Offloading flowtable, LAG and VLAN

Hello together,

we are currently trying to get a mixture of Hardware LAG, VLAN Tagging and Flowtable Offloading working on our debian12 system using a ConnectX-6 Lx

Creating the HW Lag using the card running in switchdev works like charm.

Creating the VLANs and performing some filtering afterwards gets a bit more complicated. I tried to simply create a tagged version of the vlan and tell the nftable rules to perform some filtering. Thats working fine but seems to run in the kernel/software instead of getting ofloaded to the hardware since the system is running on full load handling the interrupts.

Is there any (recommended) way of building such a setup. Should I use several virtual functions and tag them?

Thanks in advance!

Hello @flo-hm,

Thank you for posting your query on our community. Please refer to this article on configuring VLAN offload using tc and let us know if it helps - ESPCommunity

Thanks,
Bhargavi

Hi,

the link only points to the starting page of the Enterprise Support Portal.

In the best case I want to offload firewall rules using nftables in combination with flowtables and the offload flag

My vision would be to define a flowtable using something like that:
flowtable f {

hook ingress priority 0; devices = { bond0.123, bond0.124 };

flags offload;

}

where bond0.123 and bond0.124 are a tagged version of a LACP Bond using the HW LAG functionality of my mellanox cards running in switchdev mode.

To sum up I would like to have several vlans → one bond → mellanox card

From my first tests offloading to the mellanox card it sellf seems to work but the bond in between seems to cause some problems…