Login
- Table of Contents
-
- 04-Layer 2 - LAN Switching Configuration Guide
- 00-Preface
- 01-MAC address table configuration
- 02-Ethernet link aggregation configuration
- 03-Port isolation configuration
- 04-Spanning tree configuration
- 05-Loop detection configuration
- 06-VLAN configuration
- 07-QinQ configuration
- 08-VLAN mapping configuration
- 09-LLDP configuration
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 07-QinQ configuration | 211.04 KB |
This document uses the following terms:
· CVLAN—Customer network VLANs, also called inner VLANs, refer to the VLANs that a customer uses on the private network.
· SVLAN—Service provider network VLANs, also called outer VLANs, refer to the VLANs that a service provider uses to carry VLAN tagged traffic for customers.
Overview
The IEEE 802.1Q VLAN tag uses 12 bits for VLAN IDs, so a device supports a maximum of 4094 VLANs. This is far not enough for isolating users in actual networks, especially in metropolitan area networks (MANs).
802.1Q-in-802.1Q (QinQ) is a flexible, easy-to-implement Layer 2 VPN technology based on IEEE 802.1Q, and provides enough VLANs for isolating users in MANs. QinQ enables the edge device on a service provider network to insert a SVLAN tag into the Ethernet frames from customer networks, so that the Ethernet frames travel across the service provider network (public network) with double VLAN tags. QinQ enables a service provider to use a single SVLAN to serve customers who have multiple CVLANs.
QinQ delivers the following benefits:
· Releases the stress on the SVLAN resource.
· Enables customers to plan their CVLANs without conflicting with SVLANs.
· Provides an easy-to-implement Layer 2 VPN solution for users.
· Enables the customers to keep their VLAN assignment schemes unchanged when the service provider plans VLANs in the service provider network.
How QinQ works
As shown in Figure 1, a QinQ frame transmitted over the service provider network carries the following tags:
· CVLAN tag—The Customer VLAN Tag field in Figure 1. The CVLAN tag identifies the VLAN to which the QinQ frame belongs when it is transmitted in the customer network.
· SVLAN tag—The Service VLAN Tag field in Figure 1. The service provider has allocated this tag to the customer. The SVLAN tag identifies the VLAN to which the QinQ frame belongs when it is transmitted in the service provider network.
Figure 1 Single-tagged Ethernet frame header and double-tagged Ethernet frame header
For proper transmission of tagged frames, H3C recommends you to set the MTU of each interface on the service provider network to at least 1504 bytes, which is the sum of the default interface MTU (1500 bytes) and the size of a VLAN tag (4 bytes). For more information about interface MTU configuration, see Interface Configuration Guide.
When the device is located on the service provider network, it forwards a tagged frame according to its SVLAN tag only, and transmits the CVLAN tag as part of the frame's payload.
Figure 1 Typical QinQ application scenario
As shown in Figure 2, customer network A has CVLANs 1 through 10, and customer network B has CVLANs 1 through 20. The service provider assigns SVLAN 3 to customer network A, and assigns SVLAN 4 to customer network B.
1. When a tagged Ethernet frame from customer network A arrives at a provider edge device (PE1), the PE tags the frame with SVLAN 3. When a tagged Ethernet frame from customer network B arrives at a PE, the PE tags the frame with SVLAN 4.
2. Even if VLAN IDs of different customers overlap, traffic from different customers can be separated in the service provider network.
3. The double-tagged Ethernet frame is then transmitted over the service provider network and arrives at the other PE. The PE removes the SVLAN tag of the frame before sending it to the target customer edge device (CE).
Implementations of QinQ
QinQ enables a port to tag any incoming frames with its port VLAN ID (PVID) tag, regardless of whether they have been tagged or not. If an incoming frame has been tagged, it becomes a double-tagged frame. If not, it becomes a frame tagged with the PVID.
QinQ organizes users or customer networks based on ports. However, QinQ cannot distinguish among users who access the same port from different VLANs. You can apply VLAN mapping to a service provider network, where users are organized based on the applications they use or the sites or devices they access. For more information about VLAN mapping, see "Configuring VLAN mapping."
Protocols and standards
· IEEE 802.1Q, IEEE Standard for Local and Metropolitan Area Networks-Virtual Bridged Local Area Networks
· IEEE 802.1ad, IEEE Standard for Local and Metropolitan Area Networks-Virtual Bridged Local Area Networks-Amendment 4: Provider Bridges
Enabling QinQ
QinQ is usually configured on the customer-side ports of the PEs.
A QinQ-enabled port tags an incoming frame with its PVID.
To enable QinQ:
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enter Layer 2 Ethernet interface view or Layer 2 aggregate interface view. |
interface interface-type interface-number |
N/A |
|
3. Enable QinQ. |
qinq enable |
By default, QinQ is disabled. |
Configuring the TPID value in VLAN tags
The device determines whether a received frame carries a VLAN tag by checking the TPID value. For example, if a frame carries an SVLAN tag with TPID value 0x9100 and the configured TPID value of the SVLAN tag is 0x8100, the device considers that the frame does not carry an SVLAN tag.
Devices of different vendors might set the TPID of the SVLAN tag of QinQ frames to different values. For compatibility with these devices, modify the TPID value so that the QinQ frames, when sent to the public network, carry the TPID value identical to the value of a particular vendor, allowing interoperability with the devices of that vendor.
When you configure the TPID value in VLAN tags, follow these guidelines:
· The TPID value in VLAN tags must be configured on the service provider-side ports of devices in the service provider network.
· When you configure the qinq ethernet-type command, you must configure the qinq enable command on the customer-side port. H3C recommends that you configure the qinq ethernet-type command and the qinq enable command on the same card of a device.
· On a card, besides the default value, you can configure only one TPID value.
· When a device in used in an EVI network, do not configure the qinq ethernet-type command on the device. Otherwise, packet forwarding might be affected. For more information about EVI, see EVI Configuration Guide.
To configure an interface-specific TPID value:
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enter Layer 2 Ethernet interface view or Layer 2 aggregate interface view. |
interface interface-type interface-number |
N/A |
|
3. Set the interface-specific TPID value in the SVLAN tags. |
qinq ethernet-type service-tag hex-value |
The default setting is 0x8100. |
Displaying and maintaining QinQ
Execute the display command in any view.
|
Task |
Command |
|
Display the QinQ-enabled ports. |
display qinq [ interface interface-type interface-number ] |
QinQ configuration example
|
|
IMPORTANT: By default, Ethernet interfaces, VLAN-interfaces, and aggregate interfaces are down. To configure these interfaces, first bring up these interfaces by using the undo shutdown command. |
Network requirements
As shown in Figure 3, the two branches of Company A, Site 1 and Site 2, are connected through the service provider network and use CVLANs 10 through 70. The two branches of Company B, Site 3 and Site 4, are connected through the service provider network and use CVLANs 30 through 90. PE 1 and PE 2 are edge devices on the service provider network and are connected through third-party devices with a TPID value of 0x8200.
Configure the edge and third-party devices to enable communication between the branches of Company A through SVLAN 100 and communication between the branches of Company B through SVLAN 200.
Configuration procedure
1. Configure PE 1:
a. Configure GigabitEthernet 4/0/1:
# Configure GigabitEthernet 4/0/1 as a trunk port and assign it to VLAN 100.
<PE1> system-view
[PE1] interface GigabitEthernet 4/0/1
[PE1-GigabitEthernet4/0/1] port link-type trunk
[PE1-GigabitEthernet4/0/1] port trunk permit vlan 100
# Configure VLAN 100 as the PVID for the port.
[PE1-GigabitEthernet4/0/1] port trunk pvid vlan 100
# Enable QinQ on the port.
[PE1-GigabitEthernet4/0/1] qinq enable
[PE1-GigabitEthernet4/0/1] quit
b. Configure GigabitEthernet 4/0/2:
# Configure GigabitEthernet 4/0/2 as a trunk port and assign it to VLAN 100 and VLAN 200.
[PE1] interface GigabitEthernet 4/0/2
[PE1-GigabitEthernet4/0/2] port link-type trunk
[PE1-GigabitEthernet4/0/2] port trunk permit vlan 100 200
# Set the TPID value in the SVLAN tags to 0x8200 on the port.
[PE1-GigabitEthernet4/0/2] qinq ethernet-type service-tag 8200
[PE1-GigabitEthernet4/0/2] quit
c. Configure GigabitEthernet 4/0/3.
# Configure GigabitEthernet 4/0/3 as a trunk port and assign it to VLAN 200.
[PE1] interface GigabitEthernet 4/0/3
[PE1-GigabitEthernet4/0/3] port link-type trunk
[PE1-GigabitEthernet4/0/3] port trunk permit vlan 200
# Configure VLAN 200 as the PVID for the port.
[PE1-GigabitEthernet4/0/3] port trunk pvid vlan 200
# Enable QinQ on the port.
[PE1-GigabitEthernet4/0/3] qinq enable
[PE1-GigabitEthernet4/0/3] quit
2. Configure PE 2:
a. Configure GigabitEthernet 4/0/1:
# Configure GigabitEthernet 4/0/1 as a trunk port and assign it to VLAN 200.
<PE2> system-view
[PE2] interface GigabitEthernet 4/0/1
[PE2-GigabitEthernet4/0/1] port link-type trunk
[PE2-GigabitEthernet4/0/1] port trunk permit vlan 200
# Configure VLAN 200 as the PVID for the port.
[PE2-GigabitEthernet4/0/1] port trunk pvid vlan 200
# Enable QinQ on the port.
[PE2-GigabitEthernet4/0/1] qinq enable
[PE2-GigabitEthernet4/0/1] quit
b. Configure GigabitEthernet 4/0/2:
# Configure GigabitEthernet 4/0/2 as a trunk port and assign it to VLAN 100 and VLAN 200.
[PE2] interface GigabitEthernet 4/0/2
[PE2-GigabitEthernet4/0/2] port link-type trunk
[PE2-GigabitEthernet4/0/2] port trunk permit vlan 100 200
# Set the TPID value in the SVLAN tags to 0x8200 on the port.
[PE2-GigabitEthernet4/0/2] qinq ethernet-type service-tag 8200
[PE2-GigabitEthernet4/0/2] quit
c. Configure GigabitEthernet 4/0/3:
# Configure GigabitEthernet 4/0/3 as a trunk port and assign it to VLAN 100.
[PE2] interface GigabitEthernet 4/0/3
[PE2-GigabitEthernet4/0/3] port link-type trunk
[PE2-GigabitEthernet4/0/3] port trunk permit vlan 100
# Configure VLAN 100 as the PVID for the port.
[PE2-GigabitEthernet4/0/3] port trunk pvid vlan 100
# Enable QinQ on the port.
[PE2-GigabitEthernet4/0/3] qinq enable
[PE2-GigabitEthernet4/0/3] quit
3. On the third-party devices between PE 1 and PE 2, configure the port that connects to PE 1 and the port that connects to PE 2 to allow tagged frames from VLAN 100 and VLAN 200 to pass through.
