Bridge-assisted multi_access links are isolated bridging domains (#2150)

A multi-access link without a VLAN attribute is usually a layer-3
segment. Our implementation of bridge-assisted multi-access links
has to reflect that -- we have to create a separate VLAN for each
such link.

Author: ipspace

Diff for: docs/node-roles.md

@@ -33,7 +33,11 @@ Most hosts listen to IPv6 RA messages to get the IPv6 default route. _netlab_ ca
 (node-role-bridge)=
 ## Bridges
 
-The **bridge** role is a thin abstraction layer on top of the [**vlan** configuration module](module-vlan), making deploying simple topologies with a single bridge connecting multiple routers or hosts easier. Do not try to build complex topologies with bridges; use the VLAN configuration module.
+The **bridge** role is a thin abstraction layer on top of the [**vlan** configuration module](module-vlan), making deploying simple topologies with a single bridge connecting multiple routers or hosts easier. You can also use a **bridge** node to test failover scenarios using a familiar layer-2 device[^SD].
+
+[^SD]: It's easier to shut down an interface on a familiar device than trying to figure out how to do that on a Linux bridge.
+
+Do not try to build complex topologies with bridges; use the VLAN configuration module.
 
 Bridges are simple layer-2 packet forwarding devices[^VM]. They do not have a loopback interface and might not even have a data-plane IP address. Without additional parameters, _netlab_ configures them the way non-VLAN bridges have been working for decades -- bridge interfaces do not use VLAN tagging and belong to a single layer-2 forwarding domain.
 
@@ -58,23 +62,6 @@ links: [ rtr-br, h1-br, h2-br ]
 
 In the above topology, *netlab* assigns an IP prefix from the **lan** pool to the VLAN segment connecting the four devices ([you can change that](node-bridge-details)).
 
-In the lab topology, you can use a multi-access link with a single bridge attached instead of a series of point-to-point links. The following topology is equivalent to the one above; the multi-access link is expanded into a series of point-to-point links with the **br** device.
-
-```
-nodes:
-  rtr:
-    device: eos
-  h1:
-    device: linux
-  h2:
-    device: linux
-  br:
-    device: ioll2
-    role: bridge
-
-links: [ rtr-h1-h2-br ]
-```
-
 You can also connect multiple bridges into a larger bridged network. This scenario stretches the limitations of the **bridge** nodes (using the [**vlan** configuration module](module-vlan) would be better). If you decide to use it in your topology, you SHOULD define a global **br_default** VLAN (defined as **vlans.br_default** topology attribute) to share the same IP subnet across all bridges.
 
 ```
@@ -100,7 +87,7 @@ _netlab_ does not implement multiple independent bridge domains for the same VLA
 ```
 
 (node-bridge-details)=
-### Implementation Details
+### Bridge Implementation Details
 
 _netlab_ uses the **vlan** configuration module to implement the *simple bridging* functionality -- it places all bridge interfaces without an explicit **vlan** parameter into the same access VLAN.
 
@@ -112,4 +99,28 @@ You can use the node- or global VLAN definition of the **br_default** VLAN to ch
 
 [^BRID]: You can change the VLAN tag of the default bridge VLAN with the `topology.defaults.const.bridge.default_vlan.id` parameter
 
-For more VLAN configuration- and implementation details, read the [**vlan** configuration module documentation](module-vlan).
+For more VLAN configuration- and implementation details, read the [**vlan** configuration module documentation](module-vlan).
+
+(node-bridge-lan)=
+### Implementing Multi-Access Links with Bridges
+
+To build a LAN segment with a hub-and-spoke topology of point-to-point links attaching nodes to the bridge, you can define a multi-access link with a single bridge attached to it.
+
+For example, you can use the following topology to create a topology equivalent to the one above; the multi-access link is expanded into a series of point-to-point links with the **br** device.
+
+```
+nodes:
+  rtr:
+    device: eos
+  h1:
+    device: linux
+  h2:
+    device: linux
+  br:
+    device: ioll2
+    role: bridge
+
+links: [ rtr-h1-h2-br ]
+```
+
+Each multi-access link implemented with a bridge node is a separate bridging domain. _netlab_ creates a separate VLAN with a topology-wide unique VLAN ID on the bridge node for every multi-access link and copies the link attributes into the VLAN attributes. Thus, it's safe to use the same bridge node to implement multiple multi-access links.

Diff for: netsim/roles/bridge.py

@@ -12,6 +12,7 @@
 from ..utils import log
 from ..data import global_vars,append_to_list,get_box
 from ..augment import links
+from ..modules import _dataplane
 from . import select_nodes_by_role
 
 """
@@ -66,12 +67,32 @@ def add_default_access_vlan(topology: Box) -> bool:
 
   return link_found
 
+"""
+Get next internal VLAN for an isolated bridge domain
+"""
+def get_next_internal_vlan(start: int, use: str) -> int:
+  while start < 4090:                                       # Skip some of the high-end VLANs
+    if not _dataplane.is_id_used('vlan_id',start):          # Is the VLAN used anywhere?
+      _dataplane.extend_id_set('vlan_id',set([start]))      # No, grab it
+      return start                                          # ... and return it to the caller
+    start = start + 1                                       # Otherwise, try the next one
+
+  log.error(
+    f'Cannot allocate an internal VLAN for {use} -- I ran out of VLANs',
+    category=log.IncorrectValue,
+    module='vlan')
+  return 1                                                  # We need some value, and it doesn't matter
+
 """
 When exactly one of the nodes on link with more than two nodes is a bridge,
 expand the link into multiple P2P links with the bridge node. Print a warning
 (and do nothing) if there are more than two bridges attached to the link
 """
 def expand_multiaccess_links(topology: Box) -> None:
+  skip_linkattr = list(topology.defaults.vlan.attributes.phy_ifattr)
+  del_linkattr  = ['linkindex','interfaces']
+  int_vlan_id = global_vars.get_const('bridge.internal_vlan.start',100)
+
   for link in list(topology.get('links',[])):
     if '_br_list' not in link:                              # Is this one of the relevant links?
       continue                                              # No, move on
@@ -90,10 +111,29 @@ def expand_multiaccess_links(topology: Box) -> None:
         module='bridge')
       continue
 
-    br_intf = br_list[0]                                    # Remember the bridge interface
+    # Do we have any of the physical attributes on the link? For the moment, let's assume that's an error
+    #
+    wrong_attr = [ k for k in link.keys() if k in skip_linkattr and k not in del_linkattr ]
+    if wrong_attr:
+      log.error(
+        text=f'Attribute(s) {",".join(wrong_attr)} cannot be used on multi-access link {link._linkname}' + \
+              ' implemented with a bridge',
+        category=log.IncorrectAttr,
+        module='bridge')
+      continue
+
+    br_intf = br_list[0]                                    # Get the bridge interface
+    br_node = topology.nodes[br_intf.node]                  # And the corresponding node
+    int_vlan_id = get_next_internal_vlan(int_vlan_id,'multi-access link {link._linkname}')
+    vname = f'br_vlan_{int_vlan_id}'                        # Create the internal VLAN
+    br_node.vlans[vname] = { k:v for k,v in link.items() if k not in del_linkattr }
+    br_node.vlans[vname].id = int_vlan_id                   # ... set its ID
+    br_node.vlans[vname].mode = 'bridge'                    # ... and make it a L2-only VLAN
+    br_intf.vlan.access = vname                             # ... and use it on the bridge interface
+
     link_cnt = 0
     for intf in link.interfaces:
-      if intf != br_intf:                                   # Did we find an interesting interface?
+      if intf.node != br_intf.node:                         # Is this a non-bridge interface?
         l_data = get_box(link)                              # Copy the link data
         link_cnt += 1
         l_data._linkname = f'{link._linkname}.{link_cnt}'   # Create unique link and and linkindex