Skip to content

Meeting Notes, 2022 04 07

Jump to bottom
Jon Polom edited this page Apr 7, 2022 · 1 revision

DENT Roadmap and Feature Working Group

2021 April 7

Attendees

  • Jon Polom (Department of Defense; research engineer)
  • Robert Marko (Sartura; kernel devel)
  • Luka Perkov (Sartura; principal)
  • Jakov Petrina (Sartura; build system)
  • Pavo Banicevic (Sartura)
  • Kishore Atreya (Marvell PLM)
  • Taras Chornyi (PL Vision; switchdev developer)
  • Steve Noble (amazon; DENT TSC lead)
  • Sandeep Nagaraja (amazon; lead engineer)
  • Vincent Tong (amazon)
  • Mickey Rachamim (Marvell)
  • Carl Roth (Amazon)

Agenda

  • End-user support models needs TSC decision
    • Marvell will coordinate with Accton to identify who+where for end user device support: probably solved
    • Need to know where ODMs want engagements to start
  • 802.1x
    • Sartura starting development on a dot1x authenticator daemon
    • Possibly early preview in January of 2022?
    • Identified potential issue with Prestera driver
    • Need to develop "high level design" documentation for discussion
    • Need FDB locking support
  • C-Release feature list
    • Interface configuration management
      • priority should be to provide verified options with documentation:
        • networkd
        • ifupdown2
    • Security
      • 802.1x
        • authenticator for wired connectivity
        • MAC Address Bypass (MAB)
        • EAP TLS
        • RADIUS assigned VLANs
      • RADIUS
        • "RadSec" TLS tunnel for RADIUS
      • STP security
        • BPDU guard
        • kernel does not support per-VLAN STP, RSTP only
        • mstpd mimics mSTP due to kernel shortcoming
        • need to propose extending the kernel to address this shortcoming
        • need configuration documentation for networkd, ifupdown2
      • DHCP snooping, relay or forwarding
        • Need tc rule developed to trap/block DHCP responses and offers
        • Need to set these rules on certain ports (unauthorized ports) and not set on others (authorized ports)
        • DHCP relay
        • Forward DHCP request to RADIUS
        • Potential upstream projects to add features to:
          • systemd
          • ISC DHCPD
      • IGMP snooping
        • Needs full verified support in Prestera driver
        • Needs multicast querier support as well
        • Loose commitment from Marvell to have it by C release
        • Need a use case contributed (DoD will supply)
      • IPv6
        • Router Advert (RA) guard
        • MLD snooping?
      • sflow
        • port statistics reporting
      • Wireguard
    • Offer replica-based "alternate" release flavor
      • Begin moving dentOS to replica for build system
      • Additional community feature release built with replica with in kernel BSP (no ONL) for supported hardware
      • Base platform
        • Debian or Gentoo
        • Perhaps offer both?
  • How to coordinate development of feature specifications for C release
  • TC persistence
    • Amazon developed persistence tool
    • iptables does not work with switchdev -- use TC for ACLs
    • tc flower rules for ACLs and mimic iptables rules
    • support for raw TC rules not a main interface
    • Kind of like iptables-save iptables-load; not a persistent daemon
    • tc rules get accelerated by the switch ASIC
    • somewhat vendor specific idioms for adding tc rules
    • there is a finite rule limit the ASIC supports but tc rule usage is not 1:1

Actions

  • Need to develop specification for 802.1x driver portion
  • Develop vendor agnostic driver feature requirements list
  • Amazon will provide source for TC persistence tool for review by working group members
Clone this wiki locally