12-QinQ Configuration
Chapters Download (253.59 KB)
Modification of the TPID Value in VLAN Tags
Configuring an Outer VLAN Tagging Policy
Configuring the TPID Value in VLAN Tags
Basic QinQ Configuration Example
Outer VLAN Tagging Policy Configuration Example
When configuring QinQ, go to these sections for information you are interested in:
l QinQ Configuration Task List
l Configuring the TPID Value in VLAN Tags
l Throughout this document, customer network VLANs (CVLANs), also called inner VLANs, refer to the VLANs that a customer uses on the private network; and service provider network VLANs (SVLANs), also called outer VLANs, refer to the VLANs that a service provider uses to carry VLAN tagged traffic for customers.
l QinQ requires configurations only on the service provider network, not on the customer network.
QinQ stands for 802.1Q in 802.1Q. The QinQ feature is a flexible, easy-to-implement Layer 2 VPN technique based on IEEE 802.1Q. It enables the edge device on the service provider network to encapsulate an outer VLAN tag in Ethernet frames from customer networks (private networks), so that the Ethernet frames will travel across the service provider network (public network) with double VLAN tags. QinQ enables a service provider to use a single SVLAN to serve customers who have multiple CVLANs.
In the VLAN tag field defined in IEEE 802.1Q, only 12 bits are used for VLAN IDs. As a result, a device can support a maximum of 4094 VLANs. This is far from enough for isolating users in actual networks, especially in metropolitan area networks (MANs).
By tagging tagged frames, QinQ expands the available VLAN space from 4094 to 4094 × 4094 and thus satisfies the requirement for VLAN space in MAN. It mainly addresses the following issues:
l Releases the stress on the SVLAN resource.
l Enables customers to plan their CVLANs without conflicting with SVLANs.
l Provides an easy-to-implement Layer 2 VPN solution for small-sized MANs or intranets.
l Allows the customers to keep their current network configurations when the service provider upgrades the service provider network, thus making the customer networks more independent.
The devices in the public network forward a frame only according to its outer VLAN tag and learn its source MAC address into the MAC address table of the outer VLAN. The inner VLAN tag of the frame is transmitted as the payload.
Figure 1-1 Schematic diagram of the QinQ feature
As shown in Figure 1-1, customer network A has CVLANs 1 through 10, while customer network B has CVLANs 1 through 20. The SVLAN allocated by the service provider for customer network A is SVLAN 3, and that for customer network B is SVLAN 4. When a tagged Ethernet frame of customer network A enters the service provider network, it is tagged with outer VLAN 3; when a tagged Ethernet frame of customer network B enters the service provider network, it is tagged with outer VLAN 4. In this way, there is no overlap of VLAN IDs among customers, and traffic from different customers can be identified separately.
A QinQ frame is transmitted double-tagged over the service provider network. The inner VLAN tag is the CVLAN tag while the outer one is the SVLAN tag that the service provider has allocated to the customer.
Figure 1-2 shows the structure of single-tagged and double-tagged Ethernet frames.
Figure 1-2 Single-tagged frame structure vs. double-tagged Ethernet frame structure
The default maximum transmission unit (MTU) of an interface is 1500 bytes. The size of an outer VLAN tag is 4 bytes. Therefore, you are recommended to increase the MTU of each interface on the service provider network. The recommended minimum MTU is 1504 bytes. For how to configure the MTU of an interface, refer to Ethernet Interface Configuration in the Access Volume.
There are two types of QinQ implementations: basic QinQ and selective QinQ.
1) Basic QinQ
Basic QinQ is a port-based feature. When a frame arrives at a basic QinQ-enabled port, the port tags it with the port’s default VLAN tag, regardless of whether the frame is tagged or untagged. If the received frame is already tagged, it becomes a double-tagged frame; if it is untagged, it becomes a frame tagged with the port’s default VLAN tag.
2) Selective QinQ
Selective QinQ is an implementation more flexible than basic QinQ. In addition to all the functions of basic QinQ, selective QinQ can tag frames with different outer VLAN tags based on their inner VLAN IDs.
A VLAN tag uses the tag protocol identifier (TPID) field to identify the protocol type of the tag. The value of this field, as defined in IEEE 802.1Q, is 0x8100.
Figure 1-3 shows the 802.1Q-defined tag structure of an Ethernet frame.
Figure 1-3 VLAN Tag structure of an Ethernet frame
The device determines whether a received frame carries a SVLAN tag or a CVLAN tag by checking the corresponding TPID value. Upon receiving a frame, the device compares the configured TPID value with the value of the TPID field in the frame. If the two match, the devices considers that the frame carries the corresponding VLAN tag. For example, if a frame carries a SVLAN tag with the TPID value 0x9100 and a CVLAN tag with the TPID value 0x8100 while the configured TPID value of the SVLAN tag is 0x8100 and that of the CVLAN tag is 0x8200, the device considers that the frame carries only the SVLAN tag but not the CVLAN tag.
In addition, the systems of different vendors may set the TPID of the outer VLAN tag of QinQ frames to different values. For compatibility with these systems, you can modify the TPID value so that the QinQ frames, when sent to the public network, carry the TPID value identical to the value of a particular vendor to allow interoperability with the devices of that vendor.
The TPID in an Ethernet frame has the same position with the protocol type field in a frame without a VLAN tag. To avoid problems in packet forwarding and handling in the network, you cannot set the TPID value to any of the values in the table below.
Table 1-1 Reserved protocol type values
|
Protocol type |
Value |
|
ARP |
0x0806 |
|
PUP |
0x0200 |
|
RARP |
0x8035 |
|
IP |
0x0800 |
|
IPv6 |
0x86DD |
|
PPPoE |
0x8863/0x8864 |
|
MPLS |
0x8847/0x8848 |
|
IPX/SPX |
0x8137 |
|
IS-IS |
0x8000 |
|
LACP |
0x8809 |
|
802.1x |
0x888E |
|
Cluster |
0x88A7 |
|
Reserved |
0xFFFD/0xFFFE/0xFFFF |
IEEE 802.1Q: IEEE standard for local and metropolitan area networks: Virtual Bridged Local Area Networks
Table 1-2 QinQ configuration task list
|
Configuration task |
Remarks |
|
Optional |
|
|
Optional |
|
|
Optional |
l QinQ configurations made in Ethernet port view or OLT port view take effect on the current port only; those made in Layer-2 aggregate interface view take effect on the current aggregate interface and all the member ports in the aggregation group; those made in port group view take effect on all member ports in the current port group.
l Basic and selective QinQ should both be configured on the ports connecting customer networks.
Follow these steps to enable basic QinQ:
|
To do... |
Use the command... |
Remarks |
|
|
Enter system view |
system-view |
— |
|
|
Enter interface view or port group view |
Enter Ethernet port view, OLT port view, or Layer-2 aggregate interface view |
interface interface-type interface-number |
Required Use either command. |
|
Enter port group view |
port-group manual port-group-name |
||
|
Enable QinQ on the port(s) |
qinq enable |
Required Disabled by default. |
|
Basic QinQ can only tag received frames with the default VLAN tag of the receiving port, while selective QinQ allows adding different outer VLAN tags based on different inner VLAN tags.
Follow these steps to configure an outer VLAN tagging policy:
|
To do... |
Use the command... |
Remarks |
|
|
Enter system view |
system-view |
— |
|
|
Enter interface view or port group view |
Enter Ethernet port view, OLT port view, or Layer-2 aggregate interface view |
interface interface-type interface-number |
Required Use either command |
|
Enter port group view |
port-group manual port-group-name |
||
|
Enter QinQ view and configure the SVLAN tag for the port to add |
qinq vid vlan-id |
Required By default, the SVLAN tag to be added is the default VLAN tag of the receiving port. |
|
|
Tag frames of the specified CVLANs with the current SVLAN |
raw-vlan-id inbound { all | vlan-list } |
Required |
|
l An inner VLAN tag corresponds to only one outer VLAN tag.
l If you want to change an outer VLAN tag, you must delete the old outer VLAN tag configuration and configure a new outer VLAN tag.
l The S3600 series EPON OLT switches support the configuration of basic QinQ and selective QinQ at the same time on a port. If the two features are both enabled on the port, frames that meet the selective QinQ condition are handled with selective QinQ on this port first, and the left frames are handled with basic QinQ.
Follow these steps to configure a TPID value:
|
To do... |
Use the command... |
Remarks |
|
Enter system view |
system-view |
— |
|
Configure the TPID value in the VLAN tag |
qinq ethernet-type hex-value |
Optional 0x8100 by default |
As shown in Figure 1-4:
l Provider A and Provider B are edge devices on the service provider network and are interconnected through trunk ports. They belong to SVLAN100 and 101.
l Customer A, Customer B, and Customer C are edge devices on the customer network.
l Third-party devices with a TPID value of 0x8200 are deployed between Provider A and Provider B.
Make configuration to achieve the following:
l Frames of VLAN 10 through VLAN 50 can be exchanged between Customer B and Customer C through VLAN 100 of the service provider network.
l Frames of VLAN 200 through VLAN 299 can be exchanged between Customer A and Customer C through VLAN 101 of the service provider network.
Figure 1-4 Network diagram for basic QinQ configuration
Make sure that the devices in the service provider network have been configured to allow QinQ packets to pass through.
1) Configuration on Provider A
l Configure port Olt 1/0/1
# Configure Olt 1/0/1 as a trunk port and assign it to VLANs 200 through 299.
<ProviderA> system-view
[ProviderA] interface olt 1/0/1
[ProviderA-Olt1/0/1]port link-type hybrid
[ProviderA-Olt1/0/1]port hybrid vlan 200 to 299 tagged
# Configure VLAN 101 as the default VLAN of Olt 1/0/1.
[ProviderA-Olt1/0/1]port hybrid pvid vlan 101
# Enable basic QinQ on Olt 1/0/1.
[ProviderA-Olt1/0/1] qinq enable
[ProviderA-Olt1/0/1] quit
l Configure port Olt 1/0/2
# Configure Olt 1/0/2 as a hybrid port and assign it to VLAN 10 through VLAN 50.
[ProviderA] interface olt 1/0/2
[ProviderA-Olt1/0/2]port link-type hybrid
[ProviderA-Olt1/0/2]port hybrid vlan 10 to 50 tagged
[ProviderA-Olt1/0/2] quit
# Configure VLAN 100 as the default VLAN of Olt 1/0/2.
[ProviderA-Olt1/0/2] port hybrid pvid vlan 100
# Enable basic QinQ on Olt 1/0/2.
[ProviderA-Olt1/0/2] qinq enable
[ProviderA-Olt1/0/2] quit
l Configure GigabitEthernet 1/1/1
# Configure GigabitEthernet 1/1/1 as a trunk port and assign it to VLAN 100 and VLAN 101.
[ProviderA] interface gigabitethernet 1/1/1
[ProviderA-GigabitEthernet1/1/1] port link-type trunk
[ProviderA-GigabitEthernet1/1/1] port trunk permit vlan 100 101
# Set the TPID value in the outer tag to 0x8200.
[ProviderA-GigabitEthernet1/1/1] quit
[ProviderA] qinq ethernet-type 8200
2) Configuration on Provider B
l Configure GigabitEthernet 1/1/1
# Configure GigabitEthernet 1/1/1 as a trunk port and assign it to VLAN 100 and VLAN 101.
<ProviderB> system-view
[ProviderB] interface gigabitethernet 1/1/1
[ProviderB-GigabitEthernet1/1/1] port link-type trunk
[ProviderB-GigabitEthernet1/1/1] port trunk permit vlan 100 101
# Set the TPID value in the outer tag to 0x8200.
[ProviderB] qinq ethernet-type 8200
[ProviderB] quit
l Configure Olt 1/0/1
# Configure Olt 1/0/1 as a trunk port and assign it to VLAN 10 through VLAN 50 and VLAN 200 through VLAN 299.
[ProviderB] interface olt 1/0/1
[ProviderB-Olt1/0/1] port link-type hybrid
[ProviderB-Olt1/0/1] port hybrid vlan 10 to 50 200 to 299 tagged
# Configure VLAN 101 as the default VLAN of Olt 1/0/1.
[ProviderB-Olt1/0/1] port hybrid pvid vlan 101
# Enable basic QinQ on Olt 1/0/1.
[ProviderB-Olt1/0/1] qinq enable
3) Configuration on third-party devices
Configure the third-party devices between Provider A and Provider B as follows: configure the port connecting GigabitEthernet 1/1/1 of Provider A and that connecting GigabitEthernet 1/1/1 of Provider B to allow tagged frames of VLAN 100 and 101 to pass through.
As shown in Figure 1-5:
l Provider A and Provider B are edge devices on the service provider network and are interconnected through trunk ports. They belong to VLAN 1000 and VLAN 2000 in the service provider network separately.
l Customer A, Customer B and Customer C are edge devices on the customer network.
l Third-party devices with a TPID value of 0x8200 are deployed between Provider A and Provider B.
Make configuration to achieve the following:
l Customer A and Customer B can forward VLAN 10 frames to each other across SVLAN 1000.
l Customer A and Customer C can forward VLAN 20 frames to each other across SVLAN 2000.
Figure 1-5 Network diagram for outer VLAN tagging policy configuration
Make sure that the devices in the service provider network have been configured to allow QinQ packets to pass through.
1) Configuration on Provider A
l Configure Olt 1/0/1.
# Configure Olt 1/0/1 as a hybrid port to permit frames of VLAN 10, VLAN 20, VLAN 1000, and VLAN 2000 to pass through.
<ProviderA> system-view
[ProviderA] interface olt 1/0/1
[ProviderA-Olt1/0/1] port link-type hybrid
[ProviderA-Olt1/0/1] port hybrid vlan 10 20 1000 2000 tagged
# Tag VLAN 10 frames with VLAN ID 1000.
[ProviderA-Olt1/0/1] qinq vid 1000
[ProviderA-Olt1/0/1-vid-1000] raw-vlan-id inbound 10
[ProviderA-Olt1/0/1-vid-1000] quit
# Tag VLAN 20 frames with VLAN ID 2000.
[ProviderA-Olt1/0/1] qinq vid 2000
[ProviderA-Olt1/0/1-vid-2000] raw-vlan-id inbound 20
[ProviderA-Olt1/0/1-vid-2000] quit
[ProviderA-Olt1/0/1] quit
l Configure Olt 1/0/2
# Configure Olt 1/0/2 as a hybrid port to permit frames of VLAN 10 and VLAN 1000 to pass through.
[ProviderA] interface olt 1/0/2
[ProviderA-Olt1/0/2] port link-type hybrid
[ProviderA-Olt1/0/2] port hybrid vlan 10 1000 tagged
# Tag VLAN 10 frames with VLAN ID 1000.
[ProviderA-Olt1/0/2] qinq vid 1000
[ProviderA-Olt1/0/2-vid-1000] raw-vlan-id inbound 10
[ProviderA-Olt1/0/2-vid-1000] quit
[ProviderA-Olt1/0/2] quit
l Configure GigabitEthernet 1/1/1
# Configure GigabitEthernet 1/1/1 as a trunk port to permit frames of VLAN 1000 and VLAN 2000 to pass through.
[ProviderA] interface gigabitethernet 1/1/1
[ProviderA-GigabitEthernet1/1/1] port link-type trunk
[ProviderA-GigabitEthernet1/1/1] port trunk permit vlan 1000 2000
# Set the TPID in the outer VLAN tags to 0x8200.
[ProviderA-GigabitEthernet1/1/1] quit
[ProviderA] qinq ethernet-type 8200
2) Configuration on Provider B
l Configure GigabitEthernet 1/1/1
# Configure GigabitEthernet 1/1/1 as a trunk port to permit frames of VLAN 1000 and VLAN 2000 to pass through.
<ProviderB> system-view
[ProviderB] interface gigabitethernet 1/1/1
[ProviderB-GigabitEthernet1/1/1] port link-type trunk
[ProviderB-GigabitEthernet1/1/1] port trunk permit vlan 1000 2000
# Set the TPID in the outer VLAN tags to 0x8200.
[ProviderB-GigabitEthernet1/1/1] quit
[ProviderB] qinq ethernet-type 8200
l Configure Olt 1/0/1
# Configure Olt 1/0/1 as a hybrid port to permit frames of VLAN 20 and VLAN 2000 to pass through.
[ProviderB] interface olt 1/0/1
[ProviderB-Olt1/0/1] port link-type hybrid
[ProviderB-Olt1/0/1] port hybrid vlan 20 2000 tagged
# Tag VLAN 20 frames with VLAN ID 2000.
[ProviderB-Olt1/0/1] qinq vid 2000
[ProviderB-Olt1/0/1-vid-2000] raw-vlan-id inbound 20
3) Configuration on third-party devices
Configure the third-party devices between Provider A and Provider B as follows: configure the port connecting GigabitEthernet 1/1/1 of Provider A and that connecting GigabitEthernet 1/1/1 of Provider B to allow tagged frames of VLAN 1000 and VLAN 2000 to pass through.
