Android VLAN的配置

1 Switch VLAN原理
1.1 VLAN Mode
Tag-based VLANs are the industry standard 802.1Q VLANs (dot1q), while the port-based VLANs are more akin to private VLANs.

Tag-based:
Tag-based VLAN identifies its member by VID. This is quite different from port-based VLAN. If there are any more rules in ingress filtering list or egress filtering list, the packet will be screened with more filtering criteria to determine if it can be forwarded. The switch supports supplement of 802.1Q.

Each tag-based VLAN you built up must be assigned VLAN name and VLAN ID. Valid VLAN ID is 1-4094. User can create total up to 256 Tag VLAN groups.

Port-based:
Port-based VLAN is defined by port. Any packet coming in or outgoing from any one port of a port-based VLAN will be accepted. No filtering criterion applies in port-based VLAN. The only criterion is the physical port you connect to. For example, for a port-based VLAN named PVLAN-1 contains port members Port 1&2&3&4. If you are on the port 1, you can communicate with port 2&3&4. If you are on the port 5, then you cannot talk to them. Each port-based VLAN you built up must be assigned a group name. This switch can support up to maximal 26 port-based VLAN groups.

A port cannot be a member of more than one port-based VLAN unless the port is tagged.

1.2 VLAN帧格式
Linux内核代码:net/8021q/vlan_dev.c
eth0:VLAN母设备
eth0.VID:VLAN子设备,其IP地址的一般形式是aaa.bbb.VID.ccc,除了VID之外,IP地址的其它3个字段与母设备保持一致
VLAN PCP:IEEE 802.1Q中没有定义,在IEEE 802.1p中定义,p表示priority;3 bit,表示帧的优先级,取值范围为0~7,值越大优先级越高
VLAN DEI:Drop eligible indicator,丢弃适当性指示符,局域网中取0;1 bit
VLAN ID:12 bit,0保留
2个字节EtherType:
- 0x0800 表示IPv4
- 0x0806 表示ARP
- 0x86dd 表示IPv6
- 0x809B 表示AppleTalk协议数据
- 0x8138 表示Novell类型协议数据
- 0x88F7 表示gPTP协议数据

Figure 1-1 VLAN帧格式

1.3 VLAN entry SRAM
VLAN entry有4096个,每个entry占用4个字节,开机后需要将使能的VLAN信息配置在交换机的SRAM中,有效的VLAN entry就以12bit的VLAN ID为索引,定位到SRAM中对应的位置。

1.4 PVID默认值
1)PVID属于IEEE 802.1Q,不属于Port-based VLAN
2)PVID寄存器IEEE 802.1Q Default Tag Register Block 0x0B00, Page 34h: Adress 10h-21h;默认值是1;参考Kendin KSZ8995M/MA
3)当端口被分配到多个VLAN中时,PVID通过寄存器设置为最小的VLAN ID
4)AN-135
802.1Q Tag Based and Port Based VLAN Function and Setting in KSZ8995M/MA
5)例子
0  1   2  3
U  T  T  T

1.5 名词解释
trunk:VLAN ID多于一个的port口,基于Tag-based,使用IEEE 802.1Q VID
access:untagged port,基于Tag-based,使用IEEE 802.1Q PVID

1.6 IEEE 802.1p
在该规范中定义了PCP的值。
PCP     Priority         Acronym     Traffic types
1          0 (lowest)         BK            Background
0          1 (default)        BE             Best effort
2          2                      EE             Excellent effort
3          3                      CA             Critical applications
4          4                       VI             Video, < 100 ms latency and jitter
5          5                      VO            Voice, < 10 ms latency and jitter
6          6                       IC             Internetwork control
7          7 (highest)        NC           Network control

1.7 QinQ
1)802.1Q in 802.1Q:VLAN双Tag,是基于IEEE 802.1Q技术的一种比较简单的二层虚拟专用网络协议
2)3个重要寄存器
PVID寄存器:IEEE 802.1Q Default Tag Register,16位寄存器,默认值是1,这个是多用途寄存器,untagged Port口的内部和外部的VID都用PVID
ISP TPID寄存器:16位TPID值,常规的customer TPID的值为0x8100
ISP Tag Port映射寄存器:指明哪些Port口支持双Tag

2 ip link
1)为eth0接口添加VLAN ID 5
ip link add link eth0 name eth0.5 type vlan id 5
ip -d link show eth0.5

2)设置QOS
for i in {0..7}
do
    ip link set dev eth0.5 type vlan egress-qos-map $i:0
    #ip link set eth0.5 type vlan egress $i:0
done
其中$i表示skb_priority,0表示vlan_qos,vlan_qos对应到VLAN以太网帧中的3bit PCP。

3)分配IP并设置启动
ip addr add 192.168.5.200/24 brd 192.168.5.255 dev eth0.5
ip link set dev eth0.5 up
或者
ifconfig eth0.5 192.168.5.200 netmask 255.255.255.0 up

4)删除命令
ip link set dev eth0.5 down
ip link delete eth0.5

3 busybox vconfig
1)为eth0接口添加VLAN ID 5
busybox vconfig add eth0 5

2)设置QOS
for i in {0..7}
do
    busybox vconfig set_egress_map eth0.5 $i 0
done
其中$i表示skb_priority,0表示vlan_qos,vlan_qos对应到VLAN以太网帧中的3bit PCP。

3)删除
busybox vconfig rem eth0.5

4 获取VLAN eth0.5的详细信息
cat /proc/net/vlan/config
cat /proc/net/vlan/eth0.5

5 tcpdump抓到的log循环写
无论网卡是否支持vlan,如果在eth0设备上创建了vlan设备eth0.5,那么tcpdump在eth0上都可以抓到vlan的数据包,并不是只能在eth0.5抓包。

tcpdump -X -i eth0 -s 0 -C 20 -W 3 -w /data/ipsnoop.pcap -Z root

-i:设备名
-s:过滤包大小限制
-C:定义生成文件大小,兆(Mega Bytes)为单位,取整数
-W:可生成多少个文件
-w:指定生成文件的路径
-Z:用户组,user或者root;Linux如果想循环写文件,此选项必须有,Android不需要

6 Abbreviations
CVLAN:Customer VLAN,用户VLAN,对应的VLAN叫C-Tag
KSZ8565R:Kendin(肯定科技)Switch,Z表示KS的无铅版本,最后的数字5表示有5个端口;被Micrel收购
MIB:Management Information Base
PVID:Port default VID,PVID属于IEEE 802.1Q,不属于Port-based VLAN
SVLAN:Service Provider VLAN,服务商VLAN,对应的VLAN叫S-Tag

你可能感兴趣的:(Network)