DSA

DSA

来源  https://www.right.com.cn/forum/thread-5807504-1-1.html

教程 https://openwrt.org/docs/guide-user/network/dsa/dsa-mini-tutorial#multiple_networks_using_vlan_tagging

参考 https://openwrt.org/docs/guide-user/network/vlan/switch_configuration

参考  https://www.cisco.com/c/en/us/td/docs/switches/datacenter/sw/5_x/nx-os/layer2/configuration/guide/Cisco_Nexus_7000_Series_NX-OS_Layer_2_Switching_Configuration_Guide_Release_5-x_chapter4.html

新版openwrt很多固件上找不到交换机插件，不支持swconfig配置vlan，从网上找到一篇dsa配置dot1q网络的方法，可以参考一下,原链接有图，更直观

原链接：https://forum.openwrt.org/t/mini-tutorial-for-dsa-network-config/96998

 

介绍

DSA 代表分布式交换机架构，是用于网络交换机的 Linux 内核子系统。它是 OpenWrt 的 swconfig 框架的上游替代品，许多新路由器使用 DSA 驱动程序而不是 swconfig 驱动程序。

在 DSA 中，每个交换机端口都是一个单独的 Linux 接口。这意味着ip/ifconfig命令将显示接口等lan1，lan2，wan等。

DSA 交换机端口可以用作独立接口（WAN 的通用解决方案），也可以使用 Linux 桥接接口进行桥接。在后一种情况下，交换机仍然能够在硬件级别路由流量，因此不会影响性能。

每个端口最多只能是一个网桥的一部分。

简单的端口桥接

在最简单的情况下，交换机端口使用 Linux 桥接接口进行桥接，OpenWrt 使用 IP 协议配置该接口。

在这种情况下，连接到桥接端口的所有设备都可以相互通信，也可以与路由器本身通信。

Syntax	Member Port Is
lanx	untagged ~PVID
lanx:u	untagged
lanx:t	tagged
lanx:*	PVID untagged
lanx:u*	PVID untagged
lanx:t*	PVID tagged

例子：

 

config device

        option name 'br-lan'

        option type 'bridge'

        list ports 'lan1'

        list ports 'lan2'

        list ports 'lan3'

        list ports 'lan4'

 

 

config interface 'lan'

        option device 'br-lan'

        option proto 'static'

        option ipaddr '192.168.1.1'

        option netmask'255.255.255.0'

 

多个网络（使用网桥）

通过使用多个桥接接口，可以将交换机设置为将选定的端口分组到单独的网络中。使用分离的防火墙区域，连接到不同端口组的设备将无法相互通信。

例子：

 

config device

        option name 'br-home'

        option type 'bridge'

        list ports 'lan1'

        list ports 'lan2'

 

config device

        option name 'office'

        option type 'bridge'

        list ports 'lan3'

        list ports 'lan4'

 

config interface 'home'

        option device 'br-home'

        option proto 'static'

        option ipaddr '192.168.1.1'

        option netmask'255.255.255.0'

 

config interface 'office'

        option device 'office'

        option proto 'static'

        option ipaddr '192.168.13.1'

        option netmask'255.255.255.0'

 

多个网络（使用 VLAN）

还可以使用具有多个 VLAN 的单个网桥来分隔（分组）端口。这需要将接口分配给正确的软件 VLAN。

例子：

 

config device

        option name 'br-lan'

        option type 'bridge'

        list ports 'lan1'

        list ports 'lan2'

        list ports 'lan3'

        list ports 'lan4'

 

config bridge-vlan

        option device 'br-lan'

        option vlan '1'

        list ports 'lan1'

        list ports 'lan2'

 

config bridge-vlan

        option device 'br-lan'

        option vlan '2'

        list ports 'lan3'

        list ports 'lan4'

 

 

config interface 'home'

        option device 'br-lan.1'

        option proto 'static'

        option ipaddr '192.168.1.1'

        option netmask'255.255.255.0'

 

config interface 'office'

        option device 'br-lan.2'

        option proto 'static'

        option ipaddr '192.168.13.1'

        option netmask'255.255.255.0'

 

VLAN 标记的流量

通过正确的桥接 VLAN 配置，选定端口也可以使用 VLAN 标记的流量。它还需要将 OpenWrt 接口分配给正确的软件 VLAN。

例子：

端口lan4使用 VLAN 1 的标记数据包并具有 PVID 2。

 

config device

        option name 'br-lan'

        option type 'bridge'

        list ports 'lan1'

        list ports 'lan2'

        list ports 'lan3'

        list ports 'lan4'

 

config bridge-vlan

        option device 'br-lan'

        option vlan '1'

        list ports 'lan1'

        list ports 'lan2'

        list ports 'lan3'

        list ports 'lan4:t'

 

config bridge-vlan

        option device 'br-lan'

        option vlan '2'

        list ports 'lan4:u*'

 

config interface 'lan'

        option device 'br-lan.1'

        option proto 'static'

        option ipaddr '192.168.1.1'

        option netmask'255.255.255.0'

=================

mini-tutorial-for-dsa-network-config

see https://forum.openwrt.org/t/mini-tutorial-for-dsa-network-config/96998

Update from 2021-05-31:

• Option ifname was renamed to device
• This tutorial is valid for 21.02-rc2 (or newer) and recent snapshots

Introduction

DSA stands for Distributed Switch Architecture and is Linux kernel subsystem for network switches. It's an upstream replacement for OpenWrt's swconfig framework and many new routers use DSA drivers instead of swconfig drivers.

In DSA each switch port is a separated Linux interface. It means ip / ifconfig command will show interfaces like lan1, lan2, wan, etc.

DSA switch ports can be used as standalone interfaces (common solution for WAN) or can be bridged using Linux bridge interface. In the later case switch will still be able to route traffic on the hardware level so it won't affect performance.

Each port can be part of maximum of one bridge only.

Simple ports bridging

In the simplest scenario switch ports are simply bridged using Linux bridge interface and OpenWrt configures that interface with an IP protocol.

In such case all devices connected to bridged ports can communicate each other and router itself.

Example:

01-device1086×393 32.1 KB

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'lan1'
	list ports 'lan2'
	list ports 'lan3'
	list ports 'lan4'

01-interface1086×643 37.6 KB

config interface 'lan'
	option device 'br-lan'
	option proto 'static'
	option ipaddr '192.168.1.1'
	option netmask '255.255.255.0'

Multiple networks (using bridges)

A switch can be setup to group selected ports into separated networks by using multiple bridge interfaces. With separated firewall zones devices connected to different port groups won't be able to communicate each other.

Example:

02-device-home1086×393 30.7 KB

02-device-office1086×393 30.4 KB

config device
	option name 'br-home'
	option type 'bridge'
	list ports 'lan1'
	list ports 'lan2'

config device
	option name 'office'
	option type 'bridge'
	list ports 'lan3'
	list ports 'lan4'

02-interface-home1086×643 37.9 KB

02-interface-office1086×643 37.7 KB

 

config interface 'home'
	option device 'br-home'
	option proto 'static'
	option ipaddr '192.168.1.1'
	option netmask '255.255.255.0'

config interface 'office'
	option device 'office'
	option proto 'static'
	option ipaddr '192.168.13.1'
	option netmask '255.255.255.0'

Multiple networks (using VLANs)

Ports can also be separated (grouped) using single bridge with multiple VLANs. That requires assigning interfaces to correct software VLANs.

Example:

03-device1086×482 31.8 KB

 

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'lan1'
	list ports 'lan2'
	list ports 'lan3'
	list ports 'lan4'

config bridge-vlan
	option device 'br-lan'
	option vlan '1'
	list ports 'lan1'
	list ports 'lan2'

config bridge-vlan
	option device 'br-lan'
	option vlan '2'
	list ports 'lan3'
	list ports 'lan4'

03-interface-home1086×643 38 KB

 

03-interface-office1086×643 38.2 KB

 

config interface 'home'
	option device 'br-lan.1'
	option proto 'static'
	option ipaddr '192.168.1.1'
	option netmask '255.255.255.0'

config interface 'office'
	option device 'br-lan.2'
	option proto 'static'
	option ipaddr '192.168.13.1'
	option netmask '255.255.255.0'

VLAN tagged traffic

With proper bridge VLAN configuration it's also possible for selected port to use VLAN tagged traffic. It also requires assigning OpenWrt interface to the correct software VLAN.

Example:

Port lan4 uses tagged packets for VLAN 1 and has PVID 2.

04-device1086×484 33.7 KB

 

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'lan1'
	list ports 'lan2'
	list ports 'lan3'
	list ports 'lan4'

config bridge-vlan
	option device 'br-lan'
	option vlan '1'
	list ports 'lan1'
	list ports 'lan2'
	list ports 'lan3'
	list ports 'lan4:t'

config bridge-vlan
	option device 'br-lan'
	option vlan '2'
	list ports 'lan4:u*'

04-interface1086×643 39 KB

 

config interface 'lan'
	option device 'br-lan.1'
	option proto 'static'
	option ipaddr '192.168.1.1'
	option netmask '255.255.255.0'

================== End