Introduction

RtBrick Full Stack (RBFS) supports various types of interfaces, including physical and logical interfaces. On hardware platforms, RBFS physical interfaces represent the ports of a switch. This guide describes how to configure and verify RBFS interfaces. Features like routing protocols or access services will typically run on top of the interfaces.

Interface Types

Physical Interfaces

In RBFS, physical interfaces (IFP) typically represent the physical ports of a hardware switch. For example, ifp-0/0/1 represents switch port 1. On the physical interface level, you can configure various parameters associated with Layer 1 of the ISO/OSI reference model.

Logical Interfaces

For each physical interface, you can create one or multiple interface units also referred to as logical interfaces (IFL) in RBFS. A logical interface is associated with the Layer 2 operation. In addition, you can configure Layer 3 parameters like IP addresses on interface units, and assign interface units to routing instances.

Loopback Interfaces

A loopback interface is typically used to represent and identify a device itself. Loopback interfaces are preferred because they do not depend on the status of a physical port, and will always be up. Loopback interfaces are virtual interfaces, they are also represented as physical interfaces and interface units in RBFS, reflecting Layer 1 and Layer 2/3 operation.

Host Interfaces

Linux virtual ethernet (veth) interfaces connect an LXC container with the Linux host OS. In RBFS, a veth interface to the Linux bridge lxcbr0 is created by default. In virtual topologies, you can create additional veth interfaces and Linux bridges. RBFS host interfaces represent veth interfaces in RBFS.
For example, if the container interface eth1 connects to the host interface vethXYZ123, ifp-0/0/1 can be bound to eth1 to represent it in RBFS. Host interfaces can be used like any other physical interface.

Memory Interfaces

Memory interfaces (memif) are virtual interfaces used for creating virtual topologies. They connect multiple containers running RBFS to each other. When configuring memif interfaces:

  • Endpoints match on the memif ID, i.e. the memif ID needs to be the same on both ends.

  • memif IDs need to be unique on the host.

  • The memif interface name is locally significant only.

  • One endpoint needs to be configured as a master, while the other one is configured as a slave.

Interface Numbering

RBFS interface numbers match the port numbers on the switch faceplate. An interface is named in the ifp-<chassis-ID>/<front-panel-block-number>/<port> format. For example, ifp-0/0/1.

  • Chassis ID—always 0 for the currently supported platforms

  • Front Panel Block—represents group of ports on the faceplate

  • Port—matches the port number on switch faceplate

Virtual interfaces follow the same structure, for example, lo-0/0/1 or memif-0/0/1.

Logical interfaces are numbered: ifl-<Node ID>/<Chip ID>/<Port ID>/<Unit ID>, for example ifl-0/0/1/1.

Community Support for Interfaces

You can tag an interface address with a community or extended community. RBFS will create a direct route for each interface address. If a community or extended community is configured for an interface address, RBFS will add it to the direct route. Communities can be used in policies. For example, when redistributing direct routes, you can match these communities and define desired policy rules.

Unnumbered Interfaces

An unnumbered interface is a point-to-point interface that is not explicitly configured with a dedicated IP address and subnet. Instead, it borrows (or links to) from a loopback interface, and uses it as the source IP address for packets originating from the interface. The unnumbered interface can "borrow" the IP address from another interface that is already configured on the switch, thereby conserving network and address space.

When configuring IP unnumbered on an interface:

  • The IP address of the unnumbered interface cannot be borrowed.

  • A logical interface can borrow IP address from a loopback interface, not vice versa.

Interface States

RBFS supports various interfaces such as physical interface, logical interface, and LAG interface and it uses various indicators to show the various states of interfaces. All interfaces have different states such as the following:

  • Admin state: Indicates whether the interface is enabled (Up) or disabled (Down).

  • Link state: Indicates whether the interface is linked (Up) or not linked (Down).

  • Oper state: Indicates whether the interface is operational (Up) or not functional (Down).

  • IPv4 state: Indicates that the interface is configured with the IPv4 address. The state can be Up or Down based on configuration.

  • IPv6 state: Indicates that the interface is configured with the IPv6 address. The state can be Up or Down based on configuration.

  • MPLS state: Indicates that the interface is an MPLS-enabled interface. The state can be Up or Down based on configuration.

Physical Interface States:

The physical interface states include:

  • admin

  • oper (operational)

  • link

Logical Interface States:

The logical interface states include:

  • admin

  • oper (operational)

  • link

  • IPv4

  • IPv6

  • MPLS

LAG Interface States

The LAG interface states include:

  • admin

  • oper(operational)

The interface state can either be Up or Down. Up shows that it is ready to pass packets, and Down shows that it is not ready to transmit packets. The operational state shows that the interface is operational and is ready to transmit packets. Oper state is Up only if both the Admin state and Link state are Up.

Path MTU Discovery

Path MTU Discovery (PMTUD) is a mechanism for discovering the MTU (Maximum Transmission Unit) size of all routers on a network path. This mechanism finds the MTU size allowed for each device for a TCP/UDP connection path on the network between two hosts.

For the Path MTU Discovery to work, you should set a Don’t Fragment (DF) flag (for IPv4 packets) in the IP headers of outgoing packets. Any device whose MTU is smaller than the packet along the path cannot forward the packet to the destination, instead that sends an ICMP 'Fragmentation Needed' (Type 3, Code 4) message to the source router.

The IPv6 packets do not allow fragmentation in transit, so the IPv6 headers do not have the ‘Don’t Fragment’ option. So when a router on the network path receives IPv6 packet that exceeds the MTU, the routers drop the packets and send back the corresponding ICMP message to the source router.

The advantages of PMTUD include:

  • Packets, which conform to the lowest MTU along the path are sent.

  • Avoid fragmentation which adds latency.

  • Avoid packet drops by intermediate devices due to the 'Don’t Fragment' flag while the host device continues sending packets.

In RBFS, the Path MTU Discovery feature is supported only on Q2C platform. It is not supported on Q2A platform.

To enable Path MTU Discovery, you must configure the MTU profile with the action redirect-to-cpu. So the CPU sends an ICMP message (that contains the allowed MTU of the router) to the source router. In this way, routers learn the MTU size of all routers on the path, so that they can determine the packet size in the network to avoid packet fragmentation.

For disabling the Path MTU Discovery, you can configure MTU profile with the action drop.

When an RBFS device receives MTU-violated packets, it responds with the ICMP error messages. ICMP error messages contain error codes that are sent to the source if fragmentation is required. The following are the types of ICMP error messages for the IPv4 and IPv6 packets.

ICMPv4 Message Types

The type field identifies the type of the message sent by the host. The type field contains more specific information about the error condition.

The table below lists the ICMPv4 message types.

Type Description

3

Destination Unreachable.
This alerts a source host of delivery problems encountered while trying to reach the destination.

Destination Unreachable uses the following code values to further describe the function of the ICMP message being sent.

Code Description

4

Fragmentation Needed and Don’t-Fragment (DF) was Set.
This message occurs when a router receives a packet that requires fragmentation, but the router has the DF flag turned on.

ICMPv6 Message Types

The type field identifies the type of the message sent by the host. The type field contains more specific information about the error condition.

The table below lists the ICMPv6 message type.

Type Description

2

Packet Too Big.
A Packet Too Big MUST be sent by a router in response to a packet that it cannot forward because the packet is larger than the MTU of the outgoing link.

Code Description

0

No code

You can change this behavior by enabling fragmentation. For more information about enabling host path fragmentation, see the section "Enabling Hostpath Fragmentation".

All outgoing packets are validated against the defined MTU on the egress path.

  • If MTU is violated and the MTU-profile action is drop, then packets are dropped.

  • If MTU is violated and MTU-profile action is redirect-to-cpu, then packets are sent to the CPU port. A 20MB policer is used to protect the CPU port from overwhelming MTU-violated traffic. If fragmentation is enabled, one of the following operations takes place:

    • If the 'Don’t Fragment' (DF) bit is not set in the received packet (only for IPv4), the packets are fragmented and sent to the outgoing port.

    • If the DF bit is set in a packet, it drops the packet and sends an ICMP error message back to the source.

  • When fragmentation is disabled, packets are dropped and ICMP error messages are sent to the source.

For information about configuring the MTU profile, see [mtu-profile-config].

IP Fragmentation

If the maximum transmission unit (MTU) of an outgoing interface is less than the original packet that needs to be routed, the packet needs to be fragmented. RBFS supports IP fragmentation on the Q2C platforms. The packets are sent to the CPU. CPU manages the fragmentation by sending an ICMP message (requesting packet fragmentation) to the source router.

If the packet needs to be fragmented and the Do-Not-Fragment (DF) flag is specified, then the device is going to send an ICMP Error code "Fragmentation Needed and DF set" to the source.

By default, IPv6 fragmentation is always handled at source as the IPv6 packets are not fragmented in transit. When the transit device receives an MTU-violated packet, it sends a "Packet Too Big" ICMPv6 message that it cannot forward the packet because it is larger than the MTU of the outgoing link.

Guidelines and Limitations of IP Fragmentation

The following guidelines and limitations apply to IP Fragmentation:

  • You can control the fragmentation on the Q2C platform by configuring the set forwarding-options fragmentation ipv4 state CPU command. For more information about configuring fragmentation, see "2.2.2. Enabling Hostpath Fragmentation."

  • There will be no ICMP error message sent in response to MTU-violated multicast packets.

MTU Profile

The Maximum Transmission Unit (MTU) is the size of the packet that is allowed in the network. MTU is configured as a MTU profile in the hardware. MTU profile configuration enables you to specify MTU size, MTU attachment point type, and MTU action. These profiles are attached to the interface entities (points) such as IFP, IFL, PPP, and L3 interfaces.

In the new generation silicon like Broadcom Qumran2C (Q2C), resources are conserved by creating profiles of the resources, and multiple entities like IFP, IFL and L3 interfaces utilize these profiles. To better manage MTU resources and platform capabilities, RBFS supports configuring MTU profiles and attaching these profiles to the attachment points.

Attachment Points: The MTU profiles are attached to the interface entities such as physical (IFP), logical (IFL), PPP, and L3 interfaces. RBFS supports the following attachment points for the MTU profiles:

  • Port-level

  • L3 interface level (IPv4 and IPv6)

  • PPPoE subscriber level (L2 IFL)

    MTU Size

    A user-configured MTU size can range from 64 to 9216 in RBFS.

For MTU profiles of type "pppoe", users should provide L3 MTU size (IPv4/IPv6 headers).
MTU Type

An MTU type specifies the attachment point of the MTU profile. The MTU types supported are as follows:

  • physical: When checking MTU, the entire packet size is considered.

  • ipv4: MTU check is for IPv4 packets only.

  • ipv6: MTU check is for IPv6 packets only.

  • ip: MTU profile of type IP check for both IPv4 and IPv6 packets.

  • pppoe: The MTU profile is applied to the PPPoE subscriber interface and the user is required to provide the L3 MTU size. Based on its best match algorithm, the Subscriber Management service associates these profiles with PPPoE subscribers.

  • MTU profiles for L3 logical interfaces must be explicitly configured, and if not configured, no default MTU size is set for IPv4 and IPv6.

  • On the Q2C platform, L3 interfaces can only be configured with IPv4 MTU profile or IPv6 MTU profile, but not both. However, with the type "ip" MTU profile, you can configure MTU for both IPv4 and IPv6 traffic with a common MTU size.

MTU Action

The MTU action is the action that a router takes when the MTU check fails. The redirect-to-cpu and drop are the two supported actions in RBFS supports.

Drop: If a router on the network path finds that the MTU size of a packet is larger than the configured MTU size of that router, it simply drops that packet.

redirect-to-cpu: If a router on the network path finds that the MTU size of a packet is larger than the configured MTU size of that router, it redirects that packet to CPU. CPU sends an ICMP error message requesting a packet fragmentation to the source router. This ICMP message also contains the MTU size of the router, so that the source router can learn the MTU size of the router on the path.

MTU Profile Limitations

The following limitations apply to the MTU profile:

  • There is a limit to how many MTUs can be used by each hardware.

    • On the Q2C platform, the limit is as follows:

      • Maximum number of MTU profiles: 8

      • Maximum number of L3 MTU profiles: 3 (MTU type: IP/IPv4/IPv6)

      • Maximum number of PPPoE MTU profiles: 6 (including the default PPPoE profile)

      • Maximum number of physical MTU profiles: 7

Supported Platforms

Not all features are necessarily supported on each hardware platform. Refer to the Platform Guide for the features and the sub-features that are or are not supported by each platform.

Guidelines & Limitations

QAX-based Platforms

An additional restriction applies to ports on QAX-based platforms: because of hardware design, physical ports are grouped into quads (groups of 4, also known as port groups). Each quad must have the same physical parameters: speed, link-training, duplex.

The following tables are provided for easy identification of ports that need to have the same physical settings:

Edgecore 7316-26XB Port Groups:

Port Speed Duplex Port Group

ifp-0/0/0

100G

Full

0

ifp-0/0/1

100G

Full

1

ifp-0/1/0

10G

Full

2

ifp-0/1/1

10G

Full

ifp-0/1/2

10G

Full

ifp-0/1/3

10G

Full

ifp-0/1/4

10G

Full

3

ifp-0/1/5

10G

Full

ifp-0/1/6

10G

Full

ifp-0/1/7

10G

Full

ifp-0/1/8

10G

Full

4

ifp-0/1/9

10G

Full

ifp-0/1/10

10G

Full

ifp-0/1/11

10G

Full

ifp-0/1/12

10G

Full

5

ifp-0/1/13

10G

Full

ifp-0/1/14

10G

Full

ifp-0/1/15

10G

Full

ifp-0/1/16

25G

Full

6

ifp-0/1/17

25G

Full

ifp-0/1/18

25G

Full

ifp-0/1/19

25G

Full

ifp-0/1/20

25G

Full

7

ifp-0/1/21

25G

Full

ifp-0/1/22

25G

Full

ifp-0/1/23

25G

Full

UfiSpace S9500-22XST Port Groups:

Port Speed Duplex Port Group

ifp-0/0/0

10G

Full

8

ifp-0/0/1

10G

Full

ifp-0/0/2

10G

Full

ifp-0/0/3

10G

Full

ifp-0/0/4

10G

Full

4

ifp-0/0/5

10G

Full

ifp-0/0/6

10G

Full

ifp-0/0/7

10G

Full

ifp-0/0/8

10G

Full

11

ifp-0/0/9

10G

Full

ifp-0/0/10

10G

Full

ifp-0/0/11

10G

Full

ifp-0/0/12

25G

Full

3

ifp-0/0/13

25G

Full

ifp-0/0/14

25G

Full

ifp-0/0/15

25G

Full

ifp-0/0/16

25G

Full

2

ifp-0/0/17

25G

Full

ifp-0/0/18

25G

Full

ifp-0/0/19

25G

Full

ifp-0/0/20

100G

Full

0

ifp-0/0/21

100G

Full

1

A PHY Quad can be associated with network interface (NIF) ports of identical type only. For example, a quad cannot be a mix of XLGE and XE ports. An exception is GE and XE ports which can coexist in the same quad. This means all the ports in a port group should have the same physical interface configuration (that is, speed/duplex/link-training). Ports in a port group are only allowed to support 1G and 10G speeds; any other combination is not allowed. If a port within a port group is misconfigured, then it would require changing the speeds/interface type of all ports within the port group to a different type and then back into the original type.