Protocol-based VLAN classification to distinguish PTP/SNMP/ARP traffic
The idea is to tag all "management" traffic (e.g. PTP, SNMP, ARP) on ACCESS ports with "management" VLAN, as an alternative to forcing the users (and configuring WRPC) to use a dedicated VLAN for management.
802.1Q-2014 allows optional Port-and-Protocol-based VLAN classification (page 85, section 6.12), in short:
- The classification works only for untagged and prio-tagged frames,
- There exist protocol templates that are identified by Protocol Group Identifier,
- The Protocol Group Identifier is associated with VID, if frame is not classified to any of the groups, it is assigned PVID for this port.
- This is pretty well explained in Figure 6-4 on page 86
- The existing templates allow to identify IP and PTP traffic, I do not think they allow to identify SNMP and I'm not sure that it is allowed to add more templates. On the other hand it is not disallowed ;-)
From the implementation point of view, we could implement (easily?) such mechanism using packet filter. Packet filter is before the VLAN tagger in the Endpoint rx pipeline. It classifies traffic into 7 "classes" which could act as the Protocol Group Identifier. The info about "class" is passed with the frame through the pipe. We would need to extend the VLAN tagger to take the class into consideration when tagging, this should be easy. It would be actually much more flexible mechanism.
To points:
- currently packet filter is not enabled in the switch, only used in WRPC, so we need to see resource utilization (whether it will fit in the FPGA
- packet filter will add latency...