网络基础知识 /etc/config/network

This page is not fully translated, yet. Please help completing the translation.
(remove this paragraph once the translation is finished)

这是一个典型家庭路由器的默认OpenWrt网络堆栈
您的设备可能在功能或方案数值上略有不同
注意，标签“WAN”和“LAN”的含义可能不同，这取决于它们的上下文

LuCi web GUI	说明
“Firewall”	zones之间的通行规则	转发规则，流量规则，自定义规则
“Firewall”, “Interfaces”	Network zone 配置	WAN (Zone)		LAN (Zone)
“Interfaces”	TCP配置和网桥配置	WAN	WAN6	LAN (TCP and Bridge config)
“Switch”, “Wireless”	VLANs 和 wireless SSIDs	VLAN 2 (eth 0.2)		VLAN 1 (eth 0.1)				LEDE 5	LEDE 2.4
“Switch”, “Wireless”	内部网口标签和无线网卡标签	WAN (Interface)		LAN 1	LAN 2	LAN 3	LAN 4	radio0	radio1
-	设备背面常见的厂商标签	“Internet”		“1”	“2”	“3”	“4”	“n/ac”	“b/g/n”

中央网络配置由uci network 子系统处理, 存储在文件 /etc/config/network中. uci子系统负责定义 switch VLANs, interface configurations 和 network routes.

在任何网络配置更改(通过uci或其他方式)之后，你需要输入以下内容来重载网络配置:

service network reload

如果您安装的版本没有提供service命令，则可以使用:

/etc/init.d/network reload

多亏了netifd (网络接口守护进程), 更改后的接口将自动重启生效。重启路由器不是必须的，但这也是强制配置重载的另一种方式。

这是一个TL-WR1043ND的默认network uci子系统配置示例

# uci show network
network.loopback=interface
network.loopback.ifname='lo'
network.loopback.proto='static'
network.loopback.ipaddr='127.0.0.1'
network.loopback.netmask='255.0.0.0'
network.globals=globals
network.globals.ula_prefix='fd27:70fa:5c1d::/48'
network.lan=interface
network.lan.type='bridge'
network.lan.ifname='eth0.1'
network.lan.proto='static'
network.lan.netmask='255.255.255.0'
network.lan.ip6assign='60'
network.lan.ipaddr='192.168.1.1'
network.wan=interface
network.wan.ifname='eth0.2'
network.wan.proto='dhcp'
network.wan6=interface
network.wan6.ifname='eth0.2'
network.wan6.proto='dhcpv6'
network.@switch[0]=switch
network.@switch[0].name='switch0'
network.@switch[0].reset='1'
network.@switch[0].enable_vlan='1'
network.@switch_vlan[0]=switch_vlan
network.@switch_vlan[0].device='switch0'
network.@switch_vlan[0].vlan='1'
network.@switch_vlan[0].ports='1 2 3 4 5t'
network.@switch_vlan[1]=switch_vlan
network.@switch_vlan[1].device='switch0'
network.@switch_vlan[1].vlan='2'
network.@switch_vlan[1].ports='0 5t'

会生成如下配置在文件 /etc/config/network中

# cat /etc/config/network
 
config interface 'loopback'
        option ifname 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'
 
config globals 'globals'
        option ula_prefix 'fd27:70fa:5c1d::/48'
 
config interface 'lan'
        option type 'bridge'
        option ifname 'eth0.1'
        option proto 'static'
        option netmask '255.255.255.0'
        option ip6assign '60'
        option ipaddr '192.168.1.1'
 
config interface 'wan'
        option ifname 'eth0.2'
        option proto 'dhcp'
 
config interface 'wan6'
        option ifname 'eth0.2'
        option proto 'dhcpv6'
 
config switch
        option name 'switch0'
        option reset '1'
        option enable_vlan '1'
 
config switch_vlan
        option device 'switch0'
        option vlan '1'
        option ports '1 2 3 4 5t'
 
config switch_vlan
        option device 'switch0'
        option vlan '2'
        option ports '0 5t'

执行以下操作查看接口列表:

ubus list network.interface.*

要查看关于特定接口(UCI名称而不是物理接口)的所有信息，输入:

ifstatus lan

路由器的最小网络配置通常包括至少两个 interfaces (lan 和 wan) 和一个 switch 节(如果适用的话).

globals 节包含了影响一般网络配置的接口独立选项。

名称	类型	是否必须	默认	描述
`ula_prefix`	IPv6-prefix	no	(none)	IPv6 ULA-Prefix for this device
`packet_steering`	Packet-Steering	no	(none)	Use every cpu to handle packet traffic

interface类型的节声明逻辑网络作为IP地址配置的容器, aliases, routes, 物理接口名和 startfirewall_rules - 它们在OpenWrt配置概念中起着核心作用。

一个最小的接口声明由以下几行组成:

uci:

network.wan=interface
network.wan.ifname='eth0.2'
network.wan.proto='dhcp'

config file:

config 'interface' 'wan'
        option 'proto' 'dhcp'
        option 'ifname' 'eth0.2'

wan是唯一的logical interface name
dhcp表示interface protocol, DHCP是一种例子
eth0.2是与本节相关联的physical interface

Linux内核对physical interface name的长度限制为15个字符，包括为某些协议自动添加的前缀(例如6in4, pppoa-, pppoe-, gre4t-) or with bridges (br-).

根据协议类型, logical interface name因此可能被限制为9个字符。例如'abcde67890'是使用dhcp的正常接口的有效接口名, 而最终名称为'pppoe-abcde67890'的pppoe接口不是, 它是 >15 个字符.

如果使用 .VLAN 记法, 可能需要额外的5个字符, 对于GRE这样的协议，“parent”接口名称限制为4个字符。 abcd.NNNN ⇒ gre4t-abcd.NNNN for 15 characters.

使用太长的名称会导致静默错误，interface创建或修改不成功。

接口协议可能是以下之一:

协议	描述	程序
`static`	固定地址和子网掩码的静态配置	`ip`/`ifconfig`
`dhcp`	地址和子网掩码由DHCP分配	`udhcpc` (Busybox)
`dhcpv6`	地址和子网掩码由DHCPv6分配	`odhcpc6c`
`ppp`	PPP协议-拨号调制解调器连接	`pppd`
`pppoe`	以太网上的PPP - DSL宽带连接	`pppd` + `plugin rp-pppoe.so`
`pppoa`	在ATM上的PPP -使用内置调制解调器的DSL连接	`pppd` + plugin ...
`3g`	使用at风格的3G调制解调器的CDMA, UMTS或GPRS连接	`comgt`
`qmi`	使用QMI协议的USB调制解调器	`uqmi`
`ncm`	使用NCM协议的USB调制解调器	`comgt-ncm` + ?
`wwan`	带有协议自动检测的USB调制解调器	`wwan`
`hnet`	自我管理家庭网络(HNCP)	`hnet-full`
`pptp`	通过PPTP VPN连接	?
`6in4`	IPv6-in-IPv4隧道，用于像HE.net这样的隧道代理	?
`aiccu`	Anything-in-anything隧道	`aiccu`
`6to4`	无状态IPv6 over IPv4传输	?
`6rd`	IPv6快速部署	`6rd`
`dslite`	Dual-Stack Lite	`ds-lite`
`l2tp`	PPP通过L2TP伪线隧道	`xl2tpd`
`relay`	relayd pseudo-bridge	`relayd`
`gre`, `gretap`	GRE over IPv4	`gre` + `kmod-gre`
`grev6`, `grev6tap`	GRE over IPv6	`gre` + `kmod-gre6`
`vti`	VTI over IPv4	`vti` + `kmod-ip_vti`
`vtiv6`	VTI over IPv6	`vti` + `kmod-ip6_vti`
`vxlan`	用于layer 2虚拟化的VXLAN协议, 参考here获取更多信息和配置示例	`vxlan` + `kmod-vxlan` + `ip-full`
`none`	未指定的协议, 因此所有其他接口设置将被忽略(如disabling配置)	-

基于已使用的 interface protocol 可能还需要其他几个选项配合，来构成一个完整的接口声明. 下面列出了每种协议的相应选项。如果使用了相应的协议，在 “是否必须” 列中标记为 “是” 的选项必须在接口部分中定义，标记为 “否” 的选项可以定义也可以省略。

如果一个接口部分没有定义协议(或者定义为 none ), 其他设置将被完全忽略。结果就是，如果接口部分提到一个物理网络接口 (例如 eth0), 即使连接了电缆这个接口也将是down的 (配置 proto 为 'none' 接口是 up 的)。

名称	类型	是否必须	默认值	描述
`ifname`	接口名称(们)	是(*)	(none)	分配如 `eth0.1`, `eth2`, 或 `tun0`这样的物理接口名称到这一节，若type设置为bridge类型，则列出接口列表。 () 如果只有wireless interface引用了该网络，或者protocol type 为 `pptp`, `pppoa` or `6in4`，则该选项可能为空或缺失* 由于 WLAN(无线局域网,WLAN是Wireless Local Area Network的简称)接口名称可能是动态的或不可预测的，强烈建议通过配置UCI wireless 配置中的 `network` 选项来分配桥接组关系¹⁾
`type`	string	no	(none)	If set to “bridge”, a bridge containing the given ifnames, and any wireless networks assigned using the `network` option in UCI wireless configuration, is created
`stp`	boolean	no	`0`	Only valid for type “bridge”, enables the Spanning Tree Protocol
`bridge_empty`	boolean	no	`0`	Only valid for type “bridge”, enables creating empty bridges
`igmp_snooping`	boolean	no	`0`	Only valid for type “bridge”, sets the multicast_snooping kernel setting for a bridge
`multicast_querier`	boolean	no	(takes over the value of igmp_snooping)	Only valid for type “bridge”, sets the multicast_querier kernel setting for a bridge
`macaddr`	mac address	no	(none)	Override MAC address of this interface. Example: 62:11:22:aa:bb:cc
`mtu`	number	no	(none)	Override the default MTU on this interface
`auto`	boolean	no	`0` for proto `none`, else `1`	Specifies whether to bring up interface on boot
`ipv6`	boolean	no	`1`	Specifies whether to enable (1) or disable (0) IPv6 on this interface (Barrier Breaker and later only)
~~`accept_ra`~~	~~boolean~~	no	~~`1` for protocol `dhcp`, else `0`~~	~~Specifies whether to accept IPv6 Router Advertisements on this interface~~ deprecated:
~~`send_rs`~~	~~boolean~~	no	~~`1` for protocol `static`, else `0`~~	~~Specifies whether to send Router Solicitations on this interface~~ deprecated:
`force_link`	boolean	no	`1` for protocol `static`, else `0`	Specifies whether ip address, route, and optionally gateway are assigned to the interface regardless of the link being active ('1') or only after the link has become active ('0'); when set to '1', carrier sense events do not invoke hotplug handlers
`disabled`	boolean	no	`0`	enable or disable the interface section
`ip4table`	string	no	(none)	IPv4 routing table for routes of this interface. E.g., when proto = dhcp, the dhcp client will add routes to that table
`ip6table`	string	no	(none)	IPv6 routing table for routes of this interface. E.g., when proto = dhcp6, the dhcp6 client will add routes to that table

See wan_interface_protocols for documentation on the protocol-specific options available for each WAN protocol.

The options _orig_ifname and _orig_bridge may be seen in /etc/config/network when managed by LuCI and were used to keep previous information across edits. They were moved out of ''/etc/config/network'' in March, 2018.

For many users, the default switch configuration is sufficient. Should the user need to configure the switch differently, LuCI, UCI, or direct editing of /etc/config/network may be used to achieve different configurations. Prior to any reconfiguration of the switch, an understanding of the default configuration is important. As an example, some devices have a single switch-connected interface, and other have two or more.

See also:

swconfig
VLAN
Switch Documentation (Older content, but does give discuss single-interface configuration)

The identifier for the switch(es) may be obtained using

# swconfig list
Found: switch0 - ag71xx-mdio.0

With the identifier known, the configuration can be viewed

# swconfig dev switch0 show
Global attributes:
	enable_vlan: 1
	enable_mirror_rx: 0
	enable_mirror_tx: 0
	mirror_monitor_port: 0
	mirror_source_port: 0
	arl_age_time: 300
	arl_table: address resolution table
[...]

There are three types of switch-related configuration stanzas, switch, switch_vlan, and switch_port.

Not all options are available on all hardware. Some limitations may be found with swconfig dev <dev> help. After making changes, check the output of swconfig to determine if the configuration was accepted by the switch hardware.

: The list of options may be incomplete. The details of each option need additional discovery and documentation, including checking of the underlying code. The source of restrictions on value ranges has yet to be identified. Valid values should be confirmed in the code.

选项名称	类型	是否必须	默认值	效果	说明
`name`	string	是	(none)	defines which switch to configure
`reset`	boolean
`enable_vlan`	boolean
`enable_mirror_rx`	boolean	否	0	Mirror received packets from the `mirror_source_port` to the `mirror_monitor_port`
`enable_mirror_tx`	boolean	否	0	Mirror transmitted packets from the `mirror_source_port` to the `mirror_monitor_port`
`mirror_monitor_port`	integer	否	0	Switch port to which packets are mirrored
`mirror_source_port`	integer	否	0	Switch port from which packets are mirrored
`arl_age_time`	integer	否 300	Adjust the address-resolution (MAC) table's aging time (seconds)	Default may differ by hardware
`igmp_snooping`	boolean	否	0	Enable IGMP snooping	Unconfirmed if can be set. Unknown how it interacts with interface- or port-level IGMP snooping.
`igmp_v3`	boolean	否	0		Unconfirmed if can be set. Unknown how it interacts with interface- or port-level IGMP snooping.

选项名称	类型	是否必须	默认值	效果	说明
`device`	string	是	(none)	defines which switch to configure
`vlan`	integer	是	(none)	The vlan “table index” to configure	May be limited to 127 or another number. See the output of `swconfig dev <dev> help` for limit. Sets defaults for VLAN tag and PVID.
`vid`	integer	否	`vlan`	The VLAN tag number to use	See the output of `swconfig dev <dev> help` for limit. VLANs 0 and 4095 are often considered “special use”.
`ports`	string	是	(none)	A string of space-separated port indicies that should be associated with the VLAN. Adding the suffix `t` to a port indicates that egress packets should be tagged, for example `'0 1 3t 5t`'	The suffixes `*` and `u` are referred to in docs:guide-user:network:switch with reference to certain Broadcom switches in the context of older releases.

选项名称	类型	是否必须	默认值	效果	说明
`device`	string	是	(none)	defines which switch to configure
`port`	integer	是	(none)	The port index to configure
`pvid`	integer	否	†	Port PVID; the VLAN tag†† to assign to untagged ingress packets	†Typically defaults one of the VLAN tags associated with the port. Logic not clear when there are multiple VLANs on the port. '0' can occur. Certain values have been rejected; logic not clear on limitations. ††May refer to the VLAN “index” rather than the VLAN tag itself (unconfirmed).
`enable_eee`	boolean	否	0	Enable “energy saving” features
`igmp_snooping`	boolean	否	0	Enable IGMP snooping	Unconfirmed if can be set. Unknown how it interacts with interface- or switch-level IGMP snooping.
`igmp_v3`	boolean	否	0		Unconfirmed if can be set. Unknown how it interacts with interface- or switch-level IGMP snooping.

Network配置可以通过运行/etc/init.d/network restart重新生效。

单个接口可以用 ifup name启动或者用 ifdown name 关闭，其中name对应于config interface节的logical interface name. ifup暗含了先调用ifdown 所以在重载interface时不需要同时调用这两个。

请注意，wireless interfaces是由外部管理的，而ifup可能会破坏与现有bridges的关系. 在这种情况下，为了重新建立网桥连接，需要在ifup之后运行wifi up。

参见: Scripting interface

¹⁾

要桥接无线接口和物理接口，因为无线接口名称是动态的，用当前查到的无线接口名称(例如wlan0-1)和物理接口名称(例如eth0)，在/etc/config/network中配置桥接关系，随着路由重启，很可能会出问题，当然如果你在/etc/config/wireless中，指定了ifname选项也就是无线接口名称的值(例如为wlan0)，然后在/etc/config/network中配置桥接关系

ifname 'eth0 wlan0'
type 'bridge'

这就不会有问题了。但是另一种更为常见的做法是在无线配置中来配置桥接组合关系，方法是：如果/etc/config/network配置的接口名称为lan

config interface 'lan'

则配置/etc/config/wireless中的network选项为lan，这就建立了一个比较可靠的桥接关系，这种关系可能不是特别直观，可以通过

brctl show

命令来查看

网络基础知识 /etc/config/network

网络配置

节

Globals

Interfaces

对所有协议类型都有效的选项

Switch配置

配置switch

配置switch_vlan

配置switch_port

Network管理