Layer-2 Bridge in Orin

DRIVE OS supports low bandwidth layer-2 network bridge between 2 or more Tegra ethernet MACs using ethernet MAC HW virtualization, ethernet MAC HW Flexible Receive Parser (FRP) features and brctl (from bridge-utils package in Linux).

The Layer-2 bridge is in "deny all" mode for all unicast & multicast packets. To allow packets through this bridge, FRP rules need to be programmed in the ethernet MAC.

A Layer-2 bridge is already deployed (without FRP rules) in NDAS usecase (starting 6.0.7.0) between MGBE2 & EQOS ethernet MAC. The block diagram is shown below.

Creating the Bridge

To create the bridge:
  1. Virtualize the MAC interfaces using the steps mentioned in "Ethernet VF configuration" section under Networking
  2. Enable creating of Layer 2 nw bridge by updating the device tree with device node ' ndas_nw_bridge ' and ' status = "okay".
  3. Create the Layer 2 bridge interface and add the interfaces using brctl (from bridge-utils package utility).
  4. Assign zero IP address to the interfaces participating in bridge function.
  5. Set up FRP rules to allow packets through the Layer-2 bridge. Refer below section for setting up FRP rules.

FRP Rules Setup Examples

This Layer-2 bridging solution requires combination of Layer-2 Destination Addr filtering rules and FRP rules in HW MACs participating in the bridging.

Prerequisites
    • A sample tool named nvether_sample_appneeds to be generated based on Networking header files packaged in include path of AV+L DRIVE OS SDK package, The tool is required to configure the FRP Rules and L2 filter rules.
    • Following parameters need to be configured statically.
      • MAC address of devices connected across the layer-2 bridge.
      • Multicast addresses based on use case.

Refer to the Exported Networking element APIs in API reference section for the list of IOCTLs used by sample tool.

Example setup details:

Interface Name MAC IP
Host1 (host1_eth0) b2:fc:eb:b3:f6:90 192.168.90.10
Host2 (host2_eth0) 8a:05:14:b6:23:01 192.168.100.10
MGBE2_0 7e:98:e2:75:ee:56 192.168.90.20
MGBE2_1 7e:98:e2:75:ee:57 192.168.90.40
EQOS_0 ca:46:a3:f7:fc:16 192.168.100.20
EQOS_1 ca:46:a3:f7:fc:17 192.168.100.40
Note: All MAC addresses in the table above are randomly generated.

Setup routing rules on Linux hosts

Example Use Cases

Add MAC L2 filter rule to allow packets to reach FRP engine of the ethernet MAC interface.

Use case 1: Allow ping through the bridge using unicast MAC DA based filter.

Once the rules are set. Ping Host2 from Host1 and vice versa. Ping should pass.

Use case 2: Allow Multicast packets through the bridge using Multicast DA based filter.

Once the rules are set, start the application to send packets with MC MAC DA addr as 01:00:5E:00:00:C8 on Host1 and on Host2 observe the MC packets reaching it using capture tool and vice versa.

For more details on FRP rules, refer to FRP Validation under Networking.

Limitations

  • All interfaces used across the layer-2 bridge must have same MTU size configured. Packets transmitted by devices must be limited to the configured MTU size.
  • This solution is designed to support only low bandwidth use cases like Diagnostics System, etc. needed only in non mission mode.
  • The design assumption that both virtual interfaces added to the Layer-2 bridge are owned by a single VM.