Skip to content

Meeting Notes, 2022 03 24

Jump to bottom
Jon Polom edited this page Apr 7, 2022 · 1 revision

DENT Roadmap and Feature Working Group

2021 March 24

Attendees

  • Jon Polom (Department of Defense; research engineer)
  • Robert Marko (Sartura; kernel devel)
  • Luka Perkov (Sartura; principal)
  • Jakov Petrina (Sartura; build system)
  • Pavo Banicevic (Sartura)
  • Kishore Atreya (Marvell PLM)
  • Taras Chornyi (PL Vision; switchdev developer)
  • Steve Noble (amazon; DENT TSC lead)
  • Sandeep Nagaraja (amazon; lead engineer)
  • Vincent Tong (amazon)
  • Mickey Rachamim (Marvell)
  • Carl Roth(Amazon)

Agenda

  • End-user support models
    • Marvell will coordinate with Accton to identify who+where for end user device support
    • Unsure if Delta will want to join in on these discussions. Not selling to end users.
  • 802.1x
    • Sartura starting development on a dot1x authenticator daemon
    • Possibly early preview in January of 2022?
    • Identified potential issue with Prestera driver
    • Need to develop "high level design" documentation for discussion
    • Need FDB locking support
  • C-Release feature list
    • Interface configuration management
      • priority should be to provide verified options with documentation:
        • networkd
        • ifupdown2
        • ifupdown-ng
      • Stretch goals with lower priority for preview level feature:
        • gNMI
        • yang, netconf, resconf
    • Configuration persistence across reboot and update
      • ostree
      • doesn't provide actual separate partition
      • does provide for configuration file persistence but not migration
      • A/B partition desirable but hard to manage
      • configuration file migration assistance would be nice but also could be left to users
    • Security
      • 802.1x
        • test trap of 0x888E with tc filter rule
        • need examine feasibility and options for building authenticator daemon
      • STP security
        • BPDU guard
        • kernel does not support per-VLAN STP, RSTP only
        • mstpd mimics mSTP due to kernel shortcoming
        • need to propose extending the kernel to address this shortcoming
        • need configuration documentation for networkd, ifupdown2, ifupdown-ng
      • DHCP snooping
        • Need tc rule developed to trap/block DHCP responses and offers
        • Need to set these rules on certain ports (unauthorized ports) and not set on others (authorized ports)
        • Look at add support upstream in systemd for tc rule persistence and potentially also DHCP snooping logic in DHCP server
        • Suggestion to integrate logic into ISC DHCPD
      • IGMP snooping
        • Needs full verified support in Prestera driver
        • Needs multicast querier support as well
        • Loose commitment from Marvell to have it by C release
        • Need a use case contributed (DoD will supply)
      • Wireguard
    • Offer replica-based "alternate" release flavor
      • Begin moving dentOS to replica for build system
      • Additional community feature release built with replica with in kernel BSP (no ONL) for supported hardware
      • Base platform
        • Debian or Gentoo
        • Perhaps offer both?
  • How to become more "Linux native" for platform support?
    • Mellanox does not use ONLP on Spectrum platforms
    • Need to define an abstraction layer since kernel lacks needed ones
  • Feature list submitted to TSC on 15 December
    • Approved on 5 January
  • How to coordinate development of feature specifications for C release
  • TC persistence
    • Amazon developed persistence tool
    • iptables does not work with switchdev -- use TC for ACLs
    • tc flower rules for ACLs and mimic iptables rules
    • support for raw TC rules not a main interface
    • Kind of like iptables-save iptables-load; not a persistent daemon
    • tc rules get accelerated by the switch ASIC
    • somewhat vendor specific idioms for adding tc rules
    • there is a finite rule limit the ASIC supports but tc rule usage is not 1:1
  • General configuration migration tool?
    • simple config file backup tool
    • list of directories and files to backup
      • user configurable with sensible defaults
    • script to collect files into archive that preserves directory structure
    • script to restore files back onto a system
    • could get fancy and try to detect what subsystems are in-use and automatically backup configs from certain places
      • ex: look for networkd process and backup /etc/systemd/network if it's detected
      • maybe a bad idea
    • look at salt stack local configuration module for architectural considerations
  • Future user requested support for OpenConfig
    • Needs better definition
    • By itself this feature is very vague/wide so must be scoped to specific needs
    • Sysrepo exists already as an open source implementation of a yang/netconf configuration
    • Question: what backend would be used? If Cisco there are perhaps alternative transport options with a quicker path to open source support

Actions

  • Need to develop specification for 802.1x driver portion
  • Develop vendor agnostic driver feature requirements list
  • Amazon will provide source for TC persistence tool for review by working group members
Clone this wiki locally