I have a Banana PI BPI-R4 running OpenWRT 24.10.2 that has 4xGbe ports and 2x10Gbe SFP+ ports.
I am in the process of adding an L3 switch to my network and adding VLANs. My switch has 10Gbe ports and I'm thinking of using the 2 SFP+ ports on the router to connect to the switch and using the router to handle firewall duties for traffic between my VLANs so that I can create very specific rules on which devices from the VLANs can talk to others.
I've begun setup in OpenWRT and wanted to run it past experts here to point out the stupid mistakes I've probably made.
I plan on routing all inter VLAN traffic to one of the SFP+ ports on the router and then if the traffic passes the firewall rule, send it out the 2nd port.
I created a VLAN device on the physical interfaces (eth1 and eth2) for each of my planned VLANs. I am now creating interface devices for each VLAN device.
I also created firewall zones for ingress traffic going to egress and the reverse for "answering traffic"
I know that configuration of the L3 router is out of scope here, but in theory I will be creating rules that route requests for inter VLAN traffic to the ingress interface. Any answering traffic would go back through egress. (This may prove difficult to do, not sure yet.)
I believe that I will also need to create static routs so that OpenWRT knows how to send traffic between VLANs but I haven't wrapped my head around what rules will be needed yet.
My initial thought for using the 2 different SFP+ interfaces was to avoid any potential bottleneck with bandwidth. However, I have been thinking about this and it seems messy. Would I be better off using link aggregation to get the (theoretical) 20Gbps performance and simplify my setup? If yes, does this work well on the Banana PI BPI-R4?
Thanks in advance for anyone that takes the time to respond to my ramblings!