1<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN"> 2<html> 3 <head> 4 <title>802.1Q VLAN implementation for Linux</title> 5 </head> 6 7 <body bgcolor=#ffffff text=#000000> 8 <h1><center>802.1Q VLAN implementation for Linux</center></h1> 9 10<center><i> 11Updated March 24, 2002<br> 12Release: 1.6</br> 13</i></center> 14<P> 15 16MTU problems exist for many ethernet drivers. Other than that, things seem fairly stable! 17<P> 18 19<center> 20<B>PLUG: Check out my company that makes traffic generation and WAN simulation 21 test equipment based on the Linux operating system:<br> 22 <a target=_top href="http://www.candelatech.com"><img src="http://www.candelatech.com/images/candela_swirl_small.png" 23 alt="Candela Technologies" 24 border=0></a> 25<br> 26Let us help you test your DSL, Cable Access, Satellite and other network systems!</b> 27</center> 28<font size = -1> 29<BR> 30TIP jar on <a href="http://scry.wanfear.com/~greear" target="_top"> my home page.</a><P> 31</font> 32 33Join the <a HREF="http://www.WANfear.com/mailman/listinfo/vlan">vlan mailing list</a>, 34 After that, to post, send mail to 35<A HREF="mailto:vlan@scry.wanfear.com">vlan@scry.wanfear.com</a>. 36<P> 37Submit a bug/issue/enhancement with the: <a href="http://grok.yi.org/~greear/bugzilla/enter_bug.cgi?product=VLAN%20for%20Linux">VLAN Bugzilla</a></li> 38<P> 39 40Though I have no real VLAN hardware of my own, I hear that the 2.2/2.4 kernel patches have worked 41with these systems: <P> 42<ul> 43 <li> Cisco: {Catalyst: 6509}, 44 3Com: {Corebuilder, Netbuilder II, SuperStack II switch 630}, 45 Alpine: {3804(SMMi,F32Ti)} 46 Extreme Ntwks {Summit 48, 48i, 5i} 47 Foundry: {ServerIronXL, FastIron}</li> 48 <li> Alteon ACENic Gigabit, 3Com 3c509, realtek RTL8029(AS), RTL8139, DEC DC21140 (tulip), 49 DFE-570TX quad-21143, Intel PRO/1000 with Intel's driver 50 </li> 51</ul> 52<P> 53 54<u><b>Performance:</b></u> 55The difference in running traffic over VLANs v/s regular ethernet is very slight. If 56someone has done some sort of benchmark, I'll be happy to place it here! 57 58<b><center>VLAN related Resources.</center></b> 59<ul> 60<li> <a href="#setup"> VLAN Installation & Configuration info.</a></li> 61<li> <a href="#cvs_setup"> CVS Access.</a></li> 62<li> <a href="vlan/cisco_howto.html"> VLAN HOWTO/FAQ (Some CISCO & 3COM specific info too.)</a></li> 63<li> <a href="http://www.planetconnect.com/vlan/"> Another VLAN Recipe (Some info specific to Intel EEPRO Nics too.)</a></il> 64<li> <a href="http://www.geocities.co.jp/AnimeComic-White/6586/vlan.html"> VLAN Research page in Japonese</a></li> 65<li> <a href="http://www.geocities.co.jp/AnimeComic-White/6586/vlan-e.html"> VLAN page translated to English</a></li> 66<li> <a target=_top href="http://standards.ieee.org/reading/ieee/std/lanman/802.1Q-1998.pdf"> 67 IEEE 802.1Q Standard</a></li> 68<li> <a target=_top href="http://vlan.sourceforge.net">Alternate VLAN implementation.</a></li> 69</ul> 70<P> 71 72<center><b>Features</b></center> 73<ul> 74 <li>Implements 802.1Q VLAN spec.</li> 75 <li>Can support up to 4094 VLANs per ethernet interface.</li> 76 <li>Scales well in critical paths: O(n), where n is the number of PHYSICAL ethernet interfaces, 77 and that is only on ingress. O(1) in every other critical path, as far as I know.</li> 78 <li>Supports MULTICAST</li> 79 <li>Can change MAC address of VLAN.</li> 80 <li>Multiple naming conventions supported, and adjustable at runtime.</li> 81 <li>Optional header-reordering, to make the VLAN interface look <b>JUST LIKE</b> 82 an Ethernet interface. This fixes some problems with DHCPd and anything else 83 that uses a SOCK_PACKET socket. Default setting is off, which works for 84 every other protocol I know about, and is slightly faster. 85 </li> 86</ul> 87<P> 88 89<hr> 90Download vconfig binaries (source is more flexible, but this will work for most people). 91<ul> 92 <li> <a href="vconfig">vconfig binary for x86</a></li> 93 <li> <a href="vconfig.arm">vconfig binary for StrongArm</a></li> 94</ul> 95<P> 96 97<hr> 98<center><b>Change Log</b></center> 99<ul> 100<P> 101<li> <b><a href="vlan/vlan.1.6.tar.gz">Release 1.6 (gz)</a> For Kernel: 2.4.14+ March 24, 2002:</b><br> 102 <P> 103 <ul> 104 <li>Removed 2.4 kernel patch: It's in the standard kernel now.</li> 105 <li>Updated vconfig to fix some compile issues, and enable cross-compilation 106 to the StrongARM platform (changes should help other cross-compile 107 attempts too.)</li> 108 </ul> 109</li> 110<P> 111 112<li> <b><a href="vlan/vlan.1.5.tar.gz">Release 1.5 (gz)</a> For Kernel: 2.4.12-pre5 October 22, 2001:</b><br> 113 <P> 114 <ul> 115 <li>Mostly added other peoples fixes and patches (thanks folks!)</li> 116 <li>Finally fixed mc-list leakage (Ard van Breemen)</li> 117 <li>Flush mc-list at vlan-destory (Ard van Breemen)</li> 118 <li>Add vconfig man page to distribution (Ard van Breemen)</li> 119 <li>Fix problem with /proc and renaming VLAN devices (af AT devcon D.T net)</li> 120 <li>Add relatively large change by Nick Eggelston that makes VLAN 121 devices more transparent to tools like tcpdump and other raw 122 packet snoopers. This will only be enabled when the REORDER_HDR 123 flag is set.</li> 124 </ul> 125</li> 126<P> 127 128<li> <b><a href="vlan/vlan.1.4.tar.gz">Release 1.4 (gz)</a> For Kernel: 2.4.8 August 16, 2001:</b><br> 129 <P> 130 <ul> 131 <li> Code should no longer require /proc interface in order to get at the IOCTLs. 132 The IOCTLs are now tied to sockets. When using modules, it may auto-load now, too...</li> 133 <li> Fixed format string error in proc fs display.</li> 134 <li> Fixed crash bug relating to memory allocation with locks held (we now use GF_ATOMIC)</li> 135 <li> hard_start_xmit will now grow the packet header if there is not enough headroom. This 136 may fix an MPLS-over-VLAN problem, though the real solution is to make MPLS allocate 137 more headroom anyway...</li> 138 <li> vconfig was changed to use the new IOCTL API, and the old vconfig WILL NOT WORK 139 with this or any newer patches...</li> 140 </ul> 141</li> 142 143<P> 144<li> <b><a href="vlan/vlan.1.0.3.tar.gz">Release 1.0.3 (gz)</a> For Kernel: 2.4.7 August 5, 2001:</b><br> 145 <P> 146 <ul> 147 <li> Re-worked code to be more stable and more in-line with what the kernel maintainers 148 want to see before the VLAN patch is included into the kernel.</li> 149 <li> One of those requests was to change the default naming scheme to eth0.5, for a VLAN 150 of VID 5 on eth0. You can over-ride this naming behaviour with the vconfig tool.</li> 151 <li> There were *NO* changes to the 2.2 series patch, and I don't expect to ever make 152 any more changes there...</li> 153 </ul> 154 155</li> 156<P> 157 158<li> <b><a href="vlan/vlan.1.0.1.tar.gz">Release 1.0.1 (gz)</a> For Kernel: 2.2.18/19, 2.4.3-pre3 April 16, 2001:</b><br> 159 <P> 160 <ul> 161 <li> Incorporated a fix for changing a MAC on a VLAN, it now correctly sets PACKET_HOST. 162 Thanks to Martin Bokaemper for this one.</li> 163 <li> The 2.4 series patch should now compile as a module, thanks to a tweak from someone 164 who's mail I have lost! Anyway, 3 cheers to the un-named coder!</li> 165 <li> There were *NO* changes to the 2.2 series patch, though I did verify that it seems to 166 work fine with the 2.2.19 kernel.</li> 167 </ul> 168 169</li> 170 171<P> 172<li> <b><a href="vlan/vlan.1.0.0.tar.gz">Release 1.0.0 (gz)</a> For Kernel: 2.2.18, 2.4.0 Jan 14, 2001:</b><br> 173 <P> 174 <ul> 175 <li> Really fixed (and tested) MAC change-ability. When you set the MAC address on 176 a VLAN, it will also attempt to set the underlying device to PROMISCious mode 177 (otherwise, the VLAN will not receive any packets.)</li> 178 <li> Hashed-device lookup is disabled by default because some people had trouble with 179 the 'lo' device. Please feel free to re-enable by editing the line in net/core/dev.c 180 (search for #define BEN_FAST_DEV_LOOKUP).</li> 181 <li> vconfig should warn when creating VLAN 1, because that VLAN is not compatible with many 182 switches.</li> 183 </ul> 184 185</li> 186 187<P> 188<li> <b><a href="vlan/vlan.0.0.15.tar.gz">Release 0.0.15 (gz)</a> For Kernel: 2.2.18, 2.4.prerelease Dec 31, 2000:</b><br> 189 <P> 190 <ul> 191 <li>Merged most of Matti Aarnio's patches. This means no significant patch to 192 eth.c now, and will help port VLANs to non-ethernet devices (ie ppp, TokenRing??).</li> 193 <li> Setting the MAC address should work now..I think it was broken before.</li> 194 <li> Miscellaneous code re-organization to make patches to existing files smaller.</li> 195 </ul> 196 197</li> 198 199<P> 200<li> <b><a href="vlan/vlan.0.0.14.tar.gz">Release 0.0.14 (gz)</a> For Kernel: 2.2.17, 2.4.pre9 Oct 26, 2000:</b><br> 201 <P> 202 This code seems pretty stable. 203 <ul> 204 <li>Removed vlan-space-per-machine, so vlan-space-per-NIC is mandatory now.</li> 205 <li>DHCP might work now, as I've added support for encapsulating regular ethernet 206 frames if they are sent to the vlan driver.</li> 207 <li>Fixed up the name/index hashing stuff to handle changing the name on a device.</li> 208 <li>Took out default VID & default priority, as their usefullness was in question, 209 and the code was broken anyway.</li> 210 </ul> 211 212</li> 213 214<P> 215<li> <b><a href="vlan/vlan.0.0.13.tar.gz">Release 0.0.13 (gz)</a> For Kernel: 2.2.17, 2.4.pre9 Oct 11, 2000:</b><br> 216 <center><b>KNOWN TO BE BUSTED, here for posterity's sake.</b></center> 217 <P> 218 <ul> 219 <li>Added support for MULTICAST to the VLAN devices. Thanks to 220 <a href="http://vlan.sourceforge.net" target=_top>Gleb & Co</a> for most of 221 that code.</li> 222 <li>Added the ability to set the MAC address on the VLAN. For now, you'll either need 223 to set your Ethernet NIC into PROMISC mode, or maybe figure out some multi-cast 224 ethernet address to set on the NIC. This has not been tested well at all.</li> 225 <li>Added a hashed device-name lookup scheme. This greatly speeds up ifconfig -a. 226 I was able to run an ifconfig -a in 20 seconds on a Celeron 500, with 4000 227 vlan devices configured!!</li> 228 <li>Added vlan_test.pl to help me find dumb bugs. Feel free to make this much 229 more powerful, and send the code back to me!</li> 230 <li>vconfig.c has been converted to C code now, instead of C++. Thanks to MATHIEU.</li> 231 <li>Significantly cleaned up the code w/out decreasing any useful functionality, 232 I believe.</li> 233 <li>Removed the DHCP stuff from the VLAN distribution.</li> 234 </ul> 235 236</li> 237<P> 238 239<li> <b><a href="vlan/vlan.0.0.12.tar.gz">Release 0.0.12 (gz)</a> For Kernel: 2.2.16, 2.4.pre7 August 27, 2000:</b><br> 240 Added ability to re-order the VLAN packet so that it looks like a real ethernet 241 packet for the ingress pathway. This should help DHCP and other programs that insist 242 on reading the raw buffer and then make assumptions about byte offsets. I don't have 243 a good way to test this fully, so consider it experimental :) This behavior can be 244 changed at run-time, and is set on a per-VLAN basis. The default is NOT to reorder the 245 header, which has been the only behavior up untill this point. The <tt>vconfig</tt> 246 program can set/clear the flag, by using a VLAN IOCTL. You can read the flag's value 247 from the /proc/net/vlan/vlan* files. 248<P> 249 You can also set a default priority on a NON-VLAN device. This priority will only 250 be used when the default_VID for the device is set as well. This priority won't 251 be mapped anywhere, just copied straight into the skb->priority. It is a uint16. 252<P> 253 The 2.3 patch is now the 2.4 patch, and it has been tested against 2.4.pre7. 254</li> 255<P> 256 257<li> <b><a href="vlan/vlan.0.0.11.tar.gz">Release 0.0.11 (gz)</a> For Kernel: 2.2.13/14, 2.3.99 April 23, 2000:</b><br> 258 Added real support for PRIORITY. Through IOCTL calls (see the vconfig program), you can set 259 explicit ingress and egress mappings to/from the VLAN QOS bits and the sk_buff->priority 260 field. This is not tested very well, as I don't know much about how people really use the 261 priority field... Took out the round-robin aggretation that went in in rls 0.10, as it was 262 mainly just a hack, and doing link aggregation at a lower level and then putting VLAN on 263 top of that virtual device probably makes more sense. The vconfig program changed to support 264 the new features..here's it's new usage:<br> 265<pre> 266Usage: add [interface-name] [vlan_id] 267 rem [vlan-name] 268 set_dflt [interface-name] [vlan_id] 269 add_port [port-name] [vlan_id] 270 rem_port [port-name] [vlan_id] 271 set_egress_map [vlan-name] [skb_priority] [vlan_qos] 272 set_ingress_map [vlan-name] [skb_priority] [vlan_qos] 273 set_name_type [name-type] 274 set_bind_mode [bind-type] 275 276* The [interface-name] is the name of the ethernet card that hosts 277 the VLAN you are talking about. 278* The port-name is the name of the physical interface that a VLAN 279 may be attached to. 280* The vlan_id is the identifier (0-4095) of the VLAN you are operating on. 281* skb_priority is the priority in the socket buffer (sk_buff). 282* vlan_qos is the 3 bit priority in the VLAN header 283* name-type: VLAN_PLUS_VID (vlan0005), VLAN_PLUS_VID_NO_PAD (vlan5), 284 DEV_PLUS_VID (eth0.0005), DEV_PLUS_VID_NO_PAD (eth0.5) 285* bind-type: PER_DEVICE # Allows vlan 5 on eth0 and eth1 to be unique. 286 PER_KERNEL # Forces vlan 5 to be unique across all devices. 287</pre> 288<P> 289 The 2.3 patches have been ported foward to 2.3.99, thanks to Patrick for the vlanproc.c 290 updates! 291</li> 292<P> 293 294</ul><hr> 295<P> 296 297<center><h3> 298<a name="setup">VLAN Setup and Configuration</a></h3></center> 299 300To get started, you will want to download the latest vlan.X.X.tar.gz 301file (to your $HOME directory.) Unpack it with your favorite commands, for 302example: <tt> tar -xvzf vlan.1.6.tar.gz </tt> 303<a name="cvs_setup">Alternatively, you can get it from the CVS Repository using something like this:</a><br> 304<ol> 305 <li> Install and configure 306 <a href="http://www.loria.fr/~molli/cvs-index.html">cvs</a> 307 on your machine.</li> 308 <li> Specify the vlan repository:<br> 309 <b>export CVSROOT=:pserver:anonymous@scry.wanfear.com:/home/cvs/vlan</b> 310 </li> 311 <li> Log in to the repository:<br> 312 <b>cvs login (PASSWORD: anonymous)</b> 313 </li> 314 <li> Check out the source:<br> 315 <b> mkdir vlan; cd vlan; cvs -z3 checkout vlan</b> 316 </li> 317</ol> 318<P> 319 320Now, you should have a vlan directory in your home directory. You only have 321to patch the kernel if you are using Linux 2.4.14 or earlier. Now, 322read the README or other docs to figure out what kernel it patches against. 323A list of mirrors are kept at <a href=http://www.kernel.org>www.kernel.org</a>. 324Unzip and un-tar this in your home directory as well, which should 325create a linux directory in your $HOME directory. Example:<tt> 326tar -xvzf linux-2.2.14.tar.gz</tt><P> 327 328Now add the VLAN kernel changes to the kernel if your kernel requires it. I finally figured 329out how to do patches that diff can handle (I think I did it right at least!). You 330will find the patch in the vlan directory. It will be called: vlan.patch, 331or something equally straight-foward. Apply the patch to your kernel:<p> 332 333<tt>cd $HOME/linux<br> 334patch -p 1 < $HOME/vlan/[vlan.patch]</br> 335</tt> 336<P> 337 338Your new, patched, kernel should be in your INCLUDE path before trying to 339compile the vconfig program. One way to get things working is to link $HOME/linux 340to the 'linux' directory that you just un-zipped and patched. A command might 341be something like: 342<tt>cd $HOME; ln -s /home/greear/kernel/2.4/linux.dev linux</tt> 343<P> 344 345Build the vconfig program in the $HOME/vlan directory:<br> 346<tt>cd $HOME/vlan<br> 347make<br> 348</tt> 349<P> 350 351Now, time to compile your new kernel! Use the <tt>make xconfig</tt> 352command in your $HOME/linux directory to select your kernel options. The 353option related to 802.1Q VLANs is found under the <b>Networking options</b>. 354If the option is not highlighted, make sure you select "Experimental Drivers" 355in one of the first xconfig menus. 356<P> 357 358Assuming your kernel compiled cleanly (yell if it didn't and you think my 359code broke it!!), you are now ready to try it out!! Install your kernel 360in the normal manner (fix up your <tt>/etc/lilo.conf</tt> file appropriately and 361run <tt>lilo</tt> as root.) Reboot your computer and choose your new kernel. 362<P> 363As your computer comes back to life, there will be little sign that you are 364now 802.1Q capable, other than a line spit out during the boot process. 365There should be a config programs in your $HOME/vlan 366directory: <tt>vconfig</tt>. <b>vconfig</b> is used 367to create and destroy VLAN devices. So, lets create a VLAN device on your 368first ethernet NIC. vconfig<return> will list a short spiel on how to 369use it. The vconfig command I usually use is: 370<P> 371 372<tt>vconfig add eth0 5</tt> 373<P> 374 375This attempts to create a VLAN device with VLAN-ID of 5 on the eth0 device. 376If you want to delete a VLAN, use something like: 377<P> 378<tt>vconfig rem eth0.5</tt> 379<P> 380 381You will also need to give it an ip, eg: <tt>ifconfig -i eth0.5 192.168.2.1</tt><br> 382and configure it UP: <tt>ifconfig -i eth0.5 up</tt> 383<P> 384 385<b>NOTE:</b> You can get lots of VLAN related configuration information from 386the <b>/proc/net/vlan/*</b> files by using 'cat' or 'more' to look at them. 387<P> 388 389Please get in contact with me if you have suggestions, patches, or other 390comments. 391<P> 392 393 <hr> 394 <address><a href="mailto:greearb@candelatech.com">greearb@candelatech.com</a> 395 <a target=_top href="index.html">Ben Greear's Home Page</a></address> 396<!-- Created: Sat Jan 30 18:27:28 MST 1999 --> 397<!-- hhmts start --> 398Last modified: Wed Apr 17 17:23:14 MST 2002 399<!-- hhmts end --> 400 </body> 401</html> 402
