xref: /freebsd/share/man/man4/ng_vlan_rotate.4 (revision 0e8011faf58b743cc652e3b2ad0f7671227610df)
1.\"-
2.\" SPDX-License-Identifier: BSD-2-Clause
3.\"
4.\" Copyright (c) 2019-2021 IKS Service GmbH
5.\"
6.\" Redistribution and use in source and binary forms, with or without
7.\" modification, are permitted provided that the following conditions
8.\" are met:
9.\" 1. Redistributions of source code must retain the above copyright
10.\"    notice, this list of conditions and the following disclaimer.
11.\" 2. Redistributions in binary form must reproduce the above copyright
12.\"    notice, this list of conditions and the following disclaimer in the
13.\"    documentation and/or other materials provided with the distribution.
14.\"
15.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
16.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
17.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
18.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
19.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
20.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
21.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
22.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
23.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
24.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
25.\" SUCH DAMAGE.
26.\"
27.\" Author: Lutz Donnerhacke <lutz@donnerhacke.de>
28.\"
29.Dd January 26, 2021
30.Dt NG_VLAN_ROTATE 4
31.Os
32.Sh NAME
33.Nm ng_vlan_rotate
34.Nd IEEE 802.1ad VLAN manipulation netgraph node type
35.Sh SYNOPSIS
36.In sys/types.h
37.In netgraph.h
38.In netgraph/ng_vlan_rotate.h
39.Sh DESCRIPTION
40The
41.Nm
42node type manipulates the order of VLAN tags of frames tagged
43according to the IEEE 802.1ad (an extension of IEEE 802.1Q) standard
44between different hooks.
45.Pp
46Each node has four special hooks,
47.Va original ,
48.Va ordered ,
49.Va excessive ,
50and
51.Va incomplete .
52.Pp
53A frame tagged with an arbitrary number of
54.Dv ETHERTYPE_VLAN ,
55.Dv ETHERTYPE_QINQ ,
56and
57.Dv 0x9100
58tags received on the
59.Va original
60hook will be rearranged to a new order of those tags and is sent out
61the
62.Dq ordered
63hook.
64After successful processing the
65.Va histogram
66counter for the observed stack size increments.
67.Pp
68If it contains fewer VLANs in the stack than the configured
69.Va min
70limit, the frame is sent out to the
71.Va incomplete
72hook and the
73.Va incomplete
74counter increments.
75.Pp
76If there are more VLANs in the stack than the configured
77.Va max
78limit, the frame is sent out to the
79.Va excessive
80hook and the
81.Va excessive
82counter increments.
83.Pp
84If the destination hook is not connected, the frame is dropped and the
85.Va drops
86counter increments.
87.Pp
88For Ethernet frames received on the
89.Va ordered
90hook, the transformation is reversed and is passed to the
91.Va original
92hook.
93Please note that this process is identical to the one described
94above, besides the ordered/original hooks are swapped and the
95transformation is reversed.
96.Pp
97An Ethernet frame received on the
98.Va incomplete
99or
100.Va excessive
101hook is forwarded to the
102.Va original
103hook without any modification.
104.Pp
105This node supports only one operation at the moment: Rotation of the
106VLANs in the stack.
107Setting the configuration parameter
108.Va rot
109to a positive value, the stack will roll up by this amount.
110Negative values will roll down.
111A typical scenario is setting the value to 1 in order to bring the
112innermost VLAN tag to the outmost level.
113Rotation includes the VLAN id, the ether type, and the QOS parameters
114pcp and cfi.
115Typical QOS handling refers to the outmost setting, so be careful to
116keep your QOS intact.
117.Sh HOOKS
118This node type supports the following hooks:
119.Bl -tag -width incomplete
120.It Va original
121Typically this hook would be connected to a
122.Xr ng_ether 4
123node, using the
124.Va lower
125hook connected to a carrier network.
126.It Va ordered
127Typically this hook would be connected to a
128.Xr ng_vlan 4
129type node using the
130.Va downstream
131hook in order to separate services.
132.It Va excessive
133see below.
134.It Va incomplete
135Typically those hooks would be attached to a
136.Xr ng_eiface 4
137type node using the
138.Va ether
139hook for anomaly monitoring purposes.
140.El
141.Sh CONTROL MESSAGES
142This node type supports the generic control messages, plus the following:
143.Bl -tag -width foo
144.It Dv NGM_VLANROTATE_GET_CONF Pq Ic getconf
145Read the current configuration.
146.It Dv NGM_VLANROTATE_SET_CONF Pq Ic setconf
147Set the current configuration.
148.It Dv NGM_VLANROTATE_GET_STAT Pq Ic getstat
149Read the current statistics.
150.It Dv NGM_VLANROTATE_CLR_STAT Pq Ic clrstat
151Zeroize the statistics.
152.It Dv NGM_VLANROTATE_GETCLR_STAT Pq Ic getclrstat
153Read the current statistics and zeroize it in one step.
154.El
155.Sh EXAMPLES
156The first example demonstrates how to rotate double or triple tagged
157frames so that the innermost C-VLAN can be used as service
158discriminator.
159The single or double tagged frames (C-VLAN removed) are sent out to an
160interface pointing to different infrastructure.
161.Bd -literal
162#!/bin/sh
163
164BNG_IF=ixl3
165VOIP_IF=bge2
166
167ngctl -f- <<EOF
168mkpeer ${BNG_IF}: vlan_rotate lower original
169name ${BNG_IF}:lower rotate
170msg rotate: setconf { min=2 max=3 rot=1 }
171mkpeer rotate: vlan ordered downstream
172name rotate:ordered services
173connect services: ${VOIP_IF} voip lower
174msg services: addfilter { vlan=123 hook="voip" }
175EOF
176.Ed
177.Pp
178Now inject the following sample frame on the
179.Dv BNG_IF
180interface:
181.Bd -literal
18200:00:00:00:01:01 > 00:01:02:03:04:05,
183 ethertype 802.1Q-9100 (0x9100), length 110: vlan 2, p 1,
184 ethertype 802.1Q-QinQ, vlan 101, p 0,
185 ethertype 802.1Q, vlan 123, p 7,
186 ethertype IPv4, (tos 0x0, ttl 64, id 15994, offset 0, flags [none],
187  proto ICMP (1), length 84) 192.168.140.101 > 192.168.140.1:
188  ICMP echo request, id 40234, seq 0, length 64
189.Ed
190.Pp
191The frame ejected on the
192.Va ordered
193hook will look like this:
194.Bd -literal
19500:00:00:00:01:01 > 00:01:02:03:04:05,
196 ethertype 802.1Q (0x8100), length 110: vlan 123, p 7,
197 ethertype 802.1Q-9100, vlan 2, p 1,
198 ethertype 802.1Q-QinQ, vlan 101, p 0,
199 ethertype IPv4, (tos 0x0, ttl 64, id 15994, offset 0, flags [none],
200  proto ICMP (1), length 84) 192.168.140.101 > 192.168.140.1:
201  ICMP echo request, id 40234, seq 0, length 64
202.Ed
203.Pp
204Hence, the frame pushed out to the
205.Dv VOIP_IF
206will have this form:
207.Bd -literal
20800:00:00:00:01:01 > 00:01:02:03:04:05,
209 ethertype 802.1Q-9100, vlan 2, p 1,
210 ethertype 802.1Q-QinQ, vlan 101, p 0,
211 ethertype IPv4, (tos 0x0, ttl 64, id 15994, offset 0, flags [none],
212  proto ICMP (1), length 84) 192.168.140.101 > 192.168.140.1:
213  ICMP echo request, id 40234, seq 0, length 64
214.Ed
215.Pp
216The second example distinguishes between double tagged and single
217tagged frames.
218.Bd -literal
219#!/bin/sh
220
221IN_IF=bge1
222
223ngctl -f- <<EOF
224mkpeer ${IN_IF}: vlan_rotate lower original
225name ${IN_IF}:lower separate
226msg separate: setconf { min=1 max=1 rot=0 }
227mkpeer separate: eiface incomplete ether
228name separate:incomplete untagged
229mkpeer separate: eiface ordered ether
230name separate:ordered tagged
231EOF
232.Ed
233.Pp
234Setting the
235.Va rot
236parameter to zero (or omitting it) does not change
237the order of the tags within the frame.
238Frames with more VLAN tags are dropped.
239.Sh SHUTDOWN
240This node shuts down upon receipt of a
241.Dv NGM_SHUTDOWN
242control message, or when all hooks have been disconnected.
243.Sh SEE ALSO
244.Xr netgraph 4 ,
245.Xr ng_eiface 4 ,
246.Xr ng_ether 4 ,
247.Xr ng_vlan 4 ,
248.Xr ngctl 8
249.Sh AUTHORS
250.An Lutz Donnerhacke Aq Mt lutz@donnerhacke.de
251