NXP SJA1105 switch driver

Overview

The NXP SJA1105 is a family of 6 devices:

  • SJA1105E: First generation, no TTEthernet
  • SJA1105T: First generation, TTEthernet
  • SJA1105P: Second generation, no TTEthernet, no SGMII
  • SJA1105Q: Second generation, TTEthernet, no SGMII
  • SJA1105R: Second generation, no TTEthernet, SGMII
  • SJA1105S: Second generation, TTEthernet, SGMII

These are SPI-managed automotive switches, with all ports being gigabit capable, and supporting MII/RMII/RGMII and optionally SGMII on one port.

Being automotive parts, their configuration interface is geared towards set-and-forget use, with minimal dynamic interaction at runtime. They require a static configuration to be composed by software and packed with CRC and table headers, and sent over SPI.

The static configuration is composed of several configuration tables. Each table takes a number of entries. Some configuration tables can be (partially) reconfigured at runtime, some not. Some tables are mandatory, some not:

Table Mandatory Reconfigurable
Schedule no no
Schedule entry points if Scheduling no
VL Lookup no no
VL Policing if VL Lookup no
VL Forwarding if VL Lookup no
L2 Lookup no no
L2 Policing yes no
VLAN Lookup yes yes
L2 Forwarding yes partially (fully on P/Q/R/S)
MAC Config yes partially (fully on P/Q/R/S)
Schedule Params if Scheduling no
Schedule Entry Points Params if Scheduling no
VL Forwarding Params if VL Forwarding no
L2 Lookup Params no partially (fully on P/Q/R/S)
L2 Forwarding Params yes no
Clock Sync Params no no
AVB Params no no
General Params yes partially
Retagging no yes
xMII Params yes no
SGMII no yes

Also the configuration is write-only (software cannot read it back from the switch except for very few exceptions).

The driver creates a static configuration at probe time, and keeps it at all times in memory, as a shadow for the hardware state. When required to change a hardware setting, the static configuration is also updated. If that changed setting can be transmitted to the switch through the dynamic reconfiguration interface, it is; otherwise the switch is reset and reprogrammed with the updated static configuration.

Traffic support

The switches do not have hardware support for DSA tags, except for “slow protocols” for switch control as STP and PTP. For these, the switches have two programmable filters for link-local destination MACs. These are used to trap BPDUs and PTP traffic to the master netdevice, and are further used to support STP and 1588 ordinary clock/boundary clock functionality. For frames trapped to the CPU, source port and switch ID information is encoded by the hardware into the frames.

But by leveraging CONFIG_NET_DSA_TAG_8021Q (a software-defined DSA tagging format based on VLANs), general-purpose traffic termination through the network stack can be supported under certain circumstances.

Depending on VLAN awareness state, the following operating modes are possible with the switch:

  • Mode 1 (VLAN-unaware): a port is in this mode when it is used as a standalone net device, or when it is enslaved to a bridge with vlan_filtering=0.
  • Mode 2 (fully VLAN-aware): a port is in this mode when it is enslaved to a bridge with vlan_filtering=1. Access to the entire VLAN range is given to the user through bridge vlan commands, but general-purpose (anything other than STP, PTP etc) traffic termination is not possible through the switch net devices. The other packets can be still by user space processed through the DSA master interface (similar to DSA_TAG_PROTO_NONE).
  • Mode 3 (best-effort VLAN-aware): a port is in this mode when enslaved to a bridge with vlan_filtering=1, and the devlink property of its parent switch named best_effort_vlan_filtering is set to true. When configured like this, the range of usable VIDs is reduced (0 to 1023 and 3072 to 4094), so is the number of usable VIDs (maximum of 7 non-pvid VLANs per port*), and shared VLAN learning is performed (FDB lookup is done only by DMAC, not also by VID).

To summarize, in each mode, the following types of traffic are supported over the switch net devices:

  Mode 1 Mode 2 Mode 3
Regular traffic Yes No (use master) Yes
Management traffic (BPDU, PTP) Yes Yes Yes

To configure the switch to operate in Mode 3, the following steps can be followed:

ip link add dev br0 type bridge
# swp2 operates in Mode 1 now
ip link set dev swp2 master br0
# swp2 temporarily moves to Mode 2
ip link set dev br0 type bridge vlan_filtering 1
[   61.204770] sja1105 spi0.1: Reset switch and programmed static config. Reason: VLAN filtering
[   61.239944] sja1105 spi0.1: Disabled switch tagging
# swp3 now operates in Mode 3
devlink dev param set spi/spi0.1 name best_effort_vlan_filtering value true cmode runtime
[   64.682927] sja1105 spi0.1: Reset switch and programmed static config. Reason: VLAN filtering
[   64.711925] sja1105 spi0.1: Enabled switch tagging
# Cannot use VLANs in range 1024-3071 while in Mode 3.
bridge vlan add dev swp2 vid 1025 untagged pvid
RTNETLINK answers: Operation not permitted
bridge vlan add dev swp2 vid 100
bridge vlan add dev swp2 vid 101 untagged
bridge vlan
port    vlan ids
swp5     1 PVID Egress Untagged

swp2     1 PVID Egress Untagged
         100
         101 Egress Untagged

swp3     1 PVID Egress Untagged

swp4     1 PVID Egress Untagged

br0      1 PVID Egress Untagged
bridge vlan add dev swp2 vid 102
bridge vlan add dev swp2 vid 103
bridge vlan add dev swp2 vid 104
bridge vlan add dev swp2 vid 105
bridge vlan add dev swp2 vid 106
bridge vlan add dev swp2 vid 107
# Cannot use mode than 7 VLANs per port while in Mode 3.
[ 3885.216832] sja1105 spi0.1: No more free subvlans

* “maximum of 7 non-pvid VLANs per port”: Decoding VLAN-tagged packets on the CPU in mode 3 is possible through VLAN retagging of packets that go from the switch to the CPU. In cross-chip topologies, the port that goes to the CPU might also go to other switches. In that case, those other switches will see only a retagged packet (which only has meaning for the CPU). So if they are interested in this VLAN, they need to apply retagging in the reverse direction, to recover the original value from it. This consumes extra hardware resources for this switch. There is a maximum of 32 entries in the Retagging Table of each switch device.

As an example, consider this cross-chip topology:

+-------------------------------------------------+
| Host SoC                                        |
|           +-------------------------+           |
|           | DSA master for embedded |           |
|           |   switch (non-sja1105)  |           |
|  +--------+-------------------------+--------+  |
|  |   embedded L2 switch                      |  |
|  |                                           |  |
|  |   +--------------+     +--------------+   |  |
|  |   |DSA master for|     |DSA master for|   |  |
|  |   |  SJA1105 1   |     |  SJA1105 2   |   |  |
+--+---+--------------+-----+--------------+---+--+

+-----------------------+ +-----------------------+
|   SJA1105 switch 1    | |   SJA1105 switch 2    |
+-----+-----+-----+-----+ +-----+-----+-----+-----+
|sw1p0|sw1p1|sw1p2|sw1p3| |sw2p0|sw2p1|sw2p2|sw2p3|
+-----+-----+-----+-----+ +-----+-----+-----+-----+

To reach the CPU, SJA1105 switch 1 (spi/spi2.1) uses the same port as is uses to reach SJA1105 switch 2 (spi/spi2.2), which would be port 4 (not drawn). Similarly for SJA1105 switch 2.

Also consider the following commands, that add VLAN 100 to every sja1105 user port:

devlink dev param set spi/spi2.1 name best_effort_vlan_filtering value true cmode runtime
devlink dev param set spi/spi2.2 name best_effort_vlan_filtering value true cmode runtime
ip link add dev br0 type bridge
for port in sw1p0 sw1p1 sw1p2 sw1p3 \
            sw2p0 sw2p1 sw2p2 sw2p3; do
    ip link set dev $port master br0
done
ip link set dev br0 type bridge vlan_filtering 1
for port in sw1p0 sw1p1 sw1p2 sw1p3 \
            sw2p0 sw2p1 sw2p2; do
    bridge vlan add dev $port vid 100
done
ip link add link br0 name br0.100 type vlan id 100 && ip link set dev br0.100 up
ip addr add 192.168.100.3/24 dev br0.100
bridge vlan add dev br0 vid 100 self

bridge vlan
port    vlan ids
sw1p0    1 PVID Egress Untagged
         100

sw1p1    1 PVID Egress Untagged
         100

sw1p2    1 PVID Egress Untagged
         100

sw1p3    1 PVID Egress Untagged
         100

sw2p0    1 PVID Egress Untagged
         100

sw2p1    1 PVID Egress Untagged
         100

sw2p2    1 PVID Egress Untagged
         100

sw2p3    1 PVID Egress Untagged

br0      1 PVID Egress Untagged
         100

SJA1105 switch 1 consumes 1 retagging entry for each VLAN on each user port towards the CPU. It also consumes 1 retagging entry for each non-pvid VLAN that it is also interested in, which is configured on any port of any neighbor switch.

In this case, SJA1105 switch 1 consumes a total of 11 retagging entries, as follows:

  • 8 retagging entries for VLANs 1 and 100 installed on its user ports (sw1p0 - sw1p3)
  • 3 retagging entries for VLAN 100 installed on the user ports of SJA1105 switch 2 (sw2p0 - sw2p2), because it also has ports that are interested in it. The VLAN 1 is a pvid on SJA1105 switch 2 and does not need reverse retagging.

SJA1105 switch 2 also consumes 11 retagging entries, but organized as follows:

  • 7 retagging entries for the bridge VLANs on its user ports (sw2p0 - sw2p3).
  • 4 retagging entries for VLAN 100 installed on the user ports of SJA1105 switch 1 (sw1p0 - sw1p3).

Switching features

The driver supports the configuration of L2 forwarding rules in hardware for port bridging. The forwarding, broadcast and flooding domain between ports can be restricted through two methods: either at the L2 forwarding level (isolate one bridge’s ports from another’s) or at the VLAN port membership level (isolate ports within the same bridge). The final forwarding decision taken by the hardware is a logical AND of these two sets of rules.

The hardware tags all traffic internally with a port-based VLAN (pvid), or it decodes the VLAN information from the 802.1Q tag. Advanced VLAN classification is not possible. Once attributed a VLAN tag, frames are checked against the port’s membership rules and dropped at ingress if they don’t match any VLAN. This behavior is available when switch ports are enslaved to a bridge with vlan_filtering 1.

Normally the hardware is not configurable with respect to VLAN awareness, but by changing what TPID the switch searches 802.1Q tags for, the semantics of a bridge with vlan_filtering 0 can be kept (accept all traffic, tagged or untagged), and therefore this mode is also supported.

Segregating the switch ports in multiple bridges is supported (e.g. 2 + 2), but all bridges should have the same level of VLAN awareness (either both have vlan_filtering 0, or both 1). Also an inevitable limitation of the fact that VLAN awareness is global at the switch level is that once a bridge with vlan_filtering enslaves at least one switch port, the other un-bridged ports are no longer available for standalone traffic termination.

Topology and loop detection through STP is supported.

L2 FDB manipulation (add/delete/dump) is currently possible for the first generation devices. Aging time of FDB entries, as well as enabling fully static management (no address learning and no flooding of unknown traffic) is not yet configurable in the driver.

A special comment about bridging with other netdevices (illustrated with an example):

A board has eth0, eth1, swp0@eth1, swp1@eth1, swp2@eth1, swp3@eth1. The switch ports (swp0-3) are under br0. It is desired that eth0 is turned into another switched port that communicates with swp0-3.

If br0 has vlan_filtering 0, then eth0 can simply be added to br0 with the intended results. If br0 has vlan_filtering 1, then a new br1 interface needs to be created that enslaves eth0 and eth1 (the DSA master of the switch ports). This is because in this mode, the switch ports beneath br0 are not capable of regular traffic, and are only used as a conduit for switchdev operations.

Offloads

Time-aware scheduling

The switch supports a variation of the enhancements for scheduled traffic specified in IEEE 802.1Q-2018 (formerly 802.1Qbv). This means it can be used to ensure deterministic latency for priority traffic that is sent in-band with its gate-open event in the network schedule.

This capability can be managed through the tc-taprio offload (‘flags 2’). The difference compared to the software implementation of taprio is that the latter would only be able to shape traffic originated from the CPU, but not autonomously forwarded flows.

The device has 8 traffic classes, and maps incoming frames to one of them based on the VLAN PCP bits (if no VLAN is present, the port-based default is used). As described in the previous sections, depending on the value of vlan_filtering, the EtherType recognized by the switch as being VLAN can either be the typical 0x8100 or a custom value used internally by the driver for tagging. Therefore, the switch ignores the VLAN PCP if used in standalone or bridge mode with vlan_filtering=0, as it will not recognize the 0x8100 EtherType. In these modes, injecting into a particular TX queue can only be done by the DSA net devices, which populate the PCP field of the tagging header on egress. Using vlan_filtering=1, the behavior is the other way around: offloaded flows can be steered to TX queues based on the VLAN PCP, but the DSA net devices are no longer able to do that. To inject frames into a hardware TX queue with VLAN awareness active, it is necessary to create a VLAN sub-interface on the DSA master port, and send normal (0x8100) VLAN-tagged towards the switch, with the VLAN PCP bits set appropriately.

Management traffic (having DMAC 01-80-C2-xx-xx-xx or 01-19-1B-xx-xx-xx) is the notable exception: the switch always treats it with a fixed priority and disregards any VLAN PCP bits even if present. The traffic class for management traffic has a value of 7 (highest priority) at the moment, which is not configurable in the driver.

Below is an example of configuring a 500 us cyclic schedule on egress port swp5. The traffic class gate for management traffic (7) is open for 100 us, and the gates for all other traffic classes are open for 400 us:

#!/bin/bash

set -e -u -o pipefail

NSEC_PER_SEC="1000000000"

gatemask() {
        local tc_list="$1"
        local mask=0

        for tc in ${tc_list}; do
                mask=$((${mask} | (1 << ${tc})))
        done

        printf "%02x" ${mask}
}

if ! systemctl is-active --quiet ptp4l; then
        echo "Please start the ptp4l service"
        exit
fi

now=$(phc_ctl /dev/ptp1 get | gawk '/clock time is/ { print $5; }')
# Phase-align the base time to the start of the next second.
sec=$(echo "${now}" | gawk -F. '{ print $1; }')
base_time="$(((${sec} + 1) * ${NSEC_PER_SEC}))"

tc qdisc add dev swp5 parent root handle 100 taprio \
        num_tc 8 \
        map 0 1 2 3 5 6 7 \
        queues 1@0 1@1 1@2 1@3 1@4 1@5 1@6 1@7 \
        base-time ${base_time} \
        sched-entry S $(gatemask 7) 100000 \
        sched-entry S $(gatemask "0 1 2 3 4 5 6") 400000 \
        flags 2

It is possible to apply the tc-taprio offload on multiple egress ports. There are hardware restrictions related to the fact that no gate event may trigger simultaneously on two ports. The driver checks the consistency of the schedules against this restriction and errors out when appropriate. Schedule analysis is needed to avoid this, which is outside the scope of the document.

Routing actions (redirect, trap, drop)

The switch is able to offload flow-based redirection of packets to a set of destination ports specified by the user. Internally, this is implemented by making use of Virtual Links, a TTEthernet concept.

The driver supports 2 types of keys for Virtual Links:

  • VLAN-aware virtual links: these match on destination MAC address, VLAN ID and VLAN PCP.
  • VLAN-unaware virtual links: these match on destination MAC address only.

The VLAN awareness state of the bridge (vlan_filtering) cannot be changed while there are virtual link rules installed.

Composing multiple actions inside the same rule is supported. When only routing actions are requested, the driver creates a “non-critical” virtual link. When the action list also contains tc-gate (more details below), the virtual link becomes “time-critical” (draws frame buffers from a reserved memory partition, etc).

The 3 routing actions that are supported are “trap”, “drop” and “redirect”.

Example 1: send frames received on swp2 with a DA of 42:be:24:9b:76:20 to the CPU and to swp3. This type of key (DA only) when the port’s VLAN awareness state is off:

tc qdisc add dev swp2 clsact
tc filter add dev swp2 ingress flower skip_sw dst_mac 42:be:24:9b:76:20 \
        action mirred egress redirect dev swp3 \
        action trap

Example 2: drop frames received on swp2 with a DA of 42:be:24:9b:76:20, a VID of 100 and a PCP of 0:

tc filter add dev swp2 ingress protocol 802.1Q flower skip_sw \
        dst_mac 42:be:24:9b:76:20 vlan_id 100 vlan_prio 0 action drop

Time-based ingress policing

The TTEthernet hardware abilities of the switch can be constrained to act similarly to the Per-Stream Filtering and Policing (PSFP) clause specified in IEEE 802.1Q-2018 (formerly 802.1Qci). This means it can be used to perform tight timing-based admission control for up to 1024 flows (identified by a tuple composed of destination MAC address, VLAN ID and VLAN PCP). Packets which are received outside their expected reception window are dropped.

This capability can be managed through the offload of the tc-gate action. As routing actions are intrinsic to virtual links in TTEthernet (which performs explicit routing of time-critical traffic and does not leave that in the hands of the FDB, flooding etc), the tc-gate action may never appear alone when asking sja1105 to offload it. One (or more) redirect or trap actions must also follow along.

Example: create a tc-taprio schedule that is phase-aligned with a tc-gate schedule (the clocks must be synchronized by a 1588 application stack, which is outside the scope of this document). No packet delivered by the sender will be dropped. Note that the reception window is larger than the transmission window (and much more so, in this example) to compensate for the packet propagation delay of the link (which can be determined by the 1588 application stack).

Receiver (sja1105):

tc qdisc add dev swp2 clsact
now=$(phc_ctl /dev/ptp1 get | awk '/clock time is/ {print $5}') && \
        sec=$(echo $now | awk -F. '{print $1}') && \
        base_time="$(((sec + 2) * 1000000000))" && \
        echo "base time ${base_time}"
tc filter add dev swp2 ingress flower skip_sw \
        dst_mac 42:be:24:9b:76:20 \
        action gate base-time ${base_time} \
        sched-entry OPEN  60000 -1 -1 \
        sched-entry CLOSE 40000 -1 -1 \
        action trap

Sender:

now=$(phc_ctl /dev/ptp0 get | awk '/clock time is/ {print $5}') && \
        sec=$(echo $now | awk -F. '{print $1}') && \
        base_time="$(((sec + 2) * 1000000000))" && \
        echo "base time ${base_time}"
tc qdisc add dev eno0 parent root taprio \
        num_tc 8 \
        map 0 1 2 3 4 5 6 7 \
        queues 1@0 1@1 1@2 1@3 1@4 1@5 1@6 1@7 \
        base-time ${base_time} \
        sched-entry S 01  50000 \
        sched-entry S 00  50000 \
        flags 2

The engine used to schedule the ingress gate operations is the same that the one used for the tc-taprio offload. Therefore, the restrictions regarding the fact that no two gate actions (either tc-gate or tc-taprio gates) may fire at the same time (during the same 200 ns slot) still apply.

To come in handy, it is possible to share time-triggered virtual links across more than 1 ingress port, via flow blocks. In this case, the restriction of firing at the same time does not apply because there is a single schedule in the system, that of the shared virtual link:

tc qdisc add dev swp2 ingress_block 1 clsact
tc qdisc add dev swp3 ingress_block 1 clsact
tc filter add block 1 flower skip_sw dst_mac 42:be:24:9b:76:20 \
        action gate index 2 \
        base-time 0 \
        sched-entry OPEN 50000000 -1 -1 \
        sched-entry CLOSE 50000000 -1 -1 \
        action trap

Hardware statistics for each flow are also available (“pkts” counts the number of dropped frames, which is a sum of frames dropped due to timing violations, lack of destination ports and MTU enforcement checks). Byte-level counters are not available.

Device Tree bindings and board design

This section references Documentation/devicetree/bindings/net/dsa/sja1105.txt and aims to showcase some potential switch caveats.

RMII PHY role and out-of-band signaling

In the RMII spec, the 50 MHz clock signals are either driven by the MAC or by an external oscillator (but not by the PHY). But the spec is rather loose and devices go outside it in several ways. Some PHYs go against the spec and may provide an output pin where they source the 50 MHz clock themselves, in an attempt to be helpful. On the other hand, the SJA1105 is only binary configurable - when in the RMII MAC role it will also attempt to drive the clock signal. To prevent this from happening it must be put in RMII PHY role. But doing so has some unintended consequences. In the RMII spec, the PHY can transmit extra out-of-band signals via RXD[1:0]. These are practically some extra code words (/J/ and /K/) sent prior to the preamble of each frame. The MAC does not have this out-of-band signaling mechanism defined by the RMII spec. So when the SJA1105 port is put in PHY role to avoid having 2 drivers on the clock signal, inevitably an RMII PHY-to-PHY connection is created. The SJA1105 emulates a PHY interface fully and generates the /J/ and /K/ symbols prior to frame preambles, which the real PHY is not expected to understand. So the PHY simply encodes the extra symbols received from the SJA1105-as-PHY onto the 100Base-Tx wire. On the other side of the wire, some link partners might discard these extra symbols, while others might choke on them and discard the entire Ethernet frames that follow along. This looks like packet loss with some link partners but not with others. The take-away is that in RMII mode, the SJA1105 must be let to drive the reference clock if connected to a PHY.

MDIO bus and PHY management

The SJA1105 does not have an MDIO bus and does not perform in-band AN either. Therefore there is no link state notification coming from the switch device. A board would need to hook up the PHYs connected to the switch to any other MDIO bus available to Linux within the system (e.g. to the DSA master’s MDIO bus). Link state management then works by the driver manually keeping in sync (over SPI commands) the MAC link speed with the settings negotiated by the PHY.