88E6095芯片VLAN技術(shù)分析

1、88E6095芯片VLAN技術(shù)分析MARVEL出產(chǎn)的88E6095芯片是一款較高端的交換芯片,它帶有8個(gè)FE口和3個(gè)GE口，其VLAN功能分析如下(本文檔只討論基于802.1Q的VLAN)：交換模式6095芯片對(duì)每個(gè)端口支持不同的交換模式，可以通過(guò)配置寄存器PortControl2(Reg0 x08)的Bit11：10來(lái)實(shí)現(xiàn)，提供的Dsdt接口為：GT_STATUSgvlnSetPortVlanDot1qMode(INGT_QD_DEV*dev,INGT_LPORTport,INGT_DOT1Q_MODEmode);包括4種模式：Secure模式：所帶VLANtag必須存在于VTU表中，且入端

2、口必須是該VLAN成員，否則丟棄報(bào)文Check模式：所帶VLANtag必須存在于VTU表中，否則丟棄報(bào)文Fallback模式：入端口報(bào)文不丟棄802.1QDisabled：802.1Q關(guān)閉，使用端口VLAN模式，所有報(bào)文透?jìng)髑?種模式都遵循802.1Q規(guī)則，報(bào)文進(jìn)入后按照VLAN表項(xiàng)進(jìn)行轉(zhuǎn)發(fā)，不同就在于進(jìn)入的時(shí)候條件限制，有的未作限制(Fallback模式)，有的(Secure模式)要求嚴(yán)格。我們?cè)趯?shí)現(xiàn)基于802.1Q的VLAN時(shí)采用第1種，Secure模式。報(bào)文進(jìn)來(lái)時(shí)先識(shí)別所帶的VLANtag。若所帶VLANtag未存在于VLAN表項(xiàng)中，或者進(jìn)來(lái)的端口不屬于該VLANtag的VLAN成員，報(bào)

3、文被丟棄，順利進(jìn)入的報(bào)文則指定VLANtag的VID進(jìn)行轉(zhuǎn)發(fā)；若報(bào)文中不帶VLANtag,則判斷該端口的缺省VLAN(PVID),當(dāng)端口未加入缺省VLAN,報(bào)文被丟棄，當(dāng)端口已經(jīng)加入缺省VLAN時(shí)，則指定PVID進(jìn)行轉(zhuǎn)發(fā)。我們?cè)趯?shí)現(xiàn)基于端口的VLAN時(shí)釆用第4種，8021QDisabled。此時(shí)端口不識(shí)別報(bào)文所帶的VLANtag，被認(rèn)為是不帶VLANtag的報(bào)文并被加上它的PVID，結(jié)合VLANTable(PortBaseVLANTable)的取值，查找MAC表進(jìn)行轉(zhuǎn)發(fā)。11/D0O2.lQModeR7/RIEEESD2JQModefarthispert.Thesebitsdeterminei

4、B02-1basedVLANssrsusedalongwithpartbasedVLANsf-orthisIngrossportItah-odetermineslheactiontobetakenifan802.1QVLANViolatianisdetGctadl.Thsssbitsweirkssfallows:00=8D2.1QDisabled.UsePartBasedVLANsonly.TheVLANlablebitssrdth巳DefaultVIDassignedtotheframeduringirgressdeterminewhichEgresspartsthisIngre號(hào)號(hào)perr

5、isaliawee1toswitchframestoforallframea4.01二Fallback.Enable802.1QfarthisIngressport.DonotdiscardIngresshfeEbe專(zhuān)hipviolationsandusetheVLANTablebitsbelowrftheiramssVIDisnotcaninedinthsVTU(bat卜errorsarelogged-Tsble84)Check.Enable802.1QforthisIngressportDonutdiscardIngressrifembershipviolationbuitdiscardt

6、heframeifitsVIDisrotGontainedintheVTU(botherrorsareloggedTableE4)_=Secure.ErableB02.1QforthsIngresspert.DiscardIngressMembershipviolationsanddiscardfranesrthoseVIDisnottaine自intheVTU(botherrorsarelogged一Table84).端口隔離端口隔離是比VLAN表更底層的隔離，它在802.1Q使能的情況也生效，也就是說(shuō)配置了隔離的端口即使在同一VLAN中也不相通。通過(guò)端口隔離特性，用戶(hù)可以對(duì)需要進(jìn)行控制的端

7、口配置端口隔離功能，實(shí)現(xiàn)所有需要隔離端口之間業(yè)務(wù)數(shù)據(jù)的隔離，既增強(qiáng)了網(wǎng)絡(luò)的安全性，也為用戶(hù)提供了靈活的組網(wǎng)方案此功能可以通過(guò)配置VLANTable來(lái)實(shí)現(xiàn)，寄存器PortBasedVianMap(Reg0 x08)的BIT10：0。提供的Dsdt接口為GT_STATUSgvlnSetPortVlanPorts(INGT_QD_DEV*dev,INGT_LPORTport,INGT_LPORTmemPorts,INGT_U8memPortsLen);這是個(gè)單向表，例如，將Port0的Bit1寫(xiě)1表示數(shù)據(jù)可從Port0流向Port1，因此要實(shí)現(xiàn)Port0和Port1的隔離需要把Port0的Bit1寫(xiě)

8、0,同時(shí)把Port1的Bit0寫(xiě)0。10;0VLANTablDRWStoallonesSKEDptfcirthiaportsbitPotbasedVLANTablesThebitsinthistabbarousstorestrictwhichutpulportsthisinpilpartcansendframesto.TheVLANTablebitsareusedforallframesevenif802.1Qiser日bledonthisportorifProtectedPortis已仃abledonthiaport.Theaebitsreatrictdierebpertcansendfra

9、meslo(unilessaVLANTunnelframeIsbeingreceived一Table66).TosendframestoPnrtD?bitOoftiisregistermustteaoneTosendTamestoPort1,bit1ofthisregistermustbeaone,etc.Afterreset,allportsareaccessiblesincealltheotherportnumberbitsaresettoane_ThisPortsbrtiszeroatsrnsset.ThispreventsfranesIsavingthspDrtonwhichtheya

10、rrived.ThisPortsbitcantobesettoaoneinthedevices,whichallotsxranstob&switchedbsckrorheportonwhichtheyarrived.Inviewofthisfact,cares卜口uldbetakeninwritingcodetomanipulatethesebitsThisregstarisresetta0 x7FEforPortD(SIMDeviceAddress0 x10)Banditresetsio0 x7FDfcrParti(AddrDx.11).to0 x7FBfarPort2(Addr3x12).

11、etc.Howey臥iftheSW_24Pconfiguration日仃(口仃P(guān)9_TXO3jissettoone(24PeriMode)Port8and9corie叩configuredAheretheycannotcammuncatewitheachotherthisrsgistGr二0 x4FF乞ibothPorts6&9).端口類(lèi)型6095芯片從邏輯功能上可以實(shí)現(xiàn)如下三種的以下三種端口類(lèi)型：Access類(lèi)型，端口只能屬于1個(gè)VLAN,只能接收和發(fā)送1個(gè)VLAN的報(bào)文(發(fā)送報(bào)文不帶Tag)，一般用于與終端用戶(hù)之間的連接；Trunk類(lèi)型，端口可以屬于多個(gè)VLAN,可以接收和發(fā)送多個(gè)VLAN

12、的報(bào)文(發(fā)送報(bào)文都帶Tag)，一般用于與交換機(jī)之間的連接；Hybrid類(lèi)型，端口可以屬于多個(gè)VLAN，可以接收和發(fā)送多個(gè)VLAN的報(bào)文（Untagged的VLAN發(fā)送報(bào)文都不帶Tag,tagged的VLAN發(fā)送的報(bào)文都帶vlantag）,一般用于特殊場(chǎng)景的連接。在802.1Q模式下，端口對(duì)標(biāo)簽的處理需要在VTU表項(xiàng)中配置標(biāo)簽處理模式，配置VTUDataRegister（Reg0 x0709）。也就是說(shuō)對(duì)每條VLAN,個(gè)端口的標(biāo)簽處理方式可以不同，這樣的處理才能實(shí)現(xiàn)如上描述的Hybrid類(lèi)型。不同連接類(lèi)型的端口加入VLAN的Tagged或Untag成員，Access端口只能加入U(xiǎn)ntag成員；T

13、runk端口以Untag成員加入等于自身PVID的VLAN，其余以Tagged方式加入；Hybrid端口按需求加入U(xiǎn)ntag成員或者Tagged成員。Untag成員配置成“01”Taged成員配置成“10”，其他非成員端口默認(rèn)為“11”。1:0MemberIbflPOFWRMemhershiparidEgressTaggingforPort0Thesebitsareusedtosupp-at802.1QmembershipEindEgressTaggliigasfollows.00=PertisamemberofthisVLA忖日ndfrBrnewaretoegressnmodlifiedl-

14、01=PortisamemberofthisVLAMsardframesarstosgrsssUnlaggsd.ID=PertisamemberofthisVLAMandframe呂aretosgrAssTagg&d.11sPortisrwtamemberofthisVLAN.AnyframeswiththisVID1arediscardedatIngressandarenotallowedtoegressthisport.由Access端口修改為T(mén)runk端口（或Hybrid端口），只需修改端口類(lèi)型為T(mén)runk類(lèi)型（或Hybrid類(lèi)型）。由Trunk端口（或Hybrid端口）修改為Acces

15、s端口，將端口類(lèi)型修改為Access類(lèi)型，同時(shí)端口回到VLAN1。Trunk端口不能修改為Hybrid端口，反之也是。4端口PVID當(dāng)以太網(wǎng)端口接收到不帶VLANTag的報(bào)文時(shí)，端口將在缺省VLAN的范圍內(nèi)傳輸該報(bào)文。Access端口只能屬于1個(gè)VLAN,所以它的缺省VLAN就是它所在的VLAN；Trunk端口和Hybrid端口可以屬于多個(gè)VLAN,所以需要手工設(shè)置端口的缺省VLANID。端口PVID可以通過(guò)修改寄存器DefaultPortVLANID&Priority（Reg0 x07）的Bit11：0來(lái)實(shí)現(xiàn)。提供的Dsdt接口為GT_STATUSgvlnSetPortVid（INGT_QD

16、_DEV*dev,INGT_LPORTport,INGT_U16vid）;11:0DefaultVIDRASto(MCIDefaultVLANIdentrfler.When802.1QisenabledonthisporttheDsfaultVIDHeldIsusedlastheIEEETaggedlVIDaddedLolhlaggedorpriufitylaggedframesdLnringegressLhatingressedfromthisport,litisalsousedasaLaggedframesVIDiftheframesVIDwas0 x000itisaprioritytag

17、gedfram&；oriftheportsForceDefaultVIDbit(sabov時(shí)issettoaone.When802.10isdiEablsdl-onthispert,theDefaultVIDfieldis品“尹丸tosllframeserrtBringtheport(ifthey酎色taggedctuntagg&d).ThisassignmAntisl兮2dintssrnaltotheswitch,soonlythatCrossChipPortBasedVLANscanbesupp-wted.5VLAN表項(xiàng)用戶(hù)可以將端口加入到指定的VLAN中。執(zhí)行該配置以后，以太網(wǎng)端口就可以

18、轉(zhuǎn)發(fā)指定VLAN的報(bào)文，從而實(shí)現(xiàn)本交換機(jī)上的VLAN與對(duì)端交換機(jī)上相同VLAN的互通。Access端口只能加入到1個(gè)VLAN中,Trunk端口和Hybrid端口可以加入到多個(gè)VLAN中，端口加入VLAN時(shí)的處理，參見(jiàn)3端口類(lèi)型。Dsdt提供的接口為GT_STATUSgvtuAddEntry(INGT_QD_DEV*dev,INGT_VTU_ENTRY*vtuEntry);和GT_STATUSgvtuDelEntry(INGT_QD_DEV*dev,INGT_VTU_ENTRY*vtuEntry);我們可以根據(jù)需求填寫(xiě)正確的vtuEntry的信息來(lái)下發(fā)VLAN表項(xiàng)。每一條VTU表項(xiàng)的配置，包含以

19、下內(nèi)容：Table84;VTUOpersticnRegisterOffset:0k05orDecimal5BitsFieldTypeDesCFiptioil15VTLBusySCVLANTableUnitBusy.ThisbitmustbesettoaonetostartaVTUperation(seeXTUOpbelcvn).OnlycineVTUoperationcanbeexecutingatsnetimssothisbitmustbezerobeorsssttingitto日one.WhentharsqLastedVTUoperationcomiJetes,thisbitwillaut

20、cmaticallybocharodtoazero.Thstransitionorthisbitfromaonetoazeroinu&edtogenerateaninterrupt(TableS3j-14：12VTL.OpRWRTableunitTableOpcodsThedevicessupportthefollowirgVTUoperations(alloftheseoperallonscanbeexecutedwhileframesaretransitingthroughtlieswitch).000=NdCperatioi001=FlushAllEntries010=NoOperati

21、on”011LeadorPurgeanErtrylGetNextJ=RsserYsd=Resarvod=GetClearViolaiior.Data11-8RWRvTuMACAddressDatabaseNumberbits7:4OnalVTUOpsexceptforGetViolationData,ihlsfieldisDBNlhti7:4andIIisisedltoseparaleMACaddressdatabasesbyaframesVID,Ifmultipleaddressdalsbasesarenetbeingused,thesebitsmustremainzero.Ifmultip

22、leadkisidatabasesarebeingL&edl.theseblsareusedtosslthe-desireddaiebassnumberthatisassociatedwithVlDvalueonLoadloperations(nrused!toreadlthecurrentlysssignsdDBNumonGetNextoperatinns).ThslowerfourbitserftheVTUDBMumareinbits3:Dorthisregister.-TReserved!RESReG&rve-dlforfutureuse6MemberViolationROSourceM

23、emberViolation-OnGeUCIearViolationDataVTUOps,thisbitIsreturnedsettoaonelheViolationDelrvgservlcediIsduetoan602.1QMemberVidation.AMemberViolalionoccurswhenan802.1QenabledIngresspertaccessestheVTUwithaVlDthatiscontainedintheVTUbutwtwseMembershipliatdoesnrotincluKilethisIngressport.OnlythefirstMamberVi

24、olationorMissViolation(belov/l“dllbesaveduntilcleared.5MissViolationROVTUP/lssViclatidr.OrGs卄亡I曲NidationDataVFJOpsthistitisretumedseiIoaoneiftheNidationbeingslicedwasduetoan3021aPlissVifllatior.AP/l.ssViclatioroccurBwhenan0021QenabledIngressporlaccessesrheVTLwithaVIDthatisnotcontainedInlheVTL.Onlyth

25、efrstMissViolationorMemberViolation(abevE/Issaveduntilclearsd.4Reserved!RESReservedforfiitLreuseaoDBNum3:0/FPAiRVTUMACAddr&sDatab&aNumberbiteS:DarSourcePertIDOnSPIDLoadandGetNextVTUOps,thisIsDBNum3:0and11IsusedloseparateMACaddressdaIbbasesby己framesVJD.Ifmultipleedtfr已55databasesersnotbeingused：these

26、bitsmustremainzero,tfmultipleadklrssd!atab：&sareb&ingussd!,thesebitsusedtotherequired!adl-dr&ssdlatabasanumberthati兮associatedwithaVJDvaluecnLoadloperations(orusedtoreadthecurrenUyassignediDBNumonGetNestoperations)lTheupperfourbitsoftheVTU!sDBNumarainbits11:7ofthisregisterOntheGetVialaticnDaisVTUOp,

27、thiafisldlreturnstheSourcePortIIDtfthepartthatcausedtheviolation.IfSPIDDxFthesourcecrthejiolatimsw日兮the亡PUrMisterinterface(i.e.,theVTUwasfullduririgaCPULoadoperali-on)Table85:V7UVIDRcgifitorOffset:3x06orDecimal6BiUFialdTypoDgscription5:13ReservedHESReservedfarfutureuse12ValidRWREntrysValidbit.Atthee

28、ndofGetNext-operatiorEi.ifthisbitissetto日cnsitindicatestheVIDvalueb&lawisvalid.Ifthisbitisclearedtoa2raandtheVIDisallqr&e,itindicatethervdoftheVIDlistwsas；reachedwithnonewvalidentriesfound.OnLoadorPurgeoperations,thisbtIrKilcatesthecesirsdopsratlonicfsjLoad(whensetto且one)oraPurge(whenclearedtoazero)

29、.1:0VIDRWRVLANIdentifier.ThisVIDisu&edinallthVTUOpcommands(exceptGet/ClearViolalionData)anditis1heVIDthat忑associatedwithttveVTUdatabelow(Table&6)crtheVIDthatcauseditheVTUViolation.Reg0 x0709為成員列表，只列Reg0 x09圖table8B:VTUDataRsgistorPortBto10Offset:0 x09orDecimal9BitsFieldTypeDedcriptianii15VIDPRIO/err

30、ideBBEBD95arnd63E60&5Fdevicesonly)RA/RVIDPriorityOverride-Whenthisbitisg&ttoaonethsVIDPRIbits(b&low)areused!tooverridetheprrcrilyonanyframeasscciat&dwiththisVIDaslongtheportsVTUPriQveniuebitisset(Table69)14:12VIDPRIRW代VIDPrioritybite.Thes巴bitsareusedtooverridethepriorityonianyframesaggDciatodIiththi

31、sVIDvaluo.ftheVlDPRlO/0mdsbit(above)issttoaone.11:10HortStatePWRWHHerVLANPortStalesforPort10.Thesebitsareusedtosupporl8C2.is(psrVLANSpanningTree)andshouldbeclearedtozaroi1602.15isnotused.SeePortStatePBbeto.氐aMemberTajP!0RWRMemb&rshiparrlCgreEETaggingforPort10.Thesebitsareu占edto&uppartS02.1Qmemb&rshi

32、pandEgr-egsTagging.S&eMemberTagP8belouL716Pon3tateP9RW總PerVLANPortScalesforPort9.Thesebllsareusedtosupport8C2.1s(perVLANSpanningTe巳)aridlsteuldbe：匚leaiedtozeroif0C2.1sisnrotLsedl.SeePortStatePSbelov.5:4MmberTagiPBRWRMembershipandEgressTaggingforPertBThE5bitsnn&u呂旦dtosupport802.1QmembarshiipandEgress

33、Tagging.SeeMemberTagPSbelow3:2PortState戶(hù)3RWRPerVLANPortStatesforPortS.Thesebiteareusedtosupport6C2.1s(perVLANSpanningTree)antdlshouldbeclearedtozsrdif8C2.1sisnotused.ThePerVLANPartStatesare:DC=&02-1eDisabledl.Uenorv-VLAMPortStatGE；forthispertforframeEwiththisVID.01=BlDckout/List&nirjgPortStat&forthisporlforframeswiththisVID.=LearningP