation behaviors shall be supported and configurable per VLAN. One is limited-isolation. The other is full-isolation. Following is the definitions to the two kinds isolation behaviors:
? Limited-isolation: Any packets ingress an isolated subscriber port in a VLAN shall not be forwarded to the other subscriber ports with isolation enabled but the uplink ports and the other subscriber ports with isolation disabled, where the subscriber ports and the uplink ports are the member port of the VLAN associated by the ingress packets.
? Full-isolation: Any packets ingress an isolated subscriber port in a VLAN shall not be forwarded to the other ports but the uplink ports only, where the subscriber ports and the uplink ports are the member ports of the VLAN associated by the ingress packets
1.1.2 OAMP
1.2 Overview
BCM 5650 support flexible filter mechanism to support Vlan Isolation function with BCM5650 chipset FFP IRULE/IMASK tables.
The related fields of IRULE/IMASK tables are listed below:
IRULE Table:
Field
Description
Value Set
Remark
ACTION
Filter Action. We need to filter egress mask.
0x80000
Bit 19,
EGRESS_MASK
Mask the ports that will be isolated. Bit N value 1 means the Nth port is isolated. N is 0-based.
IPORT_MODE
0 means IRULE entry use IPORT, 1 means IRULE entry use IPORT_MASK.
1
For BCM5650, we use ingress port mask, so we should set this value to 1.
IPORT_BITMAP
Bit N is 1 neams the ingress port should be included in vlan isolation. If a port is not included in vlan isolation, it can communicate to any other ports except the port which is bit valued 1 in EGRESS_MASK.
N is 0-based.
.
IFILTER
IRULE filter data field.
BCM_FILTER_QUALIFY_VID(unit, tempfilter, vlanId);
We should set VLAN ID in filter field for specified VLAN.
IMASK Table:
Field
Description
Value Set
Remark
IMASK
Set VLAN Filter MASK
Offset 14 in Ethernet packet.
See the following figure for a complete port inter-communiation rule:
figure 1
Complete
Port Inter-communication rule
According to these rules, we can get our filter rules for limited isolation and full isolation. See the following two figures for easy understanding.
figure 3 limited filter rule
figure 4 Full Isolation rule
1.3 Data Structures and Functions
Vlan Isolation Module implementation is based on BCM5650 SDK4.2.6.
There need two types of functions: API and Functional.
Figure 5 Vlan Isolation
Main Functions
The main types are:
VLAN Isolation Entry Type
VLAN Isolation Filter Type
Defined as:
struct
struct
typedef vlan_isolation_entry_s
typedef vlan_isolation_filter_s
VLAN Isolation Entry is used to store VLAN isolation information about each VLAN, it is defined as following:
NODE
int
int
All VLAN isolation entry data is stored in a LIST defined as below:
LIST
VLAN Isolation Filter Type is used to uncoupling VLAN Isolation common codes with BCM SDK specified codes. Its usage is just same as bcm_filter_t. It is defined as following:
int
The main defines are:
#define
#define
There also a serials of error code definition as below:
#define
#define
E_VLAN_ISOLATION_NOT_CHANGE E_VLAN_ISOLATION_NO_ERROR
#define
E_VLAN_ISOLATION_MODE_NOT_CHANGE E_VLAN_ISOLATION_NO_ERROR
#define
E_VLAN_ISOLATION_LIST_DATA_BREAKED E_VLAN_ISOLATION_NO_ERROR
#define
E_VLAN_ISOLATION_OFFSET -3000
#define
E_VLAN_ISOLATION_VLAN_NOT_EXIST -1+E_VLAN_ISOLATION_OFFSET
#define
E_VLAN_ISOLATION_PBM_OVER -2+E_VLAN_ISOLATION_OFFSET
#define
E_VLAN_ISOLATION_MEMORY_FAILED -3+E_VLAN_ISOLATION_OFFSET
#define
E_VLAN_ISOLATION_FILTER_REMOVE_FAILED -4+E_VLAN_ISOLATION_OFFSET
#define
E_VLAN_ISOLATION_FILTER_QUALIFY_FAILED -5+E_VLAN_ISOLATION_OFFSET
#define
E_VLAN_ISOLATION_FILTER_INSTALL_FAILED -6+E_VLAN_ISOLATION_OFFSET
#define
E_VLAN_ISOLATION_MODE_UNCHANGED -7+E_VLAN_ISOLATION_OFFSET
#define
E_VLAN_ISOLATION_FILTER_INIT_FAILED -8+E_VLAN_ISOLATION_OFFSET
#define
E_VLAN_ISOLATION_ENTRY_NOT_FOUND -9+E_VLAN_ISOLATION_OFFSET
#define
E_VLAN_ISOLATION_BMT_NOT_SUPPORT_LIMIT_MODE -10+E_VLAN_ISOLATION_OFFSET
#define
E_VLAN_ISOLATION_PBM_ERROR -11+E_VLAN_ISOLATION_OFFSET
1.3.1 Scenarios
1.3.1.1 Initialization
We should initialize VLAN Isolation global variables and environment at VLAN task startup.
1.3.1.2 VLAN Member Ports Configuration Change
If some member ports in a VLAN is to be removed from VLAN, we should also remove this ports from VLAN isolation entries if they are isolated ports.
1.3.1.3 VLAN Remove
If a VLAN is to be destroyed, we should firstly destroy related VLAN Isolation information.
1.3.1.4 Uninitialization
We should destroy all VLAN Isolation Records when VLAN task is to be terminated.
1.4 VLAN Isolation OAMP API
Reference: doc
