PVST
Opened this issue · 2 comments
Support Spanning Tree or Rapid Spanning Tree global and per vlan.
Note: We're not requiring PVST, MSTP is ok as well.
Support Spanning Tree or Rapid Spanning Tree global and per vlan
Kernel does not track STP per VLAN. mstpd does not get hardware offload. Kernel extension should be considered to complete this feature, otherwise the goal should be scaled back and limitations documented.
One of the questions that needs to be answered is what security features ("BPDU guard" and "STP root guard") are possible to implement using the currently available supported feature set? Security is almost always a paramount requirement for any enterprise STP deployment. Any STP feature cannot be considered complete unless it can be secured.
Kernel does not track STP per VLAN. mstpd does not get hardware offload. Kernel extension should be considered to complete this feature, otherwise the goal should be scaled back and limitations documented.
While the kernel does not implement STP per VLAN, it does support per VLAN STP port state since Kernel 5.8 to allow userspace STP (like MSTPd) to setup correct per VLAN forwarding/blocking/discarding etc. All BPDU processing and will need to be handled in userspace.
Unfortunately, it is currently not wired up to switchdev, so implementing it would require kernel changes that would likely be rejected upstream, for the following reason.
Fortunately there is MSTI support on top of the per VLAN STP state support implemented since kernel 5.18. This allows assigning VLANs to MSTIs, and then setting the STP state per MSTI.
This is wired up for switchdev, so it can be properly offloaded. But it would require updating the kernel to a newer release (e.g. 6.1, in case we want the next LTS one), and require an updated Prestera firmware and driver allowing MSTP.