On Tue, 13 Apr 2021 01:13:53 +0200 Tobias Waldekranz <tob...@waldekranz.com> wrote:
> > ...you could get the isolation in place. But you will still lookup the > > DA in the ATU, and there you will find a destination of either cpu0 or > > cpu1. So for one of the ports, the destination will be outside of its > > port based VLAN. Once the vectors are ANDed together, it is left with no > > valid port to egress through, and the packet is dropped. > > > >> Am I wrong? I confess that I did not understand this into the most fine > >> details, so it is entirely possible that I am missing something > >> important and am completely wrong. Maybe this cannot be done. > > > > I really doubt that it can be done. Not in any robust way at > > least. Happy to be proven wrong though! :) > > I think I figured out why it "works" for you. Since the CPU address is > never added to the ATU, traffic for it is treated as unknown. Thanks to > that, it flooded and the isolation brings it together. As soon as > mv88e6xxx starts making use of Vladimirs offloading of host addresses > though, I suspect this will fall apart. Hmm :( This is bad news. I would really like to make it balance via input ports. The LAG balancing for this usecase is simply unacceptable, since the switch puts so little information into the hash function. I will look into this, maybe ask some follow-up questions. Marek
