DSA Mini-Tutorial

DSA stands for Distributed Switch Architecture and is the Linux kernel subsystem for network switches. Because upstream kernel development now uses DSA, the OpenWrt Project is implementing DSA to replace the earlier swconfig framework. Many new routers also use DSA drivers instead of swconfig drivers.

This DSA Mini-Tutorial explains how DSA works with OpenWrt, and how it is configured with the LuCI web interface and the uci configuration file at /etc/config/network.

If you are upgrading your OpenWrt device to 21.02 or later, you should read the Converting to DSA and Upgrading to OpenWrt 21.02.0 articles.

This page is a Work In Process. It contains requests for information from future editors. If you can contribute your knowledge, we would be pleased for the help.

DSA distinguishes between devices and interfaces.

  • Devices are physical connections that convey bits/frames to other computers. They operate at layer 2 in the protocol stack, have a MAC address along with several other configurable parameters.
    • Network devices identify and configure hardware components of the device: individual Ethernet switch ports, wireless radios, USB networking devices, VLANs, or virtual ethernets.
    • Alternatively, bridge devices group several network devices together so they can be treated as a single entity. A bridge device functions like a separate unmanaged (hardware) switch, forwarding traffic between member ports as needed at the hardware level to maintain performance. Each physical port can be a member of only a single bridge device.
  • Interfaces route IP packets and operate at layer 3 in the protocol stack. An interface is associated with a single device that sends/receives its packets. Interfaces get their IP address parameters by the choice of protocol: Static, DHCP, PPP, 6in4, Wireguard, OpenVPN, etc.

Naming: Devices are assigned a name like lan1, lan2, wan, wlan1, vlan1, etc. By convention, a bridge device gets a prefix of br-, like br-lan. Interfaces by convention, have upper-case names, such as LAN, WAN, WG1, etc.

OpenWrt configuration facilities allow you to configure the ports of your device using either the LuCI web interface, or by editing /etc/config/network. The remainder of this document describes several common configurations:

  1. Bridging all LAN ports
  2. Multiple bridged networks
  3. Multiple networks using VLANs
  4. Multiple networks using VLAN tagging

In the initial (and very common) scenario, all LAN switch ports are bridged together into a single 'br-lan' device. OpenWrt configures that device with an IP protocol, address, etc. In this configuration, everything that's connected to those physical bridged ports can communicate with each other and the router itself.

Configuring the LuCI web interface for a Bridged LAN: The first image shows all the LAN ports (lan1 .. lan4) are part of a Bridge device named “br-lan”. The second image shows an interface (“LAN”) that incorporates the “br-lan” device and been assigned a static address 192.168.1.1.

To add a wireless device (such as wlan0), open Network → Wireless. Edit the Device Configuration section to select the proper radio channel etc. Edit the Interface Configuration section (third image) to select the desired interface (from the Network: dropdown) and the SSID, security mode, etc.

Configuration file for a Bridged LAN: The first half of the file below shows how the config device section groups the physical ports into a bridge device named 'br-lan'. The config interface 'lan' section then incorporates that 'br-lan' device, and sets its IP protocol type, address, etc. Need to add the configuration for wlan0 to this file.

# ... in /etc/config/network

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'lan1'
	list ports 'lan2'
	list ports 'lan3'
	list ports 'lan4'

config interface 'lan'
	option device 'br-lan'
	option proto 'static'
	option ipaddr '192.168.1.1'
	option netmask '255.255.255.0'

OpenWrt can set up its switch to group multiple ports together into different bridge interfaces so their traffic remains separate, even though devices are plugged into the same router. For example, it might be useful to set aside certain ports for “home use” and others for “office use”.

You need only create two bridge devices: one for home and one for office, and assign different ports to each. You then create separate interfaces, and assign different IP address ranges (“subnets”) to each of those bridge devices. For example, home devices might have addresses from the range 192.168.1.1 to 192.168.1.254, while the office devices will be 192.168.13.1 to 192.168.13.254. Devices plugged into the home ports will be able to communicate with each other, and the devices in the office ports can also talk together. But the “home” ports will not be able to communicate with “office” ports unless there is a routing or firewall rule to allow it.

Configuring the LuCI web interface for multiple bridged networks: The LuCI interface created two separate bridge devices - br-home with the first two lan ports, and office with the next two ports. Next, two interfaces are created:

  • HOME, that uses the br-home bridge device, and assigns the address range 192.168.1.1 to 192.168.1.254
  • OFFICE, that uses the office bridge device, and assigns the address range 192.168.13.1 to 192.168.13.254

Configuration file for multiple bridged LANs: Here's the same example in /etc/config/network. The first half of the file below shows how each config device section groups two physical ports into a bridge device named br-home and two more ports into office. The config interface 'home' section defines an interface that incorporates the br-home device, and sets its IP protocol type, address, etc. Similarly, the config interface 'office' section incorporates the office device, and sets its configuration.

# ... in /etc/config/network
config device
	option name 'br-home'
	option type 'bridge'
	list ports 'lan1'
	list ports 'lan2'

config device
	option name 'office'
	option type 'bridge'
	list ports 'lan3'
	list ports 'lan4'

config interface 'home'
	option device 'br-home'
	option proto 'static'
	option ipaddr '192.168.1.1'
	option netmask '255.255.255.0'

config interface 'office'
	option device 'office'
	option proto 'static'
	option ipaddr '192.168.13.1'
	option netmask '255.255.255.0'

No editing beyond this point…

Ports can also be separated (grouped) using single bridge with multiple VLANs. That requires assigning interfaces to correct software VLANs.

Example:

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'lan1'
	list ports 'lan2'
	list ports 'lan3'
	list ports 'lan4'

config bridge-vlan
	option device 'br-lan'
	option vlan '1'
	list ports 'lan1'
	list ports 'lan2'

config bridge-vlan
	option device 'br-lan'
	option vlan '2'
	list ports 'lan3'
	list ports 'lan4'

config interface 'home'
	option device 'br-lan.1'
	option proto 'static'
	option ipaddr '192.168.1.1'
	option netmask '255.255.255.0'

config interface 'office'
	option device 'br-lan.2'
	option proto 'static'
	option ipaddr '192.168.13.1'
	option netmask '255.255.255.0'

With proper bridge VLAN configuration it's also possible for selected port to use VLAN tagged traffic. It also requires assigning OpenWrt interface to the correct software VLAN.

Example:

Port lan4 uses tagged packets for VLAN 1 and has PVID 2.

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'lan1'
	list ports 'lan2'
	list ports 'lan3'
	list ports 'lan4'

config bridge-vlan
	option device 'br-lan'
	option vlan '1'
	list ports 'lan1'
	list ports 'lan2'
	list ports 'lan3'
	list ports 'lan4:t'

config bridge-vlan
	option device 'br-lan'
	option vlan '2'
	list ports 'lan4:u*'

config interface 'lan'
	option device 'br-lan.1'
	option proto 'static'
	option ipaddr '192.168.1.1'
	option netmask '255.255.255.0'

Notes from Arınç ÜNAL (arinc9)

The current naming OpenWrt has is incorrect and confusing. The “interfaces” under Network → Interfaces actually represent networks. The actual interfaces are called “device” which is not necessarily wrong but implies as if they only have to be physical interfaces.

When you run ip link, each entry represents an interface on the system. Some are physical, some are logical interfaces.

UCI treats “config interface” as configuring networks but “config device” as configuring interfaces.

If you head to Network → Wireless and assign a wireless interface to a network, it will literally call the networks under Network → Interfaces as “Network”.

So, in my opinion:

  • “config interface” should be renamed to “config network”
  • “config device” should be renamed to “config interface”

End of Preface

This website uses cookies. By using the website, you agree with storing cookies on your computer. Also you acknowledge that you have read and understand our Privacy Policy. If you do not agree leave the website.More information about cookies
  • Last modified: 2021/08/17 07:00
  • by richb-hanover