Shared VLAN Learning (SVL)

ath · November 25, 2020, 9:20am

Is there any way of configuring shared VLAN learning (SVL) on a bridge that has vlan-filtering set to yes?

mkx · November 25, 2020, 7:03pm

Doesn’t seem it is possible. Explanation of effects of setting vlan-filtering=yes in bridge manual explicitly states that setting this property changes bridge from SVL to IVL.

What would you like to achieve by running bridge in SVL mode?

anav · November 25, 2020, 8:00pm

Bloody Aussies with their difficult questions, what with crocodiles, sharks, stonefish,octopus, poisonous spiders, snake, drunk koala bears and boxing kangeroos, fires etc. there would be none left… Lets be honest, why would anybody stop and stay in Australia with New Zealand so close at hand.

Seriously what is the difference between SVL and IVL… if tag stacking was not enough…

mkx · November 25, 2020, 9:08pm

Here’s an article for you: https://community.extremenetworks.com/faqs-233202/in-802-1q-what-is-the-difference-between-ivl-and-svl-5815317 . And another one: https://flylib.com/books/en/2.115.1.55/1/

Come back later and write a resumé for us dummies.

ath · November 25, 2020, 9:28pm

It would allow the configuation of asymmetric VLANs as described in Annex F of IEEE Std 802.1Q-2014.

mkx · November 25, 2020, 10:02pm

Now you got me intrigued. I can’t find document containing the Annex you mentioned on line, so can you briefly describe how it’s supposed to work?

anav · November 25, 2020, 10:32pm

I was hoping for IVL/SVL for dummies

ath · November 26, 2020, 4:03am

A simple example to demonstrate the concept. (This is an example only. It’s not what I’m trying to achieve, so please, no suggestions of other ways in which it might be done.)

Start with a 5-port router: ether1 is the uplink; ether2–ether5 are connected to bridge1, which has a PVID of 1. I want to share a single subnet across 2 VLANs (for no particular reason). Ports ether2 and ether3 are both on VLAN 2; ports ether4 and ether5 are both on VLAN 3.

/interface bridge port
	set 0 pvid=2
	set 1 pvid=2
	set 2 pvid=3
	set 3 pvid=3

/interface bridge vlan
	add bridge=bridge vlan-id=1 untagged=ether2,ether3,ether4,ether5
	add bridge=bridge vlan-id=2 untagged=bridge
	add bridge=bridge vlan-id=3 untagged=bridge
	
/interface bridge
	set 0 vlan-filtering=yes

Ports 2 and 3 are isolated from ports 4 and 5, but they all share the subnet configured on the bridge (e.g. 192.168.88.0/24).

This works, but at the expense of flooding. For example, the bridge (on VLAN 1) can’t learn the MAC addresses of the hosts connected to ports 2 and 3 (VLAN 2) and to ports 4 and 5 (VLAN 3), because they are on different VLANs, so it floods traffic to all 4 ports. Shared VLAN learning would fix this.

CZFan · November 26, 2020, 6:53am

Hmmm, not sure I follow.

SVL - Single forwarding database for all Vlans
IVL - Forwarding Database for each vlan.

Use IVL when you want same MAC address in each vlan, how does same subnet come into this?

ath · November 26, 2020, 9:46am

VLANs 2 and 3 share the subnet configured on the bridge.

The hosts table shows the MAC addresses for the hosts connected to ports 2 and 3 in VLAN 2 (only) and those connected to ports 4 and 5 in VLAN 3 (only). The MAC address for the bridge is in VLAN 1 (only). If the IP address of the bridge is 192.168.88.1/24 and that of the host connected to port 2 is 192.168.88.2/24, then the bridge can send datagrams to the host, but because the host’s MAC address is not in VLAN 1, they are flooded to ports 2, 3, 4, and 5.

This is a contrived example. Annex F of IEEE Std 802.1Q-2018, which can be downloaded for free, explains the concept much more clearly.

tdw · November 26, 2020, 2:49pm

Do you require multiple VLANs on ports, or are you just trying to isolate groups of ports sharing a subnet within a layer 2 network? If so port isolation or bridge horizon may be a solution.

anav · November 26, 2020, 4:55pm

Finally someone (tdw) talking requirements and not fancy acronyms… whadya want kiss on the forehead or chocolate chip cookie?

tdw · November 27, 2020, 3:42pm

Single malt is good

ath · November 28, 2020, 12:30am

Both: ports 2 and 3 on VLAN 2 are isolated from ports 4 and 5 on VLAN 3, but all ports have access to the bridge.

Port isolation is a switch chip feature, so it doesn’t apply to (for example) VPLS interfaces. I can’t see how bridge horizon would help in this example.

tdw · November 28, 2020, 12:30pm

Yes, bridge horizon wouldn’t work with groups of ports. How about bridge filters
/interface list
add name=list1
add name=list2
/interface list member
add interface=ether2 list=list1
add interface=ether3 list=list1
add interface=ether4 list=list2
add interface=ether5 list=list2
/interface bridge filter
add action=drop chain=forward in-interface-list=list1 out-interface-list=list2
add action=drop chain=forward in-interface-list=list2 out-interface-list=list1