88E6095芯片VLAN技術分析

1、88E6095芯片VLAN技術分析MARVEL出產(chǎn)的88E6095芯片是一款較高端的交換芯片,它帶有8個FE口和3個GE口，其VLAN功能分析如下(本文檔只討論基于802.1Q的VLAN)：交換模式6095芯片對每個端口支持不同的交換模式，可以通過配置寄存器PortControl2(Reg0 x08)的Bit11：10來實現(xiàn)，提供的Dsdt接口為：GT_STATUSgvlnSetPortVlanDot1qMode(INGT_QD_DEV*dev,INGT_LPORTport,INGT_DOT1Q_MODEmode);包括4種模式：Secure模式：所帶VLANtag必須存在于VTU表中，且入端

2、口必須是該VLAN成員，否則丟棄報文Check模式：所帶VLANtag必須存在于VTU表中，否則丟棄報文Fallback模式：入端口報文不丟棄802.1QDisabled：802.1Q關閉，使用端口VLAN模式，所有報文透傳前3種模式都遵循802.1Q規(guī)則，報文進入后按照VLAN表項進行轉(zhuǎn)發(fā)，不同就在于進入的時候條件限制，有的未作限制(Fallback模式)，有的(Secure模式)要求嚴格。我們在實現(xiàn)基于802.1Q的VLAN時采用第1種，Secure模式。報文進來時先識別所帶的VLANtag。若所帶VLANtag未存在于VLAN表項中，或者進來的端口不屬于該VLANtag的VLAN成員，報

3、文被丟棄，順利進入的報文則指定VLANtag的VID進行轉(zhuǎn)發(fā)；若報文中不帶VLANtag,則判斷該端口的缺省VLAN(PVID),當端口未加入缺省VLAN,報文被丟棄，當端口已經(jīng)加入缺省VLAN時，則指定PVID進行轉(zhuǎn)發(fā)。我們在實現(xiàn)基于端口的VLAN時釆用第4種，8021QDisabled。此時端口不識別報文所帶的VLANtag，被認為是不帶VLANtag的報文并被加上它的PVID，結(jié)合VLANTable(PortBaseVLANTable)的取值，查找MAC表進行轉(zhuǎn)發(fā)。11/D0O2.lQModeR7/RIEEESD2JQModefarthispert.Thesebitsdeterminei

4、B02-1basedVLANssrsusedalongwithpartbasedVLANsf-orthisIngrossportItah-odetermineslheactiontobetakenifan802.1QVLANViolatianisdetGctadl.Thsssbitsweirkssfallows:00=8D2.1QDisabled.UsePartBasedVLANsonly.TheVLANlablebitssrdth巳DefaultVIDassignedtotheframeduringirgressdeterminewhichEgresspartsthisIngre號號perr

5、isaliawee1toswitchframestoforallframea4.01二Fallback.Enable802.1QfarthisIngressport.DonotdiscardIngresshfeEbe專hipviolationsandusetheVLANTablebitsbelowrftheiramssVIDisnotcaninedinthsVTU(bat卜errorsarelogged-Tsble84)Check.Enable802.1QforthisIngressportDonutdiscardIngressrifembershipviolationbuitdiscardt

6、heframeifitsVIDisrotGontainedintheVTU(botherrorsareloggedTableE4)_=Secure.ErableB02.1QforthsIngresspert.DiscardIngressMembershipviolationsanddiscardfranesrthoseVIDisnottaine自intheVTU(botherrorsarelogged一Table84).端口隔離端口隔離是比VLAN表更底層的隔離，它在802.1Q使能的情況也生效，也就是說配置了隔離的端口即使在同一VLAN中也不相通。通過端口隔離特性，用戶可以對需要進行控制的端

7、口配置端口隔離功能，實現(xiàn)所有需要隔離端口之間業(yè)務數(shù)據(jù)的隔離，既增強了網(wǎng)絡的安全性，也為用戶提供了靈活的組網(wǎng)方案此功能可以通過配置VLANTable來實現(xiàn)，寄存器PortBasedVianMap(Reg0 x08)的BIT10：0。提供的Dsdt接口為GT_STATUSgvlnSetPortVlanPorts(INGT_QD_DEV*dev,INGT_LPORTport,INGT_LPORTmemPorts,INGT_U8memPortsLen);這是個單向表，例如，將Port0的Bit1寫1表示數(shù)據(jù)可從Port0流向Port1，因此要實現(xiàn)Port0和Port1的隔離需要把Port0的Bit1寫

8、0,同時把Port1的Bit0寫0。10;0VLANTablDRWStoallonesSKEDptfcirthiaportsbitPotbasedVLANTablesThebitsinthistabbarousstorestrictwhichutpulportsthisinpilpartcansendframesto.TheVLANTablebitsareusedforallframesevenif802.1Qiser日bledonthisportorifProtectedPortis已仃abledonthiaport.Theaebitsreatrictdierebpertcansendfra

9、meslo(unilessaVLANTunnelframeIsbeingreceived一Table66).TosendframestoPnrtD?bitOoftiisregistermustteaoneTosendTamestoPort1,bit1ofthisregistermustbeaone,etc.Afterreset,allportsareaccessiblesincealltheotherportnumberbitsaresettoane_ThisPortsbrtiszeroatsrnsset.ThispreventsfranesIsavingthspDrtonwhichtheya

10、rrived.ThisPortsbitcantobesettoaoneinthedevices,whichallotsxranstob&switchedbsckrorheportonwhichtheyarrived.Inviewofthisfact,cares卜口uldbetakeninwritingcodetomanipulatethesebitsThisregstarisresetta0 x7FEforPortD(SIMDeviceAddress0 x10)Banditresetsio0 x7FDfcrParti(AddrDx.11).to0 x7FBfarPort2(Addr3x12).

11、etc.Howey臥iftheSW_24Pconfiguration日仃(口仃P9_TXO3jissettoone(24PeriMode)Port8and9corie叩configuredAheretheycannotcammuncatewitheachotherthisrsgistGr二0 x4FF乞ibothPorts6&9).端口類型6095芯片從邏輯功能上可以實現(xiàn)如下三種的以下三種端口類型：Access類型，端口只能屬于1個VLAN,只能接收和發(fā)送1個VLAN的報文(發(fā)送報文不帶Tag)，一般用于與終端用戶之間的連接；Trunk類型，端口可以屬于多個VLAN,可以接收和發(fā)送多個VLAN

12、的報文(發(fā)送報文都帶Tag)，一般用于與交換機之間的連接；Hybrid類型，端口可以屬于多個VLAN，可以接收和發(fā)送多個VLAN的報文（Untagged的VLAN發(fā)送報文都不帶Tag,tagged的VLAN發(fā)送的報文都帶vlantag）,一般用于特殊場景的連接。在802.1Q模式下，端口對標簽的處理需要在VTU表項中配置標簽處理模式，配置VTUDataRegister（Reg0 x0709）。也就是說對每條VLAN,個端口的標簽處理方式可以不同，這樣的處理才能實現(xiàn)如上描述的Hybrid類型。不同連接類型的端口加入VLAN的Tagged或Untag成員，Access端口只能加入Untag成員；T

13、runk端口以Untag成員加入等于自身PVID的VLAN，其余以Tagged方式加入；Hybrid端口按需求加入Untag成員或者Tagged成員。Untag成員配置成“01”Taged成員配置成“10”，其他非成員端口默認為“11”。1:0MemberIbflPOFWRMemhershiparidEgressTaggingforPort0Thesebitsareusedtosupp-at802.1QmembershipEindEgressTaggliigasfollows.00=PertisamemberofthisVLA忖日ndfrBrnewaretoegressnmodlifiedl-

14、01=PortisamemberofthisVLAMsardframesarstosgrsssUnlaggsd.ID=PertisamemberofthisVLAMandframe呂aretosgrAssTagg&d.11sPortisrwtamemberofthisVLAN.AnyframeswiththisVID1arediscardedatIngressandarenotallowedtoegressthisport.由Access端口修改為Trunk端口（或Hybrid端口），只需修改端口類型為Trunk類型（或Hybrid類型）。由Trunk端口（或Hybrid端口）修改為Acces

15、s端口，將端口類型修改為Access類型，同時端口回到VLAN1。Trunk端口不能修改為Hybrid端口，反之也是。4端口PVID當以太網(wǎng)端口接收到不帶VLANTag的報文時，端口將在缺省VLAN的范圍內(nèi)傳輸該報文。Access端口只能屬于1個VLAN,所以它的缺省VLAN就是它所在的VLAN；Trunk端口和Hybrid端口可以屬于多個VLAN,所以需要手工設置端口的缺省VLANID。端口PVID可以通過修改寄存器DefaultPortVLANID&Priority（Reg0 x07）的Bit11：0來實現(xiàn)。提供的Dsdt接口為GT_STATUSgvlnSetPortVid（INGT_QD

16、_DEV*dev,INGT_LPORTport,INGT_U16vid）;11:0DefaultVIDRASto(MCIDefaultVLANIdentrfler.When802.1QisenabledonthisporttheDsfaultVIDHeldIsusedlastheIEEETaggedlVIDaddedLolhlaggedorpriufitylaggedframesdLnringegressLhatingressedfromthisport,litisalsousedasaLaggedframesVIDiftheframesVIDwas0 x000itisaprioritytag

17、gedfram&；oriftheportsForceDefaultVIDbit(sabov時issettoaone.When802.10isdiEablsdl-onthispert,theDefaultVIDfieldis品“尹丸tosllframeserrtBringtheport(ifthey酎色taggedctuntagg&d).ThisassignmAntisl兮2dintssrnaltotheswitch,soonlythatCrossChipPortBasedVLANscanbesupp-wted.5VLAN表項用戶可以將端口加入到指定的VLAN中。執(zhí)行該配置以后，以太網(wǎng)端口就可以

18、轉(zhuǎn)發(fā)指定VLAN的報文，從而實現(xiàn)本交換機上的VLAN與對端交換機上相同VLAN的互通。Access端口只能加入到1個VLAN中,Trunk端口和Hybrid端口可以加入到多個VLAN中，端口加入VLAN時的處理，參見3端口類型。Dsdt提供的接口為GT_STATUSgvtuAddEntry(INGT_QD_DEV*dev,INGT_VTU_ENTRY*vtuEntry);和GT_STATUSgvtuDelEntry(INGT_QD_DEV*dev,INGT_VTU_ENTRY*vtuEntry);我們可以根據(jù)需求填寫正確的vtuEntry的信息來下發(fā)VLAN表項。每一條VTU表項的配置，包含以

19、下內(nèi)容：Table84;VTUOpersticnRegisterOffset:0k05orDecimal5BitsFieldTypeDesCFiptioil15VTLBusySCVLANTableUnitBusy.ThisbitmustbesettoaonetostartaVTUperation(seeXTUOpbelcvn).OnlycineVTUoperationcanbeexecutingatsnetimssothisbitmustbezerobeorsssttingitto日one.WhentharsqLastedVTUoperationcomiJetes,thisbitwillaut

20、cmaticallybocharodtoazero.Thstransitionorthisbitfromaonetoazeroinu&edtogenerateaninterrupt(TableS3j-14：12VTL.OpRWRTableunitTableOpcodsThedevicessupportthefollowirgVTUoperations(alloftheseoperallonscanbeexecutedwhileframesaretransitingthroughtlieswitch).000=NdCperatioi001=FlushAllEntries010=NoOperati

21、on”011LeadorPurgeanErtrylGetNextJ=RsserYsd=Resarvod=GetClearViolaiior.Data11-8RWRvTuMACAddressDatabaseNumberbits7:4OnalVTUOpsexceptforGetViolationData,ihlsfieldisDBNlhti7:4andIIisisedltoseparaleMACaddressdatabasesbyaframesVID,Ifmultipleaddressdalsbasesarenetbeingused,thesebitsmustremainzero.Ifmultip

22、leadkisidatabasesarebeingL&edl.theseblsareusedtosslthe-desireddaiebassnumberthatisassociatedwithVlDvalueonLoadloperations(nrused!toreadlthecurrentlysssignsdDBNumonGetNextoperatinns).ThslowerfourbitserftheVTUDBMumareinbits3:Dorthisregister.-TReserved!RESReG&rve-dlforfutureuse6MemberViolationROSourceM

23、emberViolation-OnGeUCIearViolationDataVTUOps,thisbitIsreturnedsettoaonelheViolationDelrvgservlcediIsduetoan602.1QMemberVidation.AMemberViolalionoccurswhenan802.1QenabledIngresspertaccessestheVTUwithaVlDthatiscontainedintheVTUbutwtwseMembershipliatdoesnrotincluKilethisIngressport.OnlythefirstMamberVi

24、olationorMissViolation(belov/l“dllbesaveduntilcleared.5MissViolationROVTUP/lssViclatidr.OrGs卄亡I曲NidationDataVFJOpsthistitisretumedseiIoaoneiftheNidationbeingslicedwasduetoan3021aPlissVifllatior.AP/l.ssViclatioroccurBwhenan0021QenabledIngressporlaccessesrheVTLwithaVIDthatisnotcontainedInlheVTL.Onlyth

25、efrstMissViolationorMemberViolation(abevE/Issaveduntilclearsd.4Reserved!RESReservedforfiitLreuseaoDBNum3:0/FPAiRVTUMACAddr&sDatab&aNumberbiteS:DarSourcePertIDOnSPIDLoadandGetNextVTUOps,thisIsDBNum3:0and11IsusedloseparateMACaddressdaIbbasesby己framesVJD.Ifmultipleedtfr已55databasesersnotbeingused：these

26、bitsmustremainzero,tfmultipleadklrssd!atab：&sareb&ingussd!,thesebitsusedtotherequired!adl-dr&ssdlatabasanumberthati兮associatedwithaVJDvaluecnLoadloperations(orusedtoreadthecurrenUyassignediDBNumonGetNestoperations)lTheupperfourbitsoftheVTU!sDBNumarainbits11:7ofthisregisterOntheGetVialaticnDaisVTUOp,

27、thiafisldlreturnstheSourcePortIIDtfthepartthatcausedtheviolation.IfSPIDDxFthesourcecrthejiolatimsw日兮the亡PUrMisterinterface(i.e.,theVTUwasfullduririgaCPULoadoperali-on)Table85:V7UVIDRcgifitorOffset:3x06orDecimal6BiUFialdTypoDgscription5:13ReservedHESReservedfarfutureuse12ValidRWREntrysValidbit.Atthee

28、ndofGetNext-operatiorEi.ifthisbitissetto日cnsitindicatestheVIDvalueb&lawisvalid.Ifthisbitisclearedtoa2raandtheVIDisallqr&e,itindicatethervdoftheVIDlistwsas；reachedwithnonewvalidentriesfound.OnLoadorPurgeoperations,thisbtIrKilcatesthecesirsdopsratlonicfsjLoad(whensetto且one)oraPurge(whenclearedtoazero)

29、.1:0VIDRWRVLANIdentifier.ThisVIDisu&edinallthVTUOpcommands(exceptGet/ClearViolalionData)anditis1heVIDthat忑associatedwithttveVTUdatabelow(Table&6)crtheVIDthatcauseditheVTUViolation.Reg0 x0709為成員列表，只列Reg0 x09圖table8B:VTUDataRsgistorPortBto10Offset:0 x09orDecimal9BitsFieldTypeDedcriptianii15VIDPRIO/err

30、ideBBEBD95arnd63E60&5Fdevicesonly)RA/RVIDPriorityOverride-Whenthisbitisg&ttoaonethsVIDPRIbits(b&low)areused!tooverridetheprrcrilyonanyframeasscciat&dwiththisVIDaslongtheportsVTUPriQveniuebitisset(Table69)14:12VIDPRIRW代VIDPrioritybite.Thes巴bitsareusedtooverridethepriorityonianyframesaggDciatodIiththi

31、sVIDvaluo.ftheVlDPRlO/0mdsbit(above)issttoaone.11:10HortStatePWRWHHerVLANPortStalesforPort10.Thesebitsareusedtosupporl8C2.is(psrVLANSpanningTree)andshouldbeclearedtozaroi1602.15isnotused.SeePortStatePBbeto.氐aMemberTajP!0RWRMemb&rshiparrlCgreEETaggingforPort10.Thesebitsareu占edto&uppartS02.1Qmemb&rshi

32、pandEgr-egsTagging.S&eMemberTagP8belouL716Pon3tateP9RW總PerVLANPortScalesforPort9.Thesebllsareusedtosupport8C2.1s(perVLANSpanningTe巳)aridlsteuldbe：匚leaiedtozeroif0C2.1sisnrotLsedl.SeePortStatePSbelov.5:4MmberTagiPBRWRMembershipandEgressTaggingforPertBThE5bitsnn&u呂旦dtosupport802.1QmembarshiipandEgress

33、Tagging.SeeMemberTagPSbelow3:2PortState戶3RWRPerVLANPortStatesforPortS.Thesebiteareusedtosupport6C2.1s(perVLANSpanningTree)antdlshouldbeclearedtozsrdif8C2.1sisnotused.ThePerVLANPartStatesare:DC=&02-1eDisabledl.Uenorv-VLAMPortStatGE；forthispertforframeEwiththisVID.01=BlDckout/List&nirjgPortStat&forthisporlforframeswiththisVID.=LearningP