VLAN Isolation For BCM 56501.1 SRS1.1.1 Function- The user-isolation shall be per subscriber port and VLAN. - Two isolation behaviors shall be supported and configurable per VLAN. One is limited-isolation. The other is full-isolation. Following is the definitions to the two kinds isolation behaviors: ? Limited-isolation: Any packets ingress an isolated subscriber port in a VLAN shall not be forwarded to the other subscriber ports with isolation enabled but the uplink ports and the other subscriber ports with isolation disabled, where the subscriber ports and the uplink ports are the member port of the VLAN associated by the ingress packets. ? Full-isolation: Any packets ingress an isolated subscriber port in a VLAN shall not be forwarded to the other ports but the uplink ports only, where the subscriber ports and the uplink ports are the member ports of the VLAN associated by the ingress packets
1.1.2 OAMP
1.2 OverviewBCM 5650 support flexible filter mechanism to support Vlan Isolation function with BCM5650 chipset FFP IRULE/IMASK tables.
The related fields of IRULE/IMASK tables are listed below: IRULE Table: Field | Description | Value Set | Remark | ACTION | Filter Action. We need to filter egress mask. | 0x80000 | Bit 19, | EGRESS_MASK | Mask the ports that will be isolated. Bit N value 1 means the Nth port is isolated. N is 0-based. |
|
| IPORT_MODE | 0 means IRULE entry use IPORT, 1 means IRULE entry use IPORT_MASK. | 1 | For BCM5650, we use ingress port mask, so we should set this value to 1. | IPORT_BITMAP | Bit N is 1 neams the ingress port should be included in vlan isolation. If a port is not included in vlan isolation, it can communicate to any other ports except the port which is bit valued 1 in EGRESS_MASK. N is 0-based. |
| . | IFILTER | IRULE filter data field. | BCM_FILTER_QUALIFY_VID(unit, tempfilter, vlanId); | We should set VLAN ID in filter field for specified VLAN. |
IMASK Table: Field | Description | Value Set | Remark | IMASK | Set VLAN Filter MASK | Offset 14 in Ethernet packet. |
|
See the following figure for a complete port inter-communiation rule:
figure 1 Complete Port Inter-communication rule According to these rules, we can get our filter rules for limited isolation and full isolation. See the following two figures for easy understanding. 
figure 3 limited filter rule 
figure 4 Full Isolation rule
1.3 Data Structures and FunctionsVlan Isolation Module implementation is based on BCM5650 SDK4.2.6.
There need two types of functions: API and Functional.
Figure 5 Vlan Isolation Main Functions
The main types are: - VLAN Isolation Entry Type
- VLAN Isolation Filter Type
Defined as:
VLAN Isolation Entry is used to store VLAN isolation information about each VLAN, it is defined as following:
All VLAN isolation entry data is stored in a LIST defined as below:
VLAN Isolation Filter Type is used to uncoupling VLAN Isolation common codes with BCM SDK specified codes. Its usage is just same as bcm_filter_t. It is defined as following:
The main defines are:
There also a serials of error code definition as below:
1.3.1 Scenarios1.3.1.1 InitializationWe should initialize VLAN Isolation global variables and environment at VLAN task startup.
1.3.1.2 VLAN Member Ports Configuration ChangeIf some member ports in a VLAN is to be removed from VLAN, we should also remove this ports from VLAN isolation entries if they are isolated ports.
1.3.1.3 VLAN RemoveIf a VLAN is to be destroyed, we should firstly destroy related VLAN Isolation information.
1.3.1.4 UninitializationWe should destroy all VLAN Isolation Records when VLAN task is to be terminated.
1.4 VLAN Isolation OAMP APIReference: doc
|
